sudo-1.8.9p5/ChangeLog010064400175440000012000037567771227416756700141770ustar00millertstaff2014-02-04 Todd C. Miller * NEWS, configure, configure.ac: Update for sudo 1.8.9p5 [3ee678307ef4] <1.8> * src/preserve_fds.c: When the closefrom limit is greater than any of the preserved fds, the pfds list will be non-empty but lastfd will be -1 triggering an ecalloc(0) assertion. Instead, test for lastfd being -1 and make sure we always update it, even if dup() fails. Also restore initial value of lowfd after we are done relocating. Fixes bug #633 [a11206a31f28] 2014-01-30 Todd C. Miller * common/atomode.c: Zero out errstr when there is no error; fixes bug #632 [74950ef1a0dc] 2014-01-24 Todd C. Miller * include/missing.h: Fix typo, ULONG_MAX vs. ULLONG_MAX [5d274daa9fb1] * plugins/sudoers/sudo_nss.c: Fix typo in the AIX case. [ee531c950fce] * plugins/sudoers/sudo_nss.c: Size pointer for sudo_parseln() should be size_t not ssize_t. This was already correct for the nsswitch.conf case. [cfaf895c1db4] 2014-01-15 Todd C. Miller * NEWS, configure, configure.ac: Update for sudo 1.8.9p4 [f79ab7c6c1c5] * common/sudo_debug.c, include/sudo_debug.h, src/preserve_fds.c: When relocating fds, update the debug fd if it is set so we are guaranteed to get debugging output. [b1deaa472aa6] 2014-01-14 Todd C. Miller * src/exec.c: If the event loop exits due to an error and we are not logging I/O, kill the command if still running. Fixes a bug where sudo could exit while the command was still running. [844018ff8a8c] * src/preserve_fds.c: When relocating preserved fds, start with the highest ones first to avoid moving fds around more than we have to. Now uses a bitmap to keep track of which fds are being preserved. Fixes a bug where the debugging fd could be relocated to the same fd as the error backchannel temporarily, resulting in debugging output being printed to the backchannel if util@debug was enabled. [55e006dbeaf3] * src/preserve_fds.c: When restoring fds traverse list from high -> low, not low -> high to avoid implicitly closing an fd we want to relocate. [6351225f47d7] * src/exec.c: If not logging I/O we may get EOF when the command is executed and the other end of the backchannel is closed. Just remove the backchannel event in this case or we will continue to receive the event. Bug #631 [a204b69d91f7] 2014-01-13 Todd C. Miller * src/ttyname.c: Fix strtonum() usage when parsing /proc/self/stat on Linux. Bug #630 [3448dffe9701] * NEWS, configure, configure.ac: Update for sudo 1.8.9p3 [22e5a6f69999] 2014-01-09 Todd C. Miller * NEWS, configure, configure.ac: Update for sudo 1.8.9p2 [2e7fe6e371a4] * config.h.in, configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4: Update to libtool-2.4.2.418 [d1dbed89d733] * config.guess, config.sub: Update from http://git.savannah.gnu.org/gitweb/?p=config.git [2b5e32d23be5] 2014-01-08 Todd C. Miller * NEWS: Sudo 1.8.9 also fixes bug #617 [cc5c18228719] 2014-01-07 Todd C. Miller * NEWS: The fix for the hang was already in the 1.8.9 tarballs. [f038ebcc1071] * NEWS, configure, configure.ac: Update for sudo 1.8.9p1 [732fca0003cf] * common/atobool.c, common/event.c, plugins/sudoers/iolog.c, plugins/sudoers/parse.h, src/exec.c, src/preserve_fds.c: Update copyright year. [fdeb5956810e] * plugins/sudoers/parse.h: Go back to making the bit fields in struct cmndtag explicitly signed. This fixes a problem on gcc 4.8 (at least) which appears to be treating the value as unsigned by default. [46b9a7bb10ac] * common/atobool.c: Use debug_return_int() instead of bare return for debugging support. [c273f822de5f] 2014-01-06 Todd C. Miller * common/event.c: Fix infinite loop that could be triggered by sudo_ev_loopbreak() and sudo_ev_loopcontinue(). [1723561c46b0] * NEWS: Update for 1.8.9 final. [d49c14d21410] 2014-01-04 Todd C. Miller * plugins/sudoers/iolog.c: Handle a sequence file with no trailing newline. [aa29306e4f6d] 2014-01-03 Todd C. Miller * plugins/sudoers/iolog.c: Truncate io log and timing files on open when recycling them. Only an issue when the sequence number wraps around. [01b2dfe15ff0] * plugins/sudoers/iolog.c: Repair reading of the iolog sequence number that got broken when adding stricter strtoul() checks. [e0f4a11c3437] * src/exec.c: If invoked as sudoedit we can't just exec the command directly since the temporary files need to be updated before sudo exits. [508503be1c4f] * src/preserve_fds.c: Fix restoration of the close-on-exec flag when moving a relocated fd back into its original position. [5572f1f8b48a] 2014-01-02 Todd C. Miller * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Add "see below" to reference "Secure editing" section in "Preventing shell escapes". [b2db990a36b3] 2014-01-01 Todd C. Miller * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Add initial "Secure editing" section. [0d7a192e0e25] * doc/LICENSE: Update copyright year. [4a639d9207a9] 2013-12-31 Todd C. Miller * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, src/po/eo.mo, src/po/eo.po, src/po/fi.mo, src/po/fi.po: sync with translationproject.org [5c15a411b10d] * plugins/sudoers/policy.c: Make user_cwd and user_tty dynamically allocated even for the "unknown" case. [015454bf97f8] 2013-12-30 Todd C. Miller * configure, configure.ac: Use -fstack-protector-strong in preference to -fstack-protector-all or -fstack-protector. [bdd1066eefc4] * doc/HISTORY: Dell acquired Quest [3d5b7d27a313] 2013-12-29 Todd C. Miller * plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/ru.mo, src/po/ru.po, src/po/vi.mo, src/po/vi.po: sync with translationproject.org [f964671d08ce] 2013-12-28 Todd C. Miller * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/cs.mo, src/po/cs.po, src/po/da.mo, src/po/da.po, src/po/it.mo, src/po/it.po, src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po, src/po/uk.mo, src/po/uk.po, src/po/zh_CN.mo, src/po/zh_CN.po: sync with translationproject.org [5f5becf5fb7a] * doc/sudoers.ldap.cat: regen [77745e6bc0d5] * NEWS: Update for recent changes. [365b9084268a] * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: Fix typo; we want setlocale(LC_ALL, "") since we are setting the locale for the first time. [e2b9660e9d48] 2013-12-27 Todd C. Miller * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: Use sudoers_initlocale() in main() startup, not sudoers_setlocal() as the latter assumes we are already in the user's locale which may not be the case. For sudoreplay, we can just use setlocale() directly as there is no sudoers locale. [12235e50dea0] 2013-12-24 Todd C. Miller * src/preserve_fds.c, src/sudo.c, src/sudo.h: Redo preserve_fds support to remap high fds so we can get the most out of closefrom(). The fds are then restored after closefrom(). [7d712ec49db7] * plugins/sudoers/Makefile.in: Fix install-plugin when sudoers is compiled statically. [36a8bf3b588d] 2013-12-20 Todd C. Miller * MANIFEST, common/sudo_debug.c, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, include/sudo_debug.h, include/sudo_plugin.h, src/Makefile.in, src/exec.c, src/exec_pty.c, src/preserve_fds.c, src/sudo.c, src/sudo.h, src/sudo_exec.h: Add support for preventing fds from getting clobbered by closefrom(). [269f45964ff0] 2013-12-19 Todd C. Miller * plugins/sudoers/Makefile.in: regen [b8f458379b5b] 2013-12-18 Todd C. Miller * common/alloc.c: Need to include limits.h here too. [b53c6edef597] 2013-12-17 Todd C. Miller * config.h.in, configure, configure.ac, plugins/sudoers/parse.h: No need to use __signed. [05f9648d1953] * plugins/sudoers/regress/logging/check_wrap.c: Need limits.h here too. [54aac3bbf66a] * compat/closefrom.c: Still need limits.h here. [0abc6b2be208] * plugins/sudoers/po/sudoers.pot: regen [386b47ced07f] * compat/closefrom.c: Go back to using /proc/self/fd instead of /proc/$$/fd as only AIX lacks /proc/self and it has F_CLOSEM. [b5735fbcfdce] 2013-12-16 Todd C. Miller * plugins/sudoers/visudo_json.c: Use a switch to map digest type to name instead of an array of strings. [ab17ceb4dd60] * compat/closefrom.c: Use /dev/fd in closefrom() on FreeBSD < 8.0 and Mac OS X. [e70df3b3144b] * compat/snprintf.c: Remove _MAX and _MIN compat; we rely on missing.h for that. We already require the compiler handle long long so there's no need to use HAVE_LONG_LONG_INT everywhere. [2bda15071439] * common/ttysize.c, include/missing.h: Remove _MAX and _MIN defines that any system from the last 20 years should have. Add ULLONG_MAX in case it is missing. [2db0cee4aaa8] * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c: Change visudo -x to take a file name argument, which may be '-' to write the exported sudoers file to stdout. [84cb72c3c391] * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/parse.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, src/regress/ttyname/check_ttyname.c: Move symbol extern defs into sudoers.h [b631a0b57fae] * plugins/sudoers/regress/check_symbols/check_symbols.c, plugins/sudoers/regress/logging/check_wrap.c: Add missing sudo_util.h [ed0edc2e2d0c] 2013-12-14 Todd C. Miller * plugins/sudoers/sudoreplay.c: Warn if the time stamp in the I/O log file does not fit in time_t. Warn if the info line is not well-formed instead of silently ignoring it. [37a050de5be5] 2013-12-13 Todd C. Miller * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Rename libcommon libsudo_util [df3ffd4229e5] 2013-12-12 Todd C. Miller * MANIFEST, common/Makefile.in, common/aix.c, common/atobool.c, common/atoid.c, common/atomode.c, common/fmt_string.c, common/gidlist.c, common/progname.c, common/setgroups.c, common/sudo_conf.c, common/term.c, common/ttysize.c, include/missing.h, include/sudo_util.h, plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, plugins/system_group/Makefile.in, plugins/system_group/system_group.c, src/Makefile.in, src/sudo.h: Move prototypes for functions provided by libcommon that don't have their own header files into sudo_util.h. [43f423a24416] 2013-12-11 Todd C. Miller * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/mkdefaults: Now that we have proper number parsing functions we should store T_UINT defaults values as unsigned int, not int. [67d8c2244f1d] * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: Don't use int where we really mean enum def_tuple. When this code was written it was assumed that we may have multiple tuple types. However, that hasn't happened and probably never will. [8491f970f343] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: Regen after string parsing changes. [fd6bf79c3286] * common/atoid.c, common/atomode.c, compat/strtonum.c, configure, configure.ac, include/missing.h, plugins/sudoers/defaults.c, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c, src/parse_args.c, src/ttyname.c: The OpenBSD strtonum() uses very short error strings that can't be translated usefully. Convert them to longer strings on error. Also use the longer strings for atomode() and atoid(). [dace028594da] 2013-12-10 Todd C. Miller * MANIFEST, common/Makefile.in, common/atoid.c, common/atomode.c, plugins/sudoers/defaults.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h: Add atomode() function for parsing a file mode. [44e29629aa5e] * common/sudo_conf.c, common/ttysize.c, compat/Makefile.in, compat/closefrom.c, compat/getaddrinfo.c, compat/strtonum.c, configure, configure.ac, include/missing.h, plugins/sudoers/boottime.c, plugins/sudoers/defaults.c, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/match_addr.c, plugins/sudoers/policy.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/sudoreplay.c, plugins/system_group/system_group.c, src/parse_args.c, src/sudo.c, src/ttyname.c: Use strtonum() instead of atoi(), strtol() or strtoul() where possible. [e4a1fc84b893] * MANIFEST, compat/Makefile.in, compat/strtonum.c, config.h.in, configure, configure.ac, include/missing.h, mkdep.pl: Add strtonum.c to compat for simpler number parsing. [a4c69b003da0] 2013-12-09 Todd C. Miller * src/exec_common.c: Fix a warning on Solaris, we need to use debug_return_const_ptr. [932aa94c0cac] * plugins/sudoers/Makefile.in: check_symbols needs to link with SUDO_LIBS in order to get -lpthread on HP-UX for libldap (which uses threads). It would be better to have a separate variable for the pthread library but this is no worse than it used to be. [94591b765371] 2013-12-08 Todd C. Miller * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: add missing comma [7dcbd1c6dd25] * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: Make -c option description more accurate. [3f305ae6037e] 2013-12-07 Todd C. Miller * doc/CONTRIBUTORS, plugins/sudoers/sudoers.c: When checking whether a user may change the login class, just check pw_uid of the runas user, which was passed in to set_loginclass(). [aaf736440441] 2013-12-06 Todd C. Miller * plugins/sudoers/visudo_json.c: Use atoid() when parsing user/group IDs and print them as unsigned int. [40c77459a36a] 2013-12-05 Todd C. Miller * plugins/sudoers/sudoreplay.c: Correctly parse 64-bit times in I/O log files. [d053ee75adc3] * compat/getgrouplist.c, plugins/group_file/getgrent.c, plugins/sudoers/pwutil.c, plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: Use atoid() not atoi() when parsing uids/gids. [491146596626] * plugins/sudoers/match.c, plugins/sudoers/match_addr.c, plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h: Better match debugging. Sprinkle const in match functions. [4cd8d793f165] 2013-12-04 Todd C. Miller * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: Document that plugins can be compiled statically into the sudo binary. [434061cf909f] 2013-12-03 Todd C. Miller * plugins/sudoers/sssd.c: sudo_sss_filter_user_netgroup(): fix comment typos, break out of loop early if we match ALL or netgroup. [0691731f4b12] * plugins/sudoers/sssd.c: When filtering netgroups, use the passwd struct stashed in the handle, not user_name since we may be listing another users privileges. [f2669cf7b70c] * mkpkg: RHEL 6 and above builds sudo with SSSD support [afc3d894851e] * plugins/sudoers/sssd.c: Avoid passing NULL domainname to sudo_debug_printf(). [b08abe5e6d23] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Document sssd debug subsystem. [250c3ab1bcf0] * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: Document "event" debug subsystem. [85d220b48edc] * plugins/sudoers/match.c: Use atoid() instead of atoi() when parsing uids/gids so we get proper range checking. [5c3e2f3f6cb9] * plugins/sudoers/sssd.c: Add user netgroup filtering for SSSD. Previously, rules for a netgroup were applied to all even when they did not belong to the specified netgroup. RedHat Bugzilla 880150. [784848b5462c] * plugins/sudoers/sssd.c: Fix several issues found by the clang static analyzer; Daniel Kopecek [520261dd7461] 2013-12-02 Todd C. Miller * README.LDAP: Mention how to dump sudoers info from LDAP. [a53c93790a30] * src/exec_common.c: On Solaris, disabling the proc_exec privilege appears to interfere with DAC file permissions. Adding DAC override permissions to the inheritable set works around this for commands run as root without giving extra permissions to other users. Bug #626 [391ad44026c3] 2013-12-01 Todd C. Miller * MANIFEST, common/Makefile.in, common/progname.c, compat/Makefile.in, compat/getprogname.c, configure, configure.ac, include/missing.h, mkdep.pl, plugins/sample/sample_plugin.c, plugins/sudoers/policy.c, plugins/sudoers/regress/check_symbols/check_symbols.c, plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/parse_args.c, src/regress/ttyname/check_ttyname.c, src/sudo.c: Instead of setprogname(), add initprogname() which gets the program name for getprogname() using /proc or pstat() if possible. [e2d48d81456f] 2013-11-30 Todd C. Miller * src/ttyname.c: Ignore EOVERFLOW from pstat_getproc(). The HP-UX kernel appears to return this in certain situations but it appears to be harmless at least insofar as retrieving the tty goes. [105bea4e1c20] * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/cs.mo, src/po/cs.po, src/po/eo.mo, src/po/eo.po, src/po/fi.mo, src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po, src/po/ru.mo, src/po/ru.po, src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: Sync with translationproject.org [3694d7ad4c9d] 2013-11-28 Todd C. Miller * plugins/sudoers/visudo.c: Add missing newline in help message after export option. [1c0bff0c181e] 2013-11-26 Todd C. Miller * configure, configure.ac, plugins/sudoers/Makefile.in, src/Makefile.in: Do not add LIBDL to SUDO_LIBS or SUDOERS_LIBS in configure, do it in Makefile.in so we can make it last. Fixes a linking problem on Ubuntu precise. [f8d3bddbe742] 2013-11-25 Todd C. Miller * configure, m4/ax_func_getaddrinfo.m4: Do not rely on NULL being defined for getaddrinfo() test. Fixes the check on HP-UX 11.23. [a5dcf0283693] 2013-11-24 Todd C. Miller * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: Regen for sudo 1.8.9b1 [945f27a7aa1c] * src/po/de.mo, src/po/de.po, src/po/sr.mo, src/po/sr.po: Sync with translationproject.org [52abae16ccfa] 2013-11-22 Todd C. Miller * INSTALL, MANIFEST, NEWS, common/Makefile.in, common/sudo_dso.c, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c, config.h.in, configure, configure.ac, include/sudo_dso.h, mkdep.pl, plugins/sudoers/Makefile.in, plugins/sudoers/group_plugin.c, plugins/sudoers/ldap.c, plugins/sudoers/regress/check_symbols/check_symbols.c, plugins/sudoers/sssd.c, plugins/system_group/Makefile.in, plugins/system_group/system_group.c, src/Makefile.in, src/env_hooks.c, src/load_plugins.c, src/preload.c, src/sudo.c, src/sudo.h: Add wrapper functions for dlopen() et al so that we can support statically compiling in the sudoers plugin but still allow other plugins to be loaded. The new --enable-static-sudoers configure option will cause the sudoers plugin to be compiled statically into the sudo binary. This does not prevent other plugins from being loaded as per sudo.conf. [9425770e9d2b] 2013-11-21 Todd C. Miller * plugins/sudoers/visudo_json.c: Handle non-unix groups correctly. Get rid of runasuser and runasgroup types and use username and usergroup instead. The fact that the user or group is inside a Runas_List doesn't affect its underlying type. [ea1789258c11] 2013-11-20 Todd C. Miller * plugins/sudoers/visudo_json.c: Simplify Defaults list option object. The name and value strings are superfluous. [5852b0184669] * compat/dlopen.c: Back out unintended change. [85156e49e96e] * MANIFEST, aclocal.m4, configure, configure.ac, m4/ax_func_getaddrinfo.m4: Add dedicated test for getaddrinfo(). Tru64 UNIX contains two versions of getaddrinfo and we must include netdb.h to get the proper definition. [9882e3e1e8e3] * compat/dlopen.c, plugins/sudoers/regress/check_symbols/check_symbols.c: Define RTLD_GLOBAL for older systems without it. Bug #621 [ed38ac84f1da] 2013-11-19 Todd C. Miller * compat/snprintf.c, include/missing.h: Rename snprintf replacement rpl_snprintf since we may now replace the libc version and #define rpl_snprintf snprintf in missing.h so we get our version when needed. This is consistent with how we replace glob and fnmatch. [309aa17d0dfe] * common/Makefile.in, common/regress/sudo_conf/conf_test.c, common/regress/sudo_parseln/parseln_test.c, common/regress/tailq/hltq_test.c, src/Makefile.in: libcommon tests need locale_stub.lo to link. [baae40f36de5] * MANIFEST, aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.ac, m4/ax_func_snprintf.m4: Add check for C99 compliant (v)snprintf function. [79e02551543c] * compat/sig2str.c, configure, configure.ac: Include unistd.h in sig2str.c for Tru64 as it defines SIGRTMIN and SIGRTMAX in terms of sysconf(), which is prototyped in unistd.h. Bug #621; from Daniel Richard G. [2a59ccb8c966] * include/gettext.h, plugins/sudoers/locale.c, src/locale_stub.c: Add definition of U_ for --disable-nsl Don't define warning_gettext if --disable-nsl Bug #621; from Daniel Richard G. [c0054eb89c2b] 2013-11-18 Todd C. Miller * plugins/sudoers/visudo_json.c: When merging Defaults entries we need to check the type of the next entry and not just assume it is the same as the previous one. [e97d9b9cf0d5] * plugins/sudoers/visudo_json.c: runasgroups not runasgroup in the Cmnd_Spec. [92ea5dc20e4d] * plugins/sudoers/visudo_json.c: Fix some syntax errors and change how lists are handled. [027b8dea44b2] * common/sudo_debug.c, config.h.in, configure, configure.ac, include/fatal.h, include/sudo_debug.h: Allow sudo to compile without variadic macro support in cpp. Debugging support will be limited (no file info from warnings.) From Daniel Richard G.; Bug #621 [51b8b868cd4b] * Makefile.in, common/aix.c, common/fatal.c, common/gidlist.c, common/sudo_conf.c, include/fatal.h, include/gettext.h, include/missing.h, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/bsm_audit.c, plugins/sudoers/defaults.c, plugins/sudoers/env.c, plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, plugins/sudoers/logging.c, plugins/sudoers/match.c, plugins/sudoers/policy.c, plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c, src/locale_stub.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, src/signal.c, src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/utmp.c: Add warning_gettext() wrapper function that changes to the user locale, then calls gettext(). Add U_ macro that calls warning_gettext() instead of gettext(). Rename warning2()/error2() back to warning_nodebug()/error_nodebug(). [f3bb207db201] 2013-11-17 Todd C. Miller * common/fileops.c, compat/getaddrinfo.c, compat/mktemp.c, compat/utimes.c, configure.ac, plugins/sudoers/boottime.c, plugins/sudoers/check.c, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.h, plugins/sudoers/sssd.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/preload.c, src/sudo.c, src/sudo_edit.c, src/ttyname.c, src/utmp.c: Fix some #if vs. #ifdef and remove an extraneous semicolon. Bug #624; from Daniel Richard G. [b212e4694018] * include/sudo_debug.h, plugins/sudoers/defaults.c, plugins/sudoers/ldap.c, src/exec_common.c: Add debug_return_const_str and debug_return_const_ptr for returning a const string or pointer. Using const for the normal versions produces warnings with the Tru64 compiler. [45018a149cb4] * common/event_poll.c, compat/getaddrinfo.c, config.h.in, configure, configure.ac, m4/sudo.m4: Fixes for building under Tru64; from Daniel Richard G. Bug #624 [fc4a6cbae1ba] 2013-11-16 Todd C. Miller * plugins/sudoers/logging.c: log_{fatal,warning} now logs to the debug file itself. log_{fatal,warning} now calls warningx2() after setting the locale itself instead of using the wrapper macros. This removes the only use of warningx(ngettext(...)). [930129361e0a] 2013-11-15 Todd C. Miller * configure, configure.ac: Add -Wpointer-arith to --enable-warnings [2043ae306d1b] * configure, configure.ac: Fix more instances of #include directives where the '#' was not in column 1. From Daniel Richard G. (bug #622) [75f36f39dcab] * MANIFEST, doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/Makefile.in, plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c: Add support to visudo to export sudoers in JSON format. [1697b2b4bfd2] 2013-11-13 Todd C. Miller * plugins/sudoers/parse.h: Remove unused digest field from struct cmndspec, the digest really lives in struct sudo_command. [e9a1e2e112d6] * config.h.in, configure: Regen with autoconf 2.69 [275f69f98f9e] * MANIFEST, Makefile.in, config.h.in, configure.ac, configure.in, doc/Makefile.in: Rename configure.in -> configure.ac [0aeafe425373] * MANIFEST, aclocal.m4, autogen.sh, config.h.in, configure, configure.in, ltmain.sh, m4/sudo.m4: From Daniel Richard G. (bug #622) Add an autogen.sh script that rebuilds the autoconf world. Move old aclocal.m4 contents to m4/sudo.m4. New (generayed) aclocal.m4 contains the m4_include directives. Some tests had #include directives where the '#' was not in column 1. Updated obsolete macro usage via autoupdate. [5fe8de5a56df] 2013-11-12 Todd C. Miller * src/sudo_exec.h: Very old systems (pre XPG 4.2) may not support MSG_WAITALL. The likelihood of receiving a partial message is quite low so this is not a big deal. [900a304f9548] * configure, configure.in: HP-UX may require _XOPEN_SOURCE_EXTENDED to be defined for MSG_WAITALL to be visible. [f08b1a00a30a] * MANIFEST, plugins/sudoers/regress/visudo/test5.out.ok, plugins/sudoers/regress/visudo/test5.sh: Add regress test for bug #623 [8e83cfccaf14] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Cope with a comment on the last line of the file with no newline. Bug #623 [f826243bc4e6] * compat/getaddrinfo.c: Include arpa/inet.h for HP-UX; from Daniel Richard G. [d4d7a4303bae] * doc/Makefile.in: Add missing $(mansrcdir) to visudo.mdoc and visudo.man. From Daniel Richard G. [f664c8d2f961] 2013-11-11 Todd C. Miller * include/fatal.h: In v{warning,fatal}x?() make a new copy of ap for the debug functions. It is not legal to use ap twice without reinitializing it. Noticed by Daniel Richard G. [6ca8bc48ecb3] * include/fatal.h: Remove errant warning_restore_locale() call. [4ef7aecefcbb] * include/missing.h, plugins/sudoers/logging.c: Move va_copy compat macro to missing.h [c873e4cc4c8a] * common/Makefile.in, compat/Makefile.in, mkdep.pl, plugins/group_file/Makefile.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in: Uniquify header dependencies so we don't end up with duplicates when a header file includes other headers. The header dependencies are sorted so the generated order is stable. [95747db2f07a] * compat/Makefile.in, configure, configure.in, doc/CONTRIBUTORS, mkdep.pl: Add getaddrinfo.lo to LTLIBOBJS for systems that need it. From Daniel Richard G. [e94ee99a52a9] * plugins/sudoers/testsudoers.c: Fix pasto [5262735e78e0] 2013-11-07 Todd C. Miller * doc/sudoers.mdoc.in: Fix typo. [6b11a4eec6b6] 2013-11-04 Todd C. Miller * plugins/sudoers/getdate.c, plugins/sudoers/gram.c: regen [995ca9f21862] * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c: Fix warnings from -Wold-style-definition [a748c5c7b423] * configure, configure.in: Add -Wold-style-definition to --enable-warnings [0484de0deb59] * common/event_poll.c: Extra debugging for ready fds. [91fb85cdecbb] * common/event_select.c: When deleting an event, check ev->events to determine whether to remove from readfds or writefds instead of blinding removing from both. Also fix highfd adjustment. [7384db65ca9c] 2013-11-02 Todd C. Miller * common/event_select.c: Only check an fd that is >= 0. Timeout-only events may have a negative fd. [fa0e5cbc3cc2] 2013-11-01 Todd C. Miller * common/event.c: Don't call sudo_ev_{add,del}_impl() for timeout-only events. This makes it possible to pass sudo_ev_alloc() an fd of -1 for events only use SUDO_EV_TIMEOUT. [6838657a1a2f] 2013-10-31 Todd C. Miller * common/alloc.c, common/event_select.c, include/sudo_event.h: Make a copy of readfds/writefds before calling select() instead of calculating it each time. Keep track of high fd in the base. [6048b78f2e94] 2013-10-30 Todd C. Miller * doc/CONTRIBUTORS: Add Stephen Gelman [0028c7a91a4f] * plugins/sudoers/getdate.c, plugins/sudoers/gram.c: Fix sign comparison warning. [914cb36b9ed2] * plugins/sudoers/sudoreplay.c: Fix potential NULL dereference in non-interactive mode. [9233428d3f32] 2013-10-29 Todd C. Miller * src/exec.c, src/exec_pty.c: Use MSG_WAITALL when receiving struct command_status over the Unix domain socket since we no longer use datagrams. This should avoid the need to handle incomplete reads, though in theory it is still possible. [28a92888a908] * plugins/sudoers/sudoreplay.c: SIGKILL is not catchable [79f82e4cb11d] * common/event.c, include/sudo_event.h, plugins/sudoers/sudoreplay.c: Add sudo_ev_get_timeleft() to get the amount of time left before an event times out and use it in sudoreplay. [d5b17ee30fa4] 2013-10-28 Todd C. Miller * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, plugins/sudoers/sudoreplay.c: If the user presses or in sudoreplay, skip to the next event. Useful for skipping past long pauses in the data. [43343f45c94d] * common/event.c, common/event_poll.c, common/event_select.c: Fix sudo_ev_scan_impl() return value in event_poll.c. Make sure we clear active flag from unprocessed events if sudo_ev_loopbreak() or sudo_ev_loopcontinue() are used. Remove bogus optimization when the timeout is zero or negative; it could prevent an I/O event from being triggered. [a13603fb3134] * plugins/sudoers/sudoreplay.c: Move session replay into its own function. [e323f7729595] * common/event.c, common/event_poll.c, common/event_select.c, include/sudo_event.h: Get rid of cur and pending pointers in struct sudo_event_base. We now pop the first event off the active queue instead of using a foreach loop with deferred removal of the event. Add SUDO_EVQ_INSERTED and SUDO_EVQ_TIMEOUTS flags to indicate that the event on the event queue and timeouts queue respectively. No longer need to compare the timeout to {0,0} or compare the event's base pointer to NULL to determine queue membership. [f2b2251fd523] * common/event_poll.c: rename sudo_ev_loop_impl() -> sudo_ev_scan_impl() [614faaff04e3] * MANIFEST, common/event.c, common/event_poll.c, common/event_select.c, compat/Makefile.in, compat/nanosleep.c, config.h.in, configure, configure.in, include/missing.h, include/sudo_event.h, mkdep.pl, plugins/sudoers/Makefile.in, plugins/sudoers/sudoreplay.c, src/exec.c, src/exec_pty.c: Add support for libevent-style timed events. Adding a timed event is currently O(n). The only consumer of timed events is sudoreplay which only used a singled one so O(n) == O(1) for now. This also allows us to remove the nanosleep compat function as we now use a timeout event instead. [db41c08e92dc] 2013-10-26 Todd C. Miller * src/exec.c, src/exec_pty.c: Now that sudo_ev_base_free() removes all events before freeing we don't need to do this by hand. [b59d43658c5f] * common/event.c, common/event_poll.c, common/event_select.c, include/sudo_event.h: Add a list of active events in the base that the back end sets when it calls poll or select. This allows the front end to iterate over the events instead of having that code in both back ends. It will also simplify support for timeout events. Also make sure we can't touch freed memory if a callback frees its own event. [933b99b3f2bc] * common/event.c: Remove any existing events before freeing the event base. [2543c6620cf1] 2013-10-25 Todd C. Miller * src/exec_pty.c: mon_handler() should be static [b1a62ef65c96] 2013-10-24 Todd C. Miller * plugins/sudoers/ldap.c: If user specified start_tls and ldaps, display a warning and ignore start_tls. There's no reason to make this a fatal error. [bf446dd1e740] * src/exec_pty.c: Add missing else when the connection from the monitor to the parent sudo process is broken (due to the parent dying). Prevents a spurious "unexpected reply type on backchannel" warning. [5c44053cef08] * src/exec_pty.c: When flushing output we don't care whether we are the foreground process or not, we still need to flush to /dev/tty. If we are in the background, it is OK to get SIGTTOU. [9716892d1fb5] * plugins/sudoers/ldap.c: Should not attempt start_tls on an ldaps connection. [9d01d461c52c] 2013-10-23 Todd C. Miller * plugins/sudoers/regress/parser/check_fill.c: Fix sign compare warning. [6130fa8df758] * doc/Makefile.in: Eliminate warning about circular dependency from GNU make. [7ed5df762089] * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, src/ttyname.c: More sign compare fixes. On Solaris id_t is signed so use uid_t in the set_perms.c ID macro instead. [8166dcc50d0b] * common/fileops.c, common/lbuf.c, common/secure_path.c, common/sudo_debug.c, include/secure_path.h, plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.h, plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, plugins/sudoers/match_addr.c, plugins/sudoers/parse.h, plugins/sudoers/policy.c, plugins/sudoers/prompt.c, plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, src/load_plugins.c, src/sudo.c, src/ttyname.c: Quiet sign comparision warnings. [e34f45dad10c] * configure, configure.in: Add -Wsign-compare to --enable-warnings [d560e274a6ae] * plugins/sudoers/ldap.c: Ignore SIGPIPE when connecting to the LDAP server so we can get a proper error message with the IBM LDAP libs. Also return LDAP_SUCCESS instead of 0 from most sudo_ldap_* functions that return an int. [611a4ed9b8ee] * plugins/sudoers/regress/parser/check_base64.c, plugins/sudoers/regress/parser/check_digest.c: Quiet compiler warnings. [7d82dcca7126] 2013-10-22 Todd C. Miller * plugins/sudoers/ldap.c: sudo_ldap_parse_uri() should join multiple URIs in the string list together but it was clearing the host entry each time through the loop. Fixes a bug with multiple URI entries in ldap.conf where only the last one was being honored. [83cee19b136d] * src/exec_pty.c: Avoid a double free introduced when plugging a memory leak in safe_close(). A new ev_free_by_fd() function is used to remove and free any events sharing the specified fd. This can be used after safe_close() to make sure we don't try to select() on a closed fd. [54f48a281147] * plugins/sudoers/gram.c, plugins/sudoers/gram.y, src/exec.c: Quiet some llvm check false positives. The common idiom of using TAILQ_FIRST, TAILQ_REMOVE and free in a loop to free each entry in a TAILQ confuses llvm. Use TAILQ_FOREACH_SAFE instead (which is probably faster anyway). [bd1b8c11f416] * plugins/sudoers/auth/pam.c: If pam_open_session() fails don't call pam_getenvlist() with a NULL pam handle. [352e0329acba] * plugins/sudoers/defaults.c: Fix newly introduced use after frees found by llvm checker. [a81080230f1f] * common/event_select.c: Remove an errant list_next() call that should have been removed in the TAILQ conversion. [3bbf8d117ce4] * MANIFEST, common/Makefile.in, common/list.c, common/regress/tailq/hltq_test.c, include/list.h, include/queue.h, plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/defaults.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/match.c, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: Add "headless" tail queues and use them in place of the semi- circular lists in sudoers. Once the headless tail queue is built up it is converted to a normal TAILQ. This removes the last consumer of list.c and list.h so those can now be removed. [5986ba762a24] * common/Makefile.in, common/fatal.c, plugins/sudoers/Makefile.in, plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, plugins/sudoers/env.c, plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c, plugins/sudoers/match_addr.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/Makefile.in, src/exec_pty.c, src/hooks.c: Use SLIST and STAILQ macros instead of doing headless singly linked lists manually. As a bonus we now use a tail queue for ldap.c and sudoreplay.c. [c31bc2d99082] * MANIFEST, common/Makefile.in, common/event.c, common/event_poll.c, common/event_select.c, common/list.c, common/regress/sudo_conf/conf_test.c, common/sudo_conf.c, doc/LICENSE, include/list.h, include/missing.h, include/queue.h, include/sudo_conf.h, include/sudo_event.h, plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/Makefile.in, src/exec.c, src/exec_pty.c, src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_plugin_int.h: Convert sudo to use BSD TAILQ macros instead of home ground tail queue functions. This includes a private queue.h header derived from FreeBSD. It is simpler to just use our own header rather than try to deal with macros that may or may not be present in various queue.h incarnations. [450bce095d7c] 2013-10-21 Todd C. Miller * plugins/sudoers/sudoreplay.c: Fix AND operator broken by changes to fix OR. [a4d3485ee943] 2013-10-19 Todd C. Miller * plugins/sudoers/sudoreplay.c: Fix OR operator. [f5c1c90ee284] 2013-10-18 Todd C. Miller * src/exec_pty.c: Fix memory leak of I/O buffer events in safe_close(). [08cd790cfbba] 2013-10-16 Todd C. Miller * common/sudo_debug.c: Don't allow the debug subsystem to be initialized twice. Otherwise we can exhuast our stack when built in static mode. [fadacb6a4617] * common/event_poll.c: Make sure we do not try to usie index -1 in base->pfds[]. [beeb922aba3f] 2013-10-14 Todd C. Miller * NEWS, configure, configure.in: Bump version to 1.8.9 [758dbb464796] 2013-10-12 Todd C. Miller * src/exec_pty.c: Convert the monitor process to the event subsystem. [c4fe8e2ba53c] * src/exec.c, src/exec_pty.c, src/sudo_exec.h: Convert the main sudo event loop to use the event subsystem. Read events for I/O buffers are added before the loop starts. Write events are added on demand as the buffers are filled. [72a603e997e0] * INSTALL, MANIFEST, common/Makefile.in, common/event.c, common/event_poll.c, common/event_select.c, common/list.c, common/sudo_debug.c, config.h.in, configure, configure.in, include/list.h, include/sudo_debug.h, include/sudo_event.h, mkdep.pl, plugins/sudoers/Makefile.in, src/Makefile.in, src/exec_pty.c: Simple event subsystem that uses poll() or select(). Basically a simplied subset of libevent2. Currently only fd events are supported (since that's all we need). The poll() backend is used by default, except on Mac OS X where poll() is broken for devices (including /dev/tty and ptys). [8773142b4117] * src/exec.c, src/exec_pty.c: Use SOCK_STREAM for socketpair, not SOCK_DGRAM so we get consistent semantics when the other end closes. This should make the conversion to poll() less problematic. [b6a321722a91] 2013-10-06 Todd C. Miller * common/sudo_debug.c: Fix removal of trailing newlines in a debug message. [6f5ce5ac64e0] 2013-10-04 Todd C. Miller * plugins/sudoers/visudo.c: When checking for unused Runas_Aliases, count those used as part of a Runas Group too. Fixes a false positive warning. [f13271a4a377] 2013-09-29 Todd C. Miller * include/missing.h: Include stddef.h for rsize_t and errno_t on systems that support it natively. [bc547d47e9c6] * MANIFEST: Fix braino. [67b79747312f] * plugins/sudoers/po/da.mo, plugins/sudoers/po/de.mo, plugins/sudoers/po/eo.mo, plugins/sudoers/po/fi.mo, plugins/sudoers/po/it.mo, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/uk.mo, plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo: Rebuild message catalog files. [0a9befb0674e] * src/po/da.mo, src/po/eo.mo, src/po/fi.mo, src/po/it.mo, src/po/pl.mo, src/po/pt_BR.mo, src/po/ru.mo, src/po/uk.mo, src/po/vi.mo, src/po/zh_CN.mo: Rebuild message catalog files. [25191089ddf2] * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/cs.mo, src/po/cs.po: Czech translation for sudo from translationproject.org. [8bc0ed069ddb] 2013-09-18 Todd C. Miller * plugins/sudoers/po/da.po, plugins/sudoers/po/de.po, plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.po, plugins/sudoers/po/it.po, plugins/sudoers/po/pl.po, plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.po, plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.po, src/po/da.po, src/po/eo.po, src/po/fi.po, src/po/it.po, src/po/pl.po, src/po/pt_BR.po, src/po/ru.po, src/po/uk.po, src/po/vi.po, src/po/zh_CN.po: Sync with translationproject.org [c16f9bb4579e] * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: Change "next" back to 2. In the context of "next Friday" we really do want the friday of the upcoming (not current) week. Unfortunately, this means that things like "next week" and "next year" will match one more than we really want. Fixing this will require some fairly major changes to the grammar. [7f863c930121] * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: Mention that relative times don't always do what you might expect. [710a9b0dd36f] 2013-09-17 Todd C. Miller * doc/CONTRIBUTORS: Add diacritical for Zdenek Behan. [78d333f88e6c] 2013-09-11 Todd C. Miller * src/regress/ttyname/check_ttyname.c: Do not fail if ttyname() cannot determine the tty but sudo can. Should fix problems with running "make check" under pbuilder. [e6fc06a6c5cf] * plugins/sudoers/Makefile.in: Remove extraneous $$CWD; from Bdale Garbee [4d040ddd7446] 2013-09-09 Todd C. Miller * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: Make "this" and "next" qualifiers work a bit better. There is still room for improvement as "this week" will use the current time instead of the beginning of the week. That's a separate issue though. [e844c02f754a] 2013-09-06 Todd C. Miller * common/regress/sudo_conf/conf_test.c, common/regress/sudo_parseln/parseln_test.c: Mark main() public to silence a warning on HP-UX. [ac0b869b9842] 2013-09-03 Todd C. Miller * plugins/sudoers/po/sudoers.pot, plugins/sudoers/timestamp.c: Be specific that we are talking about the Unix epoch; bug #615 [25887775371b] * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot, src/selinux.c: Do not use "setup" as a verb; bug #614 [17c4750aac5f] * plugins/sudoers/iolog.c: Fix logic goof when checking open() status. [76ece1445d71] * plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, src/po/nl.mo, src/po/nl.po, src/po/ru.mo, src/po/ru.po: Sync with translationproject.org [21351498000f] * NEWS, plugins/sudoers/sudoreplay.c: Work around a bug in sudo 1.8.7 timing files where the indexes are off by two. [4aa0cd58af58] * MANIFEST, plugins/sudoers/iolog.c, plugins/sudoers/iolog.h, plugins/sudoers/sudoreplay.c: Repair writing of the I/O log file indices broken in sudo 1.8.7. [6a5f867884f5] 2013-08-31 Todd C. Miller * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Try to improve the PAGERS noexec example a bit. [226f11118daa] 2013-08-30 Todd C. Miller * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in: Document comment character in ldap.conf Clarify what is and is not supported in TLS_KEYPW Mention that gsk8capicmd can be used to create a stash file [fb8f06ab4458] 2013-08-26 Todd C. Miller * NEWS: New bugs fixed for 1.8.8. [c158df7cd9d2] * plugins/sudoers/visudo.c: Fix setting of quiet flag when -q / --quiet is specified. Do not print "sudoers: parsed OK" in quiet mode. [df55acd57ce6] * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/fi.mo, src/po/fi.po, src/po/it.mo, src/po/it.po: Updated translations from translationproject.org [e9e8abd23a28] * plugins/sudoers/check.c: Don't allow root to change its SELinux role without a password. Bug #611 [f8b599acb29d] 2013-08-21 Todd C. Miller * NEWS: Mention new Mac OS X symbol interposition. [98293b7c4e0f] * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, src/po/eo.po, src/po/fr.mo, src/po/fr.po: Updated translations from translationproject.org [865be7454354] * config.h.in, configure, configure.in, src/sudo_noexec.c: Add configure checks for the exec functions we will dummy out. This is only really needed on Mac OS X when symbol interposition is being performed but won't hurt elsewhere. [49c20cf6bab0] 2013-08-20 Todd C. Miller * config.h.in, configure, configure.in, src/Makefile.in, src/sudo_noexec.c: Fix installation of sudo_noexec on Mac OS X. Use library symbol interposition on Mac OS X 10.4 and higher so we don't need to set DYLD_FORCE_FLAT_NAMESPACE=1. [a82999dff8e6] 2013-08-17 Todd C. Miller * plugins/sudoers/ldap.c: Fix error display from ldap_ssl_client_init(). There are two error codes. The return value can be decoded via ldap_err2string() but the ssl reason code cannot (you have to look it up in a table online). [0267125ce9f0] 2013-08-19 Todd C. Miller * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in: Fix typo in tls_key example for Tivoli [36599f424ac4] * src/parse_args.c: Don't escape '$' when running "sudo -i command". Bug #564 [17542d52f714] * plugins/sudoers/iolog_path.c: Fix typo in comment. [d0510ed5eaba] * plugins/sudoers/auth/pam.c: Fix comment. [4e89e0bfd6af] * plugins/sudoers/timestr.c, plugins/sudoers/visudo.c: Quiet some gcc -Wformat=2 false positives [28a2014b9822] 2013-08-18 Todd C. Miller * plugins/sudoers/auth/pam.c: Remove now-obsolete arg to env_merge() [ba015cf5d935] * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po, src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: Updated translations from translationproject.org [72b6aeaba505] * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/fr.mo, src/po/fr.po: French translation for sudo from translationproject.org. [a72321771860] * plugins/sudoers/logging.h: Add __printflike to audit_failure. [1686b3699d41] * include/missing.h: Use __nonnull__ attribute in __printflike. [d123613a1fb6] 2013-08-17 Todd C. Miller * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: When merging the PAM environment, allow environment variables set in PAM to override ones set by sudo as long as they do not match the env_keep or env_check lists. [f3c64967fed7] * plugins/sudoers/auth/pam.c: Call pam_getenvlist() after we've opened the session to get the session-specific environment variables. [b413fb9e1c77] 2013-08-16 Todd C. Miller * NEWS: option not flag [08c31af7b818] * compat/getopt_long.c, config.h.in, configure, configure.in: Don't redefine opterr, optind, optopt, optarg in getopt_long.c. Add a check for optreset which is a BSD extension and provide a definition in getopt_long.c if it is not present. [3393e8d83400] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen [f38f65830118] * plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c: Use lower case for the long option arguments to match the manual. This is inconsistent with GNU but it is better to match the sudo documentation. [8fac2d64f5d2] * NEWS: Sudo 1.8.8 [105c73752474] * src/parse_args.c: Use lower card for the long option arguments to match the manual. This is inconsistent with GNU but it is better to match the sudo documentation. [af243dd39850] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: Describe how remote command execution can be implemented. [3eba7f93b7f6] * doc/sudoers.ldap.cat: Bump version. [0ee7f02f3627] 2013-08-15 Todd C. Miller * src/sudo.c: Make it a fatal error if the plugin returns invalid or out of range command info. [8a7e56c7584a] * plugins/sudoers/policy.c: Use strtol() instead of atoi() and perform error checking of parameters passed from the sudo front-end. [05e05be3c6c4] * plugins/sudoers/auth/pam.c: It is not possible for auth to be NULL here. [771500e776e9] * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: Initialize user_runhost and user_srunhost to user_host and user_shost in visudo and testsudoers. [c47cca74e1fc] * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, common/error.c, common/fatal.c, common/gidlist.c, common/lbuf.c, common/list.c, common/sudo_conf.c, common/sudo_debug.c, compat/Makefile.in, compat/getopt_long.c, include/error.h, include/fatal.h, plugins/sudoers/Makefile.in, plugins/sudoers/bsm_audit.c, plugins/sudoers/hexchar.c, plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, plugins/sudoers/regress/check_symbols/check_symbols.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, src/Makefile.in, src/locale_stub.c, src/net_ifs.c, src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h: Rename error.h -> fatal.h now that there is no error() function. [3a3827f10f04] * common/sudo_debug.c, include/sudo_debug.h: Add support to the debug subsystem for zero-length strings. This can happen for things like warning(NULL) or fatal(NULL) where we just want to log the errno string. [3ed739c5cc91] * include/error.h: Add __printflike for vfatal, vfatalx, vwarning and vwarningx. [57e65ed595d2] * plugins/sudoers/audit.c: Need to include gettext.h for BSM audit. [a87fda2d0123] * common/alloc.c, plugins/sudoers/env.c, src/exec_common.c, src/parse_args.c, src/sudo.c: Change some fatalx(NULL) that should be fatal(NULL). [8b1efda9f578] * include/error.h, include/missing.h: Use __printf0like for warning() and fatal() since the fmt string may be NULL. [858a890f00ad] * compat/pw_dup.c: Quiet a gcc "used uninitialized in this function" false positive. [98f47f89ce60] * mkpkg: Enable bsm audit on Mac OS X and Solaris >= 11. [8607488f986c] * plugins/sudoers/bsm_audit.c: Fix compilation on Solaris 11. [01aa46298ed7] * plugins/sudoers/bsm_audit.c: Add missing missing.h [080de69a55a1] * plugins/sudoers/sudoers.c: Move the -C (user_closefrom) check until after set_cmnd() so that closefrom_override can be used in a command-specific Defaults line. Fixes bug #610 from Mengtao Sun. [413565c6ff6b] 2013-08-14 Todd C. Miller * src/exec.c: If not using a pty and the child process gets SIGTTOU or SIGTTIN and sudo is the foreground process, make the child the foreground process and continue it. [5ff433443bc4] * src/sudo.c: If sudo is not setuid and was not invoked with a full path, look in the user's PATH for the sudo binary to give a better error message. [a740129a38f0] * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, plugins/sudoers/logging.c, plugins/sudoers/match.c, plugins/sudoers/policy.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.h: Add limited support for "sudo -l -h other_host". Since group lookups are done on the local host, rules that use group membership may be incorrect if the group database is not synchronized between hosts. [2c8b222a5f7f] * src/parse_args.c: Fix parsing of "-h host" when used in conjunction with the -l flag. [62f3d726d52b] * configure, configure.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/parse_args.c, src/sudo.c, src/sudo_usage.h.in: Simplify usage messages a bit and make --help output more closely resemble GNU usage wrt long options. Sync usage and man page SYNOPSYS sections and improve long options in the manual pages. Now that we have long options we don't need to give the mnemonic for the single-character options in the description. [17b7e386955a] 2013-08-13 Todd C. Miller * plugins/sudoers/logging.c: Fix setting of mailer argv[0] to basename of mailerpath. No need to strdup() mailerpath as it is not modified. [8843cdd958ee] * plugins/sudoers/logging.c: Make sure the mailer exists and is a regular file before trying to exec it. [b73d6214014f] * plugins/sudoers/timestamp.c: If tty_tickets are enabled but there is no tty, use a ticket file based on the parent pid. [75408bd61ced] * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/parse_args.c: Allow default plugin dir to be configured in sudo.conf. [478883594cc5] * doc/CONTRIBUTORS: UTF8 for Ruusamae, Elan; from Tae Wong [02e0c95b4fa6] 2013-08-12 Todd C. Miller * MANIFEST, common/regress/sudo_conf/test5.in, common/regress/sudo_conf/test5.out.ok, common/regress/sudo_conf/test6.in, common/regress/sudo_conf/test6.out.ok, common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, src/sudo.c: Don't allow max_groups to be set to zero, it just complicates things needlessly. Fixes an assertion in visudo when there is a group- based Defaults entry. [d62a8ea32db9] 2013-08-08 Todd C. Miller * MANIFEST, common/Makefile.in, common/gidlist.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h: Refactor code to parse list of gids into its own function that is shared by the sudo front-end and the sudoers module. Make uid/gid parse error be fatal, not just a warning. [da3b2b06605c] * common/atoid.c: Add function comment block. [09a324de716f] * common/atoid.c: Default text domain is now sudo, not sudoers. [1acb1da6f304] * common/Makefile.in: Update dependency for atoid.lo [5e367cd44288] * common/atoid.c, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, plugins/sudoers/tsgetgrpw.c, src/sudo.c, src/sudo.h: Add endpointer and separator args to atoid() [2077e4ed8578] 2013-08-07 Todd C. Miller * compat/getgrouplist.c: Use private version of atoid() to avoid a dependency on libcommon.a (since that already depends on libreplace.a). [7c12d63b0560] * doc/CONTRIBUTORS: More UTF8 in names; from Tae Wong [512b263f51c8] * compat/getgrouplist.c, plugins/sudoers/iolog.c, plugins/sudoers/tsgetgrpw.c, src/sudo.c, src/sudo.h: Use atoid() in more places. [06f4ae57c707] * MANIFEST, common/Makefile.in, common/atoid.c, plugins/sudoers/Makefile.in, plugins/sudoers/atoid.c: Move atoid() to common so it can be used in src and compat too. [095d730701e4] * compat/closefrom.c: Avoid a crash on Mac OS X 10.8 (at least) when we close libdispatch's fds out from under it before executing the command. Switch to just setting the close on exec flag instead. [349ebf4987df] * doc/CONTRIBUTORS: Convert to last, first for easier sorting and use UTF8 (including a BOM). [8c30d221bd75] * plugins/sudoers/atoid.c: Add atoid() function to convert a string to an id_t (uid, gid or pid). We have to be careful to choose() either strtol() or strtoul() depending on whether the string appears to be signed or unsigned. Always using strtoul() is unsafe on 64-bit platforms since the uid might be represented as a negative number and (unsigned long)-1 on a 64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem with uids larger than 0x7fffffff on 32-bit platforms. [5d818e399157] * MANIFEST, config.h.in, configure, configure.in, plugins/sudoers/Makefile.in, plugins/sudoers/policy.c, plugins/sudoers/sudoers.h: Add atoid() function to convert a string to an id_t (uid, gid or pid). We have to be careful to choose() either strtol() or strtoul() depending on whether the string appears to be signed or unsigned. Always using strtoul() is unsafe on 64-bit platforms since the uid might be represented as a negative number and (unsigned long)-1 on a 64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem with uids larger than 0x7fffffff on 32-bit platforms. [cd92246a710f] * plugins/sudoers/sudoers.c: Avoid "perm stack underflow" error when logging the unknown uid error. [871514c713b7] * plugins/sudoers/set_perms.c: In rewind_perms() there is nothing to do if perm_stack_depth == 0. [98de335f47f0] 2013-08-06 Todd C. Miller * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in: Add pam_setcred sudoers option to allow the user to control whether pam_setcred() is called on the user's behalf. [4260a8e43073] * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: Add pam_service and pam_login_service sudoers settings to control the service name passed to pam_start. [5ea0e3588f3a] * mkpkg: Newer Xcode places the SDKs under Xcode.app [4b54379d5c45] 2013-08-03 Todd C. Miller * MANIFEST, common/Makefile.in, common/zero_bytes.c, compat/Makefile.in, compat/memset_s.c, config.h.in, configure, configure.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, include/missing.h, include/sudo_plugin.h, mkdep.pl, plugins/sudoers/Makefile.in, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c, plugins/sudoers/logging.c, plugins/sudoers/sha2.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/Makefile.in, src/conversation.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c: Implement memset_s() and use it instead of zero_bytes(). A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin API as the max conversation reply length. This constant can be used as a max value for memset_s() when clearing passwords filled in by the conversation function. [264ec146028e] 2013-08-01 Todd C. Miller * plugins/group_file/Makefile.in, plugins/sample/Makefile.in, plugins/system_group/Makefile.in: Do not try to install plugins when shared modules are disabled (sudoers already had the check). [3d582c042042] * plugins/sudoers/Makefile.in: Update dependencies to take into account compat/getopt.h and compat/dlfcn.h. [301fb31cd121] * src/Makefile.in: Update dependencies now that sudo_usage.h is always included from the build dir. [c1ff70ec9515] 2013-07-31 Todd C. Miller * plugins/sudoers/ldap.c: Add some warnings and debugging to sasl ccname handling. [467f415861f0] * plugins/sudoers/ldap.c: Fix write loop invariant in sudo_krb5_copy_cc_file() [6948cf6e9b9f] 2013-07-30 Todd C. Miller * plugins/sudoers/ldap.c: Strip off leading FILE: or WRFILE: prefix before trying to copy the user's credential cache. [56c16feab62f] 2013-07-29 Todd C. Miller * src/sudo.c: Instead of setting RLIMIT_NPROC to unlimited when sudo initializes, just save RLIMIT_NPROC in exec_setup() before the final setuid() and restore it immediately after. We don't need to modify RLIMIT_NPROC for simple euid changes, just for changing the real (and saved) uids before we exec. This also means we no longer need to worry about _SC_CHILD_MAX returning -1. Bug #565 [1372f1909039] 2013-07-28 Todd C. Miller * plugins/sudoers/ldap.c, src/preload.c: Now that the ldap code runs with the real and effective uid set to 0, it is not possible for the gssapi libs to find the user's krb5 credential cache file. To work around this, we make a temporary copy of the user's credential cache specified by KRB5CCNAME (opened with the user's effective uid) and point gssapi to it. To set the credential cache file name, we dynamically look up gss_krb5_ccache_name() and use it if available, otherwise fall back to setting KRB5CCNAME. [8b86c134541a] 2013-07-19 Todd C. Miller * doc/sudo.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c: Long option support for visudo and sudoreplay. [91427968be71] 2013-07-18 Todd C. Miller * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/Makefile.in, src/parse_args.c, src/sudo.c, src/sudo_usage.h.in: Add support for long options and fix inclusion of sudo_usage.h with modern gcc broken in 8597:1fcb7ba13018. [d13134819944] * src/Makefile.in: Add rule to rebuild sudo_usage.h when the .in file changes. [59a32899e251] * compat/Makefile.in, mkdep.pl, src/Makefile.in: Add make rules for building getopt_long.c [5f57593b3a8b] * src/parse_args.c: Make "-h hostname" work. Optional args in GNU getopt() only work when there is no space between the option flag and the argument. [b8258659cabb] 2013-07-17 Todd C. Miller * MANIFEST, compat/getopt.h, compat/getopt_long.c, config.h.in, configure, configure.in, doc/LICENSE, src/parse_args.c: Use getopt_long() so we can make the -h flag take an optional argument. Includes a version for those without it. [d1dd66c8a86b] 2013-07-16 Todd C. Miller * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: Document that the -h option can be used specify a host name for future plugins. [8470c74cf326] * include/sudo_plugin.h, src/parse_args.c, src/sudo_usage.h.in: Overload -h option to specify an optional hostname for remote access. This is future-proofing; no policy plugins currently support this. [0e01d8c3c623] * configure, configure.in: Bump version to 1.8.8 [a1155bfaa28f] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: Document the remote_host setting (-h host) [c737db906f5d] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: fix "the the" [0025464a3942] * src/parse_args.c, src/sudo.c, src/sudo.h: Do not error out if arg to -U option cannot be resolved, that is for the plugin to decide. There is no need for runas_user and runas_group to be global, make them local to parse_args() instead. [fb02a62a72ba] * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, src/po/es.mo, src/po/es.po, src/po/pt_BR.mo, src/po/pt_BR.po: Sync with translationproject.org [e8f4772d918a] 2013-07-11 Todd C. Miller * doc/TROUBLESHOOTING: Remove old bits about sudo setuid problems that should have been cleaned up in changeset 7917:fa4894896d8a. Also update the mode of sudo to 04755 to match current packaging. [1e3904cdc2de] * plugins/sudoers/auth/pam.c: Go back to ignoring the return value of pam_setcred() since with stacked PAM auth modules a failure from one module may override PAM_SUCCESS from another. If the first module in the stack fails, the others may be run (and succeed) but an error will be returned. This can cause a spurious warning on systems with non-local users (e.g. pam_ldap or pam_sss) where pam_unix is consulted first. [b6022e26135a] * src/net_ifs.c: Remove unused variable. [93dde7d82fde] * NEWS: Fix typo [5ef79671c2c7] 2013-07-09 Todd C. Miller * plugins/sudoers/sssd.c: Fix pasto; sudo_sss_extract_digest() not sudo_ldap_extract_digest(). From Dan Harnett. [4a0af6f12765] 2013-06-18 Todd C. Miller * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Fix formatting typo; from Eric S. Raymond [058b533ba460] 2013-06-17 Todd C. Miller * mkpkg: Use -gxcoff on aix so dbx can be used to debug sudo. [4950e019ed2d] 2013-06-12 Todd C. Miller * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: Fix typo; bug 605 [41f7b46a6e51] 2013-06-04 Todd C. Miller * src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo, src/po/tr.mo: Regen .mo files that were out of date. [9e25a254f9db] 2013-05-30 Todd C. Miller * NEWS, configure, configure.in: On Solaris 11 and higher, tag binaries for ASLR if supported by the linker. [a2a6cafa3e60] * mkpkg: No longer need to disable PIE on Solaris. [cf90019ae67e] 2013-05-28 Todd C. Miller * INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING: Restrict default creation of PIE binaries (-fPIE and -pie) to Linux. OpenBSD also supports PIE but enables it by default so we don't need to do anything. This fixes problems on systems with a version of GNU ld that accepts -pie but where the run-time linker doesn't actually support PIE. Also verify that a trivial PIE binary works unless PIE is explicitly enabled. [3c5f125efeb1] 2013-05-24 Todd C. Miller * aclocal.m4, configure, configure.in: Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld where we can end up crashing due to malloc() failures. Sems OK when Using Sun as and ld. [b8ba412102ab] * NEWS: Update with final changes. [78ff6d2ed47a] 2013-05-23 Todd C. Miller * configure, configure.in: Add -fPIE to PIE_LDFLAGS as per gcc manual. [fe900cbb0780] 2013-05-22 Todd C. Miller * common/Makefile.in, compat/Makefile.in: Add missing $(PIE_LDFLAGS) $(SSP_LDFLAGS) for test programs [f84bc7482b78] * MANIFEST, plugins/sudoers/alias.c, plugins/sudoers/match.c, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/regress/visudo/test4.out.ok, plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c: Replace sequence number-based cycle detection in visudo with a "used" flag in struct alias. The caller is required to call alias_put() when it is done with the alias. Inspired by a patch from Daniel Kopecek. [0bdbac1b3b39] 2013-05-20 Todd C. Miller * plugins/sudoers/iolog.c: Eliminate a few relocations related to sudoers_io. [18e9e2cc3367] * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po: Sync with translationproject.org [f38cc128a2ad] 2013-05-18 Todd C. Miller * src/ttyname.c: Clarify a comment. [7a045ee06e95] 2013-05-16 Todd C. Miller * src/ttyname.c: Handle d_type == DT_UNKNOWN when resolving the device to a name and sprinkle some more debugging. [8774133747d9] 2013-05-03 Todd C. Miller * doc/TROUBLESHOOTING: Add message about disabling PIE if sudo gets SIGSEGV. [c786af2a6751] * plugins/sudoers/check.h, plugins/sudoers/timestamp.c: No longer store the ctime of a devpts tty. The handling of ctime on devpts in Linux has been changed to conform to POSIX. As a result we can no longer assume that the ctime will stay unchanged throughout the life of the session. We store the session ID in the time stamp file so there is a much smaller chance of the time stamp file being reused by a new login. While here, store the uid/gid in the timestamp file too for good measure. [7028b21f7a9b] * configure, configure.in: PIE is broken on FreeBSD/arm [f232c60d6229] * mkpkg: Add explicit sendmail path for Linux since we may not have sendmail installed in the build chroot. [1ba2f84f4ff0] 2013-05-01 Todd C. Miller * common/sudo_debug.c, plugins/sudoers/iolog.c, plugins/sudoers/set_perms.c, src/sudo.c, src/tgetpass.c: Quiet a few -Wunused-result compiler warnings. [ef12afb61423] 2013-04-30 Todd C. Miller * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Mention what SHA-2 formats are supported. [bf298d0fdf8a] * doc/CONTRIBUTORS: List code and translations separately. [826547bc1295] 2013-04-29 Todd C. Miller * MANIFEST, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po: Sync with translationproject.org [9499a6f438b8] * plugins/sudoers/po/sudoers.pot: regen [cce449e284a6] * Makefile.in: Fix c-format for fatal/fatalx [4ad81d3faaeb] 2013-04-26 Todd C. Miller * Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.h: Change some error/errorx -> fatal/fatalx in comments and xgettext flags. [9d9b64fa2ec9] * NEWS: There is now a Turkish translation of sudoers. [701c5af6aa76] * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: Updated translations from translationproject.org including new Turkish translation. [9cedbb50d90f] 2013-04-25 Todd C. Miller * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Document that sudoers will re-use existing I/O log paths unless they are mktemp-style with trailing X's. [4f43bd13d9e7] * NEWS, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/ldap.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.h: Allow ldap_conf and ldap_secret to be specified as plugin arguments in sudo.conf [37c6c425b565] * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in: sudoers_debug is now deprecated in favor of the sudo debugging framework. [1195be1ec254] * plugins/sudoers/ldap.c: Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the debug file with the ldap subsystem. The sudoers_debug setting in ldap.conf is still honored for now but will be removed in a future release. [cfa42b4b913e] 2013-04-24 Todd C. Miller * plugins/sudoers/sudoers2ldif: Add support for converting sudoers files with SHA-2 command digests. [dc0d03485946] * doc/fixman.sh, doc/fixmdoc.sh, mkdep.pl, mkpkg, plugins/sudoers/sudoers2ldif: Add copyright notice to scripts [5e8bd4e6083f] * MANIFEST, plugins/sudoers/regress/sudoers/test14.in, plugins/sudoers/regress/sudoers/test14.out.ok, plugins/sudoers/regress/sudoers/test14.toke.ok: Add regress for SHA-2 digests. [0b258c2a2a95] * compat/getgrouplist.c: Solaris maps negative gids to GID_NOBODY. [57050e5c750f] * plugins/sudoers/visudo.c: Clear up an llvm checker warning which appears to be a false positive and fix an old XXX while I'm at it. [9ee13133e596] * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: Correct last change date [3bc1fa5b0f76] * plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoreplay.c: No need to translate this error message. [4d9941970a26] * doc/UPGRADE: Mention .sl vs. .so extension handling on HP-UX Mention group membership changes Fix typos [40ac0efbdb2b] * aclocal.m4, common/aix.c, common/alloc.c, common/atobool.c, common/error.c, common/fmt_string.c, common/lbuf.c, common/list.c, common/setgroups.c, common/term.c, common/ttysize.c, compat/Makefile.in, compat/dlopen.c, compat/endian.h, compat/getline.c, compat/getprogname.c, compat/isblank.c, compat/memrchr.c, compat/mksiglist.c, compat/mktemp.c, compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c, compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, compat/utimes.c, doc/Makefile.in, include/Makefile.in, include/alloc.h, include/fileops.h, include/gettext.h, include/lbuf.h, include/missing.h, include/sudo_plugin.h, pathnames.h.in, plugins/group_file/Makefile.in, plugins/sample/Makefile.in, plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c, plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c, plugins/sudoers/logging.h, plugins/sudoers/match.c, plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/prompt.c, plugins/sudoers/pwutil.h, plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, plugins/sudoers/regress/check_symbols/check_symbols.c, plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers_version.h, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.h, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, plugins/system_group/Makefile.in, plugins/system_group/system_group.c, src/Makefile.in, src/conversation.c, src/exec.c, src/exec_common.c, src/get_pty.c, src/net_ifs.c, src/parse_args.c, src/preload.c, src/selinux.c, src/sesh.c, src/signal.c, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c, src/utmp.c: Update copyright years. [5c6d72661bad] * plugins/sudoers/mon_systrace.h: Systrace support was removed long ago. [10a038a2da77] 2013-04-23 Todd C. Miller * MANIFEST, plugins/sudoers/regress/sudoers/test10.toke.out.ok, plugins/sudoers/regress/sudoers/test9.toke.out.ok: Remove some files that were mistakenly added. [833502da26de] * common/sudo_debug.c, config.h.in, configure, configure.in, plugins/sudoers/boottime.c, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c: Use time(&now) instead of now = time(NULL) when storing the current time in a time_t (better compiler error checking). Better parsing and printing of 64-bit time_t on 32-bit platforms. [c227dc72c04e] 2013-04-21 Todd C. Miller * src/ttyname.c: Don't check the tty of the parent process. Now that we get the controlling tty device number from the kernel there is no need. If the process has really disassociated from the tty then reporting "unknown" is appropriate. [62fb66e565db] 2013-04-20 Todd C. Miller * common/error.c: Use EXIT_FAILURE instead of 1 as the fatal() exit value. [ed94c2c5e88a] * src/sesh.c: Change remaining errorx -> fatalx [3f6d70e19303] 2013-04-19 Todd C. Miller * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an error if the entry already exists in the cache. [94d45970400a] * plugins/sudoers/bsm_audit.c, plugins/sudoers/po/sudoers.pot: Change "foo: failed" to just "foo" since we print the string form of errno. Gets rids of some useless translations. [476f37349dbc] 2013-04-18 Todd C. Miller * plugins/sudoers/match.c: Fix pasto in debug_decl [08650186a239] * plugins/sudoers/Makefile.in: regen [acf4c34fba2c] * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/parse.c, plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: Rename log_error() -> log_warning() for consistency with warning()/fatal() [474ed5a0e335] * plugins/sudoers/auth/API: The NO_EXIT flag was removed a while ago. [e0a4be270226] * common/aix.c, common/alloc.c, common/error.c, include/error.h, plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/hexchar.c, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, plugins/sudoers/policy.c, plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, plugins/sudoers/regress/check_symbols/check_symbols.c, plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c, src/exec_pty.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, src/signal.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/utmp.c: Rename error/errorx -> fatal/fatalx and remove the exit value as it was always 1. [ea66f58c4da5] * NEWS: digests are supported in sudoers ldap too [77d6c25f7653] * plugins/sudoers/regress/check_symbols/check_symbols.c: Print test failures to stdout like the final count so the outputis not displayed out of order. [f541b78ecb93] * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po, plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, plugins/sudoers/po/it.po, src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/hr.mo, src/po/hr.po, src/po/it.po, src/po/tr.po: Sync with translationproject.org [cbd70678b99f] * Makefile.in: Check for any uncommitted changes in dist target and add force-dist target that omit check-dist. [78dc3f41e37e] 2013-04-17 Todd C. Miller * src/regress/ttyname/check_ttyname.c: Fix logic bug when checking tty via ttyname(). [279aee076194] * compat/endian.h: Fix check for _BIG_ENDIAN and _LITTLE_ENDIAN (Solaris) and __BIG_ENDIAN__ and __LITTLE_ENDIAN__ (HP-UX) [fe35e0b04502] * plugins/sudoers/po/sudoers.pot: regen [0ddebccd3045] * NEWS, doc/sample.sudoers, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: Document digest support. [d794c7b9a7bc] * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/regress/parser/check_base64.c: Simple bas64 decode unit test. [344b0df0fe50] * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/base64.c, plugins/sudoers/match.c, plugins/sudoers/parse.h: Move base64_decode into its own source file. [30497e7f88bc] * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: Only check year against 2038 if time_t is 32-bit. [9c1f2e3fc3ba] 2013-04-16 Todd C. Miller * plugins/sudoers/ldap.c, plugins/sudoers/parse.h, plugins/sudoers/sssd.c: Add digest support for sudoers in ldap and sss. [314937b5e59e] * INSTALL, configure, configure.in: Error out in configure if the compiler doesn't support "long long". [d3645c1d50d1] * plugins/sudoers/match.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l: Include stdint.h or inttypes.h before sha2.h [20ad1c20313d] * common/lbuf.c: Simplify lbuf append functions by moving the realloc code into lbuf_expand(). We now expand as needed each time bytes need to be written to the lbuf. Also handle a NULL pointer being passed in for paranoia's sake. [6283ee562ef4] * plugins/sudoers/iolog.c: Zero out struct iolog_details early to avoid a potential (though unlikely) dereference of stack garbage if we hit a fatal error before iolog_deserialize_info() is called. [2eeca8be05fb] 2013-04-15 Todd C. Miller * sudo.pp: Update copyright year. [b843c6a43238] * plugins/sudoers/sudoers_version.h: Bump SUDOERS_GRAMMAR_VERSION for new digest support. [188556fb8156] * plugins/sudoers/gram.c, plugins/sudoers/gram.h, plugins/sudoers/gram.y, plugins/sudoers/match.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l: Sanity check digest in parser so visudo can catch errors. Add base64 support [b8586d5cc7ed] * MANIFEST, compat/endian.h, config.h.in, configure, configure.in, plugins/sudoers/Makefile.in, plugins/sudoers/sha2.c: For big endian architectures just use memcpy() instead of BE macros in a loop. [c71a0f4a8a8e] 2013-04-14 Todd C. Miller * MANIFEST, config.h.in, configure, configure.in, plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, plugins/sudoers/gram.h, plugins/sudoers/gram.y, plugins/sudoers/hexchar.c, plugins/sudoers/ldap.c, plugins/sudoers/match.c, plugins/sudoers/parse.h, plugins/sudoers/regress/parser/check_digest.c, plugins/sudoers/regress/parser/check_digest.out.ok, plugins/sudoers/sha2.h, plugins/sudoers/sssd.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c: Initial implementation of checksum support in sudoers. Currently supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format validation in parser and base64 support. checksum support for ldap sudoers [b8f196346eca] 2013-04-13 Todd C. Miller * doc/CONTRIBUTORS, plugins/sudoers/sha2.c, plugins/sudoers/sha2.h: SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai respectively. [7511d07c0a83] 2013-04-11 Todd C. Miller * NEWS: Add sudo 1.8.6p8 [0666fd0321ae] * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/po/sudoers.pot: Add missing "not" in error message when mixing standalone and non- standalone authentication methods. [7eba4439db73] * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c: Check for crypt() returning NULL. Traditionally, crypt() never returned NULL but newer versions of eglibc have a crypt() that does. Bug #598 [887b9df243df] * plugins/sudoers/auth/pam.c: Better PAM error messages [fd7eda53cdd7] * plugins/sudoers/auth/kerb5.c: Better error messages [98142874a2f4] * plugins/sudoers/bsm_audit.c: Use same error message for getauid() failure. [07f0d88cb1df] * plugins/sudoers/sssd.c: Start warning with a lower case letter for consistency and to match existing translated strings. [b719ac52c9e3] 2013-04-10 Todd C. Miller * mkpkg: Disable PIE on Solaris where it is not really supported. [c36c84cdcc7a] * src/ttyname.c: AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit before we try to match it against st_rdev. [5dab449fb962] * src/ttyname.c: Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes a problem finding the tty name when it is not in /dev/pts. [6c205d087fa0] * compat/snprintf.c: Support %lld and %llu [feabfa06c954] * .hgignore, MANIFEST, src/Makefile.in, src/regress/ttyname/check_ttyname.c: Add ttyname test. [e987038f8c07] 2013-04-09 Todd C. Miller * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/de.mo, src/po/de.po, src/po/fi.mo, src/po/fi.po, src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po, src/po/sl.mo, src/po/sl.po, src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: Sync with translationproject.org [4d7b73b22079] * plugins/sudoers/timestamp.c: Log timestampfile to debug file. [e997281146c0] * plugins/sudoers/auth/pam.c, plugins/sudoers/po/sudoers.pot: Don't add the "Password: " string we look up in the PAM text domain to the sudoers.pot file. [771b52244abf] 2013-04-08 Todd C. Miller * plugins/sudoers/po/sudoers.pot: Synce with regcomp() error message change. [fc6d3dfb8eb8] * plugins/sudoers/sudoreplay.c: Be consistent with error message when regcomp() fails. [de6c69ba04e4] 2013-04-05 Todd C. Miller * plugins/sudoers/regress/testsudoers/test5.out.ok, plugins/sudoers/regress/testsudoers/test5.sh: Use group -1 instead of 1 as the invalid group since the running user might have group 1 as their default group. [71404a9fa75d] * plugins/sudoers/Makefile.in: PWD may be a shell builtin, use CWD instead. [c443105c5091] 2013-04-04 Todd C. Miller * plugins/sudoers/check.c: Split up check_user(). [ce7cc0767589] 2013-04-03 Todd C. Miller * config.h.in, configure.in: Cosmetic fixes in the comments. [640abee43c14] 2013-04-02 Todd C. Miller * configure, configure.in: Use AC_LINK_IFELSE instead of AC_TRY_LINK Fix printing of status message for visibility checks when the test fails. [99665477ee55] * config.h.in: regen [00c22606719a] * configure, configure.in: We no longer use mbr_check_membership() and setrlimit64() is AIX- specific. [43caf685a1f1] * Makefile.in: The first (all) target must be by itself or some makes will choose the run the entire target list. [16cf3def49f5] * configure, configure.in: Do exec_prefix expansion when enable_shared even if noexec is not enabled. [7ed28cb32d8d] * compat/getgrouplist.c: Use free() not efree() since we don't include alloc.h here [1a008737be24] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen [b939f941346f] * plugins/sudoers/regress/testsudoers/test2.sh, plugins/sudoers/regress/testsudoers/test3.sh, plugins/sudoers/regress/testsudoers/test5.sh: Pass in expected gid to testsudoers in addition to the uid that matches the test sudoers files. [6a1710e8cac1] 2013-04-01 Todd C. Miller * include/missing.h: Tru64 5.x does declare innetgr() and getdomainname(). [c75598e69c7e] * plugins/sudoers/match.c: Fix compilation when getdomainame() is not present. [e831b017a962] * config.h.in, configure.in, include/missing.h: Move SET/CLR/ISSET from config.h.in to missing.h [3a3dd29fd7f0] * configure, configure.in: Fix getgrouplist() check. [12a2adf60e98] * MANIFEST: No more timestamp.h [5677e26afc0f] * plugins/sudoers/check.c: Neded sys/time.h for struct timeval in struct sudo_tty_info. [aceaadd8c400] * plugins/sudoers/Makefile.in: regen depends [21675a8b67e5] * NEWS: Mention libibmldap on HP-UX [75b4e4b22950] * NEWS, plugins/sudoers/match.c: Instead of checking the domain name explicitly for "(none)", just check for illegal characters. [ce35dda811db] * plugins/sudoers/visudo.c: Only warn once when we are unable to open the sudoers file. [9e27e3aa5b10] * plugins/sudoers/sudoers.c: Fall back to opening /dev/tty to determine whether there is a tty if the system doesn't have kernel support for determing the tty. [2775bcf9a9b5] * compat/getprogname.c: Update guard to take __progname into account [60eae3f20232] * compat/snprintf.c: Some older systems have inttypes.h but not stdint.h [ed1ef160015f] * compat/closefrom.c, compat/dlopen.c, compat/fnmatch.c, compat/getaddrinfo.c, compat/getcwd.c, compat/getgrouplist.c, compat/getline.c, compat/getprogname.c, compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c, compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c, compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, compat/utimes.c: Add guards in compat source files. Not really needed since we only include them in the Makefile if they are needed but should not hurt either. [8cbd3b4595b9] 2013-03-31 Todd C. Miller * plugins/sudoers/gram.c, plugins/sudoers/gram.y: Don't include gram.h in gram.y, its contents are already included. Move sudoerserror to the end of gram.y so COMMENT is declared when we need to use it. [7d72ebdd7222] 2013-03-29 Todd C. Miller * config.h.in, configure.in: Remove some pre-ANSI cruft. [6a95704b2116] * plugins/sudoers/match.c: Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h when it is set. [da40c550ffed] * NEWS, plugins/sudoers/iolog_path.c: We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but just leave it as-is. [9a22de140d28] 2013-03-28 Todd C. Miller * plugins/sudoers/gram.c, plugins/sudoers/gram.y: Add missing semicolon in rule. [817d3f1b2a21] * plugins/sudoers/sudoers.c: Now that we can determine the terminal even when file descriptors are redirected we can check user_ttypath rather than opening /dev/tty when enforcing requiretty. [56a28bc09041] * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Stash umask in struct sudo_user so we don't need to look it up later. [9f85749199dc] * plugins/sudoers/sudoers.c: Minor cosmetic change [c373e106ed49] * plugins/sudoers/regress/parser/check_addr.c: No longer need to declare interfaces [d7ff7e579557] * plugins/sudoers/logging.c: Fix compilation in SUDOERS_NO_SEQ case [9a6db9247534] * plugins/sudoers/regress/parser/check_addr.c: No longer need to define sudo_printf [578ad13c3546] * plugins/sudoers/check.c, plugins/sudoers/check.h, plugins/sudoers/timestamp.c: Pass auth_pw to the timestamp functions. [f603649177d6] * plugins/sudoers/iolog_path.c: Fix SUDOERS_NO_SEQ [17881f9bcd68] * plugins/sudoers/locale.c: Don't need all of sudoers.h in here [c518150c6483] * plugins/sudoers/sudoers.c: Don't need to include sudoers_version.h here. [8abb31102119] 2013-03-27 Todd C. Miller * plugins/sudoers/check.c: DEFAULT_LECTURE is no longer used. [f565c00a68c1] * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: Move sudo_conv into policy.c [f699aee7136b] * plugins/sudoers/pwutil.c: cosmetic fixes [930e60389ca8] * plugins/sudoers/match.c: RHEL (and perhaps other Linux distros) use the string "(none)" instead of an empty string when there is no actual NIS-style domain name. Bug #596 [11aec11489ac] * plugins/sudoers/match.c: Fix return values when NAME_MATCH is defined. [ce030be9ccef] 2013-03-26 Todd C. Miller * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h: Update copyright year. [7e4b8d49addd] * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h: Add sudo_set_grlist(), currently unused by the back end. [b37ac1d0e8fc] * plugins/sudoers/pwutil.c: Remove unused macros, fix a debug_decl [6136fb4a0d3b] * include/missing.h: Tru64 Unix doesn't prototype innetgr() or getdomainname(). [585ac1874dfe] * include/missing.h: Whitespace fixes [0bb28cd91d97] * common/error.c: Don't need to include setjmp.h here, error.h already includes it. [fd05ab00e186] 2013-03-25 Todd C. Miller * compat/Makefile.in, plugins/sudoers/Makefile.in: regen depends [57991f5e16b4] * plugins/sudoers/check.h: Rename guard define. [ccf4dba241d6] * plugins/sudoers/check.c, plugins/sudoers/check.h, plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: Move contents of timestamp.h into check.h. [c139757a9283] * plugins/sudoers/sudoers.h: expand_prompt() is now in prompt.c sudo_printf extern is now in error.h [219bd74ca62b] * plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.h, plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h, plugins/sudoers/insults.h, plugins/sudoers/interfaces.h, plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h, plugins/sudoers/parse.h, plugins/sudoers/pwutil.h, plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.h, plugins/sudoers/toke.h: Change multiple inclusion guards to be _SUDOERS_FOO_H [faace6d55e78] 2013-03-23 Todd C. Miller * MANIFEST, plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, src/po/nl.mo, src/po/nl.po, src/po/tr.mo, src/po/tr.po: New Dutch translation for sudo and sudoers New Turkish translation for sudo From translationproject.org [bc918b7b23a4] 2013-03-21 Todd C. Miller * config.h.in, configure, configure.in: Fix a typo in a comment and make sure we don't mistakenly include _PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in [694d12ac70ec] 2013-03-19 Todd C. Miller * plugins/sudoers/Makefile.in: Don't build check_symbols if we are linking sudoers in statically. [f6602723bab7] * configure, configure.in: Use $host_os not $host when we only care about the os name and version. [05e4f4fcba06] * aclocal.m4, configure, configure.in: Suppress duplicate -L and -I flags. [228f2f581aed] * common/Makefile.in, compat/regress/fnmatch/fnm_test.c: Fix regress tests on non-OpenBSD platforms. [9d91bc859c50] * configure, configure.in: If we find sasl/sasl.h there's no need to check for sasl.h too [889efaa86012] * aclocal.m4, configure, configure.in: Add -R flags at the very end after configure link tests are done since we can only count on libtool to accept -R, the compiler front end may not. Also unify the libldap and libibmldap tests using AC_SEARCH_LIBS and check for -lCsup on HP-UX which is needed by libibmldap (but is not an explicit dependency). [ab1451894351] 2013-03-18 Todd C. Miller * configure, configure.in: Back out changes that broke detection of skey, opie and ldap libraries. [ffa82b8f8641] * plugins/sudoers/regress/testsudoers/test1.sh, plugins/sudoers/regress/testsudoers/test2.sh, plugins/sudoers/regress/testsudoers/test3.sh, plugins/sudoers/regress/testsudoers/test4.sh, plugins/sudoers/regress/testsudoers/test5.sh, plugins/sudoers/regress/visudo/test1.sh, plugins/sudoers/regress/visudo/test2.sh, plugins/sudoers/regress/visudo/test3.sh: Add explicit "exit 0" to prevent the check target from ending prematurely. [cca411b492bd] * plugins/sudoers/Makefile.in: Fix exit values in check target so we don't have to ignore errors. [cbc429c409e9] * plugins/sudoers/Makefile.in: Fail a test if there is unexpected stderr output. [4fc24d536bec] * MANIFEST: Fix path to sudo.conf manuals; remove non-existant test2.err.ok [6b8bcd60dd85] * src/load_plugins.c: Fix compilation in dynamic mode. [679856fa0774] * configure, configure.in: On HP-UX, libibmldap has a hidden dependency on libCsup [22994709d77c] * compat/dlopen.c: Pass BIND_VERBOSE to shl_load() [0060b9cfa9ab] * configure, configure.in: Only create static helper libs when --disable-shared is specified. [1fcdb1a437e0] * src/load_plugins.c: Ubreak static build. [4ac9f96be285] * INSTALL, aclocal.m4, configure, configure.in: Replace --with-rpath and --with-blibpath with --disable-rpath. Now that we use libtool for linking we can just use the -R flag and have libtool translate it to the proper linker flag. [09798fad6888] 2013-03-15 Todd C. Miller * src/exec_pty.c: Bump I/O buffer size 32K [4ef793225309] 2013-03-14 Todd C. Miller * configure, configure.in, doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: Document sesh Path setting. [34b0b903b4f8] * src/exec.c, src/exec_common.c: Move exec_cmnd to exec.c to fix a compilation issue with sesh.c [06aa1956f38d] * common/sudo_conf.c, configure, configure.in, include/sudo_conf.h, src/selinux.c: Make sesh path configurable in sudo.conf [91d331f273b7] * configure, configure.in: Use -fno-pie and -nopie if supported when --disable-pie is specified. [777138c04dcc] 2013-03-13 Todd C. Miller * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: Document direct execution of the command if the policy plugin has no close function. [6a14145c6e80] 2013-03-07 Todd C. Miller * plugins/sudoers/auth/pam.c: Only delete creds if we actually established them. Print an error if pam_setcred() fails and we actually authenticated. [1e015314903b] * common/Makefile.in, plugins/group_file/Makefile.in: regen [dd8cee2a5e1b] * common/alloc.c, include/alloc.h: Convert efree() to a macro that just casts to void * and does free(). If the system free() can't handle free(NULL) this may crash but C89 was a long time ago. [efd0ff9270fb] * configure, configure.in: Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS. Fixes a problem with errno sometimes not being set on error on HP- UX. [54b419d58320] * common/sudo_debug.c: Fix debug logging from the plugin when there is no error number. This was broken in the big debugging reorg for 1.8.7. [2ea7e145e928] 2013-03-06 Todd C. Miller * configure, configure.in, plugins/group_file/Makefile.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, src/load_plugins.c: Always install plugins with a .so extension regardless of what extension the system uses for shared libraries. That way the group_plugin sudoers setting can be shared between heterogenous systems. [a7e6ecff6fdf] * plugins/sudoers/match.c: Mac OS X has netgroup functions in netdb.h. [243881a974aa] * plugins/sudoers/parse.h: Tags in struct cmndtag can be set to IMPLIED as well. [cb6926988cc8] * plugins/sudoers/parse.c: Quiet a compiler warning. [14e608c2001d] * plugins/sudoers/testsudoers.c: Quiet an llvm checker warning. [2eeb9f3d08f3] * plugins/sudoers/parse.c: Quiet gcc -Wuninitialized false positive [643ad987503d] 2013-03-05 Todd C. Miller * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Document group_file and system_group plugins. [b56511e79230] * NEWS: Sudo 1.8.7 [e95183b8fa27] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Try to clarify that sudoedit in sudoers should not include a leading pathname. [7b2beac92a9c] * plugins/sudoers/pwutil_impl.c: Make sure groupname_len is at least 32 just to be on the safe side. It is better to allocate a little extra and not need it than to have to reallocate and start over. [6d3e1ba47de9] * include/alloc.h, include/missing.h: Add __malloc_like macro to apply __malloc__ attribute to emalloc, ecalloc and estrdup. It cannot be applied to realloc since that may return the same pointer. [8d70cb81d1f1] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Fix potential double free in an error path. [657573feb6a4] * src/exec_pty.c: When running the command in a pty, defer the call to exec_setup() until just before we exec the command. This is consistent with the non-pty path. As a side effect, the monitor process runs as root and not the runas user. [e2a7f8c7ee4c] 2013-03-02 Todd C. Miller * compat/closefrom.c: Update copyright year. [9b652af4dfc0] 2013-03-01 Todd C. Miller * compat/closefrom.c: Use pst_highestfd from pstat_getproc() on HP-UX. [09f3fea46a3d] 2013-02-28 Todd C. Miller * Makefile.in, common/Makefile.in, doc/Makefile.in, plugins/sudoers/Makefile.in: Clean up generated test files and other minor housekeeping. [f5f4fdd908e1] * plugins/sudoers/iolog.c: Add back gettimeofday() call inadvertantly removed in e1abb9810a83 [675cce8401ae] * config.h.in, configure, configure.in, src/ttyname.c: Use pstat() on HP-UX to determine the tty device. [2884af22a9df] * plugins/sudoers/auth/pam.c: Fix PAM compilation: def_pam_session, not just pam_session. [5417d7acc6ea] * doc/fixmdoc.sh: Don't remove the -S option description when trimming out selinux. Bug #592 [8a94f2cfa0a0] 2013-02-25 Todd C. Miller * NEWS: Update for Sudo 1.8.6p7 [0858a73e9c40] 2013-02-24 Todd C. Miller * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: Document when sudo may exec the command directly instead of forking. [da41951edc28] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: Document that close and version be NULL for plugin API >= 1.3 and that sudo may execute the command directly if there is no close, or pty or timeout needed. [e5f929ddeaf8] * plugins/sudoers/auth/sudo_auth.c: Fix debug_decl for sudo_auth_begin_session and sudo_auth_end_session. [58243392c0df] * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: Add pam_session sudoers option. [d994465db9f1] * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.h: Dummy out close function if there is no end_session for the auth method and the front-end can handle a NULL close function. Avoids the extra sudo process when we don't actually need it. [74886d5b0fb6] 2013-02-23 Todd C. Miller * Makefile.in, aclocal.m4: Add m4/ to paths m4_include parameters so we don't need to use autoconf's -I flag. [4fd86e7a84f3] * src/exec.c, src/exec_common.c, src/exec_pty.c, src/sudo_exec.h, src/sudo_plugin_int.h: If the policy plugin does not provide a close function, there is no command timeout and no pty is required, skip the event loop and just exec the command directly. [ad532f107170] * src/sudo.c: Do not crash if the plugin close and version functions are not defined. If there is no policy close function, simply print a warning that the command was not found. [c789a9dd54e8] 2013-02-21 Todd C. Miller * plugins/sudoers/parse.c: Fix typos in selinux/solaris privs specific code. [9af3999361b4] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, src/parse_args.c: Pass the default plugin directory to the plugin via the settings list. Could be used by a stacking plugin. [688e771fc145] * plugins/sudoers/timestamp.c: Completely ignore time stamp file if it is set to the epoch, regardless of what gettimeofday() returns. [df58842af660] * doc/CONTRIBUTORS: Add Nikolai Kondrashov [df59791438f9] * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: Use userpw_matches() for username matching so #uid works for sudoRunAsUser. [a124062334df] * plugins/sudoers/sssd.c: Avoid calling realloc3() with a zero size parameter when all retrieved sssd rules fail. Otherwise we'll get a run-time error due to malloc(0) checking. [84dfcb73ebd7] * plugins/sudoers/sssd.c: Do not send error mail if a user is not found in SSSD. Local users can run sudo too. From Nikolai Kondrashov [3d2ae99ee468] 2013-02-20 Todd C. Miller * MANIFEST, common/regress/sudo_conf/test4.in, common/regress/sudo_conf/test4.out.ok: Test setting disable_coredump to illegal value. [3c71c6c49027] * common/sudo_conf.c: Fix atobool() usage. [d40c9f4d06b0] * common/regress/sudo_conf/conf_test.c: Remove unused variable. [328b524b365b] * plugins/sudoers/sudoers.c: Make "sudo -l non_existent_command" warn that non_existent_command doesn't exist, not the "list" pseudo-command. [9dc0388fc4f3] * plugins/sudoers/parse.c: Make sudoers file long list output better match the format used by ldap sudoers. Tags are now converted to options and there is a single command per line. [6e6dc3f20d84] * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Use the correct the sudoers policy symbol names and undo an editor goof committed when adding max_groups to sudo.conf. [2a6f7ddf5cc3] * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: For "sudo -l" start a new line if the runas list changes to make the output easier to read. [7dc3d724c924] 2013-02-19 Todd C. Miller * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: For "sudo -l" and "sudo -ll" only print the runas info for subsequent commands in a list if the runas info has changed. If we have new runas info, print out the tags again so as to be less confusing to the user. For "sudo -ll" set the line continuation indent to 8. [b5ec02fe7fc1] 2013-02-18 Todd C. Miller * MANIFEST, Makefile.in, configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, plugins/group_file/group_file.c, plugins/group_file/group_file.exp, plugins/group_file/plugin_test.c, plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, plugins/sample_group/sample_group.c, plugins/sample_group/sample_group.exp: Rename sample_group plugin to group_file. Install group_file and system_group plugins by default. [951b3e446fae] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Add maxseq sudoers option to limit the max number of I/O log files. [e1abb9810a83] 2013-02-16 Todd C. Miller * plugins/sudoers/iolog.c: Log lines and columns in the iolog file. [03adb6230e05] 2013-02-15 Todd C. Miller * MANIFEST, common/Makefile.in, common/regress/sudo_conf/conf_test.c, common/regress/sudo_conf/test1.in, common/regress/sudo_conf/test1.out.ok, common/regress/sudo_conf/test2.in, common/regress/sudo_conf/test2.out.ok, common/regress/sudo_conf/test3.in, common/regress/sudo_conf/test3.out.ok, common/sudo_conf.c, include/sudo_conf.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c: Add simple regress tests for sudo.conf parsing. [3c36b61bf61c] * src/sudo.c: Always display the I/O plugin version as long as its open functions doesn't return an error. Previously it was only displayed if the plugin open returned 1. [4b0277db3f8c] * plugins/sudoers/pwutil_impl.c: Use sysconf(_SC_LOGIN_NAME_MAX) to find max username length instead of poking around in struct utmpx. [2c0cc5c42958] * plugins/sudoers/pwutil_impl.c, src/parse_args.c, src/sudo.c: #include "sudo_usage.h" not so we get the one in the build directory and not the src dir when using a separate build directory. [1fcb7ba13018] 2013-02-14 Todd C. Miller * common/fileops.c: If a line was longer that 0x80000000 the bit hack to round to the next power of two would roll over to zero. [f4f729cf6f0f] * plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h, src/sudo.c: Use max_groups in front-end and plugin. [bf1e74166831] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, src/parse_args.c: Pass max_groups to plugin in settings list. [d7d76e8651f4] * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, include/sudo_conf.h: Add max_groups setting to sudo.conf (currently unused) and remove unused return value from setters. [f6494f71e1f0] 2013-02-12 Todd C. Miller * INSTALL: Reorganize configure options [23475de8039f] 2013-02-11 Todd C. Miller * NEWS: Add Sudo 1.8.6p7 [5192fc511cbe] 2013-02-10 Todd C. Miller * INSTALL.configure: Sync with autoconf 2.68 [985e5c8efa4e] * INSTALL, README: Remove obsolete OS notes and move build requirements to INSTALL. [bf0dd53ca164] 2013-02-08 Todd C. Miller * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: Sort elements of the settings, user_info and command_info lists. [663062ada5b7] * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: Remove trailing white space [027916a6c8e7] * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: Store the session ID in the tty ticket file too. A tty may only be in one session at a time so if the session ID doesn't match we ignore the ticket. [4eb2cb8df48b] 2013-02-07 Todd C. Miller * plugins/sudoers/sudoers.c, src/sudo.c: Move tzset() call from sudoers plugin to sudo front end. [3c058dad8772] * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in: Mention line continuation [399873f8c805] * MANIFEST, common/Makefile.in, common/fileops.c, common/regress/sudo_parseln/parseln_test.c, common/regress/sudo_parseln/test1.in, common/regress/sudo_parseln/test1.out.ok, common/regress/sudo_parseln/test2.in, common/regress/sudo_parseln/test2.out.ok, common/regress/sudo_parseln/test3.in, common/regress/sudo_parseln/test3.out.ok, common/regress/sudo_parseln/test4.in, common/regress/sudo_parseln/test4.out.ok, common/regress/sudo_parseln/test5.in, common/regress/sudo_parseln/test5.out.ok, common/regress/sudo_parseln/test6.in, common/regress/sudo_parseln/test6.out.ok, common/sudo_conf.c, include/fileops.h, plugins/sudoers/env.c, plugins/sudoers/ldap.c, plugins/sudoers/sudo_nss.c: Add line continuation support to sudo_parseln() and make it use getline() instead of fgets() internally. [d02bf3973fc5] 2013-02-06 Todd C. Miller * plugins/sample/sample_plugin.c: Fix memory leak in error path; found by llvm checker [d090c26a5b00] * plugins/sudoers/sudoreplay.c: Remove useless store detected by llvm checker. [12a4db91651a] * configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in, src/load_plugins.c, sudo.pp: Sudo now stores its libexec files in a "sudo" subdirectory instead of in libexec itself. For backwards compatibility, if the plugin is not found in the default plugin directory, sudo will check the parent directory default directory ends in "/sudo". [5de67de76489] * plugins/sample/sample_plugin.c, plugins/sample_group/sample_group.c, plugins/system_group/system_group.c: Add missing __dso_public to plugin structs so they are exported. [dde703577621] * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: Mention that sudoers has its own plugins too. [0a6c6203b512] 2013-02-05 Todd C. Miller * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: Correct last change date. [45894291d792] * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Remove duplicated sudo.conf info in the sudo, sudoers and sudo_plugin manuals and cross-reference the new sudo.conf manual. [b808ba29cf3a] * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: Fix typos [0e70964150c6] * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in: Fix some typos. [94ae045cfbc6] * MANIFEST, doc/Makefile.in, doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: Add standalone sudo.conf manual page. [d64d949b700c] * doc/sample.sudo.conf: add group_source example [118c1ba1c014] * configure, configure.in, doc/sample.sudo.conf, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf. [f5bd6006dc1c] * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/it.mo, src/po/it.po: Sync with translationproject.org [a6f2b9aac371] 2013-02-03 Todd C. Miller * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/fi.mo, src/po/fi.po, src/po/gl.mo, src/po/gl.po, src/po/vi.mo, src/po/vi.po: Sync with translationproject.org [ba546666969d] 2013-02-01 Todd C. Miller * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/da.po, src/po/eo.mo, src/po/eo.po, src/po/es.po, src/po/gl.po: Sync with translationproject.org [cdc454e34c03] 2013-01-31 Todd C. Miller * NEWS: Clarify ttyname changes. [cbf2f80fe582] * NEWS: Add 1.8.6p6 [3aa591e98b3b] * src/ttyname.c: Remove ttyname() fall back code on systems where we can query the kernel for the tty device via /proc or sysctl(). If there is no controlling tty, it is better to just treat the tty as unknown rather than to blindly use what is hooked up to std{in,out,err}. [b2bd3005d2e4] 2013-01-27 Todd C. Miller * common/sudo_conf.c, include/sudo_conf.h, src/sudo.c: Add group_source setting in sudo.conf to allow the admin to specify how a user's groups are looked up. Legal values are static (just the kernel list from getgroups), dynamic (whatever the group database includes) and adaptive (only use group db if kernel group list is full). [87a5b02e22ad] * plugins/sudoers/policy.c: Pass back exec_background to front end if it is enabled in sudoers. [8230e1cd0bbd] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Mention that exec_background is for 1.8.7 and higher only. [fdf0d5a3e182] 2013-01-24 Todd C. Miller * MANIFEST: Add missing test files. [1165389aa5e6] * plugins/sudoers/regress/visudo/test3.err.ok, plugins/sudoers/regress/visudo/test3.out.ok, plugins/sudoers/regress/visudo/test3.sh: Add regress test for bug 361 [54c7fb61b82d] * plugins/sudoers/iolog.c: Add __dso_public to extern declaration of declaration to match actual definition. [4695ded501e6] * NEWS: Add 1.8.6p5 [b07b28c5c4d7] 2013-01-23 Todd C. Miller * MANIFEST, plugins/sudoers/regress/visudo/test2.err.ok, plugins/sudoers/regress/visudo/test2.out.ok, plugins/sudoers/regress/visudo/test2.sh: Add test for visudo cycle check core dump; test case from Daniel Kopecek [41074541147a] * plugins/sudoers/visudo.c: Fix potential stack overflow due to infinite recursion in alias cycle detection. From Daniel Kopecek. [d7e018a87434] * common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c: Ignore duplicate entries in sudo.conf and report the line number when there is an error. Warn, don't abort if there is more than one policy plugin. [dfcb5a698f0a] * plugins/sudoers/tsgetgrpw.c: Use strtoul() not atoi(). [58a52cf9b6b8] 2013-01-22 Todd C. Miller * compat/Makefile.in: regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo [9b44e9d26d16] * compat/nss_dbdefs.h: Fix typo that breaks the build on HP-UX. [b9ab6ba23485] * MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in, configure, configure.in: Use nss_search() to implement getgrouplist() where available. Tested on Solaris and HP-UX. We need to include a compatibility header for HP-UX which uses the Solaris nsswitch implementation but doesn't ship nss_dbdefs.h. [d29dbc4dc06d] 2013-01-19 Todd C. Miller * src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.h: Remove extra flag to sudo_sigaction(). We want to trap the signal regardless of whether or not it is ignored by the underlying command since there's no way to know what signal handlers the command will install. Now we just use sudo_sigaction() to set a flag in saved_signals[] to indicate whether a signal needs to be restored before exec. [c042d52c7192] 2013-01-18 Todd C. Miller * compat/getgrouplist.c, config.h.in, configure, configure.in: Use _getgroupsbymember() on Solaris to get the groups list. Fixes performance problems with the getgroupslist() compat on Solaris systems with network-based group databases. [287d3ae2ce8d] 2013-01-17 Todd C. Miller * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: Document signal handler behavior in plugin API 1.3 [20dc9d1c105f] * MANIFEST, include/sudo_plugin.h, src/Makefile.in, src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.c, src/sudo.h: Move signal code into its own source file and add sudo_sigaction() wrapper that has an extra flag to check the saved_signals list to only install the handler if the signal is not already ignored. Bump plugin API version for the new front-end signal behavior. [5d2f27a1b404] * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c, src/sudo.h, src/sudo_exec.h: Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute the command. If we get SIGINT or SIGQUIT, call the plugin close() functions as if the command was interrupted. If we get SIGTSTP, uninstall the handler and deliver SIGTSTP to ourselves. [332baf3a81b7] * src/exec.c, src/exec_pty.c: Rename handle_signals() to dispatch_signals(). Block other signals in handler() so we don't have to worry about the write() being interrupted. [666e95c9a0f1] 2013-01-16 Todd C. Miller * src/tgetpass.c: Rename signal handler to avoid name clash with one in exec.c [8913101a29b6] 2013-01-13 Todd C. Miller * src/sudo.c: Add missing call to save_signals(). [47d075d7326b] 2013-01-11 Todd C. Miller * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: Fill in the comment block at the top of the .pot files and preserve it when regenerating them. [6449497b76db] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h: Add exec_background option in plugin command info and a sudoers option to match. When set, commands are started in the background and automatically foregrounded as needed. There are issues with some ill-mannered programs (like Linux su) so this is not the default. [c0b32b0938f2] * common/Makefile.in: regen [2b2b220e7aea] * src/Makefile.in: Add SESH_OBJS variable for sesh object files. [d3e04ae8fd1f] * configure.in, doc/LICENSE, plugins/sudoers/redblack.c: Update copyright year. [61a0f0cedb13] * src/exec_pty.c: Always resume the command in the foreground if sudo itself is the foreground process. This helps work around poorly behaved programs that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At worst, sudo will go into the background but upon resume the command will be runnable. Otherwise, we can get into a situation where the command will immediately suspend itself. [c368ac3eb2e4] * configure, configure.in: Use -fstack-protector-all in preference to -fstack-protector where supported. [f930c95ceb51] 2013-01-10 Todd C. Miller * configure, configure.in: Only test for -fstack-protector and -fvisibility=hidden on GNU compatible compilers. [796f4696d863] 2013-01-03 Todd C. Miller * NEWS: Add Sudo 1.8.6p4 [8a928de8e717] * common/Makefile.in, compat/Makefile.in, configure, configure.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, src/Makefile.in: Break out stack smashing protector options into SSP_CFLAGS and SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS). [01be114fc9fb] 2013-01-01 Todd C. Miller * doc/CONTRIBUTORS, plugins/sudoers/redblack.c: In rbrepair(), make sure we never try to change the color of the sentinel node, which is the first entry, not the root. From Michael King [3fc4dc4004ec] 2012-12-28 Todd C. Miller * src/exec_pty.c: No need to restore default signal handler for SIGSTOP as it is not catchable. Attempting to do so is harmless but sigaction() will fail and set errno to EINVAL which makes it looks like there is an error. [be7c0b759e9a] * src/exec.c: Print SIGCONT_FG and SIGCONT_BG properly in debug output. [93e59e301c8f] 2012-12-27 Todd C. Miller * configure, configure.in: Disable PIE on FreeBSD/ia64, otherwise sudo will segfault. [9ed48f696595] 2012-12-20 Todd C. Miller * include/missing.h: Add howmany() macro since some systems have this in sys/param.h which we no longer include. [2c5efaa16c45] 2012-12-07 Todd C. Miller * plugins/sudoers/regress/sudoers/test11.toke.out.ok: Remove errant file. [a91699beffc6] 2012-12-04 Todd C. Miller * plugins/sudoers/regress/check_symbols/check_symbols.c, plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/regress/parser/check_fill.c: Remove obsolete sudoers_cleanup() stubs. [89153025a2ae] * common/alloc.c, common/atobool.c, common/fileops.c, common/fmt_string.c, common/lbuf.c, common/secure_path.c, common/sudo_conf.c, common/sudo_debug.c, common/term.c, compat/closefrom.c, compat/getcwd.c, compat/glob.c, compat/snprintf.c, include/missing.h, plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, plugins/sample_group/sample_group.c, plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, plugins/sudoers/match.c, plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, plugins/sudoers/policy.c, plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, plugins/system_group/system_group.c, src/conversation.c, src/exec.c, src/exec_common.c, src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c: Don't include . We only needed it for MAXPATHLEN, MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and HOST_NAME_MAX throughout without falling back on MAXPATHLEN or MAXHOSTNAMELEN and define our own MIN/MAX macros as needed. [f4807d46f504] * include/missing.h, plugins/sudoers/match.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sudo.c: Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN (sys/param.h or netdb.h). [2544f5e306dd] 2012-11-30 Todd C. Miller * plugins/sudoers/logging.c: Move debug_decl() in log_failure() to be after the variable declarations for C89. [f48d2035ab44] 2012-11-29 Todd C. Miller * common/error.c, include/error.h, plugins/sudoers/iolog.c, plugins/sudoers/logging.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Cannot wrap sigsetjmp() or we end up returning to the wrong place. Use a macro instead. [749ee6acdad8] 2012-11-28 Todd C. Miller * plugins/sudoers/policy.c: Fix return in sudoers_policy_open that should be debug_return. [a78b795b6846] 2012-11-27 Todd C. Miller * src/ttyname.c: Define sudo_ttyname_dev() for the HAVE_STRUCT_PSINFO_PR_TTYDEV case too. [acfa891c229e] * src/solaris.c: Quiet a gcc warning and add comment about needing to keep the handle open. [f954f228960f] 2012-11-26 Todd C. Miller * INSTALL: mention --disable-shared [6954d39e2d0f] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: Add missing command_info argument in I/O plugin open() prototype. Bug #579 [72beb07aba0e] 2012-11-25 Todd C. Miller * plugins/sudoers/gram.c: Regen for proper line numbers. [6cf6e132e764] * configure, configure.in: Add locale_stub.o to SUDO_OBJS, not locale_stub.lo. [d604dc8ca38a] * common/sudo_printf.c: Include missing.h for __printflike. [a33640600faf] * plugins/sudoers/iolog.c: Saner loop invariant in io_mkdirs (cosmetic only). [dc30274afe38] * MANIFEST, common/Makefile.in, common/error.c, common/sudo_printf.c, configure, configure.in, include/error.h, mkdep.pl, plugins/sudoers/Makefile.in, plugins/sudoers/locale.c, plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/Makefile.in, src/error.c, src/exec_pty.c, src/locale_stub.c, src/sesh.c: Move warn/error into common and make static builds work. [4d3f374f4e4c] * MANIFEST, common/Makefile.in, common/sudo_debug.c, common/sudo_printf.c, include/error.h, plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, plugins/sudoers/regress/check_symbols/check_symbols.c, plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/Makefile.in, src/conversation.c, src/sesh.c: Move _sudo_printf from src/conversation.c to common/sudo_printf.c. Add sudo_printf function pointer that is initialized to _sudo_printf() instead of requiring a sudo_conv function pointer everywhere. The plugin will reset sudo_printf to point to the version passed in via the plugin open function. Now plugin_error.c can just call sudo_printf in all cases. The sudoers binaries no longer need their own version of sudo_printf. [9b09d3f63790] * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't need error_jmp to be extern. Also add plugin_clearjmp() that clears a flag so error()/errorx() knows when to call exit() vs. longjmp(). [5a4617148e70] * plugins/sudoers/set_perms.c: Let warning() call gettext() for us. [ab8d502ba4ac] * include/error.h, plugins/sudoers/plugin_error.c, src/error.c: Do locale swapping in the warning()/error() macros themselves instead of in the underlying functions. [4cd205540e17] * common/alloc.c, common/list.c, include/error.h, plugins/sudoers/env.c, plugins/sudoers/plugin_error.c, plugins/sudoers/regress/check_symbols/check_symbols.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c, src/hooks.c: Rename warning2()/error2() -> warning_nodebug()/error_nodebug(). [48346393634d] * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c, plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/error.c, src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c: Call gettext() on parameters for warning()/warningx() instead of having warning() do it for us. [c71088bc9d3e] * Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c: Call gettext() in sudoerserror() in the user's locale and pass the untranslated string to it. [cdbfc231b848] * plugins/sudoers/Makefile.in, plugins/sudoers/locale.c, plugins/sudoers/logging.h, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: Allow sudoers programs (visudo, sudoreplay, visudo) to use plugin_error.c instead of the error.c from the front-end. This means sudoers_setlocale() needs to be independent of the sudo_user struct and the defaults table. The sudoers locale is now updated via a callback. [e356f5f8cd6a] * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Include setjmp.h in sudoers.h Move error_jmp into plugin_error.c Rename sudoers_plugin_cleanup sudoers_cleanup Make sudoers warning/error functions work when sudo_conv is NULL [7365ee24a779] * src/error.c: No need to change locale in front-end warning()/error(). [23dc1df7f93b] * plugins/sudoers/tsgetgrpw.c: Ignore bad lines in passwd/group file instead if stopping processing when we hit one. [79b790559075] * plugins/sudoers/regress/testsudoers/test2.sh, plugins/sudoers/regress/testsudoers/test3.sh, plugins/sudoers/regress/testsudoers/test5.sh: Bash doesn't let you set UID to use MYUID instead. [5be56335f059] * plugins/sudoers/visudo.c: Avoid NULL deref for unknown Defaults in strict mode. [545c21c1e7d6] * common/sudo_conf.c, common/sudo_debug.c: See DEFAULT_TEXT_DOMAIN [3d723e1d27db] 2012-11-13 Todd C. Miller * .hgignore: Add signame.c and mksigname. [d59bbf423f00] * plugins/sudoers/Makefile.in: Fold preinstall into install-plugin and pass the path to the plugin binary to the preinstall command. [2c2205af8bb7] * pp: sync with upstream [a4b7336b3256] * src/sudo.h: repair spacing [f5c1255ce514] 2012-11-12 Todd C. Miller * common/sudo_debug.c: Set group on sudo_debug when creating it to gid 0 so systems without BSD group semantics don't get the invoking user's group. [7dda01196554] * plugins/sudoers/iolog.c: Rename mkdir_parents() io_mkdirs() and add a flag to specify whether path is a temporary, in which case the final component is created via mkdtemp() instead of mkdir(). [79c0c4e7ed58] * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h: For PERM_ROOT set egid to 0 so log files are not created with the gid of the user. [5b964ea43474] * plugins/sudoers/logging.c: Add calls to set_perms(PERM_ROOT) becore logging to a file. We should already be root but since we cache the current permission status it is basically free. That way, if more of sudoers runs as non-root in the future logging will still work correctly. [c591d4973f41] * common/sudo_conf.c, config.h.in, configure, configure.in, include/gettext.h, plugins/sudoers/locale.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/error.c, src/exec.c, src/sesh.c, src/sudo.c: #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it. [41f6bb4926f4] * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: Mention that sudo.conf is parsed in the C locale. [f711c416e30c] * common/sudo_conf.c: Parse sudo.conf in the "C" locale. [776658f651ea] * plugins/sudoers/locale.c, plugins/sudoers/logging.h, plugins/sudoers/sudoers.h: Fix compilation on systems w/o setlocale() [6940d1c1c1ce] * doc/TROUBLESHOOTING: Sudo now includes a workaround for the Solaris 11 locale issue. [ab93787a552c] 2012-11-11 Todd C. Miller * include/gettext.h, plugins/sudoers/iolog_path.c, plugins/sudoers/locale.c, plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/error.c, src/exec.c, src/sesh.c, src/sudo.c, src/sudo.h: Always include locale.h from gettext.h so we no longer need to include locale.h from the .c files. [93d39182ccfa] * MANIFEST, config.h.in, configure, configure.in, mkdep.pl, plugins/sudoers/Makefile.in, src/Makefile.in, src/openbsd.c, src/solaris.c, src/sudo.c, src/sudo.h: Add os-specific initialization functions for solaris (workaround setuid locale problem in Solaris 11) and openbsd (set malloc_options if SUDO_DEVEL). Also move set_project() to solaris.c. [1d6581afbaf4] 2012-11-09 Todd C. Miller * plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: Avoid strerror() when possible and just rely on warning/error to handle errno in the proper locale. [bf612caae97c] * plugins/sudoers/logging.c: Set sudoers locale in log_allowed() [2dd0ac704cae] * plugins/sudoers/check.c: Make the sudo lecture translatable. [3cdfc183d72d] * Makefile.in: Add the values of badpass_message, passprompt and mailsub to sudoers.pot so they can be translated. [51cbe8adcb94] * plugins/sudoers/logging.c: Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked up by xgettext. [c5b74115caf0] 2012-11-08 Todd C. Miller * plugins/sudoers/check.c, plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h: Make expand_prompt() args const and free the prompt when we are done with it. [995ef8519fe6] * plugins/sudoers/policy.c: Fix cut and pasto [e002921c1d15] * plugins/sudoers/defaults.c, plugins/sudoers/logging.c: Expand def_mailsub in the sudoers locale, not the user's. [a4775f2fb385] * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, plugins/sudoers/env.c, plugins/sudoers/iolog.c, plugins/sudoers/locale.c, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/parse.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: Call gettext inside log_error et al instead of having the caller do it. This way we can display any messages to the user in their own locale but log in the sudoers local. [286e0444f785] * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/defaults.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/error.c, src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c: Display warning/error messages in the user's locale. [00a04165c0cf] * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c, plugins/sudoers/sudoers.c: audit_failure() now calls gettext itself using the sudoers locale. [d77f1d78799a] * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, plugins/sudoers/sudoers.c: Convert setlocale() to sudoers_setlocale() in the sudoers module. This only converts existing uses, there are more places where we need to sprinkle sudoers_setlocale() calls. [8ee0cbf0d0a9] * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c, plugins/sudoers/locale.c, plugins/sudoers/logging.h, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Add simple locale switching to make it easy to switch from the user's locale to the sudoers locale without making excessive setlocale() calls when we don't need to. [5c61582fdeee] * common/sudo_debug.c, include/error.h, include/sudo_debug.h, plugins/sudoers/plugin_error.c, src/error.c: Add variants of warn/error and sudo_debug_printf that take a va_list instead of a variable number of args. [00392bdc063c] * INSTALL, doc/TROUBLESHOOTING: Document Solaris 11 locale issues and workarounds. [05f7d34af3ae] * Makefile.in, configure, configure.in: Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8 locales. Make links from localdir/lang -> localdir/lang.UTF-8 [5ca9326480e2] 2012-11-06 Todd C. Miller * plugins/sudoers/audit.c, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/sudoers.c: Do not inform the user that the command was not permitted by the policy if they do not successfully authenticate. This is a regression introduced in sudo 1.8.6. [c1279df08bfb] * plugins/sudoers/Makefile.in: Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup the rpath in HP-UX SOM shared libraries for the LDAP libs. [b07185657b42] * src/parse_args.c: The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A. [22c73cbe3ff9] 2012-10-28 Todd C. Miller * INSTALL, configure, configure.in: Allow the user to specify and alternate libtool [c9d6fc9521fd] 2012-10-26 Todd C. Miller * doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c: Allow sudo to be build with sss support without also including ldap support. From Stephane Graber. [b992a80ebea1] 2012-10-25 Todd C. Miller * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: Refactor policy plugin interface code from sudoers.c into policy.c [393e62910b8a] * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: Refactor command_info setting into its own function. [a952b948324c] * plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c, plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: Make interfaces pointer private to interfaces.c and add get_interfaces() accessor. [b69b9334ed3c] 2012-10-24 Todd C. Miller * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, plugins/sudoers/sudoers.h: Make user_cwd const since it is either a string literal or passed in from the front-end. [90751b81e8bc] * configure, configure.in: sudo 1.8.7 [bf727adb8af0] * plugins/sudoers/sudoers.c: Avoid nested strtok() calls. [9d9f22ab52a9] 2012-10-23 Todd C. Miller * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h: Move expand_prompt() into its own source file for easier unit testing. [b419b48a436f] * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, plugins/sudoers/check.h, plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: Make check.c independent of the underlying timestamp implementation. [895071bd6065] * plugins/sudoers/iolog_path.c: Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled. [8ac38f02dd6d] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Use a list for the possible values of Tag_Spec with a minimal indent to improve readability. In the pod version, these were =head3. Also use .St -p1003.1 instead of just POSIX when talking about glob() and fnmatch(). [361a6f7a5c44] 2012-10-02 Todd C. Miller * src/ttyname.c: sudo_ttyname_dev() is unused if there is no /proc or sysctl(). [6598dbf81e16] * compat/mksiglist.c, compat/mksigname.c, compat/regress/fnmatch/fnm_test.c, compat/regress/glob/globtest.c, plugins/sample_group/plugin_test.c, plugins/sudoers/regress/check_symbols/check_symbols.c, plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c: Explicitly mark main() as public in executables to avoid an HP-UX ld warning. [72a40ce218be] * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: Remove grep from SEE ALSO section. [c7cafee1621f] * common/alloc.c: If vasprintf() fails, just use the errno it sets instead of assuming ENOMEM. [1be5bfdc0cab] 2012-09-28 Todd C. Miller * doc/TROUBLESHOOTING: Mention HP-UX pam.conf settings. [8b8e745b49fd] 2012-09-27 Todd C. Miller * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: Split off timestamp functions into their own source file. [d5833332511d] 2012-09-26 Todd C. Miller * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Mention how !foo is not the same as ALL,!foo [51f8e470757d] 2012-09-25 Todd C. Miller * src/exec_pty.c: Start commands in the background when I/O logging is enabled. We can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2) which returns EINTR on signal instead of restarting automatically. [83b1d59146f7] * src/exec_pty.c: Handle SIGCONT_FG and SIGCONT_BG when converting signal number to string in deliver_signal(). [2cefea7a976e] 2012-09-24 Todd C. Miller * src/exec_pty.c: Fix running commands that need the terminal in the background when I/O logging is enabled. E.g. "sudo vi &". When the command is foregrounded, it will now resume properly. [0bc13a253429] * plugins/sudoers/match.c: Add rudimentary support for name-based matching as a compile-time option. This unsafe when used in conjunction with the '!' operator. [f93bc8e6db15] 2012-09-21 Todd C. Miller * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c: Split out implementation-specific back end code out of pwutil.c into pwutil_impl.c. This will allow the main pwutil code to be used for lookup methods other than getpw* and getgr*. [999c2dde60e4] 2012-09-18 Todd C. Miller * NEWS, configure, configure.in: sudo 1.8.6p3 [97fef3d9ed65] 2012-09-17 Todd C. Miller * doc/fixman.sh: Don't use embedded newline when matching, use \n. This got expanded at some point. Bug #573 [6652f834b8f5] * plugins/sudoers/gram.c, plugins/sudoers/gram.y: Rename yyerror() to sudoerserror() to match yacc prefix changes. Not really needed due to the #defines that yacc makes but it is less confusing this way as the lexer calls sudoerserror(). [a0577be6527d] * common/alloc.c, plugins/sample_group/plugin_test.c, plugins/sudoers/env.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, src/exec_common.c, src/parse_args.c, src/sudo.c: No need to translate "unable to allocate memory" when we can just use the system translation via strerror(). [377499e5827c] * plugins/sudoers/sudoreplay.c: Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not all file systems support d_type. Bug #572 [8b861c62945f] * plugins/sudoers/sudoreplay.c: Avoid calling fclose(NULL) in the error path when we cannot open an I/O log file. [9401d5c4bb05] 2012-09-16 Todd C. Miller * NEWS, configure, configure.in: Sudo 1.8.6p2 [6e32496280f2] * src/exec.c: When setting the signal handler for SIGTSTP to the default value in non-I/O log mode, store the old handler value for when we restore it after resume. [242628694e42] * plugins/sudoers/env.c: Replace the guts of sudo_setenv_nodebug() with our old setenv.c which supports non-standard BSD and glibc semantics. sudo_setenv() now simply calls sudo_setenv2(). [57ffb6c9efaa] 2012-09-15 Todd C. Miller * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: Document non-Unix group support in LDAP sudoers. [33c89f3aeee6] * plugins/sudoers/ldap.c: Enable non-Unix group support for LDAP sudoers. We now check for non-Unix groups and netgroups with the same query in the second pass. Bug #571 [eb98fdff54d9] 2012-09-14 Todd C. Miller * plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, plugins/sudoers/gram.h, plugins/sudoers/parse.c, plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.h, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers. [cb6c0d93215e] 2012-09-12 Todd C. Miller * NEWS: Mention support for SUCCESS=return in /etc/nsswitch.conf [ef1f35aa0863] * NEWS, configure, configure.in: sudo 1.8.6p1 [73a5e1f004b3] 2012-09-11 Todd C. Miller * plugins/sudoers/env.c: Avoid setting LOGNAME, USER and USERNAME variables twice when set_logname is enabled. [0de4f5fbd1d4] * plugins/sudoers/env.c: Fix duplicate detection in sudo_putenv(), do not prune out the variable we just set when overwriting an existing instance. Fixes bug #570 [854ee714c831] * plugins/sudoers/env.c: Add some debuggging [a25cd3305823] 2012-09-04 Todd C. Miller * plugins/sudoers/sudo_nss.c: Disable word wrap in list mode when stdout is a pipe to make "sudo -l | grep ..." more useful. Adapted from a diff by Daniel Kopecek. [65ade04511fd] * common/lbuf.c: Print a trailing newline in lbuf_print() when there is not enough space to do word wrapping and the lbuf does not end with a newline. [c0200e19cd09] * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c: Add support for [SUCCESS=return] in nsswitch.conf; from Daniel Kopecek [5c480316e3ce] * MANIFEST: Add sssd.c [9cadd014ef97] 2012-09-01 Todd C. Miller * plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo, plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo, plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo, src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo: regen .po files [62423d4d143d] * MANIFEST, plugins/sudoers/po/vi.mo: Add Vietnamese sudoers translation from translationproject.org [33666a605525] * NEWS: mention PIE [05032e5304c6] * MANIFEST, plugins/sudoers/po/vi.po: Add Vietnamese sudoers translation from translationproject.org [015c2204bae2] 2012-08-29 Todd C. Miller * Makefile.in, compat/Makefile.in, mkdep.pl: Add missing signame dependency [e493bfb01929] * src/exec.c, src/ttyname.c: Silence compiler warnings. [1c5374b66d9b] * MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c, config.h.in, configure, configure.in, include/missing.h, mkdep.pl, src/exec.c, src/exec_pty.c: Replace strsigname() with sig2str(), emulating it as needed. [1e348cca1fa6] * config.h.in, configure, configure.in, src/utmp.c: Use fseeko() for legacy utmp handling if available. [b4bbd8d2c0e9] 2012-08-28 Todd C. Miller * compat/strsigname.c, config.h.in, configure, configure.in: Detect sys_sigabbrev[] and use it in place of sys_signame[] if present. For some reason glibc does not declare sys_sigabbrev so we must add an extern definition of our own. [b38f3fbd7078] * compat/strsignal.c, compat/strsigname.c: Handle NULL entries in sys_siglist and sys_signame. [a388959d9654] * compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c, compat/mksigname.h, compat/strsignal.c, compat/strsigname.c: Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name} [711e41aba59a] 2012-08-27 Todd C. Miller * NEWS: sync [5a2522488754] * src/exec.c: Pass on SIGTSTP to the command if it was sent by a user process (not the kernel or the terminal) when we are not I/O logging and set the default SIGTSTP handler when we re-send the signal to ourself, restoring our handler after we resume. [4259c47e31c0] * src/exec.c: Shells typically change their process group when they start up so that they can implement job control. Most well-behaved shells change the pgrp back to its original value before suspending so we must not try to restore in that case, lest we race with the child upon resume, potentially stopping sudo with SIGTTOU while the command continues to run. Some shells, such as pdksh, just suspend the shell by sending SIGSTOP to themselves without restoring the pgrp. In this case we need to change the pgrp back for them. Should fix bug #568 [6ac6751ffd17] 2012-08-26 Todd C. Miller * MANIFEST, compat/Makefile.in, compat/mksigname.c, compat/mksigname.h, compat/strsignal.c, compat/strsigname.c, config.h.in, configure, configure.in, include/missing.h, mkdep.pl, src/exec.c, src/exec_pty.c: Use strsigname() to print signal names in the debug output. If the system has no strsigname(), use our own. [0735f18906b9] 2012-08-23 Todd C. Miller * plugins/sudoers/regress/testsudoers/test5.inc, plugins/sudoers/regress/testsudoers/test5.sh: Remove generated file and change path for temporary include file. [4e9fa830c6b5] * plugins/sudoers/Makefile.in: When running regress tests, list pass/fail rate for each dir (testsudoers and visudo) instead of the total. Also prevent the result files from clobbering each other by keeping them in the relevant directories. [6aac53baff7d] * plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/toke.c, plugins/sudoers/toke.l: Don't print an error message in yyerror() if open_sudoers() fails, we've already printed an error message. Also restore the check for sudoers_warnings in yyerror(). [aa6036df5fb2] * plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/toke.c, plugins/sudoers/toke.h, plugins/sudoers/toke.l: Avoid printing the >>> parse error <<< message for testsudoers when the -t flag is specified. [76f3433c8992] 2012-08-22 Todd C. Miller * plugins/sudoers/parse.c: Fix NULL deref when an entry has no Runas_Entry [4b14983ff6e7] * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po, src/po/zh_CN.mo, src/po/zh_CN.po: sync with translationproject.org [440e9c9b37de] * NEWS: sync [3142ba2dce60] * plugins/sudoers/check.c: Correct the check_user() comment header. [73da30308fff] * plugins/sudoers/auth/sudo_auth.c: Change a log_fatal() into log_error() when no auth methods are configured. The caller already checks the return value. [05f5c39793a7] * plugins/sudoers/logging.c: Add missing debug_return [3a76bb7c2fe7] 2012-08-21 Todd C. Miller * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: Make the capitalization consistent for .Ss and .Sx [5c5735ee4b2f] * doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: Add COMMAND EXECUTION section that describes how sudo runs the command, the extra sudo processes and signal handling. [dff2d88e984e] 2012-08-18 Todd C. Miller * Makefile.in: Happy Easter [4b9d697c6b83] 2012-08-17 Todd C. Miller * compat/Makefile.in: Don't echo the awk command when building siglist.in [21daa72921e6] * doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Cosmetic changes. [19259528e9ad] * doc/Makefile.in: The HISTORY, LICENSE and CONTRIBUTORS files are not longer generated. [ea6ac9e981e6] * MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po, plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po, plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po, src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po, src/po/uk.po, src/po/vi.po: Sync with translationproject.org and add Italian sudoers translation. [9276740aea59] 2012-08-16 Todd C. Miller * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Expand description of fqdn to talk about systems where the hosts file is searched before DNS. [4ee812ca6116] 2012-08-15 Todd C. Miller * doc/Makefile.in: For cat pages there is nothing to make unless DEVEL is set. [fab4a5b68708] * configure, configure.in, doc/Makefile.in: Always use mandoc to format cat pages and remove now-extraneous nroff configure tests. [5747f4ed5762] * pp: sync polypkg from git [89ddf6ea3e3f] * plugins/sudoers/sudoers.c: Use AI_FQDN instead of AI_CANONNAME if available since "canonical" is not always the same as "fully qualified". [7c1d9c098386] 2012-08-14 Todd C. Miller * doc/sudoers.mdoc.in: Fix some typos. Describe error messages not related to policy permissions. [f5ebf9030d85] * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, plugins/sudoers/visudo.c: Add new check_defaults() function to check (but not update) the Defaults entries. Visudo can now use this instead of update_defaults to check all the defaults regardless instead of just the global Defaults entries. [3fa879ce1b65] 2012-08-13 Todd C. Miller * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Document sudoers log format. [08998a7061ab] * NEWS: Update for sudo 1.8.5p3 [6e102a5d4e8d] * src/load_plugins.c: Add missing check for I/O plugin API version when checking for the presence of I/O plugin hooks. [ef05c7eeaf81] * src/hooks.c: Can't call debug code in the process_hooks_xxx functions() since ctime() may look up the timezone via the TZ environment variable. [2179fb26bd8e] 2012-08-10 Todd C. Miller * src/exec_common.c, src/sesh.c, src/utmp.c: Include signal.h before sudo_exec.h since it uses sigset_t * in the fork_pty prototype. [94fc0d859600] * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: Remove OPTIONS section; options now go inside DESCRIPTION [a619fc58a746] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen [44719d80bc06] * MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po, src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po: Sync with translationproject.org and add new Slovenian translation. [34b4b966bbac] * common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c, plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: Reduce the number of "internal error, foo overflow" messages that need to be translated. [93ffa2b3d53f] * NEWS: Mention HP-UX reboot fix. [1e39b5aa32ac] * INSTALL, NEWS, common/sudo_debug.c, configure, configure.in, doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in, plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c: Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers data source. From Daniel Kopecek and Pavel Brezina. [3f85e95d6928] 2012-08-09 Todd C. Miller * common/sudo_conf.c, src/load_plugins.c: If sudo.conf contains an I/O plugin but no policy plugin, use sudoers for the policy plugin. If a policy plugin is specified without an I/O plugin, only the policy plugin will be loaded. [ea192df2439d] * doc/Makefile.in, doc/sudoers.man.in: Do not modify the .Os section when building the .man.in file from .mdoc.in. [a9f9628e147f] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Add a note about wildcards matching multiple words and include an example. Also mention that for sudoedit, a wildcard in command line args does not match a slash. [fcb9fbac14e0] 2012-08-07 Todd C. Miller * src/exec_pty.c, src/sudo_exec.h: Fix a comment, update a variable name in a prototype; all cosmetic. [e89f10cbd6e1] * plugins/sudoers/iolog.c: Cast 2nd argument of lseek() to off_t if it is a constant for systems with 64-bit off_t but without a proper lseek() prototype. [d8779da135d0] * compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/visudo.c: Fix some warnings from clang checker-267 [1e44ef7860b5] * plugins/sample/sample_plugin.c: Fix memory leak found by clang checker-267 [f8a43617fdfb] 2012-08-06 Todd C. Miller * src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h: If we receive a signal from the command we executed, do not forward it back to the command. This fixes a problem with BSD-derived versions of the reboot command which send SIGTERM to all other processes, including the sudo process. Sudo would then deliver SIGTERM to reboot which would die before calling the reboot() system call, effectively leaving the system in single user mode. [4ffab9ab9e98] 2012-08-03 Todd C. Miller * doc/fixman.sh, doc/fixmdoc.sh: Remove section about Solaris 10 on other systems. Add missing sudoers.man.in bit to fixman.sh. [176559199ba7] 2012-08-02 Todd C. Miller * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Expand section on Solaris privileges. [3a1bfa2f1743] * NEWS: Expand a bit on the Solaris priv set changes. [bffb78b4a520] * plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: The second argument to init_parser() is now bool. [fb727a4fb651] * plugins/sudoers/gram.c, plugins/sudoers/gram.y: Fix printing of parse error message to stderr. [dea6b420b84f] * plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/match.c, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c: If a command matches using an empty Runas_List (i.e. Runas_List is present but empty) and the -u option was not specified, set runas_pw to user_pw instead of using runas_default. This is intended to be used in conjunction with the Solaris Privilege Set support for rules that grant privileges without changing the user. [e84a081f3c11] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/gram.c, plugins/sudoers/gram.h, plugins/sudoers/gram.y, plugins/sudoers/match.c, plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h: Add support for parsing an empty Runas_List, which only allows the command to be run as the invoking user. This can be used in conjunction with the Solaris Privilege Set support to grant privileges without changing the user. [dc34373792fc] 2012-08-01 Todd C. Miller * doc/fixman.sh: Fix HP-UX, just use ".TH name section" like the vendor manuals. [559738237c92] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Fix compilation on Solaris [2d310302207c] * .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh, doc/sudoers.mdoc.sh: Generate a sed script file when munging *.mdoc or *.man instead of passing sed expressions on the command line. Older seds do not support \n in a replacement so generate and run a sed script instead. [0bcce3f1ca18] * doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in: Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION" [fe0f10b63776] 2012-07-31 Todd C. Miller * src/exec.c: When checking whether a signal is user-generated, compare si_code against SI_USER instead of <= 0 since on HP-UX, terminal-related signals get a code of 0. [4e9021243343] * src/sudo.c: SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX interchangably. This causes problems when setting RLIMIT_NPROC to RLIM_INFINITY due to a bug in bash where bash tries to honor the value of _SC_CHILD_MAX but treats a value of -1 as an error, and uses a default value of 32 instead. Previously, we just checked RLIMIT_NPROC and, if it was unlimited, restored the previous value of RLIMIT_NPROC. However, that makes it impossible to set nproc to unlimited. We now only restore the nproc resource limit if sysconf(_SC_CHILD_MAX) is negative. In most cases, pam_limits will set RLIMIT_NPROC for us. [cb71cc8d0b08] 2012-07-30 Todd C. Miller * plugins/sudoers/ldap.c: Active Directory apparently requires that tenths of a second be present in a date so append .0 to the "now" value in the time filter. Also remove space for the global AND from TIMEFILTER_LENGTH since it was not being used consistently. Buffers of TIMEFILTER_LENGTH now need to account for the terminating NUL byte. [d28619ff6e45] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Fix SELinux build [cc0d1f4e851b] 2012-07-29 Todd C. Miller * MANIFEST: Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they were not being kept in sync. [fc3ad1847cb1] * doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod, doc/license.pod: Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they were not being kept in sync. [950363dffe3a] 2012-07-27 Todd C. Miller * plugins/sudoers/logging.c: Fix printing of the permission denied message to standard error when a user is not allowed to run a command. This got broken by the recent logging changes. [b7af63da3ca1] * plugins/sudoers/sudoers_version.h: Bump grammar version for Solaris privs. [2a2baf024477] * doc/schema.ActiveDirectory: Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder were added. From David Hicks. [3fc432a8edb4] 2012-07-26 Todd C. Miller * plugins/sudoers/Makefile.in: Remove lex.yy.c when building toke.c [72bb9e62b289] * doc/Makefile.in: Fix building docs in a build dir. [7a6f435af022] * doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod, doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod, doc/sudoreplay.pod, doc/visudo.pod: Remove pod versions of the manual; we now use mdoc. [5c967d2dd5db] * MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh, doc/sudoers.mdoc.sh: Add post-processing scripts to strip out login class, BSD auth, SELinux and privilege set bits when they are not supported. [d0d51f72f597] * NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/gram.c, plugins/sudoers/gram.h, plugins/sudoers/gram.y, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, src/sudo.c, src/sudo.h: Merge in Solaris privilege support by Darren Moffat and John Zolnowsky [3aa0a64f2f5c] 2012-07-25 Todd C. Miller * doc/contributors.pod: Sync with CONTRIBUTORS file [9a0852306ad9] * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in: Regen .man.in files with my private mandoc. [dc3c9fc449eb] * doc/Makefile.in: add MANDOC variable [35527e66afc5] 2012-07-20 Todd C. Miller * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in: Regen .man.in files with hacked mandoc to avoid issues with historic nroff. [d45cfa7d665f] 2012-07-19 Todd C. Miller * doc/sudo.mdoc.in, doc/sudoers.mdoc.in: Fix groff warnings. [111d522ca807] * doc/Makefile.in: Fix dependencies for .man.in files. [aefeffe1af2b] * .hgignore: Add doc/*.mdoc to ignore file [1e4de6ef2ad8] * INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: Build .man.in and .cat files from .mdoc.in files. Add new --with-man and --with-mdoc configure options. [c963fd7e8f80] 2012-07-18 Todd C. Miller * doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in, doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in: Sudo manuals formatted in mdoc, to replace the pod versions. [e6dca4030451] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod: More minor costmetic fixes. [a7287a68385a] 2012-07-12 Todd C. Miller * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: Minor cosmetic fixes. [9c48bdaf3946] 2012-07-11 Todd C. Miller * plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot: Use "a password is required" instead of "password required" when the -n flag is used and we need to read a password. [a3c30fc41648] 2012-07-10 Todd C. Miller * NEWS: Mention logging changes. [8238fd6e02e8] * plugins/sudoers/po/sudoers.pot: regen [e2cf634ba63b] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Document that other mail_* flags have precedence over mail_badpass. [9f4cc9188f40] * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Move log_denial() calls and logic to log_failure(). Move authentication failure logging to log_auth_failure(). Both of these call audit_failure() for us. This subtly changes logging for commands that are denied by sudoers but where the user failed to enter the correct password. Previously, these would be logged as "N incorrect password attempts" but now are logged as "command not allowed". Fixes bug #563 [cad35f0b3ad7] 2012-07-06 Todd C. Miller * common/aix.c: Do not set a resource limit to zero when we are unable to fetch a value from /etc/security/limits. [62bfb0a7895e] 2012-07-05 Todd C. Miller * sudo.pp: Add "Provides: sudo" to debian sudo-ldap package [beb8afa0beb2] 2012-07-02 Todd C. Miller * configure, configure.in, zlib/Makefile.in: Define NO_VIZ for zlib when gcc doesn't support symbol visibility attributes. [9fdcbf526386] * configure, configure.in: Use the autoconf cache when checking for symbol export control support. [03c2cce8711f] * INSTALL, common/Makefile.in, compat/Makefile.in, configure, configure.in, mkpkg, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, src/Makefile.in: Add configure check for building PIE executables instead of doing it in mkpkg. [02b5b78ef258] * sudo.pp: MacOS pp backend doesn't like modes longer than 4 characters. [01b49022bf01] 2012-07-01 Todd C. Miller * configure, configure.in: Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding -fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool will strip -fstack-protector from the linker flags and we always link with libtool. [0a0a0250ac2b] 2012-06-29 Todd C. Miller * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: Regen for sudo 1.8.6 [1657ee28b496] * NEWS, doc/sudoers.ldap.pod: Document improved Tivoli Directory Server support. [fb411edf4687] * config.h.in, configure, configure.in, plugins/sudoers/ldap.c: Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf option to specify Tivoli key db password. Allow TLS ciphers to be configured for Tivoli. [737e17c91e60] 2012-06-28 Todd C. Miller * plugins/sudoers/ldap.c: Tivoli Directory Server 6.3 libs always return a (bogus) error when setting LDAP_OPT_CONNECT_TIMEOUT. [504406637c38] * NEWS: Update [687a755604e8] * plugins/sudoers/ldap.c: Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a set an ldap option fatal. [17cf93ae3304] 2012-06-27 Todd C. Miller * plugins/sudoers/sudoers.c: Zero pointers in sudo_user struct after freeing, just in case. [8eff1f80b943] * plugins/sudoers/sudoers.c: Free user_gids in close function if it has not already been freed. [cbce28877f37] * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Defer group ID to name resolution until we actually need it. [463e75b81e89] * src/sudo.c: It is safe to read in sudo.conf before calling user_info(). [3290b6434e3c] * plugins/sudoers/env.c, plugins/sudoers/ldap.c: Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to prevent potential truncation. Bug #562. [29d9fc4e0c4e] 2012-06-25 Todd C. Miller * sudo.pp: If installing with installp, error out if there is already an instance of the rpm package installed. [ec24c6faba22] * mkpkg: Add --disable-nls for AIX [192ac2f7d65e] 2012-06-22 Todd C. Miller * sudo.pp: Debian sudo-ldap packages should now depend on libldap-2.4-2, not libldap2. [cbcec71e6b58] 2012-06-21 Todd C. Miller * sudo.pp: Add Homepage and Bugs to debian control file. [0f19d7d14e66] 2012-06-20 Todd C. Miller * mkpkg: fix typo when setting aix_freeware [2fd6feb50195] * common/Makefile.in, compat/Makefile.in, configure, configure.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in: Don't run regress tests or sudoers sanity check (using the newly- built visudo) when cross compiling. Bug #560 [0c4e3f68b2f5] * MANIFEST, configure, configure.in, plugins/sample/Makefile.in, plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map, plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in, plugins/sample_group/sample_group.exp, plugins/sample_group/sample_group.map, plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map, plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in, plugins/system_group/system_group.exp, plugins/system_group/system_group.map, plugins/system_group/system_group.sym: Rename foo.sym -> foo.exp Remove foo.map from the repo and generate it on demand Use a loader option file for HP-UX ld to explicitly export symbols [2402ff5302ab] * src/Makefile.in: Remove extraneous backslash [8ca054de138c] * plugins/sudoers/regress/check_symbols/check_symbols.c: Don't check for errorx as an exported symbols as it is now a macro. Check for user_in_group() instead. [7b02c8ecd3ea] 2012-06-19 Todd C. Miller * configure, configure.in: Adjust ld map file support to use an anonymous scope to match the updated .map files. [49be44282d9e] 2012-06-18 Todd C. Miller * config.h.in, configure, configure.in, include/gettext.h: Older versions of Solaris lack ngettext() [028af10dfa5f] * configure, configure.in: Move the check for -static-libgcc until after AC_LANG_WERROR has been called and use AX_CHECK_COMPILE_FLAG(). [a7b09120e7ff] * include/gettext.h: Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H [3aa2780d4a4e] * include/error.h, include/sudo_debug.h: Fix gcc 2.x variant macro support. [8e71c2370997] * plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c: Fix compilation on gcc 2.95 and other compilers that only allow variable declarations at the beginning of a block. [9d80c802bb46] * configure, configure.in, plugins/sudoers/Makefile.in: Link check_symbols with SUDO_LIBS to make sure we link with the requisite libraries to successfully dlopen sudoers.so. This is needed on HP-UX where a program dlopen()ing a shared object that uses pthreads must also be linked with pthreads (and HP-UX LDAP uses pthreads). [b8961cd82337] * plugins/sudoers/regress/check_symbols/check_symbols.c: Add check for exported local symbols. This will cause a "make check" failure on systems where we don't support symbol hiding. [8aa549389bb1] * configure, configure.in: Additional ${foo} -> $(foo) Makefile tweaks. [046bbde18f52] * plugins/sample/sample_plugin.map, plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map, plugins/system_group/system_group.map: No need to provide a name for the scope in the map file since we don't use the it for versioning. [5ed4b997560d] 2012-06-17 Todd C. Miller * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/regress/check_symbols/check_symbols.c: Add regress test for symbol visibility. [9adddd4e0518] 2012-06-15 Todd C. Miller * NEWS, configure, configure.in: sudo 1.8.6 [57008a7afb77] * configure, configure.in, include/missing.h: Add support for controlling symbol visibility using the HP and Solaris C compilers. [46d5b468979e] * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/sudoers.h: Use the expanded io log dir when updating the sequence number. Includes a workaround for older versions of sudo where the sequence number was stored in the unexpanded io log dir. [210797dab9a8] 2012-06-14 Todd C. Miller * src/parse_args.c: Simplify "sudo -s" argv rewriting. [7be143dae7c5] * MANIFEST, configure, configure.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, src/Makefile.in, src/sudo_noexec.map: Don't use a map file for sudo_noexec.so since Solaris ld doesn't allow '*' in the global section. The libtool export flag is now added to LT_LDFLAGS instead of commenting/uncommenting lines. [38fc37a66b04] 2012-06-13 Todd C. Miller * config.h.in, configure, configure.in, include/missing.h: The visibility attribute was actually added in gcc 3.3.x, not 4.0. Just assume that if -fvisibility=hidden works that the attribute is usable. [d3904d6faf14] * plugins/sudoers/check.c, plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, plugins/sudoers/match.c, plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map, plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c, plugins/system_group/system_group.c: Export group cache from sudoers.so for system_group.so to use. [16695d207fc5] * MANIFEST, configure, configure.in, include/missing.h, plugins/sample/Makefile.in, plugins/sample/sample_plugin.map, plugins/sample_group/Makefile.in, plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in, plugins/system_group/system_group.map, src/sudo_noexec.c, src/sudo_noexec.map: Use gcc's visibility attribute to specify when symbols are visible or hidden, if available. If not available, use an ELF version script if it is supported. If all else fails, fall back to using libtool's -export-symbols. [64e889921727] 2012-06-12 Todd C. Miller * sudo.pp: Add mode for installed locale files but leave the directories with default mode and owner. [142237dbb31f] 2012-06-11 Todd C. Miller * mkpkg, sudo.pp: Install AIX packages under /opt/freeware with links in /usr/bin and /usr/sbin. This matches the layout of the sudo package from AIX freeware. [0b79d47bbe01] * Makefile.in, configure, configure.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp: Install shared objects with mode 0644 except on HP-UX which needs the executable bit set. [ae416af0ba6c] * Makefile.in, doc/Makefile.in, include/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Make installed file modes consistent with the file modes in the sudo package. [307386373289] 2012-06-08 Todd C. Miller * doc/sudoers.pod: Add "%:" prefix when talking about QAS non-Unix group support. [7cb25f6861f8] * pp, sudo.pp: Fix packaging of symbolic links on HP-UX when the link source already exists in the filesystem. [c9bb48031596] * mkpkg: Only specify prefix if we are overriding the default value. Fixes the man dir (/usr/local/man vs. /usr/local/share/man). [65351b6c1697] * sudo.pp: Fix setting of sudoedit_man variable. [9beed9ae5bba] * doc/Makefile.in: Echo the command when linking the sudoedit manual. [6c83b5657b55] 2012-06-07 Todd C. Miller * mkpkg, sudo.pp: Build .deb packages with selinux support. [3fd9cb1b4526] 2012-06-04 Todd C. Miller * sudo.pp: Don't list paths for unstripped binaries in the lintial overrides. [4c8e16f1773b] * pp: Add support for Installed-Size header in control file, required by newer debian versions. [e97d76234bee] * pp: Fix extended description in .deb files. [d35e27ace146] * sudo.pp: Add Depends, Replaces and Conflicts headers for .deb packages. [76eb6c4b3278] 2012-06-01 Todd C. Miller * plugins/sudoers/sudo_nss.c: If there are no privs to print, write the message to the lbuf instead of printing it directly. [ecd56226abb7] 2012-05-31 Todd C. Miller * sudo.pp: Set -e in %pos and %preun for debian to quiet a lintian warning. [8bb908514df9] * doc/Makefile.in, src/Makefile.in, sudo.pp: Install sudoedit and the sudoedit manual as symbolic links, not hard links and package them as such. [f317ff3cf3e7] * sudo.pp: Make sudo binary permissions 755 instead of 111 Add lintian overrides file for .deb files. [991cd7d7f0e1] * configure, configure.in, doc/Makefile.in, mkpkg: Replace out of date MAN_POSTINSTALL with MANCOMPRESS and MANCOMPRESSEXT which can be used to compress the installed manual pages. Compress the man pages for .deb files to appease lintian. [4e34083b41d2] * sudo.pp: Debian fixes: * fix modes to be more in line with what Debian expects * add section * install LICENSE as copyright and ChangeLog as changelog * create stub changelog.debian [7f6c5647f588] * pp: Fix find command to properly skip files in the DEBIAN dir when building md5sums. [8918bde941fa] * pp, sudo.pp: Use a debian-compliant package maintainer field. [fc51a94170eb] 2012-05-30 Todd C. Miller * plugins/sudoers/sudoreplay.c: No need to loop over atomic_writev(), it guarantees to write all data or return an error. Fix handling of stdout/stderr that contains "\r\n" and handle a "\r\n" pair that spans a buffer. [8aaf02d90c45] 2012-05-29 Todd C. Miller * NEWS: Update for sudo 1.8.5p2 [d369d4d40a19] * plugins/sudoers/sudoreplay.c: Instead of doing extra write()s when replaying stdout, build up a vector for writev() instead. This results in far fewer system calls. [303d866c025c] 2012-05-27 Todd C. Miller * src/env_hooks.c, src/sudo.h, src/tgetpass.c: Provide unhooked version of getenv() and use it when looking up DISPLAY and SUDO_ASKPASS in the environment. [04dbdccf4a14] 2012-05-25 Todd C. Miller * plugins/sudoers/sudoreplay.c: When replaying a log of stdout or stderr, do newline to carriage return + linefeed conversion. We cannot have termios do this for us since we've disabled output postprocessing (POST) when setting raw mode. [61352a7d996f] 2012-05-24 Todd C. Miller * configure, configure.in: When checking for -fstack-protector, treat warnings as fatal errors. [4124cd12d511] 2012-05-22 Todd C. Miller * configure, configure.in: Fix test for -z relro [548bdb6f5c4a] * MANIFEST: Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4 [ed063264a2a1] * INSTALL, aclocal.m4, configure, configure.in, m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4: Build with -fstack-protector and link with -zrelo where supported. Added --disable-hardening option to disable hardening options. [0b6c1a1ceb03] 2012-05-21 Todd C. Miller * plugins/sudoers/Makefile.in, plugins/sudoers/regress/testsudoers/test1.sh, plugins/sudoers/regress/testsudoers/test2.sh, plugins/sudoers/regress/testsudoers/test3.sh, plugins/sudoers/regress/testsudoers/test4.out.ok, plugins/sudoers/regress/testsudoers/test4.sh, plugins/sudoers/regress/testsudoers/test5.inc, plugins/sudoers/regress/testsudoers/test5.out.ok, plugins/sudoers/regress/testsudoers/test5.sh, plugins/sudoers/testsudoers.c: Add tests for sudoers mode, owner and group checks. [a7607443aba0] * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: If sudoers_mode is group-readable but the actual sudoers file is not, open the file as uid 0, not uid 1. This fixes a problem when sudoers has a more restrictive mode than what sudo expects to find. In older versions, sudo would silently chmod the file to add the group-readable bit. [c056b6003e6f] * INSTALL, common/secure_path.c, config.h.in, configure, configure.in: No longer throw an error if sudoers is a symbolic link. Deprecated the --with-stow option as that is now (effectively) the default. [8ce783e54886] 2012-05-18 Todd C. Miller * plugins/sudoers/Makefile.in, plugins/sudoers/regress/testsudoers/test2.inc, plugins/sudoers/regress/testsudoers/test2.out.ok, plugins/sudoers/regress/testsudoers/test2.sh, plugins/sudoers/regress/testsudoers/test3.d/root, plugins/sudoers/regress/testsudoers/test3.out.ok, plugins/sudoers/regress/testsudoers/test3.sh: Add basic tests for #include and #includedir [b303e4218951] * plugins/sudoers/testsudoers.c: Add -U sudoers_uid option to testsudoers. [3f8ed13501ba] 2012-05-17 Todd C. Miller * NEWS, configure, configure.in: Update for 1.8.5p1 [c33c49bf5b4b] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Fix #includedir; from Mike Frysinger [d4833d4e39a0] * plugins/sudoers/check.c: Don't prompt for a password if the user is in the exempt group, is root, or is running the command as themselves even if the -k option was specified. This makes "sudo -k command" consistent with the behavior one would get if the user ran "sudo -k" immediately before running the command. [632b3961df00] 2012-05-15 Todd C. Miller * INSTALL: Fix capitalization [7258aa977caf] * mkpkg: Build PIE executable on Mac OS X 10.5 and above. [2a5c7ef92182] 2012-05-14 Todd C. Miller * NEWS: Update for sudo 1.8.4p5 [21164f508b68] * plugins/sudoers/match_addr.c: Add missing break between AF_INET and AF_INET6 in addr_matches_if_netmask() [672a4793931a] * plugins/sudoers/mon_systrace.c: Move systrace monitor code to the attic [d6faf4754e9c] 2012-05-11 Todd C. Miller * src/exec.c: The pointer to the siginfo_t struct in a signal handler may be NULL. [41a4ee934b53] 2012-05-10 Todd C. Miller * plugins/sudoers/pwutil.c: Fix an alignment problem on NetBSD systems with a 64-bit time_t and strict alignment. Based on a patch from Martin Husemann. [1e5ba3c18f17] * include/missing.h: Add offsetof macro for those without it. [e44cb51d2587] * MANIFEST: add system_group plugin [6169793b510c] 2012-05-09 Todd C. Miller * compat/dlopen.c: Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX. [85bd03bc5d94] 2012-05-08 Todd C. Miller * NEWS: Mention system_group plugin [05393dd4bdb8] * Makefile.in, plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in: update depends [6feb0b824fc4] * plugins/system_group/system_group.c: Only call gr_delref() when use sudo's password caching functions. [1103442e21fa] * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in: Add missing dependency on libreplace.la [05bfd9d4657f] * compat/dlopen.c: Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and PROG_HANDLE. [2382d0693acc] * Makefile.in, configure, configure.in, plugins/system_group/Makefile.in, plugins/system_group/system_group.c, plugins/system_group/system_group.sym: Add group plugin that does lookups by name using the system group database. [2ddbb604112f] * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo, src/po/pl.po: sync with translationproject.org [4ef05df4226d] 2012-05-03 Todd C. Miller * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po, src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po, src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: sync with translationproject.org [115c3f828fc5] 2012-05-01 Todd C. Miller * sudo.pp: Add mode for docdir and use '-' (default) for localedir mode. Fixes a problem on Linux when building in a directory with the setgid bit set. [582279c8bcb1] 2012-04-30 Todd C. Miller * pp: Match CentOS 6.0 [1e99ef210f98] 2012-04-24 Todd C. Miller * NEWS: Update with recent changes [c5fc220ba696] * pp: Fix version check on AIX [d272e39112f4] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen [72b23509465a] * plugins/sudoers/ldap.c: Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP SDK. [87b685e70b9a] * plugins/sudoers/ldap.c: Fix printing of invalid uri [645aa53acdde] * plugins/sudoers/auth/pam.c: Pass PAM_SILENT when deleting creds to remove an annoying warning message on Solaris. [1dd0301ef293] 2012-04-23 Todd C. Miller * src/utmp.c: Fix the setutxent and endutxent compatibility defines (this time correctly) when only setutent and endutent are available. [d136d2867db9] * plugins/sudoers/ldap.c: sudo_ldap_set_options_global() should not take an LDAP handle as an argument since the options affect the global settings. [1dc39b9d20f2] * mkpkg: Debian sudo has not been built with --with-exempt=sudo since 1.6.8. [c7716291a856] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h: Call the policy's init_session() function before we fork the child. That way, the session is created and destroyed in the same process, which is needed by some modules, such as pam_mount. [ece552ba002e] * doc/TROUBLESHOOTING: Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is not specified. [bd293e100b28] * plugins/sudoers/auth/pam.c: Delete creds after closing the PAM session. [5158d726d6a5] * plugins/sudoers/ldap.c: Provide a more useful error message if using a Mozilla-style LDAP SDK and you forgot to specify TLS_CERT in ldap.conf. [7cb78feb899c] * src/exec_pty.c: Add missing initialization of a sigaction structure when I/O logging. Fixes a potential problem when suspending the command. [f4480f2ba816] * plugins/sudoers/ldap.c: Split global and per-connection LDAP options into separate arrays. Set global LDAP options before calling ldap_initialize() or ldap_init(). After we have an LDAP handle, set the per-connection options. Fixes a problem with OpenLDAP using the nss crypto backend; bug #342 [265c9d2dc12b] * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po, src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: sync with translationproject.org [6d7fe44be21e] 2012-04-21 Todd C. Miller * src/sudo.c, src/sudo.h: Move struct passwd pointer into struct command details. [d6fb1eff2065] 2012-04-20 Todd C. Miller * pp: Sync with upstream for Mac OS X (and other) fixes. [c2f4998d01b0] * mkpkg: Only built Mac intel universal binary on an intel machine. [0009e0b7e5a8] * src/Makefile.in: Do not pass libtool the -static-libtool-libs option when building sudo and sesh. Otherwise, libtool may prefer a static version of an installed library over a dynamic one when linking. [6fbac9adc885] 2012-04-19 Todd C. Miller * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po: Add German translation for sudo Add Croatian translation for sudoers [fa4da1a6530c] * plugins/sudoers/iolog.c: typo fix in comment [abd721d1288e] 2012-04-16 Todd C. Miller * NEWS: Update with recent changes [6fa11e8448b9] * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: Sort xgettext output by file name. [f650841810f0] * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod: Clarify what "sudoreplay -l" displays and mention that it is sorted. [84031c117bd6] * config.h.in, configure, configure.in, src/ttyname.c: Use AC_HEADER_MAJOR to determine where major/minor are defined. [3c949650a223] * config.h.in, configure, configure.in, src/ttyname.c: Include sys/mkdev.h if present instead of sys/sysmacros.h for minor(). This is needed on Solaris (at least) where the makedev macros in sysmacros.h are obsolete and library functions should be used instead. [343928acf81e] * mkpkg: When building on Mac OS X, only set SDK_FLAGS if specified osversion doesn't match host. [d84c6efac872] 2012-04-15 Todd C. Miller * src/ttyname.c: Add back buf and tty variables for _ttyname() case that were inadvertantly removed. [a4a820b22a44] 2012-04-13 Todd C. Miller * plugins/sudoers/po/sudoers.pot: regen [5446b12c1250] * configure, configure.in: Remove b8 from version number. [5adc4dcec061] * src/ttyname.c: remove some XXX [187579a5f593] * src/ttyname.c: When looking for a device match, do a breadth-first search instead of depth-first. We already special case /dev/pts/ so chances are good that if it is not a pseudo-tty it is in the base of /dev/. Also avoid a stat(2) when possible if struct dirent has d_type. [0183f8a1b278] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, src/sudo.c, src/sudo.h: Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list. [f0574d878491] * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo, src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo, src/po/vi.mo: sync with translationproject.org [4527ea78fbd5] * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po, src/po/hr.mo, src/po/hr.po: New Croatian and Galician translations from translationproject.org [ad4bd924b4de] * src/ttyname.c: Add depth-first traversal of /dev/ for the /proc case when not /dev/pts/N [499bd3456774] * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c: If struct dirent has d_type, use it to avoid an extra stat(). [741dabbe4bcd] * plugins/sudoers/sudoreplay.c: Sort output of "sudoreplay -l" [c0615795bd4b] 2012-04-12 Todd C. Miller * plugins/sudoers/sudoreplay.c: Fix duplicate free introduced in last rev [efdaabe69d75] 2012-04-11 Todd C. Miller * plugins/sudoers/auth/pam.c: Instead of treating ^C from tgetpass() specially, always return AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL like PAM_AUTH_ERR which Mac OS X returns this when there is no tty. [a3b17298d4d0] * config.h.in, configure, configure.in, src/ttyname.c: Rototill code to determine the tty. For Linux, we now look up the tty device in /proc/pid/stat instead of trying to open /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given device number to a string. On BSD, we can use devname(). On Solaris, _ttyname_dev() does what we want. TODO: write /dev/ traversal code for the generic sudo_ttyname_dev(). [6b22be4d09f0] 2012-04-10 Todd C. Miller * src/ttyname.c: Define PRNODEV for those w/o it. [f17290e64559] * config.h.in, configure, configure.in, src/ttyname.c: Check for SVR4-style struct psinfo.pr_ttydev and use that to determine the tty if std{in,out,err} are not ttys. [76ad33a91f4b] * src/ttyname.c: Better support for SVR4-style /proc entries where we can't use ttyname() on the /proc/pid/fd/[0-2] entries. We can, however, attempt to map the device number back to the correct pseudo-tty slave device. [4f9f48cc79eb] * src/ttyname.c: When trying to determine the tty name, check parent's stderr in addition to its stdin and stdout. [604644056c7d] * src/exec_pty.c: Treat a tty read failure like EOF as it usually means the pty has gone away. Handle write() on the tty returning EIO. [16957f4a706f] * src/exec.c, src/exec_pty.c: Linux select() may return ENOMEM if there is a kernel resource shortage. Older Solaris select() may return EIO instead of EBADF when the tty goes away. If we get an unhandled select() failure, kill the child and exit cleanly. [d93940a311ab] * src/ttyname.c: Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might block in open. [a9f809d09d52] 2012-04-09 Todd C. Miller * plugins/sudoers/set_perms.c: Fix restoration of AIX permissions. [30c717115988] * src/parse_args.c: Allow the -k flag to be used along with the -i and -s flags. [0653b17c97f1] * plugins/sudoers/sudoreplay.c: Plug memory leak in parse_logfile() in the error path. [9cce86fa833b] * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po, src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po, src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: sync with translationproject.org [14af43d0b170] 2012-04-08 Todd C. Miller * compat/regress/glob/globtest.c, config.h.in, configure, configure.in, plugins/sudoers/match.c: Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the glob() and fnmatch() results to be consistent. [4226750d73c2] 2012-04-06 Todd C. Miller * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in, src/ttysize.c: Move ttysize.c to common so sudoreplay can use it. [b4a0aa514cd4] * plugins/sudoers/sudoreplay.c: If I/O log file includes rows + cols, warn if the user's tty is not big enough. [b980ef89efff] * plugins/sudoers/sudoreplay.c: Fix printing of TSID in "sudoreplay -l" [4221e3e108b4] * common/sudo_debug.c, include/sudo_debug.h, plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c: Log the process id in the debug file output. Since we don't want to keep calling getpid(), stash the value at init time and when we fork(). [2782d30c024d] * src/exec_pty.c: Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It is better to receive EIO from read()/write() than to be suspended when we don't expect it. Fixes a problem when our terminal is revoked which can happen when, e.g. our sshd is killed unceremoniously. Also, only change the value of "alive" from true to false, never from false to true. It is possible for us to receive notification of the child having stopped after it is already dead. This does not mean it has risen from the grave. [26c9fe8ce0f9] * src/exec_pty.c: Distinguish between signals we received from the parent vs. those delivered explicitly to the monitor process in debugging info. [40716cb180e5] 2012-04-05 Todd C. Miller * plugins/sudoers/check.c: In Solaris 11, /dev/pts under the "dev" filesystem, not "devices". Update tty_is_devpts() to match so we can determine when the tty has been reused. [2689665df027] * common/sudo_debug.c, include/error.h, include/sudo_debug.h: Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf() and use a new flag, SUDO_DEBUG_FILENO to specify when to use it. This allows consumers of sudo_debug_printf() to log that data without having to specify it manually. [7c94c4879208] * src/exec_pty.c: Make this compile after last change. [ee09034f3266] * src/exec_pty.c: Don't try to restore the terminal if we are not the foreground process. Otherwise, we may be stopped by SIGTTOU when we try to update the terminal settings when cleaning up. [c48b24335456] * src/exec.c: If select() return EBADF in the main event loop, one of the ttys must have gone away so perform any I/O we can and close the bad fds. [3bc8678c03ce] * common/sudo_debug.c, include/error.h, include/sudo_debug.h, plugins/sudoers/toke.c, plugins/sudoers/toke.h, plugins/sudoers/toke.l: Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the function, file and line number in the debug log for warning() and error(). [894cd131f11d] 2012-04-04 Todd C. Miller * common/sudo_debug.c, include/error.h, include/sudo_debug.h, src/conversation.c: Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno. Use this flag when wrapping error() and warning() so the debug output includes the error string. [1e2c67adaf1f] 2012-03-30 Todd C. Miller * NEWS: Update for sudo 1.8.5 [7d2b62b823fe] * plugins/sudoers/po/sudoers.pot: regen [718ad9de92cd] * doc/CONTRIBUTORS: sync [f48013aea641] * plugins/sudoers/pwutil.c: Use ecalloc() [fabd23c1f271] * src/exec_pty.c: Don't need zero_bytes() after ecalloc() [1a9d95cd10ef] * config.h.in, configure, configure.in, src/sudo_noexec.c: Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to sudo_noexec.c. [cbaa1d4b0f8a] * src/utmp.c: Fix compat setutxent and endutxent macros for systems with setutent() but not setutxent(). From Gustavo Zacarias [d7ce622fc5f2] 2012-03-29 Todd C. Miller * configure.in: Add ignore_result definition to AH_BOTTOM [8d4096838a98] * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c, src/exec.c, src/exec_pty.c, src/tgetpass.c: Fix compiler warnings on some platforms and provide a better method of defeating gcc's warn_unused_result attribute. [9a8f804fcc75] * configure, configure.in: Fix building the builtin zlib from a build dir. When a zlib dir was specified, prepend its include path instead of appending so we get the right zlib headers. [5f61d591b186] * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h, zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in, zlib/zlib.h, zlib/zutil.c, zlib/zutil.h: Update zlib to version 1.2.6 [173c4bc4d4fc] 2012-03-28 Todd C. Miller * include/missing.h: g/c __unused which is no longer used [7ef3f23edcd6] * src/env_hooks.c: Fix compilation if RTLD_NEXT is not defined. [d5605f468b71] * src/po/sr.mo, src/po/sr.po: sync with translationproject.org [27d559f7985d] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.man.in: regen [f9f63ce478b6] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen [59035d82d15a] * Makefile.in: Ignore Project-Id-Version when comparing pot files. [22feb9ede46b] * plugins/sudoers/bsm_audit.c: Use error() instead of log_fatal() [54130bda4b50] * plugins/sudoers/env.c: Fix signedness of didvar in env_update_didvar() [77048a80b3e4] * plugins/sudoers/iolog.c: Quiet a compiler warning on some platforms. [8fdcaece0400] * compat/fnmatch.c: cast ctype(3) function/macro arguments from char to unsigned char to avoid potential negative subscripting. [bdcf7eef21ef] * common/setgroups.c: Quiet a warning on systems where the gids array in setgroups() is not prototyped as being const, even though it really is. [fdd758c6302d] * src/env_hooks.c: Quiet a compiler warning on systems where the argument to putenv(3) is const. [51bae2193b53] * plugins/sudoers/sudoreplay.c: Undo an incorrect int -> bool conversion. [b9a4ce320f14] * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, src/po/sv.mo, src/po/sv.po: Add Swedish sudo and sudoers translations from translationproject.org [f7ce1de9073f] * plugins/sudoers/env.c: No need to preserve ODMDIR on AIX now that we always read /etc/environment. [4aa04b2f0125] 2012-03-27 Todd C. Miller * doc/sudoers.pod, plugins/sudoers/env.c: When initializing the environment for env_reset, start out with the contents of /etc/environment on AIX and login.conf on BSD. [5717bdc321e2] * doc/TROUBLESHOOTING, src/sudo.c: If we are not running with an effective uid of 0, try to give the user enough information to debug the problem. [fa4894896d8a] * plugins/sudoers/getdate.c, plugins/sudoers/gram.c: Quiet a clang-analyzer false positive. [c4c0c1b9c8b0] * src/tgetpass.c: If there is nothing to read from the askpass program, set errno to EINTR. This makes the cancel button behave like the user entered ^C at the password prompt when PAM is used. [594302cb9caf] * src/sudo.h, src/tgetpass.c: Fetch the value of "askpass" from the sudo conf struct. [4593ee8f1bd3] * common/sudo_conf.c: Fix matching of "Path askpass" and "Path noexec" [4df28d62afb9] 2012-03-26 Todd C. Miller * plugins/sudoers/visudo.c: Quiet a clang-analyzer dead store warning. [dd90bf385a3f] * plugins/sudoers/sudoers.c: If the "timestampowner" user cannot be resolved, use ROOT_UID instead of exiting with a fatal error. [8d62aae99715] * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, plugins/sudoers/env.c, plugins/sudoers/iolog.c, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/parse.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: Remove the NO_EXIT flag to log_error() and add a log_fatal() function that exits and is marked no_return. Fixes false positives from static analyzers and is easier for humans to read too. [a0fe785c2a3d] 2012-03-24 Todd C. Miller * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, src/po/eo.po: sync with translationproject.org [df5e8777de13] 2012-03-20 Todd C. Miller * src/po/da.mo, src/po/da.po: sync with translationproject.org [629d99548b78] * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: sync with translationproject.org [9d122a2860d6] 2012-03-19 Todd C. Miller * src/po/it.mo, src/po/it.po: sync with translationproject.org [6397593b15cf] * common/sudo_conf.c, plugins/sudoers/alias.c, plugins/sudoers/defaults.c, plugins/sudoers/env.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c, src/load_plugins.c: Use ecalloc() when allocating structs. [8b5888868db2] * common/alloc.c, include/alloc.h: Add ecalloc() and commented out recalloc(). Use inline strnlen() instead of strlen() in estrndup(). [7fb9aa46c1e0] 2012-03-18 Todd C. Miller * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po, src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: sync with translationproject.org [45a032c37334] 2012-03-16 Todd C. Miller * plugins/sudoers/set_perms.c: Remove unused label [2660bb0c1313] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document what changed in each plugin API revision [59b30a6fc4d1] * plugins/sudoers/set_perms.c: Remove bogus optimization that could lead to a double free of the group list. [b0bfbd2a83a8] 2012-03-15 Todd C. Miller * doc/TROUBLESHOOTING: Expand AIX /etc/security/privcmds entry. [9f3f072e034e] * NEWS: Update for sudo 1.8.5 [086049011f25] * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h, include/sudo_plugin.h, src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: Rename plugin "args" to "options" [f25624951bd2] * doc/CONTRIBUTORS: Add Lithuanian and Vietnamese translators [2b4c075b69e3] * Makefile.in: Ignore comments when comparing new and old pot files. [f872999347b3] * src/Makefile.in: regen [c8193b1b11c7] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in: regen [15e3c17e8a3a] * doc/sudo_plugin.pod, include/sudo_plugin.h, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c, src/sudo.c, src/sudo.h: Pass a pointer to user_env in to the init_session policy plugin function so session setup can modify the user environment as needed. For PAM authentication, merge the PAM environment with the user environment at init_session time. We no longer need to swap in the user_env for environ during session init, nor do we need to disable the env hooks at init_session time. [3f5277b359d8] * plugins/sample/sample_plugin.c: Add explicit NULL entries for init_session, register_hooks and deregister_hooks with appropriate comments. [727a57978b40] * compat/pw_dup.c: Quiet a gcc "used uninitialized in this function" false positive. [f14b68379ce9] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: We should always call warning() with a format string or a string literal. In this case, the argument (path) is not user-controlled. [e9ef51224024] 2012-03-14 Todd C. Miller * src/selinux.c: Include sudo_exec.h for the sudo_execve() prototype. [769e58065edc] * config.h.in, configure, configure.in: Add check for pam_getenvlist() [36bde3f26c60] * common/sudo_conf.c: Set args to NULL in default plugin info struct when there is no Plugin line in sudo.conf. [93ec67708f01] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen [a9287677795c] * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: regen [a242769d7962] * configure, configure.in: Bump version to 1.8.5 [e8618f0c2505] * doc/sudo_plugin.pod: Document hooks API [e6ad07d27958] 2012-03-13 Todd C. Miller * sudo.pp: Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris. [fd72340042d3] * include/sudo_plugin.h: Use sudo_hook_fn_t in struct sudo_hook. [938f93112d6e] * doc/TROUBLESHOOTING: If cross compiling, --host must include the OS in the tuple. E.g. --host powerpc-unknown-linux [b8c010070c1e] 2012-03-12 Todd C. Miller * plugins/sudoers/parse.c: Fix bogus int -> bool conversion; tags can have a value of -1. [e63d6434a303] * plugins/sudoers/env.c: Add env_should_keep() and env_should_delete() wrapper functions to simplify things a bit and hide the fact that matches_env_check() is not bool. [7a03d7a12b50] * sudo.pp: Fix application of debian-specific sudoers mods when building packages as non-root. [34bf4c52c425] * plugins/sudoers/env.c: matches_env_check() returns int, not boolean [0ad915b8d5cb] * src/sudo_edit.c: Fix compilation when seteuid() is not available. [8a722f998000] * src/ttyname.c: Simply move the free of ki_proc outside the realloc() loop. [217b786da760] * src/ttyname.c: Bring back the erealloc() for the ENOMEM loop and just zero the pointer after we free it. [29a016e45127] * src/ttyname.c: Don't try to erealloc() a potentially freed pointer; Mateusz Guzik [266e08844065] 2012-03-10 Todd C. Miller * plugins/sudoers/set_perms.c: Use normal error path if unable to set sudoers gid. [01c816918c99] * plugins/sudoers/set_perms.c: Make this work again on systems w/o seteuid(). [2e67f7421e97] 2012-03-09 Todd C. Miller * plugins/sudoers/set_perms.c: Fix compilation if no seteuid/setreuid/setresuid available. [d0b3c1f88eb4] * plugins/sudoers/set_perms.c: Better error messages, and added debugging throughout. Fixed seteuid() version of set_perms()/restore_perms(). Fixed logic bug in AIX version of restore_perms(). Added checks to avoid changing uid/gid when we don't have to. Never set gid/uid state to -1, use the old value instead. [29188d469b5c] * src/exec_pty.c, src/ttyname.c: Fix format string warning on Solaris with gcc 3.4.3. [d1eeb6e1dd0f] * src/sudo.c: Always declare environ now that we swap it around unilaterally. [aaa3e92e7d0d] * src/Makefile.in: Honor LDFLAGS when linking sesh; from Vita Cizek [498b41438f6e] * src/sesh.c: Include alloc.h for estrdup() prototype; from Vita Cizek [93203655a320] 2012-03-08 Todd C. Miller * plugins/sudoers/sudoers.c: Don't read /etc/environment on Linux when using PAM, PAM should set the environment variables as needed via pam_env. [b1ef62cb2d40] * INSTALL: Fix editor goof. [0c3dd3bb8b57] * src/hooks.c, src/sudo.c, src/sudo.h: Disable environment hooks after we get user_env back to make sure a plugin can't to modify user_env after we "own" it. This is kind of a hack but we don't want the init_session plugin function to modify user_env. [8e6d119452a5] * src/hooks.c, src/sudo.c: Add support for deregistering hooks. If an I/O log plugin fails to initialize, deregister its hooks (if any). [ac00c93900c5] 2012-03-07 Todd C. Miller * plugins/sudoers/sudoers.c, src/sudo.c: Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook setenv. [e75469dd9908] * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in, compat/setenv.c, compat/unsetenv.c, config.h.in, configure, configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c, plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c, src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_plugin_int.h: Initial cut at a hooks implementation. The plugin can register hooks for getenv, putenv, setenv and unsetenv. This makes it possible for the plugin to trap changes to the environment made by authentication methods such as PAM or BSD auth so that such changes are reflected in the environment passed back to sudo for execve(). [61cffa06f863] 2012-03-05 Todd C. Miller * MANIFEST, src/po/vi.mo, src/po/vi.po: Add Vietnamese sudo translation from translationproject.org [96df426790d5] 2012-03-02 Todd C. Miller * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod, doc/sudoers.pod: List sudo_noexec.so not noexec.so in the sample sudo.conf [53844e190ec5] * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h, include/sudo_plugin.h, plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: Add support for plugin args at the end of a Plugin line in sudo.conf. Bump the minor number accordingly and update the documentation. A plugin must check the sudo front end's version before using the plugin_args parameter since it is only supported for API version 1.2 and higher. [587f1f819536] 2012-03-01 Todd C. Miller * plugins/sudoers/Makefile.in: update depends [6d2da44e11e5] * MANIFEST: secure_path.c is in common, not compat [619c4a663dde] * configure, configure.in: Add check for variadic macro support in cpp. [756854caf675] 2012-02-29 Todd C. Miller * common/secure_path.c, common/sudo_conf.c, include/secure_path.h, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/toke.c, plugins/sudoers/toke.l: Add type param to sudo_secure_path() and add sudo_secure_file() and sudo_secure_dir() wrappers which get by #includedir in sudoers. [2ec2d3d8df04] 2012-02-28 Todd C. Miller * doc/visudo.pod, plugins/sudoers/visudo.c: Check the owner and mode in -c (check) mode unless the -f option is specified. Previously, the owner and mode were checked on the main sudoers file when the -s (strict) option was given, but this was not documented. [b2d6ee1e547a] * config.h.in, configure, configure.in, src/ttyname.c: Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions of OpenBSD versions that have KERN_PROC2 but not KERN_PROC. [159f6a50456a] 2012-02-27 Todd C. Miller * doc/CONTRIBUTORS: Add Eric Lakin for patch in bug #538 [490c29c234c6] * src/exec_pty.c: Fix typo in safe_close() made while converting to debug framework that prevented it from actually closing anything. [a66422a62afd] * src/exec_pty.c: Add some more debugging. [b5667947dda9] * common/Makefile.in, compat/Makefile.in, doc/Makefile.in, include/Makefile.in: We need sysconfdir in compat/Makfile to get the proper sudo.conf path. Add standard prefix and foodir expansion in all Makefiles to avoid this problem in the future. [62b6ce4ecae9] 2012-02-25 Todd C. Miller * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po: New Lithuanian sudoers translation from translationproject.org [10436b649035] * plugins/sudoers/po/ja.po: Update from translationproject.org [acb8db5f8ef1] 2012-02-24 Todd C. Miller * plugins/sudoers/ldap.c: When adding gids to the LDAP filter, only add the primary gid once. This is consistent with the space computation/allocation. From Eric Lakin [35d9d99c92c6] * doc/TROUBLESHOOTING: Add entry for AIX enhanced RBAC config. [5e10b6f8def7] * mkpkg: Target Mac OS X 10.5 when building packages. [06fce9bbebee] 2012-02-22 Todd C. Miller * MANIFEST, common/Makefile.in, common/secure_path.c, common/sudo_conf.c, include/secure_path.h, plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c: Relax the user/group/mode checks on sudoers files. As long as the file is owned by the right user, not world-writable and not writable by a group other than the one specified at configure time (gid 0 by default), the file is considered OK. Note that visudo will still set the mode to the value specified at configure time. [241174babfcc] 2012-02-21 Todd C. Miller * plugins/sudoers/set_perms.c: Add AIX-specific version of permission setting code to make sure that the saved uid gets restored properly. [9a6f5d22c301] * config.h.in, configure, configure.in, src/exec_common.c: Check for LD_PRELOAD variants in configure instead of checkign cpp symbols. In disable_execute(), compute the length of the new envp and allocate it once instead of reallocating on demand. Also append old value of LD_PRELOAD (if any) to the new value. [680266346917] * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: Fix the description of noexec. [6a6d142f3c80] * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: The "op" parameter to set_default() must be int, not bool since it is set to '+' or '-' for list add and subtract. [8da5b137bea2] * sudo.pp: Make sure sudoers is writable before calling ed script. [95352ab6336b] 2012-02-17 Todd C. Miller * doc/CONTRIBUTORS, doc/contributors.pod: Update contributors. Now includes translators and authors of compat code. [4fb5b616b50a] 2012-02-16 Todd C. Miller * src/po/sudo.pot: regen [2c86e2c328fe] * pp, sudo.pp: Build flat packages, not package bundles, on Mac OS X. [57bda3cd5520] 2012-02-10 Todd C. Miller * sudo.pp: Move macos section to be with the other OS-specific sections. [51423bb2973a] * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: Sync with translationproject.org [8ce41cbb8da0] * configure, configure.in: Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS [fa979aa6fe7d] * sudo.pp: Add Mac OS X support, printing the latest chunk of the NEWS file and the license text in the installer. [ffeab72387c0] * sudo.pp: Add explicit file modes that match those used by "make install" [7eb37242c920] * pp: Sync with upstream for Mac OS X fixes. [97cba179041e] * plugins/sudoers/Makefile.in, src/Makefile.in: Got back to using "install-sh -M" for files installed as non- readable by owner. This fixes "make install" as non-root for package building. [967804ee77d6] 2012-02-09 Todd C. Miller * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: Sync with translationproject.org [0e53db12039a] * Makefile.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Use -m not -M for install-sh for everything except setuid. Install locale .mo files mode 0444, not 0644. If timedir parent doesn't exist, use default dir mode, not 0700. [8b6f64c92090] 2012-02-07 Todd C. Miller * pp: Re-sync with upstream; no longer need a local patch. [97a2c7be5e59] * mkpkg: Add support for building Mac OS X packages. [94d49ac223a4] * pp: Sync with upstream [1c97654fc841] * src/Makefile.in: No longer need to define _PATH_SUDO_CONF here. [2560905b7482] * src/exec_common.c: Fix noexec for Mac OS X. [b7a744bca2c0] 2012-02-06 Todd C. Miller * common/Makefile.in: Move _PATH_SUDO_CONF override to common to match sudo_debug.c [f0788972a63a] * plugins/sudoers/set_perms.c: More complete fix for LDR_PRELOAD on AIX. The addition of set_perm(PERM_ROOT) before calling the nss open functions (needed to avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective and then real uid to 0 for PERM_ROOT works around the issue. [5888eda051af] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen [997fe403e219] * src/sudo.c: Set real uid to root before calling sudo_edit() or run_command() so that the monitor process is owned by root and not by the user. Otherwise, on AIX at least, the monitor process shows up in ps as belonging to the user (and can be killed by the user). [d4772d7d2fc5] * plugins/sudoers/set_perms.c: For PERM_ROOT when using setreuid(), only set the euid to 0 prior to the call to setuid(0) if the current euid is non-zero. This effectively restores the state of things prior to rev 7bfeb629fccb. Fixes a problem on AIX where LDR_PRELOAD was not being honored for the command being executed. [b9b40325b4dc] * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in, include/missing.h, src/sudo.c: Make a copy of the struct passwd in exec_setup() to make sure nothing in the policy init modifies it. [b721261c921f] 2012-02-05 Todd C. Miller * doc/sudoers.pod: update copyright [f9d229d1f65e] * common/sudo_debug.c, include/sudo_debug.h: g/c now-unused debug subsystems [8f21726e698f] * doc/sudo.pod, doc/sudoers.pod: Enumerate the debug subsystems used by sudo and sudoers. [ac4f84293d14] 2012-02-03 Todd C. Miller * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, include/sudo_conf.h, src/sudo.c: Normally, sudo disables core dumps while it is running. This behavior can now be modified at run time with a line in sudo.conf like "Set disable_coredumps false" [ad14e0508b0d] * NEWS: Mention Spanish translation [600f3205bd6e] * common/sudo_debug.c: Make sure we don't try to fall back to using the conversation function for debugging in the main sudo process if we are unable to open the debug file. [ffa329aa908c] * MANIFEST, src/po/es.mo, src/po/es.po: Add sudo Spanish translation from translationproject.org [c1906654e740] 2012-02-02 Todd C. Miller * plugins/sudoers/iolog.c: Better debug subsystem usage [1a31f115743c] * src/sudo.c: Remove duplicate function prototypes [ae04b00532eb] 2012-02-01 Todd C. Miller * configure, configure.in: Error out if user specified --with-pam but we can't find the headers or library. Also throw an error if the headers are present but the library is not and vice versa. [d6bf3e3d0aae] 2012-01-31 Todd C. Miller * plugins/sudoers/sudoers.c: Fix the sudoers permission check when the expected sudoers mode is owner-writable. [8b0b7e770a22] 2012-01-30 Todd C. Miller * configure, configure.in: Verify that we can link executables built with -D_FORTIFY_SOURCE before using it. [7578215d1a95] * src/exec_common.c: Fix potential off-by-one when making a copy of the environment for LD_PRELOAD insertion. Fixes bug #534 [cc699cd551b6] * configure, configure.in: Add rudimentary check for _FORTIFY_SOURCE support by checking for __sprintf_chk, one of the functions used by gcc to support it. [a992673d2ef8] * compat/stdbool.h, config.h.in, configure, configure.in: Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves. [8ba1370884b3] 2012-01-29 Todd C. Miller * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen [1e0b38397705] 2012-01-25 Todd C. Miller * src/exec.c, src/sudo.c: The change in 818e82ecbbfc that caused to exit when the monitor dies created a race condition between the monitor exiting and the status being read. All we really want to do is make sure that select() notifies us that there is a status change when the monitor dies unexpectedly so shutdown the socketpair connected to the monitor for writing when it dies. That way we can still read the status that is pending on the socket and select() on Linux will tell us that the fd is ready. [7fb5b30ea48d] * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c, src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_exec.h: Refactor disable_execute() and my_execve() into exec_common.c for use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of disabling exec in exec_setup(), disable it immediately before executing the command. Adapted from a diff by Arno Schuring. [ec4d8b53db6b] 2012-01-20 Todd C. Miller * aclocal.m4, configure, configure.in: Add custom version of AC_CHECK_LIB that uses the extra libs in the cache value name. With this we no longer need to rely on a modified version of autoconf. [1c3b1d482d6c] 2012-01-19 Todd C. Miller * configure, configure.in: Better handling of network functions that need -lsocket -lnsl [cc386342ec2b] * src/sudo.c: When setting up the execution environment, set groups before gid/egid like sudo 1.7 did. [928e1c5fa6c1] * configure, configure.in: Remove "WARNING: unable to find foo() trying -lsocket -lnsl" [84b23cdf138f] * plugins/sudoers/sudoers.c: For "sudo -g" prepend the specified group ID to the beginning of the groups list. This matches BSD convention where the effective gid is the first entry in the group list. This is required on newer FreeBSD where the effective gid is not tracked separately and thus setgroups() changes the egid if this convention is not followed. Fixes bug #532 [782d6909108b] 2012-01-17 Todd C. Miller * configure, configure.in: Fix sh warning; use "test" instead of "[" [c6ee3407f65e] * src/exec.c: When not logging I/O, use a signal handler that only forwards SIGINT, SIGQUIT and SIGHUP when they are user-generated signals. Fixes a race in the non-I/O logging path where the command may receive two keyboard-generated signals; one from the kernel and one from the sudo process. [9638684e786a] * src/exec.c: Back out change that put the command in its own pgrp when not logging I/O. It causes problems with pipelines. [4fc9c6e1e770] 2012-01-16 Todd C. Miller * compat/Makefile.in, configure, configure.in: Only run compat regress tests on compat objects we actually build. Fixes "make check" in the compat dir for systems that don't implement character classes in fnmatch() or glob(). Bug #531 [a7addc305e83] 2012-01-14 Todd C. Miller * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: Update po files from translationproject.org [5ea066af1356] 2012-01-13 Todd C. Miller * sudo.pp: Include parent directories in case they don't already exist. This fixes a directory permissions problem with the AIX package when the /usr/local directories don't already exist. [a14f783dc827] * pp: sync with git version [2f79d0543661] * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: regen dependencies [24c92ca6c64d] * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c: Move tty name lookup code to its own file. [58faf072cbf4] 2012-01-12 Todd C. Miller * NEWS: Update with latest sudo 1.8.4 changes. [a4ffe4f42528] * config.h.in, configure, configure.in: Remove obsolete template for HAVE_TIMESPEC [75709007c906] * src/sudo.c: Add a check for devname() returning a fully-qualified pathname. None of the devname() implementations do this today but you never know when this might change. [16813ace38f9] 2012-01-11 Todd C. Miller * plugins/sudoers/visudo.c: For "visudo -c" also list include files that were checked when everything is OK. [ad6f85b35c9c] * src/sudo.c: The device name returned by devname() does not include the /dev/ prefix so we need to add it ourselves. [b55285abb7ed] * src/sudo.c: Add debug warning if KERN_PROC sysctl fails or devname() can't resolve the tty device to a name. [b5a23916ba3a] * common/sudo_debug.c: The result of writev() is never checked so just cast to NULL. [4be4e9b58d5b] * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: Update Esperanto, Finnish, Polish and Ukrainian translations from translationproject.org. [bb91bc6ad7e9] 2012-01-10 Todd C. Miller * config.h.in, configure, configure.in, src/sudo.c: Add support for determining tty via sysctl on other BSD variants. [fd15f63f719a] * configure, configure.in: Only check for struct kinfo_proc.ki_tdev on systems that support sysctl. [109b3f07a39d] * src/sudo.c: For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on ttyname() of std{in,out,err}. [95969b70bd68] 2012-01-09 Todd C. Miller * config.h.in, configure, configure.in, src/sudo.c: On newer FreeBSD we can get the parent's tty name via sysctl(). [3207290501ee] * plugins/sudoers/testsudoers.c: Include locale.h [a602cd0b8c2d] * src/sudo.c: Silence a gcc warning. [8c6d0e3cd534] * plugins/sudoers/bsm_audit.c: Need to include gettext.h and sudo_debug.h; from John Hein [447912aa7300] * plugins/sudoers/iolog.c: Initialize the debug framework from the I/O plugin too. [ce1bf44d96d2] 2012-01-08 Todd C. Miller * plugins/sudoers/testsudoers.c: Enable debugging via sudo.conf. [d85669c749d0] 2012-01-07 Todd C. Miller * plugins/sudoers/visudo.c: Use SUDO_DEBUG_ALIAS for alias checking functions. [fb84af30dc76] * configure, configure.in: More complete test for getaddrinfo() that doesn't rely on the network libraries already being added to LIBS. [cbaf2369f4f0] 2012-01-06 Todd C. Miller * common/aix.c: Add debug support. [def1bdf24485] * configure, configure.in: Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least. [a2ea1c2eac61] * compat/getaddrinfo.c: Include errno.h and missing.h [7d15e17cc2f2] * .hgignore: ignore doc/varsub [417f9fc3231b] * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in, plugins/sudoers/gram.y, plugins/sudoers/match.c, plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c, src/parse_args.c, src/sudo.c, src/sudo.h: Update copyright year. [5d0ffc7dd567] * NEWS: Update for sudo 1.8.4 [841e3eff9844] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen pot files [c509cb45b66a] * plugins/sudoers/sudoreplay.c: Enable debugging via sudo.conf. [5087aaee8484] * plugins/sudoers/visudo.c: Enable debugging via sudo.conf. [04b067c16ed3] * plugins/sudoers/visudo.c: Allow "visudo -c" to work when we only have read-only access to the sudoers include files. [d8c6713fe5c1] * doc/sudo.pod, doc/visudo.pod: Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add HISTORY section in sudo that points to HISTORY file. [d1f1bcb051c5] * doc/sudo.pod, doc/sudo_plugin.pod: Document Debug setting in sudo.conf and debug_flags in plugin. [acfc505aa4a9] 2012-01-05 Todd C. Miller * plugins/sudoers/match.c: Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a bug where a pattern like "/usr/*" include /usr/bin/ in the results, which would be incorrectly be interpreted as if the sudoers file had specified a directory. From Vitezslav Cizek. [0cdb6252188c] * INSTALL, config.h.in, configure, configure.in, plugins/sudoers/auth/kerb5.c: Add --enable-kerb5-instance configure option to allow people using Kerberos V authentication to use a custom instance. Adapted from a diff by Michael E Burr. [e83af8bb7aa7] * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h: Remove -D debug_level option. [cbcd05094347] * doc/LICENSE: Update copyright year. [9f43dd7aa852] 2012-01-04 Todd C. Miller * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: parse_error is now bool, not int [5ea7fb6fda38] * plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/parse.c: Print a more sensible error if yyparse() returns non-zero but yyerror() was not called. [d44ec88f1183] * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c, plugins/sudoers/gram.c: Replace y.tab.c with the correct filename in #line directives. [3c84fcb7e959] 2012-01-03 Todd C. Miller * src/sudo.c: When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2} if the main process's fds 0-2 are not hooked up to a tty. Adapted from a diff by Zdenek Behan. [b9dfce12af85] * src/exec.c: When not logging I/O, put command in its own pgrp and make that the controlling pgrp if the command is in the foreground. Fixes a race in the non-I/O logging path where the command may receive two keyboard-generated signals; one from the kernel and one from the sudo process. [d0e263ce496c] 2011-12-20 Todd C. Miller * src/sudo_edit.c: Quiet a bogus gcc warning. [2009669e0608] * src/parse_args.c, src/sudo.h: Fix warnings related to sudo.conf accessors. [08ddc29ba50b] * common/sudo_conf.c, include/sudo_conf.h: Separate sudo.conf parsing from plugin loading and move the parse functions into the common lib so that visudo, etc. can use them. [f1fc659a8079] * MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h: Separate sudo.conf parsing from plugin loading and move the parse functions into the common lib so that visudo, etc. can use them. [e1f2cf6bd57a] * doc/sudoers.pod, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/sudoers.c, src/sudo.c: Remove support for noexec_file in sudoers and the plugin API [3e2fd58879b5] * plugins/sudoers/sudoers.c: Don't dump interfaces if there are none. [9081bb4d3e9e] * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: Add missing %s printf escape to the group_plugin, iolog_dir and iolog_file descriptions. [7db03f2b737e] 2011-12-18 Todd C. Miller * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c: Fix typo in visiblepw description; from Joel Pickett [2fb4b26d5c2c] 2011-12-08 Todd C. Miller * MANIFEST, configure, configure.in, mkdep.pl, plugins/sudoers/Makefile.in, plugins/sudoers/env.c, plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c: When running a login shell with a login_class specified, use LOGIN_SETENV instead of rolling our own login.conf setenv support since FreeBSD's login.conf has more than just setenv capabilities. This requires us to swap the plugin-provided envp for the global environ before calling setusercontext() and then stash the resulting environ pointer back into the command details, which is kind of a hack. [ad4f1190143b] * plugins/sudoers/Makefile.in: If srcdir is "." just use the basename of the yacc/lex file when generating the C version. This matches the generated files currently in the repo. [0b11c3df87a8] * doc/Makefile.in, plugins/sudoers/Makefile.in: Clean up the DEVEL noise [9de2afe457fd] * src/exec.c: Handle different Unix domain socket (actually socketpair) semantics in BSD vs. Linux. In BSD if one end of the socketpair goes away select() returns the fd as readable and the read will fail with ECONNRESET. This doesn't appear to happen on Linux so if we notice that the monitor process has died when I/O logging is enabled, behave like the command has exited. This means we log the wait status of the monitor, not the command, but there is nothing else we can do at that point. This should only be an issue if SIGKILL is sent to the monitor process. [818e82ecbbfc] * src/exec_pty.c: Catch common signals in the monitor process so they get passed to the command. Fixes a problem when the entire login session is killed when ssh is disconnected or the terminal window is closed. Previously, the monitor would exit and plugin's close method would not be called. [0e4658263138] * INSTALL, configure, configure.in: Mention how to configure pam_hpsec on HP-UX to play nicely with sudo. [a7294cd8ce98] 2011-12-07 Todd C. Miller * plugins/sudoers/ldap.c: Escape values in the search expression as per RFC 4515. [c2adbc5db92b] * doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: No need for install target to depend explicitly on install-dirs, the install-foo targets all depend on it. [62a36ed98279] 2011-12-05 Todd C. Miller * .hgignore: ignore src/sesh [463d492f6782] * MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, plugins/sudoers/env.c, plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/Makefile.in: Add support for setenv entries in login.conf. We can't use LOGIN_SETENV since the plugin sets up the envp the command is executed with. Also regen the Makefile.in files while here. Fixes bug #527 [088d507926e2] 2011-12-02 Todd C. Miller * MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h, config.h.in, configure, configure.in, plugins/sudoers/sudoers.c, src/net_ifs.c: Add getaddrinfo() for those without it, written by Russ Allbery [4cf9ac831222] * doc/Makefile.in: Restore PACKAGE_TARNAME, it is used in docdir [9d65e893edb1] * MANIFEST, compat/stdbool.h: SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to the MANIFEST [e67700dc5621] * common/atobool.c, common/term.c, src/exec.c: Remove duplicate return statements. [48a20d5215fd] * plugins/sudoers/auth/bsdauth.c: Remove inaccurate comment [e7f0265cf657] * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c: Fetch the login class for the user we authenticate specifically when using BSD authentication. That user may have a different login class than what we will use to run the command. When setting the login class for the command, use the target user's struct passwd, not the invoking user's. Fixes bug 526 [21bf0af892f7] * compat/Makefile.in, configure, configure.in, doc/Makefile.in, plugins/sudoers/Makefile.in: Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1" [8ee6e0891f27] * plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/regress/parser/check_fill.c: Fix "make check" fallout from the sudo_conv changes in sudo_debug. [b0aaa63c9081] * common/fileops.c, common/sudo_debug.c, configure, configure.in, include/fileops.h, plugins/sample/Makefile.in, plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in, plugins/sample_group/sample_group.c, plugins/sudoers/alias.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, plugins/sudoers/match.c, plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.h, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/sudo_plugin_int.h, src/utmp.c: Use stdbool.h instead of rolling our own TRUE/FALSE macros. [dcb0bbc42fc9] 2011-12-01 Todd C. Miller * compat/stdbool.h, config.h.in, configure, configure.in: Add stdbool.h for systems without it. [18bd9dda1dcd] * aclocal.m4, config.h.in, configure, configure.in: No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default includes have unistd.h in them. Add check for socklen_t for upcoming getaddrinfo compat. [d705465bef69] * common/fileops.c, compat/nanosleep.c, config.h.in, configure, configure.in, plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c, plugins/sudoers/sudoreplay.c, src/net_ifs.c: Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of HAVE_TIMESPEC and HAVE_IN6_ADDR respectively. [fa187c9bd2be] * src/sudo_noexec.c: No longer need to include time.h here as missing.h does not use time_t. [fa3a089bf5b1] 2011-11-30 Todd C. Miller * plugins/sudoers/visudo.c: Fix mode on sudoers as needed when the -f option is not specified. [7a1c40b0dc03] * MANIFEST, src/po/sr.mo, src/po/sr.po: Add Serbian translation for sudo from translationproject.org [9a0c25e25cba] * common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c, src/parse_args.c: No longer pass debug_file to plugin, plugins must now use CONV_DEBUG_MSG [810cda1abb0b] * mkpkg: Build PIE executables for newer Debian and Ubuntu [1c5f25f8904a] * common/sudo_debug.c: Include time.h for ctime() prototype. [10090cf3bca1] 2011-11-29 Todd C. Miller * common/sudo_debug.c, include/sudo_debug.h, src/exec.c, src/exec_pty.c: Do not close error pipe or debug fd via closefrom() as we need them to report an exec error should one occur. [732f6587fafa] * doc/sudoers.ldap.pod: Document that a sudoUser may now be a group ID. [2fef46b9d3d3] * plugins/sudoers/ldap.c: Add support for permitting access by group ID in addition to group name. [b9450fdf1f69] * plugins/sudoers/ldap.c: Older Netscape LDAP SDKs don't prototype ldapssl_set_strength() [d62a1e7cff4f] * compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE: Replace UCB fnmatch.c with a non-recursive version written by William A. Rowe Jr. [354d3384adb8] * plugins/sudoers/auth/pam.c: Fix typo, return_debug vs. debug_return [1b522efcbb0d] 2011-11-23 Todd C. Miller * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po: Update Japanese sudoers translation from translationproject.org [ec0f2beaad36] * doc/sudoers.pod: Make the env_reset descriptions consistent. [41c056f02688] 2011-11-22 Todd C. Miller * configure, configure.in: Do multiple expansion when expanding paths to the noexec file, sesh and the plugin directory. Adapted from a diff by Mike Frysinger [d7e16c876c66] * common/Makefile.in: regen [9d729e09c186] 2011-11-21 Todd C. Miller * .hgignore: Add ignore file; from Mike Frysinger [1fa8d52425f8] * mkdep.pl: no longer save old Makefile.in to .old [378dd2395545] * plugins/sudoers/Makefile.in, src/Makefile.in: regen [769faf517720] * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltversion.m4: Update to libtool 2.4.2 [9dac78d84b4f] 2011-11-18 Todd C. Miller * plugins/sudoers/sudoers_version.h: Bump grammar version for #include and #includedir relative path support. [82a4f7cd8f71] 2011-11-17 Todd C. Miller * doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l: Add support for relative paths in #include and #includedir [4d6e3bd0c24f] * plugins/sudoers/Makefile.in: Fix install-plugin when shared objects are unsupported or disabled. [cbdd770a7a1b] * plugins/sudoers/goodpath.c: Don't write to sbp if it is NULL [fc438f8e8570] 2011-11-16 Todd C. Miller * Makefile.in: Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set, only install matching .mo files [c1dc30ab4ebc] 2011-11-13 Todd C. Miller * plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoers.c, src/conversation.c: Fix non-dynamic (no dlopen) sudo build. [b0bd3fa925a3] * configure, configure.in: Don't error out if the user specified --disable-shared [cf035dd1e5cc] * common/sudo_debug.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/conversation.c: Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to the debug file. [640c62f83251] * plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, plugins/sudoers/sudoers.h: Make sudo_goodpath() return value bolean [fea2d59a6e55] * INSTALL, MANIFEST, configure, configure.in, mkdep.pl, plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c: Remove obsolete securid auth method. [4e54f860214b] * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h: Prefix authentication functions with a "sudo_" prefix to avoid namespace problems. [581d74063ea1] * INSTALL, MANIFEST, config.h.in, configure, configure.in, doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in, plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c: Remove the old Kerberos IV support [2e4b4a44209d] 2011-11-12 Todd C. Miller * plugins/sudoers/check.c: Don't print garbage at the end of the custom lecture. [44bb788fafaa] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Add lexer tracing as debug@parser [d850f3f9d414] * plugins/sudoers/alias.c, plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, plugins/sudoers/gram.c, plugins/sudoers/match.c, plugins/sudoers/parse.c, plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: Revert 003bdb078a15. We need to #include not "gram.h" and and not "def_data.h" when generating the parser in a build dir. [7da701def753] 2011-11-08 Todd C. Miller * mkdep.pl, plugins/sudoers/Makefile.in: Better devdir support in mkdep.pl [7dcec57bd155] * plugins/sudoers/Makefile.in: Add devdir before srcdir in include path and fix up dependecies accordingly. [6e9958eca485] * plugins/sudoers/alias.c, plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, plugins/sudoers/match.c, plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: #include "gram.h" not and "def_data.h" and not . [003bdb078a15] * sudo.pp: Mark libexec files as optional. If we build without shared object support, libexec is not used. [4bffcf482219] * src/load_plugins.c: Change Debug sudo.conf setting to take a program name as the first argument. In the future, this will allow visudo and sudoreplay to use their own Debug entries. [cfb8f7e4867c] * src/sudo.c: fix sudo_debug_printf priority [dcb67e965609] * plugins/sudoers/sudoers.c: add missing debug_return_int [d88ec450c592] 2011-11-07 Todd C. Miller * common/sudo_debug.c, include/error.h, include/sudo_debug.h, plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c: Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR [dcee8efc294f] * doc/UPGRADE: Add missing word in HOME security note. [fd844fdcc1ac] * plugins/sudoers/testsudoers.c: Prevent "testsudoers -d username" from trying to malloc(0). [839126e56e8c] 2011-11-06 Todd C. Miller * plugins/sudoers/regress/sudoers/test10.in, plugins/sudoers/regress/sudoers/test10.out.ok, plugins/sudoers/regress/sudoers/test10.toke.ok, plugins/sudoers/regress/sudoers/test10.toke.out.ok, plugins/sudoers/regress/sudoers/test11.in, plugins/sudoers/regress/sudoers/test11.out.ok, plugins/sudoers/regress/sudoers/test11.toke.ok, plugins/sudoers/regress/sudoers/test11.toke.out.ok, plugins/sudoers/regress/sudoers/test12.in, plugins/sudoers/regress/sudoers/test12.out.ok, plugins/sudoers/regress/sudoers/test12.toke.ok, plugins/sudoers/regress/sudoers/test13.in, plugins/sudoers/regress/sudoers/test13.out.ok, plugins/sudoers/regress/sudoers/test13.toke.ok, plugins/sudoers/regress/sudoers/test9.in, plugins/sudoers/regress/sudoers/test9.out.ok, plugins/sudoers/regress/sudoers/test9.toke.ok, plugins/sudoers/regress/sudoers/test9.toke.out.ok: Tests for empty sudoers (should parse OK) and syntax errors within a line (should report correct line number) both with and without the trailing newline. [d57c879c4718] * plugins/sudoers/regress/sudoers/test4.out.ok, plugins/sudoers/regress/sudoers/test5.out.ok, plugins/sudoers/regress/sudoers/test7.out.ok, plugins/sudoers/regress/sudoers/test8.out.ok, plugins/sudoers/testsudoers.c: Print line number when there is a parser error. [5444ef6ac6dc] 2011-11-05 Todd C. Miller * plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/toke.c, plugins/sudoers/toke.l: Keep track of the last token returned. On error, if the last token was COMMENT, decrement sudolineno since the error most likely occurred on the preceding line. Previously we always uses sudolineno-1 which will give the wrong line number for errors within a line. [d661a03a64da] 2011-11-03 Todd C. Miller * NEWS: update with sudo 1.8.3p1 info [0f79ff31f602] * plugins/sudoers/sudoers.c: Fix crash when "sudo -g group -i" is run. Fixes bug 521 [a3087ae337c4] 2011-10-26 Todd C. Miller * plugins/sudoers/visudo.c: Make alias_remove_recursive() return TRUE/FALSE as its callers expect and remove two unused arguments. Fixes bug 519. [2ee3b2882844] * plugins/sudoers/regress/visudo/test1.out.ok, plugins/sudoers/regress/visudo/test1.sh: Add regress test for bugzilla 519 [48000ebedf97] * plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/regress/parser/check_fill.c: Disable warning/error wrapping in regress tests. [373c589ba561] 2011-10-25 Todd C. Miller * Makefile.in: Do compile-po as part of sync-po so that the .mo files get rebuild automatically when we sync with translationproject.org [83f3cbfc2f33] * plugins/sudoers/Makefile.in: check_addr needs to link with the network libraries on Solaris [322bd70e316e] * plugins/sudoers/match.c: When matching a RunasAlias for a runas group, pass the alias in as the group_list, not the user_list. From Daniel Kopecek. [766545edf141] * plugins/sudoers/check.c, plugins/sudoers/sudoers.c: We need to init the auth system regardless of whether we need a password since we will be closing the PAM session in the monitor process. Fixes a crash in the monitor on Solaris; bugzilla #518 [e82809f86fb3] 2011-10-24 Todd C. Miller * src/exec.c: Get rid of done: label. If the child exits we still need to close the pty, update utmp and restore the SELinux tty context. [cc127bf48405] 2011-10-22 Todd C. Miller * common/Makefile.in, common/atobool.c, common/fileops.c, common/fmt_string.c, common/lbuf.c, common/list.c, common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, plugins/sudoers/match.c, plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/toke.c, plugins/sudoers/toke.h, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c, src/ttysize.c, src/utmp.c: Add debug_decl/debug_return (almost) everywhere. Remove old sudo_debug() and convert users to sudo_debug_printf(). [8f3bbf907b67] * common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/error.c: Wrap error/errorx and warning/warningx functions with debug statements. Disable wrapping for standalone sudoers programs as well as memory allocation functions (to avoid infinite recursion). [562ed7b5ae8d] * README, config.h.in, configure, configure.in: Add checks for __func__ and __FUNCTION__ and mention that we now require a cpp that supports variadic macros. [314cfe4c5d23] * MANIFEST, common/Makefile.in, common/sudo_debug.c, include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c, src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h: New debug framework for sudo and plugins using /etc/sudo.conf that also supports function call tracing. [cded741e9f10] 2011-10-21 Todd C. Miller * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po: Update Japanese sudoers translation from translationproject.org [c24725775e32] 2011-10-12 Todd C. Miller * configure, configure.in: Override and ignore the --disable-static option. Sudo already runs libtool with -tag=disable-static where applicable and we need non- PIC objects to build the executables. [aff1227b853a] 2011-10-10 Todd C. Miller * NEWS: Add sudoedit fix [74655c7ccad1] * plugins/sudoers/po/sudoers.pot: regen pot files [28d89a831ed3] * plugins/sudoers/env.c: Ignore set_logname (which is now the default) for sudoedit since we want the LOGNAME, USER and USERNAME environment variables to refer to the calling user since that is who the editor runs as. This allows the editor to find the user's startup files. Fixes bugzilla #515 [6c5dddf5ff05] * plugins/sudoers/pwutil.c: Instead of trying to grow the buffer in make_grlist_item(), simply increase the total length, free the old buffer and allocate a new one. This is less error prone and saves us from having to adjust all the pointers in the buffer. This code path is only taken when there are groups longer than the length of the user field in struct utmp or utmpx, which should be quite rare. [5587dc8cffaf] * src/po/it.mo: Add Italian translation for sudo from translationproject.org [1b3dd886e7e3] * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, src/po/ja.mo, src/po/ja.po: Japanese translation for sudo and sudoers from translationproject.org [c06dd866be6e] 2011-10-07 Todd C. Miller * plugins/sudoers/Makefile.in: sudoreplay depends on timestr.lo too; from Mike Frysinger [b9e73214b2f1] 2011-10-04 Todd C. Miller * plugins/sudoers/po/sudoers.pot: Regen sudoers pot file. [019588bafdb3] * NEWS: Update with latest sudo 1.8.3 news [6868042a88e9] * plugins/sudoers/sudoers.c: It appears that LDAP or NSS may modify the euid so we need to be root for the open(). We restore the old perms at the end of sudoers_policy_open(). [2da67a5497ef] * plugins/sudoers/set_perms.c: Better warning message on setuid() failure for the setreuid() version of set_perms(). [07abcfe7bd9a] 2011-09-27 Todd C. Miller * plugins/sudoers/check.c: Delref auth_pw at the end of check_user() instead of getting a ref twice. [cb665f55e6a5] * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c: Make sudo_auth_{init,cleanup} return TRUE on success and check for sudo_auth_init() return value in check_user(). [92631c919356] * plugins/sudoers/auth/sudo_auth.c: Do not return without restoring permissions. [59ef40b6696a] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen pot files [9f320a340b7c] * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Modify the authentication API such that the init and cleanup functions are always called, regardless of whether or not we are going to verify a password. This is needed for proper PAM session support. [19a53f3fb596] * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: Add missing dependency for getspwuid.lo and regen other depends. [f7f70eae819a] * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c: Fix a PAM_USER mismatch in session open/close. We update PAM_USER to the target user immediately before setting resource limits, which is after the monitor process has forked (so it has the old value). Also, if the user did not authenticate, there is no pamh in the monitor so we need to init pam here too. This means we end up calling pam_start() twice, which should be fixed, but at least the session is always properly closed now. [fbc063a2a872] * src/utmp.c: Add check for old being NULL in utmp_setid(); from Steven McDonald [e87126442f2e] 2011-09-25 Todd C. Miller * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: If the invoking user cannot be resolved by uid fake the struct passwd and store it in the cache so we can delref it on exit. [a27e2f8b9f5e] 2011-09-24 Todd C. Miller * plugins/sudoers/sudoers.c: Don't error out if the group plugin cannot be loaded, just warn. [0fbfcd381e33] 2011-09-23 Todd C. Miller * plugins/sudoers/sudoers.c: Quiet a false positive found by several static analysis tools. These tools don't know that log_error() does not return (it longjmps to error_jmp which returns to the sudo front-end). [33d0469df21b] 2011-09-22 Todd C. Miller * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo, plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po: Add Italian translation for sudo from translationproject.org Regen .mo files [c3c888a82be6] 2011-09-21 Todd C. Miller * doc/TROUBLESHOOTING: Update to current reality and add bit about ssh auth [184a1e7c2eeb] * plugins/sudoers/gram.c, plugins/sudoers/gram.y: Make "verbose" static; fixes a namespace clash with pam_ssh_agent_auth (and it doesn't need to be extern these days). [cc38d2eb2f4c] * config.h.in, configure, configure.in, src/get_pty.c: FreeBSD has libutil.h not util.h [dab4c94b6d4f] * configure, configure.in: Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD [41c362f0a92a] 2011-09-20 Todd C. Miller * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po: Update po files from translationproject.org [1e99e147c7fa] 2011-09-16 Todd C. Miller * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Add support for DEREF in ldap.conf. [3c1937a98547] * Makefile.in: install target should depend on ChangeLog too, not just install-doc [1a7c83941175] * doc/sudoers.pod: Only iolog_file (not iolog_dir) supports mktemp-style suffixes. [0eca47d60a2c] * NEWS: Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes. [0501415cc5ff] * doc/UPGRADE: Document group lookup change and possible side effects. [585743e1ebf7] * configure, configure.in: Fix some square brackets in case statements that needed to be doubled up. While here, use $OSMAJOR when it makes sense. [8973343f4696] * plugins/sudoers/pwutil.c: Fix a crash in make_grlist_item() on 64-bit machines with strict alignment. [c89508c73c46] * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: Remove list_options() function that is no longer used now that "sudo -L" is gone. [fcc6a776c135] * configure, configure.in: Error message if user tries --with-CC [ec5b478f813a] * configure, configure.in: Check for -libmldap too when looking for ldap libs, which is the Tivoli Directory Server client library. [bb3007a97206] 2011-09-09 Todd C. Miller * plugins/sudoers/parse.c: Honor NOPASSWD tag for denied commands too. [8dd92656db92] 2011-09-08 Todd C. Miller * INSTALL, configure, configure.in: Remove --with-CC option; it doesn't work correctly now that we use libtool. Users can get the same effect by setting the CC environment variable when running configure. [ec22bd1a55e0] 2011-08-31 Todd C. Miller * config.h.in, configure, configure.in, plugins/sudoers/visudo.c, src/sudo_edit.c: Assume all modern systems support fstat(2). [6a5a8985f6a0] 2011-08-30 Todd C. Miller * compat/regress/glob/globtest.c, config.h.in, configure, configure.in, include/missing.h, plugins/sudoers/sudoers.h, src/sudo.h, src/sudo_noexec.c: Add configure test for missing errno declaration and only declare it ourselves if it is missing. [456e76c809a2] * plugins/sudoers/alias.c: Include errno.h before sudo.h to avoid conflicting with the system definition of errno. [d0b97e392512] 2011-08-29 Todd C. Miller * plugins/sudoers/regress/parser/check_addr.c: Only print individual check status when there is a failure. [2ac704c91441] * plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/parser/check_addr.c: Add calls to setprogname() for test programs. [a8d9b420e826] * configure, configure.in: Add -Wall and -Werror after all tests so they don't cause failures. [2661188ff3fa] * plugins/sudoers/Makefile.in: Actually run check_addr in the check target [0b2778bc86bf] * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c, plugins/sudoers/match_addr.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/regress/parser/check_addr.in: Split out address matching into its own file and add regression tests for it. [12b9a2bf8dba] 2011-08-27 Todd C. Miller * plugins/sudoers/match.c: When matching an address with a netmask in sudoers, AND the mask and addr before checking against the local addresses. [9747bb6d7b1c] 2011-08-26 Todd C. Miller * plugins/sudoers/match.c: Fix netmask matching. [a3c8f8cc1464] * plugins/sudoers/visudo.c: Don't assume all editors support the +linenumber command line argument, use a whitelist of known good editors. [21d43a91fd10] 2011-08-23 Todd C. Miller * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/sudo.c: Silence compiler warnings on Solaris with gcc 3.4.3 [da620bae6fdb] * mkpkg: Fix building on RHEL 3 [f3227fb2a252] * INSTALL, configure, configure.in: Add --enable-werror configure option. [fec2cdb95543] * common/setgroups.c: setgroups() proto lives in grp.h on RHEL4, perhaps others. [de91c0de5a98] * configure, configure.in: Use PAM by default on AIX 6 and higher. [e16493208e5f] 2011-08-22 Todd C. Miller * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, src/po/eo.po: Add new Esperanto translation from translationproject.org [0d9a59e04c64] 2011-08-19 Todd C. Miller * plugins/sudoers/iolog_path.c: Quiet an innocuous valgrind warning. [0582b6027161] 2011-08-18 Todd C. Miller * plugins/sudoers/iolog_path.c, plugins/sudoers/regress/iolog_path/data: Fix expansion of strftime() escapes in log_dir and add a regress test that exhibited the problem. [a5c7c1c4c589] * plugins/sudoers/Makefile.in: Fix "make check" return value. [33b58e175230] 2011-08-17 Todd C. Miller * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: Regen pot files [063841aac19b] * Makefile.in: Fix logic inversion in pot file up to date check. [f6a8ca8654df] 2011-08-15 Todd C. Miller * configure, configure.in: Add caching for gettext() checks. [01b7200f6105] * configure, configure.in: Better handling of libintl header and library mismatch. [9a49b1d4db69] 2011-08-13 Todd C. Miller * plugins/sudoers/sudoers.c: Also check sudoers gid if sudoers is group writable. [23ef96ca0d33] 2011-08-12 Todd C. Miller * configure, configure.in: If dlopen is present but libtool doesn't find it, error out since it probably means that libtool doesn't support the system. [a9da0a5f7941] * mkpkg: configure args on the command line should override builtin defaults. Disable NLS for non-Linux/Solaris unless explicitly enabled. [b2fb05614504] * plugins/sudoers/auth/aix_auth.c: Fix loop that calls authenticate(). If there was an error message from authenticate(), display it. [063a0c4f0b9a] 2011-08-11 Todd C. Miller * m4/libtool.m4, m4/ltversion.m4: Update to autoconf 2.68 and libtool 2.4 [5a912a6eb67b] * config.guess, config.sub, configure, configure.in, ltmain.sh: Update to autoconf 2.68 and libtool 2.4 [931ab56aecf6] * doc/sudoers.pod: Fix typo; OPT should be OTP [e97bd2e46544] * plugins/sudoers/Makefile.in: Rename libsudoers convenience library to libparsesudoers to avoid libtool confusion. [2a89a613f537] 2011-08-10 Todd C. Miller * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: Add Danish sudoers translation from translationproject.org [27b96e85eb13] * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: Add dedicated callback function for runas_default sudoers setting that only sets runas_pw if no runas user or group was specified by the user. [b8382d8eea34] 2011-08-09 Todd C. Miller * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo, src/po/ru.po: Update Finish, Polish, Russian and Ukrainian translations from translationproject.org. [f9339aff664e] * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: Go back to using a callback for runas_default to keep runas_pw in sync. This is needed to make per-entry runas_default settings work with LDAP-based sudoers. Instead of declaring it a callback in def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a bit naughty, but avoids requiring stub functions in visudo and the tests. [9aaefb908415] 2011-08-05 Todd C. Miller * Makefile.in: Add check for out of date message catalogs when doing "make dist". [e45a29b612f4] 2011-08-02 Todd C. Miller * configure: regen [d6f9ad26774a] * configure.in: Make sure compiler supports static-libgcc before using it. [b01bd9566e50] 2011-08-01 Todd C. Miller * src/Makefile.in: Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc [c99c7ab3edef] 2011-07-30 Todd C. Miller * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po, src/po/zh_CN.mo: Add new Russian sudo translation from translationproject.org and rebuild the other translation files. [e20015459056] 2011-07-29 Todd C. Miller * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po: Update Finish and Polish translations from translationproject.org [4e3dbba4a1de] * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c: Go back to escaping the command args for "sudo -i" and "sudo -s" before calling the plugin. Otherwise, spaces in the command args are not treated properly. The sudoers plugin will unescape non- spaces to make matching easier. [dfa2c4636f33] 2011-07-28 Todd C. Miller * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c, plugins/sudoers/ldap.c, plugins/sudoers/parse.c, plugins/sudoers/set_perms.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l: Fix some potential problems found by the clang static analyzer, none serious. [ff64aa74aae6] * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po, src/po/zh_CN.po: Updated Ukranian and Chinese (simplified) po files from translationproject.org [ec792becb48e] 2011-07-27 Todd C. Miller * plugins/sudoers/po/pl.po: Updated Polish translation from translationproject.org [a3af53cb649c] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: Rebuild pot files [c650524c0f0a] * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c: Don't try to audit failure if the runas user does not exist. We don't have the user's command at this point so there is nothing to audit. Add a NULL check in audit_success() and audit_failure() just to be on the safe side. [2a0007c2022f] * mkpkg: Add -g to CFLAG for PIE builds. [32a0a9693c9c] 2011-07-25 Todd C. Miller * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c: Remove fallback to per-group lookup when matching groups in sudoers. The sudo front-end will now use getgrouplist() to get the user's list of groups if getgroups() fails or returns zero groups so we always have a list of the user's groups. For systems with mbr_check_membership() which support more that NGROUPS_MAX groups (Mac OS X), skip the call to getgroups() and use getgrouplist() so we get all the groups. [51b3ed8c600b] 2011-07-22 Todd C. Miller * common/setgroups.c: Fix setgroups() fallback code on EINVAL. [2b6faecd56a4] * plugins/sudoers/set_perms.c: Fix two PERM_INITIAL cases that were still using user_gids. [9680bab0acc6] * MANIFEST: Add Polish sudo message catalog [8bb40c3ba576] * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: user_group is no longer used, remove it [9acede0fe6c5] 2011-07-20 Todd C. Miller * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po: Add Polish translation from translationproject.org [afac5c638573] * MANIFEST, common/Makefile.in, common/setgroups.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h, src/sudo_edit.c: Add a wrapper for setgroups() that trims off extra groups and retries if setgroups() fails. Also add some missing addrefs for PERM_USER and PERM_FULL_USER. [224dfd8aae5c] * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in, configure, configure.in, include/missing.h, mkdep.pl, plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c: Instead of keeping separate groups and gids arrays, create struct group_info and use it to store both, along with a count for each. Cache group info on a per-user basis using getgrouplist() to get the groups. We no longer need special to special case the user or list user for user_in_group() and thus no longer need to reset the groups list when listing another user. [0ad849a8b2d5] * src/preload.c: Don't rely on NULL since we don't include a header for it. [b40937f1890c] 2011-07-19 Todd C. Miller * doc/sudoers.pod: Fix typo [c1035360e169] 2011-07-18 Todd C. Miller * plugins/sudoers/sudoers.c: Do not shadow global sudo_mode with a local variable in set_cmnd() [0c72969503ad] 2011-07-17 Todd C. Miller * plugins/sudoers/sudoers.c: bash 2.x doesd not support the -l flag and exits with an error if it is specified so use --login instead. This causes an error with bash 1.x (which uses -login instead) but this version is hopefully less used than 2.x. [5c4c296e30e6] * src/po/pl.mo, src/po/pl.po: Add Polish translation from translationproject.org [48592dd6edcf] 2011-07-13 Todd C. Miller * plugins/sudoers/set_perms.c: Make error strings translatable. [414c5c484768] * mkpkg: Only run configure with --with-pam-login for RHEL 5 and above. [6c16e4de4026] * sudo.pp: Fix typo in summary [9ac618c9a749] 2011-07-11 Todd C. Miller * plugins/sudoers/logwrap.c: Add missing logwrap.c [c12a413ecc1d] * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/logging/check_wrap.in, plugins/sudoers/regress/logging/check_wrap.out.ok: Split out log file word wrap code into its own file and add unit tests. Fixes an off-by one in the word wrap when the log line length matches loglinelen. [52ed277f6690] 2011-07-05 Todd C. Miller * mkpkg: For SuSE, only use /usr/lib64 as libexec if generating 64-bit binaries. [645ab903cf77] * src/load_plugins.c, src/sudo.c: Fix build error when --without-noexec configure option is used. [b994f7b0d8b4] * configure, configure.in: Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX 5.3 and above. [c2a6f9b472f3] 2011-07-01 Todd C. Miller * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Resolve the list of gids passed in from the sudo frontend (the result of getgroups()) to names and store both the group names and ids in the sudo_user struct. When matching groups in the sudoers file, match based on the names in the groups list first and only do a gid-based match when we absolutely have to. By matching on the group name (as it is listed in sudoers) instead of id (which we would have to resolve) we save a lot of group lookups for sudoers files with a lot of groups in them. [8dc19353f148] 2011-06-26 Todd C. Miller * plugins/sudoers/sudoers.c: Workaround for "sudo -i command" and newer versions of bash which don't go into login mode when -c is specified unless -l is too. [9393762b80f3] 2011-06-23 Todd C. Miller * plugins/sudoers/logging.c: Rewrite logfile word wrapping code to be more straight-forward and actually wrap at the correct place. [f712a0c90f55] 2011-06-22 Todd C. Miller * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c: Set use_pty=true in command details when use_pty is set in sudoers. From Ludwig Nussel [8d95a163dfc1] 2011-06-20 Todd C. Miller * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po: Sync Chinese (simplified) PO files from translationproject.org [acce8eb7be18] 2011-06-18 Todd C. Miller * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo: Add Danish translation from translationproject.org and add missing Basque mo files. [0c22bb21b9c4] * Makefile.in, configure, configure.in: No longer need to specify LINGUAS in configure, "make install-nls" now just installs all the .mo files it finds. [fcd45cf04885] 2011-06-17 Todd C. Miller * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod: Build CONTRIBUTORS from newly-added contributors.pod [8b192f2720f4] * doc/CONTRIBUTORS: Rework the wording in the leading paragraph [312044145cdd] 2011-06-14 Todd C. Miller * MANIFEST, doc/CONTRIBUTORS: Add a CONTRIBUTORS file with the names of folks who have contributed code or patches to sudo since I started maintaining it (plus the original authors). [b8bdd8b59528] 2011-06-13 Todd C. Miller * plugins/sudoers/env.c: Preserve SHELL variable for "sudo -s". Otherwise we can end up with a situation where the SHELL variable and the actual shell being run do not match. [b8b3974aee3e] 2011-06-10 Todd C. Miller * configure, configure.in: Only enable Solaris project support when setproject() is present in libproject. [49ad7857ab89] * sudo.pp: Explicitly set mode and owner of /etc/sudoers instead of relying on "cp -p" to work in the postinstall script. On AIX 6.1 at least the postinstall script runs before the final file permissions are set. [e41ffc0212b2] 2011-06-09 Todd C. Miller * doc/sudo.pod, doc/sudoers.pod: Refer the user to the "Command Environment" section in description of sudo's -i option. [263cc3be7eef] * doc/sudo.pod: Fix typo [35dfac450f4d] 2011-06-08 Todd C. Miller * mkdep.pl: If there is no old dependency for an object file, use the MANIFEST to find its source. [d15e3b9899f9] * compat/Makefile.in: Remove dependency for getgrouplist.lo as we don't ship that source file. [312a6d5fe6b0] 2011-06-07 Todd C. Miller * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: Do not declare yyparse() static as the actual function generated by yacc is extern. [9017b79dcf55] 2011-06-06 Todd C. Miller * Makefile.in: Remove locale files in "make uninstall" [201ff261ecbe] * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po, plugins/sudoers/po/uk.po, src/po/eu.po: Add Basque translation and sync Finish and Ukranian translations. [66d2c78c8a13] * configure, configure.in: FreeBSD no longer needs the main sudo binary to link with -lpam now that plug-ins are loaded with RTLD_GLOBAL. [96c710df2457] * plugins/sudoers/group_plugin.c, src/load_plugins.c: Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes problems with pam modules not having access to symbols provided by libpam on some platforms. Affects FreeBSD and SLES 10 at least. [0d016983ec84] * Makefile.in: Move xgettext invocation out of update-po target into update-pot [19a73c6d017c] 2011-06-04 Todd C. Miller * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: Regenerate .pot files for 1.8.2rc2 [c3037f591dd8] * Makefile.in, common/Makefile.in, compat/Makefile.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: Move nls targets to the top level Makefile so the paths in the pot file are saner [65b9285cd8d9] * src/po/fi.mo: Add compiled version of sudo Finish translation [8f2405384ea3] * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo: Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo files [a165e70fa9ec] * configure, configure.in, plugins/sudoers/po/fi.po: Add Finish translation from translationproject.org [4466f8a96ceb] 2011-06-03 Todd C. Miller * doc/sudoers.pod: The group named by exempt_group should not have a % prefix. [df084d6b32c8] 2011-06-01 Todd C. Miller * doc/sudoers.pod: Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin" [5113699a3f8b] 2011-05-31 Todd C. Miller * src/exec.c, src/exec_pty.c: Fix compressed io log corruption in background mode by using _exit() instead of exit() to avoid flushing buffers twice. Improved background mode support. When not allocating a pty, the command is run in its own process group. This prevents write access to the tty. When running in a pty, stdin is not hooked up and we never read from /dev/tty, which results in similar behavior. [87c15149894c] * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: Clean up regress files Generate proper dependencies for regress objs in compat [88bfc728c1e7] * plugins/sudoers/Makefile.in: Add missing dependency for check_fill.o. [0bd6362e3e17] 2011-05-29 Todd C. Miller * INSTALL, configure, configure.in: Add support for --enable-nls[=location] [b90db44a050f] 2011-05-28 Todd C. Miller * plugins/sudoers/linux_audit.c: Include gettext.h [7f909a6e48cb] * plugins/sudoers/ldap.c, plugins/sudoers/parse.c: Quiet gcc warnings. [b41a6cdca583] * configure, configure.in: Don't install .mo files if gettext was not found. [1397b34cc165] 2011-05-27 Todd C. Miller * src/exec.c: Always allocate a pty when running a command in the background but call setsid() after forking to make sure we don't end up with a controlling tty. [b6454ba172e8] * plugins/sudoers/iolog.c: Add missing space between command name and the first command line argument. [fe217f0a36d4] * plugins/sudoers/sudoreplay.c: Quiet a compiler warning on some platforms. [de9f2849f236] * plugins/sudoers/po/README, src/po/README: README file that directs people to translationproject.org [30c0fc323281] * plugins/sudoers/po/uk.po, src/po/fi.po: Sync translations with TP [1d7d64559cba] * Makefile.in: Add 'sync-po' target to top-level Makefile to rsync the po files from translationproject.org. [20508211aaa3] * plugins/sudoers/Makefile.in: install nls files from install target [5fc07b6cab38] * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp: Include .mo files in sudo binary packags. [278d4821a916] * configure, configure.in, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po: Add simplified chinese translation [2b33ffc755b9] 2011-05-26 Todd C. Miller * configure, configure.in, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po: Add ukranian translation [2d8102688e93] * compat/Makefile.in: refer to siglist.c, not ./siglist.c since not all makes will treat foo and ./foo the same. [6639d293ffba] * plugins/sudoers/sudoers.c: Set def_preserve_groups before searching for the command when the -P flag is specified. [0edc7942f875] * Makefile.in, compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: Add dependency for siglist.lo in compat. This is a generated file so "make depend" needs to depend on it. [28d0932f8b50] * compat/Makefile.in: More dependency fixes. [aad0d05cd020] * compat/Makefile.in: Fix a few dependencies. [eb21aa35a032] * plugins/sudoers/Makefile.in, src/Makefile.in: Place compiled mo files in the src dir, not the build dir. When installing compiled mo files, display a status message. [e15634c29cd3] 2011-05-25 Todd C. Miller * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Tivoli Directory Server requires that seconds be present in a timestamp, even though RFC 4517 states that they are optional. [55fe23dd4ef9] * plugins/sudoers/sudo_nss.h: Add missing bit of copyright [d2eba3c364ca] * doc/visudo.pod: Mention cycle detection warnings [a76bef15ab67] * plugins/sudoers/visudo.c: When checking aliases, also check the contents of the alias in case there are problems with an alias that is referenced inside another. Replace the self reference check with real alias cycle detection. [a66c904cf53b] * plugins/sudoers/alias.c: Set errno to ELOOP in alias_find() if there is a cycle. Set errno to ENOENT in alias_find() and alias_remove() if the entry could not be found. [b4f0b89e433c] * plugins/sudoers/visudo.c: Increment alias_seqno before calls to alias_remove_recursive() to avoid false positives with the alias loop detection. Fixes spurious warnings about unused aliases when they are nested. [a344483b8193] * MANIFEST: add mkdep.pl [86b7ed33eab2] * plugins/sudoers/Makefile.in: Add dependency on convenience libs to binaries [cd3078b3c997] * Makefile.in: mkdep.pl only works when run from the src dir [f35a5e47c944] * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: Auto-generate Makefile dependencies with a perl script. [a3e4afcd7975] 2011-05-23 Todd C. Miller * plugins/sudoers/match.c: If the user specifies a runas group via sudo's -g option that matches the runas user's group in the passwd database and that group is not denied in the Runas_Spec, allow it. Thus, if user root's gid in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if no groups are present in the Runas_Spec. [e3f9732dc564] 2011-05-22 Todd C. Miller * plugins/sudoers/Makefile.in, src/Makefile.in: Add dependencies on gettext.h [a3a9dc51f78b] * plugins/sudoers/Makefile.in, src/Makefile.in: Fix install-nls target with HP-UX sh when gettext is not present. [0c6b9655cd41] 2011-05-20 Todd C. Miller * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot: regenerate .pot files for lbuf changes [918ded125a0b] * configure, configure.in: Add missing "checking" message for gettext when using the cache. [9c21187ad1d2] * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c, plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c, src/parse_args.c: Add primitive format string support to the lbuf code to make translations simpler. [ee71c7ef5299] * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot: Add message catalog template files for sudo and the sudoers module. [f3f8acb1f014] * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c, config.h.in, configure.in, doc/Makefile.in, include/gettext.h, plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c, src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h: Add gettext.h convenience header. This is similar to but distinct from the one included with the gettext package. [930a0591f73c] 2011-05-19 Todd C. Miller * configure, configure.in: Add checks for nroff -c and -Tascii flags [19ca990b3149] * configure, configure.in: Add check for HP bundled C Compiler (which cannot create shared libs) [517716a7072d] * plugins/sudoers/sudoreplay.c: Fix C format warnings. [6514326013fa] * include/error.h: Add __printflike [e1749a30a406] * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/parse_args.c: Translate help / usage strings. [ee1cc9b1a8bd] * plugins/sudoers/Makefile.in, src/Makefile.in: Set --msgid-bugs-address to the bugzilla url [5a0aa250ca21] * Makefile.in, common/Makefile.in, compat/Makefile.in, configure, configure.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: Add scaffolding to update .po files and install .mo files. [f05f4eed1fe1] * doc/license.pod: update copyright year [fa0c62523875] * INSTALL, README: No need to include version number at the top of these files. [9f2981325351] 2011-05-18 Todd C. Miller * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c: Minor warning/error cleanup [9236dc85aeab] * config.h.in, configure.in: Emulate ngettext for the non-nls case [13571d63fa36] * plugins/sudoers/ldap.c: Do not mark untranslatable strings for translation [735f5d4413fe] * plugins/sudoers/check.c: Use ROOT_UID not 0. [09a268db8da4] * plugins/sudoers/check.c, plugins/sudoers/iolog.c, plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c, src/load_plugins.c, src/sudo.c, src/sudo_edit.c: Minor warning/error message cleanup [3c7b1a7939b5] * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/net_ifs.c, src/selinux.c: cannot -> "unable to" in warning/error messages [31c3897649e9] * plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.c, src/utmp.c: can't -> "unable to" in warning/error messages [127b75f15291] * configure, configure.in: FreeBSD needs the main sudo executable to link with -lpam when loading dynaic pam modules for some reason. [944522cc9bef] 2011-05-17 Todd C. Miller * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c: We don't want to translate debugging messages. [56a1a365815a] * configure, configure.in, plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/Makefile.in, src/sesh.c, src/sudo.c: Add calls to bindtextdomain() and textdomain() Currently there are two domains, one for the sudo front-end and one for the sudoers plugin and its associated utilities. [0426138f789e] * configure, configure.in: Fix caching of libc gettext check. [942142d2c43a] * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c, plugins/sudoers/mkdefaults: Mark defaults descriptions for translation [5b27f018e6cf] * NEWS: Update for sudo 1.8.1p2 [747c4dee2ca7] 2011-05-16 Todd C. Miller * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Quiet compiler warning when SELinux is enabled. [1fbf77dda240] * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c, src/error.c, src/net_ifs.c, src/sesh.c: Add missing includes of libintl.h. [bc1d66316082] * plugins/sudoers/auth/pam.c: Fix gettext marker. [a5cf4ed66c66] * common/aix.c, common/alloc.c, compat/strsignal.c, plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h: Include libint.h where needed. [2b0e5a663c7b] * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c, plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: Prepare sudoers module messages for translation. [7212ae1909c5] * plugins/sudoers/sudoers.c: Only check gid of sudoers file if it is group-readable. [50e3bc0cb242] * plugins/sudoers/auth/aix_auth.c: For AIX, keep calling authenticate() until reenter reaches 0. [e240815b74b1] 2011-05-09 Todd C. Miller * configure, configure.in: Cache the status of the initial gettext() check. [32751ebe1704] * INSTALL, configure, configure.in: Add --disable-nls flag and improve checks for gettext. [c7e6b17052de] * configure, configure.in: When building with gcc on HP-UX, use -march=1.1 to produce portable binaries on a pa-risc2 host. Previously, the +Dportable option was used for the HP-UX C compiler but gcc always produced native binaries. [8f4c749324d7] 2011-05-06 Todd C. Miller * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c, src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/utmp.c: Prepare sudo front end messages for translation. [2fc2fabceccb] 2011-05-04 Todd C. Miller * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c: Add initial scaffolding to support localization via gettext() [7d47b59fcf95] * compat/fnmatch.h, compat/glob.h: Don't let the fnmatch/glob macros expand the function prototype. [a9014aa0288e] 2011-05-03 Todd C. Miller * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h: Resolve namespace collisions on HP-UX ia64 and possibly others by adding a rpl_ prefix to our fnmatch and glob replacements and #defining rpl_foo to foo in the header files. [caa9b690a15d] 2011-04-29 Todd C. Miller * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Split ALL, ROLE and TYPE into their own actions. Since you can only have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in the non-SELinux case. This is safe because the actions are in one big switch() statement. [7473fc2cfa2c] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie. [9be3480c2865] 2011-04-27 Todd C. Miller * doc/UPGRADE, doc/sudoers.pod: askpass moved from sudoers to sudo.conf in sudo 1.8.0 [b2c2956cec4e] * doc/sudoers.pod: Remove obsolete warning about runas_default and ordering. Move syslog facility and priority lists into the section where the relevant options are described. [e57b8dc3f779] 2011-04-26 Todd C. Miller * plugins/sudoers/auth/sia.c: Fix SIA support; we no longer have access to the real argc and argv so allocate space for a fake one and use the argv passed to the plugin with "sudo" for argv[0]. [1c0552772ad2] 2011-04-23 Todd C. Miller * src/net_ifs.c: Remove useless realloc when trying to get the buffer size right. [792225380a62] * plugins/sudoers/set_perms.c: Be explicit when setting euid to 0 before call to setreuid(0, 0) [7bfeb629fccb] 2011-04-18 Todd C. Miller * configure, configure.in: Need to do checks for krb5_verify_user, krb5_init_secure_context and krb5_get_init_creds_opt_alloc regardless of whether or not krb5-config is present. [9d1b98ece1d3] 2011-04-15 Todd C. Miller * plugins/sudoers/set_perms.c: Work around weird AIX saved uid semantics on setuid() and setreuid(). On AIX, setuid() will only set the saved uid if the euid is already 0. [069fc08150ca] 2011-04-14 Todd C. Miller * sudo.pp: update copyright year [1c42d579ba6e] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Treat a missing includedir like an empty one and do not return an error. [92f71d8cbfd4] 2011-04-12 Todd C. Miller * pp: Fix ARCH setting in cross-compile Solaris packages. [b0de281cc889] * sudo.pp: Fix aix version setting. [98437dbfb085] * plugins/sudoers/ldap.c: Remove extraneous parens in LDAP filter when sudoers_search_filter is enabled that causes a search error. From Matthew Thomas. [1d75bf1fc8d9] 2011-04-11 Todd C. Miller * plugins/sudoers/regress/iolog_path/check_iolog_path.c: Correct sizeof() to fix test failure. [fd2f7c0c0572] * plugins/sudoers/Makefile.in: "install" target should depend on "install-dirs". Fixes "make -j" problem and closes bz #487. From Chris Coleman. [083902d38edb] 2011-04-07 Todd C. Miller * config.h.in: Add HAVE_RFC1938_SKEYCHALLENGE [a94cb33758a8] 2011-04-06 Todd C. Miller * NEWS: Mention plugin loading and libgcc changes [e11b30b5026a] * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: Load plugins after parsing arguments and potentially printing the version. That way, an error loading or initializing a plugin doesn't break "sudo -h" or "sudo -V". [1b76f2b096a2] * Makefile.in: When using a sub-shell to invoke the sub-make, exec make instead of running it inside the shell to avoid an extra process. [fd2c04a71fbf] * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c: Stop testing unspecified behavior in fnmatch Make glob test more portable [229803093725] * compat/Makefile.in: No need to add current dir to include path and having it breaks the test programs that expect to get the system glob.h and fnmatch.h [68085f624be4] * INSTALL, configure, configure.in: Fix and document --with-plugindir; partially from Diego Elio Petteno [07edc52ea89e] * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c, compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c, compat/regress/glob/globtest.in: Fix fnmatch and glob tests to not use hard-coded flag values in the input file. Link test programs with libreplace so we get our replacement verions as needed. [c2cca448f660] * Makefile.in: If make in a subdir fails, fail the target in the upper level Makefile too. Adapted from a patch from Diego Elio Petteno [76fc9a0d96fd] * configure, configure.in, plugins/sudoers/auth/rfc1938.c: Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also has this. Adapted from a patch from Diego Elio Petteno [a97279a59b93] * plugins/sudoers/Makefile.in: Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@ directly. [47b884029b3b] * configure, configure.in: Fix warnings when -without-skey, --without-opie, --without-kerb4, --without-kerb5 or --without-SecurID were specified. [71ad150f4d24] * MANIFEST: Add plugins/sudoers/sudoers_version.h [7423966de440] * configure, configure.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: Back out the --with-libpath addition to SUDOERS_LDFLAGS since that now include LDFLAGS in the sudoers Makefile.in. Add missing settng of @LDFLAGS@ in plugin Makefile.in files. [b835826f889c] 2011-04-05 Todd C. Miller * NEWS: Mention %#gid support in User_List and Runas_List [5a983dff017a] * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h, plugins/sudoers/visudo.c: Keep track of sudoers grammar version and report it in the -V output. [52901a3c0296] * plugins/sudoers/sudo_nss.h: Add multiple inclusion guard [50853aed046e] * configure, configure.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: The --with-libpath option now adds to SUDOERS_LDFLAGS as well as LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and set it to -Wc,-static-libgcc if not using GNU ld so we don't have a dependency on the shared libgcc in sudoers.so. [66ad8bc5e32d] * doc/sudoers.pod: Fix typo; from Petr Uzel [f9a7afd80892] 2011-04-01 Todd C. Miller * plugins/sudoers/testsudoers.c: In dump-only mode, use "root" as the default username instead of "nobody" as the latter may not be available on all systems. [0c48e6414337] 2011-03-31 Todd C. Miller * plugins/sudoers/testsudoers.c: Remove NewArgv/NewArgc, they are no longer needed. [16e18f734c7e] * plugins/sudoers/testsudoers.c: Fix setting of user_args [aa29e0d0a54a] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Add '!' token to lex tracing [5227ad266235] * plugins/sudoers/regress/testsudoers/test1.sh: Use group bin in test, not wheel as most systems have the bin group but the same is no longer true of wheel. [718802b3b45e] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Avoid using pre or post increment in a parameter to a ctype(3) function as it might be a macro that causes the increment to happen more than once. [78e281152c3a] 2011-03-30 Todd C. Miller * sudo.pp: Strip off the beta or release candidate version when building AIX packages. [28fe31668559] * configure, configure.in: We need to include OSDEFS in CFLAGS when doing the utmp/utmpx structure checks for glibc which only has __e_termination visible when _GNU_SOURCE is *not* defined. [59ae1698911f] * common/aix.c: getuserattr(user, ...) will fall back to the "default" entry automatically, there's no need to check "default" manually. [3c7a47a61fdb] 2011-03-29 Todd C. Miller * doc/UPGRADE: Document parser changes. [ec415503308d] * Makefile.in, common/Makefile.in, compat/Makefile.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: If there is an existing sudoers file, only install if it passes a syntax check. [37427c73e8cb] * plugins/sudoers/regress/sudoers/test6.out.ok, plugins/sudoers/testsudoers.c: Add runasgroup support to testsudoers [047ea5571f33] * plugins/sudoers/Makefile.in: For "make check", keep going even if a test fails. [ce6a0a73c372] * plugins/sudoers/testsudoers.c: More useful exit codes: * 0 - parsed OK and command matched. * 1 - parse error * 2 - command not matched * 3 - command denied [1d2ce1361903] * doc/sudoers.pod: Document %#gid, and %:#nonunix_gid syntax. [492d4f9696c4] * plugins/sudoers/pwutil.c: Add support to user_in_group() for treating group names that begin with a '#' as gids. [20240c94a134] * config.h.in, configure, configure.in, src/utmp.c: Add explicit check for struct utmpx.ut_exit.e_termination and struct utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update ut_exit if we detect one or the other. [b4e8cab777e6] 2011-03-28 Todd C. Miller * plugins/sudoers/toke.c: Add back missing #include of config.h [9ab3897a1b2e] * plugins/sudoers/iolog_path.c, plugins/sudoers/regress/iolog_path/data: Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like strftime() does. [93395762cdcd] * aclocal.m4: Quote first argument to AC_DEFUN(); from Elan Ruusamae [97f53ad31d77] 2011-03-27 Todd C. Miller * MANIFEST: add new sudoers tests [476af91b3da3] * plugins/sudoers/regress/sudoers/test8.in, plugins/sudoers/regress/sudoers/test8.out.ok, plugins/sudoers/regress/sudoers/test8.toke.ok: Add test for a newline in the middle of a string when no line continuation character is used. [de2394bc86ab] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Use bitwise AND instead of modulus to check for length being odd. A newline in the middle of a string is an error unless a line continuation character is used. [bdb1d762a1d5] * plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/toke.c, plugins/sudoers/toke.l: Move lexer globals initialization into init_lexer. [1ce62211aadb] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Fix a potential crash when a non-regular file is present in an includedir. Fixes bz #452 [1586760c3525] * pp: On some Linux systems, "uname -p" contains detailed processor info so check "uname -m" first and then "uname -p" if needed. Recognize PLD Linux. [b8535cb9012e] 2011-03-25 Todd C. Miller * plugins/sudoers/redblack.c: Don't need all sudoers.h here. [8c0929f42dab] * src/sudo.c: Print sudo version early, in case policy plugin init fails. [47cddc4358bc] 2011-03-24 Todd C. Miller * plugins/sudoers/regress/sudoers/test4.toke.ok: Update to match change in input. [4a3af8e68790] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Make an empty group or netgroup a syntax error. [66f51ddc2ff6] * plugins/sudoers/regress/sudoers/test7.in, plugins/sudoers/regress/sudoers/test7.out.ok, plugins/sudoers/regress/sudoers/test7.toke.ok: An empty group or netgroup should be a syntax error. [bd5bf1e2edce] * plugins/sudoers/regress/sudoers/test6.in, plugins/sudoers/regress/sudoers/test6.out.ok, plugins/sudoers/regress/sudoers/test6.toke.ok: Check that uids work in per-user and per-runas Defaults Check that uids and gids work in a Command_Spec [c5e848e6082b] * plugins/sudoers/regress/sudoers/test5.in, plugins/sudoers/regress/sudoers/test5.out.ok, plugins/sudoers/regress/sudoers/test5.toke.ok: Test empty string in User_Alias and Command_Spec [3a084d777e03] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Allow a group ID in the User_Spec. [bc2859eb71dc] 2011-03-23 Todd C. Miller * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Return an error for the empty string when a word is expected. Allow an ID for per-user or per-runas Defaults. [915c259b00ff] * plugins/sudoers/testsudoers.c: Fix printing "User_Alias FOO = ALL" [ba58c3d548b3] 2011-03-22 Todd C. Miller * src/parse_args.c: Better error message about invalid -C argument [c9a8d15bbf5d] * NEWS: fix typo [cdcfbafed013] * doc/sudoers.pod: Fix placement of equal size ('=') in user specification summary. [5ad7178b230d] 2011-03-21 Todd C. Miller * MANIFEST: update to match sudoers regress [e04db0648717] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Restore ability to define TRACELEXER and have trace output go to stderr. [d9531e4d1b20] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Restore old behavior of setting sawspace = TRUE for command line args when a line continuation character is hit to avoid causing problems for existing sudoers files. [fd930ad25550] * plugins/sudoers/regress/sudoers/test4.in, plugins/sudoers/regress/sudoers/test4.out.ok, plugins/sudoers/regress/sudoers/test4.toke.ok: Add test for line continuation and aliases [29ab538ca6bb] * plugins/sudoers/Makefile.in: Make test output line up nicely for parse vs. toke [257ef82c1434] * plugins/sudoers/Makefile.in, plugins/sudoers/regress/sudoers/test1.in, plugins/sudoers/regress/sudoers/test1.out.ok, plugins/sudoers/regress/sudoers/test1.toke.ok, plugins/sudoers/regress/sudoers/test2.in, plugins/sudoers/regress/sudoers/test2.out.ok, plugins/sudoers/regress/sudoers/test2.toke.ok, plugins/sudoers/regress/sudoers/test3.in, plugins/sudoers/regress/sudoers/test3.out.ok, plugins/sudoers/regress/sudoers/test3.toke.ok, plugins/sudoers/regress/testsudoers/test1.ok, plugins/sudoers/regress/testsudoers/test1.out.ok, plugins/sudoers/regress/testsudoers/test1.sh, plugins/sudoers/regress/testsudoers/test2.out, plugins/sudoers/regress/testsudoers/test2.sh, plugins/sudoers/regress/testsudoers/test3.ok, plugins/sudoers/regress/testsudoers/test3.sh, plugins/sudoers/regress/visudo/test1.ok, plugins/sudoers/regress/visudo/test1.sh: Move parser tests to sudoers directory and test the tokenizer output too. [44f529b3cdb6] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: If we match a rule anchored to the beginning of a line after parsing a line continuation character, return an ERROR token. It would be nicer to use REJECT instead but that substantially slows down the lexer. [355478293f8c] * plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/toke.c, plugins/sudoers/toke.h, plugins/sudoers/toke.l: Move LEXTRACE macro to toke.h so we can use it in yyerror(). [72ee7a06d3ca] 2011-03-20 Todd C. Miller * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l: Make lex tracing settable at run-time in testsudoers via the -t flag. Trace output goes to stderr. Will be used by regress tests to check lexer. [93bd53c413c8] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Allow whitespace after the modifier in a Defaults entry. E.g. "Defaults: username set_home" [9dfcf8dd8a3a] 2011-03-18 Todd C. Miller * mkpkg: Don't set CC when cross-compiling. [4b95b0c04e1c] * NEWS: Credit Matthew Thomas for the sudoers_search_filter changes. [a65998ab09f7] * MANIFEST: Add the .sym files to the MANIFEST [f599225cc861] * NEWS: Update for sudo 1.8.1 beta [71021e854c49] * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c: user_shell -> run_shell to avoid confusion with the user's SHELL variable. [dc0ac6dafc21] * src/exec_pty.c: Save the controlling tty process group before suspending in pty mode. Previously, we assumed that the child pgrp == child pid (which is usually, but not always, the case). [10b2883b7875] * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Add support for sudoers_search_filter setting in ldap.conf. This can be used to restrict the set of records returned by the LDAP query. [b0f1b721d102] 2011-03-17 Todd C. Miller * configure, configure.in: Remove the hack to disable -g in CFLAGS unless --with-devel [89822cf84ef4] * doc/sudoers.pod: The '@' character does not normally need to be quoted. [7823f5ed829a] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: We normaly transition from GOTDEFS to STARTDEFS on whitespace, but if that whitespace is followed by a comma, we want to treat it as part of a list and not transition. [1ca6943e1824] * plugins/sudoers/regress/testsudoers/test3.ok, plugins/sudoers/regress/testsudoers/test3.sh: Add check for whitespace when a User_List is used for a per-user Defaults entry. [91f75e6dd19a] * plugins/sudoers/regress/testsudoers/test2.out, plugins/sudoers/regress/testsudoers/test2.sh: Expand quoted name checks to cover recent fixes. [ce4f76bca146] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Fix parsing of double-quoted names in Defaultd and Aliases which was broken in 601d97ea8792. [424b0d6c1dc4] * plugins/sudoers/Makefile.in: toke_util.c lives in $(srcdir) not $(devdir) [94866bebee83] 2011-03-16 Todd C. Miller * configure, configure.in: Change trunk version to 1.8.x to distinguish from real 1.8.0. [a9781e61d064] * NEWS, doc/UPGRADE: Document major changes in 1.8.1 and add upgrade notes. [f2cf51b0d9ce] * plugins/sudoers/match.c: Be careful not to deref user_stat if it is NULL. This cannot currently happen in sudo but might in other programs using the parser. [06a2334dd674] * mkpkg: configure will not add -O2 to CFLAGS if it is already defined to add -O2 to the CFLAGS we pass in when PIE is being used. [1ce6481ece59] * doc/sudoers.pod: Warn about the dangers of log_input and mention iolog_file and iolog_dir in the log_input and log_output descriptions. [ae854ffb0768] * pp: sync with git version [a993e39ce3cb] * doc/sudoers.pod: It seems that h comes after i [0f621109220d] * doc/sudoers.pod: Move log_input and log_output to their proper, sorted, location. Document set_utmp and utmp_runas. [273b234b9c34] * src/exec.c: Save the controlling tty process group before suspending so we can restore it when we resume. Fixes job control problems on Linux caused by the previous attemp to fix resuming a shell when I/O logging not enabled. [f03a660315ee] * common/lbuf.c: Fix printing of the remainder after a newline. Fixes "sudo -l" output corruption that could occur in some cases. [25d83fb501fc] 2011-03-15 Todd C. Miller * config.h.in, configure, configure.in, src/exec_pty.c, src/sudo_exec.h, src/utmp.c: Add support for ut_exit [b574c13f1bba] * doc/sudo_plugin.pod, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c: Add support for controlling whether utmp is updated and which user is listed in the entry. [44a81632133f] * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h, plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults, plugins/sudoers/parse.c: Fix typo; tupple vs. tuple [697744acb710] * src/utmp.c: For legacy utmp, strip the /dev/ prefix before trying to determine slot since the ttys file does not include the /dev/ prefix. [7ad5b81ff90c] * aclocal.m4, configure, configure.in, pathnames.h.in: Add check for _PATH_UTMP [21e638029bfd] 2011-03-14 Todd C. Miller * plugins/sudoers/regress/iolog_path/check_iolog_path.c: Adapt check_iolog_path to sessid changes [728b5fe2be6f] * config.h.in, configure, configure.in, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h, src/utmp.c: Redo utmp handling. If no getutent()/getutxent() is available, assume a ttyslot-based utmp. If getttyent() is available, use that directly instead of ttyslot() so we don't have to do the stdin dup2 dance. [18aa455cd140] 2011-03-11 Todd C. Miller * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h, src/utmp.c: Move utmp handling into utmp.c [f6eae6c8e012] * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c, common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c, compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, compat/utimes.c, doc/sudo.pod, doc/visudo.pod, include/sudo_plugin.h, plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, plugins/sudoers/logging.c, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c: Update copyright years. [16aa39f9060a] * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/parse_args.c: Add "user_shell" boolean as a way to indicate to the plugin that the -s flag was given. [fb1ef0897b32] * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, plugins/sudoers/sudoers.h: Move sessid out of sudo_user. [ba298ddb57f4] * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Log the TSID even if it is not a simple session ID. [d7cc1b9c513c] * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod: Document noexec in sample.sudo.conf and add back noexec_file section in sudoers with a note that it is deprecated. [4a6e961e494d] * plugins/sudoers/set_perms.c: Fix running commands as non-root on systems where setreuid() changes the saved uid based on the effective uid we are changing to. [df0769b71b34] 2011-03-10 Todd C. Miller * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c, src/sudo.h: Move noexec path into sudo.conf now that sudo itself handles noexec. Currently can be configured in sudoers too but is now undocumented and will be removed in a future release. [6fa8befdc110] * doc/sudo.pod, doc/sudoers.pod: Document "Path noexec ..." in sudo.conf. No longer document noexec_file in sudoers, it will be removed in a future release. [24eee3a0b3e5] * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h: Move noexec handling to sudo front-end where it is documented as being. [3ed4f10d7052] * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c, src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, src/sudo_exec.h: Add support for disabling exec via solaris privileges. Includes preparation for moving noexec support out of sudoers and into front end as documented. [dec843ed553e] * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in, plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.sym: Only export the symbols corresponding to the plugin structs. [8d8d03b0ca54] * configure, configure.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: Install plugins manually instead of using libtool. This works around a problem on AIX where libtool will install a .a file containing the .so file instead of the .so file itself. [796971cfbddb] * Makefile.in: Move check into its own rule since some versions of make will run both targets as the default rule. [34d759979176] * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltversion.m4, m4/lt~obsolete.m4: Update to libtool 2.2.10 [34c130de6af7] 2011-03-09 Todd C. Miller * src/exec.c: In handle_signals(), restart the read() on EINTR to make sure we keep up with the signal pipe. Don't return -1 on EAGAIN, it just means we have emptied the pipe. [d5b9c8eb9000] * compat/mktemp.c: Reorder functions to quiet a compiler warning. [c9e9a23729f0] * mkpkg: Use the Sun Studio C compiler on Solaris if possible [11a86e27891e] 2011-03-08 Todd C. Miller * mkpkg: Fix default setting of osversion variable. [52e49ca1cedd] * doc/sudo_plugin.pod: Make two login_class entris consistent. [18ff1fa94a91] * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c, src/sudo_exec.h: Add support for adding a utmp entry when allocating a new pty. Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent(). Currently only creates a new entry if the existing tty has a utmp entry. [32db72b81d80] * plugins/sudoers/boottime.c: Avoid pulling in headers we don't need on Linux For getutx?id(), call setutx?ent() first and always call endutx?ent(). [5dad21e1ee1b] * configure, configure.in: Add some more libs to SUDOERS_LIBS instead of relying on them to be pulled in by SUDO_LIBS. [18a7c21c09a7] * plugins/sudoers/sudoers.c: Fix return value of "sudo -l command" when command is not allowed, broken in [c7097ea22111]. The default return value is now TRUE and a bad: label is used when permission is denied. Also fixed missing permissions restoration on certain errors. On error()/errorx(), the password and group files are now closed before returning. [4f2d0e869ae5] 2011-03-07 Todd C. Miller * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: Fix passing of login class back to sudo front end. [6f70a784ce48] * mkpkg: Add --osversion flag to specify OS instead of running "pp --probeonly" [a8efdccb7bc1] * sudo.pp: Fix expr usage w/ GNU expr [48895599ee63] 2011-03-06 Todd C. Miller * plugins/sudoers/sudoers.c: Fix exit value for validate and list mode. [c7097ea22111] * plugins/sudoers/sudoers.c: Fix non-interactive mode with sudoers plugin. [172f29597bd2] 2011-03-05 Todd C. Miller * doc/sudoreplay.pod: sudoreplay can now find IDs other than %{seq} and display the session. [fc3dd3be67e9] 2011-03-04 Todd C. Miller * plugins/sudoers/sudoreplay.c: Add support for replaying sessions when iolog_file is set to something other than %{seq}. [ca3131243874] * plugins/sudoers/visudo.c: If we are killed by a signal, display the name of the signal that got us. [994bb76a990e] * configure, configure.in: Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS where they belong. [40f94b936fa4] * configure.in: Fix bug in skey/opie check that could cause a shell warning. [83c043072be5] * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: No longer need sudo_getepw() stubs. [bbee15c36912] 2011-03-03 Todd C. Miller * plugins/sudoers/sudo_nss.c: Fix exit value of "sudo -l command" in sudoers module. [a6541867521b] 2011-03-02 Todd C. Miller * compat/regress/glob/globtest.c: Use fgets() not fgetln() for portability. [df1bb67fb168] * sudo.pp: Don't use the beta or release candidate version as the rpm release. [d661ef78021a] 2011-02-25 Todd C. Miller * configure, configure.in: version 1.8.0 [f6530d56f6ae] [SUDO_1_8_0] * NEWS: update sudo 1.8 section [f2ee2cf95d18] 2011-02-23 Todd C. Miller * plugins/sudoers/regress/testsudoers/test2.sh: fix test description [cd5730fa9f09] * plugins/sudoers/regress/testsudoers/test2.out, plugins/sudoers/regress/testsudoers/test2.sh, plugins/sudoers/regress/visudo/test2.out, plugins/sudoers/regress/visudo/test2.sh: convert test2 to use testsudoers [b5ec3f0b69f1] * include/sudo_plugin.h, src/sudo_plugin_int.h: Move struct generic_plugin to sudo_plugin_int.h [6f7bc629329c] * plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Allow sudoers file name, mode, uid and gid to be specified in the settings list. The sudo front end does not currently set these but may in the future. [22f38a0fda2a] 2011-02-21 Todd C. Miller * configure, configure.in, doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: 1.8.0rc1 [5d4588b9c057] * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/parse_args.c, src/sudo.h: add help text to sudo, visudo and sudoreplay for the -h option [52e7378d8476] 2011-02-19 Todd C. Miller * compat/snprintf.c: avoid using "howmany" for a parameter name since it is a select- related macro [a14d565401a1] * doc/sudoers.pod: mention group_plugin when describing nonunix_group [e0d1d0034b17] * doc/sudo_plugin.pod: Add missing period at end of sentence [6744d7e9056d] * Makefile.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: add localstatedir; closes bug 471 [7aefcab85088] * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c, src/exec.c, src/exec_pty.c: The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes Bug 470 [927ed6740f32] * configure.in: add missing AH_TEMPLATE for ENV_RESET [16300010c986] * src/exec.c: SVR5 systems return non-zero for success on socketpair(), check for -1 instead. Closes Bug 469 [4d276494bf8e] 2011-02-16 Todd C. Miller * configure, configure.in: 1.8.0b5 [d611cd5d73d3] * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: regen [85e96eeaed82] * doc/sudo.pod: Document that a sudo.conf file with no Pligin lines uses the default sudoers plugins. [88bd52da977f] * src/load_plugins.c: If sudo.conf contains no Plugin lines, use the default sudoers policy and I/O plugins. [fd8f4cb811ab] 2011-02-14 Todd C. Miller * plugins/sudoers/sudo_nss.c: Avoid printing empty "Runas and Command-specific defaults for user" line. [2dd330fe4f8b] * common/lbuf.c: Truncate the buffer at buf.len before printing in the non-wordwrap case. [901e9833f80d] * common/lbuf.c: Remove extra newline when the tty width is very small or unavailable [245c05506c0e] 2011-02-11 Todd C. Miller * plugins/sudoers/alias.c: Remove unneeded variable. [2c086d30b796] 2011-02-09 Todd C. Miller * configure, configure.in: Prefer getutxid over getutid [3f3322e9c93e] * plugins/sudoers/boottime.c: Include utmp.h / utmpx.h before missing.h as apparently including it afterwards causes a compilation problem on GNU Hurd. [a528029ae962] 2011-02-07 Todd C. Miller * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c: #include "foo.h", not for local includes. [f65ec693998e] * src/parse_args.c: remove bogus XXX [9136c17d53ce] * compat/mksiglist.c: Fix typo [1a3bb7b455c9] * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, plugins/sudoers/match.c: return foo not return(foo) [5c9e0647359a] 2011-02-06 Todd C. Miller * src/exec.c: Remove duplicate FD_SET of signal_pipe[0] [3096527d2215] 2011-02-05 Todd C. Miller * compat/mksiglist.c: Use "missing.h" not in generated code. [d8e09cffbe09] 2011-02-04 Todd C. Miller * aclocal.m4, configure: fix --with-iologdir=no [a89699cb5f5f] * aclocal.m4, configure: fix typo that broke --with-iologdir [91b54eb22403] 2011-02-03 Todd C. Miller * configure, configure.in, doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: Bump version to 1.8.0b4 [e2b7f2cdc02e] * NEWS: sync [decf5a0a8a33] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Attempt to clarify how users and groups interact in Runas_Specs [e6fb3a2dbd77] * plugins/sudoers/regress/visudo/test2.out, plugins/sudoers/regress/visudo/test2.sh: Add test for quoted group that contains escaped double quotes [44596c48c629] * src/exec.c, src/exec_pty.c: Pass SIGUSR1/SIGUSR2 through to the child. [c3108a827b01] * src/exec_pty.c, src/sudo_exec.h: Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and SIGUSR2 to indicate whether the child should be continued in the foreground or background. [35ca47cc6785] * src/exec.c: Use pid_t not int and check the return value of kill() [36ae7d37d7f9] 2011-02-02 Todd C. Miller * src/exec_pty.c: Remove obsolete comment [baebef4919f6] * src/exec.c: In non-pty mode before continuing the child, make it the foreground pgrp if possible. Fixes resuming a shell. [fef5b1d02ddb] * src/exec_pty.c: If we get a signal other than SIGCHLD in the monitor, pass it directly to the child. [b3ecb28163a0] * src/exec.c, src/exec_pty.c, src/sudo.h: Save signal state before changing handlers and restore before we execute the command. [faf7475dc4bf] 2011-02-01 Todd C. Miller * plugins/sudoers/iolog.c: Use a char array to map a number to a base36 digit. [257576c51f8b] * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod: Be clear about what versions of sudo support new LDAP attributes. Fix up some formatting of attribute names. Minor other tweaks. [39f65df71f65] 2011-01-31 Todd C. Miller * plugins/sudoers/toke.c, plugins/sudoers/toke.l: match quoted strings the same way whether in a Defaults line or as a user/group/netgroup name. Fixes escaped double quotes in quoted user/group/netgroup names. [601d97ea8792] * plugins/sudoers/Makefile.in: 'make check' depends on visudo and testsudoers [127c5a24df8f] * plugins/sudoers/sudoers2ldif: Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags [9029163a58c3] 2011-01-30 Todd C. Miller * doc/UPGRADE: Mention LDAP attribute compatibility status. [2c3595aaec63] 2011-01-28 Todd C. Miller * README.LDAP: Mention phpQLAdmin [9304c9064fbe] * INSTALL, NEWS, config.h.in, configure, configure.in, doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c: Add --disable-env-reset configure option. [8a753aa13a46] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Document that sudoers_locale also affects logging and email. [998d6ac11277] * NEWS, config.h.in, configure, configure.in, plugins/sudoers/logging.c: Do logging and email sending in the locale specified by the "sudoers_locale" setting ("C" by default). Email send by sudo includes MIME headers when the sudoers locale is not "C". [cb7e55408400] 2011-01-27 Todd C. Miller * plugins/sudoers/check.c: Fix indentation [65ae7e92b9e4] 2011-01-25 Todd C. Miller * NEWS, src/parse_args.c, src/sudo.c: Perform command escaping for "sudo -s" and "sudo -i" after validating sudoers so the sudoers entries don't need to have all the backslashes. [4e168c103f4b] 2011-01-24 Todd C. Miller * plugins/sudoers/logging.c: Prepend "list " to the command logged when "sudo -l command" is used to make it clear that the command was listed, not run. [f392a6056cd6] * plugins/sudoers/parse.c: cosmetic change [7c0951dbc2dd] * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c, common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c, compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c, compat/nanosleep.c, compat/regress/glob/globtest.c, compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c, plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c, src/sudo_noexec.c, src/tgetpass.c: standardize on "return foo;" rather than "return(foo);" or "return (foo);" [32d76c5aaf8c] * plugins/sudoers/sudoers.c: Do not reject sudoers file just because it is root-writable. [0febc579185b] 2011-01-21 Todd C. Miller * NEWS: sync [1ab03f8278ff] * plugins/sudoers/sudo_nss.c: For "sudo -U user -l" if user is not authorized on the host, say so. [289afe6dd15c] * plugins/sudoers/ldap.c: In sudo_ldap_lookup(), always do the initial sudoers check as the invoking user. If we are listing another user's privs we will do a separate lookup using list_pw later. [e52bc15de76d] 2011-01-20 Todd C. Miller * MANIFEST: add parser fill tests [4f65140d3515] * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in: Don't test features not supported by the bundled glob() [8ec7ace11949] * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c, compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, plugins/sudoers/match.c, plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in: Update copyright year to 2011 [ac1b45cb1809] * plugins/sudoers/sudo_nss.c: When listing, use separate lbufs for the defaults and the privileges and only print something if the number of privileges is non-zero. Fixes extraneous Defaults output for "sudo -U unauthorized_user -l". [d0854d39f8ef] * plugins/sudoers/ldap.c: Stash pointer to user group vector in LDAP handle and only reuse the query if it has not changed. We always allocate a new buffer when we reset the group vector so a simple pointer check is sufficient. [88861d4eba69] * plugins/sudoers/sudo_nss.c: Check initgroups() return value. [3bdaf58408a7] * plugins/sudoers/Makefile.in, plugins/sudoers/regress/parser/check_fill.c: Add tests for the fill functions in toke_util.c [bca587ab4956] 2011-01-19 Todd C. Miller * plugins/sudoers/regress/iolog_path/check_iolog_path.c: fix copyright year [e2038cdaf055] * NEWS: sync [56ca5d5eaebe] 2011-01-18 Todd C. Miller * common/term.c: Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e. [b91f266624ec] 2011-01-14 Todd C. Miller * mkpkg, sudo.pp: Add Requires line for audit-libs >= 1.4 for RHEL5+ [6c02f976171b] * pp: sync with git version [d301c32d5865] 2011-01-13 Todd C. Miller * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: fix typo [39353f92976f] 2011-01-12 Todd C. Miller * NEWS: Update for sudo 1.7.4p5 [b444da76901f] * doc/schema.OpenLDAP, doc/schema.iPlanet: Add sudoNotBefore and sudoNotAfter attributes as optional attributes to the sudoRole object class. From Andreas Mueller [dacfad7e7a95] 2011-01-11 Todd C. Miller * NEWS: Mention "sudo -g group" password check fix. [1eb8fb14e53b] * plugins/sudoers/sudoers.c: Fix "sudo -g" support in the sudoers module. [07d1b0ce530e] * plugins/sudoers/check.c: If the user is running sudo as himself but as a different group we need to prompt for a password. [caf1fcc9a117] 2011-01-10 Todd C. Miller * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla- derived LDAP SDKs but we can pass the timeout parameter to ldap_search_ext_s() or ldap_search_st() when possible. [5537049991f7] * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: regen [5b361c3c4324] * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility with OpenLDAP ldap.conf files. [e97843bd16fb] * plugins/sudoers/pwutil.c: If user has no supplementary groups, fall back on checking the group file expliticly. [5223ad4eb690] 2011-01-08 Todd C. Miller * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c: constify [6e132a4cca61] * plugins/sudoers/toke.c, plugins/sudoers/toke.h, plugins/sudoers/toke.l: Move fill macro to toke.h [623d430798cf] * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c, plugins/sudoers/toke.h, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c: Split tokenizer utility functions out into toke_util.c [89a97bd51618] * plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/toke.c, plugins/sudoers/toke.l: ANSIfy [ca0eba1dfaa9] 2011-01-07 Todd C. Miller * MANIFEST: sync [a43f94064bb3] * plugins/sudoers/Makefile.in: Add visudo tests to check target [8c82fb4ed40f] * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c, compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files, compat/regress/glob/globtest.c, compat/regress/glob/globtest.in: Add my regress tests for fnmatch() and glob() from OpenBSD. [6e8c1f211723] * plugins/sudoers/regress/testsudoers/test1.sh, plugins/sudoers/regress/visudo/test1.ok, plugins/sudoers/regress/visudo/test1.sh: Add regress test for command tags using visudo -c [18b0ef207c0f] * plugins/sudoers/Makefile.in, plugins/sudoers/regress/testsudoers/test1.ok, plugins/sudoers/regress/testsudoers/test1.sh: Add support for regress tests using testsudoers [1fa94bd2671b] * plugins/sudoers/testsudoers.c: Need to set user_name explicitly due to internal changes made when converting sudoers to a plugin. [1fa54e86a364] 2011-01-06 Todd C. Miller * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/regress/iolog_path/data, src/Makefile.in, zlib/Makefile.in: Add regression tests for iolog_path() [afa4b416e559] * Makefile.in, common/Makefile.in, compat/Makefile.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: Add support for "make Makefile" to regenerate Makefile from Makefile.in [98bd2dda3294] * plugins/sudoers/iolog_path.c: Quiest a bogus compiler warning. [5ff932a7ad67] 2011-01-05 Todd C. Miller * plugins/sudoers/iolog_path.c: Protect call to setlocale() with HAVE_SETLOCALE [2c29ee3ccc81] 2011-01-04 Todd C. Miller * MANIFEST: mkstemps.c was renamed mktemp.c [ae299c3b1827] * NEWS: Update from 1.7 branch [20817d79717b] * Makefile.in: Use "mv -f" when regenerating ChangeLog [c163635206c6] * plugins/sudoers/match.c: Fix NULL dereference with "sudo -g group" when the sudoers rule has no runas user or group listed. Fixes RedHat bug Bug 667103. [41a6a1243d9e] 2011-01-03 Todd C. Miller * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Correct the default sudo.conf example [4e791698cad1] 2010-12-31 Todd C. Miller * plugins/sudoers/iolog_path.c: Reset slashp if we allocate a new buffer for strftime() [e491daa4203b] * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Add extra out parameter to expand_iolog_path() to allow the caller to split the path into dir and file components if needed. [88346bc5ae39] 2010-12-30 Todd C. Miller * plugins/sudoers/iolog.c: mkdir_iopath() returns size_t now that it uses strlcpy() and not snprintf() [3c4c64d265eb] * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c: Trim leading slashes from iolog_file and trailing slashes from iolog_dir [a803b51f8948] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Pass a single I/O log file name in command_details instead of separate dir + file parameters. [d672a3e46e80] * plugins/sudoers/sudoreplay.c: change an error() to errorx() [8013dcfdd69d] * plugins/sudoers/iolog.c: Add missing cwd line to I/O log info file that got dropped when iolog_deserialize_info() was added [7cf84f208423] 2010-12-29 Todd C. Miller * plugins/sudoers/iolog.c: Avoid relying on globals filled in by the sudoers policy module for the sudoers I/O log module. The I/O log open function now pulls the bits it needs out of user_info and command_info. [c02f6951b0cc] * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: If no iolog file is specified by the policy plugin, use io_nextid() to determine the next file in the sequence. [faa1130b1020] 2010-12-28 Todd C. Miller * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document iolog_compress in command_info [58895c7d12f5] * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: Add support for the iolog_compress variable in command_info. [36f13a2fd1c1] * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: Add sigsetjmp() calls to all plugin entry points just to be safe. [3fa482355bc4] * src/sudo.c, src/sudo.h: Don't need iolog variables in struct command_details, they are for the I/O log plugins to handle. [5111579ffd9d] 2010-12-27 Todd C. Miller * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Document use of mkdtemp() for iolog path teplates [5db6101408a9] * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: regen [1ee11fd6d4eb] * doc/sudo_plugin.pod, doc/sudoers.pod: Document iolog_file and supported escape sequences for sudoers. Clarify that iolog_file can contain directories. [da611dedcbdb] * compat/Makefile.in, configure, configure.in: Fix building of mkstemps/mkdtemp replacements. [793a5e303122] * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure, configure.in, include/missing.h: Provide mkdtemp() for systems without it. [b0527dfa965c] * plugins/sudoers/iolog_path.c: Fix typo [277f6c514cba] * plugins/sudoers/iolog.c: Only use mkdtemp() if the path ends in at least 6 Xs since otherwise glibc mkdtemp() returns EINVAL. [2e7323b05579] * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Allow sudoers to specify the iolog file in addition to the iolog dir. Add escape sequence support to iolog file and dir: sequence number, user, group, runas_user, runas_group, hostname and command in addition to any escape sequence recognized by strftime(3). [75cd32ee0435] * plugins/sudoers/iolog.c: Add missing sigsetjmp() call in I/O plugin open function. Fixes a crash when the I/O plugin calls error(), errorx() or log_error(). [1a6718bd817d] 2010-12-21 Todd C. Miller * doc/sudo_plugin.pod, plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: Give the policy module fine-grained control over what the I/O plugin logs. [d29784fd2a66] * common/term.c: Clear OPOST from c_oflag like we used to. Fixes screen-based editors such as vi. [506ad5ae9b4e] * doc/sudoers.pod: Clarify umask option description. From Reuben Thomas. [1294ac84222b] 2010-12-20 Todd C. Miller * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Pick last match in LDAP sudoers too [fbfd8e85703b] * doc/sudo_plugin.pod: Document iolog_file, iolog_dir and use_pty [26120a59c20e] * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: Adapt plugins to version I/O logging ABI 1.1 [880dd64bc1e8] * src/exec.c, src/sudo.h: Add use_pty command_info flag for policies to indicate that a pty should be allocated even if no I/O logging is performed. [e7b167f8a6e5] * src/sudo.c: Add remaining plugin convenience functions [ffeaf96da031] * include/sudo_plugin.h, src/sudo.c, src/sudo.h, src/sudo_plugin_int.h: Change I/O log API to pass in command info to the I/O log open function. Add iolog_file and iolog_dir parameters to command info. This allows the policy plugin to specify the I/O log pathname. Add convenience functions for calling plugin functions that handle ABI backwards compatibility. [9b81dce76ce5] * compat/dlopen.c: Remove useless cast [7cecce969739] 2010-12-17 Todd C. Miller * configure, configure.in: Bump version to 1.8.0b3 [1dc9f040aae0] 2010-12-13 Todd C. Miller * configure.in: Remove extraneous newline [71c94551eea5] 2010-12-10 Todd C. Miller * doc/sudoers.pod, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, plugins/sudoers/iolog.c: Make I/O log dir configurable. [99b576667a38] * aclocal.m4, configure, configure.in, doc/sudoers.pod: Rename io_logdir to iolog_dir [0731662acc8d] 2010-12-07 Todd C. Miller * pp: Add missing '*' that prevented the generic ELF case from matching. [be77ca26bfb2] * pp: If file(1) can't identify the ELF binary type, try readelf(1). [38a18d32a9e3] 2010-11-30 Todd C. Miller * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c, plugins/sudoers/env.c, plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, src/sudo.c: Use %u to print uid/gid, not %lu and adjust casts to match. [03c43b8749cf] * doc/sudoers.ldap.pod: Clarify ordering of entries and attributes. [924e2a6bb603] * doc/sudoers.ldap.pod: Fix typo and editing goof. [79dc7ccd85a8] * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudoers.ldap.pod: Merge in ordered LDAP entry support from Andreas Mueller. [ea5885989bad] * plugins/sudoers/ldap.c: Make sure we don't dereference a NULL handle. [1a9f9ee15371] 2010-11-24 Todd C. Miller * pp: Add support for RHEL 6 file modes that include a trailing dot on files with an SELinux security context [dc09be959547] 2010-11-23 Todd C. Miller * src/sudo.c: exec_setup() does not need to setuid(0), the Ubuntu issue was in the sudoers module. [d6dd99fc6062] * plugins/sudoers/sudoers.c: create_admin_success_flag() should use restore_perms() rather than set_perms() to restore the uid. [eba7a91c1f57] * src/sudo.c: In exec_setup() call setuid(0) to make certain the subsequent uid and gid changes will succeed. Fixes a problem on Ubuntu. [c5d32abf0645] * src/sudo_edit.c: Error out if we cannot change to root's uid so we catch the failure early. [7a2e7f8f2c80] 2010-11-22 Todd C. Miller * doc/sudoers.pod: fix typo; from Michael T Hunter [a574a9d0db5b] * plugins/sudoers/match.c: In sudoedit mode, assume command line arguments are paths and pass FNM_PATHNAME to fnmatch(). [ce0abff8ce9f] 2010-11-20 Todd C. Miller * configure, configure.in: Add workaround for an error in sys/types.h on HP-UX 11.23 when large file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the broken bits of the header file. [e337217f097a] * aclocal.m4: Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM [fbbcee28961f] * sudo.pp: For Tru64, strip off beta version. [eeccd762df5e] * MANIFEST, plugins/sudoers/testsudoers.c, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h: Avoid conflicts with system definitions in grp.h and pwd.h [b219ffe1da09] * zlib/gzguts.h: Include stdio.h after zlib.h, not before. We need the large file defines to come first. [21d6df39790f] 2010-11-19 Todd C. Miller * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: regen [3ff8750d0aac] * Makefile.in: Don't clean ChangeLog [ab0d30d289d4] * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: Add prototype for cleanup() [75626fd3769a] 2010-11-18 Todd C. Miller * plugins/sudoers/group_plugin.c: Avoid deferencing group_plugin if it is NULL in group_plugin_query(). This should not happen. [4f2933c8da7e] * plugins/sudoers/group_plugin.c: group plugin init function return TRUE when successful [198024477030] 2010-11-17 Todd C. Miller * plugins/sudoers/ldap.c: Enlarge the array of entry wrappers int blocks of 100 entries to save on allocation time. From Andreas Mueller [375c916bb03b] * plugins/sudoers/ldap.c: Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2() that was mistakenly dropped. [1555f5bc132d] 2010-11-16 Todd C. Miller * doc/TROUBLESHOOTING: Mention that sudo needs "ar" to build. [65582ace2d09] * configure, configure.in: Fail with a more useful error if "ar" is not found. [d1cb83719c17] 2010-11-14 Todd C. Miller * plugins/sudoers/ldap.c: Merge in ordered LDAP entry support from Andreas Mueller and add local changes from the 1.7 branch. [bca29e461618] 2010-11-12 Todd C. Miller * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Add timed entry support from Andreas Mueller. [e18d1df46a8d] * plugins/sudoers/group_plugin.c: Don't try to unload if group_plugin is NULL. Don't call dlclose() if group_handle is NULL [de2273da37d5] * plugins/sudoers/sudoers.h: It is now plugin_cleanup(), not cleanup() [da62a4e1a78c] * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c: Call plugin_cleanup(), not cleanup() [e800ad8b33ad] 2010-11-11 Todd C. Miller * plugins/sudoers/ldap.c: Use efree() not free() and remove malloc.h include since we never directly call malloc() or free(). [107fffd134bb] 2010-11-09 Todd C. Miller * sudo.pp: set PSTAMP for Solaris and move the backend-specific bits to their own %if [xxx] %endif blocks in %set. [a94ebe8920c1] * pp: sync with git repo [75ff509696b4] * configure, configure.in: Only substitute file zlib files when using the builtin zlib [6c8145b2deb4] * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: Give up on using VPATH to find sources as it is implemented inconsistenly in different versions of make. [60517c69aaee] * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c, plugins/sudoers/gram.c, plugins/sudoers/toke.c: Include config.h before any other includes to make sure we get the right value for _FILE_OFFSET_BITS. [8fb007ca832e] * MANIFEST: Add zlib [04a3e23dfaa9] * zlib/Makefile.in: Add missing targets [40e45a177168] * src/Makefile.in: g/c unused $(GENERATED) [c8758068c1bc] 2010-11-08 Todd C. Miller * plugins/sudoers/group_plugin.c: Zero out group_plugin on unload just to be safe. [0b10f4d101ca] * plugins/sudoers/group_plugin.c: Unload group plugin if its init function fails. [6552cdac4b7c] * src/sudo.c: Only chdir to cwd if it is different from the current cwd or there is a new root (chroot). [b8203e875e84] * configure, configure.in, doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in: Bump version to 1.8.0b2 [6dadeb75a878] 2010-10-28 Todd C. Miller * INSTALL: Better --enable-zlib description [e0da54fa59a6] * mkpkg: Use system zlib on Linux Let configure decide on Solaris For all others, use builtin zlib [3d52eddb523c] * zlib/zconf.h.in: Add large file support. [bec01215270d] * config.h.in: Add large file support. [244e95b034ec] * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod, zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c, zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c, zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h, zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h, zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in, zlib/zlib.h, zlib/zutil.c, zlib/zutil.h: Add local copy of zlib for systems that lack it. [7542ca465c5a] 2010-10-15 Todd C. Miller * src/exec.c: If perform_io() fails, kill the child before exiting so it doesn't complain about connection reset. We can get an I/O error if, for example, and we get EIO reading from stdin. [e59a05fa729f] 2010-10-12 Todd C. Miller * plugins/sudoers/sudoers.c, src/sudo.c: Fix complilation on systems with set_auth_parameters() Sprinkle volatile to quiet warnings from gcc 2.8.0 [a34c2b924ba7] * compat/dlfcn.h, compat/dlopen.c: Avoid potential namespace issues with dlopen() emulation. [aedfababd6ca] * MANIFEST: sync [6afb97e6d308] * plugins/sudoers/interfaces.c: Use INADDR_NONE instead of casting -1 to in_addr_t (which may not exist). [ddfca5af1a36] * Makefile.in: Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg [e9d04bfa4505] * configure, configure.in: HP-UX 10.20 libc has an incompatible getline [2e7bc202e78d] * plugins/sudoers/visudo.c: Quiet an HP-UX compiler warning. [55b9d587ac8c] * configure, configure.in: Check for vi even with --with-editor specified; the sample plugin needs it. [94dfc3643f76] 2010-10-11 Todd C. Miller * compat/dlopen.c: Fix remaining syntax errors. [9d729b5b577e] * src/Makefile.in: sudo binary depends on the libtool-generated libs [9e6148406adb] * plugins/sudoers/group_plugin.c, src/load_plugins.c: Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to include the local or system dlfcn.h [68cfe4c1089b] * pp: Don't use run_as_superuser=false on HP-UX [532242370b09] * src/net_ifs.c: Use memset() instead of zero_bytes() since we don't include sudoers.h [a187c18c2472] * plugins/sudoers/interfaces.c: Fix pasto; AF_INET not AF_INET6 [2d2e9d7dc6f9] * compat/dlopen.c: Actually call shl_load() [ed8153b8a3cd] * pp: Update from git repo. Debian: version numbers now compliant with policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX 10.20 [ecf2692bceeb] * configure, configure.in: Fix dlopen() detection for systems where dlopen() is in a separate library. [fa6b175582b6] * plugins/sudoers/auth/pam.c: If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more useful message and return AUTH_FATAL so sudo does not keep trying to validate the user. [1be8857e5291] * src/preload.c: sudo_preload_table is an array [b7704e72a9da] * compat/dlopen.c: Quiet a compiler warning and fix sudo_preload_table external definition. [8234987664cc] * compat/dlfcn.h: Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype. [8bab6a4053cc] * plugins/sudoers/group_plugin.c: Make this compile correctly when no dlopen is available. [57643879bd2b] 2010-10-07 Todd C. Miller * plugins/sudoers/check.c: Having a timestamp file defined is no longer indicative of tty tickets being enabled. Check def_tty_tickets directly. [efcc11ad157f] * src/exec_pty.c, src/sudo.h, src/ttysize.c: Fix TCGETWINSZ compat. [da3a8b17cf7a] 2010-10-02 Todd C. Miller * src/exec_pty.c, src/ttysize.c: Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE [926492dd10a6] 2010-10-01 Todd C. Miller * plugins/sudoers/sudoers.c, src/sudo.c: Move set_project() from sudoers module into sudo proper. [beabafac03b4] * configure, configure.in: Fix typo and regenerate [4a3caf4234f3] * plugins/sudoers/ldap.c: When iterating over returned LDAP entries, keep looking at remaining matches even if we have a positive match. This catches negative matches that may exist in other entries and more closely match the sudoers file behavior. [f47db6e609b0] * pp: Add support for multiple package instances on Solaris. [7f2a8b942545] * src/exec.c: Add missing signal_pipe[0] to fdsr for the non-pty case. [79d01e11b19c] * mkpkg: Add --with-project for Solaris [ffa4c2bb93f7] * README: Need ar and ranlib too [5c2f679172ef] 2010-09-27 Todd C. Miller * plugins/sudoers/env.c: Preserve ODMDIR environment variable by default on AIX. [bd47cb1e804f] 2010-09-26 Todd C. Miller * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c, config.h.in, configure, configure.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c, src/preload.c: Add dlopen() emulation for systems without it. For HP-UX 10, emulate using shl_load(). For others, link sudoers plugin statically and use a lookup table to emulate dlsym(). [e92edfb3c642] 2010-09-24 Todd C. Miller * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c, compat/nanosleep.c, compat/utimes.c: When including compat headers, use the compat dir as part of the path so we are sure to get the correct header. [6c2a45da6af5] 2010-09-21 Todd C. Miller * plugins/sudoers/linux_audit.c: Ignore ECONNREFUSED from audit_log_user_command() which will occur if auditd is not running. [d314fe4c8d03] 2010-09-17 Todd C. Miller * pp: Sync with git version [1c0357744222] 2010-09-16 Todd C. Miller * common/fileops.c, plugins/sudoers/defaults.c: Cast isblank argument to unsigned char. [c822dbb3ca54] 2010-09-14 Todd C. Miller * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c: Implement --with-umask-override configure flag. [863e3047df22] * plugins/sudoers/env.c: Take MODE_LOGIN_SHELL into account when initially setting reset_home instead of special-casing it later. [5d6b16480fd6] * plugins/sudoers/sudoers.c: In login mode, make a copy of the runas user's pw_shell for NewArgv[0] because 1) we modify it and 2) it will runas_pw gets freed before exec. [1d1ccb568dfa] * plugins/sudoers/env.c: Reset HOME for "sudo -i" even if HOME was listed in env_keep. [c1c1c65a2d63] * src/sudo.c: Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK. [7443454e5f88] * src/sudo.c: Reset signal mask at sudo startup time; we need to be able to rely on normal signal delivery to control the child process. [95800163ff94] 2010-09-13 Todd C. Miller * install-sh: Use sed instead of expr to split a flag from its argument. Fixes a problem with expr interpreting its arguments as a flag when they start with a dash. [736065e14301] * common/lbuf.c: Do not need sys/time.h after all [91f6f668ccda] * common/lbuf.c: Include sys/time.h for utimes() and struct timeval. No longer need ioctl.h or termios.h [2d75273d3213] * compat/snprintf.c: Quiet bogus compiler warnings. [fe252e1968f5] * include/missing.h: Declare innetgr() for HP-UX which is missing a declaration. Declare domainname() for HP-UX and Solaris which are missing a declaration. [b37c50751138] * plugins/sudoers/bsm_audit.c: Use __sun for consistency with the rest of the sources. [6b086b61ccb6] * plugins/sudoers/group_plugin.c: Quiet a bogus compiler warning. [ebc069842c4a] * plugins/sudoers/pwutil.c: Don't try to delref a NULL group. [f6ff0838be21] * common/alloc.c, common/lbuf.c: Include memory.h on systems that need it. [4e676da81c6f] 2010-09-11 Todd C. Miller * src/exec.c: Quiet gcc warnings on glibc systems that use warn_unused_result for write(2). [0532da0b7cf7] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: sudo_plugin is in section 8; from Ted Percival [b4506a0de87e] * plugins/sudoers/Makefile.in: testsudoers depends on libsudoers.la, not sudoreplay [cdb1cc3bf06a] 2010-09-10 Todd C. Miller * src/exec.c: Read as many signals on the signal pipe as we can before returning. [b181671da047] * src/exec.c, src/exec_pty.c, src/sudo_exec.h: Instead of using a array to store received signals, open a pipe and have the signal handler write the signal number to one end and select() on the other end. This makes it possible to handle signals similar to I/O without race conditions. [ee84d65c16b6] 2010-09-09 Todd C. Miller * doc/visudo.pod, plugins/sudoers/visudo.c: Make "visudo -c -f -" check the standard input. [195a3d2a9a26] * doc/sudoers.pod: set_home and always_set_home have an effect if HOME is present in the env_keep list. [159d0b9dc5c8] * plugins/sudoers/env.c: Make -H flag work when HOME is listed in env_keep. Also makes "set_home" and "always_set_home" override override HOME in env_keep. [a3e5b966193f] 2010-09-08 Todd C. Miller * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, plugins/sudoers/match.c, plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/net_ifs.c: Convert sudoers plugin to use interface list passed in settings. [87d9b5f4f586] * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c, src/parse_args.c, src/sudo.h: Query local network interfaces in the main sudo driver and pass to the plugin as "network_addrs" in the settings list. [7f35bcfe77a7] * plugins/sudoers/bsm_audit.c: Solaris BSM audit return EINVAL when auditing is not enabled, whereas OpenBSM returns ENOSYS. [411b980ec58b] 2010-09-07 Todd C. Miller * compat/fnmatch.c: missing.h should come before most local includes [53921a7b8b5b] * plugins/sudoers/sudoreplay.c: missing.h should come before most local includes [e9abb0db1aac] * plugins/sudoers/sudoers.h: Make local includes consistent; use double quotes for local includes except for generated ones where we use angle brackets. [09de4faa9547] * plugins/sudoers/sudoers.c: Always fill in NewArgv for audit code. [7c3aca60519f] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Add missing LOG_INPUT/LOG_OUTPUT support in the lexer. [007cf6560f92] * common/alloc.c, common/atobool.c, common/fileops.c, common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c, compat/getcwd.c, compat/getgrouplist.c, compat/getline.c, compat/getprogname.c, compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c, compat/nanosleep.c, compat/setenv.c, compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, compat/unsetenv.c, compat/utimes.c, include/compat.h, plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, plugins/sample_group/sample_group.c, plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, plugins/sudoers/linux_audit.c, plugins/sudoers/match.c, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c, src/ttysize.c: Make local includes consistent; use double quotes for local includes except for generated ones where we use angle brackets. Also g/c unused compat.h. [e57070dc8f04] 2010-09-06 Todd C. Miller * plugins/sudoers/match.c: When matching the runas user and runas group (-u and -g command line options), keep track of runas group and runas user matches separately. Only return a positive match if we have a match for both runas user and runas group (if specified). [815219e04cc8] 2010-09-04 Todd C. Miller * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Add support for multiple URI lines by joining the contents and passing the result to ldap_initialize. [a47cae3b72e8] * plugins/sudoers/ldap.c, plugins/sudoers/parse.c: Do not return -1 on error from the display functions; the caller expects a return value >= 0. [101456a7dd00] * plugins/sudoers/sudoers.c: Do not set both MODE_EDIT and MODE_RUN [8faa36694d54] 2010-09-03 Todd C. Miller * include/missing.h: Move includes to the top of the file. [a51436798e8c] 2010-08-30 Todd C. Miller * plugins/sudoers/Makefile.in: Add missing definition of timedir [458a749c2c5e] * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c, compat/mksiglist.c, compat/strsignal.c, plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c: Add #include of sys/types.h for .c files that include missing.h to be sure that size_t and ssize_t are defined. [08e3132dbf4f] * plugins/sudoers/Makefile.in: Install sudoers file from the build dir not hte src dir. [ca89e962dbf4] 2010-08-26 Todd C. Miller * plugins/sudoers/set_perms.c: If runas_pw changes, reset the stashed runas aux group vector. Otherwise, if runas_default is set in a per-command Defaults statement, the command runs with root's aux group vector (i.e. the one that was used when locating the command). [24f9107cedd2] * plugins/sudoers/Makefile.in: Add target to generate sudoers file Remove generated sudoers file as part of distclean [fb7422e90f03] 2010-08-24 Todd C. Miller * src/exec.c: When not logging I/O install a handler for SIGCONT and deliver it to the command upon resume. Fixes bugzilla #431 [495dce52a5aa] 2010-08-21 Todd C. Miller * plugins/sudoers/sudoers.h: g/c unused auth_pw extern definition [40eb7477ba17] * plugins/sudoers/check.c, plugins/sudoers/sudoers.c: Move get_auth() into check.c where it is actually used. [e31db0ce3a61] 2010-08-20 Todd C. Miller * common/lbuf.c: Convert a remaining puts() and putchar() to use the output function. [d69e363a506b] * plugins/sudoers/plugin_error.c: Plug memory leak [68895469ea8d] 2010-08-18 Todd C. Miller * plugins/sudoers/env.c: Set dupcheck to TRUE when setting new HOME value if !env_reset but always_set_home is true. Prevents a duplicate HOME in the environment (old value plus the new one) introduced in f421f8827340. [9ca19183794f] * configure, configure.in, plugins/sudoers/sudoers, plugins/sudoers/sudoers.in: Substitute sysconfdir in the installed sudoers file to get the correct path for sudoers.d. [86072b6cd55d] 2010-08-17 Todd C. Miller * src/get_pty.c: Fix typo that prevented compilation on Irix; Friedrich Haubensak [b48be51b65fc] 2010-08-16 Todd C. Miller * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, common/atobool.c, common/fileops.c, common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c, compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c, compat/getcwd.c, compat/getgrouplist.c, compat/getline.c, compat/getprogname.c, compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c, compat/nanosleep.c, compat/setenv.c, compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, compat/unsetenv.c, compat/utimes.c, include/compat.h, include/missing.h, plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, plugins/sudoers/boottime.c, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c, src/ttysize.c: Merge compat.h and missing.h into missing.h [572909ae9716] 2010-08-14 Todd C. Miller * plugins/sudoers/auth/pam.c: If the user hits ^C while a password is being read, error out before reading any further passwords in the pam conversation function. Otherwise, if multiple PAM auth methods are required, the user will have to hit ^C for each one. [23782631748c] 2010-08-12 Todd C. Miller * plugins/sudoers/check.c: Update comment [a5296cb3a20a] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document sudo_conv_t function and sudo_printf_t return values. [745c0017814c] * src/conversation.c: Make _sudo_printf return the number of characters printed on success like printf(3). [8eeefe8d7e77] 2010-08-10 Todd C. Miller * plugins/sudoers/sudoers.c: sudoers.h includes sudo_plugin.h for us [cabe68e07807] * common/Makefile.in, common/gettime.c, compat/mkstemps.c, plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h, src/sudo_edit.c: Use gettimeofday() directly instead of via the gettime() wrapper. [7490426c99ae] * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c, compat/strerror.c, config.h.in, configure, configure.in, include/compat.h, include/missing.h, plugins/sudoers/logging.c, plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c: Remove some obsolete configure tests, ancient Unix systems are no longer supported. [2be6218c3a36] 2010-08-07 Todd C. Miller * sudo.pp: Set pp_kit_version and strip off patch level [aacfda1b676d] * sudo.pp: Better handling of versions with a patchlevel. For rpm and deb, use the patchlevel+1 as the release. For AIX, use the patchlevel as the 4th version number. For the rest, just leave the patchlevel in the version string. [638bd35f2346] 2010-08-06 Todd C. Miller * plugins/sudoers/auth/sudo_auth.c: For non-standalone auth methods, stop reading the password if the user enters ^C at the prompt. [82c2911bb264] * configure, configure.in, plugins/sudoers/Makefile.in, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/pwutil.c: No need to look up shadow password unless we are doing password- style authentication. This moves the shadow password lookup to the auth functions that need it. [ba9e3eba2b72] * plugins/sudoers/sudoers.c: Retain final passwd/group refs until the policy close() function. Note that this doesn't get called in all cases so putting this in a cleanup function is probably better. [bbe214cb4119] * plugins/sudoers/check.c: Fix mismerge [395115f89dd6] * plugins/sudoers/check.c: When removing/resetting the timestamp file ignore the tty ticket contents. [b709f5667a0b] * plugins/sudoers/sudoers.c: delref sudo_user.pw, runas_pw and runas_gr immediately before we return. [4d67d15dfd3b] 2010-08-04 Todd C. Miller * plugins/sudoers/check.c, plugins/sudoers/ldap.c, plugins/sudoers/match.c, plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Reference count cached passwd and group structs. The cache holds one reference itself and another is added by sudo_getgr{gid,nam} and sudo_getpw{uid,nam}. The final ref on the runas and user passwd and group structs are persistent for now. [e544685523c3] * doc/UPGRADE: fix typo [e32f2d35e6c9] 2010-08-03 Todd C. Miller * plugins/sudoers/check.c: Do not produce a warning for "sudo -k" if the ticket file does not exist. [1598f6061b75] * plugins/sudoers/pwutil.c: Instead of caching struct passwd and struct group in the red-black tree, store a struct cache_item which includes both the key and datum. This allows us to user the actual name that was looked up as the key instead of the contents of struct passwd or struct group. This matters because the name in the database may not match what we looked up, due either to case folding or truncation (historically at 8 characters). Also mark the disabled calls to sudo_freepwcache() and sudo_freegrcache() as broken since we use cached data for things like set_perms() and the logging functions. Fixing this would require making a copy of the structs for user and runas or adding a reference count (better). [225d4a22f60e] * plugins/sudoers/Makefile.in: Fix path to mkinstalldirs [b4968379b12d] * plugins/sudoers/check.c, plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec_pty.c, src/get_pty.c, src/tgetpass.c: Quiet gcc warnings on glibc systems that use warn_unused_result for write(2) and others. [c99f138960e0] 2010-08-02 Todd C. Miller * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Add %option noinput [72b9cd49b4f1] * aclocal.m4, configure, configure.in: Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when cross-compiling. [e385c176d0ee] 2010-07-31 Todd C. Miller * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in: Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT and AC_CHECK_SIZEOF([long int]) instead of rolling our own. [cf3e60d9c440] 2010-07-29 Todd C. Miller * pp: Update to latest version [32f93be33961] 2010-07-28 Todd C. Miller * sudo.pp: Let pp determine pp_aix_version itself. [7cf0245d84ed] * INSTALL, config.h.in, configure, configure.in, mkpkg, plugins/sudoers/sudoers.c: Add support for Ubuntu admin flag file and enable it when building Ubuntu packages. [00e27cff2dfb] * plugins/sudoers/sudoers, sudo.pp: Add commented out SuSE-like targetpw settings [4605d47b7413] * configure, configure.in: Only try to use +DAportable for non-GCC on hppa [75d0f284ccf7] * configure, configure.in: Prevent configure from adding the -g flag unless in devel mode [b1fd3f8d45c0] 2010-07-27 Todd C. Miller * sudo.pp: Go back to sudo-flavor to match existing packages and only use an underscore for those that need it. [d737069d1e1c] * sudo.pp: Use sudo_$flavor instead of sudo-$flavor since that causes the least amount of trouble for the various package managers. [71f547af35fc] * mkpkg: Fix handling of the ldap flavor Remove destdir unless --debug was specified Make distclean before running configure if there is a Makefile present [6316f08de7d3] * sudo.pp: Add back include file. [195627bf68b8] * mkpkg: Pass extra args on to configure on HP-UX, if we don't have the HP C compiler, disable zlib to prevent gcc from finding it in /usr/local/lib. [473efa0e2bac] * mkpkg: Use the HP ANSI C compiler on HP-UX if possible [fb249b6b175d] * plugins/sudoers/sudoreplay.c: Some getline() implementations (FreeBSD 8.0) do not ignore the length pointer when the line pointer is NULL as they should. [2410a1a3543c] * plugins/sudoers/sudoreplay.c: Don't need to check for *cp being non-zero, isdigit() will do that. [7df11ea8a487] * plugins/sudoers/sudoreplay.c: Add setlocale() so the command line arguments that use floating point work in different locales. Since sudo now logs the timing data in the C locale we must Parse the seconds in the timing file manually instead of using strtod(). Furthermore, sudo 1.7.3 logged the number of seconds with the user's locale so if the decimal point is not '.' try using the locale-specific version. [4d385765f23b] * src/exec.c: Do I/O logging in the C locale so the floating point numbers in the timing file are not locale-dependent. [5961cec044ec] * plugins/sudoers/sudoreplay.c: Use errorx() not error() for thingsthat don't set errno. [0fe5e692af84] 2010-07-26 Todd C. Miller * pp: Better support for 1.2.3 style versions in Tru64 kits [997c549bb777] * sudo.pp: Add Tru64 kit support [e273a954f981] * pp: Remove apparently unnecessary use of sudo [be8840d85125] * Makefile.in, plugins/sudoers/Makefile.in: Create timedir as part of install-dirs target. [c736bc2fb14f] * src/exec_pty.c: Handle ENXIO from read/write which can occur when reading/writing a pty that has gone away. [fa2e8059879f] * plugins/sudoers/pwutil.c: sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL [3a045475d5ee] * mkpkg: platform is a pp flag not a variable [12eba39a47c1] * Makefile.in, mkpkg, sudo.pp: Add simple arg parsing for mkpkg so we can set debug, flavor or platform. [ada839fe252d] * pp: Make rpm backend work on AIX 5.x [549a76d11393] 2010-07-25 Todd C. Miller * plugins/sudoers/sudoers: Add commented out Defaults entry for log_output [7e67d7588900] 2010-07-23 Todd C. Miller * doc/Makefile.in: Remove sudo docdir completely [dce8e82878ef] * doc/sample.sudo.conf: Add sample sudo.conf [aafdba3fc411] 2010-07-22 Todd C. Miller * plugins/sudoers/Makefile.in: Add PACKAGE_TARNAME for docdir [930c92b8f8f0] 2010-07-23 Todd C. Miller * src/Makefile.in: Pass install-sh -b~ here too. [c3f5eb446c38] * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Install binary files with -b~ to make a backup. Fixes "text file busy" error on HP-UX during install. [81f306f54f8c] * install-sh: "mv -f" on HP-UX doesn't unlink the destination first so add an explicit rm before moving the temporary into place. [fb719a79582d] * configure, configure.in: Some more ${foo} -> $(foo) conversion for consistent Makefiles. [0aa098770074] * doc/Makefile.in, plugins/sudoers/Makefile.in: Install sudoers2ldif in the doc dir [33ac3b53d7f5] 2010-07-22 Todd C. Miller * pathnames.h.in: Add missing include of maillock.h for Solaris [5a58883be23a] * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE, doc/sample.syslog.conf, doc/sudoers.cat: Change the default syslog facility from local2 to authpriv (or auth if the operating system doesn't support authpriv). [3b70ba514f49] * Makefile.in, sudo.pp: Install sudoers as /etc/sudoers on RPM and debian systems where the package manager will not replace a user-modified configuration file. This fixes upgrades from the vendor sudo packages. [d886b6d60b5b] * pp: RPM: use %config(noreplace) instead of %config for volatile This results in the new file being installed with a .rpmnew suffix instead of the file being replaced and the old one renamed with a .rpmsave suffix. [58be2119f8e8] 2010-07-21 Todd C. Miller * compat/mkstemps.c, plugins/sudoers/boottime.c: Include time.h for struct timeval [ddf8b04f0276] * src/exec_pty.c: The return value of strsignal() may be const and should be treated as const regardless. [620074ae1e77] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Mention that 127.0.0.1 will not match, nor will localhost unless that is the actual host name. [8b574122eb8f] * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE: Rename WHATSNEW -> NEWS [d1a2c8c47d89] * pp: Updated pp with latest patches [98e16b9b8f62] * WHATSNEW: Sync with 1.7.4 [65ac4dafeef7] * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/sudoers: Add commented out line to add HOME to env_keep and add a warning to the note about the HOME change in UPGRADE. [0d6a775bb6c8] 2010-07-20 Todd C. Miller * plugins/sudoers/sudoreplay.c: Add LINE_MAX define for those without it. [446d9dbe7859] * INSTALL, WHATSNEW, config.h.in, configure, configure.in, doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c: The tty_tickets option is now on by default. [a01c48206d80] * WHATSNEW: Mention that AIX authdb support has been fixed. [87bd7f4eba6a] * common/aix.c: setauthdb() only sets the "old" registry if it was set by a previous call to setauthdb(). To restore the original value, passing NULL (or an empty string) to setauthdb() is sufficient. [470da190a254] 2010-07-19 Todd C. Miller * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/env.c: Reset HOME when env_reset is enabled unless it is in env_keep [f421f8827340] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: The default for set_logname has been "true" for some time now. [f489da5674c3] * plugins/sudoers/boottime.c: Add missing include of time.h [624d7014932f] * plugins/sudoers/logging.c: Fix check for dup2() return value. [140ea2d50d20] * plugins/sudoers/env.c: Add PYTHONUSERBASE to initial_badenv_table [3149aae5b12c] * plugins/sudoers/visudo.c: Treat an unknown defaults entry as a parse error. [b3ebad73efb2] * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: Check return value of setdefs() but don't stop setting defaults if we hit an unknown one. [945e752239ab] * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in, plugins/sudoers/env.c: If env_reset is enabled, set the MAIL environment variable based on the target user unless MAIL is explicitly preserved in sudoers. [a1b03e2e0e96] 2010-07-17 Todd C. Miller * pp: decode debian code names [8741280d9960] * WHATSNEW: fix typo [a8a19451110b] 2010-07-16 Todd C. Miller * WHATSNEW: Merge with 1.7.4 [9348fa7e15b8] * src/sudo.c: Restore RLIMIT_NPROC after the uid switch if it appears that runas_setup() did not do it for us. Fixes a bash script problem on SuSE with RLIMIT_NPROC set to RLIM_INFINITY. [786fb272e5fd] 2010-07-15 Todd C. Miller * mkpkg, pp, sudo.pp: Restore the dot removal in the os version reported by polypkg. Adapt mkpkg and sudo.pp to the change. [dcafdd53b88f] 2010-07-16 Todd C. Miller * INSTALL: document --with-pam-login [ea93e4c6873c] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: The tag is NOSETENV, not UNSETENV. From Petr Uzel. [2ac90d8de36e] 2010-07-15 Todd C. Miller * sudo.pp: Include flavor in solaris package name [e605f6364c9f] * mkpkg: Older shells don't support IFS= so set explictly to space, tab, newline. [7773960bc8a0] * mkpkg: Use '=' not '==' in test [c99d42bc48e6] * mkpkg: Fix typo that prevented debian from matching [84421078fcb7] * mkpkg: Add missing prefix setting for debian [6466f23de4aa] * sudo.pp: Use tab indents to reduce the chance of problem with <<- Fix the debian %set section, pp does not set pp_deb_distro Uncomment %sudo line in sudoers for debian Uncomment some env_keep lines for RHEL, SLES and debian to more closely match the vendor sudoers files. Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on debian for ldap flavor [c5b49feb1a0c] * plugins/sudoers/sudoers: Add commented out env_keep entries, sample Aliases and a %sudo line for debian. [387719e52d0f] * configure, configure.in: Move zlib check later on in the script to avoid a strange shell problem on SLES11. [1a3153bb1291] * configure.in: Remove check for egrep; configure has its own [a3b9d98cb5d2] 2010-07-14 Todd C. Miller * mkpkg: Enable zlib for linux distros [8fa51a1405a4] * mkpkg: Add ldap flavor to default build [97644f5a555f] * mkpkg, sudo.pp: Simplify rpm linux distro settings [b9dcf10cdf20] * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat: Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo. [2c549c1acde9] * Makefile.in: Fix ChangeLog creation from build dir [3d0c7904f173] * plugins/sudoers/sudoers.c: Handle getcwd() failure. [aef7bef87394] * doc/Makefile.in, mkpkg, sudo.pp: Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR environment variable. [be6ed611b7a8] * sudo.pp: Create sudo group on debian [6ed6c032042e] * mkpkg, sudo.pp: Add debian 4/5/6 and use the dot when doing version matches [6bcb664d1f4f] * aclocal.m4, configure: Use a loop when searching for mv, sendmail and sh [d5e9369f8d13] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Remove spurious "and"; from debian [a21e6f7c5b99] * aclocal.m4, configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod: Substitute the value of EDITOR into the sudoers and visudo manuals. [cd79e587dd7f] 2010-07-13 Todd C. Miller * mkpkg, pp, sudo.pp: Initial support for debian 4.0 [ac6707915fa8] * mkpkg: Some platforms need -fPIE instead of -fpie [fd6be19e5bc2] * plugins/sudoers/auth/pam.c: Only set PAM_RHOST for Solaris, where it is needed to avoid a bug. On Linux it causes a DNS lookup via libaudit. [1e10105ade5b] * MANIFEST: Update MANIFEST to match packaging changes [ef86ee557b5b] * sudo.psf: We now use pp to generate HP-UX packages [f7aa8da7844e] * INSTALL.binary, plugins/sudoers/Makefile.binary.in: Remove vestiges of old binary package bits. [afffd005452f] * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: install-man -> install-doc [99b5fa05567c] * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg, plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp: Use http://rc.quest.com/topics/polypkg/ for packaging [5ca8eb75b223] * install-sh: Just ignore the -c option, it is the default Add support for -d option [a8b6b0a131e8] 2010-07-12 Todd C. Miller * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c: Use _PATH_STDPATH instead of _PATH_DEFPATH [137fa911908e] * plugins/sudoers/Makefile.in, src/Makefile.in: Do not strip binaries. [20166e287176] * INSTALL, configure, configure.in: Add --insults=disabled configure option to allow people to build in insult support but have the insults disabled unless explicitly enabled in sudoers. [523b8c552e90] * compat/mkstemps.c: Add prototype for gettime() [275eee40473b] * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c, plugins/sudoers/env.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Add support for a sudo-i pam.d file to be used for "sudo -i". Adapted from a RedHat patch. [06d34f16520b] 2010-07-09 Todd C. Miller * include/missing.h: Fix mkstemps() prototype [2421841e815b] * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c, config.h.in, configure, configure.in, include/missing.h, src/sudo_edit.c: Use mkstemps() instead of mkstemp() in sudoedit. This allows sudoedit to preserve the file extension (if any) which may be used by the editor (like emacs) to choose the editing mode. [d33172d2c086] 2010-07-08 Todd C. Miller * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you should avoid disabling TLS_CHECKPEER is possible. [196622436212] 2010-07-07 Todd C. Miller * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Make sudo_plugin format a bit more like a man page [048d596e32da] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Add suport for negated user/host/command lists in a Defaults entry. E.g. Defaults:!baduser noexec [d41112cf0342] * Makefile.in, common/Makefile.in, compat/Makefile.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Add uninstall target [fea66ebf136a] * common/Makefile.in, compat/Makefile.in: Remove unused AR, SED and RANLIB variables [2ff9928bfdb3] * Makefile.in: Do not install sample plugins [5443b87bd1c3] 2010-07-06 Todd C. Miller * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure, configure.in, plugins/sudoers/env.c: Now that sudoers is a dynamically loaded module we cannot override the libc environment functions because the symbols may already have been resolved via libc. Remove getenv/putenv/setenv/unsetenv replacements from sudoers and add replacements for setenv/unsetenv for systems that lack them. [3f2b43cb8851] * configure, configure.in, plugins/sudoers/Makefile.in: Link testsudoers with -ldl when needed [f79606f9fcd7] * plugins/sample_group/plugin_test.c: Remove unused time.h and add limits.h for PATH_MAX [3f5d0074d621] * doc/sudoers.ldap.pod: Fix typo. [bc855fd57397] 2010-07-05 Todd C. Miller * plugins/sample_group/plugin_test.c: Do not depend on strlcpy/strlcat [6e7e2b5af051] * plugins/sample_group/plugin_test.c: Standalone test driver for sudoers group plugin. [eb1235fc3b8e] 2010-07-02 Todd C. Miller * plugins/sudoers/group_plugin.c, src/load_plugins.c: Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging aid. [2a34e616229b] * plugins/sample_group/sample_group.c: Fix style nit in function declarations [ab87c7c76bf9] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Document group_plugin syntax. [ed1faf72ddcb] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document the sudoers group plugin. [f19a62dc8cfc] * INSTALL, MANIFEST, Makefile.in, config.h.in, configure, configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h, plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c, plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c, plugins/sudoers/match.c, plugins/sudoers/nonunix.h, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c: Replace built-in non-unix group support with a sudoers group plugin. Include a sample plugin that can read Unix-format group files. [8fc58ce0b1a8] * configure, configure.in, src/load_plugins.c: Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage. [5c491dddb8ef] 2010-07-01 Todd C. Miller * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Move sudoers-specific bits out of sudo(8) and into sudoers(5) [e8a5a5830cfe] * aclocal.m4, configure, configure.in: Substitute @io_logdir@ for the sudoers I/O log directory. [21a75ca7b0ab] 2010-06-29 Todd C. Miller * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, common/atobool.c, common/fileops.c, common/fmt_string.c, common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c, compat/getgrouplist.c, compat/getline.c, compat/glob.c, compat/snprintf.c, config.h.in, configure, configure.in, include/fileops.h, plugins/sample/sample_plugin.c, plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, plugins/sudoers/match.c, plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c, src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c: Set usrinfo for AIX Set adminstrative domain for the process when looking up user's password or group info and when preparing for execve(). Include strings.h even if string.h exists since they may define different things. Fixes warnings on AIX and others. [cf8b93e872c9] * Makefile.in: Add a separate all target for AIX make which was using the entire LHS (not just the first entry) of the first target as the implicit target. [a45b980a01ef] * plugins/sudoers/env.c: Do not rely on env.env_len when unsetting a variable, just use the NULL terminator. [ca6eb239c829] * plugins/sudoers/env.c: In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008 [7046ba7caa4e] 2010-06-25 Todd C. Miller * plugins/sudoers/vasgroups.c: Use warningx() instead of log_error() since the latter is not available to visudo or testsudoers. This does mean that they don't end up in syslog. [152b7c50f426] * plugins/sudoers/sudoers.c: Defer call to sudo_nonunix_groupcheck_cleanup() until after we have closed the sudoers sources. From Quest sudo. [c1cd573bab94] * plugins/sudoers/pwutil.c: Ignore case when matching user/group names in the cache. From Quest sudo. [2aa4ecc7d7f5] 2010-06-24 Todd C. Miller * config.h.in, configure, configure.in, src/selinux.c: Add check for setkeycreatecon() when --with-selinux is specified. [affae247b4e0] * configure, configure.in: Error out if libaudit.h is missing or ununable when --with-linux- audit was specified [d82e743fac04] * doc/HISTORY, doc/history.pod: Add =head3 entries, mostly for the html version [ee93112d0308] 2010-06-22 Todd C. Miller * doc/HISTORY, doc/history.pod: Mention when LDAP was incorporate. [2923dc17f79c] 2010-06-21 Todd C. Miller * configure, configure.in: Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is not covered by _ALL_SOURCE. [c92fd69809d0] 2010-06-18 Todd C. Miller * plugins/sudoers/iolog.c: Add a cast to quiet a compiler warning. [a200e07ee1bc] * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: Quiet a compiler warning. [c9acfc927cea] * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: Call set_fqdn() after sudoers has parsed instead of inline as a callback. [5f4e5d075f2d] * WHATSNEW, plugins/sudoers/sudoers.c: Do not call set_fqdn() until sudoers parses (where is gets run as a callback). [09040fca6d40] * WHATSNEW: mention the change in tty ticket behavior when there is no tty [575a1fd98f05] * plugins/sudoers/check.c: Do not update tty ticket if there is no tty. [63f9c33ce6a7] * doc/LICENSE, doc/license.pod: Update copyright year [0722ab5d404b] * doc/Makefile.in: Do not rely on BSD make's $> [936a86398bd9] * configure, configure.in: Set timedir to /var/db/sudo for darwin to match Apple sudo's location [d5b9b03096f1] 2010-06-16 Todd C. Miller * plugins/sudoers/sudoers.h: Add stub declarations for struct stat and struct timeval [f6d90551a4fd] * MANIFEST: Remove compat/sigaction.c [d0ed6d9a770e] * config.h.in, configure, configure.in, plugins/sudoers/defaults.c, plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c: Check for zlib.h in addition to libz. [6e191b4a6065] * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h: Move functions and symbols shared between exec.c and exec_pty.c into sudo_exec.h. [14ae63403544] * doc/Makefile.in: Comment out rules to build .man.in and .cat files unless --with- devel [3cf7e5606a85] * doc/Makefile.in: Comment out rules to build .man.in and .cat files unless --with- devel [d30495b0e29e] * src/parse_args.c: Quote any non-alphanumeric characters other than '_' or '-' when passing a command to be run via the shell for the -s and -i options. [d633f74fe2d9] * doc/Makefile.in: Add back .man suffix [6e63b60a2739] * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in, plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c, plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h, src/selinux.c: Add Linux audit support. [5a2f445e0bd4] 2010-06-15 Todd C. Miller * plugins/sudoers/iolog.c: Remove an XXX [a170cbe651d1] * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, plugins/sudoers/sudoreplay.c: Add -f (filter) option to sudoreplay to allow certain streams to be replayed and others ignored. [62e51b432ea1] * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h, src/tgetpass.c: Fix -A flag when askpass is specified in sudo.conf or if sudo doesn't need to read a password. [2e401e4a00e3] * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c: Clean up some XXXs [689f0b002d3d] * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Add support for multiple sudoers_base entries in ldap.conf. From Joachim Henke [e3e4a3c2bd5b] * config.h.in, configure, configure.in, plugins/sudoers/logging.c, src/exec_pty.c: remove setsid check, we require a POSIX system [cc73cb9e22c0] * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/tgetpass.c: Check for dup2() failure. [5d46d66794f5] * config.h.in, configure, configure.in: Remove dup2() check, it is not optional. [5f1d56de4384] 2010-06-14 Todd C. Miller * WHATSNEW: sync with sudo 1.7.3 [88e5c0bd6d59] * INSTALL: SunOS does not ship with an ANSI compiler [f13c85c67069] * INSTALL: Update OS specific notes. Delete some really ancient ones and move older ones to the end of the list. [59ce592c4c52] * README: Sudo can be downloaded from the web site too Mention "OS dependent notes" section in INSTALL [191871538984] * src/exec_pty.c, src/selinux.c: Call selinux_restore_tty() as part of cleanup() so it gets called from error()/errorx() [bb017da6b6da] * MANIFEST, doc/PORTING: Remove obsolete porting guide [321e35591344] * plugins/sudoers/interfaces.h, plugins/sudoers/match.c: Move union sudo_in_addr_un into interfaces.h [b2c8b19ee094] * doc/Makefile.in: Remove useless circular dependencies [5682181b59cf] * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c: Convert to ANSI C function declarations [a4f76927d034] * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c, common/zero_bytes.c, compat/charclass.h, compat/closefrom.c, compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c, compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c, compat/strlcpy.c, compat/timespec.h, compat/utime.h, compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod, include/alloc.h, include/error.h, include/lbuf.h, include/list.h, include/missing.h, pathnames.h.in, plugins/sudoers/alias.c, plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/match.c, plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c, plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c, plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c, src/conversation.c, src/error.c, src/load_plugins.c, src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c, src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c: Update copyright year [26ac7991f7d8] * doc/Makefile.in: Fix commented DEVDOCS when not in devel mode. [e0a97eaf3793] * plugins/sudoers/match.c: Quiet a compiler warning. [b2a17ebd5d38] * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: Quiet a compiler warning. [687843bc593d] * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h: Make all functions in ldap.c static [b2111e89eeba] * doc/schema.ActiveDirectory: Updates from Alain Roy to provide better examples for importing the schema and to fix problems caused by Windows validating attributes which have not yet been added before committing the changes. [69f4c5ccaf89] 2010-06-11 Todd C. Miller * configure, configure.in, doc/Makefile.in, doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: Leave rules to build .man.in and .cat files uncommented but only make them part of the "all" rule in devel mode. Generate .cat files directly from .man.in instead of .man using default values in configure.in [c3054a44f6a5] * configure, configure.in: Bump sudo version to 1.8.0b1 [8f79c85135e1] * configure, configure.in, src/sudo.c, src/sudo_usage.h.in: Print configure args with verbose version information. [1ce690660ed2] * TODO, plugins/sudoers/visudo.c: Remove tfd from struct sudoersfile; it is not used. Add prev pointer to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE. Use tq_append to append sudoers entries to the tail queue. [1743f9a286e4] 2010-06-10 Todd C. Miller * WHATSNEW: Describe tty timestamp improvements [e214e863a313] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: A comment character may not be part of a command line argument unless it is quoted with a backslash. Fixes parsing of: testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441 [ea2e990f85ed] * doc/sudoers.pod: Make this read a little bit better when passwd_timeout is 0. [39d362757f31] * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod: Attempt to handle a default password prompt timeout of zero more gracefully. [ea47d43acf5b] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Do not override value of keepopen global, instead restore it to the value we pushed onto the stack when popping. [fe282e5a3402] * plugins/sudoers/Makefile.in: Add dependency for utility programs on libreplace and libcommon [2339aba64928] * compat/sigaction.c, config.h.in, configure.in, include/compat.h, plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c, src/exec.c, src/exec_pty.c, src/tgetpass.c: Remove sigaction emulation Use SA_INTERRUPT in sa_flags [7dd61f1bd8d2] * MANIFEST, config.h.in, configure, configure.in, include/missing.h: We don't use getgrouplist() at the moment so there's no need to provide a compat version. [1597536fbada] * TODO: sync with reality [9e1a874e7885] * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c, src/conversation.c, src/sudo.h, src/tgetpass.c: Fix visiblepw sudoers option; the plugin API portion still needs documenting [60b6933ef5e0] * src/sudo.c: Print sudo version as well. [987ed459b459] * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: Use sudo_printf for I/O log version Clarify policy plugin version string [5a58b7e8c80b] * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c: Silence some compiler warnings [afb1eba90915] * src/load_plugins.c, src/tgetpass.c: Store askpass path in a global instead of uses setenv() which many systems lack. [b440bcc0e660] 2010-06-09 Todd C. Miller * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, plugins/sudoers/check.c, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c, src/tgetpass.c: Move askpass path specification from sudoers to sudo.conf. [5507ab867c26] * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h: Use a flag bit in struct command_details for selinux instead of a separate field. [c59ca4acded9] * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h: Implement background mode. If I/O logging we use pipes instead of a pty. [c07a4b356cbd] * compat/mksiglist.c, compat/strsignal.c, include/compat.h, src/exec.c, src/exec_pty.c, src/tgetpass.c: Move compat definition of NSIG to compat.h [ab0385467f25] * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Mention plugins in the sudo manual and add some missing path substitution in the sudo_plugin manual. [570f831f47a3] * src/Makefile.in: Set _PATH_SUDO_CONF based on $(sysconfdir) [fde51869cf07] * common/lbuf.c, common/term.c, config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c, src/ttysize.c: Require POSIX termios to build sudo [9ec6b41f3f95] * src/tgetpass.c: Ignore SIGPIPE for "sudo -S" [7ad27fde0c06] * src/tgetpass.c: Fix uninitialized variable in TGP_ECHO case and print a newline if the user interrupted password input. [ce19204d8dd4] * src/tgetpass.c: Make TGP_ECHO override TGP_MASK and don't try to restore the terminal if we didn't modify it. [a7e11abfe7e4] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c, src/conversation.c, src/sudo.h, src/tgetpass.c: Add SUDO_CONV_PROMPT_MASK define which corresponds to the "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is set. [e0550590cabe] * src/exec_pty.c: Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl [762448182fe3] 2010-06-08 Todd C. Miller * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h: Add selinux_enabled flag into struct command_details and set it in command_info_to_details(). Return an error from selinux_setup() instead of exiting. Call selinux_setup() from exec_setup(). [011bea23a5a0] 2010-06-09 Todd C. Miller * src/exec_pty.c: Remove commented out copy of old sudo_execve() function. [9c5e21380472] 2010-06-08 Todd C. Miller * plugins/sudoers/sudoers.c: Fix setting selinux type on command line. [814b20a0b3be] * plugins/sudoers/iolog.c: In sudoers_io_close(), skip NULL io_fds[] elements. [4011ff7d4daf] * include/compat.h: No longer need NGROUPS_MAX define [cae4c49d7077] * compat/nanosleep.c, config.h.in, configure, configure.in, include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c, plugins/sudoers/visudo.c, src/sudo_edit.c: Replace timerfoo macros with timevalfoo since the timer macros are known to be busted on some systems. [4f97d79f2d41] * src/exec_pty.c: Remove duplicate call to selinux_setup(). [82bd52764e21] * plugins/sudoers/auth/pam.c: If pam_open_session() fails, pass its status to pam_end. [1d8de4cf8ff3] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: If a file in a #includedir has improper permissions or owner just skip it. This prevents packages that incorrectly install a file into /etc/sudoers.d from breaking sudo so easily. Syntax errors in #includedir files still result in a parse error (for now). [ade99a4549a4] * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/iolog.c: Add use_pty sudoers option to force use of a pty even when not logging I/O. [b280a8972a79] * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: Make env_init() void as it never fails. [d3890e55daa7] * plugins/sudoers/env.c: No longer use _NSGetEnviron so don't need crt_externs.h [9b4e0e139881] * plugins/sudoers/env.c: Remove unused VNULL define [a42cacb263e3] 2010-06-07 Todd C. Miller * plugins/sudoers/iolog.c: Add #define for maximum session id [9e18c17a28c2] * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h: Split exec.c into exec.c and exec_pty.c [d52376327332] * MANIFEST: Sync with source file moves. [4a62c6c9e846] * src/Makefile.in, src/get_pty.c, src/pty.c: Rename pty.c -> get_pty.c [5696a12bd29b] 2010-06-06 Todd C. Miller * plugins/sudoers/iolog.c: Only use I/O input log file if def_log_input is set and output file if def_log_output is set. [d866992f1681] 2010-06-04 Todd C. Miller * compat/strsignal.c: Update copyright year [a96f2593fd4e] * src/pty.c: uid -> ttyuid [c3454d74ebcb] * plugins/sudoers/sudoers.c: For sudoedit, make a local copy of editor string si become part of argv. If no editor environment variable, split def_editor on ':' since it may be a colon-delimited path. [2ee298506a6e] * src/sudo_edit.c: Remove unneeded endpwent()/endgrent() [623f6743d101] * doc/Makefile.in: Use value of nroff from configure [b2ce649125ab] * src/exec.c: Add missing const to I/O log action function [d764a3955e04] * plugins/sudoers/check.c: Update copyright year and fix whitespace [e648c35b16be] * configure, configure.in: Fix typo [8e0bdfc47da4] * plugins/sudoers/iolog.c: Remove redundant tty signal blocking in log function. [f17f575dabd4] 2010-06-03 Todd C. Miller * plugins/sudoers/iolog.c: Place static keyword where it belongs [b01aec7c86b4] * plugins/sudoers/logging.c: Always use a printf format string for send_mail() [13b1ada644c9] * common/atobool.c, plugins/sudoers/ldap.c: Extend atobool() so we can use it in the LDAP code. [73f8e6807044] * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: Sudo now stashes tty ctime for tty_tickets on Solaris too. [e82df13ad3fd] * plugins/sudoers/boottime.c: Fix dummy version of get_boottime() [01d69c06013b] 2010-06-02 Todd C. Miller * plugins/sudoers/check.c: Enable tty_is_devpts() support for Solaris with the "devices" filesystem. [237c6b25fa84] * src/exec.c: Unbreak the non-io logging case. [4822b9f709fb] * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h: Fix symbol name conflict with sudo_printf. [0d44eab0a8f6] * plugins/sudoers/auth/pam.c: Fix OpenPAM detection for newer versions. [1b2abed232d8] * plugins/sudoers/vasgroups.c: Sync with Quest sudo git repo [f1d98b3cba02] * aclocal.m4, configure, configure.in: HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check Add missing template for ENV_DEBUG Adapted from Quest sudo [695dbd7b28f4] * README.LDAP: Fix typos; from Quest Sudo [4eba9da33b8e] 2010-06-01 Todd C. Miller * plugins/sudoers/Makefile.in: Add back -I$(top_srcdir); we need it for including compat/foo.h since we cannot rely on "foo.h" being found relative to the source file when the cwd is different. [bbf24695f325] * src/exec.c: Fix a bug where we could treat EAGAIN as a permanent error. Also set cstat if perform_io() returns an error. [200475c4326f] * common/alloc.c, plugins/sudoers/boottime.c, plugins/sudoers/sudoers.c: Add casts to quiet compiler warnings. [85eb1c336697] * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: Fix typo in ternary operator usage. [6492ac1450e2] 2010-05-30 Todd C. Miller * INSTALL, configure, configure.in: Add --enable-warnings and fix typo in SUDO_IO_LOGDIR [92121d693b30] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod: Update docs to match sudoers I/O logging changes [18d651989e49] * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in, pathnames.h.in, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, plugins/sudoers/gram.c, plugins/sudoers/gram.h, plugins/sudoers/gram.y, plugins/sudoers/iolog.c, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c: Break sudoers transcript feature up into log_input and log_output. [db3c1248d2ad] * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: Use setprogname() as needed. [6beee63a4553] * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c: Adapt sudoreplay to iolog changes. [581f52c05f0f] 2010-05-29 Todd C. Miller * plugins/sudoers/iolog.c: Log all input and output into separate files and store a number on each timing file line to indicate which file the data is in. [fb460c5273dd] * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Make sudoers_io functions static to iolog.c [b2df3cc3eecb] 2010-05-28 Todd C. Miller * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c, src/sudo_usage.h.in: Completely remove the -L flag from the sudo front end. [3d220030b720] * plugins/sudoers/sudoreplay.c: Fix EAGAIN handling when writing to stdout. [4766d77cea49] * plugins/sudoers/sudoers.c: Eliminate unused variables [83bd711e79c4] * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c: Re-enable cleanup functions in sudoers plugin and sudo driver for error()/errorx(). [43093f937dd8] * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c, plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, plugins/sudoers/parse.c, plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: Use sudo_printf to display verbose version information. [435cc9f8d4a2] * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Minor Makefile cleanup: fix a typo, change the removal order in the clean targets, and remove a superfluous include path for the sudoers plugin. [6e3b2d6b4437] * plugins/sudoers/env.c: Handle duplicate variables in the environment. For unsetenv(), keep looking even after remove the first instance. For sudo_putenv(), check for and remove dupes after we replace an existing value. [c1bbb88d0435] 2010-05-27 Todd C. Miller * plugins/sudoers/Makefile.in: Use explicit path to source file instead of $< for files that live in devdir and top_srcdir. [358ab7f6cc64] * plugins/sudoers/Makefile.in: Add explicit rules to compile gram.c and toke.c for HP-UX Pevent ending LIBSUDOERS_OBJS with a backslash [481a5c96d47e] * plugins/sudoers/Makefile.in, src/Makefile.in: Link libcommon before libreplace since libcommon may use functions only present in libreplace. [1847c496ff5b] * common/Makefile.in: Move code common to sudo and the sudoers plugin to a convenience library, libcommon. Removes the need to make links in the sudoers plugin dir and reduces re-compilation of duplicate object files. [4c8986352937] * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c, common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c, configure, configure.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c, src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c, src/zero_bytes.c: Move code common to sudo and the sudoers plugin to a convenience library, libcommon. Removes the need to make links in the sudoers plugin dir and reduces re-compilation of duplicate object files. [1d1d98bd55b9] * src/exec.c, src/sudo.c, src/sudo.h: Rename script_execve to sudo_execve and rename script_foo in exec.c [a35ec80de96a] * MANIFEST, src/Makefile.in, src/exec.c, src/script.c: rename script.c exec.c and fix up the MANIFEST file [36bc3bff9578] * src/script.c, src/sudo.c, src/sudo.h: Rename script_setup() to pty_setup() and call from script_execve() directly. [899b0fb2a14d] * configure, configure.in: bump version to 1.8.0a2 [0b1c1ca9d4e5] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document init_session [b5324785a406] * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h: Clean up the sudoers auth API a bit and update the docs. [c40fd4cb6e68] * include/sudo_plugin.h, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/script.c, src/sudo.c: Add init_session function to struct policy_plugin that gets called before the uid/gid/etc changes. A struct passwd pointer is passed in,which may be NULL if the user does not exist in the passwd database.The sudoers module uses init_session to open the pam session as needed. [d71723320ee8] 2010-05-26 Todd C. Miller * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Add open/close session to sudo auth, only used by PAM. This allows us to open (and close) the PAM session from sudoers. [2665e2920d0d] * plugins/sudoers/Makefile.in: Add explicit rule to build getdate.o for HP-UX make. [7f049e989956] * plugins/sudoers/Makefile.in: Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c rules as an alternate way to prevent HP-UX make (and others) from trying to rebuild the parser in non-dev mode. [f84badad98c5] * plugins/sudoers/sudoers.c: Re-enable PATH_MAX check for command [40d8a50da136] * Makefile.in: For distclean, clean the main directory last since the subdirs need to be able to run libtool to clean things. [8949a9861634] * compat/Makefile.in: Fix generation of mksiglist.h [b7cdc9b36650] * src/script.c: Now that we defer sending cstat until the end of script_child() we cannot reuse cstat when reading command status from parent. [25c882643466] 2010-05-25 Todd C. Miller * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: Use numeric registers to handle conditionals instead of trying to do it all with text processing. [478079c3fd4b] * doc/sudoers.pod: Document per-command SELinux settings [13840d566805] * plugins/sudoers/sudoers.c: Repair "sudo -l -U username" [10a0dcdf2ddf] * plugins/sudoers/sudoers.c: Set selinux role and type in command details. [8ae6d35a126d] * src/script.c, src/selinux.c, src/sudo.h: Rework SELinux support. [83279cc94bf2] 2010-05-24 Todd C. Miller * src/script.c, src/selinux.c, src/sudo.h: Make SELinux support compile again. Needs more work to be complete. [3d3addebcf82] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c, src/sudo.h: Bring back closefrom settings. [b1c6257d4bbb] * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: If running a command or sudoedit in transcript mode, call io_nextid() before log_allowed() so the session id is logged. [c42f3ae40150] * configure, configure.in: Use mandoc(1) if nroff(1) is not present. [daad4bbd04af] * doc/Makefile.in: Use the --file argument to config.status instead of setting CONFIG_FILES in the environment. [c89411a8bf70] * plugins/sudoers/Makefile.in: We cannot conditionally update gram.h or the dependency ordering gets messed up in devel mode. [c938953231d9] 2010-05-21 Todd C. Miller * Makefile.in, compat/Makefile.in, configure, configure.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Substitute @SHELL@ into Makefiles [36aa6a095335] * config.sub: Fix typo [16d294d26b58] * config.guess, config.sub, configure, configure.in: Update to autoconf 2.65 [4fa6ea8caea3] * Makefile.in: Fix libtool target (space vs. tabs) [755cf3892618] * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c: Remove use of RETSIGTYPE; all modern systems have signal handlers that return void. [42b4e3aee668] * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Update to libtool-2.2.6b. I haven't made any local modifications this time, which should be OK since we install sudo_noexec.so by hand now. [6f79ced593bb] * compat/Makefile.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Use libtool to clean objects [1581057d6472] * include/Makefile.in: Install sudo_plugin.h as part of "make install" and make other install targets callable from the top-level Makefile [aaaeb027d774] * configure, configure.in: regen with autoupdate to eliminate AC_TRY_LINK [5d5541c230f5] * Makefile.in, compat/Makefile.in, configure, configure.in, doc/Makefile.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Install sudo_plugin.h as part of "make install" and make other install targets callable from the top-level Makefile [b258b8401b1c] * plugins/sample/sample_plugin.c: The sample plugin doesn't support being run with no args so return a usage error in this case. [473b3cf965be] * plugins/sudoers/iolog.c: Set close on exec flag for descriptors used for I/O logging so they are not present in the command being run. [2c7e8708df76] * plugins/sudoers/tsgetgrpw.c: Set close on exec flag in private versions of setpwent() and setgrent(). [64fef78cb833] * src/script.c: Close the I/O pipes aftering dup2()ing them to std{in,out,err}. Fixes extra fds being present in the command when it is part of a pipeline. [060451617713] * plugins/sudoers/sudoers.c: Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it is used when logging). Note that user_ttypath will still be NULL if there is no tty. [31b69a6ecda7] * src/script.c, src/sudo.h: Cosmetic changes: add comments, remove orphaned prototype and make a global static. [f7851af0143e] 2010-05-20 Todd C. Miller * src/script.c: Move check for maxfd == -1 to flush_output where it belongs. [b826a95b4491] * src/script.c: Break out of select loop if all the fds we want to select on are -1. [f5b387024238] * src/sudo.c: Avoid possible malloc(0) if plugin returns an empty groups list. [9765a8fe5ce7] * src/sudo.c: Add debugging info when calling plugin close function [95a273c7ff66] * src/script.c: Avoid closing stdin/stdout/stderr when we are piping output. [330e76423caf] * src/script.c: When execve() of the command fails, it is possible to receive SIGCHLD before we've read the error status from the pipe. Re-order things such that we send the final status at the very end and prefer error status over wait status. [b0dcf825244f] 2010-05-19 Todd C. Miller * plugins/sudoers/auth/sudo_auth.c: Fix compilation for non PAM/BSD auth/AIX auth [e382b39d2e4f] 2010-05-18 Todd C. Miller * src/script.c: Additional checks to make sure we don't close /dev/tty by mistake. When flushing, sleep in select as long as we have buffers that need to be written out. [8139cbd3dd54] * src/script.c: Now that we can use pipes for stdin/stdout/stderr there is no longer a need to error out when there is no tty. We just need to make sure we don't try to use the tty fd if it is -1. [666621635d26] 2010-05-17 Todd C. Miller * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h, plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c: Add argc and argv to I/O logger open function. [0d7faa007d27] * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h, plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c, src/sudo_edit.c: Remove check_sudoedit function pointer in struct sudo_policy. Instead, sudo will set sudoedit=true in the settings array. The plugin should check for this and modify argv_out as appropriate in check_policy. [c0328e3276b8] 2010-05-16 Todd C. Miller * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h, src/sudo_edit.c: If plugin sets "sudoedit=true" in the command info, enable sudoedit mode even if not invoked as sudoedit. This allows a plugin to enable sudoedit when the user runs an editor. [96d67b99e42e] 2010-05-15 Todd C. Miller * plugins/sudoers/Makefile.in: gram.h must not depend on gram.y if we want to avoid unnecessary rebuilding of targets dependent on gram.h when gram.y changes. [9db4b767fdca] * plugins/sample/sample_plugin.c: Refactor common bits of check_policy and check_edit [ac4d366a04cf] * plugins/sample/sample_plugin.c: Add sudoedit support [a1a6cc4c0cef] 2010-05-14 Todd C. Miller * plugins/sudoers/Makefile.in: Rely more on VPATH; fixes a dependency issue with the parser. [45e406ebdea2] * include/compat.h: Fix typo introduced in last commit [3ccb0f853d11] * include/compat.h: Emulate seteuid using setreuid() or setresuid() as needed. There are still a few places that call seteuid() directly. [36e8efa3a99d] * src/parse_args.c, src/sudo_edit.c: Attempt to fix building on systems that only have setuid. [8e9ba4083318] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Clarify sudoedit a tad. [d39dfaa14ade] 2010-05-13 Todd C. Miller * src/sudo_edit.c: Fix compilation on HP-UX [f6e47843d139] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document sudoedit [4cbf5196d993] * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c: Change how we handle the sudoedit argv. We now require that there be a "--" in argv to separate the editor and any command line arguments from the files to be edited. [20623d549a3c] * include/sudo_plugin.h, plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c, src/sudo.h, src/sudo_edit.c: Work in progress support for sudoedit. The actual interface used by the plugin for sudoedit is likely to change. [c31262a31997] * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c: Make find_path() a little more generic by not checking def_foo variables inside it. Instead, pass in ignore_dot as a function argument. [9c23101a094d] * plugins/sudoers/env.c: Add version of getenv(3) that uses our own environ pointer. [0e3783e63534] 2010-05-12 Todd C. Miller * src/script.c: Avoid a potential race condition if SIGCHLD is received immediately before we call select(). [99adc5ea7f0a] * plugins/sudoers/sudoers.c: Call env_init() before we open the sudoers sources as those may call our setenv() replacement. [5f82601f5ab0] * plugins/sudoers/env.c: Initialize env_len in env_init() [7ae02b3029b5] 2010-05-11 Todd C. Miller * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: Document time stamp shortcomings under SECURITY NOTES Use "time stamp" instead of timestamp. [2b86120815b2] * doc/Makefile.in: Make sed substitution of mansectsu and mansectform global. [94588632dba0] * plugins/sudoers/check.c: If the tty lives on a devpts filesystem, stash the ctime in the tty ticket file, as it is not updated when the tty is written to. This helps us determine when a tty has been reused without the user authenticating again with sudo. [0e62a31bceb0] * src/tgetpass.c: Fix pasto in mulitple signal fix and use _NSIG not NSIG since that is what our compat checks set. [df50f0a040c9] * configure, configure.in: Add check for whether sudo need to link with -ldl to get dlopen(). This is a bit of a hack that will get reworked when libtool is updated. [63bdcf579533] * plugins/sudoers/check.c: Fix timestamp removal with -k/-K [6b4639fef973] * plugins/sudoers/Makefile.in: audit.c is now private to the sudoers plugin [1974f342ae0b] * configure, configure.in: Link with -lpthread on HP-UX since a plugin may be linked with -lpthread and dlopen() will fail if the shared object has a dependency on -lpthread but the main program is not linked with it. [d42139391263] * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c: Add separate test for getresuid() since HP-UX has setresuid() but no getresuid(). [910fe727a374] * doc/Makefile.in: Remove errant backslash [dd5464257c69] * src/script.c: Fix SIGPIPE handling. Now that we use may use pipes for stdin/stdout we need to pass any SIGPIPE we receive to the running command. [3f6b1991f4fd] * src/script.c: Also start the command in the background if stdin is not a tty. [d93bc33a3740] 2010-05-10 Todd C. Miller * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c: No need to use pseudo-cbreak mode now that we use pipes when stdout is not a tty. Instead, check whether stdin is a tty and if not, delay setting the tty to raw mode until the command tries to access it itself (and receives SIGTTIN or SIGTTOU). [e68315cf8c6b] * src/tgetpass.c: Use an array for signals received instead of a single variable so we don't lose any when there are multiple different signals. [2ac726dac864] * src/tgetpass.c: Do signal setup after turning off echo, not before. If we are using a tty but are not the foreground pgrp this will generate SIGTTOU so we want the default action to be taken (suspend process). [bebb6209c795] 2010-05-07 Todd C. Miller * src/script.c: Flush the iobufs on suspend or child exit using the same logic as the main event loop. [c627feee1035] * src/script.c: Free memory after we are done with it. [8db9b611b45a] 2010-05-06 Todd C. Miller * doc/HISTORY: Quest now sponsors Sudo development [6cc490083bc7] 2010-05-05 Todd C. Miller * doc/Makefile.in: Install sudo_plugin man page. [c253729790b2] * src/script.c: Go back to reseting io_buffer offset and length (and now also the EOF handling) in the loop we do the FD_SET, not after we drain the buffer after write() since we don't know what order reads and writes will occur in. [5f38bfa8497f] * MANIFEST: audit files moved to sudoers plugin directory [b1ead182428e] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document plugin_printf and new logging functions. [fe9430b60ab5] * src/script.c: Add support for logging stdin when it is not a tty. There is still a bug where "cat | sudo cat" has problems because both cat and sudo are trying to read from the tty. [04c9c59fcfba] * include/sudo_plugin.h, plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c, src/script.c: Add separate I/O logging functions for tty in/out and stdin/stdout/stderr. NOTE: stdin logging does not currently work and is disabled for now. [a36dfd4ca935] 2010-05-04 Todd C. Miller * include/sudo_plugin.h, plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/conversation.c, src/sudo.c, src/sudo_plugin_int.h: Add pointer to a printf like function to plugin open functon. This can be used instead of the conversation function to display info and error messages. [98734eea8ef1] * Makefile.in: Stop if make in a subdir fails [228bb3ad2dbc] * src/script.c: Only set user's tty to blocking mode when doing the final flush. Flush pipes as well as pty master when the process is done. [20ff67218666] 2010-05-03 Todd C. Miller * plugins/sudoers/ldap.c: Use print_error() when displaying ldap config info in debugging mode. [d142e0cacb22] * compat/Makefile.in, compat/strdup.c, compat/strndup.c: No longer need strdup() or strndup() replacements. [df53697174ec] * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoers.h: Add print_error() function that uses the conversation function to print a variable number of error strings and use it in log_error(). [b1fa2861b575] * src/script.c, src/sudo.h, src/term.c: Do not need the opost flag to term_copy() now that we use pipes for stdout/stderr when they are not a tty. [f42811f70a19] * src/script.c: Use pipes to the sudo process if stdout or stderr is not a tty. Still needs some polishing and a decision as to whether it is desirable to add additonal entry points for logging stdout/stderr/stdin when they are not ttys. That would allow a replay program to keep things separate and to know whether the terminal needs to be in raw mode at replay time. [1a945e0ab2da] 2010-04-30 Todd C. Miller * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h, src/audit.c, src/bsm_audit.c, src/bsm_audit.h: Move audit sources into the sudoers plugin dir; the driver does not use them. [50ec36422cd0] * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c, compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c, plugins/sudoers/boottime.c, plugins/sudoers/getdate.c, plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c, src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c, src/term.c, src/ttysize.c: Use angle brackets when including headers that can only be found when an -I flag is specified. The files in the compat dir could get away with double quotes here but I've converted all the source files to use angle brackets for consistency. [9e30a8fc6d4b] * plugins/sudoers/Makefile.in: Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat dir can be found when building outside the source tree. [1150934b79dd] * plugins/sudoers/Makefile.in: Clean up links in distclean [78595028be8b] * plugins/sudoers/Makefile.in: Hack around VPATH semantic differences by symlinking files we need from ../../src into the current directory and build those. A better fix would be to either make a .a or .la file with those files in it or simply use a single, flat, Makefile instead of per-subdirs Makefiles. [892c332d3f05] * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c: fmt_string is used by the sudoers plugin too so do not include sudo.h (which is not really needed here anyway) [231c35e3941f] * compat/Makefile.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Fix building with non-BSD versions of make such as GNU make. Requires VPATH support, which should be in any non-neolithic make. [dc174f135919] * configure, configure.in, plugins/sudoers/Makefile.in, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c, src/Makefile.in: Re-enable bsm audit. Currently auditing is done within the sudoers plugin itself. If possible, this should really be done in the main driver but we don't presently have the needed data to do that. This will be re-evaluated when Linux audit support is added. [1d05a3236bfe] * compat/Makefile.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Remove extraneous $srcdir and use more .c.lo and .c.o rules instead of explicit rules in the dependency. [88f80efd25f0] * plugins/sudoers/visudo.c: Fix mismerge; alias_remove_recursive() now returns int [6257a4849641] 2010-04-29 Todd C. Miller * plugins/sudoers/visudo.c: Fix a crash when checking a sudoers file that has aliases that reference themselves. Based on a diff from David Wood. [545d194484a7] * src/script.c: Print signal info after restoring the tty mode, not before. [a68618e67435] * src/script.c: Defer call to alarm() until after we fork the child. Pass correct pid to terminate_child() If the command exits due to signal, set alive to false like we do when it exits normally. Add missing check for errpipe[0] != -1 before using it in FD_ISSET [22f0a1549391] 2010-04-28 Todd C. Miller * plugins/sudoers/boottime.c: Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h [0e627170c6e8] 2010-04-27 Todd C. Miller * src/Makefile.in: Simplify dependencies by using .c.o and .c.lo rules. [6abcaef5d1ac] * configure, configure.in, plugins/sudoers/Makefile.in, src/Makefile.in: Substitute in @PROGS@ into src/Makefile to add sesh [cc46d3b6208f] 2010-04-26 Todd C. Miller * plugins/sudoers/sudoers.c: Add back calls to log_denial() if sudoers does not allow the command. [9783316207f0] * plugins/sudoers/sudoers.c: Pass in correct pwflag for list and validate. [973dd56d4b81] * plugins/sudoers/env.c: Add missing check for NULL in validate_env_vars [1d6eb6957824] * src/Makefile.in: Add sudo_noexec.la to "all" target, otherwise it only gets built at install time. [644a9694d2ef] * plugins/sudoers/sudoers.c: Only set sudo_user.env_vars if the env_add list is empty. [fccdf6f0e0e2] * plugins/sudoers/sudoers.c: Set sudo_user.env_vars so that environment variables specified on the command line get logged correctly. [9b51012c491e] * plugins/sudoers/env.c, plugins/sudoers/logging.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Re-enable environment files and setting environment variables on the command line. [5662d5645dbd] 2010-04-24 Todd C. Miller * plugins/sudoers/check.c: Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime() a pointer to time_t as tv_sec in struct timeval may be long. [4de0c46e788e] * plugins/sudoers/check.c: Don't stash ctime in on-disk tty ticket info for now; on many (most?) systems the ctime is updated when the tty is written to. Once I have a better idea of what systems do not update ctime on ttys (and have a way to test for this) the ctime stash will be conditionally re-enabled. [a90eeec0f648] 2010-04-23 Todd C. Miller * MANIFEST, Makefile.in: Add back "dist" target, this time using a MANIFEST file [29277c05499f] * Makefile.in: Remove Makefile in distclean target [83d695f4f450] * Makefile.in, src/Makefile.in: Update clean and cleandir targets [ad7b2afeb9c1] * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c, src/sudo.h: Move fileops.c defines and prototypes to filesops.h [4545e9b6892d] * plugins/sudoers/check.c: Lock the tty timestamp when writing. We shouldn't have to lock when reading since the file is updated via a single write system call. [0c7276f02696] 2010-04-22 Todd C. Miller * plugins/sudoers/alias.c, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, plugins/sudoers/match.c, plugins/sudoers/nonunix.h, plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c: Convert to ANSI C function declarations [9c45def57cf7] * plugins/sudoers/sudoers.h: Remove extraneous bits and classify by source file. [e8ea9f109ebb] * include/compat.h: Add timercmp macro for systems without it [d3bf87b1d08e] * plugins/sudoers/boottime.c, plugins/sudoers/check.c, plugins/sudoers/sudoers.h: get_boottime() now fills in a timeval struct [3573c3f44e11] * plugins/sudoers/check.c: Store info from stat(2)ing the tty in the tty ticket when tty tickets are in use. On most systems, this closes the loophole whereby a user can log out of a tty, log back in and still have the timestamp be valid. [53380f9f5242] * config.h.in, configure.in: Add timespec2timeval and use it when getting ctime/mtime [4cb7f7caec2c] 2010-04-20 Todd C. Miller * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c: Convert perm setting to push/pop model; still needs some work Use the stashed runas groups instead of using getgrouplist() Reset perms to the initial value on error [09c072ebde8b] * config.h.in, configure.in: fix ctim_get and mtim_get macros [58773dc1e360] * config.h.in, configure, configure.in, include/compat.h, plugins/sudoers/check.c, plugins/sudoers/gettime.c, plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c: Use timeval directly instead of converting to timespec when dealing with file times and time of day. [a0ce1ae00a67] * plugins/sudoers/Makefile.in: Don't like sudoreplay with libsudoers.la due to a yacc symbol conflict. [f1a59cc63a15] 2010-04-18 Todd C. Miller * configure, configure.in: Darwin >= 9.x has real setreuid(2) [7ec942a64275] 2010-04-17 Todd C. Miller * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: Ansify env.c [f58551bad10a] * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Remove remaining references to the environ pointer. [96faa530816a] 2010-04-16 Todd C. Miller * config.h.in, configure, configure.in, plugins/sudoers/env.c: Don't change the environ directly in the sudoers plugin [6db48ed3f7e0] 2010-04-15 Todd C. Miller * plugins/sudoers/sudoers.c: Fix typo [4aa452b07f8f] * plugins/sudoers/alias.c: Fix use after free in error message when a duplicate alias exists. [ce1d2812ee34] 2010-04-14 Todd C. Miller * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, src/parse_args.c: Add a "noninteractive" boolean to the settings passed in to the plugin's open function that is set when the user specifies the -n flag. [68f8d9d6d4d0] * config.h.in, configure, configure.in, plugins/sudoers/env.c: Add workaround for the lack of the environ pointer on Mac OS X in dlopen()ed modules. Use of environ in the sudoers plugin should ultimately be removed but this will do for the moment. [80c61647434f] * plugins/sudoers/visudo.c: Set errorfile to the sudoers path if we set parse_error manually. This prevents a NULL dereference in printf() when checking a sudoers file in strict mode when alias errors are present. [45e249ca99f7] * plugins/sudoers/sudoers.c: Main sudo no longer print "unable to execute" on exec failure so do it here. [50aaf62b43b5] 2010-04-13 Todd C. Miller * src/script.c: Use a pipe to pass back errno to the parent if execve() fails. If we get an error in script_child(), kill the command and exit. [dc3bf870f91b] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, src/parse_args.c, src/sudo.c: Handle plugin's open function returning -2 (usage error). [aadf900c1de8] * src/script.c: If execve() fails, leave it to the plugin to print an error string. [e25748f2d5b9] * src/script.c: If execve fails in logging mode, pass the errno directly to the grandparent on the backchannel and exit. The immediate parent will get SIGCHLD and try to report that status but its parent will no longer be listening. It would probably be cleaner to pass this over a pipe in script_child(). [cb122acc81a8] * plugins/sudoers/sudoers.c: Don't override rval with results of check_user() unless it failed. [46fb7e87ac7d] 2010-04-12 Todd C. Miller * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Fix typo [ccd0b693f3da] * src/parse_args.c: NULL-terminate env_add [2c534368a0c3] 2010-04-11 Todd C. Miller * src/sudo.c: Call the I/O log open function before the I/O version function. [e88bf898990b] * plugins/sudoers/iolog.c: Remove io_conv and just use sudo_conv [a280052468eb] * plugins/sudoers/set_perms.c: Fix set/restore perms for systems w/o setresuid [4160517f6666] 2010-04-10 Todd C. Miller * plugins/sudoers/check.c, plugins/sudoers/logging.c, plugins/sudoers/parse.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Primitive set/restore permissions. Will be replaced by a push/pop model. [aae102290866] * src/script.c: Only need to take action on SIGCHLD in parent if no I/O logger. If there is an I/O logger we will receive ECONNRESET or EPIPE when we try to read from the socketpair. [e1e4560401f6] 2010-04-09 Todd C. Miller * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/find_path.c: Merge fb4d571495fa from the 1.7 branch to trunk. [c8fb424ad4d2] 2010-04-08 Todd C. Miller * src/script.c: Don't set SA_RESTART when registering SIGALRM handler. Do set SA_RESTART when registering SIGWINCH handler. [173472b76525] * doc/Makefile.in: Add dev targets for *.man.in and *.cat that don't specfify the $(srcdir) prefix. [b62f425da2e4] * src/script.c: If log_input or log_output returns false, terminate the command. [074f4c0c34a0] * src/script.c: Better signal handling. Instead of using a single variable to store the received signal, use an array so we can't lose a signal when multiple are sent. Fix process termination by SIGALRM in non-I/O logger mode. Fix relaying terminal signals to the child in non-I/O logger mode. [7a4723aca99d] * src/script.c: Fix a race between when we get the child pid in the parent and when the child process exits. The problem exhibited as a hang after a short-lived process, e.g. "sudo id" when no IO logger was enabled. [80bcc0aca70b] 2010-04-07 Todd C. Miller * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Add a note about the security implications of the fast_glob option. [c37a92ab7c93] 2010-04-06 Todd C. Miller * config.h.in, configure, configure.in: Fix up some AC_DEFINE descriptions and regen config.h.in [f4655adc0db3] 2010-04-05 Todd C. Miller * include/missing.h: No longer check for strdup or strndup for LIBOBJ replacement. [fdc764ee8109] * src/script.c: Avoid installing signal handlers that are io-logger specific. Fixes job control when no io logger is enabled. [0853dd0906d4] * doc/Makefile.in: Only regen man pages from pod when configured with --with-devel [ab1995f8103d] 2010-04-04 Todd C. Miller * Makefile, Makefile.in, configure, configure.in: Top-level Makefile.in. Nothing is currently substituted but this is needed for separate build dirs. [e80873cbd201] * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Fix out-of-tree builds [59a35bef07b8] * Merge [386b848047e9] * doc/Makefile.in: We always install sudoreplay in 1.8 [ce52ba6617c9] 2010-04-03 Todd C. Miller * compat/siglist.in: SIGPOLL is sometimes the same as SIGIO (like on HP-UX) [6d69e1b05faf] 2010-04-02 Todd C. Miller * configure, configure.in: No need to provide strdup() or strndup(), sudo uses estrdup() and estrndup() [57ec23b72958] 2010-04-04 Todd C. Miller * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: Free str after using it in the version method. Use sudo_conv, not io_conv since we don't have the IO conversation function pointer in the I/O version method anymore now that io_open is delayed. [f2ed132adeb0] 2010-04-02 Todd C. Miller * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h, compat/siglist.in: Add license to mksiglist.c and note that the bits from pdksh are public domain [d8121a2467e8] * compat/Makefile.in: Fix LIBOBJDIR vs. srcdir wrt the siglist bits [164160148421] * plugins/sudoers/Makefile.in: Add sudoreplay testsudoers and visudo to clean target [138a17e51c0c] * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h, compat/siglist.in, compat/strsignal.c, configure, configure.in, include/missing.h, src/script.c: Create our own sys_siglist for systems without it for use by strsignal() [2e5da011ebc3] * compat/Makefile.in: Remove duplicate $(LIBOBJDIR) [adf9abc9432f] 2010-04-01 Todd C. Miller * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c: Main sudo should not block signals; the plugin should do this in check_policy. [3f3736a7c5ed] 2010-03-31 Todd C. Miller * src/script.c: Fix a sizeof(ptr) vs. sizeof(*ptr) [aa1bcf5afcce] * src/script.c: Unlike most operating systems, HP-UX select() is not interrupted by SIGCHLD when the signal is registered with SA_RESTART. If we clear SA_RESTART when calling sigaction() for SIGCHLD we get the expected behavior and the code in the select() loops already handles EINTR correctly. [9eba0115e35a] * compat/getprogname.c: progname should be const [130228f062b7] * plugins/sudoers/Makefile.in: Move --tag=disable-static to when we link sudoers.la, not when we install. [ceb5e6c3b78b] * src/load_plugins.c: Load the sudoers I/O plugin by default too now that it is hooked up. [ea38befd0742] 2010-03-30 Todd C. Miller * src/pty.c: It looks like AIX doesn't need to push STREAMS modules for ptys. [22da618ba0a1] 2010-03-28 Todd C. Miller * src/parse_args.c, src/sudo.c: Delay calling the I/O plugin open function until the policy plugin returns success. [f3297c325b48] 2010-03-27 Todd C. Miller * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Add back io logging (transcript) support. Currently, the open function runs too early and it is not possible to use the io module independently of the policy module. [9bd932f66226] * plugins/sudoers/set_perms.c: Comment out dead code; will be removed when set_perms is rewritten. [af7a995284f8] 2010-03-23 Todd C. Miller * plugins/sudoers/sudoers.c: Fix off by one error when allocating user_groups. [6281fcf9c3bb] 2010-03-22 Todd C. Miller * configure, configure.in, plugins/sudoers/Makefile.in: Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris. [fbce3e9eda3a] * plugins/sudoers/sudoers.c: Fix typo in preserve groups case [1fd72024fb5a] * plugins/sudoers/sudoers.c: In command_info it is "runas_groups" not "groups". [5c64dce4f285] * src/sudo.c: Fix iteration over runas_groups list. [b3c45a0cd643] * configure, configure.in, plugins/sudoers/env.c, plugins/sudoers/match.c, src/script.c: Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch. [a8108a0776c2] * compat/getgrouplist.c: getgrouplist(3) for those without it [4ab4d21e3b16] * plugins/sudoers/sudoers.c: Set preserve_groups or groups list in command_info [1266119ad654] * src/sudo.c: Fix setting of groups list [e75315e40bd4] * config.h.in, configure, configure.in, include/compat.h, include/missing.h: Add checks for getgrset and getgrouplist and use replacement getgrouplist if the system doesn't support it. [a62b8ba50863] * src/parse_args.c: Pass in preserve_groups when the -P flag is specified as per the design [7420c5d15474] * plugins/sudoers/sudoers.c: Check preserve_groups and ignore_ticket args with atobool instead of assuming they are true if present. [71c905702697] 2010-03-21 Todd C. Miller * plugins/sudoers/Makefile.in, plugins/sudoers/error.c, plugins/sudoers/plugin_error.c: Rename plugin-specific error.c to plugin_error.c Wire up visudo, sudoreplay and testsudoers in the build [9d581d5fa4d4] * src/Makefile.in, src/term.c: term.c does not needto include sudo.h [f6683cdcd2dd] * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document the -2 return in the check_policy section too [e9cb4c34bbcf] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/parse_args.c, src/sudo.c, src/sudo.h: Fix the -s and -i flags and add support for the "implied_shell" option. If the user does not specify a command, sudo will now pass in the path to the user's shell and set impied_shell=true. The plugin can them either check the command normally or return -2 to cause sudo to print a usage message and exit. [bf889c38f229] 2010-03-19 Todd C. Miller * config.h.in, configure, configure.in, src/load_plugins.c: Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for Darwin where libraries end in .dylib but modules end in .so [2c56aaa38e21] * plugins/sudoers/parse.c: Better prefix determination now that we can't rely on len==0 to tell the beginning on an entry. [622bf18179e9] * plugins/sudoers/ldap.c: display_bound_defaults() stub should return 0, not 1 since it is a count, not a boolean. [0327a6c3d55d] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document progname in settings [42031d56a2e3] * compat/getprogname.c, include/compat.h, plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c: Rewrite compat/getprogname.c and add setprogname(). The progname is now passed to the plugin via the settings array. [25d8663e6006] * configure, configure.in, plugins/sudoers/Makefile.in: Fix --with-ldap [b64b633f426d] * plugins/sudoers/sudo_nss.c: Add missing whitespace for Runas and Command-specific defaults [65f4ddf5545e] * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: Use embedded newlines in lbuf instead of multiple calls to lbuf_print. [eed3af9cc3e1] * src/lbuf.c: Add support for embedded newlines. [e11f79b18deb] 2010-03-18 Todd C. Miller * compat/getprogname.c: If system doesn't support getprogname or __programe and we are building a shared object don't bother with Argc/Argv, just return "sudo" [aebde9062be7] * config.h.in, configure, configure.in, src/load_plugins.c: Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool appears to always install a shared object with the .so suffix. [f9bbd0c0e9d3] * compat/Makefile.in, configure, configure.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Play more nicely with libtool and let it build libreplace (was libmissing) for us. [a4c6ebb2495c] * include/missing.h: Include stdarg.h for va_list rather than requiring all consumers of missing.h to include stdarg.h themselves. [37382df948de] * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c, src/parse_args.c: Pass in output function to lbuf_init() instead of writing to stdout. A side effect is that the usage info can now go to stderr as it should. [6d261261a072] 2010-03-17 Todd C. Miller * include/lbuf.h, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c, src/parse_args.c, src/sudo.c: Use number of tty columns that is passed in user_info instead of getting it directly in the lbuf code. [8a16635c2638] * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, plugins/sudoers/env.c, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/interfaces.h, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/match.c, plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c: Kill __P in sudoers [63601e6cb171] * config.h.in, configure, configure.in, src/load_plugins.c: Set the sudoers plugin name in configure so we get the extension right. [edad89924cd1] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document lines/cols in user_info [a808872394f3] * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c: Add tty size to user info [23f3d27e77a7] * src/script.c: Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ [a2208dd09051] 2010-03-16 Todd C. Miller * plugins/sudoers/sudoers.c: Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error out if we fail to lookup the user's name that is passed in [e4e3728ed482] * plugins/sudoers/error.c: Pass the error value back via siglongjmp. [667b8ad575ce] * plugins/sudoers/check.c: Use conversation function for lecture. [1ab4719f509b] * plugins/sudoers/check.c: Don't update ticket file if verify_user returns FALSE. [2bbc46a39a2b] 2010-03-15 Todd C. Miller * plugins/sudoers/sudoers.c, src/sudo.c: Wire up invalidate and validate methods for sudoers [c0630c7bca47] * plugins/sudoers/check.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Add support for -k flag with a command. [edad239b098b] * src/parse_args.c: Allow -k to be specified with a command. [43a45add9974] * plugins/sudoers/sudoers.c: Wire up policy_list [27cc35699eca] * plugins/sudoers/error.c: Add newline at the end of message and space after the colon in warning message [5a591aa8e744] * plugins/sudoers/auth/sudo_auth.c: Add missing newline after pass password warning [337dba3870a7] * plugins/sudoers/sudoers.c: Set user_groups and user_ngroups based on user_info [61bee85128c8] * plugins/sudoers/error.c: Make this compile [7041c441e1c8] * plugins/sudoers/error.c, plugins/sudoers/sudoers.c: Make _warning in error.c use the conversation function and remove commented out warning/warningx in sudoers.c. [7c9b09024b63] * plugins/sudoers/logging.c: Use siglongjmp() in log_error for fatal errors [b50e26f1c73f] * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in: Quiet a libtool warning [b2331fb006bc] * Makefile: Build sudoers plugin [5cdf06e66978] * plugins/sudoers/gram.c, plugins/sudoers/gram.y: Use warningx in yyerror() so the conversation function gets used when built as part of sudoers. [85f964215eef] 2010-03-14 Todd C. Miller * plugins/sudoers/auth/pam.c: Rename sudo_conv to conversation to avoid a namespace conflict. [1ad359d36be9] * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/env.c, plugins/sudoers/error.c, plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c, plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c: Initial bits of sudoers plugin; still needs work. [af2a2c59a952] * config.h.in: Add HAVE_STRDUP and HAVE_STRNDUP [50a3c0dd510f] * compat/Makefile.in, configure, configure.in: Build libmissing in two flavors (one PIC one non-PIC) and link with the appropriate one. [b62f411a4c18] * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c, compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in: Build libmissing in two flavors (one PIC one non-PIC) and link with the appropriate one. [e1e04972b5fe] 2010-03-13 Todd C. Miller * include/missing.h: Add strdup and strndup and fix strsignal [c159babe2896] 2010-03-12 Todd C. Miller * compat/strdup.c, compat/strndup.c, configure, configure.in, plugins/sample/Makefile.in, src/Makefile.in: Add strdup and strndup to compat [25c9fd399a4d] * plugins/sample/sample_plugin.c: Need to include compat.h before missing.h [c94f7aad380f] * compat/strsignal.c: Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if it doesn't exist configure will set it to 0. [384580566389] * compat/glob.c: Fix botched ANSI C coversion of globexp2() [4a344b8cbe49] * configure, configure.in: Remove redundant getgroups check [0b16ec210c81] * configure, configure.in, src/lbuf.c, src/script.c, src/term.c: Require either termios or termio, no more sgtty. [9b2fa2f17a1c] * compat/strsignal.c, config.h.in, configure, configure.in: Change the sys_siglist check to use AC_CHECK_DECLS and also check for _sys_siglist and__sys_siglist [2e078fed2408] 2010-03-11 Todd C. Miller * configure, configure.in, src/Makefile.in: Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now use SUDO_OBJS for the main driver as part of OBJS. [9ae4a80a5ade] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Mention in the conversation function section that a newline is not implicit. [04a233b6c491] * include/compat.h: Add definition of WCOREDUMP for systems without it. This is known to work on AIX and SunOS 4, but may be incorrect on other systems that lack WCOREDUMP. [c85b3ce6b77d] 2010-03-09 Todd C. Miller * plugins/sample/sample_plugin.c, src/conversation.c: conversation function no longer puts a newline at the end of info or error messages. [c534cae1ac4a] 2010-03-07 Todd C. Miller * src/script.c: Use parent process group id instead of parent process id when checking foreground status and suspending parent. Fixes an issue when running commands under /usr/bin/time and others. [564f528c3bb7] 2010-03-06 Todd C. Miller * aclocal.m4: transcript option is now --with not --enable [0646fac4cf93] * plugins/sample/sample_plugin.c: Add support to -u and -g flags Check fmt_string retval Add timeout for debugging purposes [cfefa4fa60b5] * src/script.c, src/sudo.c: Wire up SIGALRM handler Set close on exec flag for child side of the socketpair Fix signal handling when not doing I/O logging [379581ec7272] * src/sudo.c: g/c unused SIGCHLD handler [0afa03912dce] * src/fmt_string.c, src/parse_args.c, src/sudo.c: Don't use emalloc() in fmt_string(); we want to be able to use it from a plugin. [ade64d368147] * include/list.h: tq_remove not list_remove [0e0e1fd5c31c] * configure, configure.in: AUTH_OBJS should contain .lo files not .o files. [c64c82c9d5a2] 2010-03-05 Todd C. Miller * src/parse_args.c: Simplify conversion of command line args to name=value pairs. [75ab127c6a94] * plugins/sample/sample_plugin.c: Handle NULL reply from conversation function [6ce09b6cb204] * compat/getline.c: Don't depend on emalloc/erealloc [73df09e2109f] * plugins/sample/Makefile.in: Use $(OBJS) instead of sample_plugin.lo [2d995db9aa99] * plugins/sample/sample_plugin.c: runas_user is in settings not user_info [7ee12068bc57] * src/parse_args.c: Fix a mismatch between sudo_settings and settings_pairs that causes some settings to get the wrong values. [b1bc6d81a65f] 2010-03-04 Todd C. Miller * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c, src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c: Convert to ANSI C [d03b6e4a3b75] * src/load_plugins.c: Fix strlcpy() return value check. [7cd66999a374] * INSTALL, configure, configure.in: No longer need to substitute in script.o and pty.o; I/O logging support is always built. [45250024c5dc] 2010-02-28 Todd C. Miller * src/script.c: Add fallback to /bin/sh when execve() fails with ENOEXEC. [7684a15a1352] * include/alloc.h, src/alloc.c: Add estrndup() [47621c83bed9] 2010-02-27 Todd C. Miller * src/script.c, src/sudo.c: Refactor script_execve() a bit so that it can be used in non-script mode. Needs more cleanup. [f09e022d547c] * src/sudo.c: Ignore empty entries in command_info list [1eea9a8de21c] * include/list.h, src/list.c: Add tq_remove [40908a617cb2] * src/conversation.c: Pass timeout to tgetpass() [9e66c918b771] * Makefile: Add ChangeLog target [da4a39150838] * README, WHATSNEW: Bump version and update things slightly for sudo 1.8.0 [4b73cc45e2d4] * configure, configure.in: Sudo now requires an ANSI/ISO C compiler [1e51f72e6964] * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c, src/sudo_noexec.c: Convert to ANSI C [5cbd315dbde8] * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h, include/list.h, include/missing.h: Convert to ANSI C [3f5016ff64f4] * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c, compat/getline.c, compat/getprogname.c, compat/glob.c, compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c, compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c, compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, compat/utime.h, compat/utimes.c: Convert to ANSI C [0d635c85461c] 2010-02-24 Todd C. Miller * src/sudo.c, src/tgetpass.c: Make user_details extern so tgetpass can get at the uid and gid. Set uid/gid to user before executing askpass program. Check environment for SUDO_ASKPASS and use that if set. TODO: a way for the policy to set the askpass program itself [d33606396176] * src/sudo.c: No longer need sudo_usage.h in sudo.c [063e2946c382] * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c, src/sudo_usage.h.in: Document -D level command line flag which maps to the debug_level setting. [61f1e2ab3ac1] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document debug_level in plugin doc. Still need to document the -D flag in sudo itself. [8c62daea3e9b] 2010-02-21 Todd C. Miller * plugins/sample/sample_plugin.c: include missing,h for vasprintf [92503de49b39] * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Rename plugin.pod -> sudo_plugin.pod and wire into Makefile [14cfb4775238] * plugins/sample/sample_plugin.c: Need to include limits.h [bda7f74343d2] * compat/glob.c: No more sudo_getpw* [232e52907634] * plugins/sample/Makefile.in, src/Makefile.in: Add missing compat bits [4843dd000e08] * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in: compat files should not include sudo.h wire up compat in sample plugin [a175b8185e0f] * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in: Fix up compat dependencies. Fix distclean target in doc/Makefile.in [57e49bc20857] * configure, configure.in: Fix typo [333655e3d5fe] * plugins/sample/sample_plugin.c: Log input and output to temp files for proof of concept. [ae1dfc34f7d6] * Makefile, configure, configure.in, doc/Makefile.in: Add doc Makefile.in and wire it up [6a310443c87d] * src/script.c: Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with suspending a shell with the "suspend" builtint. [3d65f182819a] * src/script.c: In child, handle parent side of the pipe going away. [a29c14d78cd9] * src/script.c: No longer need to check for explicit death of the child (process #2) since if it dies we will get EPIPE from the socketpair. Fix a sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to sudo_debug. [24c55dd4ff60] * src/sudo.c: Make sudo_debug do a single vfprintf() which will result in a single write call on most systems. Avoids problems with interleaved debug printf from different processes. Also remove an extraneous error case since recv() can't return a short read and add some more XXX. [b37a8533ef1e] 2010-02-20 Todd C. Miller * src/script.c: Fix uninitialized variable. [e012a0a30890] * src/Makefile.in: Fix sudo install target [1417fa4b4ab9] * src/parse_args.c, src/sudo.c, src/sudo.h: Wire up debug_level [144fab289c73] * src/Makefile.in: Fix dependencies [5170940af2ce] * configure, configure.in: Fix setting of plugin dir [144eda170a72] * Makefile: add clean targets [d53f6f6f5c3a] * src/atobool.c: Add missing source for sudo front end [42487de9c489] * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c: Sample plugin demonstrating the sudo plugin API [f1fd62d7644f] * Makefile, configure, configure.in, install-sh, pathnames.h.in, plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c, src/fileops.c, src/fmt_string.c, src/load_plugins.c, src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h, src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c, sudo_usage.h.in: Modular sudo front-end which loads policy and I/O plugins that do most the actual work. Currently relies on dynamic loading using dlopen(). See doc/plugin.pod for the plugin API. [924f6eb2fbba] * doc/plugin.pod, include/sudo_plugin.h: Sudo plugin API [374ccbbd24ae] * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c, compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c, plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/fileops.c, src/sudo_edit.c: Replace emul/include.h with compat/include.h to match new source tree layout. [7eccd10449a1] * src/lbuf.c: Include missing.h for memrchr() proto [03abd63a8a33] * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING, TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c, alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c, closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c, compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c, compat/getline.c, compat/getprogname.c, compat/glob.c, compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c, compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c, compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, compat/timespec.h, compat/utime.h, compat/utimes.c, def_data.c, def_data.h, def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE, doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod, doc/license.pod, doc/sample.pam, doc/sample.sudoers, doc/sample.syslog.conf, doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat, doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h, emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c, error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c, getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod, include/alloc.h, include/compat.h, include/error.h, include/lbuf.h, include/list.h, include/missing.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c, interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod, list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h, mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c, nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in, plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp, plugins/sudoers/alias.c, plugins/sudoers/auth/API, plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/boottime.c, plugins/sudoers/check.c, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, plugins/sudoers/gram.h, plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh, plugins/sudoers/insults.h, plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/match.c, plugins/sudoers/mkdefaults, plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h, plugins/sudoers/nonunix.h, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers, sample.syslog.conf, schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c, selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c, src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h, src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c, src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l, tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat, visudo.man.in, visudo.pod, zero_bytes.c: Rework source layout in preparation for modular sudo. [7fc1978c6ad5] 2010-02-13 Todd C. Miller * Avoid a duplicate fclose() of the sudoers file. [5dba851088c1] * Fix size arg when realloc()ing include stack. From Daniel Kopecek [0a2935061e33] * Use setrlimit64(), if available, instead of setrlimit() when setting AIX resource limits since rlim_t is 32bits. [353db89bac61] * Fix use after free when sending error messages. From Timo Juhani Lindfors [e50dbd902382] * ChangeLog, Makefile.in: Generate the ChangeLog as part of "make dist" instead of having it in the repo. [251b70964673] 2010-01-17 Todd C. Miller * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, closefrom.c, compat.h, configure.in, defaults.c, defaults.h, emul/charclass.h, emul/timespec.h, env.c, error.c, error.h, fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c, mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in, pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers, sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in, sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod, sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod, term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l, utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c: Remove CVS $Sudo$ tags. [de683a8b31f5] 2010-01-18 convert-repo * .hgtags: update tags [9b7aa44ae436] 2009-12-26 Todd C. Miller * sudo_usage.h.in: make this match sudoers SYNOPSIS [c74ba66944c2] * lbuf.c, parse.c: Print a newline between Runas and Command-specific defaults in sudo -l. [b5bdfcc9ce4b] * term.c: Use SET and CLR macros in term_raw [50ca42609d6c] * sudoreplay.c: Set stdin to non-blocking mode early instead of in check_input. Use term_raw instead of term_cbreak since the data we get has already been expanded via OPOST. [51c47e803d62] 2009-12-23 Todd C. Miller * script.c, term.c: Enable/disable all postprocessing instead of just nl->crnl processing since things like tab expansion matter too. However, if stdout is a tty leave postprocessing on in the pty since we run into problems doing it only on the real stdout with .e.g nvi. [62666e309673] 2009-12-19 Todd C. Miller * check.c: If tty_tickets is enabled and there is no tty, prompt for a password. Do not lecture user for "sudo -k command" if user has a timestamp. [5880200c5f6b] * INSTALL: Document missing options: --with-efence and --with-bsm-audit [d83afcdf9ff3] * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat, visudo.man.in, visudo.pod: username -> user name groupname -> group name hostname -> host name [10c85646f45d] * INSTALL, README.LDAP, sudoers.pod: filename -> file name like the rest of the docs [1ef8ab5a9018] 2009-12-17 Todd C. Miller * parse.c: Fix printing of entries with multiple host entries on a single line. [226ceaf91d8d] 2009-12-14 Todd C. Miller * sudoers.pod: Mention that targetpw affects the timestamp file name. [a26e22e4f72e] * def_data.c, def_data.h, def_data.in, defaults.c, script.c, sudoers.pod: Add compress_transcript option. [6e94f8cb9dfb] 2009-12-13 Todd C. Miller * configure, configure.in: bump to 1.7.3b2 [906d7e347d15] * pwutil.c, set_perms.c, sudo.c, sudo_nss.c: Better split of membership vs. traditional group check in user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails. [6ebc55d4716b] 2009-12-12 Todd C. Miller * pwutil.c: Fix pasto and add default return value. [7973b5e4599c] * check.c, match.c, pwutil.c, sudo.h: refactor group member checking into user_in_group() [48ca8c2eddf8] * check.c, config.h.in, configure, configure.in, match.c, sudo.c, sudo.h: Add support for mbr_check_membership() as present in darwin. [5501aed02b9f] 2009-12-10 Todd C. Miller * match.c: Rename label to be accurate [3af17dd960f7] * Makefile.in, boottime.c, check.c, config.h.in, configure, configure.in, sudo.h: Treat timestamp files from before we booted as old. Idea from and Apple patch. [5c96e484c05a] 2009-12-09 Todd C. Miller * sudo.c, sudo.pod, sudo_usage.h.in: Allow the -u flag to be used in conjunction with the -v flag as per older versions of sudo. [591e9fc13c1a] * logging.c: fix typo in last commit [4fd0c692dcf0] 2009-12-08 Todd C. Miller * logging.c: Convert fmt_first and fmt_confd into macros. [32e870158b29] * sudoers.pod: timeouts can be floats now [89de639a9679] * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c, defaults.h, mkdefaults: Add support for floating point timeout values (e.g. 2.5 minutes). [210ffa291733] 2009-12-07 Todd C. Miller * sudo.pod: The -L flag will be removed in sudo 1.7.4 [ffd026084333] 2009-12-06 Todd C. Miller * sudoreplay.c: Fix a bug due to order of operators. [938d34464283] 2009-11-23 Todd C. Miller * match.c: cmnd_matches() already deals with negation so _cmndlist_matches() does not need to do so itself. Fixes a bug with negated entries in a Cmnd_List. [71c845f6ce73] 2009-11-22 Todd C. Miller * sudo.c: Don't exit() from open_sudoers, just return NULL for all errors. [8cfa832f972a] * script.c: Can't rely on the shell sending us SIGCONT when transitioning from backgroup to foreground process. [3c6c5b6cb4b3] * toke.c, toke.l: Add missing extern def for parse_error [45b7b59d03b7] 2009-11-21 Todd C. Miller * toke.c, toke.l: Avoid a parse error when #includedir doesn't find any files. Closes bug #375 [1ce1b850e9e6] * Makefile.in: Include sudo.man.pl and sudoers.man.pl in the distribution tarball. [6a22e32da108] 2009-11-15 Todd C. Miller * script.c: Start command out in foreground mode if stdout is a tty. Works around issues with some curses-based programs that don't handle tcsetattr getting interrupted by a signal. Still allows us to avoid hogging the tty if the command is part of a pipeline. [1c32f2b94769] * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c: Use a socketpair to pass signals from parent to child. Child will now pass command status change info back via the socketpair. This allows the parent to distinguish between signals it has been sent directly and signals the command has received. It also means the parent can once again print the signal notifications to the tty so all writes to the pty master occur in the parent. The command is now always started in background mode with tty signals handled by the parent. [c6790b82986d] 2009-11-04 Todd C. Miller * configure, configure.in: Fix a few typos in the descriptions; from Jeff Makey Only do the check for krb5_get_init_creds_opt_free() taking two arguments if we find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false positive when using our own krb5_get_init_creds_opt_free which takes only a single argument. [845a9ff6f93d] 2009-11-03 Todd C. Miller * configure, configure.in: Remove a spurious comma in the kerb5 bits. [3433eab083db] * auth/kerb5.c: Call krb5_get_init_creds_opt_init() in our emulated krb5_get_init_creds_opt_alloc() for MIT kerberos. [7ffb40bf43e9] 2009-11-01 Todd C. Miller * config.h.in: Add HAVE_ZLIB [9297bde61ecc] * script.c: Need to ignore SIGTT{IN,OU} in child when running the command in the background. Also some minor cleanup. [dc208d982319] 2009-10-31 Todd C. Miller * script.c: Instead of calling sigsuspend when waiting for SIGUSR[12] from parent, install the signal handlers w/o SA_RESTART and let them interrupt waitpid(). [759c7d18203b] * script.c: Pass along SIGHUP and SIGTERM from parent to child. [035b0e254568] * script.c: Close unused bits of script_fds in processes that don't need them. Restore default SIGCONT handler in child. [e037378ab0c1] * script.c: Update foreground/background status in SIGCONT handler in parent process. [3f7f91333264] 2009-10-25 Todd C. Miller * script.c: Defer setting terminal into raw mode until just before we fork() and only do it if sudo is the foreground process. If we get SIGTT{IN,OU} and sudo is already in the foreground be sure to set raw mode before continuing the child. [1102ef40832c] 2009-10-24 Todd C. Miller * script.c: Fix handling of SIGTTOU/SIGTTIN in program being run. We now only give the command the controlling tty if the main sudo process is the foreground process. [cf3a91cb5682] * script.c: Don't bother with sudo_waitpid() here for now. [9086de480c2d] * script.c: fix non-zlib case [a258bff0f9a6] 2009-10-23 Todd C. Miller * script.c: Remove non-wroking code that crept into rev 1.55 [2802dd55cff5] 2009-10-22 Todd C. Miller * INSTALL, configure, configure.in, script.c, sudoreplay.c: First pass at zlib support for transcript data files [5d10260807da] * Makefile.in: remove vestiges of ZLDFLAGS [1fa0caf1c0fb] * script.c: Add missing variable declaration for when TIOCSCTTY is not defined. Need to include sys/termio.h for TIOCSCTTY on some systems. [ee7f41ac2709] * script.c: when resuming command, send SIGCONT to its pgrp not just pid [5cd63c1d565b] * selinux.c: remove unused variable [df67df4be228] * script.c: include selinux.h for is_selinux_enabled() proto [85ebaa880cc1] * script.c: Don't use log_error() in the child process. [def65fe2a433] * script.c: Do I/O in parent instead of child since the parent can have both /dev/tty as well as the pty fds open. The child just sets things up and waits for its grandchild and writes the signal description to the pty master if the command was killed by a signal. [95e473208982] 2009-10-18 Todd C. Miller * missing.h, sudo.h: Move two struct forward declarations from sudo.h to missing.h [90ad28294a8c] * script.c: Make comment at the top of script_exec() match reality. [c5042d27dbe0] * sudo.c: if neither stdin nor stdout is a tty, check stderr [c532ff20c8d8] * Makefile.in: Add back dependecy of gram.h on gram.y [c58382b7fcca] * script.c: Make transcript mode work as long as we can figure out our tty, even if it is not stdin. We'd like to use /dev/tty but that won't be valid after the setsid(). [7b8bba8d99e7] 2009-10-17 Todd C. Miller * config.h.in, configure, configure.in, pty.c: Add support for IRIX-style dynamic ptys [bedc9bac44c1] * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c: Move alloc.c protos into alloc.h [b6a90649617d] * missing.h: Move prototypes for missing libc functions to missing.h [dda9ae1ccaf8] * Makefile.in, sudo.h, sudoreplay.c: Move prototypes for missing libc functions to missing.h [7483166b577b] 2009-10-16 Todd C. Miller * config.h.in, configure, configure.in: Disable transcript support if no tcsetpgrp until we support older BSD-style job control. [27ac1d8163df] * configure, configure.in, pty.c, script.c: Break out pty code into pty.c [e85509b25d41] * compat.h, config.h.in, configure, configure.in: add killpg macro if no killpg function [3a125f4a51f0] * config.h.in, configure, configure.in, script.c: Push ptem and ldterm for STERAMS-based systems when allocating a pty. [36bb39b30ff2] 2009-10-15 Todd C. Miller * script.c: Sprinkle some more O_NOCTTY and call grantpt() before unlockpt() [d94bd5c9bf4e] * script.c: Call tcgetpgrp() in the parent, not the child and have the child spin until it is granted. Fixes a race on darwin. [6e8d435339ce] * script.c: Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just reopen slave. [0bdc63c019ca] 2009-10-14 Todd C. Miller * script.c: In script mode, if the command is killed by a signal, print the signal description as well as a core dump notification like the shell does. [9df61738df07] * Makefile.in, config.h.in, configure, configure.in, strsignal.c, sudo.h: Add check for strsignal() and a simple implementation if it is not there but sys_siglist is [61421a188ef4] * script.c: Add missing WUNTRACED and store the signal that stopped the grandchild in suspended, not signo. [df65042b200e] * script.c: g/c unused code [40d8cb5c9203] * script.c: Associate the grandchild's pgrp with the tty instead of the child's and just get suspend notifications via SIGCHLD instead of directly. This fixes a hang with programs that try to set terminal attributes and is more consistent with how the shell handles things. [6865abff7e94] 2009-10-12 Todd C. Miller * script.c: Move setpgid() of child into the parent side of the fork() where it belongs. [3defa782777c] 2009-10-11 Todd C. Miller * script.c: fix typo [b6a612b3622c] * script.c: Run command in its own pgrp (like the shell does) for easier signalling. No need to relay SIGINT or SIGQUIT to parent, just send to grandchild. Don't want grandchild stopped events in the child (only termination). Flush output after suspending grandchild before signalling parent. [db556bf2176f] * script.c: Back out revision 1.34; the problem lies elsewhere. [85f590a03275] * script.c: Don't set stdout to blocking mode when flushing remaining output. It can cause us to hang when trying to exit. Need to investigate why. [6f803a3e33ca] * script.c: Handle SIGTTOU and remove some debugging. [52d17279053e] * term.c: Back out revision 1.10 as the signal that interrupts us may be SIGTTOU or SIGTTIN which the caller must handle. [7e2fa9107975] * script.c: Apparently we need to send SIGSTOP to the command as well as ourself when we get SIGTSTP, the kernel doesn't automatically stop the process for us. [1a936e9309c4] * script.c: Use an extra process to act as the glue bewteen the sessions associated with the user's controlling tty (what the shell uses) and the tty that sudo is using to do its logging. Basically, this means that if we get, e.g. SIGTSTP from the process sudo is running, we relay the signal to the parent so it's shell can do the job control. [6dd296988060] * term.c: Handle getting/setting terminal attributes when the fd is in non- blocking mode. [ae5ae535ea7b] 2009-10-07 Todd C. Miller * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: Add support for pausing and changing the speed in interactive mode. [72a2063780a7] * script.c: Already define O_NOCTTY in compat.h, don't need it here [b5d80ed3e5ce] 2009-10-06 Todd C. Miller * sudoreplay.c: Add missing protos [c4cb4e7f4d8a] 2009-09-30 Todd C. Miller * sudo_edit.c: Always update the stashed mtime of the temp file instead of using what we have for the original because the time resolution of the filesystem the temporary is on may not match that of the filesystem that holds the original. Should fix bz #371 found by Philippe Levan. [c86ca4bec60c] * sudoreplay.c: Use cbreak mode instead of raw mode and add signal handlers to restore the tty on interrupt. [84dd283da41c] * script.c, sudo.h, term.c: Retain NL to NLCR conversion on the real tty and skip it on the pty we allocate. That way, if stdout is not a pty there are no extra carriage returns. [32e4f570414e] * script.c: Fix log_output(); just pass in a string and a length. [ca980cc0a3fb] 2009-09-28 Todd C. Miller * script.c: do not use errno when complaining out lack of a tty [8f9b8c55ab8e] 2009-09-27 Todd C. Miller * Makefile.in, sudoreplay.c, term.c: Instead of messing with line endings, just set terminal to raw mode in sudoreplay. [90943fa87acb] * term.c: When copying the terminal attributes to the pty, be sure not to set ONLCR. This prevents extra carriage returns from ending up in the script output file. [e6b5475ac2aa] * script.c: Convert a do {} while into a while [e461310d2c77] * Makefile.in: Use if then instead of test && when installing binaries that may not exist. [ad4f9490d971] * script.c: Add O_NOCTTY when opening a tty device. Explicitly disconnect from old tty before associatng with new one. [0e0ca634b80c] * script.c, selinux.c, sudo.c, sudo.h: First cut at refactoring some of the selinux code so it can be used in conjunction with sudo's transcript support. [779b0d8f9d29] 2009-09-26 Todd C. Miller * aclocal.m4, configure, configure.in: Fix default case of transcript_enabled being unset. [f8aa96186e6b] * script.c, sudoreplay.c: Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR [2844a7a851fa] * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c: Hook up --disable-transcript and --enable-transcript=DIR [b3fa7e6b2480] 2009-09-25 Todd C. Miller * aclocal.m4, configure, configure.in, pathnames.h.in: _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable- transcript=DIR option to specify the directory [b0bb76d43cda] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen [c7a8a0a9027c] * configure, configure.in, sudoers.man.pl, sudoers.pod: Substitute in default value for secure_path [c8f9ac6dbf93] * sudo.pod: Mention that the password must be followed by a newline with the -S option. [2fc589a3ee7e] 2009-09-20 Todd C. Miller * script.c: Go back to dropping out of the select() loop when the process dies; Linux ptys apparently don't behave the same as BSD in regards to select(). No need to flush remaining output to the transcript, only to stdout. Add back code to check the master pty for additional data when we exit the main select loop. [abed9a9cbc6b] 2009-09-19 Todd C. Miller * Makefile.in: Add getline.o to COMMON_OBJS [04ef7643cbc2] * Makefile.in: sudoreplay depends on libsudo.a [142bd0472631] * Makefile.in: More pwutil.o into COMMON_OBJS [4a016b933629] * pwutil.c, testsudoers.c, tsgetgrpw.c: Remove my_* redirection in pwutil.c for testsudoers and just use the normal libc get{pw,gr}* names. [9b76d637d86b] * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: More time and date examples [c6ee0175ec56] * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c: Move nanosleep() emulation into its own file Check librt.a for nanosleep if we don't find it in libc [4da0cc26aad7] * Makefile.in, configure, configure.in: Build libsudo with the common bits and link things against that. [2b53bc0b081a] * script.c: Fix final flush. [6da287d833da] * script.c: Keep reading from the pty master -> log file until read returns <= 0. Do our best to write everything to stdout when flushing any remaining bits. [2a45d4ae280c] * sudoreplay.c: Use unbuffered I/O when writing to stdout and make sure we write the entire buffer. [f39ef9844a47] 2009-09-18 Todd C. Miller * sudoreplay.c: Only use max_wait if it is non-zero [f6c10604d2e8] * getdate.c, getdate.y, getline.c: Need compat.h here [5d6722e225a0] * sudoreplay.c: Fix nanosleep emulation [34e5e5d72a76] * script.c: Fix comment after #endif [bd1347718b25] * sudoreplay.c: Add protos for missing libc bits [644f496427a2] * configure, configure.in: add missing line continuation char [db13c0d402cd] * config.h.in, configure, configure.in, getline.c: Implement getline() in terms of fgetln() if we have it. [3ab786eaadc5] * sudoreplay.c: Print year when formatting log line [90be669e3443] * sudoreplay.pod: Document cwd, attempt to document time/date formats. [6290fb9b65c6] * sudoreplay.c: Fix getline return value check. [d696d6657261] * Makefile.in, config.h.in, configure, configure.in, getline.c, sudoreplay.c: Use getline() if the system has it, else use provide our own for sudoreplay. [afca1d6fbe5e] * script.c: Refactor code to update output and timing files. [361491332b1a] 2009-09-17 Todd C. Miller * sudoreplay.c: Make sudo_getln() behave more like glibc getline. [40c9f2ea29e6] * script.c: When flushing remaining output, also update timing file. [5a9a5a627549] * sudoreplay.c: Use get_timestr() and make the -l output look like the regular sudo log. [452ba9d436c9] * logging.c, sudo.h, timestr.c: Make get_timestr() take a time_t so we can use it properly in sudoreplay. [82e67cc53c9c] * script.c: Create session dir earlier now that we update the seq number early. [797fe8d6dc61] 2009-09-16 Todd C. Miller * sudoreplay.c: Use fromdate and todate as the keywords instead of from and to; the short forms will still be accepted. [d14d9b116df4] * sudoreplay.c: Fix reading long liensin sudo_getln() [58dadd74118c] * script.c, sudoreplay.c: Log the cwd in the script log file. Add sudo_getln() to read arbitrarily long lines. [faceb802ab8f] * Makefile.in, logging.c, sudo.h, timestr.c: Move get_timestr() into its own source file so sudoreplay can use it. [99b054bfa20a] 2009-09-15 Todd C. Miller * sudoreplay.c: Add to and from perdicates (date ranges); needs documentation [1d629174dcf4] 2009-09-14 Todd C. Miller * Makefile.in, getdate.c, getdate.y: Fix warning and add generated getdate.c [b877a86b5a03] * Makefile.in, getdate.y: Add getdate.y to be used for sudoreplay date parsing. [b8e26fbb7a40] 2009-09-13 Todd C. Miller * sudoreplay.c: Check more than just the first character of a predicate [4fe53728adb1] * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: Add examples, sort predicates [70f8075cbccc] * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: Implement search expressions in sudoreplay similar in concept to what find or tcpdump uses. TODO: date ranges [f7ce4fb4cf3a] 2009-09-07 Todd C. Miller * script.c: Remove vhangup as it was hanging up the wrong tty. Should really vhangup in the child after it as set its tty. [2eed9df73010] * sudoers.pod: Fix cut at documenting transcript support. [e6c533a5568a] * logging.c: ID= -> TSID= for transcript ID [1bf755a35333] 2009-09-06 Todd C. Miller * sudoers.pod: Move fast_glob description to where it belongs in sorted order [5901cfb0d25f] * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y, parse.c, parse.h, sudo.c: Rename script -> transcript [e06cf823122c] 2009-09-03 Todd C. Miller * compat.h: Add timeradd and timersub for those without them [929f8aa06c2b] * script.c: Sanity check sessid before using it. [aa8ca5211d43] * sudo.c: Only set the session id if we are running a command or editing a file. [7205d717c098] * script.c: Actually. qsort is fine since most versions fal back to a cheaper sort when the number of elements to sort is small (like in our case). [d11c7cd352fe] * config.h.in, configure, configure.in, script.c: Check for dup2 and use dup instead if we don't have it. [98bd89830f8a] * script.c, sudo.c, sudo.h: Move the code to dup2 the script fds to low numbered descriptors into script_duplow() and fix the fd sorting. [9453fdc5fba6] * script.c, sudo.c, sudo.h: Move script_setup() back to immediately before we drop privs and call the new script_nextid() in its place, which will set sudo_user.sessid for the logging functions. [8434d0c8ff08] 2009-09-01 Todd C. Miller * Makefile.in: Install sudoreplay [6acf2cdb4d3f] * sudoreplay.c: remove unused variable [2316360bb992] 2009-08-30 Todd C. Miller * logging.c, script.c, sudo.c, sudo.h: Log the session ID, if there is one. Currently logs ID=XXXXXX, perhaps should be SESSIONID or SESSID. [53976905b0a6] * Makefile.in, configure, configure.in, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: Add sudoreplay docs [da4f14f0e64c] * sudoreplay.c: add -V (version) flag [b5e743639ee3] * sudoreplay.c: Hook up max_wait. [2ec5697a92ba] * script.c, sudoreplay.c: Use base36 number for the ID and store script files with paths like /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6 (2,176,782,336) unique IDs. [6aab019d07aa] 2009-08-23 Todd C. Miller * config.h.in, configure.in: Add check for regcomp [44c3ebd7ff34] * sudoreplay.c: Add support for selecting by pattern and tty when listing. [66189f840c52] 2009-08-17 Todd C. Miller * sudoreplay.c: The beginnings of a list mode. [8d0150b4a52c] 2009-08-16 Todd C. Miller * Makefile.in: fix pasto [616b4640b8a8] * Makefile.in, config.h.in, configure.in: Add scaffolding for building sudoreplay [a32958505dbe] * sudoreplay.c: include error.h first arg to nanotime is const [fe5a7bb31bc5] * sudoreplay.c: Initial cut at sudoreplay; replay a sudo session. [f149fba372bd] 2009-08-08 Todd C. Miller * script.c: Fix wait() usage and use correct wait status. [f4745ed7ad05] * sudo.c, sudo.h, tgetpass.c: Add protos for term_* to sudo.h [14fe1abd7e7b] * script.c: Fix detection of the child process exiting. Since the child is in its own session we should only ever get SIGCHLD for that process but better safe than sorry. [7edfdadd8505] * config.h.in: Add UNIX98 pty support. [82f4b53a0e8f] * configure, configure.in, script.c: Add UNIX98 pty support. [795b8bb0a3a1] 2009-08-07 Todd C. Miller * term.c: For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC if it is defined. [40f8b83baf69] * auth/pam.c: Set PAM_RUSER and PAM_RHOST early so they can be used during authentication. Based on a patch from Jamie Beverly. [3d567b453a6a] * match.c: Close dir before returning if strlcpy() reports overflow. From Martynas Venckus. [6a82f96473e5] * config.h.in, configure, configure.in, script.c: On Linux, the openpty proto libes in pty.h [98643a018d1c] * script.c: Call vhangup on exit if the system has it Use setpgrp() if no setsid() [3a9e13149829] 2009-08-06 Todd C. Miller * config.h.in, configure, configure.in: Add checks for revoke and vhangup if we don't have openpty [fcb04572e994] * script.c: Session logging guts that got forgotten in the previous commit. [c2af08a63ea9] * Makefile.in, aclocal.m4, compat.h, config.h.in, configure, configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c, tgetpass.c: First cut at session logging for sudo. Still need to write get_pty() for Unix 98 and old-style BSD ptys. Also needs documentation and general cleanup. [77e3f5e25738] 2009-08-05 Todd C. Miller * sudo.c, sudo_edit.c: Fix a bug introduced with def_closefrom. The value of def_closefrom already includes the +1. [7291c136300d] 2009-07-29 Todd C. Miller * Makefile.in: Generate sudo distributions with pax in ustar mode. No longer need to use a temp file or have the source dir name match the version. [9778177a8272] 2009-07-18 Todd C. Miller * toke.c, toke.l: Fix expansion of %h in #include names. Fixes bugzilla 363 [6e346879ba24] 2009-07-12 Todd C. Miller * mkdefaults: If no arg assume def_data.in [c1dd28c0e675] * README, WHATSNEW: Update for 1.7.2 [f5ad45f69f05] [SUDO_1_7_2] * ChangeLog: sync [6283549396ff] 2009-06-30 Todd C. Miller * sudoers.cat, sudoers.man.in, sudoers.pod: Add missing single quotes around a colon in Runas_Spec definition. From Elias Benali. [ccc6ee4fca83] 2009-06-29 Todd C. Miller * sudo.man.in, sudoers.man.in: regen [546e75304ebf] * redblack.c: In rbrepair, re-color the root or the first non-block node we find to be black. Re-coloring the root is probably not needed but won't hurt. [34d01ebe241b] * sudo.cat, sudoers.cat: regen [bebf5a39f54f] 2009-06-26 Todd C. Miller * redblack.c: When repairing the tree, don't touch the root node. [9841f0d5d789] 2009-06-25 Todd C. Miller * set_perms.c: Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID. Reported by Josef Schmid. [ed044b1eb879] 2009-06-23 Todd C. Miller * sudoers.pod: Document that we accept env_pam-style environment files [e3b545456352] * env.c: Adapt to accept pam_env-style /etc/environment which allows shell- style lines such as: export EDITOR="/usr/bin/vi" [752eb75bf007] * sudoers.pod: Make it clear that env_delete only works when !env_reset. From Lo??c Minier [3bd3f8e351ba] 2009-06-15 Todd C. Miller * sudo.pod, sudoers.pod: Add non-unix group bits, adapted from Quest [8ce427de8dea] * Makefile.in: build the .cat page in the current working dir, not the src dir [00e87a307674] * env.c: Return EINVAL in setenv() if var is NULL or the empty string to match glibc behavior. [23fd7c247142] 2009-06-13 Todd C. Miller * configure, configure.in: Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE [fedd4a3e2a85] 2009-06-11 Todd C. Miller * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: regen [7b9f461a40b3] 2009-06-09 Todd C. Miller * INSTALL: Document --with-libvas and --with-libvas-rpath [a071e6d96c89] 2009-05-29 Todd C. Miller * ldap.c, sudoers.ldap.pod: For netscape-derived LDAP SDKs the cert and key paths may be a directory or a file. However, version 5.0 of the SDK only seems to support using a directory. If ldapssl_clientauth_init fails and the cert or key paths look like they could be files, strip off the last path element and try again. [ac4e49d83043] * Makefile.in: Add non-Unix group .o to COMMON_OBJS and substitute in path to flex. [4547cc1a335f] 2009-05-27 Todd C. Miller * configure, configure.in, match.c, sudo.c, vasgroups.c: Update non-Unix group support from Quest, as reworked by me. [1abafce29dc6] * toke.c: regen [01bfca9148b7] * toke.l: Add support for escaped hex chars in names, e.g. \x20 for space. [3c7be8e58a39] 2009-05-25 Todd C. Miller * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c, auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c, fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c, logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c, set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h, sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c, tgetpass.c, toke.l, visudo.c: Update copyright years. [e615f676c764] 2009-05-24 Todd C. Miller * interfaces.c, lbuf.c: Minor fixes for Minix-3 [898c510d23f9] 2009-05-22 Todd C. Miller * set_perms.c: Handle getgroups() returning 0. Also add missing check for HAVE_GETGROUPS. [d73b958f9ffd] 2009-05-19 Todd C. Miller * Makefile.in, config.h.in, configure, configure.in, sudo.c, version.h, visudo.c: Replace version.h with PACKAGE_VERSION set via AC_INIT in configure. [5050579a264d] 2009-05-18 Todd C. Miller * set_perms.c: Remove group setting code in setusercontext case, we will do it ourselves later on in runas_setup. Set the gid after initgroups/setgroups is called, since on Mac OS X it seems to change the egid. [09dc21d8b42d] 2009-05-17 Todd C. Miller * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c, vasgroups.c: Initial bits of non-unix group support using Quest Authentication Services [1eecab0ff27e] * toke.c, toke.l: Accept %:foo as a non-Unix group [4c4b5dd899a6] * toke.c, toke.l: Allow user/group to be double quoted in the case of non-Unix groups which contain spaces. [47a3d568b7e8] 2009-05-11 Todd C. Miller * match.c: Don't allow the user to specify the default runas user if their sudoers entry only allows them to run as a group. [4d726177227c] 2009-05-10 Todd C. Miller * sudo.c: Must call audit_success before we change uids. [04a9e6ce6e55] * logging.c, set_perms.c, sudo.h, testsudoers.c: Add option for set_perm to not exit on failure and use this in the logging routines. [833dce7b7f42] * parse.c: In -l mode, if the user is only allowed to run as a group, display the user's name, not root's before the allowed group. [ef92ff99d265] * sudo.c: Fix -g mode, broken by rev 1.503 which had the side effect of setting the runas user to root unilaterally. [50a2f7df4385] 2009-05-08 Todd C. Miller * fileops.c: When unlocking a file with fcntl, use F_SETLK, not F_SETLKW. [30fbe832dcf3] * pwutil.c: Only cache by the method we fetched for pwd and grp lookups. Previously we cached both by namd and id but this can cause problems for entries that share the same id. Also add more info in the error message in case the insert fails (which should now be impossible). [ef95a4f0bab5] 2009-04-30 Todd C. Miller * sudoers.pod: Add a clarification from Nick Sieger [1eadad329561] 2009-04-25 Todd C. Miller * env.c: Inline the setting of the environment string. [9515d11c6295] 2009-04-24 Todd C. Miller * env.c: setenv(3) in Linux treats a NUL value as the empty string setenv(3) in BSD doesn't return an error if the name has '=' in it, it just treats the '=' as end of string. [941260bf94d2] 2009-04-22 Todd C. Miller * toke.c, toke.l: Not all systems have d_namlen [e377b18d8e2d] 2009-04-20 Todd C. Miller * sudoers.pod: Fix up some pod2html issues. [823a1f10ab60] 2009-04-19 Todd C. Miller * interfaces.c: Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from Quest Software. [73de36653131] * sudoers.pod: Ignore files ending in '~' in sudo.d (emacs backup files) [7871fad702db] * toke.c, toke.l: Ignore files ending in '~' in sudo.d (emacs backup files) [53fded2a469f] 2009-04-18 Todd C. Miller * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l: For #includedir, ignore any file containing a dot [a7daa1bce6c2] * Makefile.in, version.h: Bump version [ef60f14ffc44] * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l, visudo.c: Implement #includedir directive. Files in an includedir are not edited by visudo unless they contain a syntax error. [3923d85a6c79] * ChangeLog: sync [8741ed61a78b] [SUDO_1_7_1] * WHATSNEW: Forgot umask_override [7c86a21a5504] * ChangeLog, TODO: sync [57339ca6bccf] 2009-04-16 Todd C. Miller * visudo.c: Rewind stream if we fdopen sudoers since it may not be at the beginning. Set the keepopen flag on already-open files too so the lexer doesn't close them out from under us. [61292d819aff] * visudo.c: Print the proper file name when there is a parse error in an include file. [b0e85d4aedde] 2009-04-11 Todd C. Miller * WHATSNEW: Sync [997e5d485ea3] 2009-04-10 Todd C. Miller * configure, configure.in: Fix a warning when --without-ldap is specified. [d91fd9481b30] 2009-04-05 Todd C. Miller * alias.c, parse.h, visudo.c: Store aliases that we remove during check_aliases in a freelist and free them at the end so we don't leak memory. [805e2272f6a3] 2009-03-28 Todd C. Miller * visudo.c: Check aliases in -c mode too. [9199e188d9f2] * alias.c, parse.h, visudo.c: Make alias_remove return the alias struct instead of freeing it directly. Fixes a use after free in alias_remove_recursive, the only consumer. [a04b61804800] * alias.c, match.c, parse.c, parse.h, visudo.c: Rename find_alias -> alias_find for consistency. [48b0a82924f3] 2009-03-27 Todd C. Miller * visudo.c: When checking for unused aliases, recurse if the alias points to another alias. [2d4d1a7f3a41] 2009-03-16 Todd C. Miller * ldap.c: Back out rev 1.105 for now. Real ldapux_client.conf support will be done later after some refactoring. [8ad72e69b277] 2009-03-14 Todd C. Miller * ldap.c: Treat ldap_hostport the same as "host" for ldapux. [3281dcc66da8] * configure, configure.in: Only check for ldap_sasl_interactive_bind_s if we can find sasl.h. Fixes compilation with ldapux. [ca1ed585ef0e] 2009-03-12 Todd C. Miller * fileops.c: fix char subscript [41e51f080d00] 2009-03-11 Todd C. Miller * Makefile.in: remove errant carriage returns [e9e258a31c7b] * audit.c, env.c: fix K&R compilation [d182e8920f13] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: regen [791a5cbf04e5] 2009-03-10 Todd C. Miller * config.h.in: Add missing HAVE_BSM_AUDIT [49ad1bb96f04] * WHATSNEW: Add 1.7.1 features [f107f1604c61] * INSTALL: Mention --with-netsvc [d1e90d147795] * sudoers.ldap.pod: Document netsvc.conf support [e78f8abce6af] * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c, sudo_nss.h: Add support for AIX netsvc.conf (like nsswitch.conf). [1df56a84dee5] 2009-03-08 Todd C. Miller * config.h.in, configure, configure.in, env.c: Add --enable-env-debug flag to enable environment sanity checks. [128cdd8832e7] * sudoers.ldap.pod, sudoers.pod: Work around some pod2html issue. [e733b9609bd2] 2009-03-07 Todd C. Miller * env.c: Only sync environ for putenv, setenv, and unsetenv. We need to make sure that sudo_putenv and sudo_setenv only modify env.envp, not environ. [be3ac732243c] 2009-03-02 Todd C. Miller * env.c: Really fix UNSETENV_VOID [08ab7e882507] * env.c: Fix unsetenv when UNSETENV_VOID [d3038b3f2f15] * aclocal.m4, configure: Fix SUDO_FUNC_PUTENV_CONST [de35569c572b] * ldap.c: tivoli-based ldap does not have ldapssl_err2string [c63fd90d5e99] * configure: regen [f38f1ee828ad] 2009-03-01 Todd C. Miller * config.h.in, configure, configure.in, ldap.c: Add support for Tivoli-based LDAP start TLS as seen in AIX. Untested. [8f8771829f85] * env.c: Add sanity checks for setenv/unsetenv [adbd1d95856b] * Makefile.in: Include bsm_audit.h in the tarball [4a4aa02b2c32] * Makefile.in, version.h: bump version for sudo 1.7.1 [362c71d21595] * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in, env.c, ldap.c, sudo.h: Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and provide our own setenv/unsetenv/putenv that operates on own env pointer. Make sync_env() inline in setenv/unsetenv/putenv functions. [276edcd23032] 2009-02-25 Todd C. Miller * sudo.c: Make "sudoedit -h" work as expected [2bcbbb45d389] * auth/pam.c: Make sure def_prompt is always defined. This is a workaround for pam configs that prompt for a password in the session but don't have an auth line. A better fix is to expand the sudo prompt earlier and set def_prompt to that when initializing. [ee073c04aec3] * sudo.pod: Mention that the helper for -A may be graphical. [b64a940c4082] * TROUBLESHOOTING: Document what happens if there is no tty. [313d58a856a5] * sudo.c: cosmetic changes [894f5e3b0c3e] * term.c: Fix term_restore [6c6315ff14bc] * sudo.c: Fix "sudo -k" with no other args [59e94dc419c6] 2009-02-24 Todd C. Miller * check.c, sudo.c, sudo.pod, sudo_usage.h.in: Allow the -k flag to be specified in conjunction with a command or another option that may require authentication. [5960ff20355d] 2009-02-23 Todd C. Miller * configure, configure.in: Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes' [e86ab69c4a57] * Makefile.in: Parallel make fix. From Diego E. 'Flameeyes' [1289d7ee27db] 2009-02-21 Todd C. Miller * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: Implement umask_override [8b87a3f7c5aa] * toke.c: regen [79d7ca9ac873] * sudoers.pod, toke.l, visudo.c: Implement %h escape in sudoers include filenames. [a7f288dd64f0] * audit.c: Need to include compat.h [c0dc07ce2f70] * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c: Make audit_success and audit_failure generic functions in preparation for integrating linux audit support. [7df020a8fd6f] * term.c: remove duplicate include [1dfcd01a7e46] 2009-02-20 Todd C. Miller * bsm_audit.c: Add missing include [fb56e08c37ee] * sudo.c: May need to update the runas user after parsing command-based defaults. [246f130d7802] 2009-02-18 Todd C. Miller * glob.c: Add missing pair of braces introduced with character class support. [0e2afa2e03e9] 2009-02-15 Todd C. Miller * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c: Rename pwstars to pwfeedback [a9f85a57ebac] 2009-02-11 Todd C. Miller * bsm_audit.c, bsm_audit.h: Add const to make MacOS happy. [4274432d6627] * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure, configure.in, sudo.c: Add bsm audit support from Christian S.J. Peron [bef61cd8693d] * term.c: This is new code, no DARPA notice. [ec6ad09b9c23] 2009-02-10 Todd C. Miller * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: Rename simple_glob -> fast_glob [68d9ed803cc1] * match.c: g/c unused var [693fa0464eb6] * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: Add simple_glob option to use fnmatch() instead of glob(). This is useful when you need to specify patterns that reference network file systems. [77ba634f6949] * tgetpass.c: add term_* proto [520f5149d073] * sudoers.pod: mention glob() [ddaab8e03c52] 2009-02-09 Todd C. Miller * tgetpass.c: Delete any pwstars we wrote after the user hits return. That way there is no record on screen as to the user's password length. [fae25cda762b] 2009-02-08 Todd C. Miller * term.c: Move terminal setting bits from tgetpass.c to term.c [03d43325ee99] * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c: Add pwstars sudoers option that causes sudo to print a star every time the user presses a key. [7aab417e184d] 2009-02-03 Todd C. Miller * Makefile.in: Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in. [64f70e879816] 2009-01-27 Todd C. Miller * ldap.c: For ldap_search_ext_s() the sizelimit param should be 0, not -1, to indicate no limit. From Mark Janssen. [e2c5732d54f5] 2009-01-17 Todd C. Miller * toke.c, toke.l: Comments that begin with #- should not be parsed as uids. [a72a50f12f41] 2009-01-09 Todd C. Miller * sudo.c: Do not try to set the close on exec flag if we didn't actually open sudoers. [ece3ca256904] 2008-12-19 Todd C. Miller * ChangeLog: regen [e11f0e4c1bdd] [SUDO_1_7_0] 2008-12-14 Todd C. Miller * TODO: sync [5b8954462bb3] 2008-12-09 Todd C. Miller * auth/pam.c: Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the password prompt. [8563601cb3de] * configure, configure.in: Don't try to build sudo_noexec.so on HP-UX with the bundled compiler as it cannot generate shared objects. [6d4262ef9669] * emul/charclass.h, glob.c, lbuf.c, tgetpass.c: K&R compilation fixes [77921678d17c] * parse.c: Use tq_foreach_fwd when checking pseudo-commands to make it clear that we are not short-circuiting on last match. When pwcheck is 'all', initialize nopass to TRUE and override it with the first non- TRUE entry. [96b209f4778f] 2008-12-08 Todd C. Miller * parse.c: Do not short circuit pseudo commands when we get a match since, depending on the settings, we may need to examine all commands for tags. [fdbaf89d6f35] 2008-12-03 Todd C. Miller * sudoers.cat, sudoers.man.in: regen [1ecce7c1b841] * sudoers.pod: hostnames may also contain wildcards [82b76695601c] * Makefile.in: remove stamp-* files and linux core files in clean target [22003f091467] 2008-12-02 Todd C. Miller * auth/sudo_auth.h, config.h.in, configure, configure.in: Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX [6905bede8410] 2008-11-26 Todd C. Miller * configure, configure.in: correctly enable SIA on Digital UNIX [a51881d13995] * TODO: checkpoint [af0fe8d94d42] * ChangeLog: sync [831f623cf99c] 2008-11-25 Todd C. Miller * check.c, sudo.h, tgetpass.c: Even if neither stdin nor stdout are ttys we may still have /dev/tty available to us. [20f306ba883b] 2008-11-24 Todd C. Miller * sudoers.cat, sudoers.man.in: regen [76d97c4c318f] * sudoers.pod: fix typos; Markus Lude [bff8bc1e2066] * ChangeLog: sync [f108552531cd] * toke.c: regen [de828413c67e] * toke.l: Fix matching of a line that only consists of a comment char [09c953d8d5ca] 2008-11-22 Todd C. Miller * auth/pam.c: MacOS pam will retry conversation function if it fails so just treat ^C as an empty password. [d056058930bc] * visudo.c: When checking for alias use, also check defaults bindings. [2647f82c7dbd] * redblack.c: unused var [b7ff71c17c18] * redblack.c: Replace my rbdelete with Emin's version (which actually works ;-) [21b133dd0c72] 2008-11-19 Todd C. Miller * testsudoers.c: malloc debugging [0fb446fa3279] * visudo.c: malloc options in devel mode for visudo too [98d06c6afeef] 2008-11-18 Todd C. Miller * sudo.c: fix compilation on non-C99; from Theo [7c304e16c536] * visudo.c: fix check_aliases [83f30a3b1765] * alias.c: when destroying an alias, free the correct data pointer [6e1a8bd86c01] * auth/sudo_auth.h: add proto for aixauth_cleanup; from Dale King [eba94ffc8f63] 2008-11-15 Todd C. Miller * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: regen [409fa57fff83] * sudo.pod, sudoers.pod, visudo.pod: standardize on the term 'option' for command line options (not flag) [228caefc2e36] 2008-11-14 Todd C. Miller * INSTALL: Add note on configuring HP-UX pam [f7674a581baf] 2008-11-11 Todd C. Miller * check.c, sudo.c: Move tty checks into check_user() so we only do them if we actually need a password. [7d997d7106d6] * sudo.c: Don't error out if no tty or askpass unless we actually need to authenticate. [9f23b83ed66c] 2008-11-10 Todd C. Miller * ChangeLog: regen [23f9aef32da6] * pathnames.h.in, sudo.c: s/overriden/overridden/; from Tobias Stoeckmann [9f7459a8fac5] 2008-11-09 Todd C. Miller * WHATSNEW, visudo.c: check sudoers owner and mode in strict mode [a3468c5ac1c4] * gram.c, toke.c: regen [7d6b515a5443] * sudo.man.in, sudoers.man.in, visudo.man.in: Update copyright years. [52d340cb8cba] * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h, closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c, gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c, interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h, parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod, testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c, visudo.pod, zero_bytes.c: Update copyright years. [b4e6bf2beafa] * emul/charclass.h, fnmatch.c, glob.c: add my copyright [28681385014a] 2008-11-08 Todd C. Miller * toke.c, toke.l: The loop in fill_cmnd() was going one byte too far past the end, resulting in a NUL being written immediately after the buffer end. [a5a49d603cd7] * UPGRADE, WHATSNEW: add sections on tgetpass changes [2e6929b6a102] * tgetpass.c: Treat EOF w/o newline as an error. [aa02b1db9240] 2008-11-07 Todd C. Miller * parse.c: Fix "sudo -v" when NOPASSWD is set. [f4914711ea80] * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h: No longer treat an empty password at the prompt as special. To quit out of sudo you now need to hit ^C at the password prompt. [980f760ad419] * sudoers.cat, sudoers.man.in: regen [6ca21a2cd869] * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: Sudo will now refuse to run if no tty is present unless the new visiblepw sudoers flag is set. [0cc56943252e] 2008-11-06 Todd C. Miller * aix.c: just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not defined [24fc6f712d5c] * aix.c: fix fallback value for RLIM_SAVED_MAX [e09e04e1af89] * auth/aix_auth.c, auth/sudo_auth.h: Move clearing of AUTHSTATE into aixauth_cleanup. [e14ae7bd259c] * auth/aix_auth.c, env.c: Unset AUTHSTATE after calling authenticate() as it may not be correct for the user we are running the command as. [d14f68f1b0ab] * isblank.c: Add isblank() function for systems without it. Needed for POSIX character class matching in fnmatch.c and glob.c. [16cba30b283f] 2008-11-05 Todd C. Miller * TROUBLESHOOTING: expound on sudo and cd [8e0fa9033637] 2008-11-04 Todd C. Miller * ChangeLog: regen [40cf320a10fc] * sudoers.cat, sudoers.man.in: regen [7cac761ae2c6] * sudoers.pod: mention defauts parse order [4e2ce86d1394] 2008-11-03 Todd C. Miller * Makefile.in, aclocal.m4, compat.h, configure: Add isblank() function for systems without it. Needed for POSIX character class matching in fnmatch.c and glob.c. [a1ab55da8424] * Makefile.in: add emul/charclass.h to HDRS [7e8a019dcaa4] 2008-11-02 Todd C. Miller * TODO: checkpoint [afeb9bc1baed] * defaults.c, parse.c, testsudoers.c, visudo.c: Move update_defaults into defaults.c and call it properly from visudo and testsudoers. [f4dbb369461f] * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c, tsgetgrpw.c: use zero_bytes() instead of memset() for consistency [4cee0465f4a8] * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c, visudo.c: Zero out sigaction_t before use in case it has non-standard entries. [120092225459] * match.c: quiet gcc [098a1df49b23] * match.c: Short circuit glob() checks if basename(pattern) != basename(command). Refactor code that checks for a command in a directory and use it in the glob case if the resolved pattern ends in a '/'. [3c46fd317acb] 2008-11-01 Todd C. Miller * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c: Defer setting runas defaults until after runaspw/gr is setup. [12e75ee49c0c] 2008-10-29 Todd C. Miller * match.c, sudo.c, testsudoers.c: Use MAXHOSTNAMELEN+1 when allocating host/domain name since some systems do not include space for the NUL in the size. Also manually NUL-terminate buffer from gethostname() since POSIX is wishy-washy on this. [7266ab3296a3] 2008-10-26 Todd C. Miller * sudo.c, sudoers.pod: When setting the umask, use the union of the user's umask and the default value set in sudoers so that we never lower the user's umask when running a command. [4e804b004e38] * sudo.c: Don't try to read from a zero-length sudoers file. Remove the bogus Solaris work-around for EAGAIN. Since we now use fgetc() it should not be a problem. [bb8e5f68d944] 2008-10-25 Todd C. Miller * parse.c: In update_defaults() check the return value of user*_matches against ALLOW so we don't inadvertantly match on UNSPEC. [4e422fa1527e] 2008-10-24 Todd C. Miller * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: regen man pages; no more hyphenation [15de4fe2fe01] * sudo.c: Don't error out on a zero-length sudoers file. With the advent of #include the user could create a situation where sudo is unusable. [6eb461319fa5] 2008-10-23 Todd C. Miller * auth/kerb5.c, config.h.in, configure, configure.in: Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at all. Add configure tests to handle all the cases. [4b554a98470d] 2008-10-08 Todd C. Miller * sudo.pod: resort ENVIRONMENT [f4f20f40653e] * sudoers.pod: document sudoers_locale [0bffd2dbe806] * sudo.pod, sudo_edit.c: add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL or EDITOR [0ef8cb248cee] * toke.c, toke.l: In fill_cmnd(), collapse any escaped sudo-specific characters. Allows character classes to be used in pathnames. [5685244c8e44] 2008-10-03 Todd C. Miller * lbuf.c: fix typo in non-C89 function declaration [99a7113b3a05] * sudoers.pod: Mention POSIX characters classes now that out fnmatch() and glob() support them. [9c916f1230c3] * sample.sudoers, sudoers.pod: Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is locale agnostic. [a60a62bec244] * parse.h: use __signed char if we are going to assign a negative value since on Power, char is unsigned by default [2877b319df17] * config.h.in, configure, configure.in: Add tests for __signed char and signed char. [5eb874fdf1d4] * aix.c: Fix AIX limit setting. getuserattr() returns values in disk blocks rather than bytes. The default hard stack size in newer AIX is RLIM_SAVED_MAX. From Dale King. [3db67415ecc3] 2008-09-26 Todd C. Miller * emul/charclass.h, fnmatch.c, glob.c: Add character class support to included glob(3) and fnmatch(3). [6b5b4ad77899] 2008-09-16 Todd C. Miller * emul/fnmatch.h: Remove UCB advertising clause and some compatibility defines. [2ade7bee74e1] 2008-09-14 Todd C. Miller * sudo_edit.c: Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself or sudo. This allows one to set EDITOR to sudoedit without getting into an infinite loop of sudoedit running itself until the path gets too big. [aa49ab68f82d] * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c: Add sudoers_locale Defaults option to override the default sudoers locale of "C". [0639886a35bf] 2008-09-13 Todd C. Miller * sudo.c: Set locale to system default except for during sudoers parse. [016dd2736728] 2008-09-12 Todd C. Miller * match.c: Redo change in 1.34 to use pointer arithmetic. [f9e7b63bb450] 2008-09-11 Todd C. Miller * match.c: Fix a dereference (read) of a freed pointer. Reported by Patrick Williams. [69877b633753] 2008-08-23 Todd C. Miller * sudo.c: Set locale to "C" to avoid interpretation issues with character ranges in sudoers. May want to make the locale a sudoers option in the future. [098a95de1746] 2008-08-20 Todd C. Miller * config.h.in: we no longer use setproctitle [c7f20fb747ea] * sudo.h: remove #if 1 [a368ee6816c6] * LICENSE, mkstemp.c: Use my replacement mkstemp() from the mktemp package. [d07c2beb0f9e] 2008-07-12 Todd C. Miller * gram.c: regen with yacc skeleton bug fixed [24784571cbb8] * sudoers.pod: Remove duplicate "as root". From Martin Toft. [97241acfee5e] 2008-07-02 Todd C. Miller * pwutil.c, sudo.c, sudo.h, testsudoers.c: Flesh out the fake passwd entry used for running commands as a uid not listed in the passwd database. Fixes an issue with some PAM modules. [a6648227f3f2] 2008-07-01 Todd C. Miller * sudo.c: Error out in -i mode if the user has no shell. This can happen when running commands as a uid with no password entry. [0c174bef36ff] 2008-06-26 Todd C. Miller * toke.c, toke.l: Better fix for line continuation inside double quotes. Now accepts whitespace between the backslash and the newline like the main lexer. [64efcdf86d31] 2008-06-25 Todd C. Miller * toke.c, toke.l: Fix line continuation in strings. It was only being honored if preceded by whitespace. [96c21271a3e4] 2008-06-22 Todd C. Miller * config.h.in, configure, configure.in, logging.c: Replace the double fork with a fork + daemonize. [328505441e67] 2008-06-21 Todd C. Miller * env.c, sudo.c: The -i flag should imply env_reset. This got broken in sudo 1.6.9. [3caedfeaec87] * logging.c, sudo.c, sudo_edit.c, visudo.c: Change how the mailer is waited for. Instead of having a SIGCHLD handler, use the double fork trick to orphan the child that opens the pipe to sendmail. Fixes a problem running su on some Linux distros. [b59ce60a393d] 2008-06-20 Todd C. Miller * configure, configure.in: Fix configure test for dirfd() on Linux where DIR is opaque. [b8f729cdfecc] 2008-06-17 Todd C. Miller * tgetpass.c: Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has this problem we'll need to revisit this again. [c17fee8ad530] 2008-06-11 Todd C. Miller * logging.c: Ignore SIGPIPE instead of blocking it when piping to the mailer. If we only block the signal it may be delivered later when we unblock. Also, there is no need to block SIGCHLD since we no longer do the double fork. The normal SIGCHLD handler is sufficient. [e94a49e992e5] 2008-06-08 Todd C. Miller * configure, configure.in: Add description for NO_PAM_SESSION, from a redhat patch. [b9e4c939ec09] 2008-06-06 Todd C. Miller * sudo.cat, sudo.man.in, sudo.pod: Fix typos in -i usage [2d7ce5de0235] 2008-05-18 Todd C. Miller * configure, configure.in: Redo the test for dgettext() in a way that hopefully will work around the libintl_dgettext() undefined problem. [d27beb0cf85e] 2008-05-11 Todd C. Miller * schema.ActiveDirectory: change filename in comment [733da4ee9ac5] 2008-05-10 Todd C. Miller * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: Reference schema.ActiveDirectory [d6aec537800e] 2008-05-09 Todd C. Miller * schema.OpenLDAP, schema.iPlanet: Mark sudoRunAs as deprecated. [00c50df807af] * schema.ActiveDirectory: add sudoRunAsUser and sudoRunAsGroup [19bcce6f72fb] * schema.ActiveDirectory: Active Directory schema by Chantal Paradis and Eric Paquet [06a09c92c6a5] 2008-05-08 Todd C. Miller * parse.c: remove an XXX that was fixed [b88038062fa2] * ChangeLog: sync [8fc27c17270e] * parse.c: Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This fixes a problem where the tag value printed was influenced by defaults set in the first pass through the parser. [588ccd630367] 2008-05-04 Todd C. Miller * Makefile.in, sudo.psf: No point in packaging the TODO file [9590248fffe1] * ChangeLog: sync [152acf4c6813] 2008-05-03 Todd C. Miller * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c, sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod: Add env_file Defaults option that is similar to /etc/environment on some systems. [1daf53d51e18] 2008-05-02 Todd C. Miller * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, version.h, visudo.cat, visudo.man.in: change version to 1.7.0 [d41d126b9bd8] * UPGRADE: initial valgrind pass done [c59c3876d8ca] 2008-04-23 Todd C. Miller * ldap.c: Fix typo/think in sudo_ldap_read_secret() when storing the secret. [830d246c09b0] 2008-04-11 Todd C. Miller * ldap.c: define LDAPS_PORT if the system headers do not [247b12325701] 2008-04-10 Todd C. Miller * gram.c, gram.y: Fix another memory leak in init_parser(). [7bba47deba11] * configure, configure.in: There was a missing space before the ldap libs in SUDO_LIBS for some configurations. [7524cfc93759] * alias.c, gram.c, gram.y, toke.c, toke.l: Clean up some memory leaks pointed out by valgrind. [a965866ece1a] 2008-04-07 Todd C. Miller * sudo.c: fix "sudo -s" broken by mode/flags breakout [acffe984d408] * configure, configure.in: remove duplicate check for dgettext [58145529133c] 2008-04-05 Todd C. Miller * aix.c: Fall back to default stanza if no user-specific limit is found. [7b8cb29123ee] 2008-04-02 Todd C. Miller * snprintf.c: include stdint.h if present [f0ec38529306] * snprintf.c: Use LLONG_MAX, not the old QUAD_MAX [01041ce508fb] 2008-04-01 Todd C. Miller * sudoers.ldap.pod: fix cut and pasto [34240fdef5ab] 2008-03-31 Todd C. Miller * pwutil.c: Add #ifdef PURITY [ce1b571ad526] 2008-03-30 Todd C. Miller * auth/bsdauth.c: remove useless cast [494f8a862e1d] 2008-03-27 Todd C. Miller * ChangeLog: sync [f5c97ffaabcc] * TODO: sync [96ff1c44c182] * sudo.h: Split MODE_* defines into primary and flags. [c02ee3027cb9] 2008-03-26 Todd C. Miller * aix.c: It turns out the logic for getting AIX limits is more convoluted than I realized and differs depending on whether the soft and/or hard limits are defined. [cf8d3f85d395] 2008-03-23 Todd C. Miller * Makefile.in, configure, configure.in: Back out AIX-specific change to set the sudo_noexec path to the .a file, we do really want to use the .so file. Since libtool doesn't do that correctly, just install the .so file ourselves in the Makefile. [05c6f33177d9] * install-sh: If the file given to install is a path, only use the basename of the file when building the destination path. [695ba4e429ce] 2008-03-18 Todd C. Miller * sudo.c: parse_args() cleanup: Sort command line options in the getopt() switch The -U option requires a parameter Normalize a few ISSET calls Split mode into mode and flags and retire the now-obsolete excl variable [0d156835f861] * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in: Add -n (non-interactive) flag. [e3e50400d32d] * sudo.c: Move version printing, etc. into a separate function. [18c91b476e2c] * sudo.c: Don't try to cleanup nsswitch if it has not been initialized. [aeb1ca1b399d] 2008-03-17 Todd C. Miller * logging.c: Block SIGPIPE in send_mail() so sudo is not killed by a problem executing the mailer. [f130e7924cca] 2008-03-14 Todd C. Miller * configure, configure.in: AIX shared libs end in .a, not .so. [a5deb07020d8] 2008-03-13 Todd C. Miller * env.c: Preserve HOME by default too. Matches documentation and previous behavior. [c16f17f1047c] 2008-03-12 Todd C. Miller * sudo.c: Use getopt() to parse the command line. We need to be able to intersperse env variables and options yet still honor "--"" which complicates things slightly. [60f271ce5c16] 2008-03-06 Todd C. Miller * ChangeLog: sync [685e67964eda] * acsite.m4, configure, ltmain.sh: update to libtool-1.5.26 [4c9a8c3d3b40] * config.guess, config.sub: update from libtool-1.5.26 distribution [c6641aef2527] * aix.c, sudo.h: attempt to fix compilation errors on AIX [edb13e5b2184] * Makefile.in: fix typo in last commit [25ba7f7ceae4] * Makefile.in: Add WHATSNEW file to the distribution [213f4115de8f] * visudo.c: use warningx instead of fprintf(stderr, ...) [a3494b8ccb19] * list.c: add DEBUG to list2tq [115d24a3000c] * ChangeLog, TODO: sync [60e6f4d1fac0] * WHATSNEW: mention mailfrom [e2498f9e18d6] * Makefile.in, aix.c, config.h.in, configure, configure.in, set_perms.c, sudo.h: Add aix_setlimits() to set resource limits on AIX using a combination of getuserattr() and setrlimit(). Currently untested. [9b1441fd89ca] 2008-03-05 Todd C. Miller * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat, sudoers.man.in, sudoers.pod: Add mailfrom Defaults option that sets the value of the From: field in the warning/error mail. If unset the login name of the invoking user is used. [029b9f05d3d9] * defaults.c: store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable [a90e407d5e00] * gram.c, gram.y: When adding a default, only call list2tq() once to do the list to tq conversion. It is not legal to call list2tq multiple times on the same list since list2tq consumes and modifies the list argument. [fbc25d245c4a] * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: comment out XXXs for now [595a1d43309d] * WHATSNEW: mention askpass [b993e0837c22] 2008-03-04 Todd C. Miller * sudo.c: Error out if both -A and -S are specified Error out if -A is specified but no askpass is configured [24f1df2638f6] * configure, configure.in: we are not going to ship a sudo-specific askpass [61949e7a3943] 2008-03-03 Todd C. Miller * sudo.h: fix definition of TGP_ASKPASS [0447c57ba4c3] * def_data.c, def_data.in: make askpass boolean-capable [e0885893a325] * INSTALL: document --with-askpass [c76e15ba97cf] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, sudoers.man.in, visudo.cat: regen [8d16242980b7] 2008-03-02 Todd C. Miller * sudo.pod, sudo_usage.h.in, sudoers.pod: document -A and askpass [02c07505a78c] * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c, def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h, sudo_usage.h.in, tgetpass.c: Add support for running a helper program to read the password when no tty is present (or when specified with the -A flag). TODO: docs. [05780f5f71fd] * def_data.c, def_data.in: add missing printf format to SELinux role and type strings [2b32774715e7] 2008-02-27 Todd C. Miller * INSTALL, configure, configure.in: Disable use of gss_krb5_ccache_name() by default and add --enable-gss-krb5-ccache-name configure option to enable it. It seems that gss_krb5_ccache_name() doesn't work properly with some combinations of Heimdal and OpenLDAP. [f61ebd3b19bd] 2008-02-22 Todd C. Miller * selinux.c: Ignore setexeccon() failing in permissive mode. Also add a call to setkeycreatecon() (though this is probably insufficient). From Dan Walsh. [52564fc1c069] * auth/pam.c: Only set std_prompt for the PAM_PROMPT_* cases. The conversation function may be called for non-password reading purposes so we must be careful not to use def_prompt in cases where it may not be set. [29d88ca575ba] 2008-02-20 Todd C. Miller * selinux.c: Don't free the new tty context, we need to keep it around when we restore the tty context after the command completes [5b4bd39b6ea8] 2008-02-19 Todd C. Miller * selinux.c: s/newrole/sudo/ [21b8a96ff8df] * sudo.man.pl, sudo.pod: Only put login_cap(3) in SEE ALSO section if we have login.conf support [05250ddff2c0] 2008-02-18 Todd C. Miller * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: regen [301e5c5ccdbe] * sudoers.pod: Substitute in comment characters for lines partaining to login.conf, BSD auth and SELinux and only enable them if pertinent. [c1c98fa163ce] * sudoers.man.pl: Substitute in comment characters for lines partaining to login.conf, BSD auth and SELinux and only enable them if pertinent. [6c88f30b878a] * sudo.pod: Substitute in comment characters for lines partaining to login.conf, BSD auth and SELinux and only enable them if pertinent. [acdbdfd24e1d] * sudo.man.pl: Substitute in comment characters for lines partaining to login.conf, BSD auth and SELinux and only enable them if pertinent. [0c56d4750ac3] * Makefile.in, configure, configure.in: Substitute in comment characters for lines partaining to login.conf, BSD auth and SELinux and only enable them if pertinent. [9a02bd6a6658] * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod: Remove the =cut on the first line (above the copyright notice) to quiet pod2man. Also remove the hackery in the FILES section and just deal with the fact that there will a newline between each pathname. [2ac1ab191835] 2008-02-17 Todd C. Miller * Makefile.in: run sudo.man.pl when generating sudo.man.in [859727369168] * configure, configure.in, sudo.man.pl: comment out SELinux manual bits unless --with-selinux was specified [97ff4212b649] * sudoers.pod: document role and type defaults for SELinux [870f303366b3] * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in: Document "sudo -ll" and make "sudo -l -l" be equivalent. [3ce6dc429ea3] 2008-02-15 Todd C. Miller * configure, configure.in: Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on Debian GNU/kFreeBSD. [c4efa567a328] 2008-02-13 Todd C. Miller * auth/kerb5.c: Avoid Heimdal'isms introduced in the rev 1.32 rewrite of verify_krb_v5_tgt() [f80538e5a6fa] * logging.c, logging.h, sudo.c: Remove dependence on VALIDATE_NOT_OK in logging functions. Split log_auth() into log_allowed() and log_denial() Replace mail_auth() with should_mail() and a call to send_mail() [58aac9997557] 2008-02-10 Todd C. Miller * ldap.c: Add debugging so we can tell if the krb5 ccache is accessible [c679322527bb] * INSTALL: mention --with-selinux [9efbe0b52194] 2008-02-09 Todd C. Miller * configure: regen [467a834f867c] * selinux.c: add Sudo tag [d004ee669bed] * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, testsudoers.c, toke.c, toke.l: Add support for SELinux RBAC. Sudoers entries may specify a role and type. There are also role and type defaults that may be used. To make sure a transition occurs, when using RBAC commands are executed via the new sesh binary. Based on initial changes from Dan Walsh. [1d4abfe2c004] * sesh.c: Add support for SELinux RBAC. Sudoers entries may specify a role and type. There are also role and type defaults that may be used. To make sure a transition occurs, when using RBAC commands are executed via the new sesh binary. Based on initial changes from Dan Walsh. [1e3b395ce049] * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h, pathnames.h.in, selinux.c: Add support for SELinux RBAC. Sudoers entries may specify a role and type. There are also role and type defaults that may be used. To make sure a transition occurs, when using RBAC commands are executed via the new sesh binary. Based on initial changes from Dan Walsh. [6b421948286e] 2008-02-08 Todd C. Miller * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c: Add long list (sudo -ll) support for printing verbose LDAP and sudoers file entries. Still need to update manual. [2875be37935c] 2008-02-03 Todd C. Miller * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h: Unify the -l output for file and ldap based sudoers and use lbufs for both. The ldap output does not currently include options that cannot be represented as tags. This will be remedied in a long list output mode to come. [b2e429456596] 2008-01-27 Todd C. Miller * set_perms.c: Use a specific error message for errno == EAGAIN when setuid() et al fails. On Linux systems setuid() will fail with errno set to EAGAIN if changing to the new uid would result in a resource limit violation. [08d0aecd9f03] * sudo.c: Unlimit nproc on Linux systems where calling the setuid() family of syscalls causes the nroc resource limit to be checked. The limits will be reset by pam_limits.so when PAM is used. In the non-PAM case the nproc limit will remain unlimited but there doesn't seem to be a way around that other than having sudo parse /etc/security/limits.conf directly. [df024b415a8d] * env.c, sudo.c, sudo.pod: Only read /etc/environment on Linux and AIX [90669e2aefdb] 2008-01-23 Todd C. Miller * configure, configure.in: Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent ldap.conf and ldap.secret paths from going into config.h. Avoid single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED since in some versions of bash they will end up literally in the resulting define. [25390f3ef10a] 2008-01-21 Todd C. Miller * README.LDAP: mention --with-nsswitch=no [c509df927263] * configure, configure.in: ldap_ssl.h depends on ldap.h being included first [d96d90e9b21f] * config.h.in, configure, configure.in, ldap.c: Include ldap_ssl.h if we can find it. Needed for the ldapssl_set_strength defines on HP-UX at least. [9e530470948a] * sudoers.ldap.pod: sync [b9d101f4673a] * TODO: sync [2ce951b2ecd0] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: regen [b61d793987e0] * Makefile.in: Use 78n line length when formatting cat pages. [761bee9d5759] * README.LDAP: Remove redundant info that is now in sudoers.ldap.pod [01828dcce59e] 2008-01-20 Todd C. Miller * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: Reorganize the first section a bit. Substitute the proper path for /etc/sudoers. [11ae165e065d] * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move schema into EXAMPLES [ab6509d1dde7] * configure, configure.in: Substitute values for ldap.conf, ldap.secret and nsswitch.conf into sudoers.ldap.man. [6e689972f465] * configure, configure.in: substitute for sudoers.ldap.man [5a4a25766dee] * Makefile.in: Fix cut & pasto introduced when adding sudoers.ldap man page. [a7b069af8894] * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: Fill in some of the missing pieces. Still needs some reorganization and editing. [5e7331722166] 2008-01-19 Todd C. Miller * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: Beginnings of a sudoers.ldap man page. Currently, much of the information is adapted from README.LDAP. [aad28c8a922d] 2008-01-18 Todd C. Miller * pwutil.c: When copying gr_mem we must guarantee that the storage space for gr_mem is properly aligned. The simplest way to do this is to simply store gr_mem directly after struct group. This is not a problem for gr_passwd or gr_name as they are simple strings. [af58fc76f1ed] * ldap.c: Fix a typo/thinko in one of the calls to sudo_ldap_check_user_netgroup(). From Marco van Wieringen. [70b2eb8097f5] 2008-01-17 Todd C. Miller * config.h.in, configure, configure.in, ldap.c: include in ldap.c if available [34346206ef16] 2008-01-16 Todd C. Miller * gram.c, gram.y: Make sure we define SIZE_MAX for yacc's skeleton.c [d8a45c7a3c42] * tgetpass.c: Use TCSAFLUSH when restoring terminal settings (and echo) to guarantee that any pending output is discarded [549a184479e5] 2008-01-15 Todd C. Miller * sudoers: no longer need to specify SETENV when user has sudo ALL [3051b41f8032] * testsudoers.c: sync user_args size calculation with sudo.c Add -g group option, renaming old -g to -G Add set_runasgr() and set_runaspw() and use them [0850325180f0] * sudo.c, sudo.h: Make set_runaspw static void [5d44d7a340ce] * testsudoers.c, visudo.c: g/c set_runaspw stub [79ebb5e2cc38] * configure, configure.in: Don't add -llber twice. [4356d302eef4] 2008-01-14 Todd C. Miller * ldap.c: fix typo [249cecc557e9] 2008-01-13 Todd C. Miller * gram.c: regen [2f94ea375b67] * configure, configure.in: Fix check that determines whether -llber is required. [6afa99523379] * README.LDAP, config.h.in, configure, configure.in, ldap.c: For netscape-based LDAP, use ldapssl_set_strength() to implement the checkpeer ldap.conf option. [16ae24d73795] * auth/kerb5.c: Delay krb5_cc_initialize() until we actually need to use the cred cache, which is what krb5_verify_user() does. Better cleanup on failure. [d12e5f1695b8] 2008-01-12 Todd C. Miller * auth/kerb5.c: Rewrite verify_krb_v5_tgt() based on what heimdal's krb5_verify_user() does. [05b5815f86c9] 2008-01-09 Todd C. Miller * gram.c: The U suffix on constants is an ANSI feature [c6dfce3167f1] * configure, configure.in: Add check for ber_set_option() in -llber [43d0c0566074] 2008-01-07 Todd C. Miller * README.LDAP: default if no nsswitch.conf is files only [c13001d9c998] 2008-01-06 Todd C. Miller * README.LDAP: don't tell people to mail aaron about LDAP stuff [8165ec1ef0c6] * README.LDAP: timelimit and bind_timelimit [44f74cbed167] * ChangeLog: sync [aba1a0ab02bd] * ldap.c: Move ldap.secret reading into a separate function. [1948acc9f7a4] * check.c: user_runas -> runas_pw [334490fc2bae] 2008-01-05 Todd C. Miller * TODO: sync [c7b165cc47c6] * check.c, sudo.pod, sudoers.pod: Add and document the %p escape in the password prompt. Based on a patch from Patrick Schoenfeld. [3972d4f31ffa] * ldap.c: Check strlcpy() return values. [9b42f3ae8ff1] * ldap.c: refactor ldap binding code into sudo_ldap_bind_s() [cb0c66a4d955] * README.LDAP: Make it clear that host and uri can take multiple parameters. URI is now supported for more than just openldap nsswitch.conf does't accept "compat" [f610dea656d6] * sudo.c: comment cleanup and update (c) year [6cd69c810ca5] * parse.c, sudo_nss.c: Move display_privs() and display_cmnd() from parse.c to sudo_nss.c. This should make it possible to build an LDAP-only sudo binary. [61c3f27066a0] * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h: Improve chaining of multiple sudoers sources by passing in the previous return value to the next in the chain [2c0b722b1b2d] * gram.y: Free up parser data structures in sudo_file_close(). [2251531d4519] * gram.c, parse.c: Free up parser data structures in sudo_file_close(). [8371f130f401] * ldap.c: Parse uri ourself if no ldap_initialize() is present Use ldap_create() instead of deprecated ldap_init() Use ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s() [85d3825b1953] * config.h.in, configure, configure.in: Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from CFLAGS [240524512bc5] 2008-01-04 Todd C. Miller * config.h.in, configure, configure.in: add check for ldap_create [3089badd73b8] 2008-01-03 Todd C. Miller * config.h.in, configure, configure.in, ldap.c: Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's dn using the mechanism appropriate for the LDAP SDK in use. Use ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them. [6deeca3d00cc] * lbuf.c: include unistd.h [8419ed0bae7f] * config.h.in, configure.in: fix typo in mtim_getnsec [2d5f21230a60] 2008-01-02 Todd C. Miller * config.h.in, configure, configure.in: add check for st__tim in struct stat as used by SCO [587060ea2a89] * ldap.c: use ldap_search_ext_s instead of deprecated ldap_search_s [5fc44fe3b44c] * Makefile.in, TODO, sudo.cat, sudo.man.in: add sudo_nss.h to HDRS [86f01a70ff29] * ldap.c: Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and ldap_rdn2str(). [aa217002cfae] 2008-01-01 Todd C. Miller * ldap.c: Use ldap_get_values_len()/ldap_value_free_len() instead of the deprecated ldap_get_values()/ldap_value_free(). [e22dceb85e57] * ChangeLog: sync [adad27b36107] * TODO: sync [c449eb47e0ef] * gettime.c, sudo.c: Remove some already fixed XXXs [532788d0e6da] * ldap.c: Same return value as non-existent sudoers if LDAP was unable to connect. [5819810e8e4e] * sudo.pod: mention /etc/environment [ea8e6102f853] * README.LDAP, UPGRADE, WHATSNEW: Update to reflect recent developments. [ed1fb026fe77] * sudo.c: Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output. [55b68a58260d] * ldap.c: When building up a query don't list groups in the aux group vector that are the same as the passwd file group. On most systems the first gid in the group vector is the same as the passwd entry gid. [4bb51e297e0d] * env.c, ldap.c: Define LDAPNOINIT before calling ldap_init(), etc. to disable user ldaprc and system defaults that could affect how LDAP works. [ce5036440db2] * INSTALL, configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c, sudo_nss.h: Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users to specify nsswitch.conf path or disable it. If --with-nsswitch=no but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf- file and --with-ldap-secret-file [ea5d7704381f] * parse.c: Honor def_ignore_local_sudoers [f38e1121fae1] 2007-12-31 Todd C. Miller * ldap.c: no longer need to check def_ignore_local_sudoers here [fce2a72f96fb] * parse.c: Refactor group vector resetting into a function and also call it from display_cmnd. Stop after the first sucessful match in display_cmnd. Print a newline between each display_privs method. [981b37b5adff] * parse.c: fix double free introduced in rev 1.218 [c574b02d8747] * ldap.c: belt and suspenders; zero out result after freeing it [7732988d4620] * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c: Refactor line reading into a separate function, sudo_parseln(), which removes comments, leading/trailing whitespace and newlines. May want to rethink the use of sudo_parseln() for /etc/ldap.secret [61d9068f0645] * parse.c, sudo.c: Make the inability to read the sudoers file a non-fatal error if there are other sudoers sources available. sudoers_file_lookup now returns "not OK" if sudoers was not present [643babf597a8] * ldap.c: make it clear that the global options are from LDAP [9ff950349463] * logging.c: allocate proper amount of space for error string [8bebb7d46d19] * sudo_nss.c, sudo_nss.h: actual sudo nss code [5bd7d52d7738] * ldap.c, parse.c, sudo.c, sudo.h: nss-ify display_privs and display_cmnd. [cccfdd3253f2] * defaults.c, parse.c, testsudoers.c, visudo.c: move update_defaults() to parse.c [ace144b958a9] * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h: Use nsswitch to hide some sudoers vs. ldap implementation details and reduce the number of #ifdef LDAP TODO: fix display routines and error handling [6225edde89a6] 2007-12-28 Todd C. Miller * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h: First cut at nsswitch.conf support. Further reorganizaton and related changes are forthcoming. [717f59d0790b] 2007-12-21 Todd C. Miller * env.c, pathnames.h.in, sudo.c, sudo.h: Add support for reading and /etc/environment file. Still needs to be documented and should probably only applies to OSes that have it (AIX and Linux, maybe others). [15d3edae27e4] * ldap.c: include limits.h [e19875ef0f82] 2007-12-20 Todd C. Miller * WHATSNEW: reword LDAP SASL [7ec3c4ec31b5] 2007-12-19 Todd C. Miller * TODO: sync [87c5a7aea7bf] * README.LDAP: Add an example sudoRole, clarify netscape vs. openldap a bit more [6f96c0ca8107] * README.LDAP: Be clear on what is OpenLDAP vs. Netscape-derived [a33c8314dec5] * config.h.in, configure, configure.in, ldap.c: Use ldapssl_init() for ldaps support instead of trying to do it manually with ldap_init() + ldapssl_install_routines(). Use tls_cert and tls_key for cert7.db and key3.db respectively. Don't print debugging info for options that are not set. Add warning if start_tls specified when not supported. [abb62dc7e4a3] * ldap.c: fix compilation on solaris [03d449684e80] * Makefile.in: add missing .h and .c files for missing lib objs [8b37825bdfc7] 2007-12-18 Todd C. Miller * ldap.c: fix LDAP_OPT_NETWORK_TIMEOUT setting [226eba89c0ad] * ldap.c: fix compilation on Solaris [917d47639eb6] 2007-12-17 Todd C. Miller * configure, configure.in: fix typo [009d5c81b225] * README.LDAP: try to clear up which variables are for OpenLDAP and which are for netscape-derived SDKs [f8d9823ee73c] * config.h.in, configure, configure.in, ldap.c: Add support for "ssl on" in both netscape and openldap flavors. Only the OpenLDAP flavor has been tested. [952745829ec5] * logging.c, sudo.c, sudo.h: Call cleanup() before exit in log_error() instead of calling sudo_ldap_close() directly. ldap_conn can now be static to sudo.c [da02d1b67a2c] * sudo.c: ld -> ldap_conn [01afa6d927cc] 2007-12-16 Todd C. Miller * logging.c, sudo.c, sudo.h: Better ldap cleanup. [25b9abe2d617] * ldap.c: Distinguish between LDAP conf settings that are connection-specific (which take an ld pointer) and those that are default settings (which do not). [d48dc6c9c3b4] 2007-12-14 Todd C. Miller * ldap.c: Improved warnings on error. [c8dce7b4feb4] * ldap.c: Make ldap config table driven and set the config *after* we open the connection. [d9698b5a2681] 2007-12-13 Todd C. Miller * ldap.c: fix LDAP_OPT_X_CONNECT_TIMEOUT compat define [598c6df06660] * configure, configure.in: some operating systems need to link with -lkrb5support when using krb5 [8896365dde9e] 2007-12-10 Todd C. Miller * WHATSNEW: minor update [acfeeb7f4886] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen [a3c6699674f9] 2007-12-08 Todd C. Miller * ChangeLog, TODO: sync [138e99b925ee] * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif: add -g support for LDAP [8fc27dbe9287] 2007-12-03 Todd C. Miller * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in: The -i and -s flags can now take an optional command. [6afec104ee77] 2007-12-02 Todd C. Miller * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod, sudoers.pod: Add passprompt_override flag to sudoers that will cause the prompt to be overridden in all cases. This flag is also set when the user specifies the -p flag. [e4c5402131a6] * sudo.c: Move setting of login class until after sudoers has been parsed. Set NewArgv[0] for -i after runas_pw has been set. [62a48c8c56fa] * configure, configure.in: Move the dgettext check. [5fd8a4712d1c] 2007-12-01 Todd C. Miller * auth/pam.c, config.h.in, configure, configure.in: Add basic support for looking up the string "Password: " in the PAM localized text db. This allows us to determine whether the PAM prompt is the default "Password: " one even if it has been localized. TODO: concatenate non-std PAM prompts and user-specified sudo prompts. [81c25a415d41] 2007-11-27 Todd C. Miller * Makefile.in, config.h.in, configure, configure.in, parse.c, set_perms.c, sudo.c, sudo.h: Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was insufficient. [1cce6ec1a91e] * acsite.m4, configure, interfaces.c, memrchr.c: Fix typos; Martynas Venckus [be1233cca11a] 2007-11-26 Todd C. Miller * set_perms.c: Don't assume runas_pw is set; it may not be in the -g case. [aa11bd2193ac] 2007-11-25 Todd C. Miller * logging.c, set_perms.c: Set aux group vector for PERM_RUNAS and restore group vector for PERM_ROOT if we previously changed it. Stash the runas group vector so we don't have to call initgroups more than once. Also add no-op check to check_perms. [53837fc755f7] 2007-11-21 Todd C. Miller * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y, ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h, pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c, visudo.cat, visudo.man.in: Add support for runas groups. This allows the user to run a command with a different effective group. If the -g option is specified without -u the command will be run as the current user (only the group will change). the -g and -u options may be used together. TODO: implement runas group for ldap improve runas group documentation add testsudoers support [9019309df6d0] * configure, configure.in: fix setting of mandir [2c60f269399f] * sudo.pod, sudoers.pod: document that ALL implies SETENV [bcc8e5b703b9] * ldap.c: s/setenv_ok/setenv_implied/g [f005df2c2eea] * ldap.c: hostname_matches() returns TRUE on match in sudo 1.7. [c3d4377b6e8b] * ldap.c: use strcmp, not strcasecmp when comparing ALL [e486024574a1] * ldap.c: Make sudo ALL imply setenv. Note that unlike with file-based sudoers this does affect all the commands in the sudoRole. [bc12f54321d1] * gram.c, gram.y, parse.c, parse.h: sudo "ALL" now implies the SETENV tag but, unlike an explicit tag, it is not passed on to other commands in the list. [026e2cb40680] * visudo.c: Add missing sudo_setpwent() and sudo_setgrent() calls. Also use sudo_getpwuid() instead of getpwuid(). [86f30a8fbd49] 2007-11-15 Todd C. Miller * sudoers: Expand on the dangers of not using visudo to edit sudoers. [e434e8057d02] 2007-11-08 Todd C. Miller * parse.c: Don't quote *?[]! on output since the lexer does not strip off the backslash when reading those in. [561da4a13afa] 2007-11-07 Todd C. Miller * glob.c: expand "u_foo" types to "unsigned foo" to avoid compatibility issues. [b0d7c64d78c3] 2007-11-04 Todd C. Miller * logging.c: Refactor log line generation in to new_logline(). [6a9b9730615d] 2007-10-25 Todd C. Miller * TROUBLESHOOTING: fix typo [9e19d4f86e47] 2007-10-24 Todd C. Miller * config.h.in, configure, configure.in, interfaces.c, interfaces.h, match.c: Add configure check for struct in6_addr instead of relying on AF_INET6 since some systems define AF_INET6 but do not include IPv6 support. [e24082c416bd] 2007-10-21 Todd C. Miller * configure, configure.in: Fix block to add -lutil for FreeBSD and NetBSD when logincap is in use. [76a9df4a63be] 2007-10-20 Todd C. Miller * configure, configure.in: POSIX states that struct timespec be declared in time.h so check there regardless of the value of TIME_WITH_SYS_TIME. [e42c55ec9daf] 2007-10-17 Todd C. Miller * tgetpass.c: Instead of defining a macro to call the appropriate method for turning on/off echo, just define tc[gs]etattr() and the related defines that use the correct terminal ioctls if needed. Also go back to using TCSAFLUSH instead of TCSADRAIN on all but QNX. [5dfb2379d995] 2007-10-09 Todd C. Miller * Makefile.in: g/c @ALLOCA@ [e6946c2e3820] * configure: regen [9bac7159a138] * INSTALL, auth/pam.c, config.h.in, configure.in: Add --disable-pam-session configure option to disable calling pam_{open,close}_session. May work around bugs in some PAM implementations. [273d0fdb4a9d] 2007-10-08 Todd C. Miller * tgetpass.c: quiet gcc warnings [325565c5a579] * tgetpass.c: Avoid printing the prompt if we are already backgrounded. E.g. if the user runs "sudo foo &" from the shell. In this case, the call to tcsetattr() will cause SIGTTOU to be delivered. [db2139a8d8b8] 2007-09-15 Todd C. Miller * def_data.c, def_data.h, def_data.in: Reorder things such that the definition of env_reset come right before the env variable lists. [e0d8e22a581a] * parse.h: Shrink type and seqno in struct alias from int to u_short [9425263dd565] * alias.c, match.c, parse.c, parse.h: Add a sequence number in the aliases for loop detection. If we find an alias with the seqno already set to the current (global) value we know we've visited it before so ignore it. [301a0548ffff] 2007-09-13 Todd C. Miller * TODO, auth/pam.c, sudo.c, sudo.h: PAM wants the full tty path so add user_ttypath which holds the full path to the tty or is NULL if no tty was present. [c7c1dd4b36c8] * auth/pam.c: Set PAM_RHOST to work around a bug in Solaris 7 and lower that results in a segv. [3a8865b3a357] 2007-09-11 Todd C. Miller * gram.c: regen [5647be127950] * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c, parse.h, testsudoers.c, visudo.c: rename lh_ -> tq_ [8f500c542c4a] 2007-09-10 Todd C. Miller * alloc.c: remove some useless casts [409a448b23f5] * alloc.c: pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h predates the final C99 spec and the standard specifies that it shall include stdint.h anyway [ae478fdef61a] 2007-09-06 Todd C. Miller * Makefile.in, alloca.c, configure.in: Since we ship with a pre-generated parser there is no need to ship a bogus alloca implementation. [3f611a7cc0e5] * configure: regen [771eccf5269c] * configure.in: remove initial setting of CHECKSIA, we require that it be unset if not used [a2e91adc5aa2] * Makefile.in: add list.c to SRCS [7db0e56cf5b9] * configure: regen [3716ec30172e] * configure.in: only do SIA checks on Digital Unix [6a96e1af2597] 2007-09-05 Todd C. Miller * sudoers.cat, sudoers.man.in: regen [ac1dc29de72b] * ChangeLog, TODO: sync [781effce0a2d] * auth/kerb5.c: Remove call to krb5_cc_register() as it is not needed for modern kerb5. [351b8b764f16] * configure: regen [ac21dbcc9c2c] * aclocal.m4, configure.in: New method for setting the default authentication type and avoiding conflicts in auth types. [5fb15be11f78] * match.c, parse.c, testsudoers.c: Each entry in a cmndlist now has an associated runaslist so no need to keep track of the most recent non-NULL one. [582e015786b0] 2007-09-04 Todd C. Miller * ldap.c: back out partial ldaps support mistakenly committed [357703e94b2d] * ldap.c: Add support for unix groups and netgroups in sudoRunas [2f04eb91c6d0] 2007-09-03 Todd C. Miller * sudo_edit.c: Fix sudoedit of a non-existent file. From Tilo Stritzky. [a5488a03bddd] 2007-09-02 Todd C. Miller * configure: regen [541177376ee1] * INSTALL: update --passprompt escape info [6d57db4cd538] * configure.in: remove now-bogus comment and update copyright date [6a4af45fa331] * configure.in: Fix up use of with_passwd [7c79d8640f77] * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh: Update to autoconf-2.61 andf libtool-1.5.24 [045259b0b439] * Makefile.in: "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61 [f5b6a7afb817] 2007-09-01 Todd C. Miller * gram.c: regen [b5b78e71d2cb] * gram.y: move tags and runaslist propagation to be earlier [94f7805f4489] * visudo.c: If -f flag given use the permissions of the original file as a template [9303d22bddb0] * gram.y: prevent a double free() when re-initing the parser [5b3907c4de5a] 2007-08-31 Todd C. Miller * configure: regen [49a90b19a17d] * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in, configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c, sudo.h, testsudoers.c, visudo.c, zero_bytes.c: Remove support for compilers that don't support void * [35e1d01ae197] * gram.c: regen [70ce412a458a] * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c, parse.h, testsudoers.c, visudo.c: Move list manipulation macros to list.h and create C versions of the more complex ones in list.c. The names have been down-cased so they appear more like normal functions. [9cea0e281148] * Makefile.in: Fix cmp command when regenerating parser. Make gram.o the first dependency for all programs so gram.h will be generated before anything that needs it. [429ea065abf1] * gram.y, parse.h: Convert NEW_DEFAULT anf NEW_MEMBER into static functions. [2f3433833589] * match.c, parse.c, testsudoers.c: Use LH_FOREACH_REV when checking permission and short-circuit on the first non-UNSPEC hit we get for the command. This means that instead of cycling through the all the parsed sudoers entries we start at the end and work backwards and quit after the first positive or negative match. [881474532f3e] * gram.c: regen [9152a19d4188] * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c: Change list head macros to take a pointer, not a struct. [054f1dcce4cc] * gram.c: regen [be154aae6235] * gram.y: Propagate the runasspec from one command to the next in a cmndspec. [4957b1cb03a3] 2007-08-30 Todd C. Miller * match.c: Replace has_meta() with a macro that calls strpbrk(). [a2e58846a542] * regen [5a932a5c9451] * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h, testsudoers.c, visudo.c: Use a list head struct when storing the semi-circular lists and convert to tail queues in the process. This will allow us to reverse foreach loops more easily and it makes it clearer which functions expect a list as opposed to a single member. Add macros for manipulating lists. Some of these should become functions. When freeing up a list, just pop off the last item in the queue instead of going from head to tail. This is simpler since we don't have to stash a pointer to the next member, we always just use the last one in the queue until the queue is empty. Rename match functions that take a list to have list in the name. Break cmnd_matches() into cmnd_matches() and cmndlist_matches. [7c37b271607a] * parse.c: Fix pasto, append "!" not negated (which is an int) for sudo -l output. [93a444c3997f] * Makefile.in: Remove the dependency of gram .h on gram.y, the .c dependency is enough. Only move y.tab.h to gram.h if it is different; avoids needless rebuilding. [67bf4ea2a2e5] 2007-08-27 Todd C. Miller * sudoers.pod: Defaults lines may be associated with lists of users, hosts, commands and runas users, not just single entries. [795effacb6be] 2007-08-26 Todd C. Miller * Makefile.in: Revert the "cmp" portion of the last diff, it doesn't make sense. [26f34bf4e2e3] * Makefile.in: Remove *.lo for clean: When generating the parser, only move the generated files into place if they differ from the existing ones. [84673fea371b] 2007-08-25 Todd C. Miller * toke.c, toke.l: Replace IPV6 regexp with a much simpler (readable) one and add an extra check when it matches to make sure we have a valid address. [592e9f690556] * match.c: Fix thinko introduced when merging IPV6 support. [da38cd5eb8c7] 2007-08-24 Todd C. Miller * HISTORY, LICENSE: regen [0d7b27b90634] * license.pod: add 2007 [510e5048ae1a] * UPGRADE: mention #uid vs. comment pitfall [4d2861898bcc] * acsite.m4: Merge in a patch from the libtool cvs that fixes a problem with the latest autoconf. From Stepan Kasal. [0c279ae7df3e] * parse.h: Back out he XOR swap trick, it is slower than a temp variable on modern CPUs. [91c4b024e317] * gram.c: regen [cb6d4106fb74] * gram.y, parse.h: Convert the tail queue to a semi-circle queue and use the XOR swap trick to swap the prev pointers during append. [8bf4d9fbee58] 2007-08-23 Todd C. Miller * parse.h: remove useless statement [421ec1dd73e6] * toke.c, toke.l: Refactor #include parsing into a separate function and return unparsed chars (such as newline or comment) back to the lexer. [64166917aa3d] 2007-08-22 Todd C. Miller * WHATSNEW: mention better uid support [56f510e7f2ec] * sudoers.pod: Users may now consist of a uid. [5fd31b2c55ed] * gram.c, gram.h, toke.c: regen [599e58af6dc1] * parse.c: Use lbuf_append_quoted() for sudo -l output to quote characters that would require quoting in sudoers. [3132d05c990a] * lbuf.c, lbuf.h: Add lbuf_append_quoted() which takes a set of characters which should be quoted with a backslash when displayed. [ab09bebb1d65] * toke.l: Require that the first character after a comment not be a digit or a dash. This allows us to remove the GOTRUNAS state and treat uid/gids similar to other words. It also means that we can now specify uids in User_Lists and a User_Spec may now contain a uid. [461fe01f8392] * gram.y, toke.l: Replace RUNAS token with '(' and ')' tokens to make the runas portion of the grammar more natural. [e0c383b4684d] * BUGS: The BUGS file is history [4d9a809585c7] * Makefile.in, README: The BUGS file is history [d9500e261172] 2007-08-21 Todd C. Miller * toke.c, toke.l: Allow comments after a RunasAlias as long as the character after the pound sign isn't a digit or a dash. [d7f3bd94eeda] * WHATSNEW: Glob support was back-ported to 1.6.9 [d1d5cfd46228] 2007-08-20 Todd C. Miller * Makefile.in: remove sudo_usage.h in distclean [df05ce9c4127] * parse.c: If a Defaults value contains a blank, double-quote the string. [9057a910daad] * toke.c, toke.l: Properly deal with Defaults double-quoted strings that span multiple lines using the line continuation char. Previously, the entire thing, including the continuation char, newline, and spaces was stored as-is. [4a4e8eacefe6] * sudo.c: Be consistent when using single quotes and backticks. [d010b83a0fa1] 2007-08-19 Todd C. Miller * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c, sudo.c, sudo_usage.h.in: Add new linebuf code to do appends of dynamically allocated strings and word-wrapped output. Currently used for sudo's usage() and sudo -l output. Sudo usage strings are now in sudo_usage.h which is generated at configure time. [4dfd0ee8d961] 2007-08-18 Todd C. Miller * parse.c, sudo.c, sudo.h: Fix line wrapping in usage() and use the actual tty width instead of assuming 80. [700eab37c5a6] 2007-08-17 Todd C. Miller * history.pod: some more info [8140112a8ae1] * history.pod: Mentioned Chris Jepeway's parser and also the new one that is in sudo 1.7. [2132d00f0597] 2007-08-16 Todd C. Miller * sudo.pod, visudo.pod: For the options list, add flag args where appropriate and increase the indent level so there is room for them. [2b60fb572e12] 2007-08-15 Todd C. Miller * parse.c: Fix some spacing in "sudo -l" and add a comment about some bogosity in the line wrapping. [b59b056f5ee2] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: regen [5fb719f18ebc] * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod, testsudoers.c, toke.c, toke.l: Remove monitor support until there is a versino of systrace that uses a lookaside buffer (or we have a better mechanism to use). [61ff76878e4a] * config.h.in, configure, configure.in, sudo.c: use getaddrinfo() instead of gethostbyname() if it is available [cc33c136aa6a] 2007-08-14 Todd C. Miller * parse.c, sudo.c: Deal with OSes where sizeof(gid_t) < sizeof(int). [130a89cbdfba] * interfaces.c: repair non-getifaddrs() code after ipv6 integration [7ae7a89e2236] * sudo.c: If we can open sudoers but fail to read the first byte, close the file stream before trying again. [6f31272fae7b] 2007-08-13 Todd C. Miller * toke.c: regen [4d7afe0aa6fa] * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l: Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki [4e6ff2965a42] * sudo.pod, sudoers.pod, visudo.pod: Add some missing markup Update copyright [7e6d3c686b5e] 2007-08-12 Todd C. Miller * configure, configure.in: fix sudo_noexec extension which got broken in the libtool update [3a5b447df861] 2007-08-10 Todd C. Miller * Makefile.in: explicitly specify -Tascii to nroff [45c8da4cbefe] 2007-08-08 Todd C. Miller * logging.c: remove an ANSI-ism that crept in [29086f87b2ca] 2007-08-07 Todd C. Miller * sudo.pod: Adjust list indents Prevent -- from being turned into an em dash Use a list for the environment instead of a literal paragraph [c3abcd8f76f4] * visudo.pod: Use a list for the environment instead of an indented literal paragraph. [0ffcfcb7349f] * sudoers.pod: Adjust list indentation [615c89e3123a] * license.pod: add =head3 [8b2e0d38c0bd] 2007-08-06 Todd C. Miller * sudo.pod: mention that when specifying a uid for the -u option the shell may require that the # be escaped [3e3a17bff150] 2007-08-02 Todd C. Miller * match.c: Fix off by one in group matching. [b529602b7fba] 2007-07-31 Todd C. Miller * env.c: Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause. [ffbf8907c6e7] 2007-07-30 Todd C. Miller * configure, configure.in: Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the -lgssapi_krb5 case. [2b85a89c2252] * aclocal.m4, configure, configure.in: Fix link tests such that new gcc doesn't optimize away the test. [83484ec95cba] 2007-07-29 Todd C. Miller * sudo.pod, sudoers.pod, visudo.pod: add missing over/back [251a12c89b91] * sudo.pod, sudoers.pod, visudo.pod: Change FILES section to use =item [60b9efc3a0b2] * env.c: Add back allocation of the env struct in rebuild_env but save a copy of the old pointer and free it before returning. [1100cd4fa997] * env.c: Don't init the private environment in rebuild_env() since it may have already been done implicitly sudo_setenv/sudo_unsetenv. Multiply length by sizeof(char *) in memcpy/memmove when copying the environment so we copy the full thing. Add missing set of parens so we deref the right pointer in sudo_unsetenv when searching for a matching variable. [9086a8f756b1] 2007-07-26 Todd C. Miller * sudo.pod, sudoers.pod, visudo.pod: Use file markup for paths in the FILES section [940d99f731f2] * sudo.pod, sudoers.pod, visudo.pod: Don't capitalize sudo/visudo [f067a455d44b] * sudoers.pod: Sort sudoers options; based on a diff from Igor Sobrado. [a9b9befe85ac] 2007-07-25 Todd C. Miller * sudo.pod, sudoers.pod, visudo.pod: Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the latter confuses pod2man. The Makefile rules for the .man.in file will add @mansectsu@ and @mansectform@ back in after pod2man is done anyway. [b50ea0db727c] 2007-07-22 Todd C. Miller * LICENSE, Makefile.in, license.pod: Move license info to pod format [25bdd82e592b] * configure, configure.in, sudoers.pod: Substitute value of path_info into sudoers man page. [9ba661a82798] * WHATSNEW: remove features that were back-ported to 1.6.9 [e76d756cbe65] * sudo.c, sudo.pod, visudo.c, visudo.pod: Sort SYNOPSIS and sync usage. From Igor Sobrado. [4970386c9e54] * env.c: Only need sudo_setenv/sudo_unsetenv if we are going to use ldap_sasl_interactive_bind_s() but don't have gss_krb5_ccache_name(). [f1a73d8b35c5] * ChangeLog: rebuild without branch info [5d5a33494677] * Makefile.in: Add ChangeLog target [a702034fdd89] * auth/pam.c: Run cleanup code if the user hits ^C at the password prompt. [9cf87768e921] * auth/pam.c: Some versions of pam_lastlog have a bug that will cause a crash if PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty string. [5b63f6c88866] 2007-07-20 Todd C. Miller * Makefile.in: ChageLog not Changelog [1243d8473ceb] * ChangeLog: sync [d887df98c6b0] * Makefile.in: CHANGE -> Changelog [917738df30dd] * TODO: sync [cd382f7d1948] 2007-07-19 Todd C. Miller * config.h.in, configure, configure.in, ldap.c: Add configure hooks for gss_krb5_ccache_name() and the gssapi headers. [139606209991] 2007-07-18 Todd C. Miller * env.c, sudo.c: rebuild_env() and insert_env_vars() no longer return environment pointer, they set environ directly. No longer need to pass around an envp pointer since we just operate on environ now. Add dosync argument to insert_env() that indicates whether it should reset environ when realloc()ing env.envp. Use an initial size of 128 for the environment. [4735fd5fddb8] * env.c: Split sudo_setenv() into an external version and a version only for use by rebuild_env(). [fda7d655adb1] 2007-07-16 Todd C. Miller * ldap.c: Add support for using gss_krb5_ccache_name() instead of setting KRB5CCNAME. Also use sudo_unsetenv() in the non- gss_krb5_ccache_name() case if there was no KRB5CCNAME in the original environment. TODO: configure setup for gss_krb5_ccache_name() [fcafa5a49caf] * README.LDAP: add krb5_ccname [fceb8f883886] * README.LDAP, ldap.c: Add support for sasl_secprops in ldap.conf [1f06f4bf7347] * env.c, sudo.h: Add sudo_unsetenv() and refactor private env syncing code into sync_env(). [045ecb3fd22b] * README.LDAP, ldap.c: The ldap.conf variable is sasl_auth_id not sasl_authid. [a5f98491311b] 2007-07-15 Todd C. Miller * ldap.c, sudo.c, sudo.h: Add support for krb5_ccname in ldap.conf. If specified, it will override the default value of KRB5CCNAME in the environment for the duration of the call to ldap_sasl_interactive_bind_s(). [b08a10c3045b] * env.c, sudo.h: Remove format_env() Add sudo_setenv() to replace most format_env() + insert_env() combinations. insert_env() no longer takes a struct environment * [131da52f43f3] * ldap.c: Fix use_sasl vs. rootuse_sasl logic. [0c0417b6918c] * README.LDAP, config.h.in, configure, configure.in, ldap.c: Add support for SASL auth when connecting to an LDAP server. Adapted from a diff by Tom McLaughlin. [a6285f1356ea] 2007-07-14 Todd C. Miller * configure, configure.in: Only enable AIX or BSD auth if no other exclusive auth method has been chosen. Allows people to e.g., use PAM on AIX without adding --without-aixauth. A better solution is needed to deal with default authentication since if a non-exclusive method is chosen we will still get an error. [83f7afdc0ec3] 2007-07-11 Todd C. Miller * HISTORY, Makefile.in, history.pod: Generate HISTORY from history.pod (which is also used for web pages) [60bcd5164931] 2007-07-09 Todd C. Miller * sudo.man.in, sudoers.man.in: regen [63956a366191] * sudo.pod: Better explanation of environment handling in the sudo man page. [6c247742f7ee] * env.c, sudo.c: Defer setting user-specified env vars until after authentication. [4750b79323ee] * env.c: honor def_default_path for PATH set on the command line [6db31d9b6d65] * env.c, sudo.c, sudo.pod, sudoers.pod: Allow user to set environment variables on the command line as long as they are allowed by env_keep and env_check. Ie: apply the same restrictions as normal environment variables. TODO: deal with secure_path [26c0da3840cf] 2007-07-08 Todd C. Miller * sudo.c, sudo_edit.c: Call rebuild_env() in call cases. Pass original envp to sudo_edit(). Don't allow -E or env var setting in sudoedit mode. More accurate usage() when called as sudoedit. [a4af20658361] * ldap.c: warn -> warning [d87d1192b048] * sudo.pod: add -c option to sudoedit synopsis [15b596a7e2db] * TODO: udpate to reality [e2f8fde89db1] * parse.c: Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return value from {user,host,runas,cmnd}_matches(). Rename *matches variables -> *match. Purely cosmetic. [e54a44c00a88] * parse.c: Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change in behavior. [c6272b4f2127] * sudoers: add SETENV tag [3a3066bb6788] 2007-07-06 Todd C. Miller * parse.c: Make pwcheck local to the pwflag block. Use pwcheck even if user didn't match since Defaults options may still apply. [45da9efbbafd] * check.c, sudo.c: Do not update timestamp if user not validated by sudoers. [a4a9d4364827] * set_perms.c: for PERM_RUNAS, set the egid to the runas user's gid and restore to the user's original in PERM_ROOT [1514bfb32847] * logging.c, mon_systrace.c, set_perms.c, sudo.h: PERM_FULL_ROOT is now no different than PERM_ROOT so remove PERM_FULL_ROOT [b9d047a3178c] * check.c: don't check timestamp mtime if we are just going to remove it [5d2470bc6cbd] * sudoers.pod: Move sudoers defaults parameters into their own section. [54701fbc0ff3] * testsudoers.c: Reduce a level of indent by a few placed continue statements. [5d5a9838c8ef] * parse.c: Make matching but negated commands/hosts/runas entries override a previous match as expected. Also reduce some levels of indent by a few placed continue statements. [dd59fa4b91a1] 2007-07-05 Todd C. Miller * parse.c: Print default runas in "sudo -l" if sudoers don't specify one. [07d408c400bd] * match.c: Less hacky way of testing whether the domain was set. [a537059776e5] 2007-07-04 Todd C. Miller * INSTALL: Mention pam-devel and openldap-devel for Linux [9e708c54ecc3] 2007-07-03 Todd C. Miller * README.LDAP: or vs. are [abe8c0f3a410] 2007-07-01 Todd C. Miller * sudo.c: fix typo in Solaris project support [2ffeb2d80959] * HISTORY: update [df162b36f120] * sudo.c: Make -- on the command line match the manual page. The implied shell case has been simplified as a result. [cd217a1f6694] 2007-06-28 Todd C. Miller * sudoers2ldif: add simplistic support for sudoRunas; note that if a sudoers entry contains multiple Runas users, all will apply to the sudoRole [65b11421f5c8] * sudoers2ldif: honor SETENV and NOSETENV tags [2c0d5ba7a09b] 2007-06-24 Todd C. Miller * mon_systrace.c: Redo setting of user_args. We now build up a private copy of argv first and then replace the NULs?with spaces. [ccbba72ea112] * mon_systrace.c: getcwd() returns NULL on failure, not 0 on success [88cd9e66e530] * mon_systrace.c: allow chunksiz to reach 1 before erroring out [619d68f14964] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: regen [8db512d3caf0] 2007-06-23 Todd C. Miller * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y, logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod, toke.c, toke.l: Add support for setting environment variables on the command line. This is only allowed if the setenv sudoers options is enabled or if the command is prefixed with the SETENV tag. [5744caebd969] * README.LDAP: replace Aaron's email address with the sudo-workers list [2ffce5f9afc0] * configure: regen [8013dff82c0c] 2007-06-22 Todd C. Miller * schema.OpenLDAP, schema.iPlanet: Break schema out into separate files. [15e598e4c60b] * Makefile.in, README.LDAP: Break schema out into separate files. [1a53966ca1fa] 2007-06-21 Todd C. Miller * auth/aix_auth.c: free message if set by authenticate() [849c220c1236] * match.c: deal with NULL gr_mem [49e4d74f0bbe] 2007-06-20 Todd C. Miller * config.h.in: regen [fead999ad3e9] * configure.in: add template for HAVE_PROJECT_H [e6c42c2eaad1] * closefrom.c: include fcntl.h [54d98b382f03] 2007-06-19 Todd C. Miller * INSTALL: mention --with-project [d3ea3baad7c5] * config.h.in, configure.in, sudo.c: Add Solaris 10 "project" support. From Michael Brantley. [f14f3c8c6554] * sudoers.pod: fix typo [50db81a19787] * configure: regen [ea71afd3e564] * configure.in: Fix preservation of LDFLAGS in the LDAP case. [40a3a47e8059] * memrchr.c: Remove dependecy on NULL [c957ae5e1733] * configure: regen [4955ce0c6912] * aclocal.m4, configure.in: Can't use the regular autoconf fnmatch() check since we need FNM_CASEFOLD so go back to our custom one. [f10d76237486] * env.c: Fix preserving of variables in env_keep. [d040049d6b84] * env.c: add XAUTHORIZATION [0d589a5fe015] * UPGRADE: expand upon env resetting and mention that it began in 1.6.9 not 1.7. [dba251655c76] * sudoers.pod: Update descriptions of env_keep and env_check to match current reality. [dba77357954b] 2007-06-18 Todd C. Miller * env.c: Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME, LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table. [eec4632bd190] * env.c, logging.c: Treat USERNAME environemnt variable like LOGNAME/USER [09f52dcfd70c] * env.c: Don't need to populate keepenv table with the contents of the checkenv table. [527a14afd973] * sudo.c: Don't force sudo into the C locale. [8a5bd301ef96] * env.c: Make env_check apply when env_reset it true. Environment variables are passed through unless they contain '/' or '%'. There is no need to have a variable in both env_check and env_keep. [840c802721e4] 2007-06-16 Todd C. Miller * visudo.c: Remove an duplicate lock_file() call and add a comment. [5af9dcdf0eb6] * UPGRADE: Add sudo 1.6.9 upgrade note. [1585149f2914] 2007-06-14 Todd C. Miller * interfaces.c: Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too small. From Klaus Wagner. [d6899fc44f77] * logging.c, sudo.h: Redo the long syslog line splitting based on a patch from Eygene Ryabinkin. Include memrchr() for systems without it. [66a50e8d553a] * memrchr.c: Redo the long syslog line splitting based on a patch from Eygene Ryabinkin. Include memrchr() for systems without it. [2f6702b7d41b] * Makefile.in, config.h.in, configure, configure.in: Redo the long syslog line splitting based on a patch from Eygene Ryabinkin. Include memrchr() for systems without it. [407a46190921] * configure.in: Since we need to be able to convert timespec to timeval for utimes() the last 3 digits in the tv_nsec are not significant. This makes the sudoedit file date comparison work again. [9d0258849fa9] 2007-06-13 Todd C. Miller * aclocal.m4, configure, configure.in: Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS. This deals with exclusive authentication methods in a simple way. [7d70072c0f35] 2007-06-12 Todd C. Miller * LICENSE: mkstemp.c is BSD code too. [29e236d98162] * sudo.pod, sudoers.pod, visudo.pod: No commercial support for now. [7c76b3e192dd] 2007-06-11 Todd C. Miller * sudo.c: cleanenv() is no more. [518080514408] 2007-06-10 Todd C. Miller * ChangeLog: Display branch info in Changelog [44e3b27427c7] * utimes.c: Include config.h early so we have it for TIME_WITH_SYS_TIME [4bf1a00d0703] * ChangeLog: Fix Changelog generation and update. [6e960dbcbece] 2007-06-09 Todd C. Miller * closefrom.c: Use /proc/self/fd instead of /proc/$$/fd Move old-style fd closing into closefrom_fallback() and call that if /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails [faa7e4810758] * auth/kerb5.c, config.h.in, configure.in: o use krb5_verify_user() if available instead of doing it by hand o use krb5_init_secure_context() if we have it o pass an encryption type of 0 to krb5_kt_read_service_key() instead of ENCTYPE_DES_CBC_MD5 to let kerberos choose. [df7acf72bd7c] * env.c: Check TERM and COLORTERM for '%' and '/' characters. From Debian. [f92d05197e40] * configure.in: Fix closefrom() substitution in the Makefile [b642b13fcc5c] * TROUBLESHOOTING: Mention alternate sudo pronunciation. [7c71dc73409f] 2007-06-07 Todd C. Miller * env.c: Remove KRB5_KTNAME from environment. Allow COLORTERM. [70f35a79f780] * auth/kerb5.c: If we cannot get a valid service key using the default keytab it is a fatal error. Fixes a bug where sudo could be tricked into allowing access when it should not by a fake KDC. From Thor Lancelot Simon. [a3ae6a47cb23] 2007-05-12 Todd C. Miller * aclocal.m4, configure, configure.in: Update long long checks to use AC_CHECK_TYPES and to cache values. [047318eaaeb2] * aclocal.m4, configure.in: Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't use AC_REPLACE_FNMATCH since that assumes replacing with GNU fnmatch. [80513a1003ea] 2007-05-11 Todd C. Miller * configure, configure.in: Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we need it for visudo now too. [50837c7c2b5e] 2007-04-24 Todd C. Miller * sudoers.pod: Attempt to clarify the bit talking about network numbers w/o netmasks. [211e68c1d034] * sudo.pod: Clarify timestamp dir ownership sentence. [9178f132c7f7] 2007-04-20 Todd C. Miller * auth/pam.c: Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From Dmitry V. Levin. [81fce91667bc] 2007-04-16 Todd C. Miller * sudo.c: -i is also one of the mutually exclusive options to list it in the warning message. Noted by Chris Pepper. [7da73fb248e9] 2007-04-12 Todd C. Miller * visudo.pod: The sudoers variable is env_editor, not enveditor. From Jean- Francois Saucier. [2a86ec09a6db] 2007-03-29 Todd C. Miller * redblack.c: I tracked down the original author so credit him and include his license info. [3733553a1bba] 2007-02-06 Todd C. Miller * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod: Fix typos; from Jason McIntyre. [1ee4ce2512f2] * logging.c: Restore signal mask before calling reapchild(). Fixes a possible race condition that could prevent sudo from properly waiting for the child. [9ee4192385dc] 2007-01-31 Todd C. Miller * pwutil.c: Don't declare pw_free() if we are not going to use it. [adb79a4289ca] * env.c: Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and LDR_PRELOAD64. The 64-bit version is not currently supported. Remove zero_env() prototype as it no longer exists. [b4fe65027fb6] 2006-12-11 Todd C. Miller * logging.c: Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834. [78002ad90f7b] 2006-09-29 Todd C. Miller * auth/pam.c: If the user enters ^C at the password prompt, abort instead of trying to authenticate with an empty password (which causes an annoying delay). [da3f27b747c7] 2006-08-17 Todd C. Miller * closefrom.c, config.h.in, configure, configure.in: Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by Darren Tucker. [0331b7780759] * pwutil.c: pw_free() is only used by sudo_freepwcache() so ifdef it out too. [0014c0d9eeba] 2006-08-04 Todd C. Miller * config.guess, config.sub: Update to latest versions from cvs.savannah.gnu.org [aa0143101c20] 2006-07-31 Todd C. Miller * pwutil.c, sudo_edit.c: Move password/group cache cleaning out of sudo_end{pw,grp}ent() so we can close the passwd/group files early. [559074bd7eb7] * config.h.in, configure, configure.in, set_perms.c: Add seteuid() flavor of set_perms() for systems without setreuid() or setresuid() that have a working seteuid(). Tested on Darwin. [508d8da99189] 2006-07-30 Todd C. Miller * mon_systrace.c: systrace_read() returns ssize_t [9f97d1d1a59d] * configure, configure.in: Fix typo, -lldap vs. -ldap; from Tim Knox. [a8cc43c3bb2a] 2006-07-28 Todd C. Miller * HISTORY: Fix typo; Matt Ackeret [86964ee3dfbd] 2006-07-17 Todd C. Miller * sudo.c: Print sudoers path in -V mode for root. [dc43f2d75bd9] 2006-06-15 Todd C. Miller * ldap.c: Do a sub tree search instead of a base search (one level in the tree only) for sudo right objects. This allows system administrators to categorize the rights in a tree to make them easier to manage. [6d2d9abf996e] 2005-12-28 Todd C. Miller * sudo.pod: fix typo [1473413bcbda] 2005-12-04 Todd C. Miller * ldap.c: Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and bind_timelimit support; adapted from gentoo. [afc816093026] 2005-11-23 Todd C. Miller * ldap.c: Support comments that start in the middle of a line [c25df6ee3db8] * configure, configure.in: Define LDAP_DEPRECATED until we start using ldap_get_values_len() [ee249bfe230a] 2005-11-18 Todd C. Miller * closefrom.c: Silence gcc -Wsign-compare; djm@openbsd.org [28769ce6418d] * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c: cleanup() now takes an int as an arg so it can be used as a signal handler too. [2bb0df34d09c] * sudo.c: Make a copy of the shell field in the passwd struct for NewArgv to avoid a use after free situation after sudo_endpwent() is called. [5dcc9ffd362e] 2005-11-17 Todd C. Miller * config.h.in, configure, configure.in: Add mkstemp() for those poor souls without it. [5fdd02e863e0] * mkstemp.c: Add mkstemp() for those poor souls without it. [c99401207860] * Makefile.in: Add mkstemp() for those poor souls without it. [9c1cf2678f24] 2005-11-15 Todd C. Miller * env.c: Add PERL5DB to list of environment variables to remove. [7375c27ecf75] 2005-11-13 Todd C. Miller * mon_systrace.c, mon_systrace.h: Instead of calling the check function twice with a state cookie use separate check/log functions. Check more ioctl() calls for failure. systrace_{read,write} now return the number of bytes read/written or -1 on error. [3dc8946d90e9] * env.c: Add more environment variables to remove; from gentoo linux Add some comments about what bad env variables go to what (more to do) [6918110a6b82] 2005-11-11 Todd C. Miller * sudo.c, sudo_edit.c: Move sudo_end{gr,pw}ent() until just before the exec since they free up our cached copy of the passwd structs, including sudo_user and sudo_runas. Fixes a use-after-free bug. [54de3778bad0] * visudo.c: Close all fd's before executing editor. [4fcc05e1bec8] * sudo.c: Enable malloc debugging on OpenBSD when SUDO_DEVEL is set. [ef0e8ffa5c9f] * check.c: Fix fd leak when lecture file option is enabled. From Jerry Brown [ce97f9207cd8] 2005-11-07 Todd C. Miller * env.c: Add PERLLIB, PERL5LIB and PERL5OPT to the default list of environment variables to remove. From Charles Morris [c96e1367d1c1] 2005-11-01 Todd C. Miller * env.c: add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5 [72a6a1571226] 2005-10-28 Todd C. Miller * env.c: add PS4 and SHELLOPTS to initial_badenv_table for bash [89dfb3f318f3] 2005-08-15 Todd C. Miller * sudoers.pod: Fix typo; Toby Peterson [b7a3222b23f4] 2005-08-02 Todd C. Miller * tsgetgrpw.c: Make return buffers static so they don't get clobbered [13323a39b9f5] 2005-07-28 Todd C. Miller * auth/securid5.c: Fix securid5 authentication, was not checking for ACM_OK. Also add default cases for the two switch()es. Problem noted by ccon at worldbank [14091e418333] 2005-06-27 Todd C. Miller * ldap.c: Remove ncat() in favor of just counting bytes and pre-allocating what is needed. [25b8712adb61] 2005-06-26 Todd C. Miller * ldap.c: Fix up some comments Add missing fclose() for the rootbinddn case [ae95c8a89711] * ldap.c: align struct ldap_config [35d0d64c76f8] * ldap.c: use LINE_MAX for max conf file line size [da116cb8853d] * pathnames.h.in: add _PATH_LDAP_SECRET [128b04ecfab7] * README.LDAP: Mention rootbinddn Give example ou=SUDOers container [852edc69bd1c] 2005-06-25 Todd C. Miller * INSTALL, configure, configure.in, ldap.c: Support rootbinddn in ldap.conf [1615c91522a1] * env.c, sudo.pod, sudoers.pod: Preserve DISPLAY environment variable by default. [05f503d5f438] * acsite.m4, configure: set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD [18a04dea8d05] * acsite.m4, configure: set need_version=no for all cases; this is safe for LD_PRELOAD [b542560e1a73] * aclocal.m4: typo [c040df0fcd5a] * configure, configure.in: Add dragonfly [f13794618636] * auth/pam.c: Fix call to pam_end() when pam_open_session() fails. [0be47cdfdef1] * configure: regen [7f5c13b4b800] * acsite.m4: rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 [a7ba9fd1a2ab] * config.guess, config.sub, ltmain.sh: merge in local changes: config.guess: o better openbsd support config.sub: o hiuxmpp support ltmain.sh o remove requirement that libs must begin with "lib" o don't print a bunch of crap about library installs o don't run ldconfig [f4149f2c720f] * config.guess, config.sub, ltmain.sh: libtool 1.9f [82a534e7121f] * configure.in: Update with autoupdate and make minor changes for libtool 1.9f [11b5ae5c1428] 2005-06-23 Todd C. Miller * parse.c: don't call sudo_ldap_display_cmnd if ldap not setup [8bcf6c094ffe] * sudo_edit.c, visudo.c: Move declatation of struct timespec to its own include files for systems without it since it needs time_t defined. [b95c333299a0] * gettime.c: Move declatation of struct timespec to its own include files for systems without it since it needs time_t defined. [021b4569cc0c] * fileops.c: Move declatation of struct timespec to its own include files for systems without it since it needs time_t defined. [dd8573b2ee7d] * emul/timespec.h: Move declatation of struct timespec to its own include files for systems without it since it needs time_t defined. [f95137771564] * check.c, compat.h: Move declatation of struct timespec to its own include files for systems without it since it needs time_t defined. [2ef2ace8fe85] * ldap.c: Don't set safe_cmnd for the "sudo ALL" case. [ad7fa9e07da0] 2005-05-27 Todd C. Miller * auth/pam.c: Call pam_open_session() and pam_close_session() to give pam_limits a chance to run. Idea from Karel Zak. [fed46d471350] 2005-04-24 Todd C. Miller * check.c, sudo.c: Add explicit cast from mode_t -> u_int in printf to silence warnings on Solaris [17bb961fe22d] * parse.c: include grp.h to silence a warning on Solaris [14386fbab640] 2005-04-23 Todd C. Miller * parse.c: Fix printing of += and -= defaults. [a667604c56cd] 2005-04-17 Todd C. Miller * mon_systrace.c: Sanity check number of syscall args with argsize. Not really needed but a little paranoia never hurts. [6bb455a2c2d6] * mon_systrace.c, mon_systrace.h: Don't do pointer arithmetic on void * Use int, not size_t/ssize_t for systrace lengths (since it uses int) [3cafccffcffd] 2005-04-16 Todd C. Miller * mon_systrace.c: Add some memsets for paranoia Fix namespace collsion w/ error Check rval of decode_args() and update_env() Remove improper setting of validated variable [3d385158354d] 2005-04-12 Todd C. Miller * parse.c, sudo.c, sudo.h: In -l mode, only check local sudoers file if def_ignore_sudoers is not set and call LDAP versions from display_privs() and display_cmnd() instead of directly from main(). Because of this we need to defer closing the ldap connection until after -l processing has ocurred and we must pass in the ldap pointer to display_privs() and display_cmnd(). [1dfc2e8c9f2b] * ldap.c: Reorganize LDAP code to better match normal sudoers parsing. Instead of storing strings for later printing in -l mode we do another query since the authenticating user and the user being listed may not be the same (the new -U flag). Also add support for "sudo -l command". There is still a fair bit if duplicated code that can probably be refactored. [e9568f19bde5] 2005-04-11 Todd C. Miller * ldap.c: Replace pass variable with do_netgr for better readability. [1bba841b6e79] * ldap.c: use DPRINTF macro [02b159b66bb5] * ldap.c: estrdup, not strdup [22cdee7973c1] 2005-04-10 Todd C. Miller * parse.c: Add macro to test if the tag changed to improve readability. [4e11b4819556] * parse.c: Avoid printing defaults header if there are no defaults to print... [41a28627df03] * glob.c: Fix a warning on systems without strlcpy(). [6814e0f0e4f4] * pwutil.c: Use macros where possible for sudo_grdup() like sudo_pwdup(). [30f201ff35cd] 2005-04-08 Todd C. Miller * utimes.c: It is possible for tv_usec to hold >= 1000000 usecs so add in tv_usec / 1000000. [794ac4d53a65] 2005-03-30 Todd C. Miller * auth/kerb5.c: The component in krb5_principal_get_comp_string() should be 1, not 0 for Heimdal. From Alex Plotnick. [fefa351c5044] 2005-03-29 Todd C. Miller * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c, redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c: Add efree() for consistency with emalloc() et al. Allows us to rely on C89 behavior (free(NULL) is valid) even on K&R. [7876bb80d87c] * parse.c, sudo.c: Move initgroups() for -U option into display_privs() so group matching in sudoers works correctly. [b074428ad2ca] 2005-03-27 Todd C. Miller * ldap.c: Removed duplicate call to ldap_unbind_s introduced along with sudo_ldap_close. [19acc1c20f7c] * parse.c: Add missing space in Defaults printing [95d2935bf6d4] 2005-03-25 Todd C. Miller * pwutil.c: Sync sudo_pwdup with OpenBSD changes: use macros for size computaton and string copies. [6b6b241495e5] 2005-03-19 Todd C. Miller * pwutil.c: Zero old pw_passwd before replacing with version from shadow file. [3251b349dfe1] * configure, configure.in: Only attempt shadow password detection if PAM is not being used Add shadow_* variables to make shadow password detection more generic. [d498a3423ac9] * configure.in: Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS [04d55bbd5e35] 2005-03-13 Todd C. Miller * sudoers.pod: use a non-breaking space to avoid a double space after e.g. [11cdb54bdf7b] * sudo.pod: commna, not colon after e.g. [8d5875ff72e0] 2005-03-12 Todd C. Miller * sudo_noexec.c: Add __ variants of the exec functions. GNU libc at least uses __execve() internally. [d1880473d790] * indent.pro: Match reality a bit more. [633e3fa875a7] * pwutil.c: Missed piece from rev. 1.6, fix sudo_getpwnam() too. [128f7b21c2ee] * pwutil.c: Store shadow password after making a local copy of struct passwd in case normal and shadow routines use the same internal buffer in libc. [f806052a6ffc] 2005-03-11 Todd C. Miller * alloc.c, logging.c: Make varargs usage consistent with the rest of the code. [3d45affc9851] 2005-03-10 Todd C. Miller * sudo_noexec.c: Wrap more of the exec family since on Linux the others do not appear to go through the normal execve() path. [8167769b4e19] * visudo.c: make print_unused static like proto says [ecf10e1bae55] * glob.c: silence a warning on K&R systems [2e00425f1a5c] * alias.c, error.c: make this build in K&R land [156f65f8525a] * parse.c: make this build in K&R land [6fc9276889cb] 2005-03-08 Todd C. Miller * toke.c: regen [3b349748cd21] 2005-03-06 Todd C. Miller * ldap.c: return(foo) not return foo optimize _atobool() slightly [11d09d154ed5] * ldap.c: Use TRUE/FALSE [53999320d98f] * ldap.c: Reformat to match the rest of sudo's code. [1bd0f2afa0e7] * sudo.pod: I am the primary author [5d311ecd85c6] 2005-02-23 Todd C. Miller * Makefile.in, README, RUNSON: The RUNSON file is toast--it confused too many people and really isn't needed in a configure-oriented world. [96a6ef7bbc08] * INSTALL: alternate -> alternative [b65015c5d0a2] * tgetpass.c: Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with TCSAFLUSH. [c66b4763ffdc] * toke.l: Allow leading blanks before Defaults and Foo_Alias definitions [2add513d9277] * Makefile.in: fix rules to build toke.o and gram.o in devel mode [96cbb414ebd3] 2005-02-20 Todd C. Miller * sudoers.pod: env_keep overrides set_logname [401877193a15] * env.c: Fix disabling set_logname and make env_keep override set_logname. [0906e7a5ed93] * compat.h, config.h.in, configure, configure.in: No longer need memmove() [43bdb6efe3f2] * env.c, sudo.c: Just clean the environment once. This assumes that any further setenv/putenv will be able to handle the fact that we replaced environ with our own malloc'd copy but all the implementations I've checked do. [11658fe92ba2] 2005-02-16 Todd C. Miller * env.c, sudo.c: In -i mode, base the value of insert_env()'s dupcheck flag on DID_FOO flags. Move checks for $HOME resetting into rebuild_env() [8365b0bd0c71] 2005-02-13 Todd C. Miller * env.c, sudo.c: Move setting of user_path, user_shell, user_prompt and prev_user into init_vars() since user_shell at least is needed there. [37e22dce66e9] 2005-02-12 Todd C. Miller * Makefile.in: fix devel builds [9fbb15ef164c] * sudo.c: Fix some printf format mismatches on error. [ffc1c3f11740] * check.c: Fix some printf format mismatches on error. [7b3b508adf50] * configure, gram.c, toke.c: regen [aa76f9d8b02a] * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, closefrom.c, compat.h, configure.in, defaults.c, defaults.h, emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c, getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c, interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c, parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod, testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c, visudo.pod, zero_bytes.c: Update copyright years. [0610c3654739] * Makefile.binary.in: Update copyright years. [d78ffc9f2e2b] * LICENSE: Update copyright years. [f60473bca4b1] * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in: version 1.7 [aa977a544ca1] * WHATSNEW: What's new in sudo 1.7, based on the 1.7 CHANGES entries. [ecfcf7269c14] 2005-02-11 Todd C. Miller * compat.h, logging.h, sudo.h: Add __printflike and use it with gcc to warn about printf-like format mismatches [b192ad4a0548] 2005-02-10 Todd C. Miller * CHANGES, ChangeLog: Replaced CHANGES file with ChangeLog generated from cvs logs [d9ace9dab98f] * set_perms.c: Use warning/error instead of perror/fatal. [e33259df7738] * config.guess: Update OpenBSD section [9d2c23de6801] * UPGRADE: Add upgrading noted for 1.7 [1fb6b6d6df07] * env.c, sudo.c, sudoers.pod: Instead of zeroing out the environment, just prune out entries based on the env_delete and env_check lists. Base building up the new environment on the current environment and the variables we removed initially. [fc192df8fd15] * config.h.in, configure, configure.in, sudo.c: Set locale to "C" if locales are supported, just to be safe. [91fbaa98f02e] * toke.c, toke.l: Cast?argument to ctype functions to unsigned char. [e096b4d65796] 2005-02-08 Todd C. Miller * env.c: correct value for DID_USER [b5b05d36ec15] * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c: #include not "compat.h" [7a0ad9a0ccd7] * defaults.c: Reset the environment by default. [4ecc6423e0f0] * sudo.c: Alloc an extra slot in NewArgv. Removes the need to malloc an new vector if execve() fails. [83dfb6f584a7] 2005-02-07 Todd C. Miller * INSTALL, config.h.in, configure, configure.in, sudo.c: Use execve(2) and wrap the command in sh if we get ENOEXEC. [c0c6af4e2a21] 2005-02-06 Todd C. Miller * sudo_noexec.c: Only include time.h on systems that lack struct timespec which gets defind in compat.h (using time_t). [e373e518b4cb] * sudo_noexec.c: Include time.h for time_t in compat.h for systems w/o struct timespec. [a34b5637e458] * compat.h, config.h.in, configure, configure.in: use bcopy on systems w/o memmove [f835eafd78c6] * compat.h: __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its use to gcc >= 2.8. [1cb9a4e58566] * Makefile.in: Add explicit rule to build sudo_noexec.lo [df1dfcf8dd77] 2005-02-05 Todd C. Miller * INSTALL.configure, Makefile.in: No longer depend on VPATH; pointed out a bunch of missed dependencies. [601a45d4af6b] * TROUBLESHOOTING: Help for PAM when account section is missing [9b8221256756] * auth/pam.c: Give user a clue when there is a missing "account" section in the PAM config. [2529625c0495] * auth/pam.c: Better error handling. [518c9bda23d8] * config.h.in, configure, configure.in: Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as possible. Silences a warning about isblank() on linux. [19c94d7ecdc8] * auth/pam.c: Fix typo (missing comma) that caused an incorrect number of args to be passed to log_error(). [0099dfec560f] 2005-02-01 Todd C. Miller * pwutil.c: Don't try to destroy a tree we didn't create. [d43c4fe03aa4] 2005-01-27 Todd C. Miller * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c, compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c, goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c, sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c: Add __unused to rcsids [ad6b4ac45705] 2005-01-21 Todd C. Miller * configure, configure.in: Fix error message when mixing invalid auth types [68069b3ff5bc] * INSTALL: PAM, AIX auth, BSD auth and login_cap are now on by default if the OS supports them. [4e44e9098cf0] * auth/sudo_auth.h, config.h.in: s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g [2d569b43b23e] * configure.in: Better checking for conflicting authentication methods Display the authentication methods used at the end of configure Rename --with- authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth, --with-pam, --with-logincap by default on systems that support them unless disabled. Add OSMAJOR variable that replaces old OSREV; now OSREV has full version number [a21115b6fe9f] 2005-01-18 Todd C. Miller * def_data.c, def_data.in, sudo.c, sudoers.pod: s/-O/-C/ [ee73f1b81923] 2005-01-14 Todd C. Miller * configure.in: Replace: test -n "$FOO" || FOO="bar" With: : ${FOO='bar'} [37552d9054fc] 2005-01-09 Todd C. Miller * pwutil.c, testsudoers.c, tsgetgrpw.c: Use function pointers to only call private passwd/group routines when using a nonstandard passwd/group file. [215908681dfb] 2005-01-06 Todd C. Miller * CHANGES: sync [2e55c03f5790] * tsgetgrpw.c: Can't use strtok() since it doesn't handle empty fields so add getpwent()/getgrent() functions and call those. [bdaa5b0db70e] 2005-01-05 Todd C. Miller * Makefile.in: Fix dummied out toke.c and gram.c dependencies. [4b909c8b2ebe] * Makefile.in: Rename PARSESRCS -> GENERATED since it is only used in the clean target Add devdir variable and use it to specify the path to parser sources [f27b3f41ca23] * configure: regen [22c6435dbd46] * configure.in: Add a devdir variables that defaults to $(srcdir) and is set to . if --devel was specified. Allows for proper dependecies building the parser. [a36d694c6d21] * testsudoers.c: Add support for custom passwd/group files. [296549ff4b87] * Makefile.in: Build private copy of pwutil.o for testsudoers with MYPW defined so it uses our own passwd/group routines. [bafa54ec78ca] * visudo.c: Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent stubs instead. We can now just use the caching sudo_*{pw,gr}* functions in pwutil.c Add comment about wanting to call sudo_endpwent/sudo_endgrent in cleanup() [7e59d6b5510d] * tsgetgrpw.c: Remove caching; we will just use what is in pwutil.c Use global buffers for passwd/group structs Rename functions from sudo_* to my_* [8c1e068f574c] * logging.c, sudo.c: g/c pwcache_init/pwcache_destroy [60a24909b947] * sudo.h: Undo last commit and add sudo_setspent and sudo_endspent instead. [bac80db08296] * getspwuid.c, pwutil.c: Move all but the shadow stuff from getspwuid.c to pwutil.c and pwcache_get and pwcache_put as they are no longer needed. Also add preprocessor magic to use private versions of the passwd and group routines if MYPW is defined (for use by testsudoers). [a16b8678a426] * tsgetgrpw.c: zero out struct passwd/group before filling it in so if there are fields we don't handle they end up as 0. [274cb6a93301] * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c: Adapt to pwutil.c [43ebd04c8b82] * Makefile.in: Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better readability. [7f88c6061e2d] * tsgetgrpw.c: Passwd and group lookup routines for testsudoers that support alternate passwd and group files. [d7803101d34e] * getspwuid.c, pwutil.c: Split off pw/gr cache and dup code into its own file. This allows visudo and testsudoers to use the pw/gr cache too. [ef333d3ffedf] 2005-01-02 Todd C. Miller * parse.c: Print Defaults info in "sudo -l" output and wrap lines based on the terminal width. [e559eae4250e] 2005-01-01 Todd C. Miller * match.c, testsudoers.c, visudo.c: Only check group vector in usergr_matches() if we are matching the invoking or list user. Always check the group members, even if there was a group vector. [d0c7ceb2a041] 2004-12-17 Todd C. Miller * LICENSE, Makefile.in, fnmatch.3: No longer bundle fnmatch.3 [72db4a4ff4e1] * CHANGES, TODO: checkpoint [e92781bfd99c] 2004-12-16 Todd C. Miller * sudo.c: sort usage [15e3b876ec2c] * sudo.pod: Sort command line options [c1fa56584bc4] * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c, sudo.pod, sudoers.pod: Add closefrom sudoers option to start closing at a point other than 3. Add closefrom_override sudoers option and -C sudo flag to allow the user to specify a different closefrom starting point. [370652b099d1] * pathnames.h.in: Add _PATH_DEVNULL for those without it. [0c4c3e0ceb8b] * LICENSE: no more UCB strcasecmp [397a6298e07f] * strcasecmp.c: replace BSD licensed one with version derived from pdksh [d7cfda8c57a2] 2004-12-10 Todd C. Miller * sudo.c: Fix last commit. [7afb9a180532] * sudo.c: Make sure stdin, stdout and stderr are open and dup them to /dev/null if not. [590f387068bd] 2004-12-03 Todd C. Miller * ldap.c, mon_systrace.c, sudo.c, sudo.h: add sudo_ldap_close [4273a36765a7] * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c: Use TIME_WITH_SYS_TIME [c32b59bf15fb] * config.h.in, configure, configure.in: Add TIME_WITH_SYS_TIME_H [57cb146f451d] 2004-12-02 Todd C. Miller * env.c: Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set unconditionally on darwin. From Toby Peterson. [d69959681c87] * getspwuid.c: Check rbinsert() return value. In the case of faked up entries there is usually a negative response cached that we need to overwrite. In pwfree() don't try to zero out a NULL pw_passwd pointer. [00b32d1a48c1] * mon_systrace.c: Use the double fork trick to avoid the monitor process being waited for by the main program run through sudo. [e0ce556712ff] 2004-11-29 Todd C. Miller * sudo.c: Call initgroups() in -U mode so group matches work normally. [2235bea15283] * def_data.h, mkdefaults: Don't print a trailing comma for the last entry in enum def_tupple [c43a96bb31df] 2004-11-28 Todd C. Miller * sudoers.cat, sudoers.man.in, sudoers.pod: Mention values when lecture, listpw and verifypw are used in boolean context. [a0b5c0abaccf] * def_data.c, def_data.in: verifypw when used in a boolean TRUE context should be "all", not "any". [2eb076ddd5e2] 2004-11-26 Todd C. Miller * def_data.in, defaults.c: Allow tuples that can be used as booleans to be used as boolean TRUE. In this case the 2nd possible value of the tuple is used for TRUE. [bd99aa77e88b] 2004-11-25 Todd C. Miller * configure, configure.in: Correct the test for 2-parameter timespecsub [d41c9cb26b97] * sudo.h: Add strub struct definitions for passwd, timeval and timespec [c4ce5c43d8c5] * config.h.in, configure, configure.in, sudo_edit.c, visudo.c: Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS) and fix a typo in the gettimeofday check. [8ac9893057ce] 2004-11-24 Todd C. Miller * match.c, testsudoers.c: Deal with user_stat being NULL as it is for visudo and testsudoers. [3605a6ff64d0] * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod: Add -U option to use in conjunction with -l instead of -u. Add support for "sudo -l command" to test a specific command. [99638789d415] * gram.c, gram.y, sudo.c: Set safe_cmnd after sudoers_lookup() if it has not been set. Previously it was set by sudo "ALL" in the parser but at that point the fully-qualified pathname has not yet been found. [ac30d98f8225] 2004-11-23 Todd C. Miller * parse.c, testsudoers.c: Correctly handle multiple privileges per userspec and runas inheritence. [a98a965181af] 2004-11-21 Todd C. Miller * defaults.c: Zero out sd_un for each entry in sudo_defs_table in init_defaults. [031d3cd4a848] 2004-11-19 Todd C. Miller * toke.c, toke.l: make per-command defaults work with sudoedit [e56fe33db916] * ldap.c, parse.c, sudo.c, sudo.h: Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. Instead, we just set the approriate defaults variable. [756eeecc1d86] * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod: Document per-command Defaults. [92a0f84b91c1] * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c, sudo.c, testsudoers.c, toke.c, toke.l, visudo.c: Add support for command-specific Defaults entries. E.g. Defaults!/usr/bin/vi noexec [be3d52bf01cf] * defaults.c, match.c, parse.c, parse.h, testsudoers.c: Change an occurence of user_matches() -> runas_matches() missed previously runas_matches(), host_matches() and cmnd_matches() only really need to pass in a list of members. user_matches() still needs to pass in a passwd struct because of "sudo -l" [833b22fc6fa0] * parse.c: Check def_authenticate, def_noexec and def_monitor when setting return flags. XXX May be better to just set the defaults directly and get rid of those flags. [b6db22b59d69] * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c, defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c: Use: #include Not: #include "config.h" That way we get the correct config.h when build dir != src dir [97e5670a442b] * Makefile.in: Back out part of rev 1.263; fix -I order [197ea01cad5d] * toke.c, toke.l: More robust parsing if #include; could be much better still. [31bc3cd8f045] * sudo_edit.c, visudo.c: Make arg splitting in visudo and sudoedit consistent. [7bc74485f246] * Makefile.in, alias.c, gram.c, gram.y, parse.h: Split alias routines out into their own file. [d90f633cf9ae] * error.h: __attribute__ is already defined in compat.h [676ed3fe9203] * visudo.c: quit() should not be __noreturn__ as it is non-void on some platforms. [e528c2b6ba10] * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c: Add local error/warning functions like err/warn but that call an additional cleanup routine in the error case. This means we no longer need to compile a special version of alloc.o for visudo. [e78e8aae882e] * parse.h: Clarify comments about the data structures [ae894e266701] 2004-11-18 Todd C. Miller * visudo.c: Add support for VISUAL and EDITOR containing command line args. If env_editor is not set any args in VISUAL and EDITOR are ignored. Arguments are also now supported in def_editor. [ff7303b8e298] 2004-11-17 Todd C. Miller * parse.h: alias_matches() is no more [b59825e28084] * CHANGES, TODO: sync [2b8f5f63c1de] * Makefile.in: When regenerating the parser, don't replace gram.h unless it has changed. [819949668018] * Makefile.in: remove Makefile.binary for distclean [351eec8d00b2] * env.c: Preserve KRB5CCNAME in zero_env() and add a paranoia check to make sure we can't overflow new_env. [3284d17b9c6d] * sudo_edit.c: paranoia when stripping trailing slashes from tempdir. [012f1aa2b81f] * sudo.c: Set user_ngroups to 0 if getgroups() returns an error. [c46d43e9449a] 2004-11-16 Todd C. Miller * config.h.in, configure, configure.in, sudo.c: Add configure check for getgroups() [5d8a214e2cef] * ldap.c: Use supplementary group vector in struct sudo_user. [3d0c463c034d] * match.c: Only do string comparisons on the group members if there is no supplemental group list. [be1c8362f7ef] * CHANGES, TODO: sync [db188bc5b975] * sudo_edit.c: On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so chop off any trailing slashes we see and add an explicit one. [e1b477dafee1] * match.c: remove bogus XXX comment [8aecb8a28d40] * match.c: Get rid of alias_matches and correctly fall through to the non-alias cases when there is no alias with the specified name. [2cd555246f09] * getspwuid.c: Cache non-existent passwd/group entries too. [8de9a467d271] * gram.c: regen [9ece18c58f36] * getspwuid.c: fix typo [9a7ae371eac1] * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c, mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c: Implement group caching and use the passwd and group caches throughout. [f1d8c5015169] 2004-11-15 Todd C. Miller * match.c: Properly negate the return value of alias_matches() when appropriate. [ce59c4ce77ad] * match.c: Make hostname_matches() return TRUE for a match, else FALSE like the caller expects. [1dc03902d3a2] * Makefile.in: Add missing dependencies on gram.h [4f94bbb1d50c] * match.c: Use runas_matches in alias_matches() now that we have it. [284d22e91178] * parse.c, parse.h: Expand aliases in "sudo -l" mode [f67a38b79c44] * gram.y, match.c: Use ALIAS for the member type when storing an alias instead of HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the more generic type. Expand runas_matches instead of calling user_matches() inside of it since user_matches() looks up USERALIASes, not RUNASALIASes. [52004d75232b] * CHANGES, getspwuid.c: Paranoia; zero out pw_passwd before freeing passwd entry. [bd1b22638f00] * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure, configure.in, defaults.c, emul/err.h, env.c, err.c, error.c, error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c, sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c: Add local error/warning functions like err/warn but that call an additional cleanup routine in the error case. This means we no longer need to compile a special version of alloc.o for visudo. [25000b676cfe] * match.c: Use userpw_matches() to compare usernames, not strcmp(), since the latter checks for "#uid". [fcbe4b859f66] * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c: Cache passwd db entries in 2 reb-black trees; one indexed by uid, the other by user name. The data returned from the cache should be considered read-only and is destroyed by sudo_endpwent(). [ee2418ff3f86] * match.c: add cast to uid_t [eb6415302d84] * gram.y: missing free in alias_destroy [572ecb680ad8] * redblack.c: Can't use rbapply() for rbdestroy since the destructor is passed a data pointer, not a node pointer. [11ce713830c0] * getspwuid.c, logging.c, sudo.c, sudo.h: Create and use private versions of setpwent() and endpwent() that set/end the shadow password file too. [616bc76d23bf] * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c: Store aliases in a red-black tree. [ce017d540416] * Makefile.in, redblack.c, redblack.h: red-black tree implementation [cd5586e8f48b] * visudo.c: Edit all sudoers file if there were unused or undefined aliases and we are in strict mode. [b6d5f5bb7262] 2004-11-12 Todd C. Miller * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c: Bring back the "secure_path" Defaults option now that Defaults take effect before the path is searched. [2e52c0e27606] 2004-11-11 Todd C. Miller * logging.c, parse.c: A user can always list their own entries, even with -u. Better error message when failing to list another user's entries. [e2e24deb0071] * parse.c, sudo.c, sudo.h: The syntax to list another user's entries is now "-u otheruser -l". Only root or users with sudo "ALL" may list other user's entries. [3c0657e8f5fe] * sudo.cat, sudo.man.in, sudo.pod: Update env variable info in SECURITY NOTES [299716071024] * env.c: strip CDPATH too [9b97643b26f9] * env.c: strip exported bash functions from the environment. [9e5090c8284f] 2004-10-27 Todd C. Miller * sudo.c: Only reset sudo_user.pw based on SUDO_USER environment variables for real commands and sudoedit. This avoids a confusing message when a user tries "sudo -l" or "sudo -v" and is denied. [3ea6d0053274] * gram.c, gram.y, parse.h: Extend LIST_APPEND to deal with appending lists too [d963e42f622f] 2004-10-26 Todd C. Miller * logging.c: Convert some bitwise AND to ISSET [130dc40d268e] * lex.yy.c, toke.c: toke.c replaces lex.yy.c [048858df79e7] * CHANGES, TODO: sync [d19e7abf251c] * BUGS: new parser fixes most of the outstanding bugs [0891f66e3758] * configure: regen [1a3358cc7283] * visudo.c: Rework for the new parser. Now checks for unused aliases in sudoers. [ad462ede3094] * testsudoers.c: Rewrite for the new parser. Now supports a -d flag (dump) and adds a -h flag (host). It now defaults to the local hostname unless otherwise specified. [1b69685cc601] * sudo.h: Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h) [2e4fb3abfef0] * sudo.c: Update for new parse. We now call find_path() *after* we have updated the global defaults based on sudoers. Also adds support for listing other user's privs if you are root. [cf3db9fc3024] * mon_systrace.c: Working LDAP support; also remove a now-unneeded rewind(). [649ecf1baf6b] * logging.c, logging.h: Add NO_STDERR flag. [6cb935af94e0] * ldap.c: Split sudo_ldap_check() into three pieces: sudo_ldap_open(), udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to connecto to LDAP, apply the default options, find the command in the user's path, and then check whether the user is allowed to run it. The important thing here is that the default runas user may be specified as a default option and that needs to be set before we search for the command. [fc0426abc6f1] * ldap.c: Add casts to unsigned char for isspace() to quiet a gcc warning. [e5358e3df439] * defaults.h: Add prototype for update_defaults() [564dac3db74e] * defaults.c: Don't warn about line numbers now that we operate on a set of data structures (or LDAP) and not a file. [bcd9ffb9b67c] * config.h.in: No long use lsearch() [9d048c587319] * Makefile.in: Update for new and changed file names. [6f424a7c4515] * LICENSE: no more BSD lsearch.c [463a96d89026] * match.c: foo_matches() routines now live in match.c Added user_matches(), runas_matches(), host_matches(), cmnd_matches() and alias_matches() that operate on the parsed sudoers file. [b14da8a0567e] * parse.lex, toke.l: Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer() WORD no longer needs to exclude '@' kill yywrap() [a922294eb7b7] * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c, sudo.tab.h: Rewritten parser that converts sudoers into a set of data structures. This eliminates ordering issues and makes it possible to apply sudoers Defaults entries before searching for the command. [30d2ec4d203c] * configure.in, emul/search.h, lsearch.c: We won't be using lsearch() any longer. [29c4d54bfac0] * ldap.c: sudo should not send mail if someone who runs 'sudo -l' has no entry. [6fc27a69fd9c] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: regen [8166347917f3] * visudo.pod: Update warnings to match new visudo [004c0766798f] * sudoers.pod: The new parser doesn't have the old ordering constraints. [ffd43bd08661] * sudo.pod: Document that -l now takes an optional username argument [278f9557de8b] 2004-10-25 Todd C. Miller * RUNSON: AIX 5.2.0.0 works [523acd29d858] * ldap.c: If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes a compilation problem with Solaris 9's native LDAP. Set FLAG_MONITOR when needed. [35824ade672d] 2004-10-23 Todd C. Miller * mon_systrace.c: Call sudo_goodpath() *after* changing the cwd to match the traced process. Fixes relative paths. [12ee111d0ad7] 2004-10-21 Todd C. Miller * testsudoers.c: Kill set_perms() stub--it is no longer needed. [116ed702935d] 2004-10-13 Todd C. Miller * sudoers.cat, sudoers.man.in, sudoers.pod: stay_setuid now requires set_reuid() or setresuid() [8511f67e25d5] * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure, configure.in, set_perms.c, sudo.c, sudo.h: Kill use of POSIX saved uids; they aren't worth bothering with. [b3b1f19f18c1] 2004-10-07 Todd C. Miller * glob.c: remove call to issetugid() [63f2e492c08f] * sudoers.cat, sudoers.man.in, sudoers.pod: Remove warning about wildcards. Now that we use glob() the bug is fixed. [b15729d32266] * parse.c: Use glob(3) instead of fnmatch(3) for matching pathnames and stat each result that matches the basename of the user's command. This makes "cd /usr/bin ; sudo ./blah" work when sudoers allows /usr/bin/blah. Fixes bug #143. [e31eb6310340] * config.h.in, configure, configure.in: Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and GLOB_BRACE) [677ed6661e17] * config.h.in, configure, configure.in: Check for a glob() that supports GLOB_BRACE and GLOB_TILDE [aaa2329dd266] * LICENSE: reference glob [bedc9a923423] * glob.c: 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions removed. [81799451473c] * emul/glob.h: 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions removed. [0335cf31fb1e] 2004-10-05 Todd C. Miller * mon_systrace.c: Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably means we are out of space in the stack gap... [5b02b702021e] * CHANGES: sync [be3826273e56] * mon_systrace.c: Take a stab at ldap sudoers support here. [9d023695b0de] * mon_systrace.c, mon_systrace.h: Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot" doesn't cause reboot to inadvertanly kill itself. [d4aab2365610] * mon_systrace.c: put "monitor" in the proctitle, not "systrace" [9a9025767d86] * mon_systrace.c: When modifying the environment, don't replace envp when we can get away with just rewriting pointers in the traced process. [c03622f7a2e2] * mon_systrace.c, mon_systrace.h: Add environment updating via STRIOCINJECT (if available). [037291016870] * sudoers.cat, sudoers.man.in: regen [869acc511046] 2004-10-04 Todd C. Miller * lex.yy.c: regen [4e61a9bd3c97] * parse.lex: Fix bug introduced in unput() removal; want yyless(0) not yyless(1) [b70d7bd6e147] * mon_systrace.c: Include file is now mon_systrace.h [ead4e36d92ae] * Makefile.in, configure, configure.in, def_data.c, def_data.h, def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod: No longer call it tracing, it is now "monitoring" which should be more a obvious name to non-hackers. [aa811ded0789] 2004-10-01 Todd C. Miller * mon_systrace.c, mon_systrace.h: Fix some XXX [a271072dacc6] * mon_systrace.c, mon_systrace.h: No need to include syscall.h, use 1024 as the max # of entries (the max that systrace(4) allows). Only need to use SYSTR_POLICY_ASSIGN once Change check_syscall() -> find_handler() and have it return the handler instead of just running it. We need this since handler now have two parts: one part that generates and answer and another that gets called after the answer is accepted (to do logging). Add some missing check_exec for emul execv [a89d243f0525] * sample.pam, sample.sudoers, sample.syslog.conf, sudoers: Add $Sudo$ tags. [6f3fedb0daba] * config.h.in: Add missing HAVE_LINUX_SYSTRACE_H [ff75ab7bfc53] * Makefile.in: add trace_systrace.o dependency [88a408668ab2] 2004-09-30 Todd C. Miller * configure, configure.in: Also look for systrace.h in /usr/include/linux [98b98b436cf3] * mon_systrace.c, mon_systrace.h: Move all struct defs and prototypes into trace_systrace.h and mark all but systace_attach() static. [85511253b570] * mon_systrace.c, mon_systrace.h: Add support for tracing emulations. At the moment, all emulations are compiled in. It might make sense to #ifdef them in the future, though this impeeds readability. [87bb50abf277] * Makefile.in, configure, configure.in: rename systrace.c -> trace_systrace.c [31cfa4407d93] * parse.yacc, sudo.tab.c: Allow this to build with a K&R compiler again [32876af5bb98] * TODO: sync [46865bd70f7c] * compat.h, sudo.c, visudo.c: Use __attribute__((__noreturn__)) [65bbad71fe89] * visudo.c: Exit() takes a negative value to indicate it was not called via signal. [b93032ed7b60] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: regen [45bcf4661558] * Makefile.in, visudo.c: Define Err() and Errx() that are like err() and errx() but call Exit() instead of exit(). Build private copy of alloc.o for visudo that calls Err() and Errx(). [c6d02bf42edd] 2004-09-29 Todd C. Miller * lex.yy.c, sudo.tab.c: regen [39de7e7c59da] * CHANGES: sync [ba481d9ed1aa] * visudo.c: Overhaul visudo for editing multiple files: o visudo has been broken out into functions (more work needed here) o each file is now edited before sudoers is re-parsed o if a #include line is added that file will be edited too TODO: o cleanup temp files when exiting via err() or errx() o continue breaking things out into separate functions [80c35cf534eb] * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c: Add keepopen arg to open_sudoers that open_sudoers can use to indicate to the caller that the fd should not be closed when it is done with it. To be used by visudo to keep locked fds from being closed prematurely (and thus losing the lock). [f330fe632470] * parse.yacc, sudo.c: Add errorfile global that contains the name of the file that caused the error. [98079c7a37ed] * parse.lex: return COMMENT to yacc grammar for a #include line [2024a8de4fa8] * parse.lex: Remove us of unput() in favor of yyless() which is cheaper. [c61291902beb] * parse.yacc: Allow an empty sudoers file. [62fb111db2e7] 2004-09-28 Todd C. Miller * mon_systrace.c: Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us. [9e15869ef597] * lex.yy.c, sudo.tab.c: regen [c29bdd43bfad] * visudo.c: Do signal setup before calling edit_sudoers(). Don't shadow the "quiet" global. [74252efd09ff] * visudo.c: If a sudoers file includes other files, edit those too. Does not yes deal with creating the new includes files itself. [06af7b9c173f] * testsudoers.c: init_parser now takes a path [b5ee186eb192] * parse.c, parse.h, parse.lex, parse.yacc: More scaffolding for dealing with multiple sudoers files: o init_parser() now takes a path used to populate the sudoers global o the sudoers global is used to print the correct file in yyerror() o when switching to a new sudoers file, perserve old file name and line number [d9be4970b8bd] * Makefile.in, pathnames.h.in: Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have multiple sudoers files. [6ccc4e921c43] * parse.c, sudo.c: Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so we start at the right file position when reading include files. [91fcb961e7a4] * sudoers.pod: document #include [fbb92a25a726] * lex.yy.c: regen [50cd7a4c9dff] * parse.lex: Add max depth of 128 for the include stack to avoid loops. Since yyerror() doesn't stop parsing, pass return values back to yylex and call yyterminate() on error. [e79dbffb729d] 2004-09-27 Todd C. Miller * sudoers.pod: document tracing [165a467eadd8] * sudo.pod: Mention PREVENTING SHELL ESCAPES section of sudoers man page [3217ccecd834] * lex.yy.c, sudo.tab.c: regen [fbd58d1d3a76] * parse.lex: Add support for #include in sudoers (visudo support TBD) [a78015ca81af] * parse.yacc: make yyerror()'s argument const [7d8e168c019a] * testsudoers.c, visudo.c: Add open_sudoers() stubs. [087466787198] * sudo.c, sudo.h: Rename check_sudoers() open_sudoers() and make it return a FILE * [142fc511fc65] 2004-09-26 Todd C. Miller * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in, version.h: Crank version [1adc3f839480] * Makefile.in, sudo.psf: Better HP-UX depot construction [2d952b000e63] 2004-09-25 Todd C. Miller * mon_systrace.c: o Made children global so check_exec() can lookup a child. o Replaced uid in struct childinfo with struct passwd * (for runas) o new_child() now takes a parent pid so the runas info can be inherited o Added find_child() to lookup a child by its pid o update_child() now fills in a struct passwd o Converted the big if/else mess in set_policy to a switch o Syscalls that change uid are now "ask" so we get SYSTR_MSG_UGID events [29b9ea3f09a3] * getspwuid.c: Add flag to sudo_pwdup that indicates whether or not to lookup the shadow password. Will be used to a struct passwd that has the shadow password already filled in. [e19d43dd7238] * mon_systrace.c: add missing increment of addr in read_string() [f9eb0f060cb6] * mon_systrace.c: Remove bogus call to update_child() and some cosmetic fixes [701ab0b97fef] * mon_systrace.c: Don't leak /dev/systrace fd to tracee Make initialized global for simplicity If STRIOCATTACH returns EBUSY we are already being traced Check for user_args == NULL in setproctitle() call Add missing calls to STRIOCANSWER [1956edf9bc3a] * sudo.c: g/c sudo_pwdup proto [b7c4d6249ecb] * Makefile.in, sudo.psf: Add target for building a depot file [357019efd99b] * mon_systrace.c: trim includes [501534428471] 2004-09-24 Todd C. Miller * lex.yy.c, sudo.tab.c, sudo.tab.h: regen [52fd250c6986] * INSTALL: document --with-systrace [79623927c94e] * config.h.in, configure, configure.in: Add check for setproctitle [1730cf1c26ed] * mon_systrace.c: pass struct str_msg_ask in to syscall checker so it can set the error code [1703fd2fdef6] * mon_systrace.c: systrace(4) support for sudo. On systems with the systrace(4) kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can intercept exec calls and check the exec args against the sudoers file. In other words, sudo can now control subcommands and shell escapes. [928c9217c386] * sudo.c, sudo.h: Call systrace_attach() if FLAG_TRACE is set. [014ba9402fa5] * parse.c, parse.h, parse.lex, parse.yacc, sudo.h: Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE [a99904db5e56] * parse.c, sudo.c: Don't close sudoers_fp, keep it open and set close on exec flag instead. [43a9fec60bee] * def_data.c, def_data.h, def_data.in: Add trace option [5b643b86730a] * Makefile.in: Add systrace [47a0519c427c] * INSTALL: SunOS /bin/sh blows up with configure [005a23cc5615] * configure, configure.in: Include sys/param.h before systrace.h [9345bc8efecf] * configure: regen [a8f53fcbb254] * pathnames.h.in: _PATH_DEV_SYSTRACE [d2ad1e492a00] * configure.in: line up options in --help [fa51f2821d09] * config.h.in, configure.in: Add --with-systrace [a264d54bc413] 2004-09-23 Todd C. Miller * configure: regen [a4dad0bcc523] * aclocal.m4, configure.in: make this work with autoconf-2.59 [c4a92b6a684a] 2004-09-16 Todd C. Miller * sudo_edit.c: Simplify logic around open & stat of files and do sanity on edited file even if we lack fstat (still racable but worth doing). [adda65ade70c] 2004-09-15 Todd C. Miller * HISTORY: Add support url [bf6590fbde9f] * Makefile.in: versino 1.6.8p1 [b84ebfaf1552] [SUDO_1_6_8p1] * CHANGES: more changes for 1.6.8p1 [e23a9c0393b6] * version.h: 1.6.8p1 [872f14504b5f] * CHANGES, sudo_edit.c: Add sanity check so we don't try to edit something other than a regular file. [350134ec6d4e] 2004-09-15 Aaron Spangler * CHANGES: sync [3091ca9eae00] * INSTALL: document --with-ldap-conf-file [0e2cd6b896f1] 2004-09-14 Todd C. Miller * CHANGES, ins_csops.h: political correctness strikes again [428e8bc77f55] * RUNSON: sync [27f44bd423dc] 2004-09-12 Todd C. Miller * Makefile.binary.in, Makefile.in: Install sudoedit man link [19a55234fc1f] * INSTALL: Update PAM note and mention where HP-UX users can download gcc binaries. [d37cdbbabfd4] * Makefile.in: libtool wants to install stuff from .libs so fake one up for binary installations. [a681bc6fcfba] * Makefile.binary.in: rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly [3e0c4b3372cc] * Makefile.in: Deal with "uname -m" having slashes in it rm -f old sudoedit link instead of using ln -f [cff33fb97e5b] * Makefile.binary, Makefile.binary.in: Makefile.binary -> Makefile.binary.in for config.status substitution Add support for installing noexec bits [37d8bb3483c6] * Makefile.in: Copy noexec bits into binary dists too No longer use my old arch script for making binary dists [e7058bab9e33] * Makefile.binary: Install sudoedit link. [417d1e101711] 2004-09-11 Todd C. Miller * emul/utime.h: avoid __P so there is no need for compat.h to be included [6d8d1f1abf7d] * utimes.c: Don't use HAVE_UTIME_H before including config.h. [013b7bb61181] 2004-09-10 Todd C. Miller * compat.h: Fix Solatis futimes macro [d4eda2ca0d29] 2004-09-09 Todd C. Miller * sudo_edit.c: Rename ots -> omtim for improved readability. [127ca5bb297c] 2004-09-08 Todd C. Miller * sudo_edit.c: Redo changes in revision 1.7. Don't really need to keep the temp file open; re-opening it with the invoking user's euid is sufficient. [55a883165a95] * CHANGES: sync [9015b291170d] * sudo.cat, sudo.man.in: regen [c0313f6ed783] * sudo.pod: back out revision 1.70; it is no long applicable [b641d503aff6] * env.c: Let the loader initialize nep [bec192139b02] * config.h.in, configure, configure.in: Removed unneed check for fchown Add check for gettimeofday Move autoheader template stuff into separate AH_TEMPLATE lines [bfc0edbd43f2] * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c: Use timespec throughout. [1a178a23b69b] * Makefile.in: gettime.[co] [6aeb48a7ab7f] * gettime.c: function to return the current time in a struct timespec [bf8eb12cb63f] * utimes.c: Not a darpa-sponsored file. [121ce5e2036c] 2004-09-07 Todd C. Miller * compat.h, config.h.in, configure, configure.in: Add a check for struct timespec and provide it for those without. [42124055030d] * config.h.in, configure, configure.in, sudo_edit.c: Add checks for st_mtim and st_mtimespec and add macros for pulling the mtime sec and nsec out of struct stat. These are used in sudo_edit() to better tell whether or not the file has changed. [23debfbb3fab] * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c: Add an extra param to touch() for nsec [56f7a4ba8ddb] * sudo_edit.c: Call mkstemp() as the in invoking user so we don't have to chown the file later. Only touch() the temp file if we can do it via the file descriptor. Don't check for modification of the temp file if we lack fstat(). Catch errors read()ing the temp file. [665f52c70836] * fileops.c: If path is NULL and fd == -1 return -1. [757a518a824c] * sudo_edit.c: closefrom() is overkill, the only extra fds are the ones we opened so just close those in the child. [f361c9d2a1f4] * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure, configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c, visudo.c: Use utimes() and futimes() instead of utime() in touch(), emulating as needed. Not all systems are able to support setting the times of an fd so touch() takes both an fd and a file name as arguments. [3d9276f29717] 2004-09-07 Aaron Spangler * env.c: Rare SEGV [8995f828782d] 2004-09-06 Todd C. Miller * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: regen [b8e9406711c5] * sudo.pod, sudoers.pod, visudo.pod: Add SUPPORT section and re-order some of the sections to match the order we use in OpenBSD. [fa37bd917e2c] 2004-09-06 Aaron Spangler * env.c: Openldap ~/.ldaprc fix [1a37afe6850f] 2004-09-06 Todd C. Miller * sudo.pod: Talk about how the editor must write its changes to the original file and not just use rename(2). [c55ed91c5ee9] * CHANGES: sync [62af26bd37a2] * sudo_edit.c: Keep the temp file open instead of re-opening after the editor has exited. [de41eeb6dcf2] * sample.pam: Update for current redhat/fedora core. [8cf083077333] 2004-09-03 Aaron Spangler * README.LDAP: tls_ examples [ba783d88a034] 2004-09-02 Aaron Spangler * ldap.c: config tls_* options [0b0e0797b3b9] 2004-08-29 Todd C. Miller * configure, configure.in: No need for -lcrypt when using pam. [41fff3a53e68] 2004-08-27 Todd C. Miller * configure: regen [75820aecce2c] 2004-08-27 Aaron Spangler * configure.in, ldap.c, pathnames.h.in: Allow --with-ldap-conf-file option to override LDAP_CONF [c9909bc484a5] * ldap.c: cleanup debug message [1f6ca4824d8d] 2004-08-26 Aaron Spangler * README.LDAP: more config info [f2e7147fd507] 2004-08-24 Todd C. Miller * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c: Add cmnd_base to struct sudo_user and set it in init_vars(). Add cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No longer use gross statics in command_matches(). Also rename some variables for improved clarity. [7169a6c7bea4] 2004-08-21 Todd C. Miller * INSTALL: document HP's crippled compiler deficiency. [c405ea5a8d4c] * INSTALL: Fix some thinkos in --with-editor and --with-env-editor descriptions. Noticed by Norihiko Murase. [dd781de1c985] * configure, configure.in: --with-noexec takes an optional PATH argument. [8f6ab77f22cc] * INSTALL: document --with-noexec [50cb1fc627ce] 2004-08-17 Todd C. Miller * RUNSON, TODO: sync [f2503bd13373] [SUDO_1_6_8] * sudo_edit.c: Better warning message when sudoedit is unable to write to the destination file. [f78c18f2ffa8] * sudo.cat, sudo.man.in: regen [7e2bf63d6d9a] * sudo.pod: Don't italicize the string "sudoedit" [c691643bd269] 2004-08-16 Todd C. Miller * HISTORY: Mention GratiSoft. [dc53de581b2d] 2004-08-11 Todd C. Miller * sudo.tab.c: regen [8ae0484dfc38] * parse.yacc: Reset used_runas to FALSE when re-intializing the parser. [b7403f353a02] 2004-08-09 Todd C. Miller * config.guess: Correct OpenBSD mips support [314fc7afc165] * config.guess: Add OpenBSD/mips [ac87d0a773ef] 2004-08-07 Aaron Spangler * README.LDAP: More behavior notes [13be1d212b47] * README.LDAP: Updates on current behavior [d498a8866d6f] 2004-08-06 Todd C. Miller * sudoers.pod: =back does not take an indentlevel (makes no difference to formatted files). [9c8523bb382a] * sudo.pod: =back does not take an indentlevel (makes no difference to formatted files). [e5f479e24fa8] * CHANGES: new [2dbd9aba8b33] * sudo.c: Consistency. Use same error for bad -u #uid when targetpw is set as we do when a bad -u username is specified. [922961c4a9d6] * TODO: Add checksum idea from Steve Mancini [e6ece1b766ba] * sudoers.cat, sudoers.man.in: regen [370d2317829f] * sudo.cat, sudo.man.in: regen [f93d41fc38b1] * sudo.pod, sudoers.pod: Document the restriction on uids specified via -u when targetpw is set. [878fedb455db] * sudo.c: Error out when targetpw is enabled and sudo is run with -u #uid but #uid does not exist in the passwd database. We can't do target authentication when the target is not in passwd! [27c5888c86eb] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen [ceb65711050c] * TODO: Some more todo for the next release. [7b7417be7601] * INSTALL: Make it clear that PAM should be used for DCE support when possible. [7502029fd385] * sudoers.pod: o Document problems with wildcards and relative paths. o Make the order requirements more prominent. o Change a "set" to "reset" for clarity. [bacdd181b33f] 2004-08-05 Todd C. Miller * sudo.pod: Mention --with-secure-path, not SECURE_PATH. [41283ddde5e1] 2004-08-03 Aaron Spangler * ldap.c: reflect changes to parse.c [8880fe9b724d] 2004-08-02 Todd C. Miller * sudo.tab.c: regen [a57658ca9177] * parse.c, parse.h, testsudoers.c, visudo.c: Don't pass user_cmnd and user_args to command_matches(), just use the globals there. Since we keep state with statics anyway it is misleading to pretend that passing in different cmnd and cmnd_args will work. [0a2544991fd6] * parse.yacc: Don't pass user_cmnd and user_args to command_matches(), just use the globals there. Since we keep state with statics anyway it is misleading to pretend that passing in different cmnd and cmnd_args will work. [a4910bf6032b] * parse.c: Fix a bug introduced in rev. 1.149. When checking for pseudo- commands check for a '/' anywhere in cmnd, not just the first character. [ce98142f03ca] 2004-07-31 Aaron Spangler * sudo.man.in, sudo.pod: Clarification thanks to Olivier Blin [a91800e094b1] * sudoers.man.in, sudoers.pod: Add ignore_local_sudoers [741ddcbf7083] * README.LDAP: Sun One schema definition by Andreas.Bussjaeger@t-systems.com and janth@moldung.no [742c02e07cd9] 2004-07-29 Todd C. Miller * CHANGES: typo [e7cdefbd7a9a] 2004-07-23 Todd C. Miller * CHANGES: sync [734dafc4a85e] * parse.c: Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse. [151b7f593568] 2004-07-08 Todd C. Miller * CHANGES: PAM change [d8fb6d6a22d0] 2004-07-08 Aaron Spangler * ldap.c: Better debugging of ALL command [9db3e84029dc] 2004-07-08 Todd C. Miller * parse.c: When matching for "sudoedit" in sudoers check both the command the user typed *and* the command that is listed in the sudoers entry. [f36ca1f94095] 2004-07-04 Aaron Spangler * ldap.c: Added !command feature [ed539574611b] 2004-06-28 Todd C. Miller * auth/pam.c: Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell [2be8e0e8813a] 2004-06-11 Todd C. Miller * LICENSE: License is ISC-style, not BSD-style [ac0589e1dd5d] * CHANGES: sync [16058a30f404] 2004-06-10 Todd C. Miller * sudo.cat, sudo.man.in: regen [8820eb9c809b] * sudo.pod: o Update some out of date bits to reality o Change the shell promt in examples to bourne-shell style o Clarify some details o Add a CAVEAT about "sudo cd /foo" [b0af373214b6] * check.c: Don't ask for a password if invoking user == target user. [dd5c96141132] * sudo.c: typo in comment [278d20f9b249] 2004-06-08 Todd C. Miller * sudoers.cat, sudoers.man.in: regen [9036c6f39eff] * sudoers.pod: Expand on NOEXEC a little. [9a13756aebe4] * TODO: sync [8d2c1af48de8] * visudo.cat, visudo.man.in: regen [3921f01607c8] * sudo.tab.c: regen [9338c3d68250] * visudo.pod: Add a check in visudo for runas_default being set after it has already been used. [6700358d7ad8] * CHANGES, parse.yacc, visudo.c: Add a check in visudo for runas_default being set after it has already been used. [803560986a8a] * sudo.tab.c: regen [b60636e2cf63] * parse.yacc: Add a MATCHED macro for testing whether foo_matches has been set to TRUE or FALSE. This is more readable than checking for >=0 or < 0. Doesn't change the actual code generated. [f376da8ccdc8] 2004-06-07 Todd C. Miller * sudoers.cat: regen [6cceb6d6c9bd] * sudoers.man.in: regen [5acd12b730b3] * sudoers.pod: Correct description of where Defaults specs should go. [6b11ff53d7ad] * sudoers: Correct description of where Defaults specs should go. [868db857630d] * testsudoers.c, visudo.c: update (c) year [272c8a53604c] * logging.h: update (c) year [3cec76d400ce] * ldap.c: update (c) year [f264632488a0] * find_path.c: update (c) year [40c227af9227] * auth/pam.c: update (c) year [87149e0eed50] * auth/bsdauth.c, auth/kerb5.c: update (c) year [d72eb434c068] 2004-06-06 Todd C. Miller * sudo.tab.c: regen [83408d9e9d2e] * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c: Remove trailing spaces, no actual code changes. [4c3bf2819293] * tgetpass.c: Remove trailing spaces, no actual code changes. [96f6e0a24c26] * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c: Remove trailing spaces, no actual code changes. [c7075d1cbed5] * getcwd.c: Remove trailing spaces, no actual code changes. [776cc0374547] * find_path.c: Remove trailing spaces, no actual code changes. [7ed7099f3c71] * compat.h, defaults.c, env.c: Remove trailing spaces, no actual code changes. [893e83c33795] * check.c: Remove trailing spaces, no actual code changes. [f77750f8803b] * sudo.tab.c: regen [62e0ed883b31] * parse.yacc: Fix a >=0 that should be <0 that was improperly converted when UNSPEC was added. [ad1531a55a49] * parse.yacc: Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not NOMATCH when resetting it. [ae017a12870a] * parse.yacc: Fix pastos introduced in SETNMATCH addition. [6ea1c9d80681] 2004-06-05 Todd C. Miller * README.LDAP: Update for configure changes [637a635da287] * sudo.tab.c: regen [4753c2788713] * sudo.h: Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use these in parse.yacc. Also in parse.yacc initialize the *_matches vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use when setting *_matches to a value that may be NOMATCH/UNSPEC/TRUE/FALSE. [2ba622e15a4d] * parse.yacc: Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use these in parse.yacc. Also in parse.yacc initialize the *_matches vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use when setting *_matches to a value that may be NOMATCH/UNSPEC/TRUE/FALSE. [746b519e41a6] * parse.yacc: Initialize runas to -2, not -1 since we need to be able to distinguish between the initialized value and the value of a non- match when passing along the runas value to multiple commands. The result of this is that an unmatched runas is now set to -1, not 0. This is required now that parse.c treats a FALSE value for runas as being explicitly denied. [7791ed3621f6] 2004-06-03 Todd C. Miller * sudo.c, visudo.c: Error out if argc < 1. [ce6b2a9eda3c] * getprogname.c: Error out if argc < 1. [c566cce8dc78] * configure, configure.in: Add tests for what libs we need to link with for ldap and for whether or not lber.h needs to be explicitly included. [b2e9729cc4e7] 2004-06-03 Aaron Spangler * ldap.c: Solaris native LDAP build fix [39929e40eb11] 2004-06-01 Todd C. Miller * ldap.c: Set edn to NULL is ldap_get_dn() fails to avoid potential use of an unset variable. [6a4c20a66f98] * sudo.h: Add prototype for sudo_ldap_list_matches [443b007a8dab] * configure, configure.in: Better check for dirfd macro--we now set HAVE_DIRFD for the macro version too. Added check for dd_fd in `DIR' if no dirfd is found; this is now used to confitionally define the dirfd macro in compat.h. [567656978f7e] * config.h.in: Better check for dirfd macro--we now set HAVE_DIRFD for the macro version too. Added check for dd_fd in `DIR' if no dirfd is found; this is now used to confitionally define the dirfd macro in compat.h. [34eace4faec8] * compat.h: Better check for dirfd macro--we now set HAVE_DIRFD for the macro version too. Added check for dd_fd in `DIR' if no dirfd is found; this is now used to confitionally define the dirfd macro in compat.h. [8d50ff1bbf2a] * closefrom.c: Only check /proc/$$/fd if we have the dirfd function/macro. [15e3ccce7553] * compat.h, config.h.in, configure, configure.in: Add a check for a dirfd() function (like Linux) and add a dirfd macro in compat.h if there is no dirfd() function or macro. [1e95756edb50] * closefrom.c, getcwd.c: dirfd() is now defined in compat.h as needed. [bb1d79271188] * CHANGES: Clarify closefrom() note. [f4e4a5508dda] * parse.c: When checking for a command in the directory, only copy the base dir once. [7a3276808b87] * closefrom.c: If there is a /proc/$$/fd directory, behave like the Solaris closefrom() and only close the descriptors listed therein. [19de23779e84] * alloc.c: compat.h guarantees INT_MAX is defined. [1bf0c79d4606] * compat.h: Add definitions of OPEN_MAX and INT_MAX for those without it and remove definition of RLIM_INFINITY (now unused). [f827d1ebf96e] * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c, sudo.c, sudo.h, visudo.c: Use PATH_MAX, not MAXPATHLEN since the former is standardized. [59788f211c24] 2004-05-31 Todd C. Miller * CHANGES: sync [d32fa124f1ad] * RUNSON: Add some entries that were mailed in a while ago [ff8d5bfec54e] * closefrom.c: o sysconf returns a long, not an int. o check for negative return value from sysconf/getdtablesize and use OPEN_MAX in this case. o define OPEN_MAX to 256 for those without it (a fair guess...) [ccf81ae6deb2] 2004-05-30 Todd C. Miller * UPGRADE: Mention change in parse order for RunAs entries. [dc73b0bca617] * configure: regen [07cce8e0534e] 2004-05-29 Todd C. Miller * INSTALL, README.LDAP, config.h.in, configure.in: o --with-ldap now takes an optional dir as a parameter o added check for ldap_initialize() and start_tls_s() [2b846c7974c6] * README.LDAP: Fix some typos, word choice and formatting issues. [00dc8ca84b10] 2004-05-28 Todd C. Miller * tgetpass.c: Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use read/write as it is simpler. [30f5446ee8b0] * configure, configure.in: Remove hack overriding cross-compiler check. It should no longer be needed. [22a6cbd88608] * compat.h: Remove select() compat bits since we no longer use select(). [d7bbf7cd36f5] * CHANGES, tgetpass.c: Use alarm() instead of select() for the timeout for systems that don't fully/properly implement select(). [d7cc60f15800] 2004-05-27 Todd C. Miller * CHANGES: synbc [132a39788e07] * RUNSON: update [61ef508380c6] * set_perms.c: Deal with systems that have no way of setting the effective uid such as nsr-tandem-nsk. [306e00e9b5a4] * configure, configure.in: Define NO_SAVED_IDS if we don't find seteuid() [8588f18345cf] * config.h.in, configure, configure.in: Add back check for setreuid() since NSK doesn't have it. [43127bd703d1] * sudoers.cat, sudoers.man.in: regen [af4f4b20e422] * CHANGES: sync [29ca3b699c24] * BUGS: sync [3593f17f72ed] * parse.c: In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was explicitly denied and the command matched. This fixes a long- standing bug and makes: foo machine = (ALL) /usr/bin/blah foo machine = (!bar) /usr/bin/blah equivalent to: foo machine = (ALL, !bar) /usr/bin/blah [2f5ee244985a] * sudoers.pod: Clarify mail_noperm [3238b2d41989] 2004-05-20 Aaron Spangler * Makefile.in: Missing DESTDIR in make install for sudo_noexec.la [91431e821525] 2004-05-17 Todd C. Miller * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: regen [cdfde0dcb556] * TODO: sync [4799b7d8b62c] * sudoers.pod: Remove fastboot/fasthalt (who still remembers these?) and add a minimal sudoedit example. [19d299f233cd] * sample.sudoers: Remove fastboot/fasthalt (who still remembers these?) and add a minimal sudoedit example. [b1bca73d6250] * UPGRADE, sudo.c, visudo.c: filesystem -> file system [1e1afaf30469] * TROUBLESHOOTING: filesystem -> file system [39fb594e9338] * CHANGES, INSTALL: filesystem -> file system [85948b608ffe] * sudo.pod, sudoers.pod: Fix some minor typos and formatting goofs [e94d243a0b90] * lex.yy.c: regen [2eed0ab1f4c4] * visudo.pod: remove my email addr [b63262c0389b] * sudo.pod, sudoers.pod, visudo.pod: Use @mansectform@ and @mansectsu@ everywhere Make man page references links with L<> [f459f4b9ddb9] * parse.lex: Accept quoted globbing characters and pass them verbatim for fnmatch() [8248b86e9380] * UPGRADE: Document that /tmp/.odus is gone. [3667b66af5bb] * pathnames.h.in: No longer use /tmp/.odus as a possible timestamp dir unless specifically configured to do so. Instead, if no /var/run exists, use /var/adm/sudo or /usr/adm/sudo. [48d94c9f9ad4] * configure: No longer use /tmp/.odus as a possible timestamp dir unless specifically configured to do so. Instead, if no /var/run exists, use /var/adm/sudo or /usr/adm/sudo. [058d7b8cf07b] * aclocal.m4: No longer use /tmp/.odus as a possible timestamp dir unless specifically configured to do so. Instead, if no /var/run exists, use /var/adm/sudo or /usr/adm/sudo. [cf52c4c2803f] * CHANGES: No longer use /tmp/.odus as a possible timestamp dir unless specifically configured to do so. Instead, if no /var/run exists, use /var/adm/sudo or /usr/adm/sudo. [6058c4cefcec] * set_perms.c, sudo.c, tgetpass.c, visudo.c: Preliminary changes to support nsr-tandem-nsk. Based on patches from Tom Bates. [2e5f81834383] * logging.c: Preliminary changes to support nsr-tandem-nsk. Based on patches from Tom Bates. [934bbe6872b6] * check.c, compat.h: Preliminary changes to support nsr-tandem-nsk. Based on patches from Tom Bates. [390b698b5924] 2004-05-16 Todd C. Miller * CHANGES: There was no 1.6.7p6. [8013d2e6b062] * BUGS, CHANGES: sync [c38b41f32857] * Makefile.in: add missing files to DISTFILES [e6a80ad03039] * sudo.cat, sudoers.cat, visudo.cat: regen [027bc9746dd5] * sudoers.man.in: regen [f5e85ef686cf] * Makefile.in: Fix some line wrap and update (c) year [bad1f46aa1ca] 2004-04-28 Aaron Spangler * README.LDAP: Build Note [7a061248249b] 2004-04-07 Aaron Spangler * Makefile.in: Fix install-dirs [be0726dd92e7] 2004-04-05 Todd C. Miller * sudo.tab.c: regen [3f4f0d1ab8b9] * visudo.c: In Exit() when used as a signal handler, emsg is a pointer so sizeof() is wrong so make it a #define instead. Also avoid using a negative exit value. Found by Aaron Campbell [78716a3a3fdc] 2004-03-24 Todd C. Miller * sudoers.pod: Remove bogus sentence about uids in a User_List. Document usernames vs. uid parsing in a Runas_List. [7ca510b5031c] * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: If the user specified a uid with the -u flag and the uid exists in the passwd file, set runas_user to the name, not the uid. When comparing usernames in sudoers, if a name is really a uid (starts with '#') compare it numerically to pw_uid. [8d6935d04673] 2004-03-22 Todd C. Miller * auth/kerb5.c: krb5_mcc_ops should be const; Johnny C. Lam [aa8c753e426e] 2004-02-28 Aaron Spangler * CHANGES, config.h.in, ldap.c: Added start_tls support [7ef864c15b69] 2004-02-14 Todd C. Miller * Makefile.in: Clean up libtool stuff for 'make distclean' and add def_data.c, def_data.h to PARSESRCS. [bf9bb6bb06ab] 2004-02-14 Aaron Spangler * strlcat.c, strlcpy.c: Un-Fix last license munge [42654b77ac71] 2004-02-13 Todd C. Miller * configure: regen [e4de6b23a4dc] * CHANGES, RUNSON, TODO: checkpoint [94e1ace84d5c] * lex.yy.c, sudo.tab.c: regen [8ce784505643] * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, emul/search.h, emul/utime.h: More to a less restrictive, ISC-style license. [a31b20e48003] * auth/kerb5.c, auth/pam.c: More to a less restrictive, ISC-style license. [e41f92b41216] * auth/dce.c, auth/fwtk.c, auth/kerb4.c: More to a less restrictive, ISC-style license. [87534c164a52] * auth/bsdauth.c: More to a less restrictive, ISC-style license. [e21be6594b58] * auth/afs.c, auth/aix_auth.c, zero_bytes.c: More to a less restrictive, ISC-style license. [6d234be91c5e] * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod: More to a less restrictive, ISC-style license. [b02aea324fd6] * sudo_noexec.c: More to a less restrictive, ISC-style license. [a6da7631e0b2] * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, sudo_edit.c: More to a less restrictive, ISC-style license. [71cdcc241e94] * sigaction.c, strerror.c: More to a less restrictive, ISC-style license. [4bccdedca58a] * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in, set_perms.c: More to a less restrictive, ISC-style license. [64d772d70ab3] * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h: More to a less restrictive, ISC-style license. [520381c60a54] * find_path.c, getprogname.c: More to a less restrictive, ISC-style license. [f605d5eab6f1] * fileops.c: More to a less restrictive, ISC-style license. [4129a8b38a67] * env.c: More to a less restrictive, ISC-style license. [d5bd859757de] * defaults.h: More to a less restrictive, ISC-style license. [008f5d5743f5] * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h, defaults.c: More to a less restrictive, ISC-style license. [d8d7bfc8a18b] * utime.c, version.h: More to a less restrictive, ISC-style license. [e2e038ad8209] * parse.lex, parse.yacc: More to a less restrictive, ISC-style license. [2f5942e847a1] * Makefile.binary: More to a less restrictive, ISC-style license. [1ed561734535] 2004-02-13 Aaron Spangler * sudoers2ldif: Merged in LDAP Support [3994c4d05947] * ldap.c, sudo.c, sudo.h: Merged in LDAP Support [547eaa346fcc] * def_data.c, def_data.h, def_data.in: Merged in LDAP Support [8fb255280e42] * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in: Merged in LDAP Support [1038092a161e] 2004-02-08 Todd C. Miller * sudo.h, sudo_noexec.c: Only do "extern int errno" if errno is not a macro. [b2e02a08be8b] 2004-02-06 Todd C. Miller * set_perms.c: setreuid(0, 0) fails on QNX if the euid is not already 0 so set the euid first, then just call setuid(0) to set the real uid too. [f08546e2e0ee] * set_perms.c: Use setresuid() and setreuid() for PERM_RUNAS when appropriate instead of seteuid() which may not exist. [ba508581befb] 2004-02-04 Todd C. Miller * LICENSE: 2004 [37425513a342] * INSTALL, config.h.in, configure, configure.in, ins_classic.h: Add --with-pc-insults configure option [7daa5294c17b] * visudo.man.in: Prefer VISUAL over EDITOR like old vipw did. [996252a4ab65] 2004-02-01 Todd C. Miller * sudo.man.in, sudoers.man.in: regen [a247f1c52eb9] * sudoers.pod: Add a note that noexec is not a cure-all. [9e7fc535367d] * sudoers.pod: Mention that disabling "root_sudo" is pretty pointless. [f38a415afba0] * configure, configure.in: Substitute for root_sudo in sudoers.pod [ce483cfc86be] * sudo.pod: Add sudoedit to the NAME section [51bc453ec2f6] * sudoers.pod: Document that fact that setting ignore_dot in sudoers has no effect due to the fact that find_path() is called *before* sudoers is read. [6808df7e417c] 2004-01-30 Todd C. Miller * sudo_edit.c: Do not require _PATH_USRTMP to be set. [546f3270dd10] * BUGS, CHANGES, TODO: sync [4205ddeab781] * sudo.man.in: regen [e2143690a88a] * sudo.pod: Clarify that when sudo is run by root with the SUDO_USER variable set, the sudoers lookup happens for root and not the SUDO_USER user. [47207bec1bdf] 2004-01-29 Todd C. Miller * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c, set_perms.c, sigaction.c, sudo.c, tgetpass.c: Use the SET, CLR and ISSET macros. [a8b0d7f1e8fd] * fnmatch.c: Use the SET, CLR and ISSET macros. [1afbcba22ba6] * defaults.c, env.c: Use the SET, CLR and ISSET macros. [2f39431e0a49] * interfaces.h: MAIN was replaced with _SUDO_MAIN some time ago. [ea1b38f2ac9d] * sudo.c: Don't look at prev_user until after we've parsed sudoers and done the password check. That way, if sudo/sudoedit is run from a root process that was invoked by sudo, we check sudoers for root, not the previous user. This makes sudoedit much more useful and means that for the sudo case, we get correct logging on who actually ran the command. [431dfbf20552] 2004-01-23 Todd C. Miller * sudo_edit.c: Add a comment describing why we need to be notified about our child stopping. [0bec3ce4b49d] 2004-01-22 Todd C. Miller * def_data.c, def_data.in: Update the noexec variable descriptions [9cb7f1aa0e57] * sudoers.man.in, sudoers.pod: noexec now replaces more than just execve() [23cbdc0ee95c] * sudo_noexec.c: Alas, all the world does not go through execve(2). Many systems still have an execv(2) system call, Linux 2.6 provides fexecve(2) and it is not uncommon for libc to have underscore ('_') versions of the functions to be used internally by the library. Instead of stubbing all these out by hand, define a macro and let it do the work. Extra exec functions pointed out by Reznic Valery. [9fa0cd871b0c] * sudo.c, sudo_edit.c: Fix suspending the editor in -e mode. Because we do a fork() first we need to be notified when the child has been stopped and then send that same signal to ourself so the shell can do its job control thing. [773165eb6057] * visudo.c: Use WIFEXITED and WEXITSTATUS macros. If there are systems out there that want to run sudo that still don't support these we can try to deal with that later. [6af68e4aff60] * lex.yy.c: regen [403435317d5d] * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod: Document sudo -e / sudoedit [a80f6ea910af] * configure, configure.in: fix typo [5020fcdc27f4] * config.h.in, configure.in: Add SET/CLR/ISSET [03ff57286e7e] 2004-01-21 Todd C. Miller * sudo.c: Allow non-exclusive flags when invoked as sudoedit. Pretty print the long usage() line to not wrap (assumes 80 char display) [3941fa4004bb] * Makefile.in, sudo.c: If sudo is invoked as "sudoedit" the -e flag is implied and no other flags are permitted. [929670b01293] * sudo.h: Add a new flag, -e, that makes it possible to give users the ability to edit files with the editor of their choice as the invoking user, not the runas user. Temporary files are used for the actual edit and the temp file is copied over the original after the editor is done. [c4051414c1f4] * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c: Add a new flag, -e, that makes it possible to give users the ability to edit files with the editor of their choice as the invoking user, not the runas user. Temporary files are used for the actual edit and the temp file is copied over the original after the editor is done. [37ac05c8ac3c] * env.c, sudo.c: If real uid == 0 and the SUDO_USER environment variables is set, use that to determine the invoking user's true identity. That way the proper info gets logged by someone who has done "sudo su" but still uses sudo to as root. We can't do this for non-root users since that would open up a security hole, though perhaps it would be acceptable to use getlogin(2) on OSes where this a system call (and doesn't just look in the utmp file). [c2f9198708a1] * pathnames.h.in: Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP [7d9e5768df93] * config.h.in, configure, configure.in: Add check for fchown(2) [a85df18798ed] 2004-01-20 Todd C. Miller * sudo.c: Back out portions of the -i commit that set NewArgv[0] in set_runaspw. It is far to late to set NewArgv[0] there and will have no effect anyway as cmnd and safe_cmnd have already been set. [c2d343430c1c] * visudo.c, visudo.pod: Prefer VISUAL over EDITOR like old vipw did. [ae32f477cea3] 2004-01-19 Todd C. Miller * env.c, sudo.c: In -i mode always set new environment based on the runas user's passwd entry. [fa653b7887a8] 2004-01-18 Todd C. Miller * sudo.man.in, sudo.pod: Document the new -i flag and sync SYNOPSIS section with usage() in sudo.c. Also sort the flags in the OPTIONS section. [6aabc0ffc47e] * sudo.c, sudo.h: o Add -i that acts similar to "su -", based on patches from David J. MacKenzie o Sort the flags in the usage message [c0fe7d6beffd] * sudoers.man.in, sudoers.pod: Add a missing @runas_default@ substitution. [60516fe2d090] 2004-01-17 Todd C. Miller * sudo.c: Change euid to runas user before calling find_path(). Unfortunately, though runas_user can be modified in sudoers we haven't parsed sudoers yet. [f469fdf2e313] * sudoers.man.in, sudoers.pod: Add missing defintion of Parameter_List and use single pipes in the Defaults EBNF definition. [f7bed6e909bf] * sudo.c: Fix a bug when set_runaspw() is used as a callback. We don't want to reset the contents of runas_pw if the user specified a user via the -u flag. Avoid unnecessary passwd lookups in set_authpw(). In most cases we already have the info in runas_pw. [efc35623ba09] 2004-01-16 Todd C. Miller * check.c: Add Stan Lee / Uncle Ben quote to the lecture from RedHat [ebd5a76ccd7e] * sudo.h: Update sudo_getepw() proto and add one for set_runaspw() [6ed65795c17f] * parse.c: If we can't stat the command as root, try as the runas user instead. [ae713fca0e15] * testsudoers.c, visudo.c: Add stub set_runaspw() function [42aa37050053] * sudo.c: Add set_runaspw() function to fill in runas_pw. This will be used as a callback to update runas_pw when the runas user changes. [e570aa0088d0] * env.c, sudo.c: PERM_RUNAS -> PERM_FULL_RUNAS [51eec6f9e89a] * set_perms.c, sudo.h: Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just changes the euid. [877c6fe4d12c] * getspwuid.c: Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in one chunk for easy free()ing. Also change it from static to extern. [ab503260a7ec] * defaults.c, defaults.h: Add callback support [a61c4ca983fb] * mkdefaults: Add a callback field and use it for runas_default [96b69c27df5e] * def_data.c, def_data.in: Add a callback field and use it for runas_default [d3e9f06872b8] 2004-01-15 Todd C. Miller * auth/fwtk.c: Add support for chalnecho and display server responses used by fwtk >= 2.0 [b1870f7aaf0d] 2004-01-12 Todd C. Miller * sudoers.man.in, sudoers.pod: ld.so is ld.so.1 on solaris [2bf9a123fa4c] * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h: Use closefrom() instead of doing the equivalent inline. [7e3ef6072884] * closefrom.c: closefrom(3) for systems w/o it [35caf58bb636] 2004-01-09 Todd C. Miller * sudoers.man.in: Update from .pod file. [d4c94fc0e0c9] * configure, configure.in: Substitute noexec_file for the sudoers man page [203d3376a551] * sudo.man.in, sudo.pod: Mention noexec [014375ddbb06] * sudoers.man.in, sudoers.pod: Document noexec [49a65d06201f] * auth/pam.c, config.h.in, configure.in: Move PAM_CONST macro definition from config.h to pam.c where it belongs. We can't have this in config.h since that gets included too early. [e64748071637] * auth/pam.c, config.h.in, configure, configure.in: Some PAM implementations put their headers in /usr/include/pam instead of /usr/include/security. [8cc749e9575c] * configure.in: I missed changing the EXEC macro -> EXECV here when I changed this in config.h.in and sudo.c a while ago. [6f5afac7789f] * acsite.m4: OpenBSD vax/m88k/hppa don't do shared libs [e4901d958bb7] * configure, configure.in: o merge the hpux case entries into a single entry w/ its own sub- case statement. o HP-UX >= 11 support getspnam(), use it in preference to getprpwuid() [0caad428894e] * configure, configure.in: eval $shrext so that it expands nicely on MacOS X [40419343eef8] * Makefile.in: Don't lie about making a module, it does the wrong thing on mach [7629b28f5688] * ltmain.sh: Remove requirement that libs must begin with "lib". They don't when we point directly at the lib using LD_PRELOAD or its equivalent. [d66f3de6ec85] * acsite.m4: Disable support for c++, f77 and java. We don't need it, it takes a lot of time, and it hosed our check for shared lib support. [4f5749c52ce4] * configure: regen [160865e9d15f] * configure.in: Call AC_ENABLE_SHARED and check the status of enable_shared to know when shared libs are available. [42504c1668fc] * acsite.m4: Duh, OpenBSD suports shared libs too [8e3cd9417475] * config.h.in, configure.in: Only OpenPAM and Linux PAM use const qualifiers. [b2f76476e866] * configure, configure.in: o No need to check for sed, libtool config does that for us o move check for --with-noexec until after libtool magic is run so we can use $can_build_shared and $shrext [668c656e89cc] * ltmain.sh: Don't print a bunch of crap about library installs since we are not really installing a library. [83fbcad29fe4] * env.c: Make format_env() varargs Add noexec support for Darwin, MacOS X, Irix, and Tru64 [468885d75d10] * acsite.m4, ltconfig, ltmain.sh: Update to libtool 1.5 with local changes: o no ldconfig in the finish step o assume no libprefix or version is needed [4961cffc3797] * sudo_noexec.c: Fix compilation under K&R [8b309bf0b1b2] 2004-01-06 Todd C. Miller * CHANGES: checkpoint [3c368badab32] * sudo_noexec.c: stub execve() that just returns EACCES; used for noexec functionality [1297acae283a] * sudo.tab.h: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with generated code. [dcab78c49273] * sudo.tab.c: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with generated code. [0a61c735eabe] 2004-01-05 Todd C. Miller * def_data.c, def_data.h, def_data.in: Move the environment defaults to the end and shorten a few of the descriptions. [66787b9c612c] * configure, configure.in: no shared libs on ultris or convexos [2c5f3c456e32] * Makefile.in, configure, configure.in: Build sudo_noexec shared object using libtool; could use some cleanup. [373f483555dd] * acsite.m4, ltconfig, ltmain.sh: libtool scaffolding [c903a42e3d90] * parse.yacc, sudo.tab.c: Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not important. [c6e8a34639a4] * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c: update copyright year [a16372ae1711] * configure, configure.in, defaults.c, env.c, pathnames.h.in: Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure option. The default value of noexec_file is set to this. [7d88e1d3c494] * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h: Add support for preloading a shared object containing a dummy execve() function that just sets error and returns -1. This adds a "noexec_file" option to load the filename as well as a "noexec" flag to enable it unconditionally. There is also a NOEXEC tag that can be attached to specific commands and an EXEC tag to disable it. [c8b6712feb91] * mkdefaults: add missing newline to usage statement [e84746618362] * config.h.in, sudo.c: Rename EXEC macro -> EXECV [ddaa0c027299] * logging.c: Don't truncate usernames to 8 characters in the log message. [f62a20f27075] * check.c, sudoers.man.in, sudoers.pod: Update copyright year [ca9964054085] * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in, sudoers.pod: Add a new option, lecture_file, that can be used to point to a custom sudo lecture. [940133231216] 2003-12-31 Todd C. Miller * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c: Add a zero_bytes() function to do the equivalent of bzero in such a way that will heopfully not be optimized away by sneaky compilers. [161b6d74bfb4] * zero_bytes.c: Add a zero_bytes() function to do the equivalent of bzero in such a way that will heopfully not be optimized away by sneaky compilers. [d035abf0af94] * Makefile.in, sudo.h: Add a zero_bytes() function to do the equivalent of bzero in such a way that will heopfully not be optimized away by sneaky compilers. [ff136de3e255] * err.c: Use #ifdef __STDC__, not #if __STDC__. [6889dd6bc51a] 2003-12-30 Todd C. Miller * mkdefaults: Always put at least one space between the def_* macro name and its definition. [6b3ad0e6619a] * configure, configure.in: Adjust code for --without-lecture to match new values. [062aa788a6b9] * visudo.man.in: regen after pasto fix [3deec16906c0] * sudoers.man.in, sudoers.pod: Document that "lecture" has changed from a flag to a tuple. [e2c03062b533] * check.c, def_data.c, def_data.h, def_data.in, defaults.c, defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h: Add support for tuples in def_data.in; these are implemented as an enum type. Currently there is only a single tuple enum but in the future we may have one tuple enum per T_TUPLE entry in def_data.in. Currently listpw, verifypw and lecture are tuples. This avoids the need to have two entries (one ival, one str) for pwflags and syslog values. lecture is now a tuple with the following values: never, once, always We no longer use both an int and string entry for syslog facilities and priorities. Instead, there are logfac2str() and logpri2str() functions that get used when we need to print the string values. [5293f946c836] * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c, logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c, sudo.tab.c, visudo.c: Create def_* macros for each defaults value so we no longer need the def_{flag,ival,str,list,mode} macros (which have been removed). This is a step toward more flexible data types in def_data.in. [009c02934106] * TODO: checkpoint [0a99a4bb5d15] 2003-12-23 Todd C. Miller * sudo.c: If we are in -k/-K mode, just spew to stderr. It is not unusual for users to place "sudo -k" in a .logout file which can cause sudo to be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died. Previously, this would result in useless mail and logging. [d282e7ed63af] 2003-12-16 Todd C. Miller * visudo.pod: fix pasto in VISUAL description [1c6a6148b5f9] 2003-12-10 Todd C. Miller * configure: regen [f44312c63799] * CHANGES: checkpoint [0c42e38f78d5] * TROUBLESHOOTING: Some OSes (like Solaris) allow export w/ nosuid too [973ce85ffa12] 2003-08-12 Todd C. Miller * compat.h: We don't use FD_ZERO anymore so just define FD_SET (if not already there). [d1c8c11905cd] 2003-06-29 Todd C. Miller * auth/pam.c: Fix a core dump on Solaris by preserving the pam_handle_t we used during authentication for pam_prep_user(). If we didn't authenticate (ie: ticket still valid), we call pam_init() from pam_prep_user(). This is something of a hack; it may be better to change the auth API and add an auth_final() function that acts like pam_prep_user(). [f787de49b175] 2003-06-21 Todd C. Miller * set_perms.c: Add explicit declaration of printerr variable in function header (was defaulting to int which is OK but oh so K&R :-). From Theo. [492c2358783f] 2003-06-09 Todd C. Miller * config.h.in, configure.in: s/HAVE_STOW/USE_STOW/ [4b99e1824ece] * logging.c: Also exit waitpid() loop when pid == 0. Fixes a problem where the sudo process would spin eating up CPU until sendmail finished when it has to send mail. [ec3d5792b9b4] 2003-05-30 Todd C. Miller * fnmatch.c: Remove advertising clause, UCB has disavowed it [43a26bbd6628] * fnmatch.3: Remove advertising clause, UCB has disavowed it [3ff24291bcfa] 2003-05-22 Todd C. Miller * parse.c: Don't assume that getgrnam() calls don't modify contents of struct passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen. Based on a patch from Kirk Webb. [5574c68f60f3] 2003-05-06 Todd C. Miller * configure.in: missing ;; [22378f2a9d31] * configure.in: darwin has a broken setreuid() in at least some versions [d572aed930d2] * env.c: Fix an off by one error when reallocating the environment; Kevin Pye [3d98e7cf097a] 2003-04-30 Todd C. Miller * sudoers.pod: Fix User_Spec definition; SEKINE Tatsuo [49b0da65e090] 2003-04-28 Todd C. Miller * HISTORY: More info on the early days from Coggs. [9381ca10b06b] 2003-04-21 Todd C. Miller * auth/kerb5.c: remove errant semicolon that prevented compilation under heimdal [d2f2bb73a598] 2003-04-16 Todd C. Miller * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod: add DARPA credit on affected files [7020785ee50d] * sudoers.pod: add DARPA credit on affected files [83b46318750b] * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, sudoers.man.in: add DARPA credit on affected files [d8adf1c2ba22] * set_perms.c: add DARPA credit on affected files [3d79fdabb582] * pathnames.h.in: add DARPA credit on affected files [e334cdda422f] * logging.c, parse.c: add DARPA credit on affected files [8f75f822755b] * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c, find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c, interfaces.h: add DARPA credit on affected files [da66e28fb3f5] * auth/kerb5.c, auth/pam.c: add DARPA credit on affected files [15da3021b49c] * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c, version.h: add DARPA credit on affected files [868d54cbddea] * env.c: add DARPA credit on affected files [90239f51ef0a] * defaults.c, defaults.h: add DARPA credit on affected files [6a64205fd1eb] * compat.h: add DARPA credit on affected files [316a735783c4] * Makefile.in, alloc.c, check.c: add DARPA credit on affected files [cd939e05c810] * LICENSE: slightly different wording for the darpa credit [e468909c4a21] 2003-04-15 Todd C. Miller * LICENSE: Add DARPA credit [8eb20e2cd63e] 2003-04-14 Todd C. Miller * auth/kerb5.c: Use krb5_princ_component() instead of krb5_princ_realm() for MIT Kerberos like we did before I messed things up ;-) Use krb5_principal_get_comp_string() to do the same thing w/ Heimdal. I'm not sure if the component should be 0 or 1 in this case. #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there should be a configure check for this I guess. [74919a3933fe] 2003-04-13 Todd C. Miller * sample.sudoers: builtin -> built-in; Jason McIntyre [027f2187923e] * TROUBLESHOOTING, config.h.in, configure, configure.in: builtin -> built-in; Jason McIntyre [70b81ac48943] * sudoers.pod: built in -> built-in; Jason McIntyre [da658ef5138d] 2003-04-09 Todd C. Miller * CHANGES: checkpoint for 1.6.7p3 [da85f989fadf] * HISTORY: Update info on the early years @ SUNY-Buffalo from Cliff Spencer. Amazingly, sudo source from 1985 is available via groups.google.com [39e0fc85b89f] * sudo.c: Don't change rl.rlim_max for RLIMIT_CORE. We need only set rl.rlim_cur to 0 to turn off core dumps. This may be needed for the RLIMIT_CORE restoration on some OSes. [7e2c1a7adfd8] 2003-04-04 Todd C. Miller * auth/kerb5.c: Make this compile on Heimdal and MIT Kerberos 5 [44c07d615868] * config.h.in, configure, configure.in: Check for heimdal even if we found krb5-config and define HAVE_HEIMDAL. [aba0126f0059] * auth/kerb5.c: Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is no longer defined by MIT kerb5 (though it used to be and indeed remains so in Heimdal). [e5a6c64d7cd5] 2003-04-03 Todd C. Miller * mkinstalldirs: Remove newer stuff that passes multiple (possibly duplicate) directories to "mkdir -p" since that seems to break on Tru64 Unix at least. This basically brings back what shipped with sudo 1.6.6. [f2a1abd872b3] 2003-04-02 Todd C. Miller * auth/kerb5.c: Correct number of args to krb5_principal_get_realm() and fix an unclosed comment that hid the bug. [0b37f8ce7824] * configure: regen [1876cb840fe0] * configure.in: ++version [480aff7c048e] * README: ++version [488e0bbff613] * Makefile.in: ++version [97ef63cedc38] * INSTALL.binary: ++version [a506204e77d0] * INSTALL: ++version [555aeba5c2bf] * CHANGES, version.h: ++version [f66985a64063] * BUGS: ++version [ea3573432412] * configure.in: use krb5-config to determine Kerberos V details if it exists [7b46bbdaf774] * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c, find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h, testsudoers.c, visudo.c: Use warn/err and getprogname() throughout. The main exception is openlog(). Since the admin may be filtering logs based on the program name in the log files, hard code this to "sudo". [9f180d015cfa] * Makefile.in: Add getprogname.c and err.c [d411c54a07dc] * configure: regen [6d585d391acc] * config.h.in, configure.in: Add checks for getprognam(), __progname and err.h [bcbccf61d34a] * emul/err.h: For systems withour err/warn functions. [1b33118884d9] * err.c: For systems withour err/warn functions. [26721f6b041f] * getprogname.c: For systems neither getprogname() nor __progname; uses Argv[0]. [841cf42af1eb] 2003-04-01 Todd C. Miller * CHANGES: checkpoint for 1.6.7p1 [5bfdaf441dce] * sudo.c, testsudoers.c: fix strlcpy() rval check (innocuous) [e05ac7e0d1f3] * check.c: oflow detection in expand_prompt() was faulty (false positives). The count was based on strlcat() return value which includes the length of the entire string. [086c5a0acb25] 2003-03-31 Todd C. Miller * RUNSON, TODO: checkpoint for the sudo 1.6.7 release [096bab4da29a] [SUDO_1_6_7] * CHANGES: checkpoint for the sudo 1.6.7 release [87322187ed78] 2003-03-24 Todd C. Miller * logging.c: g/c unused variable [c57cd4a17765] * configure: regen [e7c1f581dfac] * configure.in: use man sections 8 and 5 for csops [87de581bda88] 2003-03-21 Todd C. Miller * configure: regen [cb1433a9c7a1] * configure.in: Add -lskey or -lopie directly to SUDO_LIBS instead of having AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage. [ac5667978939] * configure: regen [638459118a2a] * configure.in: Add --with-blibpath for AIX. An alternate libpath may be specified or -blibpath support can be disabled. Also change conifgure such that -blibpath is not specified if no -L libpaths were added to SUDO_LDFLAGS. [c7d17b480cad] * aclocal.m4: Add --with-blibpath for AIX. An alternate libpath may be specified or -blibpath support can be disabled. Also change conifgure such that -blibpath is not specified if no -L libpaths were added to SUDO_LDFLAGS. [37022e991575] * INSTALL: Add --with-blibpath for AIX. An alternate libpath may be specified or -blibpath support can be disabled. Also change conifgure such that -blibpath is not specified if no -L libpaths were added to SUDO_LDFLAGS. [4b4bbe5bbe1b] * configure.in: add AIX blibpath support [16ba788bf086] * INSTALL, configure.in: --with-skey and --with-opie now take an option directory argument This obsoletes a --with-csops hack (/tools/cs/skey) Also remove the remaining direct uses of "echo" [5b4986a90c03] 2003-03-20 Todd C. Miller * configure.in: Detect KTH Kerberos IV and deal with it. Also make -lroken optional for KTH Kerberos IV and V. [119f97b48e18] * aclocal.m4: Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and -R/path/to/dir if $with_rpath) to the specified variable. [e55e49d076ce] * INSTALL, configure.in: Add -R/path/to/libs for Solaris and SVR4. There is a new configure option, --with-rpath to control this behavior. [d4730c5399ab] * configure.in: for kerb4 put libdes after libkrb on the link line [5c566100eab6] * auth/kerb4.c: typo [6541b72b64a3] * configure.in: fix kerberos lib check when a path is specified [ae833a914c6f] * logging.c: Fix boolean thinko in SIGCHLD reaper and call reapchild after sending mail instead of doing a conditional sudo_waitpid. [86fa9a35df5a] 2003-03-19 Todd C. Miller * configure: regen [e6275cf528ba] * configure.in: replace =DIR with [=DIR] where sensible [c39a59173b38] * configure.in: o Use AC_MSG_* instead of "echo" o New Kerberos include/lib detection based on openssh's configure.in [5b7a340912df] * INSTALL: --with-kerb4 and --with-kerb5 now take an optional argument. [71ed87fc9c64] 2003-03-16 Todd C. Miller * auth/securid.c: Kill remaining strcpy(), the programmer's guide says username is 32 bytes. [bdba70fcd08d] * auth/kerb4.c: trat uid_t as unsigned long for printf and use snprintf, not sprintf [8072f5f8966d] * auth/rfc1938.c: use snprintf [fc0c70c665fe] 2003-03-15 Todd C. Miller * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/sudo_auth.c: update copyright year [b0a10ccb1d0e] * sudo.man.in, sudoers.man.in, visudo.man.in: update copyright year [8fce0034eb51] * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h, configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod, sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod: update copyright year [d541e75fe520] * check.c, env.c, sudo.c: Cast [ug]ids to unsigned long and printf with %lu [2ede64d3592b] * configure: regen [c7c3245bdf3e] * configure.in: correct error messages for --with-sudoers-{mode,uid,gid} [77fc15b1c9db] * alloc.c: make the malloc(0) error specific to each function to aid tracking down bugs. [a58c34374b4b] * alloc.c: deal with platforms where size_t is signed and there is no SIZE_MAX or SIZE_T_MAX [7192abb4ab4e] * auth/kerb5.c: Make this compile w/ Heimdal and fix some gcc warnings. [f52f026f31c2] * sudo.c: Use stat_sudoers macro so --with-stow can work [c3674735c139] * INSTALL, config.h.in, configure, configure.in: Add support for --with-stow based on patches from Robert Uhl [b274cc1dd52c] * env.c: fix indentation [110d9f1721b1] * configure.in: back out rev 1.352 [1eee91c83f11] * lex.yy.c: regen [72fba1c9590b] * parse.lex: use strlcpy, not strncpy [4faccbaeccef] * set_perms.c: Fix typo; check pw_uid, not pw_gid after setusercontext() failure. [33bf0d18fdc1] * logging.c: use pid_t [3e0536993d2c] 2003-03-14 Todd C. Miller * strlcat.c, strlcpy.c: Make gcc shutup about unused rcsid [1669a0c74e9e] * interfaces.c: Move the n == 0 check for the non-getifaddrs cas [2460be061b2a] * auth/rfc1938.c: skeychallenge() on NetBSD take a size parameter [05acc2012801] * configure: regen [24bccf4749e8] * configure.in: put -ldl after -lpam, not before; fixes static linking on Linux [7f06b7b2b4d8] * interfaces.c: Avoid malloc(0) and fix the loop invariant for the getifaddrs() case. [239a55068646] * sudo.cat, sudoers.cat, visudo.cat: regen [4a2eed3981ca] * sudo.man.in, sudoers.man.in, visudo.man.in: regen [2c96ea2cf930] * Makefile.in: Preserve copyright notice from .pod file in .man.in file [519fbd09aebc] * visudo.pod: Add sudoers(5) to SEE ALSO [77ecfe3aedf1] 2003-03-13 Todd C. Miller * lex.yy.c: regen [6f5751ce0b74] * parse.lex: Don't assume libc can realloc() a NULL string. If malloc/realloc fails, make sure we just return; yyerror() is not terminal. [1b8618623708] * lex.yy.c: regen [5d31b46191c6] * parse.lex: simplify fill_args a little and use strlcpy for paranoia [0ea35a55542b] * sudo.tab.c: regen [5a8d508d708b] * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c, testsudoers.c: Use strlc{at,py} for paranoia's sake and exit on overflow. In all cases the strings were either pre-allocated to the correct size of length checks were done before the copy but a little paranoia can go a long way. [e73d28f1d14e] * sudo.h: Add strlc{at,py} protos [748ffc7fc7f4] * env.c, interfaces.c: Use erealloc3() [47f2cb46aba8] * configure: regen [e7e2fb79f935] * alloc.c: Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use memcpy() instead of strcpy() in estrdup() so this is strcpy()-free. [7e0fa4d6fc1d] * sudo.c: snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in configure. [09ea4d3959e9] * aclocal.m4: In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned. [31b4fdfdb8bf] 2003-03-12 Todd C. Miller * sudo.c: Use snprintf() for paranoia [a2659ceb46de] * parse.yacc: Use emalloc2 and erealloc3 [90a069842401] * Makefile.in: strlc{at,py} for those w/o it [bac82dc916ee] * strlcat.c, strlcpy.c: stlc{at,py} for those w/o it. [ce7254f5db09] * config.h.in, configure, configure.in: Add stlc{at,py} for those w/o it. [00f08219657a] * alloc.c, sudo.h: Add erealloc3(), a realloc() version of emalloc2(). [c96eaf08bbed] * interfaces.c, sudo.c: Use emalloc2() to allocate N things of a certain size. [1e0aba365555] * alloc.c, sudo.h: Add emalloc2() -- like calloc() but w/o the bzero and with error/oflow checking. [292150bc4153] * alloc.c: Error out on malloc(0); suggested by theo [995279e81326] 2003-03-10 Todd C. Miller * configure, configure.in: fix a typo; David Krause [f161213a17ab] 2003-03-07 Todd C. Miller * sudo.pod: fix typo [3ae5ad9a351a] 2003-03-04 Todd C. Miller * env.c: Remove DYLD_ from the environment for MacOS X; from bbraun [38caad5a3935] 2003-03-01 Todd C. Miller * config.h.in, configure.in: not not; Anil Madhavapeddy [d4f4f0bfc66b] 2003-01-23 Todd C. Miller * sudo.pod, sudoers.pod, visudo.pod: typos; jmc@openbsd.org [868c0f09bf9e] 2003-01-20 Todd C. Miller * parse.yacc: Add some missing ';' rule terminators that bison warns about. [535b0b8dcce5] * config.sub: fix typo I introduced in last merge [81db4e4f43fe] * configure: regenerate with autoconf 2.57 [ca0c1e9564f8] * config.h.in: Add missing "$HOME" [209186197ad1] * configure.in: Add some more square backets to make autoconf 2.57 happy [b5639c14faf7] * config.sub, mkinstalldirs: Updates from autoconf-2.57 [36be35eb331b] * config.guess: Updates from autoconf-2.57 [ea0f8ca622af] 2003-01-17 Todd C. Miller * sudo.tab.h: regen [13a65a421567] * lex.yy.c, sudo.tab.c: regen [0b529db7cb6d] * parse.lex, parse.yacc, sudoers.pod: Add support for Defaults>RunasUser [20d726373175] 2003-01-07 Todd C. Miller * visudo.c: fclose() yyin after each yyparse() is done and use fopen() instead of using freopen(). [587f8a2df857] * parse.lex: Better fix for sudoers files w/o a newline before EOF. It looks like the issue is that yyrestart() does not reset the start condition to INITIAL which is an issue since we parse sudoers multiple times. [920f8326968a] 2003-01-06 Todd C. Miller * parse.lex: Work around what appears to be a flex bug when dealing with files that lack a final newline before EOF. This adds a rule to match EOF in the non-initial states which resets the state to INITIAL and throws an error. [b94943bb1f81] * visudo.c: o The parser needs sudoers to end with a newline but some editors (emacs) may not add one. Check for a missing newline at EOF and add one if needed. o Set quiet flag during initial sudoers parse (to get options) o Move yyrestart() call and always use freopen() to open yyin after initial sudoers parse. [12d12f9b07aa] 2002-12-15 Todd C. Miller * set_perms.c: Fix pasto/thinko in setresgid()/setregid() usage. Want to set effective gid, not real gid, when reading sudoers. [c7d18b810fcd] * set_perms.c: don't compile set_perms_posix if we have setreuid or setresuid [b9cea7a81a29] 2002-12-14 Todd C. Miller * sudo.pod, sudoers.pod: document new prompt escapes [2f088076b640] * check.c: Add %U and %H escapes and redo prompt rewriting. "%%" now gets collapsed to "%" as was originally intended. This also gets rid of lastchar (does lookahead instead of lookback) which should simplify the logic slightly. [4b707b77b3c7] 2002-12-13 Todd C. Miller * tgetpass.c: Write the prompt *after* turning off echo to avoid some password characters being echoed on heavily-loaded machines with fast typists. [d38c57775915] * config.sub: Add support for mipseb; wiz@danbala.tuwien.ac.at [cfdac87ed5c8] * configure.in: Fix IRIX fallout from name changes in man dir/sect Makefile variables. Patch from erici AT motown DOT cc DOT utexas DOT edu [9a7618755c23] * auth/pam.c: Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to the global copy. Problem noted by Peter Pentchev. [d0a3e189cb06] 2002-11-28 Todd C. Miller * sudo.tab.c: regen [23b931359087] * parse.yacc: Add missing yyerror() calls; YYERROR does not seem to call this for us. [0be7aeb3ac57] 2002-11-26 Todd C. Miller * sudo.c: fix typo in comment; Pedro Bastos [d7406c460e99] 2002-11-22 Todd C. Miller * INSTALL: document --disable-setresuid [fbd03d03a027] * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c: Sprinkle some volatile qualifiers to prevent over-enthusiastic optimizers from removing memset() calls. [5370ac0e6129] * logging.c, parse.yacc: minor sign fixes pointed out by gcc -Wsign-compare [db872438337f] * set_perms.c, sudo.c, sudo.h: Revamp set_perms. We now use a version based on setresuid() or setreuid() when possible since that allows us to support the stay_setuid option and we always know exactly what the semantics will be (various Linux kernels have broken POSIX saved uid support). [523bc212396c] * config.h.in, configure: regen from configure.in [351877ea2624] * configure.in: Add checks for setresuid() and a way to disable using it [a5b21653d169] * compat.h: No long need to emulate set*[ug]id() via setres[ug]id() or setre[ug]id(). The new set_perms stuff only uses things it knows are there. [47884bd5d1d9] * sudo.c: Before exec, restore state of signal handlers to be the same as when we were initialy invoked instead of just reseting to SIG_DFL. Fixes a problem when using sudo with nohup. Based on a patch from Paul Markham. [f8f5a1484faa] * sudo.c: o timestamp_uid should be uid_t, not int o clarify error message when sudo is run by root and no_root_sudo is set [19dda0734264] 2002-09-19 Todd C. Miller * README: update ftp link for bison [98bc191016e3] 2002-07-20 Todd C. Miller * set_perms.c: Error out if setusercontext() fails and the runas user is not root. [089f9ade4686] 2002-05-20 Todd C. Miller * auth/securid5.c: Fix rcsid [07e9e85dcc2f] * configure.in: Fix SecurID API test [5ec201f454a5] 2002-05-17 Todd C. Miller * env.c: typo in comment [9d385c9ac533] * configure.in: securid5 stuff needs pthreads. Just adding -lpthread is suboptimal but I don't see a better way at the moment. [f89e55cbb313] * Makefile.in, auth/securid5.c: SecurID API version 5 support from Michael Stroucken [68500ac7e531] * configure.in: Add check for SecurID 5.0 API [1ee242e6de6b] 2002-05-08 Todd C. Miller * strerror.c: We actually do still need config.h to get the 'const' definition for K&R C. [d9c982032d85] 2002-05-05 Todd C. Miller * configure: regen with autoconf 2.5.3 [c71fc086eef5] * configure.in: Don't set sysconfdir to '/etc' if the user has specified a --prefix. [d90da1efafd9] * configure.in: Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug [dd67afefa90d] * env.c, sudo.c, sudo.h: No need for dump_badenv() now that dump_defaults() knows how to dump lists. [6bcda468501d] * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in, version.h: ++version [44e3b8f95f0b] * sudoers.pod: document timestampowner [37ebd69e9dd1] * check.c: Don't call set_perms() when doing timestamp stuff unless timestamp_uid != 0. [63a63d41d18c] * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c, sudo.h, testsudoers.c: g/c second arg to set_perms--it is no longer used [7ac4ce50c612] 2002-05-03 Todd C. Miller * check.c, set_perms.c, sudo.c, sudo.h: Add support for non-root timestamp dirs. This allows the timestamp dir to be shared via NFS (though this is not recommended). [faa83dd2b7fb] * def_data.c, def_data.h, def_data.in: Add timestampowner, "Owner of the authentication timestamp dir" [d47640d4c86a] 2002-05-02 Todd C. Miller * env.c: Don't try to pre-compute the size of the new envp, just allocate space up front and realloc as needed. Changes to the new env pointer must all be made through insert_env() which now keeps track of spaced used and allocates as needed. [39bc934a9f2c] 2002-04-26 Todd C. Miller * configure: regen [0e12c09bb790] * configure.in: Fix two typo/pastos; from jrj@purdue.edu [b718a4bf1181] 2002-04-25 Todd C. Miller * INSTALL.binary, README: ++version [a1e33027278c] [SUDO_1_6_6] * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: regen [19eb2be283ef] * CHANGES, RUNSON, TODO: Sync with 1.6.6 [2ff9a9087f63] * check.c: The the loop used to expand %h and %u, the lastchar variable was not being initialized. This means that if the last char in the prompt is '%' and the first char is 'h' or 'u' a extra copy of the host or user name would be copied, for which space had not been allocated. [b2e27197857d] 2002-04-18 Todd C. Miller * BUGS, INSTALL, Makefile.in, configure.in, version.h: crank version to 1.6.6 [cfd08689e597] * auth/afs.c: #undef VOID to get rid of an AFS warning [b40760564dc1] * env.c: Use easprintf instead of emalloc + sprintf for some things. [e7bfe2e69a03] 2002-03-16 Todd C. Miller * lex.yy.c, sudo.tab.c: regen [35327104383d] * parse.c, parse.lex, parse.yacc, testsudoers.c: Remove Chris Jepeway's email address so people don't bug him ;-) [c03410747a69] 2002-03-12 Todd C. Miller * sudo.c: Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call endgrent() at the same time. [28b6097d5d1a] 2002-02-22 Todd C. Miller * INSTALL: Make it clear which configure options take arguments. [38529e7efad0] 2002-01-25 Todd C. Miller * compat.h: HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no RLIM_INFINITY, just pretend it is -1. This works because we only check for RLIM_INFINITY and do not set anything to that value. [53173d34e6eb] 2002-01-22 Todd C. Miller * auth/pam.c: Zero and free allocated memory when there is a conversation error. [e342133db579] * auth/bsdauth.c: Use sigaction() not signal() [126c2790561f] * INSTALL: Mention that some linux kernels have broken POSIX saved ID support [571ef1a893d3] * CHANGES: checkpoint for 1.6.5p2 [9e9e456f7f43] * configure: regen [d53703a46708] * configure.in: Add --disable-setreuid flag [3b9f2679cb55] * INSTALL: Document new --disable-setreuid option and change description for --disable-saved-ids to match new error message. [14fd3e5f60a5] * set_perms.c: fatal() now takes an argument that determines whether or not to call perror(). [d826b25e62ff] * TROUBLESHOOTING: Update for new error messages from set_perms() [78007c3f76a9] * PORTING: Update for new error messages from set_perms() [60c545a6bcff] 2002-01-21 Todd C. Miller * auth/pam.c: Make this compile w/o warnings [b90843a29af5] * auth/pam.c: Mention that we can't use pam_acct_mgmt() [1dfc5a6e0479] * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c: The user's password was not zeroed after use when AIX authentication, BSD authentication, FWTK or PAM was in use. [b18fff30b1e7] 2002-01-20 Todd C. Miller * auth/pam.c: Avoid giving PAM a NULL password response, use the empty string instead. This avoids a log warning when the user hits ^C at the password prompt when PAM is in use. [c3315805e4e4] * auth/pam.c: Don't check the return value of pam_setcred(). In Linux-PAM 0.75 pam_setcred() returns the last saved return code, not the return code for the setcred module. Because we haven't called pam_authenticate(), this is not set and so pam_setcred() returns PAM_PERM_DENIED. [73db145fa179] * Makefile.in: Don't need a '/' between $(DESTDIR) and a directory. [0901ca618176] * Makefile.binary: Don't need a '/' between $(DESTDIR) and a directory. [cd7eb6098b87] 2002-01-18 Todd C. Miller * configure: regen [41b12c039282] * configure.in: o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus setreuid() o new NetBSD has a real setreuid() o add check for freeifaddrs() if getifaddrs() exists. [a82ee3b01733] * config.h.in, interfaces.c: Older BSDi releases lack freeifaddrs() so add a test for that and if it is not present just use free(). [6270671ea9d5] 2002-01-17 Todd C. Miller * CHANGES, RUNSON: Checkpoint for 1.6.5p1 [26134ecf9b36] * auth/passwd.c: Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access to normal passwords, not AUTH_FATAL (which just causes an exit). [785e0f4bc0e2] * visudo.c: Don't use memory after it has been freed. [c60492739fdb] * auth/passwd.c: skeyaccess() wants a struct passwd * not a char *; Patch from Phillip E. Lobbes [65a1d3806fcd] [SUDO_1_6_5] * BUGS: ++version [b2e1825e692e] * CHANGES, RUNSON, TODO: checkpoint for sudo 1.6.5 [d730945622e7] 2002-01-16 Todd C. Miller * configure: regen [49744c403ac9] * INSTALL, INSTALL.binary, Makefile.in, README, configure.in: version 1.6.5 [ec30a5f7fc45] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: sudo version 1.6.5 [458a3bed535d] * logging.c: o when invoking the mailer as root use a hard-coded environment that doesn't include any info from the user's environment. Basically paranoia. o Add support for the NO_ROOT_MAILER compile-time option and run the mailer as the user and not root if NO_ROOT_MAILER is defined. [4df351ec92ce] * set_perms.c, sudo.h: Bring back PERM_FULL_USER [edb6039bb284] * configure: regen [3eb2943afa03] * version.h: version 1.6.5 [044fc9a0c72b] * INSTALL, config.h.in, configure.in: Add --disable-root-mailer option to run the mailer as the user and not root. [e9f805397963] * CHANGES: checkpoint for 1.6.4p2 [b58aae5aa98a] * PORTING: Mention the "seteuid(0): Operation not permitted" problem here too just for good measure. [90135b37a691] 2002-01-15 Todd C. Miller * env.c, getspwuid.c, sudo.c: The SHELL environment variable was preserved from the user's environment instead of being reset based on the passwd database when the "env_reset" option was used. Now it is reset as it should be. [300066ef3c71] * configure: regen [a47d779e6552] * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c, sudo.c: Add a configure option to turn off use of POSIX saved IDs [fb18cc8e94d0] * configure: regen [d4f2f20025b6] * configure.in: add --with-efence option [45c4f33a8e88] * sudo.c: Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where "sudo -l" would not work if always_set_home was set. [c3a6de6c4800] * lex.yy.c: regen [417424452998] * parse.lex: Quoted commas were not being treated correctly in command line arguments. [753415541b37] * sudo.c: o Move the call to rebuild_env() until after MODE_RESET_HOME is set. Otherwise, the set_home option has no effect. o Fix use of freed memory when the "fqdn" flag is set. This was introduced by the fix for the "segv when gethostbynam() fails" bug. Also, we no longer call set_fqdn() if the "fqdn" flag is not set so there is no need to check the "fqdn" flag in set_fqdn() itself. [4b6a4245c04e] * env.c: Add 'continue' statements to optimize the switch statement. From Solar. [a82c76975ae5] 2002-01-13 Todd C. Miller * sudoers.cat, sudoers.man.in: Regen from new sudoers.pod [6ecc07b3d0e1] [SUDO_1_6_4] * sudoers.pod: Add caveat about stay_setuid flag [9d228a7bea1b] * sudo.c: If set_perms == set_perms_posix and the stay_setuid flag is not set, set all uids to 0 and use set_perms_fallback(). [c4e54d1ec86f] * set_perms.c, sudo.h: Remove PERM_FULL_USER (which is no longer used) and add PERM_FULL_ROOT (used when exec'ing the mailer). [15406c522ea2] * logging.c: Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we never want to run the mailer setuid. [2294853e0666] 2002-01-12 Todd C. Miller * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in, visudo.pod: Use sudo.ws instead of courtesan.com in URLs [55204002a308] * Makefile.binary, Makefile.in: Fix mansect substitution [b7b5cbc3aa91] * Makefile.in: Substitute man sections in Makefile.binary [040deb785e56] * Makefile.binary: Sync install targets with Makefile.in and substitute in man sections. [77882a275281] * INSTALL, INSTALL.binary: version is 1.6.4 [0f87aabbcb70] * Makefile.in: Repair bindist target [8d43bfe7e2d1] * CHANGES: sync for 1.6.4 [13ca3d4a0a72] 2002-01-10 Todd C. Miller * install-sh: Fix case where neither whoami nor id are found [424dd270bc47] 2002-01-09 Todd C. Miller * install-sh: If neither whoami nor id exists, just assume we are root. [2d2644e42c53] * alloc.c: Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed on AIX which for some reason isn't pulling in the malloc prototype. [231440d2ee3b] 2002-01-08 Todd C. Miller * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c: (c) 2002 [700e3b41a68e] * CHANGES: checkpoint [33e604bd8d5b] * sudo.c: Defer assigning new environment until right before the exec. [f13c49e75c1c] * parse.c: kill extra blank line [12ef22e9dae3] 2002-01-07 Todd C. Miller * configure: regen [a6cd2d788f74] * configure.in: Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived compiler doesn't recognise -O2. [5234aa543692] * HISTORY: Clarify origins of Root Group sudo a bit based on info from billp@rootgroup.com [4deef01c4208] 2002-01-03 Todd C. Miller * LICENSE: 2002 [6c8e089dbd1a] * CHANGES: checkpoint for 1.6.4rc1 [3349eb87a49f] 2002-01-02 Todd C. Miller * config.h.in: now generated via autoheader [84657d303cb9] * configure: regen [207bfa6a13f6] * compat.h: Move in some stuff that was previously in config.h. [e576d8b6480f] * aclocal.m4, configure.in: Add info for autoheader. [0549cd5da27c] 2002-01-01 Todd C. Miller * Makefile.in: o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and -g to facilitate non-root installs [619216038f56] * install-sh: Add -M option (like -m but only for root) If we can't find "whoami", use "id" w/ some sed. [b39121c8b792] * configure: regen [b39b93ff9804] * configure.in: allow user to always override mansectsu and mansectform [0fca5e63bd90] 2001-12-31 Todd C. Miller * mkinstalldirs: update from autoconf 2.52 [07bd75a508c3] * config.guess, config.sub: Update from autoconf 2.52 [857b90fe31b7] * configure: regen with autoconf 2.52 [08e7d1ea2aeb] * configure.in: o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI mode o Remove compiler-specific checks for HP-UX now that we use AC_PROG_CC_STDC [d433a70b6208] * RUNSON: Checkpoint [babf6d2235d1] * auth/pam.c: o Add pam_prep_user function to call pam_setcred() for the target user; on Linux this often sets resource limits. o When calling pam_end(), try to convert the auth->result to a PAM_FOO value. This is a hack--we really need to stash the last PAM_FOO value received and use that instead. [6ad6f340dd2a] * set_perms.c, sudo.h: o Add pam_prep_user function to call pam_setcred() for the target user; on Linux this often sets resource limits. [67795421ac82] * env.c: Fix off by one error in number of bytes allocated via malloc (does not affected any released version of sudo). [5f5915360111] 2001-12-30 Todd C. Miller * lex.yy.c: regen [8208c0277775] * parse.lex: Allow '@', '(', ')', ':' in arguments to a defaults variable w/o requiring that they be quoted. [ae59bc8f68dd] * sudoers.cat, sudoers.man.in, sudoers.pod: Mention that no double quotes are needed when adding/deleting/assigning a single value to a list. [25efc940a1f0] * Makefile.in: Don't rely on mkdefaults being executable, call perl explicitly. [6edc97ba5f1d] * sudo.tab.c: regen [49130b2e7e4d] * parse.yacc: Remove some XXX that are no longer relevant. [d460ac0d3767] * defaults.c: o Roll our own loop instead of using strpbrk() for better grokability o When adding to a list we must malloc() and use memcpy(), not strdup() since we must only copy len bytes from str. [649bef08e1f0] 2001-12-21 Todd C. Miller * sudo.tab.c: regen [f0bbf2c38c0e] * parse.yacc: typo in comment [2563711ff593] 2001-12-19 Todd C. Miller * CHANGES: checkpoint [a6d8a29fb30e] * configure: regen [bdfcaaf3bd13] * configure.in: avoid the -g flag unless --with-devel was specified [a976707bef30] * Makefile.in: mkdefaults, def_data.in and sigaction.c were missing from the tarball [6917ffbaa412] * Makefile.in: def_data.c was missing [87c78b11453d] 2001-12-18 Todd C. Miller * env.c: Fix setting of $USER and $LOGNAME in the non-reset_env case. Also allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env [fc8698e6a45e] * TODO: Another TODO item [6f251d6cd466] * sudoers: Add comment for Default section so folks know where it should go. [7edba626f392] 2001-12-17 Todd C. Miller * tgetpass.c: Use TCSETAF, not TCSETA to set terminal in termio case [fbd172f6c5d3] * sudoers.cat, sudoers.man.in: regen from sudoers.pod [64edd2de816e] * sudoers.pod: o Typo, Runas_User_List should be Runas_List o a User_List can not contain a uid o mention that the Defaults section should come after Alias definitions but before the user specifications [54070ba2092b] 2001-12-15 Todd C. Miller * sudoers.cat, sudoers.man.in: regen [e62d1d97693c] * sudoers.pod: Fix listpw and verifypw sections, they were not being formatted properly. [123868c2f3e9] * sudoers.cat, sudoers.man.in: regen [f94841f8b374] * sudoers.pod: fix typos [f278f1c1184e] * configure: regen [d2270049ba9f] * config.h.in, configure.in: use AC_SYS_POSIX_TERMIOS instead of rolling our own [c1a13f1354b9] * README: Reference sudo.ws not courtesan.com [ca13be67ebd7] * PORTING: Add notes on shadow passwords [aa13863f2314] * BUGS: In list mode (sudo -l), characters escaped with a backslash are shown verbatim with the backslash. [1a75a2858be2] * sudoers: Add simple examples from OpenBSD (Marc Espie) [3ae9a9ae4125] * tgetpass.c: Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP. [f8817699ee10] * CHANGES: minor prettyification [f523587929b9] * CHANGES: Updated change log [39d9010ee7a8] * testsudoers.c: Fix CIDR handling here too. [c91db8344c32] * auth/pam.c: Apparently a NULL response is OK [83bae61078d9] * TODO: Checkpoint for upcoming beta release [efb95c09df2a] * TROUBLESHOOTING: Many people believe that adding a runas spec should obviate the need for the -u flag. It does not. [c698bad85b0e] * RUNSON: checkpoint update for upcoming 1.6.4 beta [009e465a0a45] * config.h.in: o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even if HAVE_STRING_H is defined -- this is safe now [d27c035f4e14] * PORTING: Add signals section [2d24c13cb3c8] * configure: regen [2b80a939e2ed] * configure.in: Fix check for sigaction_t [6fa41c89ab20] * sudo.c: XXX - should call find_path() as runas user, not root. Can't do that until the parser changes though. [f0b4f85651bd] * sudo.c: If find_path() fails as root, try again as the invoking user (useful for NFS). Idea from Chip Capelik. [e03fa7872692] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: Regenerate after pod file changes [48e4bd75ec21] * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h, sudo.pod, sudoers.pod: Add new sudoers option "preserve_groups". Previously sudo would not call initgroups() if the target user was root. Now it always calls initgroups() unless the -P command line option or the "preserve_groups" sudoers option is set. Idea from TJ Saunders. [4f730359f101] 2001-12-14 Todd C. Miller * compat.h, config.h.in: Use new HAVE_SIGACTION_T define [dfb25f3cae5b] * logging.c: Fix compilation on K&C [7355e3275e34] * configure: regen [a710584f92f0] * configure.in: Add check for sigaction_t -- IRIX already defines this so don't redefine it. [df9c5737f6da] * snprintf.c: fix typo [3d782b8134c8] * interfaces.c: need stdlib.h here too [c789d8973ab2] * configure: regen [44822856bf46] * configure.in: Remove redundant checks for string.h, strings.h and unistd.h [933c94f8bbf4] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: Regen from pod files [ad18c590f638] * BUGS: Update for 1.6.4 [26bc88b69d22] * configure, lex.yy.c, sudo.tab.c: regen [bef89fd6fa2d] * strerror.c: Return EINVAL if errnum > sys_nerr [0512374e6661] * auth/sudo_auth.h: o Update copyright year [a877016db6e2] * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h, config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h, sudo.pod: o Update copyright year [e15a1b39039f] * configure.in: o Don't define STDC_HEADERS unconditionally for IRIX o Update copyright year [82a8cb819e07] * README: update version [d82e523a16b4] * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc, set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: o Reorder some headers and use STDC_HEADERS define properly o Update copyright year [fe39f76b3795] * lsearch.c: o Reorder some headers and use STDC_HEADERS define properly o Update copyright year [764ba3d4fa13] * getspwuid.c, goodpath.c, interfaces.c: o Reorder some headers and use STDC_HEADERS define properly o Update copyright year [fb46d46140d4] * getcwd.c: o Reorder some headers and use STDC_HEADERS define properly o Update copyright year [b199d70ac7ab] * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c, fnmatch.c: o Reorder some headers and use STDC_HEADERS define properly o Update copyright year [dab8f192a3ed] * configure: regen [156658f25cea] * tgetpass.c: flags set in signal handlers should be volatile sig_atomic_t [c22931a5535e] * config.h.in, configure.in: Add checks for volatile and sig_atomic_t [b03b3341381d] * configure, lex.yy.c: regen [ed9daba88217] * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c, sudo.c, sudoers.pod: Remove "secure_path" Defaults option since it cannot work with the existing parser. [c9e54a0f5971] * find_path.c, sudo.c: Unset "secure_path" if user_is_exempt() [fb7544565ae8] * env.c, pathnames.h.in: o Remove assumption that PATH and TERM are not listed in env_keep o If no PATH is in the environment use a default value o If TERM is not set in the non-reset case also give it a default value. [c987eb7df268] * aclocal.m4, configure.in, defaults.c, pathnames.h.in: _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on systems that define in paths.h [51865b0cdebf] * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h: Add support for skeyaccess(3) if it is present in libskey. [8add77c7d3e7] 2001-12-13 Todd C. Miller * sudo.c: Only need to do 'lc = login_getclass(NULL)' if lc == NULL [5a3d3cbf2c6d] * parse.lex: '\\' is a perfectly legal character to have in a command line argument. [c15a466ef00e] * sudo.c: o Defer call to set_fqdn() until it is safe to use log_error() o Don't print errno string value if gethostbyname fails, it is not relevant [c0c6bcf08bcb] * parse.c: Fix CIDR -> in_addr_t conversion. [2f307ebeb63f] 2001-12-12 Todd C. Miller * sudoers.pod: Remove an extra "User_List" in the User_Spec definition From ybertrand AT snoopymail.com [97bde59ea280] * parse.c: Make 'listpw=never' work for users who are not explicitly mentioned in sudoers. [258f0f30a428] * sudoers.pod: Remove gratuitous '=' in EBNF grammar; era AT iki.fi [4b0f03872ee1] * sudoers.pod: Document new list Defaults type and convert env_keep and env_delete to lists. Document new env_check option. [a07f1f079fe3] * lex.yy.c, sudo.tab.c, sudo.tab.h: regen parser [e39ac6c6581b] * parse.lex: Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec to #[0-9-]+. [69c5388908f3] * configure: regen [0f1877b88cb3] * aclocal.m4: Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK [6545503ae361] * config.h.in, configure.in: Add check for skeyaccess(3) [6caf69fe6359] * visudo.pod: Document new -c, -f, and -q options [13d0203c21d3] * visudo.c: o Add -f option (alternate sudoers file) o Convert to use getopt(3) [4c2b664d617d] * configure: regen [6d5bd932e7b5] * aclocal.m4, config.h.in, configure.in: Add check for isblank and a replacement macro if it doesn't exist. [b524f5e4f953] 2001-12-11 Todd C. Miller * visudo.c: In check-only mode, don't create sudoers if it does not already exist. [c748a2d5acad] * parse.yacc: o Add a new token, DEFVAR, to indicate a Defaults variable name o Add support for "+=" and "-=" list operators o replace some 1 and 0 with TRUE and FALSE for greater legibility. [554cb174b37e] * parse.lex: o Use exclusive start conditions to remove some ambiguity in the lexer. Also reorder some things for clarity. o Add support for "+=" and "-=" list operators. o Use the new DEFVAR token to denote a Defaults variable name. [3a2cf8323e26] * sudo.h: Prototype init_envtables() [b74916469dab] * env.c: o Convert environment handling to use lists instead of strings. This greatly simplifies routines that need to do "foreach" type operations. o Add new init_envtables() function to set env_check and env_delete defaults based on initial_badenv_table and initial_checkenv_table (formerly sudo_badenv_table). [0a8b404658b6] * defaults.c, defaults.h: o Add a new LIST type and functions to manipulate it. o This is for use with environment handling variables. o Call new init_envtables() routine inside init_defaults() to initialize the environment lists. [ae73e64f0902] * def_data.c, def_data.h, def_data.in: Convert environment options to use the new LIST type and add a new one, env_check that only deletes if the sanity check fails. [3019503936de] * testsudoers.c: Add dummy version of init_envtables() [9d9e3ee609d9] * parse.yacc: honor quiet mode [8330fba6167c] * visudo.c: Add check-only mode [dab411bc8c35] * mkdefaults: Fix generation of entries with NULL descriptions. [ea75b9fed02e] 2001-12-09 Todd C. Miller * tgetpass.c: Use sigaction_t and quiet a gcc warning. [6f67d719c452] * sudo.c: Must reset signal handlers before we exec [300418120e1a] * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c: Be carefule now that tgetpass() can return NULL (user hit ^C). PAM version needs testing. Set SIGTSTP to SIG_DFL during password entry so user can suspend us. [00304aa58747] * tgetpass.c: Add support for interrupting/suspending tgetpass via keyboard input. If you suspend sudo from the password prompt and resume it will re- prompt you. [4af2b5101d32] * sudo.c: Don't block keyboard interrupt signals, just set them to SIG_IGN. [d46d7f67ef6b] 2001-12-08 Todd C. Miller * config.h.in: add back HAVE_SIGACTION [c9c7702c603e] * configure: regen [09fe669d337f] * config.h.in, configure.in, logging.c, sudo.c, visudo.c: Kill POSIX_SIGNALS define and old signal support now that we emulate POSIX ones Also be sure to correctly initialize struct sigaction. [4bc2a6dbb2be] * strerror.c: Don't need config.h or "#ifndef HAVE_STRERROR" wrapper. [1ad64a19f328] * compat.h: Add scaffolding for POSIX signal emulation [945861d4c93b] * sigaction.c: o Add missing ';' so this compiles o Can't use NULL since we don't include stdio.h [04d0cac7438f] * sigaction.c: Emulate sigaction() using sigvec() [d0b54a989875] 2001-11-13 Todd C. Miller * sudoers.pod: Document new behavior of negative values of timestamp_timeout Fix a typo [4c0716570d01] * sudo.pod: Add security note about command not being logged after 'sudo su' and friends. [43294851a33c] * sudo.pod: Mention that -V prints default values when run as root, including the list of environment variables to clear. [d9e5e550a8c3] * Makefile.in: Run pod2man with --quotes=none to avoid stupid quoting of C<> entries. [997b23c35dbe] 2001-11-12 Todd C. Miller * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod: Add mail_badpass option Also modify mail_always behavior to also send mail when the password is wrong [838d40ccafce] * env.c, sudo.c, sudo.h: Dump default bad env table when 'sudo -V' is run by root. [f67f1b8048b0] * sudoers.pod: document env_delete [d74f893663a2] * env.c: Add support for '*' in env_keep when not resetting the environment (ie: the normal case). [fd4fb62ea8fd] * env.c: Add env_delete variable that lets the user replace/add to the bad_env_table. Allow '*' wildcard in env_keep entries. [aa728bc35e29] 2001-11-06 Todd C. Miller * mkinstalldirs: Force umask to 022 to guarantee sane directory permissions. [9ab3cfe70569] 2001-11-02 Todd C. Miller * Makefile.in: add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency [671010465e6f] * mkdefaults: fix breakage in last commit [8318f8851e56] * Makefile.in: acsite.m4 -> aclocal.m4 [30c146873a01] * check.c: fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit [4dc8b39954da] * def_data.c: regenerated from def_data.in [915ea16ce1eb] * check.c, defaults.c, defaults.h: Add new T_UINT type that most things use instead of T_INT If timestamp_timeout is < 0 then treat the ticket as never expiring (to be expired manually by the user). [3a3a636a2a5d] * def_data.in: change most T_INT -> T_UINT [a2228d2457af] * mkdefaults: fix warning when no args [ca70a5394af5] * visudo.c: Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if we are a signal handler. We no longer print the signal number but the user can just check the exit value for that. [dc424f631fef] 2001-10-16 Todd C. Miller * logging.c: when setting up pipes in child process check for case where stdin == pipe fd 0 [518112d76184] 2001-10-11 Todd C. Miller * visudo.c: Ignore editor exit value since XPG4 says vi's exit value is the count of editing errors made (failed searches, etc). [b9d952284865] 2001-10-05 Todd C. Miller * configure: regen [cb3aa586f03b] * configure.in: sco now is identified by config.guess as *-sco-* [46664bbdea61] * configure.in: Check for getspnam() in -lgen if not in -lc for UnixWare. [0f152ad1ba93] 2001-09-18 Todd C. Miller * sudoers.pod, visudo.pod: "upper case" -> "uppercase" [f9151f232326] * sudoers.pod: fix typos and grammar; pjanzen@foatdi.harvard.edu [2855d73d0237] 2001-08-28 Todd C. Miller * sudoers.pod: Missing word (specify); krapht@secureops.com [65523eb37a2c] 2001-08-23 Todd C. Miller * sudo.c: If we fail to lookup a login class, apply the default one. [d4869faa6816] * logging.c: In log_error() free message, not logline unconditionally, then free logline if it is not the same as message. No function change but this mirrors how they are allocated. [565e5f6cc643] 2001-07-17 Todd C. Miller * configure: regenerate [834a48f548a2] * configure.in: remove some backslash quotes that are unneeded [50d401d6e2ca] * configure.in: o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have to AC_DEFINE things manually. [f502c5f15f92] * config.guess, config.sub: Updated from autoconf-2.50 [6140205915ef] 2001-05-22 Todd C. Miller * README: Update mailing list section. We use mailman now, not majordomo. [b9a8ca45e6dc] 2001-05-10 Todd C. Miller * getspwuid.c, logging.c, sudo.c: Use setpwent()/endpwent() + all the shadow variants to make sure we don't inadvertantly leak an fd to the child. Apparently Linux's shadow routines leave the fd open even if you don't call setspent(). Reported by mike@gistnet.com; different patch used. [d33792ef6c01] 2001-04-13 Todd C. Miller * sudoers.pod: s/eg./e.g./ [bd32a0acaf93] * tgetpass.c: select() may return EAGAIN. If so, continue like we do for EINTR. [5f202c943818] * logging.c: Fix a non-exploitable buffer overflow in the word splitting code. This should really be rewritten. [4c724363863a] * Makefile.in: FAQ link goes away [1d26dd6c8972] * INSTALL: Tell people to look in sample.syslog.conf for examples, not FAQ [affcae3f43ca] * TROUBLESHOOTING: Update list of env vars that are cleared [234e56f1435a] * sudo.c: remove struct env_table decl since that stuff has all moved to env.c [5dd923148777] 2001-04-04 Todd C. Miller * fileops.c: Fix a pasto in flock-style unlocking and include for flock on older systems; twetzel@gwdg.de [d5420d9d2861] * configure: regen to get NeXT lockf/flock fix [d3ba6ed70e15] * configure.in: force NeXT to use flock since lockf is broken [bd5391dca1bb] 2001-03-30 Todd C. Miller * check.c: Use stashed user_gid when checking against exempt gid since sudo sets its gid to a a value that makes sudoers readable. Previously if you used gid 0 as the exempt group everyone would be exempt. From Paul Kranenburg [0b140cc3a817] 2001-03-29 Todd C. Miller * configure: regen [cc455408f32b] * aclocal.m4: #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines some types (such as ssize_t) therein. [b6aee85ca331] 2001-03-02 Todd C. Miller * defaults.c: Fix negation of paths in a boolean context. Problem found by apt@UH.EDU [8aee217a7cdf] 2001-02-23 Todd C. Miller * visudo.c: pasto [ad32b277bf68] 2001-02-17 Todd C. Miller * visudo.c: SA_RESETHAND means the opposite of what I was thinking--oops To block all signals in old-style signals use ~0, not 0xffffffff [6ecdd793590a] 2001-02-04 Todd C. Miller * defaults.c: coerce difference of pointers to int when used in a string length printf format; deraadt@openbsd.org [a9d10f07180d] 2001-01-17 Todd C. Miller * visudo.c: Block all signals in Exit() to avoid a signal race. There is still a tiny window but I'm not going to worry about it. [6661805c0458] 2001-01-07 Todd C. Miller * env.c: glibc uses the LANGUAGE env var so clear that too; Solar Designer [d4ba95628afb] * lex.yy.c: Regenerate with a fix to flex.skl that preserves errno from clobbering by isatty(). [607eec736e19] 2000-12-31 Todd C. Miller * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sia.c, auth/sudo_auth.c: Some defaults I_ defines got renamed. [ec19b23caaf3] * Makefile.in, check.c, def_data.c, def_data.h, def_data.in, defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc, set_perms.c, sudo.c, sudo.tab.c: Move defaults info into its own files from which we generate .h and .c files. This makes adding or rearranging variables much simpler. [e91b880b5043] 2000-12-30 Todd C. Miller * configure, configure.in: fix typo in last commit [10a6ee2bae71] * compat.h, config.h.in, configure, configure.in: Add check + emulation for setegid (like seteuid). [29492092bd2f] * env.c: Make env_keep override badenv_table as documented Fix traversal of badenv_table (broken in last commit) [37c9f0d22673] * set_perms.c, sudo.c, sudo.h: Don't try and build saved uid version of set_perms on systems w/o them. Rename set_perms_saved_uid() -> set_perms_posix() Make set_perms_setreuid simply be set_perms_fallback() and simply include the appropriate function at compile time (setreuid() vs. setuid()). [3107333c062c] * sudoers.cat, sudoers.man.in, sudoers.pod: PATH is also preserved when env_reset is in effect [90e45c5711ff] * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure, configure.in, defaults.c, defaults.h, env.c, find_path.c, getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c, visudo.cat, visudo.man.in: New Defaults options: o stay_setuid - sudo will remain setuid if system has saved uids or setreuid(2) o env_reset - reset the environment to a sane default o env_keep - preserve environment variables that would otherwise be cleared No longer use getenv/putenv/setenv functions--do environment munging by hand. Potentially dangerous environment variables can be cleared only if they contain '/' pr '%' characters to protect buggy programs. Moved environment routines into env.c (new file) [c2f97651db4c] * INSTALL: Clear up --without-passwd description [2f336dab6733] * putenv.c, sudo_setenv.c: We now build up a new environment from scratch and assign it to "environ". [6ae6152f2238] 2000-12-19 Todd C. Miller * sudo.pod, visudo.pod: Grammatical fixes from Paul Janzen [e03ead2e56f8] 2000-12-15 Todd C. Miller * visudo.c: If there was a syntax error and the user just wants to quit, unlink sudoers if it is zero length. [74ba7921f520] * visudo.c: 'Q' means ignore parse error, not 'q' [e8d0e4491fe6] * visudo.c: Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric [b24990a72491] 2000-12-13 Todd C. Miller * set_perms.c: Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org [41a8db10e076] 2000-12-09 Todd C. Miller * config.guess, config.sub: Darwin / Mac OS X support from Wilfredo Sanchez [6052da895d2e] 2000-11-03 Todd C. Miller * sudo.c, visudo.c: Use exit(127), not exit(-1) [9ff0c3eada34] * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c: Move set_perms() to its own file and use POSIX saved uid or setreuid() if available. Added stay_setuid option for systems that have libraries that perform extra paranoia checks in system libraries for setuid programs (ie: anything with issetugid(2)). [28960f842698] * sudo.c: strip more bits from the environment and add a facility for stripping things only if they contain '/' or '%' to address printf format string vulnerabilities in other programs. [b98d6375f299] 2000-11-02 Todd C. Miller * configure: regen [7e74e5c91049] * configure.in: For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of strcasecmp(). [a418e9e70442] * configure: regen [bbff244a52bc] * configure.in: Check for strcasecmp(3) in -lc89 for NCR Unix [361c99576681] 2000-11-01 Todd C. Miller * config.h.in: Define HAVE_INNETGR #ifdef HAVE__INNETGR [473cdb92b6db] * configure: regen [4e6364a195e0] * compat.h, config.h.in, configure.in: Add check for _innetgr(3) since NCR systems have that instead of innetgr(3). [25e6852e7494] 2000-10-31 Todd C. Miller * auth/securid.c: check return value of creadcfg() call sd_close() after sd_auth() store username in sd->username so we don't rely on the USER env variable [d106b4f42722] 2000-10-30 Todd C. Miller * INSTALL: document --with-bsdauth [f1518ecc2ee9] * configure: regen [dceb35071ea8] * configure.in: --with-bsdauth assumes --with-logincap [4200778083fd] * auth/bsdauth.c, auth/fwtk.c: When prompting for a response to a challenge, if the user just hits return then reprompt with echo turned on. [a539b6474a97] 2000-10-29 Todd C. Miller * sudo.c: Remove debugging code that should not have been committed, oops. [9862607b77a7] * auth/bsdauth.c: Use lower-level routines and get the password ourselves. Checks for a challenge and if there is one echo is not turned off. [2d8fcd166baa] * auth/pam.c, auth/sudo_auth.h: minor housekeeping, no real code changes [d0074a277fb4] 2000-10-27 Todd C. Miller * sudo.c: Fix a coredump in the logging functions if gethostname(2) fails by deferring the call to log_error() until things are better setup. Fix return value of set_loginclass() in non-BSD-auth case. Hard-code 'sudo' in the usage message so we can fit more options on a line [d9d1b7579818] * logging.c: Fix errant ';' (typo) that broken MSG_ONLY [849b2276a470] 2000-10-26 Todd C. Miller * sudo.cat, sudo.man.in: regen [bb3c8c6704d1] * sudo.pod: Document -a flag [e18316cebaac] * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in, configure, configure.in, getspwuid.c, sudo.c: Add support for BSD authentication. [f374cfd9ca0d] 2000-10-19 Todd C. Miller * sudoers.pod: Fix typo; from sato@complex.eng.hokudai.ac.jp [3085fee9766e] 2000-10-12 Todd C. Miller * sudoers.pod: Mention negating umask [c9e410294dae] * defaults.c: Allow user to specify umask of 0777 (same as !umask) [bb771daa96fe] 2000-10-09 Todd C. Miller * sudo.pod, visudo.pod: Fix a typo and give a URL for the sudo history. [77f73199aedb] 2000-10-08 Todd C. Miller * defaults.c, sudo.pod: fix typos; pepper@reppep.com [5532c7421340] 2000-09-14 Todd C. Miller * sudo.c, sudo.h, sudo_setenv.c: sudo_setenv() now exits on memory alloc failure instead of returning -1. [71f1cf18f47b] 2000-09-07 Todd C. Miller * sudo.c: Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD and possibly others. [b69d985b0d22] * logging.c: Don't use vsyslog(3) since HP-UX (and others?) lack it. This means that "%m" won't be expanded but we don't use that anyway since the logging routines may splat to stderr as well. [8d37a544d0c0] * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in, sudoers.pod: Add always_set_home variable [dbcaff646e07] * configure, configure.in: Have to hard code default values in help since the defaults are set _after_ the help stuff. [7b5d6d72f55c] 2000-08-31 Todd C. Miller * lex.yy.c, parse.lex: Allow special characters (including '#') to be embedded in pathnames if quoted by a '\\'. The quoted chars will be dealt with by fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'. [3ed33cf09977] 2000-08-13 Todd C. Miller * install-sh: Better path searching for programs we need. [60517cb1f0d6] * TROUBLESHOOTING: Add section on "C compiler cannot create executables" errors. [e4ada6eaee59] * Makefile.binary, Makefile.in, version.h: Crank version [93d1bd5b7f5e] * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: Substitute values from configure into man pages. [619854c356c1] 2000-08-12 Todd C. Miller * parse.c, sudo.c: The listpw and verifypw sudoers options would not take effect because the value of the default was checked *before* sudoers was parsed. Instead of passing in the value of PWCHECK_* to sudoers_lookup(), pass in the arg for def_ival() so the check can be deferred until after sudoers is parsed. [4f596e358f72] 2000-08-11 Todd C. Miller * tgetpass.c: When writing prompt, no need to write the NUL as well; hag@linnaean.org [fbcdd7b431ee] 2000-06-09 Todd C. Miller * install-sh: When looking for chown, check in /sbin too [657ba6653f8c] 2000-06-05 Todd C. Miller * visudo.c: Remove extraneous call to init_defaults() and set runas_user to NULL betweem parses so init_defaults will reset it each time, thus avoiding a reference to free()d data. [7421fcd692af] 2000-06-04 Todd C. Miller * config.h.in, interfaces.c, interfaces.h, sudo.c: Add support for using getifaddrs() to get the list of ip addr / netmask pairs. Currently IPv4-only. [a35bc4f7306d] * visudo.c: Add a missing check for UserEditor == NULL Add missing '+' before line number when invoking editor to fix a syntax error [f0d4635f6082] 2000-05-12 Todd C. Miller * sudo.c: Call clean_env very early in main() for paranoia's sake. Idea from Marc Esipovich. [f8d72ebd0115] 2000-05-10 Todd C. Miller * sudo.h: Update proto for evasprintf and easprintf [d147d6e58419] * alloc.c: Make easprintf() and evasprintf() return an int. [b2ca5d089667] * check.c: If the targetpw flag is set, use target username as part of the timestamp path. If tty tickets are in effect cat the tty and the target username with a ':' as the separator. [de11abc693c2] 2000-05-09 Todd C. Miller * auth/pam.c: Backout part of last change; setting PAM_USER to the invoking user breaks things like targetpw. [427218a7387f] * auth/pam.c: set tty and username via pam_set_item [85d1922dbcc9] * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h: Fix root, runas, and target authentication for non-passwd file auth methods. [a14535e7b30c] 2000-04-22 Todd C. Miller * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: Use B<-Z> not C<-Z> for command line flags in all places. This is more consistent and works around a bug in Pod::Man. [64b5a05f30c5] * sudoers.cat, sudoers.man.in, sudoers.pod: Fix an occurence of 'semicolon' that should be 'colon' [4ea5aacae3fb] 2000-04-19 Todd C. Miller * configure, configure.in: Fix --with-badpri help line [3cc40977c043] 2000-04-17 Todd C. Miller * defaults.c, logging.c, sudo.c: Bracket calls to syslog with an openlog() and closelog() since some authentication methods (like PAM) may do their own logging via syslog. Since we don't use syslog much (usually just once per session) this doesn't really incur a performance penalty. It also Fixes a SEGV with pam_kafs. [fe1cc28529f6] 2000-04-15 Todd C. Miller * sudo.c: Fix -H flag. runas_homedir is only valid after set_perms(PERM_RUNAS, mode) [ce9b1c6f68a6] 2000-04-12 Todd C. Miller * INSTALL: Clarify the fact that insults are not enabled just by including them in the binary. [d5a31d48320c] 2000-04-07 Todd C. Miller * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: Regenerated with perl 5.6.0 pod2man [21751433768b] * Makefile.in: Give date string to pod2man since its default is ugly and it ain't got no alibi. [0080b2f6298f] * Makefile.in: Do section substitution on the output of pod2man and remove hack needed for old pod2man. [1ef843d5c78b] * sudo.pod, sudoers.pod, visudo.pod: Put back real man sections, we will do the substitution later. [f728c1abad7e] 2000-04-02 Todd C. Miller * configure, configure.in: Don't bother checking for the path to vi if user specified --with- editor [bf698487e0d5] 2000-04-01 Todd C. Miller * CHANGES, visudo.c: Visudo now does its own fork/exec instead of calling system(3). [99bbcd88863b] * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c: Visudo now checks for the existence of an editor and gives a sensible error if it does not exist. The path to the editor for visudo is now a colon-separated list of allowable editors. If the user has $EDITOR set and it matches one of the allowed editors that editor will be used. If not, the first editor in the list that actually exists is used. [cc86eb9f5440] * sudo.cat, sudo.man.in, sudo.pod: Clear up confusion wrt sudo's return value. [9385b12d8e79] 2000-03-27 Todd C. Miller * Makefile.in: Strip sudo and visudo for bindist target [a995ddd79177] * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: Use @mansectsu@ and @mansectform@ in the man page bodies as well. [5eb9e60a726f] [SUDO_1_6_3] * visudo.cat, visudo.man.in, visudo.pod: Typo: @sysconf@ -> @sysconfdir@ [f07f52fcd099] * Makefile.in: 'make dist' should not cause any files to be modified so remove its dependencies. [7f44a2666a9c] * CHANGES: Whoops, forgot to add release marker [16c0f16b35b8] 2000-03-26 Todd C. Miller * CHANGES: Final change for 1.6.3 (or so I hope) [473c89da6123] * sudo.cat, sudoers.cat, visudo.cat: Use SYSV man sections since BSD systems will have nroff... [0a6bd154324e] 2000-03-24 Todd C. Miller * parse.yacc, sudo.tab.c: When checking to see if the host/user matches in a defaults spec, check against TRUE, not just non-zero since it might be -1. [41f2b7ad3fdd] * configure, configure.in: OSF/1 puts file formats in section 4, not 5. [d77c1301afa9] * CHANGES, INSTALL, sudo.c: Make login class support work on BSD/OS [e9bbe3c08ade] * RUNSON: Update for 1.6.3 [c40ce1d76c4d] * configure, configure.in: If there is no inet_addr but there *is* an __inet_addr that's ok since inet_addr is probably just a macro then. The better thing to do would be to look for the macro, but this is fine for now. [1b8865ae4d68] * configure, configure.in: Don't use shlicc for BSD/OS 4.x [83fbf6dedd2c] * Makefile.in, configure, configure.in: *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@ configure variable so we can deal with this. Also, only remove *.man for 'distclean' not 'clean'. [30d56e6de214] * sudo.c: set_loginclass() should be static like the proto says [d570a2d55fb8] 2000-03-23 Todd C. Miller * fnmatch.c: Add #ifdef __STDC__ around the rangematch function header to avoid promotion of test to int, thus violating the prototype. Gcc handles this gracefully but more std ANSI compilers will complain. [7d98c3e332b2] * emul/fnmatch.h: Pull in newer fnmatch(3) that supports FNM_CASEFOLD [4e1320852f8b] * aclocal.m4, configure, fnmatch.3, fnmatch.c: Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for FNM_CASEFOLD in configure [9ef952bf1896] * CHANGES, TODO: update for 1.6.3 [e4ba6368a0c5] * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c: Fully qualified hosts w/ wildcards were not matching the FQHOST token type. There's really no need for a separate token for fully- qualified vs. unqualified anymore so FQHOST is now history and hostname_matches now decides which hostname (short or long) to check based on whether or not the pattern contains a '.'. [fbd2887d9811] * parse.h: Fully qualified hosts w/ wildcards were not matching the FQHOST token type. There's really no need for a separate token for fully- qualified vs. unqualified anymore so FQHOST is now history and hostname_matches now decides which hostname (short or long) to check based on whether or not the pattern contains a '.'. [dd7bbe223461] * lex.yy.c, parse.c, parse.lex, parse.yacc: Fully qualified hosts w/ wildcards were not matching the FQHOST token type. There's really no need for a separate token for fully- qualified vs. unqualified anymore so FQHOST is now history and hostname_matches now decides which hostname (short or long) to check based on whether or not the pattern contains a '.'. [630d9d205397] * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c: Add support for wildcards in the hostname. [d8d821ed4238] * Makefile.in: Add targets for *.man.in, using config.status to generate *.man from *.man.in [640e50ede485] * sudoers.cat, sudoers.man.in, sudoers.pod: Document set_logname option and enbolden refs to sudo and visudo. [9622b3a48707] * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: Add FreeBSD login.conf support (untested on BSD/OS) based on a patch from Michael D. Marchionna. configure now does substitution on the man pages, allowing us to fix up the paths and set the section correctly. Based on an idea from Michael D. Marchionna. [463e928a0a2f] * auth/passwd.c: Better fix for handling HP-UX aging info. [3950f42d8549] * sudo.c: Add support for set_logname run-time default [c6a7cc76b8b4] * sudo.man.in, sudoers.man.in, visudo.man.in: configure does substitution on these to produce *.man [b83fc3c1bfc9] * sudo.man, sudoers.man, visudo.man: These files now get generated from *.man.in at configure time. [c499061f79e0] 2000-03-22 Todd C. Miller * defaults.c, defaults.h: Add set_logname option so users can turn off setting of LOGNAME/USER environment variables. [6316869180b8] * lsearch.c, parse.c, testsudoers.c: kill register [6e104e653748] 2000-03-13 Todd C. Miller * auth/passwd.c: HP-UX adds extra info at the end for password aging so when comparing the result of crypt to pw_passwd we only compare the first len(epass) bytes *unless* the user entered an empty string for a password. [3d24d4e4e889] * logging.c: Get rid of grandchild hack, it was causing problems and there is really no need for it. This fixes a bug where we spin eating up CPU when the user runs a long-running process like a shell. [5743b10b1e81] 2000-03-07 Todd C. Miller * sudo.c: User can always specify a login class if he/she is already root. [710d160cef9f] * config.h.in, configure, configure.in, defaults.c, defaults.h, sudo.c, sudo.h: FreeBSD login class (login.conf) support. [026b981d6328] 2000-03-06 Todd C. Miller * auth/sudo_auth.c: HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support [9cd4929f1a78] 2000-03-03 Todd C. Miller * auth/passwd.c: Truncate unencrypted password to 8 chars if encrypted password is exactly 13 characters (indicateing standard a DES password). Many versions of crypt() do this for you, but not all (like HP-UX's). [a9d0259cb193] 2000-03-02 Todd C. Miller * INSTALL, RUNSON: Mention that gcc on dynix may have problems [77b97fa5bf1b] 2000-02-29 Todd C. Miller * Makefile.in: Link visudo with NET_LIBS since we now call syslog via defaults.c [9e3830b277cc] * defaults.c: Use Argv[0] as the first arg to openlog() since visudo uses this too. [e61078f328ec] 2000-02-28 Todd C. Miller * sudo.c: Stash coredumpsize resource limit and retsore it before the exec() Otherwise the child ends up with a coredumpsize of 0. [f6a4783835a3] 2000-02-27 Todd C. Miller * sudo.cat, sudo.man, sudo.pod: document -S flag [3ebd805b7142] * sudo.c: fix usage string [66b2dfa47fe8] * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c: Added -S flag (read passwd from stdin) and tgetpass_flags global that holds flags to be passed in to tgetpass(). Change echo_off param to tgetpass() into a flags field. There are currently 2 possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In tgetpass(), abstract the echo set/clear via macros and if (flags & TGP_ECHO) but echo is not set on the terminal, but sure to set it. [a4fcbb712cd0] * tgetpass.c: Fixed a bug that caused an infinite loop when the password timeout was disabled. [2be1ffc5a39f] 2000-02-18 Todd C. Miller * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h, sudoers.cat, sudoers.man, sudoers.pod, visudo.c: Add rootpw, runaspw, and targetpw options. [2d4563e46df7] * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod, visudo.c: enveditor -> env_editor [ddc5f856e583] 2000-02-16 Todd C. Miller * BUGS, INSTALL, Makefile.in, README, configure, configure.in, sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man: crank versino to 1.6.3 [a5f7d3e74360] * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man, sudoers.pod, visudo.c: Add 'editor' and 'enveditor' sudoers defaults and make visudo honor them. This means that visudo will now parse the sudoers file *before* it is edited so a bogus sudoers file will cause a warning to go to stderr. Also, visudo checks the variables once--it does not check them after each editor run since that could be confusing. [9f5af18e9212] 2000-02-15 Todd C. Miller * RUNSON: 1.6.2 -> 1.6.2p1 [e25b74f1d1af] * check.c, sudo.c, sudo.h: Move user_is_exempt prototype into sudo.h [daf26a6ded8a] 2000-02-13 Todd C. Miller * configure, configure.in: Fix thinko, some && should have been || in the last commit [4b9b2d487ded] * configure, configure.in: Don't initialized Makefile variables to be NULL since the user may want to import variables from their environment. [7be019f4422c] 2000-02-04 Todd C. Miller * configure, configure.in: typo [38f4d8971f0a] 2000-01-28 Todd C. Miller * sudo.tab.c: fix a yacc (skeleton.c) warning [a2da228a937b] 2000-01-27 Todd C. Miller * INSTALL, RUNSON, configure, configure.in: Make pam work on HP-UX 11.0;jaearick@colby.edu [b94de0ff6f42] * CHANGES: recent changes; prepare for 1.6.2p1 [b291635ea141] * find_path.c: Don't apply SECURE_PATH if user is example; jmknoble@pobox.com [4306285c4f6e] 2000-01-26 Todd C. Miller * sudo.tab.c: Regen with yacc that has a memory leak plugged. [e26383a04eb7] * sudoers.cat, sudoers.man, sudoers.pod: Expanded docs on sudoers 'defaults' options based on INSTALL file info. [54c3d62d6c74] * INSTALL: Fix some while lies [d15311782150] 2000-01-24 Todd C. Miller * Makefile.in: When making a bindist, link FAQ to TROUBLESHOOTING instead of copying. [2d88a6ac88cf] * sudoers.cat, sudoers.man, sudoers.pod: Add netgroup caveat [28d119f466e3] [SUDO_1_6_2] * RUNSON: Last minute updates [89fb4ed22d52] * TROUBLESHOOTING: PAM entry [a9fd59f39457] * auth/pam.c: correct a comment [a29627225ba9] * CHANGES, RUNSON: update for 1.6.2 [b7f1c40ea732] * auth/pam.c: Better detection of PAM errors and fix custom prompts with PAM. Based on patches from "Cloyce D. Spradling" [ff69234b94a5] 2000-01-20 Todd C. Miller * snprintf.c: Cast ULONG_MAX to unsigned long long when comparing to an unsigned long long value. [9d918c3a2ecd] 2000-01-19 Todd C. Miller * CHANGES, config.h.in, configure, configure.in, visudo.c: Fix sudoers locking in visudo. We now lock the sudoers file itself, not the temp file (since locking the temp file can foul up editors). The previous locking scheme didn't work because the fd was closed too early. [de2011bb11ed] * config.h.in, configure, configure.in: Don't need test for ftruncate() any more. [e5f71c848104] * configure, configure.in: Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with the unbundled HP-UX cc. [2c373612c644] 2000-01-18 Todd C. Miller * sudoers.cat, sudoers.man, sudoers.pod: "a a" -> "a"; Aaron Campbell [05360d2c314e] 2000-01-17 Todd C. Miller * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h, parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c, version.h, visudo.c: update copyright year on changed files [5792a2a28a4c] * RUNSON: updates [edf8f19aa403] * CHANGES: aix fix [4d4a243b31e2] * INSTALL: Crank version to 1.6.2 [bcb5cb411624] * configure: Crank version to 1.6.2 [32a19f33427f] * sudo.c: When using rlimit check for RLIM_INFINITY When computing the value of maxfd, use min(getdtablesize(), RLIMIT_NOFILE) [8c16166802e5] * CHANGES: recent changes [09fc7112e44d] * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man: Crank version to 1.6.2 [055fa61a7c61] * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod: Add 'shell_noargs' runtime option back in. We have to defer checking until after the sudoers file has been parsed but since there are now other options that operate that way this one can too. Based on a patch from bguillory@email.com. [231db7a007a6] * defaults.c, defaults.h, parse.c, sudo.c, sudo.h: Add "listpw" and "verifypw" options. [190683bac878] * sudoers.cat, sudoers.man, sudoers.pod: o Fix some typos/omissions o Add section on verifypw and listpw o Define how NOPASSWD interacts with the -v and -l flags [6feb7350eb79] 2000-01-14 Todd C. Miller * configure, configure.in: For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add -D_HPUX_SOURCE to CPPFLAGS. [06cc35d89dc8] * defaults.c, defaults.h: In struct sudo_defs_types, move the union to the end and don't initialize the union member since that only works with an ANSI compiler. We set the value of the union by hand in init_defaults() anyway. This allows sudo to compile on a K&R compiler again. [623487e1fcfa] 2000-01-11 Todd C. Miller * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c: netgr_matches needs to check shost as well as host since they may be different. [3f43ace23d3e] * tgetpass.c: End on \r as well as \n [cb7c6e6f4202] 2000-01-03 Todd C. Miller * sudo.c: Update statbuf.st_mode based on SUDOERS_MODE when we are chaning from 0400 to whatever SUDOERS_MODE is (converting from the old sudoers mode). Assumes that SUDOERS_MODE is less restrictive than 0400 which should always be the case. [34cd83d49d20] * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c: Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l w/o a passwd if there is *any* entry for the user on the host with a NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for the user on the host w/ the specified runas user have the NOPASSWD flag set. [4b3b85697653] * Makefile.in: add check target [3d24d34a76fd] 1999-12-16 Todd C. Miller * visudo.c: Treat EOF at whatnow prompt like 'x' instead of looping. [5deffc27114c] 1999-12-10 Todd C. Miller * CHANGES: recent changes [5836a9452568] [SUDO_1_6_1] 1999-12-09 Todd C. Miller * config.h.in, configure, configure.in, sudo.c: Add check for initgroups() since old SYSV lacks this. [657a6005a569] * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in, parse.c, testsudoers.c: o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if exists. [17d081e917d6] 1999-12-06 Todd C. Miller * auth/sudo_auth.c: Don't allow insults to be enabled if the insults[] array is empty. Otherwise there would be division by zero. [b20c14db6029] * insults.h: Don't allow insults to be enabled if the insults[] array is empty. Otherwise there would be division by zero. [028f130204b0] * CHANGES, RUNSON: Don't allow insults to be enabled if the insults[] array is empty. Otherwise there would be division by zero. [974f4780254b] * insults.h: Don't care about USE_INSULTS #define since the insult stuff may be overridden at runtime. [b873df8b299c] * auth/sudo_auth.c: Honor insults flag. [756111640fdc] * CHANGES, parse.c: Don't ask the user for a password if the user is not allowed to run the command and the authenticate flag (in sudoers) is false. [cea9fdc09c76] * CHANGES, RUNSON, lex.yy.c, parse.lex: o Whenever we get a bare newline we change to the INITIAL state. o Enter GOTRUNAS when we see Runas_Alias This allows #uid to work in a RunasAlias. [a475513e7c7a] 1999-12-05 Todd C. Miller * CHANGES, parse.yacc, sudo.tab.c: fix parsing of runas lists: o oprunasuser and runaslist now return a value o in a runasspec, if a runaslist does not return TRUE, set runas_matches to FALSE. Normally, a runaslist only returns FALSE for explicitly denied users. o since runaslist does not modify the stack there is no need for a push/pop in runasalias. [82b305b34a8c] * check.c, sudo.c: Don't kill the user's tickets until after sudoers has been parsed since tty_tickets and ticket_dir could be set in sudoers. [f43e25367f3a] * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON, configure, configure.in, sudo.cat, sudo.man, sudoers.cat, sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man: crank version to 1.6 [95f8bdcf9bb2] * testsudoers.c: add set_fqdn() stub [bbc81af5b41a] 1999-12-02 Todd C. Miller * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat, sudoers.man, sudoers.pod, visudo.c: o Kill shell_noargs option, it cannot work since the command needs to be set before sudoers is parsed. o Fix the "set_home" sudoers option (only worked at compile time). o Fix "fqdn" sudoers option. We now set host/shost via set_fqdn which gets called when the "fqdn" option is set in sudoers. o Move the openlog() to store_syslogfac() so this gets overridden correctly from the sudoers file. [3dca861f0f5d] * auth/securid.c: SecurID support should compile now. [a544e5c6ea34] 1999-11-29 Todd C. Miller * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat, visudo.man, visudo.pod: fix some syntactic goofs [b3451f0d5239] 1999-11-28 Todd C. Miller * Makefile.in, sudo.html, sudoers.html, visudo.html: No longer need the .html files as they are generated automatically on the web site. [1b4aa4204584] * CHANGES, LICENSE: kill characters that made wml unhappy [b988fbc6da56] * HISTORY: typo [a418963f7fce] 1999-11-25 Todd C. Miller * README: majordomo@cs.colorado.edu -> majordomo@courtesan.com [5d151e8ffd3b] * Makefile.in, configure: Wrap script execution w/ /bin/sh for the benefit of ctm [3a9c4766b2c3] 1999-11-24 Todd C. Miller * sudo.c: Make the -s flag be exclusive too. Also reorder the flags in the exclusive usage message so they are alphabetical. [4c7af200db34] 1999-11-23 Todd C. Miller * auth/pam.c: make pam errors other than PAM_PERM_DENIED fatal [64bcb3fd2baf] * auth/API: fix typo [f3134c88b12e] * INSTALL: make it clear that /etc/pam.d/sudo is required on linux [213cc3eaad82] * auth/pam.c: fix a warning on redhat and spew an error if pam_authenticate() returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED [7e46dd19da89] * sudo.cat, sudo.html, sudo.man, sudo.pod: Be very clear that the password required is the user's not root's [a6da127347e5] 1999-11-20 Todd C. Miller * Makefile.in: add sample.syslog.conf to DISTFILES and BINFILES [8661c27c007e] 1999-11-19 Todd C. Miller * RUNSON: updates from Brian Jackson + some formatting [6d31c6fa63f8] 1999-11-18 Todd C. Miller * INSTALL.binary, Makefile.binary, README, RUNSON: o One RUNSon update o Changes for automating real binary releases [dd9585f4406c] * Makefile.in: Add bindist target [546ed3fa94bb] 1999-11-16 Todd C. Miller * TROUBLESHOOTING: talk about run-time options in addition to compile-time options [1eb813ff0a9a] [SUDO_1_6_0] * CHANGES: fix typos [65e92bb70a7b] * sudo.c: need sys/time.h if HAVE_SETRLIMIT [ce31655a8a60] * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man, sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod: get rid of references to sudo-bugs. Now mention the web site or the sudo@ alias [a9db861fd8c6] * sudoers.html: repair pod2html damage [62ece4277f1f] * RUNSON, TODO: Update for 1.6 release [98569c57ba2a] * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: Add warning about using ALL in a command context. [6c77685ab280] 1999-11-09 Todd C. Miller * visudo.c: Call yyrestart() on a parse error to reset the lexer state. [1370a27acdb2] * lex.yy.c, parse.lex: Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c since it might not get called in yywrap if we get a parse error (and we only reread the file on error anyway). [37f4b449e28e] * lex.yy.c, parse.lex: Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that might still exist. Call yyrestart() instead of using the deprecated YY_NEW_FILE macro. [7d0d873046c6] * lex.yy.c, parse.lex: flex doesn't need %N table size declarations [268b020fd60a] * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: Mention what characters need to be escaped in names. [72ccbb6b0f31] 1999-11-08 Todd C. Miller * configure: regen [65827abb5c7b] * INSTALL: clarify Mac OS X entry [8da1549a71f5] * RUNSON: update [0cff8df7459f] * configure.in: o Use AC_MSG_ERROR throughout o Check syslog configure options for danity [4cb81e642e5c] 1999-11-05 Todd C. Miller * defaults.c: Fix printing of type T_MODE in dump_defaults() [a868bb6f5515] * strcasecmp.c: missing sys/types.h [ca694ca325b6] * INSTALL: Break out options that may be overridden at run time into their own section. Add a not about Max OS X and correct some lies. [d8bcfd120593] 1999-11-04 Todd C. Miller * CHANGES, config.h.in, configure, configure.in, sudo.c: o Now use getrlimit to find the highest fd when closing all non-std fd's o Turn off core dumps via setrlimit for the sake of paranoia [dd9f651b6def] * RUNSON: updates [f581841fe615] 1999-11-01 Todd C. Miller * CHANGES: updates [553baa1d44c7] * tgetpass.c: When read()'ing, do a single character at a time to be sure we don't go oast the newline. [907d33f55bb4] * sudo.c: For the sudo_root option, check against user_uid, not getuid() since at this point, ruid == euid == 0. [92d5c51939b4] * RUNSON: some updates [e3ed0c1f312b] * logging.h: Fix compilation problem when --with-logging=file was specified. This means that syslog is now required to build sudo but that should not be a problem. If it is it can be fixed trivially with a configure check for syslog() or syslog.h. [839a4b069190] * tgetpass.c: Make this work again for things like "sudo echo hi | more" where the tty gets put into character at a time mode. We read until we read end of line or we run out of space (similar to fgets(3)). [c8f746df2e63] 1999-10-20 Todd C. Miller * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: change ital to bold [f860978e530a] * RUNSON: update [9bcfbb405568] 1999-10-16 Todd C. Miller * defaults.c: Error out if syslog parameters are given without a value. For Ultrix or 4.2BSD "syslog" is allowed without a value since there are no facilities in the 4.2BSD syslog. [69e7a686f5f0] 1999-10-15 Todd C. Miller * defaults.c: Ignore the syslog facility for systems w/ old syslog like Ultrix. [5c250adbbb84] * TROUBLESHOOTING: people with "." early in their path can have problems running sudo from the build dir ;-) [20a1744a24a4] 1999-10-13 Todd C. Miller * sudo.cat, sudo.html, sudo.man, sudo.pod: Remove -r realm option [127caa537f95] * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure, configure.in, sudo.c: New krb5 code from Frank Cusack . [7177a3893a62] * CHANGES: update to reality [766cfbb512d6] 1999-10-12 Todd C. Miller * auth/fwtk.c: include to get function prototypes. [d6c7c12d09fe] * sudo.cat, sudo.html, sudo.man, sudo.pod: document -L flag [dc803e1ce0d7] 1999-10-11 Todd C. Miller * sudo.c: in set_perms(), always call setuid(0) before changing the ruid/euid so we always know it will succeed. [8cced1b862bf] * defaults.h: #undef T_FOO to avoid conflicts with system defines (like on ULTRIX). [d9f0aac092b0] * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: Docuement "Defaults" lines in /etc/sudoers. Still needs some fleshing out but this is a start. [521a1e629bbc] 1999-10-10 Todd C. Miller * use strtol, not strtoul since not everyone has not strtoul [988462f093cc] * defaults.c: use strtol, not strtoul since not everyone has not strtoul [fce835ce62e3] * lex.yy.c, parse.lex: last {WORD} rule should only apply in the INITIAL state [9b57570bfa83] * lex.yy.c, parse.lex: o Add support for escaped characters in the WORD macro o Modify fill() to squash escape chars [87572d59e4e0] * defaults.c, defaults.h: o Add T_PATH flag to allow simple sanity checks for default values that are supposed to be pathnames. o Fix a duplicate free when visudo finds an error. [bdc6855a6c6d] 1999-10-09 Todd C. Miller * defaults.c, defaults.h, logging.c: mail_if_foo -> mail_foo [cbee9415875d] 1999-10-08 Todd C. Miller * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c: o Add requiretty option o Move O_NOCTTY to compat.h [65b8bf0e1795] * logging.c: The exit() in log_error() was mistakenly removed in a previous version. Put it back... [9473449130a4] 1999-10-07 Todd C. Miller * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c, auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in, configure, configure.in, defaults.c, defaults.h, find_path.c, getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c: o Change defaults stuff to put the value right in the struct. o Implement mailer_flags o Store syslog stuff both in int and string form. Setting the string form magically updates the int version. o Add boolean attribute to strings where it makes sense to say !foo [4698953f9a36] * tgetpass.c: add O_NOCTTY when opening /dev/tty just in case [4c6d1d1bb300] 1999-10-06 Todd C. Miller * auth/API: cleanup function no longer takes a status arg [0819edbfe7f8] * INSTALL: the the [19aadb65ea28] 1999-09-15 Todd C. Miller * TODO, config.h.in, configure, configure.in, logging.c: Use strftime() instead of ctime() if it is available. [fb60ea63b514] 1999-09-14 Todd C. Miller * defaults.c: fix copyright date [4a53b54aa72f] * RUNSON: update ReliantUNIX entry [de618a4f67d9] * defaults.c, defaults.h, logging.c: add log_year option [251a9e20568a] * configure, configure.in: add --without-sendmail to help output [93162f199902] * configure, configure.in: enforce an otctal arg for --with-suoders-mode [45e1b04ccad3] 1999-09-08 Todd C. Miller * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c, auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in, configure, configure.in, defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, testsudoers.c, version.c, visudo.c: Add support for "Defaults" line in sudoers to make configuration variables changable at runtime (and on a global, per-host and per- user basis). Both the names and the internal representation are still subject to change. It was necessary to make sudo_user.runas but a char ** instead of a char * since this value can be changed by a Defaults line. There is a similar (but more complicated) issue with sudo_user.prompt but it is handled differently at the moment. Add a "-L" flag to list the name of options with their descriptions. This may only be temporary. Move some prototypes to parse.h Be much less restrictive on what is allowed for a username. [f71abf7ba80c] * sample.syslog.conf: Add more info [e952e6f42d4d] 1999-09-04 Todd C. Miller * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c, strcasecmp.c: UCB has dropped the advertising clause from their license. [a5602b36a341] 1999-08-31 Todd C. Miller * auth/sudo_auth.h: move dce_verofy proto to correct section [972c815af558] * auth/dce.c: remove XXX [820631855be0] 1999-08-28 Todd C. Miller * emul/fnmatch.h: Add fnmatch() prototype [79e84576d92a] * fnmatch.c, parse.c, testsudoers.c: Move inclusion of emul/fnmatch.h to be after sudo.h for __P [1182c89fa811] * sudo.h: add strcasecmp proto [512d1d8a6a0c] * auth/sudo_auth.c: add check for case where there are no auth methods [e4af2b91b43e] * configure, configure.in: Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on SunOS4 w/ gcc [746ce8bcec23] * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c: include strings.h everywhere we include string.h [6f7d5d437e7b] * version.c: nicer output when showing auth methods [0eac4b977f9d] * version.c: Add support for SEND_MAIL_WHEN_NO_HOST [9f20a3a3fae6] * config.h.in, configure, configure.in: Add _GNU_SOURCE for Linux [c7bd8c511847] * lex.yy.c, parse.lex: fix definition of OCTECT [4af30e63244d] * configure, configure.in: aix_auth.o not authenticate.o [fe95dfb08df4] 1999-08-27 Todd C. Miller * sudo.c: Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the keyboard). Since we run with ruid/euid == 0 the user can't really signal us in nasty ways. [a7f6487c0f48] * visudo.c: Don't need to worry about catching too many signals since we do locking on the tmp file. If a lockfile is really stale, it will be detected and overwritten. [28983db3e749] * INSTALL, Makefile.in: include auth/API in tarball [014991600252] * auth/sudo_auth.c: move memset() of plaintext pw outside of verify loop and only do the memset if we are *not* in standalone mode. [66f8e87567e2] * auth/sudo_auth.c, auth/sudo_auth.h: DCE is not a standalone method [34963e2d8a1b] * sudo.c: fix --enable-noargs-shell [4234062abbb0] * snprintf.c: "#ifdef __STDC__" not "#if __STDC__" (I missed one) [c430b80454c6] * auth/fwtk.c, auth/sia.c: _cleanup() function returns an int. [d1a1cc071ec1] * auth/dce.c: there were still some return(0)'s hanging around, make them AUTH_FAILURE [1002aa1962c3] * parse.c: typo in comment [5abc410dbfd2] * version.c: add missing semicolon [a262283b52a5] * auth/sudo_auth.h: missing backslash [bf89f6bd2900] 1999-08-26 Todd C. Miller * CHANGES, config.h.in, configure, configure.in: Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes [f1a9bca0cf67] * Makefile.in: add parse.h to HDRS [a3d054987766] * Makefile.in, configure, configure.in: Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and network libs like -lsocket, -lnsl go in NET_LIBS. This allows testsudoers to build on Solaris and is a bit cleaner in general. [4e6239e97002] * UPGRADE: mention ptmp -> sudoers.tmp [ec3baa0fe8a1] * config.h.in, configure, configure.in: Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE [6f93dc7f39f5] * RUNSON: add 2 reports [ce0fcc00ee4e] * auth/kerb5.c: Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to return a value more like a system function [0dd56aa21424] * auth/dce.c: Add an XXX [58fc8562c212] * TODO: more things todo! [5a459d0cf339] * sample.sudoers: update based on what is in the man page [1a0477db96fa] * parse.yacc, sudo.tab.c: minor change to first line printed in -l mode [69eb57d96952] * sudo.cat, sudo.html, sudo.man, sudo.pod: rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more standard and add "EXAMPLES" section [7e543335ebe1] * visudo.cat, visudo.html, visudo.man, visudo.pod: rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more standard [f82d87ed65c2] * logging.c, parse.c, sudo.h: add FLAG_NO_CHECK [c7d69176a2d7] * lex.yy.c, parse.lex: make an OCTET really be limited to 0-255 [6ee568dd6a02] * UPGRADE: mention timestamp changes [e44d5302bf60] * PORTING: cosmetic cleanup [36fa3a2664dd] * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: new sudoers(8) man page [e674d06283d0] 1999-08-24 Todd C. Miller * version.c: Update comments about syslog name tables [63830a782dcb] * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc, strcasecmp.c, sudo.tab.c: include strcasecmp() for those without it [a0d8e2488bbc] * sample.sudoers: Use the : operator some more and fix a typo [18804c70da86] * HISTORY: update the history of sudo [9d9b3d5279b3] * parse.c, parse.lex, testsudoers.c: CIDR-style netmask support [768644467353] * CHANGES: recent changes [a4319e9d07cb] * sudo.tab.c, sudo.tab.h: these should be generated with byacc, not bison [f57b9489b752] * lex.yy.c: regen [522461f95dfa] * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h: In "sudo -l" mode, the type of the stored (expanded) alias was not stored with the contents. This could lead to incorrect output if the sudoers file had different alias types with the same name. Normal parsing (ie: not in '-l' mode) is unaffected. [823fe2bc4b79] 1999-08-23 Todd C. Miller * configure, configure.in: define _XOPEN_SOURCE to get at crypt() proto on some systems [1b3769b86fb9] 1999-08-22 Todd C. Miller * snprintf.c: fix comment [fc1264df00f7] * tgetpass.c: don't need limits.h [f1631829af45] * snprintf.c: kill bogus reference to vfprintf [a0b99b25d389] * sample.sudoers, sudoers: better examples [b4d87ea64cc8] * snprintf.c: Add some const in the K&R defs. This is safe since we define const away if the compiler doesn't grok it. [614d6e83d45e] * aclocal.m4, configure: Better test for working long long support. Ultrix compiler supports basic long long but not all operations on them. [5da1508710ed] * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c, snprintf.c, sudo.c: Add check for LONG_IS_QUAD #undef MAXINT before including hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX in snprintf.c and use LONG_IS_QUAD [a1f7993367fc] 1999-08-21 Todd C. Miller * LICENSE, aclocal.m4, config.h.in, configure, configure.in, snprintf.c: UCB-derived snprintf + asprintf support. Supports quads if the compiler does. No floating point yet, perhaps later... [0caf05aba945] 1999-08-20 Todd C. Miller * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c, goodpath.c, logging.c, parse.c, sudo.c: Run most of the code as root, not the invoking user. It doesn't really gain us anything to run as the user since an attacker can just have an setuid(0) in their egg. Running as root solves potential problems wrt signalling. [408e530dda01] * sudo.tab.c: regen [f8cfb37e37de] 1999-08-19 Todd C. Miller * logging.c, sudo.c: Don't wait for child to finish in log_error(), let the signal handler get it if we are still running, else let init reap it for us. The extra time it takes to wait lets the user know that mail is being sent. Install SIGCHLD handler in main() and for POSIX signals, block everything *except* SIGCHLD. [d2b6ab0ef3be] * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c, parse.yacc, sudo.c, sudo.h: sudoers_lookup() now returns a bitmap instead of an int. This makes it possible to express things like "failed to validate because user not listed for this host". Some thigns that were previously VALIDATE_FOO are now FLAG_FOO. This may change later on. Reorganized code in log_auth() and sudo.c to deal with above changes. Safer versions of push/pushcp with in the do { ... } while (0) style parse.yacc now saves info on the stack to allow parse.c to determine if a user was listed, but not for the host he/she tried to run on. Added --with-mail-if-no-host option [63326cb01efc] 1999-08-17 Todd C. Miller * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod: o NewArgv and NewArgc don't need to be externally visible. o If pedantic > 1, it is a parse error. o Add -s (strict) option to visudo which sets pedantic to 2. [5d7d81b55cd5] * HISTORY, INSTALL: Just have sudo-bugs contact info in one place [e7f6588ea683] * sudo.cat, sudo.html, sudo.man, sudo.pod: Add BUGS section [6607d96ea510] * Makefile.in, configure, configure.in: Add testsudoers to default build target if --with-devel Don't clean generated parser files unless "distclean". [5827b769dc57] * parse.yacc, sudo.tab.c: In pedantic mode we need to save *all* the aliases, not just those that match, or we get spurious warnings. [24f5b1f0e1de] * TROUBLESHOOTING: reference samples.sylog.conf [11841668380a] 1999-08-14 Todd C. Miller * sample.syslog.conf: Sample entries for syslog.conf [0f7697d878a1] * CHANGES: recent changes [8bca8810c6bd] * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h: In struct sudo_auth, turn need_root and configured into flags and add a flag to specify an auth method is running alone (the only one). Pass auth methods their sudo_auth pointer, not the data pointer. This allows us to get at the flags and tell if we are the only auth method. That, in turn, allows the method to be able to decide what should/should not be a fatal error. Currently only rfc1938 uses it this way, which allows us to kill the OTP_ONLY define and te hackery that went with it. With access to the sudo_auth struct, methods can also get at a string holding their cannonical name (useful in error messages). [b7e320fc6511] * INSTALL, Makefile.in, README, config.h.in, configure, configure.in, getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c, sudo.tab.h: o --with-otp deprecated, use --without-passwd instead o real dependencies in the Makefile o --with-devel option to enable yacc, lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes back to being a token, not a string but don't leak memory o rename hsotspec -> host in parse.yacc [912c45226cb2] 1999-08-12 Todd C. Miller * BUGS, CHANGES: recent changes [801fa6e55687] * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c, sudo.c, sudo.h: o Digital UNIX needs to check for *snprintf() before -ldb is added to LIBS since -ldb includes a bogus snprintf(). o Add forward refs for struct mbuf and struct rtentry for Digital UNIX. o Reorder some functions in snprintf.c to fix -Wall o Add missing includes to fix more -Wall [8d207203e126] * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure, configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c, visudo.c: o Add a "pedentic" flag to the parser. This makes sudo warn in cases where an alias may be used before it is defined. Only turned on for visudo and testsudoers. o Add --disable-authentication option that makes sudo not require authentication by default. The PASSWD tag can be used to require authentication for an entry. We no longer overload --without-passwd. [f307e09adf98] * lex.yy.c, parse.lex: Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a username can contain just about anything so be very permissive. Also drop the unused \. punctuation. [06a50614ff89] 1999-08-09 Todd C. Miller * parse.yacc, sudo.tab.c: o add a 'val' element to aliasinfo struct and move -> parse.h o find_alias() now returns an aliasinfo * instead of boolean o add_alias() now takes a value parameter to store in the aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now return: 1) positive match 0) negative match (due to '!') -1) no match This means setting $$ explicitly in all cases, which I should have done in the first place. It also means that we always store a value that is != -1 and when we see a '!' we can set *_matches to !rv if rv != -1. The upshot of all of this is that '!' now works the way it should in lists and some of the rules are more uniform and sensible. [ad8e73b5d581] * Makefile.in: add parse.h dependency [4ccccd464d30] * parse.h: kill unused *_matched macros [02cba6dcb732] * parse.yacc: Allow a list of users as the first thing in a user spec, not just a single entry. This makes things more uniform, though it does allow you to write user specs that are hard to read. [3c4c91c508ca] * sudo.tab.c: parse.yacc [feca81881bb6] * configure: regen [6f247010bb3b] * configure.in: fix check for crypt() in libufc [82770736f4b0] 1999-08-07 Todd C. Miller * README: sudo-users list now exists [4716d2bb0bbf] * INSTALL, PORTING, README, TODO, TROUBLESHOOTING: Update to reality. [1eda2d57e42a] * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h, config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h, version.c, visudo.c: o Move lock_file() and touch() into fileops.c so visudo can use them o Visudo now locks the sudoers temp file instead of bailing when the temp file already exists. This fixes the problem of stale temp files but it does *require* that you not try to put the temp file in a world-writable directory. This shoud not be an issue as the temp file should live in the same dir as sudoers. o Visudo now only installs the temp file as sudoers if it changed. [2517cd06c070] 1999-08-06 Todd C. Miller * logging.c: add fcntl locking [c304adeaf515] * config.h.in, configure, configure.in, logging.c: Lock the log file. [d8652704fbdf] * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c, visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod: o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP -> _PATH_SUDOERS_TMP [68cad8975807] 1999-08-05 Todd C. Miller * INSTALL, check.c, config.h.in, configure, configure.in, version.c: o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to root sudo -V config reporting [cdd2613a9dcf] * configure, configure.in: aix_auth.o not authenticate.o [d972e35f6730] * config.h.in: Add --with-goodpri and --with-badpri configure options to specify the syslog priority to use. [2595ae50ab86] * INSTALL, configure, configure.in, logging.h: Add --with-goodpri and --with-badpri configure options to specify the syslog priority to use. [8276ee9b2b49] * compat.h: kill crufty AIX stuff [a4f35ef9854e] * Makefile.in: Sigh, some versions of make (like Solaris's) don't deal with $< like I would expect. Both GNU and BSD makes get this right but... So, we just expand $< inline at the cost of some ugliness. [b1b456f8801f] * version.c: If the invoking user is root, sudo will now print configure info in -V mode. Currently just prints logging info, to be expanded later. [392f7ed99267] * logging.c, logging.h, sudo.c, sudo.h: o new defines for syslog facility and priority o use new print_version() functino for -V mode [78abc5142985] * check.c: Don't need version.c [db9a830ad893] * aclocal.m4, config.h.in, configure, configure.in: Add check for syslog facilities and priorities tables in syslog.h [b86213e5fc5c] * Makefile.in: o authenticate -> aix_auth o add version.c [44b6b9a8d0f5] * auth/sudo_auth.c: Missed a prompt -> user_prompt conversion [e4c60b1f210c] 1999-08-04 Todd C. Miller * TODO: sudo should lock its logfile [6d2830b28b07] * parse.yacc, sudo.tab.c: o Add '!' correctly when expanding Aliases. o Add shortcut macros for append() to make things more readable. o The separator in append() is now a string instead of a char. o In append(), only prepend the separator if the last char is not a '!'. This is a hack but it greatly simplifies '!' handling. o In -l mode, Runas lists and NOPASSWD/PASSWD tags are now inherited across entries in a list (matches current behavior). o Fix formatting in -l mode such that items in a list are separated by a space. Greatlt improves readability. o Space for name field in struct aliasinfo is now allocated dyanically instead of using a (big) buffer. o In add_alias(), only search the list once (lsearch instead of lfind + lsearch) [51f7e07addb9] * lex.yy.c, sudo.tab.c, sudo.tab.h: regen [5c19bb05dc21] * configure, configure.in: Solais pam doesn't require anye xtra setup [a25ba03d91d1] * parse.yacc: o Simpler '!' support now that the lexer deals with multiple !'s for us. o In the case of opFOO, have FOO give a boolean return value and set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since it gets fill()'d in parse.lex--fixes a small memory leak. In the long run it may be better to just fix parse.lex and make ALL back into a token. However, having it be a string is useful since it can be easily passed back to the parent rule if we so desire. [b3c64b443018] * parse.lex: o Remove some unnecessary backslashes o collapse multiple !'s by using !+ and checking if yyleng is even or odd. this allows us to simplify ! handling in parse.yacc [76330e8da8e3] * sudo.c: -u flag was being ignored [e30283207585] 1999-08-01 Todd C. Miller * Makefile.in: correct fix [a0e2377dec8f] * Makefile.in: work around pod2man stupididy [7c755640b67f] * Makefile.in: correct dependencies for .cat [5ed7b0653b68] * sudo.cat, sudo.man, visudo.cat, visudo.man: regen [b74510dd6a0a] * sudo.pod, visudo.pod: Add copyright Update to reality [188e9b046c15] * parse.c, sudo.c, sudo.h: rename validate() to the more descriptive sudoers_lookup() [7a1cb652f379] * auth/aix_auth.c: use tgetpass [b8ba5daec40a] 1999-07-31 Todd C. Miller * CHANGES: updates [e61460cdf4a0] * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING, configure, configure.in, sudo.c: Sudo, not CU Sudo [9061b3573c0c] * LICENSE: add 4th term to license similar to term 5 in the apache license [92712e895afb] * emul/search.h, emul/utime.h: add 4th term to license similar to term 5 in the apache license [4f93a8b9396e] * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c, logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: add 4th term to license similar to term 5 in the apache license [afae9f2bf9ec] * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h: add 4th term to license similar to term 5 in the apache license [c389d3fdafac] * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c, getspwuid.c, goodpath.c: add 4th term to license similar to term 5 in the apache license [969e63dbd38e] * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in, insults.h, logging.c, sudo.c, sudo.h: there was a 1995 release too [5963fd89457a] 1999-07-28 Todd C. Miller * CHANGES: updates [254b794f16ab] * check.c: Use dirs instead of files for timestamp. This allows tty and non- tty schemes to coexist reasonably. Note, however, that when you update a tty ticket, the mtime on the user dir gets updated as well. [44bfac32f799] * configure, configure.in: Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx" when linking test program, not just -lprot. Also add check for getspnam(). The SCO docs indicate that /etc/shadow can be used but this may be a lie. [2ba21d36cc1e] 1999-07-24 Todd C. Miller * auth/API: first cut at auth API description [3d10df021eb8] 1999-07-22 Todd C. Miller * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.c, auth/sudo_auth.h: auth API change. There is now an init method that gets run before the main loop. This allows auth routines to differentiate between initialization that happens once vs. setup that needs to run each time through the loop. [76df1c0d3478] * auth/kerb5.c, logging.c: use easprintf() and evasprintf() [fd97d96dc12f] * alloc.c, sudo.h: add easprintf() and evasprintf(), error checking versions of asprintf() and vasprintf() [f54385de20b7] * TODO: remove 2 items. One done, one won't do. [64513b47bc7a] * lex.yy.c, sudo.tab.c: regen [4aa299de2752] * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat, visudo.html, visudo.man: regen [553c0d1209be] * CHANGES: new changes [d7be00b7e36b] * sudo.pod: o Document -K flag and update meaning of -k flag. o BSD-style copyright o Document clearing of BIND resolver environment variables o Clarify bit about shared libs o suggest rc files create /tmp/.odus if your OS gives away files [4a4092be1455] * visudo.pod: BSD license [ad0bfd0a4630] * version.h: BSD-style copyright [ecc6479325be] * tgetpass.c: o BSD copyright o no need to block signals, we now do that in main() o cosmetic changes [61958beda7ab] * testsudoers.c, visudo.c: o BSD-style copyright o Use "struct sudo_user" instead of old globals. o some cometic cleanup [88c0c6924082] * sudo_setenv.c: BSD-style copyright [df20290129a0] * sudo.h: o BSD copyright o logging and parser bits moved to their own .h files o new "struct sudo_user" to encapsulate many of the old globals. [50fc86bf25cb] * sudo.c: o no longer contains sudo 1.1/1.2 code o BSD copyright o use new logging routines o simplified flow of control o BIND resolver additions to badenv_table [8c53f15bfcb0] * strerror.c: BSD-style copyright [7c906c3a82ac] * snprintf.c: Now compiles on more K&R compilers [07ab1d3231c7] * putenv.c: BSD-style copyright, cosmetic changes [c42371295881] * pathnames.h.in: BSD-style copyright [e5c34ebd4cf1] * parse.c, parse.h, parse.lex, parse.yacc: BSD-style copyright. Move parser-specific defines and structs into parse.h + other cosmetic changes [d3088efb6228] * logging.h: defines for logging routines [13147941c02d] * find_path.c, getspwuid.c, goodpath.c, interfaces.c: BSD-style copyright, cosmetic changes [e8205e91a4fa] * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.h: BSD-style copyright [b9499da7cdce] * configure.in: o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o kill --disable-tgetpass o add --without-passwd o changes to fill in AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and v?asprintf() o replace --with-AuthSRV with --with-fwtk [9a3f39b9c128] * config.h.in: BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF, HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD [9a09054db53a] * compat.h: BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing. [25509c566975] * alloc.c: BSD-style copyright [4967be892363] * TROUBLESHOOTING: no more --with-getpass [afd5b670c196] * TODO: Take out things I've done... [375420c8270e] * README: Refer to LICENSE [c486c8db30f6] * PORTING: --with-getpass no longer exists [db48202df1bb] * Makefile.in: BSD-style copyright. Update to reflect reality wrt new files and new auth modules. [61a2ca7940fb] * INSTALL: Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and --without-passwd. [64e8f9e1c05e] * HISTORY: Update history a bit [df60c0a871b8] * COPYING, LICENSE: Now distributed under a BSD-style license [d1a184ccabe1] * auth/sudo_auth.c: o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD options. o skey/opie replaced by rfc1938 code o new struct sudo_user global [891b57060868] * auth/pam.c, auth/sia.c: BSD-style copyright and use new log functions [65c44445ea84] * auth/kerb5.c: o BSD-style copyright o Use new log functiongs o Use asprintf() and snprintf() where sensible. [1ff0feaacf95] * check.c: Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now done more reasonably--better sanity checks and tty-based stamps are now done as files in a directory with the same name as the invoking user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible to mix tty and non-tty based ticket schemes but this may change in the future (it requires sudo to use a directory instead of a file in the non-tty case). Also, ``sudo -k'' now sets the ticket back to the epoch and ``sudo -K'' really deletes the file. That way you don't get the lecture again just because you killed your ticket in .logout. BSD-style copyright now. [ec3460f85be8] * logging.c: o rewritten logging routines. log_error() now takes printf-style varargs and log_auth() for the return value of validate(). o BSD- style copyright [438292025c4e] * auth.c, check_sia.c, dce_pwent.c, secureware.c: superceded by new auth API [412060590da7] * auth/kerb4.c: BSD-style copyright [cc4e800833c7] * auth/fwtk.c: Use snprintf() where it makes sense and add a BSD-style copyright [1b7502388a74] * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h: BSD-style copyright [42583bedae5c] * emul/utime.h, utime.c: BSD-style copyright [3985c90aba47] * emul/search.h: this has been rewritten so use my BSD-style copyright [176df1b0de6f] 1999-07-15 Todd C. Miller * snprintf.c: include malloc.h if no stdlib.h [7b123f1d1d03] * snprintf.c: KTH snprintf()/asprintf() for systems w/o them [3ca9aefb9d01] * strerror.c: strerror() for systems w/o it [7f0bd8a1c1b4] 1999-07-12 Todd C. Miller * visudo.c: stylistic changes [6f99aceb7170] * parse.c, parse.lex, parse.yacc: Add contribution info in the main comment [e50cec10acd6] 1999-07-11 Todd C. Miller * auth/pam.c: remove missed ref to PAM_nullpw [a43e59692cdb] * auth/sudo_auth.h: pasto [891ff138ab89] * auth/kerb5.c: more or less complete now--still untested [21036732faa0] * auth/afs.c, auth/pam.c: don't use user_name macro, it will go away [def7cf727349] * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h: combine skey/opie code into rfc1938.c [44d88ca93d3e] * auth/dce.c, auth/sudo_auth.h: DCE authentication method; basically unchanged from dce_pwent.c [4d468473dd6f] * auth/aix_auth.c, auth/sudo_auth.h: AIX authenticate() support. Could probably be much better [000013321a33] * auth/sia.c: Fix an uninitialized variable and some cleanup. Now works (tested) [fd6ad88ff055] * auth/sia.c, auth/sudo_auth.h: SIA support for digital unix [5335f3e70eab] * auth/pam.c: don't use prompt global, it will go away [fadd22dd6ce4] * auth/secureware.c: correct copyright years [6aa07c49f51b] * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c, auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c, auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h: New authentication API and methods [9debe9b59c79] 1999-07-08 Todd C. Miller * sudo.tab.c: regen [84578e82c1a6] * parse.yacc: only save an entry if user_matches && host_matches, even if the stack is empty (fix for previous commit) [00984b078d8a] * sudo.tab.c: regen [66acf160b4b7] * parse.yacc: 1) Always save an entry on the stack if it is empty. This fixes the -l and -v flags that were broken by earlier parser changes. 2) In a Runas list, don't negate FALSE -> TRUE since that would make !foo match any time the user specified a runas user (via -u) other than foo. [f322eb54b015] * testsudoers.c: interfaces and num_interfaces are now auto, not extern [113add5c6518] 1999-07-07 Todd C. Miller * auth.c: use a static global to keep stae about empty passwords [bc02e30807d8] * check_sia.c: make PASSWORD_NOT_CORRECT logging consistent with other modules [21962549d5fd] 1999-07-05 Todd C. Miller * auth.c: PAM prompt code was wrong, looks like we have to kludge it after all. [91f246155ead] * auth.c: In the PAM code, when a user hits return at the first password prompt, exit without a warning just like the normal auth code [918f59bacdb7] * configure, configure.in: kludge around cross-compiler false positives [5e5fc8356400] * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c: New (correct) PAM code Tgetpass now takes an echo flag for use with PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a useless umask setting Change error from BAD_ALLOCATION -> BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c for consistency [e71397f09dd8] * sudo.c: Some -Wall and kill some trailing spaces [8229b43d5c4e] * configure.in: define -D__EXTENSIONS__ for solaris so we get crypt() proto [7533e4436cab] 1999-06-22 Todd C. Miller * RUNSON: add Dynix 4.4.4 [b69f773efbce] * INSTALL, config.h.in, configure, configure.in: for kerberos V < version, fall back on old kerb4 auth code [d685ed3a1d8e] * INSTALL: clarify some things [2f5ba2e8e53a] * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod: typos [8925a109c093] 1999-06-14 Todd C. Miller * sudo.c: mention why DONT_LEAK_PATH_INFO is not the default [0346260cb4ec] 1999-06-03 Todd C. Miller * tgetpass.c: Fix open(2) return value checking, was NULL for fopen, should be -1 for open [355878bf6d8a] * configure: regen [68bf82871862] * configure.in: better wording for solaris pam notice [04e88c7a6c42] * CHANGES: document recent changes [7c922c5622ef] * TROUBLESHOOTING: Update shadow password section [e8448bae7d66] * auth.c: move authentication code from check.c to auth.c [e9f6ecae2399] * Makefile.in, check.c, sudo.h: move authentication code to auth.c [124cded85f46] 1999-05-17 Todd C. Miller * Makefile.in, check.c, check_sia.c, compat.h, find_path.c, getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c, sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c, visudo.c: Move interface-related defines to interfaces.h so we don't have to include everywhere. [e7599d8ea0bf] 1999-05-14 Todd C. Miller * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c, tgetpass.c: o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It turns out the old DES crypt does the right thing with passwords longert than 8 characters. o Fix common typo (necesary -> necessary) o Update TODO list [ad75007a6f13] 1999-05-03 Todd C. Miller * sudo.c: set $LOGNAME when we set $USER [391596210fd7] 1999-04-27 Todd C. Miller * INSTALL: add comment about digital unix and interfaces.c warning with gcc [e20f815901cc] 1999-04-15 Todd C. Miller * sample.sudoers: use modern paths and give examples for some of the new parser features [e7b2e507c695] 1999-04-10 Todd C. Miller * parse.c: fix comment [5eb0d005a65f] * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: Function names should be flush with the start of the line so they can be found trivially in an editor and with grep [3c400abde574] * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c: free(3) is already void, no need to cast it [6981e1ebda0f] * logging.c, sudo.c, sudo.h: catch case where cmnd_safe is not set (this should not be possible) [3e1e3038546c] * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c, testsudoers.c, visudo.c: Stash the "safe" path (ie: the one listed in sudoers) to the command instead of stashing the struct stat. Should be safer. [aa2883fcf57e] 1999-04-08 Todd C. Miller * INSTALL, Makefile.in, UPGRADE: notes on updating from an earlier release [df9fffa4ab2c] * CHANGES: updated [574f5065d15a] 1999-04-07 Todd C. Miller * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: You can now specifiy a host list instead of just a host or alias. Ie: user = host1,host2,ALIAS,!host3 my_command now works. [e3942bb78021] * testsudoers.c: Quiet -Wall [a3edc8b08c3a] * parse.yacc, sudo.tab.c: Move the push from the beginning of cmndspec to the end. This means we no longer have to do a push at the end of privilege, just reset some values. [8ea66e5860c6] * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can use "!" most everywhere [aadae4d1c9d5] 1999-04-06 Todd C. Miller * sudoers.pod: modernize paths and update su example based on sample.sudoers one [3f6a37e16c83] * sample.sudoers: New runas semantics [756ee92865b7] * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in, strdup.c, sudo.h: In estrdup(), do the malloc ourselves so we don't need to rely on the system strdup(3) which may or may not exist. There is now no need to provide strdup() for those w/o it. Also, the prototype for estrdup() was wrong, it returns char * and its param is const. [5f1f984da8e3] * getcwd.c: $Sudo tag [e4188a35e68c] * check.c: buf should be prompt; Michael Robokoff [2aec87c86cde] * CHANGES, TODO, parse.yacc, sudo.tab.c: It is now possible to use the '!' operator in a runas list as well as in a Cmnd_Alias, Host_Alias and User_Alias. [a4fdaabda990] * logging.c, sudo.h: Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM [73d0376785ae] * sudo.h: Definitions of *_matched were wrong--user top, not top-2 as subscript. [5f8350a57362] * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c: Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a command but the NOPASSWD flag was set. Make runasspec, runaslist, runasuser, and nopasswd typeless in parse.yacc Add support for '!' in the runas list Fix double printing of '%' and '+' for groups and netgroups respectively Add *_matched macros (no need for local stack variable). Should only be used directly after a pop (since top must be >= 2). [392b1400c4e6] * aclocal.m4, configure.in: Add copyright, somewhat silly [55c2cdd82dca] 1999-04-05 Todd C. Miller * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c, compat.h, config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat, visudo.man: Crank version to 1.6 and combine copyright statements [0e1c791658ae] * sample.sudoers: Use ! not ^ to do negation [1480a0761730] * lex.yy.c, sudo.tab.c: regen [89ca5a46684b] * parse.lex, parse.yacc: Make runas and NOPASSWD tags persistent across entris in a command list. Add a PASSWD tag to reverse NOPASSWD. When you override a runas or *PASSWD tag the value given becomes the new default for the rest of the command list. [f1bbb4066542] 1999-04-02 Todd C. Miller * CHANGES, RUNSON: update for 1.5.9 [a1ae9d4a7d54] [SUDO_1_5_9] * visudo.c: Shift return value of system(3) by 8 to get real exit value and if it is not 1 or 0 print the retval along with the error message. [c1ff50d743fb] 1999-03-30 Todd C. Miller * Makefile.in: testsudoers needs LIBOBJS too [972571b4e4bf] * parse.c, parse.yacc, sudo.tab.c: Fix another parser bug. For a sudoers entry like this: millert ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls as root. [51968e1eb33d] * CHANGES: new change [271c6110bb62] * parse.yacc, sudo.tab.c: Save entries that match a ! command on the matching stack too [5afb5107116c] * sudo.c: Make sudo's usage info better when mutually exclusive args are given and don't rely on argument order to detect this; nick@zeta.org.au [2422753c88fd] 1999-03-29 Todd C. Miller * CHANGES, Makefile.in, RUNSON: updates from CU [b37381e3dafb] * Makefile.in: use gzip [94a64e52a166] * parse.yacc, sudo.tab.c: Fix off by one error introduced in *alloc changes [95ede581153a] * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c, compat.h, config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod: ++version [c6d88f024e37] * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, utime.c, visudo.c: Use emalloc/erealloc/estrdup [44221d97361a] * alloc.c: error checking memory allocation routines [5f8c1e7bbc71] * parse.yacc, sudo.tab.c: Still not right, this fixes it for real [ad553b6f5339] * parse.yacc, sudo.tab.c: Fix for previous commit [4d6f989f9bf2] * CHANGES, INSTALL, parse.yacc: Fix a parser bug that was exposed when mixing different runas specs and ! commands. For example: millert ALL=(daemon) /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root as well as daemon when it should just allow daemon. The problem was that comma-separated commands in a list shared the same entry on the matching stack. Now they get their own entry iff there is a full match. It may be better to just make the runas spec persistent across all commands in a list like the user and host entries of the matching stack. However, since that is a fairly major change it should gets its own minor rev increase. [c4b939cdcc8e] 1999-03-28 Todd C. Miller * check.c, config.h.in: Simplify PAM code and fix a PAM-related warning on Linux [2468399523b6] 1999-03-26 Todd C. Miller * CHANGES: updates [29d4a997769c] * sample.sudoers: better su entry [76d8285a72ba] * configure: regen [b7450cc6975d] * check.c, configure.in: new pam code that works on solaris, should work on linux too; aelberg@home.com [84c16c0ff259] 1999-03-19 Todd C. Miller * RUNSON: more entries [b6bef8660759] * config.h.in: only include strings.h if there is no string.h [b66054a32b00] 1999-03-17 Todd C. Miller * config.guess: Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com [c086d2fe63af] 1999-03-13 Todd C. Miller * sudo.c: shost must be set before log functions are called #ifdef HOST_IN_LOG [d49a7944358f] 1999-03-07 Todd C. Miller * CHANGES, lex.yy.c, parse.lex: Fix a bug wrt quoting characters in command args. Stop processing an arg when you hit a backslash so the quoted-character detection can catch it. [2281438d7f41] 1999-02-26 Todd C. Miller * interfaces.c: include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru [31118a9e9916] 1999-02-24 Todd C. Miller * configure, configure.in: add missing case statement so --without-sendmail works [ca25614f7dd9] 1999-02-23 Todd C. Miller * CHANGES: more [4d70e44f7f93] 1999-02-22 Todd C. Miller * configure, configure.in: only search for -lsun in irix <= 4.x [e604238317b1] * configure, configure.in: back out last configure.in change now that I've hacked autoconf to fix the real problem and add a missing newline [2dabf59a79b5] * CHANGES: updated [bb35d526552f] * getcwd.c: add def of dirfd() for those without it [95f0173d8441] * configure, configure.in: When falling back to checking for socket() when linking with "-lsocket -lnsl" check for main() instead since autoconf has already cached the results of checking for socket() in -lsocket. This is really an autoconf bug as it should use the extra libs as part of the cache variable name. [a845f8b710ad] * configure.in: typo [a7d62f62a478] 1999-02-21 Todd C. Miller * configure.in: fix occurrence of $with_timeout that should be $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni- bochum.de [8c4da2cf73d1] 1999-02-17 Todd C. Miller * sudo.cat, sudo.html, sudo.man, sudo.pod: fix grammar; espie@openbsd.org [7031d9dfbc3e] [SUDO_1_5_8] 1999-02-11 Todd C. Miller * parse.yacc, sudo.c, testsudoers.c: add cast for strdup in places it does not have it [7ce4478d3b0f] 1999-02-09 Todd C. Miller * configure, configure.in: define for_BSD_TYPES irix [858337ff4af8] 1999-02-07 Todd C. Miller * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod: Make it clear that it is the user's password, not root's, that we want. [ae0f51b35ee4] * check.c, sudo.h: If the user enters an empty password and really has no password, accept the empty password they entered. Perviously, they could enter anything *but* an empty password. Also, add GETPASS macro that calls either tgetpass() or getpass() depending on how sudo was configured. Problem noted by jdg@maths.qmw.ac.uk [2fde21ce94c1] 1999-02-03 Todd C. Miller * Makefile.in, check.c, check_sia.c, compat.h, config.h.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: add explicate copyright [d3b4449834a5] * CHANGES: mention -lsocket, -lnsl configure changes [9140af4ad8ae] 1999-02-02 Todd C. Miller * sudo.c: Don't clobber errno after calling check_sudoers(). [59bd581b2654] 1999-02-01 Todd C. Miller * configure, configure.in: When linking with both -lsocket and -lnsl be sure to do so in that order. Also, when we can't find socket() or inet_addr() and have to try linking with both libs, issue a warning. [0ee547163067] * sudo.cat, sudo.man, sudo.pod: clarify bad timestamp and fmt [70e42cf56c75] 1999-01-23 Todd C. Miller * INSTALL, RUNSON: be clear that pam is linux-only and add a RUNSON entry [7fdeab875e0d] 1999-01-22 Todd C. Miller * CHANGES, INSTALL, configure, configure.in: fix and correctly document --with-umask; problem noted by adap@adap.org [11cd0481d63a] 1999-01-20 Todd C. Miller * configure, configure.in: only use /usr/{man,catman}/local to store man pages if suer didn't override prefix or mandir [781ad2cbe9be] * INSTALL, configure, configure.in: fix typo, make --with-SecurID take an arg [026a9b4014fc] 1999-01-19 Todd C. Miller * RUNSON: updates from users [2286982b31e6] * CHANGES, INSTALL, check.c, configure, configure.in: FWTK 'authsrv' support from Kevin Kadow [23aa4e5c6b02] * configure, configure.in: better fix for the problem of unresolved symbols in -lnsl or -lsocket [82fe70fc287f] * configure, configure.in: when checking for functions in -lnsl and -lsocket link with both of them to avoid unresolved symbols on some weirdo systems [1734a591808e] 1999-01-18 Todd C. Miller * BUGS, CHANGES, RUNSON, TODO: old changes that didn't make it into RCS before the RCS->CVS switch [846eb2b8f9aa] 1999-01-17 Todd C. Miller * Makefile.in, check.c, check_sia.c, compat.h, config.h.in, configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c, lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c, sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c, visudo.pod: add sudo tags [962f81eaa5ab] * sudo.h: testing Sudo tag [e84cbc521129] * version.h: testing Sudo tag [a8c3a3998b88] * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h, config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man, sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat, visudo.man: crank version and regen files [23eacf00a1a4] * Makefile.in: kill rcs goop in update_version and fix now that version is a const [e6e50bd8d1e1] * INSTALL, check.c, config.h.in, configure, configure.in, logging.c, sudo.c, sudo.h, sudo.pod: kerb5 support from fcusack@iconnet.net [8134027986e2] * realpath.c, sudo_realpath.c: we no longer use realpath [0f5f64abc646] * qualify.c: replaced by find_path.c [9e32a87e09c4] * options.h: all options are now configure flags [ee6bd9610102] * lex.yy.c: regen [bdbf8a18161f] * getwd.c: superceded by getcwd.c [1e54ee0990b4] * getpass.c: superceded by tgetpass.c [4e0d1edc30e3] * SUPPORTED: superceded by RUNSON [854c5a21cb53] * OPTIONS: No longer used now that we have configure options for everything. [9b1ae1c89259] * configure: regen based on configure.in [3a4d73936973] * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html, sudoers.man, visudo.cat, visudo.html, visudo.man: regen based on sudo.pod, sudoers.pod, and visudo.pod [c267beb90778] 1998-12-11 Todd C. Miller * check.c: fix tty tickets in remove_timestamp (didn't use ':') [fd964a74a32b] 1998-12-07 Todd C. Miller * interfaces.c: close sock when we are done with it [95de0380f8a4] 1998-11-28 Todd C. Miller * parse.yacc: never say "error on line -1" [361db1491121] 1998-11-24 Todd C. Miller * configure.in: check for -lnsl before -lsocket [8e966d6bbcb5] * configure.in: quote '[', ']' used in ranges correctly [fa4f9c6ff651] 1998-11-21 Todd C. Miller * config.h.in: add missing NO_ROOT_SUDO noted by drno@tsd.edu [c969f25d1667] 1998-11-20 Todd C. Miller * version.h: 1.5.7 [7a22de0bc148] * INSTALL: more info for 1.5.7 [30ad9e784799] * README: update for 1.5.7 [cd03a0a27cd2] * parse.yacc: make increases of cm_list_size and ga_list_size be similar to increases of stacksize (ie: >= not > in initial compare). [6bd450a896c7] * parse.yacc: when we get a syntax error, report it for the previous line since that's generally where the error occurred. [c4ac84058f0b] 1998-11-18 Todd C. Miller * config.h.in, configure.in, interfaces.c: add back check for sys/sockio.h but only use it if SIOCGIFCONF is not defined [d197f31fd1e4] [SUDO_1_5_7] * config.h.in: define BSD_COMP for svr4 [87ac1147ff79] * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex, parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: more -Wall [d98e2d32db2a] * configure.in: kill check for sockio,h [4399779014c1] * config.h.in: no more HAVE_SYS_SOCKIO_H [67484528e347] * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex, parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: -Wall [2b7e83976788] 1998-11-16 Todd C. Miller * sudo.c: add missing inform_user() [8689528c6d55] 1998-11-14 Todd C. Miller * find_path.c: return NOT_FOUND if given fully qualified path and it does not exist previously it would perror(ENOENT) which bypasses the option to not leak path info [ccbc3d0130ae] * configure.in: for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for -ldes [c77d3b484ece] 1998-11-13 Todd C. Miller * INSTALL: tty tickets are user:tty now [a53a303a614d] * check.c: when using tty tickets make it user:tty not user.tty as a username could have a '.' in it [3160b3f5c890] 1998-11-10 Todd C. Miller * sudo.c: add "ignoring foo found in ." for auth successful case [24257169e0bd] 1998-11-09 Todd C. Miller * sudo.c: add missing printf param [8c905124f777] 1998-11-08 Todd C. Miller * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h: go back to printing "command not found" unless --disable-path-info specified. Also, tell user when we ignore '.' in their path and it would have been used but for --with-ignore-dot. [066e118c11e4] * check.c, sudo.c: Only one space after a colon, not two, in printf's [38452f4c8007] 1998-11-05 Todd C. Miller * sudo.pod: document setting $USER [80557fe6aede] * check.c: fix bugs with prompt expansion [44c4fca5f009] * sudo.c: set $USER for root too [4b525e1c6269] 1998-11-04 Todd C. Miller * getspwuid.c: typo [5107446f43e0] * configure.in: HP-UX's iscomsec is in -lsec, not libc [03c9f700b795] * configure.in: remove some entries in the OS case statement that did nothing [ea96e7e0f624] * TROUBLESHOOTING: add "cd" section and flush out syslog section [5107f7363b78] * Makefile.in: no more sudo-lex.yy.c [ed50826efbbc] * check_sia.c: add custom prompt support [6a285cea10b7] * testsudoers.c: kill perror("malloc") since we already have a good error messages pw_ent -> pw for brevity [eee31052921e] * sudo.c: kill perror("malloc") since we already have a good error messages pw_ent -> pw for brevity set $USER if -u specified [9f3753461f8a] * parse.yacc: kill perror("malloc") since we already have a good error messages [849459088ac3] * parse.c: kill perror("malloc") since we already have a good error messages pw_ent -> pw for brevity when checking if %group matches, look up user in password file so that %groups works in a RunAs spec. [0489b4ecc59a] * logging.c: kill perror("malloc") since we already have a good error messages [3191a18b3526] * check.c, getspwuid.c, interfaces.c: kill perror("malloc") since we already have a good error messages pw_ent -> pw for brevity [7193fdb38cf9] 1998-11-03 Todd C. Miller * tgetpass.c: the prompt is expanded before tgetpass is called [0f408f508041] * sudo.h: tgetpass now has the same args as getpass again [b6778cd9d79f] * getspwuid.c: add iscomsec, issecure support [007be7ec7ae7] * check.c: we now expand any %h or %u in the prompt before passing to tgetpass [f3db8c9ee387] * configure.in: add check for syslog(3) in -lsocket, -lnsl, -linet [5a96f902ce00] * config.h.in: add HAVE_ISCOMSEC and HAVE_ISSECURE [f640b0d4cf05] * configure.in: add check for iscomsec in HP-UX [b28b249040f0] * configure.in: check for issecure if we have getpwanam on SunOS some options are incompatible with DUNIX SIA check for dispcrypt on DUNIX [a49d05d9c913] 1998-10-25 Todd C. Miller * config.h.in: add HAVE_DISPCRYPT [7376d543d8d6] * secureware.c: add back support for non-dispcrypt based checking for older DUNIX [977b98e936be] * INSTALL: sia changes [c5387c06e30f] * configure.in: SIA becomes the default on Digital UNIX now havbe --disable-sia to turn it off... [3b647558ea13] * check.c: move local includes after system ones [b2abad4c4aef] 1998-10-24 Todd C. Miller * check.c, check_sia.c, sudo.h: add pass_warn() which prints out INCORRECT_PASSWORD or an insult to stderr [547cbf299661] * check_sia.c: fix while loop in sia_attempt_auth() that checks the password. Only the first iteration was working. [1886fd1ac831] 1998-10-22 Todd C. Miller * aclocal.m4: don't trust UID_MAX or MAXUID [2aeddb1654d8] * configure.in: fix two pastos [c18f0a10b75d] * configure.in: fix typo [1eb3190ef12d] * getspwuid.c, secureware.c: init crypt_type to INT_MAX since it is legal to be negative in DUNX 5.0 [cefbde04822d] * configure.in: for secureware on dunix, use -lsecurity -ldb -laud -lm but check for -ldb since DUNX < 4.0 lacks it [e6b11d971068] 1998-10-21 Todd C. Miller * check.c, compat.h, config.h.in, configure.in, getspwuid.c, secureware.c, sudo.c, tgetpass.c: getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2 minutes if the shadow files don't exist). [2f297d095004] 1998-10-20 Todd C. Miller * INSTALL: updated --with-editor blurb [77d8a3ea7328] * TROUBLESHOOTING: tell how to put sudoers in a different dir [456cd20eb1d0] * configure.in: add missing quotes around $with_editor [22881748ab1b] * configure.in: typo in --with-editor bits [ab6964580681] * INSTALL: I don't expect it to work on Solaris [1c2fceaaf56e] * check.c: add back security/pam_misc.h [6ffd30033c1e] 1998-10-19 Todd C. Miller * INSTALL: remove dunix note since configure checks for this now [e9904512b8e8] * configure.in: add check for broken dunix prot.h (4.0 < 4.0D is bad) [8a4c1e6aef3b] * getspwuid.c, secureware.c, tgetpass.c: new dunix shadow code, use dispcrypt(3) [1b936bc7268c] * config.h.in: add HAVE_INITPRIVS [4369f4c4f914] * sudo.c: call initprivs() if we have it for getprpwuid later on [11cf5915d826] * Makefile.in: clean pathnames.h too [5f1df3262613] * configure.in: quote "Sorry, try again." with [] since it has a comma in it set LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find getprpwuid() so we can check for bigcrypt, set_auth_parameters, and initprivs later. [e226b0a3f250] * INSTALL: update Digital UNIX note about acl.h [80132b71d73a] * INSTALL: add --with-sia --without-root-sudo -> --disable-root-sudo some reordering [198386358818] * secureware.c: add whitespace [4aadaf1a54b0] * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h: add SIA support [fa3ddbb9cc51] * check_sia.c: Initial revision [2968551d40e4] 1998-10-18 Todd C. Miller * configure.in: when checking for -lsocket, -lnsl, and -linet, check for the specific functions we need from them. [8d33e64362a3] * config.h.in, sudo.h: move Syslog_* defs into sudo.h [03d1774f25c7] * Makefile.in, sudo.h: added check_secureware [e46e3cbb9a97] * configure.in: finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits [dbefe1856503] * insults.h: don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets defined. configure now does that for us [e4520ea0581f] * configure.in: move some --with options around change a bunch of echo's to AC_MSG_CHECKING, AC_MSG_RESULT pairs [ffdf6869fdd7] * configure.in: change $with_foo-bar -> $with_foo_bar kill extra " that caused a syntax error add some echo verbage [3278c49bf74b] 1998-10-17 Todd C. Miller * check.c: moved SecureWare stuff into secureware.c [42d3d3ac35dc] * secureware.c: Initial revision [aa7f72a249cf] * INSTALL: update url to solaris gcc bins [36a3eb668777] * INSTALL: change option formatter and flesh out someentries [6fbd1db4a8ad] * TROUBLESHOOTING, sudo.pod, visudo.pod: environmental variable -> environment variable [6f14d708e32d] * BUGS: everything is now done via configure [c217858f58ab] * README: prev rev was 1.5.6 [7b4177103c35] * Makefile.in: passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly [31c6b0a5e0e2] * config.h.in: SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile [d406a1ef6d25] * Makefile.in: merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid, sudoers_mode from configure [1c509500655a] * configure.in: SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into the Makefile, not config.h [d4482f1492fe] * INSTALL: document all --with/--enable options [22d81b312d7f] 1998-10-15 Todd C. Miller * insults.h: options.h is no more [560946a33f7f] * config.h.in: assimilated options.h [dd8ce74613c1] * configure.in: moved options from options.h to configure [d39662f71b4e] * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod, sudo_setenv.c, visudo.c: no more options.h [43924bf0858d] * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING: remove references to options.h [ef3474295395] * dce_pwent.c, interfaces.c, sudo.c: kill sys/time.h [4d833f0034e4] * tgetpass.c: if select return < -1 still prompt for pw [e0009e5c93a2] * options.h: convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into configure options [e60a1e546516] * parse.c: FAST_MATCH is no longer an optino [c448dbb3464b] * check.c: remove_timestamp() if timestamp is preposterous [70d9a86c6ecd] * options.h: convert more options to --with/--enable [34646d9b09dc] * INSTALL, aclocal.m4: logfile -> logpath [42de502bc637] * configure.in: convert more options into --with and --enable [92d0898c9844] * tgetpass.c: catch EINTR in select and restart [f045d2f234d7] * logging.c: sys/errno -> errno [7f0c5beab6f2] 1998-09-24 Todd C. Miller * sudo.c: UMASK -> SUDO_UMASK. [48f308661514] * check.c, logging.c: time.h, not sys/time.h [91de049c79e4] 1998-09-21 Todd C. Miller * logging.c: MAILER -> _PATH_SENDMAIL [df65d6896639] * INSTALL, configure.in: no more --with-C2, now it is --disable-shadow [18bfcab3b9ab] * aclocal.m4, check.c, compat.h, config.h.in, configure.in, getspwuid.c, sudo.c, tgetpass.c: new shadow password scheme. Always include shadow support if the platform supports it and the user did not disable it via configure [2135d93bb4a9] 1998-09-20 Todd C. Miller * configure.in: --with-getpass -> --{enable,disable}-tgetpass [451b33fdd4c7] * Makefile.in: pathnames.h -> pathnames.h.in [b109022eca69] * check.c: fix version string [761b25c314ea] * check.c: move pam_conv to be static to auth function remove pam_misc.h (solaris doesn't have one) [a682e4da987a] * aclocal.m4: _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD [e6005d0599b5] * configure.in: munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD [24c0ac2155ef] * pathnames.h.in: convert to pathnames.h.in [013bddf7f684] 1998-09-19 Todd C. Miller * configure.in: fix typo in sysv4 matching case /. [2994c4f88cf5] 1998-09-18 Todd C. Miller * check.c: pam stuff needs to run as root, not user, for shadow passwords [d94ff75de503] 1998-09-17 Todd C. Miller * BUGS, INSTALL, README, configure.in: updated version [775adc7de7ac] * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: updated version [5ca599fb6b93] * check.c: user version.h for long message [47a52ac7e542] * check.c: this is version 1.5.6 [8451ac79eee2] 1998-09-16 Todd C. Miller * Makefile.in: remove errant backslash [0222a8a650ff] 1998-09-15 Todd C. Miller * options.h, parse.yacc, pathnames.h.in: fix version string [fdee73255d64] [SUDO_1_5_6] * BUGS, CHANGES, TODO: updtaed for 1.5.6 [752443bf7f26] * RUNSON: updated for 1.5.6 [0f878123fe6a] 1998-09-14 Todd C. Miller * interfaces.c: kill unused localhost_mask var copy if name to ifr_tmp after we zero it [8e89c364cef2] 1998-09-13 Todd C. Miller * INSTALL: Better description of new vs. old sudoers modes fix some typos better description of /usr/ucb/cc gotchas on slowaris [c00b2a6fc1e8] * Makefile.in: add sample.pam [ec7f6cc19b00] * sudo.c: set NewArgv[0] to user_shell, not basename(user_shell) [1e907cbc9f7b] 1998-09-12 Todd C. Miller * README: mention TROUBLESHOOTING more fix some typos [2c2e6907d4a4] * configure.in: move --enable/--disable to be after --with [9b30097f76c1] * INSTALL: document --enable/--disable [c522362e38a8] * INSTALL: document --with-pam [7e38932c78ac] 1998-09-11 Todd C. Miller * configure.in: Add message for pam users [d224f277e3cd] * sample.pam: Initial revision [3a84d7045f54] * config.h.in: fix HAVE_PAM [2f0f303ebd88] * check.c, config.h.in, configure.in: pam support, from Gary Calvin [ea3e0a72d707] 1998-09-10 Todd C. Miller * config.h.in: add HOST_IN_LOG and WRAP_LOG [822c36eeb6a8] * logging.c: add WRAP_LOG and HOST_IN_LOG [3cf6052bd27e] * configure.in: add --enable-log-host and --enable-log-wrap [c968cc12b353] * aclocal.m4: use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir [915fef7e11a1] 1998-09-09 Todd C. Miller * compat.h: add howmany macro [9107a057a7c8] * tgetpass.c: include sys/param.h to get howmany macro [7e908b5e1f32] 1998-09-08 Todd C. Miller * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: add RUNAS_DEFAULT [1e76398ea3fd] 1998-09-07 Todd C. Miller * fnmatch.c: bring in stdio.h for NULL [69c016610cbb] * aclocal.m4: allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh [15ab2972f8d0] * sudo.c: use HAVE_SET_AUTH_PARAMETERS [8abfdc8c80f7] * config.h.in: add HAVE_SET_AUTH_PARAMETERS [673a5ebd5539] * configure.in: add *-*-hiuxmpp* add test for set_auth_parameters() if secureware [a401f5a7469a] * config.sub: add support for HI-UX/MPP SR220001 02-03 0 SR2201 [cb657b7acaae] * interfaces.c: initialize previfname [26a1902f56dc] * interfaces.c: Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of kludging it [fa5c890c313b] * configure.in: typo [bff579fbe95c] * Makefile.in: don't need special build line for sudo.tab.o [10c0a0a912e4] * Makefile.in: don't clean sudo.tab.[ch] [c40d5968efbb] * sudo.c: Sudo should prompt for a password before telling the user that a command could not be found. [d718c85a0047] * BUGS: for 1.5.6 [0cc1fe5b9129] * INSTALL, README: no longer require yacc [d9096fc5b8b6] * Makefile.in: typo [70feb1aefbd5] * Makefile.in: y.tab -> sudo.tab include pre-yacc'd parse.yacc [cc802025fd44] * parse.lex: include sudo.tab.h, not y.tab.h don't break out of command args if you get a '=' [728ad26dbda5] * insults.h: fix version , [242bbce1b2d4] * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h: fix version [2bb9086fea1e] * compat.h: fix version [7e634d498ce6] * getcwd.c: getcwd(3) from OpenBSD for those without it. [6c68d0df8f6c] * sudo.h: HAVE_GETWD -> HAVE_GETCWD [2ad1e64d60c0] * configure.in: pretend sunos doesn't have getcwd(3) since it opens a pipe to getpwd! [677992ba5a6a] * parse.c: use NAMLEN() macro [8f5685aa3165] * fnmatch.c: remove duplicate include of string.h [6024f3051ac3] * configure.in: call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T [3d82a9c22cc2] * aclocal.m4: add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T [53fbc47282f9] * config.h.in: add dev_t and ino_t [5929bb0c7e1a] 1998-07-28 Todd C. Miller * check.c: fix OTP_ONLY for opie [7edcfa78f2ec] 1998-06-24 Todd C. Miller * testsudoers.c, tgetpass.c: include stdlib.h for malloc proto [c9f4b99a2fe9] 1998-05-19 Todd C. Miller * Makefile.in: make update_version saner [d522f93ee04a] * config.h.in: add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid() [c9a2d21dc608] * configure.in: check for waitpid and wait3 or no waitpid [1f18c3224184] * logging.c: used waitpid or wait3 if we have 'em [391c3279ee65] 1998-05-02 Todd C. Miller * visudo.c: fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon) [fbf53b18178f] 1998-04-28 Todd C. Miller * configure.in: don't need to explicately mention -lsocket -lnsl for sequent [1898dc055352] 1998-04-25 Todd C. Miller * configure.in: dynix should not link with -linet [278a4b9cfe2a] 1998-04-10 Todd C. Miller * INSTALL: mention that HP-UX doesn't ship with yacc [bde5147198c0] 1998-04-07 Todd C. Miller * check.c: ignore kerberos if we can't get the local realm [1e311a091a27] 1998-04-06 Todd C. Miller * BUGS, INSTALL, README, configure.in: ++version [499ffc746018] * version.h: ++ [35ba1ee01bd3] * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h, find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c, logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: updated version [b4990a513f31] * check.c, sudo.h: fix version [5710795834e8] * getcwd.c: don't use popen/pclose. Do it inline. [29e57b0646a4] * lsearch.c: add rcsid [b2b55c39858d] * sudo.c: typo [d381ac39ed0f] * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h: updated version [462d6e1a2d75] * check.c, find_path.c, parse.c, sudo.c, testsudoers.c: MAX* + 1 -> MAX* [2c2eeb78d34f] * Makefile.in: getwd.c -> getcwd.c [7d718c32fc02] * config.h.in: kill HAVE_GETWD [6ad3d702343f] * configure.in: getcwd, not getwd [33e5b9841f58] * getcwd.c: use MAX* not MAX* + 1 always run pwd as using getwd() defeats the purpose [24e58d340161] 1998-03-31 Todd C. Miller * OPTIONS, options.h: add STUB_LOAD_INTERFACES [d747cb23ca83] * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: updated version [0798229312cc] * configure.in: support *-ccur-sysv4 and fix two typos [24a823ad7cc9] 1998-03-28 Todd C. Miller * configure.in: don't echo about with_logfile and with_timedir [31e4a1e2d9ad] * INSTALL: document --with-logfile and --with-timedir [674f811a40e0] * aclocal.m4: support --with-logfile and --with-timedir [2fc36b35db12] * configure.in: Add --with-logfile and --with-timedir [09045bf07e29] * sudo.c: change size computation of NewArgv for UNICOS [b50df07da3a1] 1998-02-19 Todd C. Miller * configure.in: treate -*-sysv4* like *-*-svr4 [471b7ef4dbf2] 1998-02-18 Todd C. Miller * configure.in: fix spacing for --with-authenticate help [8321cb37c410] * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: updated version [dc1ab97312eb] * parse.yacc: fix off by one error in push macro [bece59c8c3a9] 1998-02-17 Todd C. Miller * configure.in: removed bogus alloca hack [a68dd720462d] * check.c: added AIX 4.x authenticate() support [12985eb448a0] * parse.yacc: include alloca.h if using bison and not gcc and it exists. fixes an alloca problem on hpux 10.x [e3b5c4f26072] * INSTALL: mention --with-authenticate [78a1c96820e7] * configure.in: added AIX authenticate() support [c983193ec252] * config.h.in: add HAVE_AUTHENTICATE [7b0e5f5db5d9] * interfaces.c: dynamically size ifconf buffer [10afb0e9b2f9] * configure.in: quote '[' and ']' [8fc38a4defad] * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: updated version [5f66de71ec61] * visudo.pod: add ERRORS section [3df3edb73cf6] 1998-02-16 Todd C. Miller * TROUBLESHOOTING: add busy stmp file explanation [6c555d469b6f] 1998-02-15 Todd C. Miller * configure.in: the name of the cached var that signals whether or not you are cross compiling changed. It is now ac_cv_prog_cc_cross [123911c0658c] 1998-02-11 Todd C. Miller * INSTALL: mention glibc 2.07 is fixed wrt lsearch()\. [ded758524582] 1998-02-07 Todd C. Miller * sample.sudoers, sudoers.pod: better example of su but not root su [b3199610be21] 1998-02-06 Todd C. Miller * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: updated version [46922b84e86b] * Makefile.in: correct regexp for updating version [8032728b2a8a] * tgetpass.c: remove bogus flush of stderr spew prompt before turning off echo. Seems to fix a weird problem where if sudo complained about a bogus stamp file the user would sometimes not have a chance to enter a password [7aa1493cc141] * check.c: fix bogus flush of stderr [6d047871c5e8] * sudo.c: close fd's <=2 not <=3 and move that chunk of code up [553e4faac195] * configure.in: support hpux1[0-9] not just hpux10 [5a34a000ff8a] 1998-01-30 Todd C. Miller * parse.c: set sudoers_fp to nil after closing [221a8b4bbf34] 1998-01-24 Todd C. Miller * config.guess, config.sub: updated from autoconf 2.12 [6fc86a0fc61b] * configure.in: add *-*-svr4 rule [38f0427f7c9d] 1998-01-23 Todd C. Miller * tgetpass.c: fix select usage for high fd's (dynamically allocate readfds) [c2d1f76e0321] * check.c: kill extra whitespace [d784b6c9c514] * sudo.c: do an initgroups() before running a command, unless the target user is root. [4ca561287480] 1998-01-22 Todd C. Miller * TROUBLESHOOTING: tell people to use tabs, not spaces, in syslog.conf [8ae90a205134] 1998-01-21 Todd C. Miller * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c, parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c: updated version [4d855ff5de26] * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c, logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c: updated version [8e007e178b33] * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h: updated version [9ddea5c8814d] * Makefile.in: more tweaks to update_version [047698752855] * Makefile.in: fixed up update_version rule [47b6fa34b77f] * configure.in: ++version [c1ca664e30b7] * Makefile.in: removed supe of check.c [8f340a05296a] * INSTALL: ++version I missed [a298e6c17491] * RUNSON: updated [a14f6057bc15] * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: updated version [02231b1a3ab3] * CHANGES: updated for 1.5.5 [634e5fcaf40b] * Makefile.in: add rules to update version stuff in files so I don't need to do it by hand [3620ad60485a] * sudo.h: sudoers_fp is now extern [88c6e9b9ea84] * sudo.c: in check_sudoers, cache the sudoers file handle in sudoers_fp so we don't have to open it again in the parse. This may help with weird solaris problems where EAGAIN sometime occurrs. [d3c26451ed1d] * parse.c: sudoers file open is now done only in check_sudoers() so we just do a rewind() instead of an open. May help people on solaris who were getting EAGAIN. [c8b8c7722fa5] 1998-01-16 Todd C. Miller * INSTALL: mention that newer glibc is fixed [20f06f5d3ef3] 1998-01-13 Todd C. Miller * sudo.c: newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore _RLD* instead of _RLD_* [1e22c588d602] * parse.c: typo [d0b7cb85f08a] * parse.c: fix that bug for real [5a6eeca6d04b] * INSTALL: document Linux's libc6 brokenness. [0246c1aa64ee] * parse.yacc: -Wall [d0e452fb1e2d] * RUNSON: updated [4949a1bbd0a9] [SUDO_1_5_4] * TROUBLESHOOTING: remind people to HUP syslogd [590962faa4f0] * Makefile.in: add -O flag to tar [622d02de339d] * RUNSON: updated [a72930d6e615] * TODO: updated [4a51bd458390] * sudo.pod: remove author's email addr. people should mail sudo-bugs [9b6bbdb3a6d9] * INSTALL: fix version [246274c6c8af] * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: ++version [f532ff4ee766] * RUNSON: updated [62d5c71358b5] * INSTALL, Makefile.in: ++version [1a7c7628edfc] * CHANGES: updated fort 1.5.4 [7e4873508c99] * check.c: exit(1) if user enters no passwd [f382c0e35e4e] * BUGS: ++version [fab6a867ab67] * parse.c: commands can start with ./* not just /* -- fixes a serious security hole. [244d2fe35ee3] 1997-12-21 Todd C. Miller * sudo.c: Don't set the tty variable to NULL when we lack a tty, leave it as "unknown". [193b26daba03] 1997-11-23 Todd C. Miller * sample.sudoers: fix usage of (username) in conjunction with , and ! [7ae68607f68f] * visudo.c: catch the case where the user is not in the passwd file [31650258deb0] * tgetpass.c: use fileno(input) + 1 instead of getdtablesize() as the nfds arg to select(2) [60ab2d9a9ee8] * sudo.c: define tty global to an initial value to avoid dumping core in logging functions when passwd file is unavailable. [77056c7bc908] * sudo.c: do the set_perms(PERM_USER, sudo_mode) after we have gotten the passwd entry [1fdb8e579a5a] * sudo.pod: talk about problem of ALL [1cd1905c9f6f] 1997-10-10 Todd C. Miller * README: new web location [d24dc26f6da5] * INSTALL: fdesc bug is fixed in Open/Net BSD [7d4d81b08ac3] * HISTORY: updates from Nieusma [3a43769a1b78] 1997-10-09 Todd C. Miller * dce_pwent.c: move compat.h after the system includes [5ea43a5968ac] 1997-08-06 Todd C. Miller * logging.c: save errno from being clobbered by wait(). From Theo [f2d1c48cd592] 1997-05-21 Todd C. Miller * compat.h: fix an occurence of setresuid -> setreuid (typo) [394de35c9b1c] 1997-03-19 Todd C. Miller * install-sh: check for path to strip [2b7ef824bd55] 1997-01-16 Todd C. Miller * logging.c: deal with maxfilelen < 0 case [f0af095178d7] * OPTIONS: fixed descriptin [629f60bd4b5f] 1996-12-12 Todd C. Miller * sudo.c: correct error message if mode/owner wrong and not statable by owner but is statable by root. [cb631ce2e85e] 1996-11-23 Todd C. Miller * config.guess, config.sub: autoconf 2.11 [f3cbe59e0756] 1996-11-16 Todd C. Miller * CHANGES, RUNSON, TODO: sudo 1.5.3. [2be3229b8626] 1996-11-14 Todd C. Miller * parse.yacc, sudo.h: command_alias -> generic_alias [c404ca8c510d] [SUDO_1_5_3] * sample.sudoers: added Runas_Alias example and fixed syntax errors [c304053f4a8a] * OPTIONS, options.h: updated MAILSUBJECT [18d1573fcd2a] * logging.c: added %h expansion [a4bff9b284fd] * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: ++version [211ff20f956f] * BUGS, emul/utime.h: ++version [cde5376579e3] * sudoers.pod: document Runas_Alias [b1a58f28fb2c] * visudo.pod: q (uid) -> Q [d256649a0e6b] * visudo.c: buffer oflow checking q (uit) -> Q if yyparse() fails drop into whatnow [1cb183d15626] * parse.yacc: add size params to sprintf [9228f698921f] * parse.lex: allow trailing space after '\\' but before '\n' [f51dbbf69fdf] * find_path.c: off by one error in path size check [a6d75ccd7632] * check.c: sprintf paranoia [3ffb12d198dd] 1996-11-12 Todd C. Miller * parse.yacc: fixed more_aliases [aab12f2a50af] * visudo.c: now warns if killed by signal ./ [310c186a0fd7] 1996-11-11 Todd C. Miller * parse.yacc: fix Runas_Alias stuff Alias's in runas list now get expanded (but it is gross) [45590b83120f] * sudo.c: Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400 [d53e01c14c58] * parse.yacc: add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS) [7a4a040aae2d] * parse.lex: Add Runas_Alias and simplify a rule. [6f794a769a37] * parse.yacc: always store User_Alias's since they can be used inside of a runas list. Sigh. Really need a Runas_Alias instead. [3bab058a873e] 1996-10-30 Todd C. Miller * visudo.c: deal with case where there is no sudoers file [fa38b3bb244d] 1996-10-12 Todd C. Miller * TROUBLESHOOTING: added one [e61346d06725] 1996-10-11 Todd C. Miller * HISTORY, testsudoers.c: developement -> development [4df55e293941] * INSTALL: added a note [3845fb83dbc0] * RUNSON: for 1.5.2 [5489b7298942] * CHANGES: updated [0741834929e6] 1996-10-10 Todd C. Miller * PORTING: removed seteuid() notes [1010a60f281d] [SUDO_1_5_2] 1996-10-09 Todd C. Miller * compat.h: better seteuid() emulatino [e807623b662c] * configure.in: added check for seteuid [8cf9fabc6f4f] * config.h.in: added HAVE_SETEUID [596db46aa828] 1996-10-08 Todd C. Miller * configure.in: first stab at sequent support [b85a7bfcac76] * config.h.in: added HAVE_SYS_SELECT_H [93ecdd042463] * compat.h: sequent -> _SEQUENT_ [63a38b6da98c] * compat.h: added seteuid() macro for DYNIX [695bd63c5ea6] * tgetpass.c: _AIX -> HAVE_SYS_SELECT_H [b31221211bc2] 1996-10-07 Todd C. Miller * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c, parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: ++version [8052992fd453] * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h, pathnames.h.in, version.h: ++version [f7ad15e1598a] * sudo.pod: added -H and SUDO_PS1 [bb965241e30c] * configure.in: use SUDO_FUNC_FNMATCH [6a8350d85fb2] * aclocal.m4: added SUDO_FUNC_FNMATCH [45b32c91c4ba] * sudo.c: added -H flag [11ebc6872fd6] * sudo.h: added MODE_RESET_HOME / [67a7f8bcbbd6] 1996-10-05 Todd C. Miller * INSTALL: mention OPIE [5723515d5bbd] * options.h: SKEY -> OTP [c1d268130bc4] * configure.in: added opie support [123872b41b20] * compat.h, config.h.in: added HAVE_OPIE [528c71afc1e5] * check.c: added HAVE_OPIE and changed to *_OTP_* [4c62f5db872a] * OPTIONS: SKEY -> OTP [bd858e5e9652] 1996-10-04 Todd C. Miller * check.c: moved fclose() in skey stuff. [11f7dc8431a6] 1996-10-03 Todd C. Miller * putenv.c: index -> strchr remove unnecesary stuff [af2d05238062] * check.c: now call skeychallenge() to get challenge instead of making one up ourselves. this way, we get extra goodies in the prompt. [49b770d98d3a] 1996-09-10 Todd C. Miller * CHANGES: added one [3f5149357e2a] [SUDO_1_5_1] * parse.lex: allow logins to start with a number (YUCK!) [7ed7ef324741] 1996-09-08 Todd C. Miller * TROUBLESHOOTING: added soalris 2.5 vs 2.4 note [16160a251aae] * configure.in: DUNIX doesn't need -lnsl [be924cc322c3] * CHANGES: *** empty log message *** [1b2937521981] * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: courtesan [5f203589bbfe] * PORTING, README, RUNSON: courtesan [d72517f4937e] * INSTALL, Makefile.in, TROUBLESHOOTING: courtesan [5c007e3c7a71] * visudo.pod: *** empty log message *** [37ebe85bd4e1] * sudo.pod, visudo.pod: courtesan [37f02e2130ea] 1996-09-07 Todd C. Miller * HISTORY: added courtesan ./ [b01435226276] 1996-09-06 Todd C. Miller * sudo.c: added $SUDO_PROMPT support [cb1fa72c093d] 1996-09-04 Todd C. Miller * check.c: print long skey challemged to stderr, not stdout [750fc775b3b2] 1996-09-01 Todd C. Miller * CHANGES: updated for 1.5.1 [9b615f393057] * emul/utime.h: ++version [a94de18deafb] 1996-08-31 Todd C. Miller * RUNSON: updated for 1.5.1 [4092f20ab634] 1996-08-30 Todd C. Miller * check.c: use shost, not host for tgetpass [6061c49ff9be] * sudo.pod: documented %u and %h [6d2922d29897] * OPTIONS: documented %u and %h [1a71da13a864] * configure.in: fixed typo [1230dec2b062] * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: ++version [65ce8eabf77a] * BUGS: ++version [afecab53aab7] 1996-08-29 Todd C. Miller * Makefile.in, configure.in, version.h: ++version [fb3ff940d672] * sudo.h: new tgetpass() params [9eccc5b0f8ae] * check.c: pass use and host to tgetpass [c56d9d13c401] * tgetpass.c: added %u and %h escapes [04ae775d3e5d] * OPTIONS, check.c, options.h: added NO_MESSAGE [3927dad19057] * configure.in: added cray (unicos) support [1122210c5fb1] 1996-08-27 Todd C. Miller * OPTIONS, options.h, sudo.c: added SHELL_SETS_HOME [0b26909b0929] 1996-08-25 Todd C. Miller * INSTALL: added note about "make install" [7e56ea76d4b4] * parse.yacc: changed length/size params from int to size_t [5654e5ceb1b3] * OPTIONS: now get CSOPS insults as well by default [297323d0179a] * insults.h: use csops insults too by default [07fafc136169] * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h: version = 1.5 [4b8772b11e3b] * sudo.c: added runas_homedir [b0e0d4417a15] * TODO: updated for 1.5 [66259df825d5] * RUNSON: updated for 1.5 [e08bc9ebfe95] * CHANGES: 1.5 release [8c16942fea41] * INSTALL: added "upgrading" notes [210d968964ff] 1996-08-22 Todd C. Miller * visudo.c: now do chmod and chown after edit of temp file and before rename [de174e34faa7] [SUDO_1_5_0] 1996-08-18 Todd C. Miller * Makefile.in: ++version added INSTALL.configure [c9e9214f52ae] * configure.in, version.h: ++version [5985abed3eb2] * TROUBLESHOOTING: *** empty log message *** [d65c540ec52e] * parse.yacc: added missing cast [e7247319a7d5] * sudo.c: sets $HOME to pw_dir of runas user [d3f7f4d05752] * sudo.pod: document $HOME change [854454d458c4] 1996-08-17 Todd C. Miller * sudo.pod: fixed up some wording [b0c8582f2c97] * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: ++version [748be723fd8b] * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, options.h, pathnames.h.in, sudo.h: ++version [acdf8b1b2a1b] * emul/utime.h: ++version [b3f35298ab8d] * sudo.h: name nad type changes [db24ab3da141] * testsudoers.c: now works with new sudo [379346c42cc2] * parse.yacc: fixed some XXX [f5fe4c990052] * parse.yacc: some variable name changes + comment headers for functions. [3dc3bd9aa73d] * tgetpass.c: added extra paren's to make compilers happy [9e4968a34d56] * sudo.c: *** empty log message *** [70c924c1ed69] * parse.c: now uses init_parser() if not in sudoers and tries "list" or "validate" scold but don't be nasty. [c0d8fb3f8c9e] * TROUBLESHOOTING: now can use upper case login names [c772fffcefe5] * visudo.c: now uses init_parser() [b9efae7243fd] * INSTALL, README: updated [27dc8283fdc8] * PORTING: added info about PASSWORD_TIMEOUT [980e15d892f8] * INSTALL.configure: Initial revision [8292e89a08d3] * BUGS: fixed a bug , [c6e46f5624f9] * parse.yacc: now dynamically allocates memory for the stacks -- no more overflows! [8615c35b6ad3] * sudo.pod: -l now explands command aliases [39f45605935d] * parse.yacc: hacks to expand command aliases for `sudo -l' [e4eb752608f9] * sudo.c: remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash) [01327ca5084b] * sudo.h: added struct command_alias [dd2f32764082] * sudo.pod: fixed a bug [e708ff08d2eb] * lsearch.c: in compar() key should be first arg [fc14c3fa62ee] 1996-08-15 Todd C. Miller * BUGS: fixed some bugs [639dfe425bd5] * parse.yacc: can now deal with upcase HOST and USER names [c6aa7bcfb00d] * sudo.c: don't yell too loudly at non-sudoers if they do "sudo -l" [4ef146128d89] * sudo.pod: fixed thinko [830f2f0f22e7] * parse.c: fix comment [d20ce9e17ddc] 1996-08-09 Todd C. Miller * parse.c, parse.yacc: added support for new `sudo -l' stuff [7dceaef3c733] * sudo.c: now uses list_matches() [293364821b61] * sudo.h: added struct sudo_match [b2684179d179] * configure.in: now more -lgnumalloc [4f8ae42617d8] 1996-08-01 Todd C. Miller * install-sh: added more paths for chown and whoami [6e685a19426c] 1996-07-31 Todd C. Miller * check.c: typo [3adfa01c04bc] 1996-07-30 Todd C. Miller * aclocal.m4: fixed DUNIX check for shadow pw [c25324bcd27b] * tgetpass.c: now only turn off echo if it is already on. this fixes a race when you use sudo in a pipelin [28388c2de21c] * INSTALL: updated [b45ac9366b7e] * configure.in: changed "test -z $foo && do_this" to if; then construct [2183c4426bca] 1996-07-29 Todd C. Miller * configure.in: added missing defines of SHADOW_TYPE [be89ea68a7f3] 1996-07-26 Todd C. Miller * check.c: protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are only in dunix 4.x [1e7c1c677263] * getspwuid.c: added AUTH_CRYPT_C1CRYPT support [88d6b0058b20] * parse.c: no longer return VALIDATE_NOT_OK if there was a runas that didn't match. Now we can have runas stuff on more than one line. [52b68920d7b7] * getspwuid.c, sudo.c, tgetpass.c: use SHADOW_TYPE instead of HAVE_C2_SECURITY [cf401dfcbc06] * configure.in: got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to something [c7a233c4dd93] * config.h.in: removed HAVE_C2_SECURITY added SPW_BSD [8314405e9754] * compat.h: use SHADOW_TYPE instead of HAVE_C2_SECURITY [6f94870df17f] * check.c: SHADOW_TYPE is always defined so just against its value [72c69a55d02f] * aclocal.m4: added SUDO_CHECK_SHADOW_DUNIX [ef025ae9d496] 1996-07-25 Todd C. Miller * sudoers.pod: * -> ?* in one example added another instance of (runas) and one of NOPASSWD: [d74fe1dcbe7d] 1996-07-24 Todd C. Miller * configure.in: added back check for config.cache from other host type [0ba87871f585] * parse.lex: removed an instance of \" [1e008d3709f6] * sample.sudoers: added an example [dbfcf68ee330] * sudoers.pod: updated wrt new wildcard matching [193fa44a475b] * configure.in: new check for shadow passwords if we don't know anything [67465df7dc9a] * aclocal.m4: new SUDO_CHECK_SHADOW_GENERIC [3563b16a41b8] * configure.in: added back check for -lsocket (oops) [a80882ee1cb6] * configure.in: better (working) check for shadow passwd type if we know to use C2. [3cdd2a59a641] * configure.in: now uses AC_CANONICAL_HOST to figure out os type [80db7fe6e704] * Makefile.in: added config.{guess,sub} [c6be7e3ca384] * aclocal.m4: removed unused stuff to figure out os type [c9a0f3b57123] * config.sub: added openbsd [bfc6bfec3668] * config.sub: Initial revision [e6e06ce0d17d] * config.guess: Initial revision [99dd06f79199] * testsudoers.c: don't call fnmatch() with FNM_PATHNAME flag unless it can only be a pathname. need to check against sudoers_args even if user_args is nil [66e6cf77f5d6] * parse.c: don't call fnmatch() with FNM_PATHNAME flag unless it can only be a pathname need to check against sudoers_args even if user_args is nil [74374df17311] 1996-07-23 Todd C. Miller * check.c: added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2 [cbb00261c415] * testsudoers.c: now takes command line args and uses cmnd_args [f0c2fd35a527] * parse.lex: fill_args was adding an extra leading space [692fc999b2e8] 1996-07-22 Todd C. Miller * visudo.c: fixed dummy command_matches() [93d9543db6e2] * parse.yacc: fixed prototype [7b0addfbd429] * sudo.h: added cmnd_args [8f47c4ae65ef] * parse.yacc: now uses flat args string [016e65877da3] * parse.c, parse.lex: now uses flat arg string [5b5f2e3f4c09] * visudo.c: added cmnd_args def [876867134775] * sudo.c: now sets cmnd_args global [e6fee70cb59b] * logging.c: cmnd_args is now exported from sudo.[ch] [7a9cd36e356f] 1996-07-21 Todd C. Miller * parse.yacc: can't rely on cmnd_matches as much as I thought -- added some $$ stuff back in to prevent namespace pollution problems. [3c45fedb5af3] * parse.yacc: Simplified parse rules wrt runas and NOPASSWD (more consistent). [e6d838c8a4c7] 1996-07-20 Todd C. Miller * parse.lex: NOPASSWD may now have blanks before the ':' '(' only starts a 'runas' if in the initial state to avoid collision with command args [c5c01172f499] * configure.in: added checks for specific shadow passwd schemes [b7e3d1f7b84f] * aclocal.m4: added routines to check for specific shadow passwd types [e5e1d19960a6] 1996-07-18 Todd C. Miller * configure.in: added support for ncr boxen [bea9dc5aae7f] * aclocal.m4: added support for detecting ncr boxen [8653a158a924] 1996-07-16 Todd C. Miller * configure.in: added sinix support [5de2b2173ee1] 1996-07-14 Todd C. Miller * TROUBLESHOOTING: added info about "config.cache from other other" error. [845b10198e0b] * aclocal.m4: now makes sure you don't have a config.cache file from another OS [4fe32571c021] * configure.in: now sets $LIBS when needed to configure links with libs when doing tests hpux10 now uses SPW_SECUREWARE for C2 added check for bigcrypt(3) if SPW_SECUREWARE [2df6b8ca538f] * getspwuid.c: fixed typo [fe1cb1d792d6] * tgetpass.c: now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH [f71138372c07] * getspwuid.c: no more SPW_HPUX10 [cfdeb18bc16b] * config.h.in: no more SPW_HPUX10 added HAVE_BIGCRYPT [00d296479a61] * compat.h: now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE [6c6d9e680417] * check.c: SPW_SECUREWARE now uses bigcrypt [be71fc66690f] 1996-07-13 Todd C. Miller * sample.sudoers: fixed 2 syntax errors [45eee19ef4ac] * sudoers: root may now run ALL as ALL [1b54c6b9b212] 1996-07-12 Todd C. Miller * interfaces.c: fixed a typo/thinko that broke BSD's with sa_len [603438360126] 1996-07-08 Todd C. Miller * check.c, configure.in: updated AFS support [e572eb8d177a] * TROUBLESHOOTING: added entry about /usr/ucb/cc [025b353aa9d3] * INSTALL: prep no longer holds gcc binaries [8b0942958049] * INSTALL: updated AFS note [7af6efd5abe4] * Makefile.in: added @AFS_LIBS@ [97b6fe6ad7d6] * compat.h: AFS allows long passwords [5fb17122c302] * testsudoers.c: fixed -u user support [b1a0c1648639] * parse.c: sudo -v now groks VALIDATE_OK_NOPASS [74fc03fffe7e] * parse.yacc: fixed no_passwd vs. runas_matched [549a9b791a6a] * TROUBLESHOOTING: took out stuff about NFS-mounting since it is no longer an issue [d95ab7fbbc61] * INSTALL: added --with-libraries > --with-libpath --with-incpath [d5d15a7a0f4c] * parse.yacc: was setting runas_matches to -1 in wrong place [db2b1deb8d33] * check.c: removed usersec.h which is not present in new AFS versions [618b016dd17f] * tgetpass.c: now deals with timeout <= 0 [ba53a1257255] * OPTIONS: updated [75093bd8fdca] * configure.in: BSD/OS >= 2.0 now uses shlicc instead of just gcc [ff6dbf7825c2] * sudo.c: fixed backwards compatibility with sudo 1.4 sudoers mode for root readable/writable filesystems [2694ed627221] * Makefile.in: now gives INSTALL -c flag [63db055a2fd1] * parse.yacc: slightly simpler initialization of no_passwd and runas_matches [463a1b5fa323] * testsudoers.c: added -u username support [38b072fcd6b3] * configure.in: improved --with-libraries support [047dbc5f0af2] 1996-07-07 Todd C. Miller * configure.in: added --with-incpath, --with-libpath, --with-libraries [20f20d6c718c] * parse.yacc: now initializes some fields that weren't getting set to -1 pretty gross -- need a rewrite. [021c160390c6] 1996-06-26 Todd C. Miller * alloca.c: removed emacs'isms [9d4ec2efe057] * configure.in: no longer add -lPW to *_LIBS since we include alloca.c [a626d1bbea80] * config.h.in: added HAVE_ALLOCA_H [15491e2a6cff] * Makefile.in: added alloca.c [0400f25e1fe4] * alloca.c: Initial revision [06d033aa4882] * configure.in: ++version [f52c0fb98f90] 1996-06-25 Todd C. Miller * sudo.c: now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is not always set to a valid uid. [c2669f77704d] * OPTIONS: fixed entry for SUDO_MODE [d7272f6035b8] * sudo.c: Fixed NFS-mounted sudoers file under solaris both uid *and* gid were being set to -2. Now beat NFS to the punch and set uid to "nobody" ourselves, preserving group 0 to read sudoers. [b1fbc5dd1e34] * parse.c: moved set_perms(PERM_ROOT) to be before yyparse() [7619d8080735] * logging.c: fixed a typo [318acc48cde0] * configure.in: no longer need AC_PROG_INSTALL [de01b1336dc8] * Makefile.in: always use install-sh to avoid install(1)'s that use get{pw,gr}nam [ea2351986406] * INSTALL: make clean -> make distclean [704a98e8ba10] 1996-06-20 Todd C. Miller * parse.yacc: removed some unnecsary if's [f00db6508132] * Makefile.in, version.h: ++version [bdb6740b24c8] * parse.c, testsudoers.c: now includes netgroup.h [93f5a06352bc] * interfaces.c: removed cats of ioctl to int since they didn't shut up -Wall [83e9f912cd7a] * interfaces.c: explicately cast ioctl() to int since it it not always declared [2ff9294e469e] * sudo.h: added declarations for yyparse() and yylex() [6071321ab771] * parse.yacc: fixed an occurence of '==' -> '=' [2c46d2e11d57] * config.h.in, configure.in: added check for netgroup.h [73403050f4e3] * sudo.c: fixed 2 compiler warnings [680929b0bd97] * sudo.c: SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being initialized [18707ecd07c2] 1996-06-19 Todd C. Miller * sudo.pod: fixed a typo [e4b5c12aa130] 1996-06-17 Todd C. Miller * parse.yacc: fixed a formatting thingie [c79327b6f19b] * parse.c, parse.yacc: fixed -u support with multiple user lists on a line [e4d1066adca2] * configure.in: unixware needs -lgen [b5bf9bca63cc] * README: updated ftp location [b25a033f7921] * sudoers.pod: add net_addr/netmask support [674e83516d1e] * sample.sudoers: added net_addr/mask example [774878e89b28] * parse.c, parse.lex: added support for net_addr/netmask [e33de27325d8] 1996-06-16 Todd C. Miller * sudoers.pod: ^ -> ! [1a084950d6ef] 1996-06-15 Todd C. Miller * RUNSON: updated for 1.4.3 [c82019025d09] * CHANGES: udpated for 1.4.3 [ceaa81adb8f0] * BUGS, TODO, TROUBLESHOOTING: updated [ff94fae4b853] * sample.sudoers: updated with examples of new stuff [99d0b4cb4c9c] * INSTALL, README: ++version [b763b80fe836] * sudoers.pod: updated wrt -u and NOPASSWD [0b5b722ea0f4] * sudo.pod: updated wrt -u and CAVEATS [71d5d53b5d18] 1996-06-09 Todd C. Miller * sudo.c: fixed usage() [114c7d09b550] * parse.lex: now use :foo: character classes (makes no diff for generated lexer) [7b0aeb737a02] 1996-06-07 Todd C. Miller * check.c: fixed LONG_SKEY_PROMPT stuff [0efe78b4bdda] 1996-06-06 Todd C. Miller * visudo.c: fixed a comment [3d289017104b] * lsearch.c: make more like NetBSD one -- now compiles w/o warnings [932206296a54] * emul/search.h: fixed decls of lsearch() [c58cf4584c45] * config.h.in, configure.in, getspwuid.c: added SPW_HPUX10 [d74e5eaa5f17] * check.c: hpux 10 uses bigcrypt() if C2 [359eb63f4021] 1996-06-04 Todd C. Miller * parse.c: now always uses fnmatch to match args [a9d91f35256a] * tgetpass.c: back to using stdio instead of raw i/o since that caused some problems [e7ce2bc92974] 1996-05-29 Todd C. Miller * sudo.c: now give usage warning if use -l,-v,-k with args [6b48180c4fea] 1996-05-28 Todd C. Miller * sudo.c: NewArgc is now set to 1 for -l, -v, -k [7497cb1416a8] * sudo.c: now sets sudoers to correct group if mode is 0400 [484c43d99718] * install-sh: updated to version used by inn and bind [28683ad8725a] * configure.in: now uses -lgnumalloc if it exists [3651ca4415a2] * Makefile.in: "make install" now sets uid/gid and mode on sudoers if it exists [1f5216191ae9] * sudo.c: rmeoved debugging statements [aeda278e2c26] * parse.yacc: added a missing free() [592c9482a159] * sudo.c: now uses user_gid instead of getegid (which was wrong anyway) to set SUDO_GID Now sets command line args in SUDO_COMMAND envariabled (logging.c depends on args being in the environment) [9f5328a3b942] * logging.c: now uses SUDO_COMMAND envariable to get command args rather than building it up again. [7f8edc5bccb7] * parse.c: now uses user_gid [4b9303ae45fe] * sudo.c: fixed off by one error in allocation NewArgv [921ea1a4e7c6] * parse.c: in sudoers, 'command ""' now means command with no args [a5273648ace2] * configure.in: added check for fnmatch(3) and fnmatch.h [258916a7866f] * config.h.in: added HAVE_FNMATCH [b9860d361e93] * Makefile.in: replaced wildcat.* with fnmatch.* [03ad9ee21a1c] * testsudoers.c: now uses fnmatch() [5a7f7de987a9] 1996-05-27 Todd C. Miller * parse.c: now uses fnmatch() instead of wildmat a trailing star (*) by itself now matches multiple args added support for wildcards in the pathname in sudoers [1f7fb950b868] 1996-05-25 Todd C. Miller * fnmatch.c: now includes compat.h and config.h [090206b95cf8] * config.h.in: added HAVE_FNMATCH_H [90eb42150173] * configure.in: now checks for alloca() (if needed by bison or dce) and links with -lPW if it contains alloca() and libv and compiler do not. [cfa2b3cef49a] * emul/fnmatch.h, fnmatch.3, fnmatch.c: Initial revision [20b1f762a32a] 1996-04-29 Todd C. Miller * sudo.c: now fixes mode on sudoers if set to 0400 to aid in upgrade [d4bdfd521820] 1996-04-28 Todd C. Miller * Makefile.in: fixed pod2man usage [5adf2ec77b27] * Makefile.in, configure.in, version.h: ++version [b4029de876d0] * testsudoers.c, visudo.c: runas_user is now initialized to "root" [8537d97bff39] * sudo.h: removed PERM_FULL_ROOT [241f8bbf647f] * sudo.c: runas_user defaults to "root" so no more need to PERM_RUNAS [fc0c0dfc72ba] * parse.c: will now only running commands as root if there was no runas list (or if root is in the runas list) [40c587666c81] * logging.c: now logs "USER=%s" [b733504c87fd] * parse.yacc: runas_matches is now set to false if we get a negative match [5495b150b300] * parse.lex: make #uid work + some minor cleanup [07851bbce03a] * sample.sudoers: added support for NOPASSWD and "runas" from garp@opustel.com / [7a9c67b51fa5] * visudo.c: added support for "runas" from garp@opustel.com replaced SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for SUDOERS_MODE [e714209b9885] * testsudoers.c: added support for "runas" from garp@opustel.com [b837f856da10] * sudo.h: added support for NO_PASSWD and runas from garp@opustel.com replaced SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro SUDOERS_MODE [cea6f26679b7] * sudo.c: added support for NO_PASSWD and runas from garp@opustel.com replaced SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro SUDOERS_MODE [61b5434237c5] * parse.yacc: added support for NO_PASSWD and runas from garp@opustel.com [72ebd3056f22] * parse.c, parse.lex: added support for NO_PASSWD and runas from garp@opustel.com [fef6dbdd114d] * logging.c: added support for SUDOERS_WRONG_MODE and "runas" [e794efc2b443] * configure.in: added --with-CC only link with -lshadow on linux (with shadow pw) if libc lacks getspnam() [3ecf4ae21002] * OPTIONS, options.h: removed NO_PASSWD since it is not possible to do this in the sudoers file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID. Added SUDOERS_MODE. [2eaa4891ef48] * Makefile.in: now uses SUDOERS_UID and SUDOERS_GID [8d615f0fdb2a] 1996-04-27 Todd C. Miller * INSTALL: added --with-CC [a1b8286a81b8] 1996-04-06 Todd C. Miller * parse.lex: added double quote support [a5e4fc7e3a2b] * sudoers.pod: documented double quoting [c6ea47969a44] 1996-04-05 Todd C. Miller * mkinstalldirs: Initial revision [dcb86d65ad8f] * check.c: fixed some indentation [4d1c5ab8072b] * Makefile.in: fixed a typo [0d27eebc7227] * Makefile.in: added install-dirs . [f499b99b8be7] 1996-04-04 Todd C. Miller * dce_pwent.c: new version from "Jeff A. Earickson" [422481be5fbd] 1996-04-03 Todd C. Miller * configure.in: $CSOPS -> $with_csops (whoops, missed one) [b04c6948130e] * BUGS: updated [c4d5713e227d] * parse.lex: FQHOST now has same constraints as non-FQHOST [e1c3bf2381d1] * INSTALL: added note about OS's w/ shadow passwords turned on by default [166257f43be4] 1996-04-02 Todd C. Miller * configure.in: fixed a typo [e5c3e2e9a359] * configure.in: added support for --without-THING sanitized shadow pw situtation by adding support for --without-C2 [65dc6bf64cce] * tgetpass.c: fixed a typo wrt placement of an end paren [a8780f818231] * check.c: was closing an fd that may not have been opened [760271c7bdc9] 1996-03-22 Todd C. Miller * OPTIONS, options.h, sudo.c: added NO_PASSWD [28ff1dc93d7a] 1996-03-20 Todd C. Miller * configure.in: now always use shadow pw on some arches [069161ccffda] 1996-03-19 Todd C. Miller * configure.in: added pyramid support [a0eb57a3a531] * configure.in: no longer check for C2 if alternate passwd method is used no longer check for some libs twice [2d0c3c902b40] * parse.yacc: moved fqdn stuff into parse.lex (FQHOST) [d9c9abd481d8] * parse.lex: added FQHOST rules [4a1695acff6d] * tgetpass.c: now define TCSASOFT in necesary [3fac2e21c9ab] * tgetpass.c: now uses read/write instead of stdio string goop to avoid problems with select(2) [67fd174e518c] * OPTIONS, find_path.c, options.h: -DNO_DOT_PATH -> -DIGNORE_DOT_PATH [d05ba5100d28] 1996-03-17 Todd C. Miller * INSTALL: added note about no shadow auto-detect if using alternate auth schemes [b425592232a3] * configure.in: don't check for C2 if AFS or DCE (unless they said --with-C2) [61342962171a] * testsudoers.c: now groks shost [85dda17303f6] * OPTIONS, find_path.c, options.h: added NO_DOT_PATH [c261ca1fb196] 1996-03-16 Todd C. Miller * find_path.c: checkdot now works correctly [3bc4835bb3e9] 1996-03-12 Todd C. Miller * configure.in: can't have DCE and C2 passwords both... [fb9a8ab7ca66] 1996-03-11 Todd C. Miller * parse.yacc, sudo.c, sudo.h, visudo.c: now uses shost even if not FQDN [87f7498b3a1f] * configure.in: now looks for skey in /usr/lib and doesn't require libskey to be in /usr/local/lib just because skey.h is (for my netbsd box :-) [ceb1763e37d2] * aclocal.m4, config.h.in, pathnames.h.in: _SUDO_PATH_ -> _CONFIG_PATH_ [84d97ad13d75] * aclocal.m4, sudo.pod: /var/run/.odus -> /var/run/sudo [922da220b8f5] * pathnames.h.in: now uses _SUDO_PATH_TIMEDIR [5ecab0155fdf] * OPTIONS: udpated FQDN [361b6f7440c0] * aclocal.m4, configure.in: added SUDO_TIMEDIR [368c95c8c950] * config.h.in: added _SUDO_PATH_TIMEDIR [3879864d808c] * sudo.pod: updated wrt /var/run/sudo [9e14f2a429d3] * sudo.c, sudo.h: added support for shost if FQDN [51a3f51a09a1] * parse.yacc, visudo.c: now uses shost if FQDN [d19da2e92b42] * check.c: Now use skeylookup() instead off skeychallenge() [4c7438bb2ae0] 1996-02-28 Todd C. Miller * logging.c: mail_argv should not contain ALERTMAIL as it includes "-t" [67ffaaa8f843] 1996-02-22 Todd C. Miller * INSTALL, Makefile.in, README, configure.in, version.h: ++version [e08fd4a809fc] * compat.h: added more _PASSWD_LEN stuff -- now uses PASS_MAX too [2f20c3153689] * tgetpass.c: now includes limits.h moved _PASSWD_LEN -> compat.h [b1ca3cafdacc] 1996-02-06 Todd C. Miller * INSTALL, README: ++version [3eacf32803f5] * Makefile.in: ++versoin [3b91c317630a] * Makefile.in: fixed a typo [3661ac4a7803] * configure.in: ++version [60e842973745] 1996-02-05 Todd C. Miller * RUNSON: updated [def2c3c24195] * CHANGES: done for 1.4.1 (I hope) [2ab543769a40] * sudoers.pod: added info on wildcards [ce3bd41bc063] * sample.sudoers: added wildcard example [762feb0577bd] * Makefile.in: now uses *.pod to build *.man and *.cat & *.html [3ec14962028b] * configure.in: addedSUDO_PROG_BSHELL !ll [3c80b320bf16] * visudo.pod: fixed up some formatting [12166c434526] * sudoers.pod: redid section describing sample sudoers stuff [b8065cceec71] * sudo.pod: fixed some formatting [aa9a681add0f] * getspwuid.c: now treats "" as bourne shell [30194a72ad56] * Makefile.in: TESTOBJS nwo includes wildmat.o [86cc6500f84d] * testsudoers.c: now works with NewArg[cv] [2f72674ce942] * sudo.c: removed an XXX (fixed it in getspwuid.c) [e791ee0d1a68] * aclocal.m4: added check for bourne shell [a2fd51676b8a] * pathnames.h.in: added _PATH_BSHELL [e7c10011d47b] * config.h.in: added _SUDO_PATH_BSHELL [6a1182898de9] 1996-02-04 Todd C. Miller * visudo.c: unixware vi returns 256 instead of 0 [234ffc7c6786] * INSTALL: added Linux note [5f85efcd2b58] * logging.c: fixed up some XXX's. file log format now looks a little more like real syslog(3) format. [6df55707bfc3] * README, TROUBLESHOOTING: updated wrt lex/flex [eb787d69156b] * Makefile.in: commented out rule to build lex.yy.c from parse.lex since we ship with a pre-flex'd parser [7507e2ce4a95] * parse.c, parse.yacc, visudo.c: path_matches -> command_matches [0bd469424f86] * logging.c: eliminated some strcat()'s [9878a79bc374] * configure.in: no longer checks for lex/flex (now assumes flex) [a086ccc73798] * configure.in: now checks for $kerb_dir_candidate/krb.h instead of just kerb_dir_candidate [9133bc3c5208] 1996-02-03 Todd C. Miller * parse.yacc: now use a 'hook' expression instead of an iffy one :-) [9560df01b8c0] 1996-02-02 Todd C. Miller * visudo.c: now works with new sudo arg stuff [310a0d43ddad] * parse.yacc: fixed dereferencing deadbeef [474ef8a8006b] * sudo.c: changed an occurrence of Argv to NewArgv [205b012b7691] * parse.lex: took out support for quoted commands since there is no need... [5c5036d353b1] * parse.c: fixed a typo in a for() loop [7e8d5283c43b] * logging.c: protected against dereferencing rogue pointers [56debd517717] * sudo.c: now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this also allows us to eliminate some kludges in parse_args() and eliminate superfluous code. [5122f66ad150] * logging.c: no longer uses cmnd_args, now uses NewArgv instead. [abddd23cf068] * sudo.h: added struct sudo_command, NewArgc, and NewArgv removed cmnd_args (no longer used) [78410984fb05] * Makefile.in: added wildmat.c to SRCS & SUDOBJS [3800efb41794] * parse.yacc: COMMAND is now a struct containing the path and args [5c32822c5b94] * parse.lex: replaced append() with fill_cmnd() and fill_args. command args from a sudoers entry are now stored in an arrary for easy matching. [a981d7f4eb0d] * parse.c: command line args from sudoers file are now in an array like ones passed in from the command line [1d9e37e84519] 1996-02-01 Todd C. Miller * parse.c: wildwat stuff now works [49d16488531f] 1996-01-29 Todd C. Miller * version.h: ++version [53e55463ef89] * Makefile.in: ++version added wildmat.* [0508297a4711] 1996-01-28 Todd C. Miller * parse.lex: added support for quoted commands (w/ or w/o args) [b9a637155673] 1996-01-22 Todd C. Miller * sudo.pod, visudo.pod: cleaned up formatting [4591d4195437] * sudo.pod, visudo.pod: Initial revision [7564a8242750] 1996-01-21 Todd C. Miller * sudoers.pod: looks reasonable, could be mroe readable [a5be2d19d9e0] * sudoers.pod: Initial revision [957888be31a6] 1996-01-16 Todd C. Miller * RUNSON: updated [633743aa924b] * OPTIONS: updated NO_ROOT_SUDO entry [f1c15b1dec9e] 1996-01-15 Todd C. Miller * RUNSON: *** empty log message *** [5b63de579ff7] [SUDO_1_4_0] * sudo.c: fixed SECURE_PATH [6002889f606d] * RUNSON: udpa`ted for 1.4 [6014a8592815] * configure.in: AIX aixcrypt.exp now uses $(srcdir) [b0d57674fef4] * TROUBLESHOOTING: added entry for anal ansi compilers [4193cec1c6b1] 1996-01-14 Todd C. Miller * INSTALL: added info on libcrypt_i for SCO [575497d56698] * TODO: *** empty log message *** [d0aaf67b9913] * sample.sudoers: added comments [a7773f7eda8d] * TODO: 1.4 release [1dade29e9fd9] * CHANGES: ++version [67241be40780] * INSTALL, OPTIONS, README, config.h.in, configure.in: ++version [2e0a37897f68] * BUGS: ++version and fixed ISC [78963f01a0e3] * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: ++version [b6227f29b3d9] * interfaces.c: added STUB_LOAD_INTERFACES ++version [d8150a3fd577] * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc, version.h: ++version [da9e90e69bdc] * PORTING: added info about fd_set in tgetpass added info on interfaces.c [a39902febd17] 1996-01-11 Todd C. Miller * dce_pwent.c: added sudo header [fc0f2c48682e] * tgetpass.c: fixed a typo [43d40b72ee8f] * Makefile.in: tgetpass.o is now only linked in with sudo (not visudo) [7407c5ff11f8] 1996-01-09 Todd C. Miller * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, configure.in: ++version [9b82ad805d6b] * emul/utime.h: added copyright notice [4380f16cd075] * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: ++version [32717fdb5d05] * tgetpass.c: minor cleanup and now includes sys/bsdtypes for svr4'ish boxen [326864428da2] * configure.in: ISC now gets -lcrypt now check for sys/bsdtypes.h [e064799c054b] * config.h.in: added check for sys/bsdtypes.h [9adb9533c363] 1996-01-07 Todd C. Miller * parse.yacc: removed debugging stuff (setting freed ptr to NULL) [02fe8eec63a0] * TROUBLESHOOTING: added 2 entries [02884e2733e2] * Makefile.in: added FAQ [074d8dfcf28d] * TROUBLESHOOTING: added section on syslog [e6bc02a22b86] * configure.in: added AC_ISC_POSIX for better ISC support [8436b3e12af2] * config.h.in: fixed typo [f1b3922babf4] * config.h.in: added define for _POSIX_SOURCE [ded6d92b34f9] 1996-01-04 Todd C. Miller * configure.in: fixed check for lsearch() [75baa5bc28a3] 1995-12-22 Todd C. Miller * interfaces.c: fixed for AIX now deal if num_interfaces == 0 (should not happen) [ae450e859227] 1995-12-20 Todd C. Miller * configure.in: now only define HAVE_LSEARCH if there is a corresponding search.h [8ce645c5d17f] * interfaces.c: works on ISC again [ccac920d424c] 1995-12-18 Todd C. Miller * configure.in: now define HAVE_LSEARCH if we find lsearch() in libcompat [7343e4313a87] * lsearch.c: char * -> const char * [1c0b11c2300a] * configure.in: now looks in -lcompat for lsearch() [a1cc1d6fcd09] * Makefile.in: remove sudo.core visudo.core for clan target [b523456a85df] * aclocal.m4: added UID_MAX support in check for MAX_UID_T_LEN [7ab262b1173f] * Makefile.in: fixed another occurence of sudo_getpwuid.* [fb5809c07da2] * Makefile.in, getspwuid.c: sudo_getpwuid.c -> getspwuid.c [875f2ef808b4] * configure.in: moved the "echo" [ad7b8f966076] * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c, compat.h, config.h.in, configure.in, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: ++version [ee57c6410ffa] * testsudoers.c: added group support [54d8097df8bd] * sample.sudoers: added group entry [50994d31fd49] * sudoers.man: documented group support [0a16707f8fed] * parse.c, parse.lex, parse.yacc, visudo.c: added group support [427218c879c8] 1995-12-15 Todd C. Miller * check.c: tkfile was too short and overflowed the kerberos realm [53823a1ff5af] 1995-12-11 Todd C. Miller * sudo.c: now copy command args directly from Argv [77408278b6fd] * sudo.c: replaced code to copy cmnd_args so that is does not use realloc since most realloc()'s really stink [b29a0ff73fb6] 1995-12-08 Todd C. Miller * configure.in: syslog() fixed in hpux 10.01 [2648e6f0cdb0] 1995-12-06 Todd C. Miller * configure.in: AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate) [8f108b8d8711] * configure.in: better error if cannot find skey incs or libs [5887662ee9d3] * aclocal.m4: now use a temp file for determining max len of uid_t in string form. the old hacky way broke on netbsd [b68f470fa9f8] * sudo.c: added set of parens and a space [8a3d4826d022] 1995-12-05 Todd C. Miller * dce_pwent.c: fixes from Jeff Earickson , [bde0f0b756ec] * check.c: modified a comment [e2a97f1afbbe] * Makefile.in: fixed up testsudoers target [d39c4e7bb609] * configure.in: DCE changes from Jeff Earickson LIBS -> SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS [da7a1c433828] * Makefile.in: LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS, VISUDO_LDFLAGS [4b69503e8487] 1995-11-28 Todd C. Miller * configure.in: fix for C2 on hpux 10 now uses -linet if it exists [8d300112263d] * check.c: LONG_SKEY_PROMPT is less of a klusge / [dcc144abaac3] * configure.in: fixed typos w/ dce stuff [f7dfd6d4e149] * Makefile.in: added dce_pwent.c [79047acdc516] 1995-11-26 Todd C. Miller * INSTALL: amended section on combining authentication mechanisms [dc5138c7c716] * PORTING: minor updates for 1.3.6 [fe80c13bd994] * TROUBLESHOOTING: added 2 more entries [c7201439a0f5] * BUGS: updated for 1.3.6 [979b414d2a2d] * README: overhauled [3af8b60eb594] * INSTALL: rewrote for sudo 1.3.6 [b16027b9c726] * TROUBLESHOOTING: added 3 entries [934c9ee3f153] 1995-11-25 Todd C. Miller * find_path.c, getspwuid.c, sudo.c: added explict casts for strdup since many includes don't prototype it. gag me. [3e19a11f2fcc] * sudo.h: removed prototype for sudo_getpwuid() since convex C compiler choked on it. [c3ea74ca67b0] * sudo.c: added prototype for sudo_getpwuid() [4a8e3cdc2b98] * lsearch.c: now compiles on strict ANSI compilers [3ce5d72d0b08] * check.c: added LONG_SKEY_PROMPT support [48a18b8a2332] * Makefile.in: added extra $'s for make to eat up, yum. [2995b214e12b] * OPTIONS, options.h: added LONG_SKEY_PROMPT [f23ae799b5a4] 1995-11-24 Todd C. Miller * check.c: s/key support now works with normal s/key as well as logdaemon [d67573f523bf] * OPTIONS, options.h: added SKEY_ONLY [bbf07654e0de] * compat.h: set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY [205895b96a36] * INSTALL: added DCE note added more AIX notes [6345403b3522] * sudo.c: now include pthread.h for DCE support [6fe02865f679] * check.c: dce_pwent() is ok after all ., [d26a8746a55d] * logging.c: now uses SYSLOG() macro that equates to either syslog() or syslog_wrapper [42ac4cff8045] * dce_pwent.c: minor formatting changes. renamed check() to somthing less generic [71859f217be1] * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c, visudo.c: now uses user_pw_ent and simple macros to get at the contents [f4cbf3e7145a] 1995-11-23 Todd C. Miller * check.c: simpler dec unix C2 support [86bc8f75250e] * getspwuid.c: now sets crypt_type for DEC unix C2 [99aeadd18266] 1995-11-21 Todd C. Miller * configure.in: added csops paths for skey [b8ca672e2117] * getspwuid.c: now includes string.h for strdup() prototype [3605259c3620] * getspwuid.c: fixed a few typos [46c97e4ea417] * check.c: now includes skey.h [11e611ce1b61] * getspwuid.c: fixed up comments [223dac56f0c8] * check.c: moved a lot of the shadow passwd crap to sudo_getpwuid() [97d8887fb7d3] * sudo.c: now uses sudo_pw_ent [d014dadbef48] * testsudoers.c: now uses sudo_pw_ent [d92936ed7e34] * visudo.c: now sets sudo_pw_ent [ff75cdfcf8b3] * getspwuid.c: Initial revision [6deb6df9d7bc] * tgetpass.c: moved dce stuff into compat.h [1124284396e7] * logging.c, sudo.h: now uses sudo_pw_ent [404ff20a5067] * Makefile.in: added sudo_getpwuid.c [6666d0644512] * compat.h: added dce support [3c3b36a7ce0e] * parse.yacc: now uses sudo_pw_ent [9f5e8d11bd68] 1995-11-20 Todd C. Miller * check.c: fixed exempt_group stuff for OS's that don't put base gid in group vector [003f153bd396] * check.c: S/Key support now works with sunos4 shadow passwords [1eb64a5efff1] * Makefile.in: fixed clean rule [5695a2c62816] * config.h.in, configure.in: added DCE support [f53c766c1947] * tgetpass.c: DCE & KERB support [904cf436506a] * check.c: first stab at dce support [aea5ca07b1e3] * dce_pwent.c: now smells like sudo [8b3d609b49cd] * dce_pwent.c: Initial revision [b573555f2399] * check.c: skey'd sudo now works w/ normal password as well [8d038f9f6e94] 1995-11-19 Todd C. Miller * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: updated version number [ba7e346d7904] * README: updated to reflect version change [1d15cf1d8cc8] * configure.in: --with options now line up ++version [08ebf625fbca] * sudo.h: removed unecesary S/Key stuff [68188cba90af] * configure.in: fixed S/Key support [f6d9cbc36618] * Makefile.in: -I stuff now goes in CPPFLAGS [7b8e53c5b046] * check.c: fixed SKey support [52c1a5cf4435] * README: updated version [bed6498a10bb] * OPTIONS: fixed description of EXEMPTGROUP [cfeead55edc2] * sudo.c: more people use _RLD_ than just alphas... [6a3c7090a6f6] * Makefile.in: replaced $man_prefix with $mandir [dc4b36a550e2] * configure.in: fixed a typo [a38a4acddcaf] * Makefile.in: now use more GNU'ish dir names [c5498391a520] * configure.in: now set *dir correctly (can override from command line) [523ff98fd438] * sudo.c: now deal with situations where we getwd() fails [88a9e61dccbb] 1995-11-17 Todd C. Miller * Makefile.in: added etc_dir, bin_dir, sbin_dir [75fd08d92842] * configure.in: added sbin_dir [3cb318c0d8d1] * Makefile.in: now ship a flex-generated lex.yy.c [4d083ed70dce] * Makefile.in: now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER [4d51dc9c3780] * pathnames.h.in: _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile [773fd163d52f] * options.h: no more error for redefining SUDOERS_OWNER [4ba336644c6a] * OPTIONS: expanded SUDOERS_OWNER section [12fae405759e] 1995-11-16 Todd C. Miller * visudo.c: now warn if chown(2) failed [d0d1db6e3a1f] * logging.c: better default warning for NO_SUDOERS_FILE [5260b458ac64] * sudo.c: added missing set_perms() no more cryptic message if the sudoers file is zero length, now just give a parse error [b81ea724838a] * logging.c: better diagnostics if NO_SUDOERS_FILE [877e878663c5] * sudo.c: check_sudoers() now catches sudoers files that are not readable (but are stat'able). [fea05663b3de] 1995-11-13 Todd C. Miller * configure.in: now add -D__STDC__ for convex cc (not gcc) [c80fc53ff51b] * configure.in: MAN_PREFIX -> man_prefix now sets prefix and exec_prefix [fe238226a057] * Makefile.in: now uses exec_prefix & prefix from configure [f62fca5f56bd] * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c, utime.c, visudo.c: options.h is now <> instead of "" so shadow build trees can have a custom copy of options.h [e6782676099c] * check.c: user_is_exempt() is no longer a hack, it now uses getgrnam() [287f8d5356f7] * options.h: EXEMPTGROUP is now "sudo" [61487304dbe1] * configure.in: MAN_POSTINSTALL now contains a leading space [eaad4ac34012] * Makefile.in: removed leading tab if @MAN_POSTINSTALL@ not defined now removes testsudoers in clean: [e01711baceb8] * tgetpass.c: includes pwd.h to get _PASSWD_LEN definition [8ec174f263f1] 1995-10-30 Todd C. Miller * sudo.c: unset the KRB_CONF envariable if using kerberos so we don't get spoofed into using a bogus server [2561a0274fca] 1995-09-29 Todd C. Miller * parse.yacc: now explicately initialize match[] tp be FALSE [0e45e5c47766] 1995-09-23 Todd C. Miller * sudo.c: removed unused variable now passes -Wall [3452508bc16d] * parse.yacc: yyerror and dumpaliases are now void's now passes -Wall [2769dfb51993] * parse.lex: added prototype for yyerror [1f3f0c1b4ab4] * check.c, logging.c, parse.c: now passes -Wall [eab57e5e81d2] * interfaces.c: rmeoved unused cruft now passes -Wall [7a47e1866f4b] * Makefile.in: fixed headers that moved to emul dir [e680c1e5049b] * logging.c: fixed deref of nil pointer if no args [973b9bea432f] 1995-09-15 Todd C. Miller * OPTIONS: added a caveat to FQDN section [dcf6e2a5fff4] 1995-09-13 Todd C. Miller * Makefile.in: more $srcdir support for install targets [f6eac78436dd] * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c: don't include malloc.h if we include stdlib.h [fca2ff307cd8] * parse.yacc: local search.h now lives in emul [51c458904424] * check.c, utime.c: local utime.h now lives in emul dir [f92fc9e8c8de] * lsearch.c: local search.h now lives in emul [579efc407439] * Makefile.in: added support for building in other than the sourcedir [2ab53a43f7d4] 1995-09-10 Todd C. Miller * OPTIONS: annotated CSOPS_INSULTS option [9e57d45a0afa] * TROUBLESHOOTING: updated shadow passwords blurb [39b785bc7253] * sudo.c: if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and passes along foo as the arguments [a91077aa8fc5] 1995-09-09 Todd C. Miller * parse.lex: collapsed pathname and dir sections into one -- its now less expensive [89caa03bec25] * parse.lex: fixed spacing quoting [,:\\=] now works correctly append() and fill() now take args to make the above work [09d023d9ef3a] * sudo.c: fixed a typo that caused commands with no tty on fd 0 but a tty on fd 1 to erroneously have "none" as their tty [07d2c0e7977c] 1995-09-04 Todd C. Miller * check.c: timestampfile is now a global static removed decl of timestampfile in remove_timestamp since we can just use the global one [f0cbdc6aab1c] * check.c: created touch() to update timestamps added USE_TTY_TICKETS support (bit of a kludge) [cee1dd0318f8] * compat.h: added _S_IFDIR and S_ISDIR [b4a51cc9628e] * OPTIONS, options.h: added USE_TTY_TICKETS [b4e22f81f25e] * parse.yacc: removed const from casts for lsearch() & lfind() to placate irix 4.x C compiler [5003081f76ea] 1995-09-03 Todd C. Miller * sudo.c: now only strip '/dev/' off of a tty if it starts with '/dev/' [7f62bcd24039] * pathnames.h.in: added _PATH_DEV [6375f44d1910] * configure.in: AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if have termios.h [9c60391235fd] * tgetpass.c: fixed incorrect #ifdef termio uses "unsigned short" not int for c_?flag [d032e6a29845] * parse.lex, parse.yacc: fixed a spelling error [cad6a944c7b1] * Makefile.in: fixed typo [204a65403e7c] 1995-09-02 Todd C. Miller * Makefile.in: fixed a comment [268f760e57ad] * parse.yacc: added dotcat() to cat 2 strings w/ a dot effeciently now that we dynamically allocate strings they need to be free()'d [ec2e2152f415] * parse.lex: dynamically allocates space for strings [d10ac3533d66] * sudo.h: no more MAXCOMMANDLENGTH [e2e1219bff8a] * sudo.h: added decl of tty [c8ae81303ee5] * logging.c, sudo.c: moved tty stuff into sudo.c [e028abefeb07] 1995-09-01 Todd C. Miller * parse.c: fixed a logic bug. Was denying a command if user gave command line args but there were none in the sudoers file which is wrong. [7489a99b8e8a] * sudo.h: MAXCOMMMANDLEN dropped down to 1K [38ef54ba290b] * parse.lex: return foo; -> return(foo); [0e8be1b57001] * parse.yacc: fixed netgr_matches() prototype [e69f15910464] * parse.lex: added support for escaping "termination" characters [8bd4ef50f35c] * parse.c: buf is now of size MAXPATHLEN+1 since it never holds command args [2ce4b763058c] * sudo.c: fixed comments [0c74a3d2ebb0] * goodpath.c: fixed negation problem (doh!) [782814e3a2d1] * parse.yacc: fixed 2nd parameter to lfind() [63d7b1623c08] * parse.lex: now do bounds checking in fill() and append() [54381b563251] * sudo.c: include netdb.h as we should added a missing void cast added SHELL_IF_NO_ARGS support now use realloc() properly. would fail if realloc actually moved the string instead of shrinking it [897ccdec9c06] * sample.sudoers: updated with examples of new features [9b3ed00e8aa6] * goodpath.c: now set errno to EACCES if not a regular file or not executable [2d069548a5ea] * find_path.c: if given a fully-qualified or relative path we now check it with sudo_goodpath() and error out with the appropriate error message if the file does not exist or is not executable [590f89dd8dec] * emul/search.h, lsearch.c: now use correct args for lfind [fccdcdbf020e] * logging.c: added a comment [fab9f49708ea] * insults.h: added in CSOps insults [ad8eb1862adc] * ins_csops.h: Initial revision [de5a475ec018] * tgetpass.c: added RCS id [c3ffd550a482] * sudo.h: increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD [aba25c90d08a] * OPTIONS: added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS [e27bd62e9ccf] * sudo.c: fixed -k load_interfaces() now gets called if FQDN is set -p now works with -s [07ca2a34bae8] * parse.c: don't try to stat() "pseudo commands" like "validate" [75527045984b] * options.h: added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS [07b157a0eafd] * configure.in: added SecurID support added other insults to --with-csops [6c992ceb244c] * config.h.in: added HAVE_SECURID [e734ff617fe8] * Makefile.in: added clobber target added ins_csops.h now gets CFLAGS from configure [d1e29c7cec25] * aclocal.m4: relaxed SUDO_FULL_VOID [fb4084f27406] * visudo.c: function comment blocks are now in same style as rest of code [04a2931354c5] * testsudoers.c: added support for command line args in /etc/sudoers [bfe4e1bcc655] * sudoers.man: updated to have command args in the sudoers file [1cd34355e9ea] * sudo.man: added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section [930b48023b68] 1995-08-19 Todd C. Miller * parse.yacc: PATH renamed to COMMAND [4e109a6de3cd] * parse.lex: it is now a parse error for directories to have args attached to them [2ab10a146b54] * logging.c: now say command args if telling user to buzz off [933de26ded8b] * sudo.c: -s no longer indicates end of args sped up loading on cmnd_args in load_cmnd() [eac99a4da862] * parse.c: removed an unreachable statement [634302623c49] * parse.lex: made more efficient by pulling out the terminators when in GOTCMND state and making them their own rule [80798f1e1166] 1995-08-14 Todd C. Miller * sudo.h: removed MAXLOGLEN since it is no longer used [102824196b71] * parse.lex: now allows command args [d29dfa1e5254] * parse.c: now groks command arguments [6c414cb7f105] * logging.c: now sets tty correctly when piped input [de46a30c0406] * sudo.c: fixed loading of cmnd_args (was including command name too) [15319a425ea6] * logging.c: fixed a core dump due to incorrect if construct [582363c7d7fa] 1995-08-13 Todd C. Miller * configure.in: only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix [da591fe9b931] * aclocal.m4: fixed check for ISC [52e59f2082a7] * sudo.c: now sets cmnd_args used by log_error() and that will be used by the parse to check against command args [c6804389723b] * sudo.h: added cmnd_args [4d00446b4a8d] * logging.c: now dynamically allocate logline since we can guess at its size [4bed8c8446aa] 1995-08-05 Todd C. Miller * logging.c: cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove "register" since the compiler knows more than I do now do a "basename" of the tty [3b1bbf0b3da1] 1995-07-31 Todd C. Miller * configure.in: ++version [5ce552f9a5f1] * sudo.h: added shell extern changed MODE_* to be bit masks to allow for several options together [06f9dc4f400c] * sudo.c: added -s (shell) option made MODE_* masks so we can do bitwise & and | to see if multiple flags are set. [01f8143010ad] * check.c: added securid support [909e078005fe] 1995-07-30 Todd C. Miller * logging.c: removed a bunch of unnecesary strncpy()'s and replaced with strcat() [644506b57d61] 1995-07-29 Todd C. Miller * Makefile.in, version.h: ++version [3cd6f1fbc3d9] 1995-07-27 Todd C. Miller * parse.yacc: fixed free() of an uninitialized pointer (yuck) [8c404ee502ee] * testsudoers.c: added netgr_matches [e7c9fa2f774c] * parse.c: cleaned up netgr_matches [8108f00b810e] 1995-07-26 Todd C. Miller * RUNSON: updated for 1.3.4 [4741704310a1] 1995-07-25 Todd C. Miller * Makefile.in: now installs sudoers.man -- really should clean this up though. [455631d45a1d] * Makefile.in: added sudoers.cat and sudoers.man [0bdedd6c7363] * sudo.man: pulled out stuff on the sudoers file format into a separate man page [de215d999cb9] * sudoers.man: Initial revision [f25eafbb7095] * HISTORY: fixed up my email address [254fbf80be74] * configure.in: added checks for innetgr and getdomainname [24a99cb7e97e] * visudo.c: added dummy netgr_matches function [1841ff2c01da] * parse.c: added netgr_matches [ec90db6a97b8] * parse.lex, parse.yacc: added NETGROUP support [c9dd93e3bc4b] * config.h.in: added HAVE_INNETGR & HAVE_GETDOMAINNAME [14abd494d875] 1995-07-24 Todd C. Miller * sudo.c: rewrote clean_env() that has rm_env() builtin [55cb43818a95] 1995-07-23 Todd C. Miller * check.c: now cast uid to long in sprintf [b549eea40aeb] * OPTIONS: added _INSULTS suffix to HAL & GOONS end [ed620d0aad30] * options.h: added _INSULTS suffix to HAL & GOONS [9f72e9b83afd] * ins_2001.h, ins_classic.h, ins_goons.h, insults.h: converted to new scheme of insult "unions" end [2f6d2b412132] * sudo.c: now uses MAX_UID_T_LEN [c1df79e0f389] * configure.in: added SUDO_UID_T_LEN !l [195f0b9f5f84] * config.h.in: added MAX_UID_T_LEN [73f42ae4f14d] * check.c: now use MAX_UID_T_LEN [df9c063234cb] * aclocal.m4: added check for max len of uid_t fixed sco vs. isc check [d558f36d2223] 1995-07-19 Todd C. Miller * configure.in: corrected version [828dd1571e86] * configure.in: added sco support [af1e2f616638] * aclocal.m4: hack to check for sco [549ab99a9a43] * interfaces.c: removed #include since it was hosing some OS's [ac78a7c04005] 1995-07-18 Todd C. Miller * find_path.c: fixed prreadlink() prototype [b380fe1f2b11] * check.c: added parens in #if's [e96ade691b82] * configure.in: added SPW_ prefix [a302683a1483] * sudo.h: moved SPW_* to config.h.in [6b3be70e34cf] * sudo.c: added a set of parens [8188d735d695] * config.h.in: added SPW_* [5ead6371cf60] * sudo.h: added SPW_* reordered error codes [dead25b4ed0a] * check.c: moved SPW_* to sudo.h [ca51fb04caf4] 1995-07-17 Todd C. Miller * sudo.c: SPW_AUTH -> SPW_SECUREWARE [6b512b2bc5dc] * logging.c: GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT [defdd0944e2f] * configure.in: AUTH -> SECUREWARE [d1f8a17001dd] * check.c: SPW_AUTH -> SPW_SECUREWARE [af0e8d8b89b2] * check.c: now uses SHADOW_TYPE to make shadow pw support more readable and modular. It's a start... [8c2a59667014] * configure.in: added autodetection of shadow passwords [85f81fa54b1b] * sudo.c: now uses SHADOW_TYPE define [355e5dc09b07] * config.h.in: added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines [c0c06e83e483] * aclocal.m4: added SUDO_CHECK_SHADOW [464301301639] 1995-07-12 Todd C. Miller * configure.in: define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for memmove() since we dno longer use it... [8aefa87d7d31] * CHANGES: updated [ce97b3fd7182] * logging.c: added BROKEN_SYSLOG support [a45c3bca36f6] * config.h.in: added BROKEN_SYSLOG [6f6abf0a6268] * check.c: now only bitch it timestamp > time_now + 2 * timeout to allow for a machine udpating its time from a server [546bc8d35325] * sudo.man: added 2 security notes updated Nieusma's email addr [616756c56977] * lsearch.c: changed a memmove() to memcpy() since we don't have to worry about overlapping segments. [30baa478526b] 1995-07-11 Todd C. Miller * interfaces.c: cleanup up the loop when interfaces are groped in so that it is readable [1fa39446bd69] * Makefile.in, version.h: ++version [b46bd2b1770f] 1995-07-09 Todd C. Miller * CHANGES: annotated 124-126 [b82a2b3ec7ce] 1995-07-07 Todd C. Miller * check.c: fixed permissions check on /tmp/.odus [cc2431a65468] 1995-07-06 Todd C. Miller * check.c: fixed some comments [8896d09b4fda] * check.c: now checks owner & mode of timedir also checks for bogus dates on timestamp file [a0fad5df5b0a] * OPTIONS: updated TIMEOUT info [033cc22d9e04] * logging.c, sudo.h: added BAD_STAMPDIR and BAD_STAMPFILE [31d9ce691101] * compat.h: added definition of S_IRWXU [ff2dab091a9b] * CHANGES: updated [a40df90284f1] 1995-07-03 Todd C. Miller * interfaces.c: added #ifdef to make it compile on strange arches [4a127f12afce] 1995-07-02 Todd C. Miller * aclocal.m4: fixed check for fulkl void impl. [b6f2a4a361d8] * check.c: added mssing "static" [520552f2772b] * insults.h: replaced #elif with #else #if constructs for ancient C compilers [39ab2d365b57] * INSTALL: updated irix c2 & kerb5 info [ae79b99b4905] * configure.in: added shadow pw support for irix [632469d9c528] 1995-07-01 Todd C. Miller * BUGS, TODO: updated [2a96bb18ac30] * CHANGES: last changes for sudo 1.3.3 [c1c0cd1034b8] * configure.in: now calls SUDO_SOCK_SA_LEN [14ea78159d45] * config.h.in: added HAVE_SA_LEN [cc2a346aa905] * aclocal.m4: added SUDO_SOCK_SA_LEN [456a2025644a] * interfaces.c: now works with ip implementations that use sa_len in sockaddr [90be6e028077] * INSTALL: added note about buggy AIX compiler [c0f6d427e4e4] * interfaces.c: now include sys/time.h for AIX [2510858ab38b] 1995-06-28 Todd C. Miller * Makefile.in: getcwd -> getwd [66085ebca98e] * interfaces.c: now works for ISC and others. yay. [f336d4ffc927] 1995-06-26 Todd C. Miller * Makefile.in, version.h: version++ [836cffc2078d] 1995-06-23 Todd C. Miller * aclocal.m4: fixed test for full void impl [fb004107e7b9] * sudo.c: now check to see that st_dev is non-zero before assuming that we are being spoofed [1b0e1c30c506] 1995-06-20 Todd C. Miller * aclocal.m4, configure.in: SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL [4953379bfb01] 1995-06-19 Todd C. Miller * aclocal.m4: fixed include file order for SUDO_FUNC_UTIME_POSIX [ff64ab7df44f] * logging.c: added cast for ttyname() [444f05f56758] * configure.in: fixed typo [de068e748431] * check.c: now deal correctly with all known variation of utime() -- yippe [b778a4195a89] * configure.in: added SUDO_FUNC_UTIME_POSIX [cf635f2269d6] * aclocal.m4: added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX [d79593be4b73] * config.h.in: added HAVE_UTIME_POSIX [c67b4ac0dca5] * check.c: fixed a typo [b14df5680f59] * check.c: no longer assume !HAVE_UTIME_NULL means old BSD utime() [0aeaf4b2f38b] * check.c: fixed fascist C compiler warning [c61ddf2f1f93] * interfaces.c: now set strioctl.ic_timout in STRSET() now initialize num_interfaces to 0 (just to be anal) [c54cc2ba0052] 1995-06-18 Todd C. Miller * sudo.h: increaed MAXLOGLEN by MAXPATHLEN to account for ttyname [74cf585a54fb] * logging.c: added tty logging [e27d8dcfbd78] * interfaces.c: reworked the ISC code [bcf57ce8ae69] * Makefile.in, version.h: updated version [032941c9b94d] * check.c: now expect old-style utime(3) if utime() can't take NULL as an arg [018dd4a73030] * configure.in: added check for utime.h [0b76e8feb618] * config.h.in: added HAVE_UTIME_H [62ee42feda46] * Makefile.in: added CPPFLAGS STATIC_FLAGS -> LDFLAGS [fa3201d294e1] * configure.in: now search for kerb libs and includes [cc332401e571] * check.c: added support for utime(2)'s that can't take a NULL parameter [98797fedf69f] * utime.c: moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs [6ce6d825fb44] * configure.in: added utime(s) stuff [a2afb744403e] * check.c: now use utime() [48902240a51e] * config.h.in: added HAVE_UTIME and HAVE_UTIME_NULL [9a56ab65d4f4] 1995-06-17 Todd C. Miller * utime.c: now use HAVE_UTIME_NULL [e3944de09a92] * emul/utime.h, utime.c: Initial revision [a2cbf2ef3427] * check.c: need to setuid(0) to make kerb4 stuff work. [c6cfda4039d7] * tgetpass.c: no more special case for kerberos [4a5c33145be9] * config.h.in: took out setreuid and setresuid stuff added kerb5 stuff (use kerb4 emulation) [a607ee43e650] * compat.h: no longer need setreuid() emulation now set _PASSWD_LEN to 128 if kerberos [02fb274cc136] * check.c: now use private ticket file for kerberos support to avoid trouncing on system one [28d8b6b812c7] 1995-06-15 Todd C. Miller * sudo.h: added SPOOF_ATTEMPT & cmnd_st [d3b42a1f4d0d] * sudo.c: added anti-spoofing support [ab1e2aa44a57] * parse.c: now use global cmnd_st [47018265a1a6] * logging.c: added SPOOF_ATTEMPT suypport [7bbe9dd2a021] * testsudoers.c, visudo.c: added void casts where appropriate [f191441ba333] * parse.yacc: fixed up spacing and added void casts where appropriate [15d886fc809c] * sudo.c: fixed problem with "-p prompt" but no args [6fc048261a3e] 1995-06-14 Todd C. Miller * sudo.man: added BUGS and annotated -l description [e5c506de2603] * sudo.h: validate() now takes a flag [26627becc60a] * sudo.c: validate() now takes a flag added -l [a4f7bb97fe54] * parse.yacc: added support for -l [e7a9b10b0ad3] * parse.c: validate() now takes a flag that says whether or not to check the command [9e1e67f4e281] 1995-06-08 Todd C. Miller * logging.c: now deals with Argv == 1 [0acb637ab635] * sudo.man: added -p option [e60382fc0561] * sudo.c: added prompt support reworked parse_args() [2f605267ed4a] * sudo.h: added prompt [5ab021bdb419] * options.h: added PASSPROMPT [614727ff44a2] * check.c: now use BUFSIZ as length of kerb password added kpass so pass is always a char * now use prompt global when asking for a password [76be09af784f] * tgetpass.c: now use BUFSIZ as _PASSWD_LEN if using kerberos [1e907eed312b] * OPTIONS: added PASSPROMPT [ddb2f405ce40] 1995-06-07 Todd C. Miller * configure.in: only look for -lufc or -lcrypt if crypt() not in libc [9717d315661f] * check.c: don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN (unknown user) silently fail [2b48693d4ee9] * INSTALL: added kerb4 note [986e393f740c] * tgetpass.c: HAVE_KERBEROS -> HAVE_KERB4 [e438bfb5e6aa] * check.c: removed debugging printf [1cf9f5cbffa5] * configure.in: KERBEROS -> KERB4 added checks for setreuid & setresuid [01e9945beb1e] * config.h.in: HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID [0e0bb5b8ac3e] * compat.h: added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation with setresuid if applic [9dae24c47696] * check.c: HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if no setreuid() or a broken one [1fca642bdb8e] 1995-06-06 Todd C. Miller * configure.in: added kerberos support [da5639b9b8e7] * config.h.in: added HAVE_KERBEROS [fcc5be550e65] * tgetpass.c: added KERBEROS support (long passwords) [303ba6924dd2] * check.c: added kerberos support [e40afe98fc1d] 1995-06-03 Todd C. Miller * sudo.h: added MODE_BACKGROUND [9b483c932016] * sudo.man: escaped dashes added -b option [62e84f1a7714] * sudo.c: added -b option [7e78aaefeb95] * check.c: added crypt() for osf/1 3.x enhanced secuiry [e9aa5abdb7d5] * configure.in: now check for -lcrypt [5cb9c67e9fa2] * interfaces.c: added ENXIO like EADDRNOTAVAIL [74223bb1ba75] 1995-05-08 Todd C. Miller * configure.in: now emulate getwd(), not getcwd() [3e5439d9a5f4] * sudo.c: getcwd() -> getwd() [6392a96a658e] * getwd.c: getcwd -> getwd [1b0ab9bae11e] 1995-05-02 Todd C. Miller * ins_2001.h, ins_classic.h, ins_goons.h: Initial revision [86db60d8cf00] * insults.h: broke out insults into separate include files [0a01993bd38a] * OPTIONS, options.h: added GOONS [e283203c6515] * Makefile.in: added ins_2001.h ins_classic.h ins_goons.h [2a39cd6a4cd2] * Makefile.in, version.h: ++version [05ebf4f5e41a] * visudo.c: moved signal handler setup to setup_signals() [3dd976c04540] * sudo.h: added load_interfaces() [af2d473b09e2] * sudo.c: moved load_interfaces to interfaces.c [5c8c138e5d4c] * parse.yacc: added clearaliases [aeb4ff301daa] * OPTIONS, options.h: added FAST_MATCH [f49ea3d1b525] * parse.lex: now uses clearaliases variable [a2dda415bf61] * interfaces.c: Initial revision [a1990e3f5c69] * Makefile.in: added interfaces.[co] [1e8e5984de97] * testsudoers.c: now uses ip addrs and netmasks via load_interfaces() [54b8f7a6835e] * sudo.c: now remove IFS instead of setting to "sane" value [ce7eec9f115e] 1995-05-01 Todd C. Miller * parse.c: added FAST_MATCH [816d4f5fe81a] 1995-04-30 Todd C. Miller * Makefile.in: sudo_goodpath.c-> goodpath.c [a5072c4e1de2] * sudo.c: added Andy's new ISC changes [caa6bbee358e] 1995-04-14 Todd C. Miller * OPTIONS: added a sentence to SECURE_PATH info [cad6e1569d15] * BUGS: added one [4b35cf699a83] * CHANGES: updated [5fded9dc62f0] * RUNSON: updated [33cb993cfd39] 1995-04-13 Todd C. Miller * RUNSON: updated for beta3 [a05dc6a91995] * Makefile.in, version.h: ++version [54aaf3fadc75] * aclocal.m4: sendmail is now looked for in /usr/ucblib [231ac1a4662f] * sudo.c: fixed indentation [fb137400c8c2] * aclocal.m4: fixed a typo [e03f1acc468b] * sudo.c: updated ISC mods [070290d4754b] * configure.in: added unixware case [e90250bae0d9] * check.c: user_is_exempt is no longer hidden [1a341765b8af] * RUNSON: updated [a9c4898b26dd] * aclocal.m4: isc and riscos changes [98b5d86585d1] * OPTIONS: added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH [e1ecc464ce4b] * Makefile.in: fixed a typo and added testsudoers stuff [435d60e163dc] * testsudoers.c: Initial revision [6ce14a448662] 1995-04-12 Todd C. Miller * parse.yacc: applied fixed patch from Chris [cd6144203d13] 1995-04-11 Todd C. Miller * Makefile.in: fixed a typo [34f8a54ba041] * parse.yacc: added a set of braces for bison [f0e43b938914] * parse.yacc: merged in Chris' changes to dekludge the parser. [82d6e373ab1c] * logging.c: send_mail() was calling find_path() which is wrong since find_path() stores cmnd in a static var. Anyhow, it doesn't make much sense since MAILER should always be fully qualified [6eae6a0b8098] 1995-04-10 Todd C. Miller * sample.sudoers: added User_Alias stuff [aaba8c8e918d] * aclocal.m4: SUDO_NEXT now looks for /usr/lib/NextStep/software_version [52bd81f34b32] * RUNSON: added DEC UNIX 3.0 w/ gcc [7daf570775b5] * visudo.c: Exit was being used in places where exit should be used [6026a89c07ed] * sudoers: added "User alias specification" [a487b6e234f8] * parse.yacc: fixed probs caused by making nslots and naliases a size_t [0be919384f3f] * RUNSON: added KSR, upped rev to 1.3.1b2 [ce04ee6faadf] * logging.c, parse.yacc: 1024 -> BUFSIZ [cd6dda45fa11] * parse.yacc: void * -> VOID * naliases and nslots are now size_t to appease lsearch on 64-bit machines [bf2f807c0dc1] 1995-04-09 Todd C. Miller * TODO: did a bunch of things and added a bunch :-) [42afd957b829] * PORTING: updated [972f95c85776] * visudo.man: closer to BSD manpage style [07ae88f50325] * sudo.man: closer to standard BSD man format [372c28dcc135] * compat.h, config.h.in, emul/search.h, insults.h, options.h, pathnames.h.in, sudo.h, version.h: added RCS id [c0ec90b81002] * sudo.h: removed crufty #defines that are no longer used [35e2b4b477f0] * BUGS: fixed a bug [5bb3e1bee85e] * sudo.man: updated based on sudo changes [e65de1cae438] * parse.yacc: now allow ALL keyword in User_Aliases now allow ALL keyword as well as a NAME or ALIAS [1fb31404dd0f] * CHANGES: updated [b24018ac610b] * sudo.c: now sets SUDO_COMMAND and SUDO_GID envariables. [e9d791557fb7] * aclocal.m4: fixed bug with full void impl check [35715301023c] * parse.yacc: fixed User_Alias supoprt [4c30dfbaaa07] * parse.yacc: added stubs for User_Alias support [f4afbd247edf] * sudo.c: now sets removes # bogus interfaces from num_interfaces [6f077fac9ab1] * parse.lex: added User_Alias support [bc7997e5df85] 1995-04-08 Todd C. Miller * Makefile.in: removed extraneous TODO [bc87a3b14d6d] 1995-04-07 Todd C. Miller * visudo.c: ntwk_matches -> addr_matches [475044e288b8] * parse.yacc: ntwk_matches -> addr_matches [dd1f4093fd2d] * parse.c: ntwk_matches -> addr_matches now use inet_addr() not inet_network() (which expects octet boundaries) fixes for OSF (sizeof(int) != sizeof(long)) [acd2f556940f] * sudo.c: took out debugging info [044023063eca] * aclocal.m4: OS was being set to unknown before non-uname based host checks. This caused no checks to happen since $OS was not zero-length. [335a7267479d] * sudo.c: fixed loading of interfaces struct still has debugging info in though [2d1a18998c1e] * parse.c: fixed typo [175674a3a9fa] 1995-04-06 Todd C. Miller * Makefile.in: ++version [55d191b5daa3] * version.h: ++ [d7d1f115696a] * visudo.c: removed extraneous extern decl of "top [50355621047d] * visudo.c: now zeros "top" [4e683210345b] * parse.yacc: removed parser_cleanup (no need for it now) [afa59f222b6c] * parse.lex: now calls reset_aliases() directly [3a23cbd60fc0] 1995-04-04 Todd C. Miller * OPTIONS: added a sentence to SECURE_PATH description [c5bf75b85af0] * parse.c: fixed my stupid bug where I used NAMLEN on something I wanted to just get the name from. argh. [111f460f6540] 1995-04-03 Todd C. Miller * lsearch.c: fixed argument order of memmove() that i hosed when converting from bcopy(). arghh. [2f5336045c8b] * Makefile.in: finally fixed DISTFILES line [a1b419e73a63] * Makefile.in: tabs -> spaces [280fb03e5764] * Makefile.in: added missing files to DISTFILES [991fc1cd2263] * Makefile.in: SUPPORTED -> RUNSON [7580e65b05fb] 1995-04-01 Todd C. Miller * TODO: updated [fe764a29c1cc] * RUNSON: updated for pl5b1 release [aefc35bd2291] * BUGS, TODO: updated [8f0ea249b687] * check.c: fixed bug where if you hit return at first sudo prompt it would still log as a failure [24539c854692] * CHANGES: updated [251cc7b3ede4] * aclocal.m4: better test for bogus void * implementation [efe23180cb88] * logging.c: added PASSWORDS_NOT_CORRECT [bd12c73f83f7] * check.c: added PASSWORDS_NOT_CORRECT stuff] [90de391a979f] * sudo.h: added PASSWORDS_NOT_CORRECT [727fbeb76fc5] * tgetpass.c: moved pathnames.h [4f910e5a8df7] * sudo.c: removed some unused vars and fixed up uid2str [70e92c7f9076] * putenv.c: moved compat.h [b271091586f6] * getcwd.c, getwd.c: added pathnames.h [6f25218f133f] 1995-03-31 Todd C. Miller * parse.yacc: fixed a typo I introduced in the last checkin :-( [62c3af75c4fe] * parse.lex: can't have #ifdef's where N is defined so just do this the broken way for AIX [c5648a5594e4] * parse.yacc: better hack from Chris (but still a hack) [6b6d8aed93f3] * parse.lex: stupid hack for broken aix lex [efc3f9e5280e] * tgetpass.c: now includes compat.h  [401822173f77] * visudo.c: now includes fcntl.h [63865c2f8ac6] * compat.h: added FD_SET and FD_ZERO for 4.2BSD [00c5597c0bb0] * parse.yacc: dirty hack to fix parser bug. i don't really like this but it works for now... [5b8bbdc81569] * sudo.c: uid2str is now static like the prototype says [f2a97b5cb870] 1995-03-30 Todd C. Miller * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING: updated [6f79c3e92716] * RUNSON: Initial revision [12a09ef9e884] * sudo.c: check_sudoers now returns an error code and sudo calls inform_user and log_error based on the return value. [340eca188d9a] * logging.c, sudo.h: added entries for new errors [6050d8542e1f] * parse.c: now set uid to that of SUDOERS_OWNER while parsing sudoers file [3683c42bc9b0] * Makefile.in: took out testsudoers  [65317d49db48] * sudo.c: now explicately checks that it is setuid root [2fe1be60ef6a] * sudo.c: If a user has no passwd entry sudo would segv (writing to a garbage pointer). Now allocate space before writing :-) [d08e7eb5e5ef] * configure.in: reordered AC_CHECK_FUNCS [4c82e56c6f4f] * config.h.in: fixed memset macro [77ede6b714ab] * tgetpass.c, visudo.c: bzero -> memset [1a005bb322c8] * logging.c: bzero -> memset when a parse error is logged the line number of the error is now logged too [a42d68047723] * INSTALL: added Sunos to blurb about c2 security [af750a1d131e] * configure.in: added a SUN4 define for C2 security [6ad5b23a3eb0] * config.h.in: bcopy -> memmove bzero -> memset [5494460c8464] * lsearch.c: bcopy -> memmove char * -> VOID * [a15f5c316e16] * check.c: added support for sunos with C2 security [03fea5bb21e6] * OPTIONS, options.h: reordered [1686265af3e1] * pathnames.h.in: _PATH_SUDO_LOGFILE now set based on configure [5867b58e4a04] * configure.in: added SUDO_LOGFILE and SUDO_TYPE_SIZE_T [1984d9fd1b5c] * config.h.in: added _SUDO_PATH_LOGFILE [dd3eebe62580] * aclocal.m4: added SUDO_LOGFILE to find where to put sudo.log added SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE) [c589a515a99a] 1995-03-29 Todd C. Miller * TROUBLESHOOTING: Initial revision [f42f1baba3a8] * sudo.c: now do set_perms(PERM_ROOT) before the getpwuid() in load_global() to work around a problem is trusted hpux shadow passwords. yuck. [ae1f13b54687] * parse.yacc: backed out a change in malloc/realloc [ab868db0ad69] * parse.yacc: now include stdlib.h [957eef0631eb] * visudo.c: now do an freopen() of the stmp file so that yyin will always point to the same thing. This is important for flex since we are doing a YY_NEWFILE [44558922fd3e] * parse.yacc: replaced yywrap() with parser_cleanup() since yywrap() needs to be in parse.lex to be able to use YY_NEW_FILE. sigh. [12dd09921074] * parse.lex: now have a rule that matches anything that doesn't match an explicite rule. well, you know what i mean (. matches anything not yet matched). However, this means that there is input still queued up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved into parse.lex and it calls parser_cleanup() which is most of the old yywrap() sigh. [7f4042bc48d6] * SUPPORTED: no longer used [8f220be4da94] * getcwd.c, getwd.c: moved compat.h to be the last include file [9f3a65e2d485] * parse.yacc: fixed type of aliascmp() args [1c27eb989bdf] * find_path.c: NULL -> '\0' [5c8d8cf1692e] * parse.yacc: added casts to lfind and lsearch args for irix [61027ddeecf8] * Makefile.in: bsdinstall -> install-sh [61de6612c5a5] * INSTALL: added info about make realclean [29c6324d727f] * Makefile.in: updated VERSION added dependencies for visudo.cat [09077d7229d4] * version.h: -> pl5b1 [5d21c7ad1a41] * sudo.c: took out -l [fc1478d81b38] * Makefile.in: now there is a real visudo.man and visudo.cat [58aeac43a6dd] * sudo.man: took out visudo stuff [4a6ac4393343] * visudo.man: Initial revision [cba348843db8] * parse.c, parse.lex, parse.yacc: updated copyright [ffa16b70944a] * README: updated for pl5 [a26e423e9e5f] * sudo.man: updated Nieusma & Hieb email addresses [f0083e71989d] * INSTALL: updated to include options.h and OPTIONS [ee59e2b76c94] * CHANGES, TODO: updated [51e011ad5220] * BUGS: eliminated bug #1 (yay) [e7e88515494e] * configure.in: sunos no longer gets linked statically [2e5b3ff3108f] 1995-03-28 Todd C. Miller * parse.lex: prototype now uses __P() [68ecdcab4c70] * parse.lex: make fill() non-ansi [d6509972260b] * parse.c: made -v (validate) work [13c9d520638c] * logging.c: now gives host [f04859cdba5a] * find_path.c: don't check for execute/statable if fq or relative path given [4bbe851f3973] * parse.c: added a cast [345c308f72f3] * visudo.c: now include ctype.h for islower and tolower macros [582c0aa332d5] * goodpath.c: moved _S_IFMT & _S_ISREG to compat.h [828e4ca4e7b4] * sudo.c: moved a set of parens [5783474ecf37] * strdup.c: now include compat.h [75e2036b94af] * emul/search.h: void * -> VOID * [cedcfaf04161] * parse.yacc: now cast malloc & realloc return vals added search for HAVE_LSEARCH now use strcmp if no strcasecmp available [d6a42bc3d4ae] * lsearch.c: void * -> VOID * [886adc44f607] * config.h.in: removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H, HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH [3b50d7fb4349] * compat.h: added _S_IFMT, _S_IFREG, and S_ISREG [73d506c7d53c] * aclocal.m4: took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results to most SUDO_* macros [8442155f5936] * Makefile.in: no more -I. [63462f195bd4] * configure.in: various 1.x ro 2.x autoconf changes now check for strcasecmp now use AC_INSTALL_PROG instead of custom one added check for fully woorking void implementation [5ac6b6e6230f] * Makefile.in: added lsearch & search.h visudo links into $(LIBOBJS) [bc119cda4598] * aclocal.m4: partial 1.x to 2.x changes added SUDO_FULL_VOID [1194d01fa5c5] * visudo.c: whatnow_help was prototyped to be static be was not declared as such [0f85489dd426] * configure.in: autoconf 2.x changes took out HAVE_FLEX (no longer used) added check for dirent/dir/ndir.h [7408f3854948] * parse.c: now use groovy gnu autoconf macro AC_HEADER_DIRENT [e465db9f5dfa] * getcwd.c, getwd.c: MAXPATHLEN -> MAXPATHLEN+1 [714d87424e21] * emul/search.h, lsearch.c: Initial revision [55d79482c535] 1995-03-27 Todd C. Miller * parse.yacc: eliminated bison warnings [61ca0a96da22] * parse.lex: added missing case [6be0f849747c] * visudo.c: now iincludes signal.h [221e0fcc144f] * parse.yacc: only clear data structures on a parse error [7b1c0f1a4527] * visudo.c: whatnow() now gives help on invalid input [e5a4cd88c587] * visudo.c: added a whatnow() function (sort of like mh) [932d9b145f1c] * parse.yacc: kill_aliases -> reset_aliases yywrap() now cleans up by calling reset_aliases() and clearing top took reset stuff out of yyerror() since it doesn't beling there (and doesn't work anyway). errorlineno is now initially set to -1 so we can set it to the first error that occurrs (it was getting set to the last) [2f71f95a974c] * parse.lex: added a void cast [18ae6042dce4] * visudo.c: rewrote from scratch based on 4.3BSD vipw.c [2f6814f18576] 1995-03-26 Todd C. Miller * sudo.c, sudo.h: removed ocmnd [a31735f41ad4] * sudo.h: no more sudo_realpath() and find_path() changed params [8e85c3b39159] * sudo.c: find_path() changed since no more realpath() [b25366c7f2ee] * parse.yacc: on error, errorlineno is set to the line where the error occurred added kill_aliases() to free the aliases struct now clean up in yyerror() so we can reparse cleanly [2342f578c27a] * options.h, parse.c: no more USE_REALPATH [cfc59babeaff] * logging.c: changed to use new find_path() [91c7a38e7751] * find_path.c: removed all the realpath() stuff [cc21a43a8562] * Makefile.in: sudo_realpath.c -> sudo_goodpath.c [03a9b1ddec2f] * visudo.c: now works correctly with utk parser [08aa554a0ce8] * goodpath.c: Initial revision [1ea607e1ffb2] * sudo_realpath.c: eliminated a compiler warning [198bcccc55b6] * sudo.c: elinated compiler warning [e2384f9a878b] * sudo_realpath.c: added sudo_goodpath() [43878c4cc540] * sudo.h: added prototype for sudo_goodpath [23e8627a2265] * parse.c: added support for /sys/dir.h [eca897087741] * options.h: USE_REALPATH turned off [620ac8b63d85] * find_path.c: added calls to sudo_goodpath() [ad170904fbcd] * configure.in: added check for dirent.h [7964a8c26855] * config.h.in: added HAVE_DIRENT_H [1f785fec7e19] * configure.in: added in linux shadow pass stuff  [e585a5785f50] 1995-03-24 Todd C. Miller * visudo.c: added back host, user, cmnd, parse_error [0ec19f3d64f4] * visudo.c: added in utk changes plus some minor cosmetic changes [c5c1921c8a58] * sudo.c, sudo_realpath.c: added void casts for printf's [9c6ff11c0082] * options.h: added a define of USE_REALPATH [db3711c9efc5] * configure.in: there is no more visudoers/Makefile [36e1bc1f78d0] * Makefile.in: added in utk changes (visudo is now built from the toplevel) [76203d4b345d] * find_path.c: added (void) casts to printf's [dd5cb1e060ac] * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c: merged in utk changes [35563307fd8e] 1995-03-23 Todd C. Miller * find_path.c: now check to see that what we are trying to run is a file (or a link to a file, we do a stat(2) so there is no diff) [05889c4bcace] 1995-03-13 Todd C. Miller * CHANGES: updated [3e8047bb26fb] * Makefile.in: aclocal.m4 -> acsite.m4 make realclean updated for new autoconf  [0bdbaa7c4c7d] * sudo.man: added myself as maintainer [77a9d75aab84] 1995-02-17 Todd C. Miller * sudo.c: changed setegid -> setgid [7f4788d73b6f] 1995-02-06 Todd C. Miller * configure.in: fixed the test for irix 5.x to skip bad libs [bfef896de013] * aclocal.m4: now initialize OS and OSREV [cc302756e440] 1995-01-27 Todd C. Miller * configure.in: irix5 changes [ac985b23f5f2] * configure.in: AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1 compatibility [0cf8c92a06d7] 1995-01-19 Todd C. Miller * visudo.c: use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ thing wrt yyrestart (grrrr) [18e8eabfbb82] 1995-01-16 Todd C. Miller * Makefile.in: added visudoers/compat.h to DISTFILES [db23b574b034] * configure.in: fixed an echo [7cbc0462b89d] * sudo.c: added ocmnd declaration adjusted for find_path()'s new parameters [d929cd156474] * sudo.h: added ocmnd extern adjusted find_path() prototype [e0004daf5d3c] * parse.c: cmndcmp() now takes 3 arguments and checks against the qualified as well as the unqualified pathname. more code that should use cmndcmp() but did not, now does [6f70a8c17bee] * options.h: added to a comment [7a78680426b2] * logging.c: changed to use new find_path() parameter passing [840981d30db4] * find_path.c: find_path() now takes 2 copyout parameters (one for the qualified pathname and one for the unqualified pathname). The third parameter may be NULL. [851503b005e9] * configure.in: no longer munge pathnames.h [427d8796c5a9] * pathnames.h.in: changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h) as a result, pathnames.h does not need to be run through configure and the user can override the configured values easily. [2e378f2ebe88] * config.h.in: added _SUDO_PATH_* entries [0857de7cebab] * aclocal.m4: _PATH* -> _SUDO_PATH_* [7601193f56cc] * Makefile.in: updated DISTFILES and HDRS .o's now depend on config.h [39d8601965cf] 1995-01-13 Todd C. Miller * compat.h: removed extraneous #endif [27d4c5f2ce7e] * aclocal.m4: added SUDO_PROG_MV [76dda3bdd816] * configure.in: added SUDO_PROG_MV added riscos and isc os types took out -DSHORT_MESSAGE from --with-csops since it is now the default [68c206ad976e] * sudo.c: move the include of id.h to compat.h now includes options.h [45a1eaafb3a8] * sudo.h: moved compatibility #defines to compat.h [0eee27057698] * pathnames.h.in: added _PATH_MV [e830797ab320] * config.h.in: move __P to compat.h [188e12e0ba93] * getcwd.c, getwd.c, putenv.c: now includes compat.h [c72cb6d73981] * compat.h: Initial revision [d4d2f359ae03] 1995-01-12 Todd C. Miller * sudo.h: pull user-configurable stuff out and put in options.h [ef929467b070] 1995-01-11 Todd C. Miller * parse.lex, parse.yacc, visudo.c: now includes options.h [e36d7c82add1] * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c, sudo_setenv.c: now includes options.h [f186ba03de07] * Makefile.in: added visudoers/options.h [e5350c476494] * OPTIONS, options.h: Initial revision [9b6b5001e318] * Makefile.in: added OPTIONS and options.h [25448341e16a] * logging.c: changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE [5dd6385dd1d3] * check.c, sudo.h: changed PASSWORD_TIMEOUT to minutes [0ec6aab98738] 1994-12-17 Todd C. Miller * visudo.c: now only do Editor +line_num if line_num != 0 [b69f04b5e3c7] 1994-12-16 Todd C. Miller * visudo.c: now use mv if rename(2) fails [83210dca1bab] * BUGS: added a visudo bug [d61a806f9aa7] * check.c: expanded comment [641f2cba94cb] 1994-11-12 Todd C. Miller * check.c: fixed user_is_exempt to return 0 if EXEMPTGROUP is not set [7a11135039a8] 1994-11-10 Todd C. Miller * sudo.c: added mips & isc support [e258dc053119] * parse.c: added support for non-root owned sudoers file [fea07e65a0fc] * check.c: added exempt group support [928fb4bd9ad5] * sudo.h: added set_perms() support added SUDOERS_OWNER so can have non-root own sudoers file added exempt group support added isc support [61c578d31fc1] * visudo.c: now copy sudoers to temp file via read/write (not stdio) now chown new sudoers file to SUDOERS_OWNER [a5176c59df70] 1994-11-08 Todd C. Miller * configure.in: added skey support [35a8d2fabdb7] * sudo_realpath.c: be_* -> setperms() [a1631d686e1c] * sudo.h: fixed typo added set_perms support added skey support added seteuid()/setegid() emulation for AIX [c0c8d6771406] * sudo.c: be_* -> setperms() now check to make sure sudoers file is owned by root nread/write by only root [13ab1e261f1a] * logging.c, parse.c: be_* -> setperms() [21499d845c8f] * check.c: be_* -> set_perms() added skey support [df51b56871c1] 1994-11-06 Todd C. Miller * Makefile.in: ++version [3c1abbe4e43c] * version.h: ++ [1d2f9b540a95] 1994-10-21 Todd C. Miller * sudo.c: now sets IFS [eabbb41b9f08] * insults.h: fixed typo [c7997f19216e] 1994-10-15 Todd C. Miller * config.h.in: added HAVE_SKEY [da948ec4186b] 1994-10-04 Todd C. Miller * CHANGES: updated [f4b55ab007ea] * Makefile.in: ++version [0489068b8c95] * version.h: ++ [d189faedf423] * sudo.c: now bail if ARgv[1] > MAXPATHLEN [0cea8ecc9dc2] * configure.in: added function check for tcgetattr(3) [e03289b22c2f] * config.h.in: only define HAVE_TERMIOS_H if you have tcgetattr(3) [757eab83d1a2] * config.h.in: added check for tcgetattr [c5ae92715930] 1994-09-26 Todd C. Miller * CHANGES: updated [cbc419883108] 1994-09-22 Todd C. Miller * parse.lex: now only include unistd.h for linux [e9adeab95ef0] 1994-09-21 Todd C. Miller * Makefile.in: added visudo.8 generation [d6a3f0f887f8] * configure.in: added -Wl,-bI:./aixcrypt.exp to aix flags [72594a21edcf] 1994-09-20 Todd C. Miller * BUGS: added one [9993a349e096] * CHANGES: updated [297b31ec4cdd] * README: added mailing list info [10372f94a2b2] * parse.yacc: now use sudolineno instead of yylineno fixed bison warnings [25a83e62057b] * configure.in: now use -no_library_replacement for osf don't make a static binary for hpux >= 9.0 [1fa7b892f1a3] * tgetpass.c: added string.h/strings.h inclusion [71faa98fc0a1] * config.h.in: added ssize_t def [406284bd1ac0] * parse.lex: added inclusion of string.h/strings.h [6985b1df5d09] * aclocal.m4: fixed uname | sed (needed to quote the '[') [4cd2d3415c1a] * parse.lex: replaced yylineno with sudolineno fixed bison syntax errors [0bd31a5fab26] * visudo.c: changed yylineno to sudolineno since yylineno cannot be counted upon. [38c30104d0ae] * TODO: updated [5d4746f1a752] * parse.c: added code to support command listings [030172e133fd] * sudo.c: added code for -l flag [801dbbc82778] * sudo.man: fixed typo added info for -l flag [8916ca945d65] * configure.in: AC_SSIZE_T -> SUDO_SSIZE_T [c61f7f47013f] * aclocal.m4: added SUDO_SSIZE_T [0ccdb77be84d] * sudo.h: added MODE_LIST [9b2bd844c76c] * configure.in: added AC_SSIZE_T [35cca208f9b5] * find_path.c, sudo_realpath.c: readlink() is now declared as returning ssize~_t [0640a08d1407] * configure.in: added -laud for OSF c2 [b7539c905efc] 1994-09-02 Todd C. Miller * Makefile.in, visudo.c: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu [067fd9bcb5e1] * config.h.in, parse.lex, parse.yacc, pathnames.h.in: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu [fc46e7c7110a] * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c, parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c, sudo_setenv.c, tgetpass.c, version.h: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed [d1d4fbc53a98] 1994-09-01 Todd C. Miller * Makefile.in: ++version [b7066d97633f] * version.h: ++ [65ec69d88110] * logging.c: added host to alertmail messages [d973c19ce777] * CHANGES, TODO: udpated [5a65eb16faeb] * logging.c: fixed logging problem where mail would not say which user it was [35723edcc5d2] * configure.in: added -laud for gcc if osf & c2 [18f1e0ae5548] * check.c: moved set_auth_parameters to sudo.c [d23112fe01db] * sudo.c: added set_auth_parameters for osf [eb70f65214ac] * configure.in: cleaned up -static stuff [01e9575f0422] * Makefile.in: ++version [7ac3bff5c770] * version.h: ++ [10a4ff478469] * sudo.c: changed setenv() to sudo_setenv() [40a78abb9946] * check.c: fixed osf problem [3d69b118efb8] * configure.in: added OSF C2 stuff [38cff3ad4093] * CHANGES: updated [cd341dd0581a] * check.c: added osf auth support & removed some extra spaces [a448cdd81514] * INSTALL, SUPPORTED: added osf C2 stuff [f70484796146] 1994-08-31 Todd C. Miller * TODO: added 2 suggestions [695fbdbd86e6] * Makefile.in: removed README.v1.3.1 and added VERSION stuff [f69403eb04c6] * version.h: pl1 [21580c0f8cb1] 1994-08-30 Todd C. Miller * version.h: 1.3.1final [630114970298] * Makefile.in: added HISTORY [901bff251614] * sudo.man: mention HISTPRY file [86dbcfd4326e] * sudo.c: use sizeof instead of a constant in 1 place [d819604c68ca] * parse.yacc: added unistd.h [6f9500f9fe7e] * parse.lex: added unistd.h [468b81a276eb] * README: udpated [7e275618923a] * HISTORY: Initial revision [5db1b0a3939b] 1994-08-17 Todd C. Miller * version.h: ++ [7dfbb4a810bb] [SUDO_1_3_1] * CHANGES: updated [7820ee610bf8] * sudo_setenv.c: added unistd.h include [30cf2b654525] 1994-08-16 Todd C. Miller * sudo.c: added sys/time.h for AIX [199fc8caf3a3] 1994-08-15 Todd C. Miller * configure.in: added check for -lsocket and sys/sockio.h [f9abfbb31031] * config.h.in: took out libshadow check and added in sys/sockio.h check [0c4b0393ac80] * sudo.c: now include sockio.h instead of ioctl.h if it exists "sudo -" now gets a better error message [53041bea5483] * sample.sudoers: now has a dir and subnet entry [56b820f65438] 1994-08-13 Todd C. Miller * sudo.c: removed if_ether.h [b4f64507493e] * TODO: added an item [ea2a1bb6922a] * sudo.man: added network and ip addresses to man page [01c85016511f] * sudo.c: no error if can't get interfaces or netmask since networking may not be in the kernel. [50b8890e2134] * parse.c: nwo check for interfaces == NULL [dc1b3eef0db2] * parse.c: fixed a bug that caused directory specs in a Cmnd_Alias to fail if the last entry in the spec failed (ie: it was only looking at the last entry). CLeaned things up by adding the cmndcmp() function--all neat & tidy [007e93578e5e] * CHANGES: added one [40e8a2cef497] 1994-08-12 Todd C. Miller * sudo.c: now do two passes to skip bogus interfaces (lo0, etc) [465e30aecaf7] * parse.lex, parse.yacc, visudo.c: added include of netinet/in.h [11e3816ed362] * logging.c, sudo_realpath.c, sudo_setenv.c: added ninclude of netinet/in.h [daccfa40fe1e] * check.c, find_path.c, getcwd.c, getwd.c: added include of netinet/in.h [0222f95e06ad] * version.h: ++ [d6b0cfa35a38] * sudo.h: added interfaces global [ba52fa8ad75e] * parse.c: now uses new interfaces global [17473ad5ecba] * sudo.c: now ip addresses are gleaned fw/o dns [8828bb2007e0] 1994-08-10 Todd C. Miller * sudo.c: added load_ip_addrs() to load the ip_addrs global var [60c825f04238] * parse.c: added hostcmp() to compare hostnames, ip addrs, and network addrs [ab0e40e37537] * sudo.h: added ip_addrs def added load_ip_addrs prototype [c41c565d0777] 1994-08-08 Todd C. Miller * CHANGES: updated [2a128dbe9bcb] * Makefile.in: removed multiple entries in DISTFILES [2490f4f371e6] * visudo.c: ansified the !STDC_HEADERS decls [646ba06d17ae] * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c: don't do malloc decl if gnuc [f1bad1925f98] * sudo.c: can't use getopt(3) since it munges args to the command to be run as root don't do malloc decl if gnuc [38e78f6da14e] * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c, sudo_realpath.c, sudo_setenv.c: ansi-fied !STDC_HEADER function prottypes [51d8cad89976] * getcwd.c, getwd.c: added missing paren [6a1fae70e27e] * Makefile.in: added putenv.c to DISTFILES [a5e4523eabbb] * sudo_setenv.c: added params to func decls when STDC_HEADERS is not defined now can count on putenv() being there [fd587796189b] * sudo_realpath.c: took out errno decl since sudo.h does it for us fixed up a next cc warning added params to func decls when STDC_HEADERS is not defined [70fa5152ace6] * sudo.h: took out environ extern added local declaratio of putenv() if local version is needed [a84bae6c020d] * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c: added params to func decls when STDC_HEADERS is not defined [f406f0e47ac0] * config.h.in: added memcpy check check to see that ansi vs bsd macros are ntot already defiend before defining (ie: avoid redefinition) [879ae026e19f] * configure.in: removed fluff setenv check plus check w/ replace for putenv if also no setenv [e3c03814ad4b] * putenv.c: Initial revision [3cff63e2dc1b] 1994-08-06 Todd C. Miller * sudo_setenv.c: Initial revision [4d637631fa6b] * sudo.h: rm'd s realp[ath added sudo_realpath and sudo_setenv [07ba001ff57e] * sudo.c: now use sudo_setenvc [fd81e04d5ef0] * configure.in: added puteenv and setenv, removed realpath [27bfacfb513b] * config.h.in: added putenv & setenv [515f14eaf6e4] * Makefile.in: added sudo_setenv [217731a717c5] * version.h: ++ [eadb346d7129] 1994-08-05 Todd C. Miller * configure.in: added MAN_POSTINSTALL and /usr/share/catman for irix [2a9496c1bdba] * Makefile.in: added MAN_POSTINSTALL [89b0d4695529] * CHANGES: added [48c021ba8a70] * sudo.man: added SUDO_* plus new options [c0759cff5683] * CHANGES: added one [7d44a3922d56] * configure.in: took out shadow lib [07cf3de18701] * TODO: adde done [a27a578e8afe] * visudo.c: now use yyrestart() if flex now reset yylineno to 0 [77d67ce0b677] * Makefile.in: support for installing a cat page instead of a man page if no nroff [44671c0fc0fa] * configure.in: now defines HAVE_FLEX fixed up man stuff so that it looks for nroff to determine whether or not to install a cat or man page [0562d069c135] * config.h.in: added HAVE_FLEX [c5490bae39d3] * sudo.c: not set ret to MODE_RUN initially [88b4983c195b] * find_path.c: made command (and therefor cmnd dynamically allocated) [95b82e32b6de] * TODO: did #8 [fb6f41308cdf] * version.h: ++ [14112ecab5ae] * sudo_realpath.c: changed bufs from MAXPATHLEN to MAXPATHLEN+1 [0ad4f34e55c0] * sudo.h: added MODE_ removed validate_only and added remove_timestamp() [dd5f99c57728] * sudo.c: usage() now takes an int (exit value) added parse_args() to parse command line arguments moved call to find_path() from load_globals to new function load_cmnd() removed validate_only global -- now use the concept of "modes" added -h and -k options [c3887090b28a] * parse.c: no longer use global validate_only now checks for command called "validate" removed check for non-fully qualified commands since that is done by find_path [7d56fbd26369] * find_path.c: changed MAXPATHLEN r to MAXPATHLEN+1 [a86e8664d971] * find_path.c: fixed off by one error with MAXPATHLEN and fixed a comment [58adcef8c981] * check.c: check_timestamp no longer runs reminder(), it is implied in the return val added remove_timestamp() [42ab5a77066f] * CHANGES: updated [8e69b31df024] 1994-08-04 Todd C. Miller * BUGS: fixed on [bc34f1ac4280] * sudo_realpath.c: took out old_errno [a168d00a0768] * CHANGES: updated [04ba80922df7] 1994-08-03 Todd C. Miller * logging.c: moved send_mail to after syslog [4d4188087834] * sudo.c: now set SUDO_ envariables [e5963f1bd3bb] 1994-08-01 Todd C. Miller * version.h: ++ [2a4534845d8c] * sudo_realpath.c: now print error if chdir fails [0d75c8973d49] * find_path.c: removed an XXX [e2077bcb35aa] 1994-07-26 Todd C. Miller * CHANGES: updated [e30a2b39b41a] * configure.in: no more static binaries for aix [77a0beb6bd80] 1994-07-25 Todd C. Miller * INSTALL: fixed typo [ba5e0d391bc4] * sudo_realpath.c: took out stuff not needed for sudo now does be_root/be_user itself now uses cwd global [4f6d4641d793] * version.h: +=2 [97da927b297c] * logging.c, sudo.c: be_root/be_user is now down in sudo_realpath() [f331662fa50f] * logging.c, sudo.h: now works with 4.2BSD syslog (blech) [98e39d89dd36] * find_path.c: now use sudo_realpath() [ab436a8ebd02] * config.h.in: took out realpth() stuff since we now use sudo_realpath() [8de5ef9f6044] * configure.in: ultrix enhanced sec [815fb7fffcc0] * SUPPORTED: added ultrix enhanced sec. [6466766c8062] * INSTALL: updated [d681a634297a] * check.c: ultrix enhanced security suport [f10c8decbcc2] * Makefile.in: added sudo_realpath.c [6b9bcd3be022] * CHANGES: updated [2fa8084c1b53] * tgetpass.c: increased passwd len to 24 for c2 security [ec64838be62d] * BUGS: updated BUGS [ca00d8fec2ce] 1994-07-15 Todd C. Miller * check.c: now use user global var [568769719013] * configure.in: took out -ls [490a44180d5f] 1994-07-14 Todd C. Miller * configure.in: added AFS libs [4fb40c8c01ba] * sudo.h: user is now a char * added epasswd [27a919fafdfb] * sudo.c: added tzset() to load_globals added epasswd (encrypted password) global made user dynamically allocated [b99ef9bdbfce] * configure.in: added tzset test [27592dd1214b] * config.h.in: added HAVE_TZSET [b13f4213f3d0] * check.c: cleaned up encrypted passwd grab somewhat [c8ba9a4db38a] * configure.in: fixed AFS typo [2bfcbce237b6] * INSTALL: added AFS not [80c67329393c] * CHANGES: udpated [2f09ecdd5d31] * logging.c: can now log to both syslog & a file [4d5c0932bc01] * sudo.h: added BOTH_LOGS [623c539be824] * CHANGES: updated [a1c7f5ef3616] * configure.in: --with-AFS [28718d8f5daf] * config.h.in: added HAVE_AFS [2e32bb4e63e4] * check.c: added afs changes [fe4d0ff320a2] * sudo.h: removed AFS stuff :-) [a40387e6fa27] * tgetpass.c: include sys/select for AIX [f32c5a8f2c84] * sudo.h: added AFS [da2ab3dd0348] * version.h: ++ [452d4dfe25af] 1994-07-07 Todd C. Miller * CHANGES, SUPPORTED: updated [e7dfe6f23a37] * logging.c: can now have MAILER undefined [1d33b98b35e1] * INSTALL: new sub-note about MAILER [d35c636a0574] * sudo.man: added blurb about password timeout [70c2ee50de20] * configure.in: convex c2 changes [367138a6232e] * aclocal.m4: took out duplicate define of _CONVEX_SOURCE [647182138450] * Makefile.in: added OSDEFS [7fdcd50602d1] * config.h.in: added spaces [f2b8a05e48f3] * tgetpass.c: added a goto if fgets fails [68a6586d9c45] * sudo.h: use __hpux not hpux convex c2 stuff [5c377a8d5f34] * sudo.c: use __hpux not hpux [9363bc0f9f9e] * logging.c: convex c2 stuff [ea5630975ac4] * config.h.in: define ansi-ish cpp os defines if non-ansi are defined for hpux & convex [664f53a5e786] * INSTALL: updated to say we support sonvex C2 [5f2f8b87013e] * check.c: added convex c2 support [9a665d4918fa] 1994-07-01 Todd C. Miller * tgetpass.c: no more ioctl never returns NULL uses fgets() and select() to timeout [b333e6d63e97] 1994-06-29 Todd C. Miller * configure.in: things were testing -n "$GCC" instead of -z "$GCC" [059a9b15ede2] * tgetpass.c: now works + uses fgets() [353d7ebcb7bb] 1994-06-28 Todd C. Miller * tgetpass.c: select doesn't seem to recognize a single '\n' as input waiting so we can;t use it, sigh. [f76e3218b835] 1994-06-26 Todd C. Miller * PORTING: updated tgetpass() blurb [95baac736b49] * configure.in: added --with-getpass [42ac0bdf58ed] * Makefile.in: added tgetpass stuff [e2b38c635663] * tgetpass.c: now uses stdio [36af8ff66e35] * version.h: ++ [4e81c9db19bd] 1994-06-24 Todd C. Miller * PORTING: updated ,. [54f523770a05] * config.h.in: added USE_GETPASS && HAVE_C2_SECURITY [86b355cb2953] * configure.in: fixed a test aded --with-C2 and --with-tgetpass [abf6181588ef] * check.c: added hpux C2 shit [20d4177ffa88] * Makefile.in: took out tgetpass.* [cc82fd9984b4] * INSTALL: added C2 blurb [1d2bfc35e4b6] 1994-06-13 Todd C. Miller * configure.in: no termio(s) for ultrix since it is broken [d3e82e835350] * check.c: added a space (yeah, anal) [05e4b31ca68c] * realpath.c, sudo_realpath.c: fixed it (duh, rtfm) [f13097cb8cb6] 1994-06-08 Todd C. Miller * config.h.in: took out bsd signal stuff for irix [e179cdafc97a] * visudo.c: comments in #endif [e3a629190f5e] * configure.in: don't define BSD signals for irix [3ce57bffb7f0] * TODO: did some... [274241cd0f74] * CHANGES: updated [8f29fc755faf] * realpath.c, sudo_realpath.c: took out unneeded code by changing where a strings was terminated [b5564d62d30e] 1994-06-07 Todd C. Miller * realpath.c, sudo_realpath.c: fix bug where /dirname would return NULL [b85f470daf26] * sudo.h: move __P to config.h [7763c0ff3f28] * getcwd.c, getwd.c, realpath.c, sudo_realpath.c: added errno definition [4cc9d2d9782a] * config.h.in: added __P [ca06f5aa58f3] * config.h.in: added HAVE_FCHDIR [206d714641e0] * strdup.c: now include stdio [0d8458da0e1d] * realpath.c, sudo_realpath.c: now works if no fchdir [e035911b6722] * visudo.c: define SA_RESETHAND to null if not defined [afec03e84342] * configure.in: added check & replace [c1a65481441c] * configure.in: took out -static for nextstep -- it doesn't work [fa1a1a611743] 1994-06-06 Todd C. Miller * logging.c: moved #endif to where it belongs [07d3a8972097] * SUPPORTED: correction [0c1ecba3e5a3] * configure.in: now checks for strdup realpath getcwd bzero [f029a1917515] * config.h.in: emulate bzero [d792352e44a3] * visudo.c: added posic signals [2ed0005f90fc] * tgetpass.c: bzero cast [6d91b1a1526f] * logging.c: added posix signals [67ede9c22a05] * configure.in: removed BROKEN_GETPASS added new srcs toreplace missing functions [cf44274bb1c8] * config.h.in: added posix signal stuff [a3c1c98fe8ef] * Makefile.in: added new srcs [b6a079afee47] * visudo.c: updated useag [589ed091c44f] * tgetpass.c: now uses posix signals [30f74964074f] * PORTING: updated sto reflect major changes [bcfc309e017b] * CHANGES, TODO: updated [23aacbd54278] * tgetpass.c: uses sysconf() if available [a27431c90bab] * sudo.h: added PASSWORD_TIMEOUT + prototypes for new functions [d7473c2f77c4] * realpath.c, sudo_realpath.c: for those w/o this in libc [1e47aa7a9d46] * getcwd.c, getwd.c: Initial revision [c90dea57a84f] * find_path.c: rewrote to use realpath(3) - nis now all my code [d2c3bb8fb37d] * config.h.in: added HAVE_REALPATH [02c10352a8c7] * check.c: now use tgetpass [b5c021fc179f] * Makefile.in: added LIBOBJS use tgetpass.c [230a7b3eeaa3] 1994-06-05 Todd C. Miller * tgetpass.c: works now :-) [025e7a3875ba] * tgetpass.c: Initial revision [3316ab33b230] * pathnames.h.in: added /dev/tty [29242585e53f] 1994-06-04 Todd C. Miller * version.h: incremented [f2e54b48280f] * sudo.c: always use getcwd [c6068e8a4029] * config.h.in: added check for getwd [ab1e102ad673] * configure.in: replace strdup & realpath & getcwd if missing [b0eb14f2a1c3] * pathnames.h.in: added _PATH_PWD [309d2388f69a] * aclocal.m4: added SUDO_PROG_PWD [e16e85deb96c] * strdup.c: Initial revision [810efdc15007] * realpath.c, sudo_realpath.c: Initial revision [d85eee438e09] 1994-06-03 Todd C. Miller * configure.in: quoted quare brackets [d0e7ca111d98] 1994-06-02 Todd C. Miller * sudo.c: no need to strdup() a constant [a8c44712df9a] * CHANGES: updated [71364129cca0] * sudo.man: added validate [0bb198095a26] * sudo.c: added -v to usage [31ea71f11dbb] * parse.c, sudo.c, sudo.h: added validate_only stuff [9bcd853d3c90] 1994-05-30 Todd C. Miller * configure.in: now finds sed [6374bb0d3f28] * aclocal.m4: $OSREV is now an int [ace0666d66cf] 1994-05-29 Todd C. Miller * configure.in: added mtxinu to caser [73a776887b16] * sudo.h: added EXEC macro [2e8eb28b710a] * sudo.c: now use the EXEC nmacro now only do a gethostbyname() if FQDN is set [56afb4f658d5] * logging.c: changed mail_argv[] def now use EXEC() macro [ddcabd28edb1] * check.c: took out crypt() definition [0e657724cf5f] * version.h: upped the version [62c5d66119fc] * configure.in: always look for -lnsl [d7b594f0313b] * aclocal.m4: added an echo [1caae3491dc5] * sudo.h: SHORT_MESSAGE is now the default [cfce35c3119a] * config.h.in: fixed typo [6499a564bf75] * configure.in: added missing AC_DEFINE(SVR4) for solaris [feef0b17b94f] * sudo.man: documented the -v flag [a6429f2bc2cf] * SUPPORTED: updated [088886e79540] * check.c: proto-ized crypt() [801e4ff5b121] * config.h.in: added LIBSHADOW undef [8df588e9ee2b] * configure.in: nwo set OS to be lowercase [561ebed833e4] 1994-05-28 Todd C. Miller * configure.in: now use SUDO_OSTYPE to set $OS [0e60aee23098] * aclocal.m4: now use uname to determine os [99705e58d400] * visudo.c: added prototypes & moved sig handler around [1f0bc8d23b51] * sudo.h: added prototyppes [be3935a2b163] * check.c, logging.c, sudo.c: added prototypes [2079b4605ab8] * parse.c: added comment [a34d147d8399] * config.h.in: nwo use _BSD_SIGNALS not _BSD_COMPAT [63663195f047] * aixcrypt.exp: Initial revision [890aed08357e] * Makefile.in: added aixcrypt.exp [1005a183105f] * parse.lex, parse.yacc: moved config.h to top of includes [9569c49aa5f3] 1994-05-25 Todd C. Miller * find_path.c: now don't bitch if get EACCESS (treat like EPERM) [dbeffb638de4] * visudo.c: added -v flag and usage() [4d44ed60ed75] * version.h: fixed a typo [cf3f9347ae41] * sudo.c: cast Argv to a const for exec added -v flag [d11b6efc0e45] * logging.c: mail_argv is now a const [93bb5d90bb6f] * configure.in: only set RETSIGTYPE if it is not set already [c97aac260b77] * aclocal.m4: now defines & STDC_HEADERS for Irix [9c2b24ad1fc5] * Makefile.in: added version.h [9f79e880229a] * insults.h, sudo.h: prevent multiple inclusion [d68c8a9243ce] * version.h: Initial revision [dbb39c5ef8d9] * parse.lex, parse.yacc: now includes config.h [f117e036a56b] * aclocal.m4: now talks about sunos 4.x [c9054aa92d4e] * visudo.c: calls to Exit now pass an arg [a92104670551] 1994-05-24 Todd C. Miller * visudo.c: signal handler now takes an int argument [26f480c41523] * CHANGES: updated [8c166a9d796b] * sudo.c: ok, the getcwd() is now *really* done as the user [ab86cf85134a] * configure.in: changed AIX STATIC_FLAGS [b9c0a3ba5663] * aclocal.m4: solaris now defines SVR4 [c3e20cac96f5] * sudo.h: added cwd and fixed stupid core dump that makes no sense. sigh. [7a9755436dbb] * sudo.c: moved getcwd stuff into load_globals [ec2bc90df1f3] * parse.c: took out externs that are in suod.h [93c4b3f856d7] * logging.c: moved cwd into load_globals [050de754d228] * find_path.c: moved cwd stuff [22f3f3b4c34d] * Makefile.in: fixed make distclean & realclean [c9964d89bcef] * TODO: updated ., [e513581ef0e3] * CHANGES: added solaris changes [505d930daf27] * aclocal.m4: added solaris changes, need to rework [33f20fb16c49] * configure.in: cleaned up for solaris [2fb8cfa05d0f] * logging.c: reinstall reapchild signal handler for non-bsd signals [3d1dc545113d] * sudo.h: took out getdtablesize() emulation for HP-UX (no longer needed) [1fc83d170f34] * sudo.c: support for HAVE_SYSCONF [50ca2a7a224a] * visudo.c: added for solaris & reorg'd the includes + minor prettying up / [0a570e826dd4] * config.h.in: added HAVE_SYSCONF [2b9a9f3a4e94] 1994-05-16 Todd C. Miller * configure.in: now tells you what os you are running /. [06c6332a895b] * aclocal.m4: took out extra ',' [e8c75ce59f4a] 1994-05-14 Todd C. Miller * config.h.in: added _BSD_COMPAT [73c5099806c2] * aclocal.m4: fixed for irix5 [1047d1f6c0eb] * CHANGES: updated [1bc4969fee96] * sudo.c: uid seinitialized to -2 [8d7812b1878b] 1994-04-28 Todd C. Miller * sudo.c: now removes LIBPATH for AIX [075392eb1dd9] 1994-03-13 Todd C. Miller * configure.in: now uses ufc if it finds it [ab6ce30a5958] 1994-03-12 Todd C. Miller * sudo.h: no longer define yyval & yylval since yacc does it [09d250aea50a] * parse.lex: now defines yylval as extenr [8ec2b88952bc] * configure.in: BROKEN_GETPASS is now an OPTION [3714f4bb8312] * config.h.in: took out BROKEN_GETPASS [9c4f6aa50137] * Makefile.in: took out big comment [4c13cff0e556] * README: updated [b8b9902b620d] * Makefile.in: took out README.beta [ed2cd861e82b] * SUPPORTED: Initial revision [2fffc51e6606] * INSTALL: now reference SUPPORTED ., [d112c30be1f2] * config.h.in: now check for convex OR __convex__ [a0e5701a3069] * aclocal.m4: now check for convex or __convex__ [5dae2bfbe3bc] * Makefile.in: added dist target [400a54de57db] * aclocal.m4: use __convex__ [58a19470ed0b] * find_path.c: now use _S_* stat stuff to be ansi-like [28cce560e048] * INSTALL: updated for configure directions [a034ccc7c30a] * Makefile.in: distclean now removes config.h and pathnames.h [300f2349b4ab] * CHANGES: updated [646f7e9430c1] * TODO: fixed typoe [70fd6361b2bc] * visudo.c: updated version [cf13d87d789f] * Makefile.in: updated version [8c5dacc27a7a] * config.h.in, pathnames.h.in: added copyright header [747ce3d3d6b7] * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.h: udpated version [4751c39bad18] * visudo.c: udpated to use configure + pathnames.h [d45dff76a1cd] * aclocal.m4: updated [f05a367a55be] * Makefile.in, config.h.in, configure.in: updated [524778598879] * sudo.h: now works with configure [83fc40e533f4] * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c: updated to work with configure + pathnames.h [cb67fa6ab52d] * Makefile.in: added LEXLIB [f43cad4ab0a2] 1994-03-10 Todd C. Miller * COPYING: updated gnu general licence to versio 2 [2b0b56112ddc] * config.h.in, pathnames.h.in: Initial revision [4b586f39ec2d] * sudo.h: changed to work with configure [13f3506ddf16] 1994-03-09 Todd C. Miller * Makefile.in, aclocal.m4, configure.in: Initial revision [a8636ae77371] * visudo.c: now uses defines used by configure [de438d118993] 1994-03-01 Todd C. Miller * find_path.c: sudo won't bitch about EPERM now, for real [ce26d9ef7e3f] 1994-02-28 Todd C. Miller * logging.c: renamed exec_argv to eliminate a libc name clash with ksros [bcb4350d8411] * CHANGES: corrected [dae68d422efd] * logging.c, sudo.c, sudo.h: execve -> execv [40cc2c4bdb15] * TODO: upated [9275a8b8fc45] * PORTING: added 2 mroe items [6cbb5c56993c] * CHANGES: updated [73f34f8e571a] * sudo.h: added UMASK and mode_t declaration [7c2015e1d171] * sudo.c: added UMASK [d37be7523680] * logging.c: now opens log file with mode 077 [0825cc3ee841] * check.c: saved current umask ans restores it [659c1aaae8e8] * sudo.h: added MAXLOGFILELEN [34331c7dee90] * logging.c: split long log lines. FOr syslog, split into multiple entries, for a log file, indent the extra for readability [72c9e4cdba6e] 1994-02-27 Todd C. Miller * CHANGES: added changes [81196833673d] * sudo.h: MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be) [1aa69e903840] 1994-02-25 Todd C. Miller * TODO: added input from Brett M Hogden [80f01fc88ce9] 1994-02-16 Todd C. Miller * sudo.c: added rmenv() to remove stuff from environ. can now uses execvp() OR execve() becuase of this. [e7fc2535bd67] * logging.c: now uses execvp() OR execve() [56391aa1f99d] * sudo.h: added USE_EXECVE [f21f38050b95] * sudo.h: added environ [6b805e23c6f6] * find_path.c: now ignore EPERM [c8fd7117a1d7] * sudo.h: moved some func decls out of sudo.h and into sudo.c as statics /. [5f555c267d27] * CHANGES: updated [431f478af320] * sudo.h: took out Envp [6f722be7793d] 1994-02-14 Todd C. Miller * BUGS: Initial revision [4a8ecf0da95c] 1994-02-10 Todd C. Miller * CHANGES: added SECURE_PATH [1c72cb222609] * sudo.c, sudo.h: added SECURE_PATH [5bf5357a63c5] * sudo.h: added SECURE_PATH [3976a74405ac] * INSTALL: added sample.sudoers note [1b395d29aaeb] * sudoers: Initial revision [485888d07477] 1994-02-09 Todd C. Miller * find_path.c: fixed typo [bfc3cc4d41ca] * PORTING: took out SAVED_UID garbage [b7c2d3469661] [SUDO_1_3_0] * INSTALL: mentioned HAL [253d6695df90] * sudo.h: added HAL line [29ec1a4ac6de] * insults.h: added HAL insults [7d7c96d77c74] * TODO: updated [aa2ed9790586] * logging.c: more verbose error if mailer not found [fca47fd00cb6] * check.c: now do getpwent as root for soem shadow password systems (bsdi) [e0339e110d46] 1994-02-08 Todd C. Miller * sudo.h: took out SAVED_UID garbade [fcb0e81dcdb5] * sudo.c: took out SAVED_UID garbage since it don't work [507e9513e9c2] 1994-02-06 Todd C. Miller * README: updated [d2b6b253dae5] * insults.h: added a missing space :-) [8940ea991f87] * sudo.c, sudo.h: took out multimax cruft [c2606b365181] * INSTALL: minor update [05fb6ee73131] * PORTING: finished [c4ac47c84dc5] * sudo.c: fixed a typo + indentation [7eab40aae8fa] 1994-02-05 Todd C. Miller * sudo.h: took outumoved some defines to the config file ,. ,. [defff05beb52] * PORTING: Initial revision [c803e9127959] * TODO: did #6 [c6fa1c946c31] * sudo.h: added HAS_SAVED_UID [6a88a39c0a07] * sudo.c: put back AIX cruft [a24d2507ddd4] 1994-02-03 Todd C. Miller * sudo.c: aix changes [1663915f754a] 1994-02-02 Todd C. Miller * CHANGES: updated [a8cc73747cae] * check.c, logging.c, parse.c, sudo.c, sudo.h: now is only root when abs necesary [3c9d12c5cdfe] * check.c: added missing %s\n [609320b72d89] 1994-01-31 Todd C. Miller * install-sh: Initial revision [b5bba140a175] * TODO: updated [c9d2eba602af] * CHANGES: updated [932f1fc3bb14] * sudo.c: now removed _RLD_* for alphas [54a36e648158] * INSTALL: updated for new config scheme [61c8ae800444] * find_path.c: more verbose eror messages [b4fd123db42d] 1994-01-27 Todd C. Miller * TODO: now have solaris [371002fbf266] * sudo.h: define __svr4__ for SOLARIS [0b5cf5ed936d] * check.c: added svr4 junk for shadow pws for solaris 2.x [91ed58f21618] * check.c, sudo.c: took out setuid(0) and setreuid(udi) garbage. Its not needed since we start out setuid with the correct perms. [07689e782b0b] * check.c, sudo.c, sudo.h: now use setreuid() [7d64d685d78e] 1994-01-26 Todd C. Miller * sudo.man: revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES sectoin [b26967b1e19b] * visudo.c: now uses ENV_EDITOR if you want to use the EDITOR envar [a4f8fcb9bd1d] * sudo.h: now uses ENV_EDITOR if you want to use the EDITOR envar >> . [028cc55c4328] 1993-12-07 Todd C. Miller * INSTALL: rewrote most of this [a6750923f9c9] * README: minor update + spell fix [a411717a7249] * sudo.h: added all options that are in the Makefile [6db3b3b841b3] * getpass.c: now use USE_TERMIO #define for sgi & hpux [b91f89ae6be1] * TODO: todo: posix sigs [4548a56eb2ef] 1993-12-06 Todd C. Miller * check.c, find_path.c: always include strings.h [1fc20bda92c0] * visudo.c: added STATICEDITOR [0596f820716e] * sudo.h: sgi has vi in /usr/bin too [94203b62bfd9] * sudo.man: added VISUAL [87c2844c4cac] 1993-12-03 Todd C. Miller * sudo.h: sue /usr/bin/vi on some systems [e3ad9190f35e] * sudo.c: fixed warning (include strings.h) [0b896de4d8a0] * sudo.man: added John_Rouillard@dl5000.bc.edu's changes (new features) [f41b4205a8cf] * CHANGES: changes from John_Rouillard@dl5000.bc.edu [6bdef8e948d5] * visudo.c: added EDITOR envar [5c4bf716de21] * check.c, find_path.c, parse.c, sudo.c: added patches from John_Rouillard directory spec uses EDITOR [f62a435f8c41] 1993-12-02 Todd C. Miller * getpass.c: added flush for hpux [07cfdd6a7b55] 1993-11-30 Todd C. Miller * sudo.c: no longer assume malloc returns a char * [7480bd2756f3] * sudo.c: alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now gets removed correctly [8587166c6ac8] * sudo.h: added STD_HEADERS macro [480f5a9a516c] * sudo.c: now uses STD_HEADERS macor for ansi [c5018806fd59] * find_path.c: now uses STD_HEADERS macro [ad821e0788ea] * check.c: niceties for C compiler bitches -- no real change [0fc0b1a5fb64] 1993-11-29 Todd C. Miller * visudo.c: now doesn't fclose a file never opened. [ee888ec9427d] 1993-11-28 Todd C. Miller * sudo.man: added visudo line [698d51c66407] * sudo.man: added error stuff added me in there... [d202fd34b906] * CHANGES: noted insults [998a22c2230c] * INSTALL: added blurb about reading stuff [e71db100798f] * sudo.h: added insults [c110431cec56] * insults.h: corrected somments and removed newlines [493706fd488c] * check.c: now uses insults [6d23cf06a0ef] * insults.h: Initial revision [83153c26b4a3] * INSTALL: added dec syslog note [555437273237] * sample.sudoers: added real stuff in there [53442a7fba78] * TODO: added a todo [c630472bd4dc] * TODO: added one [806464453284] 1993-11-27 Todd C. Miller * sample.sudoers: Initial revision [7db0a9f1ca8f] * sudo.man: updated with changes [d9bf254c6c08] * sudo.man: Initial revision [dd6f11174ac6] * indent.pro: Initial revision [dbfbb494fad9] * CHANGES, COPYING, INSTALL, README, TODO: Initial revision [6d98f489a079] * visudo.c: updated version number and took out jeff's old addr since it is no good [ee47c24818cb] * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.h: updated version number and took out jeff's email (since it is invalid) [54616458a52e] 1993-10-28 Todd C. Miller * check.c: added fflush() [145c881f4fb4] 1993-10-23 Todd C. Miller * find_path.c: now return NULL instead pfof exiting for nopnn-fatal errors [8bc74f8cb1ae] 1993-10-21 Todd C. Miller * check.c: new banner [5387ab2af516] * parse.lex: now sudo.h gets included first [2acb01c18e18] 1993-10-18 Todd C. Miller * parse.lex: now can use flex [164d3839adf0] * sudo.h: linux patch [f1b6b1b1a2ca] * sudo.c: hpux 9 fix, removes SHLIB_PATH linux patch [67611dc1737f] * check.c: linux diff [c24536682397] 1993-10-15 Todd C. Miller * find_path.c: stat now ignores EINVAL [c7761a5dc642] 1993-10-06 Todd C. Miller * find_path.c, sudo.c: now declare strdup as extern [6b7d6f8784b5] 1993-10-04 Todd C. Miller * visudo.c: reformatted with indent + by hand [9d43084e4990] * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h: used indent to "fix" coding style [489ffacbdc70] * find_path.c: now checks '.' or '.' or '' in PATH -- but does it LAST should maybe move the code that does this into the loop body. makes it messier tho. hmmm. [c4d22b48da9a] 1993-09-08 Todd C. Miller * find_path.c: redid the fix for non-executable files in an easier to read way plus some minor aethetic changes [84fe337f1426] * find_path.c: fixed bug with non-executable tings of same name in path introduced by checkig errno after stat(2). [c2a812cfcbc1] 1993-09-05 Todd C. Miller * sudo.c: fixed off by one error [fabb7cee0041] * find_path.c: now handles decending below '/' correctly [5d2ddfc0b220] * sudo.c: now actually builds Envp instead of munging envp [bdc4b08f6898] 1993-09-04 Todd C. Miller * parse.yacc: now includes sys/param.h [efbb494ab4de] * visudo.c: now includes sys/param.h [ad6c91d59958] * sudo.h: fixed ifndef -> ifdef [7aebe822d863] * qualify.c: make more like find_path.c [853b2dab2e03] * find_path.c: rewritten by millert [c6a043cc11b3] * sudo.h: fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info about new defines in the comment [39ffefce3aec] * logging.c: now uses USE_CWD [fa0f3b118bb3] * sudo.h: added delc for clean_envp() and Envp [a12034e300c2] * sudo.c: now rips LD_* env vars out of envp and passed sanitized Envp to exec [d201a218e056] * logging.c: now uses execve() [f3e01032cd33] * find_path.c: ENOTDIR is ok now too (in case part of the path is bogus) [b5cbbb201bb5] * qualify.c: now works correctly (ttaltotal rewrite) [0c25d64a5c68] * parse.lex: now includes sys/param.h didn't match trailing / -- fix from rouilj@cs.umb.edu [b6363ba110af] 1993-06-11 Todd C. Miller * sudo.c: moved around the #ifndef _AIX [7d4330950c20] * check.c, logging.c, parse.c: Initial revision [c101e9572d7f] 1993-03-20 Todd C. Miller * qualify.c: Initial revision [5a5f21d0e0bf] 1993-03-13 Todd C. Miller * find_path.c: now works if you do sudo bin/test [07835120ce43] * find_path.c: works [c3da8b5efa20] 1993-03-02 Todd C. Miller * sudo.h: Initial revision [28a1caa38b72] * visudo.c: Initial revision [0e5cd7c3cdbe] * parse.lex, parse.yacc: Initial revision [5f2d0cccb06b] 1993-02-16 Todd C. Miller * sudo.c: took out errno.h [7466431a2655] * sudo.c: now spews error if exec fails and exits with -1 [e5c41ea725c1] * sudo.c: Initial revision [8aeabe39a0c2] * find_path.c: now only execs files with (an) executable bit set. [0a451f9c0e58] * find_path.c: Initial revision [02a534891a35] 1993-02-15 Todd C. Miller * getpass.c: added nice comment [ea8b2aaa9389] * getpass.c: now works on sgi's [bf2b7c6d0960] * getpass.c: Initial revision [9f4de251c1b5] sudo-1.8.9p5/INSTALL010064400175440000012000001024001226304127600133750ustar00millertstaffSudo installation instructions ============================== Sudo uses a `configure' script to probe the capabilities and type of the system in question. In this release, `configure' takes many more options than it did before. Please read this document fully before configuring and building sudo. You may also wish to read the file INSTALL.configure which explains more about the `configure' script. System requirements =================== To build sudo from the source distribution you need a POSIX-compliant operating system (any modern version of BSD, Linux or Unix should work), an ANSI/ISO C compiler that supports the "long long" type, variadic macros (a C99 feature) as well as the ar, make and ranlib utilities. If you wish to modify the parser then you will need flex version 2.5.2 or later and either bison or byacc (sudo comes with a pre-generated parser). You'll also have to run configure with the --with-devel option or pass DEVEL=1 to make. You can get flex from http://flex.sourceforge.net/. You can get GNU bison from ftp://ftp.gnu.org/pub/gnu/bison/ or any GNU mirror. Simple sudo installation ======================== For most systems and configurations it is possible simply to: 0) If you are upgrading from a previous version of sudo please read the info in the UPGRADE file before proceeding. 1) Read the `OS dependent notes' section for any particular "gotchas" relating to your operating system. 2) `cd' to the source or build directory and type `./configure' to generate a Makefile and config.h file suitable for building sudo. Before you actually run configure you should read the `Available configure options' section to see if there are any special options you may want or need. 4) Type `make' to compile sudo. If you are building sudo in a separate build tree (apart from the sudo source) GNU make will probably be required. If `configure' did its job properly (and you have a supported configuration) there won't be any problems. If this doesn't work, take a look at the doc/TROUBLESHOOTING file for tips on what might have gone wrong. Please mail us if you have a fix or if you are unable to come up with a fix (address at EOF). 5) Type `make install' (as root) to install sudo, visudo, the man pages, and a skeleton sudoers file. Note that the install will not overwrite an existing sudoers file. You can also install various pieces the package via the install-binaries, install-doc, and install-sudoers make targets. 6) Edit the sudoers file with `visudo' as necessary for your site. You will probably want to refer the sample.sudoers file and sudoers man page included with the sudo package. 7) If you want to use syslogd(8) to do the logging, you'll need to update your /etc/syslog.conf file. See the sample.syslog.conf file included in the distribution for an example. Available configure options =========================== This section describes flags accepted by the sudo's `configure' script. Defaults are listed in brackets after the description. Configuration: --cache-file=FILE Cache test results in FILE --config-cache, -C Alias for `--cache-file=config.cache' --help, -h Print the usage/help info --no-create, -n Do not create output files --quiet, --silent, -q Do not print `checking...' messages --srcdir=DIR Find the sources in DIR [configure dir or `..'] Directory and file names: --prefix=PREFIX Install architecture-independent files in PREFIX. [/usr/local] --exec-prefix=EPREFIX Install architecture-dependent files in EPREFIX. This includes the executables and plugins. [same as PREFIX] --bindir=DIR Install `sudo', `sudoedit' and `sudoreplay' in DIR. [EPREFIX/bin] --sbindir=DIR Install `visudo' in DIR. [EPREFIX/sbin] --libexecdir=DIR Install plugins and helper programs in DIR/sudo [PREFIX/libexec/sudo] --sysconfdir=DIR Look for `sudo.conf' and `sudoers' files in DIR. [/etc] --includedir=DIR Install sudo_plugin.h include file in DIR [PREFIX/include] --datarootdir=DIR Root directory for platform-independent data files [PREFIX/share] --localedir=DIR Install sudo and sudoers locale files in DIR [DATAROOTDIR/locale] --mandir=DIR Install man pages in DIR [PREFIX/man] --docdir=DIR Install other sudo documentation in DIR [DATAROOTDIR/doc/sudo] --with-plugindir=PATH Set the directory that sudo looks in to find the policy and I/O logging plugins. Defaults to the LIBEXEC/sudo. --with-timedir=PATH Use PATH to store the sudo time stamp files. By default, the first existing directory in the following list is used: /var/db, /var/lib, /var/adm, /usr/adm. Compilation options: --disable-hardening Disable the use of compiler/linker exploit mitigation options which are enabled by default. This includes compiling with _FORTIFY_SOURCE defined to 2, building with -fstack-protector and linking with -zrelro, where supported. --enable-pie Build sudo and related programs as as a position independent executables (PIE). This improves the effectiveness of address space layout randomization (ASLR) on systems that support it. Sudo will create PIE binaries by default on Linux systems. --disable-pie Disable the creation of position independent executables (PIE), even if the compiler creates PIE binaries by default. This option may be needed on some Linux systems where PIE binaries are not fully supported. --disable-poll Use select() instead of poll() in the event loop. By default, sudo will use poll() on systems that support it. Some systems have a broken poll() implementation and need to use select instead. On Mac OS X, select() is always used since its poll() doesn't support devices. --disable-rpath By default, configure will use -Rpath in addition to -Lpath when passing library paths to the loader. This option will disable the use of -Rpath. --disable-shared Disable dynamic shared object support. By default, sudo is built with a plugin API capable of loading arbitrary policy and I/O logging plugins. If the --disable-shared option is specified, this support is disabled and the default sudoers policy and I/O plugins are embedded in the sudo binary itself. This will also disable the noexec option as it too relies on dynamic shared object support. --enable-static-sudoers By default, the sudoers plugin is built and installed as a dynamic shared object. When the --enable-static-sudoers option is specified, the sudoers plugin is compiled directly into the sudo binary. Unlike --disable-shared, this does not prevent other plugins from being used and the noexec option will continue to function. --enable-zlib[=location] Enable the use of the zlib compress library when storing I/O log files. If specified, location is the base directory containing the zlib include and lib directories. The special values "system" and "builtin" can be used to indicate that the system version of zlib should be used or that the version of zlib shipped with sudo should be used instead. If this option is not specified, configure will use the system zlib if it is present. --with-incpath=DIR Adds the specified directory (or directories) to CPPFLAGS so configure and the compiler will look there for include files. Multiple directories may be specified as long as they are space separated. E.g. --with-incpath="/usr/local/include /opt/include" --with-libpath=DIR Adds the specified directory (or directories) to LDFLAGS so configure and the compiler will look there for libraries. Multiple directories may be specified as with --with-incpath. --with-libraries=LIBRARY Adds the specified library (or libraries) to SUDO_LIBS and and VISUDO_LIBS so sudo will link against them. If the library doesn't start with `-l' or end in `.a' or `.o' a `-l' will be pre-pended to it. Multiple libraries may be specified as long as they are space separated. --with-libtool=PATH By default, sudo will use the included version of libtool to build shared libraries. The --with-libtool option can be used to specify a different version of libtool to use. The special values "system" and "builtin" can be used in place of a path to denote the default system libtool (obtained via the user's PATH) and the default libtool that comes with sudo. Optional features: --disable-root-mailer By default sudo will run the mailer as root when tattling on a user so as to prevent that user from killing the mailer. With this option, sudo will run the mailer as the invoking user which some people consider to be safer. --enable-nls[=location] Enable natural language support using the gettext() family of functions. If specified, location is the base directory containing the libintl include and lib directories. If this option is not specified, configure will look for the gettext() family of functions in the standard C library first, then check for a standalone libintl (linking with libiconv as needed). --disable-nls Disable natural language support. By default, sudo will use the gettext() family of functions, if available, to implement messages in the invoking user's native language. Note that translations do not exist for all languages. --with-ldap[=DIR] Enable LDAP support. If specified, DIR is the base directory containing the LDAP include and lib directories. Please see README.LDAP for more information. --with-ldap-conf-file=PATH Path to LDAP configuration file. If specified, sudo reads this file instead of /etc/ldap.conf to locate the LDAP server. --with-ldap-secret-file=PATH Path to LDAP secret password file. If specified, sudo uses this file instead of /etc/ldap.secret to read the secret password when rootbinddn is specified in the ldap config file. --with-logincap This adds support for login classes specified in /etc/login.conf. It is enabled by default on BSD/OS, Darwin, FreeBSD, OpenBSD and NetBSD (where available). By default, a login class is not applied unless the 'use_loginclass' option is defined in sudoers or the user specifies a class on the command line. --with-interfaces=no, --without-interfaces This option keeps sudo from trying to glean the ip address from each attached Ethernet interface. It is only useful on a machine where sudo's interface reading support does not work, which may be the case on some SysV-based OS's using STREAMS. --with-noexec[=PATH] Enable support for the "noexec" functionality which prevents a dynamically-linked program being run by sudo from executing another program (think shell escapes). Please see the "PREVENTING SHELL ESCAPES" section in the sudoers man page for details. If specified, PATH should be a fully qualified path name, e.g. /usr/local/libexec/sudo_noexec.so. If PATH is "no", noexec support will not be compiled in. The default is to compile noexec support if libtool supports building shared objects on your OS. --with-selinux Enable support for role based access control (RBAC) on systems that support SELinux. --with-sssd Enable support for using the System Security Services Daemon (SSSD) as a sudoers data source. For more information on SSD, see http://fedorahosted.org/sssd/ --with-sssd-lib=PATH Specify the path to the SSSD shared library, which is loaded at run-time. Operating system-specific options: --disable-setreuid Disable use of the setreuid() function for operating systems where it is broken. For instance, 4.4BSD has setreuid() that is not fully functional. --disable-setresuid Disable use of the setresuid() function for operating systems where it is broken (none currently known). --enable-admin-flag Enable the creation of an Ubuntu-style admin flag file the first time sudo is run. --with-bsm-audit Enable support for sudo BSM audit logs on systems that support it. This includes recent versions of FreeBSD, Mac OS X and Solaris. --with-linux-audit Enable audit support for Linux systems. Audits attempts to run a command as well as SELinux role changes. --with-man Use the "man" macros for manual pages. By default, mdoc versions of the manuals are installed if supported. This can be used to override configure's test for "nroff -mdoc" support. --with-mdoc Use the "mdoc" macros for manual pages. By default, mdoc versions of the manuals are installed if supported. This can be used to override configure's test for "nroff -mdoc" support. --with-netsvc[=PATH] Path to netsvc.conf or "no" to disable netsvc.conf support. If specified, sudo uses this file instead of /etc/netsvc.conf on AIX systems. If netsvc support is disabled but LDAP is enabled, sudo will check LDAP first, then the sudoers file. --with-nsswitch[=PATH] Path to nsswitch.conf or "no" to disable nsswitch support. If specified, sudo uses this file instead of /etc/nsswitch.conf. If nsswitch support is disabled but LDAP is enabled, sudo will check LDAP first, then the sudoers file. --with-project Enable support for Solaris project resource limits. This option is only available on Solaris 9 and above. Authentication options: --with-AFS Enable AFS support with Kerberos authentication. Should work under AFS 3.3. If your AFS doesn't have -laudit you should be able to link without it. --with-aixauth Enable support for the AIX 4.x general authentication function. This will use the authentication scheme specified for the user on the machine. It is on by default for AIX systems that support it. --with-bsdauth Enable support for BSD authentication. This is the default for BSD/OS and OpenBSD systems that support it. It is not possible to mix BSD authentication with other authentication methods (and there really should be no need to do so). Note that only the newer BSD authentication API is supported. If you don't have /usr/include/bsd_auth.h then you cannot use this. --with-DCE Enable DCE support for systems without PAM. Known to work on HP-UX 9.X, 10.X, and 11.0; other systems may require source code and/or `configure' changes. On systems with PAM support (such as HP-UX 11.0 and higher, Solaris, FreeBSD and Linux), the DCE PAM module (usually libpam_dce) should be used instead. --with-fwtk[=DIR] Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified, DIR is the base directory containing the compiled FWTK package (or at least the library and header files). --with-kerb5[=DIR] Enable Kerberos V support. If specified, DIR is the base directory containing the Kerberos V include and lib dirs. This uses Kerberos pass phrases for authentication but does not use the Kerberos cookie scheme. Will not work for Kerberos V older than version 1.1. --enable-kerb5-instance=string By default, the user name is used as the principal name when authenticating via Kerberos V. If this option is enabled, the specified instance string will be appended to the user name (separated by a slash) when creating the principal name. --with-opie[=DIR] Enable NRL OPIE OTP (One Time Password) support. If specified, DIR should contain include and lib directories with opie.h and libopie.a respectively. --with-otp-only This option is now just an alias for --without-passwd. --with-pam Enable PAM support. This is on by default for Darwin, FreeBSD, Linux, Solaris and HP-UX (version 11 and higher). NOTE: on RedHat Linux and Fedora you *must* have an /etc/pam.d/sudo file install. You may either use the sample.pam file included with sudo or use /etc/pam.d/su as a reference. The sample.pam file included with sudo may or may not work with other Linux distributions. On Solaris and HP-UX 11 systems you should check (and understand) the contents of /etc/pam.conf. Do a "man pam.conf" for more information and consider using the "debug" option, if available, with your PAM libraries in /etc/pam.conf to obtain syslog output for debugging purposes. --with-pam-login Enable a specific PAM session when sudo is given the -i option. This changes the PAM service name when sudo is run with the -i option from "sudo" to "sudo-i", allowing for a separate pam configuration for sudo's initial login mode. --disable-pam-session Disable sudo's PAM session support. This may be needed on older PAM implementations or on operating systems where opening a PAM session changes the utmp or wtmp files. If PAM session support is disabled, resource limits may not be updated for the command being run. --with-passwd=no, --without-passwd This option excludes authentication via the passwd (or shadow) file. It should only be used when another, alternative, authentication scheme is in use. --with-SecurID[=DIR] Enable SecurID support. If specified, DIR is directory containing libaceclnt.a, acexport.h, and sdacmvls.h. --with-skey[=DIR] Enable S/Key OTP (One Time Password) support. If specified, DIR should contain include and lib directories with skey.h and libskey.a respectively. --disable-sia Disable SIA support. This is the "Security Integration Architecture" on Digital UNIX. If you disable SIA sudo will use its own authentication routines. --disable-shadow Disable shadow password support. Normally, sudo will compile in shadow password support and use a shadow password if it exists. --enable-gss-krb5-ccache-name Use the gss_krb5_ccache_name() function to set the Kerberos V credential cache file name. By default, sudo will use the KRB5CCNAME environment variable to set this. While gss_krb5_ccache_name() provides a better API to do this it is not supported by all Kerberos V and SASL combinations. Development options: --enable-env-debug Enable debugging of the environment setting functions. This enables extra checks to make sure the environment does not become corrupted. --enable-warnings Enable compiler warnings when building sudo with gcc. --enable-werror Enable the -Werror compiler option when building sudo with gcc. --with-devel Configure development options. This will enable compiler warnings and set up the Makefile to be able to regenerate the sudoers parser as well as the manual pages. --with-efence Link with the "electric fence" debugging malloc. Options that set runtime-changeable default values: --disable-authentication By default, sudo requires the user to authenticate via a password or similar means. This options causes sudo to *not* require authentication. It is possible to turn authentication back on in sudoers via the PASSWD attribute. Sudoers option: !authenticate --disable-env-reset Disable environment resetting. This sets the default value of the "env_reset" Defaults option in sudoers to false. Sudoers option: !env_reset --disable-path-info Normally, sudo will tell the user when a command could not be found in their $PATH. Some sites may wish to disable this as it could be used to gather information on the location of executables that the normal user does not have access to. The disadvantage is that if the executable is simply not in the user's path, sudo will tell the user that they are not allowed to run it, which can be confusing. Sudoers option: path_info --disable-root-sudo Don't let root run sudo. This can be used to prevent people from "chaining" sudo commands to get a root shell by doing something like "sudo sudo /bin/sh". Sudoers option: !root_sudo --disable-zlib Disable the use of the zlib compress library when storing I/O log files. Sudoers option: !compress_io --enable-log-host Log the hostname in the log file. Sudoers option: log_host --enable-noargs-shell If sudo is invoked with no arguments it acts as if the "-s" flag had been given. That is, it runs a shell as root (the shell is determined by the SHELL environment variable, falling back on the shell listed in the invoking user's /etc/passwd entry). Sudoers option: shell_noargs --enable-shell-sets-home If sudo is invoked with the "-s" flag the HOME environment variable will be set to the home directory of the target user (which is root unless the "-u" option is used). This option effectively makes the "-s" flag imply "-H". Sudoers option: set_home --with-all-insults Include all the insult sets listed below. You must either specify --with-insults or enable insults in the sudoers file for this to have any effect. --with-askpass=PATH Set PATH as the "askpass" program to use when no tty is available. Typically, this is a graphical password prompter, similar to the one used by ssh. The program must take a prompt as an argument and print the received password to the standard output. This value may overridden at run-time in the sudo.conf file. --with-badpass-message="BAD PASSWORD MESSAGE" Message that is displayed if a user enters an incorrect password. The default is "Sorry, try again." unless insults are turned on. Sudoers option: badpass_message --with-badpri=PRIORITY Determines which syslog priority to log unauthenticated commands and errors. The following priorities are supported: alert, crit, debug, emerg, err, info, notice, and warning. Sudoers option: syslog_badpri --with-classic-insults Uses insults from sudo "classic." If you just specify --with-insults you will get the classic and CSOps insults. This is on by default if --with-insults is given. --with-csops-insults Insults the user with an extra set of insults (some quotes, some original) from a sysadmin group at CU (CSOps). You must specify --with-insults as well for this to have any effect. This is on by default if --with-insults is given. --with-editor=PATH Specify the default editor path for use by visudo. This may be a single path name or a colon-separated list of editors. In the latter case, visudo will choose the editor that matches the user's VISUAL or EDITOR environment variables or the first editor in the list that exists. The default is the path to vi on your system. Sudoers option: editor --with-env-editor Makes visudo consult the VISUAL and EDITOR environment variables before falling back on the default editor list (as specified by --with-editor). Note that this may create a security hole as it allows the user to run any arbitrary command as root without logging. A safer alternative is to use a colon-separated list of editors with the --with-editor option. visudo will then only use the VISUAL or EDITOR variables if they match a value specified via --with-editor. Sudoers option: env_editor --with-exempt=GROUP Users in the specified group don't need to enter a password when running sudo. This may be useful for sites that don't want their "core" sysadmins to have to enter a password but where Jr. sysadmins need to. You should probably use NOPASSWD in sudoers instead. Sudoers option: exempt_group --with-fqdn Define this if you want to put fully qualified host names in the sudoers file. Ie: instead of myhost you would use myhost.mydomain.edu. You may still use the short form if you wish (and even mix the two). Beware that turning FQDN on requires sudo to make DNS lookups which may make sudo unusable if your DNS is totally hosed. Also note that you must use the host's official name as DNS knows it. That is, you may not use a host alias (CNAME entry) due to performance issues and the fact that there is no way to get all aliases from DNS. Sudoers option: fqdn --with-goodpri=PRIORITY Determines which syslog priority to log successfully authenticated commands. The following priorities are supported: alert, crit, debug, emerg, err, info, notice, and warning. Sudoers option: syslog_goodpri --with-goons-insults Insults the user with lines from the "Goon Show" when an incorrect password is entered. You must either specify --with-insults or enable insults in the sudoers file for this to have any effect. --with-hal-insults Uses 2001-like insults when an incorrect password is entered. You must either specify --with-insults or enable insults in the sudoers file for this to have any effect. --with-ignore-dot If set, sudo will ignore '.' or '' (current dir) in $PATH. The $PATH itself is not modified. Sudoers option: ignore_dot --with-insults Define this if you want to be insulted for typing an incorrect password just like the original sudo(8). This is off by default. Sudoers option: insults --with-insults=disabled Include support for insults but disable them unless explicitly enabled in sudoers. Sudoers option: !insults --with-iologdir[=DIR] By default, sudo stores I/O log files in either /var/log/sudo-io, /var/adm/sudo-io, or /usr/log/sudo-io. If this option is specified, I/O logs will be stored in the indicated directory instead. Sudoers option: iolog_dir --with-lecture=no, --without-lecture Don't print the lecture the first time a user runs sudo. Sudoers option: !lecture --with-logfac=FACILITY Determines which syslog facility to log to. This requires a 4.3BSD or later version of syslog. You can still set this for ancient syslogs but it will have no effect. The following facilities are supported: authpriv (if your OS supports it), auth, daemon, user, local0, local1, local2, local3, local4, local5, local6, and local7. Sudoers option: syslog --with-logging=TYPE How you want to do your logging. You may choose "syslog", "file", or "both". Setting this to "syslog" is nice because you can keep all of your sudo logs in one place (see the sample.syslog.conf file). The default is "syslog". Sudoers options: syslog and logfile --with-loglen=NUMBER Number of characters per line for the file log. This is only used if you are to "file" or "both". This value is used to decide when to wrap lines for nicer log files. The default is 80. Setting this to 0 will disable the wrapping. Sudoers options: loglinelen --with-logpath=PATH Override the default location of the sudo log file and use "path" instead. By default will use /var/log/sudo.log if there is a /var/log dir, falling back to /var/adm/sudo.log or /usr/adm/sudo.log if not. Sudoers option: logfile --with-long-otp-prompt When validating with a One Time Password scheme (S/Key or OPIE), a two-line prompt is used to make it easier to cut and paste the challenge to a local window. It's not as pretty as the default but some people find it more convenient. Sudoers option: long_otp_prompt --with-mail-if-no-user=no, --without-mail-if-no-user Normally, sudo will mail to the "alertmail" user if the user invoking sudo is not in the sudoers file. This option disables that behavior. Sudoers option: mail_no_user --with-mail-if-no-host Send mail to the "alermail" user if the user exists in the sudoers file, but is not allowed to run commands on the current host. Sudoers option: mail_no_host --with-mail-if-noperms Send mail to the "alermail" user if the user is allowed to use sudo but the command they are trying is not listed in their sudoers file entry. Sudoers option: mail_no_perms --with-mailsubject="SUBJECT OF MAIL" Subject of the mail sent to the "mailto" user. The token "%h" will expand to the hostname of the machine. Default is "*** SECURITY information for %h ***". Sudoers option: mailsub --with-mailto=USER|MAIL_ALIAS User (or mail alias) that mail from sudo is sent to. This should go to a sysadmin at your site. The default is "root". Sudoers option: mailto --with-passprompt="PASSWORD PROMPT" Default prompt to use when asking for a password; can be overridden via the -p option and the SUDO_PROMPT environment variable. Supports the "%H", "%h", "%U" and "%u" escapes as documented in the sudo manual page. The default value is "Password:". Sudoers option: passprompt --with-password-timeout=NUMBER Number of minutes before the sudo password prompt times out. The default is 5, set this to 0 for no password timeout. Sudoers option: passwd_timeout --with-passwd-tries=NUMBER Number of tries a user gets to enter his/her password before sudo logs the failure and exits. The default is 3. Sudoers option: passwd_tries --with-pc-insults Replace politically incorrect insults with less objectionable ones. --with-runas-default=USER The default user to run commands as if the -u flag is not specified on the command line. This defaults to "root". Sudoers option: runas_default --with-secure-path[=PATH] Path used for every command run from sudo(8). If you don't trust the people running sudo to have a sane PATH environment variable you may want to use this. Another use is if you want to have the "root path" be separate from the "user path." You will need to customize the path for your site. NOTE: this is not applied to users in the group specified by --with-exemptgroup. If you do not specify a path, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" is used. Sudoers option: secure_path --with-sendmail=PATH Override configure's guess as to the location of sendmail. Sudoers option: mailerpath --with-sendmail=no, --without-sendmail Do not use sendmail to mail messages to the "mailto" user. Use only if you don't run sendmail or the equivalent. Sudoers options: !mailerpath or !mailto --with-sudoers-mode=MODE File mode for the sudoers file (octal). Note that if you wish to NFS-mount the sudoers file this must be group readable. This value may overridden at run-time in the sudo.conf file. The default mode is 0440. --with-sudoers-uid=UID User id that "owns" the sudoers file. Note that this is the numeric id, *not* the symbolic name. This value may overridden at run-time in the sudo.conf file. The default is 0. --with-sudoers-gid=GID Group id that "owns" the sudoers file. Note that this is the numeric id, *not* the symbolic name. This value may overridden at run-time in the sudo.conf file. The default is 0. --with-timeout=NUMBER Number of minutes that can elapse before sudo will ask for a passwd again. The default is 5, set this to 0 to always prompt for a password. Sudoers option: timestamp_timeout --with-tty-tickets=no, --without-tty-tickets By default, sudo uses a different ticket file for each user/tty combo. With this option disabled, a single ticket will be used for all of a user's login sessions. Sudoers option: tty_tickets --with-umask=MASK Umask to use when running the root command. The default is 0022. Sudoers option: umask --with-umask=no, --without-umask Preserves the umask of the user invoking sudo. Sudoers option: !umask --with-umask-override Use the umask specified in sudoers even if it is less restrictive than the user's. The default is to use the intersection of the user's umask and the umask specified in sudoers. Sudoers option: umask_override OS dependent notes ================== HP-UX: The default C compiler shipped with HP-UX is not an ANSI compiler. You must use either the HP ANSI C compiler or gcc to build sudo. Binary packages of gcc are available from http://hpux.connect.org.uk/. To prevent PAM from overriding the value of umask on HP-UX 11, you will need to add a line like the following to /etc/pam.conf: sudo session required libpam_hpsec.so.1 bypass_umask If every command run via sudo displays information about the last successful login and the last authentication failure you should make use an /etc/pam.conf line like: sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login Linux: PAM and LDAP headers are not installed by default on most Linux systems. You will need to install the "pam-dev" package if /usr/include/security/pam_appl.h is not present on your system. If you wish to build with LDAP support you will also need the openldap-devel package. Mac OS X: The pseudo-tty support in the Mac OS X kernel has bugs related to its handling of the SIGTSTP, SIGTTIN and SIGTTOU signals. It does not restart reads and writes when those signals are delivered. This may cause problems for some commands when I/O logging is enabled. The issue has been reported to Apple and is bug id #7952709. Solaris: You need to have a C compiler in order to build sudo. Since Solaris does not come with one by default this means that you either need to either install the Solaris Studio compiler suite, available for free from www.oracle.com, or install the GNU C compiler (gcc) which is can be installed via the pkg utility on Solaris 11 and higher and is distributed on the Solaris Companion CD for older Solaris releases. You can also download gcc packages from http://www.opencsw.org/packages/CSWgcc4core/ SunOS 4.x: SunOS does not ship with an ANSI C compiler. You will need to install an ANSI compiler such as gcc to build sudo. The /bin/sh shipped with SunOS blows up while running configure. You can work around this by installing bash or zsh. If you have bash or zsh in your path, configure will use it automatically. sudo-1.8.9p5/INSTALL.configure010064400175440000012000000363401226304126200153610ustar00millertstaffInstallation Instructions ************************* Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc. Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without warranty of any kind. Basic Installation ================== Briefly, the shell commands `./configure; make; make install' should configure, build, and install this package. The following more-detailed instructions are generic; see the `README' file for instructions specific to this package. Some packages provide this `INSTALL' file but do not implement all of the features documented below. The lack of an optional feature in a given package is not necessarily a bug. More recommendations for GNU packages can be found in *note Makefile Conventions: (standards)Makefile Conventions. The `configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses those values to create a `Makefile' in each directory of the package. It may also create one or more `.h' files containing system-dependent definitions. Finally, it creates a shell script `config.status' that you can run in the future to recreate the current configuration, and a file `config.log' containing compiler output (useful mainly for debugging `configure'). It can also use an optional file (typically called `config.cache' and enabled with `--cache-file=config.cache' or simply `-C') that saves the results of its tests to speed up reconfiguring. Caching is disabled by default to prevent problems with accidental use of stale cache files. If you need to do unusual things to compile the package, please try to figure out how `configure' could check whether to do them, and mail diffs or instructions to the address given in the `README' so they can be considered for the next release. If you are using the cache, and at some point `config.cache' contains results you don't want to keep, you may remove or edit it. The file `configure.ac' (or `configure.in') is used to create `configure' by a program called `autoconf'. You need `configure.ac' if you want to change it or regenerate `configure' using a newer version of `autoconf'. The simplest way to compile this package is: 1. `cd' to the directory containing the package's source code and type `./configure' to configure the package for your system. Running `configure' might take a while. While running, it prints some messages telling which features it is checking for. 2. Type `make' to compile the package. 3. Optionally, type `make check' to run any self-tests that come with the package, generally using the just-built uninstalled binaries. 4. Type `make install' to install the programs and any data files and documentation. When installing into a prefix owned by root, it is recommended that the package be configured and built as a regular user, and only the `make install' phase executed with root privileges. 5. Optionally, type `make installcheck' to repeat any self-tests, but this time using the binaries in their final installed location. This target does not install anything. Running this target as a regular user, particularly if the prior `make install' required root privileges, verifies that the installation completed correctly. 6. You can remove the program binaries and object files from the source code directory by typing `make clean'. To also remove the files that `configure' created (so you can compile the package for a different kind of computer), type `make distclean'. There is also a `make maintainer-clean' target, but that is intended mainly for the package's developers. If you use it, you may have to get all sorts of other programs in order to regenerate files that came with the distribution. 7. Often, you can also type `make uninstall' to remove the installed files again. In practice, not all packages have tested that uninstallation works correctly, even though it is required by the GNU Coding Standards. 8. Some packages, particularly those that use Automake, provide `make distcheck', which can by used by developers to test that all other targets like `make install' and `make uninstall' work correctly. This target is generally not run by end users. Compilers and Options ===================== Some systems require unusual options for compilation or linking that the `configure' script does not know about. Run `./configure --help' for details on some of the pertinent environment variables. You can give `configure' initial values for configuration parameters by setting variables in the command line or in the environment. Here is an example: ./configure CC=c99 CFLAGS=-g LIBS=-lposix *Note Defining Variables::, for more details. Compiling For Multiple Architectures ==================================== You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their own directory. To do this, you can use GNU `make'. `cd' to the directory where you want the object files and executables to go and run the `configure' script. `configure' automatically checks for the source code in the directory that `configure' is in and in `..'. This is known as a "VPATH" build. With a non-GNU `make', it is safer to compile the package for one architecture at a time in the source code directory. After you have installed the package for one architecture, use `make distclean' before reconfiguring for another architecture. On MacOS X 10.5 and later systems, you can create libraries and executables that work on multiple system types--known as "fat" or "universal" binaries--by specifying multiple `-arch' options to the compiler but only a single `-arch' option to the preprocessor. Like this: ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ CPP="gcc -E" CXXCPP="g++ -E" This is not guaranteed to produce working output in all cases, you may have to build one architecture at a time and combine the results using the `lipo' tool if you have problems. Installation Names ================== By default, `make install' installs the package's commands under `/usr/local/bin', include files under `/usr/local/include', etc. You can specify an installation prefix other than `/usr/local' by giving `configure' the option `--prefix=PREFIX', where PREFIX must be an absolute file name. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you pass the option `--exec-prefix=PREFIX' to `configure', the package uses PREFIX as the prefix for installing programs and libraries. Documentation and other data files still use the regular prefix. In addition, if you use an unusual directory layout you can give options like `--bindir=DIR' to specify different values for particular kinds of files. Run `configure --help' for a list of the directories you can set and what kinds of files go in them. In general, the default for these options is expressed in terms of `${prefix}', so that specifying just `--prefix' will affect all of the other directory specifications that were not explicitly provided. The most portable way to affect installation locations is to pass the correct locations to `configure'; however, many packages provide one or both of the following shortcuts of passing variable assignments to the `make install' command line to change installation locations without having to reconfigure or recompile. The first method involves providing an override variable for each affected directory. For example, `make install prefix=/alternate/directory' will choose an alternate location for all directory configuration variables that were expressed in terms of `${prefix}'. Any directories that were specified during `configure', but not in terms of `${prefix}', must each be overridden at install time for the entire installation to be relocated. The approach of makefile variable overrides for each directory variable is required by the GNU Coding Standards, and ideally causes no recompilation. However, some platforms have known limitations with the semantics of shared libraries that end up requiring recompilation when using this method, particularly noticeable in packages that use GNU Libtool. The second method involves providing the `DESTDIR' variable. For example, `make install DESTDIR=/alternate/directory' will prepend `/alternate/directory' before all installation names. The approach of `DESTDIR' overrides is not required by the GNU Coding Standards, and does not work on platforms that have drive letters. On the other hand, it does better at avoiding recompilation issues, and works well even when some directory options were not specified in terms of `${prefix}' at `configure' time. Optional Features ================= If the package supports it, you can cause programs to be installed with an extra prefix or suffix on their names by giving `configure' the option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. Some packages pay attention to `--enable-FEATURE' options to `configure', where FEATURE indicates an optional part of the package. They may also pay attention to `--with-PACKAGE' options, where PACKAGE is something like `gnu-as' or `x' (for the X Window System). The `README' should mention any `--enable-' and `--with-' options that the package recognizes. For packages that use the X Window System, `configure' can usually find the X include and library files automatically, but if it doesn't, you can use the `configure' options `--x-includes=DIR' and `--x-libraries=DIR' to specify their locations. Some packages offer the ability to configure how verbose the execution of `make' will be. For these packages, running `./configure --enable-silent-rules' sets the default to minimal output, which can be overridden with `make V=1'; while running `./configure --disable-silent-rules' sets the default to verbose, which can be overridden with `make V=0'. Particular systems ================== On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC is not installed, it is recommended to use the following options in order to use an ANSI C compiler: ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" and if that doesn't work, install pre-built binaries of GCC for HP-UX. On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot parse its `' header file. The option `-nodtk' can be used as a workaround. If GNU CC is not installed, it is therefore recommended to try ./configure CC="cc" and if that doesn't work, try ./configure CC="cc -nodtk" On Solaris, don't put `/usr/ucb' early in your `PATH'. This directory contains several dysfunctional programs; working variants of these programs are available in `/usr/bin'. So, if you need `/usr/ucb' in your `PATH', put it _after_ `/usr/bin'. On Haiku, software installed for all users goes in `/boot/common', not `/usr/local'. It is recommended to use the following options: ./configure --prefix=/boot/common Specifying the System Type ========================== There may be some features `configure' cannot figure out automatically, but needs to determine by the type of machine the package will run on. Usually, assuming the package is built to be run on the _same_ architectures, `configure' can figure that out, but if it prints a message saying it cannot guess the machine type, give it the `--build=TYPE' option. TYPE can either be a short name for the system type, such as `sun4', or a canonical name which has the form: CPU-COMPANY-SYSTEM where SYSTEM can have one of these forms: OS KERNEL-OS See the file `config.sub' for the possible values of each field. If `config.sub' isn't included in this package, then this package doesn't need to know the machine type. If you are _building_ compiler tools for cross-compiling, you should use the option `--target=TYPE' to select the type of system they will produce code for. If you want to _use_ a cross compiler, that generates code for a platform different from the build platform, you should specify the "host" platform (i.e., that on which the generated programs will eventually be run) with `--host=TYPE'. Sharing Defaults ================ If you want to set default values for `configure' scripts to share, you can create a site shell script called `config.site' that gives default values for variables like `CC', `cache_file', and `prefix'. `configure' looks for `PREFIX/share/config.site' if it exists, then `PREFIX/etc/config.site' if it exists. Or, you can set the `CONFIG_SITE' environment variable to the location of the site script. A warning: not all `configure' scripts look for a site script. Defining Variables ================== Variables not defined in a site shell script can be set in the environment passed to `configure'. However, some packages may run configure again during the build, and the customized values of these variables may be lost. In order to avoid this problem, you should set them in the `configure' command line, using `VAR=value'. For example: ./configure CC=/usr/local2/bin/gcc causes the specified `gcc' to be used as the C compiler (unless it is overridden in the site shell script). Unfortunately, this technique does not work for `CONFIG_SHELL' due to an Autoconf bug. Until the bug is fixed you can use this workaround: CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash `configure' Invocation ====================== `configure' recognizes the following options to control how it operates. `--help' `-h' Print a summary of all of the options to `configure', and exit. `--help=short' `--help=recursive' Print a summary of the options unique to this package's `configure', and exit. The `short' variant lists options used only in the top level, while the `recursive' variant lists options also present in any nested packages. `--version' `-V' Print the version of Autoconf used to generate the `configure' script, and exit. `--cache-file=FILE' Enable the cache: use and save the results of the tests in FILE, traditionally `config.cache'. FILE defaults to `/dev/null' to disable caching. `--config-cache' `-C' Alias for `--cache-file=config.cache'. `--quiet' `--silent' `-q' Do not print messages saying which checks are being made. To suppress all normal output, redirect it to `/dev/null' (any error messages will still be shown). `--srcdir=DIR' Look for the package's source code in directory DIR. Usually `configure' can determine that directory automatically. `--prefix=DIR' Use DIR as the installation prefix. *note Installation Names:: for more details, including other options available for fine-tuning the installation locations. `--no-create' `-n' Run the configure checks, but stop before creating any output files. `configure' also accepts some other, not widely useful, options. Run `configure --help' for more details. sudo-1.8.9p5/MANIFEST010064400175440000012000000303161226304126200134760ustar00millertstaffChangeLog INSTALL INSTALL.configure MANIFEST Makefile.in NEWS README README.LDAP aclocal.m4 autogen.sh common/Makefile.in common/aix.c common/alloc.c common/atobool.c common/atoid.c common/atomode.c common/event.c common/event_poll.c common/event_select.c common/fatal.c common/fileops.c common/fmt_string.c common/gidlist.c common/lbuf.c common/progname.c common/regress/sudo_conf/conf_test.c common/regress/sudo_conf/test1.in common/regress/sudo_conf/test1.out.ok common/regress/sudo_conf/test2.in common/regress/sudo_conf/test2.out.ok common/regress/sudo_conf/test3.in common/regress/sudo_conf/test3.out.ok common/regress/sudo_conf/test4.in common/regress/sudo_conf/test4.out.ok common/regress/sudo_conf/test5.in common/regress/sudo_conf/test5.out.ok common/regress/sudo_conf/test6.in common/regress/sudo_conf/test6.out.ok common/regress/sudo_parseln/parseln_test.c common/regress/sudo_parseln/test1.in common/regress/sudo_parseln/test1.out.ok common/regress/sudo_parseln/test2.in common/regress/sudo_parseln/test2.out.ok common/regress/sudo_parseln/test3.in common/regress/sudo_parseln/test3.out.ok common/regress/sudo_parseln/test4.in common/regress/sudo_parseln/test4.out.ok common/regress/sudo_parseln/test5.in common/regress/sudo_parseln/test5.out.ok common/regress/sudo_parseln/test6.in common/regress/sudo_parseln/test6.out.ok common/regress/tailq/hltq_test.c common/secure_path.c common/setgroups.c common/sudo_conf.c common/sudo_debug.c common/sudo_dso.c common/sudo_printf.c common/term.c common/ttysize.c compat/Makefile.in compat/charclass.h compat/closefrom.c compat/endian.h compat/fnmatch.c compat/fnmatch.h compat/getaddrinfo.c compat/getaddrinfo.h compat/getcwd.c compat/getgrouplist.c compat/getline.c compat/getopt.h compat/getopt_long.c compat/glob.c compat/glob.h compat/isblank.c compat/memrchr.c compat/memset_s.c compat/mksiglist.c compat/mksiglist.h compat/mksigname.c compat/mksigname.h compat/mktemp.c compat/nss_dbdefs.h compat/pw_dup.c compat/regress/fnmatch/fnm_test.c compat/regress/fnmatch/fnm_test.in compat/regress/glob/files compat/regress/glob/globtest.c compat/regress/glob/globtest.in compat/sig2str.c compat/siglist.in compat/snprintf.c compat/stdbool.h compat/strlcat.c compat/strlcpy.c compat/strsignal.c compat/strtonum.c compat/timespec.h compat/utime.h compat/utimes.c config.guess config.h.in config.sub configure configure.ac doc/CONTRIBUTORS doc/HISTORY doc/LICENSE doc/Makefile.in doc/TROUBLESHOOTING doc/UPGRADE doc/fixman.sh doc/fixmdoc.sh doc/sample.pam doc/sample.sudo.conf doc/sample.sudoers doc/sample.syslog.conf doc/schema.ActiveDirectory doc/schema.OpenLDAP doc/schema.iPlanet doc/sudo.cat doc/sudo.conf.cat doc/sudo.conf.man.in doc/sudo.conf.mdoc.in doc/sudo.man.in doc/sudo.mdoc.in doc/sudo_plugin.cat doc/sudo_plugin.man.in doc/sudo_plugin.mdoc.in doc/sudoers.cat doc/sudoers.ldap.cat doc/sudoers.ldap.man.in doc/sudoers.ldap.mdoc.in doc/sudoers.man.in doc/sudoers.mdoc.in doc/sudoreplay.cat doc/sudoreplay.man.in doc/sudoreplay.mdoc.in doc/visudo.cat doc/visudo.man.in doc/visudo.mdoc.in include/Makefile.in include/alloc.h include/fatal.h include/fileops.h include/gettext.h include/lbuf.h include/missing.h include/queue.h include/secure_path.h include/sudo_conf.h include/sudo_debug.h include/sudo_dso.h include/sudo_event.h include/sudo_plugin.h include/sudo_util.h indent.pro install-sh ltmain.sh m4/ax_check_compile_flag.m4 m4/ax_check_link_flag.m4 m4/ax_func_getaddrinfo.m4 m4/ax_func_snprintf.m4 m4/libtool.m4 m4/ltoptions.m4 m4/ltsugar.m4 m4/ltversion.m4 m4/lt~obsolete.m4 m4/sudo.m4 mkdep.pl mkinstalldirs mkpkg pathnames.h.in plugins/group_file/Makefile.in plugins/group_file/getgrent.c plugins/group_file/group_file.c plugins/group_file/group_file.exp plugins/group_file/plugin_test.c plugins/sample/Makefile.in plugins/sample/sample_plugin.c plugins/sample/sample_plugin.exp plugins/sudoers/Makefile.in plugins/sudoers/aixcrypt.exp plugins/sudoers/alias.c plugins/sudoers/audit.c plugins/sudoers/auth/API plugins/sudoers/auth/afs.c plugins/sudoers/auth/aix_auth.c plugins/sudoers/auth/bsdauth.c plugins/sudoers/auth/dce.c plugins/sudoers/auth/fwtk.c plugins/sudoers/auth/kerb5.c plugins/sudoers/auth/pam.c plugins/sudoers/auth/passwd.c plugins/sudoers/auth/rfc1938.c plugins/sudoers/auth/secureware.c plugins/sudoers/auth/securid5.c plugins/sudoers/auth/sia.c plugins/sudoers/auth/sudo_auth.c plugins/sudoers/auth/sudo_auth.h plugins/sudoers/base64.c plugins/sudoers/boottime.c plugins/sudoers/bsm_audit.c plugins/sudoers/bsm_audit.h plugins/sudoers/check.c plugins/sudoers/check.h plugins/sudoers/def_data.c plugins/sudoers/def_data.h plugins/sudoers/def_data.in plugins/sudoers/defaults.c plugins/sudoers/defaults.h plugins/sudoers/env.c plugins/sudoers/find_path.c plugins/sudoers/getdate.c plugins/sudoers/getdate.y plugins/sudoers/getspwuid.c plugins/sudoers/goodpath.c plugins/sudoers/gram.c plugins/sudoers/gram.h plugins/sudoers/gram.y plugins/sudoers/group_plugin.c plugins/sudoers/hexchar.c plugins/sudoers/ins_2001.h plugins/sudoers/ins_classic.h plugins/sudoers/ins_csops.h plugins/sudoers/ins_goons.h plugins/sudoers/insults.h plugins/sudoers/interfaces.c plugins/sudoers/interfaces.h plugins/sudoers/iolog.c plugins/sudoers/iolog.h plugins/sudoers/iolog_path.c plugins/sudoers/ldap.c plugins/sudoers/linux_audit.c plugins/sudoers/linux_audit.h plugins/sudoers/locale.c plugins/sudoers/logging.c plugins/sudoers/logging.h plugins/sudoers/logwrap.c plugins/sudoers/match.c plugins/sudoers/match_addr.c plugins/sudoers/mkdefaults plugins/sudoers/parse.c plugins/sudoers/parse.h plugins/sudoers/po/README plugins/sudoers/po/da.mo plugins/sudoers/po/da.po plugins/sudoers/po/de.mo plugins/sudoers/po/de.po plugins/sudoers/po/eo.mo plugins/sudoers/po/eo.po plugins/sudoers/po/eu.mo plugins/sudoers/po/eu.po plugins/sudoers/po/fi.mo plugins/sudoers/po/fi.po plugins/sudoers/po/hr.mo plugins/sudoers/po/hr.po plugins/sudoers/po/it.mo plugins/sudoers/po/it.po plugins/sudoers/po/ja.mo plugins/sudoers/po/ja.po plugins/sudoers/po/lt.mo plugins/sudoers/po/lt.po plugins/sudoers/po/nl.mo plugins/sudoers/po/nl.po plugins/sudoers/po/pl.mo plugins/sudoers/po/pl.po plugins/sudoers/po/pt_BR.mo plugins/sudoers/po/pt_BR.po plugins/sudoers/po/sl.mo plugins/sudoers/po/sl.po plugins/sudoers/po/sudoers.pot plugins/sudoers/po/sv.mo plugins/sudoers/po/sv.po plugins/sudoers/po/tr.mo plugins/sudoers/po/tr.po plugins/sudoers/po/uk.mo plugins/sudoers/po/uk.po plugins/sudoers/po/vi.mo plugins/sudoers/po/vi.po plugins/sudoers/po/zh_CN.mo plugins/sudoers/po/zh_CN.po plugins/sudoers/policy.c plugins/sudoers/prompt.c plugins/sudoers/pwutil.c plugins/sudoers/pwutil.h plugins/sudoers/pwutil_impl.c plugins/sudoers/redblack.c plugins/sudoers/redblack.h plugins/sudoers/regress/check_symbols/check_symbols.c plugins/sudoers/regress/iolog_path/check_iolog_path.c plugins/sudoers/regress/iolog_path/data plugins/sudoers/regress/logging/check_wrap.c plugins/sudoers/regress/logging/check_wrap.in plugins/sudoers/regress/logging/check_wrap.out.ok plugins/sudoers/regress/parser/check_addr.c plugins/sudoers/regress/parser/check_addr.in plugins/sudoers/regress/parser/check_base64.c plugins/sudoers/regress/parser/check_digest.c plugins/sudoers/regress/parser/check_digest.out.ok plugins/sudoers/regress/parser/check_fill.c plugins/sudoers/regress/sudoers/test1.in plugins/sudoers/regress/sudoers/test1.out.ok plugins/sudoers/regress/sudoers/test1.toke.ok plugins/sudoers/regress/sudoers/test10.in plugins/sudoers/regress/sudoers/test10.out.ok plugins/sudoers/regress/sudoers/test10.toke.ok plugins/sudoers/regress/sudoers/test11.in plugins/sudoers/regress/sudoers/test11.out.ok plugins/sudoers/regress/sudoers/test11.toke.ok plugins/sudoers/regress/sudoers/test12.in plugins/sudoers/regress/sudoers/test12.out.ok plugins/sudoers/regress/sudoers/test12.toke.ok plugins/sudoers/regress/sudoers/test13.in plugins/sudoers/regress/sudoers/test13.out.ok plugins/sudoers/regress/sudoers/test13.toke.ok plugins/sudoers/regress/sudoers/test14.in plugins/sudoers/regress/sudoers/test14.out.ok plugins/sudoers/regress/sudoers/test14.toke.ok plugins/sudoers/regress/sudoers/test2.in plugins/sudoers/regress/sudoers/test2.out.ok plugins/sudoers/regress/sudoers/test2.toke.ok plugins/sudoers/regress/sudoers/test3.in plugins/sudoers/regress/sudoers/test3.out.ok plugins/sudoers/regress/sudoers/test3.toke.ok plugins/sudoers/regress/sudoers/test4.in plugins/sudoers/regress/sudoers/test4.out.ok plugins/sudoers/regress/sudoers/test4.toke.ok plugins/sudoers/regress/sudoers/test5.in plugins/sudoers/regress/sudoers/test5.out.ok plugins/sudoers/regress/sudoers/test5.toke.ok plugins/sudoers/regress/sudoers/test6.in plugins/sudoers/regress/sudoers/test6.out.ok plugins/sudoers/regress/sudoers/test6.toke.ok plugins/sudoers/regress/sudoers/test7.in plugins/sudoers/regress/sudoers/test7.out.ok plugins/sudoers/regress/sudoers/test7.toke.ok plugins/sudoers/regress/sudoers/test8.in plugins/sudoers/regress/sudoers/test8.out.ok plugins/sudoers/regress/sudoers/test8.toke.ok plugins/sudoers/regress/sudoers/test9.in plugins/sudoers/regress/sudoers/test9.out.ok plugins/sudoers/regress/sudoers/test9.toke.ok plugins/sudoers/regress/testsudoers/test1.out.ok plugins/sudoers/regress/testsudoers/test1.sh plugins/sudoers/regress/testsudoers/test2.inc plugins/sudoers/regress/testsudoers/test2.out.ok plugins/sudoers/regress/testsudoers/test2.sh plugins/sudoers/regress/testsudoers/test3.d/root plugins/sudoers/regress/testsudoers/test3.out.ok plugins/sudoers/regress/testsudoers/test3.sh plugins/sudoers/regress/testsudoers/test4.out.ok plugins/sudoers/regress/testsudoers/test4.sh plugins/sudoers/regress/testsudoers/test5.out.ok plugins/sudoers/regress/testsudoers/test5.sh plugins/sudoers/regress/visudo/test1.out.ok plugins/sudoers/regress/visudo/test1.sh plugins/sudoers/regress/visudo/test2.err.ok plugins/sudoers/regress/visudo/test2.out.ok plugins/sudoers/regress/visudo/test2.sh plugins/sudoers/regress/visudo/test3.err.ok plugins/sudoers/regress/visudo/test3.out.ok plugins/sudoers/regress/visudo/test3.sh plugins/sudoers/regress/visudo/test4.out.ok plugins/sudoers/regress/visudo/test4.sh plugins/sudoers/regress/visudo/test5.out.ok plugins/sudoers/regress/visudo/test5.sh plugins/sudoers/set_perms.c plugins/sudoers/sha2.c plugins/sudoers/sha2.h plugins/sudoers/sssd.c plugins/sudoers/sudo_nss.c plugins/sudoers/sudo_nss.h plugins/sudoers/sudoers.c plugins/sudoers/sudoers.exp plugins/sudoers/sudoers.h plugins/sudoers/sudoers.in plugins/sudoers/sudoers2ldif plugins/sudoers/sudoers_version.h plugins/sudoers/sudoreplay.c plugins/sudoers/testsudoers.c plugins/sudoers/timestamp.c plugins/sudoers/timestr.c plugins/sudoers/toke.c plugins/sudoers/toke.h plugins/sudoers/toke.l plugins/sudoers/toke_util.c plugins/sudoers/tsgetgrpw.c plugins/sudoers/tsgetgrpw.h plugins/sudoers/visudo.c plugins/sudoers/visudo_json.c plugins/system_group/Makefile.in plugins/system_group/system_group.c plugins/system_group/system_group.exp pp src/Makefile.in src/conversation.c src/env_hooks.c src/exec.c src/exec_common.c src/exec_pty.c src/get_pty.c src/hooks.c src/load_plugins.c src/locale_stub.c src/net_ifs.c src/openbsd.c src/parse_args.c src/preserve_fds.c src/po/README src/po/cs.mo src/po/cs.po src/po/da.mo src/po/da.po src/po/de.mo src/po/de.po src/po/eo.mo src/po/eo.po src/po/es.mo src/po/es.po src/po/eu.mo src/po/eu.po src/po/fi.mo src/po/fi.po src/po/fr.mo src/po/fr.po src/po/gl.mo src/po/gl.po src/po/hr.mo src/po/hr.po src/po/it.mo src/po/it.po src/po/ja.mo src/po/ja.po src/po/nl.mo src/po/nl.po src/po/pl.mo src/po/pl.po src/po/pt_BR.mo src/po/pt_BR.po src/po/ru.mo src/po/ru.po src/po/sl.mo src/po/sl.po src/po/sr.mo src/po/sr.po src/po/sudo.pot src/po/sv.mo src/po/sv.po src/po/tr.mo src/po/tr.po src/po/uk.mo src/po/uk.po src/po/vi.mo src/po/vi.po src/po/zh_CN.mo src/po/zh_CN.po src/preload.c src/regress/ttyname/check_ttyname.c src/selinux.c src/sesh.c src/signal.c src/solaris.c src/sudo.c src/sudo.h src/sudo_edit.c src/sudo_exec.h src/sudo_noexec.c src/sudo_plugin_int.h src/sudo_usage.h.in src/tgetpass.c src/ttyname.c src/utmp.c sudo.pp zlib/Makefile.in zlib/adler32.c zlib/compress.c zlib/crc32.c zlib/crc32.h zlib/deflate.c zlib/deflate.h zlib/gzclose.c zlib/gzguts.h zlib/gzlib.c zlib/gzread.c zlib/gzwrite.c zlib/infback.c zlib/inffast.c zlib/inffast.h zlib/inffixed.h zlib/inflate.c zlib/inflate.h zlib/inftrees.c zlib/inftrees.h zlib/trees.c zlib/trees.h zlib/uncompr.c zlib/zconf.h.in zlib/zlib.h zlib/zutil.c zlib/zutil.h sudo-1.8.9p5/Makefile.in010064400175440000012000000230071226304127600144160ustar00millertstaff# # Copyright (c) 2010-2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # srcdir = @srcdir@ devdir = @devdir@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ # Installation paths for package building prefix = @prefix@ exec_prefix = @exec_prefix@ bindir = @bindir@ sbindir = @sbindir@ sysconfdir = @sysconfdir@ libexecdir = @libexecdir@ includedir = @includedir@ datarootdir = @datarootdir@ localedir = @localedir@ localstatedir = @localstatedir@ docdir = @docdir@ mandir = @mandir@ timedir = @timedir@ # User and group ids the installed files should be "owned" by install_uid = 0 install_gid = 0 # sudoers owner and mode for package building sudoersdir = $(sysconfdir) sudoers_uid = @SUDOERS_UID@ sudoers_gid = @SUDOERS_GID@ sudoers_mode = @SUDOERS_MODE@ shlib_mode = @SHLIB_MODE@ SUBDIRS = compat common @ZLIB_SRC@ plugins/group_file plugins/sudoers \ plugins/system_group src include doc SAMPLES = plugins/sample VERSION = @PACKAGE_VERSION@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ LIBTOOL_DEPS = @LIBTOOL_DEPS@ SHELL = @SHELL@ INSTALL = $(SHELL) $(top_srcdir)/install-sh -c ECHO_N = @ECHO_N@ ECHO_C = @ECHO_C@ # Message catalog support NLS = @SUDO_NLS@ POTFILES = src/po/sudo.pot plugins/sudoers/po/sudoers.pot LOCALEDIR_SUFFIX = @LOCALEDIR_SUFFIX@ MSGFMT = msgfmt MSGMERGE = msgmerge XGETTEXT = xgettext XGETTEXT_OPTS = -F -k_ -kN_ -kU_ --copyright-holder="Todd C. Miller" \ "--msgid-bugs-address=http://www.sudo.ws/bugs" \ --package-name=@PACKAGE_NAME@ --package-version=$(VERSION) \ --flag warning:1:c-format --flag warningx:1:c-format \ --flag fatal:1:c-format --flag fatalx:1:c-format \ --flag easprintf:3:c-format --flag lbuf_append:2:c-format \ --flag lbuf_append_quoted:3:c-format --foreign-user all: config.status for d in $(SUBDIRS); \ do (cd $$d && exec $(MAKE) $@) && continue; \ exit $$?; \ done check pre-install: config.status for d in $(SUBDIRS); \ do (cd $$d && exec $(MAKE) $@) && continue; \ exit $$?; \ done install-dirs install-binaries install-includes install-plugin: config.status pre-install for d in $(SUBDIRS); \ do (cd $$d && exec $(MAKE) $@) && continue; \ exit $$?; \ done install-doc: config.status ChangeLog for d in $(SUBDIRS); \ do (cd $$d && exec $(MAKE) $@) && continue; \ exit $$?; \ done install: config.status ChangeLog pre-install install-nls for d in $(SUBDIRS); \ do (cd $$d && exec $(MAKE) $@) && continue; \ exit $$?; \ done uninstall: uninstall-nls for d in $(SUBDIRS); \ do (cd $$d && exec $(MAKE) $@) && continue; \ exit $$?; \ done uninstall-nls: for pot in $(POTFILES); do \ domain=`basename $$pot .pot`; \ rm -f $(DESTDIR)$(localedir)/*/LC_MESSAGES/$$domain.mo; \ done siglist.c signame.c: (cd compat && exec $(MAKE) $@) depend: siglist.c signame.c @if test "$(srcdir)" != "."; then \ echo "make depend only supported in the source directory"; \ exit 1; \ fi; \ $(srcdir)/mkdep.pl $(srcdir)/common/Makefile.in \ $(srcdir)/compat/Makefile.in $(srcdir)/plugins/sample/Makefile.in \ $(srcdir)/plugins/group_file/Makefile.in \ $(srcdir)/plugins/sudoers/Makefile.in \ $(srcdir)/plugins/system_group/Makefile.in \ $(srcdir)/src/Makefile.in $(srcdir)/zlib/Makefile.in; \ ./config.status --file $(srcdir)/common/Makefile \ --file $(srcdir)/compat/Makefile \ --file $(srcdir)/plugins/sample/Makefile \ --file $(srcdir)/plugins/group_file/Makefile \ --file $(srcdir)/plugins/sudoers/Makefile \ --file $(srcdir)/plugins/system_group/Makefile \ --file $(srcdir)/src/Makefile --file $(srcdir)/zlib/Makefile ChangeLog: if test -d $(srcdir)/.hg && cd $(srcdir); then \ if hg log --style=changelog -b default > $@.tmp; then \ mv -f $@.tmp $@; \ else \ rm -f $@.tmp; \ fi; \ fi config.status: @if [ ! -s config.status ]; then \ echo "Please run configure first"; \ exit 1; \ fi libtool: $(LIBTOOL_DEPS) $(SHELL) ./config.status --recheck Makefile: $(srcdir)/Makefile.in ./config.status --file Makefile sync-po: rsync-po compile-po rsync-po: rsync -Lrtvz translationproject.org::tp/latest/sudo/ src/po/ rsync -Lrtvz translationproject.org::tp/latest/sudoers/ plugins/sudoers/po/ update-pot: @if $(XGETTEXT) --help >/dev/null 2>&1; then \ cd $(top_srcdir); \ for pot in $(POTFILES); do \ echo "Updating $$pot"; \ domain=`basename $$pot .pot`; \ case "$$domain" in \ sudo) tmpfiles=; cfiles="src/*c common/*c compat/*c";; \ sudoers) \ echo "syntax error" > confstr.sh; \ sed -n -e 's/^badpass_message="/gettext "/p' \ -e 's/^passprompt="/gettext "/p' \ -e 's/^mailsub="/gettext "/p' configure.ac \ >> confstr.sh; \ tmpfiles=confstr.sh; \ cfiles="plugins/sudoers/*.c plugins/sudoers/auth/*.c";; \ *) echo unknown domain $$domain; continue;; \ esac; \ $(XGETTEXT) $(XGETTEXT_OPTS) -d$$domain $$cfiles $$tmpfiles -o $$pot.tmp; \ test -n "$$tmpfiles" && rm -f $$tmpfiles; \ if diff -I'^.POT-Creation-Date' -I'^.Project-Id-Version' -I'^#' $$pot.tmp $$pot >/dev/null; then \ rm -f $$pot.tmp; \ else \ printf '/^#$$/+1,$$d\nw\nq\n' | ed - $$pot; \ sed '1,/^#$$/d' $$pot.tmp >> $$pot; \ rm -f $$pot.tmp; \ fi; \ done; \ fi update-po: update-pot @if $(MSGFMT) --help >/dev/null 2>&1; then \ cd $(top_srcdir); \ for pot in $(POTFILES); do \ podir=`dirname $$pot`; \ for po in $$podir/*.po; do \ echo $(ECHO_N) "Updating $$po$(ECHO_C)"; \ $(MSGMERGE) --update $$po $$pot; \ $(MSGFMT) --output /dev/null --check-format $$po || exit 1; \ done; \ done; \ fi compile-po: @if $(MSGFMT) --help >/dev/null 2>&1; then \ cd $(top_srcdir); \ rm -f Makefile.$$$$; \ POFILES=""; \ for pot in $(POTFILES); do \ podir=`dirname $$pot`; \ for po in $$podir/*.po; do \ POFILES="$$POFILES $$po"; \ done; \ done; \ echo "all: `echo $$POFILES | sed 's/\.po/.mo/g'`" >> Makefile.$$$$; \ echo "" >> Makefile.$$$$; \ for po in $$POFILES; do \ mo=`echo $$po | sed 's/po$$/mo/'`; \ echo "$$mo: $$po" >> Makefile.$$$$; \ echo " $(MSGFMT) --statistics -c -o $$mo $$po" >> Makefile.$$$$; \ done; \ make -f Makefile.$$$$; \ rm -f Makefile.$$$$; \ fi install-nls: @if test "$(NLS)" = "enabled"; then \ cd $(top_srcdir); \ for pot in $(POTFILES); do \ podir=`dirname $$pot`; \ domain=`basename $$pot .pot`; \ SUDO_LINGUAS=$${LINGUAS-"`echo $$podir/*.mo|sed 's:'$$podir'/\([^ ]*\).mo:\1:g'`"}; \ echo $(ECHO_N) "Installing $$domain message catalogs:$(ECHO_C)"; \ for lang in $$SUDO_LINGUAS; do \ test -s $$podir/$$lang.mo || continue; \ echo $(ECHO_N) " $$lang$(ECHO_C)"; \ $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES; \ if test -n "$(LOCALEDIR_SUFFIX)"; then \ if test ! -d $(DESTDIR)$(localedir)/$$lang$(LOCALEDIR_SUFFIX); then \ ln -s $$lang $(DESTDIR)$(localedir)/$$lang$(LOCALEDIR_SUFFIX); \ fi; \ fi; \ $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 $$podir/$$lang.mo $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$$domain.mo; \ done; \ echo ""; \ done; \ fi check-dist: update-pot compile-po @if [ -d .hg ]; then \ if test `hg stat -am | wc -l` -ne 0; then \ echo "Uncommitted changes" 1>&2; \ hg stat -am 1>&2; \ exit 1; \ fi; \ fi dist: check-dist force-dist force-dist: ChangeLog $(srcdir)/MANIFEST pax -w -x ustar -s '/^/$(PACKAGE_TARNAME)-$(VERSION)\//' \ -f ../$(PACKAGE_TARNAME)-$(VERSION).tar \ `sed 's/[ ].*//' $(srcdir)/MANIFEST` gzip -9f ../$(PACKAGE_TARNAME)-$(VERSION).tar ls -l ../$(PACKAGE_TARNAME)-$(VERSION).tar.gz package: sudo.pp DESTDIR=`cd $(top_builddir) && pwd`/destdir; rm -rf $$DESTDIR; \ $(MAKE) install DESTDIR=$$DESTDIR && \ $(SHELL) $(srcdir)/pp $(PPFLAGS) \ --destdir=$$DESTDIR \ $(srcdir)/sudo.pp \ bindir=$(bindir) \ sbindir=$(sbindir) \ libexecdir=$(libexecdir) \ includedir=$(includedir) \ timedir=$(timedir) \ mandir=$(mandir) \ localedir=$(localedir) \ docdir=$(docdir) \ sysconfdir=$(sysconfdir) \ sudoersdir=$(sudoersdir) \ sudoers_uid=$(sudoers_uid) \ sudoers_gid=$(sudoers_gid) \ sudoers_mode=$(sudoers_mode) \ shlib_mode=$(shlib_mode) \ version=$(VERSION) $(PPVARS) clean: config.status for d in $(SUBDIRS) $(SAMPLES); do \ (cd $$d && exec $(MAKE) $@); \ done mostlyclean: clean distclean: config.status for d in $(SUBDIRS) $(SAMPLES); do \ (cd $$d && exec $(MAKE) $@); \ done -rm -rf Makefile pathnames.h config.h config.status config.cache \ config.log libtool stamp-* autom4te.cache cleandir: distclean clobber: distclean realclean: distclean me: a: sandwich: @if test -n "$$SUDO_USER"; then \ echo "Okay."; \ else \ echo "What? Make it yourself!"; \ fi .PHONY: ChangeLog me a sandwhich sudo-1.8.9p5/NEWS010064400175440000012000001470301227416645400130630ustar00millertstaffWhat's new in Sudo 1.8.9p5? * Fixed a compilation error on AIX when LDAP support is enabled. * Fixed parsing of the "umask" defaults setting in sudoers. Bug #632. * Fixed a failed assertion when the "closefrom_override" defaults setting is enabled in sudoers and sudo's -C flag is used. Bug #633. What's new in Sudo 1.8.9p4? * Fixed a bug where sudo could consume large amounts of CPU while the command was running when I/O logging is not enabled. Bug #631 * Fixed a bug where sudo would exit with an error when the debug level is set to util@debug or all@debug and I/O logging is not enabled. The command would continue runnning after sudo exited. What's new in Sudo 1.8.9p3? * Fixed a bug introduced in sudo 1.8.9 that prevented the tty name from being resolved properly on Linux systems. Bug #630. What's new in Sudo 1.8.9p2? * Updated config.guess, config.sub and libtool to support the ppc64le architecture (IBM PowerPC Little Endian). What's new in Sudo 1.8.9p1? * Fixed a problem with gcc 4.8's handling of bit fields that could lead to the noexec flag being enabled even when it was not explicitly set. What's new in Sudo 1.8.9? * Reworked sudo's main event loop to use a simple event subsystem using poll(2) or select(2) as the back end. * It is now possible to statically compile the sudoers plugin into the sudo binary without disabling shared library support. The sudo.conf file may still be used to configure other plugins. * Sudo can now be compiled again with a C preprocessor that does not support variadic macros. * Visudo can now export a sudoers file in JSON format using the new -x flag. * The locale is now set correctly again for visudo and sudoreplay. * The plugin API has been extended to allow the plugin to exclude specific file descriptors from the "closefrom" range. * There is now a workaround for a Solaris-specific problem where NOEXEC was overriding traditional root DAC behavior. * Add user netgroup filtering for SSSD. Previously, rules for a netgroup were applied to all even when they did not belong to the specified netgroup. * On systems with BSD login classes, if the user specified a group (not a user) to run the command as, it was possible to specify a different login class even when the command was not run as the super user. * The closefrom() emulation on Mac OS X now uses /dev/fd if possible. * Fixed a bug where sudoedit would not update the original file from the temporary when PAM or I/O logging is not enabled. * When recycling I/O logs, the log files are now truncated properly. * Fixes bugs #617, #621, #622, #623, #624, #625, #626 What's new in Sudo 1.8.8? * Removed a warning on PAM systems with stacked auth modules where the first module on the stack does not succeed. * Sudo, sudoreplay and visudo now support GNU-style long options. * The -h (--host) option may now be used to specify a host name. This is currently only used by the sudoers plugin in conjunction with the -l (--list) option. * Program usage messages and manual SYNOPSIS sections have been simplified. * Sudo's LDAP SASL support now works properly with Kerberos. Previously, the SASL library was unable to locate the user's credential cache. * It is now possible to set the nproc resource limit to unlimited via pam_limits on Linux (bug #565). * New "pam_service" and "pam_login_service" sudoers options that can be used to specify the PAM service name to use. * New "pam_session" and "pam_setcred" sudoers options that can be used to disable PAM session and credential support. * The sudoers plugin now properly supports UIDs and GIDs that are larger than 0x7fffffff on 32-bit platforms. * Fixed a visudo bug introduced in sudo 1.8.7 where per-group Defaults entries would cause an internal error. * If the "tty_tickets" sudoers option is enabled (the default), but there is no tty present, sudo will now use a ticket file based on the parent process ID. This makes it possible to support the normal timeout behavior for the session. * Fixed a problem running commands that change their process group and then attempt to change the terminal settings when not running the command in a pseudo-terminal. Previously, the process would receive SIGTTOU since it was effectively a background process. Sudo will now grant the child the controlling tty and continue it when this happens. * The "closefrom_override" sudoers option may now be used in a command-specified Defaults entry (bug #610). * Sudo's BSM audit support now works on Solaris 11. * Brazilian Portuguese translation for sudo and sudoers from translationproject.org. * Czech translation for sudo from translationproject.org. * French translation for sudo from translationproject.org. * Sudo's noexec support on Mac OS X 10.4 and above now uses dynamic symbol interposition instead of setting DYLD_FORCE_FLAT_NAMESPACE=1 which causes issues with some programs. * Fixed visudo's -q (--quiet) flag, broken in sudo 1.8.6. * Root may no longer change its SELinux role without entering a password. * Fixed a bug introduced in Sudo 1.8.7 where the indexes written to the I/O log timing file are two greater than they should be. Sudoreplay now contains a work-around to parse those files. * In sudoreplay's list mode, the "this" qualifier in "fromdate" or "todate" expressions now behaves more sensibly. Previously, it would often match a date that was "one more" than expected. For example, "this week" now matches the current week instead of the following week. What's new in Sudo 1.8.7? * The non-Unix group plugin is now supported when sudoers data is stored in LDAP. * Sudo now uses a workaround for a locale bug on Solaris 11.0 that prevents setuid programs like sudo from fully using locales. * User messages are now always displayed in the user's locale, even when the same message is being logged or mailed in a different locale. * Log files created by sudo now explicitly have the group set to group ID 0 rather than relying on BSD group semantics (which may not be the default). * A new "exec_background" sudoers option can be used to initially run the command without read access to the terminal when running a command in a pseudo-tty. If the command tries to read from the terminal it will be stopped by the kernel (via SIGTTIN or SIGTTOU) and sudo will immediately restart it as the foreground process (if possible). This allows sudo to only pass terminal input to the program if the program actually is expecting it. Unfortunately, a few poorly-behaved programs (like "su" on most Linux systems) do not handle SIGTTIN and SIGTTOU properly. * Sudo now uses an efficient group query to get all the groups for a user instead of iterating over every record in the group database on HP-UX and Solaris. * Sudo now produces better error messages when there is an error in the sudo.conf file. * Two new settings have been added to sudo.conf to give the admin better control of how group database queries are performed. The "group_source" specifies how the group list for a user will be determined. Legal values are "static" (use the kernel groups list), "dynamic" (perform a group database query) and "adaptive" (only perform a group database query if the kernel list is full). The "max_groups" setting specifies the maximum number of groups a user may belong to when performing a group database query. * The sudo.conf file now supports line continuation by using a backslash as the last character on the line. * There is now a standalone sudo.conf manual page. * Sudo now stores its libexec files in a "sudo" sub-directory instead of in libexec itself. For backwards compatibility, if the plugin is not found in the default plugin directory, sudo will check the parent directory if the default directory ends in "/sudo". * The sudoers I/O logging plugin now logs the terminal size. * A new sudoers option "maxseq" can be used to limit the number of I/O log entries that are stored. * The "system_group" and "group_file" sudoers group provider plugins are now installed by default. * The list output (sudo -l) output from the sudoers plugin is now less ambiguous when an entry includes different runas users. The long list output (sudo -ll) for file-based sudoers is now more consistent with the format of LDAP-based sudoers. * A uid may now be used in the sudoRunAsUser attributes for LDAP sudoers. * Minor plugin API change: the close and version functions are now optional. If the policy plugin does not provide a close function and the command is not being run in a new pseudo-tty, sudo may now execute the command directly instead of in a child process. * A new sudoers option "pam_session" can be used to disable sudo's PAM session support. * On HP-UX systems, sudo will now use the pstat() function to determine the tty instead of ttyname(). * Turkish translation for sudo and sudoers from translationproject.org. * Dutch translation for sudo and sudoers from translationproject.org. * Tivoli Directory Server client libraries may now be used with HP-UX where libibmldap has a hidden dependency on libCsup. * The sudoers plugin will now ignore invalid domain names when checking netgroup membership. Most Linux systems use the string "(none)" for the NIS-style domain name instead of an empty string. * New support for specifying a SHA-2 digest along with the command in sudoers. Supported hash types are sha224, sha256, sha384 and sha512. See the description of Digest_Spec in the sudoers manual or the description of sudoCommand in the sudoers.ldap manual for details. * The paths to ldap.conf and ldap.secret may now be specified as arguments to the sudoers plugin in the sudo.conf file. * Fixed potential false positives in visudo's alias cycle detection. * Fixed a problem where the time stamp file was being treated as out of date on Linux systems where the change time on the pseudo-tty device node can change after it is allocated. * Sudo now only builds Position Independent Executables (PIE) by default on Linux systems and verifies that a trivial test program builds and runs. * On Solaris 11.1 and higher, sudo binaries will now have the ASLR tag enabled if supported by the linker. What's new in Sudo 1.8.6p8? * Terminal detection now works properly on 64-bit AIX kernels. This was broken by the removal of the ttyname() fallback in Sudo 1.8.6p6. Sudo is now able to map an AIX 64-bit device number to the corresponding device file in /dev. * Sudo now checks for crypt() returning NULL when performing passwd-based authentication. What's new in Sudo 1.8.6p7? * A time stamp file with the date set to the epoch by "sudo -k" is now completely ignored regardless of what the local clock is set to. Previously, if the local clock was set to a value between the epoch and the time stamp timeout value, a time stamp reset by "sudo -k" would be considered current. * The tty-specific time stamp file now includes the session ID of the sudo process that created it. If a process with the same tty but a different session ID runs sudo, the user will now be prompted for a password (assuming authentication is required for the command). What's new in Sudo 1.8.6p6? * On systems where the controlling tty can be determined via /proc or sysctl(), sudo will no longer fall back to using ttyname() if the process has no controlling tty. This prevents sudo from using a non-controlling tty for logging and time stamp purposes. What's new in Sudo 1.8.6p5? * Fixed a potential crash in visudo's alias cycle detection. * Improved performance on Solaris when retrieving the group list for the target user. On systems with a large number of groups where the group database is not local (NIS, LDAP, AD), fetching the group list could take a minute or more. What's new in Sudo 1.8.6p4? * The -fstack-protector is now used when linking visudo, sudoreplay and testsudoers. * Avoid building PIE binaries on FreeBSD/ia64 as they don't run properly. * Fixed a crash in visudo strict mode when an unknown Defaults setting is encountered. * Do not inform the user that the command was not permitted by the policy if they do not successfully authenticate. This is a regression introduced in sudo 1.8.6. * Allow sudo to be build with sss support without also including ldap support. * Fix running commands that need the terminal in the background when I/O logging is enabled. E.g. "sudo vi &". When the command is foregrounded, it will now resume properly. What's new in Sudo 1.8.6p3? * Fixed post-processing of the man pages on systems with legacy versions of sed. * Fixed "sudoreplay -l" on Linux systems with file systems that set DT_UNKNOWN in the d_type field of struct dirent. What's new in Sudo 1.8.6p2? * Fixed suspending a command after it has already been resumed once when I/O logging (or use_pty) is not enabled. This was a regression introduced in version 1.8.6. What's new in Sudo 1.8.6p1? * Fixed the setting of LOGNAME, USER and USERNAME variables in the command's environment when env_reset is enabled (the default). This was a regression introduced in version 1.8.6. * Sudo now honors SUCCESS=return in /etc/nsswitch.conf. What's new in Sudo 1.8.6? * Sudo is now built with the -fstack-protector flag if the the compiler supports it. Also, the -zrelro linker flag is used if supported. The --disable-hardening configure option can be used to build sudo without stack smashing protection. * Sudo is now built as a Position Independent Executable (PIE) if supported by the compiler and linker. * If the user is a member of the "exempt" group in sudoers, they will no longer be prompted for a password even if the -k flag is specified with the command. This makes "sudo -k command" consistent with the behavior one would get if the user ran "sudo -k" immediately before running the command. * The sudoers file may now be a symbolic link. Previously, sudo would refuse to read sudoers unless it was a regular file. * The sudoreplay command can now properly replay sessions where no tty was present. * The sudoers plugin now takes advantage of symbol visibility controls when supported by the compiler or linker. As a result, only a small number of symbols are exported which significantly reduces the chances of a conflict with other shared objects. * Improved support for the Tivoli Directory Server LDAP client libraries. This includes support for using LDAP over SSL (ldaps) as well as support for the BIND_TIMELIMIT, TLS_KEY and TLS_CIPHERS ldap.conf options. A new ldap.conf option, TLS_KEYPW can be used to specify a password to decrypt the key database. * When constructing a time filter for use with LDAP sudoNotBefore and sudoNotAfter attributes, the current time now includes tenths of a second. This fixes a problem with timed entries on Active Directory. * If a user fails to authenticate and the command would be rejected by sudoers, it is now logged with "command not allowed" instead of "N incorrect password attempts". Likewise, the "mail_no_perms" sudoers option now takes precedence over "mail_badpass". * The sudo manuals are now formatted using the mdoc macros. Versions using the legacy man macros are provided for systems that lack mdoc. * New support for Solaris privilege sets. This makes it possible to specify fine-grained privileges in the sudoers file on Solaris 10 and above. A Runas_Spec that contains no Runas_Lists can be used to give a user the ability to run a command as themselves but with an expanded privilege set. * Fixed a problem with the reboot and shutdown commands on some systems (such as HP-UX and BSD). On these systems, reboot sends all processes (except itself) SIGTERM. When sudo received SIGTERM, it would relay it to the reboot process, thus killing reboot before it had a chance to actually reboot the system. * Support for using the System Security Services Daemon (SSSD) as a source of sudoers data. * Slovenian translation for sudo and sudoers from translationproject.org. * Visudo will now warn about unknown Defaults entries that are per-host, per-user, per-runas or per-command. * Fixed a race condition that could cause sudo to receive SIGTTOU (and stop) when resuming a shell that was run via sudo when I/O logging (and use_pty) is not enabled. * Sending SIGTSTP directly to the sudo process will now suspend the running command when I/O logging (and use_pty) is not enabled. What's new in Sudo 1.8.5p3? * Fixed the loading of I/O plugins that conform to a plugin API version older than 1.2. What's new in Sudo 1.8.5p2? * Fixed use of the SUDO_ASKPASS environment variable which was broken in Sudo 1.8.5. * Fixed a problem reading the sudoers file when the file mode is more restrictive than the expected mode. For example, when the expected sudoers file mode is 0440 but the actual mode is 0400. What's new in Sudo 1.8.5p1? * Fixed a bug that prevented files in an include directory from being evaluated. What's new in Sudo 1.8.5? * When "noexec" is enabled, sudo_noexec.so will now be prepended to any existing LD_PRELOAD variable instead of replacing it. * The sudo_noexec.so shared library now wraps the execvpe(), exect(), posix_spawn() and posix_spawnp() functions. * The user/group/mode checks on sudoers files have been relaxed. As long as the file is owned by the sudoers uid, not world-writable and not writable by a group other than the sudoers gid, the file is considered OK. Note that visudo will still set the mode to the value specified at configure time. * It is now possible to specify the sudoers path, uid, gid and file mode as options to the plugin in the sudo.conf file. * Croatian, Galician, German, Lithuanian, Swedish and Vietnamese translations from translationproject.org. * /etc/environment is no longer read directly on Linux systems when PAM is used. Sudo now merges the PAM environment into the user's environment which is typically set by the pam_env module. * The initial evironment created when env_reset is in effect now includes the contents of /etc/environment on AIX systems and the "setenv" and "path" entries from /etc/login.conf on BSD systems. * The plugin API has been extended in three ways. First, options specified in sudo.conf after the plugin pathname are passed to the plugin's open function. Second, sudo has limited support for hooks that can be used by plugins. Currently, the hooks are limited to environment handling functions. Third, the init_session policy plugin function is passed a pointer to the user environment which can be updated during session setup. The plugin API version has been incremented to version 1.2. See the sudo_plugin manual for more information. * The policy plugin's init_session function is now called by the parent sudo process, not the child process that executes the command. This allows the PAM session to be open and closed in the same process, which some PAM modules require. * Fixed parsing of "Path askpass" and "Path noexec" in sudo.conf, which was broken in version 1.8.4. * On systems with an SVR4-style /proc file system, the /proc/pid/psinfo file is now uses to determine the controlling terminal, if possible. This allows tty-based tickets to work properly even when, e.g. standard input, output and error are redirected to /dev/null. * The output of "sudoreplay -l" is now sorted by file name (or sequence number). Previously, entries were displayed in the order in which they were found on the file system. * Sudo now behaves properly when I/O logging is enabled and the controlling terminal is revoked (e.g. the running sshd is killed). Previously, sudo may have exited without calling the I/O plugin's close function which can lead to an incomplete I/O log. * Sudo can now detect when a user has logged out and back in again on Solaris 11, just like it can on Solaris 10. * The built-in zlib included with Sudo has been upgraded to version 1.2.6. * Setting the SSL parameter to start_tls in ldap.conf now works properly when using Mozilla-based SDKs that support the ldap_start_tls_s() function. * The TLS_CHECKPEER parameter in ldap.conf now works when the Mozilla NSS crypto backend is used with OpenLDAP. * A new group provider plugin, system_group, is included which performs group look ups by name using the system groups database. This can be used to restore the pre-1.7.3 sudo group lookup behavior. What's new in Sudo 1.8.4p5? * Fixed a bug when matching against an IP address with an associated netmask in the sudoers file. In certain circumstances, this could allow users to run commands on hosts they are not authorized for. What's new in Sudo 1.8.4p4? * Fixed a bug introduced in Sudo 1.8.4 which prevented "sudo -v" from working. What's new in Sudo 1.8.4p3? * Fixed a crash on FreeBSD when no tty is present. * Fixed a bug introduced in Sudo 1.8.4 that allowed users to specify environment variables to set on the command line without having sudo "ALL" permissions or the "SETENV" tag. * When visudo is run with the -c (check) option, the sudoers file(s) owner and mode are now also checked unless the -f option was specified. What's new in Sudo 1.8.4p2? * Fixed a bug introduced in Sudo 1.8.4 where insufficient space was allocated for group IDs in the LDAP filter. * Fixed a bug introduced in Sudo 1.8.4 where the path to sudo.conf was "/sudo.conf" instead of "/etc/sudo.conf". * Fixed a bug introduced in Sudo 1.8.4 which could cause a hang when I/O logging is enabled and input is from a pipe or file. What's new in Sudo 1.8.4p1? * Fixed a bug introduced in sudo 1.8.4 that broke adding to or deleting from the env_keep, env_check and env_delete lists in sudoers on some platforms. What's new in Sudo 1.8.4? * The -D flag in sudo has been replaced with a more general debugging framework that is configured in sudo.conf. * Fixed a false positive in visudo strict mode when aliases are in use. * Fixed a crash with "sudo -i" when a runas group was specified without a runas user. * The line on which a syntax error is reported in the sudoers file is now more accurate. Previously it was often off by a line. * Fixed a bug where stack garbage could be printed at the end of the lecture when the "lecture_file" option was enabled. * "make install" now honors the LINGUAS environment variable. * The #include and #includedir directives in sudoers now support relative paths. If the path is not fully qualified it is expected to be located in the same directory of the sudoers file that is including it. * Serbian and Spanish translations for sudo from translationproject.org. * LDAP-based sudoers may now access by group ID in addition to group name. * visudo will now fix the mode on the sudoers file even if no changes are made unless the -f option is specified. * The "use_loginclass" sudoers option works properly again. * On systems that use login.conf, "sudo -i" now sets environment variables based on login.conf. * For LDAP-based sudoers, values in the search expression are now escaped as per RFC 4515. * The plugin close function is now properly called when a login session is killed (as opposed to the actual command being killed). This can happen when an ssh session is disconnected or the terminal window is closed. * The deprecated "noexec_file" sudoers option is no longer supported. * Fixed a race condition when I/O logging is not enabled that could result in tty-generated signals (e.g. control-C) being received by the command twice. * If none of the standard input, output or error are connected to a tty device, sudo will now check its parent's standard input, output or error for the tty name on systems with /proc and BSD systems that support the KERN_PROC_PID sysctl. This allows tty-based tickets to work properly even when, e.g. standard input, output and error are redirected to /dev/null. * Added the --enable-kerb5-instance configure option to allow people using Kerberos V authentication to specify a custom instance so the principal name can be, e.g. "username/sudo" similar to how ksu uses "username/root". * Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in the results, which would be incorrectly be interpreted as if the sudoers file had specified a directory. * "visudo -c" will now list any include files that were checked in addition to the main sudoers file when everything parses OK. * Users that only have read-only access to the sudoers file may now run "visudo -c". Previously, write permissions were required even though no writing is down in check-only mode. * It is now possible to prevent the disabling of core dumps from within sudo itself by adding a line to the sudo.conf file like "Set disable_coredump false". What's new in Sudo 1.8.3p2? * Fixed a format string vulnerability when the sudo binary (or a symbolic link to the sudo binary) contains printf format escapes and the -D (debugging) flag is used. What's new in Sudo 1.8.3p1? * Fixed a crash in the monitor process on Solaris when NOPASSWD was specified or when authentication was disabled. * Fixed matching of a Runas_Alias in the group section of a Runas_Spec. What's new in Sudo 1.8.3? * Fixed expansion of strftime() escape sequences in the "log_dir" sudoers setting. * Esperanto, Italian and Japanese translations from translationproject.org. * Sudo will now use PAM by default on AIX 6 and higher. * Added --enable-werror configure option for gcc's -Werror flag. * Visudo no longer assumes all editors support the +linenumber command line argument. It now uses a whitelist of editors known to support the option. * Fixed matching of network addresses when a netmask is specified but the address is not the first one in the CIDR block. * The configure script now check whether or not errno.h declares the errno variable. Previously, sudo would always declare errno itself for older systems that don't declare it in errno.h. * The NOPASSWD tag is now honored for denied commands too, which matches historic sudo behavior (prior to sudo 1.7.0). * Sudo now honors the "DEREF" setting in ldap.conf which controls how alias dereferencing is done during an LDAP search. * A symbol conflict with the pam_ssh_agent_auth PAM module that would cause a crash been resolved. * The inability to load a group provider plugin is no longer a fatal error. * A potential crash in the utmp handling code has been fixed. * Two PAM session issues have been resolved. In previous versions of sudo, the PAM session was opened as one user and closed as another. Additionally, if no authentication was performed, the PAM session would never be closed. * Sudo will now work correctly with LDAP-based sudoers using TLS or SSL on Debian systems. * The LOGNAME, USER and USERNAME environment variables are preserved correctly again in sudoedit mode. What's new in Sudo 1.8.2? * Sudo, visudo, sudoreplay and the sudoers plug-in now have natural language support (NLS). This can be disabled by passing configure the --disable-nls option. Sudo will use gettext(), if available, to display translated messages. All translations are coordinated via The Translation Project, http://translationproject.org/. * Plug-ins are now loaded with the RTLD_GLOBAL flag instead of RTLD_LOCAL. This fixes missing symbol problems in PAM modules on certain platforms, such as FreeBSD and SuSE Linux Enterprise. * I/O logging is now supported for commands run in background mode (using sudo's -b flag). * Group ownership of the sudoers file is now only enforced when the file mode on sudoers allows group readability or writability. * Visudo now checks the contents of an alias and warns about cycles when the alias is expanded. * If the user specifies a group via sudo's -g option that matches the target user's group in the password database, it is now allowed even if no groups are present in the Runas_Spec. * The sudo Makefiles now have more complete dependencies which are automatically generated instead of being maintained manually. * The "use_pty" sudoers option is now correctly passed back to the sudo front end. This was missing in previous versions of sudo 1.8 which prevented "use_pty" from being honored. * "sudo -i command" now works correctly with the bash version 2.0 and higher. Previously, the .bash_profile would not be sourced prior to running the command unless bash was built with NON_INTERACTIVE_LOGIN_SHELLS defined. * When matching groups in the sudoers file, sudo will now match based on the name of the group instead of the group ID. This can substantially reduce the number of group lookups for sudoers files that contain a large number of groups. * Multi-factor authentication is now supported on AIX. * Added support for non-RFC 4517 compliant LDAP servers that require that seconds be present in a timestamp, such as Tivoli Directory Server. * If the group vector is to be preserved, the PATH search for the command is now done with the user's original group vector. * For LDAP-based sudoers, the "runas_default" sudoOption now works properly in a sudoRole that contains a sudoCommand. * Spaces in command line arguments for "sudo -s" and "sudo -i" are now escaped with a backslash when checking the security policy. What's new in Sudo 1.8.1p2? * Two-character CIDR-style IPv4 netmasks are now matched correctly in the sudoers file. * A build error with MIT Kerberos V has been resolved. * A crash on HP-UX in the sudoers plugin when wildcards are present in the sudoers file has been resolved. * Sudo now works correctly on Tru64 Unix again. What's new in Sudo 1.8.1p1? * Fixed a problem on AIX where sudo was unable to set the final uid if the PAM module modified the effective uid. * A non-existent includedir is now treated the same as an empty directory and not reported as an error. * Removed extraneous parens in LDAP filter when sudoers_search_filter is enabled that can cause an LDAP search error. * Fixed a "make -j" problem for "make install". What's new in Sudo 1.8.1? * A new LDAP setting, sudoers_search_filter, has been added to ldap.conf. This setting can be used to restrict the set of records returned by the LDAP query. Based on changes from Matthew Thomas. * White space is now permitted within a User_List when used in conjunction with a per-user Defaults definition. * A group ID (%#gid) may now be specified in a User_List or Runas_List. Likewise, for non-Unix groups the syntax is %:#gid. * Support for double-quoted words in the sudoers file has been fixed. The change in 1.7.5 for escaping the double quote character caused the double quoting to only be available at the beginning of an entry. * The fix for resuming a suspended shell in 1.7.5 caused problems with resuming non-shells on Linux. Sudo will now save the process group ID of the program it is running on suspend and restore it when resuming, which fixes both problems. * A bug that could result in corrupted output in "sudo -l" has been fixed. * Sudo will now create an entry in the utmp (or utmpx) file when allocating a pseudo-tty (e.g. when logging I/O). The "set_utmp" and "utmp_runas" sudoers file options can be used to control this. Other policy plugins may use the "set_utmp" and "utmp_user" entries in the command_info list. * The sudoers policy now stores the TSID field in the logs even when the "iolog_file" sudoers option is defined to a value other than %{sessid}. Previously, the TSID field was only included in the log file when the "iolog_file" option was set to its default value. * The sudoreplay utility now supports arbitrary session IDs. Previously, it would only work with the base-36 session IDs that the sudoers plugin uses by default. * Sudo now passes "run_shell=true" to the policy plugin in the settings list when sudo's -s command line option is specified. The sudoers policy plugin uses this to implement the "set_home" sudoers option which was missing from sudo 1.8.0. * The "noexec" functionality has been moved out of the sudoers policy plugin and into the sudo front-end, which matches the behavior documented in the plugin writer's guide. As a result, the path to the noexec file is now specified in the sudo.conf file instead of the sudoers file. * On Solaris 10, the PRIV_PROC_EXEC privilege is now used to implement the "noexec" feature. Previously, this was implemented via the LD_PRELOAD environment variable. * The exit values for "sudo -l", "sudo -v" and "sudo -l command" have been fixed in the sudoers policy plugin. * The sudoers policy plugin now passes the login class, if any, back to the sudo front-end. * The sudoers policy plugin was not being linked with requisite libraries in certain configurations. * Sudo now parses command line arguments before loading any plugins. This allows "sudo -V" or "sudo -h" to work even if there is a problem with sudo.conf * Plugins are now linked with the static version of libgcc to allow the plugin to run on a system where no shared libgcc is installed, or where it is installed in a different location. What's new in Sudo 1.8.0? * Sudo has been refactored to use a modular framework that can support third-party policy and I/O logging plugins. The default plugin is "sudoers" which provides the traditional sudo functionality. See the sudo_plugin manual for details on the plugin API and the sample in the plugins directory for a simple example. What's new in Sudo 1.7.5? * When using visudo in check mode, a file named "-" may be used to check sudoers data on the standard input. * Sudo now only fetches shadow password entries when using the password database directly for authentication. * Password and group entries are now cached using the same key that was used to look them up. This fixes a problem when looking up entries by name if the name in the retrieved entry does not match the name used to look it up. This may happen on some systems that do case insensitive lookups or that truncate long names. * GCC will no longer display warnings on glibc systems that use the warn_unused_result attribute for write(2) and other system calls. * If a PAM account management module denies access, sudo now prints a more useful error message and stops trying to validate the user. * Fixed a potential hang on idle systems when the sudo-run process exits immediately. * Sudo now includes a copy of zlib that will be used on systems that do not have zlib installed. * The --with-umask-override configure flag has been added to enable the "umask_override" sudoers Defaults option at build time. * Sudo now unblocks all signals on startup to avoid problems caused by the parent process changing the default signal mask. * LDAP Sudoers entries may now specify a time period for which the entry is valid. This requires an updated sudoers schema that includes the sudoNotBefore and sudoNotAfter attributes. Support for timed entries must be explicitly enabled in the ldap.conf file. Based on changes from Andreas Mueller. * LDAP Sudoers entries may now specify a sudoOrder attribute that determines the order in which matching entries are applied. The last matching entry is used, just like file-based sudoers. This requires an updated sudoers schema that includes the sudoOrder attribute. Based on changes from Andreas Mueller. * When run as sudoedit, or when given the -e flag, sudo now treats command line arguments as pathnames. This means that slashes in the sudoers file entry must explicitly match slashes in the command line arguments. As a result, and entry such as: user ALL = sudoedit /etc/* will allow editing of /etc/motd but not /etc/security/default. * NETWORK_TIMEOUT is now an alias for BIND_TIMELIMIT in ldap.conf for compatibility with OpenLDAP configuration files. * The LDAP API TIMEOUT parameter is now honored in ldap.conf. * The I/O log directory may now be specified in the sudoers file. * Sudo will no longer refuse to run if the sudoers file is writable by root. * Sudo now performs command line escaping for "sudo -s" and "sudo -i" after validating the command so the sudoers entries do not need to include the backslashes. * Logging and email sending are now done in the locale specified by the "sudoers_locale" setting ("C" by default). Email send by sudo now includes MIME headers when "sudoers_locale" is not "C". * The configure script has a new option, --disable-env-reset, to allow one to change the default for the sudoers Default setting "env_reset" at compile time. * When logging "sudo -l command", sudo will now prepend "list " to the command in the log line to distinguish between an actual command invocation in the logs. * Double-quoted group and user names may now include escaped double quotes as part of the name. Previously this was a parse error. * Sudo once again restores the state of the signal handlers it modifies before executing the command. This allows sudo to be used with the nohup command. * Resuming a suspended shell now works properly when I/O logging is not enabled (the I/O logging case was already correct). What's new in Sudo 1.7.4p6? * A bug has been fixed in the I/O logging support that could cause visual artifacts in full-screen programs such as text editors. What's new in Sudo 1.7.4p5? * A bug has been fixed that would allow a command to be run without the user entering a password when sudo's -g flag is used without the -u flag. * If user has no supplementary groups, sudo will now fall back on checking the group file explicitly, which restores historic sudo behavior. * A crash has been fixed when sudo's -g flag is used without the -u flag and the sudoers file contains an entry with no runas user or group listed. * A crash has been fixed when the Solaris project support is enabled and sudo's -g flag is used without the -u flag. * Sudo no longer exits with an error when support for auditing is compiled in but auditing is not enabled. * Fixed a bug introduced in sudo 1.7.3 where the ticket file was not being honored when the "targetpw" sudoers Defaults option was enabled. * The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly. * A crash has been fixed in "sudo -l" when sudo is built with auditing support and the user is not allowed to run any commands on the host. What's new in Sudo 1.7.4p4? * A potential security issue has been fixed with respect to the handling of sudo's -g command line option when -u is also specified. The flaw may allow an attacker to run commands as a user that is not authorized by the sudoers file. * A bug has been fixed where "sudo -l" output was incomplete if multiple sudoers sources were defined in nsswitch.conf and there was an error querying one of the sources. * The log_input, log_output, and use_pty sudoers options now work correctly on AIX. Previously, sudo would hang if they were enabled. * The "make install" target now works correctly when sudo is built in a directory other than the source directory. * The "runas_default" sudoers setting now works properly in a per-command Defaults line. * Suspending and resuming the bash shell when PAM is in use now works correctly. The SIGCONT signal was not propagated to the child process. What's new in Sudo 1.7.4p3? * A bug has been fixed where duplicate HOME environment variables could be present when the env_reset setting was disabled and the always_set_home setting was enabled in sudoers. * The value of sysconfdir is now substituted into the path to the sudoers.d directory in the installed sudoers file. * Compilation problems on IRIX and other platforms have been fixed. * If multiple PAM "auth" actions are specified and the user enters ^C at the password prompt, sudo will no longer prompt for a password for any subsequent "auth" actions. Previously it was necessary to enter ^C for each "auth" action. What's new in Sudo 1.7.4p2? * A bug where sudo could spin in a busy loop waiting for the child process has been fixed. What's new in Sudo 1.7.4p1? * A bug introduced in sudo 1.7.3 that prevented the -k and -K options from functioning when the tty_tickets sudoers option is enabled has been fixed. * Sudo no longer prints a warning when the -k or -K options are specified and the ticket file does not exist. * It is now easier to cross-compile sudo. What's new in Sudo 1.7.4? * Sudoedit will now preserve the file extension in the name of the temporary file being edited. The extension is used by some editors (such as emacs) to choose the editing mode. * Time stamp files have moved from /var/run/sudo to either /var/db/sudo, /var/lib/sudo or /var/adm/sudo. The directories are checked for existence in that order. This prevents users from receiving the sudo lecture every time the system reboots. Time stamp files older than the boot time are ignored on systems where it is possible to determine this. * The tty_tickets sudoers option is now enabled by default. * Ancillary documentation (README files, LICENSE, etc) is now installed in a sudo documentation directory. * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile" in ldap.conf. * Defaults settings that are tied to a user, host or command may now include the negation operator. For example: Defaults:!millert lecture will match any user but millert. * The default PATH environment variable, used when no PATH variable exists, now includes /usr/sbin and /sbin. * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/) for cross-platform packing. * On Linux, sudo will now restore the nproc resource limit before executing a command, unless the limit appears to have been modified by pam_limits. This avoids a problem with bash scripts that open more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX) will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1). * The HOME and MAIL environment variables are now reset based on the target user's password database entry when the env_reset sudoers option is enabled (which is the case in the default configuration). Users wishing to preserve the original values should use a sudoers entry like: Defaults env_keep += HOME to preserve the old value of HOME and Defaults env_keep += MAIL to preserve the old value of MAIL. * Fixed a problem in the restoration of the AIX authdb registry setting. * Sudo will now fork(2) and wait until the command has completed before calling pam_close_session(). * The default syslog facility is now "authpriv" if the operating system supports it, else "auth". What's new in Sudo 1.7.3? * Support for logging I/O for the command being run. For more information, see the documentation for the "log_input" and "log_output" Defaults options in the sudoers manual. Also see the sudoreplay manual for how to replay I/O log sessions. * The use_pty sudoers option can be used to force a command to be run in a pseudo-pty, even when I/O logging is not enabled. * On some systems, sudo can now detect when a user has logged out and back in again when tty-based time stamps are in use. Supported systems include Solaris systems with the devices file system, Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys only). * On AIX systems, the registry setting in /etc/security/user is now taken into account when looking up users and groups. Sudo now applies the correct the user and group ids when running a command as a user whose account details come from a different source (e.g. LDAP or DCE vs. local files). * Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf. When multiple entries are listed, sudo will try each one in the order in which they are specified. * Sudo's SELinux support should now function correctly when running commands as a non-root user and when one of stdin, stdout or stderr is not a terminal. * Sudo will now use the Linux audit system with configure with the --with-linux-audit flag. * Sudo now uses mbr_check_membership() on systems that support it to determine group membership. Currently, only Darwin (Mac OS X) supports this. * When the tty_tickets sudoers option is enabled but there is no terminal device, sudo will no longer use or create a tty-based ticket file. Previously, sudo would use a tty name of "unknown". As a consequence, if a user has no terminal device, sudo will now always prompt for a password. * The passwd_timeout and timestamp_timeout options may now be specified as floating point numbers for more granular timeout values. * Negating the fqdn option in sudoers now works correctly when sudo is configured with the --with-fqdn option. In previous versions of sudo the fqdn was set before sudoers was parsed. What's new in Sudo 1.7.2? * A new #includedir directive is available in sudoers. This can be used to implement an /etc/sudo.d directory. Files in an includedir are not edited by visudo unless they contain a syntax error. * The -g option did not work properly when only setting the group (and not the user). Also, in -l mode the wrong user was displayed for sudoers entries where only the group was allowed to be set. * Fixed a problem with the alias checking in visudo which could prevent visudo from exiting. * Sudo will now correctly parse the shell-style /etc/environment file format used by pam_env on Linux. * When doing password and group database lookups, sudo will only cache an entry by name or by id, depending on how the entry was looked up. Previously, sudo would cache by both name and id from a single lookup, but this breaks sites that have multiple password or group database names that map to the same uid or gid. * User and group names in sudoers may now be enclosed in double quotes to avoid having to escape special characters. * BSM audit fixes when changing to a non-root uid. * Experimental non-Unix group support. Currently only works with Quest Authorization Services and allows Active Directory groups fixes for Minix-3. * For Netscape/Mozilla-derived LDAP SDKs the certificate and key paths may be specified as a directory or a file. However, version 5.0 of the SDK only appears to support using a directory (despite documentation to the contrary). If SSL client initialization fails and the certificate or key paths look like they could be default file name, strip off the last path element and try again. * A setenv() compatibility fix for Linux systems, where a NULL value is treated the same as an empty string and the variable name is checked against the NULL pointer. What's new in Sudo 1.7.1? * A new Defaults option "pwfeedback" will cause sudo to provide visual feedback when the user is entering a password. * A new Defaults option "fast_glob" will cause sudo to use the fnmatch() function for file name globbing instead of glob(). When this option is enabled, sudo will not check the file system when expanding wildcards. This is faster but a side effect is that relative paths with wildcard will no longer work. * New BSM audit support for systems that support it such as FreeBSD and Mac OS X. * The file name specified with the #include directive may now include a %h escape which is expanded to the short form of hostname. * The -k flag may now be specified along with a command, causing the user's timestamp file to be ignored. * New support for Tivoli-based LDAP START_TLS, present in AIX. * New support for /etc/netsvc.conf on AIX. * The unused alias checks in visudo now handle the case of an alias referring to another alias. What's new in Sudo 1.7.0? * Rewritten parser that converts sudoers into a set of data structures. This eliminates a number of ordering issues and makes it possible to apply sudoers Defaults entries before searching for the command. It also adds support for per-command Defaults specifications. * Sudoers now supports a #include facility to allow the inclusion of other sudoers-format files. * Sudo's -l (list) flag has been enhanced: o applicable Defaults options are now listed o a command argument can be specified for testing whether a user may run a specific command. o a new -U flag can be used in conjunction with "sudo -l" to allow root (or a user with "sudo ALL") list another user's privileges. * A new -g flag has been added to allow the user to specify a primary group to run the command as. The sudoers syntax has been extended to include a group section in the Runas specification. * A uid may now be used anywhere a username is valid. * The "secure_path" run-time Defaults option has been restored. * Password and group data is now cached for fast lookups. * The file descriptor at which sudo starts closing all open files is now configurable via sudoers and, optionally, the command line. * Visudo will now warn about aliases that are defined but not used. * The -i and -s command line flags now take an optional command to be run via the shell. Previously, the argument was passed to the shell as a script to run. * Improved LDAP support. SASL authentication may now be used in conjunction when connecting to an LDAP server. The krb5_ccname parameter in ldap.conf may be used to enable Kerberos. * Support for /etc/nsswitch.conf. LDAP users may now use nsswitch.conf to specify the sudoers order. E.g.: sudoers: ldap files to check LDAP, then /etc/sudoers. The default is "files", even when LDAP support is compiled in. This differs from sudo 1.6 where LDAP was always consulted first. * Support for /etc/environment on AIX and Linux. If sudo is run with the -i flag, the contents of /etc/environment are used to populate the new environment that is passed to the command being run. * If no terminal is available or if the new -A flag is specified, sudo will use a helper program to read the password if one is configured. Typically, this is a graphical password prompter such as ssh-askpass. * A new Defaults option, "mailfrom" that sets the value of the "From:" field in the warning/error mail. If unspecified, the login name of the invoking user is used. * A new Defaults option, "env_file" that refers to a file containing environment variables to be set in the command being run. * A new flag, -n, may be used to indicate that sudo should not prompt the user for a password and, instead, exit with an error if authentication is required. * If sudo needs to prompt for a password and it is unable to disable echo (and no askpass program is defined), it will refuse to run unless the "visiblepw" Defaults option has been specified. * Prior to version 1.7.0, hitting enter/return at the Password: prompt would exit sudo. In sudo 1.7.0 and beyond, this is treated as an empty password. To exit sudo, the user must press ^C or ^D at the prompt. * visudo will now check the sudoers file owner and mode in -c (check) mode when the -s (strict) flag is specified. * A new Defaults option "umask_override" will cause sudo to set the umask specified in sudoers even if it is more permissive than the invoking user's umask. sudo-1.8.9p5/README010064400175440000012000000060711226304127600132330ustar00millertstaffThe sudo philosophy =================== Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Where to find sudo ================== Before you try and build sudo, *please* make sure you have the current version. The latest sudo may always be gotten via anonymous ftp from ftp.sudo.ws in the directory /pub/sudo/ or from the sudo web site, http://www.sudo.ws/ The distribution is sudo-M.m.tar.gz where `M' is the major version number and `m' is the minor version number. BETA versions of sudo may also be available. If you join the `sudo-workers' mailing list you will get the BETA announcements (see the `Mailing lists' section below). What's new ========== See the NEWS file for a list of major changes in this release. For a complete list of changes, see the ChangeLog file. For a summary of major changes to the current stable release, see the web page, http://www.sudo.ws/sudo/stable.html. If you are upgrading from an earlier version of Sudo, please see the UPGRADE file in the doc directory. For a history of sudo please see the HISTORY file in the doc directory. You can find a list of contributors to sudo in the doc/CONTRIBUTORS file. Building the release ==================== Please read the installation guide in the `INSTALL' file before trying to build sudo. Pay special attention to the "OS dependent notes" section. Copyright ========= Sudo is distributed under an ISC-style license. Please refer to the `LICENSE' file included with the release for details. Mailing lists ============= sudo-announce This list receives announcements whenever a new version of sudo is released. http://www.sudo.ws/mailman/listinfo/sudo-announce sudo-users This list is for questions and general discussion about sudo. http://www.sudo.ws/mailman/listinfo/sudo-users sudo-workers This list is for people working on and porting sudo. http://www.sudo.ws/mailman/listinfo/sudo-workers sudo-commits This list receives a message for each commit made to the sudo source repository. http://www.sudo.ws/mailman/listinfo/sudo-commits To subscribe to a list, visit its url (as listed above) and enter your email address to subscribe. Digest versions are available but these are fairly low traffic lists so the digest versions are not a significant win. Mailing list archives are also available. See the mailing list web sites for the appropriate links. Web page ======== There is a sudo web page at http://www.sudo.ws/ that contains an overview of sudo, documentation, downloads, a bug tracker, information about beta versions and other useful info. Bug reports =========== If you have found what you believe to be a bug, you can file a bug report in the sudo bug database, on the web at http://www.sudo.ws/bugs/. Please read over the `TROUBLESHOOTING' file in the doc directory *before* submitting a bug report. When reporting bugs, please be sure to include the version of sudo you are using as well as the platform you are running it on. sudo-1.8.9p5/README.LDAP010064400175440000012000000164001226304126200137420ustar00millertstaffThis file explains how to build the optional LDAP functionality of SUDO to store /etc/sudoers information. This feature is distinct from LDAP passwords. For general sudo LDAP configuration details, see the sudoers.ldap manual that comes with the sudo distribution. A pre-formatted version of the manual may be found in the sudoers.ldap.cat file. The sudo binary compiled with LDAP support should be totally backward compatible and be syntactically and source code equivalent to its non LDAP-enabled build. LDAP philosophy =============== As times change and servers become cheap, an enterprise can easily have 500+ UNIX servers. Using LDAP to synchronize Users, Groups, Hosts, Mounts, and others across an enterprise can greatly reduce the administrative overhead. In the past, sudo has used a single local configuration file, /etc/sudoers. While the same sudoers file can be shared among machines, no built-in mechanism exists to distribute it. Some have attempted to workaround this by synchronizing changes via CVS/RSYNC/RDIST/RCP/SCP and even NFS. By using LDAP for sudoers we gain a centrally administered, globally available configuration source for sudo. For information on OpenLDAP, please see http://www.openldap.org/. Definitions =========== Many times the word 'Directory' is used in the document to refer to the LDAP server, structure and contents. Many times 'options' are used in this document to refer to sudoer 'defaults'. They are one and the same. Build instructions ================== The simplest way to build sudo with LDAP support is to include the '--with-ldap' option. $ ./configure --with-ldap If your ldap libraries and headers are in a non-standard place, you will need to specify them at configure time. E.g. $ ./configure --with-ldap=/usr/local/ldapsdk Sudo is developed using OpenLDAP but Netscape-based LDAP libraries (such as those present in Solaris) are also known to work. Your mileage may vary. Please let the sudo workers mailing list know if special configuration was required to build an LDAP-enabled sudo so we can improve sudo. Schema Changes ============== You must add the appropriate schema to your LDAP server before it can store sudoers content. For OpenLDAP, copy the file schema.OpenLDAP to the schema directory (e.g. /etc/openldap/schema). You must then edit your slapd.conf and add an include line the new schema, e.g. # Sudo LDAP schema include /etc/openldap/schema/sudo.schema In order for sudoRole LDAP queries to be efficient, the server must index the attribute 'sudoUser', e.g. # Indices to maintain index sudoUser eq After making the changes to slapd.conf, restart slapd. For Netscape-derived LDAP servers such as SunONE, iPlanet or Fedora Directory, copy the schema.iPlanet file to the schema directory with the name 99sudo.ldif. On Solaris, schemas are stored in /var/Sun/mps/slapd-`hostname`/config/schema/. For Fedora Directory Server, they are stored in /etc/dirsrv/schema/. After copying the schema file to the appropriate directory, restart the LDAP server. Finally, using an LDAP browser/editor, enable indexing by editing the client profile to provide a Service Search Descriptor (SSD) for sudoers, replacing example.com with your domain: serviceSearchDescriptor: sudoers: ou=sudoers,dc=example,dc=com If using an Active Directory server, copy schema.ActiveDirectory to your Windows domain controller and run the following command: ldifde -i -f schema.ActiveDirectory -c dc=X dc=example,dc=com Importing /etc/sudoers into LDAP ================================ Importing sudoers is a two-step process. Step 1: Ask your LDAP Administrator where to create the ou=SUDOers container. For instance, if using OpenLDAP: dn: ou=SUDOers,dc=example,dc=com objectClass: top objectClass: organizationalUnit ou: SUDOers (An example location is shown below). Then use the provided script to convert your sudoers file into LDIF format. The script will also convert any default options. # SUDOERS_BASE=ou=SUDOers,dc=example,dc=com # export SUDOERS_BASE # ./sudoers2ldif /etc/sudoers > /tmp/sudoers.ldif Step 2: Import into your directory server. The following example is for OpenLDAP. If you are using another directory, provide the LDIF file to your LDAP Administrator. # ldapadd -f /tmp/sudoers.ldif -h ldapserver \ -D cn=Manager,dc=example,dc=com -W -x Step 3: Verify the sudoers LDAP data: # ldapsearch -b "$SUDOERS_BASE" -D cn=Manager,dc=example,dc=com -W -x Managing LDAP entries ===================== Doing a one-time bulk load of your ldap entries is fine. However what if you need to make minor changes on a daily basis? It doesn't make sense to delete and re-add objects. (You can, but this is tedious). I recommend using any of the following LDAP browsers to administer your SUDOers. * GQ - The gentleman's LDAP client - Open Source - I use this a lot on Linux and since it is Schema aware, I don't need to create a sudoRole template. http://biot.com/gq/ * phpQLAdmin - Open Source - phpQLAdmin is an administration tool, originally for QmailLDAP, that supports editing sudoRole objects in version 2.3.2 and higher. http://phpqladmin.com/ * LDAP Browser/Editor - by Jarek Gawor - I use this a lot on Windows and Solaris. It runs anywhere in a Java Virtual Machine including web pages. You have to make a template from an existing sudoRole entry. http://www.iit.edu/~gawojar/ldap http://www.mcs.anl.gov/~gawor/ldap http://ldapmanager.com * Apache Directory Studio - Open Source - an Eclipse-based LDAP development platform. Includes an LDAP browser, and LDIF editor, a schema editor and more. http://directory.apache.org/studio There are dozens of others, some Open Source, some free, some not. Configure your /etc/ldap.conf and /etc/nsswitch.conf ==================================================== The /etc/ldap.conf file is meant to be shared between sudo, pam_ldap, nss_ldap and other ldap applications and modules. IBM Secureway unfortunately uses the same file name but has a different syntax. If you need to change where this file is stored, re-run configure with the --with-ldap-conf-file=PATH option. See the "Configuring ldap.conf" section in the sudoers.ldap manual for a list of supported ldap.conf parameters and an example ldap.conf Make sure you sudoers_base matches the location you specified when you imported the sudoers ldif data. After configuring /etc/ldap.conf, you must add a line in /etc/nsswitch.conf to tell sudo to look in LDAP for sudoers. See the "Configuring nsswitch.conf" section in the sudoers.ldap manual for details. Note that sudo will use /etc/nsswitch.conf even if the underlying operating system does not support it. To disable nsswitch support, run configure with the --with-nsswitch=no option. This will cause sudo to consult LDAP first and /etc/sudoers second, unless the ignore_sudoers_file flag is set in the global LDAP options. Debugging your LDAP configuration ================================= Enable debugging if you believe sudo is not parsing LDAP the way you think it should. Setting the 'sudoers_debug' parameter to a value of 1 shows moderate debugging. A value of 2 shows the results of the matches themselves. Make sure to set the value back to zero so that other users don't get confused by the debugging messages. sudo-1.8.9p5/aclocal.m4010064400175440000012000000130711227416653100142150ustar00millertstaff# generated automatically by aclocal 1.11.6 -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, # 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, # Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. # longlong.m4 serial 17 dnl Copyright (C) 1999-2007, 2009-2012 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. dnl From Paul Eggert. # Define HAVE_LONG_LONG_INT if 'long long int' works. # This fixes a bug in Autoconf 2.61, and can be faster # than what's in Autoconf 2.62 through 2.68. # Note: If the type 'long long int' exists but is only 32 bits large # (as on some very old compilers), HAVE_LONG_LONG_INT will not be # defined. In this case you can treat 'long long int' like 'long int'. AC_DEFUN([AC_TYPE_LONG_LONG_INT], [ AC_REQUIRE([AC_TYPE_UNSIGNED_LONG_LONG_INT]) AC_CACHE_CHECK([for long long int], [ac_cv_type_long_long_int], [ac_cv_type_long_long_int=yes if test "x${ac_cv_prog_cc_c99-no}" = xno; then ac_cv_type_long_long_int=$ac_cv_type_unsigned_long_long_int if test $ac_cv_type_long_long_int = yes; then dnl Catch a bug in Tandem NonStop Kernel (OSS) cc -O circa 2004. dnl If cross compiling, assume the bug is not important, since dnl nobody cross compiles for this platform as far as we know. AC_RUN_IFELSE( [AC_LANG_PROGRAM( [[@%:@include @%:@ifndef LLONG_MAX @%:@ define HALF \ (1LL << (sizeof (long long int) * CHAR_BIT - 2)) @%:@ define LLONG_MAX (HALF - 1 + HALF) @%:@endif]], [[long long int n = 1; int i; for (i = 0; ; i++) { long long int m = n << i; if (m >> i != n) return 1; if (LLONG_MAX / 2 < m) break; } return 0;]])], [], [ac_cv_type_long_long_int=no], [:]) fi fi]) if test $ac_cv_type_long_long_int = yes; then AC_DEFINE([HAVE_LONG_LONG_INT], [1], [Define to 1 if the system has the type 'long long int'.]) fi ]) # Define HAVE_UNSIGNED_LONG_LONG_INT if 'unsigned long long int' works. # This fixes a bug in Autoconf 2.61, and can be faster # than what's in Autoconf 2.62 through 2.68. # Note: If the type 'unsigned long long int' exists but is only 32 bits # large (as on some very old compilers), AC_TYPE_UNSIGNED_LONG_LONG_INT # will not be defined. In this case you can treat 'unsigned long long int' # like 'unsigned long int'. AC_DEFUN([AC_TYPE_UNSIGNED_LONG_LONG_INT], [ AC_CACHE_CHECK([for unsigned long long int], [ac_cv_type_unsigned_long_long_int], [ac_cv_type_unsigned_long_long_int=yes if test "x${ac_cv_prog_cc_c99-no}" = xno; then AC_LINK_IFELSE( [_AC_TYPE_LONG_LONG_SNIPPET], [], [ac_cv_type_unsigned_long_long_int=no]) fi]) if test $ac_cv_type_unsigned_long_long_int = yes; then AC_DEFINE([HAVE_UNSIGNED_LONG_LONG_INT], [1], [Define to 1 if the system has the type 'unsigned long long int'.]) fi ]) # Expands to a C program that can be used to test for simultaneous support # of 'long long' and 'unsigned long long'. We don't want to say that # 'long long' is available if 'unsigned long long' is not, or vice versa, # because too many programs rely on the symmetry between signed and unsigned # integer types (excluding 'bool'). AC_DEFUN([_AC_TYPE_LONG_LONG_SNIPPET], [ AC_LANG_PROGRAM( [[/* For now, do not test the preprocessor; as of 2007 there are too many implementations with broken preprocessors. Perhaps this can be revisited in 2012. In the meantime, code should not expect #if to work with literals wider than 32 bits. */ /* Test literals. */ long long int ll = 9223372036854775807ll; long long int nll = -9223372036854775807LL; unsigned long long int ull = 18446744073709551615ULL; /* Test constant expressions. */ typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll) ? 1 : -1)]; typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1 ? 1 : -1)]; int i = 63;]], [[/* Test availability of runtime routines for shift and division. */ long long int llmax = 9223372036854775807ll; unsigned long long int ullmax = 18446744073709551615ull; return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i) | (llmax / ll) | (llmax % ll) | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i) | (ullmax / ull) | (ullmax % ull));]]) ]) m4_include([m4/ax_check_compile_flag.m4]) m4_include([m4/ax_check_link_flag.m4]) m4_include([m4/ax_func_getaddrinfo.m4]) m4_include([m4/ax_func_snprintf.m4]) m4_include([m4/libtool.m4]) m4_include([m4/ltoptions.m4]) m4_include([m4/ltsugar.m4]) m4_include([m4/ltversion.m4]) m4_include([m4/lt~obsolete.m4]) m4_include([m4/sudo.m4]) sudo-1.8.9p5/autogen.sh010075500175440000012000000007161226304126200143470ustar00millertstaff#!/bin/sh # OpenBSD may have multiple versions of autoconf and automake installed # If the user hasn't chosen one themselves, we do here. if [ "`/usr/bin/uname 2>&1`" = "OpenBSD" ]; then if [ X"$AUTOMAKE_VERSION" = X"" ]; then AUTOMAKE_VERSION=1.11; export AUTOMAKE_VERSION fi if [ X"$AUTOCONF_VERSION" = X"" ]; then AUTOCONF_VERSION=2.69; export AUTOCONF_VERSION fi fi set -ex autoreconf -f -i -v -Wall -I m4 rm -rf autom4te.cache exit 0 sudo-1.8.9p5/common/Makefile.in010064400175440000012000000315441226304127600157130ustar00millertstaff# # Copyright (c) 2011-2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # @configure_input@ # #### Start of system configuration section. #### srcdir = @srcdir@ devdir = @devdir@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ incdir = $(top_srcdir)/include cross_compiling = @CROSS_COMPILING@ # Where to install things... prefix = @prefix@ exec_prefix = @exec_prefix@ bindir = @bindir@ sbindir = @sbindir@ sysconfdir = @sysconfdir@ libexecdir = @libexecdir@ datarootdir = @datarootdir@ localstatedir = @localstatedir@ # Compiler & tools to use CC = @CC@ LIBTOOL = @LIBTOOL@ # C preprocessor flags CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(top_srcdir) @CPPFLAGS@ # Usually -O and/or -g CFLAGS = @CFLAGS@ # PIE flags PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ # Stack smashing protection flags SSP_CFLAGS = @SSP_CFLAGS@ SSP_LDFLAGS = @SSP_LDFLAGS@ # Regression tests TEST_PROGS = conf_test parseln_test hltq_test TEST_LIBS = @LIBS@ @LIBINTL@ ../compat/libreplace.la TEST_LDFLAGS = @LDFLAGS@ # OS dependent defines DEFS = @OSDEFS@ -D_PATH_SUDO_CONF=\"$(sysconfdir)/sudo.conf\" #### End of system configuration section. #### SHELL = @SHELL@ LTOBJS = alloc.lo atobool.lo atoid.lo atomode.lo event.lo fatal.lo fileops.lo \ fmt_string.lo gidlist.lo lbuf.lo progname.lo secure_path.lo \ setgroups.lo sudo_conf.lo sudo_debug.lo sudo_dso.lo sudo_printf.lo \ term.lo ttysize.lo @COMMON_OBJS@ PARSELN_TEST_OBJS = parseln_test.lo locale_stub.lo CONF_TEST_OBJS = conf_test.lo locale_stub.lo HLTQ_TEST_OBJS = hltq_test.lo locale_stub.lo all: libsudo_util.la Makefile: $(srcdir)/Makefile.in (cd $(top_builddir) && ./config.status --file common/Makefile) .SUFFIXES: .c .h .lo .c.lo: $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $< libsudo_util.la: $(LTOBJS) $(LIBTOOL) --mode=link $(CC) -o $@ $(LTOBJS) -no-install conf_test: $(CONF_TEST_OBJS) libsudo_util.la $(LIBTOOL) --mode=link $(CC) -o $@ $(CONF_TEST_OBJS) libsudo_util.la $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) parseln_test: $(PARSELN_TEST_OBJS) libsudo_util.la $(LIBTOOL) --mode=link $(CC) -o $@ $(PARSELN_TEST_OBJS) libsudo_util.la $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) hltq_test: $(HLTQ_TEST_OBJS) libsudo_util.la $(LIBTOOL) --mode=link $(CC) -o $@ $(HLTQ_TEST_OBJS) libsudo_util.la $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) pre-install: install: install-dirs: install-binaries: install-includes: install-doc: install-plugin: uninstall: check: $(TEST_PROGS) @if test X"$(cross_compiling)" != X"yes"; then \ passed=0; failed=0; total=0; \ total=1; \ if ./hltq_test; then \ passed=`expr $$passed + 1`; \ else \ failed=`expr $$failed + 1`; \ fi; \ for dir in sudo_conf sudo_parseln; do \ mkdir -p regress/$$dir; \ for t in $(srcdir)/regress/$$dir/*.in; do \ base=`basename $$t .in`; \ out="regress/$$dir/$$base.out"; \ if test "$$dir" = "sudo_conf"; then \ ./conf_test $$t >$$out; \ else \ ./parseln_test <$$t >$$out; \ fi; \ if cmp $$out $(srcdir)/$$out.ok >/dev/null; then \ passed=`expr $$passed + 1`; \ echo "$$dir/$$base: OK"; \ else \ failed=`expr $$failed + 1`; \ echo "$$dir/$$base: FAIL"; \ diff $$out $(srcdir)/$$out.ok; \ fi; \ total=`expr $$total + 1`; \ done; \ done; \ echo "$$dir: $$passed/$$total tests passed; $$failed/$$total tests failed"; \ exit $$failed; \ fi clean: -$(LIBTOOL) --mode=clean rm -f $(TEST_PROGS) *.lo *.o *.la *.a stamp-* core *.core core.* regress/*/*.out mostlyclean: clean distclean: clean -rm -rf Makefile .libs clobber: distclean realclean: distclean rm -f TAGS tags cleandir: realclean # Autogenerated dependencies, do not modify aix.lo: $(srcdir)/aix.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_util.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/aix.c alloc.lo: $(srcdir)/alloc.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/gettext.h $(incdir)/missing.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/alloc.c atobool.lo: $(srcdir)/atobool.c $(incdir)/missing.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_util.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/atobool.c atoid.lo: $(srcdir)/atoid.c $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_util.h \ $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/atoid.c atomode.lo: $(srcdir)/atomode.c $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_util.h \ $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/atomode.c conf_test.lo: $(srcdir)/regress/sudo_conf/conf_test.c $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_conf.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/sudo_conf/conf_test.c event.lo: $(srcdir)/event.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_event.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/event.c event_poll.lo: $(srcdir)/event_poll.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_event.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/event_poll.c event_select.lo: $(srcdir)/event_select.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_event.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/event_select.c fatal.lo: $(srcdir)/fatal.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/queue.h \ $(incdir)/sudo_plugin.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/fatal.c fileops.lo: $(srcdir)/fileops.c $(incdir)/fileops.h $(incdir)/missing.h \ $(incdir)/sudo_debug.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(top_srcdir)/compat/timespec.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/fileops.c fmt_string.lo: $(srcdir)/fmt_string.c $(incdir)/missing.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_util.h \ $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/fmt_string.c gidlist.lo: $(srcdir)/gidlist.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_util.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/gidlist.c hltq_test.lo: $(srcdir)/regress/tailq/hltq_test.c $(incdir)/fatal.h \ $(incdir)/missing.h $(incdir)/queue.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/tailq/hltq_test.c lbuf.lo: $(srcdir)/lbuf.c $(incdir)/alloc.h $(incdir)/fatal.h $(incdir)/lbuf.h \ $(incdir)/missing.h $(incdir)/sudo_debug.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/lbuf.c locale_stub.lo: $(top_srcdir)/src/locale_stub.c $(incdir)/fatal.h \ $(incdir)/gettext.h $(incdir)/missing.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(top_srcdir)/src/locale_stub.c parseln_test.lo: $(srcdir)/regress/sudo_parseln/parseln_test.c \ $(incdir)/fileops.h $(incdir)/missing.h \ $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/sudo_parseln/parseln_test.c progname.lo: $(srcdir)/progname.c $(incdir)/missing.h $(incdir)/sudo_util.h \ $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/progname.c secure_path.lo: $(srcdir)/secure_path.c $(incdir)/missing.h \ $(incdir)/secure_path.h $(incdir)/sudo_debug.h \ $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/secure_path.c setgroups.lo: $(srcdir)/setgroups.c $(incdir)/missing.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_util.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/setgroups.c sudo_conf.lo: $(srcdir)/sudo_conf.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/secure_path.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudo_conf.c sudo_debug.lo: $(srcdir)/sudo_debug.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudo_debug.c sudo_dso.lo: $(srcdir)/sudo_dso.c $(incdir)/missing.h $(incdir)/sudo_dso.h \ $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudo_dso.c sudo_printf.lo: $(srcdir)/sudo_printf.c $(incdir)/missing.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudo_printf.c term.lo: $(srcdir)/term.c $(incdir)/missing.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_util.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/term.c ttysize.lo: $(srcdir)/ttysize.c $(incdir)/missing.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_util.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/ttysize.c sudo-1.8.9p5/common/aix.c010064400175440000012000000122561226304126200145650ustar00millertstaff/* * Copyright (c) 2008, 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #include #include #include "missing.h" #include "alloc.h" #include "fatal.h" #include "sudo_debug.h" #include "sudo_util.h" #define DEFAULT_TEXT_DOMAIN "sudo" #include "gettext.h" #ifdef HAVE_GETUSERATTR #ifndef HAVE_SETRLIMIT64 # define setrlimit64(a, b) setrlimit(a, b) # define rlimit64 rlimit # define rlim64_t rlim_t # define RLIM64_INFINITY RLIM_INFINITY #endif /* HAVE_SETRLIMIT64 */ #ifndef RLIM_SAVED_MAX # define RLIM_SAVED_MAX RLIM64_INFINITY #endif struct aix_limit { int resource; char *soft; char *hard; int factor; }; static struct aix_limit aix_limits[] = { { RLIMIT_FSIZE, S_UFSIZE, S_UFSIZE_HARD, 512 }, { RLIMIT_CPU, S_UCPU, S_UCPU_HARD, 1 }, { RLIMIT_DATA, S_UDATA, S_UDATA_HARD, 512 }, { RLIMIT_STACK, S_USTACK, S_USTACK_HARD, 512 }, { RLIMIT_RSS, S_URSS, S_URSS_HARD, 512 }, { RLIMIT_CORE, S_UCORE, S_UCORE_HARD, 512 }, { RLIMIT_NOFILE, S_UNOFILE, S_UNOFILE_HARD, 1 } }; static int aix_getlimit(char *user, char *lim, rlim64_t *valp) { int val; debug_decl(aix_getlimit, SUDO_DEBUG_UTIL) if (getuserattr(user, lim, &val, SEC_INT) != 0) debug_return_int(-1); *valp = val; debug_return_int(0); } static void aix_setlimits(char *user) { struct rlimit64 rlim; rlim64_t val; int n; debug_decl(aix_setlimits, SUDO_DEBUG_UTIL) if (setuserdb(S_READ) != 0) fatal(U_("unable to open userdb")); /* * For each resource limit, get the soft/hard values for the user * and set those values via setrlimit64(). Must be run as euid 0. */ for (n = 0; n < sizeof(aix_limits) / sizeof(aix_limits[0]); n++) { /* * We have two strategies, depending on whether or not the * hard limit has been defined. */ if (aix_getlimit(user, aix_limits[n].hard, &val) == 0) { rlim.rlim_max = val == -1 ? RLIM64_INFINITY : val * aix_limits[n].factor; if (aix_getlimit(user, aix_limits[n].soft, &val) == 0) rlim.rlim_cur = val == -1 ? RLIM64_INFINITY : val * aix_limits[n].factor; else rlim.rlim_cur = rlim.rlim_max; /* soft not specd, use hard */ } else { /* No hard limit set, try soft limit, if it exists. */ if (aix_getlimit(user, aix_limits[n].soft, &val) == -1) continue; rlim.rlim_cur = val == -1 ? RLIM64_INFINITY : val * aix_limits[n].factor; /* Set hard limit per AIX /etc/security/limits documentation. */ switch (aix_limits[n].resource) { case RLIMIT_CPU: case RLIMIT_FSIZE: rlim.rlim_max = rlim.rlim_cur; break; case RLIMIT_STACK: rlim.rlim_max = RLIM_SAVED_MAX; break; default: rlim.rlim_max = RLIM64_INFINITY; break; } } (void)setrlimit64(aix_limits[n].resource, &rlim); } enduserdb(); debug_return; } #ifdef HAVE_SETAUTHDB /* * Look up administrative domain for user (SYSTEM in /etc/security/user) and * set it as the default for the process. This ensures that password and * group lookups are made against the correct source (files, NIS, LDAP, etc). */ void aix_setauthdb(char *user) { char *registry; debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL) if (user != NULL) { if (setuserdb(S_READ) != 0) fatal(U_("unable to open userdb")); if (getuserattr(user, S_REGISTRY, ®istry, SEC_CHAR) == 0) { if (setauthdb(registry, NULL) != 0) fatal(U_("unable to switch to registry \"%s\" for %s"), registry, user); } enduserdb(); } debug_return; } /* * Restore the saved administrative domain, if any. */ void aix_restoreauthdb(void) { debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL) if (setauthdb(NULL, NULL) != 0) fatal(U_("unable to restore registry")); debug_return; } #endif void aix_prep_user(char *user, const char *tty) { char *info; int len; debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL) /* set usrinfo, like login(1) does */ len = easprintf(&info, "NAME=%s%cLOGIN=%s%cLOGNAME=%s%cTTY=%s%c", user, '\0', user, '\0', user, '\0', tty ? tty : "", '\0'); (void)usrinfo(SETUINFO, info, len); efree(info); #ifdef HAVE_SETAUTHDB /* set administrative domain */ aix_setauthdb(user); #endif /* set resource limits */ aix_setlimits(user); debug_return; } #endif /* HAVE_GETUSERATTR */ sudo-1.8.9p5/common/alloc.c010064400175440000012000000153501226304126200150740ustar00millertstaff/* * Copyright (c) 1999-2005, 2007, 2010-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRING_H */ #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS) # include #endif /* HAVE_MALLOC_H && !STDC_HEADERS */ #ifdef HAVE_INTTYPES_H # include #endif #include #include "missing.h" #include "alloc.h" #include "fatal.h" #define DEFAULT_TEXT_DOMAIN "sudo" #include "gettext.h" /* * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t * could be signed (as it is on SunOS 4.x). This just means that * emalloc2() and erealloc3() cannot allocate huge amounts on such a * platform but that is OK since sudo doesn't need to do so anyway. */ #ifndef SIZE_MAX # ifdef SIZE_T_MAX # define SIZE_MAX SIZE_T_MAX # else # define SIZE_MAX INT_MAX # endif /* SIZE_T_MAX */ #endif /* SIZE_MAX */ /* * emalloc() calls the system malloc(3) and exits with an error if * malloc(3) fails. */ void * emalloc(size_t size) { void *ptr; if (size == 0) fatalx_nodebug(_("internal error, tried to emalloc(0)")); if ((ptr = malloc(size)) == NULL) fatal_nodebug(NULL); return ptr; } /* * emalloc2() allocates nmemb * size bytes and exits with an error * if overflow would occur or if the system malloc(3) fails. */ void * emalloc2(size_t nmemb, size_t size) { void *ptr; if (nmemb == 0 || size == 0) fatalx_nodebug(_("internal error, tried to emalloc2(0)")); if (nmemb > SIZE_MAX / size) fatalx_nodebug(_("internal error, %s overflow"), "emalloc2()"); size *= nmemb; if ((ptr = malloc(size)) == NULL) fatal_nodebug(NULL); return ptr; } /* * ecalloc() allocates nmemb * size bytes and exits with an error * if overflow would occur or if the system malloc(3) fails. * On success, the allocated space is zero-filled. */ void * ecalloc(size_t nmemb, size_t size) { void *ptr; if (nmemb == 0 || size == 0) fatalx_nodebug(_("internal error, tried to ecalloc(0)")); if (nmemb != 1) { if (nmemb > SIZE_MAX / size) fatalx_nodebug(_("internal error, %s overflow"), "ecalloc()"); size *= nmemb; } if ((ptr = malloc(size)) == NULL) fatal_nodebug(NULL); memset(ptr, 0, size); return ptr; } /* * erealloc() calls the system realloc(3) and exits with an error if * realloc(3) fails. You can call erealloc() with a NULL pointer even * if the system realloc(3) does not support this. */ void * erealloc(void *ptr, size_t size) { if (size == 0) fatalx_nodebug(_("internal error, tried to erealloc(0)")); ptr = ptr ? realloc(ptr, size) : malloc(size); if (ptr == NULL) fatal_nodebug(NULL); return ptr; } /* * erealloc3() realloc(3)s nmemb * size bytes and exits with an error * if overflow would occur or if the system malloc(3)/realloc(3) fails. * You can call erealloc() with a NULL pointer even if the system realloc(3) * does not support this. */ void * erealloc3(void *ptr, size_t nmemb, size_t size) { if (nmemb == 0 || size == 0) fatalx_nodebug(_("internal error, tried to erealloc3(0)")); if (nmemb > SIZE_MAX / size) fatalx_nodebug(_("internal error, %s overflow"), "erealloc3()"); size *= nmemb; ptr = ptr ? realloc(ptr, size) : malloc(size); if (ptr == NULL) fatal_nodebug(NULL); return ptr; } /* * erecalloc() realloc(3)s nmemb * msize bytes and exits with an error * if overflow would occur or if the system malloc(3)/realloc(3) fails. * On success, the new space is zero-filled. You can call erealloc() * with a NULL pointer even if the system realloc(3) does not support this. */ void * erecalloc(void *ptr, size_t onmemb, size_t nmemb, size_t msize) { size_t size; if (nmemb == 0 || msize == 0) fatalx_nodebug(_("internal error, tried to erecalloc(0)")); if (nmemb > SIZE_MAX / msize) fatalx_nodebug(_("internal error, %s overflow"), "erecalloc()"); size = nmemb * msize; ptr = ptr ? realloc(ptr, size) : malloc(size); if (ptr == NULL) fatal_nodebug(NULL); if (nmemb > onmemb) { size = (nmemb - onmemb) * msize; memset((char *)ptr + (onmemb * msize), 0, size); } return ptr; } /* * estrdup() is like strdup(3) except that it exits with an error if * malloc(3) fails. NOTE: unlike strdup(3), estrdup(NULL) is legal. */ char * estrdup(const char *src) { char *dst = NULL; size_t len; if (src != NULL) { len = strlen(src); dst = (char *) emalloc(len + 1); (void) memcpy(dst, src, len); dst[len] = '\0'; } return dst; } /* * estrdup() is like strndup(3) except that it exits with an error if * malloc(3) fails. NOTE: unlike strdup(3), estrdup(NULL) is legal. */ char * estrndup(const char *src, size_t maxlen) { char *dst = NULL; size_t len = 0; if (src != NULL) { while (maxlen != 0 && src[len] != '\0') { len++; maxlen--; } dst = (char *) emalloc(len + 1); (void) memcpy(dst, src, len); dst[len] = '\0'; } return dst; } /* * easprintf() calls vasprintf() and exits with an error if vasprintf() * returns -1 (out of memory). */ int easprintf(char **ret, const char *fmt, ...) { int len; va_list ap; va_start(ap, fmt); len = vasprintf(ret, fmt, ap); va_end(ap); if (len == -1) fatal_nodebug(NULL); return len; } /* * evasprintf() calls vasprintf() and exits with an error if vasprintf() * returns -1 (out of memory). */ int evasprintf(char **ret, const char *format, va_list args) { int len; if ((len = vasprintf(ret, format, args)) == -1) fatal_nodebug(NULL); return len; } sudo-1.8.9p5/common/atobool.c010064400175440000012000000040231226304132000154270ustar00millertstaff/* * Copyright (c) 2010-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include "missing.h" #include "sudo_debug.h" #include "sudo_util.h" int atobool(const char *str) { debug_decl(atobool, SUDO_DEBUG_UTIL) switch (*str) { case '0': case '1': if (str[1] == '\0') debug_return_int(*str - '0'); break; case 'y': case 'Y': if (strcasecmp(str, "yes") == 0) debug_return_int(1); break; case 't': case 'T': if (strcasecmp(str, "true") == 0) debug_return_int(1); break; case 'o': case 'O': if (strcasecmp(str, "on") == 0) debug_return_int(1); if (strcasecmp(str, "off") == 0) debug_return_int(0); break; case 'n': case 'N': if (strcasecmp(str, "no") == 0) debug_return_int(0); break; case 'f': case 'F': if (strcasecmp(str, "false") == 0) debug_return_int(0); break; } debug_return_int(-1); } sudo-1.8.9p5/common/atoid.c010064400175440000012000000061521226304126200151020ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #if defined(HAVE_STDINT_H) # include #elif defined(HAVE_INTTYPES_H) # include #endif #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif #include #include #define DEFAULT_TEXT_DOMAIN "sudo" #include "gettext.h" #include "missing.h" #include "sudo_debug.h" #include "sudo_util.h" /* * Parse a uid/gid in string form. * If sep is non-NULL, it contains valid separator characters (e.g. comma, space) * If endp is non-NULL it is set to the next char after the ID. * On success, returns the parsed ID and clears errstr. * On error, returns 0 and sets errstr. */ id_t atoid(const char *p, const char *sep, char **endp, const char **errstr) { char *ep; id_t rval = 0; bool valid = false; debug_decl(atoid, SUDO_DEBUG_UTIL) if (sep == NULL) sep = ""; errno = 0; if (*p == '-') { long lval = strtol(p, &ep, 10); if (ep != p) { /* check for valid separator (including '\0') */ do { if (*ep == *sep) valid = true; } while (*sep++ != '\0'); } if (!valid) { if (errstr != NULL) *errstr = N_("invalid value"); errno = EINVAL; goto done; } if ((errno == ERANGE && lval == LONG_MAX) || lval > INT_MAX) { errno = ERANGE; if (errstr != NULL) *errstr = N_("value too large"); goto done; } if ((errno == ERANGE && lval == LONG_MIN) || lval < INT_MIN) { errno = ERANGE; if (errstr != NULL) *errstr = N_("value too small"); goto done; } rval = (id_t)lval; } else { unsigned long ulval = strtoul(p, &ep, 10); if (ep != p) { /* check for valid separator (including '\0') */ do { if (*ep == *sep) valid = true; } while (*sep++ != '\0'); } if (!valid) { if (errstr != NULL) *errstr = N_("invalid value"); errno = EINVAL; goto done; } if ((errno == ERANGE && ulval == ULONG_MAX) || ulval > UINT_MAX) { errno = ERANGE; if (errstr != NULL) *errstr = N_("value too large"); goto done; } rval = (id_t)ulval; } if (errstr != NULL) *errstr = NULL; if (endp != NULL) *endp = ep; done: debug_return_int(rval); } sudo-1.8.9p5/common/atomode.c010064400175440000012000000035231227253433400154400ustar00millertstaff/* * Copyright (c) 2013-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #include #define DEFAULT_TEXT_DOMAIN "sudo" #include "gettext.h" #include "missing.h" #include "sudo_debug.h" #include "sudo_util.h" /* * Parse an octal file mode in the range [0, 0777]. * On success, returns the parsed mode and clears errstr. * On error, returns 0 and sets errstr. */ int atomode(const char *cp, const char **errstr) { char *ep; long lval; debug_decl(atomode, SUDO_DEBUG_UTIL) errno = 0; lval = strtol(cp, &ep, 8); if (ep == cp || *ep != '\0') { if (errstr != NULL) *errstr = N_("invalid value"); errno = EINVAL; debug_return_int(0); } if (lval < 0 || lval > 0777) { if (errstr != NULL) *errstr = lval < 0 ? N_("value too small") : N_("value too large"); errno = ERANGE; debug_return_int(0); } if (errstr != NULL) *errstr = NULL; debug_return_int((int)lval); } sudo-1.8.9p5/common/event.c010064400175440000012000000252251226304132000151200ustar00millertstaff/* * Copyright (c) 2013-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif /* HAVE_STDBOOL_H */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include "missing.h" #include "alloc.h" #include "fatal.h" #include "sudo_debug.h" #include "sudo_event.h" /* XXX - use non-exiting allocators? */ struct sudo_event_base * sudo_ev_base_alloc(void) { struct sudo_event_base *base; debug_decl(sudo_ev_base_alloc, SUDO_DEBUG_EVENT) base = ecalloc(1, sizeof(*base)); TAILQ_INIT(&base->events); TAILQ_INIT(&base->timeouts); if (sudo_ev_base_alloc_impl(base) != 0) { efree(base); base = NULL; } debug_return_ptr(base); } void sudo_ev_base_free(struct sudo_event_base *base) { struct sudo_event *ev, *next; debug_decl(sudo_ev_base_free, SUDO_DEBUG_EVENT) /* Remove any existing events before freeing the base. */ TAILQ_FOREACH_SAFE(ev, &base->events, entries, next) { sudo_ev_del(base, ev); } sudo_ev_base_free_impl(base); efree(base); debug_return; } struct sudo_event * sudo_ev_alloc(int fd, short events, sudo_ev_callback_t callback, void *closure) { struct sudo_event *ev; debug_decl(sudo_ev_alloc, SUDO_DEBUG_EVENT) /* XXX - sanity check events value */ ev = ecalloc(1, sizeof(*ev)); ev->fd = fd; ev->events = events; ev->pfd_idx = -1; ev->callback = callback; ev->closure = closure; debug_return_ptr(ev); } void sudo_ev_free(struct sudo_event *ev) { debug_decl(sudo_ev_free, SUDO_DEBUG_EVENT) /* Make sure ev is not in use before freeing it. */ if (ISSET(ev->flags, SUDO_EVQ_INSERTED)) (void)sudo_ev_del(NULL, ev); free(ev); debug_return; } int sudo_ev_add(struct sudo_event_base *base, struct sudo_event *ev, struct timeval *timo, bool tohead) { debug_decl(sudo_ev_add, SUDO_DEBUG_EVENT) /* If no base specified, use existing one. */ if (base == NULL) { if (ev->base == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR, "%s: no base specified", __func__); debug_return_int(-1); } base = ev->base; } /* Only add new events to the events list. */ if (ISSET(ev->flags, SUDO_EVQ_INSERTED)) { /* If event no longer has a timeout, remove from timeouts queue. */ if (timo == NULL && ISSET(ev->flags, SUDO_EVQ_TIMEOUTS)) { sudo_debug_printf(SUDO_DEBUG_INFO, "%s: removing event %p from timeouts queue", __func__, ev); CLR(ev->flags, SUDO_EVQ_TIMEOUTS); TAILQ_REMOVE(&base->timeouts, ev, timeouts_entries); } } else { /* Add event to the base. */ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: adding event %p to base %p", __func__, ev, base); if (ev->events & (SUDO_EV_READ|SUDO_EV_WRITE)) { if (sudo_ev_add_impl(base, ev) != 0) debug_return_int(-1); } ev->base = base; if (tohead) { TAILQ_INSERT_HEAD(&base->events, ev, entries); } else { TAILQ_INSERT_TAIL(&base->events, ev, entries); } SET(ev->flags, SUDO_EVQ_INSERTED); } /* Timeouts can be changed for existing events. */ if (timo != NULL) { struct sudo_event *evtmp; if (ISSET(ev->flags, SUDO_EVQ_TIMEOUTS)) { /* Remove from timeouts list, then add back. */ TAILQ_REMOVE(&base->timeouts, ev, timeouts_entries); } /* Convert to absolute time and insert in sorted order; O(n). */ gettimeofday(&ev->timeout, NULL); ev->timeout.tv_sec += timo->tv_sec; ev->timeout.tv_usec += timo->tv_usec; TAILQ_FOREACH(evtmp, &base->timeouts, timeouts_entries) { if (timevalcmp(timo, &evtmp->timeout, <)) break; } if (evtmp != NULL) { TAILQ_INSERT_BEFORE(evtmp, ev, timeouts_entries); } else { TAILQ_INSERT_TAIL(&base->timeouts, ev, timeouts_entries); } SET(ev->flags, SUDO_EVQ_TIMEOUTS); } debug_return_int(0); } int sudo_ev_del(struct sudo_event_base *base, struct sudo_event *ev) { debug_decl(sudo_ev_del, SUDO_DEBUG_EVENT) /* Make sure event is really in the queue. */ if (!ISSET(ev->flags, SUDO_EVQ_INSERTED)) { sudo_debug_printf(SUDO_DEBUG_INFO, "%s: event %p not in queue", __func__, ev); debug_return_int(0); } /* Check for event base mismatch, if one is specified. */ if (base == NULL) { if (ev->base == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR, "%s: no base specified", __func__); debug_return_int(-1); } base = ev->base; } else if (base != ev->base) { sudo_debug_printf(SUDO_DEBUG_ERROR, "%s: mismatch base %p, ev->base %p", __func__, base, ev->base); debug_return_int(-1); } sudo_debug_printf(SUDO_DEBUG_INFO, "%s: removing event %p from base %p", __func__, ev, base); /* Call backend. */ if (ev->events & (SUDO_EV_READ|SUDO_EV_WRITE)) { if (sudo_ev_del_impl(base, ev) != 0) debug_return_int(-1); } /* Unlink from event list. */ TAILQ_REMOVE(&base->events, ev, entries); /* Unlink from timeouts list. */ if (ISSET(ev->flags, SUDO_EVQ_TIMEOUTS)) TAILQ_REMOVE(&base->timeouts, ev, timeouts_entries); /* Unlink from active list and update base pointers as needed. */ if (ISSET(ev->flags, SUDO_EVQ_ACTIVE)) TAILQ_REMOVE(&base->active, ev, active_entries); /* Mark event unused. */ ev->flags = 0; ev->pfd_idx = -1; debug_return_int(0); } /* * Run main event loop. * Returns 0 on success, 1 if no events registered and -1 on error */ int sudo_ev_loop(struct sudo_event_base *base, int flags) { struct timeval now; struct sudo_event *ev; int nready, rc = 0; debug_decl(sudo_ev_loop, SUDO_DEBUG_EVENT) /* * If sudo_ev_loopexit() was called when events were not running * the next invocation of sudo_ev_loop() only runs once. * All other base flags are ignored unless we are running events. */ if (ISSET(base->flags, SUDO_EVBASE_LOOPEXIT)) SET(flags, SUDO_EVLOOP_ONCE); base->flags = 0; for (;;) { rescan: /* Make sure we have some events. */ if (TAILQ_EMPTY(&base->events)) { rc = 1; break; } /* Call backend to scan for I/O events. */ TAILQ_INIT(&base->active); nready = sudo_ev_scan_impl(base, flags); switch (nready) { case -1: if (errno == EINTR || errno == ENOMEM) continue; rc = -1; goto done; case 0: /* Timed out, activate timeout events. */ gettimeofday(&now, NULL); while ((ev = TAILQ_FIRST(&base->timeouts)) != NULL) { if (timevalcmp(&ev->timeout, &now, >)) break; /* Remove from timeouts list. */ CLR(ev->flags, SUDO_EVQ_TIMEOUTS); TAILQ_REMOVE(&base->timeouts, ev, timeouts_entries); /* Make event active. */ ev->revents = SUDO_EV_TIMEOUT; TAILQ_INSERT_TAIL(&base->active, ev, active_entries); SET(ev->flags, SUDO_EVQ_ACTIVE); } break; default: /* I/O events active, sudo_ev_scan_impl() already added them. */ break; } /* * Service each event in the active queue. * We store the current event pointer in the base so that * it can be cleared by sudo_ev_del(). This prevents a use * after free if the callback frees its own event. */ while ((ev = TAILQ_FIRST(&base->active)) != NULL) { /* Pop first event off the active queue. */ CLR(ev->flags, SUDO_EVQ_ACTIVE); TAILQ_REMOVE(&base->active, ev, active_entries); /* Remove from base unless persistent. */ if (!ISSET(ev->events, SUDO_EV_PERSIST)) sudo_ev_del(base, ev); ev->callback(ev->fd, ev->revents, ev->closure == sudo_ev_self_cbarg() ? ev : ev->closure); if (ISSET(base->flags, SUDO_EVBASE_LOOPBREAK)) { /* Stop processing events immediately. */ SET(base->flags, SUDO_EVBASE_GOT_BREAK); while ((ev = TAILQ_FIRST(&base->active)) != NULL) { CLR(ev->flags, SUDO_EVQ_ACTIVE); TAILQ_REMOVE(&base->active, ev, active_entries); } goto done; } if (ISSET(base->flags, SUDO_EVBASE_LOOPCONT)) { /* Rescan events and start polling again. */ CLR(base->flags, SUDO_EVBASE_LOOPCONT); if (!ISSET(flags, SUDO_EVLOOP_ONCE)) { while ((ev = TAILQ_FIRST(&base->active)) != NULL) { CLR(ev->flags, SUDO_EVQ_ACTIVE); TAILQ_REMOVE(&base->active, ev, active_entries); } goto rescan; } } } if (ISSET(base->flags, SUDO_EVBASE_LOOPEXIT)) { /* exit loop after once through */ SET(base->flags, SUDO_EVBASE_GOT_EXIT); goto done; } if (flags & (SUDO_EVLOOP_ONCE | SUDO_EVLOOP_NONBLOCK)) break; } done: base->flags &= SUDO_EVBASE_GOT_MASK; debug_return_int(rc); } void sudo_ev_loopexit(struct sudo_event_base *base) { debug_decl(sudo_ev_loopexit, SUDO_DEBUG_EVENT) SET(base->flags, SUDO_EVBASE_LOOPEXIT); debug_return; } void sudo_ev_loopbreak(struct sudo_event_base *base) { debug_decl(sudo_ev_loopbreak, SUDO_DEBUG_EVENT) SET(base->flags, SUDO_EVBASE_LOOPBREAK); debug_return; } void sudo_ev_loopcontinue(struct sudo_event_base *base) { debug_decl(sudo_ev_loopcontinue, SUDO_DEBUG_EVENT) SET(base->flags, SUDO_EVBASE_LOOPCONT); debug_return; } bool sudo_ev_got_exit(struct sudo_event_base *base) { debug_decl(sudo_ev_got_exit, SUDO_DEBUG_EVENT) debug_return_bool(ISSET(base->flags, SUDO_EVBASE_GOT_EXIT)); } bool sudo_ev_got_break(struct sudo_event_base *base) { debug_decl(sudo_ev_got_break, SUDO_DEBUG_EVENT) debug_return_bool(ISSET(base->flags, SUDO_EVBASE_GOT_BREAK)); } int sudo_ev_get_timeleft(struct sudo_event *ev, struct timeval *tv) { struct timeval now; debug_decl(sudo_ev_get_timeleft, SUDO_DEBUG_EVENT) if (!ISSET(ev->flags, SUDO_EVQ_TIMEOUTS)) { timevalclear(tv); debug_return_int(-1); } gettimeofday(&now, NULL); *tv = ev->timeout; timevalsub(tv, &now); if (tv->tv_sec < 0 || (tv->tv_sec == 0 && tv->tv_usec < 0)) timevalclear(tv); debug_return_int(0); } sudo-1.8.9p5/common/event_poll.c010064400175440000012000000116351226304126200161530ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif /* HAVE_STDBOOL_H */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include "missing.h" #include "alloc.h" #include "fatal.h" #include "sudo_debug.h" #include "sudo_event.h" /* XXX - use non-exiting allocators? */ int sudo_ev_base_alloc_impl(struct sudo_event_base *base) { int i; debug_decl(sudo_ev_base_alloc_impl, SUDO_DEBUG_EVENT) base->pfd_high = -1; base->pfd_max = 32; base->pfds = erealloc3(NULL, base->pfd_max, sizeof(struct pollfd)); for (i = 0; i < base->pfd_max; i++) { base->pfds[i].fd = -1; } debug_return_int(0); } void sudo_ev_base_free_impl(struct sudo_event_base *base) { debug_decl(sudo_ev_base_free_impl, SUDO_DEBUG_EVENT) efree(base->pfds); debug_return; } int sudo_ev_add_impl(struct sudo_event_base *base, struct sudo_event *ev) { struct pollfd *pfd; debug_decl(sudo_ev_add_impl, SUDO_DEBUG_EVENT) /* If out of space in pfds array, realloc. */ if (base->pfd_free == base->pfd_max) { int i; base->pfd_max <<= 1; base->pfds = erealloc3(base->pfds, base->pfd_max, sizeof(struct pollfd)); for (i = base->pfd_free; i < base->pfd_max; i++) { base->pfds[i].fd = -1; } } /* Fill in pfd entry. */ ev->pfd_idx = base->pfd_free; pfd = &base->pfds[ev->pfd_idx]; pfd->fd = ev->fd; pfd->events = 0; if (ISSET(ev->events, SUDO_EV_READ)) pfd->events |= POLLIN; if (ISSET(ev->events, SUDO_EV_WRITE)) pfd->events |= POLLOUT; /* Update pfd_high and pfd_free. */ if (ev->pfd_idx > base->pfd_high) base->pfd_high = ev->pfd_idx; for (;;) { if (++base->pfd_free == base->pfd_max) break; if (base->pfds[base->pfd_free].fd == -1) break; } debug_return_int(0); } int sudo_ev_del_impl(struct sudo_event_base *base, struct sudo_event *ev) { debug_decl(sudo_ev_del_impl, SUDO_DEBUG_EVENT) /* Mark pfd entry unused, add to free list and adjust high slot. */ base->pfds[ev->pfd_idx].fd = -1; if (ev->pfd_idx < base->pfd_free) base->pfd_free = ev->pfd_idx; while (base->pfd_high >= 0 && base->pfds[base->pfd_high].fd == -1) base->pfd_high--; debug_return_int(0); } int sudo_ev_scan_impl(struct sudo_event_base *base, int flags) { struct sudo_event *ev; int nready, timeout; struct timeval now; debug_decl(sudo_ev_scan_impl, SUDO_DEBUG_EVENT) if ((ev = TAILQ_FIRST(&base->timeouts)) != NULL) { struct timeval *timo = &ev->timeout; gettimeofday(&now, NULL); timeout = ((timo->tv_sec - now.tv_sec) * 1000) + ((timo->tv_usec - now.tv_usec) / 1000); if (timeout <= 0) timeout = 0; } else { timeout = (flags & SUDO_EVLOOP_NONBLOCK) ? 0 : -1; } nready = poll(base->pfds, base->pfd_high + 1, timeout); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: %d fds ready", __func__, nready); switch (nready) { case -1: /* Error or interrupted by signal. */ debug_return_int(-1); case 0: /* Front end will activate timeout events. */ break; default: /* Activate each I/O event that fired. */ TAILQ_FOREACH(ev, &base->events, entries) { if (ev->pfd_idx != -1 && base->pfds[ev->pfd_idx].revents) { int what = 0; if (base->pfds[ev->pfd_idx].revents & (POLLIN|POLLHUP|POLLNVAL|POLLERR)) what |= (ev->events & SUDO_EV_READ); if (base->pfds[ev->pfd_idx].revents & (POLLOUT|POLLHUP|POLLNVAL|POLLERR)) what |= (ev->events & SUDO_EV_WRITE); /* Make event active. */ sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s: polled fd %d, events %d, activating %p", __func__, ev->fd, what, ev); ev->revents = what; TAILQ_INSERT_TAIL(&base->active, ev, active_entries); SET(ev->flags, SUDO_EVQ_ACTIVE); } } break; } debug_return_int(nready); } sudo-1.8.9p5/common/event_select.c010064400175440000012000000140741226304126200164640ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include /* for howmany() on Linux */ #include #ifdef HAVE_SYS_SYSMACROS_H # include /* for howmany() on Solaris */ #endif #ifdef HAVE_SYS_SELECT_H # include #endif /* HAVE_SYS_SELECT_H */ #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif /* HAVE_STDBOOL_H */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include "missing.h" #include "alloc.h" #include "fatal.h" #include "sudo_debug.h" #include "sudo_event.h" /* XXX - use non-exiting allocators? */ int sudo_ev_base_alloc_impl(struct sudo_event_base *base) { debug_decl(sudo_ev_base_alloc_impl, SUDO_DEBUG_EVENT) base->maxfd = NFDBITS - 1; base->readfds_in = ecalloc(1, sizeof(fd_mask)); base->writefds_in = ecalloc(1, sizeof(fd_mask)); base->readfds_out = ecalloc(1, sizeof(fd_mask)); base->writefds_out = ecalloc(1, sizeof(fd_mask)); debug_return_int(0); } void sudo_ev_base_free_impl(struct sudo_event_base *base) { debug_decl(sudo_ev_base_free_impl, SUDO_DEBUG_EVENT) efree(base->readfds_in); efree(base->writefds_in); efree(base->readfds_out); efree(base->writefds_out); debug_return; } int sudo_ev_add_impl(struct sudo_event_base *base, struct sudo_event *ev) { debug_decl(sudo_ev_add_impl, SUDO_DEBUG_EVENT) /* If out of space in fd sets, realloc. */ if (ev->fd > base->maxfd) { const int o = (base->maxfd + 1) / NFDBITS; const int n = howmany(ev->fd + 1, NFDBITS); base->readfds_in = erecalloc(base->readfds_in, o, n, sizeof(fd_mask)); base->writefds_in = erecalloc(base->writefds_in, o, n, sizeof(fd_mask)); base->readfds_out = erecalloc(base->readfds_out, o, n, sizeof(fd_mask)); base->writefds_out = erecalloc(base->writefds_out, o, n, sizeof(fd_mask)); base->maxfd = (n * NFDBITS) - 1; } /* Set events and adjust high fd as needed. */ if (ISSET(ev->events, SUDO_EV_READ)) { sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s: added fd %d to readfs", __func__, ev->fd); FD_SET(ev->fd, base->readfds_in); } if (ISSET(ev->events, SUDO_EV_WRITE)) { sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s: added fd %d to writefds", __func__, ev->fd); FD_SET(ev->fd, base->writefds_in); } if (ev->fd > base->highfd) base->highfd = ev->fd; debug_return_int(0); } int sudo_ev_del_impl(struct sudo_event_base *base, struct sudo_event *ev) { debug_decl(sudo_ev_del_impl, SUDO_DEBUG_EVENT) /* Remove from readfds and writefds and adjust high fd. */ if (ISSET(ev->events, SUDO_EV_READ)) { sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s: removed fd %d from readfds", __func__, ev->fd); FD_CLR(ev->fd, base->readfds_in); } if (ISSET(ev->events, SUDO_EV_WRITE)) { sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s: removed fd %d from writefds", __func__, ev->fd); FD_CLR(ev->fd, base->writefds_in); } if (base->highfd == ev->fd) { for (;;) { if (FD_ISSET(base->highfd, base->readfds_in) || FD_ISSET(base->highfd, base->writefds_in)) break; if (--base->highfd < 0) break; } } debug_return_int(0); } int sudo_ev_scan_impl(struct sudo_event_base *base, int flags) { struct timeval now, tv, *timeout; struct sudo_event *ev; size_t setsize; int nready; debug_decl(sudo_ev_loop, SUDO_DEBUG_EVENT) if ((ev = TAILQ_FIRST(&base->timeouts)) != NULL) { gettimeofday(&now, NULL); tv = ev->timeout; timevalsub(&tv, &now); if (tv.tv_sec < 0 || (tv.tv_sec == 0 && tv.tv_usec < 0)) timevalclear(&tv); timeout = &tv; } else { if (ISSET(flags, SUDO_EVLOOP_NONBLOCK)) { timevalclear(&tv); timeout = &tv; } else { timeout = NULL; } } /* select() overwrites readfds/writefds so make a copy. */ setsize = howmany(base->highfd + 1, NFDBITS) * sizeof(fd_mask); memcpy(base->readfds_out, base->readfds_in, setsize); memcpy(base->writefds_out, base->writefds_in, setsize); sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s: select high fd %d", __func__, base->highfd); nready = select(base->highfd + 1, base->readfds_out, base->writefds_out, NULL, timeout); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: %d fds ready", __func__, nready); switch (nready) { case -1: /* Error or interrupted by signal. */ debug_return_int(-1); case 0: /* Front end will activate timeout events. */ break; default: /* Activate each I/O event that fired. */ TAILQ_FOREACH(ev, &base->events, entries) { if (ev->fd >= 0) { int what = 0; if (FD_ISSET(ev->fd, base->readfds_out)) what |= (ev->events & SUDO_EV_READ); if (FD_ISSET(ev->fd, base->writefds_out)) what |= (ev->events & SUDO_EV_WRITE); if (what != 0) { /* Make event active. */ sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s: selected fd %d, events %d, activating %p", __func__, ev->fd, what, ev); ev->revents = what; TAILQ_INSERT_TAIL(&base->active, ev, active_entries); SET(ev->flags, SUDO_EVQ_ACTIVE); } } } break; } debug_return_int(nready); } sudo-1.8.9p5/common/fatal.c010064400175440000012000000075211226304126200150720ustar00millertstaff/* * Copyright (c) 2004-2005, 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif /* HAVE_STDBOOL_H */ #include "missing.h" #include "alloc.h" #include "fatal.h" #include "queue.h" #include "sudo_plugin.h" #define DEFAULT_TEXT_DOMAIN "sudo" #include "gettext.h" struct sudo_fatal_callback { SLIST_ENTRY(sudo_fatal_callback) entries; void (*func)(void); }; SLIST_HEAD(sudo_fatal_callback_list, sudo_fatal_callback); sigjmp_buf fatal_jmp; static bool setjmp_enabled = false; static struct sudo_fatal_callback_list callbacks; static void _warning(int, const char *, va_list); static void do_cleanup(void) { struct sudo_fatal_callback *cb; /* Run callbacks, removing them from the list as we go. */ while ((cb = SLIST_FIRST(&callbacks)) != NULL) { SLIST_REMOVE_HEAD(&callbacks, entries); cb->func(); free(cb); } } void fatal_nodebug(const char *fmt, ...) { va_list ap; va_start(ap, fmt); _warning(1, fmt, ap); va_end(ap); do_cleanup(); if (setjmp_enabled) siglongjmp(fatal_jmp, 1); else exit(EXIT_FAILURE); } void fatalx_nodebug(const char *fmt, ...) { va_list ap; va_start(ap, fmt); _warning(0, fmt, ap); va_end(ap); do_cleanup(); if (setjmp_enabled) siglongjmp(fatal_jmp, 1); else exit(EXIT_FAILURE); } void vfatal_nodebug(const char *fmt, va_list ap) { _warning(1, fmt, ap); do_cleanup(); if (setjmp_enabled) siglongjmp(fatal_jmp, 1); else exit(EXIT_FAILURE); } void vfatalx_nodebug(const char *fmt, va_list ap) { _warning(0, fmt, ap); do_cleanup(); if (setjmp_enabled) siglongjmp(fatal_jmp, 1); else exit(EXIT_FAILURE); } void warning_nodebug(const char *fmt, ...) { va_list ap; va_start(ap, fmt); _warning(1, fmt, ap); va_end(ap); } void warningx_nodebug(const char *fmt, ...) { va_list ap; va_start(ap, fmt); _warning(0, fmt, ap); va_end(ap); } void vwarning_nodebug(const char *fmt, va_list ap) { _warning(1, fmt, ap); } void vwarningx_nodebug(const char *fmt, va_list ap) { _warning(0, fmt, ap); } static void _warning(int use_errno, const char *fmt, va_list ap) { int serrno = errno; char *str; evasprintf(&str, fmt, ap); if (use_errno) { if (fmt != NULL) { sudo_printf(SUDO_CONV_ERROR_MSG, _("%s: %s: %s\n"), getprogname(), str, strerror(serrno)); } else { sudo_printf(SUDO_CONV_ERROR_MSG, _("%s: %s\n"), getprogname(), strerror(serrno)); } } else { sudo_printf(SUDO_CONV_ERROR_MSG, _("%s: %s\n"), getprogname(), str ? str : "(null)"); } efree(str); errno = serrno; } int fatal_callback_register(void (*func)(void)) { struct sudo_fatal_callback *cb; cb = malloc(sizeof(*cb)); if (cb == NULL) return -1; cb->func = func; SLIST_INSERT_HEAD(&callbacks, cb, entries); return 0; } void fatal_disable_setjmp(void) { setjmp_enabled = false; } void fatal_enable_setjmp(void) { setjmp_enabled = true; } sudo-1.8.9p5/common/fileops.c010064400175440000012000000131731226304126300154450ustar00millertstaff/* * Copyright (c) 1999-2005, 2007, 2009-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef HAVE_FLOCK # include #endif /* HAVE_FLOCK */ #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRING_H */ #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS) # include #endif /* HAVE_MALLOC_H && !STDC_HEADERS */ #include #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif #ifdef TIME_WITH_SYS_TIME # include #endif #ifndef HAVE_STRUCT_TIMESPEC # include "compat/timespec.h" #endif #include "missing.h" #include "fileops.h" #include "sudo_debug.h" /* * Update the access and modify times on an fd or file. */ int touch(int fd, char *path, struct timeval *tvp) { struct timeval times[2]; int rval = -1; debug_decl(touch, SUDO_DEBUG_UTIL) if (tvp != NULL) { times[0].tv_sec = times[1].tv_sec = tvp->tv_sec; times[0].tv_usec = times[1].tv_usec = tvp->tv_usec; } #if defined(HAVE_FUTIME) || defined(HAVE_FUTIMES) if (fd != -1) rval = futimes(fd, tvp ? times : NULL); else #endif if (path != NULL) rval = utimes(path, tvp ? times : NULL); debug_return_int(rval); } /* * Lock/unlock a file. */ #ifdef HAVE_LOCKF bool lock_file(int fd, int lockit) { int op = 0; debug_decl(lock_file, SUDO_DEBUG_UTIL) switch (lockit) { case SUDO_LOCK: op = F_LOCK; break; case SUDO_TLOCK: op = F_TLOCK; break; case SUDO_UNLOCK: op = F_ULOCK; break; } debug_return_bool(lockf(fd, op, 0) == 0); } #elif defined(HAVE_FLOCK) bool lock_file(int fd, int lockit) { int op = 0; debug_decl(lock_file, SUDO_DEBUG_UTIL) switch (lockit) { case SUDO_LOCK: op = LOCK_EX; break; case SUDO_TLOCK: op = LOCK_EX | LOCK_NB; break; case SUDO_UNLOCK: op = LOCK_UN; break; } debug_return_bool(flock(fd, op) == 0); } #else bool lock_file(int fd, int lockit) { #ifdef F_SETLK int func; struct flock lock; debug_decl(lock_file, SUDO_DEBUG_UTIL) lock.l_start = 0; lock.l_len = 0; lock.l_pid = getpid(); lock.l_type = (lockit == SUDO_UNLOCK) ? F_UNLCK : F_WRLCK; lock.l_whence = SEEK_SET; func = (lockit == SUDO_LOCK) ? F_SETLKW : F_SETLK; debug_return_bool(fcntl(fd, func, &lock) == 0); #else return true; #endif } #endif /* * Read a line of input, honoring line continuation chars. * Remove comments and strips off leading and trailing spaces. * Returns the line length and updates the buf and bufsize pointers. * XXX - just use a struct w/ state, including getline buffer? * could also make comment char and line continuation configurable */ ssize_t sudo_parseln(char **bufp, size_t *bufsizep, unsigned int *lineno, FILE *fp) { size_t linesize = 0, total = 0; ssize_t len; char *cp, *line = NULL; bool continued; debug_decl(sudo_parseln, SUDO_DEBUG_UTIL) do { continued = false; len = getline(&line, &linesize, fp); if (len == -1) break; if (lineno != NULL) (*lineno)++; /* Remove trailing newline(s) if present. */ while (len > 0 && (line[len - 1] == '\n' || line[len - 1] == '\r')) line[--len] = '\0'; /* Remove comments or check for line continuation (but not both) */ if ((cp = strchr(line, '#')) != NULL) { *cp = '\0'; len = (size_t)(cp - line); } else if (len > 0 && line[len - 1] == '\\' && (len == 1 || line[len - 2] != '\\')) { line[--len] = '\0'; continued = true; } /* Trim leading and trailing whitespace */ if (!continued) { while (len > 0 && isblank((unsigned char)line[len - 1])) line[--len] = '\0'; } for (cp = line; isblank((unsigned char)*cp); cp++) len--; if (*bufp == NULL || total + len >= *bufsizep) { void *tmp; size_t size = total + len + 1; if (size < 64) { size = 64; } else if (size <= 0x80000000) { /* Round up to next highest power of two. */ size--; size |= size >> 1; size |= size >> 2; size |= size >> 4; size |= size >> 8; size |= size >> 16; size++; } if ((tmp = realloc(*bufp, size)) == NULL) break; *bufp = tmp; *bufsizep = size; } memcpy(*bufp + total, cp, len + 1); total += len; } while (continued); free(line); if (len == -1 && total == 0) debug_return_size_t((size_t)-1); debug_return_size_t(total); } sudo-1.8.9p5/common/fmt_string.c010064400175440000012000000033701226304126300161560ustar00millertstaff/* * Copyright (c) 2010-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include "missing.h" #include "sudo_debug.h" #include "sudo_util.h" /* * Allocate storage for a name=value string and return it. */ char * fmt_string(const char *var, const char *val) { size_t var_len = strlen(var); size_t val_len = strlen(val); char *cp, *str; debug_decl(fmt_string, SUDO_DEBUG_UTIL) cp = str = malloc(var_len + 1 + val_len + 1); if (str != NULL) { memcpy(cp, var, var_len); cp += var_len; *cp++ = '='; memcpy(cp, val, val_len); cp += val_len; *cp = '\0'; } debug_return_str(str); } sudo-1.8.9p5/common/gidlist.c010064400175440000012000000045561226304126300154500ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #include #define DEFAULT_TEXT_DOMAIN "sudo" #include "gettext.h" #include "missing.h" #include "alloc.h" #include "fatal.h" #include "sudo_debug.h" #include "sudo_util.h" /* * Parse a comma-separated list of gids into an allocated array of GETGROUPS_T. * If a pointer to the base gid is specified, it is stored as the first element * in the array. * Returns the number of gids in the allocated array. * Calls fatalx() on error. */ int parse_gid_list(const char *gidstr, const gid_t *basegid, GETGROUPS_T **gidsp) { int ngids = 0; GETGROUPS_T *gids; const char *cp = gidstr; const char *errstr; char *ep; debug_decl(atoid, SUDO_DEBUG_UTIL) /* Count groups. */ if (*cp != '\0') { ngids++; do { if (*cp++ == ',') ngids++; } while (*cp != '\0'); } /* Base gid is optional. */ if (basegid != NULL) ngids++; /* Allocate and fill in array. */ if (ngids != 0) { gids = emalloc2(ngids, sizeof(GETGROUPS_T)); ngids = 0; if (basegid != NULL) gids[ngids++] = *basegid; cp = gidstr; do { gids[ngids] = (GETGROUPS_T) atoid(cp, ",", &ep, &errstr); if (errstr != NULL) { warningx(U_("%s: %s"), cp, U_(errstr)); free(gids); debug_return_int(-1); } if (basegid == NULL || gids[ngids] != *basegid) ngids++; cp = ep + 1; } while (*ep != '\0'); *gidsp = gids; } debug_return_int(ngids); } sudo-1.8.9p5/common/lbuf.c010064400175440000012000000146041226304126300147340ustar00millertstaff/* * Copyright (c) 2007-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include "missing.h" #include "alloc.h" #include "fatal.h" #include "lbuf.h" #include "sudo_debug.h" void lbuf_init(struct lbuf *lbuf, int (*output)(const char *), int indent, const char *continuation, int cols) { debug_decl(lbuf_init, SUDO_DEBUG_UTIL) lbuf->output = output; lbuf->continuation = continuation; lbuf->indent = indent; lbuf->cols = cols; lbuf->len = 0; lbuf->size = 0; lbuf->buf = NULL; debug_return; } void lbuf_destroy(struct lbuf *lbuf) { debug_decl(lbuf_destroy, SUDO_DEBUG_UTIL) efree(lbuf->buf); lbuf->buf = NULL; debug_return; } static void lbuf_expand(struct lbuf *lbuf, int extra) { if (lbuf->len + extra + 1 >= lbuf->size) { do { lbuf->size += 256; } while (lbuf->len + extra + 1 >= lbuf->size); lbuf->buf = erealloc(lbuf->buf, lbuf->size); } } /* * Parse the format and append strings, only %s and %% escapes are supported. * Any characters in set are quoted with a backslash. */ void lbuf_append_quoted(struct lbuf *lbuf, const char *set, const char *fmt, ...) { va_list ap; int len; char *cp, *s; debug_decl(lbuf_append_quoted, SUDO_DEBUG_UTIL) va_start(ap, fmt); while (*fmt != '\0') { if (fmt[0] == '%' && fmt[1] == 's') { if ((s = va_arg(ap, char *)) == NULL) goto done; while ((cp = strpbrk(s, set)) != NULL) { len = (int)(cp - s); lbuf_expand(lbuf, len + 2); memcpy(lbuf->buf + lbuf->len, s, len); lbuf->len += len; lbuf->buf[lbuf->len++] = '\\'; lbuf->buf[lbuf->len++] = *cp; s = cp + 1; } if (*s != '\0') { len = strlen(s); lbuf_expand(lbuf, len); memcpy(lbuf->buf + lbuf->len, s, len); lbuf->len += len; } fmt += 2; continue; } lbuf_expand(lbuf, 2); if (strchr(set, *fmt) != NULL) lbuf->buf[lbuf->len++] = '\\'; lbuf->buf[lbuf->len++] = *fmt++; } done: if (lbuf->size != 0) lbuf->buf[lbuf->len] = '\0'; va_end(ap); debug_return; } /* * Parse the format and append strings, only %s and %% escapes are supported. */ void lbuf_append(struct lbuf *lbuf, const char *fmt, ...) { va_list ap; int len; char *s; debug_decl(lbuf_append, SUDO_DEBUG_UTIL) va_start(ap, fmt); while (*fmt != '\0') { if (fmt[0] == '%' && fmt[1] == 's') { if ((s = va_arg(ap, char *)) == NULL) goto done; len = strlen(s); lbuf_expand(lbuf, len); memcpy(lbuf->buf + lbuf->len, s, len); lbuf->len += len; fmt += 2; continue; } lbuf_expand(lbuf, 1); lbuf->buf[lbuf->len++] = *fmt++; } done: if (lbuf->size != 0) lbuf->buf[lbuf->len] = '\0'; va_end(ap); debug_return; } static void lbuf_println(struct lbuf *lbuf, char *line, int len) { char *cp, save; int i, have, contlen; debug_decl(lbuf_println, SUDO_DEBUG_UTIL) contlen = lbuf->continuation ? strlen(lbuf->continuation) : 0; /* * Print the buffer, splitting the line as needed on a word * boundary. */ cp = line; have = lbuf->cols; while (cp != NULL && *cp != '\0') { char *ep = NULL; int need = len - (int)(cp - line); if (need > have) { have -= contlen; /* subtract for continuation char */ if ((ep = memrchr(cp, ' ', have)) == NULL) ep = memchr(cp + have, ' ', need - have); if (ep != NULL) need = (int)(ep - cp); } if (cp != line) { /* indent continued lines */ /* XXX - build up string instead? */ for (i = 0; i < lbuf->indent; i++) lbuf->output(" "); } /* NUL-terminate cp for the output function and restore afterwards */ save = cp[need]; cp[need] = '\0'; lbuf->output(cp); cp[need] = save; cp = ep; /* * If there is more to print, reset have, incremement cp past * the whitespace, and print a line continuaton char if needed. */ if (cp != NULL) { have = lbuf->cols - lbuf->indent; ep = line + len; while (cp < ep && isblank((unsigned char)*cp)) { cp++; } if (contlen) lbuf->output(lbuf->continuation); } lbuf->output("\n"); } debug_return; } /* * Print the buffer with word wrap based on the tty width. * The lbuf is reset on return. */ void lbuf_print(struct lbuf *lbuf) { char *cp, *ep; int len; debug_decl(lbuf_print, SUDO_DEBUG_UTIL) if (lbuf->buf == NULL || lbuf->len == 0) goto done; /* For very small widths just give up... */ len = lbuf->continuation ? strlen(lbuf->continuation) : 0; if (lbuf->cols <= lbuf->indent + len + 20) { if (lbuf->len > 0) { lbuf->buf[lbuf->len] = '\0'; lbuf->output(lbuf->buf); if (lbuf->buf[lbuf->len - 1] != '\n') lbuf->output("\n"); } goto done; } /* Print each line in the buffer */ for (cp = lbuf->buf; cp != NULL && *cp != '\0'; ) { if (*cp == '\n') { lbuf->output("\n"); cp++; } else { len = lbuf->len - (cp - lbuf->buf); if ((ep = memchr(cp, '\n', len)) != NULL) len = (int)(ep - cp); if (len) lbuf_println(lbuf, cp, len); cp = ep ? ep + 1 : NULL; } } done: lbuf->len = 0; /* reset the buffer for re-use. */ debug_return; } sudo-1.8.9p5/common/progname.c010064400175440000012000000061151226304126300156120ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include /* Large files not supported by procfs.h */ #if defined(HAVE_PROCFS_H) || defined(HAVE_SYS_PROCFS_H) # undef _FILE_OFFSET_BITS # undef _LARGE_FILES #endif #include #ifdef HAVE_PSTAT_GETPROC # include # include #endif #if defined(HAVE_PROCFS_H) # include #elif defined(HAVE_SYS_PROCFS_H) # include #endif #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include #include #include "missing.h" #include "sudo_util.h" #if defined(HAVE_GETPROGNAME) || defined(HAVE___PROGNAME) /* STUB */ void initprogname(const char *name) { return; } #else static const char *progname = ""; void initprogname(const char *name) { const char *base; #ifdef HAVE_PSTAT_GETPROC static char ucomm[PST_UCOMMLEN]; struct pst_status pstat; int rc; /* * Determine the progname from pst_ucomm in struct pst_status. * We may get EOVERFLOW if the whole thing doesn't fit but that is OK. */ rc = pstat_getproc(&pstat, sizeof(pstat), (size_t)0, (int)getpid()); if (rc != -1 || errno == EOVERFLOW) { strlcpy(ucomm, pstat.pst_ucomm, sizeof(ucomm)); progname = ucomm; return; } #elif defined(HAVE_PROCFS_H) || defined(HAVE_SYS_PROCFS_H) /* XXX - configure check for psinfo.pr_fname */ static char ucomm[PRFNSZ]; struct psinfo psinfo; char path[PATH_MAX]; ssize_t nread; int fd; /* Try to determine the tty from pr_ttydev in /proc/pid/psinfo. */ snprintf(path, sizeof(path), "/proc/%u/psinfo", (unsigned int)getpid()); if ((fd = open(path, O_RDONLY, 0)) != -1) { nread = read(fd, &psinfo, sizeof(psinfo)); close(fd); if (nread == (ssize_t)sizeof(psinfo)) { strlcpy(ucomm, psinfo.pr_fname, sizeof(ucomm)); progname = ucomm; return; } } #endif /* HAVE_PSTAT_GETPROC */ if ((base = strrchr(name, '/')) != NULL) { base++; } else { base = name; } progname = base; } const char * getprogname(void) { return progname; } #endif /* !HAVE_GETPROGNAME && !HAVE___PROGNAME */ sudo-1.8.9p5/common/regress/sudo_conf/conf_test.c010064400175440000012000000054131226304126300214170ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif #include "missing.h" #include "sudo_conf.h" static void sudo_conf_dump(void); __dso_public int main(int argc, char *argv[]); /* * Simple test driver for sudo_conf(). * Parses the given configuration file and dumps the resulting * sudo_conf_data struct to the standard output. */ int main(int argc, char *argv[]) { if (argc != 2) { fprintf(stderr, "usage: conf_test conf_file\n"); exit(1); } sudo_conf_read(argv[1]); sudo_conf_dump(); exit(0); } static void sudo_conf_dump(void) { struct plugin_info_list *plugins = sudo_conf_plugins(); struct plugin_info *info; printf("Set disable_coredump %s\n", sudo_conf_disable_coredump() ? "true" : "false"); printf("Set group_source %s\n", sudo_conf_group_source() == GROUP_SOURCE_ADAPTIVE ? "adaptive" : sudo_conf_group_source() == GROUP_SOURCE_STATIC ? "static" : "dynamic"); printf("Set max_groups %d\n", sudo_conf_max_groups()); if (sudo_conf_debug_flags() != NULL) printf("Debug %s %s\n", getprogname(), sudo_conf_debug_flags()); if (sudo_conf_askpass_path() != NULL) printf("Path askpass %s\n", sudo_conf_askpass_path()); #ifdef _PATH_SUDO_NOEXEC if (sudo_conf_noexec_path() != NULL) printf("Path noexec %s\n", sudo_conf_noexec_path()); #endif TAILQ_FOREACH(info, plugins, entries) { printf("Plugin %s %s", info->symbol_name, info->path); if (info->options) { char * const * op; for (op = info->options; *op != NULL; op++) printf(" %s", *op); } putchar('\n'); } } sudo-1.8.9p5/common/regress/sudo_conf/test1.in010064400175440000012000000045071226304126300206620ustar00millertstaff# # Sample /etc/sudo.conf file # # Format: # Plugin plugin_name plugin_path plugin_options ... # Path askpass /path/to/askpass # Path noexec /path/to/sudo_noexec.so # Debug sudo /var/log/sudo_debug all@warn # Set disable_coredump true # # Sudo plugins: # # The plugin_path is relative to ${prefix}/libexec unless fully qualified. # The plugin_name corresponds to a global symbol in the plugin # that contains the plugin interface structure. # The plugin_options are optional. # # The sudoers plugin is used by default if no Plugin lines are present. Plugin sudoers_policy sudoers.so Plugin sudoers_io sudoers.so # # Sudo askpass: # # An askpass helper program may be specified to provide a graphical # password prompt for "sudo -A" support. Sudo does not ship with its # own askpass program but can use the OpenSSH askpass. # # Use the OpenSSH askpass Path askpass /usr/X11R6/bin/ssh-askpass # # Use the Gnome OpenSSH askpass #Path askpass /usr/libexec/openssh/gnome-ssh-askpass # # Sudo noexec: # # Path to a shared library containing dummy versions of the execv(), # execve() and fexecve() library functions that just return an error. # This is used to implement the "noexec" functionality on systems that # support C or its equivalent. # The compiled-in value is usually sufficient and should only be changed # if you rename or move the sudo_noexec.so file. # Path noexec /usr/libexec/sudo_noexec.so # # Core dumps: # # By default, sudo disables core dumps while it is executing (they # are re-enabled for the command that is run). # To aid in debugging sudo problems, you may wish to enable core # dumps by setting "disable_coredump" to false. # Set disable_coredump false # # User groups: # # Sudo passes the user's group list to the policy plugin. # If the user is a member of the maximum number of groups (usually 16), # sudo will query the group database directly to be sure to include # the full list of groups. # # On some systems, this can be expensive so the behavior is configurable. # The "group_source" setting has three possible values: # static - use the user's list of groups returned by the kernel. # dynamic - query the group database to find the list of groups. # adaptive - if user is in less than the maximum number of groups. # use the kernel list, else query the group database. # Set group_source static sudo-1.8.9p5/common/regress/sudo_conf/test1.out.ok010064400175440000012000000002531226304126300214650ustar00millertstaffSet disable_coredump false Set group_source static Set max_groups -1 Path askpass /usr/X11R6/bin/ssh-askpass Plugin sudoers_policy sudoers.so Plugin sudoers_io sudoers.so sudo-1.8.9p5/common/regress/sudo_conf/test2.in010064400175440000012000000000001226304126300206430ustar00millertstaffsudo-1.8.9p5/common/regress/sudo_conf/test2.out.ok010064400175440000012000000001061226304126300214630ustar00millertstaffSet disable_coredump true Set group_source adaptive Set max_groups -1 sudo-1.8.9p5/common/regress/sudo_conf/test3.in010064400175440000012000000002061226304126300206540ustar00millertstaffPlugin sudoers_policy sudoers.so sudoers_file=/etc/sudoers sudoers_mode=0400 sudoers_gid=0 sudoers_uid=0 Plugin sudoers_io sudoers.so sudo-1.8.9p5/common/regress/sudo_conf/test3.out.ok010064400175440000012000000003141226304126300214650ustar00millertstaffSet disable_coredump true Set group_source adaptive Set max_groups -1 Plugin sudoers_policy sudoers.so sudoers_file=/etc/sudoers sudoers_mode=0400 sudoers_gid=0 sudoers_uid=0 Plugin sudoers_io sudoers.so sudo-1.8.9p5/common/regress/sudo_conf/test4.in010064400175440000012000000000311226304126300206510ustar00millertstaffSet disable_coredump foo sudo-1.8.9p5/common/regress/sudo_conf/test4.out.ok010064400175440000012000000001061226304126300214650ustar00millertstaffSet disable_coredump true Set group_source adaptive Set max_groups -1 sudo-1.8.9p5/common/regress/sudo_conf/test5.in010064400175440000012000000000211226304126300206510ustar00millertstaffSet max_groups 0 sudo-1.8.9p5/common/regress/sudo_conf/test5.out.ok010064400175440000012000000001061226304126300214660ustar00millertstaffSet disable_coredump true Set group_source adaptive Set max_groups -1 sudo-1.8.9p5/common/regress/sudo_conf/test6.in010064400175440000012000000000221226304126300206530ustar00millertstaffSet max_groups 16 sudo-1.8.9p5/common/regress/sudo_conf/test6.out.ok010064400175440000012000000001061226304126300214670ustar00millertstaffSet disable_coredump true Set group_source adaptive Set max_groups 16 sudo-1.8.9p5/common/regress/sudo_parseln/parseln_test.c010064400175440000012000000034011226304126300226500ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif #include "missing.h" #include "fileops.h" __dso_public int main(int argc, char *argv[]); /* * Simple test driver for sudo_parseln(). * Behaves similarly to "cat -n" but with comment removal * and line continuation. */ int main(int argc, char *argv[]) { unsigned int lineno = 0; size_t linesize = 0; char *line = NULL; while (sudo_parseln(&line, &linesize, &lineno, stdin) != -1) printf("%6u\t%s\n", lineno, line); free(line); exit(0); } sudo-1.8.9p5/common/regress/sudo_parseln/test1.in010064400175440000012000000045131226304126300213760ustar00millertstaff# # Sample /etc/sudo.conf file # # Format: # Plugin plugin_name plugin_path plugin_options ... # Path askpass /path/to/askpass # Path noexec /path/to/sudo_noexec.so # Debug sudo /var/log/sudo_debug all@warn # Set disable_coredump true # # Sudo plugins: # # The plugin_path is relative to ${prefix}/libexec unless fully qualified. # The plugin_name corresponds to a global symbol in the plugin # that contains the plugin interface structure. # The plugin_options are optional. # # The sudoers plugin is used by default if no Plugin lines are present. Plugin sudoers_policy sudoers.so Plugin sudoers_io sudoers.so # # Sudo askpass: # # An askpass helper program may be specified to provide a graphical # password prompt for "sudo -A" support. Sudo does not ship with its # own askpass program but can use the OpenSSH askpass. # # Use the OpenSSH askpass #Path askpass /usr/X11R6/bin/ssh-askpass # # Use the Gnome OpenSSH askpass #Path askpass /usr/libexec/openssh/gnome-ssh-askpass # # Sudo noexec: # # Path to a shared library containing dummy versions of the execv(), # execve() and fexecve() library functions that just return an error. # This is used to implement the "noexec" functionality on systems that # support C or its equivalent. # The compiled-in value is usually sufficient and should only be changed # if you rename or move the sudo_noexec.so file. # #Path noexec /usr/libexec/sudo_noexec.so # # Core dumps: # # By default, sudo disables core dumps while it is executing (they # are re-enabled for the command that is run). # To aid in debugging sudo problems, you may wish to enable core # dumps by setting "disable_coredump" to false. # #Set disable_coredump false # # User groups: # # Sudo passes the user's group list to the policy plugin. # If the user is a member of the maximum number of groups (usually 16), # sudo will query the group database directly to be sure to include # the full list of groups. # # On some systems, this can be expensive so the behavior is configurable. # The "group_source" setting has three possible values: # static - use the user's list of groups returned by the kernel. # dynamic - query the group database to find the list of groups. # adaptive - if user is in less than the maximum number of groups. # use the kernel list, else query the group database. # #Set group_source static sudo-1.8.9p5/common/regress/sudo_parseln/test1.out.ok010064400175440000012000000011741226304126300222070ustar00millertstaff 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Plugin sudoers_policy sudoers.so 20 Plugin sudoers_io sudoers.so 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 sudo-1.8.9p5/common/regress/sudo_parseln/test2.in010064400175440000012000000001621226304126300213730ustar00millertstaffthis \ is all \ one line # this is a comment, and does not get continued\ trim the \ leading \ white \ space sudo-1.8.9p5/common/regress/sudo_parseln/test2.out.ok010064400175440000012000000001101226304126300221750ustar00millertstaff 3 this is all one line 4 8 trim the leading white space sudo-1.8.9p5/common/regress/sudo_parseln/test3.in010064400175440000012000000000331226304126300213710ustar00millertstaffline continuation at EOF \ sudo-1.8.9p5/common/regress/sudo_parseln/test3.out.ok010064400175440000012000000000411226304126300222010ustar00millertstaff 1 line continuation at EOF sudo-1.8.9p5/common/regress/sudo_parseln/test4.in010064400175440000012000000000661226304126300214000ustar00millertstaffline contin\ uation raw line contin\ uation indented sudo-1.8.9p5/common/regress/sudo_parseln/test4.out.ok010064400175440000012000000000771226304126400222140ustar00millertstaff 2 line continuation raw 4 line continuation indented sudo-1.8.9p5/common/regress/sudo_parseln/test5.in010064400175440000012000000000021226304126400213700ustar00millertstaff\ sudo-1.8.9p5/common/regress/sudo_parseln/test5.out.ok010064400175440000012000000000001226304126400221770ustar00millertstaffsudo-1.8.9p5/common/regress/sudo_parseln/test6.in010064400175440000012000000000621226304126400213770ustar00millertstaff leading and trailing white space # a comment \ sudo-1.8.9p5/common/regress/sudo_parseln/test6.out.ok010064400175440000012000000000601226304126400222060ustar00millertstaff 1 leading and trailing white space 2 sudo-1.8.9p5/common/regress/tailq/hltq_test.c010064400175440000012000000134641226304126400206030ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif #include "missing.h" #include "fatal.h" #include "queue.h" __dso_public int main(int argc, char *argv[]); /* * Note: HLTQ_ENTRY is intentionally in the middle of the struct * to catch bad assumptions in the PREV/NEXT macros. */ struct test_data { int a; HLTQ_ENTRY(test_data) entries; char b; }; TAILQ_HEAD(test_data_list, test_data); /* * Simple tests for headless tail queue macros. */ int main(int argc, char *argv[]) { struct test_data d1, d2, d3; struct test_data *hltq; struct test_data_list tq; int errors = 0; /* * Initialize three data elements and concatenate them in order. */ HLTQ_INIT(&d1, entries); d1.a = 1; d1.b = 'a'; if (HLTQ_FIRST(&d1) != &d1) { warningx_nodebug("FAIL: HLTQ_FIRST(1 entry) doesn't return first element: got %p, expected %p", HLTQ_FIRST(&d1), &d1); errors++; } if (HLTQ_LAST(&d1, test_data, entries) != &d1) { warningx_nodebug("FAIL: HLTQ_LAST(1 entry) doesn't return first element: got %p, expected %p", HLTQ_LAST(&d1, test_data, entries), &d1); errors++; } if (HLTQ_PREV(&d1, test_data, entries) != NULL) { warningx_nodebug("FAIL: HLTQ_PREV(1 entry) doesn't return NULL: got %p", HLTQ_PREV(&d1, test_data, entries)); errors++; } HLTQ_INIT(&d2, entries); d2.a = 2; d2.b = 'b'; HLTQ_INIT(&d3, entries); d3.a = 3; d3.b = 'c'; HLTQ_CONCAT(&d1, &d2, entries); HLTQ_CONCAT(&d1, &d3, entries); hltq = &d1; /* * Verify that HLTQ_FIRST, HLTQ_LAST, HLTQ_NEXT, HLTQ_PREV * work as expected. */ if (HLTQ_FIRST(hltq) != &d1) { warningx_nodebug("FAIL: HLTQ_FIRST(3 entries) doesn't return first element: got %p, expected %p", HLTQ_FIRST(hltq), &d1); errors++; } if (HLTQ_LAST(hltq, test_data, entries) != &d3) { warningx_nodebug("FAIL: HLTQ_LAST(3 entries) doesn't return third element: got %p, expected %p", HLTQ_LAST(hltq, test_data, entries), &d3); errors++; } if (HLTQ_NEXT(&d1, entries) != &d2) { warningx_nodebug("FAIL: HLTQ_NEXT(&d1) doesn't return &d2: got %p, expected %p", HLTQ_NEXT(&d1, entries), &d2); errors++; } if (HLTQ_NEXT(&d2, entries) != &d3) { warningx_nodebug("FAIL: HLTQ_NEXT(&d2) doesn't return &d3: got %p, expected %p", HLTQ_NEXT(&d2, entries), &d3); errors++; } if (HLTQ_NEXT(&d3, entries) != NULL) { warningx_nodebug("FAIL: HLTQ_NEXT(&d3) doesn't return NULL: got %p", HLTQ_NEXT(&d3, entries)); errors++; } if (HLTQ_PREV(&d1, test_data, entries) != NULL) { warningx_nodebug("FAIL: HLTQ_PREV(&d1) doesn't return NULL: got %p", HLTQ_PREV(&d1, test_data, entries)); errors++; } if (HLTQ_PREV(&d2, test_data, entries) != &d1) { warningx_nodebug("FAIL: HLTQ_PREV(&d2) doesn't return &d1: got %p, expected %p", HLTQ_PREV(&d2, test_data, entries), &d1); errors++; } if (HLTQ_PREV(&d3, test_data, entries) != &d2) { warningx_nodebug("FAIL: HLTQ_PREV(&d3) doesn't return &d2: got %p, expected %p", HLTQ_PREV(&d3, test_data, entries), &d2); errors++; } /* Test conversion to TAILQ. */ HLTQ_TO_TAILQ(&tq, hltq, entries); if (TAILQ_FIRST(&tq) != &d1) { warningx_nodebug("FAIL: TAILQ_FIRST(&tq) doesn't return first element: got %p, expected %p", TAILQ_FIRST(&tq), &d1); errors++; } if (TAILQ_LAST(&tq, test_data_list) != &d3) { warningx_nodebug("FAIL: TAILQ_LAST(&tq) doesn't return third element: got %p, expected %p", TAILQ_LAST(&tq, test_data_list), &d3); errors++; } if (TAILQ_NEXT(&d1, entries) != &d2) { warningx_nodebug("FAIL: TAILQ_NEXT(&d1) doesn't return &d2: got %p, expected %p", TAILQ_NEXT(&d1, entries), &d2); errors++; } if (TAILQ_NEXT(&d2, entries) != &d3) { warningx_nodebug("FAIL: TAILQ_NEXT(&d2) doesn't return &d3: got %p, expected %p", TAILQ_NEXT(&d2, entries), &d3); errors++; } if (TAILQ_NEXT(&d3, entries) != NULL) { warningx_nodebug("FAIL: TAILQ_NEXT(&d3) doesn't return NULL: got %p", TAILQ_NEXT(&d3, entries)); errors++; } if (TAILQ_PREV(&d1, test_data_list, entries) != NULL) { warningx_nodebug("FAIL: TAILQ_PREV(&d1) doesn't return NULL: got %p", TAILQ_PREV(&d1, test_data_list, entries)); errors++; } if (TAILQ_PREV(&d2, test_data_list, entries) != &d1) { warningx_nodebug("FAIL: TAILQ_PREV(&d2) doesn't return &d1: got %p, expected %p", TAILQ_PREV(&d2, test_data_list, entries), &d1); errors++; } if (TAILQ_PREV(&d3, test_data_list, entries) != &d2) { warningx_nodebug("FAIL: TAILQ_PREV(&d3) doesn't return &d2: got %p, expected %p", TAILQ_PREV(&d3, test_data_list, entries), &d2); errors++; } exit(errors); } sudo-1.8.9p5/common/secure_path.c010064400175440000012000000046331226304126400163100ustar00millertstaff/* * Copyright (c) 2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include "missing.h" #include "sudo_debug.h" #include "secure_path.h" /* * Verify that path is the right type and not writable by other users. */ int sudo_secure_path(const char *path, unsigned int type, uid_t uid, gid_t gid, struct stat *sbp) { struct stat sb; int rval = SUDO_PATH_MISSING; debug_decl(sudo_secure_path, SUDO_DEBUG_UTIL) if (path != NULL && stat(path, &sb) == 0) { if ((sb.st_mode & _S_IFMT) != type) { rval = SUDO_PATH_BAD_TYPE; } else if (uid != (uid_t)-1 && sb.st_uid != uid) { rval = SUDO_PATH_WRONG_OWNER; } else if (sb.st_mode & S_IWOTH) { rval = SUDO_PATH_WORLD_WRITABLE; } else if (ISSET(sb.st_mode, S_IWGRP) && (gid == (gid_t)-1 || sb.st_gid != gid)) { rval = SUDO_PATH_GROUP_WRITABLE; } else { rval = SUDO_PATH_SECURE; } if (sbp) (void) memcpy(sbp, &sb, sizeof(struct stat)); } debug_return_int(rval); } /* * Verify that path is a regular file and not writable by other users. */ int sudo_secure_file(const char *path, uid_t uid, gid_t gid, struct stat *sbp) { return sudo_secure_path(path, _S_IFREG, uid, gid, sbp); } /* * Verify that path is a directory and not writable by other users. */ int sudo_secure_dir(const char *path, uid_t uid, gid_t gid, struct stat *sbp) { return sudo_secure_path(path, _S_IFDIR, uid, gid, sbp); } sudo-1.8.9p5/common/setgroups.c010064400175440000012000000035031226304126400160340ustar00millertstaff/* * Copyright (c) 2011-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include "missing.h" #include "sudo_debug.h" #include "sudo_util.h" int sudo_setgroups(int ngids, const GETGROUPS_T *gids) { int maxgids, rval; debug_decl(sudo_setgroups, SUDO_DEBUG_UTIL) rval = setgroups(ngids, (GETGROUPS_T *)gids); if (rval == -1 && errno == EINVAL) { /* Too many groups, try again with fewer. */ #if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX) maxgids = (int)sysconf(_SC_NGROUPS_MAX); if (maxgids == -1) #endif maxgids = NGROUPS_MAX; if (ngids > maxgids) rval = setgroups(maxgids, (GETGROUPS_T *)gids); } debug_return_int(rval); } sudo-1.8.9p5/common/sudo_conf.c010064400175440000012000000262001226304126400157570ustar00millertstaff/* * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #define SUDO_ERROR_WRAP 0 #include "missing.h" #include "alloc.h" #include "fatal.h" #include "fileops.h" #include "pathnames.h" #include "sudo_plugin.h" #include "sudo_conf.h" #include "sudo_debug.h" #include "sudo_util.h" #include "secure_path.h" #define DEFAULT_TEXT_DOMAIN "sudo" #include "gettext.h" #ifdef __TANDEM # define ROOT_UID 65535 #else # define ROOT_UID 0 #endif struct sudo_conf_table { const char *name; unsigned int namelen; void (*setter)(const char *entry, const char *conf_file); }; struct sudo_conf_paths { const char *pname; unsigned int pnamelen; const char *pval; }; static void set_debug(const char *entry, const char *conf_file); static void set_path(const char *entry, const char *conf_file); static void set_plugin(const char *entry, const char *conf_file); static void set_variable(const char *entry, const char *conf_file); static void set_var_disable_coredump(const char *entry, const char *conf_file); static void set_var_group_source(const char *entry, const char *conf_file); static void set_var_max_groups(const char *entry, const char *conf_file); static unsigned int conf_lineno; static struct sudo_conf_table sudo_conf_table[] = { { "Debug", sizeof("Debug") - 1, set_debug }, { "Path", sizeof("Path") - 1, set_path }, { "Plugin", sizeof("Plugin") - 1, set_plugin }, { "Set", sizeof("Set") - 1, set_variable }, { NULL } }; static struct sudo_conf_table sudo_conf_table_vars[] = { { "disable_coredump", sizeof("disable_coredump") - 1, set_var_disable_coredump }, { "group_source", sizeof("group_source") - 1, set_var_group_source }, { "max_groups", sizeof("max_groups") - 1, set_var_max_groups }, { NULL } }; static struct sudo_conf_data { bool disable_coredump; int group_source; int max_groups; const char *debug_flags; struct plugin_info_list plugins; struct sudo_conf_paths paths[5]; } sudo_conf_data = { true, GROUP_SOURCE_ADAPTIVE, -1, NULL, TAILQ_HEAD_INITIALIZER(sudo_conf_data.plugins), { #define SUDO_CONF_ASKPASS_IDX 0 { "askpass", sizeof("askpass") - 1, _PATH_SUDO_ASKPASS }, #define SUDO_CONF_SESH_IDX 1 { "sesh", sizeof("sesh") - 1, _PATH_SUDO_SESH }, #ifdef _PATH_SUDO_NOEXEC #define SUDO_CONF_NOEXEC_IDX 2 { "noexec", sizeof("noexec") - 1, _PATH_SUDO_NOEXEC }, #endif #ifdef _PATH_SUDO_PLUGIN_DIR #define SUDO_CONF_PLUGIN_IDX 3 { "plugin", sizeof("plugin") - 1, _PATH_SUDO_PLUGIN_DIR }, #endif { NULL } } }; /* * "Set variable_name value" */ static void set_variable(const char *entry, const char *conf_file) { struct sudo_conf_table *var; for (var = sudo_conf_table_vars; var->name != NULL; var++) { if (strncmp(entry, var->name, var->namelen) == 0 && isblank((unsigned char)entry[var->namelen])) { entry += var->namelen + 1; while (isblank((unsigned char)*entry)) entry++; var->setter(entry, conf_file); break; } } } static void set_var_disable_coredump(const char *entry, const char *conf_file) { int val = atobool(entry); if (val != -1) sudo_conf_data.disable_coredump = val; } static void set_var_group_source(const char *entry, const char *conf_file) { if (strcasecmp(entry, "adaptive") == 0) { sudo_conf_data.group_source = GROUP_SOURCE_ADAPTIVE; } else if (strcasecmp(entry, "static") == 0) { sudo_conf_data.group_source = GROUP_SOURCE_STATIC; } else if (strcasecmp(entry, "dynamic") == 0) { sudo_conf_data.group_source = GROUP_SOURCE_DYNAMIC; } else { warningx(U_("unsupported group source `%s' in %s, line %d"), entry, conf_file, conf_lineno); } } static void set_var_max_groups(const char *entry, const char *conf_file) { int max_groups; max_groups = strtonum(entry, 1, INT_MAX, NULL); if (max_groups > 0) { sudo_conf_data.max_groups = max_groups; } else { warningx(U_("invalid max groups `%s' in %s, line %d"), entry, conf_file, conf_lineno); } } /* * "Debug progname debug_file debug_flags" */ static void set_debug(const char *entry, const char *conf_file) { size_t filelen, proglen; const char *progname; char *debug_file, *debug_flags; /* Is this debug setting for me? */ progname = getprogname(); if (strcmp(progname, "sudoedit") == 0) progname = "sudo"; proglen = strlen(progname); if (strncmp(entry, progname, proglen) != 0 || !isblank((unsigned char)entry[proglen])) return; entry += proglen + 1; while (isblank((unsigned char)*entry)) entry++; debug_flags = strpbrk(entry, " \t"); if (debug_flags == NULL) return; filelen = (size_t)(debug_flags - entry); while (isblank((unsigned char)*debug_flags)) debug_flags++; /* Set debug file and parse the flags (init debug as soon as possible). */ debug_file = estrndup(entry, filelen); debug_flags = estrdup(debug_flags); sudo_debug_init(debug_file, debug_flags); efree(debug_file); sudo_conf_data.debug_flags = debug_flags; } static void set_path(const char *entry, const char *conf_file) { const char *name, *path; struct sudo_conf_paths *cur; /* Parse Path line */ name = entry; path = strpbrk(entry, " \t"); if (path == NULL) return; while (isblank((unsigned char)*path)) path++; /* Match supported paths, ignore the rest. */ for (cur = sudo_conf_data.paths; cur->pname != NULL; cur++) { if (strncasecmp(name, cur->pname, cur->pnamelen) == 0 && isblank((unsigned char)name[cur->pnamelen])) { cur->pval = estrdup(path); break; } } } static void set_plugin(const char *entry, const char *conf_file) { struct plugin_info *info; const char *name, *path, *cp, *ep; char **options = NULL; size_t namelen, pathlen; unsigned int nopts; /* Parse Plugin line */ name = entry; path = strpbrk(entry, " \t"); if (path == NULL) return; namelen = (size_t)(path - name); while (isblank((unsigned char)*path)) path++; if ((cp = strpbrk(path, " \t")) != NULL) { /* Convert any options to an array. */ pathlen = (size_t)(cp - path); while (isblank((unsigned char)*cp)) cp++; /* Count number of options and allocate array. */ for (ep = cp, nopts = 1; (ep = strpbrk(ep, " \t")) != NULL; nopts++) { while (isblank((unsigned char)*ep)) ep++; } options = emalloc2(nopts + 1, sizeof(*options)); /* Fill in options array, there is at least one element. */ for (nopts = 0; (ep = strpbrk(cp, " \t")) != NULL; ) { options[nopts++] = estrndup(cp, (size_t)(ep - cp)); while (isblank((unsigned char)*ep)) ep++; cp = ep; } options[nopts++] = estrdup(cp); options[nopts] = NULL; } else { /* No extra options. */ pathlen = strlen(path); } info = ecalloc(1, sizeof(*info)); info->symbol_name = estrndup(name, namelen); info->path = estrndup(path, pathlen); info->options = options; info->lineno = conf_lineno; TAILQ_INSERT_TAIL(&sudo_conf_data.plugins, info, entries); } const char * sudo_conf_askpass_path(void) { return sudo_conf_data.paths[SUDO_CONF_ASKPASS_IDX].pval; } const char * sudo_conf_sesh_path(void) { return sudo_conf_data.paths[SUDO_CONF_SESH_IDX].pval; } #ifdef _PATH_SUDO_NOEXEC const char * sudo_conf_noexec_path(void) { return sudo_conf_data.paths[SUDO_CONF_NOEXEC_IDX].pval; } #endif #ifdef _PATH_SUDO_PLUGIN_DIR const char * sudo_conf_plugin_dir_path(void) { return sudo_conf_data.paths[SUDO_CONF_PLUGIN_IDX].pval; } #endif const char * sudo_conf_debug_flags(void) { return sudo_conf_data.debug_flags; } int sudo_conf_group_source(void) { return sudo_conf_data.group_source; } int sudo_conf_max_groups(void) { return sudo_conf_data.max_groups; } struct plugin_info_list * sudo_conf_plugins(void) { return &sudo_conf_data.plugins; } bool sudo_conf_disable_coredump(void) { return sudo_conf_data.disable_coredump; } /* * Reads in /etc/sudo.conf and populates sudo_conf_data. */ void sudo_conf_read(const char *conf_file) { struct sudo_conf_table *cur; struct stat sb; FILE *fp; char *cp, *line = NULL; char *prev_locale = estrdup(setlocale(LC_ALL, NULL)); size_t linesize = 0; /* Parse sudo.conf in the "C" locale. */ if (prev_locale[0] != 'C' || prev_locale[1] != '\0') setlocale(LC_ALL, "C"); if (conf_file == NULL) { conf_file = _PATH_SUDO_CONF; switch (sudo_secure_file(conf_file, ROOT_UID, -1, &sb)) { case SUDO_PATH_SECURE: break; case SUDO_PATH_MISSING: /* Root should always be able to read sudo.conf. */ if (errno != ENOENT && geteuid() == ROOT_UID) warning(U_("unable to stat %s"), conf_file); goto done; case SUDO_PATH_BAD_TYPE: warningx(U_("%s is not a regular file"), conf_file); goto done; case SUDO_PATH_WRONG_OWNER: warningx(U_("%s is owned by uid %u, should be %u"), conf_file, (unsigned int) sb.st_uid, ROOT_UID); goto done; case SUDO_PATH_WORLD_WRITABLE: warningx(U_("%s is world writable"), conf_file); goto done; case SUDO_PATH_GROUP_WRITABLE: warningx(U_("%s is group writable"), conf_file); goto done; default: /* NOTREACHED */ goto done; } } if ((fp = fopen(conf_file, "r")) == NULL) { if (errno != ENOENT && geteuid() == ROOT_UID) warning(U_("unable to open %s"), conf_file); goto done; } conf_lineno = 0; while (sudo_parseln(&line, &linesize, &conf_lineno, fp) != -1) { if (*(cp = line) == '\0') continue; /* empty line or comment */ for (cur = sudo_conf_table; cur->name != NULL; cur++) { if (strncasecmp(cp, cur->name, cur->namelen) == 0 && isblank((unsigned char)cp[cur->namelen])) { cp += cur->namelen; while (isblank((unsigned char)*cp)) cp++; cur->setter(cp, conf_file); break; } } } fclose(fp); free(line); done: /* Restore locale if needed. */ if (prev_locale[0] != 'C' || prev_locale[1] != '\0') setlocale(LC_ALL, prev_locale); efree(prev_locale); } sudo-1.8.9p5/common/sudo_debug.c010064400175440000012000000352121226550333200161240ustar00millertstaff/* * Copyright (c) 2011-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include #include "missing.h" #include "alloc.h" #include "fatal.h" #include "sudo_plugin.h" #include "sudo_debug.h" #define DEFAULT_TEXT_DOMAIN "sudo" #include "gettext.h" /* * The debug priorities and subsystems are currently hard-coded. * In the future we might consider allowing plugins to register their * own subsystems and provide direct access to the debugging API. */ /* Note: this must match the order in sudo_debug.h */ const char *const sudo_debug_priorities[] = { "crit", "err", "warn", "notice", "diag", "info", "trace", "debug", NULL }; /* Note: this must match the order in sudo_debug.h */ const char *const sudo_debug_subsystems[] = { "main", "args", "exec", "pty", "utmp", "conv", "pcomm", "util", "netif", "audit", "edit", "selinux", "ldap", "match", "parser", "alias", "defaults", "auth", "env", "logging", "nss", "rbtree", "perms", "plugin", "hooks", "sssd", "event", NULL }; #define NUM_SUBSYSTEMS (sizeof(sudo_debug_subsystems) / sizeof(sudo_debug_subsystems[0]) - 1) /* Values for sudo_debug_mode */ #define SUDO_DEBUG_MODE_DISABLED 0 #define SUDO_DEBUG_MODE_FILE 1 #define SUDO_DEBUG_MODE_CONV 2 static int sudo_debug_settings[NUM_SUBSYSTEMS]; static int sudo_debug_fd = -1; static int sudo_debug_mode; static char sudo_debug_pidstr[(((sizeof(int) * 8) + 2) / 3) + 3]; static size_t sudo_debug_pidlen; static const int num_subsystems = NUM_SUBSYSTEMS; /* * Parse settings string from sudo.conf and open debugfile. * Returns 1 on success, 0 if cannot open debugfile. * Unsupported subsystems and priorities are silently ignored. */ int sudo_debug_init(const char *debugfile, const char *settings) { char *buf, *cp, *subsys, *pri; int i, j; /* Make sure we are not already initialized. */ if (sudo_debug_mode != SUDO_DEBUG_MODE_DISABLED) return 1; /* Init per-subsystems settings to -1 since 0 is a valid priority. */ for (i = 0; i < num_subsystems; i++) sudo_debug_settings[i] = -1; /* Open debug file if specified. */ if (debugfile != NULL) { if (sudo_debug_fd != -1) close(sudo_debug_fd); sudo_debug_fd = open(debugfile, O_WRONLY|O_APPEND, S_IRUSR|S_IWUSR); if (sudo_debug_fd == -1) { /* Create debug file as needed and set group ownership. */ if (errno == ENOENT) { sudo_debug_fd = open(debugfile, O_WRONLY|O_APPEND|O_CREAT, S_IRUSR|S_IWUSR); } if (sudo_debug_fd == -1) return 0; ignore_result(fchown(sudo_debug_fd, (uid_t)-1, 0)); } (void)fcntl(sudo_debug_fd, F_SETFD, FD_CLOEXEC); sudo_debug_mode = SUDO_DEBUG_MODE_FILE; } else { /* Called from the plugin, no debug file. */ sudo_debug_mode = SUDO_DEBUG_MODE_CONV; } /* Stash the pid string so we only have to format it once. */ (void)snprintf(sudo_debug_pidstr, sizeof(sudo_debug_pidstr), "[%d] ", (int)getpid()); sudo_debug_pidlen = strlen(sudo_debug_pidstr); /* Parse settings string. */ if ((buf = strdup(settings)) == NULL) return 0; for ((cp = strtok(buf, ",")); cp != NULL; (cp = strtok(NULL, ","))) { /* Should be in the form subsys@pri. */ subsys = cp; if ((pri = strchr(cp, '@')) == NULL) continue; *pri++ = '\0'; /* Look up priority and subsystem, fill in sudo_debug_settings[]. */ for (i = 0; sudo_debug_priorities[i] != NULL; i++) { if (strcasecmp(pri, sudo_debug_priorities[i]) == 0) { for (j = 0; sudo_debug_subsystems[j] != NULL; j++) { if (strcasecmp(subsys, "all") == 0) { sudo_debug_settings[j] = i; continue; } if (strcasecmp(subsys, sudo_debug_subsystems[j]) == 0) { sudo_debug_settings[j] = i; break; } } break; } } } free(buf); return 1; } pid_t sudo_debug_fork(void) { pid_t pid; if ((pid = fork()) == 0) { (void)snprintf(sudo_debug_pidstr, sizeof(sudo_debug_pidstr), "[%d] ", (int)getpid()); sudo_debug_pidlen = strlen(sudo_debug_pidstr); } return pid; } void sudo_debug_enter(const char *func, const char *file, int line, int subsys) { sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE, "-> %s @ %s:%d", func, file, line); } void sudo_debug_exit(const char *func, const char *file, int line, int subsys) { sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE, "<- %s @ %s:%d", func, file, line); } void sudo_debug_exit_int(const char *func, const char *file, int line, int subsys, int rval) { sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE, "<- %s @ %s:%d := %d", func, file, line, rval); } void sudo_debug_exit_long(const char *func, const char *file, int line, int subsys, long rval) { sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE, "<- %s @ %s:%d := %ld", func, file, line, rval); } void sudo_debug_exit_size_t(const char *func, const char *file, int line, int subsys, size_t rval) { /* XXX - should use %zu but our snprintf.c doesn't support it */ sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE, "<- %s @ %s:%d := %lu", func, file, line, (unsigned long)rval); } /* We use int, not bool, here for functions that return -1 on error. */ void sudo_debug_exit_bool(const char *func, const char *file, int line, int subsys, int rval) { if (rval == true || rval == false) { sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE, "<- %s @ %s:%d := %s", func, file, line, rval ? "true" : "false"); } else { sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE, "<- %s @ %s:%d := %d", func, file, line, rval); } } void sudo_debug_exit_str(const char *func, const char *file, int line, int subsys, const char *rval) { sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE, "<- %s @ %s:%d := %s", func, file, line, rval ? rval : "(null)"); } void sudo_debug_exit_str_masked(const char *func, const char *file, int line, int subsys, const char *rval) { static const char stars[] = "********************************************************************************"; int len = rval ? strlen(rval) : sizeof("(null)") - 1; sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE, "<- %s @ %s:%d := %.*s", func, file, line, len, rval ? stars : "(null)"); } void sudo_debug_exit_ptr(const char *func, const char *file, int line, int subsys, const void *rval) { sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE, "<- %s @ %s:%d := %p", func, file, line, rval); } static void sudo_debug_write_conv(const char *func, const char *file, int lineno, const char *str, int len, int errno_val) { /* Remove trailing newlines. */ while (len > 0 && str[len - 1] == '\n') len--; if (len > 0) { if (func != NULL && file != NULL) { if (errno_val) { sudo_printf(SUDO_CONV_DEBUG_MSG, "%.*s: %s @ %s() %s:%d", len, str, strerror(errno_val), func, file, lineno); } else { sudo_printf(SUDO_CONV_DEBUG_MSG, "%.*s @ %s() %s:%d", len, str, func, file, lineno); } } else { if (errno_val) { sudo_printf(SUDO_CONV_DEBUG_MSG, "%.*s: %s", len, str, strerror(errno_val)); } else { sudo_printf(SUDO_CONV_DEBUG_MSG, "%.*s", len, str); } } } else if (errno_val) { /* Only print error string. */ if (func != NULL && file != NULL) { sudo_printf(SUDO_CONV_DEBUG_MSG, "%s @ %s() %s:%d", strerror(errno_val), func, file, lineno); } else { sudo_printf(SUDO_CONV_DEBUG_MSG, "%s", strerror(errno_val)); } } } static void sudo_debug_write_file(const char *func, const char *file, int lineno, const char *str, int len, int errno_val) { char *timestr, numbuf[(((sizeof(int) * 8) + 2) / 3) + 2]; time_t now; struct iovec iov[12]; int iovcnt = 3; /* Prepend program name and pid with a trailing space. */ iov[1].iov_base = (char *)getprogname(); iov[1].iov_len = strlen(iov[1].iov_base); iov[2].iov_base = sudo_debug_pidstr; iov[2].iov_len = sudo_debug_pidlen; /* Add string, trimming any trailing newlines. */ while (len > 0 && str[len - 1] == '\n') len--; if (len > 0) { iov[iovcnt].iov_base = (char *)str; iov[iovcnt].iov_len = len; iovcnt++; } /* Append error string if errno is specified. */ if (errno_val) { if (len > 0) { iov[iovcnt].iov_base = ": "; iov[iovcnt].iov_len = 2; iovcnt++; } iov[iovcnt].iov_base = strerror(errno_val); iov[iovcnt].iov_len = strlen(iov[iovcnt].iov_base); iovcnt++; } /* If function, file and lineno are specified, append them. */ if (func != NULL && file != NULL && lineno != 0) { iov[iovcnt].iov_base = " @ "; iov[iovcnt].iov_len = 3; iovcnt++; iov[iovcnt].iov_base = (char *)func; iov[iovcnt].iov_len = strlen(func); iovcnt++; iov[iovcnt].iov_base = "() "; iov[iovcnt].iov_len = 3; iovcnt++; iov[iovcnt].iov_base = (char *)file; iov[iovcnt].iov_len = strlen(file); iovcnt++; (void)snprintf(numbuf, sizeof(numbuf), ":%d", lineno); iov[iovcnt].iov_base = numbuf; iov[iovcnt].iov_len = strlen(numbuf); iovcnt++; } /* Append newline. */ iov[iovcnt].iov_base = "\n"; iov[iovcnt].iov_len = 1; iovcnt++; /* Do timestamp last due to ctime's static buffer. */ time(&now); timestr = ctime(&now) + 4; timestr[15] = ' '; /* replace year with a space */ timestr[16] = '\0'; iov[0].iov_base = timestr; iov[0].iov_len = 16; /* Write message in a single syscall */ ignore_result(writev(sudo_debug_fd, iov, iovcnt)); } void sudo_debug_write2(const char *func, const char *file, int lineno, const char *str, int len, int errno_val) { switch (sudo_debug_mode) { case SUDO_DEBUG_MODE_CONV: sudo_debug_write_conv(func, file, lineno, str, len, errno_val); break; case SUDO_DEBUG_MODE_FILE: sudo_debug_write_file(func, file, lineno, str, len, errno_val); break; } } /* XXX - turn into a macro */ void sudo_debug_write(const char *str, int len, int errno_val) { sudo_debug_write2(NULL, NULL, 0, str, len, errno_val); } void sudo_debug_vprintf2(const char *func, const char *file, int lineno, int level, const char *fmt, va_list ap) { int buflen, pri, subsys, saved_errno = errno; char *buf = NULL; if (!sudo_debug_mode) return; /* Extract pri and subsystem from level. */ pri = SUDO_DEBUG_PRI(level); subsys = SUDO_DEBUG_SUBSYS(level); /* Make sure we want debug info at this level. */ if (subsys < num_subsystems && sudo_debug_settings[subsys] >= pri) { buflen = fmt ? vasprintf(&buf, fmt, ap) : 0; if (buflen != -1) { int errcode = ISSET(level, SUDO_DEBUG_ERRNO) ? saved_errno : 0; if (ISSET(level, SUDO_DEBUG_LINENO)) sudo_debug_write2(func, file, lineno, buf, buflen, errcode); else sudo_debug_write2(NULL, NULL, 0, buf, buflen, errcode); free(buf); } } errno = saved_errno; } #ifdef NO_VARIADIC_MACROS void sudo_debug_printf_nvm(int pri, const char *fmt, ...) { va_list ap; va_start(ap, fmt); sudo_debug_vprintf2(NULL, NULL, 0, pri, fmt, ap); va_end(ap); } #endif /* NO_VARIADIC_MACROS */ void sudo_debug_printf2(const char *func, const char *file, int lineno, int level, const char *fmt, ...) { va_list ap; va_start(ap, fmt); sudo_debug_vprintf2(func, file, lineno, level, fmt, ap); va_end(ap); } void sudo_debug_execve2(int level, const char *path, char *const argv[], char *const envp[]) { char * const *av; char *buf, *cp; int buflen, pri, subsys, log_envp = 0; size_t plen; if (!sudo_debug_mode) return; /* Extract pri and subsystem from level. */ pri = SUDO_DEBUG_PRI(level); subsys = SUDO_DEBUG_SUBSYS(level); /* Make sure we want debug info at this level. */ if (subsys >= num_subsystems || sudo_debug_settings[subsys] < pri) return; /* Log envp for debug level "debug". */ if (sudo_debug_settings[subsys] >= SUDO_DEBUG_DEBUG - 1 && envp[0] != NULL) log_envp = 1; #define EXEC_PREFIX "exec " /* Alloc and build up buffer. */ plen = strlen(path); buflen = sizeof(EXEC_PREFIX) -1 + plen; if (argv[0] != NULL) { buflen += sizeof(" []") - 1; for (av = argv; *av; av++) buflen += strlen(*av) + 1; buflen--; } if (log_envp) { buflen += sizeof(" []") - 1; for (av = envp; *av; av++) buflen += strlen(*av) + 1; buflen--; } buf = malloc(buflen + 1); if (buf == NULL) return; /* Copy prefix and command. */ memcpy(buf, EXEC_PREFIX, sizeof(EXEC_PREFIX) - 1); cp = buf + sizeof(EXEC_PREFIX) - 1; memcpy(cp, path, plen); cp += plen; /* Copy argv. */ if (argv[0] != NULL) { *cp++ = ' '; *cp++ = '['; for (av = argv; *av; av++) { size_t avlen = strlen(*av); memcpy(cp, *av, avlen); cp += avlen; *cp++ = ' '; } cp[-1] = ']'; } if (log_envp) { *cp++ = ' '; *cp++ = '['; for (av = envp; *av; av++) { size_t avlen = strlen(*av); memcpy(cp, *av, avlen); cp += avlen; *cp++ = ' '; } cp[-1] = ']'; } *cp = '\0'; sudo_debug_write(buf, buflen, 0); free(buf); } /* * Getter for the debug descriptor. */ int sudo_debug_fd_get(void) { return sudo_debug_fd; } /* * Setter for the debug descriptor. */ int sudo_debug_fd_set(int fd) { if (sudo_debug_fd != -1 && fd != sudo_debug_fd) { if (dup2(sudo_debug_fd, fd) == -1) return -1; (void)fcntl(fd, F_SETFD, FD_CLOEXEC); close(sudo_debug_fd); sudo_debug_fd = fd; } return sudo_debug_fd; } sudo-1.8.9p5/common/sudo_dso.c010064400175440000012000000155321226304126400156250ustar00millertstaff/* * Copyright (c) 2010, 2012-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #if defined(HAVE_SHL_LOAD) # include #elif defined(HAVE_DLOPEN) # include #endif #include #include "sudo_dso.h" #include "missing.h" /* * Pointer for statically compiled symbols. */ static struct sudo_preload_table *preload_table; void sudo_dso_preload_table(struct sudo_preload_table *table) { preload_table = table; } #if defined(HAVE_SHL_LOAD) # ifndef DYNAMIC_PATH # define DYNAMIC_PATH 0 # endif void * sudo_dso_load(const char *path, int mode) { struct sudo_preload_table *pt; int flags = DYNAMIC_PATH | BIND_VERBOSE; if (mode == 0) mode = SUDO_DSO_LAZY; /* default behavior */ /* Check prelinked symbols first. */ if (preload_table != NULL) { for (pt = preload_table; pt->handle != NULL; pt++) { if (pt->path != NULL && strcmp(path, pt->path) == 0) return pt->handle; } } /* We don't support SUDO_DSO_GLOBAL or SUDO_DSO_LOCAL yet. */ if (ISSET(mode, SUDO_DSO_LAZY)) flags |= BIND_DEFERRED; if (ISSET(mode, SUDO_DSO_NOW)) flags |= BIND_IMMEDIATE; return (void *)shl_load(path, flags, 0L); } int sudo_dso_unload(void *handle) { struct sudo_preload_table *pt; /* Check prelinked symbols first. */ if (preload_table != NULL) { for (pt = preload_table; pt->handle != NULL; pt++) { if (pt->handle == handle) return 0; } } return shl_unload((shl_t)handle); } void * sudo_dso_findsym(void *vhandle, const char *symbol) { struct sudo_preload_table *pt; shl_t handle = vhandle; void *value = NULL; /* Check prelinked symbols first. */ if (preload_table != NULL) { for (pt = preload_table; pt->handle != NULL; pt++) { if (pt->handle == handle) { struct sudo_preload_symbol *sym; for (sym = pt->symbols; sym->name != NULL; sym++) { if (strcmp(sym->name, symbol) == 0) return sym->addr; } errno = ENOENT; return NULL; } } } /* * Note that the behavior of of SUDO_DSO_NEXT and SUDO_DSO_SELF * differs from most implementations when called from * a shared library. */ if (vhandle == SUDO_DSO_NEXT) { /* Iterate over all shared libs looking for symbol. */ struct shl_descriptor *desc; int idx = 0; while (shl_get(idx++, &desc) == 0) { if (shl_findsym(&desc->handle, symbol, TYPE_UNDEFINED, &value) == 0) break; } } else { if (vhandle == SUDO_DSO_DEFAULT) handle = NULL; else if (vhandle == SUDO_DSO_SELF) handle = PROG_HANDLE; (void)shl_findsym(&handle, symbol, TYPE_UNDEFINED, &value); } return value; } char * sudo_dso_strerror(void) { return strerror(errno); } #elif defined(HAVE_DLOPEN) # ifndef RTLD_GLOBAL # define RTLD_GLOBAL 0 # endif void * sudo_dso_load(const char *path, int mode) { struct sudo_preload_table *pt; int flags = 0; /* Check prelinked symbols first. */ if (preload_table != NULL) { for (pt = preload_table; pt->handle != NULL; pt++) { if (pt->path != NULL && strcmp(path, pt->path) == 0) return pt->handle; } } /* Map SUDO_DSO_* -> RTLD_* */ if (ISSET(mode, SUDO_DSO_LAZY)) flags |= RTLD_LAZY; if (ISSET(mode, SUDO_DSO_NOW)) flags |= RTLD_NOW; if (ISSET(mode, SUDO_DSO_GLOBAL)) flags |= RTLD_GLOBAL; if (ISSET(mode, SUDO_DSO_LOCAL)) flags |= RTLD_LOCAL; return dlopen(path, flags); } int sudo_dso_unload(void *handle) { struct sudo_preload_table *pt; /* Check prelinked symbols first. */ if (preload_table != NULL) { for (pt = preload_table; pt->handle != NULL; pt++) { if (pt->handle == handle) return 0; } } return dlclose(handle); } void * sudo_dso_findsym(void *handle, const char *symbol) { struct sudo_preload_table *pt; /* Check prelinked symbols first. */ if (preload_table != NULL) { for (pt = preload_table; pt->handle != NULL; pt++) { if (pt->handle == handle) { struct sudo_preload_symbol *sym; for (sym = pt->symbols; sym->name != NULL; sym++) { if (strcmp(sym->name, symbol) == 0) return sym->addr; } errno = ENOENT; return NULL; } } } /* * Not all implementations support the special handles. */ if (handle == SUDO_DSO_NEXT) { # ifdef RTLD_NEXT handle = RTLD_NEXT; # else errno = ENOENT; return NULL; # endif } else if (handle == SUDO_DSO_DEFAULT) { # ifdef RTLD_DEFAULT handle = RTLD_DEFAULT; # else errno = ENOENT; return NULL; # endif } else if (handle == SUDO_DSO_SELF) { # ifdef RTLD_SELF handle = RTLD_SELF; # else errno = ENOENT; return NULL; # endif } return dlsym(handle, symbol); } char * sudo_dso_strerror(void) { return dlerror(); } #else /* !HAVE_SHL_LOAD && !HAVE_DLOPEN */ /* * Emulate dlopen() using a static list of symbols compiled into sudo. */ void * sudo_dso_load(const char *path, int mode) { struct sudo_preload_table *pt; /* Check prelinked symbols first. */ if (preload_table != NULL) { for (pt = preload_table; pt->handle != NULL; pt++) { if (pt->path != NULL && strcmp(path, pt->path) == 0) return pt->handle; } } return NULL; } int sudo_dso_unload(void *handle) { struct sudo_preload_table *pt; if (preload_table != NULL) { for (pt = preload_table; pt->handle != NULL; pt++) { if (pt->handle == handle) return 0; } } return -1; } void * sudo_dso_findsym(void *handle, const char *symbol) { struct sudo_preload_table *pt; if (preload_table != NULL) { for (pt = preload_table; pt->handle != NULL; pt++) { if (pt->handle == handle) { struct sudo_preload_symbol *sym; for (sym = pt->symbols; sym->name != NULL; sym++) { if (strcmp(sym->name, symbol) == 0) return sym->addr; } } } } errno = ENOENT; return NULL; } char * sudo_dso_strerror(void) { return strerror(errno); } #endif /* !HAVE_SHL_LOAD && !HAVE_DLOPEN */ sudo-1.8.9p5/common/sudo_printf.c010064400175440000012000000033551226304126400163420ustar00millertstaff/* * Copyright (c) 2010-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #include #include #include "missing.h" #include "sudo_plugin.h" #include "sudo_debug.h" int _sudo_printf(int msg_type, const char *fmt, ...) { va_list ap; char *buf; int len = -1; switch (msg_type) { case SUDO_CONV_INFO_MSG: va_start(ap, fmt); len = vfprintf(stdout, fmt, ap); va_end(ap); break; case SUDO_CONV_ERROR_MSG: va_start(ap, fmt); len = vfprintf(stderr, fmt, ap); va_end(ap); break; case SUDO_CONV_DEBUG_MSG: /* XXX - add debug version of vfprintf()? */ va_start(ap, fmt); len = vasprintf(&buf, fmt, ap); va_end(ap); if (len != -1) sudo_debug_write(buf, len, 0); break; default: errno = EINVAL; break; } return len; } sudo_printf_t sudo_printf = _sudo_printf; sudo-1.8.9p5/common/term.c010064400175440000012000000074641226304126400147620ustar00millertstaff/* * Copyright (c) 2011-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include #include "missing.h" #include "sudo_debug.h" #include "sudo_util.h" #ifndef TCSASOFT # define TCSASOFT 0 #endif #ifndef ECHONL # define ECHONL 0 #endif #ifndef IEXTEN # define IEXTEN 0 #endif #ifndef IUCLC # define IUCLC 0 #endif #ifndef _POSIX_VDISABLE # ifdef VDISABLE # define _POSIX_VDISABLE VDISABLE # else # define _POSIX_VDISABLE 0 # endif #endif static struct termios term, oterm; static int changed; int term_erase; int term_kill; int term_restore(int fd, int flush) { debug_decl(term_restore, SUDO_DEBUG_UTIL) if (changed) { int flags = TCSASOFT; flags |= flush ? TCSAFLUSH : TCSADRAIN; if (tcsetattr(fd, flags, &oterm) != 0) debug_return_int(0); changed = 0; } debug_return_int(1); } int term_noecho(int fd) { debug_decl(term_noecho, SUDO_DEBUG_UTIL) if (!changed && tcgetattr(fd, &oterm) != 0) debug_return_int(0); (void) memcpy(&term, &oterm, sizeof(term)); CLR(term.c_lflag, ECHO|ECHONL); #ifdef VSTATUS term.c_cc[VSTATUS] = _POSIX_VDISABLE; #endif if (tcsetattr(fd, TCSADRAIN|TCSASOFT, &term) == 0) { changed = 1; debug_return_int(1); } debug_return_int(0); } int term_raw(int fd, int isig) { struct termios term; debug_decl(term_raw, SUDO_DEBUG_UTIL) if (!changed && tcgetattr(fd, &oterm) != 0) return 0; (void) memcpy(&term, &oterm, sizeof(term)); /* Set terminal to raw mode */ term.c_cc[VMIN] = 1; term.c_cc[VTIME] = 0; CLR(term.c_iflag, ICRNL | IGNCR | INLCR | IUCLC | IXON); CLR(term.c_oflag, OPOST); CLR(term.c_lflag, ECHO | ICANON | ISIG | IEXTEN); if (isig) SET(term.c_lflag, ISIG); if (tcsetattr(fd, TCSADRAIN|TCSASOFT, &term) == 0) { changed = 1; debug_return_int(1); } debug_return_int(0); } int term_cbreak(int fd) { debug_decl(term_cbreak, SUDO_DEBUG_UTIL) if (!changed && tcgetattr(fd, &oterm) != 0) return 0; (void) memcpy(&term, &oterm, sizeof(term)); /* Set terminal to half-cooked mode */ term.c_cc[VMIN] = 1; term.c_cc[VTIME] = 0; CLR(term.c_lflag, ECHO | ECHONL | ICANON | IEXTEN); SET(term.c_lflag, ISIG); #ifdef VSTATUS term.c_cc[VSTATUS] = _POSIX_VDISABLE; #endif if (tcsetattr(fd, TCSADRAIN|TCSASOFT, &term) == 0) { term_erase = term.c_cc[VERASE]; term_kill = term.c_cc[VKILL]; changed = 1; debug_return_int(1); } debug_return_int(0); } int term_copy(int src, int dst) { struct termios tt; debug_decl(term_copy, SUDO_DEBUG_UTIL) if (tcgetattr(src, &tt) != 0) debug_return_int(0); if (tcsetattr(dst, TCSANOW|TCSASOFT, &tt) != 0) debug_return_int(0); debug_return_int(1); } sudo-1.8.9p5/common/ttysize.c010064400175440000012000000046001226304126400155130ustar00millertstaff/* * Copyright (c) 2010-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include "missing.h" #include "sudo_debug.h" #include "sudo_util.h" /* Compatibility with older tty systems. */ #if !defined(TIOCGWINSZ) && defined(TIOCGSIZE) # define TIOCGWINSZ TIOCGSIZE # define winsize ttysize # define ws_col ts_cols # define ws_row ts_lines #endif #ifdef TIOCGWINSZ static int get_ttysize_ioctl(int *rowp, int *colp) { struct winsize wsize; debug_decl(get_ttysize_ioctl, SUDO_DEBUG_EXEC) if (ioctl(STDERR_FILENO, TIOCGWINSZ, &wsize) == 0 && wsize.ws_row != 0 && wsize.ws_col != 0) { *rowp = wsize.ws_row; *colp = wsize.ws_col; debug_return_int(0); } debug_return_int(-1); } #else static int get_ttysize_ioctl(int *rowp, int *colp) { return -1; } #endif /* TIOCGWINSZ */ void get_ttysize(int *rowp, int *colp) { debug_decl(fork_cmnd, SUDO_DEBUG_EXEC) if (get_ttysize_ioctl(rowp, colp) == -1) { char *p; /* Fall back on $LINES and $COLUMNS. */ if ((p = getenv("LINES")) == NULL || (*rowp = strtonum(p, 1, INT_MAX, NULL)) <= 0) { *rowp = 24; } if ((p = getenv("COLUMNS")) == NULL || (*colp = strtonum(p, 1, INT_MAX, NULL)) <= 0) { *colp = 80; } } debug_return; } sudo-1.8.9p5/compat/Makefile.in010064400175440000012000000243211226304126400156760ustar00millertstaff# # Copyright (c) 2011-2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # @configure_input@ # #### Start of system configuration section. #### srcdir = @srcdir@ devdir = @devdir@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ incdir = $(top_srcdir)/include cross_compiling = @CROSS_COMPILING@ # Where to install things... prefix = @prefix@ exec_prefix = @exec_prefix@ bindir = @bindir@ sbindir = @sbindir@ sysconfdir = @sysconfdir@ libexecdir = @libexecdir@ datarootdir = @datarootdir@ localstatedir = @localstatedir@ # Compiler & tools to use CC = @CC@ LIBTOOL = @LIBTOOL@ # C preprocessor flags CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(top_srcdir) @CPPFLAGS@ # Usually -O and/or -g CFLAGS = @CFLAGS@ # PIE flags PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ # Stack smashing protection flags SSP_CFLAGS = @SSP_CFLAGS@ SSP_LDFLAGS = @SSP_LDFLAGS@ # OS dependent defines DEFS = @OSDEFS@ # Set to non-empty for development mode DEVEL = @DEVEL@ #### End of system configuration section. #### SHELL = @SHELL@ TEST_PROGS = @COMPAT_TEST_PROGS@ LIBOBJDIR = LTLIBOBJS = @LTLIBOBJS@ all: libreplace.la Makefile: $(srcdir)/Makefile.in (cd $(top_builddir) && ./config.status --file compat/Makefile) .SUFFIXES: .o .c .h .lo .c.o: $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $< .c.lo: $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $< libreplace.la: $(LTLIBOBJS) $(LIBTOOL) --mode=link $(CC) -o $@ $(LTLIBOBJS) -no-install siglist.c: mksiglist ./mksiglist > $@ signame.c: mksigname ./mksigname > $@ mksiglist: $(srcdir)/mksiglist.c $(srcdir)/mksiglist.h $(incdir)/missing.h $(top_builddir)/config.h $(CC) $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/mksiglist.c -o $@ mksigname: $(srcdir)/mksigname.c $(srcdir)/mksigname.h $(incdir)/missing.h $(top_builddir)/config.h $(CC) $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/mksigname.c -o $@ fnm_test: fnm_test.o libreplace.la $(LIBTOOL) --mode=link $(CC) -o $@ fnm_test.o libreplace.la $(PIE_LDFLAGS) $(SSP_LDFLAGS) globtest: globtest.o libreplace.la $(LIBTOOL) --mode=link $(CC) -o $@ globtest.o libreplace.la $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(srcdir)/mksiglist.h: $(srcdir)/siglist.in @if [ -n "$(DEVEL)" ]; then \ awk 'BEGIN {print "/* public domain */\n"} /^ [A-Z]/ {printf("#ifdef SIG%s\n if (sudo_sys_siglist[SIG%s] == NULL)\n\tsudo_sys_siglist[SIG%s] = \"%s\";\n#endif\n", $$1, $$1, $$1, substr($$0, 13))}' < $(srcdir)/siglist.in > $@; \ fi $(srcdir)/mksigname.h: $(srcdir)/siglist.in @if [ -n "$(DEVEL)" ]; then \ awk 'BEGIN {print "/* public domain */\n"} /^ [A-Z]/ {printf("#ifdef SIG%s\n if (sudo_sys_signame[SIG%s] == NULL)\n\tsudo_sys_signame[SIG%s] = \"%s\";\n#endif\n", $$1, $$1, $$1, $$1)}' < $(srcdir)/siglist.in > $@; \ fi pre-install: install: install-dirs: install-binaries: install-includes: install-doc: install-plugin: uninstall: check: $(TEST_PROGS) @if test X"$(cross_compiling)" != X"yes"; then \ if test -f fnm_test; then \ ./fnm_test $(srcdir)/regress/fnmatch/fnm_test.in; \ fi; \ if test -f globtest; then \ mkdir -p `sed 's@/[^/]*$$@@' $(srcdir)/regress/glob/files | sort -u`; \ touch `cat $(srcdir)/regress/glob/files`; \ chmod 0755 `grep '/r[^/]*$$' $(srcdir)/regress/glob/files`; \ chmod 0444 `grep '/s[^/]*$$' $(srcdir)/regress/glob/files`; \ chmod 0711 `grep '/t[^/]*$$' $(srcdir)/regress/glob/files`; \ ./globtest $(srcdir)/regress/glob/globtest.in; \ rval=$$?; \ rm -rf fake; \ exit $$rval; \ fi; \ fi clean: -$(LIBTOOL) --mode=clean rm -f $(TEST_PROGS) mksiglist mksigname siglist.c signame.c *.lo *.o *.la *.a stamp-* core *.core core.* mostlyclean: clean distclean: clean -rm -rf Makefile .libs clobber: distclean realclean: distclean rm -f TAGS tags cleandir: realclean # Autogenerated dependencies, do not modify closefrom.lo: $(srcdir)/closefrom.c $(incdir)/missing.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/closefrom.c fnm_test.o: $(srcdir)/regress/fnmatch/fnm_test.c $(incdir)/missing.h \ $(top_builddir)/config.h $(top_srcdir)/compat/fnmatch.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/fnmatch/fnm_test.c fnmatch.lo: $(srcdir)/fnmatch.c $(incdir)/missing.h $(top_builddir)/config.h \ $(top_srcdir)/compat/charclass.h $(top_srcdir)/compat/fnmatch.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/fnmatch.c getaddrinfo.lo: $(srcdir)/getaddrinfo.c $(incdir)/missing.h \ $(top_builddir)/config.h $(top_srcdir)/compat/getaddrinfo.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getaddrinfo.c getcwd.lo: $(srcdir)/getcwd.c $(incdir)/missing.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getcwd.c getgrouplist.lo: $(srcdir)/getgrouplist.c $(incdir)/missing.h \ $(top_builddir)/config.h $(top_srcdir)/compat/nss_dbdefs.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getgrouplist.c getline.lo: $(srcdir)/getline.c $(incdir)/missing.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getline.c getopt_long.lo: $(srcdir)/getopt_long.c $(incdir)/fatal.h $(incdir)/missing.h \ $(top_builddir)/config.h $(top_srcdir)/compat/getopt.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getopt_long.c glob.lo: $(srcdir)/glob.c $(incdir)/missing.h $(top_builddir)/config.h \ $(top_srcdir)/compat/charclass.h $(top_srcdir)/compat/glob.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/glob.c globtest.o: $(srcdir)/regress/glob/globtest.c $(incdir)/missing.h \ $(top_builddir)/config.h $(top_srcdir)/compat/glob.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/glob/globtest.c isblank.lo: $(srcdir)/isblank.c $(incdir)/missing.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/isblank.c memrchr.lo: $(srcdir)/memrchr.c $(incdir)/missing.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/memrchr.c memset_s.lo: $(srcdir)/memset_s.c $(incdir)/missing.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/memset_s.c mksiglist.lo: $(srcdir)/mksiglist.c $(incdir)/missing.h \ $(top_builddir)/config.h $(top_srcdir)/compat/mksiglist.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/mksiglist.c mksigname.lo: $(srcdir)/mksigname.c $(incdir)/missing.h \ $(top_builddir)/config.h $(top_srcdir)/compat/mksigname.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/mksigname.c mktemp.lo: $(srcdir)/mktemp.c $(incdir)/missing.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/mktemp.c pw_dup.lo: $(srcdir)/pw_dup.c $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/pw_dup.c sig2str.lo: $(srcdir)/sig2str.c $(incdir)/missing.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sig2str.c siglist.lo: siglist.c $(incdir)/missing.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) siglist.c signame.lo: signame.c $(incdir)/missing.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) signame.c snprintf.lo: $(srcdir)/snprintf.c $(incdir)/missing.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/snprintf.c strlcat.lo: $(srcdir)/strlcat.c $(incdir)/missing.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/strlcat.c strlcpy.lo: $(srcdir)/strlcpy.c $(incdir)/missing.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/strlcpy.c strsignal.lo: $(srcdir)/strsignal.c $(incdir)/gettext.h $(incdir)/missing.h \ $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/strsignal.c strtonum.lo: $(srcdir)/strtonum.c $(incdir)/gettext.h $(incdir)/missing.h \ $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/strtonum.c utimes.lo: $(srcdir)/utimes.c $(incdir)/missing.h $(top_builddir)/config.h \ $(top_srcdir)/compat/utime.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/utimes.c sudo-1.8.9p5/compat/charclass.h010064400175440000012000000024451226304126400157500ustar00millertstaff/* * Copyright (c) 2008, 2010 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * POSIX character class support for fnmatch() and glob(). */ static struct cclass { const char *name; int (*isctype)(int); } cclasses[] = { { "alnum", isalnum }, { "alpha", isalpha }, { "blank", isblank }, { "cntrl", iscntrl }, { "digit", isdigit }, { "graph", isgraph }, { "lower", islower }, { "print", isprint }, { "punct", ispunct }, { "space", isspace }, { "upper", isupper }, { "xdigit", isxdigit }, { NULL, NULL } }; #define NCCLASSES (sizeof(cclasses) / sizeof(cclasses[0]) - 1) sudo-1.8.9p5/compat/closefrom.c010064400175440000012000000073341226304126400157730ustar00millertstaff/* * Copyright (c) 2004-2005, 2007, 2010, 2012-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #ifndef HAVE_CLOSEFROM #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #include #include #ifdef HAVE_PSTAT_GETPROC # include # include #else # ifdef HAVE_DIRENT_H # include # define NAMLEN(dirent) strlen((dirent)->d_name) # else # define dirent direct # define NAMLEN(dirent) (dirent)->d_namlen # ifdef HAVE_SYS_NDIR_H # include # endif # ifdef HAVE_SYS_DIR_H # include # endif # ifdef HAVE_NDIR_H # include # endif # endif #endif #include "missing.h" #if defined(HAVE_FCNTL_CLOSEM) && !defined(HAVE_DIRFD) # define closefrom closefrom_fallback #endif /* * Close all file descriptors greater than or equal to lowfd. * This is the expensive (fallback) method. */ void closefrom_fallback(int lowfd) { long fd, maxfd; /* * Fall back on sysconf() or getdtablesize(). We avoid checking * resource limits since it is possible to open a file descriptor * and then drop the rlimit such that it is below the open fd. */ #ifdef HAVE_SYSCONF maxfd = sysconf(_SC_OPEN_MAX); #else maxfd = getdtablesize(); #endif /* HAVE_SYSCONF */ if (maxfd < 0) maxfd = OPEN_MAX; for (fd = lowfd; fd < maxfd; fd++) { #ifdef __APPLE__ /* Avoid potential libdispatch crash when we close its fds. */ (void) fcntl((int) fd, F_SETFD, FD_CLOEXEC); #else (void) close((int) fd); #endif } } /* * Close all file descriptors greater than or equal to lowfd. * We try the fast way first, falling back on the slow method. */ #if defined(HAVE_FCNTL_CLOSEM) void closefrom(int lowfd) { if (fcntl(lowfd, F_CLOSEM, 0) == -1) closefrom_fallback(lowfd); } #elif defined(HAVE_PSTAT_GETPROC) void closefrom(int lowfd) { struct pst_status pstat; int fd; if (pstat_getproc(&pstat, sizeof(pstat), 0, getpid()) != -1) { for (fd = lowfd; fd <= pstat.pst_highestfd; fd++) (void) close(fd); } else { closefrom_fallback(lowfd); } } #elif defined(HAVE_DIRFD) void closefrom(int lowfd) { const char *path; DIR *dirp; /* Use /proc/self/fd (or /dev/fd on FreeBSD) if it exists. */ # if defined(__FreeBSD__) || defined(__APPLE__) path = "/dev/fd"; # else path = "/proc/self/fd"; # endif if ((dirp = opendir(path)) != NULL) { struct dirent *dent; while ((dent = readdir(dirp)) != NULL) { const char *errstr; int fd = strtonum(dent->d_name, lowfd, INT_MAX, &errstr); if (errstr == NULL && fd != dirfd(dirp)) { # ifdef __APPLE__ /* Avoid potential libdispatch crash when we close its fds. */ (void) fcntl(fd, F_SETFD, FD_CLOEXEC); # else (void) close(fd); # endif } } (void) closedir(dirp); } else closefrom_fallback(lowfd); } #endif /* HAVE_FCNTL_CLOSEM */ #endif /* HAVE_CLOSEFROM */ sudo-1.8.9p5/compat/endian.h010064400175440000012000000057631226304126400152510ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _COMPAT_ENDIAN_H #define _COMPAT_ENDIAN_H #ifndef BYTE_ORDER # undef LITTLE_ENDIAN # define LITTLE_ENDIAN 1234 # undef BIG_ENDIAN # define BIG_ENDIAN 4321 # undef UNKNOWN_ENDIAN # define UNKNOWN_ENDIAN 0 /* * Attempt to guess endianness. * Solaris may define _LITTLE_ENDIAN and _BIG_ENDIAN to 1 * HP-UX may define __LITTLE_ENDIAN__ and __BIG_ENDIAN__ to 1 * Otherwise, check for cpu-specific cpp defines. * Note that some CPUs are bi-endian, including: arm, powerpc, alpha, * sparc64, mips, hppa, sh4 and ia64. * We just check for the most common uses. */ # if defined(__BYTE_ORDER) # define BYTE_ORDER __BYTE_ORDER # elif defined(_BYTE_ORDER) # define BYTE_ORDER _BYTE_ORDER # elif defined(_LITTLE_ENDIAN) || defined(__LITTLE_ENDIAN__) # define BYTE_ORDER LITTLE_ENDIAN # elif defined(_BIG_ENDIAN) || defined(__BIG_ENDIAN__) # define BYTE_ORDER BIG_ENDIAN # elif defined(__alpha__) || defined(__alpha) || defined(__amd64) || \ defined(BIT_ZERO_ON_RIGHT) || defined(i386) || defined(__i386) || \ defined(MIPSEL) || defined(_MIPSEL) || defined(ns32000) || \ defined(__ns3200) || defined(sun386) || defined(vax) || \ defined(__vax) || defined(__x86__) || \ (defined(sun) && defined(__powerpc)) || \ (!defined(__hpux) && defined(__ia64)) # define BYTE_ORDER LITTLE_ENDIAN # elif defined(__68k__) || defined(apollo) || defined(BIT_ZERO_ON_LEFT) || \ defined(__convex__) || defined(_CRAY) || defined(DGUX) || \ defined(__hppa) || defined(__hp9000) || defined(__hp9000s300) || \ defined(__hp9000s700) || defined(__hp3000s900) || \ defined(ibm032) || defined(ibm370) || defined(_IBMR2) || \ defined(is68k) || defined(mc68000) || defined(m68k) || \ defined(__m68k) || defined(m88k) || defined(__m88k) || \ defined(MIPSEB) || defined(_MIPSEB) || defined(MPE) || \ defined(pyr) || defined(__powerpc) || defined(__powerpc__) || \ defined(sel) || defined(__sparc) || defined(__sparc__) || \ defined(tahoe) || (defined(__hpux) && defined(__ia64)) || \ (defined(sun) && defined(__powerpc)) # define BYTE_ORDER BIG_ENDIAN # else # define BYTE_ORDER UNKNOWN_ENDIAN # endif #endif /* BYTE_ORDER */ #endif /* _COMPAT_ENDIAN_H */ sudo-1.8.9p5/compat/fnmatch.c010064400175440000012000000422761226304126400154260ustar00millertstaff/* $OpenBSD: fnmatch.c,v 1.15 2011/02/10 21:31:59 stsp Exp $ */ /* Copyright (c) 2011, VMware, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of the VMware, Inc. nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL VMWARE, INC. OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* Authored by William A. Rowe Jr. , April 2011 * * Derived from The Open Group Base Specifications Issue 7, IEEE Std 1003.1-2008 * as described in; * http://pubs.opengroup.org/onlinepubs/9699919799/functions/fnmatch.html * * Filename pattern matches defined in section 2.13, "Pattern Matching Notation" * from chapter 2. "Shell Command Language" * http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_13 * where; 1. A bracket expression starting with an unquoted '^' * character CONTINUES to specify a non-matching list; 2. an explicit '.' * in a bracket expression matching list, e.g. "[.abc]" does NOT match a leading * in a filename; 3. a '[' which does not introduce * a valid bracket expression is treated as an ordinary character; 4. a differing * number of consecutive slashes within pattern and string will NOT match; * 5. a trailing '\' in FNM_ESCAPE mode is treated as an ordinary '\' character. * * Bracket expansion defined in section 9.3.5, "RE Bracket Expression", * from chapter 9, "Regular Expressions" * http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap09.html#tag_09_03_05 * with no support for collating symbols, equivalence class expressions or * character class expressions. A partial range expression with a leading * hyphen following a valid range expression will match only the ordinary * and the ending character (e.g. "[a-m-z]" will match characters * 'a' through 'm', a '-', or a 'z'). * * Supports BSD extensions FNM_LEADING_DIR to match pattern to the end of one * path segment of string, and FNM_CASEFOLD to ignore alpha case. * * NOTE: Only POSIX/C single byte locales are correctly supported at this time. * Notably, non-POSIX locales with FNM_CASEFOLD produce undefined results, * particularly in ranges of mixed case (e.g. "[A-z]") or spanning alpha and * nonalpha characters within a range. * * XXX comments below indicate porting required for multi-byte character sets * and non-POSIX locale collation orders; requires mbr* APIs to track shift * state of pattern and string (rewinding pattern and string repeatedly). * * Certain parts of the code assume 0x00-0x3F are unique with any MBCS (e.g. * UTF-8, SHIFT-JIS, etc). Any implementation allowing '\' as an alternate * path delimiter must be aware that 0x5C is NOT unique within SHIFT-JIS. */ #include #ifndef HAVE_FNMATCH #include #include #include #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include #include "missing.h" #include "compat/charclass.h" #include "compat/fnmatch.h" #define RANGE_MATCH 1 #define RANGE_NOMATCH 0 #define RANGE_ERROR (-1) static int classmatch(const char *pattern, char test, int foldcase, const char **ep) { const char * const mismatch = pattern; const char *colon; struct cclass *cc; int rval = RANGE_NOMATCH; size_t len; if (pattern[0] != '[' || pattern[1] != ':') { *ep = mismatch; return RANGE_ERROR; } pattern += 2; if ((colon = strchr(pattern, ':')) == NULL || colon[1] != ']') { *ep = mismatch; return RANGE_ERROR; } *ep = colon + 2; len = (size_t)(colon - pattern); if (foldcase && strncmp(pattern, "upper:]", 7) == 0) pattern = "lower:]"; for (cc = cclasses; cc->name != NULL; cc++) { if (!strncmp(pattern, cc->name, len) && cc->name[len] == '\0') { if (cc->isctype((unsigned char)test)) rval = RANGE_MATCH; break; } } if (cc->name == NULL) { /* invalid character class, treat as normal text */ *ep = mismatch; rval = RANGE_ERROR; } return rval; } /* Most MBCS/collation/case issues handled here. Wildcard '*' is not handled. * EOS '\0' and the FNM_PATHNAME '/' delimiters are not advanced over, * however the "\/" sequence is advanced to '/'. * * Both pattern and string are **char to support pointer increment of arbitrary * multibyte characters for the given locale, in a later iteration of this code */ static int fnmatch_ch(const char **pattern, const char **string, int flags) { const char * const mismatch = *pattern; const int nocase = !!(flags & FNM_CASEFOLD); const int escape = !(flags & FNM_NOESCAPE); const int slash = !!(flags & FNM_PATHNAME); int result = FNM_NOMATCH; const char *startch; int negate; if (**pattern == '[') { ++*pattern; /* Handle negation, either leading ! or ^ operators (never both) */ negate = ((**pattern == '!') || (**pattern == '^')); if (negate) ++*pattern; /* ']' is an ordinary character at the start of the range pattern */ if (**pattern == ']') goto leadingclosebrace; while (**pattern) { if (**pattern == ']') { ++*pattern; /* XXX: Fix for MBCS character width */ ++*string; return (result ^ negate); } if (escape && (**pattern == '\\')) { ++*pattern; /* Patterns must be terminated with ']', not EOS */ if (!**pattern) break; } /* Patterns must be terminated with ']' not '/' */ if (slash && (**pattern == '/')) break; /* Match character classes. */ if (classmatch(*pattern, **string, nocase, pattern) == RANGE_MATCH) { result = 0; continue; } leadingclosebrace: /* Look at only well-formed range patterns; * "x-]" is not allowed unless escaped ("x-\]") * XXX: Fix for locale/MBCS character width */ if (((*pattern)[1] == '-') && ((*pattern)[2] != ']')) { startch = *pattern; *pattern += (escape && ((*pattern)[2] == '\\')) ? 3 : 2; /* NOT a properly balanced [expr] pattern, EOS terminated * or ranges containing a slash in FNM_PATHNAME mode pattern * fall out to to the rewind and test '[' literal code path */ if (!**pattern || (slash && (**pattern == '/'))) break; /* XXX: handle locale/MBCS comparison, advance by MBCS char width */ if ((**string >= *startch) && (**string <= **pattern)) result = 0; else if (nocase && (isupper((unsigned char)**string) || isupper((unsigned char)*startch) || isupper((unsigned char)**pattern)) && (tolower((unsigned char)**string) >= tolower((unsigned char)*startch)) && (tolower((unsigned char)**string) <= tolower((unsigned char)**pattern))) result = 0; ++*pattern; continue; } /* XXX: handle locale/MBCS comparison, advance by MBCS char width */ if ((**string == **pattern)) result = 0; else if (nocase && (isupper((unsigned char)**string) || isupper((unsigned char)**pattern)) && (tolower((unsigned char)**string) == tolower((unsigned char)**pattern))) result = 0; ++*pattern; } /* NOT a properly balanced [expr] pattern; Rewind * and reset result to test '[' literal */ *pattern = mismatch; result = FNM_NOMATCH; } else if (**pattern == '?') { /* Optimize '?' match before unescaping **pattern */ if (!**string || (slash && (**string == '/'))) return FNM_NOMATCH; result = 0; goto fnmatch_ch_success; } else if (escape && (**pattern == '\\') && (*pattern)[1]) { ++*pattern; } /* XXX: handle locale/MBCS comparison, advance by the MBCS char width */ if (**string == **pattern) result = 0; else if (nocase && (isupper((unsigned char)**string) || isupper((unsigned char)**pattern)) && (tolower((unsigned char)**string) == tolower((unsigned char)**pattern))) result = 0; /* Refuse to advance over trailing slash or nulls */ if (!**string || !**pattern || (slash && ((**string == '/') || (**pattern == '/')))) return result; fnmatch_ch_success: ++*pattern; ++*string; return result; } int rpl_fnmatch(const char *pattern, const char *string, int flags) { static const char dummystring[2] = {' ', 0}; const int escape = !(flags & FNM_NOESCAPE); const int slash = !!(flags & FNM_PATHNAME); const int leading_dir = !!(flags & FNM_LEADING_DIR); const char *strendseg; const char *dummyptr; const char *matchptr; int wild; /* For '*' wild processing only; surpress 'used before initialization' * warnings with dummy initialization values; */ const char *strstartseg = NULL; const char *mismatch = NULL; int matchlen = 0; if (strlen(pattern) > PATH_MAX || strlen(string) > PATH_MAX) return FNM_NOMATCH; if (*pattern == '*') goto firstsegment; while (*pattern && *string) { /* Pre-decode "\/" which has no special significance, and * match balanced slashes, starting a new segment pattern */ if (slash && escape && (*pattern == '\\') && (pattern[1] == '/')) ++pattern; if (slash && (*pattern == '/') && (*string == '/')) { ++pattern; ++string; } firstsegment: /* At the beginning of each segment, validate leading period behavior. */ if ((flags & FNM_PERIOD) && (*string == '.')) { if (*pattern == '.') ++pattern; else if (escape && (*pattern == '\\') && (pattern[1] == '.')) pattern += 2; else return FNM_NOMATCH; ++string; } /* Determine the end of string segment * * Presumes '/' character is unique, not composite in any MBCS encoding */ if (slash) { strendseg = strchr(string, '/'); if (!strendseg) strendseg = strchr(string, '\0'); } else { strendseg = strchr(string, '\0'); } /* Allow pattern '*' to be consumed even with no remaining string to match */ while (*pattern) { if ((string > strendseg) || ((string == strendseg) && (*pattern != '*'))) break; if (slash && ((*pattern == '/') || (escape && (*pattern == '\\') && (pattern[1] == '/')))) break; /* Reduce groups of '*' and '?' to n '?' matches * followed by one '*' test for simplicity */ for (wild = 0; ((*pattern == '*') || (*pattern == '?')); ++pattern) { if (*pattern == '*') { wild = 1; } else if (string < strendseg) { /* && (*pattern == '?') */ /* XXX: Advance 1 char for MBCS locale */ ++string; } else { /* (string >= strendseg) && (*pattern == '?') */ return FNM_NOMATCH; } } if (wild) { strstartseg = string; mismatch = pattern; /* Count fixed (non '*') char matches remaining in pattern * excluding '/' (or "\/") and '*' */ for (matchptr = pattern, matchlen = 0; 1; ++matchlen) { if ((*matchptr == '\0') || (slash && ((*matchptr == '/') || (escape && (*matchptr == '\\') && (matchptr[1] == '/'))))) { /* Compare precisely this many trailing string chars, * the resulting match needs no wildcard loop */ /* XXX: Adjust for MBCS */ if (string + matchlen > strendseg) return FNM_NOMATCH; string = strendseg - matchlen; wild = 0; break; } if (*matchptr == '*') { /* Ensure at least this many trailing string chars remain * for the first comparison */ /* XXX: Adjust for MBCS */ if (string + matchlen > strendseg) return FNM_NOMATCH; /* Begin first wild comparison at the current position */ break; } /* Skip forward in pattern by a single character match * Use a dummy fnmatch_ch() test to count one "[range]" escape */ /* XXX: Adjust for MBCS */ if (escape && (*matchptr == '\\') && matchptr[1]) { matchptr += 2; } else if (*matchptr == '[') { dummyptr = dummystring; fnmatch_ch(&matchptr, &dummyptr, flags); } else { ++matchptr; } } } /* Incrementally match string against the pattern */ while (*pattern && (string < strendseg)) { /* Success; begin a new wild pattern search */ if (*pattern == '*') break; if (slash && ((*string == '/') || (*pattern == '/') || (escape && (*pattern == '\\') && (pattern[1] == '/')))) break; /* Compare ch's (the pattern is advanced over "\/" to the '/', * but slashes will mismatch, and are not consumed) */ if (!fnmatch_ch(&pattern, &string, flags)) continue; /* Failed to match, loop against next char offset of string segment * until not enough string chars remain to match the fixed pattern */ if (wild) { /* XXX: Advance 1 char for MBCS locale */ string = ++strstartseg; if (string + matchlen > strendseg) return FNM_NOMATCH; pattern = mismatch; continue; } else return FNM_NOMATCH; } } if (*string && !((slash || leading_dir) && (*string == '/'))) return FNM_NOMATCH; if (*pattern && !(slash && ((*pattern == '/') || (escape && (*pattern == '\\') && (pattern[1] == '/'))))) return FNM_NOMATCH; if (leading_dir && !*pattern && *string == '/') return 0; } /* Where both pattern and string are at EOS, declare success */ if (!*string && !*pattern) return 0; /* pattern didn't match to the end of string */ return FNM_NOMATCH; } #endif /* HAVE_FNMATCH */ sudo-1.8.9p5/compat/fnmatch.h010064400175440000012000000025641226304126400154270ustar00millertstaff/* * Copyright (c) 2011 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _FNMATCH_H #define _FNMATCH_H #define FNM_NOMATCH 1 /* String does not match pattern */ #define FNM_PATHNAME (1 << 0) /* Globbing chars don't match '/' */ #define FNM_PERIOD (1 << 1) /* Leading '.' in string must exactly */ #define FNM_NOESCAPE (1 << 2) /* Backslash treated as ordinary char */ #define FNM_LEADING_DIR (1 << 3) /* Only match the leading directory */ #define FNM_CASEFOLD (1 << 4) /* Case insensitive matching */ int rpl_fnmatch(const char *pattern, const char *string, int flags); #define fnmatch(_a, _b, _c) rpl_fnmatch((_a), (_b), (_c)) #endif /* _FNMATCH_H */ sudo-1.8.9p5/compat/getaddrinfo.c010064400175440000012000000312701226304126400162640ustar00millertstaff/* * Replacement for a missing getaddrinfo. * * This is an implementation of getaddrinfo for systems that don't have one so * that networking code can use a consistant interface without #ifdef. It is * a fairly minimal implementation, with the following limitations: * * - IPv4 support only. IPv6 is not supported. * - AI_ADDRCONFIG is ignored. * - Not thread-safe due to gethostbyname and getservbyname. * - SOCK_DGRAM and SOCK_STREAM only. * - Multiple possible socket types only generate one addrinfo struct. * - Protocol hints aren't used correctly. * * The last four issues could probably be easily remedied, but haven't been * needed to date. Adding IPv6 support isn't worth it; systems with IPv6 * support should already support getaddrinfo natively. * * The canonical version of this file is maintained in the rra-c-util package, * which can be found at . * * Written by Russ Allbery * * The authors hereby relinquish any claim to any copyright that they may have * in this work, whether granted under contract or by operation of law or * international treaty, and hereby commit to the public, at large, that they * shall not, at any time in the future, seek to enforce any copyright in this * work against any person or entity, or prevent any person or entity from * copying, publishing, distributing or creating derivative works of this * work. */ #include #ifndef HAVE_GETADDRINFO #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include #include #include #include #include "compat/getaddrinfo.h" #include "missing.h" /* We need access to h_errno to map errors from gethostbyname. */ #ifndef HAVE_DECL_H_ERRNO extern int h_errno; #endif /* * The netdb constants, which aren't always defined (particularly if h_errno * isn't declared). We also make sure that a few of the less-used ones are * defined so that we can deal with them in case statements. */ #ifndef HOST_NOT_FOUND # define HOST_NOT_FOUND 1 # define TRY_AGAIN 2 # define NO_RECOVERY 3 # define NO_DATA 4 #endif #ifndef NETDB_INTERNAL # define NETDB_INTERNAL -1 #endif /* * If we're running the test suite, rename the functions to avoid conflicts * with the system version. Note that we don't rename the structures and * constants, but that should be okay (except possibly for gai_strerror). */ #ifdef TESTING # define gai_strerror test_gai_strerror # define freeaddrinfo test_freeaddrinfo # define getaddrinfo test_getaddrinfo const char *test_gai_strerror(int); void test_freeaddrinfo(struct addrinfo *); int test_getaddrinfo(const char *, const char *, const struct addrinfo *, struct addrinfo **); #endif /* * If the native platform doesn't support AI_NUMERICSERV or AI_NUMERICHOST, * pick some other values for them. */ #ifdef TESTING # if AI_NUMERICSERV == 0 # undef AI_NUMERICSERV # define AI_NUMERICSERV 0x0080 # endif # if AI_NUMERICHOST == 0 # undef AI_NUMERICHOST # define AI_NUMERICHOST 0x0100 # endif #endif /* * Value representing all of the hint flags set. Linux uses flags up to * 0x0400, so be sure not to break when testing on that platform. */ #ifdef TESTING # ifdef HAVE_GETADDRINFO # define AI_INTERNAL_ALL 0x04ff # else # define AI_INTERNAL_ALL 0x01ff # endif #else # define AI_INTERNAL_ALL 0x007f #endif /* Table of strings corresponding to the EAI_* error codes. */ static const char * const gai_errors[] = { "Host name lookup failure", /* 1 EAI_AGAIN */ "Invalid flag value", /* 2 EAI_BADFLAGS */ "Unknown server error", /* 3 EAI_FAIL */ "Unsupported address family", /* 4 EAI_FAMILY */ "Memory allocation failure", /* 5 EAI_MEMORY */ "Host unknown or not given", /* 6 EAI_NONAME */ "Service not supported for socket", /* 7 EAI_SERVICE */ "Unsupported socket type", /* 8 EAI_SOCKTYPE */ "System error", /* 9 EAI_SYSTEM */ "Supplied buffer too small", /* 10 EAI_OVERFLOW */ }; /* Macro to set the len attribute of sockaddr_in. */ #ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN # define sin_set_length(s) ((s)->sin_len = sizeof(struct sockaddr_in)) #else # define sin_set_length(s) /* empty */ #endif /* * Used for iterating through arrays. ARRAY_SIZE returns the number of * elements in the array (useful for a < upper bound in a for loop). */ #define ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0])) /* * Return a constant string for a given EAI_* error code or a string * indicating an unknown error. */ const char * gai_strerror(int ecode) { if (ecode < 1 || (size_t) ecode > ARRAY_SIZE(gai_errors)) return "Unknown error"; else return gai_errors[ecode - 1]; } /* * Free a linked list of addrinfo structs. */ void freeaddrinfo(struct addrinfo *ai) { struct addrinfo *next; while (ai != NULL) { next = ai->ai_next; if (ai->ai_addr != NULL) free(ai->ai_addr); if (ai->ai_canonname != NULL) free(ai->ai_canonname); free(ai); ai = next; } } /* * Allocate a new addrinfo struct, setting some defaults given that this * implementation is IPv4 only. Also allocates an attached sockaddr_in and * zeroes it, per the requirement for getaddrinfo. Takes the socktype, * canonical name (which is copied if not NULL), address, and port. Returns * NULL on a memory allocation failure. */ static struct addrinfo * gai_addrinfo_new(int socktype, const char *canonical, struct in_addr addr, unsigned short port) { struct addrinfo *ai; ai = malloc(sizeof(*ai)); if (ai == NULL) return NULL; ai->ai_addr = malloc(sizeof(struct sockaddr_in)); if (ai->ai_addr == NULL) { free(ai); return NULL; } ai->ai_next = NULL; if (canonical == NULL) ai->ai_canonname = NULL; else { ai->ai_canonname = strdup(canonical); if (ai->ai_canonname == NULL) { freeaddrinfo(ai); return NULL; } } memset(ai->ai_addr, 0, sizeof(struct sockaddr_in)); ai->ai_flags = 0; ai->ai_family = AF_INET; ai->ai_socktype = socktype; ai->ai_protocol = (socktype == SOCK_DGRAM) ? IPPROTO_UDP : IPPROTO_TCP; ai->ai_addrlen = sizeof(struct sockaddr_in); ((struct sockaddr_in *) ai->ai_addr)->sin_family = AF_INET; ((struct sockaddr_in *) ai->ai_addr)->sin_addr = addr; ((struct sockaddr_in *) ai->ai_addr)->sin_port = htons(port); sin_set_length((struct sockaddr_in *) ai->ai_addr); return ai; } /* * Look up a service. Takes the service name (which may be numeric), the hint * flags, a pointer to the socket type (used to determine whether TCP or UDP * services are of interest and, if 0, is filled in with the result of * getservbyname if the service was not numeric), and a pointer to the * addrinfo struct to fill in. Returns 0 on success or an EAI_* error on * failure. */ static int gai_service(const char *servname, int flags, int *type, unsigned short *port) { struct servent *servent; const char *protocol; const char *errstr; unsigned short value; value = strtonum(servname, 0, USHRT_MAX, &errstr); if (errstr == NULL) { *port = value; } else if (errno == ERANGE) { return EAI_SERVICE; } else { if (flags & AI_NUMERICSERV) return EAI_NONAME; if (*type != 0) protocol = (*type == SOCK_DGRAM) ? "udp" : "tcp"; else protocol = NULL; /* * We really technically should be generating an addrinfo struct for * each possible protocol unless type is set, but this works well * enough for what I need this for. */ servent = getservbyname(servname, protocol); if (servent == NULL) return EAI_NONAME; if (strcmp(servent->s_proto, "udp") == 0) *type = SOCK_DGRAM; else if (strcmp(servent->s_proto, "tcp") == 0) *type = SOCK_STREAM; else return EAI_SERVICE; *port = htons(servent->s_port); } return 0; } /* * Look up a host and fill in a linked list of addrinfo structs with the * results, one per IP address of the returned host. Takes the name or IP * address of the host as a string, the lookup flags, the type of socket (to * fill into the addrinfo structs), the port (likewise), and a pointer to * where the head of the linked list should be put. Returns 0 on success or * the appropriate EAI_* error. */ static int gai_lookup(const char *nodename, int flags, int socktype, unsigned short port, struct addrinfo **res) { struct addrinfo *ai, *first, *prev; struct in_addr addr; struct hostent *host; const char *canonical; int i; if (inet_aton(nodename, &addr)) { canonical = (flags & AI_CANONNAME) ? nodename : NULL; ai = gai_addrinfo_new(socktype, canonical, addr, port); if (ai == NULL) return EAI_MEMORY; *res = ai; return 0; } else { if (flags & AI_NUMERICHOST) return EAI_NONAME; host = gethostbyname(nodename); if (host == NULL) switch (h_errno) { case HOST_NOT_FOUND: return EAI_NONAME; case TRY_AGAIN: case NO_DATA: return EAI_AGAIN; case NO_RECOVERY: return EAI_FAIL; case NETDB_INTERNAL: default: return EAI_SYSTEM; } if (host->h_addr_list[0] == NULL) return EAI_FAIL; canonical = (flags & AI_CANONNAME) ? ((host->h_name != NULL) ? host->h_name : nodename) : NULL; first = NULL; prev = NULL; for (i = 0; host->h_addr_list[i] != NULL; i++) { if (host->h_length != sizeof(addr)) { freeaddrinfo(first); return EAI_FAIL; } memcpy(&addr, host->h_addr_list[i], sizeof(addr)); ai = gai_addrinfo_new(socktype, canonical, addr, port); if (ai == NULL) { freeaddrinfo(first); return EAI_MEMORY; } if (first == NULL) { first = ai; prev = ai; } else { prev->ai_next = ai; prev = ai; } } *res = first; return 0; } } /* * The actual getaddrinfo implementation. */ int getaddrinfo(const char *nodename, const char *servname, const struct addrinfo *hints, struct addrinfo **res) { struct addrinfo *ai; struct in_addr addr; int flags, socktype, status; unsigned short port; /* Take the hints into account and check them for validity. */ if (hints != NULL) { flags = hints->ai_flags; socktype = hints->ai_socktype; if ((flags & AI_INTERNAL_ALL) != flags) return EAI_BADFLAGS; if (hints->ai_family != AF_UNSPEC && hints->ai_family != AF_INET) return EAI_FAMILY; if (socktype != 0 && socktype != SOCK_STREAM && socktype != SOCK_DGRAM) return EAI_SOCKTYPE; /* EAI_SOCKTYPE isn't quite right, but there isn't anything better. */ if (hints->ai_protocol != 0) { int protocol = hints->ai_protocol; if (protocol != IPPROTO_TCP && protocol != IPPROTO_UDP) return EAI_SOCKTYPE; } } else { flags = 0; socktype = 0; } /* * See what we're doing. If nodename is null, either AI_PASSIVE is set or * we're getting information for connecting to a service on the loopback * address. Otherwise, we're getting information for connecting to a * remote system. */ if (servname == NULL) port = 0; else { status = gai_service(servname, flags, &socktype, &port); if (status != 0) return status; } if (nodename != NULL) return gai_lookup(nodename, flags, socktype, port, res); else { if (servname == NULL) return EAI_NONAME; if ((flags & AI_PASSIVE) == AI_PASSIVE) addr.s_addr = INADDR_ANY; else addr.s_addr = htonl(0x7f000001UL); ai = gai_addrinfo_new(socktype, NULL, addr, port); if (ai == NULL) return EAI_MEMORY; *res = ai; return 0; } } #endif /* HAVE_GETADDRINFO */ sudo-1.8.9p5/compat/getaddrinfo.h010064400175440000012000000061171226304126400162730ustar00millertstaff/* * Replacement implementation of getaddrinfo. * * This is an implementation of the getaddrinfo family of functions for * systems that lack it, so that code can use getaddrinfo always. It provides * IPv4 support only; for IPv6 support, a native getaddrinfo implemenation is * required. * * The canonical version of this file is maintained in the rra-c-util package, * which can be found at . * * Written by Russ Allbery * * The authors hereby relinquish any claim to any copyright that they may have * in this work, whether granted under contract or by operation of law or * international treaty, and hereby commit to the public, at large, that they * shall not, at any time in the future, seek to enforce any copyright in this * work against any person or entity, or prevent any person or entity from * copying, publishing, distributing or creating derivative works of this * work. */ #ifndef _COMPAT_GETADDRINFO_H #define _COMPAT_GETADDRINFO_H #include /* Skip this entire file if a system getaddrinfo was detected. */ #ifndef HAVE_GETADDRINFO /* OpenBSD likes to have sys/types.h included before sys/socket.h. */ #include #include /* The struct returned by getaddrinfo, from RFC 3493. */ struct addrinfo { int ai_flags; /* AI_PASSIVE, AI_CANONNAME, .. */ int ai_family; /* AF_xxx */ int ai_socktype; /* SOCK_xxx */ int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ socklen_t ai_addrlen; /* Length of ai_addr */ char *ai_canonname; /* Canonical name for nodename */ struct sockaddr *ai_addr; /* Binary address */ struct addrinfo *ai_next; /* Next structure in linked list */ }; /* Constants for ai_flags from RFC 3493, combined with binary or. */ #define AI_PASSIVE 0x0001 #define AI_CANONNAME 0x0002 #define AI_NUMERICHOST 0x0004 #define AI_NUMERICSERV 0x0008 #define AI_V4MAPPED 0x0010 #define AI_ALL 0x0020 #define AI_ADDRCONFIG 0x0040 /* Error return codes from RFC 3493. */ #define EAI_AGAIN 1 /* Temporary name resolution failure */ #define EAI_BADFLAGS 2 /* Invalid value in ai_flags parameter */ #define EAI_FAIL 3 /* Permanent name resolution failure */ #define EAI_FAMILY 4 /* Address family not recognized */ #define EAI_MEMORY 5 /* Memory allocation failure */ #define EAI_NONAME 6 /* nodename or servname unknown */ #define EAI_SERVICE 7 /* Service not recognized for socket type */ #define EAI_SOCKTYPE 8 /* Socket type not recognized */ #define EAI_SYSTEM 9 /* System error occurred, see errno */ #define EAI_OVERFLOW 10 /* An argument buffer overflowed */ /* Function prototypes. */ int getaddrinfo(const char *nodename, const char *servname, const struct addrinfo *hints, struct addrinfo **res); void freeaddrinfo(struct addrinfo *ai); const char *gai_strerror(int ecode); #endif /* !HAVE_GETADDRINFO */ #endif /* _COMPAT_GETADDRINFO_H */ sudo-1.8.9p5/compat/getcwd.c010064400175440000012000000147711226304126400152620ustar00millertstaff/* * Copyright (c) 1989, 1991, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include #ifndef HAVE_GETCWD #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS) # include #endif /* HAVE_MALLOC_H && !STDC_HEADERS */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef HAVE_DIRENT_H # include # define NAMLEN(dirent) strlen((dirent)->d_name) #else # define dirent direct # define NAMLEN(dirent) (dirent)->d_namlen # ifdef HAVE_SYS_NDIR_H # include # endif # ifdef HAVE_SYS_DIR_H # include # endif # ifdef HAVE_NDIR_H # include # endif #endif #include "missing.h" #define ISDOT(dp) \ (dp->d_name[0] == '.' && (dp->d_name[1] == '\0' || \ (dp->d_name[1] == '.' && dp->d_name[2] == '\0'))) char * getcwd(char *pt, size_t size) { struct dirent *dp; DIR *dir = NULL; dev_t dev; ino_t ino; int first; char *bpt, *bup; struct stat s; dev_t root_dev; ino_t root_ino; size_t ptsize, upsize; int save_errno; char *ept, *eup, *up; /* * If no buffer specified by the user, allocate one as necessary. * If a buffer is specified, the size has to be non-zero. The path * is built from the end of the buffer backwards. */ if (pt) { ptsize = 0; if (!size) { errno = EINVAL; return NULL; } ept = pt + size; } else { if ((pt = malloc(ptsize = 1024 - 4)) == NULL) return NULL; ept = pt + ptsize; } bpt = ept - 1; *bpt = '\0'; /* * Allocate bytes (1024 - malloc space) for the string of "../"'s. * Should always be enough (it's 340 levels). If it's not, allocate * as necessary. Special * case the first stat, it's ".", not "..". */ if ((up = malloc(upsize = 1024 - 4)) == NULL) goto err; eup = up + PATH_MAX; bup = up; up[0] = '.'; up[1] = '\0'; /* Save root values, so know when to stop. */ if (stat("/", &s)) goto err; root_dev = s.st_dev; root_ino = s.st_ino; errno = 0; /* XXX readdir has no error return. */ for (first = 1;; first = 0) { /* Stat the current level. */ if (lstat(up, &s)) goto err; /* Save current node values. */ ino = s.st_ino; dev = s.st_dev; /* Check for reaching root. */ if (root_dev == dev && root_ino == ino) { *--bpt = '/'; /* * It's unclear that it's a requirement to copy the * path to the beginning of the buffer, but it's always * been that way and stuff would probably break. */ bcopy(bpt, pt, ept - bpt); free(up); return pt; } /* * Build pointer to the parent directory, allocating memory * as necessary. Max length is 3 for "../", the largest * possible component name, plus a trailing NULL. */ if (bup + 3 + MAXNAMLEN + 1 >= eup) { char *nup; if ((nup = realloc(up, upsize *= 2)) == NULL) goto err; up = nup; bup = up; eup = up + upsize; } *bup++ = '.'; *bup++ = '.'; *bup = '\0'; /* Open and stat parent directory. */ if (!(dir = opendir(up)) || fstat(dirfd(dir), &s)) goto err; /* Add trailing slash for next directory. */ *bup++ = '/'; /* * If it's a mount point, have to stat each element because * the inode number in the directory is for the entry in the * parent directory, not the inode number of the mounted file. */ save_errno = 0; if (s.st_dev == dev) { for (;;) { if (!(dp = readdir(dir))) goto notfound; if (dp->d_fileno == ino) break; } } else for (;;) { if (!(dp = readdir(dir))) goto notfound; if (ISDOT(dp)) continue; bcopy(dp->d_name, bup, NAMLEN(dp) + 1); /* Save the first error for later. */ if (lstat(up, &s)) { if (!save_errno) save_errno = errno; errno = 0; continue; } if (s.st_dev == dev && s.st_ino == ino) break; } /* * Check for length of the current name, preceding slash, * leading slash. */ if (bpt - pt <= NAMLEN(dp) + (first ? 1 : 2)) { size_t len, off; char *npt; if (!ptsize) { errno = ERANGE; goto err; } off = bpt - pt; len = ept - bpt; if ((npt = realloc(pt, ptsize *= 2)) == NULL) goto err; pt = npt; bpt = pt + off; ept = pt + ptsize; bcopy(bpt, ept - len, len); bpt = ept - len; } if (!first) *--bpt = '/'; bpt -= NAMLEN(dp); bcopy(dp->d_name, bpt, NAMLEN(dp)); (void)closedir(dir); /* Truncate any file name. */ *bup = '\0'; } notfound: /* * If readdir set errno, use it, not any saved error; otherwise, * didn't find the current directory in its parent directory, set * errno to ENOENT. */ if (!errno) errno = save_errno ? save_errno : ENOENT; /* FALLTHROUGH */ err: if (ptsize) free(pt); if (up) free(up); if (dir) (void)closedir(dir); return NULL; } #endif /* HAVE_GETCWD */ sudo-1.8.9p5/compat/getgrouplist.c010064400175440000012000000210421226304126400165220ustar00millertstaff/* * Copyright (c) 2010, 2011, 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #ifndef HAVE_GETGROUPLIST #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include #ifdef HAVE_NSS_SEARCH # include # include # ifdef HAVE_NSS_DBDEFS_H # include # else # include "compat/nss_dbdefs.h" # endif #endif #include "missing.h" #if defined(HAVE_GETGRSET) /* * BSD-compatible getgrouplist(3) using getgrset(3) */ int getgrouplist(const char *name, gid_t basegid, gid_t *groups, int *ngroupsp) { char *cp, *grset = NULL; int i, ngroups = 1; int grpsize = *ngroupsp; int rval = -1; gid_t gid; /* We support BSD semantics where the first element is the base gid */ if (grpsize <= 0) return -1; groups[0] = basegid; #ifdef HAVE_SETAUTHDB aix_setauthdb((char *) name); #endif if ((grset = getgrset(name)) != NULL) { const char *errstr; for (cp = strtok(grset, ","); cp != NULL; cp = strtok(NULL, ",")) { gid = atoid(cp, NULL, NULL, &errstr); if (errstr == NULL && gid != basegid) { if (ngroups == grpsize) goto done; groups[ngroups++] = gid; } } } rval = 0; done: free(grset); #ifdef HAVE_SETAUTHDB aix_restoreauthdb(); #endif *ngroupsp = ngroups; return rval; } #elif defined(HAVE_NSS_SEARCH) #ifndef ALIGNBYTES # define ALIGNBYTES (sizeof(long) - 1L) #endif #ifndef ALIGN # define ALIGN(p) (((unsigned long)(p) + ALIGNBYTES) & ~ALIGNBYTES) #endif extern void _nss_initf_group(nss_db_params_t *); static id_t strtoid(const char *p, int *errval) { char *ep; id_t rval = 0; errno = 0; if (*p == '-') { long lval = strtol(p, &ep, 10); if (ep == p || *ep != '\0') { *errval = EINVAL; goto done; } if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || (lval > INT_MAX || lval < INT_MIN)) { *errval = ERANGE; goto done; } rval = (id_t)lval; *errval = 0; } else { unsigned long ulval = strtoul(p, &ep, 10); if (ep == p || *ep != '\0') { *errval = EINVAL; goto done; } if ((errno == ERANGE && ulval == ULONG_MAX) || ulval > UINT_MAX) { *errval = ERANGE; goto done; } rval = (id_t)ulval; *errval = 0; } done: return rval; } /* * Convert a groups file string (instr) to a struct group (ent) using * buf for storage. */ static int str2grp(const char *instr, int inlen, void *ent, char *buf, int buflen) { struct group *grp = ent; char *cp, *fieldsep = buf; char **gr_mem, **gr_end; int errval, yp = 0; id_t id; /* Must at least have space to copy instr -> buf. */ if (inlen >= buflen) return NSS_STR_PARSE_ERANGE; /* Paranoia: buf and instr should be distinct. */ if (buf != instr) { memmove(buf, instr, inlen); buf[inlen] = '\0'; } if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL) return NSS_STR_PARSE_PARSE; *fieldsep++ = '\0'; grp->gr_name = cp; /* Check for YP inclusion/exclusion entries. */ if (*cp == '+' || *cp == '-') { /* Only the name is required for YP inclusion/exclusion entries. */ grp->gr_passwd = ""; grp->gr_gid = 0; grp->gr_mem = NULL; yp = 1; } if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL) return yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE; *fieldsep++ = '\0'; grp->gr_passwd = cp; if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL) return yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE; *fieldsep++ = '\0'; id = strtoid(cp, &errval); if (errval != 0) { /* * A range error is always a fatal error, but ignore garbage * at the end of YP entries since it has no meaning. */ if (errval == ERANGE) return NSS_STR_PARSE_ERANGE; return yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE; } #ifdef GID_NOBODY /* Negative gids get mapped to nobody on Solaris. */ if (*cp == '-' && id != 0) grp->gr_gid = GID_NOBODY; else #endif grp->gr_gid = (gid_t)id; /* Store group members, taking care to use proper alignment. */ grp->gr_mem = NULL; if (*fieldsep != '\0') { grp->gr_mem = gr_mem = (char **)ALIGN(buf + inlen + 1); gr_end = (char **)((unsigned long)(buf + buflen) & ~ALIGNBYTES); for (;;) { if (gr_mem == gr_end) return NSS_STR_PARSE_ERANGE; /* out of space! */ *gr_mem++ = cp; if (fieldsep == NULL) break; if ((fieldsep = strchr(cp = fieldsep, ',')) != NULL) *fieldsep++ = '\0'; } *gr_mem = NULL; } return NSS_STR_PARSE_SUCCESS; } static nss_status_t process_cstr(const char *instr, int inlen, struct nss_groupsbymem *gbm) { const char *user = gbm->username; nss_status_t rval = NSS_NOTFOUND; nss_XbyY_buf_t *buf; struct group *grp; char **gr_mem; int error, i; buf = _nss_XbyY_buf_alloc(sizeof(struct group), NSS_BUFLEN_GROUP); if (buf == NULL) return NSS_UNAVAIL; /* Parse groups file string -> struct group. */ grp = buf->result; error = (*gbm->str2ent)(instr, inlen, grp, buf->buffer, buf->buflen); if (error || grp->gr_mem == NULL) goto done; for (gr_mem = grp->gr_mem; *gr_mem != NULL; gr_mem++) { if (strcmp(*gr_mem, user) == 0) { /* Append to gid_array unless gr_gid is a dupe. */ for (i = 0; i < gbm->numgids; i++) { if (gbm->gid_array[i] == grp->gr_gid) goto done; /* already present */ } /* Store gid if there is space. */ if (i < gbm->maxgids) gbm->gid_array[i] = grp->gr_gid; /* Always increment numgids so we can detect when out of space. */ gbm->numgids++; goto done; } } done: _nss_XbyY_buf_free(buf); return rval; } /* * BSD-compatible getgrouplist(3) using nss_search(3) */ int getgrouplist(const char *name, gid_t basegid, gid_t *groups, int *ngroupsp) { struct nss_groupsbymem gbm; static DEFINE_NSS_DB_ROOT(db_root); /* We support BSD semantics where the first element is the base gid */ if (*ngroupsp <= 0) return -1; groups[0] = basegid; memset(&gbm, 0, sizeof(gbm)); gbm.username = name; gbm.gid_array = groups; gbm.maxgids = *ngroupsp; gbm.numgids = 1; /* for basegid */ gbm.force_slow_way = 1; gbm.str2ent = str2grp; gbm.process_cstr = process_cstr; /* * Can't use nss_search return value since it may return NSS_UNAVAIL * when no nsswitch.conf entry (e.g. compat mode). */ (void)nss_search(&db_root, _nss_initf_group, NSS_DBOP_GROUP_BYMEMBER, &gbm); if (gbm.numgids <= gbm.maxgids) { *ngroupsp = gbm.numgids; return 0; } *ngroupsp = gbm.maxgids; return -1; } #else /* !HAVE_GETGRSET && !HAVE__GETGROUPSBYMEMBER */ /* * BSD-compatible getgrouplist(3) using getgrent(3) */ int getgrouplist(const char *name, gid_t basegid, gid_t *groups, int *ngroupsp) { int i, ngroups = 1; int grpsize = *ngroupsp; int rval = -1; struct group *grp; /* We support BSD semantics where the first element is the base gid */ if (grpsize <= 0) return -1; groups[0] = basegid; setgrent(); while ((grp = getgrent()) != NULL) { if (grp->gr_gid == basegid) continue; for (i = 0; grp->gr_mem[i] != NULL; i++) { if (strcmp(name, grp->gr_mem[i]) == 0) break; } if (grp->gr_mem[i] == NULL) continue; /* user not found */ /* Only add if it is not the same as an existing gid */ for (i = 0; i < ngroups; i++) { if (grp->gr_gid == groups[i]) break; } if (i == ngroups) { if (ngroups == grpsize) goto done; groups[ngroups++] = grp->gr_gid; } } rval = 0; done: endgrent(); *ngroupsp = ngroups; return rval; } #endif /* !HAVE_GETGRSET && !HAVE__GETGROUPSBYMEMBER */ #endif /* HAVE_GETGROUPLIST */ sudo-1.8.9p5/compat/getline.c010064400175440000012000000047021226304126400154250ustar00millertstaff/* * Copyright (c) 2009-2010, 2012-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #ifndef HAVE_GETLINE #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include #include "missing.h" #ifndef LINE_MAX # define LINE_MAX 2048 #endif #ifdef HAVE_FGETLN ssize_t getline(char **bufp, size_t *bufsizep, FILE *fp) { char *buf, *cp; size_t bufsize; size_t len; buf = fgetln(fp, &len); if (buf) { bufsize = *bufp ? *bufsizep : 0; if (bufsize == 0 || bufsize - 1 < len) { bufsize = len + 1; cp = *bufp ? realloc(*bufp, bufsize) : malloc(bufsize); if (cp == NULL) return -1; *bufp = cp; *bufsizep = bufsize; } memcpy(*bufp, buf, len); (*bufp)[len] = '\0'; } return buf ? len : -1; } #else ssize_t getline(char **bufp, size_t *bufsizep, FILE *fp) { char *buf, *cp; size_t bufsize; ssize_t len = 0; buf = *bufp; bufsize = *bufsizep; if (buf == NULL || bufsize == 0) { bufsize = LINE_MAX; cp = buf ? realloc(buf, bufsize) : malloc(bufsize); if (cp == NULL) return -1; buf = cp; } for (;;) { if (fgets(buf + len, bufsize - len, fp) == NULL) { len = -1; break; } len = strlen(buf); if (!len || buf[len - 1] == '\n' || feof(fp)) break; bufsize *= 2; cp = realloc(buf, bufsize); if (cp == NULL) return -1; buf = cp; } *bufp = buf; *bufsizep = bufsize; return len; } #endif /* HAVE_FGETLN */ #endif /* HAVE_GETLINE */ sudo-1.8.9p5/compat/getopt.h010064400175440000012000000051431226304126400153050ustar00millertstaff/* $OpenBSD: getopt.h,v 1.2 2008/06/26 05:42:04 ray Exp $ */ /* $NetBSD: getopt.h,v 1.4 2000/07/07 10:43:54 ad Exp $ */ /* $FreeBSD: head/include/getopt.h 203963 2010-02-16 19:28:10Z imp $ */ /*- * Copyright (c) 2000 The NetBSD Foundation, Inc. * All rights reserved. * * This code is derived from software contributed to The NetBSD Foundation * by Dieter Baron and Thomas Klausner. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ifndef _SUDO_GETOPT_H_ #define _SUDO_GETOPT_H_ /* * GNU-like getopt_long()/getopt_long_only() with 4.4BSD optreset extension. */ #define no_argument 0 #define required_argument 1 #define optional_argument 2 struct option { /* name of long option */ const char *name; /* * one of no_argument, required_argument, and optional_argument: * whether option takes an argument */ int has_arg; /* if not NULL, set *flag to val when option found */ int *flag; /* if flag not NULL, value to set *flag to; else return value */ int val; }; int getopt_long(int, char * const *, const char *, const struct option *, int *); int getopt_long_only(int, char * const *, const char *, const struct option *, int *); #if 0 int getopt(int, char * const [], const char *); #endif extern char *optarg; /* getopt(3) external variables */ extern int opterr; extern int optind; extern int optopt; extern int optreset; #endif /* !_SUDO_GETOPT_H_ */ sudo-1.8.9p5/compat/getopt_long.c010064400175440000012000000414671226304126400163300ustar00millertstaff/* $OpenBSD: getopt_long.c,v 1.26 2013/06/08 22:47:56 millert Exp $ */ /* $NetBSD: getopt_long.c,v 1.15 2002/01/31 22:43:40 tv Exp $ */ /* $FreeBSD: head/lib/libc/stdlib/getopt_long.c 236936 2012-06-11 22:25:20Z delphij $ */ /* * Copyright (c) 2002 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ /*- * Copyright (c) 2000 The NetBSD Foundation, Inc. * All rights reserved. * * This code is derived from software contributed to The NetBSD Foundation * by Dieter Baron and Thomas Klausner. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #define SUDO_ERROR_WRAP 0 #include "missing.h" #include "fatal.h" #include "compat/getopt.h" #define GNU_COMPATIBLE /* Be more compatible with GNU getopt. */ #ifdef REPLACE_GETOPT int opterr = 1; /* if error message should be printed */ int optind = 1; /* index into parent argv vector */ int optopt = '?'; /* character checked for validity */ char *optarg; /* argument associated with option */ #else extern int opterr; /* if error message should be printed */ extern int optind; /* index into parent argv vector */ extern int optopt; /* character checked for validity */ extern char *optarg; /* argument associated with option */ #endif #if !defined(REPLACE_GETOPT) && !defined(HAVE_OPTRESET) int optreset; /* reset getopt */ #endif #define PRINT_ERROR ((opterr) && (*options != ':')) #define FLAG_PERMUTE 0x01 /* permute non-options to the end of argv */ #define FLAG_ALLARGS 0x02 /* treat non-options as args to option "-1" */ #define FLAG_LONGONLY 0x04 /* operate as getopt_long_only */ /* return values */ #define BADCH (int)'?' #define BADARG ((*options == ':') ? (int)':' : (int)'?') #define INORDER (int)1 #define EMSG "" #ifdef GNU_COMPATIBLE #define NO_PREFIX (-1) #define D_PREFIX 0 #define DD_PREFIX 1 #define W_PREFIX 2 #endif static int getopt_internal(int, char * const *, const char *, const struct option *, int *, int); static int parse_long_options(char * const *, const char *, const struct option *, int *, int, int); static int gcd(int, int); static void permute_args(int, int, int, char * const *); static char *place = EMSG; /* option letter processing */ /* XXX: set optreset to 1 rather than these two */ static int nonopt_start = -1; /* first non option argument (for permute) */ static int nonopt_end = -1; /* first option after non options (for permute) */ /* Error messages */ static const char recargchar[] = "option requires an argument -- %c"; static const char illoptchar[] = "illegal option -- %c"; /* From P1003.2 */ #ifdef GNU_COMPATIBLE static int dash_prefix = NO_PREFIX; static const char gnuoptchar[] = "invalid option -- %c"; static const char recargstring[] = "option `%s%s' requires an argument"; static const char ambig[] = "option `%s%.*s' is ambiguous"; static const char noarg[] = "option `%s%.*s' doesn't allow an argument"; static const char illoptstring[] = "unrecognized option `%s%s'"; #else static const char recargstring[] = "option requires an argument -- %s"; static const char ambig[] = "ambiguous option -- %.*s"; static const char noarg[] = "option doesn't take an argument -- %.*s"; static const char illoptstring[] = "unknown option -- %s"; #endif /* * Compute the greatest common divisor of a and b. */ static int gcd(int a, int b) { int c; c = a % b; while (c != 0) { a = b; b = c; c = a % b; } return (b); } /* * Exchange the block from nonopt_start to nonopt_end with the block * from nonopt_end to opt_end (keeping the same order of arguments * in each block). */ static void permute_args(int panonopt_start, int panonopt_end, int opt_end, char * const *nargv) { int cstart, cyclelen, i, j, ncycle, nnonopts, nopts, pos; char *swap; /* * compute lengths of blocks and number and size of cycles */ nnonopts = panonopt_end - panonopt_start; nopts = opt_end - panonopt_end; ncycle = gcd(nnonopts, nopts); cyclelen = (opt_end - panonopt_start) / ncycle; for (i = 0; i < ncycle; i++) { cstart = panonopt_end+i; pos = cstart; for (j = 0; j < cyclelen; j++) { if (pos >= panonopt_end) pos -= nnonopts; else pos += nopts; swap = nargv[pos]; /* LINTED const cast */ ((char **) nargv)[pos] = nargv[cstart]; /* LINTED const cast */ ((char **)nargv)[cstart] = swap; } } } /* * parse_long_options -- * Parse long options in argc/argv argument vector. * Returns -1 if short_too is set and the option does not match long_options. */ static int parse_long_options(char * const *nargv, const char *options, const struct option *long_options, int *idx, int short_too, int flags) { char *current_argv, *has_equal; #ifdef GNU_COMPATIBLE char *current_dash; #endif size_t current_argv_len; int i, match, exact_match, second_partial_match; current_argv = place; #ifdef GNU_COMPATIBLE switch (dash_prefix) { case D_PREFIX: current_dash = "-"; break; case DD_PREFIX: current_dash = "--"; break; case W_PREFIX: current_dash = "-W "; break; default: current_dash = ""; break; } #endif match = -1; exact_match = 0; second_partial_match = 0; optind++; if ((has_equal = strchr(current_argv, '=')) != NULL) { /* argument found (--option=arg) */ current_argv_len = has_equal - current_argv; has_equal++; } else current_argv_len = strlen(current_argv); for (i = 0; long_options[i].name; i++) { /* find matching long option */ if (strncmp(current_argv, long_options[i].name, current_argv_len)) continue; if (strlen(long_options[i].name) == current_argv_len) { /* exact match */ match = i; exact_match = 1; break; } /* * If this is a known short option, don't allow * a partial match of a single character. */ if (short_too && current_argv_len == 1) continue; if (match == -1) /* first partial match */ match = i; else if ((flags & FLAG_LONGONLY) || long_options[i].has_arg != long_options[match].has_arg || long_options[i].flag != long_options[match].flag || long_options[i].val != long_options[match].val) second_partial_match = 1; } if (!exact_match && second_partial_match) { /* ambiguous abbreviation */ if (PRINT_ERROR) warningx(ambig, #ifdef GNU_COMPATIBLE current_dash, #endif (int)current_argv_len, current_argv); optopt = 0; return (BADCH); } if (match != -1) { /* option found */ if (long_options[match].has_arg == no_argument && has_equal) { if (PRINT_ERROR) warningx(noarg, #ifdef GNU_COMPATIBLE current_dash, #endif (int)current_argv_len, current_argv); /* * XXX: GNU sets optopt to val regardless of flag */ if (long_options[match].flag == NULL) optopt = long_options[match].val; else optopt = 0; #ifdef GNU_COMPATIBLE return (BADCH); #else return (BADARG); #endif } if (long_options[match].has_arg == required_argument || long_options[match].has_arg == optional_argument) { if (has_equal) optarg = has_equal; else if (long_options[match].has_arg == required_argument) { /* * optional argument doesn't use next nargv */ optarg = nargv[optind++]; } } if ((long_options[match].has_arg == required_argument) && (optarg == NULL)) { /* * Missing argument; leading ':' indicates no error * should be generated. */ if (PRINT_ERROR) warningx(recargstring, #ifdef GNU_COMPATIBLE current_dash, #endif current_argv); /* * XXX: GNU sets optopt to val regardless of flag */ if (long_options[match].flag == NULL) optopt = long_options[match].val; else optopt = 0; --optind; return (BADARG); } } else { /* unknown option */ if (short_too) { --optind; return (-1); } if (PRINT_ERROR) warningx(illoptstring, #ifdef GNU_COMPATIBLE current_dash, #endif current_argv); optopt = 0; return (BADCH); } if (idx) *idx = match; if (long_options[match].flag) { *long_options[match].flag = long_options[match].val; return (0); } else return (long_options[match].val); } /* * getopt_internal -- * Parse argc/argv argument vector. Called by user level routines. */ static int getopt_internal(int nargc, char * const *nargv, const char *options, const struct option *long_options, int *idx, int flags) { char *oli; /* option letter list index */ int optchar, short_too; int posixly_correct; /* no static, can be changed on the fly */ if (options == NULL) return (-1); /* * Disable GNU extensions if POSIXLY_CORRECT is set or options * string begins with a '+'. */ posixly_correct = (getenv("POSIXLY_CORRECT") != NULL); #ifdef GNU_COMPATIBLE if (*options == '-') flags |= FLAG_ALLARGS; else if (posixly_correct || *options == '+') flags &= ~FLAG_PERMUTE; #else if (posixly_correct || *options == '+') flags &= ~FLAG_PERMUTE; else if (*options == '-') flags |= FLAG_ALLARGS; #endif if (*options == '+' || *options == '-') options++; /* * XXX Some GNU programs (like cvs) set optind to 0 instead of * XXX using optreset. Work around this braindamage. */ if (optind == 0) optind = optreset = 1; optarg = NULL; if (optreset) nonopt_start = nonopt_end = -1; start: if (optreset || !*place) { /* update scanning pointer */ optreset = 0; if (optind >= nargc) { /* end of argument vector */ place = EMSG; if (nonopt_end != -1) { /* do permutation, if we have to */ permute_args(nonopt_start, nonopt_end, optind, nargv); optind -= nonopt_end - nonopt_start; } else if (nonopt_start != -1) { /* * If we skipped non-options, set optind * to the first of them. */ optind = nonopt_start; } nonopt_start = nonopt_end = -1; return (-1); } if (*(place = nargv[optind]) != '-' || #ifdef GNU_COMPATIBLE place[1] == '\0') { #else (place[1] == '\0' && strchr(options, '-') == NULL)) { #endif place = EMSG; /* found non-option */ if (flags & FLAG_ALLARGS) { /* * GNU extension: * return non-option as argument to option 1 */ optarg = nargv[optind++]; return (INORDER); } if (!(flags & FLAG_PERMUTE)) { /* * If no permutation wanted, stop parsing * at first non-option. */ return (-1); } /* do permutation */ if (nonopt_start == -1) nonopt_start = optind; else if (nonopt_end != -1) { permute_args(nonopt_start, nonopt_end, optind, nargv); nonopt_start = optind - (nonopt_end - nonopt_start); nonopt_end = -1; } optind++; /* process next argument */ goto start; } if (nonopt_start != -1 && nonopt_end == -1) nonopt_end = optind; /* * If we have "-" do nothing, if "--" we are done. */ if (place[1] != '\0' && *++place == '-' && place[1] == '\0') { optind++; place = EMSG; /* * We found an option (--), so if we skipped * non-options, we have to permute. */ if (nonopt_end != -1) { permute_args(nonopt_start, nonopt_end, optind, nargv); optind -= nonopt_end - nonopt_start; } nonopt_start = nonopt_end = -1; return (-1); } } /* * Check long options if: * 1) we were passed some * 2) the arg is not just "-" * 3) either the arg starts with -- we are getopt_long_only() */ if (long_options != NULL && place != nargv[optind] && (*place == '-' || (flags & FLAG_LONGONLY))) { short_too = 0; #ifdef GNU_COMPATIBLE dash_prefix = D_PREFIX; #endif if (*place == '-') { place++; /* --foo long option */ #ifdef GNU_COMPATIBLE dash_prefix = DD_PREFIX; #endif } else if (*place != ':' && strchr(options, *place) != NULL) short_too = 1; /* could be short option too */ optchar = parse_long_options(nargv, options, long_options, idx, short_too, flags); if (optchar != -1) { place = EMSG; return (optchar); } } if ((optchar = (int)*place++) == (int)':' || (optchar == (int)'-' && *place != '\0') || (oli = strchr(options, optchar)) == NULL) { /* * If the user specified "-" and '-' isn't listed in * options, return -1 (non-option) as per POSIX. * Otherwise, it is an unknown option character (or ':'). */ if (optchar == (int)'-' && *place == '\0') return (-1); if (!*place) ++optind; #ifdef GNU_COMPATIBLE if (PRINT_ERROR) warningx(posixly_correct ? illoptchar : gnuoptchar, optchar); #else if (PRINT_ERROR) warningx(illoptchar, optchar); #endif optopt = optchar; return (BADCH); } if (long_options != NULL && optchar == 'W' && oli[1] == ';') { /* -W long-option */ if (*place) /* no space */ /* NOTHING */; else if (++optind >= nargc) { /* no arg */ place = EMSG; if (PRINT_ERROR) warningx(recargchar, optchar); optopt = optchar; return (BADARG); } else /* white space */ place = nargv[optind]; #ifdef GNU_COMPATIBLE dash_prefix = W_PREFIX; #endif optchar = parse_long_options(nargv, options, long_options, idx, 0, flags); place = EMSG; return (optchar); } if (*++oli != ':') { /* doesn't take argument */ if (!*place) ++optind; } else { /* takes (optional) argument */ optarg = NULL; if (*place) /* no white space */ optarg = place; else if (oli[1] != ':') { /* arg not optional */ if (++optind >= nargc) { /* no arg */ place = EMSG; if (PRINT_ERROR) warningx(recargchar, optchar); optopt = optchar; return (BADARG); } else optarg = nargv[optind]; } place = EMSG; ++optind; } /* dump back option letter */ return (optchar); } #ifdef REPLACE_GETOPT /* * getopt -- * Parse argc/argv argument vector. */ int getopt(int nargc, char * const *nargv, const char *options) { /* * We don't pass FLAG_PERMUTE to getopt_internal() since * the BSD getopt(3) (unlike GNU) has never done this. * * Furthermore, since many privileged programs call getopt() * before dropping privileges it makes sense to keep things * as simple (and bug-free) as possible. */ return (getopt_internal(nargc, nargv, options, NULL, NULL, 0)); } #endif /* REPLACE_GETOPT */ /* * getopt_long -- * Parse argc/argv argument vector. */ int getopt_long(int nargc, char * const *nargv, const char *options, const struct option *long_options, int *idx) { return (getopt_internal(nargc, nargv, options, long_options, idx, FLAG_PERMUTE)); } /* * getopt_long_only -- * Parse argc/argv argument vector. */ int getopt_long_only(int nargc, char * const *nargv, const char *options, const struct option *long_options, int *idx) { return (getopt_internal(nargc, nargv, options, long_options, idx, FLAG_PERMUTE|FLAG_LONGONLY)); } sudo-1.8.9p5/compat/glob.c010064400175440000012000000503631226304126400147250ustar00millertstaff/* * Copyright (c) 2008-2010 Todd C. Miller * Copyright (c) 1989, 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Guido van Rossum. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)glob.c 8.3 (Berkeley) 10/13/93 */ /* * glob(3) -- a superset of the one defined in POSIX 1003.2. * * The [!...] convention to negate a range is supported (SysV, Posix, ksh). * * Optional extra services, controlled by flags not defined by POSIX: * * GLOB_MAGCHAR: * Set in gl_flags if pattern contained a globbing character. * GLOB_TILDE: * expand ~user/foo to the /home/dir/of/user/foo * GLOB_BRACE: * expand {1,2}{a,b} to 1a 1b 2a 2b * gl_matchc: * Number of matches in the current invocation of glob. */ #include #ifndef HAVE_GLOB #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS) # include #endif /* HAVE_MALLOC_H && !STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #ifdef HAVE_DIRENT_H # include #else # define dirent direct # ifdef HAVE_SYS_NDIR_H # include # endif # ifdef HAVE_SYS_DIR_H # include # endif # ifdef HAVE_NDIR_H # include # endif #endif #include #include #include #include "missing.h" #include "compat/glob.h" #include "compat/charclass.h" #define DOLLAR '$' #define DOT '.' #define EOS '\0' #define LBRACKET '[' #define NOT '!' #define QUESTION '?' #define QUOTE '\\' #define RANGE '-' #define RBRACKET ']' #define SEP '/' #define STAR '*' #define TILDE '~' #define UNDERSCORE '_' #define LBRACE '{' #define RBRACE '}' #define SLASH '/' #define COMMA ',' #ifndef DEBUG #define M_QUOTE 0x8000 #define M_PROTECT 0x4000 #define M_MASK 0xffff #define M_ASCII 0x00ff typedef unsigned short Char; #else #define M_QUOTE 0x80 #define M_PROTECT 0x40 #define M_MASK 0xff #define M_ASCII 0x7f typedef char Char; #endif #define CHAR(c) ((Char)((c)&M_ASCII)) #define META(c) ((Char)((c)|M_QUOTE)) #define M_ALL META('*') #define M_END META(']') #define M_NOT META('!') #define M_ONE META('?') #define M_RNG META('-') #define M_SET META('[') #define M_CLASS META(':') #define ismeta(c) (((c)&M_QUOTE) != 0) static int compare(const void *, const void *); static int g_Ctoc(const Char *, char *, unsigned int); static int g_lstat(Char *, struct stat *, glob_t *); static DIR *g_opendir(Char *, glob_t *); static Char *g_strchr(const Char *, int); static int g_strncmp(const Char *, const char *, size_t); static int g_stat(Char *, struct stat *, glob_t *); static int glob0(const Char *, glob_t *); static int glob1(Char *, Char *, glob_t *); static int glob2(Char *, Char *, Char *, Char *, Char *, Char *, glob_t *); static int glob3(Char *, Char *, Char *, Char *, Char *, Char *, Char *, Char *, glob_t *); static int globextend(const Char *, glob_t *); static const Char * globtilde(const Char *, Char *, size_t, glob_t *); static int globexp1(const Char *, glob_t *); static int globexp2(const Char *, const Char *, glob_t *, int *); static int match(Char *, Char *, Char *); #ifdef DEBUG static void qprintf(const char *, Char *); #endif int rpl_glob(const char *pattern, int flags, int (*errfunc)(const char *, int), glob_t *pglob) { const unsigned char *patnext; int c; Char *bufnext, *bufend, patbuf[PATH_MAX]; patnext = (unsigned char *) pattern; if (!(flags & GLOB_APPEND)) { pglob->gl_pathc = 0; pglob->gl_pathv = NULL; if (!(flags & GLOB_DOOFFS)) pglob->gl_offs = 0; } pglob->gl_flags = flags & ~GLOB_MAGCHAR; pglob->gl_errfunc = errfunc; pglob->gl_matchc = 0; bufnext = patbuf; bufend = bufnext + PATH_MAX - 1; if (flags & GLOB_NOESCAPE) while (bufnext < bufend && (c = *patnext++) != EOS) *bufnext++ = c; else { /* Protect the quoted characters. */ while (bufnext < bufend && (c = *patnext++) != EOS) if (c == QUOTE) { if ((c = *patnext++) == EOS) { c = QUOTE; --patnext; } *bufnext++ = c | M_PROTECT; } else *bufnext++ = c; } *bufnext = EOS; if (flags & GLOB_BRACE) return globexp1(patbuf, pglob); else return glob0(patbuf, pglob); } /* * Expand recursively a glob {} pattern. When there is no more expansion * invoke the standard globbing routine to glob the rest of the magic * characters */ static int globexp1(const Char *pattern, glob_t *pglob) { const Char* ptr = pattern; int rv; /* Protect a single {}, for find(1), like csh */ if (pattern[0] == LBRACE && pattern[1] == RBRACE && pattern[2] == EOS) return glob0(pattern, pglob); while ((ptr = (const Char *) g_strchr(ptr, LBRACE)) != NULL) if (!globexp2(ptr, pattern, pglob, &rv)) return rv; return glob0(pattern, pglob); } /* * Recursive brace globbing helper. Tries to expand a single brace. * If it succeeds then it invokes globexp1 with the new pattern. * If it fails then it tries to glob the rest of the pattern and returns. */ static int globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv) { int i; Char *lm, *ls; const Char *pe, *pm, *pl; Char patbuf[PATH_MAX]; /* copy part up to the brace */ for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++) continue; *lm = EOS; ls = lm; /* Find the balanced brace */ for (i = 0, pe = ++ptr; *pe; pe++) if (*pe == LBRACKET) { /* Ignore everything between [] */ for (pm = pe++; *pe != RBRACKET && *pe != EOS; pe++) continue; if (*pe == EOS) { /* * We could not find a matching RBRACKET. * Ignore and just look for RBRACE */ pe = pm; } } else if (*pe == LBRACE) i++; else if (*pe == RBRACE) { if (i == 0) break; i--; } /* Non matching braces; just glob the pattern */ if (i != 0 || *pe == EOS) { *rv = glob0(patbuf, pglob); return 0; } for (i = 0, pl = pm = ptr; pm <= pe; pm++) { switch (*pm) { case LBRACKET: /* Ignore everything between [] */ for (pl = pm++; *pm != RBRACKET && *pm != EOS; pm++) continue; if (*pm == EOS) { /* * We could not find a matching RBRACKET. * Ignore and just look for RBRACE */ pm = pl; } break; case LBRACE: i++; break; case RBRACE: if (i) { i--; break; } /* FALLTHROUGH */ case COMMA: if (i && *pm == COMMA) break; else { /* Append the current string */ for (lm = ls; (pl < pm); *lm++ = *pl++) continue; /* * Append the rest of the pattern after the * closing brace */ for (pl = pe + 1; (*lm++ = *pl++) != EOS; ) continue; /* Expand the current pattern */ #ifdef DEBUG qprintf("globexp2:", patbuf); #endif *rv = globexp1(patbuf, pglob); /* move after the comma, to the next string */ pl = pm + 1; } break; default: break; } } *rv = 0; return 0; } /* * expand tilde from the passwd file. */ static const Char * globtilde(const Char *pattern, Char *patbuf, size_t patbuf_len, glob_t *pglob) { struct passwd *pwd; char *h; const Char *p; Char *b, *eb; if (*pattern != TILDE || !(pglob->gl_flags & GLOB_TILDE)) return pattern; /* Copy up to the end of the string or / */ eb = &patbuf[patbuf_len - 1]; for (p = pattern + 1, h = (char *) patbuf; h < (char *)eb && *p && *p != SLASH; *h++ = *p++) continue; *h = EOS; if (((char *) patbuf)[0] == EOS) { /* * handle a plain ~ or ~/ by expanding $HOME * first and then trying the password file */ if ((h = getenv("HOME")) == NULL) { if ((pwd = getpwuid(getuid())) == NULL) return pattern; else h = pwd->pw_dir; } } else { /* * Expand a ~user */ if ((pwd = getpwnam((char*) patbuf)) == NULL) return pattern; else h = pwd->pw_dir; } /* Copy the home directory */ for (b = patbuf; b < eb && *h; *b++ = *h++) continue; /* Append the rest of the pattern */ while (b < eb && (*b++ = *p++) != EOS) continue; *b = EOS; return patbuf; } static int g_strncmp(const Char *s1, const char *s2, size_t n) { int rv = 0; while (n--) { rv = *(Char *)s1 - *(const unsigned char *)s2++; if (rv) break; if (*s1++ == '\0') break; } return rv; } static int g_charclass(const Char **patternp, Char **bufnextp) { const Char *pattern = *patternp + 1; Char *bufnext = *bufnextp; const Char *colon; struct cclass *cc; size_t len; if ((colon = g_strchr(pattern, ':')) == NULL || colon[1] != ']') return 1; /* not a character class */ len = (size_t)(colon - pattern); for (cc = cclasses; cc->name != NULL; cc++) { if (!g_strncmp(pattern, cc->name, len) && cc->name[len] == '\0') break; } if (cc->name == NULL) return -1; /* invalid character class */ *bufnext++ = M_CLASS; *bufnext++ = (Char)(cc - &cclasses[0]); *bufnextp = bufnext; *patternp += len + 3; return 0; } /* * The main glob() routine: compiles the pattern (optionally processing * quotes), calls glob1() to do the real pattern matching, and finally * sorts the list (unless unsorted operation is requested). Returns 0 * if things went well, nonzero if errors occurred. It is not an error * to find no matches. */ static int glob0(const Char *pattern, glob_t *pglob) { const Char *qpatnext; int c, err, oldpathc; Char *bufnext, patbuf[PATH_MAX]; qpatnext = globtilde(pattern, patbuf, PATH_MAX, pglob); oldpathc = pglob->gl_pathc; bufnext = patbuf; /* We don't need to check for buffer overflow any more. */ while ((c = *qpatnext++) != EOS) { switch (c) { case LBRACKET: c = *qpatnext; if (c == NOT) ++qpatnext; if (*qpatnext == EOS || g_strchr(qpatnext+1, RBRACKET) == NULL) { *bufnext++ = LBRACKET; if (c == NOT) --qpatnext; break; } *bufnext++ = M_SET; if (c == NOT) *bufnext++ = M_NOT; c = *qpatnext++; do { if (c == LBRACKET && *qpatnext == ':') { do { err = g_charclass(&qpatnext, &bufnext); if (err) break; c = *qpatnext++; } while (c == LBRACKET && *qpatnext == ':'); if (err == -1 && !(pglob->gl_flags & GLOB_NOCHECK)) return GLOB_NOMATCH; if (c == RBRACKET) break; } *bufnext++ = CHAR(c); if (*qpatnext == RANGE && (c = qpatnext[1]) != RBRACKET) { *bufnext++ = M_RNG; *bufnext++ = CHAR(c); qpatnext += 2; } } while ((c = *qpatnext++) != RBRACKET); pglob->gl_flags |= GLOB_MAGCHAR; *bufnext++ = M_END; break; case QUESTION: pglob->gl_flags |= GLOB_MAGCHAR; *bufnext++ = M_ONE; break; case STAR: pglob->gl_flags |= GLOB_MAGCHAR; /* collapse adjacent stars to one, * to avoid exponential behavior */ if (bufnext == patbuf || bufnext[-1] != M_ALL) *bufnext++ = M_ALL; break; default: *bufnext++ = CHAR(c); break; } } *bufnext = EOS; #ifdef DEBUG qprintf("glob0:", patbuf); #endif if ((err = glob1(patbuf, patbuf + PATH_MAX - 1, pglob)) != 0) return err; /* * If there was no match we are going to append the pattern * if GLOB_NOCHECK was specified. */ if (pglob->gl_pathc == oldpathc) { if (pglob->gl_flags & GLOB_NOCHECK) return globextend(pattern, pglob); else return GLOB_NOMATCH; } if (!(pglob->gl_flags & GLOB_NOSORT)) qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc, pglob->gl_pathc - oldpathc, sizeof(char *), compare); return 0; } static int compare(const void *p, const void *q) { return strcmp(*(char **)p, *(char **)q); } static int glob1(Char *pattern, Char *pattern_last, glob_t *pglob) { Char pathbuf[PATH_MAX]; /* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */ if (*pattern == EOS) return 0; return glob2(pathbuf, pathbuf + PATH_MAX - 1, pathbuf, pathbuf + PATH_MAX - 1, pattern, pattern_last, pglob); } /* * The functions glob2 and glob3 are mutually recursive; there is one level * of recursion for each segment in the pattern that contains one or more * meta characters. */ static int glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, Char *pattern, Char *pattern_last, glob_t *pglob) { struct stat sb; Char *p, *q; int anymeta; /* * Loop over pattern segments until end of pattern or until * segment with meta character found. */ for (anymeta = 0;;) { if (*pattern == EOS) { /* End of pattern? */ *pathend = EOS; if (g_lstat(pathbuf, &sb, pglob)) return 0; if (((pglob->gl_flags & GLOB_MARK) && pathend[-1] != SEP) && (S_ISDIR(sb.st_mode) || (S_ISLNK(sb.st_mode) && (g_stat(pathbuf, &sb, pglob) == 0) && S_ISDIR(sb.st_mode)))) { if (pathend+1 > pathend_last) return 1; *pathend++ = SEP; *pathend = EOS; } ++pglob->gl_matchc; return globextend(pathbuf, pglob); } /* Find end of next segment, copy tentatively to pathend. */ q = pathend; p = pattern; while (*p != EOS && *p != SEP) { if (ismeta(*p)) anymeta = 1; if (q+1 > pathend_last) return 1; *q++ = *p++; } if (!anymeta) { /* No expansion, do next segment. */ pathend = q; pattern = p; while (*pattern == SEP) { if (pathend+1 > pathend_last) return 1; *pathend++ = *pattern++; } } else /* Need expansion, recurse. */ return glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last, p, pattern_last, pglob); } /* NOTREACHED */ } static int glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, Char *pattern, Char *pattern_last, Char *restpattern, Char *restpattern_last, glob_t *pglob) { struct dirent *dp; DIR *dirp; int err; char buf[PATH_MAX]; if (pathend > pathend_last) return 1; *pathend = EOS; errno = 0; if ((dirp = g_opendir(pathbuf, pglob)) == NULL) { /* TODO: don't call for ENOENT or ENOTDIR? */ if (pglob->gl_errfunc) { if (g_Ctoc(pathbuf, buf, sizeof(buf))) return GLOB_ABORTED; if (pglob->gl_errfunc(buf, errno) || pglob->gl_flags & GLOB_ERR) return GLOB_ABORTED; } return 0; } err = 0; /* Search directory for matching names. */ while ((dp = readdir(dirp))) { unsigned char *sc; Char *dc; /* Initial DOT must be matched literally. */ if (dp->d_name[0] == DOT && *pattern != DOT) continue; dc = pathend; sc = (unsigned char *) dp->d_name; while (dc < pathend_last && (*dc++ = *sc++) != EOS) continue; if (dc >= pathend_last) { *dc = EOS; err = 1; break; } if (!match(pathend, pattern, restpattern)) { *pathend = EOS; continue; } err = glob2(pathbuf, pathbuf_last, --dc, pathend_last, restpattern, restpattern_last, pglob); if (err) break; } closedir(dirp); return err; } /* * Extend the gl_pathv member of a glob_t structure to accommodate a new item, * add the new item, and update gl_pathc. * * This assumes the BSD realloc, which only copies the block when its size * crosses a power-of-two boundary; for v7 realloc, this would cause quadratic * behavior. * * Return 0 if new item added, error code if memory couldn't be allocated. * * Invariant of the glob_t structure: * Either gl_pathc is zero and gl_pathv is NULL; or gl_pathc > 0 and * gl_pathv points to (gl_offs + gl_pathc + 1) items. */ static int globextend(const Char *path, glob_t *pglob) { char **pathv; int i; unsigned int newsize, len; char *copy; const Char *p; newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs); pathv = pglob->gl_pathv ? (char **)realloc((char *)pglob->gl_pathv, newsize) : (char **)malloc(newsize); if (pathv == NULL) { if (pglob->gl_pathv) { free(pglob->gl_pathv); pglob->gl_pathv = NULL; } return GLOB_NOSPACE; } if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) { /* first time around -- clear initial gl_offs items */ pathv += pglob->gl_offs; for (i = pglob->gl_offs; --i >= 0; ) *--pathv = NULL; } pglob->gl_pathv = pathv; for (p = path; *p++;) continue; len = (size_t)(p - path); if ((copy = malloc(len)) != NULL) { if (g_Ctoc(path, copy, len)) { free(copy); return GLOB_NOSPACE; } pathv[pglob->gl_offs + pglob->gl_pathc++] = copy; } pathv[pglob->gl_offs + pglob->gl_pathc] = NULL; return copy == NULL ? GLOB_NOSPACE : 0; } /* * pattern matching function for filenames. Each occurrence of the * * pattern causes a recursion level. */ static int match(Char *name, Char *pat, Char *patend) { int ok, negate_range; Char c, k; while (pat < patend) { c = *pat++; switch (c & M_MASK) { case M_ALL: if (pat == patend) return 1; do { if (match(name, pat, patend)) return 1; } while (*name++ != EOS); return 0; case M_ONE: if (*name++ == EOS) return 0; break; case M_SET: ok = 0; if ((k = *name++) == EOS) return 0; if ((negate_range = ((*pat & M_MASK) == M_NOT)) != EOS) ++pat; while (((c = *pat++) & M_MASK) != M_END) { if ((c & M_MASK) == M_CLASS) { int idx = *pat & M_MASK; if (idx < NCCLASSES && cclasses[idx].isctype(k)) ok = 1; ++pat; } if ((*pat & M_MASK) == M_RNG) { if (c <= k && k <= pat[1]) ok = 1; pat += 2; } else if (c == k) ok = 1; } if (ok == negate_range) return 0; break; default: if (*name++ != c) return 0; break; } } return *name == EOS; } /* Free allocated data belonging to a glob_t structure. */ void rpl_globfree(glob_t *pglob) { int i; char **pp; if (pglob->gl_pathv != NULL) { pp = pglob->gl_pathv + pglob->gl_offs; for (i = pglob->gl_pathc; i--; ++pp) if (*pp) free(*pp); free(pglob->gl_pathv); pglob->gl_pathv = NULL; } } static DIR * g_opendir(Char *str, glob_t *pglob) { char buf[PATH_MAX]; if (!*str) { buf[0] = '.'; buf[1] = '\0'; } else { if (g_Ctoc(str, buf, sizeof(buf))) return NULL; } return opendir(buf); } static int g_lstat(Char *fn, struct stat *sb, glob_t *pglob) { char buf[PATH_MAX]; if (g_Ctoc(fn, buf, sizeof(buf))) return -1; return lstat(buf, sb); } static int g_stat(Char *fn, struct stat *sb, glob_t *pglob) { char buf[PATH_MAX]; if (g_Ctoc(fn, buf, sizeof(buf))) return -1; return stat(buf, sb); } static Char * g_strchr(const Char *str, int ch) { do { if (*str == ch) return (Char *)str; } while (*str++); return NULL; } static int g_Ctoc(const Char *str, char *buf, unsigned int len) { while (len--) { if ((*buf++ = *str++) == EOS) return 0; } return 1; } #ifdef DEBUG static void qprintf(const char *str, Char *s) { Char *p; (void)printf("%s:\n", str); for (p = s; *p; p++) (void)printf("%c", CHAR(*p)); (void)printf("\n"); for (p = s; *p; p++) (void)printf("%c", *p & M_PROTECT ? '"' : ' '); (void)printf("\n"); for (p = s; *p; p++) (void)printf("%c", ismeta(*p) ? '_' : ' '); (void)printf("\n"); } #endif /* DEBUG */ #endif /* HAVE_GLOB */ sudo-1.8.9p5/compat/glob.h010064400175440000012000000064761226304126400147400ustar00millertstaff/* $OpenBSD: glob.h,v 1.8 2003/06/02 19:34:12 millert Exp $ */ /* * Copyright (c) 1989, 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Guido van Rossum. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)glob.h 8.1 (Berkeley) 6/2/93 */ #ifndef _GLOB_H_ #define _GLOB_H_ struct stat; typedef struct { int gl_pathc; /* Count of total paths so far. */ int gl_matchc; /* Count of paths matching pattern. */ int gl_offs; /* Reserved at beginning of gl_pathv. */ int gl_flags; /* Copy of flags parameter to glob. */ char **gl_pathv; /* List of paths matching pattern. */ /* Copy of errfunc parameter to glob. */ int (*gl_errfunc)(const char *, int); } glob_t; /* Flags */ #define GLOB_APPEND 0x0001 /* Append to output from previous call. */ #define GLOB_DOOFFS 0x0002 /* Use gl_offs. */ #define GLOB_ERR 0x0004 /* Return on error. */ #define GLOB_MARK 0x0008 /* Append / to matching directories. */ #define GLOB_NOCHECK 0x0010 /* Return pattern itself if nothing matches. */ #define GLOB_NOSORT 0x0020 /* Don't sort. */ #define GLOB_NOESCAPE 0x0040 /* Disable backslash escaping. */ /* Non-POSIX extensions */ #define GLOB_MAGCHAR 0x0080 /* Pattern had globbing characters. */ #define GLOB_BRACE 0x0100 /* Expand braces ala csh. */ #define GLOB_TILDE 0x0200 /* Expand tilde names from the passwd file. */ /* Error values returned by glob(3) */ #define GLOB_NOSPACE (-1) /* Malloc call failed. */ #define GLOB_ABORTED (-2) /* Unignored error. */ #define GLOB_NOMATCH (-3) /* No match and GLOB_NOCHECK not set. */ #define GLOB_NOSYS (-4) /* Function not supported. */ #define GLOB_ABEND GLOB_ABORTED int rpl_glob(const char *, int, int (*)(const char *, int), glob_t *); void rpl_globfree(glob_t *); #define glob(_a, _b, _c, _d) rpl_glob((_a), (_b), (_c), (_d)) #define globfree(_a) rpl_globfree((_a)) #endif /* !_GLOB_H_ */ sudo-1.8.9p5/compat/isblank.c010064400175440000012000000017641226304126400154260ustar00millertstaff/* * Copyright (c) 2008, 2010-2011, 2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #ifndef HAVE_ISBLANK #include #include "missing.h" #undef isblank int isblank(int ch) { return ch == ' ' || ch == '\t'; } #endif /* HAVE_ISBLANK */ sudo-1.8.9p5/compat/memrchr.c010064400175440000012000000023711226304126400154330ustar00millertstaff/* * Copyright (c) 2007, 2010-2011, 2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #ifndef HAVE_MEMRCHR #include #include "missing.h" /* * Reverse memchr() * Find the last occurrence of 'c' in the buffer 's' of size 'n'. */ void * memrchr(const void *s, int c, size_t n) { const unsigned char *cp; if (n != 0) { cp = (unsigned char *)s + n; do { if (*(--cp) == (unsigned char)c) return (void *)cp; } while (--n != 0); } return (void *)0; } #endif /* HAVE_MEMRCHR */ sudo-1.8.9p5/compat/memset_s.c010064400175440000012000000041071226304126400156110ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #if defined(HAVE_STDINT_H) # include #elif defined(HAVE_INTTYPES_H) # include #endif #include "missing.h" #ifndef RSIZE_MAX # if defined(SIZE_MAX) # define RSIZE_MAX (SIZE_MAX >> 1) # elif defined(__LP64__) # define RSIZE_MAX 0x7fffffffffffffffUL # else # define RSIZE_MAX 0x7fffffffU # endif #endif /* * Simple implementation of C11 memset_s() function. * We use a volatile pointer when updating the byte string. * Most compilers will avoid optimizing away access to a * volatile pointer, even if the pointer appears to be unused * after the call. * * Note that C11 does not specify the return value on error, only * that it be non-zero. We use EINVAL for all errors. */ errno_t memset_s(void *v, rsize_t smax, int c, rsize_t n) { errno_t ret = 0; volatile unsigned char *s = v; /* Fatal runtime-constraint violations. */ if (s == NULL || smax > RSIZE_MAX) { ret = errno = EINVAL; goto done; } /* Non-fatal runtime-constraint violation, n must not exceed smax. */ if (n > smax) { n = smax; ret = errno = EINVAL; } /* Updating through a volatile pointer should not be optimized away. */ while (n--) *s++ = (unsigned char)c; done: return ret; } sudo-1.8.9p5/compat/mksiglist.c010064400175440000012000000031251226304126400160020ustar00millertstaff/* * Copyright (c) 2010-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #include #include "missing.h" __dso_public int main(int argc, char *argv[]); int main(int argc, char *argv[]) { static char *sudo_sys_siglist[NSIG]; int i; #include "compat/mksiglist.h" printf("#include \n"); printf("#include \n"); printf("#include \"missing.h\"\n\n"); printf("const char *const sudo_sys_siglist[NSIG] = {\n"); for (i = 0; i < NSIG; i++) { if (sudo_sys_siglist[i] != NULL) { printf(" \"%s\",\n", sudo_sys_siglist[i]); } else { printf(" \"Signal %d\",\n", i); } } printf("};\n"); exit(0); } sudo-1.8.9p5/compat/mksiglist.h010064400175440000012000000113751226304126400160150ustar00millertstaff/* public domain */ #ifdef SIGHUP if (sudo_sys_siglist[SIGHUP] == NULL) sudo_sys_siglist[SIGHUP] = "Hangup"; #endif #ifdef SIGINT if (sudo_sys_siglist[SIGINT] == NULL) sudo_sys_siglist[SIGINT] = "Interrupt"; #endif #ifdef SIGQUIT if (sudo_sys_siglist[SIGQUIT] == NULL) sudo_sys_siglist[SIGQUIT] = "Quit"; #endif #ifdef SIGILL if (sudo_sys_siglist[SIGILL] == NULL) sudo_sys_siglist[SIGILL] = "Illegal instruction"; #endif #ifdef SIGTRAP if (sudo_sys_siglist[SIGTRAP] == NULL) sudo_sys_siglist[SIGTRAP] = "Trace trap"; #endif #ifdef SIGABRT if (sudo_sys_siglist[SIGABRT] == NULL) sudo_sys_siglist[SIGABRT] = "Abort"; #endif #ifdef SIGIOT if (sudo_sys_siglist[SIGIOT] == NULL) sudo_sys_siglist[SIGIOT] = "IOT instruction"; #endif #ifdef SIGEMT if (sudo_sys_siglist[SIGEMT] == NULL) sudo_sys_siglist[SIGEMT] = "EMT trap"; #endif #ifdef SIGFPE if (sudo_sys_siglist[SIGFPE] == NULL) sudo_sys_siglist[SIGFPE] = "Floating point exception"; #endif #ifdef SIGKILL if (sudo_sys_siglist[SIGKILL] == NULL) sudo_sys_siglist[SIGKILL] = "Killed"; #endif #ifdef SIGUNUSED if (sudo_sys_siglist[SIGUNUSED] == NULL) sudo_sys_siglist[SIGUNUSED] = "Unused"; #endif #ifdef SIGBUS if (sudo_sys_siglist[SIGBUS] == NULL) sudo_sys_siglist[SIGBUS] = "Bus error"; #endif #ifdef SIGSEGV if (sudo_sys_siglist[SIGSEGV] == NULL) sudo_sys_siglist[SIGSEGV] = "Memory fault"; #endif #ifdef SIGSYS if (sudo_sys_siglist[SIGSYS] == NULL) sudo_sys_siglist[SIGSYS] = "Bad system call"; #endif #ifdef SIGPIPE if (sudo_sys_siglist[SIGPIPE] == NULL) sudo_sys_siglist[SIGPIPE] = "Broken pipe"; #endif #ifdef SIGALRM if (sudo_sys_siglist[SIGALRM] == NULL) sudo_sys_siglist[SIGALRM] = "Alarm clock"; #endif #ifdef SIGTERM if (sudo_sys_siglist[SIGTERM] == NULL) sudo_sys_siglist[SIGTERM] = "Terminated"; #endif #ifdef SIGSTKFLT if (sudo_sys_siglist[SIGSTKFLT] == NULL) sudo_sys_siglist[SIGSTKFLT] = "Stack fault"; #endif #ifdef SIGIO if (sudo_sys_siglist[SIGIO] == NULL) sudo_sys_siglist[SIGIO] = "I/O possible"; #endif #ifdef SIGXCPU if (sudo_sys_siglist[SIGXCPU] == NULL) sudo_sys_siglist[SIGXCPU] = "CPU time limit exceeded"; #endif #ifdef SIGXFSZ if (sudo_sys_siglist[SIGXFSZ] == NULL) sudo_sys_siglist[SIGXFSZ] = "File size limit exceeded"; #endif #ifdef SIGVTALRM if (sudo_sys_siglist[SIGVTALRM] == NULL) sudo_sys_siglist[SIGVTALRM] = "Virtual timer expired"; #endif #ifdef SIGPROF if (sudo_sys_siglist[SIGPROF] == NULL) sudo_sys_siglist[SIGPROF] = "Profiling timer expired"; #endif #ifdef SIGWINCH if (sudo_sys_siglist[SIGWINCH] == NULL) sudo_sys_siglist[SIGWINCH] = "Window size change"; #endif #ifdef SIGLOST if (sudo_sys_siglist[SIGLOST] == NULL) sudo_sys_siglist[SIGLOST] = "File lock lost"; #endif #ifdef SIGUSR1 if (sudo_sys_siglist[SIGUSR1] == NULL) sudo_sys_siglist[SIGUSR1] = "User defined signal 1"; #endif #ifdef SIGUSR2 if (sudo_sys_siglist[SIGUSR2] == NULL) sudo_sys_siglist[SIGUSR2] = "User defined signal 2"; #endif #ifdef SIGPWR if (sudo_sys_siglist[SIGPWR] == NULL) sudo_sys_siglist[SIGPWR] = "Power-fail/Restart"; #endif #ifdef SIGPOLL if (sudo_sys_siglist[SIGPOLL] == NULL) sudo_sys_siglist[SIGPOLL] = "Pollable event occurred"; #endif #ifdef SIGSTOP if (sudo_sys_siglist[SIGSTOP] == NULL) sudo_sys_siglist[SIGSTOP] = "Stopped (signal)"; #endif #ifdef SIGTSTP if (sudo_sys_siglist[SIGTSTP] == NULL) sudo_sys_siglist[SIGTSTP] = "Stopped"; #endif #ifdef SIGCONT if (sudo_sys_siglist[SIGCONT] == NULL) sudo_sys_siglist[SIGCONT] = "Continued"; #endif #ifdef SIGCHLD if (sudo_sys_siglist[SIGCHLD] == NULL) sudo_sys_siglist[SIGCHLD] = "Child exited"; #endif #ifdef SIGCLD if (sudo_sys_siglist[SIGCLD] == NULL) sudo_sys_siglist[SIGCLD] = "Child exited"; #endif #ifdef SIGTTIN if (sudo_sys_siglist[SIGTTIN] == NULL) sudo_sys_siglist[SIGTTIN] = "Stopped (tty input)"; #endif #ifdef SIGTTOU if (sudo_sys_siglist[SIGTTOU] == NULL) sudo_sys_siglist[SIGTTOU] = "Stopped (tty output)"; #endif #ifdef SIGINFO if (sudo_sys_siglist[SIGINFO] == NULL) sudo_sys_siglist[SIGINFO] = "Information request"; #endif #ifdef SIGURG if (sudo_sys_siglist[SIGURG] == NULL) sudo_sys_siglist[SIGURG] = "Urgent I/O condition"; #endif #ifdef SIGWAITING if (sudo_sys_siglist[SIGWAITING] == NULL) sudo_sys_siglist[SIGWAITING] = "No runnable LWPs"; #endif #ifdef SIGLWP if (sudo_sys_siglist[SIGLWP] == NULL) sudo_sys_siglist[SIGLWP] = "Inter-LWP signal"; #endif #ifdef SIGFREEZE if (sudo_sys_siglist[SIGFREEZE] == NULL) sudo_sys_siglist[SIGFREEZE] = "Checkpoint freeze"; #endif #ifdef SIGTHAW if (sudo_sys_siglist[SIGTHAW] == NULL) sudo_sys_siglist[SIGTHAW] = "Checkpoint thaw"; #endif #ifdef SIGCANCEL if (sudo_sys_siglist[SIGCANCEL] == NULL) sudo_sys_siglist[SIGCANCEL] = "Thread cancellation"; #endif sudo-1.8.9p5/compat/mksigname.c010064400175440000012000000031251226304126400157470ustar00millertstaff/* * Copyright (c) 2010-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #include #include "missing.h" __dso_public int main(int argc, char *argv[]); int main(int argc, char *argv[]) { static char *sudo_sys_signame[NSIG]; int i; #include "compat/mksigname.h" printf("#include \n"); printf("#include \n"); printf("#include \"missing.h\"\n\n"); printf("const char *const sudo_sys_signame[NSIG] = {\n"); for (i = 0; i < NSIG; i++) { if (sudo_sys_signame[i] != NULL) { printf(" \"%s\",\n", sudo_sys_signame[i]); } else { printf(" \"Signal %d\",\n", i); } } printf("};\n"); exit(0); } sudo-1.8.9p5/compat/mksigname.h010064400175440000012000000105311226304126400157530ustar00millertstaff/* public domain */ sudo_sys_signame[0] = "Signal 0"; #ifdef SIGHUP if (sudo_sys_signame[SIGHUP] == NULL) sudo_sys_signame[SIGHUP] = "HUP"; #endif #ifdef SIGINT if (sudo_sys_signame[SIGINT] == NULL) sudo_sys_signame[SIGINT] = "INT"; #endif #ifdef SIGQUIT if (sudo_sys_signame[SIGQUIT] == NULL) sudo_sys_signame[SIGQUIT] = "QUIT"; #endif #ifdef SIGILL if (sudo_sys_signame[SIGILL] == NULL) sudo_sys_signame[SIGILL] = "ILL"; #endif #ifdef SIGTRAP if (sudo_sys_signame[SIGTRAP] == NULL) sudo_sys_signame[SIGTRAP] = "TRAP"; #endif #ifdef SIGABRT if (sudo_sys_signame[SIGABRT] == NULL) sudo_sys_signame[SIGABRT] = "ABRT"; #endif #ifdef SIGIOT if (sudo_sys_signame[SIGIOT] == NULL) sudo_sys_signame[SIGIOT] = "IOT"; #endif #ifdef SIGEMT if (sudo_sys_signame[SIGEMT] == NULL) sudo_sys_signame[SIGEMT] = "EMT"; #endif #ifdef SIGFPE if (sudo_sys_signame[SIGFPE] == NULL) sudo_sys_signame[SIGFPE] = "FPE"; #endif #ifdef SIGKILL if (sudo_sys_signame[SIGKILL] == NULL) sudo_sys_signame[SIGKILL] = "KILL"; #endif #ifdef SIGUNUSED if (sudo_sys_signame[SIGUNUSED] == NULL) sudo_sys_signame[SIGUNUSED] = "UNUSED"; #endif #ifdef SIGBUS if (sudo_sys_signame[SIGBUS] == NULL) sudo_sys_signame[SIGBUS] = "BUS"; #endif #ifdef SIGSEGV if (sudo_sys_signame[SIGSEGV] == NULL) sudo_sys_signame[SIGSEGV] = "SEGV"; #endif #ifdef SIGSYS if (sudo_sys_signame[SIGSYS] == NULL) sudo_sys_signame[SIGSYS] = "SYS"; #endif #ifdef SIGPIPE if (sudo_sys_signame[SIGPIPE] == NULL) sudo_sys_signame[SIGPIPE] = "PIPE"; #endif #ifdef SIGALRM if (sudo_sys_signame[SIGALRM] == NULL) sudo_sys_signame[SIGALRM] = "ALRM"; #endif #ifdef SIGTERM if (sudo_sys_signame[SIGTERM] == NULL) sudo_sys_signame[SIGTERM] = "TERM"; #endif #ifdef SIGSTKFLT if (sudo_sys_signame[SIGSTKFLT] == NULL) sudo_sys_signame[SIGSTKFLT] = "STKFLT"; #endif #ifdef SIGIO if (sudo_sys_signame[SIGIO] == NULL) sudo_sys_signame[SIGIO] = "IO"; #endif #ifdef SIGXCPU if (sudo_sys_signame[SIGXCPU] == NULL) sudo_sys_signame[SIGXCPU] = "XCPU"; #endif #ifdef SIGXFSZ if (sudo_sys_signame[SIGXFSZ] == NULL) sudo_sys_signame[SIGXFSZ] = "XFSZ"; #endif #ifdef SIGVTALRM if (sudo_sys_signame[SIGVTALRM] == NULL) sudo_sys_signame[SIGVTALRM] = "VTALRM"; #endif #ifdef SIGPROF if (sudo_sys_signame[SIGPROF] == NULL) sudo_sys_signame[SIGPROF] = "PROF"; #endif #ifdef SIGWINCH if (sudo_sys_signame[SIGWINCH] == NULL) sudo_sys_signame[SIGWINCH] = "WINCH"; #endif #ifdef SIGLOST if (sudo_sys_signame[SIGLOST] == NULL) sudo_sys_signame[SIGLOST] = "LOST"; #endif #ifdef SIGUSR1 if (sudo_sys_signame[SIGUSR1] == NULL) sudo_sys_signame[SIGUSR1] = "USR1"; #endif #ifdef SIGUSR2 if (sudo_sys_signame[SIGUSR2] == NULL) sudo_sys_signame[SIGUSR2] = "USR2"; #endif #ifdef SIGPWR if (sudo_sys_signame[SIGPWR] == NULL) sudo_sys_signame[SIGPWR] = "PWR"; #endif #ifdef SIGPOLL if (sudo_sys_signame[SIGPOLL] == NULL) sudo_sys_signame[SIGPOLL] = "POLL"; #endif #ifdef SIGSTOP if (sudo_sys_signame[SIGSTOP] == NULL) sudo_sys_signame[SIGSTOP] = "STOP"; #endif #ifdef SIGTSTP if (sudo_sys_signame[SIGTSTP] == NULL) sudo_sys_signame[SIGTSTP] = "TSTP"; #endif #ifdef SIGCONT if (sudo_sys_signame[SIGCONT] == NULL) sudo_sys_signame[SIGCONT] = "CONT"; #endif #ifdef SIGCHLD if (sudo_sys_signame[SIGCHLD] == NULL) sudo_sys_signame[SIGCHLD] = "CHLD"; #endif #ifdef SIGCLD if (sudo_sys_signame[SIGCLD] == NULL) sudo_sys_signame[SIGCLD] = "CLD"; #endif #ifdef SIGTTIN if (sudo_sys_signame[SIGTTIN] == NULL) sudo_sys_signame[SIGTTIN] = "TTIN"; #endif #ifdef SIGTTOU if (sudo_sys_signame[SIGTTOU] == NULL) sudo_sys_signame[SIGTTOU] = "TTOU"; #endif #ifdef SIGINFO if (sudo_sys_signame[SIGINFO] == NULL) sudo_sys_signame[SIGINFO] = "INFO"; #endif #ifdef SIGURG if (sudo_sys_signame[SIGURG] == NULL) sudo_sys_signame[SIGURG] = "URG"; #endif #ifdef SIGWAITING if (sudo_sys_signame[SIGWAITING] == NULL) sudo_sys_signame[SIGWAITING] = "WAITING"; #endif #ifdef SIGLWP if (sudo_sys_signame[SIGLWP] == NULL) sudo_sys_signame[SIGLWP] = "LWP"; #endif #ifdef SIGFREEZE if (sudo_sys_signame[SIGFREEZE] == NULL) sudo_sys_signame[SIGFREEZE] = "FREEZE"; #endif #ifdef SIGTHAW if (sudo_sys_signame[SIGTHAW] == NULL) sudo_sys_signame[SIGTHAW] = "THAW"; #endif #ifdef SIGCANCEL if (sudo_sys_signame[SIGCANCEL] == NULL) sudo_sys_signame[SIGCANCEL] = "CANCEL"; #endif sudo-1.8.9p5/compat/mktemp.c010064400175440000012000000065311226304126400152750ustar00millertstaff/* * Copyright (c) 2001, 2003, 2004, 2008-2011, 2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #if !defined(HAVE_MKSTEMPS) || !defined(HAVE_MKDTEMP) #include #include #include #include #include #include #include #ifdef HAVE_STDLIB_H # include #endif /* HAVE_STDLIB_H */ #include #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef TIME_WITH_SYS_TIME # include #endif #include "missing.h" #define MKTEMP_FILE 1 #define MKTEMP_DIR 2 #define TEMPCHARS "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" #define NUM_CHARS (sizeof(TEMPCHARS) - 1) #ifndef INT_MAX #define INT_MAX 0x7fffffff #endif #ifdef HAVE_RANDOM # define RAND random # define SRAND srandom # define SEED_T unsigned int #else # ifdef HAVE_LRAND48 # define RAND lrand48 # define SRAND srand48 # define SEED_T long # else # define RAND rand # define SRAND srand # define SEED_T unsigned int # endif #endif static void seed_random(void) { SEED_T seed; struct timeval tv; /* * Seed from time of day and process id multiplied by small primes. */ (void) gettimeofday(&tv, NULL); seed = (tv.tv_sec % 10000) * 523 + tv.tv_usec * 13 + (getpid() % 1000) * 983; SRAND(seed); } static unsigned int get_random(void) { static int initialized; if (!initialized) { seed_random(); initialized = 1; } return RAND() & 0xffffffff; } static int mktemp_internal(char *path, int slen, int mode) { char *start, *cp, *ep; const char *tempchars = TEMPCHARS; unsigned int r, tries; int fd; for (ep = path; *ep; ep++) ; if (path + slen >= ep) { errno = EINVAL; return -1; } ep -= slen; tries = 1; for (start = ep; start > path && start[-1] == 'X'; start--) { if (tries < INT_MAX / NUM_CHARS) tries *= NUM_CHARS; } tries *= 2; do { for (cp = start; *cp; cp++) { r = get_random() % NUM_CHARS; *cp = tempchars[r]; } switch (mode) { case MKTEMP_FILE: fd = open(path, O_CREAT|O_EXCL|O_RDWR, S_IRUSR|S_IWUSR); if (fd != -1 || errno != EEXIST) return fd; break; case MKTEMP_DIR: if (mkdir(path, S_IRWXU) == 0) return 0; if (errno != EEXIST) return -1; break; } } while (--tries); errno = EEXIST; return -1; } #ifndef HAVE_MKSTEMPS int mkstemps(char *path, int slen) { return mktemp_internal(path, slen, MKTEMP_FILE); } #endif /* HAVE_MKSTEMPS */ #ifndef HAVE_MKDTEMP char * mkdtemp(char *path) { if (mktemp_internal(path, 0, MKTEMP_DIR) == -1) return NULL; return path; } #endif /* HAVE_MKDTEMP */ #endif /* !HAVE_MKSTEMPS || !HAVE_MKDTEMP */ sudo-1.8.9p5/compat/nss_dbdefs.h010064400175440000012000000062521226304126400161170ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _COMPAT_NSS_DBDEFS_H #define _COMPAT_NSS_DBDEFS_H /* * Bits of nss_dbdefs.h and nss_common.h needed to implement * getgrouplist(3) using nss_search(3). * * HP-UX does not ship those headers so we need this compatibility header. * It may also work on other systems that use a Solaris-derived nsswitch * API. */ #ifdef NEED_HPUX_MUTEX # include #endif typedef enum { NSS_SUCCESS, NSS_NOTFOUND, NSS_UNAVAIL } nss_status_t; typedef struct nss_db_params { const char *name; const char *config_name; const char *default_config; unsigned int max_active_per_src; unsigned int max_dormant_per_src; int flags; void *finders; void *private; void (*cleanup)(struct nss_db_params *); } nss_db_params_t; struct nss_groupsbymem { const char *username; gid_t *gid_array; int maxgids; int force_slow_way; int (*str2ent)(const char *, int, void *, char *, int); nss_status_t (*process_cstr)(const char *, int, struct nss_groupsbymem *); int numgids; }; typedef struct { void *result; /* group struct to fill in. */ char *buffer; /* string buffer for above */ size_t buflen; /* string buffer size */ } nss_XbyY_buf_t; typedef struct { void *state; /* really struct nss_db_state * */ #ifdef NEED_HPUX_MUTEX lwp_mutex_t lock; #endif } nss_db_root_t; #ifdef NEED_HPUX_MUTEX # define NSS_DB_ROOT_INIT { 0, LWP_MUTEX_INITIALIZER } #else # define NSS_DB_ROOT_INIT { 0 } #endif # define DEFINE_NSS_DB_ROOT(name) nss_db_root_t name = NSS_DB_ROOT_INIT /* Backend function to find all groups a user belongs to for initgroups(). */ #define NSS_DBOP_GROUP_BYMEMBER 6 /* str2ent function return values */ #define NSS_STR_PARSE_SUCCESS 0 #define NSS_STR_PARSE_PARSE 1 #define NSS_STR_PARSE_ERANGE 2 /* Max length for an /etc/group file line. */ #define NSS_BUFLEN_GROUP 8192 /* HP-UX uses an extra underscore for these functions. */ #ifdef HAVE___NSS_INITF_GROUP # define _nss_initf_group __nss_initf_group #endif #ifdef HAVE___NSS_XBYY_BUF_ALLOC # define _nss_XbyY_buf_alloc __nss_XbyY_buf_alloc # define _nss_XbyY_buf_free __nss_XbyY_buf_free #endif typedef void (*nss_db_initf_t)(nss_db_params_t *); extern nss_status_t nss_search(nss_db_root_t *, nss_db_initf_t, int, void *); extern nss_XbyY_buf_t *_nss_XbyY_buf_alloc(int, int); extern void _nss_XbyY_buf_free(nss_XbyY_buf_t *); #endif /* _COMPAT_NSS_DBDEFS_H */ sudo-1.8.9p5/compat/pw_dup.c010064400175440000012000000054101226304126400152710ustar00millertstaff/* * Copyright (c) 2000, 2002, 2012-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #ifndef HAVE_PW_DUP #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS) # include #endif /* HAVE_MALLOC_H && !STDC_HEADERS */ #include #define PW_SIZE(name, size) \ do { \ if (pw->name) { \ size = strlen(pw->name) + 1; \ total += size; \ } \ } while (0) #define PW_COPY(name, size) \ do { \ if (pw->name) { \ (void)memcpy(cp, pw->name, size); \ newpw->name = cp; \ cp += size; \ } \ } while (0) struct passwd * pw_dup(const struct passwd *pw) { size_t nsize = 0, psize = 0, gsize = 0, dsize = 0, ssize = 0, total; #ifdef HAVE_LOGIN_CAP_H size_t csize = 0; #endif struct passwd *newpw; char *cp; /* Allocate in one big chunk for easy freeing */ total = sizeof(struct passwd); PW_SIZE(pw_name, nsize); PW_SIZE(pw_passwd, psize); #ifdef HAVE_LOGIN_CAP_H PW_SIZE(pw_class, csize); #endif PW_SIZE(pw_gecos, gsize); PW_SIZE(pw_dir, dsize); PW_SIZE(pw_shell, ssize); if ((cp = malloc(total)) == NULL) return NULL; newpw = (struct passwd *)cp; /* * Copy in passwd contents and make strings relative to space * at the end of the buffer. */ (void)memcpy(newpw, pw, sizeof(struct passwd)); cp += sizeof(struct passwd); PW_COPY(pw_name, nsize); PW_COPY(pw_passwd, psize); #ifdef HAVE_LOGIN_CAP_H PW_COPY(pw_class, csize); #endif PW_COPY(pw_gecos, gsize); PW_COPY(pw_dir, dsize); PW_COPY(pw_shell, ssize); return newpw; } #endif /* HAVE_PW_DUP */ sudo-1.8.9p5/compat/regress/fnmatch/fnm_test.c010064400175440000012000000034001226304126400207010ustar00millertstaff/* $OpenBSD: fnm_test.c,v 1.1 2008/10/01 23:04:58 millert Exp $ */ /* * Public domain, 2008, Todd C. Miller */ #include #include #include #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_FNMATCH # include #else # include "compat/fnmatch.h" #endif #include "missing.h" __dso_public int main(int argc, char *argv[]); int main(int argc, char *argv[]) { FILE *fp = stdin; char pattern[1024], string[1024], flagstr[1024]; int errors = 0, tests = 0, flags, got, want; if (argc > 1) { if ((fp = fopen(argv[1], "r")) == NULL) { perror(argv[1]); exit(1); } } /* * Read in test file, which is formatted thusly: * * pattern string flags expected_result * */ for (;;) { got = fscanf(fp, "%s %s %s %d\n", pattern, string, flagstr, &want); if (got == EOF) break; if (got == 4) { flags = 0; if (strcmp(flagstr, "FNM_NOESCAPE") == 0) flags |= FNM_NOESCAPE; else if (strcmp(flagstr, "FNM_PATHNAME") == 0) flags |= FNM_PATHNAME; else if (strcmp(flagstr, "FNM_PERIOD") == 0) flags |= FNM_PERIOD; else if (strcmp(flagstr, "FNM_LEADING_DIR") == 0) flags |= FNM_LEADING_DIR; else if (strcmp(flagstr, "FNM_CASEFOLD") == 0) flags |= FNM_CASEFOLD; got = fnmatch(pattern, string, flags); if (got != want) { fprintf(stderr, "fnmatch: %s %s %d: want %d, got %d\n", pattern, string, flags, want, got); errors++; } tests++; } } if (tests != 0) { printf("fnmatch: %d test%s run, %d errors, %d%% success rate\n", tests, tests == 1 ? "" : "s", errors, (tests - errors) * 100 / tests); } exit(errors); } sudo-1.8.9p5/compat/regress/fnmatch/fnm_test.in010064400175440000012000000003221226304126400210650ustar00millertstaff/bin/[[:alpha:][:alnum:]]* /bin/ls FNM_PATHNAME 0 /bin/[[:alpha:][:alnum:]]* /bin/LS FNM_CASEFOLD 0 /bin/[[:opper:][:alnum:]]* /bin/ls NONE 1 [[:alpha:][:alnum:]]*.c foo1.c FNM_PERIOD 0 [[:upper:]]* FOO NONE 0 sudo-1.8.9p5/compat/regress/glob/files010064400175440000012000000012161226304126500172520ustar00millertstafffake/bin/[ fake/bin/cat fake/bin/chgrp fake/bin/chio fake/bin/chmod fake/bin/cksum fake/bin/cp fake/bin/cpio fake/bin/csh fake/bin/date fake/bin/dd fake/bin/df fake/bin/domainname fake/bin/echo fake/bin/ed fake/bin/eject fake/bin/expr fake/bin/hostname fake/bin/kill fake/bin/ksh fake/bin/ln fake/bin/ls fake/bin/md5 fake/bin/mkdir fake/bin/mt fake/bin/mv fake/bin/pax fake/bin/ps fake/bin/pwd fake/bin/rcp fake/bin/rksh fake/bin/rm fake/bin/rmail fake/bin/rmd160 fake/bin/rmdir fake/bin/sh fake/bin/sha1 fake/bin/sha256 fake/bin/sha384 fake/bin/sha512 fake/bin/sleep fake/bin/stty fake/bin/sum fake/bin/sync fake/bin/systrace fake/bin/tar fake/bin/test sudo-1.8.9p5/compat/regress/glob/globtest.c010064400175440000012000000113361226304126500202200ustar00millertstaff/* $OpenBSD: globtest.c,v 1.1 2008/10/01 23:04:36 millert Exp $ */ /* * Public domain, 2008, Todd C. Miller */ #include #include #include #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_GLOB # include #else # include "compat/glob.h" #endif #include #include "missing.h" #define MAX_RESULTS 256 struct gl_entry { int flags; int nresults; char pattern[1024]; char *results[MAX_RESULTS]; }; int test_glob(struct gl_entry *); __dso_public int main(int argc, char *argv[]); int main(int argc, char **argv) { FILE *fp = stdin; char buf[2048], *cp, *ep; int errors = 0, tests = 0, lineno; struct gl_entry entry; size_t len; if (argc > 1) { if ((fp = fopen(argv[1], "r")) == NULL) { perror(argv[1]); exit(1); } } /* * Read in test file, which is formatted thusly: * * [pattern] * result1 * result2 * result3 * ... * */ lineno = 0; memset(&entry, 0, sizeof(entry)); while (fgets(buf, sizeof(buf), fp) != NULL) { lineno++; len = strlen(buf); if (len > 0) { if (buf[len - 1] != '\n') { fprintf(stderr, "globtest: missing newline at EOF\n"); exit(1); } buf[--len] = '\0'; } if (len == 0) continue; /* blank line */ if (buf[0] == '[') { /* check previous pattern */ if (entry.pattern[0]) { errors += test_glob(&entry); tests++; } /* start new entry */ if ((cp = strrchr(buf + 1, ']')) == NULL) { fprintf(stderr, "globtest: invalid entry on line %d\n", lineno); exit(1); } len = cp - buf - 1; if (len >= sizeof(entry.pattern)) { fprintf(stderr, "globtest: pattern too big on line %d\n", lineno); exit(1); } memcpy(entry.pattern, buf + 1, len); entry.pattern[len] = '\0'; cp += 2; if (*cp++ != '<') { fprintf(stderr, "globtest: invalid entry on line %d\n", lineno); exit(1); } ep = strchr(cp, '>'); if (ep == NULL) { fprintf(stderr, "globtest: invalid entry on line %d\n", lineno); exit(1); } *ep = '\0'; entry.flags = 0; for ((cp = strtok(cp, "|")); cp != NULL; (cp = strtok(NULL, "|"))) { if (strcmp(cp, "GLOB_APPEND") == 0) entry.flags |= GLOB_APPEND; else if (strcmp(cp, "GLOB_DOOFFS") == 0) entry.flags |= GLOB_DOOFFS; else if (strcmp(cp, "GLOB_ERR") == 0) entry.flags |= GLOB_ERR; else if (strcmp(cp, "GLOB_MARK") == 0) entry.flags |= GLOB_MARK; else if (strcmp(cp, "GLOB_NOCHECK") == 0) entry.flags |= GLOB_NOCHECK; else if (strcmp(cp, "GLOB_NOSORT") == 0) entry.flags |= GLOB_NOSORT; else if (strcmp(cp, "GLOB_NOESCAPE") == 0) entry.flags |= GLOB_NOESCAPE; else if (strcmp(cp, "GLOB_BRACE") == 0) entry.flags |= GLOB_BRACE; else if (strcmp(cp, "GLOB_TILDE") == 0) entry.flags |= GLOB_TILDE; else if (strcmp(cp, "NONE") != 0) { fprintf(stderr, "globtest: invalid flags on line %d\n", lineno); exit(1); } } entry.nresults = 0; continue; } if (!entry.pattern[0]) { fprintf(stderr, "globtest: missing entry on line %d\n", lineno); exit(1); } if (entry.nresults + 1 > MAX_RESULTS) { fprintf(stderr, "globtest: too many results for %s, max %d\n", entry.pattern, MAX_RESULTS); exit(1); } entry.results[entry.nresults++] = strdup(buf); } if (entry.pattern[0]) { errors += test_glob(&entry); /* test last pattern */ tests++; } if (tests != 0) { printf("glob: %d test%s run, %d errors, %d%% success rate\n", tests, tests == 1 ? "" : "s", errors, (tests - errors) * 100 / tests); } exit(errors); } int test_glob(struct gl_entry *entry) { glob_t gl; char **ap; int nmatches = 0, i = 0; if (glob(entry->pattern, entry->flags, NULL, &gl) != 0) { fprintf(stderr, "glob failed: %s: %s\n", entry->pattern, strerror(errno)); exit(1); } for (ap = gl.gl_pathv; *ap != NULL; ap++) nmatches++; if (nmatches != entry->nresults) goto mismatch; for (i = 0; i < entry->nresults; i++) { if (strcmp(gl.gl_pathv[i], entry->results[i]) != 0) goto mismatch; free(entry->results[i]); } return 0; mismatch: if (nmatches != entry->nresults) { fprintf(stderr, "globtest: mismatch in number of results (found %d, expected %d) for pattern %s\n", nmatches, entry->nresults, entry->pattern); } else { fprintf(stderr, "globtest: mismatch for pattern %s, flags 0x%x " "(found \"%s\", expected \"%s\")\n", entry->pattern, entry->flags, gl.gl_pathv[i], entry->results[i]); while (i < entry->nresults) free(entry->results[i++]); } return 1; } sudo-1.8.9p5/compat/regress/glob/globtest.in010064400175440000012000000016531226304126500204050ustar00millertstaff[fake/bin/[[:alpha:]]*] fake/bin/cat fake/bin/chgrp fake/bin/chio fake/bin/chmod fake/bin/cksum fake/bin/cp fake/bin/cpio fake/bin/csh fake/bin/date fake/bin/dd fake/bin/df fake/bin/domainname fake/bin/echo fake/bin/ed fake/bin/eject fake/bin/expr fake/bin/hostname fake/bin/kill fake/bin/ksh fake/bin/ln fake/bin/ls fake/bin/md5 fake/bin/mkdir fake/bin/mt fake/bin/mv fake/bin/pax fake/bin/ps fake/bin/pwd fake/bin/rcp fake/bin/rksh fake/bin/rm fake/bin/rmail fake/bin/rmd160 fake/bin/rmdir fake/bin/sh fake/bin/sha1 fake/bin/sha256 fake/bin/sha384 fake/bin/sha512 fake/bin/sleep fake/bin/stty fake/bin/sum fake/bin/sync fake/bin/systrace fake/bin/tar fake/bin/test [fake/bin/rm{,dir,ail}] fake/bin/rm fake/bin/rmdir fake/bin/rmail [fake/bin/sha[[:digit:]]] fake/bin/sha1 [fake/bin/sha[[:digit:]]*] fake/bin/sha1 fake/bin/sha256 fake/bin/sha384 fake/bin/sha512 [fake/bin/ca[a-z]] fake/bin/cat sudo-1.8.9p5/compat/sig2str.c010064400175440000012000000045521226304126500153770ustar00millertstaff/* * Copyright (c) 2012-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #ifndef HAVE_SIG2STR #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include #include #include "missing.h" #if defined(HAVE_DECL_SYS_SIGNAME) && HAVE_DECL_SYS_SIGNAME == 1 # define sudo_sys_signame sys_signame #elif defined(HAVE_DECL__SYS_SIGNAME) && HAVE_DECL__SYS_SIGNAME == 1 # define sudo_sys_signame _sys_signame #elif defined(HAVE_DECL___SYS_SIGNAME) && HAVE_DECL___SYS_SIGNAME == 1 # define sudo_sys_signame __sys_signame #elif defined(HAVE_DECL_SYS_SIGABBREV) && HAVE_DECL_SYS_SIGABBREV == 1 # define sudo_sys_signame sys_sigabbrev #else # ifdef HAVE_SYS_SIGABBREV /* sys_sigabbrev is not declared by glibc */ # define sudo_sys_signame sys_sigabbrev # endif extern const char *const sudo_sys_signame[NSIG]; #endif /* * Translate signal number to name. */ int sig2str(int signo, char *signame) { #if defined(SIGRTMIN) && defined(SIGRTMAX) /* Realtime signal support as per Solaris. */ if (signo >= SIGRTMIN && signo <= SIGRTMAX) { snprintf(signame, SIG2STR_MAX, "RTMIN+%d", (signo - SIGRTMIN)); return 0; } #endif if (signo > 0 && signo < NSIG && sudo_sys_signame[signo] != NULL) { strlcpy(signame, sudo_sys_signame[signo], SIG2STR_MAX); return 0; } errno = EINVAL; return -1; } #endif /* HAVE_SIG2STR */ sudo-1.8.9p5/compat/siglist.in010064400175440000012000000033431226304126500156410ustar00millertstaff# # List of signals used to build sys_siglist (see mksiglist.c) # Adapted from pdksh; public domain # # Note that if a system has multiple defines for the same signal # (eg, SIGABRT vs SIGIOT, SIGCHLD vs SIGCLD), only the first one # will be seen, so the order in this list is important. # HUP Hangup INT Interrupt QUIT Quit ILL Illegal instruction TRAP Trace trap # before IOT (ABRT is posix and ABRT is sometimes the same as IOT) ABRT Abort IOT IOT instruction EMT EMT trap FPE Floating point exception KILL Killed # before BUS (Older Linux doesn't really have a BUS, but defines it to UNUSED) UNUSED Unused BUS Bus error SEGV Memory fault SYS Bad system call PIPE Broken pipe ALRM Alarm clock TERM Terminated STKFLT Stack fault # before POLL (POLL is sometimes the same as IO) IO I/O possible XCPU CPU time limit exceeded XFSZ File size limit exceeded VTALRM Virtual timer expired PROF Profiling timer expired WINCH Window size change LOST File lock lost USR1 User defined signal 1 USR2 User defined signal 2 PWR Power-fail/Restart POLL Pollable event occurred STOP Stopped (signal) TSTP Stopped CONT Continued # before CLD (CHLD is posix and CHLD is sometimes the same as CLD) CHLD Child exited CLD Child exited TTIN Stopped (tty input) TTOU Stopped (tty output) INFO Information request URG Urgent I/O condition # Solaris (svr4?) signals WAITING No runnable LWPs LWP Inter-LWP signal FREEZE Checkpoint freeze THAW Checkpoint thaw CANCEL Thread cancellation sudo-1.8.9p5/compat/snprintf.c010064400175440000012000000402731226304126500156450ustar00millertstaff/* * Copyright (c) 1999-2005, 2008, 2010-2013 * Todd C. Miller * Copyright (c) 1990, 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Chris Torek. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * From: @(#)vfprintf.c 8.1 (Berkeley) 6/4/93 */ /* * v?snprintf/v?asprintf based on 4.4BSD stdio. * NOTE: does not support floating point. */ #include #if !defined(HAVE_VSNPRINTF) || !defined(HAVE_SNPRINTF) || \ !defined(HAVE_VASPRINTF) || !defined(HAVE_ASPRINTF) || \ defined(PREFER_PORTABLE_SNPRINTF) #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #if defined(HAVE_STDINT_H) # include #elif defined(HAVE_INTTYPES_H) # include #endif #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS) # include #endif /* HAVE_MALLOC_H && !STDC_HEADERS */ #include #include #include "missing.h" static int xxxprintf(char **, size_t, int, const char *, va_list); /* * Macros for converting digits to letters and vice versa */ #define to_digit(c) ((c) - '0') #define is_digit(c) ((unsigned int)to_digit(c) <= 9) #define to_char(n) ((n) + '0') /* * Flags used during conversion. */ #define ALT 0x001 /* alternate form */ #define HEXPREFIX 0x002 /* add 0x or 0X prefix */ #define LADJUST 0x004 /* left adjustment */ #define LONGDBL 0x008 /* long double; unimplemented */ #define LONGINT 0x010 /* long integer */ #define LLONGINT 0x020 /* quad integer */ #define SHORTINT 0x040 /* short integer */ #define ZEROPAD 0x080 /* zero (as opposed to blank) pad */ #define BUF 68 /* * Convert an unsigned long to ASCII for printf purposes, returning * a pointer to the first character of the string representation. * Octal numbers can be forced to have a leading zero; hex numbers * use the given digits. */ static char * __ultoa(unsigned long val, char *endp, int base, int octzero, char *xdigs) { char *cp = endp; long sval; /* * Handle the three cases separately, in the hope of getting * better/faster code. */ switch (base) { case 10: if (val < 10) { /* many numbers are 1 digit */ *--cp = to_char(val); return cp; } /* * On many machines, unsigned arithmetic is harder than * signed arithmetic, so we do at most one unsigned mod and * divide; this is sufficient to reduce the range of * the incoming value to where signed arithmetic works. */ if (val > LONG_MAX) { *--cp = to_char(val % 10); sval = val / 10; } else sval = val; do { *--cp = to_char(sval % 10); sval /= 10; } while (sval != 0); break; case 8: do { *--cp = to_char(val & 7); val >>= 3; } while (val); if (octzero && *cp != '0') *--cp = '0'; break; case 16: do { *--cp = xdigs[val & 15]; val >>= 4; } while (val); break; default: /* oops */ abort(); } return cp; } /* Identical to __ultoa, but for quads. */ #if SIZEOF_LONG_INT == 8 # define __ulltoa(v, e, b, o, x) __ultoa((unsigned long)(v), (e), (b), (o), (x)) #else static char * __ulltoa(unsigned long long val, char *endp, int base, int octzero, char *xdigs) { char *cp = endp; long long sval; /* quick test for small values; __ultoa is typically much faster */ /* (perhaps instead we should run until small, then call __ultoa?) */ if (val <= (unsigned long long)ULONG_MAX) return __ultoa((unsigned long)val, endp, base, octzero, xdigs); switch (base) { case 10: if (val < 10) { *--cp = to_char(val % 10); return cp; } if (val > LLONG_MAX) { *--cp = to_char(val % 10); sval = val / 10; } else sval = val; do { *--cp = to_char(sval % 10); sval /= 10; } while (sval != 0); break; case 8: do { *--cp = to_char(val & 7); val >>= 3; } while (val); if (octzero && *cp != '0') *--cp = '0'; break; case 16: do { *--cp = xdigs[val & 15]; val >>= 4; } while (val); break; default: /* oops */ abort(); } return cp; } #endif /* !SIZEOF_LONG_INT */ /* * Actual printf innards. */ static int xxxprintf(char **strp, size_t strsize, int alloc, const char *fmt0, va_list ap) { char *fmt; /* format string */ int ch; /* character from fmt */ int n; /* handy integer (short term usage) */ char *cp; /* handy char pointer (short term usage) */ int flags; /* flags as above */ int ret; /* return value accumulator */ int width; /* width from format (%8d), or 0 */ int prec; /* precision from format (%.3d), or -1 */ char sign; /* sign prefix (' ', '+', '-', or \0) */ unsigned long ulval = 0; /* integer arguments %[diouxX] */ unsigned long long ullval = 0; /* long long arguments %ll[diouxX] */ int base; /* base for [diouxX] conversion */ int dprec; /* a copy of prec if [diouxX], 0 otherwise */ int fieldsz; /* field size expanded by sign, etc */ int realsz; /* field size expanded by dprec */ int size; /* size of converted field or string */ char *xdigs = ""; /* digits for [xX] conversion */ char buf[BUF]; /* space for %c, %[diouxX], %[eEfgG] */ char ox[2]; /* space for 0x hex-prefix */ char *str; /* pointer to string to fill */ char *estr; /* pointer to last char in str */ /* * Choose PADSIZE to trade efficiency vs. size. If larger printf * fields occur frequently, increase PADSIZE and make the initialisers * below longer. */ #define PADSIZE 16 /* pad chunk size */ static char blanks[PADSIZE] = {' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' '}; static char zeroes[PADSIZE] = {'0','0','0','0','0','0','0','0','0','0','0','0','0','0','0','0'}; /* Print chars to "str", (allocate as needed if alloc is set). */ #define PRINT(ptr, len) do { \ const char *p = ptr; \ const char *endp = ptr + len; \ while (p < endp && (str < estr || alloc)) { \ if (alloc && str >= estr) { \ char *t; \ strsize = (strsize << 1) + 1; \ if (!(t = (char *)realloc(*strp, strsize))) { \ free(str); \ *strp = NULL; \ ret = -1; \ goto done; \ } \ str = t + (str - *strp); \ estr = t + strsize - 1; \ *strp = t; \ } \ *str++ = *p++; \ } \ } while (0) /* BEWARE, PAD uses `n'. */ #define PAD(plen, pstr) do { \ if ((n = (plen)) > 0) { \ while (n > PADSIZE) { \ PRINT(pstr, PADSIZE); \ n -= PADSIZE; \ } \ PRINT(pstr, n); \ } \ } while (0) /* * To extend shorts properly, we need both signed and unsigned * argument extraction methods. */ #define SARG() \ (flags&LONGINT ? va_arg(ap, long) : \ flags&SHORTINT ? (long)(short)va_arg(ap, int) : \ (long)va_arg(ap, int)) #define UARG() \ (flags&LONGINT ? va_arg(ap, unsigned long) : \ flags&SHORTINT ? (unsigned long)(unsigned short)va_arg(ap, int) : \ (unsigned long)va_arg(ap, unsigned int)) fmt = (char *)fmt0; ret = 0; if (alloc) { strsize = 128; *strp = str = (char *)malloc(strsize); if (str == NULL) { ret = -1; goto done; } estr = str + 127; } else { str = *strp; if (strsize) estr = str + strsize - 1; else estr = NULL; } /* * Scan the format for conversions (`%' character). */ for (;;) { for (cp = fmt; (ch = *fmt) != '\0' && ch != '%'; fmt++) /* void */; if ((n = fmt - cp) != 0) { PRINT(cp, n); ret += n; } if (ch == '\0') goto done; fmt++; /* skip over '%' */ flags = 0; dprec = 0; width = 0; prec = -1; sign = '\0'; rflag: ch = *fmt++; reswitch: switch (ch) { case ' ': /* * ``If the space and + flags both appear, the space * flag will be ignored.'' * -- ANSI X3J11 */ if (!sign) sign = ' '; goto rflag; case '#': flags |= ALT; goto rflag; case '*': /* * ``A negative field width argument is taken as a * - flag followed by a positive field width.'' * -- ANSI X3J11 * They don't exclude field widths read from args. */ if ((width = va_arg(ap, int)) >= 0) goto rflag; width = -width; /* FALLTHROUGH */ case '-': flags |= LADJUST; goto rflag; case '+': sign = '+'; goto rflag; case '.': if ((ch = *fmt++) == '*') { n = va_arg(ap, int); prec = n < 0 ? -1 : n; goto rflag; } n = 0; while (is_digit(ch)) { n = 10 * n + to_digit(ch); ch = *fmt++; } prec = n < 0 ? -1 : n; goto reswitch; case '0': /* * ``Note that 0 is taken as a flag, not as the * beginning of a field width.'' * -- ANSI X3J11 */ flags |= ZEROPAD; goto rflag; case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': n = 0; do { n = 10 * n + to_digit(ch); ch = *fmt++; } while (is_digit(ch)); width = n; goto reswitch; case 'h': flags |= SHORTINT; goto rflag; case 'l': if (*fmt == 'l') { fmt++; flags |= LLONGINT; } else { flags |= LONGINT; } goto rflag; case 'c': *(cp = buf) = va_arg(ap, int); size = 1; sign = '\0'; break; case 'D': flags |= LONGINT; /*FALLTHROUGH*/ case 'd': case 'i': if (flags & LLONGINT) { ullval = va_arg(ap, long long); if ((long long)ullval < 0) { ullval = -ullval; sign = '-'; } } else { ulval = SARG(); if ((long)ulval < 0) { ulval = -ulval; sign = '-'; } } base = 10; goto number; case 'n': if (flags & LLONGINT) *va_arg(ap, long long *) = ret; else if (flags & LONGINT) *va_arg(ap, long *) = ret; else if (flags & SHORTINT) *va_arg(ap, short *) = ret; else *va_arg(ap, int *) = ret; continue; /* no output */ case 'O': flags |= LONGINT; /*FALLTHROUGH*/ case 'o': if (flags & LLONGINT) ullval = va_arg(ap, unsigned long long); else ulval = UARG(); base = 8; goto nosign; case 'p': /* * ``The argument shall be a pointer to void. The * value of the pointer is converted to a sequence * of printable characters, in an implementation- * defined manner.'' * -- ANSI X3J11 */ ulval = (unsigned long)va_arg(ap, void *); base = 16; xdigs = "0123456789abcdef"; flags = (flags & ~LLONGINT) | HEXPREFIX; ch = 'x'; goto nosign; case 's': if ((cp = va_arg(ap, char *)) == NULL) cp = "(null)"; if (prec >= 0) { /* * can't use strlen; can only look for the * NUL in the first `prec' characters, and * strlen() will go further. */ char *p = memchr(cp, 0, prec); if (p != NULL) { size = p - cp; if (size > prec) size = prec; } else size = prec; } else size = strlen(cp); sign = '\0'; break; case 'U': flags |= LONGINT; /*FALLTHROUGH*/ case 'u': if (flags & LLONGINT) ullval = va_arg(ap, unsigned long long); else ulval = UARG(); base = 10; goto nosign; case 'X': xdigs = "0123456789ABCDEF"; goto hex; case 'x': xdigs = "0123456789abcdef"; hex: if (flags & LLONGINT) ullval = va_arg(ap, unsigned long long); else ulval = UARG(); base = 16; /* leading 0x/X only if non-zero */ if (flags & ALT && (flags & LLONGINT ? ullval != 0 : ulval != 0)) flags |= HEXPREFIX; /* unsigned conversions */ nosign: sign = '\0'; /* * ``... diouXx conversions ... if a precision is * specified, the 0 flag will be ignored.'' * -- ANSI X3J11 */ number: if ((dprec = prec) >= 0) flags &= ~ZEROPAD; /* * ``The result of converting a zero value with an * explicit precision of zero is no characters.'' * -- ANSI X3J11 */ cp = buf + BUF; if (flags & LLONGINT) { if (ullval != 0 || prec != 0) cp = __ulltoa(ullval, cp, base, flags & ALT, xdigs); } else { if (ulval != 0 || prec != 0) cp = __ultoa(ulval, cp, base, flags & ALT, xdigs); } size = buf + BUF - cp; break; default: /* "%?" prints ?, unless ? is NUL */ if (ch == '\0') goto done; /* pretend it was %c with argument ch */ cp = buf; *cp = ch; size = 1; sign = '\0'; break; } /* * All reasonable formats wind up here. At this point, `cp' * points to a string which (if not flags&LADJUST) should be * padded out to `width' places. If flags&ZEROPAD, it should * first be prefixed by any sign or other prefix; otherwise, * it should be blank padded before the prefix is emitted. * After any left-hand padding and prefixing, emit zeroes * required by a decimal [diouxX] precision, then print the * string proper, then emit zeroes required by any leftover * floating precision; finally, if LADJUST, pad with blanks. * * Compute actual size, so we know how much to pad. * fieldsz excludes decimal prec; realsz includes it. */ fieldsz = size; if (sign) fieldsz++; else if (flags & HEXPREFIX) fieldsz += 2; realsz = dprec > fieldsz ? dprec : fieldsz; /* right-adjusting blank padding */ if ((flags & (LADJUST|ZEROPAD)) == 0) PAD(width - realsz, blanks); /* prefix */ if (sign) { PRINT(&sign, 1); } else if (flags & HEXPREFIX) { ox[0] = '0'; ox[1] = ch; PRINT(ox, 2); } /* right-adjusting zero padding */ if ((flags & (LADJUST|ZEROPAD)) == ZEROPAD) PAD(width - realsz, zeroes); /* leading zeroes from decimal precision */ PAD(dprec - fieldsz, zeroes); /* the string or number proper */ PRINT(cp, size); /* left-adjusting padding (always blank) */ if (flags & LADJUST) PAD(width - realsz, blanks); /* finally, adjust ret */ ret += width > realsz ? width : realsz; } done: if (strsize) *str = '\0'; return ret; /* NOTREACHED */ } #if !defined(HAVE_VSNPRINTF) || defined(PREFER_PORTABLE_SNPRINTF) int rpl_vsnprintf(char *str, size_t n, const char *fmt, va_list ap) { return xxxprintf(&str, n, 0, fmt, ap); } #endif /* !HAVE_VSNPRINTF || PREFER_PORTABLE_SNPRINTF */ #if !defined(HAVE_SNPRINTF) || defined(PREFER_PORTABLE_SNPRINTF) int rpl_snprintf(char *str, size_t n, char const *fmt, ...) { int ret; va_list ap; va_start(ap, fmt); ret = xxxprintf(&str, n, 0, fmt, ap); va_end(ap); return ret; } #endif /* !HAVE_SNPRINTF || PREFER_PORTABLE_SNPRINTF */ #if !defined(HAVE_VASPRINTF) || defined(PREFER_PORTABLE_SNPRINTF) int rpl_vasprintf(char **str, const char *fmt, va_list ap) { return xxxprintf(str, 0, 1, fmt, ap); } #endif /* !HAVE_VASPRINTF || PREFER_PORTABLE_SNPRINTF */ #if !defined(HAVE_ASPRINTF) || defined(PREFER_PORTABLE_SNPRINTF) int rpl_asprintf(char **str, char const *fmt, ...) { int ret; va_list ap; va_start(ap, fmt); ret = xxxprintf(str, 0, 1, fmt, ap); va_end(ap); return ret; } #endif /* !HAVE_ASPRINTF || PREFER_PORTABLE_SNPRINTF */ #endif /* !HAVE_VSNPRINTF || !HAVE_SNPRINTF || !HAVE_VASPRINTF || !HAVE_ASPRINTF || PREFER_PORTABLE_SNPRINTF */ sudo-1.8.9p5/compat/stdbool.h010064400175440000012000000016311226304126500154500ustar00millertstaff/* $OpenBSD: stdbool.h,v 1.5 2010/07/24 22:17:03 guenther Exp $ */ /* * Written by Marc Espie, September 25, 1999 * Public domain. */ #ifndef _COMPAT_STDBOOL_H_ #define _COMPAT_STDBOOL_H_ #ifndef __cplusplus #if (defined(HAVE__BOOL) && HAVE__BOOL > 0) || defined(lint) /* Support for _C99: type _Bool is already built-in. */ #define false 0 #define true 1 #else /* `_Bool' type must promote to `int' or `unsigned int'. */ typedef enum { false = 0, true = 1 } _Bool; /* And those constants must also be available as macros. */ #define false false #define true true #endif /* User visible type `bool' is provided as a macro which may be redefined */ #define bool _Bool #else /* __cplusplus */ #define _Bool bool #define bool bool #define false false #define true true #endif /* __cplusplus */ /* Inform that everything is fine */ #define __bool_true_false_are_defined 1 #endif /* _COMPAT_STDBOOL_H_ */ sudo-1.8.9p5/compat/strlcat.c010064400175440000012000000034141226304126500154520ustar00millertstaff/* $OpenBSD: strlcat.c,v 1.8 2001/05/13 15:40:15 deraadt Exp $ */ /* * Copyright (c) 1998, 2003-2005, 2010-2011, 2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #ifndef HAVE_STRLCAT #include #include #include "missing.h" /* * Appends src to string dst of size siz (unlike strncat, siz is the * full size of dst, not space left). At most siz-1 characters * will be copied. Always NUL terminates (unless siz <= strlen(dst)). * Returns strlen(src) + MIN(siz, strlen(initial dst)). * If retval >= siz, truncation occurred. */ size_t strlcat(char *dst, const char *src, size_t siz) { char *d = dst; const char *s = src; size_t n = siz; size_t dlen; /* Find the end of dst and adjust bytes left but don't go past end */ while (n-- != 0 && *d != '\0') d++; dlen = d - dst; n = siz - dlen; if (n == 0) return dlen + strlen(s); while (*s != '\0') { if (n != 1) { *d++ = *s; n--; } s++; } *d = '\0'; return dlen + (s - src); /* count does not include NUL */ } #endif /* HAVE_STRLCAT */ sudo-1.8.9p5/compat/strlcpy.c010064400175440000012000000032121226304126500154720ustar00millertstaff/* $OpenBSD: strlcpy.c,v 1.5 2001/05/13 15:40:16 deraadt Exp $ */ /* * Copyright (c) 1998, 2003-2005, 2010-2011, 2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #ifndef HAVE_STRLCPY #include #include "missing.h" /* * Copy src to string dst of size siz. At most siz-1 characters * will be copied. Always NUL terminates (unless siz == 0). * Returns strlen(src); if retval >= siz, truncation occurred. */ size_t strlcpy(char *dst, const char *src, size_t siz) { char *d = dst; const char *s = src; size_t n = siz; /* Copy as many bytes as will fit */ if (n != 0 && --n != 0) { do { if ((*d++ = *s++) == 0) break; } while (--n != 0); } /* Not enough room in dst, add NUL and traverse rest of src */ if (n == 0) { if (siz != 0) *d = '\0'; /* NUL-terminate dst */ while (*s++) ; } return s - src - 1; /* count does not include NUL */ } #endif /* HAVE_STRLCPY */ sudo-1.8.9p5/compat/strsignal.c010064400175440000012000000032061226304126500160030ustar00millertstaff/* * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #ifndef HAVE_STRSIGNAL #include #include #include #include "missing.h" #define DEFAULT_TEXT_DOMAIN "sudo" #include "gettext.h" #if defined(HAVE_DECL_SYS_SIGLIST) && HAVE_DECL_SYS_SIGLIST == 1 # define sudo_sys_siglist sys_siglist #elif defined(HAVE_DECL__SYS_SIGLIST) && HAVE_DECL__SYS_SIGLIST == 1 # define sudo_sys_siglist _sys_siglist #elif defined(HAVE_DECL___SYS_SIGLIST) && HAVE_DECL___SYS_SIGLIST == 1 # define sudo_sys_siglist __sys_siglist #else extern const char *const sudo_sys_siglist[NSIG]; #endif /* * Get signal description string */ char * strsignal(int signo) { if (signo > 0 && signo < NSIG && sudo_sys_siglist[signo] != NULL) return (char *)sudo_sys_siglist[signo]; /* XXX - should be "Unknown signal: %d" */ return _("Unknown signal"); } #endif /* HAVE_STRSIGNAL */ sudo-1.8.9p5/compat/strtonum.c010064400175440000012000000110371226304126500156710ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include "missing.h" #define DEFAULT_TEXT_DOMAIN "sudo" #include "gettext.h" #ifdef HAVE_STRTONUM /* * The OpenBSD strtonum error string too short to be translated sensibly. * This wrapper just changes errstr as follows: * invalid -> invalid value * too large -> value too large * too small -> value too small */ long long rpl_strtonum(const char *str, long long minval, long long maxval, const char **errstrp) { long long retval; const char *errstr; # undef strtonum retval = strtonum(str, minval, maxval, &errstr); if (errstr != NULL) { if (errno == EINVAL) { errstr = N_("invalid value"); } else if (errno == ERANGE) { errstr = strcmp(errstr, "too large") == 0 ? N_("value too large") : N_("value too small"); } } if (errstrp != NULL) *errstrp = errstr; return retval; } #else enum strtonum_err { STN_VALID, STN_INVALID, STN_TOOSMALL, STN_TOOBIG }; /* * Convert a string to a number in the range [minval, maxval] */ long long rpl_strtonum(const char *str, long long minval, long long maxval, const char **errstrp) { const unsigned char *ustr = (const unsigned char *)str; enum strtonum_err errval = STN_VALID; long long lastval, result = 0; unsigned char dig, sign; int remainder; if (minval > maxval) { errval = STN_INVALID; goto done; } /* Trim leading space and check sign, if any. */ while (isspace(*ustr)) { ustr++; } switch (*ustr) { case '-': sign = '-'; ustr++; break; case '+': ustr++; /* FALLTHROUGH */ default: sign = '+'; break; } /* * To prevent overflow we determine the highest (or lowest in * the case of negative numbers) value result can have *before* * if its multiplied (divided) by 10 as well as the remainder. * If result matches this value and the next digit is larger than * the remainder, we know the result is out of range. * The remainder is always positive since it is compared against * an unsigned digit. */ if (sign == '-') { lastval = minval / 10; remainder = -(minval % 10); if (remainder < 0) { lastval += 1; remainder += 10; } while ((dig = *ustr++) != '\0') { if (!isdigit(dig)) { errval = STN_INVALID; break; } dig -= '0'; if (result < lastval || (result == lastval && dig > remainder)) { errval = STN_TOOSMALL; break; } else { result *= 10; result -= dig; } } if (result > maxval) errval = STN_TOOBIG; } else { lastval = maxval / 10; remainder = maxval % 10; while ((dig = *ustr++) != '\0') { if (!isdigit(dig)) { errval = STN_INVALID; break; } dig -= '0'; if (result > lastval || (result == lastval && dig > remainder)) { errval = STN_TOOBIG; break; } else { result *= 10; result += dig; } } if (result < minval) errval = STN_TOOSMALL; } done: switch (errval) { case STN_VALID: if (errstrp != NULL) *errstrp = NULL; break; case STN_INVALID: result = 0; errno = EINVAL; if (errstrp != NULL) *errstrp = N_("invalid value"); break; case STN_TOOSMALL: result = 0; errno = ERANGE; if (errstrp != NULL) *errstrp = N_("value too small"); break; case STN_TOOBIG: result = 0; errno = ERANGE; if (errstrp != NULL) *errstrp = N_("value too large"); break; } return result; } #endif /* HAVE_STRTONUM */ sudo-1.8.9p5/compat/timespec.h010064400175440000012000000016641226304126500156210ustar00millertstaff/* * Copyright (c) 2005, 2010 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDO_TIMESPEC_H #define _SUDO_TIMESPEC_H struct timespec { time_t tv_sec; long tv_nsec; }; #endif /* _SUDO_TIMESPEC_H */ sudo-1.8.9p5/compat/utime.h010064400175440000012000000017711226304126500151320ustar00millertstaff/* * Copyright (c) 1996, 1998-2005, 2010 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _UTIME_H #define _UTIME_H struct utimbuf { time_t actime; /* access time */ time_t modtime; /* mod time */ }; int utime(const char *, const struct utimbuf *); #endif /* _UTIME_H */ sudo-1.8.9p5/compat/utimes.c010064400175440000012000000037341226304126500153110ustar00millertstaff/* * Copyright (c) 2004-2005, 2007, 2010-2011, 2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #if !defined(HAVE_UTIMES) || (!defined(HAVE_FUTIMES) && !defined(HAVE_FUTIMESAT)) #include #include #include #ifdef TIME_WITH_SYS_TIME # include #endif #ifdef HAVE_UTIME_H # include #else # include "compat/utime.h" #endif #include "missing.h" #ifndef HAVE_UTIMES /* * Emulate utimes() via utime() */ int utimes(const char *file, const struct timeval *times) { if (times != NULL) { struct utimbuf utb; utb.actime = (time_t)(times[0].tv_sec + times[0].tv_usec / 1000000); utb.modtime = (time_t)(times[1].tv_sec + times[1].tv_usec / 1000000); return utime(file, &utb); } else return utime(file, NULL); } #endif /* !HAVE_UTIMES */ #ifdef HAVE_FUTIME /* * Emulate futimes() via futime() */ int futimes(int fd, const struct timeval *times) { if (times != NULL) { struct utimbuf utb; utb.actime = (time_t)(times[0].tv_sec + times[0].tv_usec / 1000000); utb.modtime = (time_t)(times[1].tv_sec + times[1].tv_usec / 1000000); return futime(fd, &utb); } else return futime(fd, NULL); } #endif /* HAVE_FUTIME */ #endif /* !HAVE_UTIMES || (!HAVE_FUTIMES && !HAVE_FUTIMESAT) */ sudo-1.8.9p5/config.guess010064400175440000012000001313551226424460000146710ustar00millertstaff#! /bin/sh # Attempt to guess a canonical system name. # Copyright 1992-2014 Free Software Foundation, Inc. timestamp='2014-01-01' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that # program. This Exception is an additional permission under section 7 # of the GNU General Public License, version 3 ("GPLv3"). # # Originally written by Per Bothner. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD # # Please send patches with a ChangeLog entry to config-patches@gnu.org. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] Output the configuration name of the system \`$me' is run on. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. Copyright 1992-2014 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" >&2 exit 1 ;; * ) break ;; esac done if test $# != 0; then echo "$me: too many arguments$help" >&2 exit 1 fi trap 'exit 1' 1 2 15 # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a # headache to deal with in a portable fashion. # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still # use `HOST_CC' if defined, but it is deprecated. # Portable tmp directory creation inspired by the Autoconf team. set_cc_for_build=' trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; : ${TMPDIR=/tmp} ; { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; dummy=$tmp/dummy ; tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; case $CC_FOR_BUILD,$HOST_CC,$CC in ,,) echo "int x;" > $dummy.c ; for c in cc gcc c89 c99 ; do if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then CC_FOR_BUILD="$c"; break ; fi ; done ; if test x"$CC_FOR_BUILD" = x ; then CC_FOR_BUILD=no_compiler_found ; fi ;; ,,*) CC_FOR_BUILD=$CC ;; ,*,*) CC_FOR_BUILD=$HOST_CC ;; esac ; set_cc_for_build= ;' # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown case "${UNAME_SYSTEM}" in Linux|GNU|GNU/*) # If the system lacks a compiler, then just pick glibc. # We could probably try harder. LIBC=gnu eval $set_cc_for_build cat <<-EOF > $dummy.c #include #if defined(__UCLIBC__) LIBC=uclibc #elif defined(__dietlibc__) LIBC=dietlibc #else LIBC=gnu #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` ;; esac # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently # switched to ELF, *-*-netbsd* would select the old # object file format. This provides both forward # compatibility and a consistent mechanism for selecting the # object file format. # # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ /usr/sbin/$sysctl 2>/dev/null || echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? os=netbsd else os=netbsdelf fi ;; *) os=netbsd ;; esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. case "${UNAME_VERSION}" in Debian*) release='-gnu' ;; *) release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" exit ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} exit ;; *:ekkoBSD:*:*) echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} exit ;; *:SolidBSD:*:*) echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} exit ;; macppc:MirBSD:*:*) echo powerpc-unknown-mirbsd${UNAME_RELEASE} exit ;; *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` ;; *5.*) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ;; esac # According to Compaq, /usr/sbin/psrinfo has been available on # OSF/1 and Tru64 systems produced since 1995. I hope that # covers most systems running today. This code pipes the CPU # types through head -n 1, so we only detect the type of CPU 0. ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") UNAME_MACHINE="alpha" ;; "EV4.5 (21064)") UNAME_MACHINE="alpha" ;; "LCA4 (21066/21068)") UNAME_MACHINE="alpha" ;; "EV5 (21164)") UNAME_MACHINE="alphaev5" ;; "EV5.6 (21164A)") UNAME_MACHINE="alphaev56" ;; "EV5.6 (21164PC)") UNAME_MACHINE="alphapca56" ;; "EV5.7 (21164PC)") UNAME_MACHINE="alphapca57" ;; "EV6 (21264)") UNAME_MACHINE="alphaev6" ;; "EV6.7 (21264A)") UNAME_MACHINE="alphaev67" ;; "EV6.8CB (21264C)") UNAME_MACHINE="alphaev68" ;; "EV6.8AL (21264B)") UNAME_MACHINE="alphaev68" ;; "EV6.8CX (21264D)") UNAME_MACHINE="alphaev68" ;; "EV6.9A (21264/EV69A)") UNAME_MACHINE="alphaev69" ;; "EV7 (21364)") UNAME_MACHINE="alphaev7" ;; "EV7.9 (21364A)") UNAME_MACHINE="alphaev79" ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` # Reset EXIT trap before exiting to avoid spurious non-zero exit code. exitcode=$? trap '' 0 exit $exitcode ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead # of the specific Alpha model? echo alpha-pc-interix exit ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 exit ;; *:[Aa]miga[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-amigaos exit ;; *:[Mm]orph[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-morphos exit ;; *:OS/390:*:*) echo i370-ibm-openedition exit ;; *:z/VM:*:*) echo s390-ibm-zvmoe exit ;; *:OS400:*:*) echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; arm*:riscos:*:*|arm*:RISCOS:*:*) echo arm-unknown-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) echo hppa1.1-hitachi-hiuxmpp exit ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then echo pyramid-pyramid-sysv3 else echo pyramid-pyramid-bsd fi exit ;; NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 exit ;; DRS?6000:unix:4.0:6*) echo sparc-icl-nx6 exit ;; DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; s390x:SunOS:*:*) echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) echo i386-pc-auroraux${UNAME_RELEASE} exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) eval $set_cc_for_build SUN_ARCH="i386" # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then SUN_ARCH="x86_64" fi fi echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` exit ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} ;; sun4) echo sparc-sun-sunos${UNAME_RELEASE} ;; esac exit ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor # > m68000). The system name ranges from "MiNT" over "FreeMiNT" # to the lowercase version "mint" (or "freemint"). Finally # the system name "TOS" denotes a system which is actually not # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) echo m68k-milan-mint${UNAME_RELEASE} exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) echo m68k-hades-mint${UNAME_RELEASE} exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) echo m68k-unknown-mint${UNAME_RELEASE} exit ;; m68k:machten:*:*) echo m68k-apple-machten${UNAME_RELEASE} exit ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} exit ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) echo clipper-intergraph-clix${UNAME_RELEASE} exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __cplusplus #include /* for printf() prototype */ int main (int argc, char *argv[]) { #else int main (argc, argv) int argc; char *argv[]; { #endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && SYSTEM_NAME=`$dummy $dummyarg` && { echo "$SYSTEM_NAME"; exit; } echo mips-mips-riscos${UNAME_RELEASE} exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax exit ;; Motorola:*:4.3:PL8-*) echo powerpc-harris-powermax exit ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) echo powerpc-harris-powermax exit ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix exit ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 exit ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 exit ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 exit ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ [ ${TARGET_BINARY_INTERFACE}x = x ] then echo m88k-dg-dgux${UNAME_RELEASE} else echo m88k-dg-dguxbcs${UNAME_RELEASE} fi else echo i586-dg-dgux${UNAME_RELEASE} fi exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 exit ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 exit ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd exit ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) echo i386-ibm-aix exit ;; ia64:AIX:*:*) if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include main() { if (!__power_pc()) exit(1); puts("powerpc-ibm-aix3.2.5"); exit(0); } EOF if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` then echo "$SYSTEM_NAME" else echo rs6000-ibm-aix3.2.5 fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi exit ;; *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} exit ;; *:AIX:*:*) echo rs6000-ibm-aix exit ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx exit ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 exit ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd exit ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 exit ;; 9000/[34678]??:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in 9000/31? ) HP_ARCH=m68000 ;; 9000/[34]?? ) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in 32) HP_ARCH="hppa2.0n" ;; 64) HP_ARCH="hppa2.0w" ;; '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 esac ;; esac fi if [ "${HP_ARCH}" = "" ]; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #define _HPUX_SOURCE #include #include int main () { #if defined(_SC_KERNEL_BITS) long bits = sysconf(_SC_KERNEL_BITS); #endif long cpu = sysconf (_SC_CPU_VERSION); switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0"); break; case CPU_PA_RISC1_1: puts ("hppa1.1"); break; case CPU_PA_RISC2_0: #if defined(_SC_KERNEL_BITS) switch (bits) { case 64: puts ("hppa2.0w"); break; case 32: puts ("hppa2.0n"); break; default: puts ("hppa2.0"); break; } break; #else /* !defined(_SC_KERNEL_BITS) */ puts ("hppa2.0"); break; #endif default: puts ("hppa1.0"); break; } exit (0); } EOF (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac if [ ${HP_ARCH} = "hppa2.0w" ] then eval $set_cc_for_build # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler # generating 64-bit code. GNU and HP use different nomenclature: # # $ CC_FOR_BUILD=cc ./config.guess # => hppa2.0w-hp-hpux11.23 # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | grep -q __LP64__ then HP_ARCH="hppa2.0w" else HP_ARCH="hppa64" fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} exit ;; ia64:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ia64-hp-hpux${HPUX_REV} exit ;; 3050*:HI-UX:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include int main () { long cpu = sysconf (_SC_CPU_VERSION); /* The order matters, because CPU_IS_HP_MC68K erroneously returns true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct results, however. */ if (CPU_IS_PA_RISC (cpu)) { switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; default: puts ("hppa-hitachi-hiuxwe2"); break; } } else if (CPU_IS_HP_MC68K (cpu)) puts ("m68k-hitachi-hiuxwe2"); else puts ("unknown-hitachi-hiuxwe2"); exit (0); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 exit ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd exit ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd exit ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix exit ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf exit ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi exit ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites exit ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd exit ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd exit ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd exit ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd exit ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*T3E:*:*:*) echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; *:UNICOS/mp:*:*) echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit ;; sparc*:BSD/OS:*:*) echo sparc-unknown-bsdi${UNAME_RELEASE} exit ;; *:BSD/OS:*:*) echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} exit ;; *:FreeBSD:*:*) UNAME_PROCESSOR=`/usr/bin/uname -p` case ${UNAME_PROCESSOR} in amd64) echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; *) echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; esac exit ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; *:MINGW64*:*) echo ${UNAME_MACHINE}-pc-mingw64 exit ;; *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; i*:MSYS*:*) echo ${UNAME_MACHINE}-pc-msys exit ;; i*:windows32*:*) # uname -m includes "-pc" on this system. echo ${UNAME_MACHINE}-mingw32 exit ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; *:Interix*:*) case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; authenticamd | genuineintel | EM64T) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; IA64) echo ia64-unknown-interix${UNAME_RELEASE} exit ;; esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; 8664:Windows_NT:*) echo x86_64-pc-mks exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we # UNAME_MACHINE based on the output of uname instead of i386? echo i586-pc-interix exit ;; i*:UWIN*:*) echo ${UNAME_MACHINE}-pc-uwin exit ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) echo x86_64-unknown-cygwin exit ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin exit ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; *:GNU:*:*) # the GNU system echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; aarch64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; EV56) UNAME_MACHINE=alphaev56 ;; PCA56) UNAME_MACHINE=alphapca56 ;; PCA57) UNAME_MACHINE=alphapca56 ;; EV6) UNAME_MACHINE=alphaev6 ;; EV67) UNAME_MACHINE=alphaev67 ;; EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 if test "$?" = 0 ; then LIBC="gnulibc1" ; fi echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arc:Linux:*:* | arceb:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then echo ${UNAME_MACHINE}-unknown-linux-${LIBC} else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi else echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf fi fi exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; cris:Linux:*:*) echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; crisv32:Linux:*:*) echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; frv:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; hexagon:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:Linux:*:*) echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m32r*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU #undef ${UNAME_MACHINE} #undef ${UNAME_MACHINE}el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) CPU=${UNAME_MACHINE}el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) CPU=${UNAME_MACHINE} #else CPU= #endif #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; or1k:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; or32:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) echo sparc-unknown-linux-${LIBC} exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) echo hppa64-unknown-linux-${LIBC} exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; *) echo hppa-unknown-linux-${LIBC} ;; esac exit ;; ppc64:Linux:*:*) echo powerpc64-unknown-linux-${LIBC} exit ;; ppc:Linux:*:*) echo powerpc-unknown-linux-${LIBC} exit ;; ppc64le:Linux:*:*) echo powerpc64le-unknown-linux-${LIBC} exit ;; ppcle:Linux:*:*) echo powerpcle-unknown-linux-${LIBC} exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux-${LIBC} exit ;; sh64*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; tile*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-${LIBC} exit ;; x86_64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. echo i386-sequent-sysv4 exit ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. echo ${UNAME_MACHINE}-pc-os2-emx exit ;; i*86:XTS-300:*:STOP) echo ${UNAME_MACHINE}-unknown-stop exit ;; i*86:atheos:*:*) echo ${UNAME_MACHINE}-unknown-atheos exit ;; i*86:syllable:*:*) echo ${UNAME_MACHINE}-pc-syllable exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit ;; i*86:*DOS:*:*) echo ${UNAME_MACHINE}-pc-msdosdjgpp exit ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} else echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi exit ;; i*86:*:5:[678]*) # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL else echo ${UNAME_MACHINE}-pc-sysv32 fi exit ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub # prints for the "djgpp" host, or else GDB configury will decide that # this is a cross-build. echo i586-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit ;; paragon:*:*:*) echo i860-intel-osf1 exit ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi exit ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv exit ;; mc68k:UNIX:SYSTEM5:3.51m) echo m68k-convergent-sysv exit ;; M680?0:D-NIX:5.3:*) echo m68k-diab-dnix exit ;; M68*:*:R3V[5678]*:*) test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; NCR*:*:4.2:* | MPRAS*:*:4.2:*) OS_REL='.3' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} exit ;; rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 exit ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 exit ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` echo ${UNAME_MACHINE}-sni-sysv4 else echo ns32k-sni-sysv fi exit ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 exit ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 exit ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 exit ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. echo ${UNAME_MACHINE}-stratus-vos exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos exit ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. echo powerpc-apple-beos exit ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; BePC:Haiku:*:*) # Haiku running on Intel PC compatible. echo i586-pc-haiku exit ;; x86_64:Haiku:*:*) echo x86_64-unknown-haiku exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; SX-5:SUPER-UX:*:*) echo sx5-nec-superux${UNAME_RELEASE} exit ;; SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; SX-7:SUPER-UX:*:*) echo sx7-nec-superux${UNAME_RELEASE} exit ;; SX-8:SUPER-UX:*:*) echo sx8-nec-superux${UNAME_RELEASE} exit ;; SX-8R:SUPER-UX:*:*) echo sx8r-nec-superux${UNAME_RELEASE} exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; *:Rhapsody:*:*) echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown eval $set_cc_for_build if test "$UNAME_PROCESSOR" = unknown ; then UNAME_PROCESSOR=powerpc fi if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then case $UNAME_PROCESSOR in i386) UNAME_PROCESSOR=x86_64 ;; powerpc) UNAME_PROCESSOR=powerpc64 ;; esac fi fi elif test "$UNAME_PROCESSOR" = i386 ; then # Avoid executing cc on OS X 10.9, as it ships with a stub # that puts up a graphical alert prompting to install # developer tools. Any system running Mac OS X 10.7 or # later (Darwin 11 and later) is required to have a 64-bit # processor. This is not true of the ARM version of Darwin # that Apple uses in portable devices. UNAME_PROCESSOR=x86_64 fi echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = "x86"; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} exit ;; *:QNX:*:4*) echo i386-pc-qnx exit ;; NEO-?:NONSTOP_KERNEL:*:*) echo neo-tandem-nsk${UNAME_RELEASE} exit ;; NSE-*:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; NSR-?:NONSTOP_KERNEL:*:*) echo nsr-tandem-nsk${UNAME_RELEASE} exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux exit ;; BS2000:POSIX*:*:*) echo bs2000-siemens-sysv exit ;; DS/*:UNIX_System_V:*:*) echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. if test "$cputype" = "386"; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi echo ${UNAME_MACHINE}-unknown-plan9 exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 exit ;; *:TENEX:*:*) echo pdp10-unknown-tenex exit ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) echo pdp10-dec-tops20 exit ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) echo pdp10-xkl-tops20 exit ;; *:TOPS-20:*:*) echo pdp10-unknown-tops20 exit ;; *:ITS:*:*) echo pdp10-unknown-its exit ;; SEI:*:*:SEIUX) echo mips-sei-seiux${UNAME_RELEASE} exit ;; *:DragonFly:*:*) echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` case "${UNAME_MACHINE}" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; V*) echo vax-dec-vms ; exit ;; esac ;; *:XENIX:*:SysV) echo i386-pc-xenix exit ;; i*86:skyos:*:*) echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' exit ;; i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; i*86:AROS:*:*) echo ${UNAME_MACHINE}-pc-aros exit ;; x86_64:VMkernel:*:*) echo ${UNAME_MACHINE}-unknown-esx exit ;; esac eval $set_cc_for_build cat >$dummy.c < # include #endif main () { #if defined (sony) #if defined (MIPSEB) /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, I don't know.... */ printf ("mips-sony-bsd\n"); exit (0); #else #include printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 "4" #else "" #endif ); exit (0); #endif #endif #if defined (__arm) && defined (__acorn) && defined (__unix) printf ("arm-acorn-riscix\n"); exit (0); #endif #if defined (hp300) && !defined (hpux) printf ("m68k-hp-bsd\n"); exit (0); #endif #if defined (NeXT) #if !defined (__ARCHITECTURE__) #define __ARCHITECTURE__ "m68k" #endif int version; version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; if (version < 4) printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); else printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); exit (0); #endif #if defined (MULTIMAX) || defined (n16) #if defined (UMAXV) printf ("ns32k-encore-sysv\n"); exit (0); #else #if defined (CMU) printf ("ns32k-encore-mach\n"); exit (0); #else printf ("ns32k-encore-bsd\n"); exit (0); #endif #endif #endif #if defined (__386BSD__) printf ("i386-pc-bsd\n"); exit (0); #endif #if defined (sequent) #if defined (i386) printf ("i386-sequent-dynix\n"); exit (0); #endif #if defined (ns32000) printf ("ns32k-sequent-dynix\n"); exit (0); #endif #endif #if defined (_SEQUENT_) struct utsname un; uname(&un); if (strncmp(un.version, "V2", 2) == 0) { printf ("i386-sequent-ptx2\n"); exit (0); } if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ printf ("i386-sequent-ptx1\n"); exit (0); } printf ("i386-sequent-ptx\n"); exit (0); #endif #if defined (vax) # if !defined (ultrix) # include # if defined (BSD) # if BSD == 43 printf ("vax-dec-bsd4.3\n"); exit (0); # else # if BSD == 199006 printf ("vax-dec-bsd4.3reno\n"); exit (0); # else printf ("vax-dec-bsd\n"); exit (0); # endif # endif # else printf ("vax-dec-bsd\n"); exit (0); # endif # else printf ("vax-dec-ultrix\n"); exit (0); # endif #endif #if defined (alliant) && defined (i860) printf ("i860-alliant-bsd\n"); exit (0); #endif exit (1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } # Apollos put the system type in the environment. test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } # Convex versions that predate uname can use getsysinfo(1) if [ -x /usr/convex/getsysinfo ] then case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd exit ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; c34*) echo c34-convex-bsd exit ;; c38*) echo c38-convex-bsd exit ;; c4*) echo c4-convex-bsd exit ;; esac fi cat >&2 < in order to provide the needed information to handle your system. config.guess timestamp = $timestamp uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` /bin/uname -X = `(/bin/uname -X) 2>/dev/null` hostinfo = `(hostinfo) 2>/dev/null` /bin/universe = `(/bin/universe) 2>/dev/null` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` /bin/arch = `(/bin/arch) 2>/dev/null` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` UNAME_MACHINE = ${UNAME_MACHINE} UNAME_RELEASE = ${UNAME_RELEASE} UNAME_SYSTEM = ${UNAME_SYSTEM} UNAME_VERSION = ${UNAME_VERSION} EOF exit 1 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: sudo-1.8.9p5/config.h.in010064400175440000012000000772461227416653500144220ustar00millertstaff/* config.h.in. Generated from configure.ac by autoheader. */ #ifndef _SUDO_CONFIG_H #define _SUDO_CONFIG_H /* Define to 1 if the `syslog' function returns a non-zero int to denote failure. */ #undef BROKEN_SYSLOG /* Define to 1 if you want the insults from the "classic" version sudo. */ #undef CLASSIC_INSULTS /* Define to 1 if you want insults culled from the twisted minds of CSOps. */ #undef CSOPS_INSULTS /* Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found. */ #undef DONT_LEAK_PATH_INFO /* A colon-separated list of pathnames to be used as the editor for visudo. */ #undef EDITOR /* Define to 1 to enable environment function debugging. */ #undef ENV_DEBUG /* Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables. */ #undef ENV_EDITOR /* Define to 1 to enable environment resetting by default. */ #undef ENV_RESET /* If defined, users in this group need not enter a passwd (ie "sudo"). */ #undef EXEMPTGROUP /* Define to 1 if you want to require fully qualified hosts in sudoers. */ #undef FQDN /* Define to the type of elements in the array set by `getgroups'. Usually this is either `int' or `gid_t'. */ #undef GETGROUPS_T /* Define to 1 if you want insults from the "Goon Show". */ #undef GOONS_INSULTS /* Define to 1 if you want 2001-like insults. */ #undef HAL_INSULTS /* Define to 1 if you use AFS. */ #undef HAVE_AFS /* Define to 1 if you use AIX general authentication. */ #undef HAVE_AIXAUTH /* Define to 1 if you have the `asprintf' function. */ #undef HAVE_ASPRINTF /* Define to 1 if you have the `authenticate' function. */ #undef HAVE_AUTHENTICATE /* Define to 1 if you have the `auth_challenge' function. */ #undef HAVE_AUTH_CHALLENGE /* Define to 1 if you have the `bigcrypt' function. */ #undef HAVE_BIGCRYPT /* Define to 1 if you use BSD authentication. */ #undef HAVE_BSD_AUTH_H /* Define to 1 to enable BSM audit support. */ #undef HAVE_BSM_AUDIT /* Define to 1 if you have the `closefrom' function. */ #undef HAVE_CLOSEFROM /* Define to 1 if you use OSF DCE. */ #undef HAVE_DCE /* Define to 1 if your `DIR' contains dd_fd. */ #undef HAVE_DD_FD /* Define to 1 if you have the declaration of `errno', and to 0 if you don't. */ #undef HAVE_DECL_ERRNO /* Define to 1 if you have the declaration of `h_errno', and to 0 if you don't. */ #undef HAVE_DECL_H_ERRNO /* Define to 1 if you have the declaration of `sys_sigabbrev', and to 0 if you don't. */ #undef HAVE_DECL_SYS_SIGABBREV /* Define to 1 if you have the declaration of `sys_siglist', and to 0 if you don't. */ #undef HAVE_DECL_SYS_SIGLIST /* Define to 1 if you have the declaration of `sys_signame', and to 0 if you don't. */ #undef HAVE_DECL_SYS_SIGNAME /* Define to 1 if you have the declaration of `_sys_siglist', and to 0 if you don't. */ #undef HAVE_DECL__SYS_SIGLIST /* Define to 1 if you have the declaration of `_sys_signame', and to 0 if you don't. */ #undef HAVE_DECL__SYS_SIGNAME /* Define to 1 if you have the declaration of `__sys_siglist', and to 0 if you don't. */ #undef HAVE_DECL___SYS_SIGLIST /* Define to 1 if you have the declaration of `__sys_signame', and to 0 if you don't. */ #undef HAVE_DECL___SYS_SIGNAME /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_DIRENT_H /* Define to 1 if you have the `dirfd' function or macro. */ #undef HAVE_DIRFD /* Define to 1 if you have the `dispcrypt' function. */ #undef HAVE_DISPCRYPT /* Define to 1 if you have the header file. */ #undef HAVE_DLFCN_H /* Define to 1 if you have the `dlopen' function. */ #undef HAVE_DLOPEN /* Define to 1 if the compiler supports the __visibility__ attribute. */ #undef HAVE_DSO_VISIBILITY /* Define to 1 if you have the header file. */ #undef HAVE_ENDIAN_H /* Define to 1 if you have the `exect' function. */ #undef HAVE_EXECT /* Define to 1 if you have the `execvP' function. */ #undef HAVE_EXECVP /* Define to 1 if you have the `execvpe' function. */ #undef HAVE_EXECVPE /* Define to 1 if your system has the F_CLOSEM fcntl. */ #undef HAVE_FCNTL_CLOSEM /* Define to 1 if you have the `fexecve' function. */ #undef HAVE_FEXECVE /* Define to 1 if you have the `fgetln' function. */ #undef HAVE_FGETLN /* Define to 1 if you have the `flock' function. */ #undef HAVE_FLOCK /* Define to 1 if you have the `fnmatch' function. */ #undef HAVE_FNMATCH /* Define to 1 if you have the `freeifaddrs' function. */ #undef HAVE_FREEIFADDRS /* Define to 1 if you have the `fseeko' function. */ #undef HAVE_FSEEKO /* Define to 1 if you have the `futime' function. */ #undef HAVE_FUTIME /* Define to 1 if you have the `futimes' function. */ #undef HAVE_FUTIMES /* Define to 1 if you have the `futimesat' function. */ #undef HAVE_FUTIMESAT /* Define to 1 if you use the FWTK authsrv daemon. */ #undef HAVE_FWTK /* Define to 1 if you have the `getaddrinfo' function. */ #undef HAVE_GETADDRINFO /* Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords). */ #undef HAVE_GETAUTHUID /* Define to 1 if you have the `getcwd' function. */ #undef HAVE_GETCWD /* Define to 1 if you have the `getdomainname' function. */ #undef HAVE_GETDOMAINNAME /* Define to 1 if you have the `getgrouplist' function. */ #undef HAVE_GETGROUPLIST /* Define to 1 if your system has a working `getgroups' function. */ #undef HAVE_GETGROUPS /* Define to 1 if you have the `getgrset' function. */ #undef HAVE_GETGRSET /* Define to 1 if you have the `getifaddrs' function. */ #undef HAVE_GETIFADDRS /* Define to 1 if you have the `getline' function. */ #undef HAVE_GETLINE /* Define to 1 if you have the `getopt_long' function. */ #undef HAVE_GETOPT_LONG /* Define to 1 if you have the `getprogname' function. */ #undef HAVE_GETPROGNAME /* Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords). */ #undef HAVE_GETPRPWNAM /* Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords). */ #undef HAVE_GETPWANAM /* Define to 1 if you have the `getresuid' function. */ #undef HAVE_GETRESUID /* Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords). */ #undef HAVE_GETSPNAM /* Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords). */ #undef HAVE_GETSPWUID /* Define to 1 if you have the `getttyent' function. */ #undef HAVE_GETTTYENT /* Define to 1 if you have the `getuserattr' function. */ #undef HAVE_GETUSERATTR /* Define to 1 if you have the `getutid' function. */ #undef HAVE_GETUTID /* Define to 1 if you have the `getutxid' function. */ #undef HAVE_GETUTXID /* Define to 1 if you have the `glob' function. */ #undef HAVE_GLOB /* Define to 1 if you have the `grantpt' function. */ #undef HAVE_GRANTPT /* Define to 1 if you have the header file. */ #undef HAVE_GSSAPI_GSSAPI_KRB5_H /* Define to 1 if you have the `gss_krb5_ccache_name' function. */ #undef HAVE_GSS_KRB5_CCACHE_NAME /* Define to 1 if your Kerberos is Heimdal. */ #undef HAVE_HEIMDAL /* Define to 1 if you have the `initprivs' function. */ #undef HAVE_INITPRIVS /* Define to 1 if you have the `innetgr' function. */ #undef HAVE_INNETGR /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H /* Define if you have isblank(3). */ #undef HAVE_ISBLANK /* Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled). */ #undef HAVE_ISCOMSEC /* Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled). */ #undef HAVE_ISSECURE /* Define to 1 if you use Kerberos V. */ #undef HAVE_KERB5 /* Define to 1 if you have the `killpg' function. */ #undef HAVE_KILLPG /* Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function. */ #undef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC /* Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments. */ #undef HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS /* Define to 1 if you have the `krb5_init_secure_context' function. */ #undef HAVE_KRB5_INIT_SECURE_CONTEXT /* Define to 1 if you have the `krb5_verify_user' function. */ #undef HAVE_KRB5_VERIFY_USER /* Define to 1 if your LDAP needs . (OpenLDAP does not). */ #undef HAVE_LBER_H /* Define to 1 if you use LDAP for sudoers. */ #undef HAVE_LDAP /* Define to 1 if you have the `ldapssl_init' function. */ #undef HAVE_LDAPSSL_INIT /* Define to 1 if you have the `ldapssl_set_strength' function. */ #undef HAVE_LDAPSSL_SET_STRENGTH /* Define to 1 if you have the `ldap_create' function. */ #undef HAVE_LDAP_CREATE /* Define to 1 if you have the `ldap_initialize' function. */ #undef HAVE_LDAP_INITIALIZE /* Define to 1 if you have the `ldap_sasl_bind_s' function. */ #undef HAVE_LDAP_SASL_BIND_S /* Define to 1 if you have the `ldap_sasl_interactive_bind_s' function. */ #undef HAVE_LDAP_SASL_INTERACTIVE_BIND_S /* Define to 1 if you have the `ldap_search_ext_s' function. */ #undef HAVE_LDAP_SEARCH_EXT_S /* Define to 1 if you have the `ldap_search_st' function. */ #undef HAVE_LDAP_SEARCH_ST /* Define to 1 if you have the `ldap_ssl_client_init' function. */ #undef HAVE_LDAP_SSL_CLIENT_INIT /* Define to 1 if you have the header file. */ #undef HAVE_LDAP_SSL_H /* Define to 1 if you have the `ldap_ssl_init' function. */ #undef HAVE_LDAP_SSL_INIT /* Define to 1 if you have the `ldap_start_tls_s' function. */ #undef HAVE_LDAP_START_TLS_S /* Define to 1 if you have the `ldap_start_tls_s_np' function. */ #undef HAVE_LDAP_START_TLS_S_NP /* Define to 1 if you have the `ldap_str2dn' function. */ #undef HAVE_LDAP_STR2DN /* Define to 1 if you have the `ldap_unbind_ext_s' function. */ #undef HAVE_LDAP_UNBIND_EXT_S /* Define to 1 if you have the header file. */ #undef HAVE_LIBINTL_H /* Define to 1 if you have the header file. */ #undef HAVE_LIBUTIL_H /* Define to 1 to enable Linux audit support. */ #undef HAVE_LINUX_AUDIT /* Define to 1 if you have the `lockf' function. */ #undef HAVE_LOCKF /* Define to 1 if you have the header file. */ #undef HAVE_LOGIN_CAP_H /* Define to 1 if the system has the type 'long long int'. */ #undef HAVE_LONG_LONG_INT /* Define to 1 if you have the `lrand48' function. */ #undef HAVE_LRAND48 /* Define to 1 if you have the header file. */ #undef HAVE_MACHINE_ENDIAN_H /* Define to 1 if you have the header file. */ #undef HAVE_MAILLOCK_H /* Define to 1 if you have the header file. */ #undef HAVE_MALLOC_H /* Define to 1 if you have the header file. */ #undef HAVE_MEMORY_H /* Define to 1 if you have the `memrchr' function. */ #undef HAVE_MEMRCHR /* Define to 1 if you have the `memset_s' function. */ #undef HAVE_MEMSET_S /* Define to 1 if you have the `mkdtemp' function. */ #undef HAVE_MKDTEMP /* Define to 1 if you have the `mkstemps' function. */ #undef HAVE_MKSTEMPS /* Define to 1 if you have the header file. */ #undef HAVE_MPS_LDAP_SSL_H /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_NDIR_H /* Define to 1 if you have the header file. */ #undef HAVE_NETGROUP_H /* Define to 1 if you have the `ngettext' function. */ #undef HAVE_NGETTEXT /* Define to 1 if you have the `nl_langinfo' function. */ #undef HAVE_NL_LANGINFO /* Define to 1 if you have the header file. */ #undef HAVE_NSS_DBDEFS_H /* Define to 1 if you have the `nss_search' function. */ #undef HAVE_NSS_SEARCH /* Define to 1 if you have the `openpty' function. */ #undef HAVE_OPENPTY /* Define to 1 if you use NRL OPIE. */ #undef HAVE_OPIE /* Define to 1 if you have the `optreset' symbol. */ #undef HAVE_OPTRESET /* Define to 1 if you use PAM authentication. */ #undef HAVE_PAM /* Define to 1 if you have the `pam_getenvlist' function. */ #undef HAVE_PAM_GETENVLIST /* Define to 1 if you use a specific PAM session for sudo -i. */ #undef HAVE_PAM_LOGIN /* Define to 1 if you have the header file. */ #undef HAVE_PAM_PAM_APPL_H /* Define to 1 if you have the header file. */ #undef HAVE_PATHS_H /* Define to 1 if you have the `poll' function. */ #undef HAVE_POLL /* Define to 1 if you have the `posix_openpt' function. */ #undef HAVE_POSIX_OPENPT /* Define to 1 if you have the `posix_spawn' function. */ #undef HAVE_POSIX_SPAWN /* Define to 1 if you have the `posix_spawnp' function. */ #undef HAVE_POSIX_SPAWNP /* Define to 1 if you have the `priv_set' function. */ #undef HAVE_PRIV_SET /* Define to 1 if you have the header file. */ #undef HAVE_PROCFS_H /* Define to 1 if you have the header file. */ #undef HAVE_PROJECT_H /* Define to 1 if you have the `pstat_getproc' function. */ #undef HAVE_PSTAT_GETPROC /* Define to 1 if you have the header file. */ #undef HAVE_PTY_H /* Define to 1 if you have the `pw_dup' function. */ #undef HAVE_PW_DUP /* Define to 1 if you have the `random' function. */ #undef HAVE_RANDOM /* Define to 1 if you have the `regcomp' function. */ #undef HAVE_REGCOMP /* Define to 1 if you have the `revoke' function. */ #undef HAVE_REVOKE /* Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments. */ #undef HAVE_RFC1938_SKEYCHALLENGE /* Define to 1 if you have the header file. */ #undef HAVE_SASL_H /* Define to 1 if you have the header file. */ #undef HAVE_SASL_SASL_H /* Define to 1 if you use SecurID for authentication. */ #undef HAVE_SECURID /* Define to 1 if you have the header file. */ #undef HAVE_SECURITY_PAM_APPL_H /* Define to 1 to enable SELinux RBAC support. */ #undef HAVE_SELINUX /* Define to 1 if you have the `setauthdb' function. */ #undef HAVE_SETAUTHDB /* Define to 1 if you have the `setenv' function. */ #undef HAVE_SETENV /* Define to 1 if you have the `seteuid' function. */ #undef HAVE_SETEUID /* Define to 1 if you have the `setkeycreatecon' function. */ #undef HAVE_SETKEYCREATECON /* Define to 1 if you have the `setresuid' function. */ #undef HAVE_SETRESUID /* Define to 1 if you have the `setreuid' function. */ #undef HAVE_SETREUID /* Define to 1 if you have the `setrlimit64' function. */ #undef HAVE_SETRLIMIT64 /* Define to 1 if you have the `set_auth_parameters' function. */ #undef HAVE_SET_AUTH_PARAMETERS /* Define to 1 if you have the `shl_load' function. */ #undef HAVE_SHL_LOAD /* Define to 1 if you have the `sia_ses_init' function. */ #undef HAVE_SIA_SES_INIT /* Define to 1 if you have the `sig2str' function. */ #undef HAVE_SIG2STR /* Define to 1 if the system has the type `sigaction_t'. */ #undef HAVE_SIGACTION_T /* Define to 1 if you use S/Key. */ #undef HAVE_SKEY /* Define to 1 if your S/Key library has skeyaccess(). */ #undef HAVE_SKEYACCESS /* Define to 1 if you have the `snprintf' function. */ #undef HAVE_SNPRINTF /* Define to 1 if you have the header file. */ #undef HAVE_SPAWN_H /* Define to 1 to enable SSSD support. */ #undef HAVE_SSSD /* Define to 1 if stdbool.h conforms to C99. */ #undef HAVE_STDBOOL_H /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H /* Define to 1 if you have the header file. */ #undef HAVE_STDLIB_H /* Define to 1 if you have the `strftime' function. */ #undef HAVE_STRFTIME /* Define to 1 if you have the header file. */ #undef HAVE_STRINGS_H /* Define to 1 if you have the header file. */ #undef HAVE_STRING_H /* Define to 1 if you have the `strlcat' function. */ #undef HAVE_STRLCAT /* Define to 1 if you have the `strlcpy' function. */ #undef HAVE_STRLCPY /* Define to 1 if you have the `strrchr' function. */ #undef HAVE_STRRCHR /* Define to 1 if you have the `strsignal' function. */ #undef HAVE_STRSIGNAL /* Define to 1 if you have the `strtoll' function. */ #undef HAVE_STRTOLL /* Define to 1 if you have the `strtonum' function. */ #undef HAVE_STRTONUM /* Define to 1 if `d_type' is a member of `struct dirent'. */ #undef HAVE_STRUCT_DIRENT_D_TYPE /* Define to 1 if the system has the type `struct in6_addr'. */ #undef HAVE_STRUCT_IN6_ADDR /* Define to 1 if `p_tdev' is a member of `struct kinfo_proc2'. */ #undef HAVE_STRUCT_KINFO_PROC2_P_TDEV /* Define to 1 if `ki_tdev' is a member of `struct kinfo_proc'. */ #undef HAVE_STRUCT_KINFO_PROC_KI_TDEV /* Define to 1 if `kp_eproc.e_tdev' is a member of `struct kinfo_proc'. */ #undef HAVE_STRUCT_KINFO_PROC_KP_EPROC_E_TDEV /* Define to 1 if `p_tdev' is a member of `struct kinfo_proc'. */ #undef HAVE_STRUCT_KINFO_PROC_P_TDEV /* Define to 1 if `pr_ttydev' is a member of `struct psinfo'. */ #undef HAVE_STRUCT_PSINFO_PR_TTYDEV /* Define if your struct sockaddr_in has a sin_len field. */ #undef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN /* Define if your struct sockaddr has an sa_len field. */ #undef HAVE_STRUCT_SOCKADDR_SA_LEN /* Define to 1 if the system has the type `struct timespec'. */ #undef HAVE_STRUCT_TIMESPEC /* Define to 1 if `ut_exit' is a member of `struct utmpx'. */ #undef HAVE_STRUCT_UTMPX_UT_EXIT /* Define to 1 if `ut_exit.e_termination' is a member of `struct utmpx'. */ #undef HAVE_STRUCT_UTMPX_UT_EXIT_E_TERMINATION /* Define to 1 if `ut_exit.__e_termination' is a member of `struct utmpx'. */ #undef HAVE_STRUCT_UTMPX_UT_EXIT___E_TERMINATION /* Define to 1 if `ut_id' is a member of `struct utmpx'. */ #undef HAVE_STRUCT_UTMPX_UT_ID /* Define to 1 if `ut_pid' is a member of `struct utmpx'. */ #undef HAVE_STRUCT_UTMPX_UT_PID /* Define to 1 if `ut_tv' is a member of `struct utmpx'. */ #undef HAVE_STRUCT_UTMPX_UT_TV /* Define to 1 if `ut_type' is a member of `struct utmpx'. */ #undef HAVE_STRUCT_UTMPX_UT_TYPE /* Define to 1 if `ut_exit' is a member of `struct utmp'. */ #undef HAVE_STRUCT_UTMP_UT_EXIT /* Define to 1 if `ut_exit.e_termination' is a member of `struct utmp'. */ #undef HAVE_STRUCT_UTMP_UT_EXIT_E_TERMINATION /* Define to 1 if `ut_exit.__e_termination' is a member of `struct utmp'. */ #undef HAVE_STRUCT_UTMP_UT_EXIT___E_TERMINATION /* Define to 1 if `ut_id' is a member of `struct utmp'. */ #undef HAVE_STRUCT_UTMP_UT_ID /* Define to 1 if `ut_pid' is a member of `struct utmp'. */ #undef HAVE_STRUCT_UTMP_UT_PID /* Define to 1 if `ut_tv' is a member of `struct utmp'. */ #undef HAVE_STRUCT_UTMP_UT_TV /* Define to 1 if `ut_type' is a member of `struct utmp'. */ #undef HAVE_STRUCT_UTMP_UT_TYPE /* Define to 1 if `ut_user' is a member of `struct utmp'. */ #undef HAVE_STRUCT_UTMP_UT_USER /* Define to 1 if your struct stat has an st_mtim member. */ #undef HAVE_ST_MTIM /* Define to 1 if your struct stat has an st_mtimespec member. */ #undef HAVE_ST_MTIMESPEC /* Define to 1 if your struct stat uses an st__tim union. */ #undef HAVE_ST__TIM /* Define to 1 if you have the `sysconf' function. */ #undef HAVE_SYSCONF /* Define to 1 if you have the `sysctl' function. */ #undef HAVE_SYSCTL /* Define to 1 if you have the header file. */ #undef HAVE_SYS_BSDTYPES_H /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_SYS_DIR_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_ENDIAN_H /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_SYS_NDIR_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_PROCFS_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SELECT_H /* Define to 1 if your libc has the `sys_sigabbrev' symbol. */ #undef HAVE_SYS_SIGABBREV /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SOCKIO_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STAT_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STROPTS_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SYSMACROS_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H /* Define to 1 if you have the `ttyslot' function. */ #undef HAVE_TTYSLOT /* Define to 1 if you have the `tzset' function. */ #undef HAVE_TZSET /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H /* Define to 1 if you have the `unsetenv' function. */ #undef HAVE_UNSETENV /* Define to 1 if the system has the type 'unsigned long long int'. */ #undef HAVE_UNSIGNED_LONG_LONG_INT /* Define to 1 if you have the header file. */ #undef HAVE_UTIL_H /* Define to 1 if you have the `utimes' function. */ #undef HAVE_UTIMES /* Define to 1 if you have the header file. */ #undef HAVE_UTIME_H /* Define to 1 if you have the header file. */ #undef HAVE_UTMPX_H /* Define to 1 if you have the `vasprintf' function. */ #undef HAVE_VASPRINTF /* Define to 1 if you have the `vsnprintf' function. */ #undef HAVE_VSNPRINTF /* Define to 1 if you have the header file. */ #undef HAVE_ZLIB_H /* Define to 1 if the system has the type `_Bool'. */ #undef HAVE__BOOL /* Define to 1 if you have the `_execl' function. */ #undef HAVE__EXECL /* Define to 1 if you have the `_execle' function. */ #undef HAVE__EXECLE /* Define to 1 if you have the `_execlp' function. */ #undef HAVE__EXECLP /* Define to 1 if you have the `_exect' function. */ #undef HAVE__EXECT /* Define to 1 if you have the `_execv' function. */ #undef HAVE__EXECV /* Define to 1 if you have the `_execve' function. */ #undef HAVE__EXECVE /* Define to 1 if you have the `_execvP' function. */ #undef HAVE__EXECVP /* Define to 1 if you have the `_execvpe' function. */ #undef HAVE__EXECVPE /* Define to 1 if you have the `_fexecve' function. */ #undef HAVE__FEXECVE /* Define to 1 if you have the `_getpty' function. */ #undef HAVE__GETPTY /* Define to 1 if you have the `_innetgr' function. */ #undef HAVE__INNETGR /* Define to 1 if you have the `_nss_initf_group' function. */ #undef HAVE__NSS_INITF_GROUP /* Define to 1 if you have the `_nss_XbyY_buf_alloc' function. */ #undef HAVE__NSS_XBYY_BUF_ALLOC /* Define to 1 if you have the `_posix_spawn' function. */ #undef HAVE__POSIX_SPAWN /* Define to 1 if you have the `_posix_spawnp' function. */ #undef HAVE__POSIX_SPAWNP /* Define to 1 if you have the `_ttyname_dev' function. */ #undef HAVE__TTYNAME_DEV /* Define to 1 if you have the `__execl' function. */ #undef HAVE___EXECL /* Define to 1 if you have the `__execle' function. */ #undef HAVE___EXECLE /* Define to 1 if you have the `__execlp' function. */ #undef HAVE___EXECLP /* Define to 1 if you have the `__exect' function. */ #undef HAVE___EXECT /* Define to 1 if you have the `__execv' function. */ #undef HAVE___EXECV /* Define to 1 if you have the `__execve' function. */ #undef HAVE___EXECVE /* Define to 1 if you have the `__execvP' function. */ #undef HAVE___EXECVP /* Define to 1 if you have the `__execvpe' function. */ #undef HAVE___EXECVPE /* Define to 1 if you have the `__fexecve' function. */ #undef HAVE___FEXECVE /* Define to 1 if the compiler supports the C99 __func__ variable. */ #undef HAVE___FUNC__ /* Define to 1 if you have dyld with __interpose attribute support. */ #undef HAVE___INTERPOSE /* Define to 1 if you have the `__nss_initf_group' function. */ #undef HAVE___NSS_INITF_GROUP /* Define to 1 if you have the `__nss_XbyY_buf_alloc' function. */ #undef HAVE___NSS_XBYY_BUF_ALLOC /* Define to 1 if you have the `__posix_spawn' function. */ #undef HAVE___POSIX_SPAWN /* Define to 1 if you have the `__posix_spawnp' function. */ #undef HAVE___POSIX_SPAWNP /* Define to 1 if your crt0.o defines the __progname symbol for you. */ #undef HAVE___PROGNAME /* Define to 1 if you want the hostname to be entered into the log file. */ #undef HOST_IN_LOG /* Define to 1 if you want to ignore '.' and empty PATH elements. */ #undef IGNORE_DOT_PATH /* The message given when a bad password is entered. */ #undef INCORRECT_PASSWORD /* The syslog facility sudo will use. */ #undef LOGFAC /* Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH. */ #undef LOGGING /* Define to 1 if you want a two line OTP (S/Key or OPIE) prompt. */ #undef LONG_OTP_PROMPT /* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* The subject of the mail sent by sudo to the MAILTO user/address. */ #undef MAILSUBJECT /* The user or email address that sudo mail is sent to. */ #undef MAILTO /* Define to 1 if `major', `minor', and `makedev' are declared in . */ #undef MAJOR_IN_MKDEV /* Define to 1 if `major', `minor', and `makedev' are declared in . */ #undef MAJOR_IN_SYSMACROS /* The max number of chars per log file line (for line wrapping). */ #undef MAXLOGFILELEN /* Define to the max length of a uid_t in string context (excluding the NUL). */ #undef MAX_UID_T_LEN /* Define to 1 if you don't want sudo to prompt for a password by default. */ #undef NO_AUTHENTICATION /* Define to 1 if you don't want users to get the lecture the first they user sudo. */ #undef NO_LECTURE /* Define to 1 if you don't want to use sudo's PAM session support. */ #undef NO_PAM_SESSION /* Define to avoid runing the mailer as root. */ #undef NO_ROOT_MAILER /* Define to 1 if root should not be allowed to use sudo. */ #undef NO_ROOT_SUDO /* Define to 1 if you want a single ticket file instead of per-tty files. */ #undef NO_TTY_TICKETS /* Define if your C preprocessor does not support variadic macros. */ #undef NO_VARIADIC_MACROS /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT /* Define to the full name of this package. */ #undef PACKAGE_NAME /* Define to the full name and version of this package. */ #undef PACKAGE_STRING /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME /* Define to the home page for this package. */ #undef PACKAGE_URL /* Define to the version of this package. */ #undef PACKAGE_VERSION /* The default password prompt. */ #undef PASSPROMPT /* The passwd prompt timeout (in minutes). */ #undef PASSWORD_TIMEOUT /* Define to 1 to replace politically incorrect insults with less offensive ones. */ #undef PC_INSULTS /* Enable replacement (v)snprintf if system (v)snprintf is broken. */ #undef PREFER_PORTABLE_SNPRINTF /* The syslog priority sudo will use for unsuccessful attempts/errors. */ #undef PRI_FAILURE /* The syslog priority sudo will use for successful attempts. */ #undef PRI_SUCCESS /* Define to const if the `putenv' takes a const argument. */ #undef PUTENV_CONST /* The default value of preloaded objects (if any). */ #undef RTLD_PRELOAD_DEFAULT /* The delimiter to use when defining multiple preloaded objects. */ #undef RTLD_PRELOAD_DELIM /* An extra environment variable that is required to enable preloading (if any). */ #undef RTLD_PRELOAD_ENABLE_VAR /* The environment variable that controls preloading of dynamic objects. */ #undef RTLD_PRELOAD_VAR /* The user sudo should run commands as by default. */ #undef RUNAS_DEFAULT /* Define to 1 to override the user's path with a built-in one. */ #undef SECURE_PATH /* Define to 1 to send mail when the user is not allowed to run a command. */ #undef SEND_MAIL_WHEN_NOT_OK /* Define to 1 to send mail when the user is not allowed to run sudo on this host. */ #undef SEND_MAIL_WHEN_NO_HOST /* Define to 1 to send mail when the user is not in the sudoers file. */ #undef SEND_MAIL_WHEN_NO_USER /* Define to 1 if you want sudo to start a shell if given no arguments. */ #undef SHELL_IF_NO_ARGS /* Define to 1 if you want sudo to set $HOME in shell mode. */ #undef SHELL_SETS_HOME /* The size of `long int', as computed by sizeof. */ #undef SIZEOF_LONG_INT /* Define to 1 to compile the sudoers plugin statically into the sudo binary. */ #undef STATIC_SUDOERS_PLUGIN /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS /* Define to 1 if the code in interfaces.c does not compile for you. */ #undef STUB_LOAD_INTERFACES /* An instance string to append to the username (separated by a slash) for Kerberos V authentication. */ #undef SUDO_KRB5_INSTANCE /* The umask that the sudo-run prog should use. */ #undef SUDO_UMASK /* The number of minutes before sudo asks for a password again. */ #undef TIMEOUT /* Define to 1 if you can safely include both and . */ #undef TIME_WITH_SYS_TIME /* The number of tries a user gets to enter their password. */ #undef TRIES_FOR_PASSWORD /* Define to 1 to use the umask specified in sudoers even when it is less restrictive than the invoking user's. */ #undef UMASK_OVERRIDE /* Define to 1 if the `unsetenv' function returns void instead of `int'. */ #undef UNSETENV_VOID /* Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo. */ #undef USE_ADMIN_FLAG /* Define to 1 if you want to insult the user for entering an incorrect password. */ #undef USE_INSULTS /* Define to 1 if you use GNU stow packaging. */ #undef USE_STOW /* Define to avoid using the passwd/shadow file for authentication. */ #undef WITHOUT_PASSWD /* Enable large inode numbers on Mac OS X 10.5. */ #ifndef _DARWIN_USE_64_BIT_INODE # define _DARWIN_USE_64_BIT_INODE 1 #endif /* Number of bits in a file offset, on hosts where this is settable. */ #undef _FILE_OFFSET_BITS /* Define for large files, on AIX-style hosts. */ #undef _LARGE_FILES /* Define to __FUNCTION__ if your compiler supports __FUNCTION__ but not __func__ */ #undef __func__ /* Define to empty if `const' does not conform to ANSI C. */ #undef const /* Define to `int' if does not define. */ #undef dev_t /* Define to `int' if does not define. */ #undef errno_t /* Define to `int' if doesn't define. */ #undef gid_t /* Define to `unsigned int' if does not define. */ #undef id_t /* Define to `unsigned int' if does not define. */ #undef ino_t /* Define to `int' if does not define. */ #undef mode_t /* Define to an OS-specific initialization function or `os_init_common'. */ #undef os_init /* Define to `size_t' if does not define. */ #undef rsize_t /* Define to `int' if does not define. */ #undef sig_atomic_t /* Define to `unsigned int' if does not define. */ #undef size_t /* Define to `unsigned int' if doesn't define. */ #undef socklen_t /* Define to `int' if does not define. */ #undef ssize_t /* Define to `int' if doesn't define. */ #undef uid_t /* Define to `unsigned int' if does not define. */ #undef uint32_t /* Define to `unsigned long long' if does not define. */ #undef uint64_t /* Define to `unsigned char' if does not define. */ #undef uint8_t /* Define to empty if the keyword `volatile' does not work. Warning: valid code using `volatile' can become incorrect without. Disable with care. */ #undef volatile /* * Macros to convert ctime and mtime into timevals. */ #define timespec2timeval(_ts, _tv) do { \ (_tv)->tv_sec = (_ts)->tv_sec; \ (_tv)->tv_usec = (_ts)->tv_nsec / 1000; \ } while (0) #ifdef HAVE_ST_MTIM # ifdef HAVE_ST__TIM # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim.st__tim, (_y)) # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim.st__tim, (_y)) # else # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim, (_y)) # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim, (_y)) # endif #else # ifdef HAVE_ST_MTIMESPEC # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctimespec, (_y)) # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtimespec, (_y)) # else # define ctim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_ctime; (_y)->tv_usec = 0; } while (0) # define mtim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_mtime; (_y)->tv_usec = 0; } while (0) # endif /* HAVE_ST_MTIMESPEC */ #endif /* HAVE_ST_MTIM */ #ifdef __GNUC__ # define ignore_result(x) do { \ __typeof__(x) y = (x); \ (void)y; \ } while(0) #else # define ignore_result(x) (void)(x) #endif /* BSD compatibility on some SVR4 systems. */ #ifdef __svr4__ # define BSD_COMP #endif /* __svr4__ */ #endif /* _SUDO_CONFIG_H */ sudo-1.8.9p5/config.sub010064400175440000012000001055211226424460000143300ustar00millertstaff#! /bin/sh # Configuration validation subroutine script. # Copyright 1992-2014 Free Software Foundation, Inc. timestamp='2014-01-01' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that # program. This Exception is an additional permission under section 7 # of the GNU General Public License, version 3 ("GPLv3"). # Please send patches with a ChangeLog entry to config-patches@gnu.org. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. # Each package is responsible for reporting which valid configurations # it does not support. The user should be able to distinguish # a failure to support a valid configuration from a meaningless # configuration. # The goal of this file is to map all the various variations of a given # machine specification into a single specification in the form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM # or in some cases, the newer four-part form: # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] CPU-MFR-OPSYS $0 [OPTION] ALIAS Canonicalize a configuration name. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.sub ($timestamp) Copyright 1992-2014 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" exit 1 ;; *local*) # First pass through any local machine types. echo $1 exit ;; * ) break ;; esac done case $# in 0) echo "$me: missing argument$help" >&2 exit 1;; 1) ;; *) echo "$me: too many arguments$help" >&2 exit 1;; esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ knetbsd*-gnu* | netbsd*-gnu* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; android-linux) os=-linux-android basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown ;; *) basic_machine=`echo $1 | sed 's/-[^-]*$//'` if [ $basic_machine != $1 ] then os=`echo $1 | sed 's/.*-/-/'` else os=; fi ;; esac ### Let's recognize common machines as not being operating systems so ### that things like config.sub decstation-3100 work. We also ### recognize some manufacturers as not being operating systems, so we ### can provide default operating systems below. case $os in -sun*os*) # Prevent following clause from handling this invalid input. ;; -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ -apple | -axis | -knuth | -cray | -microblaze* | -sr2201*) os= basic_machine=$1 ;; -bluegene*) os=-cnk ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 ;; -scout) ;; -wrs) os=-vxworks basic_machine=$1 ;; -chorusos*) os=-chorusos basic_machine=$1 ;; -chorusrdb) os=-chorusrdb basic_machine=$1 ;; -hiux*) os=-hiuxwe2 ;; -sco6) os=-sco5v6 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5) os=-sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5v6*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -udk*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -lynx*178) os=-lynxos178 ;; -lynx*5) os=-lynxos5 ;; -lynx*) os=-lynxos ;; -ptx*) basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` ;; -windowsnt*) os=`echo $os | sed -e 's/windowsnt/winnt/'` ;; -psos*) os=-psos ;; -mint | -mint[0-9]*) basic_machine=m68k-atari os=-mint ;; esac # Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. 1750a | 580 \ | a29k \ | aarch64 | aarch64_be \ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ | arc | arceb \ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ | avr | avr32 \ | be32 | be64 \ | bfin \ | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ | epiphany \ | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ | k1om \ | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ | mips64octeon | mips64octeonel \ | mips64orion | mips64orionel \ | mips64r5900 | mips64r5900el \ | mips64vr | mips64vrel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipsr5900 | mipsr5900el \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | moxie \ | mt \ | msp430 \ | nds32 | nds32le | nds32be \ | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ | open8 \ | or1k | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ | rl78 | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | spu \ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ | we32k \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) basic_machine=$basic_machine-unknown ;; c54x) basic_machine=tic54x-unknown ;; c55x) basic_machine=tic55x-unknown ;; c6x) basic_machine=tic6x-unknown ;; m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none ;; m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) ;; ms1) basic_machine=mt-unknown ;; strongarm | thumb | xscale) basic_machine=arm-unknown ;; xgate) basic_machine=$basic_machine-unknown os=-none ;; xscaleeb) basic_machine=armeb-unknown ;; xscaleel) basic_machine=armel-unknown ;; # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. i*86 | x86_64) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. *-*-*) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. 580-* \ | a29k-* \ | aarch64-* | aarch64_be-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | hexagon-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ | k1om-* \ | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ | microblaze-* | microblazeel-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ | mips64octeon-* | mips64octeonel-* \ | mips64orion-* | mips64orionel-* \ | mips64r5900-* | mips64r5900el-* \ | mips64vr-* | mips64vrel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipsr5900-* | mipsr5900el-* \ | mipstx39-* | mipstx39el-* \ | mmix-* \ | mt-* \ | msp430-* \ | nds32-* | nds32le-* | nds32be-* \ | nios-* | nios2-* | nios2eb-* | nios2el-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ | pyramid-* \ | rl78-* | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ | tahoe-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tile*-* \ | tron-* \ | ubicom32-* \ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ | ymp-* \ | z8k-* | z80-*) ;; # Recognize the basic CPU types without company name, with glob match. xtensa*) basic_machine=$basic_machine-unknown ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) basic_machine=i386-unknown os=-bsd ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) basic_machine=m68000-att ;; 3b*) basic_machine=we32k-att ;; a29khif) basic_machine=a29k-amd os=-udi ;; abacus) basic_machine=abacus-unknown ;; adobe68k) basic_machine=m68010-adobe os=-scout ;; alliant | fx80) basic_machine=fx80-alliant ;; altos | altos3068) basic_machine=m68k-altos ;; am29k) basic_machine=a29k-none os=-bsd ;; amd64) basic_machine=x86_64-pc ;; amd64-*) basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; amdahl) basic_machine=580-amdahl os=-sysv ;; amiga | amiga-*) basic_machine=m68k-unknown ;; amigaos | amigados) basic_machine=m68k-unknown os=-amigaos ;; amigaunix | amix) basic_machine=m68k-unknown os=-sysv4 ;; apollo68) basic_machine=m68k-apollo os=-sysv ;; apollo68bsd) basic_machine=m68k-apollo os=-bsd ;; aros) basic_machine=i386-pc os=-aros ;; aux) basic_machine=m68k-apple os=-aux ;; balance) basic_machine=ns32k-sequent os=-dynix ;; blackfin) basic_machine=bfin-unknown os=-linux ;; blackfin-*) basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; bluegene*) basic_machine=powerpc-ibm os=-cnk ;; c54x-*) basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` ;; c55x-*) basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` ;; c6x-*) basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` ;; c90) basic_machine=c90-cray os=-unicos ;; cegcc) basic_machine=arm-unknown os=-cegcc ;; convex-c1) basic_machine=c1-convex os=-bsd ;; convex-c2) basic_machine=c2-convex os=-bsd ;; convex-c32) basic_machine=c32-convex os=-bsd ;; convex-c34) basic_machine=c34-convex os=-bsd ;; convex-c38) basic_machine=c38-convex os=-bsd ;; cray | j90) basic_machine=j90-cray os=-unicos ;; craynv) basic_machine=craynv-cray os=-unicosmp ;; cr16 | cr16-*) basic_machine=cr16-unknown os=-elf ;; crds | unos) basic_machine=m68k-crds ;; crisv32 | crisv32-* | etraxfs*) basic_machine=crisv32-axis ;; cris | cris-* | etrax*) basic_machine=cris-axis ;; crx) basic_machine=crx-unknown os=-elf ;; da30 | da30-*) basic_machine=m68k-da30 ;; decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; decsystem10* | dec10*) basic_machine=pdp10-dec os=-tops10 ;; decsystem20* | dec20*) basic_machine=pdp10-dec os=-tops20 ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola ;; delta88) basic_machine=m88k-motorola os=-sysv3 ;; dicos) basic_machine=i686-pc os=-dicos ;; djgpp) basic_machine=i586-pc os=-msdosdjgpp ;; dpx20 | dpx20-*) basic_machine=rs6000-bull os=-bosx ;; dpx2* | dpx2*-bull) basic_machine=m68k-bull os=-sysv3 ;; ebmon29k) basic_machine=a29k-amd os=-ebmon ;; elxsi) basic_machine=elxsi-elxsi os=-bsd ;; encore | umax | mmax) basic_machine=ns32k-encore ;; es1800 | OSE68k | ose68k | ose | OSE) basic_machine=m68k-ericsson os=-ose ;; fx2800) basic_machine=i860-alliant ;; genix) basic_machine=ns32k-ns ;; gmicro) basic_machine=tron-gmicro os=-sysv ;; go32) basic_machine=i386-pc os=-go32 ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; h8300hms) basic_machine=h8300-hitachi os=-hms ;; h8300xray) basic_machine=h8300-hitachi os=-xray ;; h8500hms) basic_machine=h8500-hitachi os=-hms ;; sr2201*) basic_machine=harp1e-hitachi os=-hiuxmpp ;; harris) basic_machine=m88k-harris os=-sysv3 ;; hp300-*) basic_machine=m68k-hp ;; hp300bsd) basic_machine=m68k-hp os=-bsd ;; hp300hpux) basic_machine=m68k-hp os=-hpux ;; hp3k9[0-9][0-9] | hp9[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k2[0-9][0-9] | hp9k31[0-9]) basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) basic_machine=m68k-hp ;; hp9k6[0-9][0-9] | hp6[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k7[0-79][0-9] | hp7[0-79][0-9]) basic_machine=hppa1.1-hp ;; hp9k78[0-9] | hp78[0-9]) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[0-9][13679] | hp8[0-9][13679]) basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; hppa-next) os=-nextstep3 ;; hppaosf) basic_machine=hppa1.1-hp os=-osf ;; hppro) basic_machine=hppa1.1-hp os=-proelf ;; i370-ibm* | ibm*) basic_machine=i370-ibm ;; i*86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; i*86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; i*86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; i*86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; i386mach) basic_machine=i386-mach os=-mach ;; i386-vsta | vsta) basic_machine=i386-unknown os=-vsta ;; iris | iris4d) basic_machine=mips-sgi case $os in -irix*) ;; *) os=-irix4 ;; esac ;; isi68 | isi) basic_machine=m68k-isi os=-sysv ;; m68knommu) basic_machine=m68k-unknown os=-linux ;; m68knommu-*) basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; m88k-omron*) basic_machine=m88k-omron ;; magnum | m3230) basic_machine=mips-mips os=-sysv ;; merlin) basic_machine=ns32k-utek os=-sysv ;; microblaze*) basic_machine=microblaze-xilinx ;; mingw64) basic_machine=x86_64-pc os=-mingw64 ;; mingw32) basic_machine=i686-pc os=-mingw32 ;; mingw32ce) basic_machine=arm-unknown os=-mingw32ce ;; miniframe) basic_machine=m68000-convergent ;; *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) basic_machine=m68k-atari os=-mint ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; monitor) basic_machine=m68k-rom68k os=-coff ;; morphos) basic_machine=powerpc-unknown os=-morphos ;; msdos) basic_machine=i386-pc os=-msdos ;; ms1-*) basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; msys) basic_machine=i686-pc os=-msys ;; mvs) basic_machine=i370-ibm os=-mvs ;; nacl) basic_machine=le32-unknown os=-nacl ;; ncr3000) basic_machine=i486-ncr os=-sysv4 ;; netbsd386) basic_machine=i386-unknown os=-netbsd ;; netwinder) basic_machine=armv4l-rebel os=-linux ;; news | news700 | news800 | news900) basic_machine=m68k-sony os=-newsos ;; news1000) basic_machine=m68030-sony os=-newsos ;; news-3600 | risc-news) basic_machine=mips-sony os=-newsos ;; necv70) basic_machine=v70-nec os=-sysv ;; next | m*-next ) basic_machine=m68k-next case $os in -nextstep* ) ;; -ns2*) os=-nextstep2 ;; *) os=-nextstep3 ;; esac ;; nh3000) basic_machine=m68k-harris os=-cxux ;; nh[45]000) basic_machine=m88k-harris os=-cxux ;; nindy960) basic_machine=i960-intel os=-nindy ;; mon960) basic_machine=i960-intel os=-mon960 ;; nonstopux) basic_machine=mips-compaq os=-nonstopux ;; np1) basic_machine=np1-gould ;; neo-tandem) basic_machine=neo-tandem ;; nse-tandem) basic_machine=nse-tandem ;; nsr-tandem) basic_machine=nsr-tandem ;; op50n-* | op60c-*) basic_machine=hppa1.1-oki os=-proelf ;; openrisc | openrisc-*) basic_machine=or32-unknown ;; os400) basic_machine=powerpc-ibm os=-os400 ;; OSE68000 | ose68000) basic_machine=m68000-ericsson os=-ose ;; os68k) basic_machine=m68k-none os=-os68k ;; pa-hitachi) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; paragon) basic_machine=i860-intel os=-osf ;; parisc) basic_machine=hppa-unknown os=-linux ;; parisc-*) basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; pbd) basic_machine=sparc-tti ;; pbb) basic_machine=m68k-tti ;; pc532 | pc532-*) basic_machine=ns32k-pc532 ;; pc98) basic_machine=i386-pc ;; pc98-*) basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium | p5 | k5 | k6 | nexgen | viac3) basic_machine=i586-pc ;; pentiumpro | p6 | 6x86 | athlon | athlon_*) basic_machine=i686-pc ;; pentiumii | pentium2 | pentiumiii | pentium3) basic_machine=i686-pc ;; pentium4) basic_machine=i786-pc ;; pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-* | 6x86-* | athlon-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium4-*) basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould ;; power) basic_machine=power-ibm ;; ppc | ppcbe) basic_machine=powerpc-unknown ;; ppc-* | ppcbe-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64) basic_machine=powerpc64-unknown ;; ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64le | powerpc64little | ppc64-le | powerpc64-little) basic_machine=powerpc64le-unknown ;; ppc64le-* | powerpc64little-*) basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm ;; pw32) basic_machine=i586-unknown os=-pw32 ;; rdos | rdos64) basic_machine=x86_64-pc os=-rdos ;; rdos32) basic_machine=i386-pc os=-rdos ;; rom68k) basic_machine=m68k-rom68k os=-coff ;; rm[46]00) basic_machine=mips-siemens ;; rtpc | rtpc-*) basic_machine=romp-ibm ;; s390 | s390-*) basic_machine=s390-ibm ;; s390x | s390x-*) basic_machine=s390x-ibm ;; sa29200) basic_machine=a29k-amd os=-udi ;; sb1) basic_machine=mipsisa64sb1-unknown ;; sb1el) basic_machine=mipsisa64sb1el-unknown ;; sde) basic_machine=mipsisa32-sde os=-elf ;; sei) basic_machine=mips-sei os=-seiux ;; sequent) basic_machine=i386-sequent ;; sh) basic_machine=sh-hitachi os=-hms ;; sh5el) basic_machine=sh5le-unknown ;; sh64) basic_machine=sh64-unknown ;; sparclite-wrs | simso-wrs) basic_machine=sparclite-wrs os=-vxworks ;; sps7) basic_machine=m68k-bull os=-sysv2 ;; spur) basic_machine=spur-unknown ;; st2000) basic_machine=m68k-tandem ;; stratus) basic_machine=i860-stratus os=-sysv4 ;; strongarm-* | thumb-*) basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` ;; sun2) basic_machine=m68000-sun ;; sun2os3) basic_machine=m68000-sun os=-sunos3 ;; sun2os4) basic_machine=m68000-sun os=-sunos4 ;; sun3os3) basic_machine=m68k-sun os=-sunos3 ;; sun3os4) basic_machine=m68k-sun os=-sunos4 ;; sun4os3) basic_machine=sparc-sun os=-sunos3 ;; sun4os4) basic_machine=sparc-sun os=-sunos4 ;; sun4sol2) basic_machine=sparc-sun os=-solaris2 ;; sun3 | sun3-*) basic_machine=m68k-sun ;; sun4) basic_machine=sparc-sun ;; sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; sv1) basic_machine=sv1-cray os=-unicos ;; symmetry) basic_machine=i386-sequent os=-dynix ;; t3e) basic_machine=alphaev5-cray os=-unicos ;; t90) basic_machine=t90-cray os=-unicos ;; tile*) basic_machine=$basic_machine-unknown os=-linux-gnu ;; tx39) basic_machine=mipstx39-unknown ;; tx39el) basic_machine=mipstx39el-unknown ;; toad1) basic_machine=pdp10-xkl os=-tops20 ;; tower | tower-32) basic_machine=m68k-ncr ;; tpf) basic_machine=s390x-ibm os=-tpf ;; udi29k) basic_machine=a29k-amd os=-udi ;; ultra3) basic_machine=a29k-nyu os=-sym1 ;; v810 | necv810) basic_machine=v810-nec os=-none ;; vaxv) basic_machine=vax-dec os=-sysv ;; vms) basic_machine=vax-dec os=-vms ;; vpp*|vx|vx-*) basic_machine=f301-fujitsu ;; vxworks960) basic_machine=i960-wrs os=-vxworks ;; vxworks68) basic_machine=m68k-wrs os=-vxworks ;; vxworks29k) basic_machine=a29k-wrs os=-vxworks ;; w65*) basic_machine=w65-wdc os=-none ;; w89k-*) basic_machine=hppa1.1-winbond os=-proelf ;; xbox) basic_machine=i686-pc os=-mingw32 ;; xps | xps100) basic_machine=xps100-honeywell ;; xscale-* | xscalee[bl]-*) basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` ;; ymp) basic_machine=ymp-cray os=-unicos ;; z8k-*-coff) basic_machine=z8k-unknown os=-sim ;; z80-*-coff) basic_machine=z80-unknown os=-sim ;; none) basic_machine=none-none os=-none ;; # Here we handle the default manufacturer of certain CPU types. It is in # some cases the only manufacturer, in others, it is the most popular. w89k) basic_machine=hppa1.1-winbond ;; op50n) basic_machine=hppa1.1-oki ;; op60c) basic_machine=hppa1.1-oki ;; romp) basic_machine=romp-ibm ;; mmix) basic_machine=mmix-knuth ;; rs6000) basic_machine=rs6000-ibm ;; vax) basic_machine=vax-dec ;; pdp10) # there are many clones, so DEC is not a safe bet basic_machine=pdp10-unknown ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) basic_machine=sparc-sun ;; cydra) basic_machine=cydra-cydrome ;; orion) basic_machine=orion-highlevel ;; orion105) basic_machine=clipper-highlevel ;; mac | mpw | mac-mpw) basic_machine=m68k-apple ;; pmac | pmac-mpw) basic_machine=powerpc-apple ;; *-unknown) # Make sure to match an already-canonicalized machine name. ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; esac # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` ;; *-commodore*) basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` ;; *) ;; esac # Decode manufacturer-specific aliases for certain operating systems. if [ x"$os" != x"" ] then case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. -auroraux) os=-auroraux ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; -solaris) os=-solaris2 ;; -svr4*) os=-sysv4 ;; -unixware*) os=-sysv4.2uw ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; # First accept the basic system types. # The portable systems comes first. # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ | -bitrig* | -openbsd* | -solidbsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) case $basic_machine in x86-* | i*86-*) ;; *) os=-nto$os ;; esac ;; -nto-qnx*) ;; -nto*) os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; -mac*) os=`echo $os | sed -e 's|mac|macos|'` ;; -linux-dietlibc) os=-linux-dietlibc ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) os=`echo $os | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) os=`echo $os | sed -e 's|sunos6|solaris3|'` ;; -opened*) os=-openedition ;; -os400*) os=-os400 ;; -wince*) os=-wince ;; -osfrose*) os=-osfrose ;; -osf*) os=-osf ;; -utek*) os=-bsd ;; -dynix*) os=-bsd ;; -acis*) os=-aos ;; -atheos*) os=-atheos ;; -syllable*) os=-syllable ;; -386bsd) os=-bsd ;; -ctix* | -uts*) os=-sysv ;; -nova*) os=-rtmk-nova ;; -ns2 ) os=-nextstep2 ;; -nsk*) os=-nsk ;; # Preserve the version number of sinix5. -sinix5.*) os=`echo $os | sed -e 's|sinix|sysv|'` ;; -sinix*) os=-sysv4 ;; -tpf*) os=-tpf ;; -triton*) os=-sysv3 ;; -oss*) os=-sysv3 ;; -svr4) os=-sysv4 ;; -svr3) os=-sysv3 ;; -sysvr4) os=-sysv4 ;; # This must come after -sysvr4. -sysv*) ;; -ose*) os=-ose ;; -es1800*) os=-ose ;; -xenix) os=-xenix ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) os=-mint ;; -aros*) os=-aros ;; -zvmoe) os=-zvmoe ;; -dicos*) os=-dicos ;; -nacl*) ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 exit 1 ;; esac else # Here we handle the default operating systems that come with various machines. # The value should be what the vendor currently ships out the door with their # machine or put another way, the most popular os provided with the machine. # Note that if you're going to try to match "-MANUFACTURER" here (say, # "-sun"), then you have to tell the case statement up towards the top # that MANUFACTURER isn't an operating system. Otherwise, code above # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. case $basic_machine in score-*) os=-elf ;; spu-*) os=-elf ;; *-acorn) os=-riscix1.2 ;; arm*-rebel) os=-linux ;; arm*-semi) os=-aout ;; c4x-* | tic4x-*) os=-coff ;; c8051-*) os=-elf ;; hexagon-*) os=-elf ;; tic54x-*) os=-coff ;; tic55x-*) os=-coff ;; tic6x-*) os=-coff ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 ;; pdp11-*) os=-none ;; *-dec | vax-*) os=-ultrix4.2 ;; m68*-apollo) os=-domain ;; i386-sun) os=-sunos4.0.2 ;; m68000-sun) os=-sunos3 ;; m68*-cisco) os=-aout ;; mep-*) os=-elf ;; mips*-cisco) os=-elf ;; mips*-*) os=-elf ;; or1k-*) os=-elf ;; or32-*) os=-coff ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; sparc-* | *-sun) os=-sunos4.1.1 ;; *-be) os=-beos ;; *-haiku) os=-haiku ;; *-ibm) os=-aix ;; *-knuth) os=-mmixware ;; *-wec) os=-proelf ;; *-winbond) os=-proelf ;; *-oki) os=-proelf ;; *-hp) os=-hpux ;; *-hitachi) os=-hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) os=-sysv ;; *-cbm) os=-amigaos ;; *-dg) os=-dgux ;; *-dolphin) os=-sysv3 ;; m68k-ccur) os=-rtu ;; m88k-omron*) os=-luna ;; *-next ) os=-nextstep ;; *-sequent) os=-ptx ;; *-crds) os=-unos ;; *-ns) os=-genix ;; i370-*) os=-mvs ;; *-next) os=-nextstep3 ;; *-gould) os=-sysv ;; *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; *-sgi) os=-irix ;; *-siemens) os=-sysv4 ;; *-masscomp) os=-rtu ;; f30[01]-fujitsu | f700-fujitsu) os=-uxpv ;; *-rom68k) os=-coff ;; *-*bug) os=-coff ;; *-apple) os=-macos ;; *-atari*) os=-mint ;; *) os=-none ;; esac fi # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. vendor=unknown case $basic_machine in *-unknown) case $os in -riscix*) vendor=acorn ;; -sunos*) vendor=sun ;; -cnk*|-aix*) vendor=ibm ;; -beos*) vendor=be ;; -hpux*) vendor=hp ;; -mpeix*) vendor=hp ;; -hiux*) vendor=hitachi ;; -unos*) vendor=crds ;; -dgux*) vendor=dg ;; -luna*) vendor=omron ;; -genix*) vendor=ns ;; -mvs* | -opened*) vendor=ibm ;; -os400*) vendor=ibm ;; -ptx*) vendor=sequent ;; -tpf*) vendor=ibm ;; -vxsim* | -vxworks* | -windiss*) vendor=wrs ;; -aux*) vendor=apple ;; -hms*) vendor=hitachi ;; -mpw* | -macos*) vendor=apple ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) vendor=atari ;; -vos*) vendor=stratus ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac echo $basic_machine$os exit # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: sudo-1.8.9p5/configure010075500175440000012000024467201227416653300143030ustar00millertstaff#! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.69 for sudo 1.8.9p5. # # Report bugs to . # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. # # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # Use a proper internal environment variable to ensure we don't fall # into an infinite loop, continuously re-executing ourselves. if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then _as_can_reexec=no; export _as_can_reexec; # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 as_fn_exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } as_fn_failure () { as_fn_return 1; } as_fn_ret_success () { return 0; } as_fn_ret_failure () { return 1; } exitcode=0 as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : else exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || ( ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO PATH=/empty FPATH=/empty; export PATH FPATH test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\ || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1 test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null; then : as_have_required=yes else as_have_required=no fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. as_shell=$as_dir/$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : CONFIG_SHELL=$as_shell as_have_required=yes if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : break 2 fi fi done;; esac as_found=false done $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : CONFIG_SHELL=$SHELL as_have_required=yes fi; } IFS=$as_save_IFS if test "x$CONFIG_SHELL" != x; then : export CONFIG_SHELL # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi if test x$as_have_required = xno; then : $as_echo "$0: This script requires a shell more modern than all" $as_echo "$0: the shells that I found on your system." if test x${ZSH_VERSION+set} = xset ; then $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org and $0: http://www.sudo.ws/bugs/ about your system, including $0: any error possibly output before this message. Then $0: install a modern shell, or manually run the script $0: under such a shell if you do have one." fi exit 1 fi fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. CLICOLOR_FORCE= GREP_OPTIONS= unset CLICOLOR_FORCE GREP_OPTIONS ## --------------------- ## ## M4sh Shell Functions. ## ## --------------------- ## # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_lineno_1=$LINENO as_lineno_1a=$LINENO as_lineno_2=$LINENO as_lineno_2a=$LINENO eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # If we had to re-execute with $CONFIG_SHELL, we're ensured to have # already done that, so ensure we don't try to do so again and fall # in an infinite loop. This has already happened in practice. _as_can_reexec=no; export _as_can_reexec # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" SHELL=${CONFIG_SHELL-/bin/sh} test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. # hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` # # Initializations. # ac_default_prefix=/usr/local ac_clean_files= ac_config_libobj_dir=. LIBOBJS= cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' PACKAGE_VERSION='1.8.9p5' PACKAGE_STRING='sudo 1.8.9p5' PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/' PACKAGE_URL='' ac_unique_file="src/sudo.c" ac_config_libobj_dir=compat # Factoring default headers for most tests. ac_includes_default="\ #include #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_STAT_H # include #endif #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif #ifdef HAVE_STRING_H # if !defined STDC_HEADERS && defined HAVE_MEMORY_H # include # endif # include #endif #ifdef HAVE_STRINGS_H # include #endif #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif #ifdef HAVE_UNISTD_H # include #endif" ac_c_werror_flag= ac_subst_vars='LTLIBOBJS KRB5CONFIG LIBOBJS FLEX YFLAGS YACC NROFFPROG MANDOCPROG TRPROG UNAMEPROG OTOOL64 OTOOL LIPO NMEDIT DSYMUTIL MANIFEST_TOOL AWK STRIP ac_ct_AR DLLTOOL OBJDUMP LN_S NM ac_ct_DUMPBIN DUMPBIN LD FGREP EGREP GREP SED host_os host_vendor host_cpu host build_os build_vendor build_cpu build RANLIB AR CPP OBJEXT EXEEXT ac_ct_CC CC PLUGINDIR pam_login_service pam_session editor secure_path netsvc_conf nsswitch_conf sssd_lib ldap_secret ldap_conf path_info root_sudo insults tty_tickets passwd_tries env_reset env_editor runas_default fqdn badpass_message mailsub mailto mail_no_perms mail_no_host mail_no_user ignore_dot loglen badpri goodpri logfac lecture long_otp_prompt passprompt umask_override sudo_umask password_timeout timeout timedir iolog_dir NO_VIZ SSP_CFLAGS SSP_LDFLAGS PIE_CFLAGS PIE_LDFLAGS CROSS_COMPILING COMPAT_TEST_PROGS LOCALEDIR_SUFFIX SUDO_NLS LIBINTL LT_STATIC LIBDL CONFIGURE_ARGS ac_config_libobj_dir LIBTOOL_DEPS ZLIB_SRC ZLIB LOGINCAP_USAGE LDAP SELINUX_USAGE BSDAUTH_USAGE DONT_LEAK_PATH_INFO INSTALL_NOEXEC sesh_file noexec_file SOEXT NOEXECDIR NOEXECFILE mansrcdir mansectform mansectsu devdir SEMAN PSMAN LCMAN BAMAN DEVEL SUDOERS_GID SUDOERS_UID SUDOERS_MODE SHLIB_EXT SHLIB_MODE MANCOMPRESSEXT MANCOMPRESS MANDIRTYPE MANTYPE AUTH_OBJS OSDEFS GETGROUPS_LIB REPLAY_LIBS AFS_LIBS NET_LIBS SUDOERS_LIBS SUDO_LIBS SUDO_OBJS SUDOERS_OBJS COMMON_OBJS LT_LDEXPORTS LT_LDDEP LT_LDOPT LT_LDMAP LT_LDFLAGS SUDOERS_LDFLAGS LDFLAGS CPPFLAGS PROGS CFLAGS LIBTOOL HAVE_BSM_AUDIT target_alias host_alias build_alias LIBS ECHO_T ECHO_N ECHO_C DEFS mandir localedir libdir psdir pdfdir dvidir htmldir infodir docdir oldincludedir includedir localstatedir sharedstatedir sysconfdir datadir datarootdir libexecdir sbindir bindir program_transform_name prefix exec_prefix PACKAGE_URL PACKAGE_BUGREPORT PACKAGE_STRING PACKAGE_VERSION PACKAGE_TARNAME PACKAGE_NAME PATH_SEPARATOR SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking with_otp_only with_alertmail with_devel with_CC with_rpath with_blibpath with_bsm_audit with_linux_audit with_sssd with_sssd_lib with_incpath with_libpath with_libraries with_efence with_csops with_passwd with_skey with_opie with_long_otp_prompt with_SecurID with_fwtk with_kerb5 with_aixauth with_pam with_AFS with_DCE with_logincap with_bsdauth with_project with_lecture with_logging with_logfac with_goodpri with_badpri with_logpath with_loglen with_ignore_dot with_mail_if_no_user with_mail_if_no_host with_mail_if_noperms with_mailto with_mailsubject with_passprompt with_badpass_message with_fqdn with_timedir with_iologdir with_sendmail with_sudoers_mode with_sudoers_uid with_sudoers_gid with_umask with_umask_override with_runas_default with_exempt with_editor with_env_editor with_passwd_tries with_timeout with_password_timeout with_tty_tickets with_insults with_all_insults with_classic_insults with_csops_insults with_hal_insults with_goons_insults with_nsswitch with_ldap with_ldap_conf_file with_ldap_secret_file with_pc_insults with_secure_path with_interfaces with_stow with_askpass with_plugindir with_man with_mdoc enable_authentication enable_root_mailer enable_setreuid enable_setresuid enable_shadow enable_root_sudo enable_log_host enable_noargs_shell enable_shell_sets_home enable_path_info enable_env_debug enable_zlib enable_env_reset enable_warnings enable_werror enable_hardening enable_pie enable_poll enable_admin_flag enable_nls enable_rpath enable_static_sudoers with_selinux enable_gss_krb5_ccache_name enable_shared enable_static with_pic enable_fast_install with_gnu_ld with_sysroot enable_libtool_lock with_libtool with_noexec with_netsvc enable_sia enable_largefile with_pam_login enable_pam_session enable_kerb5_instance ' ac_precious_vars='build_alias host_alias target_alias CC CFLAGS LDFLAGS LIBS CPPFLAGS CPP YACC YFLAGS' # Initialize some variables set by options. ac_init_help= ac_init_version=false ac_unrecognized_opts= ac_unrecognized_sep= # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. # Use braces instead of parens because sh, perl, etc. also accept them. # (The list follows the same order as the GNU Coding Standards.) bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datarootdir='${prefix}/share' datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' infodir='${datarootdir}/info' htmldir='${docdir}' dvidir='${docdir}' pdfdir='${docdir}' psdir='${docdir}' libdir='${exec_prefix}/lib' localedir='${datarootdir}/locale' mandir='${datarootdir}/man' ac_prev= ac_dashdash= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval $ac_prev=\$ac_option ac_prev= continue fi case $ac_option in *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; *=) ac_optarg= ;; *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $ac_dashdash$ac_option in --) ac_dashdash=yes ;; -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file=$ac_optarg ;; --config-cache | -C) cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=*) datadir=$ac_optarg ;; -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ | --dataroo | --dataro | --datar) ac_prev=datarootdir ;; -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) datarootdir=$ac_optarg ;; -disable-* | --disable-*) ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=no ;; -docdir | --docdir | --docdi | --doc | --do) ac_prev=docdir ;; -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) docdir=$ac_optarg ;; -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) ac_prev=dvidir ;; -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) dvidir=$ac_optarg ;; -enable-* | --enable-*) ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=\$ac_optarg ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias=$ac_optarg ;; -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) ac_prev=htmldir ;; -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ | --ht=*) htmldir=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir=$ac_optarg ;; -localedir | --localedir | --localedi | --localed | --locale) ac_prev=localedir ;; -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) localedir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst | --locals) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name=$ac_optarg ;; -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) ac_prev=pdfdir ;; -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) pdfdir=$ac_optarg ;; -psdir | --psdir | --psdi | --psd | --ps) ac_prev=psdir ;; -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) psdir=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers | -V) ac_init_version=: ;; -with-* | --with-*) ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=\$ac_optarg ;; -without-* | --without-*) ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=no ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; -*) as_fn_error $? "unrecognized option: \`$ac_option' Try \`$0 --help' for more information" ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" ;; esac done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` as_fn_error $? "missing argument to $ac_option" fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi # Check all directory arguments for consistency. for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. case $ac_val in */ ) ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` eval $ac_var=\$ac_val;; esac # Be sure to have absolute directory names. case $ac_val in [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || as_fn_error $? "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || as_fn_error $? "pwd does not report name of working directory" # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then the parent directory. ac_confdir=`$as_dirname -- "$as_myself" || $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_myself" : 'X\(//\)[^/]' \| \ X"$as_myself" : 'X\(//\)$' \| \ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` srcdir=$ac_confdir if test ! -r "$srcdir/$ac_unique_file"; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then srcdir=. fi # Remove unnecessary trailing slashes from srcdir. # Double slashes in file names in object file debugging info # mess up M-x gdb in Emacs. case $srcdir in */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; esac for ac_var in $ac_precious_vars; do eval ac_env_${ac_var}_set=\${${ac_var}+set} eval ac_env_${ac_var}_value=\$${ac_var} eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} eval ac_cv_env_${ac_var}_value=\$${ac_var} done # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures sudo 1.8.9p5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking ...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --sysconfdir=DIR read-only single-machine data [/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] --datadir=DIR read-only architecture-independent data [DATAROOTDIR] --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root [DATAROOTDIR/doc/sudo] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] --psdir=DIR ps documentation [DOCDIR] _ACEOF cat <<\_ACEOF System types: --build=BUILD configure for building on BUILD [guessed] --host=HOST cross-compile to build programs to run on HOST [BUILD] _ACEOF fi if test -n "$ac_init_help"; then case $ac_init_help in short | recursive ) echo "Configuration of sudo 1.8.9p5:";; esac cat <<\_ACEOF Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --disable-authentication Do not require authentication by default --disable-root-mailer Don't run the mailer as root, run as the user --disable-setreuid Don't try to use the setreuid() function --disable-setresuid Don't try to use the setresuid() function --disable-shadow Never use shadow passwords --disable-root-sudo Don't allow root to run sudo --enable-log-host Log the hostname in the log file --enable-noargs-shell If sudo is given no arguments run a shell --enable-shell-sets-home Set $HOME to target user in shell mode --disable-path-info Print 'command not allowed' not 'command not found' --enable-env-debug Whether to enable environment debugging. --enable-zlib[=PATH] Whether to enable or disable zlib --enable-env-reset Whether to enable environment resetting by default. --enable-warnings Whether to enable compiler warnings --enable-werror Whether to enable the -Werror compiler option --disable-hardening Do not use compiler/linker exploit mitigation options --enable-pie Build sudo as a position independent executable. --disable-poll Use select() instead of poll(). --enable-admin-flag Whether to create a Ubuntu-style admin flag file --disable-nls Disable natural language support using gettext --disable-rpath Disable passing of -Rpath to the linker --enable-static-sudoers Build the sudoers policy module as part of the sudo binary instead as a plugin --enable-gss-krb5-ccache-name Use GSS-API to set the Kerberos V cred cache name --enable-shared[=PKGS] build shared libraries [default=yes] --enable-static[=PKGS] build static libraries [default=yes] --enable-fast-install[=PKGS] optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) --disable-sia Disable SIA on Digital UNIX --disable-largefile omit support for large files --disable-pam-session Disable PAM session support --enable-kerb5-instance instance string to append to the username (separated by a slash) Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-otp-only deprecated --with-alertmail deprecated --with-devel add development options --with-CC C compiler to use --with-rpath deprecated, use --disable-rpath --with-blibpath=PATH deprecated --with-bsm-audit enable BSM audit support --with-linux-audit enable Linux audit support --with-sssd enable SSSD support --with-sssd-lib path to the SSSD library --with-incpath additional places to look for include files --with-libpath additional places to look for libraries --with-libraries additional libraries to link with --with-efence link with -lefence for malloc() debugging --with-csops add CSOps standard options --without-passwd don't use passwd/shadow file for authentication --with-skey=DIR enable S/Key support --with-opie=DIR enable OPIE support --with-long-otp-prompt use a two line OTP (skey/opie) prompt --with-SecurID[=DIR] enable SecurID support --with-fwtk[=DIR] enable FWTK AuthSRV support --with-kerb5[=DIR] enable Kerberos V support --with-aixauth enable AIX general authentication support --with-pam enable PAM support --with-AFS enable AFS support --with-DCE enable DCE support --with-logincap enable BSD login class support --with-bsdauth enable BSD authentication support --with-project enable Solaris project support --without-lecture don't print lecture for first-time sudoer --with-logging log via syslog, file, or both --with-logfac syslog facility to log with (default is "auth") --with-goodpri syslog priority for commands (def is "notice") --with-badpri syslog priority for failures (def is "alert") --with-logpath path to the sudo log file --with-loglen maximum length of a log file line (default is 80) --with-ignore-dot ignore '.' in the PATH --without-mail-if-no-user do not send mail if user not in sudoers --with-mail-if-no-host send mail if user in sudoers but not for this host --with-mail-if-noperms send mail if user not allowed to run command --with-mailto who should get sudo mail (default is "root") --with-mailsubject subject of sudo mail --with-passprompt default password prompt --with-badpass-message message the user sees when the password is wrong --with-fqdn expect fully qualified hosts in sudoers --with-timedir path to the sudo timestamp dir --with-iologdir=DIR directory to store sudo I/O log files in --with-sendmail set path to sendmail --without-sendmail do not send mail at all --with-sudoers-mode mode of sudoers file (defaults to 0440) --with-sudoers-uid uid that owns sudoers file (defaults to 0) --with-sudoers-gid gid that owns sudoers file (defaults to 0) --with-umask umask with which the prog should run (default is 022) --without-umask Preserves the umask of the user invoking sudo. --with-umask-override Use the umask specified in sudoers even if it is less restrictive than the user's. --with-runas-default User to run commands as (default is "root") --with-exempt=group no passwd needed for users in this group --with-editor=path Default editor for visudo (defaults to vi) --with-env-editor Use the environment variable EDITOR for visudo --with-passwd-tries number of tries to enter password (default is 3) --with-timeout minutes before sudo asks for passwd again (def is 5 minutes) --with-password-timeout passwd prompt timeout in minutes (default is 5 minutes) --with-tty-tickets use a different ticket file for each tty --with-insults insult the user for entering an incorrect password --with-all-insults include all the sudo insult sets --with-classic-insults include the insults from the "classic" sudo --with-csops-insults include CSOps insults --with-hal-insults include 2001-like insults --with-goons-insults include the insults from the "Goon Show" --with-nsswitch[=PATH] path to nsswitch.conf --with-ldap[=DIR] enable LDAP support --with-ldap-conf-file path to LDAP configuration file --with-ldap-secret-file path to LDAP secret password file --with-pc-insults replace politically incorrect insults with less offensive ones --with-secure-path override the user's path with a built-in one --without-interfaces don't try to read the ip addr of ether interfaces --with-stow deprecated --with-askpass=PATH Fully qualified pathname of askpass helper --with-plugindir set directory to load plugins from --with-man manual pages use man macros --with-mdoc manual pages use mdoc macros --with-selinux enable SELinux support --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use both] --with-gnu-ld assume the C compiler uses GNU ld [default=no] --with-sysroot[=DIR] Search for dependent libraries within DIR (or the compiler's sysroot if not specified). --with-libtool=PATH specify path to libtool --with-noexec=PATH fully qualified pathname of sudo_noexec.so --with-netsvc[=PATH] path to netsvc.conf --with-pam-login enable specific PAM session for sudo -i Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory LIBS libraries to pass to the linker, e.g. -l CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory CPP C preprocessor YACC The `Yet Another Compiler Compiler' implementation to use. Defaults to the first program found out of: `bison -y', `byacc', `yacc'. YFLAGS The list of arguments that will be passed by default to $YACC. This script will default YFLAGS to the empty string to avoid a default value of `-d' given by some make applications. Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to . _ACEOF ac_status=$? fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d "$ac_dir" || { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || continue ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } # Check for guested configure. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive elif test -f "$ac_srcdir/configure"; then echo && $SHELL "$ac_srcdir/configure" --help=recursive else $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF sudo configure 1.8.9p5 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi ## ------------------------ ## ## Autoconf initialization. ## ## ------------------------ ## # ac_fn_c_try_compile LINENO # -------------------------- # Try to compile conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_compile # ac_fn_c_try_link LINENO # ----------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_link () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext conftest$ac_exeext if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || test -x conftest$ac_exeext }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would # interfere with the next link command; also delete a directory that is # left behind by Apple's compiler. We do this before executing the actions. rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_link # ac_fn_c_try_cpp LINENO # ---------------------- # Try to preprocess conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_cpp () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } > conftest.i && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_cpp # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists and can be compiled using the include files in # INCLUDES, setting the cache variable VAR accordingly. ac_fn_c_check_header_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_compile # ac_fn_c_try_run LINENO # ---------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes # that executables *can* be run. ac_fn_c_try_run () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then : ac_retval=0 else $as_echo "$as_me: program exited with status $ac_status" >&5 $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=$ac_status fi rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_run # ac_fn_c_check_func LINENO FUNC VAR # ---------------------------------- # Tests whether FUNC exists, setting the cache variable VAR accordingly ac_fn_c_check_func () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Define $2 to an innocuous variant, in case declares $2. For example, HP-UX 11i declares gettimeofday. */ #define $2 innocuous_$2 /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $2 (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $2 /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $2 (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$2 || defined __stub___$2 choke me #endif int main () { return $2 (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_func # ac_fn_c_check_type LINENO TYPE VAR INCLUDES # ------------------------------------------- # Tests whether TYPE exists after having included INCLUDES, setting cache # variable VAR accordingly. ac_fn_c_check_type () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof ($2)) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof (($2))) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else eval "$3=yes" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_type # ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists, giving a warning if it cannot be compiled using # the include files in INCLUDES and setting the cache variable VAR # accordingly. ac_fn_c_check_header_mongrel () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if eval \${$3+:} false; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } else # Is the header compilable? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 $as_echo_n "checking $2 usability... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_header_compiler=yes else ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 $as_echo_n "checking $2 presence... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <$2> _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : ac_header_preproc=yes else ac_header_preproc=no fi rm -f conftest.err conftest.i conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( yes:no: ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ;; no:yes:* ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ( $as_echo "## --------------------------------------- ## ## Report this to http://www.sudo.ws/bugs/ ## ## --------------------------------------- ##" ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=\$ac_header_compiler" fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_mongrel # ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES # ---------------------------------------------------- # Tries to find if the field MEMBER exists in type AGGR, after including # INCLUDES, setting cache variable VAR accordingly. ac_fn_c_check_member () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 $as_echo_n "checking for $2.$3... " >&6; } if eval \${$4+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int main () { static $2 ac_aggr; if (ac_aggr.$3) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$4=yes" else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int main () { static $2 ac_aggr; if (sizeof ac_aggr.$3) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$4=yes" else eval "$4=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$4 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_member # ac_fn_c_compute_int LINENO EXPR VAR INCLUDES # -------------------------------------------- # Tries to find the compile-time value of EXPR in a program that includes # INCLUDES, setting VAR accordingly. Returns whether the value could be # computed ac_fn_c_compute_int () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if test "$cross_compiling" = yes; then # Depending upon the size, compute the lo and hi bounds. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) >= 0)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_lo=0 ac_mid=0 while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) <= $ac_mid)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_hi=$ac_mid; break else as_fn_arith $ac_mid + 1 && ac_lo=$as_val if test $ac_lo -le $ac_mid; then ac_lo= ac_hi= break fi as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) < 0)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_hi=-1 ac_mid=-1 while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) >= $ac_mid)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_lo=$ac_mid; break else as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val if test $ac_mid -le $ac_hi; then ac_lo= ac_hi= break fi as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done else ac_lo= ac_hi= fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext # Binary search between lo and hi bounds. while test "x$ac_lo" != "x$ac_hi"; do as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) <= $ac_mid)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_hi=$ac_mid else as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done case $ac_lo in #(( ?*) eval "$3=\$ac_lo"; ac_retval=0 ;; '') ac_retval=1 ;; esac else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 static long int longval () { return $2; } static unsigned long int ulongval () { return $2; } #include #include int main () { FILE *f = fopen ("conftest.val", "w"); if (! f) return 1; if (($2) < 0) { long int i = longval (); if (i != ($2)) return 1; fprintf (f, "%ld", i); } else { unsigned long int i = ulongval (); if (i != ($2)) return 1; fprintf (f, "%lu", i); } /* Do not output a trailing newline, as this causes \r\n confusion on some platforms. */ return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : echo >>conftest.val; read $3 &5 $as_echo_n "checking whether $as_decl_name is declared... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { #ifndef $as_decl_name #ifdef __cplusplus (void) $as_decl_use; #else (void) $as_decl_name; #endif #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_decl cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by sudo $as_me 1.8.9p5, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ _ACEOF exec 5>>config.log { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. $as_echo "PATH: $as_dir" done IFS=$as_save_IFS } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; 2) as_fn_append ac_configure_args1 " '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi as_fn_append ac_configure_args " '$ac_arg'" ;; esac done done { ac_configure_args0=; unset ac_configure_args0;} { ac_configure_args1=; unset ac_configure_args1;} # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? # Save into config.log some information that might help in debugging. { echo $as_echo "## ---------------- ## ## Cache variables. ## ## ---------------- ##" echo # The following way of writing the cache mishandles newlines in values, ( for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( *${as_nl}ac_space=\ *) sed -n \ "s/'\''/'\''\\\\'\'''\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" ;; #( *) sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) echo $as_echo "## ----------------- ## ## Output variables. ## ## ----------------- ##" echo for ac_var in $ac_subst_vars do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then $as_echo "## ------------------- ## ## File substitutions. ## ## ------------------- ##" echo for ac_var in $ac_subst_files do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then $as_echo "## ----------- ## ## confdefs.h. ## ## ----------- ##" echo cat confdefs.h echo fi test "$ac_signal" != 0 && $as_echo "$as_me: caught signal $ac_signal" $as_echo "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h $as_echo "/* confdefs.h */" > confdefs.h # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_URL "$PACKAGE_URL" _ACEOF # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then # We do not want a PATH search for config.site. case $CONFIG_SITE in #(( -*) ac_site_file1=./$CONFIG_SITE;; */*) ac_site_file1=$CONFIG_SITE;; *) ac_site_file1=./$CONFIG_SITE;; esac elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site else ac_site_file1=$ac_default_prefix/share/config.site ac_site_file2=$ac_default_prefix/etc/config.site fi for ac_site_file in "$ac_site_file1" "$ac_site_file2" do test "x$ac_site_file" = xNONE && continue if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file See \`config.log' for more details" "$LINENO" 5; } fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special files # actually), so we avoid doing that. DJGPP emulates it as a regular file. if test /dev/null != "$cache_file" && test -f "$cache_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in $ac_precious_vars; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then # differences in whitespace do not lead to failure. ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 $as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 $as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 $as_echo "$as_me: former value: \`$ac_old_val'" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) as_fn_append ac_configure_args " '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## ## -------------------- ## ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_config_headers="$ac_config_headers config.h pathnames.h" { $as_echo "$as_me:${as_lineno-$LINENO}: Configuring Sudo version $PACKAGE_VERSION" >&5 $as_echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;} # # Begin initial values for man page substitution # iolog_dir=/var/log/sudo-io timedir=/var/adm/sudo timeout=5 password_timeout=5 sudo_umask=0022 umask_override=off passprompt="Password:" long_otp_prompt=off lecture=once logfac=auth goodpri=notice badpri=alert loglen=80 ignore_dot=off mail_no_user=on mail_no_host=off mail_no_perms=off mailto=root mailsub="*** SECURITY information for %h ***" badpass_message="Sorry, try again." fqdn=off runas_default=root env_editor=off env_reset=on editor=vi passwd_tries=3 tty_tickets=on insults=off root_sudo=on path_info=on ldap_conf=/etc/ldap.conf ldap_secret=/etc/ldap.secret netsvc_conf=/etc/netsvc.conf noexec_file=/usr/local/libexec/sudo/sudo_noexec.so sesh_file=/usr/local/libexec/sudo/sesh nsswitch_conf=/etc/nsswitch.conf secure_path="not set" pam_session=on pam_login_service=sudo PLUGINDIR=/usr/local/libexec/sudo # # End initial values for man page substitution # INSTALL_NOEXEC= devdir='$(srcdir)' PROGS="sudo" : ${MANDIRTYPE='man'} : ${mansrcdir='.'} : ${SHLIB_MODE='0644'} : ${SUDOERS_MODE='0440'} : ${SUDOERS_UID='0'} : ${SUDOERS_GID='0'} DEVEL= LDAP="#" BAMAN=0 LCMAN=0 PSMAN=0 SEMAN=0 LIBINTL= ZLIB= ZLIB_SRC= AUTH_OBJS= AUTH_REG= AUTH_EXCL= AUTH_EXCL_DEF= AUTH_DEF=passwd SUDO_NLS=disabled LOCALEDIR_SUFFIX= LT_LDEXPORTS="-export-symbols \$(shlib_exp)" LT_LDDEP="\$(shlib_exp)" NO_VIZ="-DNO_VIZ" OS_INIT=os_init_common CHECKSHADOW=true shadow_defs= shadow_funcs= shadow_libs= shadow_libs_optional= CONFIGURE_ARGS="$@" RTLD_PRELOAD_VAR="LD_PRELOAD" RTLD_PRELOAD_ENABLE_VAR= RTLD_PRELOAD_DELIM=":" RTLD_PRELOAD_DEFAULT= # # Prior to sudo 1.8.7, sudo stored libexec files in $libexecdir. # Starting with sudo 1.8.7, $libexecdir/sudo is used so strip # off an extraneous "/sudo" from libexecdir. # case "$libexecdir" in */sudo) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libexecdir should not include the \"sudo\" subdirectory" >&5 $as_echo "$as_me: WARNING: libexecdir should not include the \"sudo\" subdirectory" >&2;} libexecdir=`expr "$libexecdir" : '\\(.*\\)/sudo$'` ;; esac # Check whether --with-otp-only was given. if test "${with_otp_only+set}" = set; then : withval=$with_otp_only; case $with_otp_only in yes) with_passwd="no" { $as_echo "$as_me:${as_lineno-$LINENO}: --with-otp-only option deprecated, treating as --without-passwd" >&5 $as_echo "$as_me: --with-otp-only option deprecated, treating as --without-passwd" >&6;} ;; esac fi # Check whether --with-alertmail was given. if test "${with_alertmail+set}" = set; then : withval=$with_alertmail; case $with_alertmail in *) with_mailto="$with_alertmail" { $as_echo "$as_me:${as_lineno-$LINENO}: --with-alertmail option deprecated, treating as --mailto" >&5 $as_echo "$as_me: --with-alertmail option deprecated, treating as --mailto" >&6;} ;; esac fi # Check whether --with-devel was given. if test "${with_devel+set}" = set; then : withval=$with_devel; case $with_devel in yes) { $as_echo "$as_me:${as_lineno-$LINENO}: Setting up for development: -Wall, flex, yacc" >&5 $as_echo "$as_me: Setting up for development: -Wall, flex, yacc" >&6;} OSDEFS="${OSDEFS} -DSUDO_DEVEL" DEVEL="true" devdir=. ;; no) ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --with-devel: $with_devel" >&5 $as_echo "$as_me: WARNING: Ignoring unknown argument to --with-devel: $with_devel" >&2;} ;; esac fi # Check whether --with-CC was given. if test "${with_CC+set}" = set; then : withval=$with_CC; case $with_CC in *) as_fn_error $? "the --with-CC option is no longer supported, please set the CC environment variable instead." "$LINENO" 5 ;; esac fi # Check whether --with-rpath was given. if test "${with_rpath+set}" = set; then : withval=$with_rpath; { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --with-rpath deprecated, rpath is now the default" >&5 $as_echo "$as_me: WARNING: --with-rpath deprecated, rpath is now the default" >&2;} fi # Check whether --with-blibpath was given. if test "${with_blibpath+set}" = set; then : withval=$with_blibpath; { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --with-blibpath deprecated, use --with-libpath" >&5 $as_echo "$as_me: WARNING: --with-blibpath deprecated, use --with-libpath" >&2;} fi # Check whether --with-bsm-audit was given. if test "${with_bsm_audit+set}" = set; then : withval=$with_bsm_audit; case $with_bsm_audit in yes) $as_echo "#define HAVE_BSM_AUDIT 1" >>confdefs.h SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm" SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.lo" ;; no) ;; *) as_fn_error $? "\"--with-bsm-audit does not take an argument.\"" "$LINENO" 5 ;; esac fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl.exe do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl.exe do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_CC" && break done if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi fi fi test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH See \`config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 for ac_option in --version -v -V -qversion; do { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? if test -s conftest.err; then sed '10a\ ... rest of stderr output deleted ... 10q' conftest.err >conftest.er1 cat conftest.er1 >&5 fi rm -f conftest.er1 conftest.err $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } done cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 $as_echo_n "checking whether the C compiler works... " >&6; } ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # The possible output files: ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" ac_rmfiles= for ac_file in $ac_files do case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; * ) ac_rmfiles="$ac_rmfiles $ac_file";; esac done rm -f $ac_rmfiles if { { ac_try="$ac_link_default" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link_default") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. for ac_file in $ac_files '' do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; [ab].out ) # We found the default executable, but exeext='' is most # certainly right. break;; *.* ) if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not # safe: cross compilers may not add the suffix if given an `-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. break;; * ) break;; esac done test "$ac_cv_exeext" = no && ac_cv_exeext= else ac_file='' fi if test -z "$ac_file"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables See \`config.log' for more details" "$LINENO" 5; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 $as_echo_n "checking for C compiler default output file name... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 $as_echo "$ac_file" >&6; } ac_exeext=$ac_cv_exeext rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 $as_echo_n "checking for suffix of executables... " >&6; } if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with # `rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` break;; * ) break;; esac done else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest conftest$ac_cv_exeext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 $as_echo "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { FILE *f = fopen ("conftest.out", "w"); return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF ac_clean_files="$ac_clean_files conftest.out" # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 $as_echo_n "checking whether we are cross compiling... " >&6; } if test "$cross_compiling" != yes; then { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if { ac_try='./conftest$ac_cv_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details" "$LINENO" 5; } fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 $as_echo "$cross_compiling" >&6; } rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 $as_echo_n "checking for suffix of object files... " >&6; } if ${ac_cv_objext+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.o conftest.obj if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 $as_echo "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 $as_echo_n "checking whether we are using the GNU C compiler... " >&6; } if ${ac_cv_c_compiler_gnu+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_compiler_gnu=yes else ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 $as_echo "$ac_cv_c_compiler_gnu" >&6; } if test $ac_compiler_gnu = yes; then GCC=yes else GCC= fi ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 $as_echo_n "checking whether $CC accepts -g... " >&6; } if ${ac_cv_prog_cc_g+:} false; then : $as_echo_n "(cached) " >&6 else ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes else CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 $as_echo "$ac_cv_prog_cc_g" >&6; } if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 $as_echo_n "checking for $CC option to accept ISO C89... " >&6; } if ${ac_cv_prog_cc_c89+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include struct stat; /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not '\xHH' hex character constants. These don't provoke an error unfortunately, instead are silently treated as 'x'. The following induces an error, until -std is added to get proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an array size at least. It's necessary to write '\x00'==0 to get something that's true only with -std. */ int osf4_cc_array ['\x00' == 0 ? 1 : -1]; /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters inside strings and character constants. */ #define FOO(x) 'x' int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_c89=$ac_arg fi rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c89" in x) { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 $as_echo "none needed" >&6; } ;; xno) { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 $as_echo "unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c89" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 $as_echo "$ac_cv_prog_cc_c89" >&6; } ;; esac if test "x$ac_cv_prog_cc_c89" != xno; then : fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu # Check whether --with-linux-audit was given. if test "${with_linux_audit+set}" = set; then : withval=$with_linux_audit; case $with_linux_audit in yes) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int i = AUDIT_USER_CMD; (void)i; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : $as_echo "#define HAVE_LINUX_AUDIT 1" >>confdefs.h SUDO_LIBS="${SUDO_LIBS} -laudit" SUDOERS_LIBS="${SUDO_LIBS} -laudit" SUDOERS_OBJS="${SUDOERS_OBJS} linux_audit.lo" else as_fn_error $? "unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit" "$LINENO" 5 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ;; no) ;; *) as_fn_error $? "\"--with-linux-audit does not take an argument.\"" "$LINENO" 5 ;; esac fi # Check whether --with-sssd was given. if test "${with_sssd+set}" = set; then : withval=$with_sssd; case $with_sssd in yes) SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo" $as_echo "#define HAVE_SSSD 1" >>confdefs.h ;; no) ;; *) as_fn_error $? "\"--with-sssd does not take an argument.\"" "$LINENO" 5 ;; esac fi # Check whether --with-sssd-lib was given. if test "${with_sssd_lib+set}" = set; then : withval=$with_sssd_lib; fi sssd_lib="\"LIBDIR\"" test -n "$with_sssd_lib" && sssd_lib="$with_sssd_lib" cat >>confdefs.h <&5 $as_echo "$as_me: Adding ${with_incpath} to CPPFLAGS" >&6;} for i in ${with_incpath}; do case "${CPPFLAGS}" in *"-I${i}"|*"-I${i} ") ;; *) if test X"${CPPFLAGS}" = X""; then CPPFLAGS="-I${i}" else CPPFLAGS="${CPPFLAGS} -I${i}" fi ;; esac done ;; esac fi # Check whether --with-libpath was given. if test "${with_libpath+set}" = set; then : withval=$with_libpath; case $with_libpath in yes) as_fn_error $? "\"must give --with-libpath an argument.\"" "$LINENO" 5 ;; no) as_fn_error $? "\"--without-libpath not supported.\"" "$LINENO" 5 ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: Adding ${with_libpath} to LDFLAGS" >&5 $as_echo "$as_me: Adding ${with_libpath} to LDFLAGS" >&6;} ;; esac fi # Check whether --with-libraries was given. if test "${with_libraries+set}" = set; then : withval=$with_libraries; case $with_libraries in yes) as_fn_error $? "\"must give --with-libraries an argument.\"" "$LINENO" 5 ;; no) as_fn_error $? "\"--without-libraries not supported.\"" "$LINENO" 5 ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: Adding ${with_libraries} to LIBS" >&5 $as_echo "$as_me: Adding ${with_libraries} to LIBS" >&6;} ;; esac fi # Check whether --with-efence was given. if test "${with_efence+set}" = set; then : withval=$with_efence; case $with_efence in yes) { $as_echo "$as_me:${as_lineno-$LINENO}: Sudo will link with -lefence (Electric Fence)" >&5 $as_echo "$as_me: Sudo will link with -lefence (Electric Fence)" >&6;} LIBS="${LIBS} -lefence" if test -f /usr/local/lib/libefence.a; then with_libpath="${with_libpath} /usr/local/lib" fi ;; no) ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --with-efence: $with_efence" >&5 $as_echo "$as_me: WARNING: Ignoring unknown argument to --with-efence: $with_efence" >&2;} ;; esac fi # Check whether --with-csops was given. if test "${with_csops+set}" = set; then : withval=$with_csops; case $with_csops in yes) { $as_echo "$as_me:${as_lineno-$LINENO}: Adding CSOps standard options" >&5 $as_echo "$as_me: Adding CSOps standard options" >&6;} CHECKSIA=false with_ignore_dot=yes insults=on with_classic_insults=yes with_csops_insults=yes with_env_editor=yes : ${mansectsu='8'} : ${mansectform='5'} ;; no) ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --with-csops: $with_csops" >&5 $as_echo "$as_me: WARNING: Ignoring unknown argument to --with-csops: $with_csops" >&2;} ;; esac fi # Check whether --with-passwd was given. if test "${with_passwd+set}" = set; then : withval=$with_passwd; case $with_passwd in yes|no) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use shadow/passwd file authentication" >&5 $as_echo_n "checking whether to use shadow/passwd file authentication... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_passwd" >&5 $as_echo "$with_passwd" >&6; } AUTH_DEF="" test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd" ;; *) as_fn_error $? "\"Sorry, --with-passwd does not take an argument.\"" "$LINENO" 5 ;; esac fi # Check whether --with-skey was given. if test "${with_skey+set}" = set; then : withval=$with_skey; case $with_skey in no) ;; *) $as_echo "#define HAVE_SKEY 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try S/Key authentication" >&5 $as_echo_n "checking whether to try S/Key authentication... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } AUTH_REG="$AUTH_REG S/Key" ;; esac fi # Check whether --with-opie was given. if test "${with_opie+set}" = set; then : withval=$with_opie; case $with_opie in no) ;; *) $as_echo "#define HAVE_OPIE 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try NRL OPIE authentication" >&5 $as_echo_n "checking whether to try NRL OPIE authentication... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } AUTH_REG="$AUTH_REG NRL_OPIE" ;; esac fi # Check whether --with-long-otp-prompt was given. if test "${with_long_otp_prompt+set}" = set; then : withval=$with_long_otp_prompt; case $with_long_otp_prompt in yes) $as_echo "#define LONG_OTP_PROMPT 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use a two line prompt for OTP authentication" >&5 $as_echo_n "checking whether to use a two line prompt for OTP authentication... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } long_otp_prompt=on ;; no) long_otp_prompt=off ;; *) as_fn_error $? "\"--with-long-otp-prompt does not take an argument.\"" "$LINENO" 5 ;; esac fi # Check whether --with-SecurID was given. if test "${with_SecurID+set}" = set; then : withval=$with_SecurID; case $with_SecurID in no) ;; *) $as_echo "#define HAVE_SECURID 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use SecurID for authentication" >&5 $as_echo_n "checking whether to use SecurID for authentication... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } AUTH_EXCL="$AUTH_EXCL SecurID" ;; esac fi # Check whether --with-fwtk was given. if test "${with_fwtk+set}" = set; then : withval=$with_fwtk; case $with_fwtk in no) ;; *) $as_echo "#define HAVE_FWTK 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use FWTK AuthSRV for authentication" >&5 $as_echo_n "checking whether to use FWTK AuthSRV for authentication... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } AUTH_EXCL="$AUTH_EXCL FWTK" ;; esac fi # Check whether --with-kerb5 was given. if test "${with_kerb5+set}" = set; then : withval=$with_kerb5; case $with_kerb5 in no) ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try Kerberos V authentication" >&5 $as_echo_n "checking whether to try Kerberos V authentication... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } AUTH_REG="$AUTH_REG kerb5" ;; esac fi # Check whether --with-aixauth was given. if test "${with_aixauth+set}" = set; then : withval=$with_aixauth; case $with_aixauth in yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";; no) ;; *) as_fn_error $? "\"--with-aixauth does not take an argument.\"" "$LINENO" 5 ;; esac fi # Check whether --with-pam was given. if test "${with_pam+set}" = set; then : withval=$with_pam; case $with_pam in yes) AUTH_EXCL="$AUTH_EXCL PAM";; no) ;; *) as_fn_error $? "\"--with-pam does not take an argument.\"" "$LINENO" 5 ;; esac fi # Check whether --with-AFS was given. if test "${with_AFS+set}" = set; then : withval=$with_AFS; case $with_AFS in yes) $as_echo "#define HAVE_AFS 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try AFS (kerberos) authentication" >&5 $as_echo_n "checking whether to try AFS (kerberos) authentication... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } AUTH_REG="$AUTH_REG AFS" ;; no) ;; *) as_fn_error $? "\"--with-AFS does not take an argument.\"" "$LINENO" 5 ;; esac fi # Check whether --with-DCE was given. if test "${with_DCE+set}" = set; then : withval=$with_DCE; case $with_DCE in yes) $as_echo "#define HAVE_DCE 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try DCE (kerberos) authentication" >&5 $as_echo_n "checking whether to try DCE (kerberos) authentication... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } AUTH_REG="$AUTH_REG DCE" ;; no) ;; *) as_fn_error $? "\"--with-DCE does not take an argument.\"" "$LINENO" 5 ;; esac fi # Check whether --with-logincap was given. if test "${with_logincap+set}" = set; then : withval=$with_logincap; case $with_logincap in yes|no) ;; *) as_fn_error $? "\"--with-logincap does not take an argument.\"" "$LINENO" 5 ;; esac fi # Check whether --with-bsdauth was given. if test "${with_bsdauth+set}" = set; then : withval=$with_bsdauth; case $with_bsdauth in yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";; no) ;; *) as_fn_error $? "\"--with-bsdauth does not take an argument.\"" "$LINENO" 5 ;; esac fi # Check whether --with-project was given. if test "${with_project+set}" = set; then : withval=$with_project; case $with_project in yes|no) ;; no) ;; *) as_fn_error $? "\"--with-project does not take an argument.\"" "$LINENO" 5 ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to lecture users the first time they run sudo" >&5 $as_echo_n "checking whether to lecture users the first time they run sudo... " >&6; } # Check whether --with-lecture was given. if test "${with_lecture+set}" = set; then : withval=$with_lecture; case $with_lecture in yes|short|always) lecture=once ;; no|none|never) lecture=never ;; *) as_fn_error $? "\"unknown argument to --with-lecture: $with_lecture\"" "$LINENO" 5 ;; esac fi if test "$lecture" = "once"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else $as_echo "#define NO_LECTURE 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether sudo should log via syslog or to a file by default" >&5 $as_echo_n "checking whether sudo should log via syslog or to a file by default... " >&6; } # Check whether --with-logging was given. if test "${with_logging+set}" = set; then : withval=$with_logging; case $with_logging in yes) as_fn_error $? "\"must give --with-logging an argument.\"" "$LINENO" 5 ;; no) as_fn_error $? "\"--without-logging not supported.\"" "$LINENO" 5 ;; syslog) $as_echo "#define LOGGING SLOG_SYSLOG" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: syslog" >&5 $as_echo "syslog" >&6; } ;; file) $as_echo "#define LOGGING SLOG_FILE" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: file" >&5 $as_echo "file" >&6; } ;; both) $as_echo "#define LOGGING SLOG_BOTH" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: both" >&5 $as_echo "both" >&6; } ;; *) as_fn_error $? "\"unknown argument to --with-logging: $with_logging\"" "$LINENO" 5 ;; esac else $as_echo "#define LOGGING SLOG_SYSLOG" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: syslog" >&5 $as_echo "syslog" >&6; } fi # Check whether --with-logfac was given. if test "${with_logfac+set}" = set; then : withval=$with_logfac; case $with_logfac in yes) as_fn_error $? "\"must give --with-logfac an argument.\"" "$LINENO" 5 ;; no) as_fn_error $? "\"--without-logfac not supported.\"" "$LINENO" 5 ;; authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac ;; *) as_fn_error $? "\"$with_logfac is not a supported syslog facility.\"" "$LINENO" 5 ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking at which syslog priority to log commands" >&5 $as_echo_n "checking at which syslog priority to log commands... " >&6; } # Check whether --with-goodpri was given. if test "${with_goodpri+set}" = set; then : withval=$with_goodpri; case $with_goodpri in yes) as_fn_error $? "\"must give --with-goodpri an argument.\"" "$LINENO" 5 ;; no) as_fn_error $? "\"--without-goodpri not supported.\"" "$LINENO" 5 ;; alert|crit|debug|emerg|err|info|notice|warning) goodpri=$with_goodpri ;; *) as_fn_error $? "\"$with_goodpri is not a supported syslog priority.\"" "$LINENO" 5 ;; esac fi cat >>confdefs.h <<_ACEOF #define PRI_SUCCESS "$goodpri" _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: $goodpri" >&5 $as_echo "$goodpri" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking at which syslog priority to log failures" >&5 $as_echo_n "checking at which syslog priority to log failures... " >&6; } # Check whether --with-badpri was given. if test "${with_badpri+set}" = set; then : withval=$with_badpri; case $with_badpri in yes) as_fn_error $? "\"must give --with-badpri an argument.\"" "$LINENO" 5 ;; no) as_fn_error $? "\"--without-badpri not supported.\"" "$LINENO" 5 ;; alert|crit|debug|emerg|err|info|notice|warning) badpri=$with_badpri ;; *) as_fn_error $? "$with_badpri is not a supported syslog priority." "$LINENO" 5 ;; esac fi cat >>confdefs.h <<_ACEOF #define PRI_FAILURE "$badpri" _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: $badpri" >&5 $as_echo "$badpri" >&6; } # Check whether --with-logpath was given. if test "${with_logpath+set}" = set; then : withval=$with_logpath; case $with_logpath in yes) as_fn_error $? "\"must give --with-logpath an argument.\"" "$LINENO" 5 ;; no) as_fn_error $? "\"--without-logpath not supported.\"" "$LINENO" 5 ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking how long a line in the log file should be" >&5 $as_echo_n "checking how long a line in the log file should be... " >&6; } # Check whether --with-loglen was given. if test "${with_loglen+set}" = set; then : withval=$with_loglen; case $with_loglen in yes) as_fn_error $? "\"must give --with-loglen an argument.\"" "$LINENO" 5 ;; no) as_fn_error $? "\"--without-loglen not supported.\"" "$LINENO" 5 ;; [0-9]*) loglen=$with_loglen ;; *) as_fn_error $? "\"you must enter a number, not $with_loglen\"" "$LINENO" 5 ;; esac fi cat >>confdefs.h <<_ACEOF #define MAXLOGFILELEN $loglen _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: $loglen" >&5 $as_echo "$loglen" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether sudo should ignore '.' or '' in \$PATH" >&5 $as_echo_n "checking whether sudo should ignore '.' or '' in \$PATH... " >&6; } # Check whether --with-ignore-dot was given. if test "${with_ignore_dot+set}" = set; then : withval=$with_ignore_dot; case $with_ignore_dot in yes) ignore_dot=on ;; no) ignore_dot=off ;; *) as_fn_error $? "\"--with-ignore-dot does not take an argument.\"" "$LINENO" 5 ;; esac fi if test "$ignore_dot" = "on"; then $as_echo "#define IGNORE_DOT_PATH 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to send mail when a user is not in sudoers" >&5 $as_echo_n "checking whether to send mail when a user is not in sudoers... " >&6; } # Check whether --with-mail-if-no-user was given. if test "${with_mail_if_no_user+set}" = set; then : withval=$with_mail_if_no_user; case $with_mail_if_no_user in yes) mail_no_user=on ;; no) mail_no_user=off ;; *) as_fn_error $? "\"--with-mail-if-no-user does not take an argument.\"" "$LINENO" 5 ;; esac fi if test "$mail_no_user" = "on"; then $as_echo "#define SEND_MAIL_WHEN_NO_USER 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to send mail when user listed but not for this host" >&5 $as_echo_n "checking whether to send mail when user listed but not for this host... " >&6; } # Check whether --with-mail-if-no-host was given. if test "${with_mail_if_no_host+set}" = set; then : withval=$with_mail_if_no_host; case $with_mail_if_no_host in yes) mail_no_host=on ;; no) mail_no_host=off ;; *) as_fn_error $? "\"--with-mail-if-no-host does not take an argument.\"" "$LINENO" 5 ;; esac fi if test "$mail_no_host" = "on"; then $as_echo "#define SEND_MAIL_WHEN_NO_HOST 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to send mail when a user tries a disallowed command" >&5 $as_echo_n "checking whether to send mail when a user tries a disallowed command... " >&6; } # Check whether --with-mail-if-noperms was given. if test "${with_mail_if_noperms+set}" = set; then : withval=$with_mail_if_noperms; case $with_mail_if_noperms in yes) mail_noperms=on ;; no) mail_noperms=off ;; *) as_fn_error $? "\"--with-mail-if-noperms does not take an argument.\"" "$LINENO" 5 ;; esac fi if test "$mail_noperms" = "on"; then $as_echo "#define SEND_MAIL_WHEN_NOT_OK 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking who should get the mail that sudo sends" >&5 $as_echo_n "checking who should get the mail that sudo sends... " >&6; } # Check whether --with-mailto was given. if test "${with_mailto+set}" = set; then : withval=$with_mailto; case $with_mailto in yes) as_fn_error $? "\"must give --with-mailto an argument.\"" "$LINENO" 5 ;; no) as_fn_error $? "\"--without-mailto not supported.\"" "$LINENO" 5 ;; *) mailto=$with_mailto ;; esac fi cat >>confdefs.h <<_ACEOF #define MAILTO "$mailto" _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: $mailto" >&5 $as_echo "$mailto" >&6; } # Check whether --with-mailsubject was given. if test "${with_mailsubject+set}" = set; then : withval=$with_mailsubject; case $with_mailsubject in yes) as_fn_error $? "\"must give --with-mailsubject an argument.\"" "$LINENO" 5 ;; no) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Sorry, --without-mailsubject not supported." >&5 $as_echo "$as_me: WARNING: Sorry, --without-mailsubject not supported." >&2;} ;; *) mailsub="$with_mailsubject" { $as_echo "$as_me:${as_lineno-$LINENO}: checking sudo mail subject" >&5 $as_echo_n "checking sudo mail subject... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using alert mail subject: $mailsub" >&5 $as_echo "Using alert mail subject: $mailsub" >&6; } ;; esac fi cat >>confdefs.h <<_ACEOF #define MAILSUBJECT "$mailsub" _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for bad password prompt" >&5 $as_echo_n "checking for bad password prompt... " >&6; } # Check whether --with-passprompt was given. if test "${with_passprompt+set}" = set; then : withval=$with_passprompt; case $with_passprompt in yes) as_fn_error $? "\"must give --with-passprompt an argument.\"" "$LINENO" 5 ;; no) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Sorry, --without-passprompt not supported." >&5 $as_echo "$as_me: WARNING: Sorry, --without-passprompt not supported." >&2;} ;; *) passprompt="$with_passprompt" esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $passprompt" >&5 $as_echo "$passprompt" >&6; } cat >>confdefs.h <<_ACEOF #define PASSPROMPT "$passprompt" _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for bad password message" >&5 $as_echo_n "checking for bad password message... " >&6; } # Check whether --with-badpass-message was given. if test "${with_badpass_message+set}" = set; then : withval=$with_badpass_message; case $with_badpass_message in yes) as_fn_error $? "\"Must give --with-badpass-message an argument.\"" "$LINENO" 5 ;; no) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Sorry, --without-badpass-message not supported." >&5 $as_echo "$as_me: WARNING: Sorry, --without-badpass-message not supported." >&2;} ;; *) badpass_message="$with_badpass_message" ;; esac fi cat >>confdefs.h <<_ACEOF #define INCORRECT_PASSWORD "$badpass_message" _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: $badpass_message" >&5 $as_echo "$badpass_message" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to expect fully qualified hosts in sudoers" >&5 $as_echo_n "checking whether to expect fully qualified hosts in sudoers... " >&6; } # Check whether --with-fqdn was given. if test "${with_fqdn+set}" = set; then : withval=$with_fqdn; case $with_fqdn in yes) fqdn=on ;; no) fqdn=off ;; *) as_fn_error $? "\"--with-fqdn does not take an argument.\"" "$LINENO" 5 ;; esac fi if test "$fqdn" = "on"; then $as_echo "#define FQDN 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Check whether --with-timedir was given. if test "${with_timedir+set}" = set; then : withval=$with_timedir; case $with_timedir in yes) as_fn_error $? "\"must give --with-timedir an argument.\"" "$LINENO" 5 ;; no) as_fn_error $? "\"--without-timedir not supported.\"" "$LINENO" 5 ;; esac fi # Check whether --with-iologdir was given. if test "${with_iologdir+set}" = set; then : withval=$with_iologdir; case $with_iologdir in yes) ;; no) as_fn_error $? "\"--without-iologdir not supported.\"" "$LINENO" 5 ;; esac fi # Check whether --with-sendmail was given. if test "${with_sendmail+set}" = set; then : withval=$with_sendmail; case $with_sendmail in yes) with_sendmail="" ;; no) ;; *) cat >>confdefs.h <&5 $as_echo_n "checking for umask programs should be run with... " >&6; } # Check whether --with-umask was given. if test "${with_umask+set}" = set; then : withval=$with_umask; case $with_umask in yes) as_fn_error $? "\"must give --with-umask an argument.\"" "$LINENO" 5 ;; no) sudo_umask=0777 ;; [0-9]*) sudo_umask=$with_umask ;; *) as_fn_error $? "\"you must enter a numeric mask.\"" "$LINENO" 5 ;; esac fi cat >>confdefs.h <<_ACEOF #define SUDO_UMASK $sudo_umask _ACEOF if test "$sudo_umask" = "0777"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: user" >&5 $as_echo "user" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_umask" >&5 $as_echo "$sudo_umask" >&6; } fi # Check whether --with-umask-override was given. if test "${with_umask_override+set}" = set; then : withval=$with_umask_override; case $with_umask_override in yes) $as_echo "#define UMASK_OVERRIDE 1" >>confdefs.h umask_override=on ;; no) umask_override=off ;; *) as_fn_error $? "\"--with-umask-override does not take an argument.\"" "$LINENO" 5 ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for default user to run commands as" >&5 $as_echo_n "checking for default user to run commands as... " >&6; } # Check whether --with-runas-default was given. if test "${with_runas_default+set}" = set; then : withval=$with_runas_default; case $with_runas_default in yes) as_fn_error $? "\"must give --with-runas-default an argument.\"" "$LINENO" 5 ;; no) as_fn_error $? "\"--without-runas-default not supported.\"" "$LINENO" 5 ;; *) runas_default="$with_runas_default" ;; esac fi cat >>confdefs.h <<_ACEOF #define RUNAS_DEFAULT "$runas_default" _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: $runas_default" >&5 $as_echo "$runas_default" >&6; } # Check whether --with-exempt was given. if test "${with_exempt+set}" = set; then : withval=$with_exempt; case $with_exempt in yes) as_fn_error $? "\"must give --with-exempt an argument.\"" "$LINENO" 5 ;; no) as_fn_error $? "\"--without-exempt not supported.\"" "$LINENO" 5 ;; *) cat >>confdefs.h <<_ACEOF #define EXEMPTGROUP "$with_exempt" _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for group to be exempt from password" >&5 $as_echo_n "checking for group to be exempt from password... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_exempt" >&5 $as_echo "$with_exempt" >&6; } ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for editor that visudo should use" >&5 $as_echo_n "checking for editor that visudo should use... " >&6; } # Check whether --with-editor was given. if test "${with_editor+set}" = set; then : withval=$with_editor; case $with_editor in yes) as_fn_error $? "\"must give --with-editor an argument.\"" "$LINENO" 5 ;; no) as_fn_error $? "\"--without-editor not supported.\"" "$LINENO" 5 ;; *) cat >>confdefs.h <<_ACEOF #define EDITOR "$with_editor" _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_editor" >&5 $as_echo "$with_editor" >&6; } editor="$with_editor" ;; esac else $as_echo "#define EDITOR _PATH_VI" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: vi" >&5 $as_echo "vi" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to obey EDITOR and VISUAL environment variables" >&5 $as_echo_n "checking whether to obey EDITOR and VISUAL environment variables... " >&6; } # Check whether --with-env-editor was given. if test "${with_env_editor+set}" = set; then : withval=$with_env_editor; case $with_env_editor in yes) env_editor=on ;; no) env_editor=off ;; *) as_fn_error $? "\"--with-env-editor does not take an argument.\"" "$LINENO" 5 ;; esac fi if test "$env_editor" = "on"; then $as_echo "#define ENV_EDITOR 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking number of tries a user gets to enter their password" >&5 $as_echo_n "checking number of tries a user gets to enter their password... " >&6; } # Check whether --with-passwd-tries was given. if test "${with_passwd_tries+set}" = set; then : withval=$with_passwd_tries; case $with_passwd_tries in yes) ;; no) as_fn_error $? "\"--without-editor not supported.\"" "$LINENO" 5 ;; [1-9]*) passwd_tries=$with_passwd_tries ;; *) as_fn_error $? "\"you must enter the numer of tries, > 0\"" "$LINENO" 5 ;; esac fi cat >>confdefs.h <<_ACEOF #define TRIES_FOR_PASSWORD $passwd_tries _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: $passwd_tries" >&5 $as_echo "$passwd_tries" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking time in minutes after which sudo will ask for a password again" >&5 $as_echo_n "checking time in minutes after which sudo will ask for a password again... " >&6; } # Check whether --with-timeout was given. if test "${with_timeout+set}" = set; then : withval=$with_timeout; case $with_timeout in yes) ;; no) timeout=0 ;; [0-9]*) timeout=$with_timeout ;; *) as_fn_error $? "\"you must enter the numer of minutes.\"" "$LINENO" 5 ;; esac fi cat >>confdefs.h <<_ACEOF #define TIMEOUT $timeout _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: $timeout" >&5 $as_echo "$timeout" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking time in minutes after the password prompt will time out" >&5 $as_echo_n "checking time in minutes after the password prompt will time out... " >&6; } # Check whether --with-password-timeout was given. if test "${with_password_timeout+set}" = set; then : withval=$with_password_timeout; case $with_password_timeout in yes) ;; no) password_timeout=0 ;; [0-9]*) password_timeout=$with_password_timeout ;; *) as_fn_error $? "\"you must enter the numer of minutes.\"" "$LINENO" 5 ;; esac fi cat >>confdefs.h <<_ACEOF #define PASSWORD_TIMEOUT $password_timeout _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: $password_timeout" >&5 $as_echo "$password_timeout" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use per-tty ticket files" >&5 $as_echo_n "checking whether to use per-tty ticket files... " >&6; } # Check whether --with-tty-tickets was given. if test "${with_tty_tickets+set}" = set; then : withval=$with_tty_tickets; case $with_tty_tickets in yes) tty_tickets=on ;; no) tty_tickets=off ;; *) as_fn_error $? "\"--with-tty-tickets does not take an argument.\"" "$LINENO" 5 ;; esac fi if test "$tty_tickets" = "off"; then $as_echo "#define NO_TTY_TICKETS 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to include insults" >&5 $as_echo_n "checking whether to include insults... " >&6; } # Check whether --with-insults was given. if test "${with_insults+set}" = set; then : withval=$with_insults; case $with_insults in yes) insults=on with_classic_insults=yes with_csops_insults=yes ;; disabled) insults=off with_classic_insults=yes with_csops_insults=yes ;; no) insults=off ;; *) as_fn_error $? "\"--with-insults does not take an argument.\"" "$LINENO" 5 ;; esac fi if test "$insults" = "on"; then $as_echo "#define USE_INSULTS 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Check whether --with-all-insults was given. if test "${with_all_insults+set}" = set; then : withval=$with_all_insults; case $with_all_insults in yes) with_classic_insults=yes with_csops_insults=yes with_hal_insults=yes with_goons_insults=yes ;; no) ;; *) as_fn_error $? "\"--with-all-insults does not take an argument.\"" "$LINENO" 5 ;; esac fi # Check whether --with-classic-insults was given. if test "${with_classic_insults+set}" = set; then : withval=$with_classic_insults; case $with_classic_insults in yes) $as_echo "#define CLASSIC_INSULTS 1" >>confdefs.h ;; no) ;; *) as_fn_error $? "\"--with-classic-insults does not take an argument.\"" "$LINENO" 5 ;; esac fi # Check whether --with-csops-insults was given. if test "${with_csops_insults+set}" = set; then : withval=$with_csops_insults; case $with_csops_insults in yes) $as_echo "#define CSOPS_INSULTS 1" >>confdefs.h ;; no) ;; *) as_fn_error $? "\"--with-csops-insults does not take an argument.\"" "$LINENO" 5 ;; esac fi # Check whether --with-hal-insults was given. if test "${with_hal_insults+set}" = set; then : withval=$with_hal_insults; case $with_hal_insults in yes) $as_echo "#define HAL_INSULTS 1" >>confdefs.h ;; no) ;; *) as_fn_error $? "\"--with-hal-insults does not take an argument.\"" "$LINENO" 5 ;; esac fi # Check whether --with-goons-insults was given. if test "${with_goons_insults+set}" = set; then : withval=$with_goons_insults; case $with_goons_insults in yes) $as_echo "#define GOONS_INSULTS 1" >>confdefs.h ;; no) ;; *) as_fn_error $? "\"--with-goons-insults does not take an argument.\"" "$LINENO" 5 ;; esac fi # Check whether --with-nsswitch was given. if test "${with_nsswitch+set}" = set; then : withval=$with_nsswitch; case $with_nsswitch in no) ;; yes) with_nsswitch="/etc/nsswitch.conf" ;; *) ;; esac fi # Check whether --with-ldap was given. if test "${with_ldap+set}" = set; then : withval=$with_ldap; case $with_ldap in no) ;; *) $as_echo "#define HAVE_LDAP 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use sudoers from LDAP" >&5 $as_echo_n "checking whether to use sudoers from LDAP... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } ;; esac fi # Check whether --with-ldap-conf-file was given. if test "${with_ldap_conf_file+set}" = set; then : withval=$with_ldap_conf_file; fi test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file" cat >>confdefs.h <>confdefs.h <>confdefs.h ;; no) ;; *) as_fn_error $? "\"--with-pc-insults does not take an argument.\"" "$LINENO" 5 ;; esac fi if test "$insults" = "on"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking which insult sets to include" >&5 $as_echo_n "checking which insult sets to include... " >&6; } i="" test "$with_goons_insults" = "yes" && i="goons ${i}" test "$with_hal_insults" = "yes" && i="hal ${i}" test "$with_csops_insults" = "yes" && i="csops ${i}" test "$with_classic_insults" = "yes" && i="classic ${i}" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $i" >&5 $as_echo "$i" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to override the user's path" >&5 $as_echo_n "checking whether to override the user's path... " >&6; } # Check whether --with-secure-path was given. if test "${with_secure_path+set}" = set; then : withval=$with_secure_path; case $with_secure_path in yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" cat >>confdefs.h <<_ACEOF #define SECURE_PATH "$with_secure_path" _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_secure_path" >&5 $as_echo "$with_secure_path" >&6; } secure_path="set to $with_secure_path" ;; no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ;; *) cat >>confdefs.h <<_ACEOF #define SECURE_PATH "$with_secure_path" _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_secure_path" >&5 $as_echo "$with_secure_path" >&6; } secure_path="set to F<$with_secure_path>" ;; esac else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to get ip addresses from the network interfaces" >&5 $as_echo_n "checking whether to get ip addresses from the network interfaces... " >&6; } # Check whether --with-interfaces was given. if test "${with_interfaces+set}" = set; then : withval=$with_interfaces; case $with_interfaces in yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } ;; no) $as_echo "#define STUB_LOAD_INTERFACES 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ;; *) as_fn_error $? "\"--with-interfaces does not take an argument.\"" "$LINENO" 5 ;; esac else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi # Check whether --with-stow was given. if test "${with_stow+set}" = set; then : withval=$with_stow; case $with_stow in *) { $as_echo "$as_me:${as_lineno-$LINENO}: --with-stow option deprecated, now is defalt behavior" >&5 $as_echo "$as_me: --with-stow option deprecated, now is defalt behavior" >&6;} ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use an askpass helper" >&5 $as_echo_n "checking whether to use an askpass helper... " >&6; } # Check whether --with-askpass was given. if test "${with_askpass+set}" = set; then : withval=$with_askpass; case $with_askpass in yes) as_fn_error $? "\"--with-askpass takes a path as an argument.\"" "$LINENO" 5 ;; no) ;; *) ;; esac else with_askpass=no { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test X"$with_askpass" != X"no"; then cat >>confdefs.h <>confdefs.h <&5 $as_echo_n "checking whether to do user authentication by default... " >&6; } # Check whether --enable-authentication was given. if test "${enable_authentication+set}" = set; then : enableval=$enable_authentication; case "$enableval" in yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } ;; no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "#define NO_AUTHENTICATION 1" >>confdefs.h ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&5 $as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&2;} ;; esac else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable running the mailer as root" >&5 $as_echo_n "checking whether to disable running the mailer as root... " >&6; } # Check whether --enable-root-mailer was given. if test "${enable_root_mailer+set}" = set; then : enableval=$enable_root_mailer; case "$enableval" in yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ;; no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define NO_ROOT_MAILER 1" >>confdefs.h ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&5 $as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&2;} ;; esac else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Check whether --enable-setreuid was given. if test "${enable_setreuid+set}" = set; then : enableval=$enable_setreuid; case "$enableval" in no) SKIP_SETREUID=yes ;; *) ;; esac fi # Check whether --enable-setresuid was given. if test "${enable_setresuid+set}" = set; then : enableval=$enable_setresuid; case "$enableval" in no) SKIP_SETRESUID=yes ;; *) ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable shadow password support" >&5 $as_echo_n "checking whether to disable shadow password support... " >&6; } # Check whether --enable-shadow was given. if test "${enable_shadow+set}" = set; then : enableval=$enable_shadow; case "$enableval" in yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ;; no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } CHECKSHADOW="false" ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&5 $as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&2;} ;; esac else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether root should be allowed to use sudo" >&5 $as_echo_n "checking whether root should be allowed to use sudo... " >&6; } # Check whether --enable-root-sudo was given. if test "${enable_root_sudo+set}" = set; then : enableval=$enable_root_sudo; case "$enableval" in yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } ;; no) $as_echo "#define NO_ROOT_SUDO 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } root_sudo=off ;; *) as_fn_error $? "\"--enable-root-sudo does not take an argument.\"" "$LINENO" 5 ;; esac else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to log the hostname in the log file" >&5 $as_echo_n "checking whether to log the hostname in the log file... " >&6; } # Check whether --enable-log-host was given. if test "${enable_log_host+set}" = set; then : enableval=$enable_log_host; case "$enableval" in yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define HOST_IN_LOG 1" >>confdefs.h ;; no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&5 $as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&2;} ;; esac else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to invoke a shell if sudo is given no arguments" >&5 $as_echo_n "checking whether to invoke a shell if sudo is given no arguments... " >&6; } # Check whether --enable-noargs-shell was given. if test "${enable_noargs_shell+set}" = set; then : enableval=$enable_noargs_shell; case "$enableval" in yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define SHELL_IF_NO_ARGS 1" >>confdefs.h ;; no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&5 $as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&2;} ;; esac else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to set \$HOME to target user in shell mode" >&5 $as_echo_n "checking whether to set \$HOME to target user in shell mode... " >&6; } # Check whether --enable-shell-sets-home was given. if test "${enable_shell_sets_home+set}" = set; then : enableval=$enable_shell_sets_home; case "$enableval" in yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define SHELL_SETS_HOME 1" >>confdefs.h ;; no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&5 $as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&2;} ;; esac else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable 'command not found' messages" >&5 $as_echo_n "checking whether to disable 'command not found' messages... " >&6; } # Check whether --enable-path_info was given. if test "${enable_path_info+set}" = set; then : enableval=$enable_path_info; case "$enableval" in yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ;; no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define DONT_LEAK_PATH_INFO 1" >>confdefs.h path_info=off ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&5 $as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&2;} ;; esac else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable environment debugging" >&5 $as_echo_n "checking whether to enable environment debugging... " >&6; } # Check whether --enable-env_debug was given. if test "${enable_env_debug+set}" = set; then : enableval=$enable_env_debug; case "$enableval" in yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define ENV_DEBUG 1" >>confdefs.h ;; no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&5 $as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&2;} ;; esac else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Check whether --enable-zlib was given. if test "${enable_zlib+set}" = set; then : enableval=$enable_zlib; else enable_zlib=yes fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable environment resetting by default" >&5 $as_echo_n "checking whether to enable environment resetting by default... " >&6; } # Check whether --enable-env_reset was given. if test "${enable_env_reset+set}" = set; then : enableval=$enable_env_reset; case "$enableval" in yes) env_reset=on ;; no) env_reset=off ;; *) env_reset=on { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-env-reset: $enableval" >&5 $as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-env-reset: $enableval" >&2;} ;; esac fi if test "$env_reset" = "on"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define ENV_RESET 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "#define ENV_RESET 0" >>confdefs.h fi # Check whether --enable-warnings was given. if test "${enable_warnings+set}" = set; then : enableval=$enable_warnings; case "$enableval" in yes) ;; no) ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-warnings: $enableval" >&5 $as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-warnings: $enableval" >&2;} ;; esac fi # Check whether --enable-werror was given. if test "${enable_werror+set}" = set; then : enableval=$enable_werror; case "$enableval" in yes) ;; no) ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-werror: $enableval" >&5 $as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-werror: $enableval" >&2;} ;; esac fi # Check whether --enable-hardening was given. if test "${enable_hardening+set}" = set; then : enableval=$enable_hardening; else enable_hardening=yes fi # Check whether --enable-pie was given. if test "${enable_pie+set}" = set; then : enableval=$enable_pie; fi # Check whether --enable-poll was given. if test "${enable_poll+set}" = set; then : enableval=$enable_poll; fi # Check whether --enable-admin-flag was given. if test "${enable_admin_flag+set}" = set; then : enableval=$enable_admin_flag; case "$enableval" in yes) $as_echo "#define USE_ADMIN_FLAG 1" >>confdefs.h ;; no) ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-admin-flag: $enableval" >&5 $as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-admin-flag: $enableval" >&2;} ;; esac fi # Check whether --enable-nls was given. if test "${enable_nls+set}" = set; then : enableval=$enable_nls; else enable_nls=yes fi # Check whether --enable-rpath was given. if test "${enable_rpath+set}" = set; then : enableval=$enable_rpath; else enable_rpath=yes fi # Check whether --enable-static-sudoers was given. if test "${enable_static_sudoers+set}" = set; then : enableval=$enable_static_sudoers; else enable_static_sudoers=no fi # Check whether --with-selinux was given. if test "${with_selinux+set}" = set; then : withval=$with_selinux; case $with_selinux in yes) SELINUX_USAGE="[-r role] [-t type] " $as_echo "#define HAVE_SELINUX 1" >>confdefs.h SUDO_LIBS="${SUDO_LIBS} -lselinux" SUDO_OBJS="${SUDO_OBJS} selinux.o" PROGS="${PROGS} sesh" SEMAN=1 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setkeycreatecon in -lselinux" >&5 $as_echo_n "checking for setkeycreatecon in -lselinux... " >&6; } if ${ac_cv_lib_selinux_setkeycreatecon+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lselinux $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char setkeycreatecon (); int main () { return setkeycreatecon (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_selinux_setkeycreatecon=yes else ac_cv_lib_selinux_setkeycreatecon=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setkeycreatecon" >&5 $as_echo "$ac_cv_lib_selinux_setkeycreatecon" >&6; } if test "x$ac_cv_lib_selinux_setkeycreatecon" = xyes; then : $as_echo "#define HAVE_SETKEYCREATECON 1" >>confdefs.h fi ;; no) ;; *) as_fn_error $? "\"--with-selinux does not take an argument.\"" "$LINENO" 5 ;; esac else with_selinux=no fi # Check whether --enable-gss_krb5_ccache_name was given. if test "${enable_gss_krb5_ccache_name+set}" = set; then : enableval=$enable_gss_krb5_ccache_name; check_gss_krb5_ccache_name=$enableval else check_gss_krb5_ccache_name=no fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing strerror" >&5 $as_echo_n "checking for library containing strerror... " >&6; } if ${ac_cv_search_strerror+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char strerror (); int main () { return strerror (); ; return 0; } _ACEOF for ac_lib in '' cposix; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_strerror=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_strerror+:} false; then : break fi done if ${ac_cv_search_strerror+:} false; then : else ac_cv_search_strerror=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_strerror" >&5 $as_echo "$ac_cv_search_strerror" >&6; } ac_res=$ac_cv_search_strerror if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 $as_echo_n "checking how to run the C preprocessor... " >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if ${ac_cv_prog_CPP+:} false; then : $as_echo_n "(cached) " >&6 else # Double quotes because CPP needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : break fi done ac_cv_prog_CPP=$CPP fi CPP=$ac_cv_prog_CPP else ac_cv_prog_CPP=$CPP fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 $as_echo "$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details" "$LINENO" 5; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args. set dummy ${ac_tool_prefix}ar; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_AR+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$AR"; then ac_cv_prog_AR="$AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AR="${ac_tool_prefix}ar" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AR=$ac_cv_prog_AR if test -n "$AR"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 $as_echo "$AR" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_AR"; then ac_ct_AR=$AR # Extract the first word of "ar", so it can be a program name with args. set dummy ar; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_AR+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_AR"; then ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_AR="ar" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_AR=$ac_cv_prog_ac_ct_AR if test -n "$ac_ct_AR"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 $as_echo "$ac_ct_AR" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_AR" = x; then AR="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac AR=$ac_ct_AR fi else AR="$ac_cv_prog_AR" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_RANLIB+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 $as_echo "$RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_RANLIB"; then ac_ct_RANLIB=$RANLIB # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_RANLIB="ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 $as_echo "$ac_ct_RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_RANLIB" = x; then RANLIB=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac RANLIB=$ac_ct_RANLIB fi else RANLIB="$ac_cv_prog_RANLIB" fi if test X"$AR" = X"false"; then as_fn_error $? "the \"ar\" utility is required to build sudo" "$LINENO" 5 fi if test "x$ac_cv_prog_cc_c89" = "xno"; then as_fn_error $? "Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build." "$LINENO" 5 fi if test "$enable_static" = "no"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring --disable-static, sudo does not install static libs" >&5 $as_echo "$as_me: WARNING: Ignoring --disable-static, sudo does not install static libs" >&2;} enable_static=yes fi ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do if test -f "$ac_dir/install-sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" break elif test -f "$ac_dir/install.sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break elif test -f "$ac_dir/shtool"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/shtool install -c" break fi done if test -z "$ac_aux_dir"; then as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 fi # These three variables are undocumented and unsupported, # and are intended to be withdrawn in a future Autoconf release. # They can cause serious problems if a builder's source tree is in a directory # whose full name contains unusual characters. ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 $as_echo_n "checking build system type... " >&6; } if ${ac_cv_build+:} false; then : $as_echo_n "(cached) " >&6 else ac_build_alias=$build_alias test "x$ac_build_alias" = x && ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` test "x$ac_build_alias" = x && as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 $as_echo "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; *) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; esac build=$ac_cv_build ac_save_IFS=$IFS; IFS='-' set x $ac_cv_build shift build_cpu=$1 build_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: build_os=$* IFS=$ac_save_IFS case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 $as_echo_n "checking host system type... " >&6; } if ${ac_cv_host+:} false; then : $as_echo_n "(cached) " >&6 else if test "x$host_alias" = x; then ac_cv_host=$ac_cv_build else ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 $as_echo "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; *) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; esac host=$ac_cv_host ac_save_IFS=$IFS; IFS='-' set x $ac_cv_host shift host_cpu=$1 host_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: host_os=$* IFS=$ac_save_IFS case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac case `pwd` in *\ * | *\ *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 $as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; esac macro_version='2.4.2.418' macro_revision='2.4.2.418' ltmain=$ac_aux_dir/ltmain.sh # Backslashify metacharacters that are still active within # double-quoted strings. sed_quote_subst='s/\(["`$\\]\)/\\\1/g' # Same as above, but do not quote variable references. double_quote_subst='s/\(["`\\]\)/\\\1/g' # Sed substitution to delay expansion of an escaped shell variable in a # double_quote_subst'ed string. delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' # Sed substitution to delay expansion of an escaped single quote. delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' # Sed substitution to avoid accidental globbing in evaled expressions no_glob_subst='s/\*/\\\*/g' ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5 $as_echo_n "checking how to print strings... " >&6; } # Test print first, because it will be a builtin if present. if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then ECHO='print -r --' elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then ECHO='printf %s\n' else # Use this function as a fallback that always works. func_fallback_echo () { eval 'cat <<_LTECHO_EOF $1 _LTECHO_EOF' } ECHO='func_fallback_echo' fi # func_echo_all arg... # Invoke $ECHO with all args, space-separated. func_echo_all () { $ECHO "" } case $ECHO in printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5 $as_echo "printf" >&6; } ;; print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5 $as_echo "print -r" >&6; } ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: cat" >&5 $as_echo "cat" >&6; } ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 $as_echo_n "checking for a sed that does not truncate output... " >&6; } if ${ac_cv_path_SED+:} false; then : $as_echo_n "(cached) " >&6 else ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ for ac_i in 1 2 3 4 5 6 7; do ac_script="$ac_script$as_nl$ac_script" done echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed { ac_script=; unset ac_script;} if test -z "$SED"; then ac_path_SED_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in sed gsed; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_SED" || continue # Check for GNU ac_path_SED and select it if it is found. # Check for GNU $ac_path_SED case `"$ac_path_SED" --version 2>&1` in *GNU*) ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo '' >> "conftest.nl" "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_SED_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_SED="$ac_path_SED" ac_path_SED_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_SED_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_SED"; then as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 fi else ac_cv_path_SED=$SED fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 $as_echo "$ac_cv_path_SED" >&6; } SED="$ac_cv_path_SED" rm -f conftest.sed test -z "$SED" && SED=sed Xsed="$SED -e 1s/^X//" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 $as_echo_n "checking for grep that handles long lines and -e... " >&6; } if ${ac_cv_path_GREP+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_GREP" || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_GREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_GREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_GREP=$GREP fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 $as_echo "$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 $as_echo_n "checking for egrep... " >&6; } if ${ac_cv_path_EGREP+:} false; then : $as_echo_n "(cached) " >&6 else if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else if test -z "$EGREP"; then ac_path_EGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_EGREP" || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP case `"$ac_path_EGREP" --version 2>&1` in *GNU*) ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_EGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_EGREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_EGREP=$EGREP fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 $as_echo "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 $as_echo_n "checking for fgrep... " >&6; } if ${ac_cv_path_FGREP+:} false; then : $as_echo_n "(cached) " >&6 else if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 then ac_cv_path_FGREP="$GREP -F" else if test -z "$FGREP"; then ac_path_FGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in fgrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_FGREP" || continue # Check for GNU ac_path_FGREP and select it if it is found. # Check for GNU $ac_path_FGREP case `"$ac_path_FGREP" --version 2>&1` in *GNU*) ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'FGREP' >> "conftest.nl" "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_FGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_FGREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_FGREP"; then as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_FGREP=$FGREP fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 $as_echo "$ac_cv_path_FGREP" >&6; } FGREP="$ac_cv_path_FGREP" test -z "$GREP" && GREP=grep # Check whether --with-gnu-ld was given. if test "${with_gnu_ld+set}" = set; then : withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes else with_gnu_ld=no fi ac_prog=ld if test yes = "$GCC"; then # Check if gcc -print-prog-name=ld gives a path. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 $as_echo_n "checking for ld used by $CC... " >&6; } case $host in *-*-mingw*) # gcc leaves a trailing carriage return, which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; esac case $ac_prog in # Accept absolute paths. [\\/]* | ?:[\\/]*) re_direlt='/[^/][^/]*/\.\./' # Canonicalize the pathname of ld ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` done test -z "$LD" && LD=$ac_prog ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test yes = "$with_gnu_ld"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 $as_echo_n "checking for GNU ld... " >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 $as_echo_n "checking for non-GNU ld... " >&6; } fi if ${lt_cv_path_LD+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$LD"; then lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then lt_cv_path_LD=$ac_dir/$ac_prog # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$lt_cv_path_LD" -v 2>&1 &5 $as_echo "$LD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 $as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } if ${lt_cv_prog_gnu_ld+:} false; then : $as_echo_n "(cached) " >&6 else # I'd rather use --version here, but apparently some GNU lds only accept -v. case `$LD -v 2>&1 &5 $as_echo "$lt_cv_prog_gnu_ld" >&6; } with_gnu_ld=$lt_cv_prog_gnu_ld { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 $as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; } if ${lt_cv_path_NM+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$NM"; then # Let the user override the test. lt_cv_path_NM=$NM else lt_nm_to_check=${ac_tool_prefix}nm if test -n "$ac_tool_prefix" && test "$build" = "$host"; then lt_nm_to_check="$lt_nm_to_check nm" fi for lt_tmp_nm in $lt_nm_to_check; do lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. tmp_nm=$ac_dir/$lt_tmp_nm if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then # Check to see if the nm accepts a BSD-compat flag. # Adding the 'sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored # Tru64's nm complains that /dev/null is an invalid object file case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in */dev/null* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" break 2 ;; *) case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in */dev/null*) lt_cv_path_NM="$tmp_nm -p" break 2 ;; *) lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but continue # so that we can try to find one that supports BSD flags ;; esac ;; esac fi done IFS=$lt_save_ifs done : ${lt_cv_path_NM=no} fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 $as_echo "$lt_cv_path_NM" >&6; } if test no != "$lt_cv_path_NM"; then NM=$lt_cv_path_NM else # Didn't find any BSD compatible name lister, look for dumpbin. if test -n "$DUMPBIN"; then : # Let the user override the test. else if test -n "$ac_tool_prefix"; then for ac_prog in dumpbin "link -dump" do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_DUMPBIN+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$DUMPBIN"; then ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi DUMPBIN=$ac_cv_prog_DUMPBIN if test -n "$DUMPBIN"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 $as_echo "$DUMPBIN" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$DUMPBIN" && break done fi if test -z "$DUMPBIN"; then ac_ct_DUMPBIN=$DUMPBIN for ac_prog in dumpbin "link -dump" do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_DUMPBIN+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_DUMPBIN"; then ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DUMPBIN="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN if test -n "$ac_ct_DUMPBIN"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 $as_echo "$ac_ct_DUMPBIN" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_DUMPBIN" && break done if test "x$ac_ct_DUMPBIN" = x; then DUMPBIN=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DUMPBIN=$ac_ct_DUMPBIN fi fi case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in *COFF*) DUMPBIN="$DUMPBIN -symbols -headers" ;; *) DUMPBIN=: ;; esac fi if test : != "$DUMPBIN"; then NM=$DUMPBIN fi fi test -z "$NM" && NM=nm { $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 $as_echo_n "checking the name lister ($NM) interface... " >&6; } if ${lt_cv_nm_interface+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&5 (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&5) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&5 (eval echo "\"\$as_me:$LINENO: output\"" >&5) cat conftest.out >&5 if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 $as_echo "$lt_cv_nm_interface" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 $as_echo_n "checking whether ln -s works... " >&6; } LN_S=$as_ln_s if test "$LN_S" = "ln -s"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 $as_echo "no, using $LN_S" >&6; } fi # find the maximum length of command line arguments { $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 $as_echo_n "checking the maximum length of command line arguments... " >&6; } if ${lt_cv_sys_max_cmd_len+:} false; then : $as_echo_n "(cached) " >&6 else i=0 teststring=ABCD case $build_os in msdosdjgpp*) # On DJGPP, this test can blow up pretty badly due to problems in libc # (any single argument exceeding 2000 bytes causes a buffer overrun # during glob expansion). Even if it were fixed, the result of this # check would be larger than it should be. lt_cv_sys_max_cmd_len=12288; # 12K is about right ;; gnu*) # Under GNU Hurd, this test is not required because there is # no limit to the length of command line arguments. # Libtool will interpret -1 as no limit whatsoever lt_cv_sys_max_cmd_len=-1; ;; cygwin* | mingw* | cegcc*) # On Win9x/ME, this test blows up -- it succeeds, but takes # about 5 minutes as the teststring grows exponentially. # Worse, since 9x/ME are not pre-emptively multitasking, # you end up with a "frozen" computer, even though with patience # the test eventually succeeds (with a max line length of 256k). # Instead, let's just punt: use the minimum linelength reported by # all of the supported platforms: 8192 (on NT/2K/XP). lt_cv_sys_max_cmd_len=8192; ;; mint*) # On MiNT this can take a long time and run out of memory. lt_cv_sys_max_cmd_len=8192; ;; amigaos*) # On AmigaOS with pdksh, this test takes hours, literally. # So we just punt and use a minimum line length of 8192. lt_cv_sys_max_cmd_len=8192; ;; bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` elif test -x /usr/sbin/sysctl; then lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` else lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs fi # And add a safety zone lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` ;; interix*) # We know the value 262144 and hardcode it with a safety zone (like BSD) lt_cv_sys_max_cmd_len=196608 ;; os2*) # The test takes a long time on OS/2. lt_cv_sys_max_cmd_len=8192 ;; osf*) # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not # nice to cause kernel panics so lets avoid the loop below. # First set a reasonable default. lt_cv_sys_max_cmd_len=16384 # if test -x /sbin/sysconfig; then case `/sbin/sysconfig -q proc exec_disable_arg_limit` in *1*) lt_cv_sys_max_cmd_len=-1 ;; esac fi ;; sco3.2v5*) lt_cv_sys_max_cmd_len=102400 ;; sysv5* | sco5v6* | sysv4.2uw2*) kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` if test -n "$kargmax"; then lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'` else lt_cv_sys_max_cmd_len=32768 fi ;; *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` if test -n "$lt_cv_sys_max_cmd_len" && \ test undefined != "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else # Make teststring a little bigger before we do anything with it. # a 1K string should be a reasonable start. for i in 1 2 3 4 5 6 7 8; do teststring=$teststring$teststring done SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. while { test X`env echo "$teststring$teststring" 2>/dev/null` \ = "X$teststring$teststring"; } >/dev/null 2>&1 && test 17 != "$i" # 1/2 MB should be enough do i=`expr $i + 1` teststring=$teststring$teststring done # Only check the string length outside the loop. lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` teststring= # Add a significant safety factor because C++ compilers can tack on # massive amounts of additional arguments before passing them to the # linker. It appears as though 1/2 is a usable value. lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` fi ;; esac fi if test -n "$lt_cv_sys_max_cmd_len"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 $as_echo "$lt_cv_sys_max_cmd_len" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 $as_echo "none" >&6; } fi max_cmd_len=$lt_cv_sys_max_cmd_len : ${CP="cp -f"} : ${MV="mv -f"} : ${RM="rm -f"} if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then lt_unset=unset else lt_unset=false fi # test EBCDIC or ASCII case `echo X|tr X '\101'` in A) # ASCII based system # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr lt_SP2NL='tr \040 \012' lt_NL2SP='tr \015\012 \040\040' ;; *) # EBCDIC based system lt_SP2NL='tr \100 \n' lt_NL2SP='tr \r\n \100\100' ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5 $as_echo_n "checking how to convert $build file names to $host format... " >&6; } if ${lt_cv_to_host_file_cmd+:} false; then : $as_echo_n "(cached) " >&6 else case $host in *-*-mingw* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 ;; *-*-cygwin* ) lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 ;; * ) # otherwise, assume *nix lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 ;; esac ;; *-*-cygwin* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin ;; *-*-cygwin* ) lt_cv_to_host_file_cmd=func_convert_file_noop ;; * ) # otherwise, assume *nix lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin ;; esac ;; * ) # unhandled hosts (and "normal" native builds) lt_cv_to_host_file_cmd=func_convert_file_noop ;; esac fi to_host_file_cmd=$lt_cv_to_host_file_cmd { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5 $as_echo "$lt_cv_to_host_file_cmd" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5 $as_echo_n "checking how to convert $build file names to toolchain format... " >&6; } if ${lt_cv_to_tool_file_cmd+:} false; then : $as_echo_n "(cached) " >&6 else #assume ordinary cross tools, or native build. lt_cv_to_tool_file_cmd=func_convert_file_noop case $host in *-*-mingw* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 ;; esac ;; esac fi to_tool_file_cmd=$lt_cv_to_tool_file_cmd { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5 $as_echo "$lt_cv_to_tool_file_cmd" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 $as_echo_n "checking for $LD option to reload object files... " >&6; } if ${lt_cv_ld_reload_flag+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_ld_reload_flag='-r' fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 $as_echo "$lt_cv_ld_reload_flag" >&6; } reload_flag=$lt_cv_ld_reload_flag case $reload_flag in "" | " "*) ;; *) reload_flag=" $reload_flag" ;; esac reload_cmds='$LD$reload_flag -o $output$reload_objs' case $host_os in cygwin* | mingw* | pw32* | cegcc*) if test yes != "$GCC"; then reload_cmds=false fi ;; darwin*) if test yes = "$GCC"; then reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs' else reload_cmds='$LD$reload_flag -o $output$reload_objs' fi ;; esac if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. set dummy ${ac_tool_prefix}objdump; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_OBJDUMP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OBJDUMP"; then ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi OBJDUMP=$ac_cv_prog_OBJDUMP if test -n "$OBJDUMP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 $as_echo "$OBJDUMP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_OBJDUMP"; then ac_ct_OBJDUMP=$OBJDUMP # Extract the first word of "objdump", so it can be a program name with args. set dummy objdump; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_OBJDUMP"; then ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OBJDUMP="objdump" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP if test -n "$ac_ct_OBJDUMP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 $as_echo "$ac_ct_OBJDUMP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_OBJDUMP" = x; then OBJDUMP="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OBJDUMP=$ac_ct_OBJDUMP fi else OBJDUMP="$ac_cv_prog_OBJDUMP" fi test -z "$OBJDUMP" && OBJDUMP=objdump { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 $as_echo_n "checking how to recognize dependent libraries... " >&6; } if ${lt_cv_deplibs_check_method+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_file_magic_cmd='$MAGIC_CMD' lt_cv_file_magic_test_file= lt_cv_deplibs_check_method='unknown' # Need to set the preceding variable on all platforms that support # interlibrary dependencies. # 'none' -- dependencies not supported. # 'unknown' -- same as none, but documents that we really don't know. # 'pass_all' -- all dependencies passed with no checks. # 'test_compile' -- check by making test program. # 'file_magic [[regex]]' -- check by looking for files in library path # that responds to the $file_magic_cmd with a given extended regex. # If you have 'file' or equivalent on your system and you're not sure # whether 'pass_all' will *always* work, you probably want this one. case $host_os in aix[4-9]*) lt_cv_deplibs_check_method=pass_all ;; beos*) lt_cv_deplibs_check_method=pass_all ;; bsdi[45]*) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)' lt_cv_file_magic_cmd='/usr/bin/file -L' lt_cv_file_magic_test_file=/shlib/libc.so ;; cygwin*) # func_win32_libid is a shell function defined in ltmain.sh lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' ;; mingw* | pw32*) # Base MSYS/MinGW do not provide the 'file' command needed by # func_win32_libid shell function, so use a weaker test based on 'objdump', # unless we find 'file', for example because we are cross-compiling. if ( file / ) >/dev/null 2>&1; then lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' else # Keep this pattern in sync with the one in func_win32_libid. lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' lt_cv_file_magic_cmd='$OBJDUMP -f' fi ;; cegcc*) # use the weaker test based on 'objdump'. See mingw*. lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' lt_cv_file_magic_cmd='$OBJDUMP -f' ;; darwin* | rhapsody*) lt_cv_deplibs_check_method=pass_all ;; freebsd* | dragonfly*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then case $host_cpu in i*86 ) # Not sure whether the presence of OpenBSD here was a mistake. # Let's accept both of them until this is cleared up. lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` ;; esac else lt_cv_deplibs_check_method=pass_all fi ;; haiku*) lt_cv_deplibs_check_method=pass_all ;; hpux10.20* | hpux11*) lt_cv_file_magic_cmd=/usr/bin/file case $host_cpu in ia64*) lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64' lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so ;; hppa*64*) lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]' lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl ;; *) lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9]\.[0-9]) shared library' lt_cv_file_magic_test_file=/usr/lib/libc.sl ;; esac ;; interix[3-9]*) # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$' ;; irix5* | irix6* | nonstopux*) case $LD in *-32|*"-32 ") libmagic=32-bit;; *-n32|*"-n32 ") libmagic=N32;; *-64|*"-64 ") libmagic=64-bit;; *) libmagic=never-match;; esac lt_cv_deplibs_check_method=pass_all ;; # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) lt_cv_deplibs_check_method=pass_all ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$' fi ;; newos6*) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=/usr/lib/libnls.so ;; *nto* | *qnx*) lt_cv_deplibs_check_method=pass_all ;; openbsd* | bitrig*) if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' fi ;; osf3* | osf4* | osf5*) lt_cv_deplibs_check_method=pass_all ;; rdos*) lt_cv_deplibs_check_method=pass_all ;; solaris*) lt_cv_deplibs_check_method=pass_all ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) lt_cv_deplibs_check_method=pass_all ;; sysv4 | sysv4.3*) case $host_vendor in motorola) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]' lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` ;; ncr) lt_cv_deplibs_check_method=pass_all ;; sequent) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )' ;; sni) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib" lt_cv_file_magic_test_file=/lib/libc.so ;; siemens) lt_cv_deplibs_check_method=pass_all ;; pc) lt_cv_deplibs_check_method=pass_all ;; esac ;; tpf*) lt_cv_deplibs_check_method=pass_all ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 $as_echo "$lt_cv_deplibs_check_method" >&6; } file_magic_glob= want_nocaseglob=no if test "$build" = "$host"; then case $host_os in mingw* | pw32*) if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then want_nocaseglob=yes else file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[\1]\/[\1]\/g;/g"` fi ;; esac fi file_magic_cmd=$lt_cv_file_magic_cmd deplibs_check_method=$lt_cv_deplibs_check_method test -z "$deplibs_check_method" && deplibs_check_method=unknown if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args. set dummy ${ac_tool_prefix}dlltool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_DLLTOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$DLLTOOL"; then ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi DLLTOOL=$ac_cv_prog_DLLTOOL if test -n "$DLLTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5 $as_echo "$DLLTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_DLLTOOL"; then ac_ct_DLLTOOL=$DLLTOOL # Extract the first word of "dlltool", so it can be a program name with args. set dummy dlltool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_DLLTOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_DLLTOOL"; then ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DLLTOOL="dlltool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL if test -n "$ac_ct_DLLTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5 $as_echo "$ac_ct_DLLTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_DLLTOOL" = x; then DLLTOOL="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DLLTOOL=$ac_ct_DLLTOOL fi else DLLTOOL="$ac_cv_prog_DLLTOOL" fi test -z "$DLLTOOL" && DLLTOOL=dlltool { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5 $as_echo_n "checking how to associate runtime and link libraries... " >&6; } if ${lt_cv_sharedlib_from_linklib_cmd+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_sharedlib_from_linklib_cmd='unknown' case $host_os in cygwin* | mingw* | pw32* | cegcc*) # two different shell functions defined in ltmain.sh; # decide which one to use based on capabilities of $DLLTOOL case `$DLLTOOL --help 2>&1` in *--identify-strict*) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib ;; *) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback ;; esac ;; *) # fallback: assume linklib IS sharedlib lt_cv_sharedlib_from_linklib_cmd=$ECHO ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5 $as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; } sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO if test -n "$ac_tool_prefix"; then for ac_prog in ar do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_AR+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$AR"; then ac_cv_prog_AR="$AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AR="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AR=$ac_cv_prog_AR if test -n "$AR"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 $as_echo "$AR" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$AR" && break done fi if test -z "$AR"; then ac_ct_AR=$AR for ac_prog in ar do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_AR+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_AR"; then ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_AR="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_AR=$ac_cv_prog_ac_ct_AR if test -n "$ac_ct_AR"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 $as_echo "$ac_ct_AR" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_AR" && break done if test "x$ac_ct_AR" = x; then AR="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac AR=$ac_ct_AR fi fi : ${AR=ar} : ${AR_FLAGS=cru} { $as_echo "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5 $as_echo_n "checking for archiver @FILE support... " >&6; } if ${lt_cv_ar_at_file+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_ar_at_file=no cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : echo conftest.$ac_objext > conftest.lst lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5' { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 (eval $lt_ar_try) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if test 0 -eq "$ac_status"; then # Ensure the archiver fails upon bogus file names. rm -f conftest.$ac_objext libconftest.a { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 (eval $lt_ar_try) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if test 0 -ne "$ac_status"; then lt_cv_ar_at_file=@ fi fi rm -f conftest.* libconftest.a fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 $as_echo "$lt_cv_ar_at_file" >&6; } if test no = "$lt_cv_ar_at_file"; then archiver_list_spec= else archiver_list_spec=$lt_cv_ar_at_file fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 $as_echo "$STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_STRIP"; then ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_STRIP="strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 $as_echo "$ac_ct_STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_STRIP" = x; then STRIP=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac STRIP=$ac_ct_STRIP fi else STRIP="$ac_cv_prog_STRIP" fi test -z "$STRIP" && STRIP=: if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_RANLIB+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 $as_echo "$RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_RANLIB"; then ac_ct_RANLIB=$RANLIB # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_RANLIB="ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 $as_echo "$ac_ct_RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_RANLIB" = x; then RANLIB=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac RANLIB=$ac_ct_RANLIB fi else RANLIB="$ac_cv_prog_RANLIB" fi test -z "$RANLIB" && RANLIB=: # Determine commands to create old-style static archives. old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' old_postinstall_cmds='chmod 644 $oldlib' old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in bitrig* | openbsd*) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" ;; *) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" ;; esac old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" fi case $host_os in darwin*) lock_old_archive_extraction=yes ;; *) lock_old_archive_extraction=no ;; esac for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_AWK+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AWK="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 $as_echo "$AWK" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$AWK" && break done # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC # Check for command to grab the raw symbol name followed by C symbol from nm. { $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 $as_echo_n "checking command to parse $NM output from $compiler object... " >&6; } if ${lt_cv_sys_global_symbol_pipe+:} false; then : $as_echo_n "(cached) " >&6 else # These are sane defaults that work on at least a few old systems. # [They come from Ultrix. What could be older than Ultrix?!! ;)] # Character class describing NM global symbol codes. symcode='[BCDEGRST]' # Regexp to match symbols that can be accessed directly from C. sympat='\([_A-Za-z][_A-Za-z0-9]*\)' # Define system-specific variables. case $host_os in aix*) symcode='[BCDT]' ;; cygwin* | mingw* | pw32* | cegcc*) symcode='[ABCDGISTW]' ;; hpux*) if test ia64 = "$host_cpu"; then symcode='[ABCDEGRST]' fi ;; irix* | nonstopux*) symcode='[BCDEGRST]' ;; osf*) symcode='[BCDEGQRST]' ;; solaris*) symcode='[BDRT]' ;; sco3.2v5*) symcode='[DT]' ;; sysv4.2uw2*) symcode='[DT]' ;; sysv5* | sco5v6* | unixware* | OpenUNIX*) symcode='[ABDT]' ;; sysv4) symcode='[DFNSTU]' ;; esac # If we're using GNU nm, then use its standard symbol codes. case `$NM -V 2>&1` in *GNU* | *'with BFD'*) symcode='[ABCDGIRSTW]' ;; esac if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Gets list of data symbols to import. lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'" # Adjust the below global symbol transforms to fixup imported variables. lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'" lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'" lt_c_name_lib_hook="\ -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\ -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'" else # Disable hooks by default. lt_cv_sys_global_symbol_to_import= lt_cdecl_hook= lt_c_name_hook= lt_c_name_lib_hook= fi # Transform an extracted symbol line into a proper C declaration. # Some systems (esp. on ia64) link data and code symbols differently, # so use this general approach. lt_cv_sys_global_symbol_to_cdecl="sed -n"\ $lt_cdecl_hook\ " -e 's/^T .* \(.*\)$/extern int \1();/p'"\ " -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'" # Transform an extracted symbol line into symbol name and symbol address lt_cv_sys_global_symbol_to_c_name_address="sed -n"\ $lt_c_name_hook\ " -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ " -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'" # Transform an extracted symbol line into symbol name with lib prefix and # symbol address. lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\ $lt_c_name_lib_hook\ " -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ " -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\ " -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'" # Handle CRLF in mingw tool chain opt_cr= case $build_os in mingw*) opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp ;; esac # Try without a prefix underscore, then with it. for ac_symprfx in "" "_"; do # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. symxfrm="\\1 $ac_symprfx\\2 \\2" # Write the raw and C identifiers. if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Fake it for dumpbin and say T for any non-static function, # D for any global variable and I for any imported variable. # Also find C++ and __fastcall symbols from MSVC++, # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK '"\ " {last_section=section; section=\$ 3};"\ " /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ " /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ " /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\ " /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\ " /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\ " \$ 0!~/External *\|/{next};"\ " / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ " {if(hide[section]) next};"\ " {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\ " {split(\$ 0,a,/\||\r/); split(a[2],s)};"\ " s[1]~/^[@?]/{print f,s[1],s[1]; next};"\ " s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\ " ' prfx=^$ac_symprfx" else lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" fi lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" # Check to see that the pipe works correctly. pipe_works=no rm -f conftest* cat > conftest.$ac_ext <<_LT_EOF #ifdef __cplusplus extern "C" { #endif char nm_test_var; void nm_test_func(void); void nm_test_func(void){} #ifdef __cplusplus } #endif int main(){nm_test_var='a';nm_test_func();return(0);} _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then # Now try to grab the symbols. nlist=conftest.nm if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5 (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" else rm -f "$nlist"T fi # Make sure that we snagged all the symbols we need. if $GREP ' nm_test_var$' "$nlist" >/dev/null; then if $GREP ' nm_test_func$' "$nlist" >/dev/null; then cat <<_LT_EOF > conftest.$ac_ext /* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ #if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE /* DATA imports from DLLs on WIN32 can't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */ # define LT_DLSYM_CONST #elif defined __osf__ /* This system does not cope well with relocations in const data. */ # define LT_DLSYM_CONST #else # define LT_DLSYM_CONST const #endif #ifdef __cplusplus extern "C" { #endif _LT_EOF # Now generate the symbol file. eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' cat <<_LT_EOF >> conftest.$ac_ext /* The mapping between symbol names and symbols. */ LT_DLSYM_CONST struct { const char *name; void *address; } lt__PROGRAM__LTX_preloaded_symbols[] = { { "@PROGRAM@", (void *) 0 }, _LT_EOF $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext cat <<\_LT_EOF >> conftest.$ac_ext {0, (void *) 0} }; /* This works around a problem in FreeBSD linker */ #ifdef FREEBSD_WORKAROUND static const void *lt_preloaded_setup() { return lt__PROGRAM__LTX_preloaded_symbols; } #endif #ifdef __cplusplus } #endif _LT_EOF # Now try linking the two files. mv conftest.$ac_objext conftstm.$ac_objext lt_globsym_save_LIBS=$LIBS lt_globsym_save_CFLAGS=$CFLAGS LIBS=conftstm.$ac_objext CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag" if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s conftest$ac_exeext; then pipe_works=yes fi LIBS=$lt_globsym_save_LIBS CFLAGS=$lt_globsym_save_CFLAGS else echo "cannot find nm_test_func in $nlist" >&5 fi else echo "cannot find nm_test_var in $nlist" >&5 fi else echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5 fi else echo "$progname: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -rf conftest* conftst* # Do not use the global_symbol_pipe unless it works. if test yes = "$pipe_works"; then break else lt_cv_sys_global_symbol_pipe= fi done fi if test -z "$lt_cv_sys_global_symbol_pipe"; then lt_cv_sys_global_symbol_to_cdecl= fi if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 $as_echo "failed" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 $as_echo "ok" >&6; } fi # Response file support. if test "$lt_cv_nm_interface" = "MS dumpbin"; then nm_file_list_spec='@' elif $NM --help 2>/dev/null | grep '[@]FILE' >/dev/null; then nm_file_list_spec='@' fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5 $as_echo_n "checking for sysroot... " >&6; } # Check whether --with-sysroot was given. if test "${with_sysroot+set}" = set; then : withval=$with_sysroot; else with_sysroot=no fi lt_sysroot= case $with_sysroot in #( yes) if test yes = "$GCC"; then lt_sysroot=`$CC --print-sysroot 2>/dev/null` fi ;; #( /*) lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` ;; #( no|'') ;; #( *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5 $as_echo "$with_sysroot" >&6; } as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5 ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5 $as_echo "${lt_sysroot:-no}" >&6; } # Check whether --enable-libtool-lock was given. if test "${enable_libtool_lock+set}" = set; then : enableval=$enable_libtool_lock; fi test no = "$enable_libtool_lock" || enable_libtool_lock=yes # Some flags need to be propagated to the compiler or linker for good # libtool support. case $host in ia64-*-hpux*) # Find out what ABI is being produced by ac_compile, and set mode # options accordingly. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.$ac_objext` in *ELF-32*) HPUX_IA64_MODE=32 ;; *ELF-64*) HPUX_IA64_MODE=64 ;; esac fi rm -rf conftest* ;; *-*-irix6*) # Find out what ABI is being produced by ac_compile, and set linker # options accordingly. echo '#line '$LINENO' "configure"' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then if test yes = "$lt_cv_prog_gnu_ld"; then case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -melf32bsmip" ;; *N32*) LD="${LD-ld} -melf32bmipn32" ;; *64-bit*) LD="${LD-ld} -melf64bmip" ;; esac else case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -32" ;; *N32*) LD="${LD-ld} -n32" ;; *64-bit*) LD="${LD-ld} -64" ;; esac fi fi rm -rf conftest* ;; mips64*-*linux*) # Find out what ABI is being produced by ac_compile, and set linker # options accordingly. echo '#line '$LINENO' "configure"' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then emul=elf case `/usr/bin/file conftest.$ac_objext` in *32-bit*) emul="${emul}32" ;; *64-bit*) emul="${emul}64" ;; esac case `/usr/bin/file conftest.$ac_objext` in *MSB*) emul="${emul}btsmip" ;; *LSB*) emul="${emul}ltsmip" ;; esac case `/usr/bin/file conftest.$ac_objext` in *N32*) emul="${emul}n32" ;; esac LD="${LD-ld} -m $emul" fi rm -rf conftest* ;; x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) # Find out what ABI is being produced by ac_compile, and set linker # options accordingly. Note that the listed cases only cover the # situations where additional linker options are needed (such as when # doing 32-bit compilation for a host where ld defaults to 64-bit, or # vice versa); the common cases where no linker options are needed do # not appear in the list. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.o` in *32-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_i386_fbsd" ;; x86_64-*linux*) case `/usr/bin/file conftest.o` in *x86-64*) LD="${LD-ld} -m elf32_x86_64" ;; *) LD="${LD-ld} -m elf_i386" ;; esac ;; powerpc64le-*linux*) LD="${LD-ld} -m elf32lppclinux" ;; powerpc64-*linux*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) LD="${LD-ld} -m elf_s390" ;; sparc64-*linux*) LD="${LD-ld} -m elf32_sparc" ;; esac ;; *64-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_x86_64_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; powerpcle-*linux*) LD="${LD-ld} -m elf64lppc" ;; powerpc-*linux*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) LD="${LD-ld} -m elf64_s390" ;; sparc*-*linux*) LD="${LD-ld} -m elf64_sparc" ;; esac ;; esac fi rm -rf conftest* ;; *-*-sco3.2v5*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. SAVE_CFLAGS=$CFLAGS CFLAGS="$CFLAGS -belf" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 $as_echo_n "checking whether the C compiler needs -belf... " >&6; } if ${lt_cv_cc_needs_belf+:} false; then : $as_echo_n "(cached) " >&6 else ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_cv_cc_needs_belf=yes else lt_cv_cc_needs_belf=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 $as_echo "$lt_cv_cc_needs_belf" >&6; } if test yes != "$lt_cv_cc_needs_belf"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf CFLAGS=$SAVE_CFLAGS fi ;; *-*solaris*) # Find out what ABI is being produced by ac_compile, and set linker # options accordingly. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in yes*) case $host in i?86-*-solaris*|x86_64-*-solaris*) LD="${LD-ld} -m elf_x86_64" ;; sparc*-*-solaris*) LD="${LD-ld} -m elf64_sparc" ;; esac # GNU ld 2.21 introduced _sol2 emulations. Use them if available. if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then LD=${LD-ld}_sol2 fi ;; *) if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then LD="${LD-ld} -64" fi ;; esac ;; esac fi rm -rf conftest* ;; esac need_locks=$enable_libtool_lock if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args. set dummy ${ac_tool_prefix}mt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_MANIFEST_TOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$MANIFEST_TOOL"; then ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL if test -n "$MANIFEST_TOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5 $as_echo "$MANIFEST_TOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_MANIFEST_TOOL"; then ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL # Extract the first word of "mt", so it can be a program name with args. set dummy mt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_MANIFEST_TOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_MANIFEST_TOOL"; then ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_MANIFEST_TOOL="mt" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL if test -n "$ac_ct_MANIFEST_TOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5 $as_echo "$ac_ct_MANIFEST_TOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_MANIFEST_TOOL" = x; then MANIFEST_TOOL=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL fi else MANIFEST_TOOL="$ac_cv_prog_MANIFEST_TOOL" fi test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5 $as_echo_n "checking if $MANIFEST_TOOL is a manifest tool... " >&6; } if ${lt_cv_path_mainfest_tool+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_path_mainfest_tool=no echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5 $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out cat conftest.err >&5 if $GREP 'Manifest Tool' conftest.out > /dev/null; then lt_cv_path_mainfest_tool=yes fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 $as_echo "$lt_cv_path_mainfest_tool" >&6; } if test yes != "$lt_cv_path_mainfest_tool"; then MANIFEST_TOOL=: fi case $host_os in rhapsody* | darwin*) if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args. set dummy ${ac_tool_prefix}dsymutil; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_DSYMUTIL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$DSYMUTIL"; then ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi DSYMUTIL=$ac_cv_prog_DSYMUTIL if test -n "$DSYMUTIL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 $as_echo "$DSYMUTIL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_DSYMUTIL"; then ac_ct_DSYMUTIL=$DSYMUTIL # Extract the first word of "dsymutil", so it can be a program name with args. set dummy dsymutil; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_DSYMUTIL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_DSYMUTIL"; then ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DSYMUTIL="dsymutil" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL if test -n "$ac_ct_DSYMUTIL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 $as_echo "$ac_ct_DSYMUTIL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_DSYMUTIL" = x; then DSYMUTIL=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DSYMUTIL=$ac_ct_DSYMUTIL fi else DSYMUTIL="$ac_cv_prog_DSYMUTIL" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args. set dummy ${ac_tool_prefix}nmedit; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_NMEDIT+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$NMEDIT"; then ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi NMEDIT=$ac_cv_prog_NMEDIT if test -n "$NMEDIT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 $as_echo "$NMEDIT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_NMEDIT"; then ac_ct_NMEDIT=$NMEDIT # Extract the first word of "nmedit", so it can be a program name with args. set dummy nmedit; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_NMEDIT+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_NMEDIT"; then ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_NMEDIT="nmedit" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT if test -n "$ac_ct_NMEDIT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 $as_echo "$ac_ct_NMEDIT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_NMEDIT" = x; then NMEDIT=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac NMEDIT=$ac_ct_NMEDIT fi else NMEDIT="$ac_cv_prog_NMEDIT" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args. set dummy ${ac_tool_prefix}lipo; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_LIPO+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$LIPO"; then ac_cv_prog_LIPO="$LIPO" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_LIPO="${ac_tool_prefix}lipo" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi LIPO=$ac_cv_prog_LIPO if test -n "$LIPO"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 $as_echo "$LIPO" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_LIPO"; then ac_ct_LIPO=$LIPO # Extract the first word of "lipo", so it can be a program name with args. set dummy lipo; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_LIPO+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_LIPO"; then ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_LIPO="lipo" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO if test -n "$ac_ct_LIPO"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 $as_echo "$ac_ct_LIPO" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_LIPO" = x; then LIPO=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac LIPO=$ac_ct_LIPO fi else LIPO="$ac_cv_prog_LIPO" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args. set dummy ${ac_tool_prefix}otool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_OTOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OTOOL"; then ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_OTOOL="${ac_tool_prefix}otool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi OTOOL=$ac_cv_prog_OTOOL if test -n "$OTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 $as_echo "$OTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_OTOOL"; then ac_ct_OTOOL=$OTOOL # Extract the first word of "otool", so it can be a program name with args. set dummy otool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_OTOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_OTOOL"; then ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OTOOL="otool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL if test -n "$ac_ct_OTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 $as_echo "$ac_ct_OTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_OTOOL" = x; then OTOOL=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OTOOL=$ac_ct_OTOOL fi else OTOOL="$ac_cv_prog_OTOOL" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args. set dummy ${ac_tool_prefix}otool64; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_OTOOL64+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OTOOL64"; then ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi OTOOL64=$ac_cv_prog_OTOOL64 if test -n "$OTOOL64"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 $as_echo "$OTOOL64" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_OTOOL64"; then ac_ct_OTOOL64=$OTOOL64 # Extract the first word of "otool64", so it can be a program name with args. set dummy otool64; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_OTOOL64+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_OTOOL64"; then ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OTOOL64="otool64" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64 if test -n "$ac_ct_OTOOL64"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 $as_echo "$ac_ct_OTOOL64" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_OTOOL64" = x; then OTOOL64=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OTOOL64=$ac_ct_OTOOL64 fi else OTOOL64="$ac_cv_prog_OTOOL64" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 $as_echo_n "checking for -single_module linker flag... " >&6; } if ${lt_cv_apple_cc_single_mod+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_apple_cc_single_mod=no if test -z "$LT_MULTI_MODULE"; then # By default we will add the -single_module flag. You can override # by either setting the environment variable LT_MULTI_MODULE # non-empty at configure time, or by adding -multi_module to the # link flags. rm -rf libconftest.dylib* echo "int foo(void){return 1;}" > conftest.c echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c" >&5 $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err _lt_result=$? # If there is a non-empty error log, and "single_module" # appears in it, assume the flag caused a linker warning if test -s conftest.err && $GREP single_module conftest.err; then cat conftest.err >&5 # Otherwise, if the output was created with a 0 exit code from # the compiler, it worked. elif test -f libconftest.dylib && test 0 = "$_lt_result"; then lt_cv_apple_cc_single_mod=yes else cat conftest.err >&5 fi rm -rf libconftest.dylib* rm -f conftest.* fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 $as_echo "$lt_cv_apple_cc_single_mod" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 $as_echo_n "checking for -exported_symbols_list linker flag... " >&6; } if ${lt_cv_ld_exported_symbols_list+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_ld_exported_symbols_list=no save_LDFLAGS=$LDFLAGS echo "_main" > conftest.sym LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_cv_ld_exported_symbols_list=yes else lt_cv_ld_exported_symbols_list=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$save_LDFLAGS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 $as_echo "$lt_cv_ld_exported_symbols_list" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5 $as_echo_n "checking for -force_load linker flag... " >&6; } if ${lt_cv_ld_force_load+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_ld_force_load=no cat > conftest.c << _LT_EOF int forced_loaded() { return 2;} _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5 $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5 echo "$AR cru libconftest.a conftest.o" >&5 $AR cru libconftest.a conftest.o 2>&5 echo "$RANLIB libconftest.a" >&5 $RANLIB libconftest.a 2>&5 cat > conftest.c << _LT_EOF int main() { return 0;} _LT_EOF echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5 $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err _lt_result=$? if test -s conftest.err && $GREP force_load conftest.err; then cat conftest.err >&5 elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then lt_cv_ld_force_load=yes else cat conftest.err >&5 fi rm -f conftest.err libconftest.a conftest conftest.c rm -rf conftest.dSYM fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5 $as_echo "$lt_cv_ld_force_load" >&6; } case $host_os in rhapsody* | darwin1.[012]) _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; darwin1.*) _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; darwin*) # darwin 5.x on # if running on 10.5 or later, the deployment target defaults # to the OS version, if on x86, and 10.4, the deployment # target defaults to 10.4. Don't you love it? case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in 10.0,*86*-darwin8*|10.0,*-darwin[91]*) _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; 10.[012]*) _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; 10.*) _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; esac ;; esac if test yes = "$lt_cv_apple_cc_single_mod"; then _lt_dar_single_mod='$single_module' fi if test yes = "$lt_cv_ld_exported_symbols_list"; then _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' else _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib' fi if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then _lt_dsymutil='~$DSYMUTIL $lib || :' else _lt_dsymutil= fi ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if ${ac_cv_header_stdc+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdc=yes else ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : : else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then $as_echo "#define STDC_HEADERS 1" >>confdefs.h fi # On IRIX 5.3, sys/types and inttypes.h are conflicting. for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ inttypes.h stdint.h unistd.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in dlfcn.h do : ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default " if test "x$ac_cv_header_dlfcn_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_DLFCN_H 1 _ACEOF fi done # Set options enable_dlopen=yes enable_win32_dll=no # Check whether --enable-shared was given. if test "${enable_shared+set}" = set; then : enableval=$enable_shared; p=${PACKAGE-default} case $enableval in yes) enable_shared=yes ;; no) enable_shared=no ;; *) enable_shared=no # Look at the argument we got. We use all the common list separators. lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for pkg in $enableval; do IFS=$lt_save_ifs if test "X$pkg" = "X$p"; then enable_shared=yes fi done IFS=$lt_save_ifs ;; esac else enable_shared=yes fi # Check whether --enable-static was given. if test "${enable_static+set}" = set; then : enableval=$enable_static; p=${PACKAGE-default} case $enableval in yes) enable_static=yes ;; no) enable_static=no ;; *) enable_static=no # Look at the argument we got. We use all the common list separators. lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for pkg in $enableval; do IFS=$lt_save_ifs if test "X$pkg" = "X$p"; then enable_static=yes fi done IFS=$lt_save_ifs ;; esac else enable_static=yes fi # Check whether --with-pic was given. if test "${with_pic+set}" = set; then : withval=$with_pic; lt_p=${PACKAGE-default} case $withval in yes|no) pic_mode=$withval ;; *) pic_mode=default # Look at the argument we got. We use all the common list separators. lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for lt_pkg in $withval; do IFS=$lt_save_ifs if test "X$lt_pkg" = "X$lt_p"; then pic_mode=yes fi done IFS=$lt_save_ifs ;; esac else pic_mode=default fi # Check whether --enable-fast-install was given. if test "${enable_fast_install+set}" = set; then : enableval=$enable_fast_install; p=${PACKAGE-default} case $enableval in yes) enable_fast_install=yes ;; no) enable_fast_install=no ;; *) enable_fast_install=no # Look at the argument we got. We use all the common list separators. lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for pkg in $enableval; do IFS=$lt_save_ifs if test "X$pkg" = "X$p"; then enable_fast_install=yes fi done IFS=$lt_save_ifs ;; esac else enable_fast_install=yes fi # This can be used to rebuild libtool when needed LIBTOOL_DEPS=$ltmain # Always use our own libtool. LIBTOOL='$(SHELL) $(top_builddir)/libtool' test -z "$LN_S" && LN_S="ln -s" if test -n "${ZSH_VERSION+set}"; then setopt NO_GLOB_SUBST fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 $as_echo_n "checking for objdir... " >&6; } if ${lt_cv_objdir+:} false; then : $as_echo_n "(cached) " >&6 else rm -f .libs 2>/dev/null mkdir .libs 2>/dev/null if test -d .libs; then lt_cv_objdir=.libs else # MS-DOS does not allow filenames that begin with a dot. lt_cv_objdir=_libs fi rmdir .libs 2>/dev/null fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 $as_echo "$lt_cv_objdir" >&6; } objdir=$lt_cv_objdir cat >>confdefs.h <<_ACEOF #define LT_OBJDIR "$lt_cv_objdir/" _ACEOF case $host_os in aix3*) # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test set != "${COLLECT_NAMES+set}"; then COLLECT_NAMES= export COLLECT_NAMES fi ;; esac # Global variables: ofile=libtool can_build_shared=yes # All known linkers require a '.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a with_gnu_ld=$lt_cv_prog_gnu_ld old_CC=$CC old_CFLAGS=$CFLAGS # Set sane defaults for various variables test -z "$CC" && CC=cc test -z "$LTCC" && LTCC=$CC test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS test -z "$LD" && LD=ld test -z "$ac_objext" && ac_objext=o for cc_temp in $compiler""; do case $cc_temp in compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` # Only perform the check for file, if the check method requires it test -z "$MAGIC_CMD" && MAGIC_CMD=file case $deplibs_check_method in file_magic*) if test "$file_magic_cmd" = '$MAGIC_CMD'; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 $as_echo_n "checking for ${ac_tool_prefix}file... " >&6; } if ${lt_cv_path_MAGIC_CMD+:} false; then : $as_echo_n "(cached) " >&6 else case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. ;; *) lt_save_MAGIC_CMD=$MAGIC_CMD lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" for ac_dir in $ac_dummy; do IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/${ac_tool_prefix}file"; then lt_cv_path_MAGIC_CMD=$ac_dir/"${ac_tool_prefix}file" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` MAGIC_CMD=$lt_cv_path_MAGIC_CMD if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : else cat <<_LT_EOF 1>&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. *** The result is that libtool may fail to recognize shared libraries *** as such. This will affect the creation of libtool libraries that *** depend on shared libraries, but programs linked with such libtool *** libraries will work regardless of this problem. Nevertheless, you *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org _LT_EOF fi ;; esac fi break fi done IFS=$lt_save_ifs MAGIC_CMD=$lt_save_MAGIC_CMD ;; esac fi MAGIC_CMD=$lt_cv_path_MAGIC_CMD if test -n "$MAGIC_CMD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 $as_echo "$MAGIC_CMD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test -z "$lt_cv_path_MAGIC_CMD"; then if test -n "$ac_tool_prefix"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5 $as_echo_n "checking for file... " >&6; } if ${lt_cv_path_MAGIC_CMD+:} false; then : $as_echo_n "(cached) " >&6 else case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. ;; *) lt_save_MAGIC_CMD=$MAGIC_CMD lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" for ac_dir in $ac_dummy; do IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/file"; then lt_cv_path_MAGIC_CMD=$ac_dir/"file" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` MAGIC_CMD=$lt_cv_path_MAGIC_CMD if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : else cat <<_LT_EOF 1>&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. *** The result is that libtool may fail to recognize shared libraries *** as such. This will affect the creation of libtool libraries that *** depend on shared libraries, but programs linked with such libtool *** libraries will work regardless of this problem. Nevertheless, you *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org _LT_EOF fi ;; esac fi break fi done IFS=$lt_save_ifs MAGIC_CMD=$lt_save_MAGIC_CMD ;; esac fi MAGIC_CMD=$lt_cv_path_MAGIC_CMD if test -n "$MAGIC_CMD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 $as_echo "$MAGIC_CMD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi else MAGIC_CMD=: fi fi fi ;; esac # Use C for the default configuration in the libtool script lt_save_CC=$CC ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu # Source file extension for C test sources. ac_ext=c # Object file extension for compiled C test sources. objext=o objext=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests lt_simple_link_test_code='int main(){return(0);}' # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC # Save the default compiler, since it gets overwritten when the other # tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. compiler_DEFAULT=$CC # save warnings/boilerplate of simple test code ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" >conftest.$ac_ext eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_compiler_boilerplate=`cat conftest.err` $RM conftest* ac_outfile=conftest.$ac_objext echo "$lt_simple_link_test_code" >conftest.$ac_ext eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_linker_boilerplate=`cat conftest.err` $RM -r conftest* ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... if test -n "$compiler"; then lt_prog_compiler_no_builtin_flag= if test yes = "$GCC"; then case $cc_basename in nvcc*) lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;; *) lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 $as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } if ${lt_cv_prog_compiler_rtti_exceptions+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_rtti_exceptions=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-fno-rtti -fno-exceptions" ## exclude from sc_useless_quotes_in_assignment # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_rtti_exceptions=yes fi fi $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 $as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; } if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" else : fi fi lt_prog_compiler_wl= lt_prog_compiler_pic= lt_prog_compiler_static= if test yes = "$GCC"; then lt_prog_compiler_wl='-Wl,' lt_prog_compiler_static='-static' case $host_os in aix*) # All AIX code is PIC. if test ia64 = "$host_cpu"; then # AIX 5 now supports IA64 processor lt_prog_compiler_static='-Bstatic' fi lt_prog_compiler_pic='-fPIC' ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support lt_prog_compiler_pic='-fPIC' ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but # adding the '-m68020' flag to GCC prevents building anything better, # like '-m68040'. lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' ;; esac ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries lt_prog_compiler_pic='-DDLL_EXPORT' ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files lt_prog_compiler_pic='-fno-common' ;; haiku*) # PIC is the default for Haiku. # The "-static" flag exists, but is broken. lt_prog_compiler_static= ;; hpux*) # PIC is the default for 64-bit PA HP-UX, but not for 32-bit # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag # sets the default TLS model and affects inlining. case $host_cpu in hppa*64*) # +Z the default ;; *) lt_prog_compiler_pic='-fPIC' ;; esac ;; interix[3-9]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; msdosdjgpp*) # Just because we use GCC doesn't mean we suddenly get shared libraries # on systems that don't support them. lt_prog_compiler_can_build_shared=no enable_shared=no ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. lt_prog_compiler_pic='-fPIC -shared' ;; sysv4*MP*) if test -d /usr/nec; then lt_prog_compiler_pic=-Kconform_pic fi ;; *) lt_prog_compiler_pic='-fPIC' ;; esac case $cc_basename in nvcc*) # Cuda Compiler Driver 2.2 lt_prog_compiler_wl='-Xlinker ' if test -n "$lt_prog_compiler_pic"; then lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic" fi ;; esac else # PORTME Check for flag to pass linker flags through the system compiler. case $host_os in aix*) lt_prog_compiler_wl='-Wl,' if test ia64 = "$host_cpu"; then # AIX 5 now supports IA64 processor lt_prog_compiler_static='-Bstatic' else lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp' fi ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files lt_prog_compiler_pic='-fno-common' case $cc_basename in nagfor*) # NAG Fortran compiler lt_prog_compiler_wl='-Wl,-Wl,,' lt_prog_compiler_pic='-PIC' lt_prog_compiler_static='-Bstatic' ;; esac ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic='-DDLL_EXPORT' ;; hpux9* | hpux10* | hpux11*) lt_prog_compiler_wl='-Wl,' # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) lt_prog_compiler_pic='+Z' ;; esac # Is there a better lt_prog_compiler_static that works with the bundled CC? lt_prog_compiler_static='$wl-a ${wl}archive' ;; irix5* | irix6* | nonstopux*) lt_prog_compiler_wl='-Wl,' # PIC (with -KPIC) is the default. lt_prog_compiler_static='-non_shared' ;; linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) case $cc_basename in # old Intel for x86_64, which still supported -KPIC. ecc*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-static' ;; # icc used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. icc* | ifort*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fPIC' lt_prog_compiler_static='-static' ;; # Lahey Fortran 8.1. lf95*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='--shared' lt_prog_compiler_static='--static' ;; nagfor*) # NAG Fortran compiler lt_prog_compiler_wl='-Wl,-Wl,,' lt_prog_compiler_pic='-PIC' lt_prog_compiler_static='-Bstatic' ;; tcc*) # Fabrice Bellard et al's Tiny C Compiler lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fPIC' lt_prog_compiler_static='-static' ;; pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fpic' lt_prog_compiler_static='-Bstatic' ;; ccc*) lt_prog_compiler_wl='-Wl,' # All Alpha code is PIC. lt_prog_compiler_static='-non_shared' ;; xl* | bgxl* | bgf* | mpixl*) # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-qpic' lt_prog_compiler_static='-qstaticlink' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*) # Sun Fortran 8.3 passes all unrecognized flags to the linker lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' lt_prog_compiler_wl='' ;; *Sun\ F* | *Sun*Fortran*) lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' lt_prog_compiler_wl='-Qoption ld ' ;; *Sun\ C*) # Sun C 5.9 lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' lt_prog_compiler_wl='-Wl,' ;; *Intel*\ [CF]*Compiler*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fPIC' lt_prog_compiler_static='-static' ;; *Portland\ Group*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fpic' lt_prog_compiler_static='-Bstatic' ;; esac ;; esac ;; newsos6) lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. lt_prog_compiler_pic='-fPIC -shared' ;; osf3* | osf4* | osf5*) lt_prog_compiler_wl='-Wl,' # All OSF/1 code is PIC. lt_prog_compiler_static='-non_shared' ;; rdos*) lt_prog_compiler_static='-non_shared' ;; solaris*) lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' case $cc_basename in f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) lt_prog_compiler_wl='-Qoption ld ';; *) lt_prog_compiler_wl='-Wl,';; esac ;; sunos4*) lt_prog_compiler_wl='-Qoption ld ' lt_prog_compiler_pic='-PIC' lt_prog_compiler_static='-Bstatic' ;; sysv4 | sysv4.2uw2* | sysv4.3*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' ;; sysv4*MP*) if test -d /usr/nec; then lt_prog_compiler_pic='-Kconform_pic' lt_prog_compiler_static='-Bstatic' fi ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' ;; unicos*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_can_build_shared=no ;; uts4*) lt_prog_compiler_pic='-pic' lt_prog_compiler_static='-Bstatic' ;; *) lt_prog_compiler_can_build_shared=no ;; esac fi case $host_os in # For platforms that do not support PIC, -DPIC is meaningless: *djgpp*) lt_prog_compiler_pic= ;; *) lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC" ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 $as_echo_n "checking for $compiler option to produce PIC... " >&6; } if ${lt_cv_prog_compiler_pic+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_pic=$lt_prog_compiler_pic fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 $as_echo "$lt_cv_prog_compiler_pic" >&6; } lt_prog_compiler_pic=$lt_cv_prog_compiler_pic # # Check to make sure the PIC flag actually works. # if test -n "$lt_prog_compiler_pic"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 $as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } if ${lt_cv_prog_compiler_pic_works+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_pic_works=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="$lt_prog_compiler_pic -DPIC" ## exclude from sc_useless_quotes_in_assignment # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_pic_works=yes fi fi $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 $as_echo "$lt_cv_prog_compiler_pic_works" >&6; } if test yes = "$lt_cv_prog_compiler_pic_works"; then case $lt_prog_compiler_pic in "" | " "*) ;; *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; esac else lt_prog_compiler_pic= lt_prog_compiler_can_build_shared=no fi fi # # Check to make sure the static flag actually works. # wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 $as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } if ${lt_cv_prog_compiler_static_works+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_static_works=no save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS $lt_tmp_static_flag" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&5 $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_static_works=yes fi else lt_cv_prog_compiler_static_works=yes fi fi $RM -r conftest* LDFLAGS=$save_LDFLAGS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 $as_echo "$lt_cv_prog_compiler_static_works" >&6; } if test yes = "$lt_cv_prog_compiler_static_works"; then : else lt_prog_compiler_static= fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 $as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } if ${lt_cv_prog_compiler_c_o+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_c_o=no $RM -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then lt_cv_prog_compiler_c_o=yes fi fi chmod u+w . 2>&5 $RM conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files $RM out/* && rmdir out cd .. $RM -r conftest $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 $as_echo "$lt_cv_prog_compiler_c_o" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 $as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } if ${lt_cv_prog_compiler_c_o+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_c_o=no $RM -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then lt_cv_prog_compiler_c_o=yes fi fi chmod u+w . 2>&5 $RM conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files $RM out/* && rmdir out cd .. $RM -r conftest $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 $as_echo "$lt_cv_prog_compiler_c_o" >&6; } hard_links=nottested if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then # do not overwrite the value of need_locks provided by the user { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 $as_echo_n "checking if we can lock with hard links... " >&6; } hard_links=yes $RM conftest* ln conftest.a conftest.b 2>/dev/null && hard_links=no touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 $as_echo "$hard_links" >&6; } if test no = "$hard_links"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5 $as_echo "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;} need_locks=warn fi else need_locks=no fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 $as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } runpath_var= allow_undefined_flag= always_export_symbols=no archive_cmds= archive_expsym_cmds= compiler_needs_object=no enable_shared_with_static_runtimes=no export_dynamic_flag_spec= export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' hardcode_automatic=no hardcode_direct=no hardcode_direct_absolute=no hardcode_libdir_flag_spec= hardcode_libdir_separator= hardcode_minus_L=no hardcode_shlibpath_var=unsupported inherit_rpath=no link_all_deplibs=unknown module_cmds= module_expsym_cmds= old_archive_from_new_cmds= old_archive_from_expsyms_cmds= thread_safe_flag_spec= whole_archive_flag_spec= # include_expsyms should be a list of space-separated symbols to be *always* # included in the symbol list include_expsyms= # exclude_expsyms can be an extended regexp of symbols to exclude # it will be wrapped by ' (' and ')$', so one must not match beginning or # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc', # as well as any symbol that contains 'd'. exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if # the symbol is explicitly referenced. Since portable code cannot # rely on this symbol name, it's probably fine to never include it in # preloaded symbol tables. # Exclude shared library initialization/finalization symbols. extract_expsyms_cmds= case $host_os in cygwin* | mingw* | pw32* | cegcc*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. if test yes != "$GCC"; then with_gnu_ld=no fi ;; interix*) # we just hope/assume this is gcc and not c89 (= MSVC++) with_gnu_ld=yes ;; openbsd* | bitrig*) with_gnu_ld=no ;; esac ld_shlibs=yes # On some targets, GNU ld is compatible enough with the native linker # that we're better off using the native interface for both. lt_use_gnu_ld_interface=no if test yes = "$with_gnu_ld"; then case $host_os in aix*) # The AIX port of GNU ld has always aspired to compatibility # with the native linker. However, as the warning in the GNU ld # block says, versions before 2.19.5* couldn't really create working # shared libraries, regardless of the interface used. case `$LD -v 2>&1` in *\ \(GNU\ Binutils\)\ 2.19.5*) ;; *\ \(GNU\ Binutils\)\ 2.[2-9]*) ;; *\ \(GNU\ Binutils\)\ [3-9]*) ;; *) lt_use_gnu_ld_interface=yes ;; esac ;; *) lt_use_gnu_ld_interface=yes ;; esac fi if test yes = "$lt_use_gnu_ld_interface"; then # If archive_cmds runs LD, not CC, wlarc should be empty wlarc='$wl' # Set some defaults for GNU ld with shared library support. These # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' export_dynamic_flag_spec='$wl--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then whole_archive_flag_spec=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' else whole_archive_flag_spec= fi supports_anon_versioning=no case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in *GNU\ gold*) supports_anon_versioning=yes ;; *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... *\ 2.11.*) ;; # other 2.11 versions *) supports_anon_versioning=yes ;; esac # See if GNU ld supports shared libraries. case $host_os in aix[3-9]*) # On AIX/PPC, the GNU linker is very broken if test ia64 != "$host_cpu"; then ld_shlibs=no cat <<_LT_EOF 1>&2 *** Warning: the GNU linker, at least up to release 2.19, is reported *** to be unable to reliably create shared libraries on AIX. *** Therefore, libtool is disabling shared libraries support. If you *** really care for shared libraries, you may want to install binutils *** 2.20 or above, or modify your PATH so that a non-GNU linker is found. *** You will then need to restart the configuration process. _LT_EOF fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' archive_expsym_cmds='' ;; m68k) archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes ;; esac ;; beos*) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then allow_undefined_flag=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' else ld_shlibs=no fi ;; cygwin* | mingw* | pw32* | cegcc*) # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, # as there is no search path for DLLs. hardcode_libdir_flag_spec='-L$libdir' export_dynamic_flag_spec='$wl--export-all-symbols' allow_undefined_flag=unsupported always_export_symbols=no enable_shared_with_static_runtimes=yes export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols' exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname' if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file, use it as # is; otherwise, prepend EXPORTS... archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else ld_shlibs=no fi ;; haiku*) archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' link_all_deplibs=yes ;; interix[3-9]*) hardcode_direct=no hardcode_shlibpath_var=no hardcode_libdir_flag_spec='$wl-rpath,$libdir' export_dynamic_flag_spec='$wl-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) tmp_diet=no if test linux-dietlibc = "$host_os"; then case $cc_basename in diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) esac fi if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ && test no = "$tmp_diet" then tmp_addflag=' $pic_flag' tmp_sharedflag='-shared' case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' tmp_addflag=' $pic_flag' ;; pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group f77 and f90 compilers whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 tmp_addflag=' -i_dynamic -nofor_main' ;; ifc* | ifort*) # Intel Fortran compiler tmp_addflag=' -nofor_main' ;; lf95*) # Lahey Fortran 8.1 whole_archive_flag_spec= tmp_sharedflag='--shared' ;; nagfor*) # NAGFOR 5.3 tmp_sharedflag='-Wl,-shared' ;; xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below) tmp_sharedflag='-qmkshrobj' tmp_addflag= ;; nvcc*) # Cuda Compiler Driver 2.2 whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' compiler_needs_object=yes ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' compiler_needs_object=yes tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 tmp_sharedflag='-G' ;; esac archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' if test yes = "$supports_anon_versioning"; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' fi case $cc_basename in xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' if test yes = "$supports_anon_versioning"; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' fi ;; esac else ld_shlibs=no fi ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' fi ;; solaris*) if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then ld_shlibs=no cat <<_LT_EOF 1>&2 *** Warning: The releases 2.8.* of the GNU linker cannot reliably *** create shared libraries on Solaris systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.9.1 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) case `$LD -v 2>&1` in *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) ld_shlibs=no cat <<_LT_EOF 1>&2 *** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot *** reliably create shared libraries on SCO systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.16.91.0.3 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF ;; *) # For security reasons, it is highly recommended that you always # use absolute paths for naming shared libraries, and exclude the # DT_RUNPATH tag from executables and libraries. But doing so # requires that you compile everything twice, which is a pain. if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; esac ;; sunos4*) archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' wlarc= hardcode_direct=yes hardcode_shlibpath_var=no ;; *) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; esac if test no = "$ld_shlibs"; then runpath_var= hardcode_libdir_flag_spec= export_dynamic_flag_spec= whole_archive_flag_spec= fi else # PORTME fill in a description of your system's linker (not GNU ld) case $host_os in aix3*) allow_undefined_flag=unsupported always_export_symbols=yes archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. hardcode_minus_L=yes if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. hardcode_direct=unsupported fi ;; aix[4-9]*) if test ia64 = "$host_cpu"; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag= else # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm # Also, AIX nm treats weak defined symbols like other global # defined symbols, whereas GNU nm marks them as "W". if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) for ld_flag in $LDFLAGS; do if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then aix_use_runtimelinking=yes break fi done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. archive_cmds='' hardcode_direct=yes hardcode_direct_absolute=yes hardcode_libdir_separator=':' link_all_deplibs=yes file_list_spec='$wl-f,' if test yes = "$GCC"; then case $host_os in aix4.[012]|aix4.[012].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`$CC -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 hardcode_direct=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking hardcode_minus_L=yes hardcode_libdir_flag_spec='-L$libdir' hardcode_libdir_separator= fi ;; esac shared_flag='-shared' if test yes = "$aix_use_runtimelinking"; then shared_flag="$shared_flag "'$wl-G' fi else # not using gcc if test ia64 = "$host_cpu"; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test yes = "$aix_use_runtimelinking"; then shared_flag='$wl-G' else shared_flag='$wl-bM:SRE' fi fi fi export_dynamic_flag_spec='$wl-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. always_export_symbols=yes if test yes = "$aix_use_runtimelinking"; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. allow_undefined_flag='-berok' # Determine the default libpath from the value encoded in an # empty executable. if test set = "${lt_cv_aix_libpath+set}"; then aix_libpath=$lt_cv_aix_libpath else if ${lt_cv_aix_libpath_+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\([^ ]*\) *$/\1/ p } }' lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_=/usr/lib:/lib fi fi aix_libpath=$lt_cv_aix_libpath_ fi hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath" archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag else if test ia64 = "$host_cpu"; then hardcode_libdir_flag_spec='$wl-R $libdir:/usr/lib:/lib' allow_undefined_flag="-z nodefs" archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. if test set = "${lt_cv_aix_libpath+set}"; then aix_libpath=$lt_cv_aix_libpath else if ${lt_cv_aix_libpath_+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\([^ ]*\) *$/\1/ p } }' lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_=/usr/lib:/lib fi fi aix_libpath=$lt_cv_aix_libpath_ fi hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. no_undefined_flag=' $wl-bernotok' allow_undefined_flag=' $wl-berok' if test yes = "$with_gnu_ld"; then # We only use this code for GNU lds that support --whole-archive. whole_archive_flag_spec='$wl--whole-archive$convenience $wl--no-whole-archive' else # Exported symbols can be pulled into shared objects from archives whole_archive_flag_spec='$convenience' fi archive_cmds_need_lc=yes # This is similar to how AIX traditionally builds its shared libraries. archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $wl-bnoentry $compiler_flags $wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' archive_expsym_cmds='' ;; m68k) archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes ;; esac ;; bsdi[45]*) export_dynamic_flag_spec=-rdynamic ;; cygwin* | mingw* | pw32* | cegcc*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. case $cc_basename in cl*) # Native MSVC hardcode_libdir_flag_spec=' ' allow_undefined_flag=unsupported always_export_symbols=yes file_list_spec='@' # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=.dll # FIXME: Setting linknames here is a bad hack. archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then cp "$export_symbols" "$output_objdir/$soname.def"; echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; else $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; fi~ $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, )='true' enable_shared_with_static_runtimes=yes exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' # Don't use ranlib old_postinstall_cmds='chmod 644 $oldlib' postlink_cmds='lt_outputfile="@OUTPUT@"~ lt_tool_outputfile="@TOOL_OUTPUT@"~ case $lt_outputfile in *.exe|*.EXE) ;; *) lt_outputfile=$lt_outputfile.exe lt_tool_outputfile=$lt_tool_outputfile.exe ;; esac~ if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; $RM "$lt_outputfile.manifest"; fi' ;; *) # Assume MSVC wrapper hardcode_libdir_flag_spec=' ' allow_undefined_flag=unsupported # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=.dll # FIXME: Setting linknames here is a bad hack. archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. old_archive_from_new_cmds='true' # FIXME: Should let the user specify the lib program. old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs' enable_shared_with_static_runtimes=yes ;; esac ;; darwin* | rhapsody*) archive_cmds_need_lc=no hardcode_direct=no hardcode_automatic=yes hardcode_shlibpath_var=unsupported if test yes = "$lt_cv_ld_force_load"; then whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' else whole_archive_flag_spec='' fi link_all_deplibs=yes allow_undefined_flag=$_lt_dar_allow_undefined case $cc_basename in ifort*|nagfor*) _lt_dar_can_shared=yes ;; *) _lt_dar_can_shared=$GCC ;; esac if test yes = "$_lt_dar_can_shared"; then output_verbose_link_cmd=func_echo_all archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil" module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil" archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" else ld_shlibs=no fi ;; dgux*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec='-L$libdir' hardcode_shlibpath_var=no ;; # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor # support. Future versions do this automatically, but an explicit c++rt0.o # does not break anything, and helps significantly (at the cost of a little # extra space). freebsd2.2*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; # Unfortunately, older versions of FreeBSD 2 do not have this feature. freebsd2.*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes hardcode_minus_L=yes hardcode_shlibpath_var=no ;; # FreeBSD 3 and greater uses gcc -shared to do shared libraries. freebsd* | dragonfly*) archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; hpux9*) if test yes = "$GCC"; then archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' else archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' fi hardcode_libdir_flag_spec='$wl+b $wl$libdir' hardcode_libdir_separator=: hardcode_direct=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes export_dynamic_flag_spec='$wl-E' ;; hpux10*) if test yes,no = "$GCC,$with_gnu_ld"; then archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi if test no = "$with_gnu_ld"; then hardcode_libdir_flag_spec='$wl+b $wl$libdir' hardcode_libdir_separator=: hardcode_direct=yes hardcode_direct_absolute=yes export_dynamic_flag_spec='$wl-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes fi ;; hpux11*) if test yes,no = "$GCC,$with_gnu_ld"; then case $host_cpu in hppa*64*) archive_cmds='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac else case $host_cpu in hppa*64*) archive_cmds='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) archive_cmds='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) # Older versions of the 11.00 compiler do not understand -b yet # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5 $as_echo_n "checking if $CC understands -b... " >&6; } if ${lt_cv_prog_compiler__b+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler__b=no save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS -b" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&5 $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler__b=yes fi else lt_cv_prog_compiler__b=yes fi fi $RM -r conftest* LDFLAGS=$save_LDFLAGS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 $as_echo "$lt_cv_prog_compiler__b" >&6; } if test yes = "$lt_cv_prog_compiler__b"; then archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi ;; esac fi if test no = "$with_gnu_ld"; then hardcode_libdir_flag_spec='$wl+b $wl$libdir' hardcode_libdir_separator=: case $host_cpu in hppa*64*|ia64*) hardcode_direct=no hardcode_shlibpath_var=no ;; *) hardcode_direct=yes hardcode_direct_absolute=yes export_dynamic_flag_spec='$wl-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes ;; esac fi ;; irix5* | irix6* | nonstopux*) if test yes = "$GCC"; then archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' # Try to use the -exported_symbol ld option, if it does not # work, assume that -exports_file does not work either and # implicitly export all symbols. # This should be the same for all languages, so no per-tag cache variable. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5 $as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >&6; } if ${lt_cv_irix_exported_symbol+:} false; then : $as_echo_n "(cached) " >&6 else save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int foo (void) { return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_cv_irix_exported_symbol=yes else lt_cv_irix_exported_symbol=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$save_LDFLAGS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 $as_echo "$lt_cv_irix_exported_symbol" >&6; } if test yes = "$lt_cv_irix_exported_symbol"; then archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' fi else archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' fi archive_cmds_need_lc='no' hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' hardcode_libdir_separator=: inherit_rpath=yes link_all_deplibs=yes ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF fi hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; newsos6) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' hardcode_libdir_separator=: hardcode_shlibpath_var=no ;; *nto* | *qnx*) ;; openbsd* | bitrig*) if test -f /usr/libexec/ld.so; then hardcode_direct=yes hardcode_shlibpath_var=no hardcode_direct_absolute=yes if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols' hardcode_libdir_flag_spec='$wl-rpath,$libdir' export_dynamic_flag_spec='$wl-E' else archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' hardcode_libdir_flag_spec='$wl-rpath,$libdir' fi else ld_shlibs=no fi ;; os2*) hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes allow_undefined_flag=unsupported archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' ;; osf3*) if test yes = "$GCC"; then allow_undefined_flag=' $wl-expect_unresolved $wl\*' archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' else allow_undefined_flag=' -expect_unresolved \*' archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' fi archive_cmds_need_lc='no' hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' hardcode_libdir_separator=: ;; osf4* | osf5*) # as osf3* with the addition of -msym flag if test yes = "$GCC"; then allow_undefined_flag=' $wl-expect_unresolved $wl\*' archive_cmds='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' else allow_undefined_flag=' -expect_unresolved \*' archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp' # Both c and cxx compiler support -rpath directly hardcode_libdir_flag_spec='-rpath $libdir' fi archive_cmds_need_lc='no' hardcode_libdir_separator=: ;; solaris*) no_undefined_flag=' -z defs' if test yes = "$GCC"; then wlarc='$wl' archive_cmds='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' else case `$CC -V 2>&1` in *"Compilers 5.0"*) wlarc='' archive_cmds='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' ;; *) wlarc='$wl' archive_cmds='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' ;; esac fi hardcode_libdir_flag_spec='-R$libdir' hardcode_shlibpath_var=no case $host_os in solaris2.[0-5] | solaris2.[0-5].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands '-z linker_flag'. GCC discards it without '$wl', # but is careful enough not to reorder. # Supported since Solaris 2.6 (maybe 2.5.1?) if test yes = "$GCC"; then whole_archive_flag_spec='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' else whole_archive_flag_spec='-z allextract$convenience -z defaultextract' fi ;; esac link_all_deplibs=yes ;; sunos4*) if test sequent = "$host_vendor"; then # Use $CC to link under sequent, because it throws in some extra .o # files that make .init and .fini sections work. archive_cmds='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' fi hardcode_libdir_flag_spec='-L$libdir' hardcode_direct=yes hardcode_minus_L=yes hardcode_shlibpath_var=no ;; sysv4) case $host_vendor in sni) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes # is this really true??? ;; siemens) ## LD is ld it makes a PLAMLIB ## CC just makes a GrossModule. archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags' reload_cmds='$CC -r -o $output$reload_objs' hardcode_direct=no ;; motorola) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=no #Motorola manual says yes, but my tests say they lie ;; esac runpath_var='LD_RUN_PATH' hardcode_shlibpath_var=no ;; sysv4.3*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_shlibpath_var=no export_dynamic_flag_spec='-Bexport' ;; sysv4*MP*) if test -d /usr/nec; then archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_shlibpath_var=no runpath_var=LD_RUN_PATH hardcode_runpath_var=yes ld_shlibs=yes fi ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) no_undefined_flag='$wl-z,text' archive_cmds_need_lc=no hardcode_shlibpath_var=no runpath_var='LD_RUN_PATH' if test yes = "$GCC"; then archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We CANNOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. no_undefined_flag='$wl-z,text' allow_undefined_flag='$wl-z,nodefs' archive_cmds_need_lc=no hardcode_shlibpath_var=no hardcode_libdir_flag_spec='$wl-R,$libdir' hardcode_libdir_separator=':' link_all_deplibs=yes export_dynamic_flag_spec='$wl-Bexport' runpath_var='LD_RUN_PATH' if test yes = "$GCC"; then archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; uts4*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec='-L$libdir' hardcode_shlibpath_var=no ;; *) ld_shlibs=no ;; esac if test sni = "$host_vendor"; then case $host in sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) export_dynamic_flag_spec='$wl-Blargedynsym' ;; esac fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 $as_echo "$ld_shlibs" >&6; } test no = "$ld_shlibs" && can_build_shared=no with_gnu_ld=$with_gnu_ld # # Do we need to explicitly link libc? # case "x$archive_cmds_need_lc" in x|xyes) # Assume -lc should be added archive_cmds_need_lc=yes if test yes,yes = "$GCC,$enable_shared"; then case $archive_cmds in *'~'*) # FIXME: we may have to deal with multi-command sequences. ;; '$CC '*) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 $as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } if ${lt_cv_archive_cmds_need_lc+:} false; then : $as_echo_n "(cached) " >&6 else $RM conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } 2>conftest.err; then soname=conftest lib=conftest libobjs=conftest.$ac_objext deplibs= wl=$lt_prog_compiler_wl pic_flag=$lt_prog_compiler_pic compiler_flags=-v linker_flags=-v verstring= output_objdir=. libname=conftest lt_save_allow_undefined_flag=$allow_undefined_flag allow_undefined_flag= if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5 (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then lt_cv_archive_cmds_need_lc=no else lt_cv_archive_cmds_need_lc=yes fi allow_undefined_flag=$lt_save_allow_undefined_flag else cat conftest.err 1>&5 fi $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5 $as_echo "$lt_cv_archive_cmds_need_lc" >&6; } archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc ;; esac fi ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 $as_echo_n "checking dynamic linker characteristics... " >&6; } if test yes = "$GCC"; then case $host_os in darwin*) lt_awk_arg='/^libraries:/,/LR/' ;; *) lt_awk_arg='/^libraries:/' ;; esac case $host_os in mingw* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;; *) lt_sed_strip_eq='s|=/|/|g' ;; esac lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` case $lt_search_path_spec in *\;*) # if the path contains ";" then we assume it to be the separator # otherwise default to the standard path separator (i.e. ":") - it is # assumed that no part of a normal pathname contains ";" but that should # okay in the real world where ";" in dirpaths is itself problematic. lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` ;; *) lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` ;; esac # Ok, now we have the path, separated by spaces, we can step through it # and add multilib dir if necessary... lt_tmp_lt_search_path_spec= lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` # ...but if some path component already ends with the multilib dir we assume # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer). case "$lt_multi_os_dir; $lt_search_path_spec " in "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*) lt_multi_os_dir= ;; esac for lt_sys_path in $lt_search_path_spec; do if test -d "$lt_sys_path$lt_multi_os_dir"; then lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir" elif test -n "$lt_multi_os_dir"; then test -d "$lt_sys_path" && \ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" fi done lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' BEGIN {RS = " "; FS = "/|\n";} { lt_foo = ""; lt_count = 0; for (lt_i = NF; lt_i > 0; lt_i--) { if ($lt_i != "" && $lt_i != ".") { if ($lt_i == "..") { lt_count++; } else { if (lt_count == 0) { lt_foo = "/" $lt_i lt_foo; } else { lt_count--; } } } } if (lt_foo != "") { lt_freq[lt_foo]++; } if (lt_freq[lt_foo] == 1) { print lt_foo; } }'` # AWK program above erroneously prepends '/' to C:/dos/paths # for these hosts. case $host_os in mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ $SED 's|/\([A-Za-z]:\)|\1|g'` ;; esac sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` else sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" fi library_names_spec= libname_spec='lib$name' soname_spec= shrext_cmds=.so postinstall_cmds= postuninstall_cmds= finish_cmds= finish_eval= shlibpath_var= shlibpath_overrides_runpath=unknown version_type=none dynamic_linker="$host_os ld.so" sys_lib_dlsearch_path_spec="/lib /usr/lib" need_lib_prefix=unknown hardcode_into_libs=no # when you set need_version to no, make sure it does not cause -set_version # flags to be left without arguments need_version=unknown case $host_os in aix3*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname$release$shared_ext$versuffix $libname.a' shlibpath_var=LIBPATH # AIX 3 has no versioning support, so we append a major version to the name. soname_spec='$libname$release$shared_ext$major' ;; aix[4-9]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no hardcode_into_libs=yes if test ia64 = "$host_cpu"; then # AIX 5 supports IA64 library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH else # With GCC up to 2.95.x, collect2 would create an import file # for dependence libraries. The import file would start with # the line '#! .'. This would cause the generated library to # depend on '.', always an invalid library. This was fixed in # development snapshots of GCC prior to 3.0. case $host_os in aix4 | aix4.[01] | aix4.[01].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then : else can_build_shared=no fi ;; esac # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. if test yes = "$aix_use_runtimelinking"; then # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' else # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. library_names_spec='$libname$release.a $libname.a' soname_spec='$libname$release$shared_ext$major' fi shlibpath_var=LIBPATH fi ;; amigaos*) case $host_cpu in powerpc) # Since July 2007 AmigaOS4 officially supports .so libraries. # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' ;; m68k) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; esac ;; beos*) library_names_spec='$libname$shared_ext' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH ;; bsdi[45]*) version_type=linux # correct to gnu/linux during the next big refactor need_version=no library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" # the default ld.so.conf also contains /usr/contrib/lib and # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow # libtool to hard-code these into programs ;; cygwin* | mingw* | pw32* | cegcc*) version_type=windows shrext_cmds=.dll need_version=no need_lib_prefix=no case $GCC,$cc_basename in yes,*) # gcc library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \$file`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ chmod a+x \$dldir/$dlname~ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; fi' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' shlibpath_overrides_runpath=yes case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api" ;; mingw* | cegcc*) # MinGW DLLs use traditional 'lib' prefix soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' ;; esac dynamic_linker='Win32 ld.exe' ;; *,cl*) # Native MSVC libname_spec='$name' soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' library_names_spec='$libname.dll.lib' case $build_os in mingw*) sys_lib_search_path_spec= lt_save_ifs=$IFS IFS=';' for lt_path in $LIB do IFS=$lt_save_ifs # Let DOS variable expansion print the short 8.3 style file name. lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" done IFS=$lt_save_ifs # Convert to MSYS style. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'` ;; cygwin*) # Convert to unix form, then to dos form, then back to unix form # but this time dos style (no spaces!) so that the unix form looks # like /cygdrive/c/PROGRA~1:/cygdr... sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` ;; *) sys_lib_search_path_spec=$LIB if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then # It is most probably a Windows format PATH. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` else sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` fi # FIXME: find the short name or the path components, as spaces are # common. (e.g. "Program Files" -> "PROGRA~1") ;; esac # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \$file`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' shlibpath_overrides_runpath=yes dynamic_linker='Win32 link.exe' ;; *) # Assume MSVC wrapper library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib' dynamic_linker='Win32 ld.exe' ;; esac # FIXME: first we should search . and the directory the executable is in shlibpath_var=PATH ;; darwin* | rhapsody*) dynamic_linker="$host_os dyld" version_type=darwin need_lib_prefix=no need_version=no library_names_spec='$libname$release$major$shared_ext $libname$shared_ext' soname_spec='$libname$release$major$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib" sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' ;; dgux*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH ;; freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. if test -x /usr/bin/objformat; then objformat=`/usr/bin/objformat` else case $host_os in freebsd[23].*) objformat=aout ;; *) objformat=elf ;; esac fi version_type=freebsd-$objformat case $version_type in freebsd-elf*) library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' need_version=no need_lib_prefix=no ;; freebsd-*) library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' need_version=yes ;; esac shlibpath_var=LD_LIBRARY_PATH case $host_os in freebsd2.*) shlibpath_overrides_runpath=yes ;; freebsd3.[01]* | freebsdelf3.[01]*) shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; *) # from 4.6 on, and DragonFly shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; esac ;; haiku*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no dynamic_linker="$host_os runtime_loader" library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' shlibpath_var=LIBRARY_PATH shlibpath_overrides_runpath=no sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' hardcode_into_libs=yes ;; hpux9* | hpux10* | hpux11*) # Give a soname corresponding to the major version so that dld.sl refuses to # link against other versions. version_type=sunos need_lib_prefix=no need_version=no case $host_cpu in ia64*) shrext_cmds='.so' hardcode_into_libs=yes dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' if test 32 = "$HPUX_IA64_MODE"; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" fi sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' hardcode_into_libs=yes dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; *) shrext_cmds='.sl' dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' ;; esac # HP-UX runs *really* slowly unless shared libraries are mode 555, ... postinstall_cmds='chmod 555 $lib' # or fails outright, so override atomically: install_override_mode=555 ;; interix[3-9]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; *) if test yes = "$lt_cv_prog_gnu_ld"; then version_type=linux # correct to gnu/linux during the next big refactor else version_type=irix fi ;; esac need_lib_prefix=no need_version=no soname_spec='$libname$release$shared_ext$major' library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext' case $host_os in irix5* | nonstopux*) libsuff= shlibsuff= ;; *) case $LD in # libtool.m4 will add one of these switches to LD *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= libmagic=32-bit;; *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 libmagic=N32;; *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 libmagic=64-bit;; *) libsuff= shlibsuff= libmagic=never-match;; esac ;; esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" hardcode_into_libs=yes ;; # No shared lib support for Linux oldld, aout, or coff. linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; linux*android*) version_type=none # Android doesn't support versioned libraries. need_lib_prefix=no need_version=no library_names_spec='$libname$release$shared_ext' soname_spec='$libname$release$shared_ext' finish_cmds= shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. hardcode_into_libs=yes dynamic_linker='Android linker' # Don't embed -rpath directories since the linker doesn't support them. hardcode_libdir_flag_spec='-L$libdir' ;; # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no # Some binutils ld are patched to set DT_RUNPATH if ${lt_cv_shlibpath_overrides_runpath+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_shlibpath_overrides_runpath=no save_LDFLAGS=$LDFLAGS save_libdir=$libdir eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \ LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\"" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then : lt_cv_shlibpath_overrides_runpath=yes fi fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$save_LDFLAGS libdir=$save_libdir fi shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. hardcode_into_libs=yes # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on # powerpc, because MkLinux only supported shared libraries with the # GNU dynamic linker. Since this was broken with cross compilers, # most powerpc-linux boxes support dynamic linking these days and # people can always --disable-shared, the test was removed, and we # assume the GNU/Linux dynamic linker is in use. dynamic_linker='GNU/Linux ld.so' ;; netbsd*) version_type=sunos need_lib_prefix=no need_version=no if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; newsos6) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; *nto* | *qnx*) version_type=qnx need_lib_prefix=no need_version=no library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='ldqnx.so' ;; openbsd* | bitrig*) version_type=sunos sys_lib_dlsearch_path_spec=/usr/lib need_lib_prefix=no if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then need_version=no else need_version=yes fi library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; os2*) libname_spec='$name' shrext_cmds=.dll need_lib_prefix=no library_names_spec='$libname$shared_ext $libname.a' dynamic_linker='OS/2 ld.exe' shlibpath_var=LIBPATH ;; osf3* | osf4* | osf5*) version_type=osf need_lib_prefix=no need_version=no soname_spec='$libname$release$shared_ext$major' library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; rdos*) dynamic_linker=no ;; solaris*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes # ldd complains unless libraries are executable postinstall_cmds='chmod +x $lib' ;; sunos4*) version_type=sunos library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes if test yes = "$with_gnu_ld"; then need_lib_prefix=no fi need_version=yes ;; sysv4 | sysv4.3*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH case $host_vendor in sni) shlibpath_overrides_runpath=no need_lib_prefix=no runpath_var=LD_RUN_PATH ;; siemens) need_lib_prefix=no ;; motorola) need_lib_prefix=no need_version=no shlibpath_overrides_runpath=no sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' ;; esac ;; sysv4*MP*) if test -d /usr/nec; then version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext' soname_spec='$libname$shared_ext.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) version_type=freebsd-elf need_lib_prefix=no need_version=no library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes if test yes = "$with_gnu_ld"; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' case $host_os in sco3.2v5*) sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" ;; esac fi sys_lib_dlsearch_path_spec='/usr/lib' ;; tpf*) # TPF is a cross-target only. Preferred cross-host = GNU/Linux. version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; uts4*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH ;; *) dynamic_linker=no ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 $as_echo "$dynamic_linker" >&6; } test no = "$dynamic_linker" && can_build_shared=no variables_saved_for_relink="PATH $shlibpath_var $runpath_var" if test yes = "$GCC"; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec fi if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 $as_echo_n "checking how to hardcode library paths into programs... " >&6; } hardcode_action= if test -n "$hardcode_libdir_flag_spec" || test -n "$runpath_var" || test yes = "$hardcode_automatic"; then # We can hardcode non-existent directories. if test no != "$hardcode_direct" && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, )" && test no != "$hardcode_minus_L"; then # Linking always hardcodes the temporary library directory. hardcode_action=relink else # We can link without hardcoding, and we can hardcode nonexisting dirs. hardcode_action=immediate fi else # We cannot hardcode anything, or else we can only hardcode existing # directories. hardcode_action=unsupported fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 $as_echo "$hardcode_action" >&6; } if test relink = "$hardcode_action" || test yes = "$inherit_rpath"; then # Fast installation is not supported enable_fast_install=no elif test yes = "$shlibpath_overrides_runpath" || test no = "$enable_shared"; then # Fast installation is not necessary enable_fast_install=needless fi if test yes != "$enable_dlopen"; then enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown else lt_cv_dlopen=no lt_cv_dlopen_libs= case $host_os in beos*) lt_cv_dlopen=load_add_on lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ;; mingw* | pw32* | cegcc*) lt_cv_dlopen=LoadLibrary lt_cv_dlopen_libs= ;; cygwin*) lt_cv_dlopen=dlopen lt_cv_dlopen_libs= ;; darwin*) # if libdl is installed we need to link against it { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } if ${ac_cv_lib_dl_dlopen+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dl_dlopen=yes else ac_cv_lib_dl_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = xyes; then : lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl else lt_cv_dlopen=dyld lt_cv_dlopen_libs= lt_cv_dlopen_self=yes fi ;; tpf*) # Don't try to run any link tests for TPF. We know it's impossible # because TPF is a cross-compiler, and we know how we open DSOs. lt_cv_dlopen=dlopen lt_cv_dlopen_libs= lt_cv_dlopen_self=no ;; *) ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" if test "x$ac_cv_func_shl_load" = xyes; then : lt_cv_dlopen=shl_load else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 $as_echo_n "checking for shl_load in -ldld... " >&6; } if ${ac_cv_lib_dld_shl_load+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char shl_load (); int main () { return shl_load (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dld_shl_load=yes else ac_cv_lib_dld_shl_load=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 $as_echo "$ac_cv_lib_dld_shl_load" >&6; } if test "x$ac_cv_lib_dld_shl_load" = xyes; then : lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld else ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" if test "x$ac_cv_func_dlopen" = xyes; then : lt_cv_dlopen=dlopen else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } if ${ac_cv_lib_dl_dlopen+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dl_dlopen=yes else ac_cv_lib_dl_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = xyes; then : lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 $as_echo_n "checking for dlopen in -lsvld... " >&6; } if ${ac_cv_lib_svld_dlopen+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsvld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_svld_dlopen=yes else ac_cv_lib_svld_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 $as_echo "$ac_cv_lib_svld_dlopen" >&6; } if test "x$ac_cv_lib_svld_dlopen" = xyes; then : lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 $as_echo_n "checking for dld_link in -ldld... " >&6; } if ${ac_cv_lib_dld_dld_link+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dld_link (); int main () { return dld_link (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dld_dld_link=yes else ac_cv_lib_dld_dld_link=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 $as_echo "$ac_cv_lib_dld_dld_link" >&6; } if test "x$ac_cv_lib_dld_dld_link" = xyes; then : lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld fi fi fi fi fi fi ;; esac if test no = "$lt_cv_dlopen"; then enable_dlopen=no else enable_dlopen=yes fi case $lt_cv_dlopen in dlopen) save_CPPFLAGS=$CPPFLAGS test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" save_LDFLAGS=$LDFLAGS wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" save_LIBS=$LIBS LIBS="$lt_cv_dlopen_libs $LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 $as_echo_n "checking whether a program can dlopen itself... " >&6; } if ${lt_cv_dlopen_self+:} false; then : $as_echo_n "(cached) " >&6 else if test yes = "$cross_compiling"; then : lt_cv_dlopen_self=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF #line $LINENO "configure" #include "confdefs.h" #if HAVE_DLFCN_H #include #endif #include #ifdef RTLD_GLOBAL # define LT_DLGLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LT_DLGLOBAL DL_GLOBAL # else # define LT_DLGLOBAL 0 # endif #endif /* We may have to define LT_DLLAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LT_DLLAZY_OR_NOW # ifdef RTLD_LAZY # define LT_DLLAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LT_DLLAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LT_DLLAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LT_DLLAZY_OR_NOW DL_NOW # else # define LT_DLLAZY_OR_NOW 0 # endif # endif # endif # endif #endif /* When -fvisbility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ #if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); #endif int fnord () { return 42; } int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; else { if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; else puts (dlerror ()); } /* dlclose (self); */ } else puts (dlerror ()); return status; } _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;; x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;; x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;; esac else : # compilation failed lt_cv_dlopen_self=no fi fi rm -fr conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 $as_echo "$lt_cv_dlopen_self" >&6; } if test yes = "$lt_cv_dlopen_self"; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 $as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; } if ${lt_cv_dlopen_self_static+:} false; then : $as_echo_n "(cached) " >&6 else if test yes = "$cross_compiling"; then : lt_cv_dlopen_self_static=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF #line $LINENO "configure" #include "confdefs.h" #if HAVE_DLFCN_H #include #endif #include #ifdef RTLD_GLOBAL # define LT_DLGLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LT_DLGLOBAL DL_GLOBAL # else # define LT_DLGLOBAL 0 # endif #endif /* We may have to define LT_DLLAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LT_DLLAZY_OR_NOW # ifdef RTLD_LAZY # define LT_DLLAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LT_DLLAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LT_DLLAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LT_DLLAZY_OR_NOW DL_NOW # else # define LT_DLLAZY_OR_NOW 0 # endif # endif # endif # endif #endif /* When -fvisbility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ #if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); #endif int fnord () { return 42; } int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; else { if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; else puts (dlerror ()); } /* dlclose (self); */ } else puts (dlerror ()); return status; } _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;; x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;; x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;; esac else : # compilation failed lt_cv_dlopen_self_static=no fi fi rm -fr conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 $as_echo "$lt_cv_dlopen_self_static" >&6; } fi CPPFLAGS=$save_CPPFLAGS LDFLAGS=$save_LDFLAGS LIBS=$save_LIBS ;; esac case $lt_cv_dlopen_self in yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; *) enable_dlopen_self=unknown ;; esac case $lt_cv_dlopen_self_static in yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; *) enable_dlopen_self_static=unknown ;; esac fi striplib= old_striplib= { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 $as_echo_n "checking whether stripping libraries is possible... " >&6; } if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" test -z "$striplib" && striplib="$STRIP --strip-unneeded" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else # FIXME - insert some real tests, host_os isn't really good enough case $host_os in darwin*) if test -n "$STRIP"; then striplib="$STRIP -x" old_striplib="$STRIP -S" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ;; esac fi # Report what library types will actually be built { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 $as_echo_n "checking if libtool supports shared libraries... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 $as_echo "$can_build_shared" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 $as_echo_n "checking whether to build shared libraries... " >&6; } test no = "$can_build_shared" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test yes = "$enable_shared" && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[4-9]*) if test ia64 != "$host_cpu" && test no = "$aix_use_runtimelinking"; then test yes = "$enable_shared" && enable_static=no fi ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 $as_echo "$enable_shared" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 $as_echo_n "checking whether to build static libraries... " >&6; } # Make sure either enable_shared or enable_static is yes. test yes = "$enable_shared" || enable_static=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 $as_echo "$enable_static" >&6; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu CC=$lt_save_CC ac_config_commands="$ac_config_commands libtool" # Only expand once: # Check whether --with-libtool was given. if test "${with_libtool+set}" = set; then : withval=$with_libtool; case $with_libtool in yes|builtin) ;; no) as_fn_error $? "\"--without-libtool not supported.\"" "$LINENO" 5 ;; system) LIBTOOL=libtool ;; *) LIBTOOL="$with_libtool" ;; esac fi if test "$enable_shared" = "no"; then with_noexec=no enable_dlopen=no lt_cv_dlopen=none lt_cv_dlopen_libs= ac_cv_func_dlopen=no LT_LDFLAGS=-static else eval _shrext="$shrext_cmds" # Darwin uses .dylib for libraries but .so for modules if test X"$_shrext" = X".dylib"; then SOEXT=".so" SHLIB_EXT=".dylib" else SOEXT="$_shrext" SHLIB_EXT="$_shrext" fi fi LIBDL="$lt_cv_dlopen_libs" { $as_echo "$as_me:${as_lineno-$LINENO}: checking path to sudo_noexec.so" >&5 $as_echo_n "checking path to sudo_noexec.so... " >&6; } # Check whether --with-noexec was given. if test "${with_noexec+set}" = set; then : withval=$with_noexec; case $with_noexec in yes) with_noexec="$libexecdir/sudo/sudo_noexec.so" ;; no) ;; *) ;; esac else with_noexec="$libexecdir/sudo/sudo_noexec.so" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_noexec" >&5 $as_echo "$with_noexec" >&6; } NOEXECFILE="sudo_noexec.so" NOEXECDIR="`echo $with_noexec|sed -e 's:^${\([^}]*\)}:$(\1):' -e 's:^\(.*\)/[^/]*:\1:'`" # Extract the first word of "uname", so it can be a program name with args. set dummy uname; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_UNAMEPROG+:} false; then : $as_echo_n "(cached) " >&6 else case $UNAMEPROG in [\\/]* | ?:[\\/]*) ac_cv_path_UNAMEPROG="$UNAMEPROG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_UNAMEPROG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_UNAMEPROG" && ac_cv_path_UNAMEPROG="uname" ;; esac fi UNAMEPROG=$ac_cv_path_UNAMEPROG if test -n "$UNAMEPROG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $UNAMEPROG" >&5 $as_echo "$UNAMEPROG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "tr", so it can be a program name with args. set dummy tr; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_TRPROG+:} false; then : $as_echo_n "(cached) " >&6 else case $TRPROG in [\\/]* | ?:[\\/]*) ac_cv_path_TRPROG="$TRPROG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_TRPROG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_TRPROG" && ac_cv_path_TRPROG="tr" ;; esac fi TRPROG=$ac_cv_path_TRPROG if test -n "$TRPROG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TRPROG" >&5 $as_echo "$TRPROG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "mandoc", so it can be a program name with args. set dummy mandoc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_MANDOCPROG+:} false; then : $as_echo_n "(cached) " >&6 else case $MANDOCPROG in [\\/]* | ?:[\\/]*) ac_cv_path_MANDOCPROG="$MANDOCPROG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_MANDOCPROG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_MANDOCPROG" && ac_cv_path_MANDOCPROG="mandoc" ;; esac fi MANDOCPROG=$ac_cv_path_MANDOCPROG if test -n "$MANDOCPROG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANDOCPROG" >&5 $as_echo "$MANDOCPROG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "$MANDOCPROG" != "mandoc"; then : ${MANTYPE='mdoc'} else # Extract the first word of "nroff", so it can be a program name with args. set dummy nroff; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_NROFFPROG+:} false; then : $as_echo_n "(cached) " >&6 else case $NROFFPROG in [\\/]* | ?:[\\/]*) ac_cv_path_NROFFPROG="$NROFFPROG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_NROFFPROG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi NROFFPROG=$ac_cv_path_NROFFPROG if test -n "$NROFFPROG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFFPROG" >&5 $as_echo "$NROFFPROG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test -n "$NROFFPROG"; then test -n "$MANTYPE" && sudo_cv_var_mantype="$MANTYPE" { $as_echo "$as_me:${as_lineno-$LINENO}: checking which macro set to use for manual pages" >&5 $as_echo_n "checking which macro set to use for manual pages... " >&6; } if ${sudo_cv_var_mantype+:} false; then : $as_echo_n "(cached) " >&6 else sudo_cv_var_mantype="man" echo ".Sh NAME" > conftest echo ".Nm sudo" >> conftest echo ".Nd sudo" >> conftest echo ".Sh DESCRIPTION" >> conftest echo "sudo" >> conftest if $NROFFPROG -mdoc conftest >/dev/null 2>&1; then sudo_cv_var_mantype="mdoc" fi rm -f conftest fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_mantype" >&5 $as_echo "$sudo_cv_var_mantype" >&6; } MANTYPE="$sudo_cv_var_mantype" else MANTYPE=cat MANDIRTYPE=cat mansrcdir='$(srcdir)' fi fi if test -n "$sudo_cv_prev_host"; then if test "$sudo_cv_prev_host" != "$host"; then as_fn_error $? "config.cache was created on a different host; remove it and re-run configure." "$LINENO" 5 else { $as_echo "$as_me:${as_lineno-$LINENO}: checking previous host type" >&5 $as_echo_n "checking previous host type... " >&6; } if ${sudo_cv_prev_host+:} false; then : $as_echo_n "(cached) " >&6 else sudo_cv_prev_host="$host" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_prev_host" >&5 $as_echo "$sudo_cv_prev_host" >&6; } fi else # this will produce no output since there is no cached value if ${sudo_cv_prev_host+:} false; then : $as_echo_n "(cached) " >&6 else sudo_cv_prev_host="$host" fi fi if test -n "$host_os"; then OS=`echo $host_os | sed 's/[0-9].*//'` OSREV=`echo $host_os | sed 's/^[^0-9\.]*\([0-9\.]*\).*$/\1/'` OSMAJOR=`echo $OSREV | sed 's/\..*$//'` else OS="unknown" OSREV=0 OSMAJOR=0 fi case "$host" in *-*-sunos4*) # LD_PRELOAD is space-delimited RTLD_PRELOAD_DELIM=" " # getcwd(3) opens a pipe to getpwd(1)!?! BROKEN_GETCWD=1 # system headers lack prototypes but gcc helps... if test -n "$GCC"; then OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__" fi shadow_funcs="getpwanam issecure" ;; *-*-solaris2*) # LD_PRELOAD is space-delimited RTLD_PRELOAD_DELIM=" " # Solaris-specific initialization OS_INIT=os_init_solaris SUDO_OBJS="${SUDO_OBJS} solaris.o" # To get the crypt(3) prototype (so we pass -Wall) OSDEFS="${OSDEFS} -D__EXTENSIONS__" # AFS support needs -lucb if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lucb" fi : ${mansectsu='1m'} : ${mansectform='4'} test -z "$with_pam" && AUTH_EXCL_DEF="PAM" for ac_func in priv_set do : ac_fn_c_check_func "$LINENO" "priv_set" "ac_cv_func_priv_set" if test "x$ac_cv_func_priv_set" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_PRIV_SET 1 _ACEOF PSMAN=1 fi done ;; *-*-aix*) # To get all prototypes (so we pass -Wall) OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT" SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp" # On AIX 6 and higher default to PAM, else default to LAM if test $OSMAJOR -ge 6; then if test X"$with_pam" = X""; then AUTH_EXCL_DEF="PAM" fi else if test X"$with_aixauth" = X""; then for ac_func in authenticate do : ac_fn_c_check_func "$LINENO" "authenticate" "ac_cv_func_authenticate" if test "x$ac_cv_func_authenticate" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_AUTHENTICATE 1 _ACEOF AUTH_EXCL_DEF="AIX_AUTH" fi done fi fi # AIX analog of nsswitch.conf, enabled by default # Check whether --with-netsvc was given. if test "${with_netsvc+set}" = set; then : withval=$with_netsvc; case $with_netsvc in no) ;; yes) with_netsvc="/etc/netsvc.conf" ;; *) ;; esac fi if test -z "$with_nsswitch" -a -z "$with_netsvc"; then with_netsvc="/etc/netsvc.conf" fi # LDR_PRELOAD is only supported in AIX 5.3 and later if test $OSMAJOR -lt 5; then with_noexec=no else RTLD_PRELOAD_VAR="LDR_PRELOAD" fi # AIX-specific functions for ac_func in getuserattr setauthdb setrlimit64 do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done COMMON_OBJS="${COMMON_OBJS} aix.lo" ;; *-*-hiuxmpp*) : ${mansectsu='1m'} : ${mansectform='4'} # HP-UX shared libs must be executable SHLIB_MODE=0755 ;; *-*-hpux*) # AFS support needs -lBSD if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lBSD" fi : ${mansectsu='1m'} : ${mansectform='4'} # HP-UX shared libs must be executable SHLIB_MODE=0755 # The HP bundled compiler cannot generate shared libs if test -z "$GCC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for HP bundled C compiler" >&5 $as_echo_n "checking for HP bundled C compiler... " >&6; } if ${sudo_cv_var_hpccbundled+:} false; then : $as_echo_n "(cached) " >&6 else if $CC -V 2>&1 | grep '^(Bundled)' >/dev/null 2>&1; then sudo_cv_var_hpccbundled=yes else sudo_cv_var_hpccbundled=no fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_hpccbundled" >&5 $as_echo "$sudo_cv_var_hpccbundled" >&6; } if test "$sudo_cv_var_hpccbundled" = "yes"; then as_fn_error $? "The HP bundled C compiler is unable to build Sudo, you must use gcc or the HP ANSI C compiler instead." "$LINENO" 5 fi fi # Build PA-RISC1.1 objects for better portability case "$host_cpu" in hppa[2-9]*) _CFLAGS="$CFLAGS" if test -n "$GCC"; then portable_flag="-march=1.1" else portable_flag="+DAportable" fi CFLAGS="$CFLAGS $portable_flag" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands $portable_flag" >&5 $as_echo_n "checking whether $CC understands $portable_flag... " >&6; } if ${sudo_cv_var_daportable+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : sudo_cv_var_daportable=yes else sudo_cv_var_daportable=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_daportable" >&5 $as_echo "$sudo_cv_var_daportable" >&6; } if test X"$sudo_cv_var_daportable" != X"yes"; then CFLAGS="$_CFLAGS" fi ;; esac case "$host_os" in hpux[1-8].*) $as_echo "#define BROKEN_SYSLOG 1" >>confdefs.h ;; hpux9.*) $as_echo "#define BROKEN_SYSLOG 1" >>confdefs.h shadow_funcs="getspwuid" # DCE support (requires ANSI C compiler) if test "$with_DCE" = "yes"; then # order of libs in 9.X is important. -lc_r must be last SUDOERS_LIBS="${SUDOERS_LIBS} -ldce -lM -lc_r" LIBS="${LIBS} -ldce -lM -lc_r" case "${CPPFLAGS}" in *"-D_REENTRANT"|*"-D_REENTRANT ") ;; *) if test X"${CPPFLAGS}" = X""; then CPPFLAGS="-D_REENTRANT" else CPPFLAGS="${CPPFLAGS} -D_REENTRANT" fi ;; esac case "${CPPFLAGS}" in *"-I/usr/include/reentrant"|*"-I/usr/include/reentrant ") ;; *) if test X"${CPPFLAGS}" = X""; then CPPFLAGS="-I/usr/include/reentrant" else CPPFLAGS="${CPPFLAGS} -I/usr/include/reentrant" fi ;; esac fi ;; hpux10.*) shadow_funcs="getprpwnam iscomsec" shadow_libs="-lsec" # HP-UX 10.20 libc has an incompatible getline ac_cv_func_getline="no" ;; *) shadow_funcs="getspnam iscomsec" shadow_libs="-lsec" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" ;; esac for ac_func in pstat_getproc do : ac_fn_c_check_func "$LINENO" "pstat_getproc" "ac_cv_func_pstat_getproc" if test "x$ac_cv_func_pstat_getproc" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_PSTAT_GETPROC 1 _ACEOF fi done ;; *-dec-osf*) # ignore envariables wrt dynamic lib path # XXX - sudo LDFLAGS instead? SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-no_library_replacement" : ${CHECKSIA='true'} { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable sia support on Digital UNIX" >&5 $as_echo_n "checking whether to disable sia support on Digital UNIX... " >&6; } # Check whether --enable-sia was given. if test "${enable_sia+set}" = set; then : enableval=$enable_sia; case "$enableval" in yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } CHECKSIA=true ;; no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } CHECKSIA=false ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-sia: $enableval" >&5 $as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-sia: $enableval" >&2;} ;; esac else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi shadow_funcs="getprpwnam dispcrypt" # OSF/1 4.x and higher need -ldb too if test $OSMAJOR -lt 4; then shadow_libs="-lsecurity -laud -lm" else shadow_libs="-lsecurity -ldb -laud -lm" fi # use SIA by default, if we have it test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA" # # Some versions of Digital Unix ship with a broken # copy of prot.h, which we need for shadow passwords. # XXX - make should remove this as part of distclean # { $as_echo "$as_me:${as_lineno-$LINENO}: checking for broken prot.h" >&5 $as_echo_n "checking for broken prot.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include int main () { exit(0); ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, fixing locally" >&5 $as_echo "yes, fixing locally" >&6; } sed 's:::g' < /usr/include/prot.h > prot.h fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext # ":DEFAULT" must be appended to _RLD_LIST RTLD_PRELOAD_VAR="_RLD_LIST" RTLD_PRELOAD_DEFAULT="DEFAULT" : ${mansectsu='8'} : ${mansectform='4'} ;; *-*-irix*) OSDEFS="${OSDEFS} -D_BSD_TYPES" if test -z "$NROFFPROG"; then if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then if test -d /usr/share/catman/local; then mandir="/usr/share/catman/local" else mandir="/usr/catman/local" fi fi # Compress cat pages with pack MANCOMPRESS='pack' MANCOMPRESSEXT='.z' else if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then if test -d "/usr/share/man/local"; then mandir="/usr/share/man/local" else mandir="/usr/man/local" fi fi fi # IRIX <= 4 needs -lsun if test "$OSMAJOR" -le 4; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpwnam in -lsun" >&5 $as_echo_n "checking for getpwnam in -lsun... " >&6; } if ${ac_cv_lib_sun_getpwnam+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsun $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char getpwnam (); int main () { return getpwnam (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_sun_getpwnam=yes else ac_cv_lib_sun_getpwnam=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_sun_getpwnam" >&5 $as_echo "$ac_cv_lib_sun_getpwnam" >&6; } if test "x$ac_cv_lib_sun_getpwnam" = xyes; then : LIBS="${LIBS} -lsun" fi fi # ":DEFAULT" must be appended to _RLD_LIST RTLD_PRELOAD_VAR="_RLD_LIST" RTLD_PRELOAD_DEFAULT="DEFAULT" : ${mansectsu='1m'} : ${mansectform='4'} ;; *-*-linux*|*-*-k*bsd*-gnu) OSDEFS="${OSDEFS} -D_GNU_SOURCE" # Some Linux versions need to link with -lshadow shadow_funcs="getspnam" shadow_libs_optional="-lshadow" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" ;; *-convex-bsd*) OSDEFS="${OSDEFS} -D_CONVEX_SOURCE" if test -z "$GCC"; then CFLAGS="${CFLAGS} -D__STDC__" fi shadow_defs="-D_AUDIT -D_ACL -DSecureWare" shadow_funcs="getprpwnam" shadow_libs="-lprot" ;; *-*-ultrix*) OS="ultrix" shadow_funcs="getauthuid" shadow_libs="-lauth" ;; *-*-riscos*) LIBS="${LIBS} -lsun -lbsd" case "${CPPFLAGS}" in *"-I/usr/include"|*"-I/usr/include ") ;; *) if test X"${CPPFLAGS}" = X""; then CPPFLAGS="-I/usr/include" else CPPFLAGS="${CPPFLAGS} -I/usr/include" fi ;; esac case "${CPPFLAGS}" in *"-I/usr/include/bsd"|*"-I/usr/include/bsd ") ;; *) if test X"${CPPFLAGS}" = X""; then CPPFLAGS="-I/usr/include/bsd" else CPPFLAGS="${CPPFLAGS} -I/usr/include/bsd" fi ;; esac OSDEFS="${OSDEFS} -D_MIPS" : ${mansectsu='1m'} : ${mansectform='4'} ;; *-*-isc*) OSDEFS="${OSDEFS} -D_ISC" LIB_CRYPT=1 SUDOERS_LIBS="${SUDOERS_LIBS} -lcrypt" shadow_funcs="getspnam" shadow_libs="-lsec" : ${mansectsu='1m'} : ${mansectform='4'} ;; *-*-sco*|*-sco-*) shadow_funcs="getprpwnam" shadow_libs="-lprot -lx" : ${mansectsu='1m'} : ${mansectform='4'} ;; m88k-motorola-sysv*) # motorolla's cc (a variant of gcc) does -O but not -O2 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'` : ${mansectsu='1m'} : ${mansectform='4'} ;; *-sequent-sysv*) shadow_funcs="getspnam" shadow_libs="-lsec" : ${mansectsu='1m'} : ${mansectform='4'} ;; *-ncr-sysv4*|*-ncr-sysvr4*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strcasecmp in -lc89" >&5 $as_echo_n "checking for strcasecmp in -lc89... " >&6; } if ${ac_cv_lib_c89_strcasecmp+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lc89 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char strcasecmp (); int main () { return strcasecmp (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_c89_strcasecmp=yes else ac_cv_lib_c89_strcasecmp=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c89_strcasecmp" >&5 $as_echo "$ac_cv_lib_c89_strcasecmp" >&6; } if test "x$ac_cv_lib_c89_strcasecmp" = xyes; then : LIBS="${LIBS} -lc89" fi : ${mansectsu='1m'} : ${mansectform='4'} ;; *-ccur-sysv4*|*-ccur-sysvr4*) LIBS="${LIBS} -lgen" : ${mansectsu='1m'} : ${mansectform='4'} ;; *-*-bsdi*) SKIP_SETREUID=yes # Check for newer BSD auth API if test -z "$with_bsdauth"; then for ac_func in auth_challenge do : ac_fn_c_check_func "$LINENO" "auth_challenge" "ac_cv_func_auth_challenge" if test "x$ac_cv_func_auth_challenge" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_AUTH_CHALLENGE 1 _ACEOF AUTH_EXCL_DEF="BSD_AUTH" fi done fi ;; *-*-freebsd*) # FreeBSD has a real setreuid(2) starting with 2.1 and # backported to 2.0.5. We just take 2.1 and above... case "$OSREV" in 0.*|1.*|2.0*) SKIP_SETREUID=yes ;; esac OSDEFS="${OSDEFS} -D_BSD_SOURCE" if test "${with_skey-'no'}" = "yes"; then SUDOERS_LIBS="${SUDOERS_LIBS} -lmd" fi CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='maybe'} ;; *-*-*openbsd*) # OpenBSD-specific initialization OS_INIT=os_init_openbsd SUDO_OBJS="${SUDO_OBJS} openbsd.o" # OpenBSD has a real setreuid(2) starting with 3.3 but # we will use setresuid(2) instead. SKIP_SETREUID=yes OSDEFS="${OSDEFS} -D_BSD_SOURCE" CHECKSHADOW="false" # OpenBSD >= 3.0 supports BSD auth if test -z "$with_bsdauth"; then if test "$OSMAJOR" -ge 3; then AUTH_EXCL_DEF="BSD_AUTH" fi fi : ${with_logincap='maybe'} ;; *-*-*netbsd*) # NetBSD has a real setreuid(2) starting with 1.3.2 case "$OSREV" in 0.9*|1.[012]*|1.3|1.3.1) SKIP_SETREUID=yes ;; esac CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='maybe'} ;; *-*-dragonfly*) OSDEFS="${OSDEFS} -D_BSD_SOURCE" if test "${with_skey-'no'}" = "yes"; then SUDOERS_LIBS="${SUDOERS_LIBS} -lmd" fi CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='yes'} ;; *-*-*bsd*) CHECKSHADOW="false" ;; *-*-darwin*) # Darwin has a real setreuid(2) starting with 9.0 if test $OSMAJOR -lt 9; then SKIP_SETREUID=yes fi CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='yes'} # Darwin has a broken poll() : ${enable_poll='no'} # Darwin 8 and above can interpose library symbols cleanly if test $OSMAJOR -ge 8; then $as_echo "#define HAVE___INTERPOSE 1" >>confdefs.h dlyld_interpose=yes else RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE" fi RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" ;; *-*-nextstep*) # lockf() on is broken on the NeXT -- use flock instead ac_cv_func_lockf=no ac_cv_func_flock=yes RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE" ;; *-*-*sysv4*) : ${mansectsu='1m'} : ${mansectform='4'} ;; *-*-sysv*) : ${mansectsu='1m'} : ${mansectform='4'} ;; *-gnu*) OSDEFS="${OSDEFS} -D_GNU_SOURCE" ;; esac if test -n "$with_noexec"; then cat >>confdefs.h <>confdefs.h <>confdefs.h <>confdefs.h <&5 $as_echo_n "checking whether $CC needs -traditional... " >&6; } if ${ac_cv_prog_gcc_traditional+:} false; then : $as_echo_n "(cached) " >&6 else ac_pattern="Autoconf.*'x'" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include Autoconf TIOCGETP _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "$ac_pattern" >/dev/null 2>&1; then : ac_cv_prog_gcc_traditional=yes else ac_cv_prog_gcc_traditional=no fi rm -f conftest* if test $ac_cv_prog_gcc_traditional = no; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include Autoconf TCGETA _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "$ac_pattern" >/dev/null 2>&1; then : ac_cv_prog_gcc_traditional=yes fi rm -f conftest* fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_gcc_traditional" >&5 $as_echo "$ac_cv_prog_gcc_traditional" >&6; } if test $ac_cv_prog_gcc_traditional = yes; then CC="$CC -traditional" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 $as_echo_n "checking for an ANSI C-conforming const... " >&6; } if ${ac_cv_c_const+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __cplusplus /* Ultrix mips cc rejects this sort of thing. */ typedef int charset[2]; const charset cs = { 0, 0 }; /* SunOS 4.1.1 cc rejects this. */ char const *const *pcpcc; char **ppc; /* NEC SVR4.0.2 mips cc rejects this. */ struct point {int x, y;}; static struct point const zero = {0,0}; /* AIX XL C 1.02.0.0 rejects this. It does not let you subtract one const X* pointer from another in an arm of an if-expression whose if-part is not a constant expression */ const char *g = "string"; pcpcc = &g + (g ? g-g : 0); /* HPUX 7.0 cc rejects these. */ ++pcpcc; ppc = (char**) pcpcc; pcpcc = (char const *const *) ppc; { /* SCO 3.2v4 cc rejects this sort of thing. */ char tx; char *t = &tx; char const *s = 0 ? (char *) 0 : (char const *) 0; *t++ = 0; if (s) return 0; } { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ int x[] = {25, 17}; const int *foo = &x[0]; ++foo; } { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ typedef const int *iptr; iptr p = 0; ++p; } { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ struct s { int j; const int *ap[3]; } bx; struct s *b = &bx; b->j = 5; } { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ const int foo = 10; if (!foo) return 0; } return !cs[0] && !zero.x; #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_const=yes else ac_cv_c_const=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 $as_echo "$ac_cv_c_const" >&6; } if test $ac_cv_c_const = no; then $as_echo "#define const /**/" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working volatile" >&5 $as_echo_n "checking for working volatile... " >&6; } if ${ac_cv_c_volatile+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { volatile int x; int * volatile y = (int *) 0; return !x && !y; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_volatile=yes else ac_cv_c_volatile=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_volatile" >&5 $as_echo "$ac_cv_c_volatile" >&6; } if test $ac_cv_c_volatile = no; then $as_echo "#define volatile /**/" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for variadic macro support in cpp" >&5 $as_echo_n "checking for variadic macro support in cpp... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default #if defined(__GNUC__) && __GNUC__ == 2 # define sudo_fprintf(fp, fmt...) fprintf((fp), (fmt)) #else # define sudo_fprintf(fp, ...) fprintf((fp), __VA_ARGS__) #endif int main () { sudo_fprintf(stderr, "a %s", "test"); ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "#define NO_VARIADIC_MACROS 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Your C preprocessor doesn't support variadic macros, debugging support will be limited" >&5 $as_echo "$as_me: WARNING: Your C preprocessor doesn't support variadic macros, debugging support will be limited" >&2;} fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext for ac_prog in 'bison -y' byacc do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_YACC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$YACC"; then ac_cv_prog_YACC="$YACC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_YACC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi YACC=$ac_cv_prog_YACC if test -n "$YACC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5 $as_echo "$YACC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$YACC" && break done test -n "$YACC" || YACC="yacc" # Extract the first word of "flex", so it can be a program name with args. set dummy flex; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_FLEX+:} false; then : $as_echo_n "(cached) " >&6 else case $FLEX in [\\/]* | ?:[\\/]*) ac_cv_path_FLEX="$FLEX" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_FLEX="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_FLEX" && ac_cv_path_FLEX="flex" ;; esac fi FLEX=$ac_cv_path_FLEX if test -n "$FLEX"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $FLEX" >&5 $as_echo "$FLEX" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for mv" >&5 $as_echo_n "checking for mv... " >&6; } found=no for p in "/usr/bin/mv" "/bin/mv" "/usr/ucb/mv" "/usr/sbin/mv"; do if test -f "$p"; then found=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $p" >&5 $as_echo "$p" >&6; } cat >>confdefs.h <&5 $as_echo "not found" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for bourne shell" >&5 $as_echo_n "checking for bourne shell... " >&6; } found=no for p in "/bin/sh" "/usr/bin/sh" "/sbin/sh" "/usr/sbin/sh" "/bin/ksh" "/usr/bin/ksh" "/bin/bash" "/usr/bin/bash"; do if test -f "$p"; then found=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $p" >&5 $as_echo "$p" >&6; } cat >>confdefs.h <&5 $as_echo "not found" >&6; } fi if test -z "$with_sendmail"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sendmail" >&5 $as_echo_n "checking for sendmail... " >&6; } found=no for p in "/usr/sbin/sendmail" "/usr/lib/sendmail" "/usr/etc/sendmail" "/usr/ucblib/sendmail" "/usr/local/lib/sendmail" "/usr/local/bin/sendmail"; do if test -f "$p"; then found=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $p" >&5 $as_echo "$p" >&6; } cat >>confdefs.h <&5 $as_echo "not found" >&6; } fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for vi" >&5 $as_echo_n "checking for vi... " >&6; } found=no for editor in "/usr/bin/vi" "/bin/vi" "/usr/ucb/vi" "/usr/bsd/vi" "/usr/local/bin/vi"; do if test -f "$editor"; then found=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $editor" >&5 $as_echo "$editor" >&6; } cat >>confdefs.h <&5 $as_echo "not found" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking which syslog facility sudo should log with" >&5 $as_echo_n "checking which syslog facility sudo should log with... " >&6; } if test X"$with_logfac" = X""; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int i = LOG_AUTHPRIV; (void)i; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : logfac=authpriv fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi cat >>confdefs.h <<_ACEOF #define LOGFAC "$logfac" _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: $logfac" >&5 $as_echo "$logfac" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if ${ac_cv_header_stdc+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdc=yes else ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : : else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then $as_echo "#define STDC_HEADERS 1" >>confdefs.h fi ac_header_dirent=no for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do as_ac_Header=`$as_echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh` { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5 $as_echo_n "checking for $ac_hdr that defines DIR... " >&6; } if eval \${$as_ac_Header+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include <$ac_hdr> int main () { if ((DIR *) 0) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$as_ac_Header=yes" else eval "$as_ac_Header=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$as_ac_Header { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_hdr" | $as_tr_cpp` 1 _ACEOF ac_header_dirent=$ac_hdr; break fi done # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. if test $ac_header_dirent = dirent.h; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 $as_echo_n "checking for library containing opendir... " >&6; } if ${ac_cv_search_opendir+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char opendir (); int main () { return opendir (); ; return 0; } _ACEOF for ac_lib in '' dir; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_opendir=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_opendir+:} false; then : break fi done if ${ac_cv_search_opendir+:} false; then : else ac_cv_search_opendir=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 $as_echo "$ac_cv_search_opendir" >&6; } ac_res=$ac_cv_search_opendir if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 $as_echo_n "checking for library containing opendir... " >&6; } if ${ac_cv_search_opendir+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char opendir (); int main () { return opendir (); ; return 0; } _ACEOF for ac_lib in '' x; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_opendir=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_opendir+:} false; then : break fi done if ${ac_cv_search_opendir+:} false; then : else ac_cv_search_opendir=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 $as_echo "$ac_cv_search_opendir" >&6; } ac_res=$ac_cv_search_opendir if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5 $as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; } if ${ac_cv_header_time+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include int main () { if ((struct tm *) 0) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_time=yes else ac_cv_header_time=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5 $as_echo "$ac_cv_header_time" >&6; } if test $ac_cv_header_time = yes; then $as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdbool.h that conforms to C99" >&5 $as_echo_n "checking for stdbool.h that conforms to C99... " >&6; } if ${ac_cv_header_stdbool_h+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #ifndef bool "error: bool is not defined" #endif #ifndef false "error: false is not defined" #endif #if false "error: false is not 0" #endif #ifndef true "error: true is not defined" #endif #if true != 1 "error: true is not 1" #endif #ifndef __bool_true_false_are_defined "error: __bool_true_false_are_defined is not defined" #endif struct s { _Bool s: 1; _Bool t; } s; char a[true == 1 ? 1 : -1]; char b[false == 0 ? 1 : -1]; char c[__bool_true_false_are_defined == 1 ? 1 : -1]; char d[(bool) 0.5 == true ? 1 : -1]; /* See body of main program for 'e'. */ char f[(_Bool) 0.0 == false ? 1 : -1]; char g[true]; char h[sizeof (_Bool)]; char i[sizeof s.t]; enum { j = false, k = true, l = false * true, m = true * 256 }; /* The following fails for HP aC++/ANSI C B3910B A.05.55 [Dec 04 2003]. */ _Bool n[m]; char o[sizeof n == m * sizeof n[0] ? 1 : -1]; char p[-1 - (_Bool) 0 < 0 && -1 - (bool) 0 < 0 ? 1 : -1]; /* Catch a bug in an HP-UX C compiler. See http://gcc.gnu.org/ml/gcc-patches/2003-12/msg02303.html http://lists.gnu.org/archive/html/bug-coreutils/2005-11/msg00161.html */ _Bool q = true; _Bool *pq = &q; int main () { bool e = &s; *pq |= q; *pq |= ! q; /* Refer to every declared value, to avoid compiler optimizations. */ return (!a + !b + !c + !d + !e + !f + !g + !h + !i + !!j + !k + !!l + !m + !n + !o + !p + !q + !pq); ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdbool_h=yes else ac_cv_header_stdbool_h=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdbool_h" >&5 $as_echo "$ac_cv_header_stdbool_h" >&6; } ac_fn_c_check_type "$LINENO" "_Bool" "ac_cv_type__Bool" "$ac_includes_default" if test "x$ac_cv_type__Bool" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE__BOOL 1 _ACEOF fi if test $ac_cv_header_stdbool_h = yes; then $as_echo "#define HAVE_STDBOOL_H 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether sys/types.h defines makedev" >&5 $as_echo_n "checking whether sys/types.h defines makedev... " >&6; } if ${ac_cv_header_sys_types_h_makedev+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { return makedev(0, 0); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_header_sys_types_h_makedev=yes else ac_cv_header_sys_types_h_makedev=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_sys_types_h_makedev" >&5 $as_echo "$ac_cv_header_sys_types_h_makedev" >&6; } if test $ac_cv_header_sys_types_h_makedev = no; then ac_fn_c_check_header_mongrel "$LINENO" "sys/mkdev.h" "ac_cv_header_sys_mkdev_h" "$ac_includes_default" if test "x$ac_cv_header_sys_mkdev_h" = xyes; then : $as_echo "#define MAJOR_IN_MKDEV 1" >>confdefs.h fi if test $ac_cv_header_sys_mkdev_h = no; then ac_fn_c_check_header_mongrel "$LINENO" "sys/sysmacros.h" "ac_cv_header_sys_sysmacros_h" "$ac_includes_default" if test "x$ac_cv_header_sys_sysmacros_h" = xyes; then : $as_echo "#define MAJOR_IN_SYSMACROS 1" >>confdefs.h fi fi fi for ac_header in malloc.h netgroup.h paths.h spawn.h utime.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in endian.h sys/endian.h machine/endian.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF break fi done for ac_header in procfs.h sys/procfs.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF ac_fn_c_check_member "$LINENO" "struct psinfo" "pr_ttydev" "ac_cv_member_struct_psinfo_pr_ttydev" "$ac_includes_default #ifdef HAVE_PROCFS_H #include #endif #ifdef HAVE_SYS_PROCFS_H #include #endif " if test "x$ac_cv_member_struct_psinfo_pr_ttydev" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_PSINFO_PR_TTYDEV 1 _ACEOF for ac_func in _ttyname_dev do : ac_fn_c_check_func "$LINENO" "_ttyname_dev" "ac_cv_func__ttyname_dev" if test "x$ac_cv_func__ttyname_dev" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE__TTYNAME_DEV 1 _ACEOF fi done fi break fi done # # Check for large file support. # # Check whether --enable-largefile was given. if test "${enable_largefile+set}" = set; then : enableval=$enable_largefile; fi if test "$enable_largefile" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 $as_echo_n "checking for special C compiler options needed for large files... " >&6; } if ${ac_cv_sys_largefile_CC+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_sys_largefile_CC=no if test "$GCC" != yes; then ac_save_CC=$CC while :; do # IRIX 6.2 and later do not support large files by default, # so use the C compiler's -n32 option if that helps. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : break fi rm -f core conftest.err conftest.$ac_objext CC="$CC -n32" if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_largefile_CC=' -n32'; break fi rm -f core conftest.err conftest.$ac_objext break done CC=$ac_save_CC rm -f conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 $as_echo "$ac_cv_sys_largefile_CC" >&6; } if test "$ac_cv_sys_largefile_CC" != no; then CC=$CC$ac_cv_sys_largefile_CC fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 $as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } if ${ac_cv_sys_file_offset_bits+:} false; then : $as_echo_n "(cached) " >&6 else while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_file_offset_bits=no; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _FILE_OFFSET_BITS 64 #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_file_offset_bits=64; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_sys_file_offset_bits=unknown break done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 $as_echo "$ac_cv_sys_file_offset_bits" >&6; } case $ac_cv_sys_file_offset_bits in #( no | unknown) ;; *) cat >>confdefs.h <<_ACEOF #define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits _ACEOF ;; esac rm -rf conftest* if test $ac_cv_sys_file_offset_bits = unknown; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 $as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } if ${ac_cv_sys_large_files+:} false; then : $as_echo_n "(cached) " >&6 else while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_large_files=no; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _LARGE_FILES 1 #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_large_files=1; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_sys_large_files=unknown break done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 $as_echo "$ac_cv_sys_large_files" >&6; } case $ac_cv_sys_large_files in #( no | unknown) ;; *) cat >>confdefs.h <<_ACEOF #define _LARGE_FILES $ac_cv_sys_large_files _ACEOF ;; esac rm -rf conftest* fi fi # # HP-UX may need to define _XOPEN_SOURCE_EXTENDED to expose MSG_WAITALL. # Also, HP-UX 11.23 has a broken sys/types.h when large files support # is enabled and _XOPEN_SOURCE_EXTENDED is not also defined. # The following test will define _XOPEN_SOURCE_EXTENDED in either case. # case "$host_os" in hpux*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether sys/socket.h needs _XOPEN_SOURCE_EXTENDED for MSG_WAITALL" >&5 $as_echo_n "checking whether sys/socket.h needs _XOPEN_SOURCE_EXTENDED for MSG_WAITALL... " >&6; } if ${sudo_cv_xopen_source_extended+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default # include int main () { int a = MSG_WAITALL; return a; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : sudo_cv_xopen_source_extended=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _XOPEN_SOURCE_EXTENDED $ac_includes_default # include int main () { int a = MSG_WAITALL; return a; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : sudo_cv_xopen_source_extended=yes else sudo_cv_xopen_source_extended=error fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_xopen_source_extended" >&5 $as_echo "$sudo_cv_xopen_source_extended" >&6; } if test "$sudo_cv_xopen_source_extended" = "yes"; then OSDEFS="${OSDEFS} -D_XOPEN_SOURCE_EXTENDED" cat >>confdefs.h <<\EOF #define _XOPEN_SOURCE_EXTENDED 1 EOF fi ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking POSIX termios" >&5 $as_echo_n "checking POSIX termios... " >&6; } if ${ac_cv_sys_posix_termios+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include int main () { /* SunOS 4.0.3 has termios.h but not the library calls. */ tcgetattr(0, 0); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_sys_posix_termios=yes else ac_cv_sys_posix_termios=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_posix_termios" >&5 $as_echo "$ac_cv_sys_posix_termios" >&6; } if test "$ac_cv_sys_posix_termios" != "yes"; then as_fn_error $? "Must have POSIX termios to build sudo" "$LINENO" 5 fi maildir=no if test X"$ac_cv_header_paths_h" = X"yes"; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default #include int main () { char *p = _PATH_MAILDIR; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : maildir=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test $maildir = no; then # Solaris has maillock.h which defines MAILDIR for ac_header in maillock.h do : ac_fn_c_check_header_mongrel "$LINENO" "maillock.h" "ac_cv_header_maillock_h" "$ac_includes_default" if test "x$ac_cv_header_maillock_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_MAILLOCK_H 1 _ACEOF cat >>confdefs.h <<\EOF #define _PATH_MAILDIR MAILDIR EOF maildir=yes fi done if test $maildir = no; then for d in /var/mail /var/spool/mail /usr/spool/mail; do if test -d "$d"; then maildir=yes cat >>confdefs.h <>confdefs.h <>confdefs.h <<_ACEOF #define HAVE_LOGIN_CAP_H 1 _ACEOF LOGINCAP_USAGE='[-c class] '; LCMAN=1 case "$OS" in freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" SUDOERS_LIBS="${SUDOERS_LIBS} -lutil" ;; esac fi done fi if test ${with_project-'no'} != "no"; then ac_fn_c_check_header_mongrel "$LINENO" "project.h" "ac_cv_header_project_h" "$ac_includes_default" if test "x$ac_cv_header_project_h" = xyes; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setproject in -lproject" >&5 $as_echo_n "checking for setproject in -lproject... " >&6; } if ${ac_cv_lib_project_setproject+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lproject $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char setproject (); int main () { return setproject (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_project_setproject=yes else ac_cv_lib_project_setproject=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_project_setproject" >&5 $as_echo "$ac_cv_lib_project_setproject" >&6; } if test "x$ac_cv_lib_project_setproject" = xyes; then : $as_echo "#define HAVE_PROJECT_H 1" >>confdefs.h SUDO_LIBS="${SUDO_LIBS} -lproject" fi fi fi case "${CPPFLAGS}" in *"-D__STDC_WANT_LIB_EXT1__=1"|*"-D__STDC_WANT_LIB_EXT1__=1 ") ;; *) if test X"${CPPFLAGS}" = X""; then CPPFLAGS="-D__STDC_WANT_LIB_EXT1__=1" else CPPFLAGS="${CPPFLAGS} -D__STDC_WANT_LIB_EXT1__=1" fi ;; esac ac_fn_c_check_type "$LINENO" "mode_t" "ac_cv_type_mode_t" "$ac_includes_default" if test "x$ac_cv_type_mode_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define mode_t int _ACEOF fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5 $as_echo_n "checking for uid_t in sys/types.h... " >&6; } if ${ac_cv_type_uid_t+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "uid_t" >/dev/null 2>&1; then : ac_cv_type_uid_t=yes else ac_cv_type_uid_t=no fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5 $as_echo "$ac_cv_type_uid_t" >&6; } if test $ac_cv_type_uid_t = no; then $as_echo "#define uid_t int" >>confdefs.h $as_echo "#define gid_t int" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "sig_atomic_t" "ac_cv_type_sig_atomic_t" "#include #include " if test "x$ac_cv_type_sig_atomic_t" = xyes; then : else $as_echo "#define sig_atomic_t int" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "sigaction_t" "ac_cv_type_sigaction_t" "#include #include " if test "x$ac_cv_type_sigaction_t" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SIGACTION_T 1 _ACEOF fi ac_fn_c_check_type "$LINENO" "struct timespec" "ac_cv_type_struct_timespec" "#include #ifdef TIME_WITH_SYS_TIME # include #endif #include " if test "x$ac_cv_type_struct_timespec" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_TIMESPEC 1 _ACEOF fi ac_fn_c_check_type "$LINENO" "struct in6_addr" "ac_cv_type_struct_in6_addr" "#include #include " if test "x$ac_cv_type_struct_in6_addr" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_IN6_ADDR 1 _ACEOF fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for unsigned long long int" >&5 $as_echo_n "checking for unsigned long long int... " >&6; } if ${ac_cv_type_unsigned_long_long_int+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_type_unsigned_long_long_int=yes if test "x${ac_cv_prog_cc_c99-no}" = xno; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* For now, do not test the preprocessor; as of 2007 there are too many implementations with broken preprocessors. Perhaps this can be revisited in 2012. In the meantime, code should not expect #if to work with literals wider than 32 bits. */ /* Test literals. */ long long int ll = 9223372036854775807ll; long long int nll = -9223372036854775807LL; unsigned long long int ull = 18446744073709551615ULL; /* Test constant expressions. */ typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll) ? 1 : -1)]; typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1 ? 1 : -1)]; int i = 63; int main () { /* Test availability of runtime routines for shift and division. */ long long int llmax = 9223372036854775807ll; unsigned long long int ullmax = 18446744073709551615ull; return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i) | (llmax / ll) | (llmax % ll) | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i) | (ullmax / ull) | (ullmax % ull)); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : else ac_cv_type_unsigned_long_long_int=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_unsigned_long_long_int" >&5 $as_echo "$ac_cv_type_unsigned_long_long_int" >&6; } if test $ac_cv_type_unsigned_long_long_int = yes; then $as_echo "#define HAVE_UNSIGNED_LONG_LONG_INT 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long long int" >&5 $as_echo_n "checking for long long int... " >&6; } if ${ac_cv_type_long_long_int+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_type_long_long_int=yes if test "x${ac_cv_prog_cc_c99-no}" = xno; then ac_cv_type_long_long_int=$ac_cv_type_unsigned_long_long_int if test $ac_cv_type_long_long_int = yes; then if test "$cross_compiling" = yes; then : : else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #ifndef LLONG_MAX # define HALF \ (1LL << (sizeof (long long int) * CHAR_BIT - 2)) # define LLONG_MAX (HALF - 1 + HALF) #endif int main () { long long int n = 1; int i; for (i = 0; ; i++) { long long int m = n << i; if (m >> i != n) return 1; if (LLONG_MAX / 2 < m) break; } return 0; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else ac_cv_type_long_long_int=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_long_int" >&5 $as_echo "$ac_cv_type_long_long_int" >&6; } if test $ac_cv_type_long_long_int = yes; then $as_echo "#define HAVE_LONG_LONG_INT 1" >>confdefs.h fi if test X"$ac_cv_type_long_long_int" != X"yes"; then as_fn_error $? "\"C compiler does not appear to support the long long int type\"" "$LINENO" 5 fi # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long int" >&5 $as_echo_n "checking size of long int... " >&6; } if ${ac_cv_sizeof_long_int+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long int))" "ac_cv_sizeof_long_int" "$ac_includes_default"; then : else if test "$ac_cv_type_long_int" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (long int) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_long_int=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_int" >&5 $as_echo "$ac_cv_sizeof_long_int" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_LONG_INT $ac_cv_sizeof_long_int _ACEOF ac_fn_c_check_type "$LINENO" "id_t" "ac_cv_type_id_t" "$ac_includes_default" if test "x$ac_cv_type_id_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define id_t unsigned int _ACEOF fi ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" if test "x$ac_cv_type_size_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define size_t unsigned int _ACEOF fi ac_fn_c_check_type "$LINENO" "ssize_t" "ac_cv_type_ssize_t" "$ac_includes_default" if test "x$ac_cv_type_ssize_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define ssize_t int _ACEOF fi ac_fn_c_check_type "$LINENO" "dev_t" "ac_cv_type_dev_t" "$ac_includes_default" if test "x$ac_cv_type_dev_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define dev_t int _ACEOF fi ac_fn_c_check_type "$LINENO" "ino_t" "ac_cv_type_ino_t" "$ac_includes_default" if test "x$ac_cv_type_ino_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define ino_t unsigned int _ACEOF fi ac_fn_c_check_type "$LINENO" "uint8_t" "ac_cv_type_uint8_t" "$ac_includes_default" if test "x$ac_cv_type_uint8_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define uint8_t unsigned char _ACEOF fi ac_fn_c_check_type "$LINENO" "uint32_t" "ac_cv_type_uint32_t" "$ac_includes_default" if test "x$ac_cv_type_uint32_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define uint32_t unsigned int _ACEOF fi ac_fn_c_check_type "$LINENO" "uint64_t" "ac_cv_type_uint64_t" "$ac_includes_default" if test "x$ac_cv_type_uint64_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define uint64_t unsigned long long _ACEOF fi ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" " $ac_includes_default #include " if test "x$ac_cv_type_socklen_t" = xyes; then : else $as_echo "#define socklen_t unsigned int" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "rsize_t" "ac_cv_type_rsize_t" "$ac_includes_default" if test "x$ac_cv_type_rsize_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define rsize_t size_t _ACEOF fi ac_fn_c_check_type "$LINENO" "errno_t" "ac_cv_type_errno_t" "$ac_includes_default" if test "x$ac_cv_type_errno_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define errno_t int _ACEOF fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking max length of uid_t" >&5 $as_echo_n "checking max length of uid_t... " >&6; } if ${sudo_cv_uid_t_len+:} false; then : $as_echo_n "(cached) " >&6 else rm -f conftestdata if test "$cross_compiling" = yes; then : sudo_cv_uid_t_len=10 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include #include main() { FILE *f; char b[1024]; uid_t u = (uid_t) -1; if ((f = fopen("conftestdata", "w")) == NULL) exit(1); (void) sprintf(b, "%lu", (unsigned long) u); (void) fprintf(f, "%d\n", strlen(b)); (void) fclose(f); exit(0); } _ACEOF if ac_fn_c_try_run "$LINENO"; then : sudo_cv_uid_t_len=`cat conftestdata` else sudo_cv_uid_t_len=10 fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi rm -f conftestdata { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_uid_t_len" >&5 $as_echo "$sudo_cv_uid_t_len" >&6; } cat >>confdefs.h <<_ACEOF #define MAX_UID_T_LEN $sudo_cv_uid_t_len _ACEOF ac_fn_c_check_member "$LINENO" "struct sockaddr" "sa_len" "ac_cv_member_struct_sockaddr_sa_len" " # include # include " if test "x$ac_cv_member_struct_sockaddr_sa_len" = xyes; then : $as_echo "#define HAVE_STRUCT_SOCKADDR_SA_LEN 1" >>confdefs.h fi ac_fn_c_check_member "$LINENO" "struct sockaddr_in" "sin_len" "ac_cv_member_struct_sockaddr_in_sin_len" " # include # include " if test "x$ac_cv_member_struct_sockaddr_in_sin_len" = xyes; then : $as_echo "#define HAVE_STRUCT_SOCKADDR_IN_SIN_LEN 1" >>confdefs.h fi _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $OSDEFS" if test $ac_cv_header_utmpx_h = "yes"; then ac_fn_c_check_member "$LINENO" "struct utmpx" "ut_id" "ac_cv_member_struct_utmpx_ut_id" " # include # include " if test "x$ac_cv_member_struct_utmpx_ut_id" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_UTMPX_UT_ID 1 _ACEOF fi ac_fn_c_check_member "$LINENO" "struct utmpx" "ut_pid" "ac_cv_member_struct_utmpx_ut_pid" " # include # include " if test "x$ac_cv_member_struct_utmpx_ut_pid" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_UTMPX_UT_PID 1 _ACEOF fi ac_fn_c_check_member "$LINENO" "struct utmpx" "ut_tv" "ac_cv_member_struct_utmpx_ut_tv" " # include # include " if test "x$ac_cv_member_struct_utmpx_ut_tv" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_UTMPX_UT_TV 1 _ACEOF fi ac_fn_c_check_member "$LINENO" "struct utmpx" "ut_type" "ac_cv_member_struct_utmpx_ut_type" " # include # include " if test "x$ac_cv_member_struct_utmpx_ut_type" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_UTMPX_UT_TYPE 1 _ACEOF fi ac_fn_c_check_member "$LINENO" "struct utmpx" "ut_exit.__e_termination" "ac_cv_member_struct_utmpx_ut_exit___e_termination" " # include # include " if test "x$ac_cv_member_struct_utmpx_ut_exit___e_termination" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_UTMPX_UT_EXIT___E_TERMINATION 1 _ACEOF $as_echo "#define HAVE_STRUCT_UTMPX_UT_EXIT 1" >>confdefs.h else ac_fn_c_check_member "$LINENO" "struct utmpx" "ut_exit.e_termination" "ac_cv_member_struct_utmpx_ut_exit_e_termination" " # include # include " if test "x$ac_cv_member_struct_utmpx_ut_exit_e_termination" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_UTMPX_UT_EXIT_E_TERMINATION 1 _ACEOF $as_echo "#define HAVE_STRUCT_UTMPX_UT_EXIT 1" >>confdefs.h fi fi else ac_fn_c_check_member "$LINENO" "struct utmp" "ut_id" "ac_cv_member_struct_utmp_ut_id" " # include # include " if test "x$ac_cv_member_struct_utmp_ut_id" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_UTMP_UT_ID 1 _ACEOF fi ac_fn_c_check_member "$LINENO" "struct utmp" "ut_pid" "ac_cv_member_struct_utmp_ut_pid" " # include # include " if test "x$ac_cv_member_struct_utmp_ut_pid" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_UTMP_UT_PID 1 _ACEOF fi ac_fn_c_check_member "$LINENO" "struct utmp" "ut_tv" "ac_cv_member_struct_utmp_ut_tv" " # include # include " if test "x$ac_cv_member_struct_utmp_ut_tv" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_UTMP_UT_TV 1 _ACEOF fi ac_fn_c_check_member "$LINENO" "struct utmp" "ut_type" "ac_cv_member_struct_utmp_ut_type" " # include # include " if test "x$ac_cv_member_struct_utmp_ut_type" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_UTMP_UT_TYPE 1 _ACEOF fi ac_fn_c_check_member "$LINENO" "struct utmp" "ut_user" "ac_cv_member_struct_utmp_ut_user" " # include # include " if test "x$ac_cv_member_struct_utmp_ut_user" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_UTMP_UT_USER 1 _ACEOF fi ac_fn_c_check_member "$LINENO" "struct utmp" "ut_exit.__e_termination" "ac_cv_member_struct_utmp_ut_exit___e_termination" " # include # include " if test "x$ac_cv_member_struct_utmp_ut_exit___e_termination" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_UTMP_UT_EXIT___E_TERMINATION 1 _ACEOF $as_echo "#define HAVE_STRUCT_UTMP_UT_EXIT 1" >>confdefs.h else ac_fn_c_check_member "$LINENO" "struct utmp" "ut_exit.e_termination" "ac_cv_member_struct_utmp_ut_exit_e_termination" " # include # include " if test "x$ac_cv_member_struct_utmp_ut_exit_e_termination" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_UTMP_UT_EXIT_E_TERMINATION 1 _ACEOF $as_echo "#define HAVE_STRUCT_UTMP_UT_EXIT 1" >>confdefs.h fi fi fi CFLAGS="$_CFLAGS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking type of array argument to getgroups" >&5 $as_echo_n "checking type of array argument to getgroups... " >&6; } if ${ac_cv_type_getgroups+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_type_getgroups=cross else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Thanks to Mike Rendell for this test. */ $ac_includes_default #define NGID 256 #undef MAX #define MAX(x, y) ((x) > (y) ? (x) : (y)) int main () { gid_t gidset[NGID]; int i, n; union { gid_t gval; long int lval; } val; val.lval = -1; for (i = 0; i < NGID; i++) gidset[i] = val.gval; n = getgroups (sizeof (gidset) / MAX (sizeof (int), sizeof (gid_t)) - 1, gidset); /* Exit non-zero if getgroups seems to require an array of ints. This happens when gid_t is short int but getgroups modifies an array of ints. */ return n > 0 && gidset[n] != val.gval; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_type_getgroups=gid_t else ac_cv_type_getgroups=int fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi if test $ac_cv_type_getgroups = cross; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "getgroups.*int.*gid_t" >/dev/null 2>&1; then : ac_cv_type_getgroups=gid_t else ac_cv_type_getgroups=int fi rm -f conftest* fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_getgroups" >&5 $as_echo "$ac_cv_type_getgroups" >&6; } cat >>confdefs.h <<_ACEOF #define GETGROUPS_T $ac_cv_type_getgroups _ACEOF ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" if test "x$ac_cv_type_size_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define size_t unsigned int _ACEOF fi ac_fn_c_check_func "$LINENO" "getgroups" "ac_cv_func_getgroups" if test "x$ac_cv_func_getgroups" = xyes; then : fi # If we don't yet have getgroups, see if it's in -lbsd. # This is reported to be necessary on an ITOS 3000WS running SEIUX 3.1. ac_save_LIBS=$LIBS if test $ac_cv_func_getgroups = no; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getgroups in -lbsd" >&5 $as_echo_n "checking for getgroups in -lbsd... " >&6; } if ${ac_cv_lib_bsd_getgroups+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lbsd $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char getgroups (); int main () { return getgroups (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_bsd_getgroups=yes else ac_cv_lib_bsd_getgroups=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsd_getgroups" >&5 $as_echo "$ac_cv_lib_bsd_getgroups" >&6; } if test "x$ac_cv_lib_bsd_getgroups" = xyes; then : GETGROUPS_LIB=-lbsd fi fi # Run the program to test the functionality of the system-supplied # getgroups function only if there is such a function. if test $ac_cv_func_getgroups = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working getgroups" >&5 $as_echo_n "checking for working getgroups... " >&6; } if ${ac_cv_func_getgroups_works+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_getgroups_works=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main () { /* On Ultrix 4.3, getgroups (0, 0) always fails. */ return getgroups (0, 0) == -1; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_getgroups_works=yes else ac_cv_func_getgroups_works=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getgroups_works" >&5 $as_echo "$ac_cv_func_getgroups_works" >&6; } else ac_cv_func_getgroups_works=no fi if test $ac_cv_func_getgroups_works = yes; then $as_echo "#define HAVE_GETGROUPS 1" >>confdefs.h fi LIBS=$ac_save_LIBS for ac_func in glob nl_langinfo regcomp setenv strftime strrchr strtoll \ sysconf tzset do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in getgrouplist do : ac_fn_c_check_func "$LINENO" "getgrouplist" "ac_cv_func_getgrouplist" if test "x$ac_cv_func_getgrouplist" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETGROUPLIST 1 _ACEOF else case "$host_os" in aix*) for ac_func in getgrset do : ac_fn_c_check_func "$LINENO" "getgrset" "ac_cv_func_getgrset" if test "x$ac_cv_func_getgrset" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETGRSET 1 _ACEOF fi done ;; *) ac_fn_c_check_func "$LINENO" "nss_search" "ac_cv_func_nss_search" if test "x$ac_cv_func_nss_search" = xyes; then : ac_fn_c_check_func "$LINENO" "_nss_XbyY_buf_alloc" "ac_cv_func__nss_XbyY_buf_alloc" if test "x$ac_cv_func__nss_XbyY_buf_alloc" = xyes; then : # Solaris ac_fn_c_check_func "$LINENO" "_nss_initf_group" "ac_cv_func__nss_initf_group" if test "x$ac_cv_func__nss_initf_group" = xyes; then : for ac_header in nss_dbdefs.h do : ac_fn_c_check_header_mongrel "$LINENO" "nss_dbdefs.h" "ac_cv_header_nss_dbdefs_h" "$ac_includes_default" if test "x$ac_cv_header_nss_dbdefs_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_NSS_DBDEFS_H 1 _ACEOF fi done $as_echo "#define HAVE_NSS_SEARCH 1" >>confdefs.h $as_echo "#define HAVE__NSS_XBYY_BUF_ALLOC 1" >>confdefs.h $as_echo "#define HAVE__NSS_INITF_GROUP 1" >>confdefs.h fi else # HP-UX ac_fn_c_check_func "$LINENO" "__nss_XbyY_buf_alloc" "ac_cv_func___nss_XbyY_buf_alloc" if test "x$ac_cv_func___nss_XbyY_buf_alloc" = xyes; then : ac_fn_c_check_func "$LINENO" "__nss_initf_group" "ac_cv_func___nss_initf_group" if test "x$ac_cv_func___nss_initf_group" = xyes; then : for ac_header in nss_dbdefs.h do : ac_fn_c_check_header_mongrel "$LINENO" "nss_dbdefs.h" "ac_cv_header_nss_dbdefs_h" "$ac_includes_default" if test "x$ac_cv_header_nss_dbdefs_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_NSS_DBDEFS_H 1 _ACEOF fi done $as_echo "#define HAVE_NSS_SEARCH 1" >>confdefs.h $as_echo "#define HAVE___NSS_XBYY_BUF_ALLOC 1" >>confdefs.h $as_echo "#define HAVE___NSS_INITF_GROUP 1" >>confdefs.h fi fi fi fi ;; esac case " $LIBOBJS " in *" getgrouplist.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS getgrouplist.$ac_objext" ;; esac fi done for ac_func in getline do : ac_fn_c_check_func "$LINENO" "getline" "ac_cv_func_getline" if test "x$ac_cv_func_getline" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETLINE 1 _ACEOF else case " $LIBOBJS " in *" getline.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS getline.$ac_objext" ;; esac for ac_func in fgetln do : ac_fn_c_check_func "$LINENO" "fgetln" "ac_cv_func_fgetln" if test "x$ac_cv_func_fgetln" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_FGETLN 1 _ACEOF fi done fi done if test "$enable_hardening" != "no"; then O_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" ac_fn_c_check_func "$LINENO" "__sprintf_chk" "ac_cv_func___sprintf_chk" if test "x$ac_cv_func___sprintf_chk" = xyes; then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { char buf[4]; (void)sprintf(buf, "%s", "foo"); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : OSDEFS="${OSDEFS} -D_FORTIFY_SOURCE=2" fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi CPPFLAGS="$O_CPPFLAGS" fi utmp_style=LEGACY for ac_func in getutxid getutid do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF utmp_style=POSIX; break fi done if test "$utmp_style" = "LEGACY"; then for ac_func in getttyent ttyslot do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF break fi done for ac_func in fseeko do : ac_fn_c_check_func "$LINENO" "fseeko" "ac_cv_func_fseeko" if test "x$ac_cv_func_fseeko" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_FSEEKO 1 _ACEOF fi done fi for ac_func in sysctl do : ac_fn_c_check_func "$LINENO" "sysctl" "ac_cv_func_sysctl" if test "x$ac_cv_func_sysctl" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SYSCTL 1 _ACEOF ac_fn_c_check_member "$LINENO" "struct kinfo_proc" "ki_tdev" "ac_cv_member_struct_kinfo_proc_ki_tdev" " # include # include # include " if test "x$ac_cv_member_struct_kinfo_proc_ki_tdev" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_KINFO_PROC_KI_TDEV 1 _ACEOF else ac_fn_c_check_member "$LINENO" "struct kinfo_proc2" "p_tdev" "ac_cv_member_struct_kinfo_proc2_p_tdev" " # include # include " if test "x$ac_cv_member_struct_kinfo_proc2_p_tdev" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_KINFO_PROC2_P_TDEV 1 _ACEOF else ac_fn_c_check_member "$LINENO" "struct kinfo_proc" "p_tdev" "ac_cv_member_struct_kinfo_proc_p_tdev" " # include # include " if test "x$ac_cv_member_struct_kinfo_proc_p_tdev" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_KINFO_PROC_P_TDEV 1 _ACEOF else ac_fn_c_check_member "$LINENO" "struct kinfo_proc" "kp_eproc.e_tdev" "ac_cv_member_struct_kinfo_proc_kp_eproc_e_tdev" " # include # include " if test "x$ac_cv_member_struct_kinfo_proc_kp_eproc_e_tdev" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_KINFO_PROC_KP_EPROC_E_TDEV 1 _ACEOF fi fi fi fi fi done for ac_func in openpty do : ac_fn_c_check_func "$LINENO" "openpty" "ac_cv_func_openpty" if test "x$ac_cv_func_openpty" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_OPENPTY 1 _ACEOF for ac_header in libutil.h util.h pty.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF break fi done else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openpty in -lutil" >&5 $as_echo_n "checking for openpty in -lutil... " >&6; } if ${ac_cv_lib_util_openpty+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lutil $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char openpty (); int main () { return openpty (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_util_openpty=yes else ac_cv_lib_util_openpty=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_util_openpty" >&5 $as_echo "$ac_cv_lib_util_openpty" >&6; } if test "x$ac_cv_lib_util_openpty" = xyes; then : for ac_header in libutil.h util.h pty.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF break fi done case "$SUDO_LIBS" in *-lutil*) ;; *) SUDO_LIBS="${SUDO_LIBS} -lutil";; esac $as_echo "#define HAVE_OPENPTY 1" >>confdefs.h else for ac_func in _getpty do : ac_fn_c_check_func "$LINENO" "_getpty" "ac_cv_func__getpty" if test "x$ac_cv_func__getpty" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE__GETPTY 1 _ACEOF else for ac_func in grantpt do : ac_fn_c_check_func "$LINENO" "grantpt" "ac_cv_func_grantpt" if test "x$ac_cv_func_grantpt" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GRANTPT 1 _ACEOF for ac_func in posix_openpt do : ac_fn_c_check_func "$LINENO" "posix_openpt" "ac_cv_func_posix_openpt" if test "x$ac_cv_func_posix_openpt" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_POSIX_OPENPT 1 _ACEOF fi done else for ac_func in revoke do : ac_fn_c_check_func "$LINENO" "revoke" "ac_cv_func_revoke" if test "x$ac_cv_func_revoke" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_REVOKE 1 _ACEOF fi done fi done fi done fi fi done for ac_func in unsetenv do : ac_fn_c_check_func "$LINENO" "unsetenv" "ac_cv_func_unsetenv" if test "x$ac_cv_func_unsetenv" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_UNSETENV 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether unsetenv returns void" >&5 $as_echo_n "checking whether unsetenv returns void... " >&6; } if ${sudo_cv_func_unsetenv_void+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : sudo_cv_func_unsetenv_void=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int unsetenv(); int main () { return unsetenv("FOO") != 0; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : sudo_cv_func_unsetenv_void=no else sudo_cv_func_unsetenv_void=yes fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_unsetenv_void" >&5 $as_echo "$sudo_cv_func_unsetenv_void" >&6; } if test $sudo_cv_func_unsetenv_void = yes; then $as_echo "#define UNSETENV_VOID 1" >>confdefs.h fi fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether putenv takes a const argument" >&5 $as_echo_n "checking whether putenv takes a const argument... " >&6; } if ${sudo_cv_func_putenv_const+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int putenv(const char *string) {return 0;} int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : sudo_cv_func_putenv_const=yes else sudo_cv_func_putenv_const=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_putenv_const" >&5 $as_echo "$sudo_cv_func_putenv_const" >&6; } if test $sudo_cv_func_putenv_const = yes; then $as_echo "#define PUTENV_CONST const" >>confdefs.h else $as_echo "#define PUTENV_CONST /**/" >>confdefs.h fi if test -z "$SKIP_SETRESUID"; then for ac_func in setresuid do : ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid" if test "x$ac_cv_func_setresuid" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SETRESUID 1 _ACEOF SKIP_SETREUID=yes for ac_func in getresuid do : ac_fn_c_check_func "$LINENO" "getresuid" "ac_cv_func_getresuid" if test "x$ac_cv_func_getresuid" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETRESUID 1 _ACEOF fi done fi done fi if test -z "$SKIP_SETREUID"; then for ac_func in setreuid do : ac_fn_c_check_func "$LINENO" "setreuid" "ac_cv_func_setreuid" if test "x$ac_cv_func_setreuid" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SETREUID 1 _ACEOF fi done fi for ac_func in seteuid do : ac_fn_c_check_func "$LINENO" "seteuid" "ac_cv_func_seteuid" if test "x$ac_cv_func_seteuid" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SETEUID 1 _ACEOF fi done if test X"$with_interfaces" != X"no"; then for ac_func in getifaddrs do : ac_fn_c_check_func "$LINENO" "getifaddrs" "ac_cv_func_getifaddrs" if test "x$ac_cv_func_getifaddrs" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETIFADDRS 1 _ACEOF for ac_func in freeifaddrs do : ac_fn_c_check_func "$LINENO" "freeifaddrs" "ac_cv_func_freeifaddrs" if test "x$ac_cv_func_freeifaddrs" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_FREEIFADDRS 1 _ACEOF fi done fi done fi if test -z "$BROKEN_GETCWD"; then ac_fn_c_check_func "$LINENO" "getcwd" "ac_cv_func_getcwd" if test "x$ac_cv_func_getcwd" = xyes; then : $as_echo "#define HAVE_GETCWD 1" >>confdefs.h else case " $LIBOBJS " in *" getcwd.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS getcwd.$ac_objext" ;; esac fi fi for ac_func in lockf flock do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF break fi done for ac_func in innetgr _innetgr do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF for ac_func in getdomainname do : ac_fn_c_check_func "$LINENO" "getdomainname" "ac_cv_func_getdomainname" if test "x$ac_cv_func_getdomainname" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETDOMAINNAME 1 _ACEOF fi done break fi done for ac_func in utimes do : ac_fn_c_check_func "$LINENO" "utimes" "ac_cv_func_utimes" if test "x$ac_cv_func_utimes" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_UTIMES 1 _ACEOF for ac_func in futimes futimesat do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF break fi done else for ac_func in futime do : ac_fn_c_check_func "$LINENO" "futime" "ac_cv_func_futime" if test "x$ac_cv_func_futime" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_FUTIME 1 _ACEOF fi done case " $LIBOBJS " in *" utimes.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS utimes.$ac_objext" ;; esac fi done for ac_func in killpg do : ac_fn_c_check_func "$LINENO" "killpg" "ac_cv_func_killpg" if test "x$ac_cv_func_killpg" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_KILLPG 1 _ACEOF else case " $LIBOBJS " in *" killpg.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS killpg.$ac_objext" ;; esac fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fnmatch with FNM_CASEFOLD" >&5 $as_echo_n "checking for working fnmatch with FNM_CASEFOLD... " >&6; } if ${sudo_cv_func_fnmatch+:} false; then : $as_echo_n "(cached) " >&6 else rm -f conftestdata; > conftestdata if test "$cross_compiling" = yes; then : sudo_cv_func_fnmatch=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include main() { exit(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", FNM_CASEFOLD)); } _ACEOF if ac_fn_c_try_run "$LINENO"; then : sudo_cv_func_fnmatch=yes else sudo_cv_func_fnmatch=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi rm -f core core.* *.core fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_fnmatch" >&5 $as_echo "$sudo_cv_func_fnmatch" >&6; } if test $sudo_cv_func_fnmatch = yes; then : $as_echo "#define HAVE_FNMATCH 1" >>confdefs.h else case " $LIBOBJS " in *" fnmatch.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS fnmatch.$ac_objext" ;; esac COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }fnm_test" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for isblank" >&5 $as_echo_n "checking for isblank... " >&6; } if ${sudo_cv_func_isblank+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { return (isblank('a')); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : sudo_cv_func_isblank=yes else sudo_cv_func_isblank=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_isblank" >&5 $as_echo "$sudo_cv_func_isblank" >&6; } if test "$sudo_cv_func_isblank" = "yes"; then $as_echo "#define HAVE_ISBLANK 1" >>confdefs.h else case " $LIBOBJS " in *" isblank.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS isblank.$ac_objext" ;; esac fi ac_fn_c_check_func "$LINENO" "memrchr" "ac_cv_func_memrchr" if test "x$ac_cv_func_memrchr" = xyes; then : $as_echo "#define HAVE_MEMRCHR 1" >>confdefs.h else case " $LIBOBJS " in *" memrchr.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS memrchr.$ac_objext" ;; esac fi ac_fn_c_check_func "$LINENO" "memset_s" "ac_cv_func_memset_s" if test "x$ac_cv_func_memset_s" = xyes; then : $as_echo "#define HAVE_MEMSET_S 1" >>confdefs.h else case " $LIBOBJS " in *" memset_s.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS memset_s.$ac_objext" ;; esac fi ac_fn_c_check_func "$LINENO" "pw_dup" "ac_cv_func_pw_dup" if test "x$ac_cv_func_pw_dup" = xyes; then : $as_echo "#define HAVE_PW_DUP 1" >>confdefs.h else case " $LIBOBJS " in *" pw_dup.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS pw_dup.$ac_objext" ;; esac fi ac_fn_c_check_func "$LINENO" "strlcpy" "ac_cv_func_strlcpy" if test "x$ac_cv_func_strlcpy" = xyes; then : $as_echo "#define HAVE_STRLCPY 1" >>confdefs.h else case " $LIBOBJS " in *" strlcpy.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS strlcpy.$ac_objext" ;; esac fi ac_fn_c_check_func "$LINENO" "strlcat" "ac_cv_func_strlcat" if test "x$ac_cv_func_strlcat" = xyes; then : $as_echo "#define HAVE_STRLCAT 1" >>confdefs.h else case " $LIBOBJS " in *" strlcat.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS strlcat.$ac_objext" ;; esac fi ac_fn_c_check_func "$LINENO" "strtonum" "ac_cv_func_strtonum" if test "x$ac_cv_func_strtonum" = xyes; then : $as_echo "#define HAVE_STRTONUM 1" >>confdefs.h else case " $LIBOBJS " in *" strtonum.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS strtonum.$ac_objext" ;; esac fi for ac_func in getopt_long do : ac_fn_c_check_func "$LINENO" "getopt_long" "ac_cv_func_getopt_long" if test "x$ac_cv_func_getopt_long" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETOPT_LONG 1 _ACEOF else case " $LIBOBJS " in *" getopt_long.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS getopt_long.$ac_objext" ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for optreset" >&5 $as_echo_n "checking for optreset... " >&6; } if ${sudo_cv_optreset+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { extern int optreset; optreset = 1; return optreset; ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : sudo_cv_optreset=yes else sudo_cv_optreset=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi if test "$sudo_cv_optreset" = "yes"; then $as_echo "#define HAVE_OPTRESET 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_optreset" >&5 $as_echo "$sudo_cv_optreset" >&6; } fi done for ac_func in closefrom do : ac_fn_c_check_func "$LINENO" "closefrom" "ac_cv_func_closefrom" if test "x$ac_cv_func_closefrom" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_CLOSEFROM 1 _ACEOF else case " $LIBOBJS " in *" closefrom.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS closefrom.$ac_objext" ;; esac ac_fn_c_check_decl "$LINENO" "F_CLOSEM" "ac_cv_have_decl_F_CLOSEM" " # include # include " if test "x$ac_cv_have_decl_F_CLOSEM" = xyes; then : $as_echo "#define HAVE_FCNTL_CLOSEM 1" >>confdefs.h fi fi done for ac_func in mkstemps mkdtemp do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF else for ac_func in random lrand48 do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF break fi done case " $LIBOBJS " in *" mktemp.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS mktemp.$ac_objext" ;; esac fi done for ac_func in snprintf vsnprintf do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working snprintf" >&5 $as_echo_n "checking for working snprintf... " >&6; } if ${ac_cv_have_working_snprintf+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_have_working_snprintf=cross else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main(void) { char bufs[5] = { 'x', 'x', 'x', '\0', '\0' }; char bufd[5] = { 'x', 'x', 'x', '\0', '\0' }; int i; i = snprintf (bufs, 2, "%s", "111"); if (strcmp (bufs, "1")) exit (1); if (i != 3) exit (1); i = snprintf (bufd, 2, "%d", 111); if (strcmp (bufd, "1")) exit (1); if (i != 3) exit (1); exit(0); } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_have_working_snprintf=yes else ac_cv_have_working_snprintf=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_working_snprintf" >&5 $as_echo "$ac_cv_have_working_snprintf" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working vsnprintf" >&5 $as_echo_n "checking for working vsnprintf... " >&6; } if ${ac_cv_have_working_vsnprintf+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_have_working_vsnprintf=cross else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int my_vsnprintf (char *buf, const char *tmpl, ...) { int i; va_list args; va_start (args, tmpl); i = vsnprintf (buf, 2, tmpl, args); va_end (args); return i; } int main(void) { char bufs[5] = { 'x', 'x', 'x', '\0', '\0' }; char bufd[5] = { 'x', 'x', 'x', '\0', '\0' }; int i; i = my_vsnprintf (bufs, "%s", "111"); if (strcmp (bufs, "1")) exit (1); if (i != 3) exit (1); i = my_vsnprintf (bufd, "%d", 111); if (strcmp (bufd, "1")) exit (1); if (i != 3) exit (1); exit(0); } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_have_working_vsnprintf=yes else ac_cv_have_working_vsnprintf=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_working_vsnprintf" >&5 $as_echo "$ac_cv_have_working_vsnprintf" >&6; } if test x$ac_cv_have_working_snprintf$ac_cv_have_working_vsnprintf != "xyesyes"; then case " $LIBOBJS " in *" snprintf.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS snprintf.$ac_objext" ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Replacing missing/broken (v)snprintf() with sudo's version." >&5 $as_echo "$as_me: WARNING: Replacing missing/broken (v)snprintf() with sudo's version." >&2;} $as_echo "#define PREFER_PORTABLE_SNPRINTF 1" >>confdefs.h fi for ac_func in asprintf vasprintf do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done if test X"$ac_cv_have_working_snprintf$ac_cv_have_working_vsnprintf" = X"yesyes"; then # Don't add snprintf to LIBOBJS if it is already present. if test X"$ac_cv_func_asprintf$ac_cv_func_vasprintf" != X"yesyes"; then case " $LIBOBJS " in *" snprintf.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS snprintf.$ac_objext" ;; esac fi fi # We wrap OpenBSD's strtonum() to get translatable error strings. for ac_func in strtonum do : ac_fn_c_check_func "$LINENO" "strtonum" "ac_cv_func_strtonum" if test "x$ac_cv_func_strtonum" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRTONUM 1 _ACEOF fi done case " $LIBOBJS " in *" strtonum.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS strtonum.$ac_objext" ;; esac if test X"$ac_cv_type_struct_timespec" != X"no"; then ac_fn_c_check_member "$LINENO" "struct stat" "st_mtim" "ac_cv_member_struct_stat_st_mtim" "$ac_includes_default" if test "x$ac_cv_member_struct_stat_st_mtim" = xyes; then : $as_echo "#define HAVE_ST_MTIM 1" >>confdefs.h ac_fn_c_check_member "$LINENO" "struct stat" "st_mtim.st__tim" "ac_cv_member_struct_stat_st_mtim_st__tim" "$ac_includes_default" if test "x$ac_cv_member_struct_stat_st_mtim_st__tim" = xyes; then : $as_echo "#define HAVE_ST__TIM 1" >>confdefs.h fi else ac_fn_c_check_member "$LINENO" "struct stat" "st_mtimespec" "ac_cv_member_struct_stat_st_mtimespec" "$ac_includes_default" if test "x$ac_cv_member_struct_stat_st_mtimespec" = xyes; then : $as_echo "#define HAVE_ST_MTIMESPEC 1" >>confdefs.h fi fi fi if test X"$with_noexec" != X"no"; then # Check for underscore versions of standard exec functions # unless we are using dyld symbole interposition if test X"$dlyld_interpose" != X"yes"; then for ac_func in _execl __execl do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in _execle __execle do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in _execlp __execlp do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in _execv __execv do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in _execve __execve do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in _execvp __execvp do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done fi # Check for non-standard exec functions including underscore versions for ac_func in exect do : ac_fn_c_check_func "$LINENO" "exect" "ac_cv_func_exect" if test "x$ac_cv_func_exect" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_EXECT 1 _ACEOF if test X"$dlyld_interpose" != X"yes"; then for ac_func in _exect __exect do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done fi fi done for ac_func in execvP do : ac_fn_c_check_func "$LINENO" "execvP" "ac_cv_func_execvP" if test "x$ac_cv_func_execvP" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_EXECVP 1 _ACEOF if test X"$dlyld_interpose" != X"yes"; then for ac_func in _execvP __execvP do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done fi fi done for ac_func in execvpe do : ac_fn_c_check_func "$LINENO" "execvpe" "ac_cv_func_execvpe" if test "x$ac_cv_func_execvpe" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_EXECVPE 1 _ACEOF if test X"$dlyld_interpose" != X"yes"; then for ac_func in _execvpe __execvpe do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done fi fi done for ac_func in fexecve do : ac_fn_c_check_func "$LINENO" "fexecve" "ac_cv_func_fexecve" if test "x$ac_cv_func_fexecve" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_FEXECVE 1 _ACEOF if test X"$dlyld_interpose" != X"yes"; then for ac_func in _fexecve __fexecve do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done fi fi done # Check for posix_spawn, posix_spawnp and any underscore versions for ac_func in posix_spawn do : ac_fn_c_check_func "$LINENO" "posix_spawn" "ac_cv_func_posix_spawn" if test "x$ac_cv_func_posix_spawn" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_POSIX_SPAWN 1 _ACEOF if test X"$dlyld_interpose" != X"yes"; then for ac_func in _posix_spawn __posix_spawn do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done fi fi done for ac_func in posix_spawnp do : ac_fn_c_check_func "$LINENO" "posix_spawnp" "ac_cv_func_posix_spawnp" if test "x$ac_cv_func_posix_spawnp" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_POSIX_SPAWNP 1 _ACEOF if test X"$dlyld_interpose" != X"yes"; then for ac_func in _posix_spawnp __posix_spawnp do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done fi fi done fi cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include <$ac_header_dirent> int main () { DIR *d; (void)dirfd(d); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : $as_echo "#define HAVE_DIRFD 1" >>confdefs.h else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include <$ac_header_dirent> int main () { DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : $as_echo "#define HAVE_DD_FD 1" >>confdefs.h fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext ac_fn_c_check_member "$LINENO" "struct dirent" "d_type" "ac_cv_member_struct_dirent_d_type" " $ac_includes_default #include <$ac_header_dirent> " if test "x$ac_cv_member_struct_dirent_d_type" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_DIRENT_D_TYPE 1 _ACEOF fi ac_fn_c_check_func "$LINENO" "socket" "ac_cv_func_socket" if test "x$ac_cv_func_socket" = xyes; then : else for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do _libs= for lib in $libs; do case "$NET_LIBS" in *"$lib"*) ;; *) _libs="$_libs $lib";; esac done libs="${_libs# }" test -z "$libs" && continue lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" extralibs="`echo \"$libs\"|sed 's/^-l[^ ]*//'`" _sudo_check_lib_extras=`echo "$extralibs"|sed -e 's/ *//g' -e 's/-l/_/g'` { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -l$lib${5+ }$extralibs" >&5 $as_echo_n "checking for socket in -l$lib${5+ }$extralibs... " >&6; } if { as_var=sudo_cv_lib_$lib''_socket$_sudo_check_lib_extras; eval \${$as_var+:} false; }; then : $as_echo_n "(cached) " >&6 else SUDO_CHECK_LIB_OLIBS="$LIBS" LIBS="$LIBS -l$lib${5+ }$extralibs" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char socket (); int main () { return socket (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : eval sudo_cv_lib_$lib''_socket$_sudo_check_lib_extras=yes else eval sudo_cv_lib_$lib''_socket$_sudo_check_lib_extras=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$SUDO_CHECK_LIB_OLIBS" fi if eval test \$sudo_cv_lib_$lib''_socket$_sudo_check_lib_extras = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi done fi ac_fn_c_check_func "$LINENO" "inet_addr" "ac_cv_func_inet_addr" if test "x$ac_cv_func_inet_addr" = xyes; then : else ac_fn_c_check_func "$LINENO" "__inet_addr" "ac_cv_func___inet_addr" if test "x$ac_cv_func___inet_addr" = xyes; then : else for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do _libs= for lib in $libs; do case "$NET_LIBS" in *"$lib"*) ;; *) _libs="$_libs $lib";; esac done libs="${_libs# }" test -z "$libs" && continue lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" extralibs="`echo \"$libs\"|sed 's/^-l[^ ]*//'`" _sudo_check_lib_extras=`echo "$extralibs"|sed -e 's/ *//g' -e 's/-l/_/g'` { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_addr in -l$lib${5+ }$extralibs" >&5 $as_echo_n "checking for inet_addr in -l$lib${5+ }$extralibs... " >&6; } if { as_var=sudo_cv_lib_$lib''_inet_addr$_sudo_check_lib_extras; eval \${$as_var+:} false; }; then : $as_echo_n "(cached) " >&6 else SUDO_CHECK_LIB_OLIBS="$LIBS" LIBS="$LIBS -l$lib${5+ }$extralibs" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char inet_addr (); int main () { return inet_addr (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : eval sudo_cv_lib_$lib''_inet_addr$_sudo_check_lib_extras=yes else eval sudo_cv_lib_$lib''_inet_addr$_sudo_check_lib_extras=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$SUDO_CHECK_LIB_OLIBS" fi if eval test \$sudo_cv_lib_$lib''_inet_addr$_sudo_check_lib_extras = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi done fi fi ac_fn_c_check_func "$LINENO" "syslog" "ac_cv_func_syslog" if test "x$ac_cv_func_syslog" = xyes; then : else for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do _libs= for lib in $libs; do case "$NET_LIBS" in *"$lib"*) ;; *) _libs="$_libs $lib";; esac done libs="${_libs# }" test -z "$libs" && continue lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" extralibs="`echo \"$libs\"|sed 's/^-l[^ ]*//'`" _sudo_check_lib_extras=`echo "$extralibs"|sed -e 's/ *//g' -e 's/-l/_/g'` { $as_echo "$as_me:${as_lineno-$LINENO}: checking for syslog in -l$lib${5+ }$extralibs" >&5 $as_echo_n "checking for syslog in -l$lib${5+ }$extralibs... " >&6; } if { as_var=sudo_cv_lib_$lib''_syslog$_sudo_check_lib_extras; eval \${$as_var+:} false; }; then : $as_echo_n "(cached) " >&6 else SUDO_CHECK_LIB_OLIBS="$LIBS" LIBS="$LIBS -l$lib${5+ }$extralibs" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char syslog (); int main () { return syslog (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : eval sudo_cv_lib_$lib''_syslog$_sudo_check_lib_extras=yes else eval sudo_cv_lib_$lib''_syslog$_sudo_check_lib_extras=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$SUDO_CHECK_LIB_OLIBS" fi if eval test \$sudo_cv_lib_$lib''_syslog$_sudo_check_lib_extras = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi done fi # # Check for getaddrinfo and add any required libs to NET_LIBS # OLIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getaddrinfo" >&5 $as_echo_n "checking for getaddrinfo... " >&6; } if ${ax_cv_func_getaddrinfo+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include int main() { return getaddrinfo(0, 0, 0, 0); } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ax_cv_func_getaddrinfo=yes else ax_cv_func_getaddrinfo=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_func_getaddrinfo" >&5 $as_echo "$ax_cv_func_getaddrinfo" >&6; } if test X"$ax_cv_func_getaddrinfo" = X"yes"; then $as_echo "#define HAVE_GETADDRINFO 1" >>confdefs.h else # Not found in libc, check libsocket and libinet _found=no for _libs in "-lsocket" "-linet" "-lsocket -lnsl"; do _cv="ax_cv_lib_getaddrinfo`echo \"$_libs\"|sed -e 's/-l/_/g' -e 's/ *//g'`" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getaddrinfo in $_libs" >&5 $as_echo_n "checking for getaddrinfo in $_libs... " >&6; } if eval \${$_cv+:} false; then : $as_echo_n "(cached) " >&6 else _nlibs= for _l in $_libs; do case "$LIBS" in *"$_l"*) ;; *) _nlibs="$_nlibs $_l";; esac done _libs="${_nlibs# }" if test -z "$_libs"; then # No new libs to check eval $_cv=no else AX_FUNC_GETADDRINFO_OLIBS="$LIBS" LIBS="$LIBS $_libs" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include int main() { return getaddrinfo(0, 0, 0, 0); } _ACEOF if ac_fn_c_try_link "$LINENO"; then : eval $_cv=yes else eval $_cv=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$AX_FUNC_GETADDRINFO_OLIBS" fi fi if eval test \$$_cv = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define HAVE_GETADDRINFO 1" >>confdefs.h test -n "$_libs" && LIBS="$LIBS $_libs" break fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } done if eval test \$$_cv != "yes"; then case " $LIBOBJS " in *" getaddrinfo.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS getaddrinfo.$ac_objext" ;; esac fi fi for lib in $LIBS; do case "$OLIBS" in *"$lib"*) ;; *) NET_LIBS="$NET_LIBS $lib";; esac done for ac_func in getprogname do : ac_fn_c_check_func "$LINENO" "getprogname" "ac_cv_func_getprogname" if test "x$ac_cv_func_getprogname" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETPROGNAME 1 _ACEOF else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __progname" >&5 $as_echo_n "checking for __progname... " >&6; } if ${sudo_cv___progname+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { extern char *__progname; (void)puts(__progname); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : sudo_cv___progname=yes else sudo_cv___progname=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi if test "$sudo_cv___progname" = "yes"; then $as_echo "#define HAVE___PROGNAME 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv___progname" >&5 $as_echo "$sudo_cv___progname" >&6; } fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __func__" >&5 $as_echo_n "checking for __func__... " >&6; } if ${sudo_cv___func__+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { (void)puts(__func__); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : sudo_cv___func__=yes else sudo_cv___func__=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv___func__" >&5 $as_echo "$sudo_cv___func__" >&6; } if test "$sudo_cv___func__" = "yes"; then $as_echo "#define HAVE___FUNC__ 1" >>confdefs.h elif test -n "$GCC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __FUNCTION__" >&5 $as_echo_n "checking for __FUNCTION__... " >&6; } if ${sudo_cv___FUNCTION__+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { (void)puts(__FUNCTION__); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : sudo_cv___FUNCTION__=yes else sudo_cv___FUNCTION__=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv___FUNCTION__" >&5 $as_echo "$sudo_cv___FUNCTION__" >&6; } if test "$sudo_cv___FUNCTION__" = "yes"; then $as_echo "#define HAVE___FUNC__ 1" >>confdefs.h $as_echo "#define __func__ __FUNCTION__" >>confdefs.h fi fi # gettext() and friends may be located in libc (Linux and Solaris) # or in libintl. However, it is possible to have libintl installed # even when gettext() is present in libc. In the case of GNU libintl, # gettext() will be defined to gettext_libintl in libintl.h. # Since gcc prefers /usr/local/include to /usr/include, we need to # make sure we use the gettext() that matches the include file. if test "$enable_nls" != "no"; then if test "$enable_nls" != "yes"; then case "${CPPFLAGS}" in *"-I${enable_nls}/include"|*"-I${enable_nls}/include ") ;; *) if test X"${CPPFLAGS}" = X""; then CPPFLAGS="-I${enable_nls}/include" else CPPFLAGS="${CPPFLAGS} -I${enable_nls}/include" fi ;; esac case "${LDFLAGS}" in *"-L$enable_nls/lib"|*"-L$enable_nls/lib ") ;; *) LDFLAGS="${LDFLAGS} -L$enable_nls/lib" if test X"$enable_rpath" = X"yes"; then LDFLAGS_R="${LDFLAGS_R} -R$enable_nls/lib" fi ;; esac fi OLIBS="$LIBS" for l in "libc" "-lintl" "-lintl -liconv"; do if test "$l" = "libc"; then # If user specified a dir for libintl ignore libc if test "$enable_nls" != "yes"; then continue fi gettext_name=sudo_cv_gettext { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gettext" >&5 $as_echo_n "checking for gettext... " >&6; } else LIBS="$OLIBS $l" gettext_name=sudo_cv_gettext"`echo $l|sed -e 's/ //g' -e 's/-/_/g'`" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gettext in $l" >&5 $as_echo_n "checking for gettext in $l... " >&6; } fi if eval \${$gettext_name+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { (void)gettext((char *)0); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : eval $gettext_name=yes else eval $gettext_name=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi eval gettext_result="\$$gettext_name" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gettext_result" >&5 $as_echo "$gettext_result" >&6; } if test "$gettext_result" = "yes"; then for ac_func in ngettext do : ac_fn_c_check_func "$LINENO" "ngettext" "ac_cv_func_ngettext" if test "x$ac_cv_func_ngettext" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_NGETTEXT 1 _ACEOF fi done break fi done LIBS="$OLIBS" if test "$sudo_cv_gettext" = "yes"; then $as_echo "#define HAVE_LIBINTL_H 1" >>confdefs.h SUDO_NLS=enabled # For Solaris we need links from lang to lang.UTF-8 in localedir case "$host_os" in solaris2*) LOCALEDIR_SUFFIX=".UTF-8";; esac elif test "$sudo_cv_gettext_lintl" = "yes"; then $as_echo "#define HAVE_LIBINTL_H 1" >>confdefs.h SUDO_NLS=enabled LIBINTL="-lintl" elif test "$sudo_cv_gettext_lintl_liconv" = "yes"; then $as_echo "#define HAVE_LIBINTL_H 1" >>confdefs.h SUDO_NLS=enabled LIBINTL="-lintl -liconv" fi fi case "$enable_zlib" in yes) { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gzdopen in -lz" >&5 $as_echo_n "checking for gzdopen in -lz... " >&6; } if ${ac_cv_lib_z_gzdopen+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lz $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char gzdopen (); int main () { return gzdopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_z_gzdopen=yes else ac_cv_lib_z_gzdopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_gzdopen" >&5 $as_echo "$ac_cv_lib_z_gzdopen" >&6; } if test "x$ac_cv_lib_z_gzdopen" = xyes; then : for ac_header in zlib.h do : ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default" if test "x$ac_cv_header_zlib_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_ZLIB_H 1 _ACEOF ZLIB="-lz" else enable_zlib=builtin fi done fi ;; no) ;; system) $as_echo "#define HAVE_ZLIB_H 1" >>confdefs.h ZLIB="-lz" ;; builtin) # handled below ;; *) $as_echo "#define HAVE_ZLIB_H 1" >>confdefs.h case "${CPPFLAGS}" in *"-I${enable_zlib}/include"|*"-I${enable_zlib}/include ") ;; *) if test X"${CPPFLAGS}" = X""; then CPPFLAGS="-I${enable_zlib}/include" else CPPFLAGS="${CPPFLAGS} -I${enable_zlib}/include" fi ;; esac case "${ZLIB}" in *"-L$enable_zlib/lib"|*"-L$enable_zlib/lib ") ;; *) ZLIB="${ZLIB} -L$enable_zlib/lib" if test X"$enable_rpath" = X"yes"; then ZLIB_R="${ZLIB_R} -R$enable_zlib/lib" fi ;; esac ZLIB="${ZLIB} -lz" ;; esac if test X"$enable_zlib" = X"builtin"; then $as_echo "#define HAVE_ZLIB_H 1" >>confdefs.h CPPFLAGS='-I$(top_builddir)/zlib -I$(top_srcdir)/zlib '"${CPPFLAGS}" ZLIB="${ZLIB}"' $(top_builddir)/zlib/libz.la' ZLIB_SRC=zlib ac_config_headers="$ac_config_headers zlib/zconf.h" ac_config_files="$ac_config_files zlib/Makefile" fi ac_fn_c_check_decl "$LINENO" "errno" "ac_cv_have_decl_errno" " $ac_includes_default #include " if test "x$ac_cv_have_decl_errno" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_ERRNO $ac_have_decl _ACEOF ac_fn_c_check_decl "$LINENO" "h_errno" "ac_cv_have_decl_h_errno" " $ac_includes_default #include " if test "x$ac_cv_have_decl_h_errno" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_H_ERRNO $ac_have_decl _ACEOF for ac_func in strsignal do : ac_fn_c_check_func "$LINENO" "strsignal" "ac_cv_func_strsignal" if test "x$ac_cv_func_strsignal" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRSIGNAL 1 _ACEOF else case " $LIBOBJS " in *" strsignal.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS strsignal.$ac_objext" ;; esac HAVE_SIGLIST="false" ac_fn_c_check_decl "$LINENO" "sys_siglist" "ac_cv_have_decl_sys_siglist" " $ac_includes_default #include " if test "x$ac_cv_have_decl_sys_siglist" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_SYS_SIGLIST $ac_have_decl _ACEOF if test $ac_have_decl = 1; then : HAVE_SIGLIST="true" break fi ac_fn_c_check_decl "$LINENO" "_sys_siglist" "ac_cv_have_decl__sys_siglist" " $ac_includes_default #include " if test "x$ac_cv_have_decl__sys_siglist" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL__SYS_SIGLIST $ac_have_decl _ACEOF if test $ac_have_decl = 1; then : HAVE_SIGLIST="true" break fi ac_fn_c_check_decl "$LINENO" "__sys_siglist" "ac_cv_have_decl___sys_siglist" " $ac_includes_default #include " if test "x$ac_cv_have_decl___sys_siglist" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL___SYS_SIGLIST $ac_have_decl _ACEOF if test $ac_have_decl = 1; then : HAVE_SIGLIST="true" break fi if test "$HAVE_SIGLIST" != "true"; then case " $LIBOBJS " in *" siglist.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS siglist.$ac_objext" ;; esac fi fi done for ac_func in sig2str do : ac_fn_c_check_func "$LINENO" "sig2str" "ac_cv_func_sig2str" if test "x$ac_cv_func_sig2str" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SIG2STR 1 _ACEOF else case " $LIBOBJS " in *" sig2str.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS sig2str.$ac_objext" ;; esac HAVE_SIGNAME="false" ac_fn_c_check_decl "$LINENO" "sys_signame" "ac_cv_have_decl_sys_signame" " $ac_includes_default #include " if test "x$ac_cv_have_decl_sys_signame" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_SYS_SIGNAME $ac_have_decl _ACEOF if test $ac_have_decl = 1; then : HAVE_SIGNAME="true" break fi ac_fn_c_check_decl "$LINENO" "_sys_signame" "ac_cv_have_decl__sys_signame" " $ac_includes_default #include " if test "x$ac_cv_have_decl__sys_signame" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL__SYS_SIGNAME $ac_have_decl _ACEOF if test $ac_have_decl = 1; then : HAVE_SIGNAME="true" break fi ac_fn_c_check_decl "$LINENO" "__sys_signame" "ac_cv_have_decl___sys_signame" " $ac_includes_default #include " if test "x$ac_cv_have_decl___sys_signame" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL___SYS_SIGNAME $ac_have_decl _ACEOF if test $ac_have_decl = 1; then : HAVE_SIGNAME="true" break fi ac_fn_c_check_decl "$LINENO" "sys_sigabbrev" "ac_cv_have_decl_sys_sigabbrev" " $ac_includes_default #include " if test "x$ac_cv_have_decl_sys_sigabbrev" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_SYS_SIGABBREV $ac_have_decl _ACEOF if test $ac_have_decl = 1; then : HAVE_SIGNAME="true" break fi if test "$HAVE_SIGNAME" != "true"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for undeclared sys_sigabbrev" >&5 $as_echo_n "checking for undeclared sys_sigabbrev... " >&6; } if ${sudo_cv_var_sys_sigabbrev+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char **sys_sigabbrev; int main () { return sys_sigabbrev[1]; ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : sudo_cv_var_sys_sigabbrev=yes else sudo_cv_var_sys_sigabbrev=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_sys_sigabbrev" >&5 $as_echo "$sudo_cv_var_sys_sigabbrev" >&6; } if test "$sudo_cv_var_sys_sigabbrev" = yes; then $as_echo "#define HAVE_SYS_SIGABBREV 1" >>confdefs.h else case " $LIBOBJS " in *" signame.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS signame.$ac_objext" ;; esac fi fi fi done if test ${with_netsvc-"no"} != "no"; then cat >>confdefs.h <>confdefs.h <&5 $as_echo_n "checking for pam_start in -lpam... " >&6; } if eval \${$as_ac_Lib+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lpam $lt_cv_dlopen_libs $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char pam_start (); int main () { return pam_start (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : eval "$as_ac_Lib=yes" else eval "$as_ac_Lib=no" fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi eval ac_res=\$$as_ac_Lib { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : found_pam_lib=yes fi # # Some PAM implementations (MacOS X for example) put the PAM headers # in /usr/include/pam instead of /usr/include/security... # found_pam_hdrs=no for ac_header in security/pam_appl.h pam/pam_appl.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF found_pam_hdrs=yes; break fi done if test "$found_pam_lib" = "yes" -a "$found_pam_hdrs" = "yes"; then # Found both PAM libs and headers with_pam=yes elif test "$with_pam" = "yes"; then if test "$found_pam_lib" = "no"; then as_fn_error $? "\"--with-pam specified but unable to locate PAM development library.\"" "$LINENO" 5 fi if test "$found_pam_hdrs" = "no"; then as_fn_error $? "\"--with-pam specified but unable to locate PAM development headers.\"" "$LINENO" 5 fi elif test "$found_pam_lib" != "$found_pam_hdrs"; then if test "$found_pam_lib" = "no"; then as_fn_error $? "\"found PAM headers but no PAM development library; specify --without-pam to build without PAM\"" "$LINENO" 5 fi if test "$found_pam_hdrs" = "no"; then as_fn_error $? "\"found PAM library but no PAM development headers; specify --without-pam to build without PAM\"" "$LINENO" 5 fi fi if test "$with_pam" = "yes"; then # Older PAM implementations lack pam_getenvlist OLIBS="$LIBS" LIBS="$LIBS -lpam $lt_cv_dlopen_libs" for ac_func in pam_getenvlist do : ac_fn_c_check_func "$LINENO" "pam_getenvlist" "ac_cv_func_pam_getenvlist" if test "x$ac_cv_func_pam_getenvlist" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_PAM_GETENVLIST 1 _ACEOF fi done LIBS="$OLIBS" # We already link with -ldl if needed (see LIBDL below) SUDOERS_LIBS="${SUDOERS_LIBS} -lpam" $as_echo "#define HAVE_PAM 1" >>confdefs.h AUTH_OBJS="$AUTH_OBJS pam.lo"; AUTH_EXCL=PAM # Check whether --with-pam-login was given. if test "${with_pam_login+set}" = set; then : withval=$with_pam_login; case $with_pam_login in yes) $as_echo "#define HAVE_PAM_LOGIN 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use PAM login" >&5 $as_echo_n "checking whether to use PAM login... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } pam_login_service="sudo-i" ;; no) ;; *) as_fn_error $? "\"--with-pam-login does not take an argument.\"" "$LINENO" 5 ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use PAM session support" >&5 $as_echo_n "checking whether to use PAM session support... " >&6; } # Check whether --enable-pam_session was given. if test "${enable_pam_session+set}" = set; then : enableval=$enable_pam_session; case "$enableval" in yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } ;; no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "#define NO_PAM_SESSION 1" >>confdefs.h pam_session=off ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-pam-session: $enableval" >&5 $as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-pam-session: $enableval" >&2;} ;; esac else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi fi fi if test ${with_aixauth-'no'} != "no"; then if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then { $as_echo "$as_me:${as_lineno-$LINENO}: using AIX general authentication" >&5 $as_echo "$as_me: using AIX general authentication" >&6;} $as_echo "#define HAVE_AIXAUTH 1" >>confdefs.h AUTH_OBJS="$AUTH_OBJS aix_auth.lo"; SUDOERS_LIBS="${SUDOERS_LIBS} -ls" AUTH_EXCL=AIX_AUTH fi fi if test ${with_bsdauth-'no'} != "no"; then ac_fn_c_check_header_mongrel "$LINENO" "bsd_auth.h" "ac_cv_header_bsd_auth_h" "$ac_includes_default" if test "x$ac_cv_header_bsd_auth_h" = xyes; then : $as_echo "#define HAVE_BSD_AUTH_H 1" >>confdefs.h AUTH_OBJS="$AUTH_OBJS bsdauth.lo" BSDAUTH_USAGE='[-a type] ' AUTH_EXCL=BSD_AUTH; BAMAN=1 else as_fn_error $? "BSD authentication was specified but bsd_auth.h could not be found" "$LINENO" 5 fi fi if test ${CHECKSIA-'false'} = "true"; then for ac_func in sia_ses_init do : ac_fn_c_check_func "$LINENO" "sia_ses_init" "ac_cv_func_sia_ses_init" if test "x$ac_cv_func_sia_ses_init" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SIA_SES_INIT 1 _ACEOF found=true else found=false fi done if test "$found" = "true"; then AUTH_EXCL=SIA AUTH_OBJS="$AUTH_OBJS sia.lo" fi fi if test ${with_fwtk-'no'} != "no"; then if test "$with_fwtk" != "yes"; then case "${SUDOERS_LDFLAGS}" in *"-L${with_fwtk}"|*"-L${with_fwtk} ") ;; *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_fwtk}" if test X"$enable_rpath" = X"yes"; then SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${with_fwtk}" fi ;; esac case "${CPPFLAGS}" in *"-I${with_fwtk}"|*"-I${with_fwtk} ") ;; *) if test X"${CPPFLAGS}" = X""; then CPPFLAGS="-I${with_fwtk}" else CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" fi ;; esac with_fwtk=yes fi SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall" AUTH_OBJS="$AUTH_OBJS fwtk.lo" fi if test ${with_SecurID-'no'} != "no"; then if test "$with_SecurID" != "yes"; then : elif test -d /usr/ace/examples; then with_SecurID=/usr/ace/examples else with_SecurID=/usr/ace fi case "${CPPFLAGS}" in *"-I${with_SecurID}"|*"-I${with_SecurID} ") ;; *) if test X"${CPPFLAGS}" = X""; then CPPFLAGS="-I${with_SecurID}" else CPPFLAGS="${CPPFLAGS} -I${with_SecurID}" fi ;; esac case "${SUDOERS_LDFLAGS}" in *"-L${with_SecurID}"|*"-L${with_SecurID} ") ;; *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_SecurID}" if test X"$enable_rpath" = X"yes"; then SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${with_SecurID}" fi ;; esac SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread" AUTH_OBJS="$AUTH_OBJS securid5.lo"; fi if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then for auth in $AUTH_DEF; do case $auth in passwd) : ${with_passwd='maybe'};; esac done fi if test ${with_kerb5-'no'} != "no"; then # Extract the first word of "krb5-config", so it can be a program name with args. set dummy krb5-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_KRB5CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$KRB5CONFIG"; then ac_cv_prog_KRB5CONFIG="$KRB5CONFIG" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_KRB5CONFIG="yes" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_prog_KRB5CONFIG" && ac_cv_prog_KRB5CONFIG="""" fi fi KRB5CONFIG=$ac_cv_prog_KRB5CONFIG if test -n "$KRB5CONFIG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KRB5CONFIG" >&5 $as_echo "$KRB5CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test -n "$KRB5CONFIG"; then $as_echo "#define HAVE_KERB5 1" >>confdefs.h AUTH_OBJS="$AUTH_OBJS kerb5.lo" CPPFLAGS="$CPPFLAGS `krb5-config --cflags`" SUDOERS_LIBS="$SUDOERS_LIBS `krb5-config --libs`" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5 $as_echo_n "checking whether we are using Heimdal... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { const char *tmp = heimdal_version; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define HAVE_HEIMDAL 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext else $as_echo "#define HAVE_KERB5 1" >>confdefs.h if test "$with_kerb5" = "yes"; then found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : found=yes; break fi rm -f conftest.err conftest.i conftest.$ac_ext done if test X"$found" = X"no"; then CPPFLAGS="$O_CPPFLAGS" { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&5 $as_echo "$as_me: WARNING: Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&2;} fi else case "${SUDOERS_LDFLAGS}" in *"-L${with_kerb5}/lib"|*"-L${with_kerb5}/lib ") ;; *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_kerb5}/lib" if test X"$enable_rpath" = X"yes"; then SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${with_kerb5}/lib" fi ;; esac case "${CPPFLAGS}" in *"-I${with_kerb5}/include"|*"-I${with_kerb5}/include ") ;; *) if test X"${CPPFLAGS}" = X""; then CPPFLAGS="-I${with_kerb5}/include" else CPPFLAGS="${CPPFLAGS} -I${with_kerb5}/include" fi ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5 $as_echo_n "checking whether we are using Heimdal... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { const char *tmp = heimdal_version; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define HAVE_HEIMDAL 1" >>confdefs.h # XXX - need to check whether -lcrypo is needed! SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lroken" >&5 $as_echo_n "checking for main in -lroken... " >&6; } if ${ac_cv_lib_roken_main+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lroken $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { return main (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_roken_main=yes else ac_cv_lib_roken_main=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_roken_main" >&5 $as_echo "$ac_cv_lib_roken_main" >&6; } if test "x$ac_cv_lib_roken_main" = xyes; then : SUDOERS_LIBS="${SUDOERS_LIBS} -lroken" fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lk5crypto -lcom_err" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lkrb5support" >&5 $as_echo_n "checking for main in -lkrb5support... " >&6; } if ${ac_cv_lib_krb5support_main+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lkrb5support $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { return main (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_krb5support_main=yes else ac_cv_lib_krb5support_main=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5support_main" >&5 $as_echo "$ac_cv_lib_krb5support_main" >&6; } if test "x$ac_cv_lib_krb5support_main" = xyes; then : SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5support" fi fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext AUTH_OBJS="$AUTH_OBJS kerb5.lo" fi _LIBS="$LIBS" LIBS="${LIBS} ${SUDOERS_LIBS}" for ac_func in krb5_verify_user krb5_init_secure_context do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in krb5_get_init_creds_opt_alloc do : ac_fn_c_check_func "$LINENO" "krb5_get_init_creds_opt_alloc" "ac_cv_func_krb5_get_init_creds_opt_alloc" if test "x$ac_cv_func_krb5_get_init_creds_opt_alloc" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether krb5_get_init_creds_opt_free takes a context" >&5 $as_echo_n "checking whether krb5_get_init_creds_opt_free takes a context... " >&6; } if ${sudo_cv_krb5_get_init_creds_opt_free_two_args+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { krb5_get_init_creds_opt_free(NULL, NULL); ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : sudo_cv_krb5_get_init_creds_opt_free_two_args=yes else sudo_cv_krb5_get_init_creds_opt_free_two_args=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_krb5_get_init_creds_opt_free_two_args" >&5 $as_echo "$sudo_cv_krb5_get_init_creds_opt_free_two_args" >&6; } fi done if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then $as_echo "#define HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS 1" >>confdefs.h fi LIBS="$_LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use an instance name for Kerberos V" >&5 $as_echo_n "checking whether to use an instance name for Kerberos V... " >&6; } # Check whether --enable-kerb5-instance was given. if test "${enable_kerb5_instance+set}" = set; then : enableval=$enable_kerb5_instance; case "$enableval" in yes) as_fn_error $? "\"must give --enable-kerb5-instance an argument.\"" "$LINENO" 5 ;; no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ;; *) cat >>confdefs.h <&5 $as_echo "$enableval" >&6; } ;; esac else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test ${with_AFS-'no'} = "yes"; then # looks like the "standard" place for AFS libs is /usr/afsws/lib AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs" for i in $AFSLIBDIRS; do if test -d ${i}; then case "${SUDOERS_LDFLAGS}" in *"-L$i"|*"-L$i ") ;; *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L$i" if test X"$enable_rpath" = X"yes"; then SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R$i" fi ;; esac FOUND_AFSLIBDIR=true fi done if test -z "$FOUND_AFSLIBDIR"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options." >&5 $as_echo "$as_me: WARNING: Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options." >&2;} fi # Order is important here. Note that we build AFS_LIBS from right to left # since AFS_LIBS may be initialized with BSD compat libs that must go last AFS_LIBS="-laudit ${AFS_LIBS}" for i in $AFSLIBDIRS; do if test -f ${i}/util.a; then AFS_LIBS="${i}/util.a ${AFS_LIBS}" FOUND_UTIL_A=true break; fi done if test -z "$FOUND_UTIL_A"; then AFS_LIBS="-lutil ${AFS_LIBS}" fi AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}" # AFS includes may live in /usr/include on some machines... for i in /usr/afsws/include; do if test -d ${i}; then case "${CPPFLAGS}" in *"-I${i}"|*"-I${i} ") ;; *) if test X"${CPPFLAGS}" = X""; then CPPFLAGS="-I${i}" else CPPFLAGS="${CPPFLAGS} -I${i}" fi ;; esac FOUND_AFSINCDIR=true fi done if test -z "$FOUND_AFSLIBDIR"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options." >&5 $as_echo "$as_me: WARNING: Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options." >&2;} fi AUTH_OBJS="$AUTH_OBJS afs.lo" fi if test ${with_DCE-'no'} = "yes"; then DCE_OBJS="${DCE_OBJS} dce_pwent.o" SUDOERS_LIBS="${SUDOERS_LIBS} -ldce" AUTH_OBJS="$AUTH_OBJS dce.lo" fi if test "${with_skey-'no'}" = "yes"; then O_LDFLAGS="$LDFLAGS" if test "$with_skey" != "yes"; then case "${CPPFLAGS}" in *"-I${with_skey}/include"|*"-I${with_skey}/include ") ;; *) if test X"${CPPFLAGS}" = X""; then CPPFLAGS="-I${with_skey}/include" else CPPFLAGS="${CPPFLAGS} -I${with_skey}/include" fi ;; esac LDFLAGS="$LDFLAGS -L${with_skey}/lib" case "${SUDOERS_LDFLAGS}" in *"-L${with_skey}/lib"|*"-L${with_skey}/lib ") ;; *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_skey}/lib" if test X"$enable_rpath" = X"yes"; then SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${with_skey}/lib" fi ;; esac ac_fn_c_check_header_compile "$LINENO" "skey.h" "ac_cv_header_skey_h" "#include " if test "x$ac_cv_header_skey_h" = xyes; then : found=yes else found=no fi else found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "/usr/local" "/usr/contrib"; do test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" ac_fn_c_check_header_compile "$LINENO" "skey.h" "ac_cv_header_skey_h" "#include " if test "x$ac_cv_header_skey_h" = xyes; then : found=yes; break fi done if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" else LDFLAGS="$LDFLAGS -L${dir}/lib" case "${SUDOERS_LDFLAGS}" in *"-L${dir}/lib"|*"-L${dir}/lib ") ;; *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${dir}/lib" if test X"$enable_rpath" = X"yes"; then SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${dir}/lib" fi ;; esac fi if test "$found" = "no"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS" >&5 $as_echo "$as_me: WARNING: Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS" >&2;} fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lskey" >&5 $as_echo_n "checking for main in -lskey... " >&6; } if ${ac_cv_lib_skey_main+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lskey $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { return main (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_skey_main=yes else ac_cv_lib_skey_main=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_skey_main" >&5 $as_echo "$ac_cv_lib_skey_main" >&6; } if test "x$ac_cv_lib_skey_main" = xyes; then : found=yes else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS" >&5 $as_echo "$as_me: WARNING: Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS" >&2;} fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for skeyaccess in -lskey" >&5 $as_echo_n "checking for skeyaccess in -lskey... " >&6; } if ${ac_cv_lib_skey_skeyaccess+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lskey $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char skeyaccess (); int main () { return skeyaccess (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_skey_skeyaccess=yes else ac_cv_lib_skey_skeyaccess=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_skey_skeyaccess" >&5 $as_echo "$ac_cv_lib_skey_skeyaccess" >&6; } if test "x$ac_cv_lib_skey_skeyaccess" = xyes; then : $as_echo "#define HAVE_SKEYACCESS 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for RFC1938-compliant skeychallenge" >&5 $as_echo_n "checking for RFC1938-compliant skeychallenge... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ # include # include int main () { skeychallenge(NULL, NULL, NULL, 0); ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : $as_echo "#define HAVE_RFC1938_SKEYCHALLENGE 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext LDFLAGS="$O_LDFLAGS" SUDOERS_LIBS="${SUDOERS_LIBS} -lskey" AUTH_OBJS="$AUTH_OBJS rfc1938.lo" fi if test "${with_opie-'no'}" = "yes"; then O_LDFLAGS="$LDFLAGS" if test "$with_opie" != "yes"; then case "${CPPFLAGS}" in *"-I${with_opie}/include"|*"-I${with_opie}/include ") ;; *) if test X"${CPPFLAGS}" = X""; then CPPFLAGS="-I${with_opie}/include" else CPPFLAGS="${CPPFLAGS} -I${with_opie}/include" fi ;; esac LDFLAGS="$LDFLAGS -L${with_opie}/lib" case "${SUDOERS_LDFLAGS}" in *"-L${with_opie}/lib"|*"-L${with_opie}/lib ") ;; *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_opie}/lib" if test X"$enable_rpath" = X"yes"; then SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${with_opie}/lib" fi ;; esac cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : found=yes else found=no fi rm -f conftest.err conftest.i conftest.$ac_ext else found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "/usr/local" "/usr/contrib"; do test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : found=yes; break fi rm -f conftest.err conftest.i conftest.$ac_ext done if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" else LDFLAGS="$LDFLAGS -L${dir}/lib" case "${SUDOERS_LDFLAGS}" in *"-L${dir}/lib"|*"-L${dir}/lib ") ;; *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${dir}/lib" if test X"$enable_rpath" = X"yes"; then SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${dir}/lib" fi ;; esac fi if test "$found" = "no"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS" >&5 $as_echo "$as_me: WARNING: Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS" >&2;} fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lopie" >&5 $as_echo_n "checking for main in -lopie... " >&6; } if ${ac_cv_lib_opie_main+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lopie $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { return main (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_opie_main=yes else ac_cv_lib_opie_main=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_opie_main" >&5 $as_echo "$ac_cv_lib_opie_main" >&6; } if test "x$ac_cv_lib_opie_main" = xyes; then : found=yes else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS" >&5 $as_echo "$as_me: WARNING: Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS" >&2;} fi LDFLAGS="$O_LDFLAGS" SUDOERS_LIBS="${SUDOERS_LIBS} -lopie" AUTH_OBJS="$AUTH_OBJS rfc1938.lo" fi if test ${with_passwd-'no'} != "no"; then if test -z "$LIB_CRYPT"; then _LIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing crypt" >&5 $as_echo_n "checking for library containing crypt... " >&6; } if ${ac_cv_search_crypt+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char crypt (); int main () { return crypt (); ; return 0; } _ACEOF for ac_lib in '' crypt crypt_d ufc; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_crypt=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_crypt+:} false; then : break fi done if ${ac_cv_search_crypt+:} false; then : else ac_cv_search_crypt=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_crypt" >&5 $as_echo "$ac_cv_search_crypt" >&6; } ac_res=$ac_cv_search_crypt if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res" fi LIBS="$_LIBS" fi if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then _LIBS="$LIBS" LIBS="$LIBS $shadow_libs" found=no for ac_func in $shadow_funcs do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF found=yes fi done if test "$found" = "yes"; then SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs" elif test -n "$shadow_libs_optional"; then LIBS="$LIBS $shadow_libs_optional" for ac_func in $shadow_funcs do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF found=yes fi done if test "$found" = "yes"; then SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs $shadow_libs_optional" fi fi if test "$found" = "yes"; then case "$shadow_funcs" in *getprpwnam*) SECUREWARE=1;; esac test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs" else LIBS="$_LIBS" fi CHECKSHADOW=false fi if test "$CHECKSHADOW" = "true"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getspnam" >&5 $as_echo_n "checking for library containing getspnam... " >&6; } if ${ac_cv_search_getspnam+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char getspnam (); int main () { return getspnam (); ; return 0; } _ACEOF for ac_lib in '' gen; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_getspnam=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_getspnam+:} false; then : break fi done if ${ac_cv_search_getspnam+:} false; then : else ac_cv_search_getspnam=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getspnam" >&5 $as_echo "$ac_cv_search_getspnam" >&6; } ac_res=$ac_cv_search_getspnam if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" $as_echo "#define HAVE_GETSPNAM 1" >>confdefs.h CHECKSHADOW=false; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res" fi fi if test "$CHECKSHADOW" = "true"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getprpwnam" >&5 $as_echo_n "checking for library containing getprpwnam... " >&6; } if ${ac_cv_search_getprpwnam+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char getprpwnam (); int main () { return getprpwnam (); ; return 0; } _ACEOF for ac_lib in '' sec security prot; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_getprpwnam=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_getprpwnam+:} false; then : break fi done if ${ac_cv_search_getprpwnam+:} false; then : else ac_cv_search_getprpwnam=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getprpwnam" >&5 $as_echo "$ac_cv_search_getprpwnam" >&6; } ac_res=$ac_cv_search_getprpwnam if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" $as_echo "#define HAVE_GETPRPWNAM 1" >>confdefs.h CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res" fi fi if test -n "$SECUREWARE"; then for ac_func in bigcrypt set_auth_parameters initprivs do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done AUTH_OBJS="$AUTH_OBJS secureware.lo" fi fi if test X"$enable_poll" = X""; then for ac_func in poll do : ac_fn_c_check_func "$LINENO" "poll" "ac_cv_func_poll" if test "x$ac_cv_func_poll" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_POLL 1 _ACEOF enable_poll=yes else enable_poll=no fi done elif test X"$enable_poll" = X"yes"; then $as_echo "#define HAVE_POLL 1" >>confdefs.h fi if test "$enable_poll" = "yes"; then COMMON_OBJS="${COMMON_OBJS} event_poll.lo" else COMMON_OBJS="${COMMON_OBJS} event_select.lo" fi if test ${with_ldap-'no'} != "no"; then O_LDFLAGS="$LDFLAGS" if test "$with_ldap" != "yes"; then case "${SUDOERS_LDFLAGS}" in *"-L${with_ldap}/lib"|*"-L${with_ldap}/lib ") ;; *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_ldap}/lib" if test X"$enable_rpath" = X"yes"; then SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${with_ldap}/lib" fi ;; esac LDFLAGS="$LDFLAGS -L${with_ldap}/lib" case "${CPPFLAGS}" in *"-I${with_ldap}/include"|*"-I${with_ldap}/include ") ;; *) if test X"${CPPFLAGS}" = X""; then CPPFLAGS="-I${with_ldap}/include" else CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" fi ;; esac with_ldap=yes fi SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo" LDAP="" _LIBS="$LIBS" LDAP_LIBS="" IBMLDAP_EXTRA="" found=no # On HP-UX, libibmldap has a hidden dependency on libCsup case "$host_os" in hpux*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lCsup" >&5 $as_echo_n "checking for main in -lCsup... " >&6; } if ${ac_cv_lib_Csup_main+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lCsup $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { return main (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_Csup_main=yes else ac_cv_lib_Csup_main=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_Csup_main" >&5 $as_echo "$ac_cv_lib_Csup_main" >&6; } if test "x$ac_cv_lib_Csup_main" = xyes; then : IBMLDAP_EXTRA=" -lCsup" fi ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing ldap_init" >&5 $as_echo_n "checking for library containing ldap_init... " >&6; } if ${ac_cv_search_ldap_init+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ldap_init (); int main () { return ldap_init (); ; return 0; } _ACEOF for ac_lib in '' "ldap" "ldap -llber" "ldap -llber -lssl -lcrypto" "ibmldap${IBMLDAP_EXTRA}" "ibmldap -lidsldif${IBMLDAP_EXTRA}"; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_ldap_init=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_ldap_init+:} false; then : break fi done if ${ac_cv_search_ldap_init+:} false; then : else ac_cv_search_ldap_init=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_ldap_init" >&5 $as_echo "$ac_cv_search_ldap_init" >&6; } ac_res=$ac_cv_search_ldap_init if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" test "$ac_res" != "none required" && LDAP_LIBS="$ac_res" found=yes fi # If nothing linked, try -lldap and hope for the best if test "$found" = "no"; then LDAP_LIBS="-lldap" fi LIBS="${_LIBS} ${LDAP_LIBS}" OLIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing ber_set_option" >&5 $as_echo_n "checking for library containing ber_set_option... " >&6; } if ${ac_cv_search_ber_set_option+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ber_set_option (); int main () { return ber_set_option (); ; return 0; } _ACEOF for ac_lib in '' lber; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_ber_set_option=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_ber_set_option+:} false; then : break fi done if ${ac_cv_search_ber_set_option+:} false; then : else ac_cv_search_ber_set_option=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_ber_set_option" >&5 $as_echo "$ac_cv_search_ber_set_option" >&6; } ac_res=$ac_cv_search_ber_set_option if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" found=yes else found=no fi if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then LDAP_LIBS="$LDAP_LIBS -llber" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether lber.h is needed" >&5 $as_echo_n "checking whether lber.h is needed... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include # include int main () { (void)ldap_init(0, 0) ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define HAVE_LBER_H 1" >>confdefs.h fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext for ac_header in sasl/sasl.h sasl.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF for ac_func in ldap_sasl_interactive_bind_s do : ac_fn_c_check_func "$LINENO" "ldap_sasl_interactive_bind_s" "ac_cv_func_ldap_sasl_interactive_bind_s" if test "x$ac_cv_func_ldap_sasl_interactive_bind_s" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LDAP_SASL_INTERACTIVE_BIND_S 1 _ACEOF fi done break fi done for ac_header in ldap_ssl.h mps/ldap_ssl.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include " if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF break fi done for ac_func in ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_init ldap_ssl_client_init ldap_start_tls_s_np do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in ldap_search_ext_s ldap_search_st do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF break fi done if test X"$check_gss_krb5_ccache_name" = X"yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_krb5_ccache_name in -lgssapi" >&5 $as_echo_n "checking for gss_krb5_ccache_name in -lgssapi... " >&6; } if ${ac_cv_lib_gssapi_gss_krb5_ccache_name+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lgssapi $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char gss_krb5_ccache_name (); int main () { return gss_krb5_ccache_name (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_gssapi_gss_krb5_ccache_name=yes else ac_cv_lib_gssapi_gss_krb5_ccache_name=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_gss_krb5_ccache_name" >&5 $as_echo "$ac_cv_lib_gssapi_gss_krb5_ccache_name" >&6; } if test "x$ac_cv_lib_gssapi_gss_krb5_ccache_name" = xyes; then : $as_echo "#define HAVE_GSS_KRB5_CCACHE_NAME 1" >>confdefs.h LDAP_LIBS="${LDAP_LIBS} -lgssapi" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_krb5_ccache_name in -lgssapi_krb5" >&5 $as_echo_n "checking for gss_krb5_ccache_name in -lgssapi_krb5... " >&6; } if ${ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lgssapi_krb5 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char gss_krb5_ccache_name (); int main () { return gss_krb5_ccache_name (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name=yes else ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name" >&5 $as_echo "$ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name" >&6; } if test "x$ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name" = xyes; then : $as_echo "#define HAVE_GSS_KRB5_CCACHE_NAME 1" >>confdefs.h LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5" fi fi # gssapi headers may be separate or part of Kerberos V found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : found="gssapi/gssapi.h"; break else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : found="gssapi.h"; break fi rm -f conftest.err conftest.i conftest.$ac_ext fi rm -f conftest.err conftest.i conftest.$ac_ext done if test X"$found" != X"no"; then for ac_header in $found do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done if test X"$found" = X"gssapi/gssapi.h"; then for ac_header in gssapi/gssapi_krb5.h do : ac_fn_c_check_header_mongrel "$LINENO" "gssapi/gssapi_krb5.h" "ac_cv_header_gssapi_gssapi_krb5_h" "$ac_includes_default" if test "x$ac_cv_header_gssapi_gssapi_krb5_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GSSAPI_GSSAPI_KRB5_H 1 _ACEOF fi done fi else CPPFLAGS="$O_CPPFLAGS" { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS" >&5 $as_echo "$as_me: WARNING: Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS" >&2;} fi fi SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}" LIBS="$_LIBS" LDFLAGS="$O_LDFLAGS" fi # # How to do dynamic object loading. # We support dlopen() and sh_load(), else fall back to static loading. # case "$lt_cv_dlopen" in dlopen) $as_echo "#define HAVE_DLOPEN 1" >>confdefs.h if test "$enable_static_sudoers" = "yes"; then $as_echo "#define STATIC_SUDOERS_PLUGIN 1" >>confdefs.h SUDO_OBJS="${SUDO_OBJS} preload.o" SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la" SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} --tag=disable-shared -static" LT_STATIC="" else SUDO_OBJS="$SUDO_OBJS locale_stub.o" LT_STATIC="--tag=disable-static" fi ;; shl_load) $as_echo "#define HAVE_SHL_LOAD 1" >>confdefs.h if test "$enable_static_sudoers" = "yes"; then $as_echo "#define STATIC_SUDOERS_PLUGIN 1" >>confdefs.h SUDO_OBJS="${SUDO_OBJS} preload.o" SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la" SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} --tag=disable-shared -static" LT_STATIC="" else SUDO_OBJS="$SUDO_OBJS locale_stub.o" LT_STATIC="--tag=disable-static" fi ;; *) if test X"${ac_cv_func_dlopen}" = X"yes"; then as_fn_error $? "\"dlopen present but libtool doesn't appear to support your platform.\"" "$LINENO" 5 fi # Preload sudoers module symbols SUDO_OBJS="${SUDO_OBJS} preload.o" SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la" LT_STATIC="" ;; esac # On HP-UX, you cannot dlopen() a shared object that uses pthreads unless # the main program is linked against -lpthread. We have no knowledge of # what libraries a plugin may depend on (e.g. HP-UX LDAP which uses pthreads) # so always link against -lpthread on HP-UX if it is available. # This check should go after all other libraries tests. case "$host_os" in hpux*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5 $as_echo_n "checking for main in -lpthread... " >&6; } if ${ac_cv_lib_pthread_main+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lpthread $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { return main (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_pthread_main=yes else ac_cv_lib_pthread_main=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_main" >&5 $as_echo "$ac_cv_lib_pthread_main" >&6; } if test "x$ac_cv_lib_pthread_main" = xyes; then : SUDO_LIBS="${SUDO_LIBS} -lpthread" fi OSDEFS="${OSDEFS} -D_REENTRANT" ;; esac if test "$utmp_style" = "LEGACY"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for utmp file path" >&5 $as_echo_n "checking for utmp file path... " >&6; } found=no for p in "/var/run/utmp" "/var/adm/utmp" "/etc/utmp"; do if test -r "$p"; then found=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $p" >&5 $as_echo "$p" >&6; } cat >>confdefs.h <&5 $as_echo "not found" >&6; } fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for log file location" >&5 $as_echo_n "checking for log file location... " >&6; } if test -n "$with_logpath"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_logpath" >&5 $as_echo "$with_logpath" >&6; } cat >>confdefs.h <&5 $as_echo "/var/log/sudo.log" >&6; } cat >>confdefs.h <<\EOF #define _PATH_SUDO_LOGFILE "/var/log/sudo.log" EOF elif test -d "/var/adm"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: /var/adm/sudo.log" >&5 $as_echo "/var/adm/sudo.log" >&6; } cat >>confdefs.h <<\EOF #define _PATH_SUDO_LOGFILE "/var/adm/sudo.log" EOF elif test -d "/usr/adm"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: /usr/adm/sudo.log" >&5 $as_echo "/usr/adm/sudo.log" >&6; } cat >>confdefs.h <<\EOF #define _PATH_SUDO_LOGFILE "/usr/adm/sudo.log" EOF else { $as_echo "$as_me:${as_lineno-$LINENO}: result: unknown" >&5 $as_echo "unknown" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for timestamp file location" >&5 $as_echo_n "checking for timestamp file location... " >&6; } timedir="$with_timedir" if test -z "$timedir"; then for d in /var/db /var/lib /var/adm /usr/adm; do if test -d "$d"; then timedir="$d/sudo" break fi done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $timedir" >&5 $as_echo "$timedir" >&6; } cat >>confdefs.h <&5 $as_echo_n "checking for I/O log dir location... " >&6; } if test "${with_iologdir-yes}" != "yes"; then iolog_dir="$with_iologdir" elif test -d "/var/log"; then iolog_dir="/var/log/sudo-io" elif test -d "/var/adm"; then iolog_dir="/var/adm/sudo-io" else iolog_dir="/usr/adm/sudo-io" fi if test "${with_iologdir}" != "no"; then cat >>confdefs.h <&5 $as_echo "$iolog_dir" >&6; } ac_c_werror_flag=yes if test -n "$GCC" -a "$lt_cv_prog_gnu_ld" != "yes" -a -n "$GCC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -static-libgcc" >&5 $as_echo_n "checking whether C compiler accepts -static-libgcc... " >&6; } if ${ax_cv_check_cflags___static_libgcc+:} false; then : $as_echo_n "(cached) " >&6 else ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -static-libgcc" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ax_cv_check_cflags___static_libgcc=yes else ax_cv_check_cflags___static_libgcc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS=$ax_check_save_flags fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___static_libgcc" >&5 $as_echo "$ax_cv_check_cflags___static_libgcc" >&6; } if test x"$ax_cv_check_cflags___static_libgcc" = xyes; then : LT_LDFLAGS="$LT_LDFLAGS -Wc,-static-libgcc" else : fi fi if test -n "$GCC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fvisibility=hidden" >&5 $as_echo_n "checking whether C compiler accepts -fvisibility=hidden... " >&6; } if ${ax_cv_check_cflags___fvisibility_hidden+:} false; then : $as_echo_n "(cached) " >&6 else ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -fvisibility=hidden" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ax_cv_check_cflags___fvisibility_hidden=yes else ax_cv_check_cflags___fvisibility_hidden=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS=$ax_check_save_flags fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fvisibility_hidden" >&5 $as_echo "$ax_cv_check_cflags___fvisibility_hidden" >&6; } if test x"$ax_cv_check_cflags___fvisibility_hidden" = xyes; then : $as_echo "#define HAVE_DSO_VISIBILITY 1" >>confdefs.h CFLAGS="${CFLAGS} -fvisibility=hidden" LT_LDEXPORTS= LT_LDDEP= NO_VIZ= else : fi else case "$host_os" in hpux*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Bhidden_def" >&5 $as_echo_n "checking whether C compiler accepts -Bhidden_def... " >&6; } if ${ax_cv_check_cflags___Bhidden_def+:} false; then : $as_echo_n "(cached) " >&6 else ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -Bhidden_def" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ax_cv_check_cflags___Bhidden_def=yes else ax_cv_check_cflags___Bhidden_def=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS=$ax_check_save_flags fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Bhidden_def" >&5 $as_echo "$ax_cv_check_cflags___Bhidden_def" >&6; } if test x"$ax_cv_check_cflags___Bhidden_def" = xyes; then : $as_echo "#define HAVE_DSO_VISIBILITY 1" >>confdefs.h CFLAGS="${CFLAGS} -Bhidden_def" LT_LDEXPORTS= LT_LDDEP= else : fi ;; solaris2*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -xldscope=hidden" >&5 $as_echo_n "checking whether C compiler accepts -xldscope=hidden... " >&6; } if ${ax_cv_check_cflags___xldscope_hidden+:} false; then : $as_echo_n "(cached) " >&6 else ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -xldscope=hidden" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ax_cv_check_cflags___xldscope_hidden=yes else ax_cv_check_cflags___xldscope_hidden=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS=$ax_check_save_flags fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___xldscope_hidden" >&5 $as_echo "$ax_cv_check_cflags___xldscope_hidden" >&6; } if test x"$ax_cv_check_cflags___xldscope_hidden" = xyes; then : $as_echo "#define HAVE_DSO_VISIBILITY 1" >>confdefs.h CFLAGS="${CFLAGS} -xldscope=hidden" LT_LDEXPORTS= LT_LDDEP= else : fi ;; esac fi if test -n "$LT_LDEXPORTS"; then if test "$lt_cv_prog_gnu_ld" = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ld supports anonymous map files" >&5 $as_echo_n "checking whether ld supports anonymous map files... " >&6; } if ${sudo_cv_var_gnu_ld_anon_map+:} false; then : $as_echo_n "(cached) " >&6 else sudo_cv_var_gnu_ld_anon_map=no cat > conftest.map <<-EOF { global: foo; local: *; }; EOF _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $lt_prog_compiler_pic" _LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -fpic -shared -Wl,--version-script,./conftest.map" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int foo; int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : sudo_cv_var_gnu_ld_anon_map=yes fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext CFLAGS="$_CFLAGS" LDFLAGS="$_LDFLAGS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_gnu_ld_anon_map" >&5 $as_echo "$sudo_cv_var_gnu_ld_anon_map" >&6; } if test "$sudo_cv_var_gnu_ld_anon_map" = "yes"; then LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,--version-script,\$(shlib_map)" fi else case "$host_os" in solaris2*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ld supports anonymous map files" >&5 $as_echo_n "checking whether ld supports anonymous map files... " >&6; } if ${sudo_cv_var_solaris_ld_anon_map+:} false; then : $as_echo_n "(cached) " >&6 else sudo_cv_var_solaris_ld_anon_map=no cat > conftest.map <<-EOF { global: foo; local: *; }; EOF _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $lt_prog_compiler_pic" _LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -shared -Wl,-M,./conftest.map" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int foo; int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : sudo_cv_var_solaris_ld_anon_map=yes fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext CFLAGS="$_CFLAGS" LDFLAGS="$_LDFLAGS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_solaris_ld_anon_map" >&5 $as_echo "$sudo_cv_var_solaris_ld_anon_map" >&6; } if test "$sudo_cv_var_solaris_ld_anon_map" = "yes"; then LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,-M,\$(shlib_map)" fi ;; hpux*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ld supports controlling exported symbols" >&5 $as_echo_n "checking whether ld supports controlling exported symbols... " >&6; } if ${sudo_cv_var_hpux_ld_symbol_export+:} false; then : $as_echo_n "(cached) " >&6 else sudo_cv_var_hpux_ld_symbol_export=no echo "+e foo" > conftest.opt _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $lt_prog_compiler_pic" _LDFLAGS="$LDFLAGS" if test -n "$GCC"; then LDFLAGS="$LDFLAGS -shared -Wl,-c,./conftest.opt" else LDFLAGS="$LDFLAGS -Wl,-b -Wl,-c,./conftest.opt" fi cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int foo; int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : sudo_cv_var_hpux_ld_symbol_export=yes fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext CFLAGS="$_CFLAGS" LDFLAGS="$_LDFLAGS" rm -f conftest.opt fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_hpux_ld_symbol_export" >&5 $as_echo "$sudo_cv_var_hpux_ld_symbol_export" >&6; } if test "$sudo_cv_var_hpux_ld_symbol_export" = "yes"; then LT_LDEXPORTS=; LT_LDDEP="\$(shlib_opt)"; LT_LDOPT="-Wl,-c,\$(shlib_opt)" fi ;; esac fi fi if test -n "$GCC"; then if test -z "$enable_pie"; then case "$host_os" in linux*) # Attempt to build with PIE support enable_pie="maybe" ;; esac fi if test -n "$enable_pie"; then if test "$enable_pie" = "no"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fno-pie" >&5 $as_echo_n "checking whether C compiler accepts -fno-pie... " >&6; } if ${ax_cv_check_cflags___fno_pie+:} false; then : $as_echo_n "(cached) " >&6 else ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -fno-pie" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ax_cv_check_cflags___fno_pie=yes else ax_cv_check_cflags___fno_pie=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS=$ax_check_save_flags fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fno_pie" >&5 $as_echo "$ax_cv_check_cflags___fno_pie" >&6; } if test x"$ax_cv_check_cflags___fno_pie" = xyes; then : _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -fno-pie" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -nopie" >&5 $as_echo_n "checking whether the linker accepts -nopie... " >&6; } if ${ax_cv_check_ldflags___nopie+:} false; then : $as_echo_n "(cached) " >&6 else ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS -nopie" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ax_cv_check_ldflags___nopie=yes else ax_cv_check_ldflags___nopie=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$ax_check_save_flags fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___nopie" >&5 $as_echo "$ax_cv_check_ldflags___nopie" >&6; } if test x"$ax_cv_check_ldflags___nopie" = xyes; then : PIE_CFLAGS="-fno-pie" PIE_LDFLAGS="-nopie" else : fi CFLAGS="$_CFLAGS" else : fi else { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fPIE" >&5 $as_echo_n "checking whether C compiler accepts -fPIE... " >&6; } if ${ax_cv_check_cflags___fPIE+:} false; then : $as_echo_n "(cached) " >&6 else ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -fPIE" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ax_cv_check_cflags___fPIE=yes else ax_cv_check_cflags___fPIE=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS=$ax_check_save_flags fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fPIE" >&5 $as_echo "$ax_cv_check_cflags___fPIE" >&6; } if test x"$ax_cv_check_cflags___fPIE" = xyes; then : _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -fPIE" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -pie" >&5 $as_echo_n "checking whether the linker accepts -pie... " >&6; } if ${ax_cv_check_ldflags___pie+:} false; then : $as_echo_n "(cached) " >&6 else ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS -pie" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ax_cv_check_ldflags___pie=yes else ax_cv_check_ldflags___pie=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$ax_check_save_flags fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___pie" >&5 $as_echo "$ax_cv_check_ldflags___pie" >&6; } if test x"$ax_cv_check_ldflags___pie" = xyes; then : if test "$enable_pie" = "maybe"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working PIE support" >&5 $as_echo_n "checking for working PIE support... " >&6; } if ${sudo_cv_working_pie+:} false; then : $as_echo_n "(cached) " >&6 else rm -f conftestdata; > conftestdata if test "$cross_compiling" = yes; then : sudo_cv_working_pie=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default main() { char *p = malloc(1024); if (p == NULL) return 1; memset(p, 0, 1024); return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : sudo_cv_working_pie=yes else sudo_cv_working_pie=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi rm -f core core.* *.core fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_working_pie" >&5 $as_echo "$sudo_cv_working_pie" >&6; } if test $sudo_cv_working_pie = yes; then : enable_pie=yes fi fi if test "$enable_pie" = "yes"; then PIE_CFLAGS="-fPIE" PIE_LDFLAGS="-Wc,-fPIE -pie" fi else : fi CFLAGS="$_CFLAGS" else : fi fi fi fi if test "$enable_pie" != "yes"; then # Solaris 11.1 and higher supports tagging binaries to use ASLR case "$host_os" in solaris2.1[1-9]|solaris2.[2-9][0-9]) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,aslr" >&5 $as_echo_n "checking whether the linker accepts -Wl,-z,aslr... " >&6; } if ${ax_cv_check_ldflags___Wl__z_aslr+:} false; then : $as_echo_n "(cached) " >&6 else ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS -Wl,-z,aslr" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ax_cv_check_ldflags___Wl__z_aslr=yes else ax_cv_check_ldflags___Wl__z_aslr=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$ax_check_save_flags fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_aslr" >&5 $as_echo "$ax_cv_check_ldflags___Wl__z_aslr" >&6; } if test x"$ax_cv_check_ldflags___Wl__z_aslr" = xyes; then : PIE_LDFLAGS="${PIE_LDFLAGS}${PIE_LDFLAGS+ }-Wl,-z,aslr" else : fi ;; esac fi if test "$enable_hardening" != "no"; then if test -n "$GCC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector-strong" >&5 $as_echo_n "checking whether C compiler accepts -fstack-protector-strong... " >&6; } if ${ax_cv_check_cflags___fstack_protector_strong+:} false; then : $as_echo_n "(cached) " >&6 else ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -fstack-protector-strong" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ax_cv_check_cflags___fstack_protector_strong=yes else ax_cv_check_cflags___fstack_protector_strong=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS=$ax_check_save_flags fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector_strong" >&5 $as_echo "$ax_cv_check_cflags___fstack_protector_strong" >&6; } if test x"$ax_cv_check_cflags___fstack_protector_strong" = xyes; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fstack-protector-strong" >&5 $as_echo_n "checking whether the linker accepts -fstack-protector-strong... " >&6; } if ${ax_cv_check_ldflags___fstack_protector_strong+:} false; then : $as_echo_n "(cached) " >&6 else ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS -fstack-protector-strong" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ax_cv_check_ldflags___fstack_protector_strong=yes else ax_cv_check_ldflags___fstack_protector_strong=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$ax_check_save_flags fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___fstack_protector_strong" >&5 $as_echo "$ax_cv_check_ldflags___fstack_protector_strong" >&6; } if test x"$ax_cv_check_ldflags___fstack_protector_strong" = xyes; then : SSP_CFLAGS="-fstack-protector-strong" SSP_LDFLAGS="-Wc,-fstack-protector-strong" else : fi else : fi if test -z "$SSP_CFLAGS"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector-all" >&5 $as_echo_n "checking whether C compiler accepts -fstack-protector-all... " >&6; } if ${ax_cv_check_cflags___fstack_protector_all+:} false; then : $as_echo_n "(cached) " >&6 else ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -fstack-protector-all" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ax_cv_check_cflags___fstack_protector_all=yes else ax_cv_check_cflags___fstack_protector_all=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS=$ax_check_save_flags fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector_all" >&5 $as_echo "$ax_cv_check_cflags___fstack_protector_all" >&6; } if test x"$ax_cv_check_cflags___fstack_protector_all" = xyes; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fstack-protector-all" >&5 $as_echo_n "checking whether the linker accepts -fstack-protector-all... " >&6; } if ${ax_cv_check_ldflags___fstack_protector_all+:} false; then : $as_echo_n "(cached) " >&6 else ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS -fstack-protector-all" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ax_cv_check_ldflags___fstack_protector_all=yes else ax_cv_check_ldflags___fstack_protector_all=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$ax_check_save_flags fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___fstack_protector_all" >&5 $as_echo "$ax_cv_check_ldflags___fstack_protector_all" >&6; } if test x"$ax_cv_check_ldflags___fstack_protector_all" = xyes; then : SSP_CFLAGS="-fstack-protector-all" SSP_LDFLAGS="-Wc,-fstack-protector-all" else : fi else : fi if test -z "$SSP_CFLAGS"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector" >&5 $as_echo_n "checking whether C compiler accepts -fstack-protector... " >&6; } if ${ax_cv_check_cflags___fstack_protector+:} false; then : $as_echo_n "(cached) " >&6 else ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -fstack-protector" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ax_cv_check_cflags___fstack_protector=yes else ax_cv_check_cflags___fstack_protector=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS=$ax_check_save_flags fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector" >&5 $as_echo "$ax_cv_check_cflags___fstack_protector" >&6; } if test x"$ax_cv_check_cflags___fstack_protector" = xyes; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fstack-protector" >&5 $as_echo_n "checking whether the linker accepts -fstack-protector... " >&6; } if ${ax_cv_check_ldflags___fstack_protector+:} false; then : $as_echo_n "(cached) " >&6 else ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS -fstack-protector" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ax_cv_check_ldflags___fstack_protector=yes else ax_cv_check_ldflags___fstack_protector=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$ax_check_save_flags fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___fstack_protector" >&5 $as_echo "$ax_cv_check_ldflags___fstack_protector" >&6; } if test x"$ax_cv_check_ldflags___fstack_protector" = xyes; then : SSP_CFLAGS="-fstack-protector" SSP_LDFLAGS="-Wc,-fstack-protector" else : fi else : fi fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,relro" >&5 $as_echo_n "checking whether the linker accepts -Wl,-z,relro... " >&6; } if ${ax_cv_check_ldflags___Wl__z_relro+:} false; then : $as_echo_n "(cached) " >&6 else ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS -Wl,-z,relro" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ax_cv_check_ldflags___Wl__z_relro=yes else ax_cv_check_ldflags___Wl__z_relro=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$ax_check_save_flags fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_relro" >&5 $as_echo "$ax_cv_check_ldflags___Wl__z_relro" >&6; } if test x"$ax_cv_check_ldflags___Wl__z_relro" = xyes; then : LDFLAGS="${LDFLAGS} -Wl,-z,relro" else : fi fi case "$with_passwd" in yes|maybe) AUTH_OBJS="$AUTH_OBJS getspwuid.lo passwd.lo" ;; *) $as_echo "#define WITHOUT_PASSWD 1" >>confdefs.h if test -z "$AUTH_OBJS"; then as_fn_error $? "no authentication methods defined." "$LINENO" 5 fi ;; esac AUTH_OBJS=${AUTH_OBJS# } _AUTH=`echo "$AUTH_OBJS" | sed -e 's/\.lo//g' -e 's/getspwuid *//'` { $as_echo "$as_me:${as_lineno-$LINENO}: using the following authentication methods: $_AUTH" >&5 $as_echo "$as_me: using the following authentication methods: $_AUTH" >&6;} if test -n "$LIBS"; then L="$LIBS" LIBS= for l in ${L}; do dupe=0 for sl in ${SUDO_LIBS} ${SUDOERS_LIBS} ${NET_LIBS}; do test $l = $sl && dupe=1 done test $dupe = 0 && LIBS="${LIBS} $l" done fi cat >>confdefs.h <<_ACEOF #define os_init $OS_INIT _ACEOF if test -n "$GCC"; then if test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"; then CFLAGS="${CFLAGS} -Wall -Wsign-compare -Wold-style-definition -Wpointer-arith" fi if test X"$enable_werror" = X"yes"; then CFLAGS="${CFLAGS} -Werror" fi fi CROSS_COMPILING="$cross_compiling" test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)' if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no" -o "$enabled_shared" != X"no"; then oexec_prefix="$exec_prefix" if test "$exec_prefix" = '$(prefix)'; then if test "$prefix" = "NONE"; then exec_prefix="$ac_default_prefix" else exec_prefix="$prefix" fi fi if test X"$with_noexec" != X"no"; then PROGS="${PROGS} libsudo_noexec.la" INSTALL_NOEXEC="install-noexec" noexec_file="$with_noexec" _noexec_file= while test X"$noexec_file" != X"$_noexec_file"; do _noexec_file="$noexec_file" eval noexec_file="$_noexec_file" done cat >>confdefs.h <>confdefs.h <>confdefs.h <>confdefs.h <confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, we kill variables containing newlines. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. ( for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) # `set' does not quote correctly, so add quotes: double-quote # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | sed ' /^ac_cv_env_/b end t clear :clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then if test "x$cache_file" != "x/dev/null"; then { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 $as_echo "$as_me: updating cache $cache_file" >&6;} if test ! -f "$cache_file" || test -h "$cache_file"; then cat confcache >"$cache_file" else case $cache_file in #( */* | ?:*) mv -f confcache "$cache_file"$$ && mv -f "$cache_file"$$ "$cache_file" ;; #( *) mv -f confcache "$cache_file" ;; esac fi fi else { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' DEFS=-DHAVE_CONFIG_H ac_libobjs= ac_ltlibobjs= U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' ac_i=`$as_echo "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 $as_echo "$as_me: creating $CONFIG_STATUS" >&6;} as_write_fail=0 cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} export SHELL _ASEOF cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 ## ----------------------------------- ## ## Main body of $CONFIG_STATUS script. ## ## ----------------------------------- ## _ASEOF test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by sudo $as_me 1.8.9p5, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ on `(hostname || uname -n) 2>/dev/null | sed 1q` " _ACEOF case $ac_config_files in *" "*) set x $ac_config_files; shift; ac_config_files=$*;; esac case $ac_config_headers in *" "*) set x $ac_config_headers; shift; ac_config_headers=$*;; esac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" config_headers="$ac_config_headers" config_commands="$ac_config_commands" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ \`$as_me' instantiates files and other configuration actions from templates according to the current configuration. Unless the files and actions are specified as TAGs, all are instantiated by default. Usage: $0 [OPTION]... [TAG]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit --config print configuration, then exit -q, --quiet, --silent do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE --header=FILE[:TEMPLATE] instantiate the configuration header FILE Configuration files: $config_files Configuration headers: $config_headers Configuration commands: $config_commands Report bugs to ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ sudo config.status 1.8.9p5 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" Copyright (C) 2012 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' AWK='$AWK' test -n "\$AWK" || AWK=awk _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # The default lists apply if the user does not specify any file. ac_need_defaults=: while test $# != 0 do case $1 in --*=?*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; --*=) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg= ac_shift=: ;; *) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; esac case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; --config | --confi | --conf | --con | --co | --c ) $as_echo "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; --header | --heade | --head | --hea ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; esac as_fn_append CONFIG_HEADERS " '$ac_optarg'" ac_need_defaults=false;; --he | --h) # Conflict between --help and --header as_fn_error $? "ambiguous option: \`$1' Try \`$0 --help' for more information.";; --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) as_fn_error $? "unrecognized option: \`$1' Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' export CONFIG_SHELL exec "\$@" fi _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX $as_echo "$ac_log" } >&5 _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # # INIT-COMMANDS # # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH sed_quote_subst='$sed_quote_subst' double_quote_subst='$double_quote_subst' delay_variable_subst='$delay_variable_subst' macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`' macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`' enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`' enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`' pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`' enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`' SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`' ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`' PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`' host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`' host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`' host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`' build_alias='`$ECHO "$build_alias" | $SED "$delay_single_quote_subst"`' build='`$ECHO "$build" | $SED "$delay_single_quote_subst"`' build_os='`$ECHO "$build_os" | $SED "$delay_single_quote_subst"`' SED='`$ECHO "$SED" | $SED "$delay_single_quote_subst"`' Xsed='`$ECHO "$Xsed" | $SED "$delay_single_quote_subst"`' GREP='`$ECHO "$GREP" | $SED "$delay_single_quote_subst"`' EGREP='`$ECHO "$EGREP" | $SED "$delay_single_quote_subst"`' FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`' LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`' NM='`$ECHO "$NM" | $SED "$delay_single_quote_subst"`' LN_S='`$ECHO "$LN_S" | $SED "$delay_single_quote_subst"`' max_cmd_len='`$ECHO "$max_cmd_len" | $SED "$delay_single_quote_subst"`' ac_objext='`$ECHO "$ac_objext" | $SED "$delay_single_quote_subst"`' exeext='`$ECHO "$exeext" | $SED "$delay_single_quote_subst"`' lt_unset='`$ECHO "$lt_unset" | $SED "$delay_single_quote_subst"`' lt_SP2NL='`$ECHO "$lt_SP2NL" | $SED "$delay_single_quote_subst"`' lt_NL2SP='`$ECHO "$lt_NL2SP" | $SED "$delay_single_quote_subst"`' lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_quote_subst"`' lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`' reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`' reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`' OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`' deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`' file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`' file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`' want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`' DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`' sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`' AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`' AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`' archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`' STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`' RANLIB='`$ECHO "$RANLIB" | $SED "$delay_single_quote_subst"`' old_postinstall_cmds='`$ECHO "$old_postinstall_cmds" | $SED "$delay_single_quote_subst"`' old_postuninstall_cmds='`$ECHO "$old_postuninstall_cmds" | $SED "$delay_single_quote_subst"`' old_archive_cmds='`$ECHO "$old_archive_cmds" | $SED "$delay_single_quote_subst"`' lock_old_archive_extraction='`$ECHO "$lock_old_archive_extraction" | $SED "$delay_single_quote_subst"`' CC='`$ECHO "$CC" | $SED "$delay_single_quote_subst"`' CFLAGS='`$ECHO "$CFLAGS" | $SED "$delay_single_quote_subst"`' compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`' GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_import='`$ECHO "$lt_cv_sys_global_symbol_to_import" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`' lt_cv_nm_interface='`$ECHO "$lt_cv_nm_interface" | $SED "$delay_single_quote_subst"`' nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`' lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`' objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`' MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`' lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`' lt_prog_compiler_pic='`$ECHO "$lt_prog_compiler_pic" | $SED "$delay_single_quote_subst"`' lt_prog_compiler_wl='`$ECHO "$lt_prog_compiler_wl" | $SED "$delay_single_quote_subst"`' lt_prog_compiler_static='`$ECHO "$lt_prog_compiler_static" | $SED "$delay_single_quote_subst"`' lt_cv_prog_compiler_c_o='`$ECHO "$lt_cv_prog_compiler_c_o" | $SED "$delay_single_quote_subst"`' need_locks='`$ECHO "$need_locks" | $SED "$delay_single_quote_subst"`' MANIFEST_TOOL='`$ECHO "$MANIFEST_TOOL" | $SED "$delay_single_quote_subst"`' DSYMUTIL='`$ECHO "$DSYMUTIL" | $SED "$delay_single_quote_subst"`' NMEDIT='`$ECHO "$NMEDIT" | $SED "$delay_single_quote_subst"`' LIPO='`$ECHO "$LIPO" | $SED "$delay_single_quote_subst"`' OTOOL='`$ECHO "$OTOOL" | $SED "$delay_single_quote_subst"`' OTOOL64='`$ECHO "$OTOOL64" | $SED "$delay_single_quote_subst"`' libext='`$ECHO "$libext" | $SED "$delay_single_quote_subst"`' shrext_cmds='`$ECHO "$shrext_cmds" | $SED "$delay_single_quote_subst"`' extract_expsyms_cmds='`$ECHO "$extract_expsyms_cmds" | $SED "$delay_single_quote_subst"`' archive_cmds_need_lc='`$ECHO "$archive_cmds_need_lc" | $SED "$delay_single_quote_subst"`' enable_shared_with_static_runtimes='`$ECHO "$enable_shared_with_static_runtimes" | $SED "$delay_single_quote_subst"`' export_dynamic_flag_spec='`$ECHO "$export_dynamic_flag_spec" | $SED "$delay_single_quote_subst"`' whole_archive_flag_spec='`$ECHO "$whole_archive_flag_spec" | $SED "$delay_single_quote_subst"`' compiler_needs_object='`$ECHO "$compiler_needs_object" | $SED "$delay_single_quote_subst"`' old_archive_from_new_cmds='`$ECHO "$old_archive_from_new_cmds" | $SED "$delay_single_quote_subst"`' old_archive_from_expsyms_cmds='`$ECHO "$old_archive_from_expsyms_cmds" | $SED "$delay_single_quote_subst"`' archive_cmds='`$ECHO "$archive_cmds" | $SED "$delay_single_quote_subst"`' archive_expsym_cmds='`$ECHO "$archive_expsym_cmds" | $SED "$delay_single_quote_subst"`' module_cmds='`$ECHO "$module_cmds" | $SED "$delay_single_quote_subst"`' module_expsym_cmds='`$ECHO "$module_expsym_cmds" | $SED "$delay_single_quote_subst"`' with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`' allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`' no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`' hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`' hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`' hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`' hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`' hardcode_minus_L='`$ECHO "$hardcode_minus_L" | $SED "$delay_single_quote_subst"`' hardcode_shlibpath_var='`$ECHO "$hardcode_shlibpath_var" | $SED "$delay_single_quote_subst"`' hardcode_automatic='`$ECHO "$hardcode_automatic" | $SED "$delay_single_quote_subst"`' inherit_rpath='`$ECHO "$inherit_rpath" | $SED "$delay_single_quote_subst"`' link_all_deplibs='`$ECHO "$link_all_deplibs" | $SED "$delay_single_quote_subst"`' always_export_symbols='`$ECHO "$always_export_symbols" | $SED "$delay_single_quote_subst"`' export_symbols_cmds='`$ECHO "$export_symbols_cmds" | $SED "$delay_single_quote_subst"`' exclude_expsyms='`$ECHO "$exclude_expsyms" | $SED "$delay_single_quote_subst"`' include_expsyms='`$ECHO "$include_expsyms" | $SED "$delay_single_quote_subst"`' prelink_cmds='`$ECHO "$prelink_cmds" | $SED "$delay_single_quote_subst"`' postlink_cmds='`$ECHO "$postlink_cmds" | $SED "$delay_single_quote_subst"`' file_list_spec='`$ECHO "$file_list_spec" | $SED "$delay_single_quote_subst"`' variables_saved_for_relink='`$ECHO "$variables_saved_for_relink" | $SED "$delay_single_quote_subst"`' need_lib_prefix='`$ECHO "$need_lib_prefix" | $SED "$delay_single_quote_subst"`' need_version='`$ECHO "$need_version" | $SED "$delay_single_quote_subst"`' version_type='`$ECHO "$version_type" | $SED "$delay_single_quote_subst"`' runpath_var='`$ECHO "$runpath_var" | $SED "$delay_single_quote_subst"`' shlibpath_var='`$ECHO "$shlibpath_var" | $SED "$delay_single_quote_subst"`' shlibpath_overrides_runpath='`$ECHO "$shlibpath_overrides_runpath" | $SED "$delay_single_quote_subst"`' libname_spec='`$ECHO "$libname_spec" | $SED "$delay_single_quote_subst"`' library_names_spec='`$ECHO "$library_names_spec" | $SED "$delay_single_quote_subst"`' soname_spec='`$ECHO "$soname_spec" | $SED "$delay_single_quote_subst"`' install_override_mode='`$ECHO "$install_override_mode" | $SED "$delay_single_quote_subst"`' postinstall_cmds='`$ECHO "$postinstall_cmds" | $SED "$delay_single_quote_subst"`' postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`' hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`' enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`' enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`' old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`' striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`' LTCC='$LTCC' LTCFLAGS='$LTCFLAGS' compiler='$compiler_DEFAULT' # A function that is used when there is no print builtin or printf. func_fallback_echo () { eval 'cat <<_LTECHO_EOF \$1 _LTECHO_EOF' } # Quote evaled strings. for var in SHELL \ ECHO \ PATH_SEPARATOR \ SED \ GREP \ EGREP \ FGREP \ LD \ NM \ LN_S \ lt_SP2NL \ lt_NL2SP \ reload_flag \ OBJDUMP \ deplibs_check_method \ file_magic_cmd \ file_magic_glob \ want_nocaseglob \ DLLTOOL \ sharedlib_from_linklib_cmd \ AR \ AR_FLAGS \ archiver_list_spec \ STRIP \ RANLIB \ CC \ CFLAGS \ compiler \ lt_cv_sys_global_symbol_pipe \ lt_cv_sys_global_symbol_to_cdecl \ lt_cv_sys_global_symbol_to_import \ lt_cv_sys_global_symbol_to_c_name_address \ lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \ lt_cv_nm_interface \ nm_file_list_spec \ lt_prog_compiler_no_builtin_flag \ lt_prog_compiler_pic \ lt_prog_compiler_wl \ lt_prog_compiler_static \ lt_cv_prog_compiler_c_o \ need_locks \ MANIFEST_TOOL \ DSYMUTIL \ NMEDIT \ LIPO \ OTOOL \ OTOOL64 \ shrext_cmds \ export_dynamic_flag_spec \ whole_archive_flag_spec \ compiler_needs_object \ with_gnu_ld \ allow_undefined_flag \ no_undefined_flag \ hardcode_libdir_flag_spec \ hardcode_libdir_separator \ exclude_expsyms \ include_expsyms \ file_list_spec \ variables_saved_for_relink \ libname_spec \ library_names_spec \ soname_spec \ install_override_mode \ finish_eval \ old_striplib \ striplib; do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[\\\\\\\`\\"\\\$]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done # Double-quote double-evaled strings. for var in reload_cmds \ old_postinstall_cmds \ old_postuninstall_cmds \ old_archive_cmds \ extract_expsyms_cmds \ old_archive_from_new_cmds \ old_archive_from_expsyms_cmds \ archive_cmds \ archive_expsym_cmds \ module_cmds \ module_expsym_cmds \ export_symbols_cmds \ prelink_cmds \ postlink_cmds \ postinstall_cmds \ postuninstall_cmds \ finish_cmds \ sys_lib_search_path_spec \ sys_lib_dlsearch_path_spec; do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[\\\\\\\`\\"\\\$]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done ac_aux_dir='$ac_aux_dir' # See if we are running on zsh, and set the options that allow our # commands through without removal of \ escapes INIT. if test -n "\${ZSH_VERSION+set}"; then setopt NO_GLOB_SUBST fi PACKAGE='$PACKAGE' VERSION='$VERSION' RM='$RM' ofile='$ofile' _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Handling of arguments. for ac_config_target in $ac_config_targets do case $ac_config_target in "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; "pathnames.h") CONFIG_HEADERS="$CONFIG_HEADERS pathnames.h" ;; "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; "zlib/zconf.h") CONFIG_HEADERS="$CONFIG_HEADERS zlib/zconf.h" ;; "zlib/Makefile") CONFIG_FILES="$CONFIG_FILES zlib/Makefile" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "common/Makefile") CONFIG_FILES="$CONFIG_FILES common/Makefile" ;; "compat/Makefile") CONFIG_FILES="$CONFIG_FILES compat/Makefile" ;; "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;; "src/sudo_usage.h") CONFIG_FILES="$CONFIG_FILES src/sudo_usage.h" ;; "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "plugins/sample/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/sample/Makefile" ;; "plugins/group_file/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/group_file/Makefile" ;; "plugins/system_group/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/system_group/Makefile" ;; "plugins/sudoers/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/sudoers/Makefile" ;; "plugins/sudoers/sudoers") CONFIG_FILES="$CONFIG_FILES plugins/sudoers/sudoers" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: # after its creation but before its name has been assigned to `$tmp'. $debug || { tmp= ac_tmp= trap 'exit_status=$? : "${ac_tmp:=$tmp}" { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status ' 0 trap 'as_fn_exit 1' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && test -d "$tmp" } || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 ac_tmp=$tmp # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. # This happens for instance with `./config.status config.h'. if test -n "$CONFIG_FILES"; then ac_cr=`echo X | tr X '\015'` # On cygwin, bash can eat \r inside `` if the user requested igncr. # But we know of no other shell where ac_cr would be empty at this # point, so we can use a bashism as a fallback. if test "x$ac_cr" = x; then eval ac_cr=\$\'\\r\' fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then ac_cs_awk_cr='\\r' else ac_cs_awk_cr=$ac_cr fi echo 'BEGIN {' >"$ac_tmp/subs1.awk" && _ACEOF { echo "cat >conf$$subs.awk <<_ACEOF" && echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done rm -f conf$$subs.sh cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && _ACEOF sed -n ' h s/^/S["/; s/!.*/"]=/ p g s/^[^!]*!// :repl t repl s/'"$ac_delim"'$// t delim :nl h s/\(.\{148\}\)..*/\1/ t more1 s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ p n b repl :more1 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t nl :delim h s/\(.\{148\}\)..*/\1/ t more2 s/["\\]/\\&/g; s/^/"/; s/$/"/ p b :more2 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t delim ' >$CONFIG_STATUS || ac_write_fail=1 rm -f conf$$subs.awk cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACAWK cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && for (key in S) S_is_set[key] = 1 FS = "" } { line = $ 0 nfields = split(line, field, "@") substed = 0 len = length(field[1]) for (i = 2; i < nfields; i++) { key = field[i] keylen = length(key) if (S_is_set[key]) { value = S[key] line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) len += length(value) + length(field[++i]) substed = 1 } else len += 1 + keylen } print line } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" else cat fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 _ACEOF # VPATH may cause trouble with some makes, so we remove sole $(srcdir), # ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ h s/// s/^/:/ s/[ ]*$/:/ s/:\$(srcdir):/:/g s/:\${srcdir}:/:/g s/:@srcdir@:/:/g s/^:*// s/:*$// x s/\(=[ ]*\).*/\1/ G s/\n// s/^[^=]*=[ ]*$// }' fi cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" # Set up the scripts for CONFIG_HEADERS section. # No need to generate them if there are no CONFIG_HEADERS. # This happens for instance with `./config.status Makefile'. if test -n "$CONFIG_HEADERS"; then cat >"$ac_tmp/defines.awk" <<\_ACAWK || BEGIN { _ACEOF # Transform confdefs.h into an awk script `defines.awk', embedded as # here-document in config.status, that substitutes the proper values into # config.h.in to produce config.h. # Create a delimiter string that does not exist in confdefs.h, to ease # handling of long lines. ac_delim='%!_!# ' for ac_last_try in false false :; do ac_tt=`sed -n "/$ac_delim/p" confdefs.h` if test -z "$ac_tt"; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done # For the awk script, D is an array of macro values keyed by name, # likewise P contains macro parameters if any. Preserve backslash # newline sequences. ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* sed -n ' s/.\{148\}/&'"$ac_delim"'/g t rset :rset s/^[ ]*#[ ]*define[ ][ ]*/ / t def d :def s/\\$// t bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3"/p s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p d :bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3\\\\\\n"\\/p t cont s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p t cont d :cont n s/.\{148\}/&'"$ac_delim"'/g t clear :clear s/\\$// t bsnlc s/["\\]/\\&/g; s/^/"/; s/$/"/p d :bsnlc s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p b cont ' >$CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 for (key in D) D_is_set[key] = 1 FS = "" } /^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { line = \$ 0 split(line, arg, " ") if (arg[1] == "#") { defundef = arg[2] mac1 = arg[3] } else { defundef = substr(arg[1], 2) mac1 = arg[2] } split(mac1, mac2, "(") #) macro = mac2[1] prefix = substr(line, 1, index(line, defundef) - 1) if (D_is_set[macro]) { # Preserve the white space surrounding the "#". print prefix "define", macro P[macro] D[macro] next } else { # Replace #undef with comments. This is necessary, for example, # in the case of _POSIX_SOURCE, which is predefined and required # on some systems where configure will not decide to define it. if (defundef == "undef") { print "/*", prefix defundef, macro, "*/" next } } } { print } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 fi # test -n "$CONFIG_HEADERS" eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" shift for ac_tag do case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: set x $ac_tag IFS=$ac_save_IFS shift ac_file=$1 shift case $ac_mode in :L) ac_source=$1;; :[FH]) ac_file_inputs= for ac_f do case $ac_f in -) ac_f="$ac_tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, # because $ac_f cannot contain `:'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 $as_echo "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. case $configure_input in #( *\&* | *\|* | *\\* ) ac_sed_conf_input=`$as_echo "$configure_input" | sed 's/[\\\\&|]/\\\\&/g'`;; #( *) ac_sed_conf_input=$configure_input;; esac case $ac_tag in *:-:* | *:-) cat >"$ac_tmp/stdin" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac ac_dir=`$as_dirname -- "$ac_file" || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` as_dir="$ac_dir"; as_fn_mkdir_p ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix case $ac_mode in :F) # # CONFIG_FILE # _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= ac_sed_dataroot=' /datarootdir/ { p q } /@datadir@/p /@docdir@/p /@infodir@/p /@localedir@/p /@mandir@/p' case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 $as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' s&@datadir@&$datadir&g s&@docdir@&$docdir&g s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF # Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_sed_extra="$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s|@configure_input@|$ac_sed_conf_input|;t t s&@top_builddir@&$ac_top_builddir_sub&;t t s&@top_build_prefix@&$ac_top_build_prefix&;t t s&@srcdir@&$ac_srcdir&;t t s&@abs_srcdir@&$ac_abs_srcdir&;t t s&@top_srcdir@&$ac_top_srcdir&;t t s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" case $ac_file in -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; esac \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; :H) # # CONFIG_HEADER # if test x"$ac_file" != x-; then { $as_echo "/* $configure_input */" \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" } >"$ac_tmp/config.h" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 $as_echo "$as_me: $ac_file is unchanged" >&6;} else rm -f "$ac_file" mv "$ac_tmp/config.h" "$ac_file" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 fi else $as_echo "/* $configure_input */" \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ || as_fn_error $? "could not create -" "$LINENO" 5 fi ;; :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 $as_echo "$as_me: executing $ac_file commands" >&6;} ;; esac case $ac_file$ac_mode in "libtool":C) # See if we are running on zsh, and set the options that allow our # commands through without removal of \ escapes. if test -n "${ZSH_VERSION+set}"; then setopt NO_GLOB_SUBST fi cfgfile=${ofile}T trap "$RM \"$cfgfile\"; exit 1" 1 2 15 $RM "$cfgfile" cat <<_LT_EOF >> "$cfgfile" #! $SHELL # `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. # Generated automatically by $as_me ($PACKAGE) $VERSION # Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. # # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, # 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is part of GNU Libtool. # # GNU Libtool is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation; either version 2 of # the License, or (at your option) any later version. # # As a special exception to the GNU General Public License, # if you distribute this file as part of a program or library that # is built using GNU Libtool, you may include this file under the # same distribution terms that you use for the rest of that program. # # GNU Libtool is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GNU Libtool; see the file COPYING. If not, a copy # can be downloaded from http://www.gnu.org/licenses/gpl.html, or # obtained by writing to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # The names of the tagged configurations supported by this script. available_tags='' # ### BEGIN LIBTOOL CONFIG # Which release of libtool.m4 was used? macro_version=$macro_version macro_revision=$macro_revision # Whether or not to build shared libraries. build_libtool_libs=$enable_shared # Whether or not to build static libraries. build_old_libs=$enable_static # What type of objects to build. pic_mode=$pic_mode # Whether or not to optimize for fast installation. fast_install=$enable_fast_install # Shell to use when invoking shell scripts. SHELL=$lt_SHELL # An echo program that protects backslashes. ECHO=$lt_ECHO # The PATH separator for the build system. PATH_SEPARATOR=$lt_PATH_SEPARATOR # The host system. host_alias=$host_alias host=$host host_os=$host_os # The build system. build_alias=$build_alias build=$build build_os=$build_os # A sed program that does not truncate output. SED=$lt_SED # Sed that helps us avoid accidentally triggering echo(1) options like -n. Xsed="\$SED -e 1s/^X//" # A grep program that handles long lines. GREP=$lt_GREP # An ERE matcher. EGREP=$lt_EGREP # A literal string matcher. FGREP=$lt_FGREP # A BSD- or MS-compatible name lister. NM=$lt_NM # Whether we need soft or hard links. LN_S=$lt_LN_S # What is the maximum length of a command? max_cmd_len=$max_cmd_len # Object file suffix (normally "o"). objext=$ac_objext # Executable file suffix (normally ""). exeext=$exeext # whether the shell understands "unset". lt_unset=$lt_unset # turn spaces into newlines. SP2NL=$lt_lt_SP2NL # turn newlines into spaces. NL2SP=$lt_lt_NL2SP # convert \$build file names to \$host format. to_host_file_cmd=$lt_cv_to_host_file_cmd # convert \$build files to toolchain format. to_tool_file_cmd=$lt_cv_to_tool_file_cmd # An object symbol dumper. OBJDUMP=$lt_OBJDUMP # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method # Command to use when deplibs_check_method = "file_magic". file_magic_cmd=$lt_file_magic_cmd # How to find potential files when deplibs_check_method = "file_magic". file_magic_glob=$lt_file_magic_glob # Find potential files using nocaseglob when deplibs_check_method = "file_magic". want_nocaseglob=$lt_want_nocaseglob # DLL creation program. DLLTOOL=$lt_DLLTOOL # Command to associate shared and link libraries. sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd # The archiver. AR=$lt_AR # Flags to create an archive. AR_FLAGS=$lt_AR_FLAGS # How to feed a file listing to the archiver. archiver_list_spec=$lt_archiver_list_spec # A symbol stripping program. STRIP=$lt_STRIP # Commands used to install an old-style archive. RANLIB=$lt_RANLIB old_postinstall_cmds=$lt_old_postinstall_cmds old_postuninstall_cmds=$lt_old_postuninstall_cmds # Whether to use a lock for old archive extraction. lock_old_archive_extraction=$lock_old_archive_extraction # A C compiler. LTCC=$lt_CC # LTCC compiler flags. LTCFLAGS=$lt_CFLAGS # Take the output of nm and produce a listing of raw symbols and C names. global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe # Transform the output of nm in a proper C declaration. global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl # Transform the output of nm into a list of symbols to manually relocate. global_symbol_to_import=$lt_lt_cv_sys_global_symbol_to_import # Transform the output of nm in a C name address pair. global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address # Transform the output of nm in a C name address pair when lib prefix is needed. global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix # The name lister interface. nm_interface=$lt_lt_cv_nm_interface # Specify filename containing input files for \$NM. nm_file_list_spec=$lt_nm_file_list_spec # The root where to search for dependent libraries,and where our libraries should be installed. lt_sysroot=$lt_sysroot # The name of the directory that contains temporary libtool files. objdir=$objdir # Used to examine libraries when file_magic_cmd begins with "file". MAGIC_CMD=$MAGIC_CMD # Must we lock files when doing compilation? need_locks=$lt_need_locks # Manifest tool. MANIFEST_TOOL=$lt_MANIFEST_TOOL # Tool to manipulate archived DWARF debug symbol files on Mac OS X. DSYMUTIL=$lt_DSYMUTIL # Tool to change global to local symbols on Mac OS X. NMEDIT=$lt_NMEDIT # Tool to manipulate fat objects and archives on Mac OS X. LIPO=$lt_LIPO # ldd/readelf like tool for Mach-O binaries on Mac OS X. OTOOL=$lt_OTOOL # ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4. OTOOL64=$lt_OTOOL64 # Old archive suffix (normally "a"). libext=$libext # Shared library suffix (normally ".so"). shrext_cmds=$lt_shrext_cmds # The commands to extract the exported symbol list from a shared archive. extract_expsyms_cmds=$lt_extract_expsyms_cmds # Variables whose values should be saved in libtool wrapper scripts and # restored at link time. variables_saved_for_relink=$lt_variables_saved_for_relink # Do we need the "lib" prefix for modules? need_lib_prefix=$need_lib_prefix # Do we need a version for libraries? need_version=$need_version # Library versioning type. version_type=$version_type # Shared library runtime path variable. runpath_var=$runpath_var # Shared library path variable. shlibpath_var=$shlibpath_var # Is shlibpath searched before the hard-coded library search path? shlibpath_overrides_runpath=$shlibpath_overrides_runpath # Format of library name prefix. libname_spec=$lt_libname_spec # List of archive names. First name is the real one, the rest are links. # The last name is the one that the linker finds with -lNAME library_names_spec=$lt_library_names_spec # The coded name of the library, if different from the real name. soname_spec=$lt_soname_spec # Permission mode override for installation of shared libraries. install_override_mode=$lt_install_override_mode # Command to use after installation of a shared archive. postinstall_cmds=$lt_postinstall_cmds # Command to use after uninstallation of a shared archive. postuninstall_cmds=$lt_postuninstall_cmds # Commands used to finish a libtool library installation in a directory. finish_cmds=$lt_finish_cmds # As "finish_cmds", except a single script fragment to be evaled but # not shown. finish_eval=$lt_finish_eval # Whether we should hardcode library paths into libraries. hardcode_into_libs=$hardcode_into_libs # Compile-time system search path for libraries. sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries. sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec # Whether dlopen is supported. dlopen_support=$enable_dlopen # Whether dlopen of programs is supported. dlopen_self=$enable_dlopen_self # Whether dlopen of statically linked programs is supported. dlopen_self_static=$enable_dlopen_self_static # Commands to strip libraries. old_striplib=$lt_old_striplib striplib=$lt_striplib # The linker used to build libraries. LD=$lt_LD # How to create reloadable object files. reload_flag=$lt_reload_flag reload_cmds=$lt_reload_cmds # Commands used to build an old-style archive. old_archive_cmds=$lt_old_archive_cmds # A language specific compiler. CC=$lt_compiler # Is the compiler the GNU compiler? with_gcc=$GCC # Compiler flag to turn off builtin functions. no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag # Additional compiler flags for building library objects. pic_flag=$lt_lt_prog_compiler_pic # How to pass a linker flag through the compiler. wl=$lt_lt_prog_compiler_wl # Compiler flag to prevent dynamic linking. link_static_flag=$lt_lt_prog_compiler_static # Does compiler simultaneously support -c and -o options? compiler_c_o=$lt_lt_cv_prog_compiler_c_o # Whether or not to add -lc for building shared libraries. build_libtool_need_lc=$archive_cmds_need_lc # Whether or not to disallow shared libs when runtime libs are static. allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes # Compiler flag to allow reflexive dlopens. export_dynamic_flag_spec=$lt_export_dynamic_flag_spec # Compiler flag to generate shared objects directly from archives. whole_archive_flag_spec=$lt_whole_archive_flag_spec # Whether the compiler copes with passing no objects directly. compiler_needs_object=$lt_compiler_needs_object # Create an old-style archive from a shared archive. old_archive_from_new_cmds=$lt_old_archive_from_new_cmds # Create a temporary old-style archive to link instead of a shared archive. old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds # Commands used to build a shared archive. archive_cmds=$lt_archive_cmds archive_expsym_cmds=$lt_archive_expsym_cmds # Commands used to build a loadable module if different from building # a shared archive. module_cmds=$lt_module_cmds module_expsym_cmds=$lt_module_expsym_cmds # Whether we are building with GNU ld or not. with_gnu_ld=$lt_with_gnu_ld # Flag that allows shared libraries with undefined symbols to be built. allow_undefined_flag=$lt_allow_undefined_flag # Flag that enforces no undefined symbols. no_undefined_flag=$lt_no_undefined_flag # Flag to hardcode \$libdir into a binary during linking. # This must work even if \$libdir does not exist hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec # Whether we need a single "-rpath" flag with a separated argument. hardcode_libdir_separator=$lt_hardcode_libdir_separator # Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes # DIR into the resulting binary. hardcode_direct=$hardcode_direct # Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes # DIR into the resulting binary and the resulting library dependency is # "absolute",i.e impossible to change by setting \$shlibpath_var if the # library is relocated. hardcode_direct_absolute=$hardcode_direct_absolute # Set to "yes" if using the -LDIR flag during linking hardcodes DIR # into the resulting binary. hardcode_minus_L=$hardcode_minus_L # Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR # into the resulting binary. hardcode_shlibpath_var=$hardcode_shlibpath_var # Set to "yes" if building a shared library automatically hardcodes DIR # into the library and all subsequent libraries and executables linked # against it. hardcode_automatic=$hardcode_automatic # Set to yes if linker adds runtime paths of dependent libraries # to runtime path list. inherit_rpath=$inherit_rpath # Whether libtool must link a program against all its dependency libraries. link_all_deplibs=$link_all_deplibs # Set to "yes" if exported symbols are required. always_export_symbols=$always_export_symbols # The commands to list exported symbols. export_symbols_cmds=$lt_export_symbols_cmds # Symbols that should not be listed in the preloaded symbols. exclude_expsyms=$lt_exclude_expsyms # Symbols that must always be exported. include_expsyms=$lt_include_expsyms # Commands necessary for linking programs (against libraries) with templates. prelink_cmds=$lt_prelink_cmds # Commands necessary for finishing linking programs. postlink_cmds=$lt_postlink_cmds # Specify filename containing input files. file_list_spec=$lt_file_list_spec # How to hardcode a shared library path into an executable. hardcode_action=$hardcode_action # ### END LIBTOOL CONFIG _LT_EOF case $host_os in aix3*) cat <<\_LT_EOF >> "$cfgfile" # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test set != "${COLLECT_NAMES+set}"; then COLLECT_NAMES= export COLLECT_NAMES fi _LT_EOF ;; esac ltmain=$ac_aux_dir/ltmain.sh # We use sed instead of cat because bash on DJGPP gets confused if # if finds mixed CR/LF and LF-only lines. Since sed operates in # text mode, it properly converts lines to CR/LF. This bash problem # is reportedly fixed, but why not run on old versions too? sed '$q' "$ltmain" >> "$cfgfile" \ || (rm -f "$cfgfile"; exit 1) mv -f "$cfgfile" "$ofile" || (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") chmod +x "$ofile" ;; esac done # for ac_tag as_fn_exit 0 _ACEOF ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || as_fn_exit 1 fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi if test "$with_pam" = "yes"; then case $host_os in hpux*) if test -f /usr/lib/security/libpam_hpsec.so.1; then { $as_echo "$as_me:${as_lineno-$LINENO}: You may wish to add the following line to /etc/pam.conf" >&5 $as_echo "$as_me: You may wish to add the following line to /etc/pam.conf" >&6;} { $as_echo "$as_me:${as_lineno-$LINENO}: sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login" >&5 $as_echo "$as_me: sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login" >&6;} fi ;; linux*) { $as_echo "$as_me:${as_lineno-$LINENO}: You will need to customize sample.pam and install it as /etc/pam.d/sudo" >&5 $as_echo "$as_me: You will need to customize sample.pam and install it as /etc/pam.d/sudo" >&6;} ;; esac fi sudo-1.8.9p5/configure.ac010064400175440000012000003564161227416650600146620ustar00millertstaffdnl dnl Use the top-level autogen.sh script to generate configure and config.h.in dnl dnl Copyright (c) 1994-1996,1998-2014 Todd C. Miller dnl AC_PREREQ([2.59]) AC_INIT([sudo], [1.8.9p5], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) dnl dnl Note: this must come after AC_INIT dnl AC_MSG_NOTICE([Configuring Sudo version $PACKAGE_VERSION]) dnl dnl Variables that get substituted in the Makefile and man pages dnl AC_SUBST([HAVE_BSM_AUDIT]) AC_SUBST([SHELL]) AC_SUBST([LIBTOOL]) AC_SUBST([CFLAGS]) AC_SUBST([PROGS]) AC_SUBST([CPPFLAGS]) AC_SUBST([LDFLAGS]) AC_SUBST([SUDOERS_LDFLAGS]) AC_SUBST([LT_LDFLAGS]) AC_SUBST([LT_LDMAP]) AC_SUBST([LT_LDOPT]) AC_SUBST([LT_LDDEP]) AC_SUBST([LT_LDEXPORTS]) AC_SUBST([COMMON_OBJS]) AC_SUBST([SUDOERS_OBJS]) AC_SUBST([SUDO_OBJS]) AC_SUBST([LIBS]) AC_SUBST([SUDO_LIBS]) AC_SUBST([SUDOERS_LIBS]) AC_SUBST([NET_LIBS]) AC_SUBST([AFS_LIBS]) AC_SUBST([REPLAY_LIBS]) AC_SUBST([GETGROUPS_LIB]) AC_SUBST([OSDEFS]) AC_SUBST([AUTH_OBJS]) AC_SUBST([MANTYPE]) AC_SUBST([MANDIRTYPE]) AC_SUBST([MANCOMPRESS]) AC_SUBST([MANCOMPRESSEXT]) AC_SUBST([SHLIB_MODE]) AC_SUBST([SHLIB_EXT]) AC_SUBST([SUDOERS_MODE]) AC_SUBST([SUDOERS_UID]) AC_SUBST([SUDOERS_GID]) AC_SUBST([DEVEL]) AC_SUBST([BAMAN]) AC_SUBST([LCMAN]) AC_SUBST([PSMAN]) AC_SUBST([SEMAN]) AC_SUBST([devdir]) AC_SUBST([mansectsu]) AC_SUBST([mansectform]) AC_SUBST([mansrcdir]) AC_SUBST([NOEXECFILE]) AC_SUBST([NOEXECDIR]) AC_SUBST([SOEXT]) AC_SUBST([noexec_file]) AC_SUBST([sesh_file]) AC_SUBST([INSTALL_NOEXEC]) AC_SUBST([DONT_LEAK_PATH_INFO]) AC_SUBST([BSDAUTH_USAGE]) AC_SUBST([SELINUX_USAGE]) AC_SUBST([LDAP]) AC_SUBST([LOGINCAP_USAGE]) AC_SUBST([ZLIB]) AC_SUBST([ZLIB_SRC]) AC_SUBST([LIBTOOL_DEPS]) AC_SUBST([ac_config_libobj_dir]) AC_SUBST([CONFIGURE_ARGS]) AC_SUBST([LIBDL]) AC_SUBST([LT_STATIC]) AC_SUBST([LIBINTL]) AC_SUBST([SUDO_NLS]) AC_SUBST([LOCALEDIR_SUFFIX]) AC_SUBST([COMPAT_TEST_PROGS]) AC_SUBST([CROSS_COMPILING]) AC_SUBST([PIE_LDFLAGS]) AC_SUBST([PIE_CFLAGS]) AC_SUBST([SSP_LDFLAGS]) AC_SUBST([SSP_CFLAGS]) AC_SUBST([NO_VIZ]) dnl dnl Variables that get substituted in docs (not overridden by environment) dnl AC_SUBST([iolog_dir])dnl real initial value from SUDO_IO_LOGDIR AC_SUBST([timedir])dnl real initial value from SUDO_TIMEDIR AC_SUBST([timeout]) AC_SUBST([password_timeout]) AC_SUBST([sudo_umask]) AC_SUBST([umask_override]) AC_SUBST([passprompt]) AC_SUBST([long_otp_prompt]) AC_SUBST([lecture]) AC_SUBST([logfac]) AC_SUBST([goodpri]) AC_SUBST([badpri]) AC_SUBST([loglen]) AC_SUBST([ignore_dot]) AC_SUBST([mail_no_user]) AC_SUBST([mail_no_host]) AC_SUBST([mail_no_perms]) AC_SUBST([mailto]) AC_SUBST([mailsub]) AC_SUBST([badpass_message]) AC_SUBST([fqdn]) AC_SUBST([runas_default]) AC_SUBST([env_editor]) AC_SUBST([env_reset]) AC_SUBST([passwd_tries]) AC_SUBST([tty_tickets]) AC_SUBST([insults]) AC_SUBST([root_sudo]) AC_SUBST([path_info]) AC_SUBST([ldap_conf]) AC_SUBST([ldap_secret]) AC_SUBST([sssd_lib]) AC_SUBST([nsswitch_conf]) AC_SUBST([netsvc_conf]) AC_SUBST([secure_path]) AC_SUBST([editor]) AC_SUBST([pam_session]) AC_SUBST([pam_login_service]) AC_SUBST([PLUGINDIR]) # # Begin initial values for man page substitution # iolog_dir=/var/log/sudo-io timedir=/var/adm/sudo timeout=5 password_timeout=5 sudo_umask=0022 umask_override=off passprompt="Password:" long_otp_prompt=off lecture=once logfac=auth goodpri=notice badpri=alert loglen=80 ignore_dot=off mail_no_user=on mail_no_host=off mail_no_perms=off mailto=root mailsub="*** SECURITY information for %h ***" badpass_message="Sorry, try again." fqdn=off runas_default=root env_editor=off env_reset=on editor=vi passwd_tries=3 tty_tickets=on insults=off root_sudo=on path_info=on ldap_conf=/etc/ldap.conf ldap_secret=/etc/ldap.secret netsvc_conf=/etc/netsvc.conf noexec_file=/usr/local/libexec/sudo/sudo_noexec.so sesh_file=/usr/local/libexec/sudo/sesh nsswitch_conf=/etc/nsswitch.conf secure_path="not set" pam_session=on pam_login_service=sudo PLUGINDIR=/usr/local/libexec/sudo # # End initial values for man page substitution # dnl dnl Initial values for Makefile variables listed above dnl May be overridden by environment variables.. dnl INSTALL_NOEXEC= devdir='$(srcdir)' PROGS="sudo" : ${MANDIRTYPE='man'} : ${mansrcdir='.'} : ${SHLIB_MODE='0644'} : ${SUDOERS_MODE='0440'} : ${SUDOERS_UID='0'} : ${SUDOERS_GID='0'} DEVEL= LDAP="#" BAMAN=0 LCMAN=0 PSMAN=0 SEMAN=0 LIBINTL= ZLIB= ZLIB_SRC= AUTH_OBJS= AUTH_REG= AUTH_EXCL= AUTH_EXCL_DEF= AUTH_DEF=passwd SUDO_NLS=disabled LOCALEDIR_SUFFIX= LT_LDEXPORTS="-export-symbols \$(shlib_exp)" LT_LDDEP="\$(shlib_exp)" NO_VIZ="-DNO_VIZ" OS_INIT=os_init_common dnl dnl Other vaiables dnl CHECKSHADOW=true shadow_defs= shadow_funcs= shadow_libs= shadow_libs_optional= CONFIGURE_ARGS="$@" dnl dnl LD_PRELOAD equivalents dnl RTLD_PRELOAD_VAR="LD_PRELOAD" RTLD_PRELOAD_ENABLE_VAR= RTLD_PRELOAD_DELIM=":" RTLD_PRELOAD_DEFAULT= dnl dnl libc replacement functions live in compat dnl AC_CONFIG_LIBOBJ_DIR(compat) # # Prior to sudo 1.8.7, sudo stored libexec files in $libexecdir. # Starting with sudo 1.8.7, $libexecdir/sudo is used so strip # off an extraneous "/sudo" from libexecdir. # case "$libexecdir" in */sudo) AC_MSG_WARN([libexecdir should not include the "sudo" subdirectory]) libexecdir=`expr "$libexecdir" : '\\(.*\\)/sudo$'` ;; esac dnl dnl Deprecated --with options (these all warn or generate an error) dnl AC_ARG_WITH(otp-only, [AS_HELP_STRING([--with-otp-only], [deprecated])], [case $with_otp_only in yes) with_passwd="no" AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd]) ;; esac]) AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])], [case $with_alertmail in *) with_mailto="$with_alertmail" AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto]) ;; esac]) dnl dnl Options for --with dnl AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])], [case $with_devel in yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc]) OSDEFS="${OSDEFS} -DSUDO_DEVEL" DEVEL="true" devdir=. ;; no) ;; *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel]) ;; esac]) AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])], [case $with_CC in *) AC_MSG_ERROR([the --with-CC option is no longer supported, please set the CC environment variable instead.]) ;; esac]) AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [deprecated, use --disable-rpath])], [AC_MSG_WARN([--with-rpath deprecated, rpath is now the default])]) AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [deprecated])], [AC_MSG_WARN([--with-blibpath deprecated, use --with-libpath])]) dnl dnl Handle BSM auditing support. dnl AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])], [case $with_bsm_audit in yes) AC_DEFINE(HAVE_BSM_AUDIT) SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm" SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.lo" ;; no) ;; *) AC_MSG_ERROR(["--with-bsm-audit does not take an argument."]) ;; esac]) dnl dnl Handle Linux auditing support. dnl AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])], [case $with_linux_audit in yes) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[int i = AUDIT_USER_CMD; (void)i;]])], [ AC_DEFINE(HAVE_LINUX_AUDIT) SUDO_LIBS="${SUDO_LIBS} -laudit" SUDOERS_LIBS="${SUDO_LIBS} -laudit" SUDOERS_OBJS="${SUDOERS_OBJS} linux_audit.lo" ], [ AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit]) ]) ;; no) ;; *) AC_MSG_ERROR(["--with-linux-audit does not take an argument."]) ;; esac]) dnl dnl Handle SSSD support. dnl AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])], [case $with_sssd in yes) SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo" AC_DEFINE(HAVE_SSSD) ;; no) ;; *) AC_MSG_ERROR(["--with-sssd does not take an argument."]) ;; esac]) AC_ARG_WITH(sssd-lib, [AS_HELP_STRING([--with-sssd-lib], [path to the SSSD library])]) sssd_lib="\"LIBDIR\"" test -n "$with_sssd_lib" && sssd_lib="$with_sssd_lib" SUDO_DEFINE_UNQUOTED(_PATH_SSSD_LIB, "$sssd_lib", [Path to the SSSD library]) AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])], [case $with_incpath in yes) AC_MSG_ERROR(["must give --with-incpath an argument."]) ;; no) AC_MSG_ERROR(["--without-incpath not supported."]) ;; *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS]) for i in ${with_incpath}; do SUDO_APPEND_CPPFLAGS(-I${i}) done ;; esac]) AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])], [case $with_libpath in yes) AC_MSG_ERROR(["must give --with-libpath an argument."]) ;; no) AC_MSG_ERROR(["--without-libpath not supported."]) ;; *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS]) ;; esac]) AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])], [case $with_libraries in yes) AC_MSG_ERROR(["must give --with-libraries an argument."]) ;; no) AC_MSG_ERROR(["--without-libraries not supported."]) ;; *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS]) ;; esac]) AC_ARG_WITH(efence, [AS_HELP_STRING([--with-efence], [link with -lefence for malloc() debugging])], [case $with_efence in yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)]) LIBS="${LIBS} -lefence" if test -f /usr/local/lib/libefence.a; then with_libpath="${with_libpath} /usr/local/lib" fi ;; no) ;; *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence]) ;; esac]) AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])], [case $with_csops in yes) AC_MSG_NOTICE([Adding CSOps standard options]) CHECKSIA=false with_ignore_dot=yes insults=on with_classic_insults=yes with_csops_insults=yes with_env_editor=yes : ${mansectsu='8'} : ${mansectform='5'} ;; no) ;; *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops]) ;; esac]) AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])], [case $with_passwd in yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication) AC_MSG_RESULT($with_passwd) AUTH_DEF="" test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd" ;; *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."]) ;; esac]) AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[=DIR]], [enable S/Key support ])], [case $with_skey in no) ;; *) AC_DEFINE(HAVE_SKEY) AC_MSG_CHECKING(whether to try S/Key authentication) AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG S/Key" ;; esac]) AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[=DIR]], [enable OPIE support ])], [case $with_opie in no) ;; *) AC_DEFINE(HAVE_OPIE) AC_MSG_CHECKING(whether to try NRL OPIE authentication) AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG NRL_OPIE" ;; esac]) AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])], [case $with_long_otp_prompt in yes) AC_DEFINE(LONG_OTP_PROMPT) AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication) AC_MSG_RESULT(yes) long_otp_prompt=on ;; no) long_otp_prompt=off ;; *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."]) ;; esac]) AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])], [case $with_SecurID in no) ;; *) AC_DEFINE(HAVE_SECURID) AC_MSG_CHECKING(whether to use SecurID for authentication) AC_MSG_RESULT(yes) AUTH_EXCL="$AUTH_EXCL SecurID" ;; esac]) AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])], [case $with_fwtk in no) ;; *) AC_DEFINE(HAVE_FWTK) AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication) AC_MSG_RESULT(yes) AUTH_EXCL="$AUTH_EXCL FWTK" ;; esac]) AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])], [case $with_kerb5 in no) ;; *) AC_MSG_CHECKING(whether to try Kerberos V authentication) AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG kerb5" ;; esac]) AC_ARG_WITH(aixauth, [AS_HELP_STRING([--with-aixauth], [enable AIX general authentication support])], [case $with_aixauth in yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";; no) ;; *) AC_MSG_ERROR(["--with-aixauth does not take an argument."]) ;; esac]) AC_ARG_WITH(pam, [AS_HELP_STRING([--with-pam], [enable PAM support])], [case $with_pam in yes) AUTH_EXCL="$AUTH_EXCL PAM";; no) ;; *) AC_MSG_ERROR(["--with-pam does not take an argument."]) ;; esac]) AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])], [case $with_AFS in yes) AC_DEFINE(HAVE_AFS) AC_MSG_CHECKING(whether to try AFS (kerberos) authentication) AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG AFS" ;; no) ;; *) AC_MSG_ERROR(["--with-AFS does not take an argument."]) ;; esac]) AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])], [case $with_DCE in yes) AC_DEFINE(HAVE_DCE) AC_MSG_CHECKING(whether to try DCE (kerberos) authentication) AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG DCE" ;; no) ;; *) AC_MSG_ERROR(["--with-DCE does not take an argument."]) ;; esac]) AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])], [case $with_logincap in yes|no) ;; *) AC_MSG_ERROR(["--with-logincap does not take an argument."]) ;; esac]) AC_ARG_WITH(bsdauth, [AS_HELP_STRING([--with-bsdauth], [enable BSD authentication support])], [case $with_bsdauth in yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";; no) ;; *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."]) ;; esac]) AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])], [case $with_project in yes|no) ;; no) ;; *) AC_MSG_ERROR(["--with-project does not take an argument."]) ;; esac]) AC_MSG_CHECKING(whether to lecture users the first time they run sudo) AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])], [case $with_lecture in yes|short|always) lecture=once ;; no|none|never) lecture=never ;; *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"]) ;; esac]) if test "$lecture" = "once"; then AC_MSG_RESULT(yes) else AC_DEFINE(NO_LECTURE) AC_MSG_RESULT(no) fi AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default) AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])], [case $with_logging in yes) AC_MSG_ERROR(["must give --with-logging an argument."]) ;; no) AC_MSG_ERROR(["--without-logging not supported."]) ;; syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog) ;; file) AC_DEFINE(LOGGING, SLOG_FILE) AC_MSG_RESULT(file) ;; both) AC_DEFINE(LOGGING, SLOG_BOTH) AC_MSG_RESULT(both) ;; *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"]) ;; esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)]) AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])], [case $with_logfac in yes) AC_MSG_ERROR(["must give --with-logfac an argument."]) ;; no) AC_MSG_ERROR(["--without-logfac not supported."]) ;; authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac ;; *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."]) ;; esac]) AC_MSG_CHECKING(at which syslog priority to log commands) AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])], [case $with_goodpri in yes) AC_MSG_ERROR(["must give --with-goodpri an argument."]) ;; no) AC_MSG_ERROR(["--without-goodpri not supported."]) ;; alert|crit|debug|emerg|err|info|notice|warning) goodpri=$with_goodpri ;; *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."]) ;; esac]) AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.]) AC_MSG_RESULT($goodpri) AC_MSG_CHECKING(at which syslog priority to log failures) AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])], [case $with_badpri in yes) AC_MSG_ERROR(["must give --with-badpri an argument."]) ;; no) AC_MSG_ERROR(["--without-badpri not supported."]) ;; alert|crit|debug|emerg|err|info|notice|warning) badpri=$with_badpri ;; *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.]) ;; esac]) AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.]) AC_MSG_RESULT($badpri) AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])], [case $with_logpath in yes) AC_MSG_ERROR(["must give --with-logpath an argument."]) ;; no) AC_MSG_ERROR(["--without-logpath not supported."]) ;; esac]) AC_MSG_CHECKING(how long a line in the log file should be) AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])], [case $with_loglen in yes) AC_MSG_ERROR(["must give --with-loglen an argument."]) ;; no) AC_MSG_ERROR(["--without-loglen not supported."]) ;; [[0-9]]*) loglen=$with_loglen ;; *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"]) ;; esac]) AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).]) AC_MSG_RESULT($loglen) AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH) AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])], [case $with_ignore_dot in yes) ignore_dot=on ;; no) ignore_dot=off ;; *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."]) ;; esac]) if test "$ignore_dot" = "on"; then AC_DEFINE(IGNORE_DOT_PATH) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_MSG_CHECKING(whether to send mail when a user is not in sudoers) AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])], [case $with_mail_if_no_user in yes) mail_no_user=on ;; no) mail_no_user=off ;; *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."]) ;; esac]) if test "$mail_no_user" = "on"; then AC_DEFINE(SEND_MAIL_WHEN_NO_USER) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_MSG_CHECKING(whether to send mail when user listed but not for this host) AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])], [case $with_mail_if_no_host in yes) mail_no_host=on ;; no) mail_no_host=off ;; *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."]) ;; esac]) if test "$mail_no_host" = "on"; then AC_DEFINE(SEND_MAIL_WHEN_NO_HOST) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command) AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])], [case $with_mail_if_noperms in yes) mail_noperms=on ;; no) mail_noperms=off ;; *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."]) ;; esac]) if test "$mail_noperms" = "on"; then AC_DEFINE(SEND_MAIL_WHEN_NOT_OK) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_MSG_CHECKING(who should get the mail that sudo sends) AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])], [case $with_mailto in yes) AC_MSG_ERROR(["must give --with-mailto an argument."]) ;; no) AC_MSG_ERROR(["--without-mailto not supported."]) ;; *) mailto=$with_mailto ;; esac]) AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.]) AC_MSG_RESULT([$mailto]) AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])], [case $with_mailsubject in yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."]) ;; no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.]) ;; *) mailsub="$with_mailsubject" AC_MSG_CHECKING(sudo mail subject) AC_MSG_RESULT([Using alert mail subject: $mailsub]) ;; esac]) AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.]) AC_MSG_CHECKING(for bad password prompt) AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])], [case $with_passprompt in yes) AC_MSG_ERROR(["must give --with-passprompt an argument."]) ;; no) AC_MSG_WARN([Sorry, --without-passprompt not supported.]) ;; *) passprompt="$with_passprompt" esac]) AC_MSG_RESULT($passprompt) AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.]) AC_MSG_CHECKING(for bad password message) AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])], [case $with_badpass_message in yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."]) ;; no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.]) ;; *) badpass_message="$with_badpass_message" ;; esac]) AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.]) AC_MSG_RESULT([$badpass_message]) AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers) AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])], [case $with_fqdn in yes) fqdn=on ;; no) fqdn=off ;; *) AC_MSG_ERROR(["--with-fqdn does not take an argument."]) ;; esac]) if test "$fqdn" = "on"; then AC_DEFINE(FQDN) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir], [path to the sudo timestamp dir])], [case $with_timedir in yes) AC_MSG_ERROR(["must give --with-timedir an argument."]) ;; no) AC_MSG_ERROR(["--without-timedir not supported."]) ;; esac]) AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])], [case $with_iologdir in yes) ;; no) AC_MSG_ERROR(["--without-iologdir not supported."]) ;; esac]) AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail]) AS_HELP_STRING([--without-sendmail], [do not send mail at all])], [case $with_sendmail in yes) with_sendmail="" ;; no) ;; *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail") ;; esac]) AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])], [case $with_sudoers_mode in yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."]) ;; no) AC_MSG_ERROR(["--without-sudoers-mode not supported."]) ;; [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode} ;; 0*) SUDOERS_MODE=$with_sudoers_mode ;; *) AC_MSG_ERROR(["you must use an octal mode, not a name."]) ;; esac]) AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])], [case $with_sudoers_uid in yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."]) ;; no) AC_MSG_ERROR(["--without-sudoers-uid not supported."]) ;; [[0-9]]*) SUDOERS_UID=$with_sudoers_uid ;; *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."]) ;; esac]) AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])], [case $with_sudoers_gid in yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."]) ;; no) AC_MSG_ERROR(["--without-sudoers-gid not supported."]) ;; [[0-9]]*) SUDOERS_GID=$with_sudoers_gid ;; *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."]) ;; esac]) AC_MSG_CHECKING(for umask programs should be run with) AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)]) AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])], [case $with_umask in yes) AC_MSG_ERROR(["must give --with-umask an argument."]) ;; no) sudo_umask=0777 ;; [[0-9]]*) sudo_umask=$with_umask ;; *) AC_MSG_ERROR(["you must enter a numeric mask."]) ;; esac]) AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the sudo-run prog should use.]) if test "$sudo_umask" = "0777"; then AC_MSG_RESULT(user) else AC_MSG_RESULT($sudo_umask) fi AC_ARG_WITH(umask-override, [AS_HELP_STRING([--with-umask-override], [Use the umask specified in sudoers even if it is less restrictive than the user's.])], [case $with_umask_override in yes) AC_DEFINE(UMASK_OVERRIDE) umask_override=on ;; no) umask_override=off ;; *) AC_MSG_ERROR(["--with-umask-override does not take an argument."]) ;; esac]) AC_MSG_CHECKING(for default user to run commands as) AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])], [case $with_runas_default in yes) AC_MSG_ERROR(["must give --with-runas-default an argument."]) ;; no) AC_MSG_ERROR(["--without-runas-default not supported."]) ;; *) runas_default="$with_runas_default" ;; esac]) AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.]) AC_MSG_RESULT([$runas_default]) AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])], [case $with_exempt in yes) AC_MSG_ERROR(["must give --with-exempt an argument."]) ;; no) AC_MSG_ERROR(["--without-exempt not supported."]) ;; *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").]) AC_MSG_CHECKING(for group to be exempt from password) AC_MSG_RESULT([$with_exempt]) ;; esac]) AC_MSG_CHECKING(for editor that visudo should use) AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])], [case $with_editor in yes) AC_MSG_ERROR(["must give --with-editor an argument."]) ;; no) AC_MSG_ERROR(["--without-editor not supported."]) ;; *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.]) AC_MSG_RESULT([$with_editor]) editor="$with_editor" ;; esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)]) AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables) AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])], [case $with_env_editor in yes) env_editor=on ;; no) env_editor=off ;; *) AC_MSG_ERROR(["--with-env-editor does not take an argument."]) ;; esac]) if test "$env_editor" = "on"; then AC_DEFINE(ENV_EDITOR) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_MSG_CHECKING(number of tries a user gets to enter their password) AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])], [case $with_passwd_tries in yes) ;; no) AC_MSG_ERROR(["--without-editor not supported."]) ;; [[1-9]]*) passwd_tries=$with_passwd_tries ;; *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"]) ;; esac]) AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.]) AC_MSG_RESULT($passwd_tries) AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again) AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])], [case $with_timeout in yes) ;; no) timeout=0 ;; [[0-9]]*) timeout=$with_timeout ;; *) AC_MSG_ERROR(["you must enter the numer of minutes."]) ;; esac]) AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.]) AC_MSG_RESULT($timeout) AC_MSG_CHECKING(time in minutes after the password prompt will time out) AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])], [case $with_password_timeout in yes) ;; no) password_timeout=0 ;; [[0-9]]*) password_timeout=$with_password_timeout ;; *) AC_MSG_ERROR(["you must enter the numer of minutes."]) ;; esac]) AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).]) AC_MSG_RESULT($password_timeout) AC_MSG_CHECKING(whether to use per-tty ticket files) AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])], [case $with_tty_tickets in yes) tty_tickets=on ;; no) tty_tickets=off ;; *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."]) ;; esac]) if test "$tty_tickets" = "off"; then AC_DEFINE(NO_TTY_TICKETS) AC_MSG_RESULT(no) else AC_MSG_RESULT(yes) fi AC_MSG_CHECKING(whether to include insults) AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])], [case $with_insults in yes) insults=on with_classic_insults=yes with_csops_insults=yes ;; disabled) insults=off with_classic_insults=yes with_csops_insults=yes ;; no) insults=off ;; *) AC_MSG_ERROR(["--with-insults does not take an argument."]) ;; esac]) if test "$insults" = "on"; then AC_DEFINE(USE_INSULTS) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])], [case $with_all_insults in yes) with_classic_insults=yes with_csops_insults=yes with_hal_insults=yes with_goons_insults=yes ;; no) ;; *) AC_MSG_ERROR(["--with-all-insults does not take an argument."]) ;; esac]) AC_ARG_WITH(classic-insults, [AS_HELP_STRING([--with-classic-insults], [include the insults from the "classic" sudo])], [case $with_classic_insults in yes) AC_DEFINE(CLASSIC_INSULTS) ;; no) ;; *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."]) ;; esac]) AC_ARG_WITH(csops-insults, [AS_HELP_STRING([--with-csops-insults], [include CSOps insults])], [case $with_csops_insults in yes) AC_DEFINE(CSOPS_INSULTS) ;; no) ;; *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."]) ;; esac]) AC_ARG_WITH(hal-insults, [AS_HELP_STRING([--with-hal-insults], [include 2001-like insults])], [case $with_hal_insults in yes) AC_DEFINE(HAL_INSULTS) ;; no) ;; *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."]) ;; esac]) AC_ARG_WITH(goons-insults, [AS_HELP_STRING([--with-goons-insults], [include the insults from the "Goon Show"])], [case $with_goons_insults in yes) AC_DEFINE(GOONS_INSULTS) ;; no) ;; *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."]) ;; esac]) AC_ARG_WITH(nsswitch, [AS_HELP_STRING([--with-nsswitch[[=PATH]]], [path to nsswitch.conf])], [case $with_nsswitch in no) ;; yes) with_nsswitch="/etc/nsswitch.conf" ;; *) ;; esac]) AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])], [case $with_ldap in no) ;; *) AC_DEFINE(HAVE_LDAP) AC_MSG_CHECKING(whether to use sudoers from LDAP) AC_MSG_RESULT(yes) ;; esac]) AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])]) test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file" SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$ldap_conf", [Path to the ldap.conf file]) AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])]) test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file" SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file]) AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [replace politically incorrect insults with less offensive ones])], [case $with_pc_insults in yes) AC_DEFINE(PC_INSULTS) ;; no) ;; *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."]) ;; esac]) dnl include all insult sets on one line if test "$insults" = "on"; then AC_MSG_CHECKING(which insult sets to include) i="" test "$with_goons_insults" = "yes" && i="goons ${i}" test "$with_hal_insults" = "yes" && i="hal ${i}" test "$with_csops_insults" = "yes" && i="csops ${i}" test "$with_classic_insults" = "yes" && i="classic ${i}" AC_MSG_RESULT([$i]) fi AC_MSG_CHECKING(whether to override the user's path) AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])], [case $with_secure_path in yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") AC_MSG_RESULT([$with_secure_path]) secure_path="set to $with_secure_path" ;; no) AC_MSG_RESULT(no) ;; *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") AC_MSG_RESULT([$with_secure_path]) secure_path="set to F<$with_secure_path>" ;; esac], AC_MSG_RESULT(no)) AC_MSG_CHECKING(whether to get ip addresses from the network interfaces) AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of ether interfaces])], [case $with_interfaces in yes) AC_MSG_RESULT(yes) ;; no) AC_DEFINE(STUB_LOAD_INTERFACES) AC_MSG_RESULT(no) ;; *) AC_MSG_ERROR(["--with-interfaces does not take an argument."]) ;; esac], AC_MSG_RESULT(yes)) AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [deprecated])], [case $with_stow in *) AC_MSG_NOTICE([--with-stow option deprecated, now is defalt behavior]) ;; esac]) AC_MSG_CHECKING(whether to use an askpass helper) AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])], [case $with_askpass in yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."]) ;; no) ;; *) ;; esac], [ with_askpass=no AC_MSG_RESULT(no) ]) if test X"$with_askpass" != X"no"; then SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass") else SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, NULL) fi AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir], [set directory to load plugins from])], [case $with_plugindir in no) AC_MSG_ERROR(["illegal argument: --without-plugindir."]) ;; *) ;; esac], [with_plugindir="$libexecdir/sudo"]) AC_ARG_WITH(man, [AS_HELP_STRING([--with-man], [manual pages use man macros])], [case $with_man in yes) MANTYPE=man ;; no) AC_MSG_ERROR(["--without-man not supported."]) ;; *) AC_MSG_ERROR(["ignoring unknown argument to --with-man: $with_man."]) ;; esac]) AC_ARG_WITH(mdoc, [AS_HELP_STRING([--with-mdoc], [manual pages use mdoc macros])], [case $with_mdoc in yes) MANTYPE=mdoc ;; no) AC_MSG_ERROR(["--without-mdoc not supported."]) ;; *) AC_MSG_ERROR(["ignoring unknown argument to --with-mdoc: $with_mdoc."]) ;; esac]) dnl dnl Options for --enable dnl AC_MSG_CHECKING(whether to do user authentication by default) AC_ARG_ENABLE(authentication, [AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) ;; no) AC_MSG_RESULT(no) AC_DEFINE(NO_AUTHENTICATION) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval]) ;; esac ], AC_MSG_RESULT(yes)) AC_MSG_CHECKING(whether to disable running the mailer as root) AC_ARG_ENABLE(root-mailer, [AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])], [ case "$enableval" in yes) AC_MSG_RESULT(no) ;; no) AC_MSG_RESULT(yes) AC_DEFINE(NO_ROOT_MAILER) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_ARG_ENABLE(setreuid, [AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])], [ case "$enableval" in no) SKIP_SETREUID=yes ;; *) ;; esac ]) AC_ARG_ENABLE(setresuid, [AS_HELP_STRING([--disable-setresuid], [Don't try to use the setresuid() function])], [ case "$enableval" in no) SKIP_SETRESUID=yes ;; *) ;; esac ]) AC_MSG_CHECKING(whether to disable shadow password support) AC_ARG_ENABLE(shadow, [AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])], [ case "$enableval" in yes) AC_MSG_RESULT(no) ;; no) AC_MSG_RESULT(yes) CHECKSHADOW="false" ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_MSG_CHECKING(whether root should be allowed to use sudo) AC_ARG_ENABLE(root-sudo, [AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) ;; no) AC_DEFINE(NO_ROOT_SUDO) AC_MSG_RESULT(no) root_sudo=off ;; *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."]) ;; esac ], AC_MSG_RESULT(yes)) AC_MSG_CHECKING(whether to log the hostname in the log file) AC_ARG_ENABLE(log-host, [AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) AC_DEFINE(HOST_IN_LOG) ;; no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments) AC_ARG_ENABLE(noargs-shell, [AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) AC_DEFINE(SHELL_IF_NO_ARGS) ;; no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode) AC_ARG_ENABLE(shell-sets-home, [AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) AC_DEFINE(SHELL_SETS_HOME) ;; no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_MSG_CHECKING(whether to disable 'command not found' messages) AC_ARG_ENABLE(path_info, [AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])], [ case "$enableval" in yes) AC_MSG_RESULT(no) ;; no) AC_MSG_RESULT(yes) AC_DEFINE(DONT_LEAK_PATH_INFO) path_info=off ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_MSG_CHECKING(whether to enable environment debugging) AC_ARG_ENABLE(env_debug, [AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) AC_DEFINE(ENV_DEBUG) ;; no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-env-debug: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_ARG_ENABLE(zlib, [AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])], [], [enable_zlib=yes]) AC_MSG_CHECKING(whether to enable environment resetting by default) AC_ARG_ENABLE(env_reset, [AS_HELP_STRING([--enable-env-reset], [Whether to enable environment resetting by default.])], [ case "$enableval" in yes) env_reset=on ;; no) env_reset=off ;; *) env_reset=on AC_MSG_WARN([Ignoring unknown argument to --enable-env-reset: $enableval]) ;; esac ]) if test "$env_reset" = "on"; then AC_MSG_RESULT(yes) AC_DEFINE(ENV_RESET, 1) else AC_MSG_RESULT(no) AC_DEFINE(ENV_RESET, 0) fi AC_ARG_ENABLE(warnings, [AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])], [ case "$enableval" in yes) ;; no) ;; *) AC_MSG_WARN([Ignoring unknown argument to --enable-warnings: $enableval]) ;; esac ]) AC_ARG_ENABLE(werror, [AS_HELP_STRING([--enable-werror], [Whether to enable the -Werror compiler option])], [ case "$enableval" in yes) ;; no) ;; *) AC_MSG_WARN([Ignoring unknown argument to --enable-werror: $enableval]) ;; esac ]) AC_ARG_ENABLE(hardening, [AS_HELP_STRING([--disable-hardening], [Do not use compiler/linker exploit mitigation options])], [], [enable_hardening=yes]) AC_ARG_ENABLE(pie, [AS_HELP_STRING([--enable-pie], [Build sudo as a position independent executable.])]) AC_ARG_ENABLE(poll, [AS_HELP_STRING([--disable-poll], [Use select() instead of poll().])]) AC_ARG_ENABLE(admin-flag, [AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])], [ case "$enableval" in yes) AC_DEFINE(USE_ADMIN_FLAG) ;; no) ;; *) AC_MSG_WARN([Ignoring unknown argument to --enable-admin-flag: $enableval]) ;; esac ]) AC_ARG_ENABLE(nls, [AS_HELP_STRING([--disable-nls], [Disable natural language support using gettext])], [], [enable_nls=yes]) AC_ARG_ENABLE(rpath, [AS_HELP_STRING([--disable-rpath], [Disable passing of -Rpath to the linker])], [], [enable_rpath=yes]) AC_ARG_ENABLE(static-sudoers, [AS_HELP_STRING([--enable-static-sudoers], [Build the sudoers policy module as part of the sudo binary instead as a plugin])], [], [enable_static_sudoers=no]) AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])], [case $with_selinux in yes) SELINUX_USAGE="[[-r role]] [[-t type]] " AC_DEFINE(HAVE_SELINUX) SUDO_LIBS="${SUDO_LIBS} -lselinux" SUDO_OBJS="${SUDO_OBJS} selinux.o" PROGS="${PROGS} sesh" SEMAN=1 AC_CHECK_LIB([selinux], [setkeycreatecon], [AC_DEFINE(HAVE_SETKEYCREATECON)]) ;; no) ;; *) AC_MSG_ERROR(["--with-selinux does not take an argument."]) ;; esac], [with_selinux=no]) dnl dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default dnl AC_ARG_ENABLE(gss_krb5_ccache_name, [AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])], [check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no]) dnl dnl C compiler checks dnl AC_SEARCH_LIBS([strerror], [cposix]) AC_PROG_CPP AC_CHECK_TOOL(AR, ar, false) AC_CHECK_TOOL(RANLIB, ranlib, :) if test X"$AR" = X"false"; then AC_MSG_ERROR([the "ar" utility is required to build sudo]) fi if test "x$ac_cv_prog_cc_c89" = "xno"; then AC_MSG_ERROR([Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build.]) fi dnl dnl If the user specified --disable-static, override them or we'll dnl be unable to build the executables in the sudoers plugin dir. dnl if test "$enable_static" = "no"; then AC_MSG_WARN([Ignoring --disable-static, sudo does not install static libs]) enable_static=yes fi dnl dnl Libtool setup, we require libtool 2.2.6b or higher dnl AC_CANONICAL_HOST AC_CONFIG_MACRO_DIR([m4]) LT_PREREQ([2.2.6b]) LT_INIT([dlopen]) dnl dnl Allow the user to specify an alternate libtool. dnl XXX - should be able to skip LT_INIT if we are using a different libtool dnl AC_ARG_WITH(libtool, [AS_HELP_STRING([--with-libtool=PATH], [specify path to libtool])], [case $with_libtool in yes|builtin) ;; no) AC_MSG_ERROR(["--without-libtool not supported."]) ;; system) LIBTOOL=libtool ;; *) LIBTOOL="$with_libtool" ;; esac]) dnl dnl Defer with_noexec until after libtool magic runs dnl if test "$enable_shared" = "no"; then with_noexec=no enable_dlopen=no lt_cv_dlopen=none lt_cv_dlopen_libs= ac_cv_func_dlopen=no LT_LDFLAGS=-static else eval _shrext="$shrext_cmds" # Darwin uses .dylib for libraries but .so for modules if test X"$_shrext" = X".dylib"; then SOEXT=".so" SHLIB_EXT=".dylib" else SOEXT="$_shrext" SHLIB_EXT="$_shrext" fi fi LIBDL="$lt_cv_dlopen_libs" AC_MSG_CHECKING(path to sudo_noexec.so) AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])], [case $with_noexec in yes) with_noexec="$libexecdir/sudo/sudo_noexec.so" ;; no) ;; *) ;; esac], [with_noexec="$libexecdir/sudo/sudo_noexec.so"]) AC_MSG_RESULT($with_noexec) NOEXECFILE="sudo_noexec.so" NOEXECDIR="`echo $with_noexec|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`" dnl dnl Find programs we use dnl AC_PATH_PROG(UNAMEPROG, [uname], [uname]) AC_PATH_PROG(TRPROG, [tr], [tr]) AC_PATH_PROG(MANDOCPROG, [mandoc], [mandoc]) if test "$MANDOCPROG" != "mandoc"; then : ${MANTYPE='mdoc'} else AC_PATH_PROG(NROFFPROG, [nroff]) if test -n "$NROFFPROG"; then test -n "$MANTYPE" && sudo_cv_var_mantype="$MANTYPE" AC_CACHE_CHECK([which macro set to use for manual pages], [sudo_cv_var_mantype], [ sudo_cv_var_mantype="man" echo ".Sh NAME" > conftest echo ".Nm sudo" >> conftest echo ".Nd sudo" >> conftest echo ".Sh DESCRIPTION" >> conftest echo "sudo" >> conftest if $NROFFPROG -mdoc conftest >/dev/null 2>&1; then sudo_cv_var_mantype="mdoc" fi rm -f conftest ] ) MANTYPE="$sudo_cv_var_mantype" else MANTYPE=cat MANDIRTYPE=cat mansrcdir='$(srcdir)' fi fi dnl dnl What kind of beastie are we being run on? dnl Barf if config.cache was generated on another host. dnl if test -n "$sudo_cv_prev_host"; then if test "$sudo_cv_prev_host" != "$host"; then AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.]) else AC_MSG_CHECKING(previous host type) AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host") AC_MSG_RESULT([$sudo_cv_prev_host]) fi else # this will produce no output since there is no cached value AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host") fi dnl dnl We want to be able to differentiate between different rev's dnl if test -n "$host_os"; then OS=`echo $host_os | sed 's/[[0-9]].*//'` OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'` OSMAJOR=`echo $OSREV | sed 's/\..*$//'` else OS="unknown" OSREV=0 OSMAJOR=0 fi case "$host" in *-*-sunos4*) # LD_PRELOAD is space-delimited RTLD_PRELOAD_DELIM=" " # getcwd(3) opens a pipe to getpwd(1)!?! BROKEN_GETCWD=1 # system headers lack prototypes but gcc helps... if test -n "$GCC"; then OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__" fi shadow_funcs="getpwanam issecure" ;; *-*-solaris2*) # LD_PRELOAD is space-delimited RTLD_PRELOAD_DELIM=" " # Solaris-specific initialization OS_INIT=os_init_solaris SUDO_OBJS="${SUDO_OBJS} solaris.o" # To get the crypt(3) prototype (so we pass -Wall) OSDEFS="${OSDEFS} -D__EXTENSIONS__" # AFS support needs -lucb if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lucb" fi : ${mansectsu='1m'} : ${mansectform='4'} test -z "$with_pam" && AUTH_EXCL_DEF="PAM" AC_CHECK_FUNCS(priv_set, [PSMAN=1]) ;; *-*-aix*) # To get all prototypes (so we pass -Wall) OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT" SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp" # On AIX 6 and higher default to PAM, else default to LAM if test $OSMAJOR -ge 6; then if test X"$with_pam" = X""; then AUTH_EXCL_DEF="PAM" fi else if test X"$with_aixauth" = X""; then AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"]) fi fi # AIX analog of nsswitch.conf, enabled by default AC_ARG_WITH(netsvc, [AS_HELP_STRING([--with-netsvc[[=PATH]]], [path to netsvc.conf])], [case $with_netsvc in no) ;; yes) with_netsvc="/etc/netsvc.conf" ;; *) ;; esac]) if test -z "$with_nsswitch" -a -z "$with_netsvc"; then with_netsvc="/etc/netsvc.conf" fi # LDR_PRELOAD is only supported in AIX 5.3 and later if test $OSMAJOR -lt 5; then with_noexec=no else RTLD_PRELOAD_VAR="LDR_PRELOAD" fi # AIX-specific functions AC_CHECK_FUNCS(getuserattr setauthdb setrlimit64) COMMON_OBJS="${COMMON_OBJS} aix.lo" ;; *-*-hiuxmpp*) : ${mansectsu='1m'} : ${mansectform='4'} # HP-UX shared libs must be executable SHLIB_MODE=0755 ;; *-*-hpux*) # AFS support needs -lBSD if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lBSD" fi : ${mansectsu='1m'} : ${mansectform='4'} # HP-UX shared libs must be executable SHLIB_MODE=0755 # The HP bundled compiler cannot generate shared libs if test -z "$GCC"; then AC_CACHE_CHECK([for HP bundled C compiler], [sudo_cv_var_hpccbundled], [if $CC -V 2>&1 | grep '^(Bundled)' >/dev/null 2>&1; then sudo_cv_var_hpccbundled=yes else sudo_cv_var_hpccbundled=no fi] ) if test "$sudo_cv_var_hpccbundled" = "yes"; then AC_MSG_ERROR([The HP bundled C compiler is unable to build Sudo, you must use gcc or the HP ANSI C compiler instead.]) fi fi # Build PA-RISC1.1 objects for better portability case "$host_cpu" in hppa[[2-9]]*) _CFLAGS="$CFLAGS" if test -n "$GCC"; then portable_flag="-march=1.1" else portable_flag="+DAportable" fi CFLAGS="$CFLAGS $portable_flag" AC_CACHE_CHECK([whether $CC understands $portable_flag], [sudo_cv_var_daportable], [AC_LINK_IFELSE( [AC_LANG_PROGRAM([[]], [[]])], [sudo_cv_var_daportable=yes], [sudo_cv_var_daportable=no] ) ] ) if test X"$sudo_cv_var_daportable" != X"yes"; then CFLAGS="$_CFLAGS" fi ;; esac case "$host_os" in hpux[[1-8]].*) AC_DEFINE(BROKEN_SYSLOG) ;; hpux9.*) AC_DEFINE(BROKEN_SYSLOG) shadow_funcs="getspwuid" # DCE support (requires ANSI C compiler) if test "$with_DCE" = "yes"; then # order of libs in 9.X is important. -lc_r must be last SUDOERS_LIBS="${SUDOERS_LIBS} -ldce -lM -lc_r" LIBS="${LIBS} -ldce -lM -lc_r" SUDO_APPEND_CPPFLAGS(-D_REENTRANT) SUDO_APPEND_CPPFLAGS(-I/usr/include/reentrant) fi ;; hpux10.*) shadow_funcs="getprpwnam iscomsec" shadow_libs="-lsec" # HP-UX 10.20 libc has an incompatible getline ac_cv_func_getline="no" ;; *) shadow_funcs="getspnam iscomsec" shadow_libs="-lsec" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" ;; esac AC_CHECK_FUNCS(pstat_getproc) ;; *-dec-osf*) # ignore envariables wrt dynamic lib path # XXX - sudo LDFLAGS instead? SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-no_library_replacement" : ${CHECKSIA='true'} AC_MSG_CHECKING(whether to disable sia support on Digital UNIX) AC_ARG_ENABLE(sia, [AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])], [ case "$enableval" in yes) AC_MSG_RESULT(no) CHECKSIA=true ;; no) AC_MSG_RESULT(yes) CHECKSIA=false ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval]) ;; esac ], AC_MSG_RESULT(no)) shadow_funcs="getprpwnam dispcrypt" # OSF/1 4.x and higher need -ldb too if test $OSMAJOR -lt 4; then shadow_libs="-lsecurity -laud -lm" else shadow_libs="-lsecurity -ldb -laud -lm" fi # use SIA by default, if we have it test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA" # # Some versions of Digital Unix ship with a broken # copy of prot.h, which we need for shadow passwords. # XXX - make should remove this as part of distclean # AC_MSG_CHECKING([for broken prot.h]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include #include #include ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally]) sed 's:::g' < /usr/include/prot.h > prot.h ]) # ":DEFAULT" must be appended to _RLD_LIST RTLD_PRELOAD_VAR="_RLD_LIST" RTLD_PRELOAD_DEFAULT="DEFAULT" : ${mansectsu='8'} : ${mansectform='4'} ;; *-*-irix*) OSDEFS="${OSDEFS} -D_BSD_TYPES" if test -z "$NROFFPROG"; then if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then if test -d /usr/share/catman/local; then mandir="/usr/share/catman/local" else mandir="/usr/catman/local" fi fi # Compress cat pages with pack MANCOMPRESS='pack' MANCOMPRESSEXT='.z' else if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then if test -d "/usr/share/man/local"; then mandir="/usr/share/man/local" else mandir="/usr/man/local" fi fi fi # IRIX <= 4 needs -lsun if test "$OSMAJOR" -le 4; then AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"]) fi # ":DEFAULT" must be appended to _RLD_LIST RTLD_PRELOAD_VAR="_RLD_LIST" RTLD_PRELOAD_DEFAULT="DEFAULT" : ${mansectsu='1m'} : ${mansectform='4'} ;; *-*-linux*|*-*-k*bsd*-gnu) OSDEFS="${OSDEFS} -D_GNU_SOURCE" # Some Linux versions need to link with -lshadow shadow_funcs="getspnam" shadow_libs_optional="-lshadow" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" ;; *-convex-bsd*) OSDEFS="${OSDEFS} -D_CONVEX_SOURCE" if test -z "$GCC"; then CFLAGS="${CFLAGS} -D__STDC__" fi shadow_defs="-D_AUDIT -D_ACL -DSecureWare" shadow_funcs="getprpwnam" shadow_libs="-lprot" ;; *-*-ultrix*) OS="ultrix" shadow_funcs="getauthuid" shadow_libs="-lauth" ;; *-*-riscos*) LIBS="${LIBS} -lsun -lbsd" SUDO_APPEND_CPPFLAGS(-I/usr/include) SUDO_APPEND_CPPFLAGS(-I/usr/include/bsd) OSDEFS="${OSDEFS} -D_MIPS" : ${mansectsu='1m'} : ${mansectform='4'} ;; *-*-isc*) OSDEFS="${OSDEFS} -D_ISC" LIB_CRYPT=1 SUDOERS_LIBS="${SUDOERS_LIBS} -lcrypt" shadow_funcs="getspnam" shadow_libs="-lsec" : ${mansectsu='1m'} : ${mansectform='4'} ;; *-*-sco*|*-sco-*) shadow_funcs="getprpwnam" shadow_libs="-lprot -lx" : ${mansectsu='1m'} : ${mansectform='4'} ;; m88k-motorola-sysv*) # motorolla's cc (a variant of gcc) does -O but not -O2 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'` : ${mansectsu='1m'} : ${mansectform='4'} ;; *-sequent-sysv*) shadow_funcs="getspnam" shadow_libs="-lsec" : ${mansectsu='1m'} : ${mansectform='4'} ;; *-ncr-sysv4*|*-ncr-sysvr4*) AC_CHECK_LIB(c89, strcasecmp, [LIBS="${LIBS} -lc89"]) : ${mansectsu='1m'} : ${mansectform='4'} ;; *-ccur-sysv4*|*-ccur-sysvr4*) LIBS="${LIBS} -lgen" : ${mansectsu='1m'} : ${mansectform='4'} ;; *-*-bsdi*) SKIP_SETREUID=yes # Check for newer BSD auth API if test -z "$with_bsdauth"; then AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"]) fi ;; *-*-freebsd*) # FreeBSD has a real setreuid(2) starting with 2.1 and # backported to 2.0.5. We just take 2.1 and above... case "$OSREV" in 0.*|1.*|2.0*) SKIP_SETREUID=yes ;; esac OSDEFS="${OSDEFS} -D_BSD_SOURCE" if test "${with_skey-'no'}" = "yes"; then SUDOERS_LIBS="${SUDOERS_LIBS} -lmd" fi CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='maybe'} ;; *-*-*openbsd*) # OpenBSD-specific initialization OS_INIT=os_init_openbsd SUDO_OBJS="${SUDO_OBJS} openbsd.o" # OpenBSD has a real setreuid(2) starting with 3.3 but # we will use setresuid(2) instead. SKIP_SETREUID=yes OSDEFS="${OSDEFS} -D_BSD_SOURCE" CHECKSHADOW="false" # OpenBSD >= 3.0 supports BSD auth if test -z "$with_bsdauth"; then if test "$OSMAJOR" -ge 3; then AUTH_EXCL_DEF="BSD_AUTH" fi fi : ${with_logincap='maybe'} ;; *-*-*netbsd*) # NetBSD has a real setreuid(2) starting with 1.3.2 case "$OSREV" in 0.9*|1.[[012]]*|1.3|1.3.1) SKIP_SETREUID=yes ;; esac CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='maybe'} ;; *-*-dragonfly*) OSDEFS="${OSDEFS} -D_BSD_SOURCE" if test "${with_skey-'no'}" = "yes"; then SUDOERS_LIBS="${SUDOERS_LIBS} -lmd" fi CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='yes'} ;; *-*-*bsd*) CHECKSHADOW="false" ;; *-*-darwin*) # Darwin has a real setreuid(2) starting with 9.0 if test $OSMAJOR -lt 9; then SKIP_SETREUID=yes fi CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='yes'} # Darwin has a broken poll() : ${enable_poll='no'} # Darwin 8 and above can interpose library symbols cleanly if test $OSMAJOR -ge 8; then AC_DEFINE(HAVE___INTERPOSE) dlyld_interpose=yes else RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE" fi RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" ;; *-*-nextstep*) # lockf() on is broken on the NeXT -- use flock instead ac_cv_func_lockf=no ac_cv_func_flock=yes RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE" ;; *-*-*sysv4*) : ${mansectsu='1m'} : ${mansectform='4'} ;; *-*-sysv*) : ${mansectsu='1m'} : ${mansectform='4'} ;; *-gnu*) OSDEFS="${OSDEFS} -D_GNU_SOURCE" ;; esac dnl dnl Library preloading to support NOEXEC dnl if test -n "$with_noexec"; then SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_VAR, "$RTLD_PRELOAD_VAR") SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DELIM, "$RTLD_PRELOAD_DELIM") if test -n "$RTLD_PRELOAD_DEFAULT"; then SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DEFAULT, "$RTLD_PRELOAD_DEFAULT") fi if test -n "$RTLD_PRELOAD_ENABLE_VAR"; then SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_ENABLE_VAR, "$RTLD_PRELOAD_ENABLE_VAR") fi fi dnl dnl Check for mixing mutually exclusive and regular auth methods dnl AUTH_REG=${AUTH_REG# } AUTH_EXCL=${AUTH_EXCL# } if test -n "$AUTH_EXCL"; then set -- $AUTH_EXCL if test $# != 1; then AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL]) fi if test -n "$AUTH_REG"; then AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods]) fi fi dnl dnl Only one of S/Key and OPIE may be specified dnl if test X"${with_skey}${with_opie}" = X"yesyes"; then AC_MSG_ERROR(["cannot use both S/Key and OPIE"]) fi dnl dnl Use BSD-style man sections by default dnl : ${mansectsu='8'} : ${mansectform='5'} dnl dnl Add in any libpaths or libraries specified via configure dnl if test -n "$with_libpath"; then for i in ${with_libpath}; do SUDO_APPEND_LIBPATH(LDFLAGS, [$i]) done fi if test -n "$with_libraries"; then for i in ${with_libraries}; do case $i in -l*) ;; *.a) ;; *.o) ;; *) i="-l${i}";; esac LIBS="${LIBS} ${i}" done fi dnl dnl C compiler checks (to be done after os checks) dnl AC_PROG_GCC_TRADITIONAL AC_C_CONST AC_C_VOLATILE AC_MSG_CHECKING([for variadic macro support in cpp]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ AC_INCLUDES_DEFAULT #if defined(__GNUC__) && __GNUC__ == 2 # define sudo_fprintf(fp, fmt...) fprintf((fp), (fmt)) #else # define sudo_fprintf(fp, ...) fprintf((fp), __VA_ARGS__) #endif ], [sudo_fprintf(stderr, "a %s", "test");])], [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]) AC_DEFINE([NO_VARIADIC_MACROS], [1], [Define if your C preprocessor does not support variadic macros.]) AC_MSG_WARN([Your C preprocessor doesn't support variadic macros, debugging support will be limited])]) dnl dnl Program checks dnl AC_PROG_YACC AC_PATH_PROG([FLEX], [flex], [flex]) SUDO_PROG_MV SUDO_PROG_BSHELL if test -z "$with_sendmail"; then SUDO_PROG_SENDMAIL fi SUDO_PROG_VI dnl dnl Check for authpriv support in syslog dnl AC_MSG_CHECKING(which syslog facility sudo should log with) if test X"$with_logfac" = X""; then AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[int i = LOG_AUTHPRIV; (void)i;]])], [logfac=authpriv]) fi AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.]) AC_MSG_RESULT($logfac) dnl dnl Header file checks dnl AC_HEADER_STDC AC_HEADER_DIRENT AC_HEADER_TIME AC_HEADER_STDBOOL AC_HEADER_MAJOR AC_CHECK_HEADERS(malloc.h netgroup.h paths.h spawn.h utime.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h) AC_CHECK_HEADERS([endian.h] [sys/endian.h] [machine/endian.h], [break]) AC_CHECK_HEADERS([procfs.h] [sys/procfs.h], [AC_CHECK_MEMBERS(struct psinfo.pr_ttydev, [AC_CHECK_FUNCS(_ttyname_dev)], [], [AC_INCLUDES_DEFAULT #ifdef HAVE_PROCFS_H #include #endif #ifdef HAVE_SYS_PROCFS_H #include #endif ])] break) # # Check for large file support. # AC_SYS_LARGEFILE # # HP-UX may need to define _XOPEN_SOURCE_EXTENDED to expose MSG_WAITALL. # Also, HP-UX 11.23 has a broken sys/types.h when large files support # is enabled and _XOPEN_SOURCE_EXTENDED is not also defined. # The following test will define _XOPEN_SOURCE_EXTENDED in either case. # case "$host_os" in hpux*) AC_CACHE_CHECK([whether sys/socket.h needs _XOPEN_SOURCE_EXTENDED for MSG_WAITALL], [sudo_cv_xopen_source_extended], [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT # include ], [int a = MSG_WAITALL; return a;])], [sudo_cv_xopen_source_extended=no], [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#define _XOPEN_SOURCE_EXTENDED AC_INCLUDES_DEFAULT # include ], [int a = MSG_WAITALL; return a;])], [sudo_cv_xopen_source_extended=yes], [sudo_cv_xopen_source_extended=error]) ])]) if test "$sudo_cv_xopen_source_extended" = "yes"; then OSDEFS="${OSDEFS} -D_XOPEN_SOURCE_EXTENDED" SUDO_DEFINE(_XOPEN_SOURCE_EXTENDED) fi ;; esac AC_SYS_POSIX_TERMIOS if test "$ac_cv_sys_posix_termios" != "yes"; then AC_MSG_ERROR([Must have POSIX termios to build sudo]) fi SUDO_MAILDIR if test ${with_logincap-'no'} != "no"; then AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class]] '; LCMAN=1 case "$OS" in freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" SUDOERS_LIBS="${SUDOERS_LIBS} -lutil" ;; esac ]) fi if test ${with_project-'no'} != "no"; then AC_CHECK_HEADER(project.h, [ AC_CHECK_LIB(project, setproject, [ AC_DEFINE(HAVE_PROJECT_H) SUDO_LIBS="${SUDO_LIBS} -lproject" ]) ], []) fi dnl dnl typedef checks dnl We need to define __STDC_WANT_LIB_EXT1__ for errno_t and rsize_t dnl SUDO_APPEND_CPPFLAGS(-D__STDC_WANT_LIB_EXT1__=1) AC_TYPE_MODE_T AC_TYPE_UID_T AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include #include ]) AC_CHECK_TYPES([sigaction_t], [], [], [#include #include ]) AC_CHECK_TYPES([struct timespec], [], [], [#include #ifdef TIME_WITH_SYS_TIME # include #endif #include ]) AC_CHECK_TYPES([struct in6_addr], [], [], [#include #include ]) AC_TYPE_LONG_LONG_INT if test X"$ac_cv_type_long_long_int" != X"yes"; then AC_MSG_ERROR(["C compiler does not appear to support the long long int type"]) fi AC_CHECK_SIZEOF([long int]) AC_CHECK_TYPE(id_t, unsigned int) AC_CHECK_TYPE(size_t, unsigned int) AC_CHECK_TYPE(ssize_t, int) AC_CHECK_TYPE(dev_t, int) AC_CHECK_TYPE(ino_t, unsigned int) AC_CHECK_TYPE(uint8_t, unsigned char) AC_CHECK_TYPE(uint32_t, unsigned int) AC_CHECK_TYPE(uint64_t, unsigned long long) AC_CHECK_TYPE(socklen_t, [], [AC_DEFINE(socklen_t, unsigned int)], [ AC_INCLUDES_DEFAULT #include ]) AC_CHECK_TYPE(rsize_t, size_t) AC_CHECK_TYPE(errno_t, int) SUDO_UID_T_LEN SUDO_SOCK_SA_LEN SUDO_SOCK_SIN_LEN dnl dnl Check for utmp/utmpx struct members. dnl We need to include OSDEFS for glibc which only has __e_termination dnl visible when _GNU_SOURCE is *not* defined. dnl _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $OSDEFS" if test $ac_cv_header_utmpx_h = "yes"; then AC_CHECK_MEMBERS([struct utmpx.ut_id, struct utmpx.ut_pid, struct utmpx.ut_tv, struct utmpx.ut_type], [], [], [ # include # include ]) dnl dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination dnl AC_CHECK_MEMBERS([struct utmpx.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [ AC_CHECK_MEMBERS([struct utmpx.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [], [ # include # include ]) ], [ # include # include ]) else AC_CHECK_MEMBERS([struct utmp.ut_id, struct utmp.ut_pid, struct utmp.ut_tv, struct utmp.ut_type, struct utmp.ut_user], [], [], [ # include # include ]) dnl dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination dnl AC_CHECK_MEMBERS([struct utmp.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [ AC_CHECK_MEMBERS([struct utmp.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [], [ # include # include ]) ], [ # include # include ]) fi CFLAGS="$_CFLAGS" dnl dnl Function checks dnl AC_FUNC_GETGROUPS AC_CHECK_FUNCS(glob nl_langinfo regcomp setenv strftime strrchr strtoll \ sysconf tzset) AC_CHECK_FUNCS(getgrouplist, [], [ case "$host_os" in aix*) AC_CHECK_FUNCS(getgrset) ;; *) AC_CHECK_FUNC(nss_search, [ AC_CHECK_FUNC(_nss_XbyY_buf_alloc, [ # Solaris AC_CHECK_FUNC(_nss_initf_group, [ AC_CHECK_HEADERS(nss_dbdefs.h) AC_DEFINE([HAVE_NSS_SEARCH]) AC_DEFINE([HAVE__NSS_XBYY_BUF_ALLOC]) AC_DEFINE([HAVE__NSS_INITF_GROUP]) ]) ], [ # HP-UX AC_CHECK_FUNC(__nss_XbyY_buf_alloc, [ AC_CHECK_FUNC(__nss_initf_group, [ AC_CHECK_HEADERS(nss_dbdefs.h) AC_DEFINE([HAVE_NSS_SEARCH]) AC_DEFINE([HAVE___NSS_XBYY_BUF_ALLOC]) AC_DEFINE([HAVE___NSS_INITF_GROUP]) ]) ]) ]) ]) ;; esac AC_LIBOBJ(getgrouplist) ]) AC_CHECK_FUNCS(getline, [], [ AC_LIBOBJ(getline) AC_CHECK_FUNCS(fgetln) ]) dnl dnl If libc supports _FORTIFY_SOURCE check functions, use it. dnl if test "$enable_hardening" != "no"; then O_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" AC_CHECK_FUNC(__sprintf_chk, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]])], [OSDEFS="${OSDEFS} -D_FORTIFY_SOURCE=2"], []) ], []) CPPFLAGS="$O_CPPFLAGS" fi utmp_style=LEGACY AC_CHECK_FUNCS(getutxid getutid, [utmp_style=POSIX; break]) if test "$utmp_style" = "LEGACY"; then AC_CHECK_FUNCS(getttyent ttyslot, [break]) AC_CHECK_FUNCS(fseeko) fi AC_CHECK_FUNCS(sysctl, [AC_CHECK_MEMBERS([struct kinfo_proc.ki_tdev], [], [ AC_CHECK_MEMBERS([struct kinfo_proc2.p_tdev], [], [ AC_CHECK_MEMBERS([struct kinfo_proc.p_tdev], [], [ AC_CHECK_MEMBERS([struct kinfo_proc.kp_eproc.e_tdev], [], [], [ # include # include ]) ], [ # include # include ]) ], [ # include # include ]) ], [ # include # include # include ]) ]) AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])], [ AC_CHECK_LIB(util, openpty, [ AC_CHECK_HEADERS(libutil.h util.h pty.h, [break]) case "$SUDO_LIBS" in *-lutil*) ;; *) SUDO_LIBS="${SUDO_LIBS} -lutil";; esac AC_DEFINE(HAVE_OPENPTY) ], [ AC_CHECK_FUNCS(_getpty, [], [ AC_CHECK_FUNCS(grantpt, [ AC_CHECK_FUNCS(posix_openpt) ], [ AC_CHECK_FUNCS(revoke) ]) ]) ]) ]) AC_CHECK_FUNCS(unsetenv, [SUDO_FUNC_UNSETENV_VOID], []) SUDO_FUNC_PUTENV_CONST if test -z "$SKIP_SETRESUID"; then AC_CHECK_FUNCS(setresuid, [ SKIP_SETREUID=yes AC_CHECK_FUNCS(getresuid) ]) fi if test -z "$SKIP_SETREUID"; then AC_CHECK_FUNCS(setreuid) fi AC_CHECK_FUNCS(seteuid) if test X"$with_interfaces" != X"no"; then AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)]) fi if test -z "$BROKEN_GETCWD"; then AC_REPLACE_FUNCS(getcwd) fi AC_CHECK_FUNCS(lockf flock, [break]) AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]]) AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)]) AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)]) SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch) COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }fnm_test" ]) SUDO_FUNC_ISBLANK AC_REPLACE_FUNCS(memrchr memset_s pw_dup strlcpy strlcat strtonum) AC_CHECK_FUNCS(getopt_long, [], [AC_LIBOBJ(getopt_long) AC_MSG_CHECKING([for optreset]) AC_CACHE_VAL(sudo_cv_optreset, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern int optreset; optreset = 1; return optreset;]])], [sudo_cv_optreset=yes], [sudo_cv_optreset=no])]) if test "$sudo_cv_optreset" = "yes"; then AC_DEFINE(HAVE_OPTRESET) fi AC_MSG_RESULT($sudo_cv_optreset) ]) AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom) AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [], [ # include # include ]) ]) AC_CHECK_FUNCS(mkstemps mkdtemp, [], [ AC_CHECK_FUNCS(random lrand48, [break]) AC_LIBOBJ(mktemp) ]) AX_FUNC_SNPRINTF AC_CHECK_FUNCS(asprintf vasprintf) if test X"$ac_cv_have_working_snprintf$ac_cv_have_working_vsnprintf" = X"yesyes"; then # Don't add snprintf to LIBOBJS if it is already present. if test X"$ac_cv_func_asprintf$ac_cv_func_vasprintf" != X"yesyes"; then AC_LIBOBJ(snprintf) fi fi # We wrap OpenBSD's strtonum() to get translatable error strings. AC_CHECK_FUNCS(strtonum) AC_LIBOBJ(strtonum) if test X"$ac_cv_type_struct_timespec" != X"no"; then AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)] [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))], [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))]) fi dnl dnl Function checks for sudo_noexec dnl if test X"$with_noexec" != X"no"; then # Check for underscore versions of standard exec functions # unless we are using dyld symbole interposition if test X"$dlyld_interpose" != X"yes"; then AC_CHECK_FUNCS(_execl __execl) AC_CHECK_FUNCS(_execle __execle) AC_CHECK_FUNCS(_execlp __execlp) AC_CHECK_FUNCS(_execv __execv) AC_CHECK_FUNCS(_execve __execve) AC_CHECK_FUNCS(_execvp __execvp) fi # Check for non-standard exec functions including underscore versions AC_CHECK_FUNCS(exect, [ if test X"$dlyld_interpose" != X"yes"; then AC_CHECK_FUNCS(_exect __exect) fi ]) AC_CHECK_FUNCS(execvP, [ if test X"$dlyld_interpose" != X"yes"; then AC_CHECK_FUNCS(_execvP __execvP) fi ]) AC_CHECK_FUNCS(execvpe, [ if test X"$dlyld_interpose" != X"yes"; then AC_CHECK_FUNCS(_execvpe __execvpe) fi ]) AC_CHECK_FUNCS(fexecve, [ if test X"$dlyld_interpose" != X"yes"; then AC_CHECK_FUNCS(_fexecve __fexecve) fi ]) # Check for posix_spawn, posix_spawnp and any underscore versions AC_CHECK_FUNCS(posix_spawn, [ if test X"$dlyld_interpose" != X"yes"; then AC_CHECK_FUNCS(_posix_spawn __posix_spawn) fi ]) AC_CHECK_FUNCS(posix_spawnp, [ if test X"$dlyld_interpose" != X"yes"; then AC_CHECK_FUNCS(_posix_spawnp __posix_spawnp) fi ]) fi dnl dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR. dnl AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include #include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include #include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])]) AC_CHECK_MEMBERS([struct dirent.d_type], [], [], [ AC_INCLUDES_DEFAULT #include <$ac_header_dirent> ]) dnl dnl If socket(2) not in libc, check -lsocket and -linet dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols dnl AC_CHECK_FUNC(socket, [], [ for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do _libs= for lib in $libs; do case "$NET_LIBS" in *"$lib"*) ;; *) _libs="$_libs $lib";; esac done libs="${_libs# }" test -z "$libs" && continue lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" SUDO_CHECK_LIB($lib, socket, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) done ]) dnl dnl If inet_addr(3) not in libc, check -lnsl and -linet dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols dnl AC_CHECK_FUNC(inet_addr, [], [ AC_CHECK_FUNC(__inet_addr, [], [ for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do _libs= for lib in $libs; do case "$NET_LIBS" in *"$lib"*) ;; *) _libs="$_libs $lib";; esac done libs="${_libs# }" test -z "$libs" && continue lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" SUDO_CHECK_LIB($lib, inet_addr, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) done ]) ]) dnl dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet dnl AC_CHECK_FUNC(syslog, [], [ for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do _libs= for lib in $libs; do case "$NET_LIBS" in *"$lib"*) ;; *) _libs="$_libs $lib";; esac done libs="${_libs# }" test -z "$libs" && continue lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" SUDO_CHECK_LIB($lib, syslog, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) done ]) # # Check for getaddrinfo and add any required libs to NET_LIBS # OLIBS="$LIBS" AX_FUNC_GETADDRINFO for lib in $LIBS; do case "$OLIBS" in *"$lib"*) ;; *) NET_LIBS="$NET_LIBS $lib";; esac done dnl dnl Check for getprogname() or __progname dnl AC_CHECK_FUNCS(getprogname, , [ AC_MSG_CHECKING([for __progname]) AC_CACHE_VAL(sudo_cv___progname, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])]) if test "$sudo_cv___progname" = "yes"; then AC_DEFINE(HAVE___PROGNAME) fi AC_MSG_RESULT($sudo_cv___progname) ]) dnl dnl Check for __func__ or __FUNCTION__ dnl AC_MSG_CHECKING([for __func__]) AC_CACHE_VAL(sudo_cv___func__, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__func__);]])], [sudo_cv___func__=yes], [sudo_cv___func__=no])]) AC_MSG_RESULT($sudo_cv___func__) if test "$sudo_cv___func__" = "yes"; then AC_DEFINE(HAVE___FUNC__) elif test -n "$GCC"; then AC_MSG_CHECKING([for __FUNCTION__]) AC_CACHE_VAL(sudo_cv___FUNCTION__, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__FUNCTION__);]])], [sudo_cv___FUNCTION__=yes], [sudo_cv___FUNCTION__=no])]) AC_MSG_RESULT($sudo_cv___FUNCTION__) if test "$sudo_cv___FUNCTION__" = "yes"; then AC_DEFINE(HAVE___FUNC__) AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler supports __FUNCTION__ but not __func__]) fi fi # gettext() and friends may be located in libc (Linux and Solaris) # or in libintl. However, it is possible to have libintl installed # even when gettext() is present in libc. In the case of GNU libintl, # gettext() will be defined to gettext_libintl in libintl.h. # Since gcc prefers /usr/local/include to /usr/include, we need to # make sure we use the gettext() that matches the include file. if test "$enable_nls" != "no"; then if test "$enable_nls" != "yes"; then SUDO_APPEND_CPPFLAGS(-I${enable_nls}/include) SUDO_APPEND_LIBPATH(LDFLAGS, [$enable_nls/lib]) fi OLIBS="$LIBS" for l in "libc" "-lintl" "-lintl -liconv"; do if test "$l" = "libc"; then # If user specified a dir for libintl ignore libc if test "$enable_nls" != "yes"; then continue fi gettext_name=sudo_cv_gettext AC_MSG_CHECKING([for gettext]) else LIBS="$OLIBS $l" gettext_name=sudo_cv_gettext"`echo $l|sed -e 's/ //g' -e 's/-/_/g'`" AC_MSG_CHECKING([for gettext in $l]) fi AC_CACHE_VAL($gettext_name, [ AC_LINK_IFELSE( [ AC_LANG_PROGRAM([[#include ]], [(void)gettext((char *)0);]) ], [eval $gettext_name=yes], [eval $gettext_name=no] ) ]) eval gettext_result="\$$gettext_name" AC_MSG_RESULT($gettext_result) if test "$gettext_result" = "yes"; then AC_CHECK_FUNCS(ngettext) break fi done LIBS="$OLIBS" if test "$sudo_cv_gettext" = "yes"; then AC_DEFINE(HAVE_LIBINTL_H) SUDO_NLS=enabled # For Solaris we need links from lang to lang.UTF-8 in localedir case "$host_os" in solaris2*) LOCALEDIR_SUFFIX=".UTF-8";; esac elif test "$sudo_cv_gettext_lintl" = "yes"; then AC_DEFINE(HAVE_LIBINTL_H) SUDO_NLS=enabled LIBINTL="-lintl" elif test "$sudo_cv_gettext_lintl_liconv" = "yes"; then AC_DEFINE(HAVE_LIBINTL_H) SUDO_NLS=enabled LIBINTL="-lintl -liconv" fi fi dnl dnl Deferred zlib option processing. dnl By default we use the system zlib if it is present. dnl If a directory was specified for zlib (or we are use sudo's version), dnl prepend the include dir to make sure we get the right zlib header. dnl case "$enable_zlib" in yes) AC_CHECK_LIB(z, gzdopen, [ AC_CHECK_HEADERS(zlib.h, [ZLIB="-lz"], [enable_zlib=builtin]) ]) ;; no) ;; system) AC_DEFINE(HAVE_ZLIB_H) ZLIB="-lz" ;; builtin) # handled below ;; *) AC_DEFINE(HAVE_ZLIB_H) SUDO_APPEND_CPPFLAGS(-I${enable_zlib}/include) SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib]) ZLIB="${ZLIB} -lz" ;; esac if test X"$enable_zlib" = X"builtin"; then AC_DEFINE(HAVE_ZLIB_H) CPPFLAGS='-I$(top_builddir)/zlib -I$(top_srcdir)/zlib '"${CPPFLAGS}" ZLIB="${ZLIB}"' $(top_builddir)/zlib/libz.la' ZLIB_SRC=zlib AC_CONFIG_HEADER([zlib/zconf.h]) AC_CONFIG_FILES([zlib/Makefile]) fi dnl dnl Check for errno declaration in errno.h dnl AC_CHECK_DECLS([errno], [], [], [ AC_INCLUDES_DEFAULT #include ]) dnl dnl Check for h_errno declaration in netdb.h dnl AC_CHECK_DECLS([h_errno], [], [], [ AC_INCLUDES_DEFAULT #include ]) dnl dnl Check for strsignal() or sys_siglist dnl AC_CHECK_FUNCS(strsignal, [], [ AC_LIBOBJ(strsignal) HAVE_SIGLIST="false" AC_CHECK_DECLS([sys_siglist, _sys_siglist, __sys_siglist], [ HAVE_SIGLIST="true" break ], [ ], [ AC_INCLUDES_DEFAULT #include ]) if test "$HAVE_SIGLIST" != "true"; then AC_LIBOBJ(siglist) fi ]) dnl dnl Check for sig2str(), sys_signame or sys_sigabbrev dnl AC_CHECK_FUNCS(sig2str, [], [ AC_LIBOBJ(sig2str) HAVE_SIGNAME="false" AC_CHECK_DECLS([sys_signame, _sys_signame, __sys_signame, sys_sigabbrev], [ HAVE_SIGNAME="true" break ], [ ], [ AC_INCLUDES_DEFAULT #include ]) if test "$HAVE_SIGNAME" != "true"; then AC_CACHE_CHECK([for undeclared sys_sigabbrev], [sudo_cv_var_sys_sigabbrev], [AC_LINK_IFELSE( [AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return sys_sigabbrev[1];]])], [sudo_cv_var_sys_sigabbrev=yes], [sudo_cv_var_sys_sigabbrev=no] ) ] ) if test "$sudo_cv_var_sys_sigabbrev" = yes; then AC_DEFINE(HAVE_SYS_SIGABBREV) else AC_LIBOBJ(signame) fi fi ]) dnl dnl nsswitch.conf and its equivalents dnl if test ${with_netsvc-"no"} != "no"; then SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}") netsvc_conf=${with_netsvc-/etc/netsvc.conf} elif test ${with_nsswitch-"yes"} != "no"; then SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}") nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf} fi dnl dnl Mutually exclusive auth checks come first, followed by dnl non-exclusive ones. Note: passwd must be last of all! dnl dnl dnl Convert default authentication methods to with_* if dnl no explicit authentication scheme was specified. dnl if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then for auth in $AUTH_EXCL_DEF; do case $auth in AIX_AUTH) with_aixauth=maybe;; BSD_AUTH) with_bsdauth=maybe;; PAM) with_pam=maybe;; SIA) CHECKSIA=true;; esac done fi dnl dnl PAM support. Systems that use PAM by default set with_pam=default dnl and we do the actual tests here. dnl if test ${with_pam-"no"} != "no"; then # # Check for pam_start() in libpam first, then for pam_appl.h. # found_pam_lib=no AC_CHECK_LIB(pam, pam_start, [found_pam_lib=yes], [], [$lt_cv_dlopen_libs]) # # Some PAM implementations (MacOS X for example) put the PAM headers # in /usr/include/pam instead of /usr/include/security... # found_pam_hdrs=no AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [found_pam_hdrs=yes; break]) if test "$found_pam_lib" = "yes" -a "$found_pam_hdrs" = "yes"; then # Found both PAM libs and headers with_pam=yes elif test "$with_pam" = "yes"; then if test "$found_pam_lib" = "no"; then AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development library."]) fi if test "$found_pam_hdrs" = "no"; then AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development headers."]) fi elif test "$found_pam_lib" != "$found_pam_hdrs"; then if test "$found_pam_lib" = "no"; then AC_MSG_ERROR(["found PAM headers but no PAM development library; specify --without-pam to build without PAM"]) fi if test "$found_pam_hdrs" = "no"; then AC_MSG_ERROR(["found PAM library but no PAM development headers; specify --without-pam to build without PAM"]) fi fi if test "$with_pam" = "yes"; then # Older PAM implementations lack pam_getenvlist OLIBS="$LIBS" LIBS="$LIBS -lpam $lt_cv_dlopen_libs" AC_CHECK_FUNCS(pam_getenvlist) LIBS="$OLIBS" # We already link with -ldl if needed (see LIBDL below) SUDOERS_LIBS="${SUDOERS_LIBS} -lpam" AC_DEFINE(HAVE_PAM) AUTH_OBJS="$AUTH_OBJS pam.lo"; AUTH_EXCL=PAM AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])], [case $with_pam_login in yes) AC_DEFINE([HAVE_PAM_LOGIN]) AC_MSG_CHECKING(whether to use PAM login) AC_MSG_RESULT(yes) pam_login_service="sudo-i" ;; no) ;; *) AC_MSG_ERROR(["--with-pam-login does not take an argument."]) ;; esac]) AC_MSG_CHECKING(whether to use PAM session support) AC_ARG_ENABLE(pam_session, [AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) ;; no) AC_MSG_RESULT(no) AC_DEFINE(NO_PAM_SESSION) pam_session=off ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval]) ;; esac], AC_MSG_RESULT(yes)) fi fi dnl dnl AIX general authentication dnl If set to "maybe" only enable if no other exclusive method in use. dnl if test ${with_aixauth-'no'} != "no"; then if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then AC_MSG_NOTICE([using AIX general authentication]) AC_DEFINE(HAVE_AIXAUTH) AUTH_OBJS="$AUTH_OBJS aix_auth.lo"; SUDOERS_LIBS="${SUDOERS_LIBS} -ls" AUTH_EXCL=AIX_AUTH fi fi dnl dnl BSD authentication dnl If set to "maybe" only enable if no other exclusive method in use. dnl if test ${with_bsdauth-'no'} != "no"; then AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H) [AUTH_OBJS="$AUTH_OBJS bsdauth.lo"] [BSDAUTH_USAGE='[[-a type]] '] [AUTH_EXCL=BSD_AUTH; BAMAN=1], [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])]) fi dnl dnl SIA authentication for Tru64 Unix dnl if test ${CHECKSIA-'false'} = "true"; then AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false]) if test "$found" = "true"; then AUTH_EXCL=SIA AUTH_OBJS="$AUTH_OBJS sia.lo" fi fi dnl dnl extra FWTK libs + includes dnl if test ${with_fwtk-'no'} != "no"; then if test "$with_fwtk" != "yes"; then SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_fwtk}]) SUDO_APPEND_CPPFLAGS(-I${with_fwtk}) with_fwtk=yes fi SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall" AUTH_OBJS="$AUTH_OBJS fwtk.lo" fi dnl dnl extra SecurID lib + includes dnl if test ${with_SecurID-'no'} != "no"; then if test "$with_SecurID" != "yes"; then : elif test -d /usr/ace/examples; then with_SecurID=/usr/ace/examples else with_SecurID=/usr/ace fi SUDO_APPEND_CPPFLAGS(-I${with_SecurID}) SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}]) SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread" AUTH_OBJS="$AUTH_OBJS securid5.lo"; fi dnl dnl Non-mutually exclusive auth checks come next. dnl Note: passwd must be last of all! dnl dnl dnl Convert default authentication methods to with_* if dnl no explicit authentication scheme was specified. dnl if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then for auth in $AUTH_DEF; do case $auth in passwd) : ${with_passwd='maybe'};; esac done fi dnl dnl Kerberos V dnl There is an easy way and a hard way... dnl if test ${with_kerb5-'no'} != "no"; then AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "") if test -n "$KRB5CONFIG"; then AC_DEFINE(HAVE_KERB5) AUTH_OBJS="$AUTH_OBJS kerb5.lo" CPPFLAGS="$CPPFLAGS `krb5-config --cflags`" SUDOERS_LIBS="$SUDOERS_LIBS `krb5-config --libs`" dnl dnl Try to determine whether we have Heimdal or MIT Kerberos dnl AC_MSG_CHECKING(whether we are using Heimdal) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[const char *tmp = heimdal_version;]])], [ AC_MSG_RESULT(yes) AC_DEFINE(HAVE_HEIMDAL) ], [ AC_MSG_RESULT(no) ] ) else AC_DEFINE(HAVE_KERB5) dnl dnl Use the specified directory, if any, else search for correct inc dir dnl if test "$with_kerb5" = "yes"; then found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes; break]) done if test X"$found" = X"no"; then CPPFLAGS="$O_CPPFLAGS" AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) fi else dnl XXX - try to include krb5.h here too SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb5}/lib]) SUDO_APPEND_CPPFLAGS(-I${with_kerb5}/include) fi dnl dnl Try to determine whether we have Heimdal or MIT Kerberos dnl AC_MSG_CHECKING(whether we are using Heimdal) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[const char *tmp = heimdal_version;]])], [ AC_MSG_RESULT(yes) AC_DEFINE(HAVE_HEIMDAL) # XXX - need to check whether -lcrypo is needed! SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1" AC_CHECK_LIB(roken, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lroken"]) ], [ AC_MSG_RESULT(no) SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lk5crypto -lcom_err" AC_CHECK_LIB(krb5support, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5support"]) ]) AUTH_OBJS="$AUTH_OBJS kerb5.lo" fi _LIBS="$LIBS" LIBS="${LIBS} ${SUDOERS_LIBS}" AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context) AC_CHECK_FUNCS(krb5_get_init_creds_opt_alloc, [ AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context], sudo_cv_krb5_get_init_creds_opt_free_two_args, [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[krb5_get_init_creds_opt_free(NULL, NULL);]] )], [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes], [sudo_cv_krb5_get_init_creds_opt_free_two_args=no] ) ] ) ]) if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS) fi LIBS="$_LIBS" AC_MSG_CHECKING(whether to use an instance name for Kerberos V) AC_ARG_ENABLE(kerb5-instance, [AS_HELP_STRING([--enable-kerb5-instance], [instance string to append to the username (separated by a slash)])], [ case "$enableval" in yes) AC_MSG_ERROR(["must give --enable-kerb5-instance an argument."]) ;; no) AC_MSG_RESULT(no) ;; *) SUDO_DEFINE_UNQUOTED(SUDO_KRB5_INSTANCE, "$enableval") AC_MSG_RESULT([$enableval]) ;; esac], AC_MSG_RESULT(no)) fi dnl dnl extra AFS libs and includes dnl if test ${with_AFS-'no'} = "yes"; then # looks like the "standard" place for AFS libs is /usr/afsws/lib AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs" for i in $AFSLIBDIRS; do if test -d ${i}; then SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [$i]) FOUND_AFSLIBDIR=true fi done if test -z "$FOUND_AFSLIBDIR"; then AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options.]) fi # Order is important here. Note that we build AFS_LIBS from right to left # since AFS_LIBS may be initialized with BSD compat libs that must go last AFS_LIBS="-laudit ${AFS_LIBS}" for i in $AFSLIBDIRS; do if test -f ${i}/util.a; then AFS_LIBS="${i}/util.a ${AFS_LIBS}" FOUND_UTIL_A=true break; fi done if test -z "$FOUND_UTIL_A"; then AFS_LIBS="-lutil ${AFS_LIBS}" fi AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}" # AFS includes may live in /usr/include on some machines... for i in /usr/afsws/include; do if test -d ${i}; then SUDO_APPEND_CPPFLAGS(-I${i}) FOUND_AFSINCDIR=true fi done if test -z "$FOUND_AFSLIBDIR"; then AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.]) fi AUTH_OBJS="$AUTH_OBJS afs.lo" fi dnl dnl extra DCE obj + lib dnl Order of libs in HP-UX 10.x is important, -ldce must be last. dnl if test ${with_DCE-'no'} = "yes"; then DCE_OBJS="${DCE_OBJS} dce_pwent.o" SUDOERS_LIBS="${SUDOERS_LIBS} -ldce" AUTH_OBJS="$AUTH_OBJS dce.lo" fi dnl dnl extra S/Key lib and includes dnl if test "${with_skey-'no'}" = "yes"; then O_LDFLAGS="$LDFLAGS" if test "$with_skey" != "yes"; then SUDO_APPEND_CPPFLAGS(-I${with_skey}/include) LDFLAGS="$LDFLAGS -L${with_skey}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_skey}/lib]) AC_CHECK_HEADER([skey.h], [found=yes], [found=no], [#include ]) else found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "/usr/local" "/usr/contrib"; do test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" AC_CHECK_HEADER([skey.h], [found=yes; break], [], [#include ]) done if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" else LDFLAGS="$LDFLAGS -L${dir}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib]) fi if test "$found" = "no"; then AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS]) fi fi AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS])]) AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS)) AC_MSG_CHECKING([for RFC1938-compliant skeychallenge]) AC_COMPILE_IFELSE( [AC_LANG_PROGRAM([[ # include # include ]], [[skeychallenge(NULL, NULL, NULL, 0);]] )], [ AC_DEFINE(HAVE_RFC1938_SKEYCHALLENGE) AC_MSG_RESULT([yes]) ], [ AC_MSG_RESULT([no]) ] ) LDFLAGS="$O_LDFLAGS" SUDOERS_LIBS="${SUDOERS_LIBS} -lskey" AUTH_OBJS="$AUTH_OBJS rfc1938.lo" fi dnl dnl extra OPIE lib and includes dnl if test "${with_opie-'no'}" = "yes"; then O_LDFLAGS="$LDFLAGS" if test "$with_opie" != "yes"; then SUDO_APPEND_CPPFLAGS(-I${with_opie}/include) LDFLAGS="$LDFLAGS -L${with_opie}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_opie}/lib]) AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes], [found=no]) else found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "/usr/local" "/usr/contrib"; do test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes; break]) done if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" else LDFLAGS="$LDFLAGS -L${dir}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib]) fi if test "$found" = "no"; then AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS]) fi fi AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS])]) LDFLAGS="$O_LDFLAGS" SUDOERS_LIBS="${SUDOERS_LIBS} -lopie" AUTH_OBJS="$AUTH_OBJS rfc1938.lo" fi dnl dnl Check for shadow password routines if we have not already done so. dnl If there is a specific list of functions to check we do that first. dnl Otherwise, we check for SVR4-style and then SecureWare-style. dnl if test ${with_passwd-'no'} != "no"; then dnl dnl if crypt(3) not in libc, look elsewhere dnl if test -z "$LIB_CRYPT"; then _LIBS="$LIBS" AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"]) LIBS="$_LIBS" fi if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then _LIBS="$LIBS" LIBS="$LIBS $shadow_libs" found=no AC_CHECK_FUNCS($shadow_funcs, [found=yes]) if test "$found" = "yes"; then SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs" elif test -n "$shadow_libs_optional"; then LIBS="$LIBS $shadow_libs_optional" AC_CHECK_FUNCS($shadow_funcs, [found=yes]) if test "$found" = "yes"; then SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs $shadow_libs_optional" fi fi if test "$found" = "yes"; then case "$shadow_funcs" in *getprpwnam*) SECUREWARE=1;; esac test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs" else LIBS="$_LIBS" fi CHECKSHADOW=false fi if test "$CHECKSHADOW" = "true"; then AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"]) fi if test "$CHECKSHADOW" = "true"; then AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"]) fi if test -n "$SECUREWARE"; then AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs) AUTH_OBJS="$AUTH_OBJS secureware.lo" fi fi dnl dnl Choose event subsystem backend: poll or select dnl if test X"$enable_poll" = X""; then AC_CHECK_FUNCS(poll, [enable_poll=yes], [enable_poll=no]) elif test X"$enable_poll" = X"yes"; then AC_DEFINE(HAVE_POLL) fi if test "$enable_poll" = "yes"; then COMMON_OBJS="${COMMON_OBJS} event_poll.lo" else COMMON_OBJS="${COMMON_OBJS} event_select.lo" fi dnl dnl extra lib and .o file for LDAP support dnl if test ${with_ldap-'no'} != "no"; then O_LDFLAGS="$LDFLAGS" if test "$with_ldap" != "yes"; then SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib]) LDFLAGS="$LDFLAGS -L${with_ldap}/lib" SUDO_APPEND_CPPFLAGS(-I${with_ldap}/include) with_ldap=yes fi SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo" LDAP="" _LIBS="$LIBS" LDAP_LIBS="" IBMLDAP_EXTRA="" found=no # On HP-UX, libibmldap has a hidden dependency on libCsup case "$host_os" in hpux*) AC_CHECK_LIB(Csup, main, [IBMLDAP_EXTRA=" -lCsup"]);; esac AC_SEARCH_LIBS(ldap_init, "ldap" "ldap -llber" "ldap -llber -lssl -lcrypto" "ibmldap${IBMLDAP_EXTRA}" "ibmldap -lidsldif${IBMLDAP_EXTRA}", [ test "$ac_res" != "none required" && LDAP_LIBS="$ac_res" found=yes ]) # If nothing linked, try -lldap and hope for the best if test "$found" = "no"; then LDAP_LIBS="-lldap" fi LIBS="${_LIBS} ${LDAP_LIBS}" dnl check if we need to link with -llber for ber_set_option OLIBS="$LIBS" AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no]) if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then LDAP_LIBS="$LDAP_LIBS -llber" fi dnl check if ldap.h includes lber.h for us AC_MSG_CHECKING([whether lber.h is needed]) AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include # include ]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [ AC_MSG_RESULT([yes]) AC_DEFINE(HAVE_LBER_H)]) AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [ AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s) break ]) AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include ]) AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_init ldap_ssl_client_init ldap_start_tls_s_np) AC_CHECK_FUNCS(ldap_search_ext_s ldap_search_st, [break]) if test X"$check_gss_krb5_ccache_name" = X"yes"; then AC_CHECK_LIB(gssapi, gss_krb5_ccache_name, AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME) [LDAP_LIBS="${LDAP_LIBS} -lgssapi"], AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name, AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME) [LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"]) ) # gssapi headers may be separate or part of Kerberos V found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found="gssapi.h"; break])]) done if test X"$found" != X"no"; then AC_CHECK_HEADERS([$found]) if test X"$found" = X"gssapi/gssapi.h"; then AC_CHECK_HEADERS([gssapi/gssapi_krb5.h]) fi else CPPFLAGS="$O_CPPFLAGS" AC_MSG_WARN([Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS]) fi fi SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}" LIBS="$_LIBS" LDFLAGS="$O_LDFLAGS" fi # # How to do dynamic object loading. # We support dlopen() and sh_load(), else fall back to static loading. # case "$lt_cv_dlopen" in dlopen) AC_DEFINE(HAVE_DLOPEN) if test "$enable_static_sudoers" = "yes"; then AC_DEFINE(STATIC_SUDOERS_PLUGIN) SUDO_OBJS="${SUDO_OBJS} preload.o" SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la" SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} --tag=disable-shared -static" LT_STATIC="" else SUDO_OBJS="$SUDO_OBJS locale_stub.o" LT_STATIC="--tag=disable-static" fi ;; shl_load) AC_DEFINE(HAVE_SHL_LOAD) if test "$enable_static_sudoers" = "yes"; then AC_DEFINE(STATIC_SUDOERS_PLUGIN) SUDO_OBJS="${SUDO_OBJS} preload.o" SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la" SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} --tag=disable-shared -static" LT_STATIC="" else SUDO_OBJS="$SUDO_OBJS locale_stub.o" LT_STATIC="--tag=disable-static" fi ;; *) if test X"${ac_cv_func_dlopen}" = X"yes"; then AC_MSG_ERROR(["dlopen present but libtool doesn't appear to support your platform."]) fi # Preload sudoers module symbols SUDO_OBJS="${SUDO_OBJS} preload.o" SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la" LT_STATIC="" ;; esac # On HP-UX, you cannot dlopen() a shared object that uses pthreads unless # the main program is linked against -lpthread. We have no knowledge of # what libraries a plugin may depend on (e.g. HP-UX LDAP which uses pthreads) # so always link against -lpthread on HP-UX if it is available. # This check should go after all other libraries tests. case "$host_os" in hpux*) AC_CHECK_LIB(pthread, main, [SUDO_LIBS="${SUDO_LIBS} -lpthread"]) OSDEFS="${OSDEFS} -D_REENTRANT" ;; esac dnl dnl Check for log file, timestamp and iolog locations dnl if test "$utmp_style" = "LEGACY"; then SUDO_PATH_UTMP fi SUDO_LOGFILE SUDO_TIMEDIR SUDO_IO_LOGDIR dnl dnl Turn warnings into errors. dnl All compiler/loader tests after this point will fail if dnl a warning is displayed (nornally, warnings are not fata). dnl AC_LANG_WERROR dnl dnl If compiler supports the -static-libgcc flag use it unless we have dnl GNU ld (which can avoid linking in libgcc when it is not needed). dnl This test relies on AC_LANG_WERROR dnl if test -n "$GCC" -a "$lt_cv_prog_gnu_ld" != "yes" -a -n "$GCC"; then AX_CHECK_COMPILE_FLAG([-static-libgcc], [LT_LDFLAGS="$LT_LDFLAGS -Wc,-static-libgcc"]) fi dnl dnl Check for symbol visibility support. dnl This test relies on AC_LANG_WERROR dnl if test -n "$GCC"; then AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], [ AC_DEFINE(HAVE_DSO_VISIBILITY) CFLAGS="${CFLAGS} -fvisibility=hidden" LT_LDEXPORTS= LT_LDDEP= NO_VIZ= ]) else case "$host_os" in hpux*) AX_CHECK_COMPILE_FLAG([-Bhidden_def], [ AC_DEFINE(HAVE_DSO_VISIBILITY) CFLAGS="${CFLAGS} -Bhidden_def" LT_LDEXPORTS= LT_LDDEP= ]) ;; solaris2*) AX_CHECK_COMPILE_FLAG([-xldscope=hidden], [ AC_DEFINE(HAVE_DSO_VISIBILITY) CFLAGS="${CFLAGS} -xldscope=hidden" LT_LDEXPORTS= LT_LDDEP= ]) ;; esac fi dnl dnl If the compiler doesn't have symbol visibility support, it may dnl support version scripts (only GNU and Solaris ld). dnl This test relies on AC_LANG_WERROR dnl if test -n "$LT_LDEXPORTS"; then if test "$lt_cv_prog_gnu_ld" = "yes"; then AC_CACHE_CHECK([whether ld supports anonymous map files], [sudo_cv_var_gnu_ld_anon_map], [ sudo_cv_var_gnu_ld_anon_map=no cat > conftest.map <<-EOF { global: foo; local: *; }; EOF _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $lt_prog_compiler_pic" _LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -fpic -shared -Wl,--version-script,./conftest.map" AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])], [sudo_cv_var_gnu_ld_anon_map=yes]) CFLAGS="$_CFLAGS" LDFLAGS="$_LDFLAGS" ] ) if test "$sudo_cv_var_gnu_ld_anon_map" = "yes"; then LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,--version-script,\$(shlib_map)" fi else case "$host_os" in solaris2*) AC_CACHE_CHECK([whether ld supports anonymous map files], [sudo_cv_var_solaris_ld_anon_map], [ sudo_cv_var_solaris_ld_anon_map=no cat > conftest.map <<-EOF { global: foo; local: *; }; EOF _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $lt_prog_compiler_pic" _LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -shared -Wl,-M,./conftest.map" AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])], [sudo_cv_var_solaris_ld_anon_map=yes]) CFLAGS="$_CFLAGS" LDFLAGS="$_LDFLAGS" ] ) if test "$sudo_cv_var_solaris_ld_anon_map" = "yes"; then LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,-M,\$(shlib_map)" fi ;; hpux*) AC_CACHE_CHECK([whether ld supports controlling exported symbols], [sudo_cv_var_hpux_ld_symbol_export], [ sudo_cv_var_hpux_ld_symbol_export=no echo "+e foo" > conftest.opt _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $lt_prog_compiler_pic" _LDFLAGS="$LDFLAGS" if test -n "$GCC"; then LDFLAGS="$LDFLAGS -shared -Wl,-c,./conftest.opt" else LDFLAGS="$LDFLAGS -Wl,-b -Wl,-c,./conftest.opt" fi AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])], [sudo_cv_var_hpux_ld_symbol_export=yes]) CFLAGS="$_CFLAGS" LDFLAGS="$_LDFLAGS" rm -f conftest.opt ] ) if test "$sudo_cv_var_hpux_ld_symbol_export" = "yes"; then LT_LDEXPORTS=; LT_LDDEP="\$(shlib_opt)"; LT_LDOPT="-Wl,-c,\$(shlib_opt)" fi ;; esac fi fi dnl dnl Check for PIE executable support if using gcc. dnl This test relies on AC_LANG_WERROR dnl if test -n "$GCC"; then if test -z "$enable_pie"; then case "$host_os" in linux*) # Attempt to build with PIE support enable_pie="maybe" ;; esac fi if test -n "$enable_pie"; then if test "$enable_pie" = "no"; then AX_CHECK_COMPILE_FLAG([-fno-pie], [ _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -fno-pie" AX_CHECK_LINK_FLAG([-nopie], [ PIE_CFLAGS="-fno-pie" PIE_LDFLAGS="-nopie" ]) CFLAGS="$_CFLAGS" ]) else AX_CHECK_COMPILE_FLAG([-fPIE], [ _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -fPIE" AX_CHECK_LINK_FLAG([-pie], [ if test "$enable_pie" = "maybe"; then SUDO_WORKING_PIE([enable_pie=yes], []) fi if test "$enable_pie" = "yes"; then PIE_CFLAGS="-fPIE" PIE_LDFLAGS="-Wc,-fPIE -pie" fi ]) CFLAGS="$_CFLAGS" ]) fi fi fi if test "$enable_pie" != "yes"; then # Solaris 11.1 and higher supports tagging binaries to use ASLR case "$host_os" in solaris2.1[[1-9]]|solaris2.[[2-9]][[0-9]]) AX_CHECK_LINK_FLAG([-Wl,-z,aslr], [PIE_LDFLAGS="${PIE_LDFLAGS}${PIE_LDFLAGS+ }-Wl,-z,aslr"]) ;; esac fi dnl dnl Check for -fstack-protector and -z relro support dnl This test relies on AC_LANG_WERROR dnl if test "$enable_hardening" != "no"; then if test -n "$GCC"; then AX_CHECK_COMPILE_FLAG([-fstack-protector-strong], [ AX_CHECK_LINK_FLAG([-fstack-protector-strong], [ SSP_CFLAGS="-fstack-protector-strong" SSP_LDFLAGS="-Wc,-fstack-protector-strong" ]) ]) if test -z "$SSP_CFLAGS"; then AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [ AX_CHECK_LINK_FLAG([-fstack-protector-all], [ SSP_CFLAGS="-fstack-protector-all" SSP_LDFLAGS="-Wc,-fstack-protector-all" ]) ]) if test -z "$SSP_CFLAGS"; then AX_CHECK_COMPILE_FLAG([-fstack-protector], [ AX_CHECK_LINK_FLAG([-fstack-protector], [ SSP_CFLAGS="-fstack-protector" SSP_LDFLAGS="-Wc,-fstack-protector" ]) ]) fi fi fi AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="${LDFLAGS} -Wl,-z,relro"]) fi dnl dnl Use passwd auth module? dnl case "$with_passwd" in yes|maybe) AUTH_OBJS="$AUTH_OBJS getspwuid.lo passwd.lo" ;; *) AC_DEFINE(WITHOUT_PASSWD) if test -z "$AUTH_OBJS"; then AC_MSG_ERROR([no authentication methods defined.]) fi ;; esac AUTH_OBJS=${AUTH_OBJS# } _AUTH=`echo "$AUTH_OBJS" | sed -e 's/\.lo//g' -e 's/getspwuid *//'` AC_MSG_NOTICE([using the following authentication methods: $_AUTH]) dnl dnl LIBS may contain duplicates from SUDO_LIBS, SUDOERS_LIBS, or NET_LIBS dnl if test -n "$LIBS"; then L="$LIBS" LIBS= for l in ${L}; do dupe=0 for sl in ${SUDO_LIBS} ${SUDOERS_LIBS} ${NET_LIBS}; do test $l = $sl && dupe=1 done test $dupe = 0 && LIBS="${LIBS} $l" done fi dnl dnl OS-specific initialization dnl AC_DEFINE_UNQUOTED(os_init, $OS_INIT, [Define to an OS-specific initialization function or `os_init_common'.]) dnl dnl We add -Wall and -Werror after all tests so they don't cause failures dnl if test -n "$GCC"; then if test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"; then CFLAGS="${CFLAGS} -Wall -Wsign-compare -Wold-style-definition -Wpointer-arith" fi if test X"$enable_werror" = X"yes"; then CFLAGS="${CFLAGS} -Werror" fi fi dnl dnl Skip regress tests and sudoers sanity check if cross compiling. dnl CROSS_COMPILING="$cross_compiling" dnl dnl Set exec_prefix dnl test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)' dnl dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set dnl XXX - this is gross! dnl if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no" -o "$enabled_shared" != X"no"; then oexec_prefix="$exec_prefix" if test "$exec_prefix" = '$(prefix)'; then if test "$prefix" = "NONE"; then exec_prefix="$ac_default_prefix" else exec_prefix="$prefix" fi fi if test X"$with_noexec" != X"no"; then PROGS="${PROGS} libsudo_noexec.la" INSTALL_NOEXEC="install-noexec" noexec_file="$with_noexec" _noexec_file= while test X"$noexec_file" != X"$_noexec_file"; do _noexec_file="$noexec_file" eval noexec_file="$_noexec_file" done SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so]) fi if test X"$with_selinux" != X"no"; then sesh_file="$libexecdir/sudo/sesh" _sesh_file= while test X"$sesh_file" != X"$_sesh_file"; do _sesh_file="$sesh_file" eval sesh_file="$_sesh_file" done SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file") fi if test X"$enable_shared" != X"no"; then PLUGINDIR="$with_plugindir" _PLUGINDIR= while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do _PLUGINDIR="$PLUGINDIR" eval PLUGINDIR="$_PLUGINDIR" done SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/") fi exec_prefix="$oexec_prefix" fi if test X"$with_selinux" = X"no"; then SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, NULL) fi dnl dnl Add -R options to LDFLAGS, etc. dnl if test X"$LDFLAGS_R" != X""; then LDFLAGS="$LDFLAGS $LDFLAGS_R" fi if test X"$SUDOERS_LDFLAGS_R" != X""; then SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS $SUDOERS_LDFLAGS_R" fi if test X"$ZLIB_R" != X""; then ZLIB="$ZLIB_R $ZLIB" fi dnl dnl Override default configure dirs for the Makefile dnl if test X"$prefix" = X"NONE"; then test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man' else test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man' fi test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec' test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include' test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share' test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale' test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var' test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' dnl dnl Substitute into the Makefile and man pages dnl AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) AC_OUTPUT dnl dnl Spew any text the user needs to know about dnl if test "$with_pam" = "yes"; then case $host_os in hpux*) if test -f /usr/lib/security/libpam_hpsec.so.1; then AC_MSG_NOTICE([You may wish to add the following line to /etc/pam.conf]) AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login]) fi ;; linux*) AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo]) ;; esac fi dnl dnl Autoheader templates dnl AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.]) AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.]) AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.]) AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.]) AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.]) AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.]) AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.]) AH_TEMPLATE(ENV_RESET, [Define to 1 to enable environment resetting by default.]) AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".]) AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.]) AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.]) AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.]) AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.]) AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.]) AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.]) AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.]) AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.]) AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.]) AH_TEMPLATE(HAVE_DLOPEN, [Define to 1 if you have the `dlopen' function.]) AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.]) AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.]) AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.]) AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords).]) AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords).]) AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords).]) AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords).]) AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords).]) AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.]) AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.]) AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled).]) AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled).]) AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.]) AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.]) AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.]) AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.]) AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.]) AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs . (OpenLDAP does not).]) AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.]) AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the header file.]) AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.]) AH_TEMPLATE(HAVE_SSSD, [Define to 1 to enable SSSD support.]) AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.]) AH_TEMPLATE(HAVE_OPTRESET, [Define to 1 if you have the `optreset' symbol.]) AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.]) AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.]) AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the header file.]) AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.]) AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.]) AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.]) AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.]) AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments.]) AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union.]) AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member.]) AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member.]) AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.]) AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.]) AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements.]) AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.]) AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.]) AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.]) AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.]) AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support.]) AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.]) AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.]) AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.]) AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.]) AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.]) AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.]) AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.]) AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.]) AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.]) AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.]) AH_TEMPLATE(STATIC_SUDOERS_PLUGIN, [Define to 1 to compile the sudoers plugin statically into the sudo binary.]) AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.]) AH_TEMPLATE(UMASK_OVERRIDE, [Define to 1 to use the umask specified in sudoers even when it is less restrictive than the invoking user's.]) AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.]) AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.]) AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.]) AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.]) AH_TEMPLATE(sig_atomic_t, [Define to `int' if does not define.]) AH_TEMPLATE(socklen_t, [Define to `unsigned int' if doesn't define.]) AH_TEMPLATE(HAVE_STRUCT_UTMP_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmp'.]) AH_TEMPLATE(HAVE_STRUCT_UTMPX_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmpx'.]) AH_TEMPLATE(HAVE___FUNC__, [Define to 1 if the compiler supports the C99 __func__ variable.]) AH_TEMPLATE(HAVE___INTERPOSE, [Define to 1 if you have dyld with __interpose attribute support.]) AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication.]) AH_TEMPLATE(RTLD_PRELOAD_VAR, [The environment variable that controls preloading of dynamic objects.]) AH_TEMPLATE(RTLD_PRELOAD_ENABLE_VAR, [An extra environment variable that is required to enable preloading (if any).]) AH_TEMPLATE(RTLD_PRELOAD_DELIM, [The delimiter to use when defining multiple preloaded objects.]) AH_TEMPLATE(RTLD_PRELOAD_DEFAULT, [The default value of preloaded objects (if any).]) AH_TEMPLATE(HAVE_DSO_VISIBILITY, [Define to 1 if the compiler supports the __visibility__ attribute.]) AH_TEMPLATE(HAVE_SYS_SIGABBREV, [Define to 1 if your libc has the `sys_sigabbrev' symbol.]) AH_TEMPLATE(HAVE_NSS_SEARCH, [Define to 1 if you have the `nss_search' function.]) AH_TEMPLATE(HAVE__NSS_INITF_GROUP, [Define to 1 if you have the `_nss_initf_group' function.]) AH_TEMPLATE(HAVE___NSS_INITF_GROUP, [Define to 1 if you have the `__nss_initf_group' function.]) AH_TEMPLATE(HAVE__NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the `_nss_XbyY_buf_alloc' function.]) AH_TEMPLATE(HAVE___NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the `__nss_XbyY_buf_alloc' function.]) dnl dnl Bits to copy verbatim into config.h.in dnl AH_TOP([#ifndef _SUDO_CONFIG_H #define _SUDO_CONFIG_H]) AH_BOTTOM([/* * Macros to convert ctime and mtime into timevals. */ #define timespec2timeval(_ts, _tv) do { \ (_tv)->tv_sec = (_ts)->tv_sec; \ (_tv)->tv_usec = (_ts)->tv_nsec / 1000; \ } while (0) #ifdef HAVE_ST_MTIM # ifdef HAVE_ST__TIM # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim.st__tim, (_y)) # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim.st__tim, (_y)) # else # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim, (_y)) # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim, (_y)) # endif #else # ifdef HAVE_ST_MTIMESPEC # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctimespec, (_y)) # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtimespec, (_y)) # else # define ctim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_ctime; (_y)->tv_usec = 0; } while (0) # define mtim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_mtime; (_y)->tv_usec = 0; } while (0) # endif /* HAVE_ST_MTIMESPEC */ #endif /* HAVE_ST_MTIM */ #ifdef __GNUC__ # define ignore_result(x) do { \ __typeof__(x) y = (x); \ (void)y; \ } while(0) #else # define ignore_result(x) (void)(x) #endif /* BSD compatibility on some SVR4 systems. */ #ifdef __svr4__ # define BSD_COMP #endif /* __svr4__ */ #endif /* _SUDO_CONFIG_H */]) sudo-1.8.9p5/doc/CONTRIBUTORS010064400175440000012000000076151226304126500150030ustar00millertstaffThe following list of people, sorted by last name, have contributed code or patches to this implementation of sudo since I began maintaining it in 1993. This list is known to be incomplete--if you believe you should be listed, please send a note to sudo@sudo.ws. Ackeret, Matt Adler, Mark Allbery, Russ Andrew, Nick Andric, Dimitry Barron, Danny Bates, Tom Behan, ZdenÄ›k Bellis, Ray Benali, Elias Beverly, Jamie Boardman, Spider Bostley, P.J. Bowes, Keith Boyce, Keith Garry Brantley, Michael Braun, Rob BÅ™ezina, Pavel Brooks, Piete Brown, Jerry Burr, Michael E Bussjaeger, Andreas Calvin, Gary Campbell, Aaron Čížek, VítÄ›zslav Coleman, Chris Corzine, Deven T. Cusack, Frank Dai, Wei Dill, David Earickson, Jeff Eckhardt, Drew Edgington, Ben Esipovich, Marc Espie, Marc Faigon, Ariel Farrell, Brian Fobes, Steve Frysinger, Mike G., Daniel Richard Gailly, Jean-loup Gelman, Stephen Gerraty, Simon J. Graber, Stephane Guillory, B. Hayman, Randy M. Henke, Joachim Hideaki, YOSHIFUJI Hieb, Dave Holloway, Nick Hoover, Adam Hunter, Michael T. Irrgang, Eric Jackson, Brian Jackson, John R. Jackson, Richard L., Jr. Janssen, Mark Jepeway, Chris Juhani, Timo KIKUCHI, Ayamura Kadow, Kevin Kasal, Stepan Kienenberger, Mike King, Dale King, Michael Knoble, Jim Knox, Tim Komarnitsky, Alek O. Kondrashov, Nikolai KopeÄek, Daniel Kranenburg, Paul Krause, David Lakin, Eric Larsen, Case Levin, Dmitry V. Libby, Kendall Lobbes, Phillip E. McIntyre, Jason MacKenzie, David J. McLaughlin, Tom Makey, Jeff Marchionna, Michael D. Markham, Paul Martinian, Emin Meskes, Michael Miller, Todd C. Minier, Loïc Moffat, Darren Moldung, Jan Thomas Morris, Charles Mueller, Andreas Müller, Dworkin Nieusma, Jeff Nikitser, Peter A. Nussel, Ludwig Paquet, Eric Paradis, Chantal Percival, Ted Perera, Andres Peron, Christian S.J. Peslyak, Alexander Peterson, Toby Pettenò, Diego Elio Pickett, Joel Plotnick, Alex de Raadt, Theo Rasch, Gudleik Reid, Steve Richards, Matt Rossum, Guido van Rouillard, John P. Rowe, William A., Jr. Roy, Alain Ruusamäe, Elan Ryabinkin, Eygene SATO, Yuichi Sánchez, Wilfredo Saucier, Jean-Francois Schoenfeld, Patrick Schuring, Arno Scott, Dougal Sieger, Nick Simon, Thor Lancelot Slemko, Marc Smith, Andy Sobrado, Igor Spangler, Aaron Spradling, Cloyce D. Stier, Matthew Stoeckmann, Tobias Street, Russell Stritzky, Tilo Stroucken, Michael Tarrall, Robert Thomas, Matthew Todd, Giles Toft, Martin Torek, Chris Tucker, Darren Uhl, Robert Uzel, Petr Valery, Reznic Van Dinter, Theo Venckus, Martynas Wagner, Klaus Walsh, Dan Warburton, John Webb, Kirk Wetzel, Timm Wieringen, Marco van Wood, David Zacarias, Gustavo Zolnowsky, John The following people have worked to translate sudo into other languages: Blättermann, Mario Bogusz, Jakub Casagrande, Milo Castro, Felipe Chornoivan, Yuri Diéguez, Francisco Ferreira, Rafael Gezer, Volkan Hamasaki, Takeshi Hamming, Peter Hansen, Joe Hein, Jochen JerovÅ¡ek, Damir Karvonen, Jorma KoÅ¡ir, Klemen Kozlov, Yuri Kramer, Jakob Krznar, Tomislav Marchal, Frédéric MargeviÄius, Algimantas Maryanov, Pavel Nikolić, Miroslav Nylander, Daniel PísaÅ™, Petr Quân, Trần Ngá»c Regueiro, Leandro Sarıer, Özgür Sendón, Abel Taniguchi, Yasuaki Uranga, Mikel Olasagasti Wang, Wylmer sudo-1.8.9p5/doc/HISTORY010064400175440000012000000054771226304126500142130ustar00millertstaffA Brief History of Sudo: The Early Years Sudo was first conceived and implemented by Bob Coggeshall and Cliff Spencer around 1980 at the Department of Computer Science at SUNY/Buffalo. It ran on a VAX-11/750 running 4.1BSD. An updated version, credited to Phil Betchel, Cliff Spencer, Gretchen Phillips, John LoVerso and Don Gworek, was posted to the net.sources Usenet newsgroup in December of 1985. Sudo at CU-Boulder In the Summer of 1986, Garth Snyder released an enhanced version of sudo. For the next 5 years, sudo was fed and watered by a handful of folks at CU-Boulder, including Bob Coggeshall, Bob Manchek, and Trent Hein. Root Group Sudo In 1991, Dave Hieb and Jeff Nieusma wrote a new version of sudo with an enhanced sudoers format under contract to a consulting firm called "The Root Group". This version was later released under the GNU public license. CU Sudo In 1994, after maintaining sudo informally within CU-Boulder for some time, Todd C. Miller made a public release of "CU sudo" (version 1.3) with bug fixes and support for more operating systems. The "CU" was added to differentiate it from the "official" version from "The Root Group". In 1995, a new parser for the sudoers file was contributed by Chris Jepeway. The new parser was a proper grammar (unlike the old one) and could work with both sudo and visudo (previously they had slightly different parsers). In 1996, Todd, who had been maintaining sudo for several years in his spare time, moved distribution of sudo from a CU-Boulder ftp site to his domain, courtesan.com. Just Plain Sudo In 1999, the "CU" prefix was dropped from the name since there had been no formal release of sudo from "The Root Group" since 1991 (the original authors now work elsewhere). As of version 1.6, Sudo no longer contains any of the original "Root Group" code and is available under an ISC-style license. In 2001, the sudo web site, ftp site and mailing lists were moved from courtesan.com to the sudo.ws domain (sudo.org was already taken). LDAP Integration In 2003, Nationwide Mutual Insurance Company contributed code written by Aaron Spangler to store the sudoers data in LDAP. These changes were incorporated into Sudo 1.6.8. New Parser In 2005, Todd rewrote the sudoers parser to better support the features that had been added in the past ten years. This new parser removes some limitations of the previous one, removes ordering constraints and adds support for including multiple sudoers files. Quest Sponsorship In 2010, Quest Software began sponsoring Sudo development by hiring Todd to work on Sudo as part of his full-time job. Dell Sponsorship In 2012, Dell acquired Quest Software and continues to sponsor Sudo development. Present Day Sudo, in its current form, is maintained by: Todd C. Miller Todd continues to enhance sudo and fix bugs. sudo-1.8.9p5/doc/LICENSE010064400175440000012000000177621226304126500141340ustar00millertstaffSudo is distributed under the following license: Copyright (c) 1994-1996, 1998-2014 Todd C. Miller Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Sponsored in part by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F39502-99-1-0512. The file redblack.c bears the following license: Copyright (c) 2001 Emin Martinian Redistribution and use in source and binary forms, with or without modification, are permitted provided that neither the name of Emin Martinian nor the names of any contributors are be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The files getcwd.c, glob.c, glob.h, snprintf.c and queue.h bear the following license: Copyright (c) 1989, 1990, 1991, 1993 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The file fnmatch.c bears the following license: Copyright (c) 2011, VMware, Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the VMware, Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL VMWARE, INC. OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The file getopt_long.c bears the following license: /*- * Copyright (c) 2000 The NetBSD Foundation, Inc. * All rights reserved. * * This code is derived from software contributed to The NetBSD Foundation * by Dieter Baron and Thomas Klausner. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ The embedded copy of zlib bears the following license: Copyright (C) 1995-2012 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution. Jean-loup Gailly Mark Adler jloup@gzip.org madler@alumni.caltech.edu sudo-1.8.9p5/doc/Makefile.in010064400175440000012000000406011226304126500151600ustar00millertstaff# # Copyright (c) 2010-2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # @configure_input@ # #### Start of system configuration section. #### srcdir = @srcdir@ docdir = @docdir@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ cross_compiling = @CROSS_COMPILING@ # Tools to use SED = @SED@ MANDOC = @MANDOCPROG@ MANCOMPRESS = @MANCOMPRESS@ MANCOMPRESSEXT = @MANCOMPRESSEXT@ TR = @TRPROG@ # Our install program supports extra flags... INSTALL = $(SHELL) $(top_srcdir)/install-sh -c # Where to install things... prefix = @prefix@ exec_prefix = @exec_prefix@ bindir = @bindir@ sbindir = @sbindir@ sysconfdir = @sysconfdir@ libexecdir = @libexecdir@ datarootdir = @datarootdir@ localstatedir = @localstatedir@ mandir = @mandir@ # Directory to copy man pages from mansrcdir = @mansrcdir@ # Directory in which to install the man page mantype = @MANTYPE@ mansectsu = @mansectsu@ mansectform = @mansectform@ mandirsu = $(mandir)/@MANDIRTYPE@$(mansectsu) mandirform = $(mandir)/@MANDIRTYPE@$(mansectform) # User and group ids the installed files should be "owned" by install_uid = 0 install_gid = 0 # Set to non-empty for development mode DEVEL = @DEVEL@ #### End of system configuration section. #### SHELL = @SHELL@ DOCS = $(mansrcdir)/sudo.$(mantype) $(mansrcdir)/visudo.$(mantype) \ $(mansrcdir)/sudo.conf.$(mantype) $(mansrcdir)/sudoers.$(mantype) \ $(mansrcdir)/sudoers.ldap.$(mantype) $(mansrcdir)/sudoers.$(mantype) \ $(mansrcdir)/sudoreplay.$(mantype) $(mansrcdir)/sudo_plugin.$(mantype) DEVDOCS = $(srcdir)/sudo.man.in $(srcdir)/sudo.cat \ $(srcdir)/visudo.man.in $(srcdir)/visudo.cat \ $(srcdir)/sudo.conf.man.in $(srcdir)/sudo.conf.cat \ $(srcdir)/sudoers.man.in $(srcdir)/sudoers.cat \ $(srcdir)/sudoers.ldap.man.in $(srcdir)/sudoers.ldap.cat \ $(srcdir)/sudoers.man.in $(srcdir)/sudoers.cat \ $(srcdir)/sudoreplay.man.in $(srcdir)/sudoreplay.cat \ $(srcdir)/sudo_plugin.man.in $(srcdir)/sudo_plugin.cat OTHER_DOCS = $(top_srcdir)/ChangeLog $(top_srcdir)/README \ $(top_srcdir)/NEWS $(srcdir)/HISTORY $(srcdir)/CONTRIBUTORS \ $(srcdir)/LICENSE $(srcdir)/TROUBLESHOOTING $(srcdir)/UPGRADE \ $(srcdir)/sample.* OTHER_DOCS_LDAP = $(top_srcdir)/README.LDAP $(srcdir)/schema.* VERSION = @PACKAGE_VERSION@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ all: $(DEVDOCS) $(DOCS) Makefile: $(srcdir)/Makefile.in (cd $(top_builddir) && ./config.status --file doc/Makefile) .SUFFIXES: .man varsub: $(top_srcdir)/configure.ac @if [ -n "$(DEVEL)" ]; then \ printf 's#@%s@#1#\ns#@%s@#1#\ns#@%s@#1#\ns#@%s@#1#\ns#@%s@#/etc#g\ns#@%s@#/usr/local#g\ns#@%s@#5#g\ns#@%s@#8#g\ns#@%s@#%s#\n' SEMAN BAMAN LCMAN PSMAN sysconfdir prefix mansectform mansectsu PACKAGE_VERSION $(VERSION) > $@; \ $(SED) -n '/Begin initial values for man page substitution/,/End initial values for man page substitution/{;p;}' $(top_srcdir)/configure.ac | $(SED) -e '/^#/d' -e 's/^/s#@/' -e 's/=[\\"]*/@#/' -e 's/[\\"]*$$/#g/' >> $@; \ fi $(srcdir)/sudo.man.in: $(srcdir)/sudo.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ printf '.\\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!\n' > $@; \ printf '.\\" IT IS GENERATED AUTOMATICALLY FROM sudo.mdoc.in\n' >> $@; \ $(SED) -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/sudo.mdoc.in >> $@; \ $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ fi sudo.man.sed: $(srcdir)/fixman.sh BAMAN=@BAMAN@ LCMAN=@LCMAN@ SEMAN=@SEMAN@ PSMAN=@PSMAN@ $(SHELL) $(srcdir)/fixman.sh $@ $(mansrcdir)/sudo.man: $(srcdir)/sudo.man.in sudo.man.sed (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/$@.in | $(SED) -f $@.sed > $@ sudo.mdoc.sed: $(srcdir)/fixmdoc.sh BAMAN=@BAMAN@ LCMAN=@LCMAN@ SEMAN=@SEMAN@ PSMAN=@PSMAN@ $(SHELL) $(srcdir)/fixmdoc.sh $@ $(mansrcdir)/sudo.mdoc: $(srcdir)/sudo.mdoc.in sudo.mdoc.sed (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/$@.in | $(SED) -f $@.sed > $@ $(srcdir)/sudo.cat: varsub $(srcdir)/sudo.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ $(SED) -f varsub $(srcdir)/sudo.mdoc.in | $(MANDOC) -mdoc | $(SED) -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ fi $(srcdir)/visudo.man.in: $(srcdir)/visudo.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ printf '.\\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!\n' > $@; \ printf '.\\" IT IS GENERATED AUTOMATICALLY FROM visudo.mdoc.in\n' >> $@; \ $(SED) -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/visudo.mdoc.in >> $@; \ $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/visudo.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "VISUDO" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ fi visudo.man.sed: $(srcdir)/fixman.sh $(SHELL) $(srcdir)/fixman.sh $@ $(mansrcdir)/visudo.man: $(srcdir)/visudo.man.in visudo.man.sed (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/$@.in | $(SED) -f $@.sed > $@ $(mansrcdir)/visudo.mdoc: $(srcdir)/visudo.mdoc.in (cd $(top_builddir) && $(SHELL) config.status --file=doc/$@) $(srcdir)/visudo.cat: varsub $(srcdir)/visudo.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ $(SED) -f varsub $(srcdir)/visudo.mdoc.in | $(MANDOC) -mdoc | $(SED) -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ fi $(srcdir)/sudo.conf.man.in: $(srcdir)/sudo.conf.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ printf '.\\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!\n' > $@; \ printf '.\\" IT IS GENERATED AUTOMATICALLY FROM sudo.conf.mdoc.in\n' >> $@; \ $(SED) -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/sudo.conf.mdoc.in >> $@; \ $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo.conf.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "VISUDO" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ fi sudo.conf.man.sed: $(srcdir)/fixman.sh $(SHELL) $(srcdir)/fixman.sh $@ $(mansrcdir)/sudo.conf.man: $(srcdir)/sudo.conf.man.in sudo.conf.man.sed (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/$@.in | $(SED) -f $@.sed > $@ $(mansrcdir)/sudo.conf.mdoc: $(srcdir)/sudo.conf.mdoc.in (cd $(top_builddir) && $(SHELL) config.status --file=doc/$@) $(srcdir)/sudo.conf.cat: varsub $(srcdir)/sudo.conf.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ $(SED) -f varsub $(srcdir)/sudo.conf.mdoc.in | $(MANDOC) -mdoc | $(SED) -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ fi $(srcdir)/sudoers.man.in: $(srcdir)/sudoers.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ printf '.\\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!\n' > $@; \ printf '.\\" IT IS GENERATED AUTOMATICALLY FROM sudoers.mdoc.in\n' >> $@; \ $(SED) -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/sudoers.mdoc.in >> $@; \ $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS" \)"5"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ fi sudoers.man.sed: $(srcdir)/fixman.sh LCMAN=@LCMAN@ SEMAN=@SEMAN@ PSMAN=@PSMAN@ $(SHELL) $(srcdir)/fixman.sh $@ $(mansrcdir)/sudoers.man: $(srcdir)/sudoers.man.in sudoers.man.sed (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/$@.in | $(SED) -f $@.sed > $@ sudoers.mdoc.sed: $(srcdir)/fixmdoc.sh LCMAN=@LCMAN@ SEMAN=@SEMAN@ PSMAN=@PSMAN@ $(SHELL) $(srcdir)/fixmdoc.sh $@ $(mansrcdir)/sudoers.mdoc: $(srcdir)/sudoers.mdoc.in sudoers.mdoc.sed (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/$@.in | $(SED) -f $@.sed > $@ $(srcdir)/sudoers.cat: varsub $(srcdir)/sudoers.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ $(SED) -f varsub $(srcdir)/sudoers.mdoc.in | $(MANDOC) -mdoc | $(SED) -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ fi $(srcdir)/sudoers.ldap.man.in: $(srcdir)/sudoers.ldap.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ printf '.\\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!\n' > $@; \ printf '.\\" IT IS GENERATED AUTOMATICALLY FROM sudoers.ldap.mdoc.in\n' >> $@; \ $(SED) -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/sudoers.ldap.mdoc.in >> $@; \ $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers.ldap.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS.LDAP" \)"5"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ fi sudoers.ldap.man.sed: $(srcdir)/fixman.sh $(SHELL) $(srcdir)/fixman.sh $@ $(mansrcdir)/sudoers.ldap.man: $(srcdir)/sudoers.ldap.man.in sudoers.ldap.man.sed (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/$@.in | $(SED) -f $@.sed > $@ $(mansrcdir)/sudoers.ldap.mdoc: $(srcdir)/sudoers.ldap.mdoc.in (cd $(top_builddir) && $(SHELL) config.status --file=doc/$@) $(srcdir)/sudoers.ldap.cat: varsub $(srcdir)/sudoers.ldap.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ $(SED) -f varsub $(srcdir)/sudoers.ldap.mdoc.in | $(MANDOC) -mdoc | $(SED) -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ fi $(srcdir)/sudoreplay.man.in: $(srcdir)/sudoreplay.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ printf '.\\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!\n' > $@; \ printf '.\\" IT IS GENERATED AUTOMATICALLY FROM sudoreplay.mdoc.in\n' >> $@; \ $(SED) -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/sudoreplay.mdoc.in >> $@; \ $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoreplay.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOREPLAY" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ fi sudoreplay.man.sed: $(srcdir)/fixman.sh $(SHELL) $(srcdir)/fixman.sh $@ $(mansrcdir)/sudoreplay.man: $(srcdir)/sudoreplay.man.in sudoreplay.man.sed (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/$@.in | $(SED) -f $@.sed > $@ $(mansrcdir)/sudoreplay.mdoc: $(srcdir)/sudoreplay.mdoc.in (cd $(top_builddir) && $(SHELL) config.status --file=doc/$@) $(srcdir)/sudoreplay.cat: varsub $(srcdir)/sudoreplay.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ $(SED) -f varsub $(srcdir)/sudoreplay.mdoc.in | $(MANDOC) -mdoc | $(SED) -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ fi $(srcdir)/sudo_plugin.man.in: $(srcdir)/sudo_plugin.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ printf '.\\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!\n' > $@; \ printf '.\\" IT IS GENERATED AUTOMATICALLY FROM sudo_plugin.mdoc.in\n' >> $@; \ $(SED) -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/sudo_plugin.mdoc.in >> $@; \ $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_plugin.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_PLUGIN" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ fi sudo_plugin.man.sed: $(srcdir)/fixman.sh $(SHELL) $(srcdir)/fixman.sh $@ $(mansrcdir)/sudo_plugin.man: $(srcdir)/sudo_plugin.man.in sudo_plugin.man.sed (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/$@.in | $(SED) -f $@.sed > $@ $(mansrcdir)/sudo_plugin.mdoc: $(srcdir)/sudo_plugin.mdoc.in (cd $(top_builddir) && $(SHELL) config.status --file=doc/$@) $(srcdir)/sudo_plugin.cat: varsub $(srcdir)/sudo_plugin.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ $(SED) -f varsub $(srcdir)/sudo_plugin.mdoc.in | $(MANDOC) -mdoc | $(SED) -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ fi pre-install: install: install-doc install-dirs: $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(docdir) \ $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform) install-binaries: install-includes: install-doc: install-dirs for f in $(OTHER_DOCS); do $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 $$f $(DESTDIR)$(docdir); done @LDAP@for f in $(OTHER_DOCS_LDAP); do $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 $$f $(DESTDIR)$(docdir); done $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 $(mansrcdir)/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 $(mansrcdir)/sudo_plugin.$(mantype) $(DESTDIR)$(mandirsu)/sudo_plugin.$(mansectsu) $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 $(mansrcdir)/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 $(mansrcdir)/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 $(mansrcdir)/sudo.conf.$(mantype) $(DESTDIR)$(mandirform)/sudo.conf.$(mansectform) $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 $(mansrcdir)/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform) @LDAP@$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 $(mansrcdir)/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) @if test -n "$(MANCOMPRESS)"; then \ for f in $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/sudo_plugin.$(mansectsu) $(mandirsu)/sudoreplay.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudo.conf.$(mansectform) $(mandirform)/sudoers.$(mansectform) $(mandirform)/sudoers.ldap.$(mansectform); do \ if test -f $(DESTDIR)$$f; then \ echo $(MANCOMPRESS) -f $(DESTDIR)$$f; \ $(MANCOMPRESS) -f $(DESTDIR)$$f; \ fi; \ done; \ rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \ echo ln -s sudo.$(mansectsu)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \ ln -s sudo.$(mansectsu)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \ else \ rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \ echo ln -s sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \ ln -s sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \ fi install-plugin: uninstall: -rm -rf $(DESTDIR)$(docdir) -rm -f $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) \ $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu) \ $(DESTDIR)$(mandirsu)/sudo_plugin.$(mansectsu) \ $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) \ $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) \ $(DESTDIR)$(mandirform)/sudo.conf.$(mansectform) \ $(DESTDIR)$(mandirform)/sudoers.$(mansectform) \ $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) check: clean: -rm -f varsub *.sed mostlyclean: clean distclean: clean -rm -rf Makefile config.log *.man *.mdoc clobber: distclean realclean: distclean cleandir: distclean sudo-1.8.9p5/doc/TROUBLESHOOTING010064400175440000012000000337071226304126500153360ustar00millertstaffTroubleshooting tips and FAQ for Sudo ===================================== Q) When I run configure, it says "C compiler cannot create executables". A) This usually means you either don't have a working compiler. This could be due to the lack of a license or that some component of the compiler suite could not be found. Check config.log for clues as to why this is happening. On many systems, compiler components live in /usr/ccs/bin which may not be in your PATH environment variable. Q) When I run configure, it says "sudo requires the 'ar' utility to build". A) As part of the build process, sudo creates a temporary library containing objects that are shared amongst the different sudo executables. On Unix systems, the "ar" utility is used to do this. This error indicates that "ar" is missing on your system. On Solaris systems, you may need to install the SUNWbtool package. On other systems "ar" may be included in the GNU binutils package. Q) Sudo compiles and installs OK but when I try to run it I get: /usr/local/bin/sudo must be owned by uid 0 and have the setuid bit set A) Sudo must be setuid root to do its work. Either /usr/local/bin/sudo is not owned by uid 0 or the setuid bit is not set. This should have been done for you by "make install" but you can fix it manually by running the following as root: # chown root /usr/local/bin/sudo; chmod 4755 /usr/local/bin/sudo Q) Sudo compiles and installs OK but when I try to run it I get: effective uid is not 0, is /usr/local/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? A) The owner and permissions on the sudo binary appear to be OK but when sudo ran, the setuid bit did not have an effect. There are two common causes for this. The first is that the file system the sudo binary is located on is mounted with the 'nosuid' mount option, which disables setuid binaries. The output of the "mount" command should tell you if the file system is mounted with the 'nosuid' option. The other possible cause is that sudo is installed on an NFS-mounted file system that is exported without root privileges. By default, NFS file systems are exported with uid 0 mapped to a non-privileged uid (usually -2). You should be able to determine whether sudo is located on an NFS-mounted filesystem by running "df `which sudo'". Q) Sudo never gives me a chance to enter a password using PAM, it just says 'Sorry, try again.' three times and exits. A) You didn't setup PAM to work with sudo. On RedHat Linux or Fedora Core this generally means installing sample.pam as /etc/pam.d/sudo. See the sample.pam file for hints on what to use for other Linux systems. Q) Sudo says 'Account expired or PAM config lacks an "account" section for sudo, contact your system administrator' and exits but I know my account has not expired. A) Your PAM config lacks an "account" specification. On Linux this usually means you are missing a line like: account required pam_unix.so in /etc/pam.d/sudo. Q) Sudo is setup to log via syslog(3) but I'm not getting any log messages. A) Make sure you have an entry in your syslog.conf file to save the sudo messages (see the sample.syslog.conf file). The default log facility is authpriv (changeable via configure or in sudoers). Don't forget to send a SIGHUP to your syslogd so that it re-reads its conf file. Also, remember that syslogd does *not* create log files, you need to create the file before syslogd will log to it (ie: touch /var/log/sudo). Note: the facility (e.g. "auth.debug") must be separated from the destination (e.g. "/var/log/auth" or "@loghost") by tabs, *not* spaces. This is a common error. Q) When sudo asks me for my password it never accepts what I enter even though I know I entered my password correctly. A) If you are not using pam and your system uses shadow passwords, it is possible that sudo didn't properly detect that shadow passwords are in use. Take a look at the generated config.h file and verify that the C function used for shadow password look ups was detected. For instance, for SVR4-style shadow passwords, HAVE_GETSPNAM should be defined (you can search for the string "shadow passwords" in config.h with your editor). Note that there is no define for 4.4BSD-based shadow passwords since that just uses the standard getpw* routines. Q) Can sudo use the ssh agent for authentication instead of asking for the user's Unix password? A) Not directly, but you can use a PAM module like pam_ssh_agent_auth or pam_ssh for this purpose. Q) I don't want the sudoers file in /etc, how can I specify where it should go? A) Use the --sysconfdir option to configure. Ie: configure --sysconfdir=/dir/you/want/sudoers/in Q) Can I put the sudoers file in NIS/NIS+ or do I have to have a copy on each machine? A) There is no support for making an NIS/NIS+ map/table out of the sudoers file at this time. You can distribute the sudoers file via rsync or rdist. It is also possible to NFS-mount the sudoers file. If you use LDAP at your site you may be interested in sudo's LDAP sudoers support, see the README.LDAP file and the sudoers.ldap manual. Q) I don't run sendmail on my machine. Does this mean that I cannot use sudo? A) No, you just need to disable mailing with a line like: Defaults !mailerpath in your sudoers file or run configure with the --without-sendmail option. Q) When I run visudo it uses vi as the editor and I hate vi. How can I make it use another editor? A) You can specify the editor to use in visudo in the sudoers file. See the "editor" and "env_editor" entries in the sudoers manual. The defaults can also be set at configure time using the --with-editor and --with-env-editor configure options. Q) Sudo appears to be removing some variables from my environment, why? A) Sudo removes the following "dangerous" environment variables to guard against shared library spoofing, shell voodoo, and kerberos server spoofing. IFS LOCALDOMAIN RES_OPTIONS HOSTALIASES NLSPATH PATH_LOCALE TERMINFO TERMINFO_DIRS TERMPATH TERMCAP ENV BASH_ENV LC_ (if it contains a '/' or '%') LANG (if it contains a '/' or '%') LANGUAGE (if it contains a '/' or '%') LD_* _RLD_* SHLIB_PATH (HP-UX only) LIBPATH (AIX only) KRB5_CONFIG (kerb5 only) VAR_ACE (SecurID only) USR_ACE (SecurID only) DLC_ACE (SecurID only) Q) How can I keep sudo from asking for a password? A) To specify this on a per-user (and per-command) basis, use the 'NOPASSWD' tag right before the command list in sudoers. See the sudoers man page and sample.sudoers for details. To disable passwords completely, add !authenticate" to the Defaults line in /etc/sudoers. You can also turn off authentication on a per-user or per-host basis using a user or host-specific Defaults entry in sudoers. To hard-code the global default, you can configure with the --without-passwd option. Q) When I run configure, it dies with the following error: "no acceptable cc found in $PATH". A) /usr/ucb/cc was the only C compiler that configure could find. You need to tell configure the path to the "real" C compiler via the --with-CC option. On Solaris, the path is probably something like "/opt/SUNWspro/SC4.0/bin/cc". If you have gcc that will also work. Q) When I run configure, it dies with the following error: Fatal Error: config.cache exists from another platform! Please remove it and re-run configure. A) configure caches the results of its tests in a file called config.cache to make re-running configure speedy. However, if you are building sudo for a different platform the results in config.cache will be wrong so you need to remove config.cache. You can do this by "rm config.cache" or "make realclean". Note that "make realclean" will also remove any object files and configure temp files that are laying around as well. Q) I built sudo on a Solaris >= 2.6 machine but the resulting binary doesn't work on Solaris <= 2.5.1. Why? A) Starting with Solaris 2.6, snprintf(3) is included in the standard C library. To build a version of sudo on a >= 2.6 machine that will run on a <= 2.5.1 machine, edit config.h and comment out the lines: #define HAVE_SNPRINTF 1 #define HAVE_VSNPRINTF 1 and run make. Q) I built sudo on a Solaris 11 (or higher) machine but the resulting binary doesn't work older Solaris versions. Why? A) Starting with Solaris 11, asprintf(3) is included in the standard C library. To build a version of sudo on a Solaris 11 machine that will run on an older Solaris release, edit config.h and comment out the lines: #define HAVE_ASPRINTF 1 #define HAVE_VASPRINTF 1 and run make. Q) When I run "visudo" it says "sudoers file busy, try again later." and doesn't do anything. A) Someone else is currently editing the sudoers file with visudo. Q) When I try to use "cd" with sudo it says "cd: command not found". A) "cd" is a shell built-in command, you can't run it as a command since a child process (sudo) cannot affect the current working directory of the parent (your shell). Q) When I try to use "cd" with sudo the command completes without errors but nothing happens. A) Even though "cd" is a shell built-in command, some operating systems include a /usr/bin/cd command for some reason. A standalone "cd" command is totally useless since a child process (cd) cannot affect the current working directory of the parent (your shell). Thus, "sudo cd /foo" will start a child process, change the directory and immediately exit without doing anything useful. Q) When I run sudo it says I am not allowed to run the command as root but I don't want to run it as root, I want to run it as another user. My sudoers file entry looks like: bob ALL=(oracle) ALL A) The default user sudo tries to run things as is always root, even if the invoking user can only run commands as a single, specific user. This may change in the future but at the present time you have to work around this using the 'runas_default' option in sudoers. For example: Defaults:bob runas_default=oracle would achieve the desired result for the preceding sudoers fragment. Q) When I try to run sudo via ssh, I get the error: sudo: no tty present and no askpass program specified A) ssh does not allocate a tty by default when running a remote command. Without a tty, sudo cannot disable echo when prompting for a password. You can use ssh's "-t" option to force it to allocate a tty. Alternately, if you do not mind your password being echoed to the screen, you can use the "visiblepw" sudoers option to allow this. Q) When I try to use SSL-enabled LDAP with sudo I get an error: unable to initialize SSL cert and key db: security library: bad database. you must set TLS_CERT in /etc/ldap.conf to use SSL A) On systems that use a Mozilla-derived LDAP SDK there must be a certificate database in place to use SSL-encrypted LDAP connections. This file is usually /var/ldap/cert8.db or /etc/ldap/cert8.db. The actual number after "cert" will vary, depending on the version of the LDAP SDK that is being used. If you do not have a certificate database you can either copy one from a mozilla-derived browser, such as firefox, or create one using the "certutil" command. You can run "certutil" as follows and press the (or ) key at the password prompt: # certutil -N -d /var/ldap Enter a password which will be used to encrypt your keys. The password should be at least 8 characters long, and should contain at least one non-alphabetic character. Enter new password: Re-enter password: Q) On HP-UX, when I run command via sudo it displays information about the last successful login and last authentication failure for every command. How can I fix this? A) This output comes from /usr/lib/security/libpam_hpsec.so.1. To suppress it, add a line like the following to /etc/pam.conf: sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login Q) On HP-UX, the umask setting in sudoers has no effect. A) If your /etc/pam.conf file has the libpam_hpsec.so.1 session module enabled, you may need to a add line like the following to pam.conf: sudo session required libpam_hpsec.so.1 bypass_umask Q) When I run sudo on AIX I get the following error: setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, ROOT_UID): Operation not permitted. A) AIX's Enhanced RBAC is preventing sudo from running. To fix this, add the following entry to /etc/security/privcmds (adjust the path to sudo as needed) and run the setkst command as root: /usr/local/bin/sudo: accessauths = ALLOW_ALL innateprivs = PV_DAC_GID,PV_DAC_O,PV_DAC_R,PV_DAC_UID,PV_DAC_W,PV_DAC_X,PV_FS_CHOWN,PV_PROC_ENV,PV_PROC_PRIO,PV_PROC_RAC secflags = FSF_EPS Q) Sudo configures and builds without error but when I run it I get a Segmentation fault. A) If you are on a Linux system, the first thing to try is to run configure with the --disable-pie option, then "make clean" and "make". If that fixes the problem then your operating system does not properly support position independent executables. Please send a message to sudo@sudo.ws with system details such as the Linux distro, kernel version and CPU architecture. Q) When I run configure I get the following error: dlopen present but libtool doesn't appear to support your platform. A) Libtool doesn't know how to support dynamic linking on the operating system you are building for. If you are cross-compiling, you need to specify the operating system, not just the CPU type. For example: --host powerpc-unknown-linux instead of just: --host powerpc Q) How do you pronounce `sudo'? A) The official pronunciation is soo-doo (for su "do"). However, an alternate pronunciation, a homophone of "pseudo", is also common. sudo-1.8.9p5/doc/UPGRADE010064400175440000012000000331711226304126500141310ustar00millertstaffNotes on upgrading from an older release ======================================== o Upgrading from a version prior to 1.8.7: Sudo now stores its libexec files in a "sudo" sub-directory instead of in libexec itself. For backwards compatibility, if the plugin is not found in the default plugin directory, sudo will check the parent directory default directory ends in "/sudo". The default sudo plugins now all use the .so extension, regardless of the extension used by native shared libraries. For backwards compatibility, sudo on HP-UX will also search for a plugin with an .sl extension if the .so version is not found. Handling of users belonging to a large number of groups has changed. Previously, sudo would only use the group list from the kernel unless the system_group plugin was enabled in sudoers. Now, sudo will query the groups database if the user belongs to the maximum number of groups supported by the kernel. See the group_source and max_groups settings in the sudo.conf manual for details. o Upgrading from a version prior to 1.8.2: When matching Unix groups in the sudoers file, sudo will now match based on the name of the group as it appears in sudoers instead of the group ID. This can substantially reduce the number of group lookups for sudoers files that contain a large number of groups. There are a few side effects of this change. 1) Unix groups with different names but the same group ID are can no longer be used interchangeably. Sudo will look up all of a user's groups by group ID and use the resulting group names when matching sudoers entries. If there are multiple groups with the same ID, the group name returned by the system getgrgid() library function is the name that will be used when matching sudoers entries. 2) Unix group names specified in the sudoers file that are longer than the system maximum will no longer match. For instance, if there is a Unix group "fireflie" on a system where group names are limited to eight characters, "%fireflies" in sudoers will no longer match "fireflie". Previously, a lookup by name of the group "fireflies" would have matched the "fireflie" group on most systems. o Upgrading from a version prior to 1.8.1: Changes in the sudoers parser could result in parse errors for existing sudoers file. These changes cause certain erroneous entries to be flagged as errors where before they allowed. Changes include: Combining multiple Defaults entries with a backslash. E.g. Defaults set_path \ Defaults syslog which should be: Defaults set_path Defaults syslog Also, double-quoted strings with a missing end-quote are now detected and result in an error. Previously, text starting a double quote and ending with a newline was ignored. E.g. Defaults set_path"foo In previous versions of sudo, the `"foo' portion would have been ignored. To avoid problems, sudo 1.8.1's "make install" will not install a new sudo binary if the existing sudoers file has errors. In Sudo 1.8.1 the "noexec" functionality has moved out of the sudoers policy plugin and into the sudo front-end. As a result, the path to the noexec file is now specified in the sudo.conf file instead of the sudoers file. If you have a sudoers file that uses the "noexec_file" option, you will need to move the definition to the sudo.conf file instead. Old style in /etc/sudoers: Defaults noexec_file=/usr/local/libexec/sudo_noexec.so New style in /etc/sudo.conf: Path noexec /usr/local/libexec/sudo_noexec.so o Upgrading from a version prior to 1.8.0: Starting with version 1.8.0, sudo uses a modular framework to support policy and I/O logging plugins. The default policy plugin is "sudoers" which provides the traditional sudoers evaluation and I/O logging. Plugins are typically located in /usr/libexec or /usr/local/libexec, though this is system-dependent. The sudoers plugin is named "sudoers.so" on most systems. The sudo.conf file, usually stored in /etc, is used to configure plugins. This file is optional--if no plugins are specified in sudo.conf, the "sudoers" plugin is used. See the sample.sudo.conf file in the doc directory or refer to the updated sudo manual to see how to configure sudo.conf. The "askpass" setting has moved from the sudoers file to the sudo.conf file. If you have a sudoers file that uses the "askpass" option, you will need to move the definition to the sudo.conf file. Old style in /etc/sudoers: Defaults askpass=/usr/X11R6/bin/ssh-askpass New style in /etc/sudo.conf: Path askpass /usr/X11R6/bin/ssh-askpass o Upgrading from a version prior to 1.7.5: Sudo 1.7.5 includes an updated LDAP schema with support for the sudoNotBefore, sudoNotAfter and sudoOrder attributes. The sudoNotBefore and sudoNotAfter attribute support is only used when the SUDOERS_TIMED setting is enabled in ldap.conf. If enabled, those attributes are used directly when constructing an LDAP filter. As a result, your LDAP server must have the updated schema if you want to use sudoNotBefore and sudoNotAfter. The sudoOrder support does not affect the LDAP filter sudo constructs and so there is no need to explicitly enable it in ldap.conf. If the sudoOrder attribute is not present in an entry, a value of 0 is used. If no entries contain sudoOrder attributes, the results are in whatever order the LDAP server returns them, as in past versions of sudo. Older versions of sudo will simply ignore the new attributes if they are present in an entry. There are no compatibility problems using the updated schema with older versions of sudo. o Upgrading from a version prior to 1.7.4: Starting with sudo 1.7.4, the time stamp files have moved from /var/run/sudo to either /var/db/sudo, /var/lib/sudo or /var/adm/sudo. The directories are checked for existence in that order. This prevents users from receiving the sudo lecture every time the system reboots. Time stamp files older than the boot time are ignored on systems where it is possible to determine this. Additionally, the tty_tickets sudoers option is now enabled by default. To restore the old behavior (single time stamp per user), add a line like: Defaults !tty_tickets to sudoers or use the --without-tty-tickets configure option. The HOME and MAIL environment variables are now reset based on the target user's password database entry when the env_reset sudoers option is enabled (which is the case in the default configuration). Users wishing to preserve the original values should use a sudoers entry like: Defaults env_keep += HOME to preserve the old value of HOME and Defaults env_keep += MAIL to preserve the old value of MAIL. NOTE: preserving HOME has security implications since many programs use it when searching for configuration files. Adding HOME to env_keep may enable a user to run unrestricted commands via sudo. The default syslog facility has changed from "local2" to "authpriv" (or "auth" if the operating system doesn't have "authpriv"). The --with-logfac configure option can be used to change this or it can be changed in the sudoers file. o Upgrading from a version prior to 1.7.0: Starting with sudo 1.7.0, comments in the sudoers file must not have a digit or minus sign immediately after the comment character ('#'). Otherwise, the comment may be interpreted as a user or group ID. When sudo is build with LDAP support the /etc/nsswitch.conf file is now used to determine the sudoers sea ch order. sudo will default to only using /etc/sudoers unless /etc/nsswitch.conf says otherwise. This can be changed with an nsswitch.conf line, e.g.: sudoers: ldap files Would case LDAP to be searched first, then the sudoers file. To restore the pre-1.7.0 behavior, run configure with the --with-nsswitch=no flag. Sudo now ignores user .ldaprc files as well as system LDAP defaults. All LDAP configuration is now in /etc/ldap.conf (or whichever file was specified by configure's --with-ldap-conf-file option). If you are using TLS, you may now need to specify: tls_checkpeer no in sudo's ldap.conf unless ldap.conf references a valid certificate authority file(s). Please also see the NEWS file for a list of new features in sudo 1.7.0. o Upgrading from a version prior to 1.6.9: Starting with sudo 1.6.9, if an OS supports a modular authentication method such as PAM, it will be used by default by configure. Environment variable handling has changed significantly in sudo 1.6.9. Prior to version 1.6.9, sudo would preserve the user's environment, pruning out potentially dangerous variables. Beginning with sudo 1.6.9, the environment is reset to a default set of values with only a small number of "safe" variables preserved. To preserve specific environment variables, add them to the "env_keep" list in sudoers. E.g. Defaults env_keep += "EDITOR" The old behavior can be restored by negating the "env_reset" option in sudoers. E.g. Defaults !env_reset There have also been changes to how the "env_keep" and "env_check" options behave. Prior to sudo 1.6.9, the TERM and PATH environment variables would always be preserved even if the env_keep option was redefined. That is no longer the case. Consequently, if env_keep is set with "=" and not simply appended to (i.e. using "+="), PATH and TERM must be explicitly included in the list of environment variables to keep. The LOGNAME, SHELL, USER, and USERNAME environment variables are still always set. Additionally, the env_check setting previously had no effect when env_reset was set (which is now on by default). Starting with sudo 1.6.9, environment variables listed in env_check are also preserved in the env_reset case, provided that they do not contain a '/' or '%' character. Note that it is not necessary to also list a variable in env_keep--having it in env_check is sufficient. The default lists of variables to be preserved and/or checked are displayed when sudo is run by root with the -V flag. o Upgrading from a version prior to 1.6.8: Prior to sudo 1.6.8, if /var/run did not exist, sudo would put the time stamp files in /tmp/.odus. As of sudo 1.6.8, the time stamp files will be placed in /var/adm/sudo or /usr/adm/sudo if there is no /var/run directory. This directory will be created if it does not already exist. Previously, a sudoers entry that explicitly prohibited running a command as a certain user did not override a previous entry allowing the same command. This has been fixed in sudo 1.6.8 such that the last match is now used (as it is documented). Hopefully no one was depending on the previous (buggy) behavior. o Upgrading from a version prior to 1.6: As of sudo 1.6, parsing of runas entries and the NOPASSWD tag has changed. Prior to 1.6, a runas specifier applied only to a single command directly following it. Likewise, the NOPASSWD tag only allowed the command directly following it to be run without a password. Starting with sudo 1.6, both the runas specifier and the NOPASSWD tag are "sticky" for an entire command list. So, given the following line in sudo < 1.6 millert ALL=(daemon) NOPASSWD:/usr/bin/whoami,/bin/ls millert would be able to run /usr/bin/whoami as user daemon without a password and /bin/ls as root with a password. As of sudo 1.6, the same line now means that millert is able to run run both /usr/bin/whoami and /bin/ls as user daemon without a password. To expand on this, take the following example: millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, (root) /bin/ls, \ /sbin/dump millert can run /usr/bin/whoami as daemon and /bin/ls and /sbin/dump as root. No password need be given for either command. In other words, the "(root)" sets the default runas user to root for the rest of the list. If we wanted to require a password for /bin/ls and /sbin/dump the line could be written as: millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, \ (root) PASSWD:/bin/ls, /sbin/dump Additionally, sudo now uses a per-user time stamp directory instead of a time stamp file. This allows tty time stamps to simply be files within the user's time stamp dir. For the default, non-tty case, the time stamp on the directory itself is used. Also, the temporary file used by visudo is now /etc/sudoers.tmp since some versions of vipw on systems with shadow passwords use /etc/stmp for the temporary shadow file. o Upgrading from a version prior to 1.5: By default, sudo expects the sudoers file to be mode 0440 and to be owned by user and group 0. This differs from version 1.4 and below which expected the sudoers file to be mode 0400 and to be owned by root. Doing a `make install' will set the sudoers file to the new mode and group. If sudo encounters a sudoers file with the old permissions it will attempt to update it to the new scheme. You cannot, however, use a sudoers file with the new permissions with an old sudo binary. It is suggested that if have a means of distributing sudo you distribute the new binaries first, then the new sudoers file (or you can leave sudoers as is and sudo will fix the permissions itself as long as sudoers is on a local file system). sudo-1.8.9p5/doc/fixman.sh010075500175440000012000000065671226304126500147510ustar00millertstaff#!/bin/sh # # Copyright (c) 2012-2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # OUTFILE="$1" rm -f "$OUTFILE" > "$OUTFILE" # HP-UX friendly header/footer for all man pages if [ X"`uname 2>&1`" = X"HP-UX" ]; then cat >>"$OUTFILE" <<-'EOF' s/^\.TH \("[^"]*"\) \("[^"]*"\) "\([^"]*\)" "\([^"]*\)" \("[^"]*"\)/.TH \1 \2\ .ds )H \4\ .ds ]W \3/ EOF fi # Page specific hacks case "$OUTFILE" in sudo.man.sed) # Replace "0 minutes" with "unlimited" cat >>"$OUTFILE" <<-'EOF' /^\\fR0\\fR$/ { N s/^\\fR0\\fR\nminutes\.$/unlimited./ } EOF # BSD auth if [ X"$BAMAN" != X"1" ]; then cat >>"$OUTFILE" <<-'EOF' /^\[\\fB\\-a\\fR\\ \\fItype\\fR/d /^\\fB\\-a\\fR \\fItype\\fR$/,/^\.TP 12n$/ { /^\.PD$/!d } EOF fi # BSD login class if [ X"$LCMAN" != X"1" ]; then cat >>"$OUTFILE" <<-'EOF' /^\[\\fB\\-c\\fR\\ \\fIclass\\fR/d /^\\fB\\-c\\fR \\fIclass\\fR$/,/^\.TP 12n$/ { /^\.PD$/!d } /^login_cap(3),$/d /^BSD login class$/ { N N /^BSD login class\n\.TP 4n\n\\fBo\\fR$/d } EOF fi # SELinux if [ X"$SEMAN" != X"1" ]; then cat >>"$OUTFILE" <<-'EOF' /^\[\\fB\\-[rt]\\fR\\ \\fI[rt][oy][lp]e\\fR/d /^\\fB\\-[rt]\\fR \\fI[rt][oy][lp]e\\fR$/,/^\.TP 12n$/ { /^\.PD$/!d } /^SELinux role and type$/ { N N /^SELinux role and type\n\.TP 4n\n\\fBo\\fR$/d } EOF fi # Solaris privileges if [ X"$PSMAN" != X"1" ]; then cat >>"$OUTFILE" <<-'EOF' /^Solaris project$/ { N N N N N /^Solaris project\n\.TP 4n\n\\fBo\\fR\nSolaris privileges\n\.TP 4n\n\\fBo\\fR$/d } EOF fi ;; sudoers.man.sed) # Subsections to remove (SELinux and Solaris are adjacent) RM_SS= if [ X"$PSMAN" != X"1" ]; then if [ X"$SEMAN" != X"1" ]; then RM_SS='/^\.SS "SELinux_Spec"/,/^\.SS "[^S]/{;/^\.SS "[^S][^o][^l]/!d;};' else RM_SS='/^\.SS "Solaris_Priv_Spec"/,/^\.SS/{;/^\.SS "[^S][^o][^l]/!d;};' fi elif [ X"$SEMAN" != X"1" ]; then RM_SS='/^\.SS "SELinux_Spec"/,/^\.SS/{;/^\.SS "[^S][^E][^L]/!d;};' fi if [ -n "$RM_SS" ]; then cat >>"$OUTFILE" <<-EOF $RM_SS EOF fi # BSD login class if [ X"$LCMAN" != X"1" ]; then cat >>"$OUTFILE" <<-EOF /^On BSD systems/,/\.$/ { d } /^use_loginclass$/,/^\.TP 18n$/ { /^\.PD$/!d } EOF fi # Solaris PrivSpec if [ X"$PSMAN" != X"1" ]; then cat >>"$OUTFILE" <<-EOF s/Solaris_Priv_Spec? // /^Solaris_Priv_Spec ::=/ { N d } /^l*i*m*i*t*privs$/,/^\.TP 18n$/ { /^\.PD$/!d } /^On Solaris 10/,/^\.[sP][pP]/ { d } EOF fi # SELinux if [ X"$SEMAN" != X"1" ]; then cat >>"$OUTFILE" <<-EOF s/SELinux_Spec? // /^SELinux_Spec ::=/ { N d } /^[rt][oy][lp]e$/,/^\.TP 18n$/ { /^\.PD$/!d } EOF fi ;; esac sudo-1.8.9p5/doc/fixmdoc.sh010075500175440000012000000070551226304126500151110ustar00millertstaff#!/bin/sh # # Copyright (c) 2012-2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # OUTFILE="$1" rm -f "$OUTFILE" > "$OUTFILE" # Page specific hacks case "$OUTFILE" in sudo.mdoc.sed) # Replace "0 minutes" with "unlimited" cat >>"$OUTFILE" <<-'EOF' /^\.Li 0$/ { N s/^\.Li 0\nminutes\.$/unlimited./ } EOF # BSD auth BA_FLAG= if [ X"$BAMAN" != X"1" ]; then BA_FLAG='/^.*\n\.Op Fl a Ar type/{;N;/^.*\n\.Ek$/d;};' cat >>"$OUTFILE" <<-'EOF' /^\.It Fl a Ar type/,/BSD authentication\.$/ { d } EOF fi # BSD login class LC_FLAG= if [ X"$LCMAN" != X"1" ]; then LC_FLAG='/^.*\n\.Op Fl c Ar class/{;N;/^.*\n\.Ek$/d;};' cat >>"$OUTFILE" <<-'EOF' /^\.It Fl c Ar class/,/BSD login classes\.$/ { d } /^\.Xr login_cap 3 ,$/d /^BSD login class$/ { N /^BSD login class\n\.It$/d } EOF fi # SELinux SE_FLAG= if [ X"$SEMAN" != X"1" ]; then SE_FLAG='/^.*\n\.Op Fl r Ar role/{;N;/^.*\n\.Ek$/d;};/^.*\n\.Op Fl t Ar type/{;N;/^.*\n\.Ek$/d;};' cat >>"$OUTFILE" <<-'EOF' /^\.It Fl r Ar role/,/^\.Ar role \.$/ { d } /^\.It Fl t Ar type/,/derived from the role\.$/ { d } /^SELinux role and type$/ { N /^SELinux role and type\n\.It$/d } EOF fi # Solaris privileges if [ X"$PSMAN" != X"1" ]; then cat >>"$OUTFILE" <<-'EOF' /^Solaris project$/ { N N N /^Solaris project\n\.It\nSolaris privileges\n\.It$/d } EOF fi # Unsupported flags must be removed together if [ -n "$BA_FLAG$LC_FLAG$SE_FLAG" ]; then cat >>"$OUTFILE" <<-EOF /^\.Bk -words\$/ { N $BA_FLAG$LC_FLAG$SE_FLAG } EOF fi ;; sudoers.mdoc.sed) # Subsections to remove (SELinux and Solaris are adjacent) RM_SS= if [ X"$PSMAN" != X"1" ]; then if [ X"$SEMAN" != X"1" ]; then RM_SS='/^\.Ss SELinux_Spec/,/^\.Ss [^S]/{;/^\.Ss [^S][^o][^l]/!d;};' else RM_SS='/^\.Ss Solaris_Priv_Spec/,/^\.Ss/{;/^\.Ss [^S][^o][^l]/!d;};' fi elif [ X"$SEMAN" != X"1" ]; then RM_SS='/^\.Ss SELinux_Spec/,/^\.Ss/{;/^\.Ss [^S][^E][^L]/!d;};' fi if [ -n "$RM_SS" ]; then cat >>"$OUTFILE" <<-EOF $RM_SS EOF fi # BSD login class if [ X"$LCMAN" != X"1" ]; then cat >>"$OUTFILE" <<-'EOF' /^On BSD systems/,/\.$/ { d } /^\.It use_loginclass$/,/^\.It/ { /^\.It [^u][^s][^e][^_][^l]/!d } EOF fi # Solaris PrivSpec if [ X"$PSMAN" != X"1" ]; then cat >>"$OUTFILE" <<-'EOF' s/Solaris_Priv_Spec? // /^Solaris_Priv_Spec ::=/ { N d } /^\.It limitprivs$/,/^\.It/ { /^\.It [^l][^i][^m][^i][^t]/!d } /^\.It privs$/,/^\.It/ { /^\.It [^p][^r][^i][^v][^s]$/!d } /^On Solaris 10/,/^\.Pp/ { d } EOF fi # SELinux if [ X"$SEMAN" != X"1" ]; then cat >>"$OUTFILE" <<-'EOF' s/SELinux_Spec? // /^SELinux_Spec ::=/ { N d } /^\.It [rt][oy][lp]e$/,/^\.It/ { /^\.It [^rt][^oy][^lp][^e]$/!d } EOF fi ;; esac sudo-1.8.9p5/doc/sample.pam010064400175440000012000000022361226304126500150750ustar00millertstaff#%PAM-1.0 # Sample /etc/pam.d/sudo file for RedHat 9 / Fedora Core. # For other Linux distributions you may want to # use /etc/pam.d/sshd or /etc/pam.d/su as a guide. # # There are two basic ways to configure PAM, either via pam_stack # or by explicitly specifying the various methods to use. # # Here we use pam_stack auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth # # Alternately, you can specify the authentication method directly. # Here we use pam_unix for normal password authentication. #auth required pam_env.so #auth sufficient pam_unix.so #account required pam_unix.so #password required pam_cracklib.so retry=3 type= #password required pam_unix.so nullok use_authtok md5 shadow #session required pam_limits.so #session required pam_unix.so # # Another option is to use SMB for authentication. #auth required pam_env.so #auth sufficient pam_smb_auth.so #account required pam_smb_auth.so #password required pam_smb_auth.so #session required pam_limits.so sudo-1.8.9p5/doc/sample.sudo.conf010064400175440000012000000045131226304126500162160ustar00millertstaff# # Sample /etc/sudo.conf file # # Format: # Plugin plugin_name plugin_path plugin_options ... # Path askpass /path/to/askpass # Path noexec /path/to/sudo_noexec.so # Debug sudo /var/log/sudo_debug all@warn # Set disable_coredump true # # Sudo plugins: # # The plugin_path is relative to ${prefix}/libexec unless fully qualified. # The plugin_name corresponds to a global symbol in the plugin # that contains the plugin interface structure. # The plugin_options are optional. # # The sudoers plugin is used by default if no Plugin lines are present. Plugin sudoers_policy sudoers.so Plugin sudoers_io sudoers.so # # Sudo askpass: # # An askpass helper program may be specified to provide a graphical # password prompt for "sudo -A" support. Sudo does not ship with its # own askpass program but can use the OpenSSH askpass. # # Use the OpenSSH askpass #Path askpass /usr/X11R6/bin/ssh-askpass # # Use the Gnome OpenSSH askpass #Path askpass /usr/libexec/openssh/gnome-ssh-askpass # # Sudo noexec: # # Path to a shared library containing dummy versions of the execv(), # execve() and fexecve() library functions that just return an error. # This is used to implement the "noexec" functionality on systems that # support C or its equivalent. # The compiled-in value is usually sufficient and should only be changed # if you rename or move the sudo_noexec.so file. # #Path noexec /usr/libexec/sudo_noexec.so # # Core dumps: # # By default, sudo disables core dumps while it is executing (they # are re-enabled for the command that is run). # To aid in debugging sudo problems, you may wish to enable core # dumps by setting "disable_coredump" to false. # #Set disable_coredump false # # User groups: # # Sudo passes the user's group list to the policy plugin. # If the user is a member of the maximum number of groups (usually 16), # sudo will query the group database directly to be sure to include # the full list of groups. # # On some systems, this can be expensive so the behavior is configurable. # The "group_source" setting has three possible values: # static - use the user's list of groups returned by the kernel. # dynamic - query the group database to find the list of groups. # adaptive - if user is in less than the maximum number of groups. # use the kernel list, else query the group database. # #Set group_source static sudo-1.8.9p5/doc/sample.sudoers010064400175440000012000000100541226304126500160010ustar00millertstaff# # Sample /etc/sudoers file. # # This file MUST be edited with the 'visudo' command as root. # # See the sudoers man page for the details on how to write a sudoers file. ## # Override built-in defaults ## Defaults syslog=auth Defaults>root !set_logname Defaults:FULLTIMERS !lecture Defaults:millert !authenticate Defaults@SERVERS log_year, logfile=/var/log/sudo.log Defaults!PAGERS noexec ## # User alias specification ## User_Alias FULLTIMERS = millert, mikef, dowdy User_Alias PARTTIMERS = bostley, jwfox, crawl User_Alias WEBMASTERS = will, wendy, wim ## # Runas alias specification ## Runas_Alias OP = root, operator Runas_Alias DB = oracle, sybase ## # Host alias specification ## Host_Alias SPARC = bigtime, eclipse, moet, anchor:\ SGI = grolsch, dandelion, black:\ ALPHA = widget, thalamus, foobar:\ HPPA = boa, nag, python Host_Alias CUNETS = 128.138.0.0/255.255.0.0 Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 Host_Alias SERVERS = master, mail, www, ns Host_Alias CDROM = orion, perseus, hercules ## # Cmnd alias specification ## Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \ /usr/sbin/rrestore, /usr/bin/mt, \ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \ /home/operator/bin/start_backups Cmnd_Alias KILL = /usr/bin/kill Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown Cmnd_Alias HALT = /usr/sbin/halt Cmnd_Alias REBOOT = /usr/sbin/reboot Cmnd_Alias SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \ /usr/local/bin/tcsh, /usr/bin/rsh, \ /usr/local/bin/zsh Cmnd_Alias SU = /usr/bin/su Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \ /usr/bin/chfn Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less ## # User specification ## # root and users in group wheel can run anything on any machine as any user root ALL = (ALL) ALL %wheel ALL = (ALL) ALL # full time sysadmins can run anything on any machine without a password FULLTIMERS ALL = NOPASSWD: ALL # part time sysadmins may run anything but need a password PARTTIMERS ALL = ALL # jack may run anything on machines in CSNETS jack CSNETS = ALL # lisa may run any command on any host in CUNETS (a class B network) lisa CUNETS = ALL # operator may run maintenance commands and anything in /usr/oper/bin/ operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\ sudoedit /etc/printcap, /usr/oper/bin/ # joe may su only to operator joe ALL = /usr/bin/su operator # pete may change passwords for anyone but root on the hp snakes pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root # bob may run anything on the sparc and sgi machines as any user # listed in the Runas_Alias "OP" (ie: root and operator) bob SPARC = (OP) ALL : SGI = (OP) ALL # jim may run anything on machines in the biglab netgroup jim +biglab = ALL # users in the secretaries netgroup need to help manage the printers # as well as add and remove users +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser # fred can run commands as oracle or sybase without a password fred ALL = (DB) NOPASSWD: ALL # on the alphas, john may su to anyone but root and flags are not allowed john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* # jen can run anything on all machines except the ones # in the "SERVERS" Host_Alias jen ALL, !SERVERS = ALL # jill can run any commands in the directory /usr/bin/, except for # those in the SU and SHELLS aliases. jill SERVERS = /usr/bin/, !SU, !SHELLS # steve can run any command in the directory /usr/local/op_commands/ # as user operator. steve CSNETS = (operator) /usr/local/op_commands/ # matt needs to be able to kill things on his workstation when # they get hung. matt valkyrie = KILL # users in the WEBMASTERS User_Alias (will, wendy, and wim) # may run any command as user www (which owns the web pages) # or simply su to www. WEBMASTERS www = (www) ALL, (root) /usr/bin/su www # anyone can mount/unmount a cd-rom on the machines in the CDROM alias ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\ /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM sudo-1.8.9p5/doc/sample.syslog.conf010064400175440000012000000020631226304126500165620ustar00millertstaff# This is a sample syslog.conf fragment for use with Sudo. # # By default, sudo logs to "authpriv" if your system supports it, else it # uses "auth". The facility can be set via the --with-logfac configure # option or in the sudoers file. # To see what syslog facility a sudo binary uses, run `sudo -V' as *root*. # # NOTES: # The whitespace in the following line is made up of # characters, *not* spaces. You cannot just cut and paste! # # If you edit syslog.conf you need to send syslogd a HUP signal. # Ie: kill -HUP process_id # # Syslogd will not create new log files for you, you must first # create the file before syslogd will log to it. Eg. # 'touch /var/log/sudo' # This logs successful and failed sudo attempts to the file /var/log/auth # If your system has the authpriv syslog facility, use authpriv.debug auth.debug /var/log/auth # To log to a remote machine, use something like the following, # where "loghost" is the name of the remote machine. # If your system has the authpriv syslog facility, use authpriv.debug auth.debug @loghost sudo-1.8.9p5/doc/schema.ActiveDirectory010064400175440000012000000172661226304126500174100ustar00millertstaff# # Active Directory Schema for sudo configuration (sudoers) # # To extend your Active Directory schema, run one of the following command # on your Windows DC (default port - Active Directory): # # ldifde -i -f schema.ActiveDirectory -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext # # or on your Windows DC if using another port (with Active Directory LightWeight Directory Services / ADAM-Active Directory Application Mode) # Port 50000 by example (or any other port specified when defining the ADLDS/ADAM instance # # ldifde -i -f schema.ActiveDirectory -t 50000 -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext # # or # # ldifde -i -f schema.ActiveDirectory -s server:port -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext # # Can add username domain and password # # -b username domain password # # Can create Log file in current or any directory # # -j . # dn: CN=sudoUser,CN=Schema,CN=Configuration,DC=X changetype: add objectClass: top objectClass: attributeSchema cn: sudoUser distinguishedName: CN=sudoUser,CN=Schema,CN=Configuration,DC=X instanceType: 4 attributeID: 1.3.6.1.4.1.15953.9.1.1 attributeSyntax: 2.5.5.5 isSingleValued: FALSE showInAdvancedViewOnly: TRUE adminDisplayName: sudoUser adminDescription: User(s) who may run sudo oMSyntax: 22 searchFlags: 1 lDAPDisplayName: sudoUser name: sudoUser schemaIDGUID:: JrGcaKpnoU+0s+HgeFjAbg== objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X dn: CN=sudoHost,CN=Schema,CN=Configuration,DC=X changetype: add objectClass: top objectClass: attributeSchema cn: sudoHost distinguishedName: CN=sudoHost,CN=Schema,CN=Configuration,DC=X instanceType: 4 attributeID: 1.3.6.1.4.1.15953.9.1.2 attributeSyntax: 2.5.5.5 isSingleValued: FALSE showInAdvancedViewOnly: TRUE adminDisplayName: sudoHost adminDescription: Host(s) who may run sudo oMSyntax: 22 lDAPDisplayName: sudoHost name: sudoHost schemaIDGUID:: d0TTjg+Y6U28g/Y+ns2k4w== objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X dn: CN=sudoCommand,CN=Schema,CN=Configuration,DC=X changetype: add objectClass: top objectClass: attributeSchema cn: sudoCommand distinguishedName: CN=sudoCommand,CN=Schema,CN=Configuration,DC=X instanceType: 4 attributeID: 1.3.6.1.4.1.15953.9.1.3 attributeSyntax: 2.5.5.5 isSingleValued: FALSE showInAdvancedViewOnly: TRUE adminDisplayName: sudoCommand adminDescription: Command(s) to be executed by sudo oMSyntax: 22 lDAPDisplayName: sudoCommand name: sudoCommand schemaIDGUID:: D6QR4P5UyUen3RGYJCHCPg== objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X dn: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=X changetype: add objectClass: top objectClass: attributeSchema cn: sudoRunAs distinguishedName: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=X instanceType: 4 attributeID: 1.3.6.1.4.1.15953.9.1.4 attributeSyntax: 2.5.5.5 isSingleValued: FALSE showInAdvancedViewOnly: TRUE adminDisplayName: sudoRunAs adminDescription: User(s) impersonated by sudo (deprecated) oMSyntax: 22 lDAPDisplayName: sudoRunAs name: sudoRunAs schemaIDGUID:: CP98mCQTyUKKxGrQeM80hQ== objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X dn: CN=sudoOption,CN=Schema,CN=Configuration,DC=X changetype: add objectClass: top objectClass: attributeSchema cn: sudoOption distinguishedName: CN=sudoOption,CN=Schema,CN=Configuration,DC=X instanceType: 4 attributeID: 1.3.6.1.4.1.15953.9.1.5 attributeSyntax: 2.5.5.5 isSingleValued: FALSE showInAdvancedViewOnly: TRUE adminDisplayName: sudoOption adminDescription: Option(s) followed by sudo oMSyntax: 22 lDAPDisplayName: sudoOption name: sudoOption schemaIDGUID:: ojaPzBBlAEmsvrHxQctLnA== objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X dn: CN=sudoRunAsUser,CN=Schema,CN=Configuration,DC=X changetype: add objectClass: top objectClass: attributeSchema cn: sudoRunAsUser distinguishedName: CN=sudoRunAsUser,CN=Schema,CN=Configuration,DC=X instanceType: 4 attributeID: 1.3.6.1.4.1.15953.9.1.6 attributeSyntax: 2.5.5.5 isSingleValued: FALSE showInAdvancedViewOnly: TRUE adminDisplayName: sudoRunAsUser adminDescription: User(s) impersonated by sudo oMSyntax: 22 lDAPDisplayName: sudoRunAsUser name: sudoRunAsUser schemaIDGUID:: 9C52yPYd3RG3jMR2VtiVkw== objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X dn: CN=sudoRunAsGroup,CN=Schema,CN=Configuration,DC=X changetype: add objectClass: top objectClass: attributeSchema cn: sudoRunAsGroup distinguishedName: CN=sudoRunAsGroup,CN=Schema,CN=Configuration,DC=X instanceType: 4 attributeID: 1.3.6.1.4.1.15953.9.1.7 attributeSyntax: 2.5.5.5 isSingleValued: FALSE showInAdvancedViewOnly: TRUE adminDisplayName: sudoRunAsGroup adminDescription: Groups(s) impersonated by sudo oMSyntax: 22 lDAPDisplayName: sudoRunAsGroup name: sudoRunAsGroup schemaIDGUID:: xJhSt/Yd3RGJPTB1VtiVkw== objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X dn: CN=sudoNotBefore,CN=Schema,CN=Configuration,DC=X changetype: add objectClass: top objectClass: attributeSchema cn: sudoNotBefore distinguishedName: CN=sudoNotBefore,CN=Schema,CN=Configuration,DC=X instanceType: 4 attributeID: 1.3.6.1.4.1.15953.9.1.8 attributeSyntax: 2.5.5.11 isSingleValued: TRUE showInAdvancedViewOnly: TRUE adminDisplayName: sudoNotBefore adminDescription: Start of time interval for which the entry is valid oMSyntax: 24 lDAPDisplayName: sudoNotBefore name: sudoNotBefore schemaIDGUID:: dm1HnRfY4RGf4gopYYhwmw== objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X dn: CN=sudoNotAfter,CN=Schema,CN=Configuration,DC=X changetype: add objectClass: top objectClass: attributeSchema cn: sudoNotAfter distinguishedName: CN=sudoNotAfter,CN=Schema,CN=Configuration,DC=X instanceType: 4 attributeID: 1.3.6.1.4.1.15953.9.1.9 attributeSyntax: 2.5.5.11 isSingleValued: TRUE showInAdvancedViewOnly: TRUE adminDisplayName: sudoNotAfter adminDescription: End of time interval for which the entry is valid oMSyntax: 24 lDAPDisplayName: sudoNotAfter name: sudoNotAfter schemaIDGUID:: OAr/pBfY4RG9dBIpYYhwmw== objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X dn: CN=sudoOrder,CN=Schema,CN=Configuration,DC=X changetype: add objectClass: top objectClass: attributeSchema cn: sudoOrder distinguishedName: CN=sudoOrder,CN=Schema,CN=Configuration,DC=X instanceType: 4 attributeID: 1.3.6.1.4.1.15953.9.1.10 attributeSyntax: 2.5.5.9 isSingleValued: TRUE showInAdvancedViewOnly: TRUE adminDisplayName: sudoOrder adminDescription: an integer to order the sudoRole entries oMSyntax: 2 lDAPDisplayName: sudoOrder name: sudoOrder schemaIDGUID:: 0J8yrRfY4RGIYBUpYYhwmw== objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X dn: changetype: modify add: schemaUpdateNow schemaUpdateNow: 1 - dn: CN=sudoRole,CN=Schema,CN=Configuration,DC=X changetype: add objectClass: top objectClass: classSchema cn: sudoRole distinguishedName: CN=sudoRole,CN=Schema,CN=Configuration,DC=X instanceType: 4 possSuperiors: container possSuperiors: top subClassOf: top governsID: 1.3.6.1.4.1.15953.9.2.1 mayContain: sudoCommand mayContain: sudoHost mayContain: sudoOption mayContain: sudoRunAs mayContain: sudoRunAsUser mayContain: sudoRunAsGroup mayContain: sudoUser mayContain: sudoNotBefore mayContain: sudoNotAfter mayContain: sudoOrder rDNAttID: cn showInAdvancedViewOnly: FALSE adminDisplayName: sudoRole adminDescription: Sudoer Entries objectClassCategory: 1 lDAPDisplayName: sudoRole name: sudoRole schemaIDGUID:: SQn432lnZ0+ukbdh3+gN3w== systemOnly: FALSE objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X defaultObjectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=X sudo-1.8.9p5/doc/schema.OpenLDAP010064400175440000012000000045521226304126500156440ustar00millertstaff# # OpenLDAP schema file for Sudo # Save as /etc/openldap/schema/sudo.schema # attributetype ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo (deprecated)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'Start of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributetype ( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'End of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributeTypes ( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an integer to order the sudoRole entries' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoOrder $ sudoNotBefore $ sudoNotAfter $ description ) ) sudo-1.8.9p5/doc/schema.iPlanet010064400175440000012000000043531226304126600156760ustar00millertstaffdn: cn=schema attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo (deprecated)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'Start of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'End of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an integer to order the sudoRole entries' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoOrder $ sudoNotBefore $ sudoNotAfter $ description ) X-ORIGIN 'SUDO' ) sudo-1.8.9p5/doc/sudo.cat010064400175440000012000000777621226304127600146020ustar00millertstaffSUDO(1m) System Manager's Manual SUDO(1m) NNAAMMEE ssuuddoo, ssuuddooeeddiitt - execute a command as another user SSYYNNOOPPSSIISS ssuuddoo --hh | --KK | --kk | --VV ssuuddoo --vv [--AAkknnSS] [--aa _t_y_p_e] [--gg _g_r_o_u_p] [--hh _h_o_s_t] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r] ssuuddoo --ll [--AAkknnSS] [--aa _t_y_p_e] [--gg _g_r_o_u_p] [--hh _h_o_s_t] [--pp _p_r_o_m_p_t] [--UU _u_s_e_r] [--uu _u_s_e_r] [_c_o_m_m_a_n_d] ssuuddoo [--AAbbEEHHnnPPSS] [--aa _t_y_p_e] [--CC _n_u_m] [--cc _c_l_a_s_s] [--gg _g_r_o_u_p] [--hh _h_o_s_t] [--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e] [--uu _u_s_e_r] [VVAARR=_v_a_l_u_e] [--ii | --ss] [_c_o_m_m_a_n_d] ssuuddooeeddiitt [--AAkknnSS] [--aa _t_y_p_e] [--CC _n_u_m] [--cc _c_l_a_s_s] [--gg _g_r_o_u_p] [--hh _h_o_s_t] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r] file ... DDEESSCCRRIIPPTTIIOONN ssuuddoo allows a permitted user to execute a _c_o_m_m_a_n_d as the superuser or another user, as specified by the security policy. ssuuddoo supports a plugin architecture for security policies and input/output logging. Third parties can develop and distribute their own policy and I/O logging plugins to work seamlessly with the ssuuddoo front end. The default security policy is _s_u_d_o_e_r_s, which is configured via the file _/_e_t_c_/_s_u_d_o_e_r_s, or via LDAP. See the _P_l_u_g_i_n_s section for more information. The security policy determines what privileges, if any, a user has to run ssuuddoo. The policy may require that users authenticate themselves with a password or another authentication mechanism. If authentication is required, ssuuddoo will exit if the user's password is not entered within a configurable time limit. This limit is policy-specific; the default password prompt timeout for the _s_u_d_o_e_r_s security policy is 5 minutes. Security policies may support credential caching to allow the user to run ssuuddoo again for a period of time without requiring authentication. The _s_u_d_o_e_r_s policy caches credentials for 5 minutes, unless overridden in sudoers(4). By running ssuuddoo with the --vv option, a user can update the cached credentials without running a _c_o_m_m_a_n_d. When invoked as ssuuddooeeddiitt, the --ee option (described below), is implied. Security policies may log successful and failed attempts to use ssuuddoo. If an I/O plugin is configured, the running command's input and output may be logged as well. The options are as follows: --AA, ----aasskkppaassss Normally, if ssuuddoo requires a password, it will read it from the user's terminal. If the --AA (_a_s_k_p_a_s_s) option is specified, a (possibly graphical) helper program is executed to read the user's password and output the password to the standard output. If the SUDO_ASKPASS environment variable is set, it specifies the path to the helper program. Otherwise, if sudo.conf(4) contains a line specifying the askpass program, that value will be used. For example: # Path to askpass helper program Path askpass /usr/X11R6/bin/ssh-askpass If no askpass program is available, ssuuddoo will exit with an error. --aa _t_y_p_e, ----aauutthh--ttyyppee=_t_y_p_e Use the specified BSD authentication _t_y_p_e when validating the user, if allowed by _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. The system administrator may specify a list of sudo-specific authentication methods by adding an ``auth-sudo'' entry in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. This option is only available on systems that support BSD authentication. --bb, ----bbaacckkggrroouunndd Run the given command in the background. Note that it is not possible to use shell job control to manipulate background processes started by ssuuddoo. Most interactive commands will fail to work properly in background mode. --CC _n_u_m, ----cclloossee--ffrroomm=_n_u_m Close all file descriptors greater than or equal to _n_u_m before executing a command. Values less than three are not permitted. By default, ssuuddoo will close all open file descriptors other than standard input, standard output and standard error when executing a command. The security policy may restrict the user's ability to use this option. The _s_u_d_o_e_r_s policy only permits use of the --CC option when the administrator has enabled the _c_l_o_s_e_f_r_o_m___o_v_e_r_r_i_d_e option. --cc _c_l_a_s_s, ----llooggiinn--ccllaassss=_c_l_a_s_s Run the command with resource limits and scheduling priority of the specified login _c_l_a_s_s. The _c_l_a_s_s argument can be either a class name as defined in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f, or a single `-' character. If _c_l_a_s_s is -, the default login class of the target user will be used. Otherwise, the command must be run as the superuser (user ID 0), or ssuuddoo must be run from a shell that is already running as the superuser. If the command is being run as a login shell, additional _/_e_t_c_/_l_o_g_i_n_._c_o_n_f settings, such as the umask and environment variables, will be applied, if present. This option is only available on systems with BSD login classes. --EE, ----pprreesseerrvvee--eennvv Indicates to the security policy that the user wishes to preserve their existing environment variables. The security policy may return an error if the user does not have permission to preserve the environment. --ee, ----eeddiitt Edit one or more files instead of running a command. In lieu of a path name, the string "sudoedit" is used when consulting the security policy. If the user is authorized by the policy, the following steps are taken: 1. Temporary copies are made of the files to be edited with the owner set to the invoking user. 2. The editor specified by the policy is run to edit the temporary files. The _s_u_d_o_e_r_s policy uses the SUDO_EDITOR, VISUAL and EDITOR environment variables (in that order). If none of SUDO_EDITOR, VISUAL or EDITOR are set, the first program listed in the _e_d_i_t_o_r sudoers(4) option is used. 3. If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed. If the specified file does not exist, it will be created. Note that unlike most commands run by _s_u_d_o, the editor is run with the invoking user's environment unmodified. If, for some reason, ssuuddoo is unable to update a file with its edited version, the user will receive a warning and the edited copy will remain in a temporary file. --gg _g_r_o_u_p, ----ggrroouupp=_g_r_o_u_p Run the command with the primary group set to _g_r_o_u_p instead of the primary group specified by the target user's password database entry. The _g_r_o_u_p may be either a group name or a numeric group ID (GID) prefixed with the `#' character (e.g. #0 for GID 0). When running a command as a GID, many shells require that the `#' be escaped with a backslash (`\'). If no --uu option is specified, the command will be run as the invoking user. In either case, the primary group will be set to _g_r_o_u_p. --HH, ----sseett--hhoommee Request that the security policy set the HOME environment variable to the home directory specified by the target user's password database entry. Depending on the policy, this may be the default behavior. --hh, ----hheellpp Display a short help message to the standard output and exit. --hh _h_o_s_t, ----hhoosstt=_h_o_s_t Run the command on the specified _h_o_s_t if the security policy plugin supports remote commands. Note that the _s_u_d_o_e_r_s plugin does not currently support running remote commands. This may also be used in conjunction with the --ll option to list a user's privileges for the remote host. --ii, ----llooggiinn Run the shell specified by the target user's password database entry as a login shell. This means that login- specific resource files such as _._p_r_o_f_i_l_e or _._l_o_g_i_n will be read by the shell. If a command is specified, it is passed to the shell for execution via the shell's --cc option. If no command is specified, an interactive shell is executed. ssuuddoo attempts to change to that user's home directory before running the shell. The command is run with an environment similar to the one a user would receive at log in. The _C_o_m_m_a_n_d _E_n_v_i_r_o_n_m_e_n_t section in the sudoers(4) manual documents how the --ii option affects the environment in which a command is run when the _s_u_d_o_e_r_s policy is in use. --KK, ----rreemmoovvee--ttiimmeessttaammpp Similar to the --kk option, except that it removes the user's cached credentials entirely and may not be used in conjunction with a command or other option. This option does not require a password. Not all security policies support credential caching. --kk, ----rreesseett--ttiimmeessttaammpp When used without a command, invalidates the user's cached credentials. In other words, the next time ssuuddoo is run a password will be required. This option does not require a password and was added to allow a user to revoke ssuuddoo permissions from a _._l_o_g_o_u_t file. When used in conjunction with a command or an option that may require a password, this option will cause ssuuddoo to ignore the user's cached credentials. As a result, ssuuddoo will prompt for a password (if one is required by the security policy) and will not update the user's cached credentials. Not all security policies support credential caching. --ll, ----lliisstt If no _c_o_m_m_a_n_d is specified, list the allowed (and forbidden) commands for the invoking user (or the user specified by the --UU option) on the current host. A longer list format is used if this option is specified multiple times and the security policy supports a verbose output format. If a _c_o_m_m_a_n_d is specified and is permitted by the security policy, the fully-qualified path to the command is displayed along with any command line arguments. If _c_o_m_m_a_n_d is specified but not allowed, ssuuddoo will exit with a status value of 1. --nn, ----nnoonn--iinntteerraaccttiivvee Avoid prompting the user for input of any kind. If a password is required for the command to run, ssuuddoo will display an error message and exit. --PP, ----pprreesseerrvvee--ggrroouuppss Preserve the invoking user's group vector unaltered. By default, the _s_u_d_o_e_r_s policy will initialize the group vector to the list of groups the target user is a member of. The real and effective group IDs, however, are still set to match the target user. --pp _p_r_o_m_p_t, ----pprroommpptt=_p_r_o_m_p_t Use a custom password prompt with optional escape sequences. The following percent (`%') escape sequences are supported by the _s_u_d_o_e_r_s policy: %H expanded to the host name including the domain name (on if the machine's host name is fully qualified or the _f_q_d_n option is set in sudoers(4)) %h expanded to the local host name without the domain name %p expanded to the name of the user whose password is being requested (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w, and _r_u_n_a_s_p_w flags in sudoers(4)) %U expanded to the login name of the user the command will be run as (defaults to root unless the --uu option is also specified) %u expanded to the invoking user's login name %% two consecutive `%' characters are collapsed into a single `%' character The custom prompt will override the system password prompt on systems that support PAM unless the _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag is disabled in _s_u_d_o_e_r_s. --rr _r_o_l_e, ----rroollee=_r_o_l_e Run the command with an SELinux security context that includes the specified _r_o_l_e. --SS, ----ssttddiinn Write the prompt to the standard error and read the password from the standard input instead of using the terminal device. The password must be followed by a newline character. --ss, ----sshheellll Run the shell specified by the SHELL environment variable if it is set or the shell specified by the invoking user's password database entry. If a command is specified, it is passed to the shell for execution via the shell's --cc option. If no command is specified, an interactive shell is executed. --tt _t_y_p_e, ----ttyyppee=_t_y_p_e Run the command with an SELinux security context that includes the specified _t_y_p_e. If no _t_y_p_e is specified, the default type is derived from the role. --UU _u_s_e_r, ----ootthheerr--uusseerr=_u_s_e_r Used in conjunction with the --ll option to list the privileges for _u_s_e_r instead of for the invoking user. The security policy may restrict listing other users' privileges. The _s_u_d_o_e_r_s policy only allows root or a user with the ALL privilege on the current host to use this option. --uu _u_s_e_r, ----uusseerr=_u_s_e_r Run the command as a user other than the default target user (usually _r_o_o_t _)_. The _u_s_e_r may be either a user name or a numeric user ID (UID) prefixed with the `#' character (e.g. #0 for UID 0). When running commands as a UID, many shells require that the `#' be escaped with a backslash (`\'). Some security policies may restrict UIDs to those listed in the password database. The _s_u_d_o_e_r_s policy allows UIDs that are not in the password database as long as the _t_a_r_g_e_t_p_w option is not set. Other security policies may not support this. --VV, ----vveerrssiioonn Print the ssuuddoo version string as well as the version string of the security policy plugin and any I/O plugins. If the invoking user is already root the --VV option will display the arguments passed to configure when ssuuddoo was built and plugins may display more verbose information such as default options. --vv, ----vvaalliiddaattee Update the user's cached credentials, authenticating the user if necessary. For the _s_u_d_o_e_r_s plugin, this extends the ssuuddoo timeout for another 5 minutes by default, but does not run a command. Not all security policies support cached credentials. ---- The ---- option indicates that ssuuddoo should stop processing command line arguments. Environment variables to be set for the command may also be passed on the command line in the form of VVAARR=_v_a_l_u_e, e.g. LLDD__LLIIBBRRAARRYY__PPAATTHH=_/_u_s_r_/_l_o_c_a_l_/_p_k_g_/_l_i_b. Variables passed on the command line are subject to restrictions imposed by the security policy plugin. The _s_u_d_o_e_r_s policy subjects variables passed on the command line to the same restrictions as normal environment variables with one important exception. If the _s_e_t_e_n_v option is set in _s_u_d_o_e_r_s, the command to be run has the SETENV tag set or the command matched is ALL, the user may set variables that would otherwise be forbidden. See sudoers(4) for more information. CCOOMMMMAANNDD EEXXEECCUUTTIIOONN When ssuuddoo executes a command, the security policy specifies the execution environment for the command. Typically, the real and effective user and group and IDs are set to match those of the target user, as specified in the password database, and the group vector is initialized based on the group database (unless the --PP option was specified). The following parameters may be specified by security policy: oo real and effective user ID oo real and effective group ID oo supplementary group IDs oo the environment list oo current working directory oo file creation mode mask (umask) oo SELinux role and type oo Solaris project oo Solaris privileges oo BSD login class oo scheduling priority (aka nice value) PPrroocceessss mmooddeell When ssuuddoo runs a command, it calls fork(2), sets up the execution environment as described above, and calls the execve system call in the child process. The main ssuuddoo process waits until the command has completed, then passes the command's exit status to the security policy's close function and exits. If an I/O logging plugin is configured or if the security policy explicitly requests it, a new pseudo-terminal (``pty'') is created and a second ssuuddoo process is used to relay job control signals between the user's existing pty and the new pty the command is being run in. This extra process makes it possible to, for example, suspend and resume the command. Without it, the command would be in what POSIX terms an ``orphaned process group'' and it would not receive any job control signals. As a special case, if the policy plugin does not define a close function and no pty is required, ssuuddoo will execute the command directly instead of calling fork(2) first. The _s_u_d_o_e_r_s policy plugin will only define a close function when I/O logging is enabled, a pty is required, or the _p_a_m___s_e_s_s_i_o_n or _p_a_m___s_e_t_c_r_e_d options are enabled. Note that _p_a_m___s_e_s_s_i_o_n and _p_a_m___s_e_t_c_r_e_d are enabled by default on systems using PAM. SSiiggnnaall hhaannddlliinngg When the command is run as a child of the ssuuddoo process, ssuuddoo will relay signals it receives to the command. Unless the command is being run in a new pty, the SIGHUP, SIGINT and SIGQUIT signals are not relayed unless they are sent by a user process, not the kernel. Otherwise, the command would receive SIGINT twice every time the user entered control-C. Some signals, such as SIGSTOP and SIGKILL, cannot be caught and thus will not be relayed to the command. As a general rule, SIGTSTP should be used instead of SIGSTOP when you wish to suspend a command being run by ssuuddoo. As a special case, ssuuddoo will not relay signals that were sent by the command it is running. This prevents the command from accidentally killing itself. On some systems, the reboot(1m) command sends SIGTERM to all non-system processes other than itself before rebooting the system. This prevents ssuuddoo from relaying the SIGTERM signal it received back to reboot(1m), which might then exit before the system was actually rebooted, leaving it in a half-dead state similar to single user mode. Note, however, that this check only applies to the command run by ssuuddoo and not any other processes that the command may create. As a result, running a script that calls reboot(1m) or shutdown(1m) via ssuuddoo may cause the system to end up in this undefined state unless the reboot(1m) or shutdown(1m) are run using the eexxeecc() family of functions instead of ssyysstteemm() (which interposes a shell between the command and the calling process). If no I/O logging plugins are loaded and the policy plugin has not defined a cclloossee() function, set a command timeout or required that the command be run in a new pty, ssuuddoo may execute the command directly instead of running it as a child process. PPlluuggiinnss Plugins may be specified via Plugin directives in the sudo.conf(4) file. They may be loaded as dynamic shared objects (on systems that support them), or compiled directly into the ssuuddoo binary. If no sudo.conf(4) file is present, or it contains no Plugin lines, ssuuddoo will use the traditional _s_u_d_o_e_r_s security policy and I/O logging. See the sudo.conf(4) manual for details of the _/_e_t_c_/_s_u_d_o_._c_o_n_f file and the sudo_plugin(1m) manual for more information about the ssuuddoo plugin architecture. EEXXIITT VVAALLUUEE Upon successful execution of a program, the exit status from _s_u_d_o will simply be the exit status of the program that was executed. Otherwise, ssuuddoo exits with a value of 1 if there is a configuration/permission problem or if ssuuddoo cannot execute the given command. In the latter case the error string is printed to the standard error. If ssuuddoo cannot stat(2) one or more entries in the user's PATH, an error is printed on stderr. (If the directory does not exist or if it is not really a directory, the entry is ignored and no error is printed.) This should not happen under normal circumstances. The most common reason for stat(2) to return ``permission denied'' is if you are running an automounter and one of the directories in your PATH is on a machine that is currently unreachable. SSEECCUURRIITTYY NNOOTTEESS ssuuddoo tries to be safe when executing external commands. To prevent command spoofing, ssuuddoo checks "." and "" (both denoting current directory) last when searching for a command in the user's PATH (if one or both are in the PATH). Note, however, that the actual PATH environment variable is _n_o_t modified and is passed unchanged to the program that ssuuddoo executes. Please note that ssuuddoo will normally only log the command it explicitly runs. If a user runs a command such as sudo su or sudo sh, subsequent commands run from that shell are not subject to ssuuddoo's security policy. The same is true for commands that offer shell escapes (including most editors). If I/O logging is enabled, subsequent commands will have their input and/or output logged, but there will not be traditional logs for those commands. Because of this, care must be taken when giving users access to commands via ssuuddoo to verify that the command does not inadvertently give the user an effective root shell. For more information, please see the _P_R_E_V_E_N_T_I_N_G _S_H_E_L_L _E_S_C_A_P_E_S section in sudoers(4). To prevent the disclosure of potentially sensitive information, ssuuddoo disables core dumps by default while it is executing (they are re-enabled for the command that is run). To aid in debugging ssuuddoo crashes, you may wish to re-enable core dumps by setting ``disable_coredump'' to false in the sudo.conf(4) file as follows: Set disable_coredump false See the sudo.conf(4) manual for more information. EENNVVIIRROONNMMEENNTT ssuuddoo utilizes the following environment variables. The security policy has control over the actual content of the command's environment. EDITOR Default editor to use in --ee (sudoedit) mode if neither SUDO_EDITOR nor VISUAL is set. MAIL In --ii mode or when _e_n_v___r_e_s_e_t is enabled in _s_u_d_o_e_r_s, set to the mail spool of the target user. HOME Set to the home directory of the target user if --ii or --HH are specified, _e_n_v___r_e_s_e_t or _a_l_w_a_y_s___s_e_t___h_o_m_e are set in _s_u_d_o_e_r_s, or when the --ss option is specified and _s_e_t___h_o_m_e is set in _s_u_d_o_e_r_s. PATH May be overridden by the security policy. SHELL Used to determine shell to run with --ss option. SUDO_ASKPASS Specifies the path to a helper program used to read the password if no terminal is available or if the --AA option is specified. SUDO_COMMAND Set to the command run by sudo. SUDO_EDITOR Default editor to use in --ee (sudoedit) mode. SUDO_GID Set to the group ID of the user who invoked sudo. SUDO_PROMPT Used as the default password prompt. SUDO_PS1 If set, PS1 will be set to its value for the program being run. SUDO_UID Set to the user ID of the user who invoked sudo. SUDO_USER Set to the login name of the user who invoked sudo. USER Set to the target user (root unless the --uu option is specified). VISUAL Default editor to use in --ee (sudoedit) mode if SUDO_EDITOR is not set. FFIILLEESS _/_e_t_c_/_s_u_d_o_._c_o_n_f ssuuddoo front end configuration EEXXAAMMPPLLEESS Note: the following examples assume a properly configured security policy. To get a file listing of an unreadable directory: $ sudo ls /usr/local/protected To list the home directory of user yaz on a machine where the file system holding ~yaz is not exported as root: $ sudo -u yaz ls ~yaz To edit the _i_n_d_e_x_._h_t_m_l file as user www: $ sudo -u www vi ~www/htdocs/index.html To view system logs only accessible to root and users in the adm group: $ sudo -g adm view /var/log/syslog To run an editor as jim with a different primary group: $ sudo -u jim -g audio vi ~jim/sound.txt To shut down a machine: $ sudo shutdown -r +15 "quick reboot" To make a usage listing of the directories in the /home partition. Note that this runs the commands in a sub-shell to make the cd and file redirection work. $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" SSEEEE AALLSSOO su(1), stat(2), login_cap(3), passwd(4), sudo.conf(4), sudoers(4), sudo_plugin(1m), sudoreplay(1m), visudo(1m) HHIISSTTOORRYY See the HISTORY file in the ssuuddoo distribution (http://www.sudo.ws/sudo/history.html) for a brief history of sudo. AAUUTTHHOORRSS Many people have worked on ssuuddoo over the years; this version consists of code written primarily by: Todd C. Miller See the CONTRIBUTORS file in the ssuuddoo distribution (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of people who have contributed to ssuuddoo. CCAAVVEEAATTSS There is no easy way to prevent a user from gaining a root shell if that user is allowed to run arbitrary commands via ssuuddoo. Also, many programs (such as editors) allow the user to run commands via shell escapes, thus avoiding ssuuddoo's checks. However, on most systems it is possible to prevent shell escapes with the sudoers(4) plugin's _n_o_e_x_e_c functionality. It is not meaningful to run the cd command directly via sudo, e.g., $ sudo cd /usr/local/protected since when the command exits the parent process (your shell) will still be the same. Please see the _E_X_A_M_P_L_E_S section for more information. Running shell scripts via ssuuddoo can expose the same kernel bugs that make setuid shell scripts unsafe on some operating systems (if your OS has a /dev/fd/ directory, setuid shell scripts are generally safe). BBUUGGSS If you feel you have found a bug in ssuuddoo, please submit a bug report at http://www.sudo.ws/sudo/bugs/ SSUUPPPPOORRTT Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. DDIISSCCLLAAIIMMEERR ssuuddoo is provided ``AS IS'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. Sudo 1.8.9 December 8, 2013 Sudo 1.8.9 sudo-1.8.9p5/doc/sudo.conf.cat010064400175440000012000000427221226304126600155110ustar00millertstaffSUDO(4) Programmer's Manual SUDO(4) NNAAMMEE ssuuddoo..ccoonnff - configuration for sudo front end DDEESSCCRRIIPPTTIIOONN The ssuuddoo..ccoonnff file is used to configure the ssuuddoo front end. It specifies the security policy and I/O logging plugins, debug flags as well as plugin-agnostic path names and settings. The ssuuddoo..ccoonnff file supports the following directives, described in detail below. Plugin a security policy or I/O logging plugin Path a plugin-agnostic path Set a front end setting, such as _d_i_s_a_b_l_e___c_o_r_e_d_u_m_p or _g_r_o_u_p___s_o_u_r_c_e Debug debug flags to aid in debugging ssuuddoo, ssuuddoorreeppllaayy, vviissuuddoo, and the ssuuddooeerrss plugin. The pound sign (`#') is used to indicate a comment. Both the comment character and any text after it, up to the end of the line, are ignored. Long lines can be continued with a backslash (`\') as the last character on the line. Note that leading white space is removed from the beginning of lines even when the continuation character is used. Non-comment lines that don't begin with Plugin, Path, Debug, or Set are silently ignored. The ssuuddoo..ccoonnff file is always parsed in the ``C'' locale. PPlluuggiinn ccoonnffiigguurraattiioonn ssuuddoo supports a plugin architecture for security policies and input/output logging. Third parties can develop and distribute their own policy and I/O logging plugins to work seamlessly with the ssuuddoo front end. Plugins are dynamically loaded based on the contents of ssuuddoo..ccoonnff. A Plugin line consists of the Plugin keyword, followed by the _s_y_m_b_o_l___n_a_m_e and the _p_a_t_h to the dynamic shared object that contains the plugin. The _s_y_m_b_o_l___n_a_m_e is the name of the struct policy_plugin or struct io_plugin symbol contained in the plugin. The _p_a_t_h may be fully qualified or relative. If not fully qualified, it is relative to the directory specified by the _p_l_u_g_i_n___d_i_r Path setting, which defaults to _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o. In other words: Plugin sudoers_policy sudoers.so is equivalent to: Plugin sudoers_policy /usr/local/libexec/sudo/sudoers.so If the plugin was compiled statically into the ssuuddoo binary instead of being installed as a dynamic shared object, the _p_a_t_h should be specified without a leading directory, as it does not actually exist in the file system. For example: Plugin sudoers_policy sudoers.so Starting with ssuuddoo 1.8.5, any additional parameters after the _p_a_t_h are passed as arguments to the plugin's _o_p_e_n function. For example, to override the compile-time default sudoers file mode: Plugin sudoers_policy sudoers.so sudoers_mode=0440 The same dynamic shared object may contain multiple plugins, each with a different symbol name. The file must be owned by uid 0 and only writable by its owner. Because of ambiguities that arise from composite policies, only a single policy plugin may be specified. This limitation does not apply to I/O plugins. If no ssuuddoo..ccoonnff file is present, or if it contains no Plugin lines, the ssuuddooeerrss plugin will be used as the default security policy and for I/O logging (if enabled by the policy). This is equivalent to the following: Plugin sudoers_policy sudoers.so Plugin sudoers_io sudoers.so For more information on the ssuuddoo plugin architecture, see the sudo_plugin(1m) manual. PPaatthh sseettttiinnggss A Path line consists of the Path keyword, followed by the name of the path to set and its value. For example: Path noexec /usr/local/libexec/sudo/sudo_noexec.so Path askpass /usr/X11R6/bin/ssh-askpass The following plugin-agnostic paths may be set in the _/_e_t_c_/_s_u_d_o_._c_o_n_f file: askpass The fully qualified path to a helper program used to read the user's password when no terminal is available. This may be the case when ssuuddoo is executed from a graphical (as opposed to text-based) application. The program specified by _a_s_k_p_a_s_s should display the argument passed to it as the prompt and write the user's password to the standard output. The value of _a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS environment variable. noexec The fully-qualified path to a shared library containing dummy versions of the eexxeeccvv(), eexxeeccvvee() and ffeexxeeccvvee() library functions that just return an error. This is used to implement the _n_o_e_x_e_c functionality on systems that support LD_PRELOAD or its equivalent. The default value is: _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o_/_s_u_d_o___n_o_e_x_e_c_._s_o. plugin_dir The default directory to use when searching for plugins that are specified without a fully qualified path name. The default value is _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o. sesh The fully-qualified path to the sseesshh binary. This setting is only used when ssuuddoo is built with SELinux support. The default value is _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o_/_s_e_s_h. OOtthheerr sseettttiinnggss The ssuuddoo..ccoonnff file also supports the following front end settings: disable_coredump Core dumps of ssuuddoo itself are disabled by default. To aid in debugging ssuuddoo crashes, you may wish to re-enable core dumps by setting ``disable_coredump'' to false in ssuuddoo..ccoonnff as follows: Set disable_coredump false Note that most operating systems disable core dumps from setuid programs, including ssuuddoo. To actually get a ssuuddoo core file you will likely need to enable core dumps for setuid processes. On BSD and Linux systems this is accomplished in the sysctl command. On Solaris, the coreadm command is used to configure core dump behavior. This setting is only available in ssuuddoo version 1.8.4 and higher. group_source ssuuddoo passes the invoking user's group list to the policy and I/O plugins. On most systems, there is an upper limit to the number of groups that a user may belong to simultaneously (typically 16 for compatibility with NFS). On systems with the getconf(1) utility, running: getconf NGROUPS_MAX will return the maximum number of groups. However, it is still possible to be a member of a larger number of groups--they simply won't be included in the group list returned by the kernel for the user. Starting with ssuuddoo version 1.8.7, if the user's kernel group list has the maximum number of entries, ssuuddoo will consult the group database directly to determine the group list. This makes it possible for the security policy to perform matching by group name even when the user is a member of more than the maximum number of groups. The _g_r_o_u_p___s_o_u_r_c_e setting allows the administrator to change this default behavior. Supported values for _g_r_o_u_p___s_o_u_r_c_e are: static Use the static group list that the kernel returns. Retrieving the group list this way is very fast but it is subject to an upper limit as described above. It is ``static'' in that it does not reflect changes to the group database made after the user logs in. This was the default behavior prior to ssuuddoo 1.8.7. dynamic Always query the group database directly. It is ``dynamic'' in that changes made to the group database after the user logs in will be reflected in the group list. On some systems, querying the group database for all of a user's groups can be time consuming when querying a network-based group database. Most operating systems provide an efficient method of performing such queries. Currently, ssuuddoo supports efficient group queries on AIX, BSD, HP-UX, Linux and Solaris. adaptive Only query the group database if the static group list returned by the kernel has the maximum number of entries. This is the default behavior in ssuuddoo 1.8.7 and higher. For example, to cause ssuuddoo to only use the kernel's static list of groups for the user: Set group_source static This setting is only available in ssuuddoo version 1.8.7 and higher. max_groups The maximum number of user groups to retrieve from the group database. Values less than one will be ignored. This setting is only used when querying the group database directly. It is intended to be used on systems where it is not possible to detect when the array to be populated with group entries is not sufficiently large. By default, ssuuddoo will allocate four times the system's maximum number of groups (see above) and retry with double that number if the group database query fails. However, some systems just return as many entries as will fit and do not indicate an error when there is a lack of space. This setting is only available in ssuuddoo version 1.8.7 and higher. DDeebbuugg ffllaaggss ssuuddoo versions 1.8.4 and higher support a flexible debugging framework that can help track down what ssuuddoo is doing internally if there is a problem. A Debug line consists of the Debug keyword, followed by the name of the program (or plugin) to debug (ssuuddoo, vviissuuddoo, ssuuddoorreeppllaayy, ssuuddooeerrss), the debug file name and a comma-separated list of debug flags. The debug flag syntax used by ssuuddoo and the ssuuddooeerrss plugin is _s_u_b_s_y_s_t_e_m@_p_r_i_o_r_i_t_y but a plugin is free to use a different format so long as it does not include a comma (`,'). For example: Debug sudo /var/log/sudo_debug all@warn,plugin@info would log all debugging statements at the _w_a_r_n level and higher in addition to those at the _i_n_f_o level for the plugin subsystem. Currently, only one Debug entry per program is supported. The ssuuddoo Debug entry is shared by the ssuuddoo front end, ssuuddooeeddiitt and the plugins. A future release may add support for per-plugin Debug lines and/or support for multiple debugging files for a single program. The priorities used by the ssuuddoo front end, in order of decreasing severity, are: _c_r_i_t, _e_r_r, _w_a_r_n, _n_o_t_i_c_e, _d_i_a_g, _i_n_f_o, _t_r_a_c_e and _d_e_b_u_g. Each priority, when specified, also includes all priorities higher than it. For example, a priority of _n_o_t_i_c_e would include debug messages logged at _n_o_t_i_c_e and higher. The following subsystems are used by the ssuuddoo front-end: _a_l_l matches every subsystem _a_r_g_s command line argument processing _c_o_n_v user conversation _e_d_i_t sudoedit _e_v_e_n_t event subsystem _e_x_e_c command execution _m_a_i_n ssuuddoo main function _n_e_t_i_f network interface handling _p_c_o_m_m communication with the plugin _p_l_u_g_i_n plugin configuration _p_t_y pseudo-tty related code _s_e_l_i_n_u_x SELinux-specific handling _u_t_i_l utility functions _u_t_m_p utmp handling The sudoers(4) plugin includes support for additional subsystems. FFIILLEESS _/_e_t_c_/_s_u_d_o_._c_o_n_f ssuuddoo front end configuration EEXXAAMMPPLLEESS # # Default /etc/sudo.conf file # # Format: # Plugin plugin_name plugin_path plugin_options ... # Path askpass /path/to/askpass # Path noexec /path/to/sudo_noexec.so # Debug sudo /var/log/sudo_debug all@warn # Set disable_coredump true # # The plugin_path is relative to /usr/local/libexec/sudo unless # fully qualified. # The plugin_name corresponds to a global symbol in the plugin # that contains the plugin interface structure. # The plugin_options are optional. # # The sudoers plugin is used by default if no Plugin lines are # present. Plugin sudoers_policy sudoers.so Plugin sudoers_io sudoers.so # # Sudo askpass: # # An askpass helper program may be specified to provide a graphical # password prompt for "sudo -A" support. Sudo does not ship with # its own askpass program but can use the OpenSSH askpass. # # Use the OpenSSH askpass #Path askpass /usr/X11R6/bin/ssh-askpass # # Use the Gnome OpenSSH askpass #Path askpass /usr/libexec/openssh/gnome-ssh-askpass # # Sudo noexec: # # Path to a shared library containing dummy versions of the execv(), # execve() and fexecve() library functions that just return an error. # This is used to implement the "noexec" functionality on systems that # support C or its equivalent. # The compiled-in value is usually sufficient and should only be # changed if you rename or move the sudo_noexec.so file. # #Path noexec /usr/local/libexec/sudo/sudo_noexec.so # # Core dumps: # # By default, sudo disables core dumps while it is executing # (they are re-enabled for the command that is run). # To aid in debugging sudo problems, you may wish to enable core # dumps by setting "disable_coredump" to false. # #Set disable_coredump false # # User groups: # # Sudo passes the user's group list to the policy plugin. # If the user is a member of the maximum number of groups (usually 16), # sudo will query the group database directly to be sure to include # the full list of groups. # # On some systems, this can be expensive so the behavior is configurable. # The "group_source" setting has three possible values: # static - use the user's list of groups returned by the kernel. # dynamic - query the group database to find the list of groups. # adaptive - if user is in less than the maximum number of groups. # use the kernel list, else query the group database. # #Set group_source static SSEEEE AALLSSOO sudoers(4), sudo(1m), sudo_plugin(1m) HHIISSTTOORRYY See the HISTORY file in the ssuuddoo distribution (http://www.sudo.ws/sudo/history.html) for a brief history of sudo. AAUUTTHHOORRSS Many people have worked on ssuuddoo over the years; this version consists of code written primarily by: Todd C. Miller See the CONTRIBUTORS file in the ssuuddoo distribution (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of people who have contributed to ssuuddoo. BBUUGGSS If you feel you have found a bug in ssuuddoo, please submit a bug report at http://www.sudo.ws/sudo/bugs/ SSUUPPPPOORRTT Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. DDIISSCCLLAAIIMMEERR ssuuddoo is provided ``AS IS'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. Sudo 1.8.9 December 4, 2013 Sudo 1.8.9 sudo-1.8.9p5/doc/sudo.conf.man.in010064400175440000012000000366531226304126600161300ustar00millertstaff.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! .\" IT IS GENERATED AUTOMATICALLY FROM sudo.conf.mdoc.in .\" .\" Copyright (c) 2010-2013 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .TH "SUDO" "5" "December 4, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual" .nh .if n .ad l .SH "NAME" \fBsudo.conf\fR \- configuration for sudo front end .SH "DESCRIPTION" The \fBsudo.conf\fR file is used to configure the \fBsudo\fR front end. It specifies the security policy and I/O logging plugins, debug flags as well as plugin-agnostic path names and settings. .PP The \fBsudo.conf\fR file supports the following directives, described in detail below. .TP 10n Plugin a security policy or I/O logging plugin .TP 10n Path a plugin-agnostic path .TP 10n Set a front end setting, such as \fIdisable_coredump\fR or \fIgroup_source\fR .TP 10n Debug debug flags to aid in debugging \fBsudo\fR, \fBsudoreplay\fR, \fBvisudo\fR, and the \fBsudoers\fR plugin. .PP The pound sign (`#') is used to indicate a comment. Both the comment character and any text after it, up to the end of the line, are ignored. .PP Long lines can be continued with a backslash (`\e') as the last character on the line. Note that leading white space is removed from the beginning of lines even when the continuation character is used. .PP Non-comment lines that don't begin with \fRPlugin\fR, \fRPath\fR, \fRDebug\fR, or \fRSet\fR are silently ignored. .PP The \fBsudo.conf\fR file is always parsed in the ``\fRC\fR'' locale. .SS "Plugin configuration" \fBsudo\fR supports a plugin architecture for security policies and input/output logging. Third parties can develop and distribute their own policy and I/O logging plugins to work seamlessly with the \fBsudo\fR front end. Plugins are dynamically loaded based on the contents of \fBsudo.conf\fR. .PP A \fRPlugin\fR line consists of the \fRPlugin\fR keyword, followed by the \fIsymbol_name\fR and the \fIpath\fR to the dynamic shared object that contains the plugin. The \fIsymbol_name\fR is the name of the \fRstruct policy_plugin\fR or \fRstruct io_plugin\fR symbol contained in the plugin. The \fIpath\fR may be fully qualified or relative. If not fully qualified, it is relative to the directory specified by the \fIplugin_dir\fR \fRPath\fR setting, which defaults to \fI@PLUGINDIR@\fR. In other words: .nf .sp .RS 6n Plugin sudoers_policy sudoers.so .RE .fi .PP is equivalent to: .nf .sp .RS 6n Plugin sudoers_policy @PLUGINDIR@/sudoers.so .RE .fi .PP If the plugin was compiled statically into the \fBsudo\fR binary instead of being installed as a dynamic shared object, the \fIpath\fR should be specified without a leading directory, as it does not actually exist in the file system. For example: .nf .sp .RS 6n Plugin sudoers_policy sudoers.so .RE .fi .PP Starting with \fBsudo\fR 1.8.5, any additional parameters after the \fIpath\fR are passed as arguments to the plugin's \fIopen\fR function. For example, to override the compile-time default sudoers file mode: .nf .sp .RS 6n Plugin sudoers_policy sudoers.so sudoers_mode=0440 .RE .fi .PP The same dynamic shared object may contain multiple plugins, each with a different symbol name. The file must be owned by uid 0 and only writable by its owner. Because of ambiguities that arise from composite policies, only a single policy plugin may be specified. This limitation does not apply to I/O plugins. .PP If no \fBsudo.conf\fR file is present, or if it contains no \fRPlugin\fR lines, the \fBsudoers\fR plugin will be used as the default security policy and for I/O logging (if enabled by the policy). This is equivalent to the following: .nf .sp .RS 6n Plugin sudoers_policy sudoers.so Plugin sudoers_io sudoers.so .RE .fi .PP For more information on the \fBsudo\fR plugin architecture, see the sudo_plugin(@mansectsu@) manual. .SS "Path settings" A \fRPath\fR line consists of the \fRPath\fR keyword, followed by the name of the path to set and its value. For example: .nf .sp .RS 6n Path noexec @noexec_file@ Path askpass /usr/X11R6/bin/ssh-askpass .RE .fi .PP The following plugin-agnostic paths may be set in the \fI@sysconfdir@/sudo.conf\fR file: .TP 10n askpass The fully qualified path to a helper program used to read the user's password when no terminal is available. This may be the case when \fBsudo\fR is executed from a graphical (as opposed to text-based) application. The program specified by \fIaskpass\fR should display the argument passed to it as the prompt and write the user's password to the standard output. The value of \fIaskpass\fR may be overridden by the \fRSUDO_ASKPASS\fR environment variable. .TP 10n noexec The fully-qualified path to a shared library containing dummy versions of the \fBexecv\fR(), \fBexecve\fR() and \fBfexecve\fR() library functions that just return an error. This is used to implement the \fInoexec\fR functionality on systems that support \fRLD_PRELOAD\fR or its equivalent. The default value is: \fI@noexec_file@\fR. .TP 10n plugin_dir The default directory to use when searching for plugins that are specified without a fully qualified path name. The default value is \fI@PLUGINDIR@\fR. .TP 10n sesh The fully-qualified path to the \fBsesh\fR binary. This setting is only used when \fBsudo\fR is built with SELinux support. The default value is \fI@sesh_file@\fR. .SS "Other settings" The \fBsudo.conf\fR file also supports the following front end settings: .TP 10n disable_coredump Core dumps of \fBsudo\fR itself are disabled by default. To aid in debugging \fBsudo\fR crashes, you may wish to re-enable core dumps by setting ``disable_coredump'' to false in \fBsudo.conf\fR as follows: .RS .nf .sp .RS 6n Set disable_coredump false .RE .fi .sp Note that most operating systems disable core dumps from setuid programs, including \fBsudo\fR. To actually get a \fBsudo\fR core file you will likely need to enable core dumps for setuid processes. On BSD and Linux systems this is accomplished in the sysctl command. On Solaris, the coreadm command is used to configure core dump behavior. .sp This setting is only available in \fBsudo\fR version 1.8.4 and higher. .PP .RE .PD 0 .TP 10n group_source \fBsudo\fR passes the invoking user's group list to the policy and I/O plugins. On most systems, there is an upper limit to the number of groups that a user may belong to simultaneously (typically 16 for compatibility with NFS). On systems with the getconf(1) utility, running: .RS 6n getconf NGROUPS_MAX .RE will return the maximum number of groups. .sp However, it is still possible to be a member of a larger number of groups--they simply won't be included in the group list returned by the kernel for the user. Starting with \fBsudo\fR version 1.8.7, if the user's kernel group list has the maximum number of entries, \fBsudo\fR will consult the group database directly to determine the group list. This makes it possible for the security policy to perform matching by group name even when the user is a member of more than the maximum number of groups. .sp The \fIgroup_source\fR setting allows the administrator to change this default behavior. Supported values for \fIgroup_source\fR are: .RS .PD .TP 10n static Use the static group list that the kernel returns. Retrieving the group list this way is very fast but it is subject to an upper limit as described above. It is ``static'' in that it does not reflect changes to the group database made after the user logs in. This was the default behavior prior to \fBsudo\fR 1.8.7. .TP 10n dynamic Always query the group database directly. It is ``dynamic'' in that changes made to the group database after the user logs in will be reflected in the group list. On some systems, querying the group database for all of a user's groups can be time consuming when querying a network-based group database. Most operating systems provide an efficient method of performing such queries. Currently, \fBsudo\fR supports efficient group queries on AIX, BSD, HP-UX, Linux and Solaris. .TP 10n adaptive Only query the group database if the static group list returned by the kernel has the maximum number of entries. This is the default behavior in \fBsudo\fR 1.8.7 and higher. .PP For example, to cause \fBsudo\fR to only use the kernel's static list of groups for the user: .nf .sp .RS 6n Set group_source static .RE .fi .sp This setting is only available in \fBsudo\fR version 1.8.7 and higher. .PP .RE .PD 0 .TP 10n max_groups The maximum number of user groups to retrieve from the group database. Values less than one will be ignored. This setting is only used when querying the group database directly. It is intended to be used on systems where it is not possible to detect when the array to be populated with group entries is not sufficiently large. By default, \fBsudo\fR will allocate four times the system's maximum number of groups (see above) and retry with double that number if the group database query fails. However, some systems just return as many entries as will fit and do not indicate an error when there is a lack of space. .sp This setting is only available in \fBsudo\fR version 1.8.7 and higher. .PD .SS "Debug flags" \fBsudo\fR versions 1.8.4 and higher support a flexible debugging framework that can help track down what \fBsudo\fR is doing internally if there is a problem. .PP A \fRDebug\fR line consists of the \fRDebug\fR keyword, followed by the name of the program (or plugin) to debug (\fBsudo\fR, \fBvisudo\fR, \fBsudoreplay\fR, \fBsudoers\fR), the debug file name and a comma-separated list of debug flags. The debug flag syntax used by \fBsudo\fR and the \fBsudoers\fR plugin is \fIsubsystem\fR@\fIpriority\fR but a plugin is free to use a different format so long as it does not include a comma (`\&,'). .PP For example: .nf .sp .RS 6n Debug sudo /var/log/sudo_debug all@warn,plugin@info .RE .fi .PP would log all debugging statements at the \fIwarn\fR level and higher in addition to those at the \fIinfo\fR level for the plugin subsystem. .PP Currently, only one \fRDebug\fR entry per program is supported. The \fBsudo\fR \fRDebug\fR entry is shared by the \fBsudo\fR front end, \fBsudoedit\fR and the plugins. A future release may add support for per-plugin \fRDebug\fR lines and/or support for multiple debugging files for a single program. .PP The priorities used by the \fBsudo\fR front end, in order of decreasing severity, are: \fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR and \fIdebug\fR. Each priority, when specified, also includes all priorities higher than it. For example, a priority of \fInotice\fR would include debug messages logged at \fInotice\fR and higher. .PP The following subsystems are used by the \fBsudo\fR front-end: .TP 12n \fIall\fR matches every subsystem .TP 12n \fIargs\fR command line argument processing .TP 12n \fIconv\fR user conversation .TP 12n \fIedit\fR sudoedit .TP 12n \fIevent\fR event subsystem .TP 12n \fIexec\fR command execution .TP 12n \fImain\fR \fBsudo\fR main function .TP 12n \fInetif\fR network interface handling .TP 12n \fIpcomm\fR communication with the plugin .TP 12n \fIplugin\fR plugin configuration .TP 12n \fIpty\fR pseudo-tty related code .TP 12n \fIselinux\fR SELinux-specific handling .TP 12n \fIutil\fR utility functions .TP 12n \fIutmp\fR utmp handling .PP The sudoers(@mansectform@) plugin includes support for additional subsystems. .SH "FILES" .TP 26n \fI@sysconfdir@/sudo.conf\fR \fBsudo\fR front end configuration .SH "EXAMPLES" .nf .RS 0n # # Default @sysconfdir@/sudo.conf file # # Format: # Plugin plugin_name plugin_path plugin_options ... # Path askpass /path/to/askpass # Path noexec /path/to/sudo_noexec.so # Debug sudo /var/log/sudo_debug all@warn # Set disable_coredump true # # The plugin_path is relative to @PLUGINDIR@ unless # fully qualified. # The plugin_name corresponds to a global symbol in the plugin # that contains the plugin interface structure. # The plugin_options are optional. # # The sudoers plugin is used by default if no Plugin lines are # present. Plugin sudoers_policy sudoers.so Plugin sudoers_io sudoers.so # # Sudo askpass: # # An askpass helper program may be specified to provide a graphical # password prompt for "sudo -A" support. Sudo does not ship with # its own askpass program but can use the OpenSSH askpass. # # Use the OpenSSH askpass #Path askpass /usr/X11R6/bin/ssh-askpass # # Use the Gnome OpenSSH askpass #Path askpass /usr/libexec/openssh/gnome-ssh-askpass # # Sudo noexec: # # Path to a shared library containing dummy versions of the execv(), # execve() and fexecve() library functions that just return an error. # This is used to implement the "noexec" functionality on systems that # support C or its equivalent. # The compiled-in value is usually sufficient and should only be # changed if you rename or move the sudo_noexec.so file. # #Path noexec @noexec_file@ # # Core dumps: # # By default, sudo disables core dumps while it is executing # (they are re-enabled for the command that is run). # To aid in debugging sudo problems, you may wish to enable core # dumps by setting "disable_coredump" to false. # #Set disable_coredump false # # User groups: # # Sudo passes the user's group list to the policy plugin. # If the user is a member of the maximum number of groups (usually 16), # sudo will query the group database directly to be sure to include # the full list of groups. # # On some systems, this can be expensive so the behavior is configurable. # The "group_source" setting has three possible values: # static - use the user's list of groups returned by the kernel. # dynamic - query the group database to find the list of groups. # adaptive - if user is in less than the maximum number of groups. # use the kernel list, else query the group database. # #Set group_source static .RE .fi .SH "SEE ALSO" sudoers(@mansectform@), sudo(@mansectsu@), sudo_plugin(@mansectsu@) .SH "HISTORY" See the HISTORY file in the \fBsudo\fR distribution (http://www.sudo.ws/sudo/history.html) for a brief history of sudo. .SH "AUTHORS" Many people have worked on \fBsudo\fR over the years; this version consists of code written primarily by: .sp .RS 6n Todd C. Miller .RE .PP See the CONTRIBUTORS file in the \fBsudo\fR distribution (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of people who have contributed to \fBsudo\fR. .SH "BUGS" If you feel you have found a bug in \fBsudo\fR, please submit a bug report at http://www.sudo.ws/sudo/bugs/ .SH "SUPPORT" Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. .SH "DISCLAIMER" \fBsudo\fR is provided ``AS IS'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html for complete details. sudo-1.8.9p5/doc/sudo.conf.mdoc.in010064400175440000012000000361331226304126200162640ustar00millertstaff.\" .\" Copyright (c) 2010-2013 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd December 4, 2013 .Dt SUDO @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME .Nm sudo.conf .Nd configuration for sudo front end .Sh DESCRIPTION The .Nm sudo.conf file is used to configure the .Nm sudo front end. It specifies the security policy and I/O logging plugins, debug flags as well as plugin-agnostic path names and settings. .Pp The .Nm sudo.conf file supports the following directives, described in detail below. .Bl -tag -width 8n .It Plugin a security policy or I/O logging plugin .It Path a plugin-agnostic path .It Set a front end setting, such as .Em disable_coredump or .Em group_source .It Debug debug flags to aid in debugging .Nm sudo , .Nm sudoreplay , .Nm visudo , and the .Nm sudoers plugin. .El .Pp The pound sign .Pq Ql # is used to indicate a comment. Both the comment character and any text after it, up to the end of the line, are ignored. .Pp Long lines can be continued with a backslash .Pq Ql \e as the last character on the line. Note that leading white space is removed from the beginning of lines even when the continuation character is used. .Pp Non-comment lines that don't begin with .Li Plugin , .Li Path , .Li Debug , or .Li Set are silently ignored. .Pp The .Nm sudo.conf file is always parsed in the .Dq Li C locale. .Ss Plugin configuration .Nm sudo supports a plugin architecture for security policies and input/output logging. Third parties can develop and distribute their own policy and I/O logging plugins to work seamlessly with the .Nm sudo front end. Plugins are dynamically loaded based on the contents of .Nm sudo.conf . .Pp A .Li Plugin line consists of the .Li Plugin keyword, followed by the .Em symbol_name and the .Em path to the dynamic shared object that contains the plugin. The .Em symbol_name is the name of the .Li struct policy_plugin or .Li struct io_plugin symbol contained in the plugin. The .Em path may be fully qualified or relative. If not fully qualified, it is relative to the directory specified by the .Em plugin_dir .Li Path setting, which defaults to .Pa @PLUGINDIR@ . In other words: .Bd -literal -offset indent Plugin sudoers_policy sudoers.so .Ed .Pp is equivalent to: .Bd -literal -offset indent Plugin sudoers_policy @PLUGINDIR@/sudoers.so .Ed .Pp If the plugin was compiled statically into the .Nm sudo binary instead of being installed as a dynamic shared object, the .Em path should be specified without a leading directory, as it does not actually exist in the file system. For example: .Bd -literal -offset indent Plugin sudoers_policy sudoers.so .Ed .Pp Starting with .Nm sudo 1.8.5, any additional parameters after the .Em path are passed as arguments to the plugin's .Em open function. For example, to override the compile-time default sudoers file mode: .Bd -literal -offset indent Plugin sudoers_policy sudoers.so sudoers_mode=0440 .Ed .Pp The same dynamic shared object may contain multiple plugins, each with a different symbol name. The file must be owned by uid 0 and only writable by its owner. Because of ambiguities that arise from composite policies, only a single policy plugin may be specified. This limitation does not apply to I/O plugins. .Pp If no .Nm sudo.conf file is present, or if it contains no .Li Plugin lines, the .Nm sudoers plugin will be used as the default security policy and for I/O logging (if enabled by the policy). This is equivalent to the following: .Bd -literal -offset indent Plugin sudoers_policy sudoers.so Plugin sudoers_io sudoers.so .Ed .Pp For more information on the .Nm sudo plugin architecture, see the .Xr sudo_plugin @mansectsu@ manual. .Ss Path settings A .Li Path line consists of the .Li Path keyword, followed by the name of the path to set and its value. For example: .Bd -literal -offset indent Path noexec @noexec_file@ Path askpass /usr/X11R6/bin/ssh-askpass .Ed .Pp The following plugin-agnostic paths may be set in the .Pa @sysconfdir@/sudo.conf file: .Bl -tag -width 8n .It askpass The fully qualified path to a helper program used to read the user's password when no terminal is available. This may be the case when .Nm sudo is executed from a graphical (as opposed to text-based) application. The program specified by .Em askpass should display the argument passed to it as the prompt and write the user's password to the standard output. The value of .Em askpass may be overridden by the .Ev SUDO_ASKPASS environment variable. .It noexec The fully-qualified path to a shared library containing dummy versions of the .Fn execv , .Fn execve and .Fn fexecve library functions that just return an error. This is used to implement the .Em noexec functionality on systems that support .Ev LD_PRELOAD or its equivalent. The default value is: .Pa @noexec_file@ . .It plugin_dir The default directory to use when searching for plugins that are specified without a fully qualified path name. The default value is .Pa @PLUGINDIR@ . .It sesh The fully-qualified path to the .Nm sesh binary. This setting is only used when .Nm sudo is built with SELinux support. The default value is .Pa @sesh_file@ . .El .Ss Other settings The .Nm sudo.conf file also supports the following front end settings: .Bl -tag -width 8n .It disable_coredump Core dumps of .Nm sudo itself are disabled by default. To aid in debugging .Nm sudo crashes, you may wish to re-enable core dumps by setting .Dq disable_coredump to false in .Nm sudo.conf as follows: .Bd -literal -offset indent Set disable_coredump false .Ed .Pp Note that most operating systems disable core dumps from setuid programs, including .Nm sudo . To actually get a .Nm sudo core file you will likely need to enable core dumps for setuid processes. On BSD and Linux systems this is accomplished in the .Xr sysctl command. On Solaris, the .Xr coreadm command is used to configure core dump behavior. .Pp This setting is only available in .Nm sudo version 1.8.4 and higher. .It group_source .Nm sudo passes the invoking user's group list to the policy and I/O plugins. On most systems, there is an upper limit to the number of groups that a user may belong to simultaneously (typically 16 for compatibility with NFS). On systems with the .Xr getconf 1 utility, running: .Dl getconf NGROUPS_MAX will return the maximum number of groups. .Pp However, it is still possible to be a member of a larger number of groups--they simply won't be included in the group list returned by the kernel for the user. Starting with .Nm sudo version 1.8.7, if the user's kernel group list has the maximum number of entries, .Nm sudo will consult the group database directly to determine the group list. This makes it possible for the security policy to perform matching by group name even when the user is a member of more than the maximum number of groups. .Pp The .Em group_source setting allows the administrator to change this default behavior. Supported values for .Em group_source are: .Bl -tag -width 8n .It static Use the static group list that the kernel returns. Retrieving the group list this way is very fast but it is subject to an upper limit as described above. It is .Dq static in that it does not reflect changes to the group database made after the user logs in. This was the default behavior prior to .Nm sudo 1.8.7. .It dynamic Always query the group database directly. It is .Dq dynamic in that changes made to the group database after the user logs in will be reflected in the group list. On some systems, querying the group database for all of a user's groups can be time consuming when querying a network-based group database. Most operating systems provide an efficient method of performing such queries. Currently, .Nm sudo supports efficient group queries on AIX, BSD, HP-UX, Linux and Solaris. .It adaptive Only query the group database if the static group list returned by the kernel has the maximum number of entries. This is the default behavior in .Nm sudo 1.8.7 and higher. .El .Pp For example, to cause .Nm sudo to only use the kernel's static list of groups for the user: .Bd -literal -offset indent Set group_source static .Ed .Pp This setting is only available in .Nm sudo version 1.8.7 and higher. .It max_groups The maximum number of user groups to retrieve from the group database. Values less than one will be ignored. This setting is only used when querying the group database directly. It is intended to be used on systems where it is not possible to detect when the array to be populated with group entries is not sufficiently large. By default, .Nm sudo will allocate four times the system's maximum number of groups (see above) and retry with double that number if the group database query fails. However, some systems just return as many entries as will fit and do not indicate an error when there is a lack of space. .Pp This setting is only available in .Nm sudo version 1.8.7 and higher. .El .Ss Debug flags .Nm sudo versions 1.8.4 and higher support a flexible debugging framework that can help track down what .Nm sudo is doing internally if there is a problem. .Pp A .Li Debug line consists of the .Li Debug keyword, followed by the name of the program (or plugin) to debug .Pq Nm sudo , Nm visudo , Nm sudoreplay , Nm sudoers , the debug file name and a comma-separated list of debug flags. The debug flag syntax used by .Nm sudo and the .Nm sudoers plugin is .Em subsystem Ns No @ Ns Em priority but a plugin is free to use a different format so long as it does not include a comma .Pq Ql \&, . .Pp For example: .Bd -literal -offset indent Debug sudo /var/log/sudo_debug all@warn,plugin@info .Ed .Pp would log all debugging statements at the .Em warn level and higher in addition to those at the .Em info level for the plugin subsystem. .Pp Currently, only one .Li Debug entry per program is supported. The .Nm sudo .Li Debug entry is shared by the .Nm sudo front end, .Nm sudoedit and the plugins. A future release may add support for per-plugin .Li Debug lines and/or support for multiple debugging files for a single program. .Pp The priorities used by the .Nm sudo front end, in order of decreasing severity, are: .Em crit , err , warn , notice , diag , info , trace and .Em debug . Each priority, when specified, also includes all priorities higher than it. For example, a priority of .Em notice would include debug messages logged at .Em notice and higher. .Pp The following subsystems are used by the .Nm sudo front-end: .Bl -tag -width Fl .It Em all matches every subsystem .It Em args command line argument processing .It Em conv user conversation .It Em edit sudoedit .It Em event event subsystem .It Em exec command execution .It Em main .Nm sudo main function .It Em netif network interface handling .It Em pcomm communication with the plugin .It Em plugin plugin configuration .It Em pty pseudo-tty related code .It Em selinux SELinux-specific handling .It Em util utility functions .It Em utmp utmp handling .El .Pp The .Xr sudoers @mansectform@ plugin includes support for additional subsystems. .Sh FILES .Bl -tag -width 24n .It Pa @sysconfdir@/sudo.conf .Nm sudo front end configuration .El .Sh EXAMPLES .Bd -literal # # Default @sysconfdir@/sudo.conf file # # Format: # Plugin plugin_name plugin_path plugin_options ... # Path askpass /path/to/askpass # Path noexec /path/to/sudo_noexec.so # Debug sudo /var/log/sudo_debug all@warn # Set disable_coredump true # # The plugin_path is relative to @PLUGINDIR@ unless # fully qualified. # The plugin_name corresponds to a global symbol in the plugin # that contains the plugin interface structure. # The plugin_options are optional. # # The sudoers plugin is used by default if no Plugin lines are # present. Plugin sudoers_policy sudoers.so Plugin sudoers_io sudoers.so # # Sudo askpass: # # An askpass helper program may be specified to provide a graphical # password prompt for "sudo -A" support. Sudo does not ship with # its own askpass program but can use the OpenSSH askpass. # # Use the OpenSSH askpass #Path askpass /usr/X11R6/bin/ssh-askpass # # Use the Gnome OpenSSH askpass #Path askpass /usr/libexec/openssh/gnome-ssh-askpass # # Sudo noexec: # # Path to a shared library containing dummy versions of the execv(), # execve() and fexecve() library functions that just return an error. # This is used to implement the "noexec" functionality on systems that # support C or its equivalent. # The compiled-in value is usually sufficient and should only be # changed if you rename or move the sudo_noexec.so file. # #Path noexec @noexec_file@ # # Core dumps: # # By default, sudo disables core dumps while it is executing # (they are re-enabled for the command that is run). # To aid in debugging sudo problems, you may wish to enable core # dumps by setting "disable_coredump" to false. # #Set disable_coredump false # # User groups: # # Sudo passes the user's group list to the policy plugin. # If the user is a member of the maximum number of groups (usually 16), # sudo will query the group database directly to be sure to include # the full list of groups. # # On some systems, this can be expensive so the behavior is configurable. # The "group_source" setting has three possible values: # static - use the user's list of groups returned by the kernel. # dynamic - query the group database to find the list of groups. # adaptive - if user is in less than the maximum number of groups. # use the kernel list, else query the group database. # #Set group_source static .Ed .Sh SEE ALSO .Xr sudoers @mansectform@ , .Xr sudo @mansectsu@ , .Xr sudo_plugin @mansectsu@ .Sh HISTORY See the HISTORY file in the .Nm sudo distribution (http://www.sudo.ws/sudo/history.html) for a brief history of sudo. .Sh AUTHORS Many people have worked on .Nm sudo over the years; this version consists of code written primarily by: .Bd -ragged -offset indent Todd C. Miller .Ed .Pp See the CONTRIBUTORS file in the .Nm sudo distribution (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of people who have contributed to .Nm sudo . .Sh BUGS If you feel you have found a bug in .Nm sudo , please submit a bug report at http://www.sudo.ws/sudo/bugs/ .Sh SUPPORT Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. .Sh DISCLAIMER .Nm sudo is provided .Dq AS IS and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with .Nm sudo or http://www.sudo.ws/sudo/license.html for complete details. sudo-1.8.9p5/doc/sudo.man.in010064400175440000012000000705631226304127600152030ustar00millertstaff.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! .\" IT IS GENERATED AUTOMATICALLY FROM sudo.mdoc.in .\" .\" Copyright (c) 1994-1996, 1998-2005, 2007-2013 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .\" Sponsored in part by the Defense Advanced Research Projects .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" .TH "SUDO" "@mansectsu@" "December 8, 2013" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .nh .if n .ad l .SH "NAME" \fBsudo\fR, \fBsudoedit\fR \- execute a command as another user .SH "SYNOPSIS" .HP 5n \fBsudo\fR \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-V\fR .PD 0 .HP 5n \fBsudo\fR \fB\-v\fR [\fB\-AknS\fR] [\fB\-a\fR\ \fItype\fR] [\fB\-g\fR\ \fIgroup\fR] [\fB\-h\fR\ \fIhost\fR] [\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIuser\fR] .br .HP 5n \fBsudo\fR \fB\-l\fR [\fB\-AknS\fR] [\fB\-a\fR\ \fItype\fR] [\fB\-g\fR\ \fIgroup\fR] [\fB\-h\fR\ \fIhost\fR] [\fB\-p\fR\ \fIprompt\fR] [\fB\-U\fR\ \fIuser\fR] [\fB\-u\fR\ \fIuser\fR] [\fIcommand\fR] .br .HP 5n \fBsudo\fR [\fB\-AbEHnPS\fR] [\fB\-a\fR\ \fItype\fR] [\fB\-C\fR\ \fInum\fR] [\fB\-c\fR\ \fIclass\fR] [\fB\-g\fR\ \fIgroup\fR] [\fB\-h\fR\ \fIhost\fR] [\fB\-p\fR\ \fIprompt\fR] [\fB\-r\fR\ \fIrole\fR] [\fB\-t\fR\ \fItype\fR] [\fB\-u\fR\ \fIuser\fR] [\fBVAR\fR=\fIvalue\fR] [\fB\-i\fR\ |\ \fB\-s\fR] [\fIcommand\fR] .br .HP 9n \fBsudoedit\fR [\fB\-AknS\fR] [\fB\-a\fR\ \fItype\fR] [\fB\-C\fR\ \fInum\fR] [\fB\-c\fR\ \fIclass\fR] [\fB\-g\fR\ \fIgroup\fR] [\fB\-h\fR\ \fIhost\fR] [\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIuser\fR] file ... .PD .SH "DESCRIPTION" \fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the superuser or another user, as specified by the security policy. .PP \fBsudo\fR supports a plugin architecture for security policies and input/output logging. Third parties can develop and distribute their own policy and I/O logging plugins to work seamlessly with the \fBsudo\fR front end. The default security policy is \fIsudoers\fR, which is configured via the file \fI@sysconfdir@/sudoers\fR, or via LDAP. See the \fIPlugins\fR section for more information. .PP The security policy determines what privileges, if any, a user has to run \fBsudo\fR. The policy may require that users authenticate themselves with a password or another authentication mechanism. If authentication is required, \fBsudo\fR will exit if the user's password is not entered within a configurable time limit. This limit is policy-specific; the default password prompt timeout for the \fIsudoers\fR security policy is \fR@password_timeout@\fR minutes. .PP Security policies may support credential caching to allow the user to run \fBsudo\fR again for a period of time without requiring authentication. The \fIsudoers\fR policy caches credentials for \fR@timeout@\fR minutes, unless overridden in sudoers(@mansectform@). By running \fBsudo\fR with the \fB\-v\fR option, a user can update the cached credentials without running a \fIcommand\fR. .PP When invoked as \fBsudoedit\fR, the \fB\-e\fR option (described below), is implied. .PP Security policies may log successful and failed attempts to use \fBsudo\fR. If an I/O plugin is configured, the running command's input and output may be logged as well. .PP The options are as follows: .TP 12n \fB\-A\fR, \fB\--askpass\fR Normally, if \fBsudo\fR requires a password, it will read it from the user's terminal. If the \fB\-A\fR (\fIaskpass\fR) option is specified, a (possibly graphical) helper program is executed to read the user's password and output the password to the standard output. If the \fRSUDO_ASKPASS\fR environment variable is set, it specifies the path to the helper program. Otherwise, if sudo.conf(@mansectform@) contains a line specifying the askpass program, that value will be used. For example: .RS .nf .sp .RS 4n # Path to askpass helper program Path askpass /usr/X11R6/bin/ssh-askpass .RE .fi .sp If no askpass program is available, \fBsudo\fR will exit with an error. .PP .RE .PD 0 .TP 12n \fB\-a\fR \fItype\fR, \fB\--auth-type\fR=\fItype\fR Use the specified BSD authentication \fItype\fR when validating the user, if allowed by \fI/etc/login.conf\fR. The system administrator may specify a list of sudo-specific authentication methods by adding an ``auth-sudo'' entry in \fI/etc/login.conf\fR. This option is only available on systems that support BSD authentication. .PD .TP 12n \fB\-b\fR, \fB\--background\fR Run the given command in the background. Note that it is not possible to use shell job control to manipulate background processes started by \fBsudo\fR. Most interactive commands will fail to work properly in background mode. .TP 12n \fB\-C\fR \fInum\fR, \fB\--close-from\fR=\fInum\fR Close all file descriptors greater than or equal to \fInum\fR before executing a command. Values less than three are not permitted. By default, \fBsudo\fR will close all open file descriptors other than standard input, standard output and standard error when executing a command. The security policy may restrict the user's ability to use this option. The \fIsudoers\fR policy only permits use of the \fB\-C\fR option when the administrator has enabled the \fIclosefrom_override\fR option. .TP 12n \fB\-c\fR \fIclass\fR, \fB\--login-class\fR=\fIclass\fR Run the command with resource limits and scheduling priority of the specified login \fIclass\fR. The \fIclass\fR argument can be either a class name as defined in \fI/etc/login.conf\fR, or a single `\-' character. If \fIclass\fR is \fR-\fR, the default login class of the target user will be used. Otherwise, the command must be run as the superuser (user ID 0), or \fBsudo\fR must be run from a shell that is already running as the superuser. If the command is being run as a login shell, additional \fI/etc/login.conf\fR settings, such as the umask and environment variables, will be applied, if present. This option is only available on systems with BSD login classes. .TP 12n \fB\-E\fR, \fB\--preserve-env\fR Indicates to the security policy that the user wishes to preserve their existing environment variables. The security policy may return an error if the user does not have permission to preserve the environment. .TP 12n \fB\-e\fR, \fB\--edit\fR Edit one or more files instead of running a command. In lieu of a path name, the string "sudoedit" is used when consulting the security policy. If the user is authorized by the policy, the following steps are taken: .RS .TP 5n 1. Temporary copies are made of the files to be edited with the owner set to the invoking user. .TP 5n 2. The editor specified by the policy is run to edit the temporary files. The \fIsudoers\fR policy uses the \fRSUDO_EDITOR\fR, \fRVISUAL\fR and \fREDITOR\fR environment variables (in that order). If none of \fRSUDO_EDITOR\fR, \fRVISUAL\fR or \fREDITOR\fR are set, the first program listed in the \fIeditor\fR sudoers(@mansectform@) option is used. .TP 5n 3. If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed. .PP If the specified file does not exist, it will be created. Note that unlike most commands run by \fIsudo\fR, the editor is run with the invoking user's environment unmodified. If, for some reason, \fBsudo\fR is unable to update a file with its edited version, the user will receive a warning and the edited copy will remain in a temporary file. .PP .RE .PD 0 .TP 12n \fB\-g\fR \fIgroup\fR, \fB\--group\fR=\fIgroup\fR Run the command with the primary group set to \fIgroup\fR instead of the primary group specified by the target user's password database entry. The \fIgroup\fR may be either a group name or a numeric group ID (GID) prefixed with the `#' character (e.g. \fR#0\fR for GID 0). When running a command as a GID, many shells require that the `#' be escaped with a backslash (`\e'). If no \fB\-u\fR option is specified, the command will be run as the invoking user. In either case, the primary group will be set to \fIgroup\fR. .PD .TP 12n \fB\-H\fR, \fB\--set-home\fR Request that the security policy set the \fRHOME\fR environment variable to the home directory specified by the target user's password database entry. Depending on the policy, this may be the default behavior. .TP 12n \fB\-h\fR, \fB\--help\fR Display a short help message to the standard output and exit. .TP 12n \fB\-h\fR \fIhost\fR, \fB\--host\fR=\fIhost\fR Run the command on the specified \fIhost\fR if the security policy plugin supports remote commands. Note that the \fIsudoers\fR plugin does not currently support running remote commands. This may also be used in conjunction with the \fB\-l\fR option to list a user's privileges for the remote host. .TP 12n \fB\-i\fR, \fB\--login\fR Run the shell specified by the target user's password database entry as a login shell. This means that login-specific resource files such as \fI.profile\fR or \fI.login\fR will be read by the shell. If a command is specified, it is passed to the shell for execution via the shell's \fB\-c\fR option. If no command is specified, an interactive shell is executed. \fBsudo\fR attempts to change to that user's home directory before running the shell. The command is run with an environment similar to the one a user would receive at log in. The \fICommand Environment\fR section in the sudoers(@mansectform@) manual documents how the \fB\-i\fR option affects the environment in which a command is run when the \fIsudoers\fR policy is in use. .TP 12n \fB\-K\fR, \fB\--remove-timestamp\fR Similar to the \fB\-k\fR option, except that it removes the user's cached credentials entirely and may not be used in conjunction with a command or other option. This option does not require a password. Not all security policies support credential caching. .TP 12n \fB\-k\fR, \fB\--reset-timestamp\fR When used without a command, invalidates the user's cached credentials. In other words, the next time \fBsudo\fR is run a password will be required. This option does not require a password and was added to allow a user to revoke \fBsudo\fR permissions from a \fI.logout\fR file. .sp When used in conjunction with a command or an option that may require a password, this option will cause \fBsudo\fR to ignore the user's cached credentials. As a result, \fBsudo\fR will prompt for a password (if one is required by the security policy) and will not update the user's cached credentials. .sp Not all security policies support credential caching. .TP 12n \fB\-l\fR, \fB\--list\fR If no \fIcommand\fR is specified, list the allowed (and forbidden) commands for the invoking user (or the user specified by the \fB\-U\fR option) on the current host. A longer list format is used if this option is specified multiple times and the security policy supports a verbose output format. .sp If a \fIcommand\fR is specified and is permitted by the security policy, the fully-qualified path to the command is displayed along with any command line arguments. If \fIcommand\fR is specified but not allowed, \fBsudo\fR will exit with a status value of 1. .TP 12n \fB\-n\fR, \fB\--non-interactive\fR Avoid prompting the user for input of any kind. If a password is required for the command to run, \fBsudo\fR will display an error message and exit. .TP 12n \fB\-P\fR, \fB\--preserve-groups\fR Preserve the invoking user's group vector unaltered. By default, the \fIsudoers\fR policy will initialize the group vector to the list of groups the target user is a member of. The real and effective group IDs, however, are still set to match the target user. .TP 12n \fB\-p\fR \fIprompt\fR, \fB\--prompt\fR=\fIprompt\fR Use a custom password prompt with optional escape sequences. The following percent (`%') escape sequences are supported by the \fIsudoers\fR policy: .RS .TP 4n \fR%H\fR expanded to the host name including the domain name (on if the machine's host name is fully qualified or the \fIfqdn\fR option is set in sudoers(@mansectform@)) .TP 4n \fR%h\fR expanded to the local host name without the domain name .TP 4n \fR%p\fR expanded to the name of the user whose password is being requested (respects the \fIrootpw\fR, \fItargetpw\fR, and \fIrunaspw\fR flags in sudoers(@mansectform@)) .TP 4n \fR\&%U\fR expanded to the login name of the user the command will be run as (defaults to root unless the \fB\-u\fR option is also specified) .TP 4n \fR%u\fR expanded to the invoking user's login name .TP 4n \fR%%\fR two consecutive `%' characters are collapsed into a single `%' character .PP The custom prompt will override the system password prompt on systems that support PAM unless the \fIpassprompt_override\fR flag is disabled in \fIsudoers\fR. .PP .RE .PD 0 .TP 12n \fB\-r\fR \fIrole\fR, \fB\--role\fR=\fIrole\fR Run the command with an SELinux security context that includes the specified \fIrole\fR. .PD .TP 12n \fB\-S\fR, \fB\--stdin\fR Write the prompt to the standard error and read the password from the standard input instead of using the terminal device. The password must be followed by a newline character. .TP 12n \fB\-s\fR, \fB\--shell\fR Run the shell specified by the \fRSHELL\fR environment variable if it is set or the shell specified by the invoking user's password database entry. If a command is specified, it is passed to the shell for execution via the shell's \fB\-c\fR option. If no command is specified, an interactive shell is executed. .TP 12n \fB\-t\fR \fItype\fR, \fB\--type\fR=\fItype\fR Run the command with an SELinux security context that includes the specified \fItype\fR. If no \fItype\fR is specified, the default type is derived from the role. .TP 12n \fB\-U\fR \fIuser\fR, \fB\--other-user\fR=\fIuser\fR Used in conjunction with the \fB\-l\fR option to list the privileges for \fIuser\fR instead of for the invoking user. The security policy may restrict listing other users' privileges. The \fIsudoers\fR policy only allows root or a user with the \fRALL\fR privilege on the current host to use this option. .TP 12n \fB\-u\fR \fIuser\fR, \fB\--user\fR=\fIuser\fR Run the command as a user other than the default target user (usually \fIroot ).\fR The \fIuser\fR may be either a user name or a numeric user ID (UID) prefixed with the `#' character (e.g. \fR#0\fR for UID 0). When running commands as a UID, many shells require that the `#' be escaped with a backslash (`\e'). Some security policies may restrict UIDs to those listed in the password database. The \fIsudoers\fR policy allows UIDs that are not in the password database as long as the \fItargetpw\fR option is not set. Other security policies may not support this. .TP 12n \fB\-V\fR, \fB\--version\fR Print the \fBsudo\fR version string as well as the version string of the security policy plugin and any I/O plugins. If the invoking user is already root the \fB\-V\fR option will display the arguments passed to configure when \fBsudo\fR was built and plugins may display more verbose information such as default options. .TP 12n \fB\-v\fR, \fB\--validate\fR Update the user's cached credentials, authenticating the user if necessary. For the \fIsudoers\fR plugin, this extends the \fBsudo\fR timeout for another \fR@timeout@\fR minutes by default, but does not run a command. Not all security policies support cached credentials. .TP 12n \fB\--\fR The \fB\--\fR option indicates that \fBsudo\fR should stop processing command line arguments. .PP Environment variables to be set for the command may also be passed on the command line in the form of \fBVAR\fR=\fIvalue\fR, e.g.\& \fBLD_LIBRARY_PATH\fR=\fI/usr/local/pkg/lib\fR. Variables passed on the command line are subject to restrictions imposed by the security policy plugin. The \fIsudoers\fR policy subjects variables passed on the command line to the same restrictions as normal environment variables with one important exception. If the \fIsetenv\fR option is set in \fIsudoers\fR, the command to be run has the \fRSETENV\fR tag set or the command matched is \fRALL\fR, the user may set variables that would otherwise be forbidden. See sudoers(@mansectform@) for more information. .SH "COMMAND EXECUTION" When \fBsudo\fR executes a command, the security policy specifies the execution environment for the command. Typically, the real and effective user and group and IDs are set to match those of the target user, as specified in the password database, and the group vector is initialized based on the group database (unless the \fB\-P\fR option was specified). .PP The following parameters may be specified by security policy: .TP 4n \fBo\fR real and effective user ID .TP 4n \fBo\fR real and effective group ID .TP 4n \fBo\fR supplementary group IDs .TP 4n \fBo\fR the environment list .TP 4n \fBo\fR current working directory .TP 4n \fBo\fR file creation mode mask (umask) .TP 4n \fBo\fR SELinux role and type .TP 4n \fBo\fR Solaris project .TP 4n \fBo\fR Solaris privileges .TP 4n \fBo\fR BSD login class .TP 4n \fBo\fR scheduling priority (aka nice value) .SS "Process model" When \fBsudo\fR runs a command, it calls fork(2), sets up the execution environment as described above, and calls the execve system call in the child process. The main \fBsudo\fR process waits until the command has completed, then passes the command's exit status to the security policy's close function and exits. If an I/O logging plugin is configured or if the security policy explicitly requests it, a new pseudo-terminal (``pty'') is created and a second \fBsudo\fR process is used to relay job control signals between the user's existing pty and the new pty the command is being run in. This extra process makes it possible to, for example, suspend and resume the command. Without it, the command would be in what POSIX terms an ``orphaned process group'' and it would not receive any job control signals. As a special case, if the policy plugin does not define a close function and no pty is required, \fBsudo\fR will execute the command directly instead of calling fork(2) first. The \fIsudoers\fR policy plugin will only define a close function when I/O logging is enabled, a pty is required, or the \fIpam_session\fR or \fIpam_setcred\fR options are enabled. Note that \fIpam_session\fR and \fIpam_setcred\fR are enabled by default on systems using PAM. .SS "Signal handling" When the command is run as a child of the \fBsudo\fR process, \fBsudo\fR will relay signals it receives to the command. Unless the command is being run in a new pty, the \fRSIGHUP\fR, \fRSIGINT\fR and \fRSIGQUIT\fR signals are not relayed unless they are sent by a user process, not the kernel. Otherwise, the command would receive \fRSIGINT\fR twice every time the user entered control-C. Some signals, such as \fRSIGSTOP\fR and \fRSIGKILL\fR, cannot be caught and thus will not be relayed to the command. As a general rule, \fRSIGTSTP\fR should be used instead of \fRSIGSTOP\fR when you wish to suspend a command being run by \fBsudo\fR. .PP As a special case, \fBsudo\fR will not relay signals that were sent by the command it is running. This prevents the command from accidentally killing itself. On some systems, the reboot(@mansectsu@) command sends \fRSIGTERM\fR to all non-system processes other than itself before rebooting the system. This prevents \fBsudo\fR from relaying the \fRSIGTERM\fR signal it received back to reboot(@mansectsu@), which might then exit before the system was actually rebooted, leaving it in a half-dead state similar to single user mode. Note, however, that this check only applies to the command run by \fBsudo\fR and not any other processes that the command may create. As a result, running a script that calls reboot(@mansectsu@) or shutdown(@mansectsu@) via \fBsudo\fR may cause the system to end up in this undefined state unless the reboot(@mansectsu@) or shutdown(@mansectsu@) are run using the \fBexec\fR() family of functions instead of \fBsystem\fR() (which interposes a shell between the command and the calling process). .PP If no I/O logging plugins are loaded and the policy plugin has not defined a \fBclose\fR() function, set a command timeout or required that the command be run in a new pty, \fBsudo\fR may execute the command directly instead of running it as a child process. .SS "Plugins" Plugins may be specified via \fRPlugin\fR directives in the sudo.conf(@mansectform@) file. They may be loaded as dynamic shared objects (on systems that support them), or compiled directly into the \fBsudo\fR binary. If no sudo.conf(@mansectform@) file is present, or it contains no \fRPlugin\fR lines, \fBsudo\fR will use the traditional \fIsudoers\fR security policy and I/O logging. See the sudo.conf(@mansectform@) manual for details of the \fI@sysconfdir@/sudo.conf\fR file and the sudo_plugin(@mansectsu@) manual for more information about the \fBsudo\fR plugin architecture. .SH "EXIT VALUE" Upon successful execution of a program, the exit status from \fIsudo\fR will simply be the exit status of the program that was executed. .PP Otherwise, \fBsudo\fR exits with a value of 1 if there is a configuration/permission problem or if \fBsudo\fR cannot execute the given command. In the latter case the error string is printed to the standard error. If \fBsudo\fR cannot stat(2) one or more entries in the user's \fRPATH\fR, an error is printed on stderr. (If the directory does not exist or if it is not really a directory, the entry is ignored and no error is printed.) This should not happen under normal circumstances. The most common reason for stat(2) to return ``permission denied'' is if you are running an automounter and one of the directories in your \fRPATH\fR is on a machine that is currently unreachable. .SH "SECURITY NOTES" \fBsudo\fR tries to be safe when executing external commands. .PP To prevent command spoofing, \fBsudo\fR checks "." and "" (both denoting current directory) last when searching for a command in the user's \fRPATH\fR (if one or both are in the \fRPATH\fR). Note, however, that the actual \fRPATH\fR environment variable is \fInot\fR modified and is passed unchanged to the program that \fBsudo\fR executes. .PP Please note that \fBsudo\fR will normally only log the command it explicitly runs. If a user runs a command such as \fRsudo su\fR or \fRsudo sh\fR, subsequent commands run from that shell are not subject to \fBsudo\fR's security policy. The same is true for commands that offer shell escapes (including most editors). If I/O logging is enabled, subsequent commands will have their input and/or output logged, but there will not be traditional logs for those commands. Because of this, care must be taken when giving users access to commands via \fBsudo\fR to verify that the command does not inadvertently give the user an effective root shell. For more information, please see the \fIPREVENTING SHELL ESCAPES\fR section in sudoers(@mansectform@). .PP To prevent the disclosure of potentially sensitive information, \fBsudo\fR disables core dumps by default while it is executing (they are re-enabled for the command that is run). To aid in debugging \fBsudo\fR crashes, you may wish to re-enable core dumps by setting ``disable_coredump'' to false in the sudo.conf(@mansectform@) file as follows: .nf .sp .RS 6n Set disable_coredump false .RE .fi .PP See the sudo.conf(@mansectform@) manual for more information. .SH "ENVIRONMENT" \fBsudo\fR utilizes the following environment variables. The security policy has control over the actual content of the command's environment. .TP 17n \fREDITOR\fR Default editor to use in \fB\-e\fR (sudoedit) mode if neither \fRSUDO_EDITOR\fR nor \fRVISUAL\fR is set. .TP 17n \fRMAIL\fR In \fB\-i\fR mode or when \fIenv_reset\fR is enabled in \fIsudoers\fR, set to the mail spool of the target user. .TP 17n \fRHOME\fR Set to the home directory of the target user if \fB\-i\fR or \fB\-H\fR are specified, \fIenv_reset\fR or \fIalways_set_home\fR are set in \fIsudoers\fR, or when the \fB\-s\fR option is specified and \fIset_home\fR is set in \fIsudoers\fR. .TP 17n \fRPATH\fR May be overridden by the security policy. .TP 17n \fRSHELL\fR Used to determine shell to run with \fB\-s\fR option. .TP 17n \fRSUDO_ASKPASS\fR Specifies the path to a helper program used to read the password if no terminal is available or if the \fB\-A\fR option is specified. .TP 17n \fRSUDO_COMMAND\fR Set to the command run by sudo. .TP 17n \fRSUDO_EDITOR\fR Default editor to use in \fB\-e\fR (sudoedit) mode. .TP 17n \fRSUDO_GID\fR Set to the group ID of the user who invoked sudo. .TP 17n \fRSUDO_PROMPT\fR Used as the default password prompt. .TP 17n \fRSUDO_PS1\fR If set, \fRPS1\fR will be set to its value for the program being run. .TP 17n \fRSUDO_UID\fR Set to the user ID of the user who invoked sudo. .TP 17n \fRSUDO_USER\fR Set to the login name of the user who invoked sudo. .TP 17n \fRUSER\fR Set to the target user (root unless the \fB\-u\fR option is specified). .TP 17n \fRVISUAL\fR Default editor to use in \fB\-e\fR (sudoedit) mode if \fRSUDO_EDITOR\fR is not set. .SH "FILES" .TP 26n \fI@sysconfdir@/sudo.conf\fR \fBsudo\fR front end configuration .SH "EXAMPLES" Note: the following examples assume a properly configured security policy. .PP To get a file listing of an unreadable directory: .nf .sp .RS 6n $ sudo ls /usr/local/protected .RE .fi .PP To list the home directory of user yaz on a machine where the file system holding ~yaz is not exported as root: .nf .sp .RS 6n $ sudo -u yaz ls ~yaz .RE .fi .PP To edit the \fIindex.html\fR file as user www: .nf .sp .RS 6n $ sudo -u www vi ~www/htdocs/index.html .RE .fi .PP To view system logs only accessible to root and users in the adm group: .nf .sp .RS 6n $ sudo -g adm view /var/log/syslog .RE .fi .PP To run an editor as jim with a different primary group: .nf .sp .RS 6n $ sudo -u jim -g audio vi ~jim/sound.txt .RE .fi .PP To shut down a machine: .nf .sp .RS 6n $ sudo shutdown -r +15 "quick reboot" .RE .fi .PP To make a usage listing of the directories in the /home partition. Note that this runs the commands in a sub-shell to make the \fRcd\fR and file redirection work. .nf .sp .RS 6n $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" .RE .fi .SH "SEE ALSO" su(1), stat(2), login_cap(3), passwd(@mansectform@), sudo.conf(@mansectform@), sudoers(@mansectform@), sudo_plugin(@mansectsu@), sudoreplay(@mansectsu@), visudo(@mansectsu@) .SH "HISTORY" See the HISTORY file in the \fBsudo\fR distribution (http://www.sudo.ws/sudo/history.html) for a brief history of sudo. .SH "AUTHORS" Many people have worked on \fBsudo\fR over the years; this version consists of code written primarily by: .sp .RS 6n Todd C. Miller .RE .PP See the CONTRIBUTORS file in the \fBsudo\fR distribution (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of people who have contributed to \fBsudo\fR. .SH "CAVEATS" There is no easy way to prevent a user from gaining a root shell if that user is allowed to run arbitrary commands via \fBsudo\fR. Also, many programs (such as editors) allow the user to run commands via shell escapes, thus avoiding \fBsudo\fR's checks. However, on most systems it is possible to prevent shell escapes with the sudoers(@mansectform@) plugin's \fInoexec\fR functionality. .PP It is not meaningful to run the \fRcd\fR command directly via sudo, e.g., .nf .sp .RS 6n $ sudo cd /usr/local/protected .RE .fi .PP since when the command exits the parent process (your shell) will still be the same. Please see the \fIEXAMPLES\fR section for more information. .PP Running shell scripts via \fBsudo\fR can expose the same kernel bugs that make setuid shell scripts unsafe on some operating systems (if your OS has a /dev/fd/ directory, setuid shell scripts are generally safe). .SH "BUGS" If you feel you have found a bug in \fBsudo\fR, please submit a bug report at http://www.sudo.ws/sudo/bugs/ .SH "SUPPORT" Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. .SH "DISCLAIMER" \fBsudo\fR is provided ``AS IS'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html for complete details. sudo-1.8.9p5/doc/sudo.mdoc.in010064400175440000012000000672141226304126200153440ustar00millertstaff.\" .\" Copyright (c) 1994-1996, 1998-2005, 2007-2013 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .\" Sponsored in part by the Defense Advanced Research Projects .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" .Dd December 8, 2013 .Dt SUDO @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME .Nm sudo , .Nm sudoedit .Nd execute a command as another user .Sh SYNOPSIS .Nm sudo .Fl h No | Fl K No | Fl k No | Fl V .Nm sudo .Fl v .Op Fl AknS .Bk -words .Op Fl a Ar type .Ek .Bk -words .Op Fl g Ar group .Ek .Bk -words .Op Fl h Ar host .Ek .Bk -words .Op Fl p Ar prompt .Ek .Bk -words .Op Fl u Ar user .Ek .Nm sudo .Fl l .Op Fl AknS .Bk -words .Op Fl a Ar type .Ek .Bk -words .Op Fl g Ar group .Ek .Bk -words .Op Fl h Ar host .Ek .Bk -words .Op Fl p Ar prompt .Ek .Bk -words .Op Fl U Ar user .Ek .Bk -words .Op Fl u Ar user .Ek .Op Ar command .Nm sudo .Op Fl AbEHnPS .Bk -words .Op Fl a Ar type .Ek .Bk -words .Op Fl C Ar num .Ek .Bk -words .Op Fl c Ar class .Ek .Bk -words .Op Fl g Ar group .Ek .Bk -words .Op Fl h Ar host .Ek .Bk -words .Op Fl p Ar prompt .Ek .Bk -words .Op Fl r Ar role .Ek .Bk -words .Op Fl t Ar type .Ek .Bk -words .Op Fl u Ar user .Ek .Bk -words .Op Sy VAR Ns = Ns Ar value .Ek .Bk -words .Op Fl i No | Fl s .Ek .Op Ar command .Nm sudoedit .Op Fl AknS .Bk -words .Op Fl a Ar type .Ek .Bk -words .Op Fl C Ar num .Ek .Bk -words .Op Fl c Ar class .Ek .Bk -words .Op Fl g Ar group .Ek .Bk -words .Op Fl h Ar host .Ek .Bk -words .Op Fl p Ar prompt .Ek .Bk -words .Op Fl u Ar user .Ek .Bk -words file ... .Ek .Sh DESCRIPTION .Nm sudo allows a permitted user to execute a .Ar command as the superuser or another user, as specified by the security policy. .Pp .Nm sudo supports a plugin architecture for security policies and input/output logging. Third parties can develop and distribute their own policy and I/O logging plugins to work seamlessly with the .Nm sudo front end. The default security policy is .Em sudoers , which is configured via the file .Pa @sysconfdir@/sudoers , or via LDAP. See the .Sx Plugins section for more information. .Pp The security policy determines what privileges, if any, a user has to run .Nm sudo . The policy may require that users authenticate themselves with a password or another authentication mechanism. If authentication is required, .Nm sudo will exit if the user's password is not entered within a configurable time limit. This limit is policy-specific; the default password prompt timeout for the .Em sudoers security policy is .Li @password_timeout@ minutes. .Pp Security policies may support credential caching to allow the user to run .Nm sudo again for a period of time without requiring authentication. The .Em sudoers policy caches credentials for .Li @timeout@ minutes, unless overridden in .Xr sudoers @mansectform@ . By running .Nm sudo with the .Fl v option, a user can update the cached credentials without running a .Ar command . .Pp When invoked as .Nm sudoedit , the .Fl e option (described below), is implied. .Pp Security policies may log successful and failed attempts to use .Nm sudo . If an I/O plugin is configured, the running command's input and output may be logged as well. .Pp The options are as follows: .Bl -tag -width Fl .It Fl A , -askpass Normally, if .Nm sudo requires a password, it will read it from the user's terminal. If the .Fl A No ( Em askpass Ns No ) option is specified, a (possibly graphical) helper program is executed to read the user's password and output the password to the standard output. If the .Ev SUDO_ASKPASS environment variable is set, it specifies the path to the helper program. Otherwise, if .Xr sudo.conf @mansectform@ contains a line specifying the askpass program, that value will be used. For example: .Bd -literal -offset 4n # Path to askpass helper program Path askpass /usr/X11R6/bin/ssh-askpass .Ed .Pp If no askpass program is available, .Nm sudo will exit with an error. .It Fl a Ar type , Fl -auth-type Ns No = Ns Ar type Use the specified BSD authentication .Ar type when validating the user, if allowed by .Pa /etc/login.conf . The system administrator may specify a list of sudo-specific authentication methods by adding an .Dq auth-sudo entry in .Pa /etc/login.conf . This option is only available on systems that support BSD authentication. .It Fl b , -background Run the given command in the background. Note that it is not possible to use shell job control to manipulate background processes started by .Nm sudo . Most interactive commands will fail to work properly in background mode. .It Fl C Ar num , Fl -close-from Ns No = Ns Ar num Close all file descriptors greater than or equal to .Ar num before executing a command. Values less than three are not permitted. By default, .Nm sudo will close all open file descriptors other than standard input, standard output and standard error when executing a command. The security policy may restrict the user's ability to use this option. The .Em sudoers policy only permits use of the .Fl C option when the administrator has enabled the .Em closefrom_override option. .It Fl c Ar class , Fl -login-class Ns No = Ns Ar class Run the command with resource limits and scheduling priority of the specified login .Ar class . The .Ar class argument can be either a class name as defined in .Pa /etc/login.conf , or a single .Ql \- character. If .Ar class is .Li - , the default login class of the target user will be used. Otherwise, the command must be run as the superuser (user ID 0), or .Nm sudo must be run from a shell that is already running as the superuser. If the command is being run as a login shell, additional .Pa /etc/login.conf settings, such as the umask and environment variables, will be applied, if present. This option is only available on systems with BSD login classes. .It Fl E , -preserve-env Indicates to the security policy that the user wishes to preserve their existing environment variables. The security policy may return an error if the user does not have permission to preserve the environment. .It Fl e , -edit Edit one or more files instead of running a command. In lieu of a path name, the string "sudoedit" is used when consulting the security policy. If the user is authorized by the policy, the following steps are taken: .Bl -enum -offset 4 .It Temporary copies are made of the files to be edited with the owner set to the invoking user. .It The editor specified by the policy is run to edit the temporary files. The .Em sudoers policy uses the .Ev SUDO_EDITOR , .Ev VISUAL and .Ev EDITOR environment variables (in that order). If none of .Ev SUDO_EDITOR , .Ev VISUAL or .Ev EDITOR are set, the first program listed in the .Em editor .Xr sudoers @mansectform@ option is used. .It If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed. .El .Pp If the specified file does not exist, it will be created. Note that unlike most commands run by .Em sudo , the editor is run with the invoking user's environment unmodified. If, for some reason, .Nm sudo is unable to update a file with its edited version, the user will receive a warning and the edited copy will remain in a temporary file. .It Fl g Ar group , Fl -group Ns No = Ns Ar group Run the command with the primary group set to .Ar group instead of the primary group specified by the target user's password database entry. The .Ar group may be either a group name or a numeric group ID .Pq GID prefixed with the .Ql # character (e.g. .Li #0 for GID 0). When running a command as a GID, many shells require that the .Ql # be escaped with a backslash .Pq Ql \e . If no .Fl u option is specified, the command will be run as the invoking user. In either case, the primary group will be set to .Ar group . .It Fl H , -set-home Request that the security policy set the .Ev HOME environment variable to the home directory specified by the target user's password database entry. Depending on the policy, this may be the default behavior. .It Fl h , -help Display a short help message to the standard output and exit. .It Fl h Ar host , Fl -host Ns No = Ns Ar host Run the command on the specified .Ar host if the security policy plugin supports remote commands. Note that the .Em sudoers plugin does not currently support running remote commands. This may also be used in conjunction with the .Fl l option to list a user's privileges for the remote host. .It Fl i , -login Run the shell specified by the target user's password database entry as a login shell. This means that login-specific resource files such as .Pa .profile or .Pa .login will be read by the shell. If a command is specified, it is passed to the shell for execution via the shell's .Fl c option. If no command is specified, an interactive shell is executed. .Nm sudo attempts to change to that user's home directory before running the shell. The command is run with an environment similar to the one a user would receive at log in. The .Em Command Environment section in the .Xr sudoers @mansectform@ manual documents how the .Fl i option affects the environment in which a command is run when the .Em sudoers policy is in use. .It Fl K , -remove-timestamp Similar to the .Fl k option, except that it removes the user's cached credentials entirely and may not be used in conjunction with a command or other option. This option does not require a password. Not all security policies support credential caching. .It Fl k , -reset-timestamp When used without a command, invalidates the user's cached credentials. In other words, the next time .Nm sudo is run a password will be required. This option does not require a password and was added to allow a user to revoke .Nm sudo permissions from a .Pa .logout file. .Pp When used in conjunction with a command or an option that may require a password, this option will cause .Nm sudo to ignore the user's cached credentials. As a result, .Nm sudo will prompt for a password (if one is required by the security policy) and will not update the user's cached credentials. .Pp Not all security policies support credential caching. .It Fl l , Fl -list If no .Ar command is specified, list the allowed (and forbidden) commands for the invoking user (or the user specified by the .Fl U option) on the current host. A longer list format is used if this option is specified multiple times and the security policy supports a verbose output format. .Pp If a .Ar command is specified and is permitted by the security policy, the fully-qualified path to the command is displayed along with any command line arguments. If .Ar command is specified but not allowed, .Nm sudo will exit with a status value of 1. .It Fl n , -non-interactive Avoid prompting the user for input of any kind. If a password is required for the command to run, .Nm sudo will display an error message and exit. .It Fl P , -preserve-groups Preserve the invoking user's group vector unaltered. By default, the .Em sudoers policy will initialize the group vector to the list of groups the target user is a member of. The real and effective group IDs, however, are still set to match the target user. .It Fl p Ar prompt , Fl -prompt Ns No = Ns Ar prompt Use a custom password prompt with optional escape sequences. The following percent .Pq Ql % escape sequences are supported by the .Em sudoers policy: .Bl -tag -width 2n .It Li %H expanded to the host name including the domain name (on if the machine's host name is fully qualified or the .Em fqdn option is set in .Xr sudoers @mansectform@ ) .It Li %h expanded to the local host name without the domain name .It Li %p expanded to the name of the user whose password is being requested (respects the .Em rootpw , .Em targetpw , and .Em runaspw flags in .Xr sudoers @mansectform@ ) .It Li \&%U expanded to the login name of the user the command will be run as (defaults to root unless the .Fl u option is also specified) .It Li %u expanded to the invoking user's login name .It Li %% two consecutive .Ql % characters are collapsed into a single .Ql % character .El .Pp The custom prompt will override the system password prompt on systems that support PAM unless the .Em passprompt_override flag is disabled in .Em sudoers . .It Fl r Ar role , Fl -role Ns No = Ns Ar role Run the command with an SELinux security context that includes the specified .Ar role . .It Fl S , -stdin Write the prompt to the standard error and read the password from the standard input instead of using the terminal device. The password must be followed by a newline character. .It Fl s , -shell Run the shell specified by the .Ev SHELL environment variable if it is set or the shell specified by the invoking user's password database entry. If a command is specified, it is passed to the shell for execution via the shell's .Fl c option. If no command is specified, an interactive shell is executed. .It Fl t Ar type , Fl -type Ns No = Ns Ar type Run the command with an SELinux security context that includes the specified .Ar type . If no .Ar type is specified, the default type is derived from the role. .It Fl U Ar user , Fl -other-user Ns No = Ns Ar user Used in conjunction with the .Fl l option to list the privileges for .Ar user instead of for the invoking user. The security policy may restrict listing other users' privileges. The .Em sudoers policy only allows root or a user with the .Li ALL privilege on the current host to use this option. .It Fl u Ar user , Fl -user Ns No = Ns Ar user Run the command as a user other than the default target user (usually .Em root ). The .Ar user may be either a user name or a numeric user ID .Pq UID prefixed with the .Ql # character (e.g. .Li #0 for UID 0). When running commands as a UID, many shells require that the .Ql # be escaped with a backslash .Pq Ql \e . Some security policies may restrict UIDs to those listed in the password database. The .Em sudoers policy allows UIDs that are not in the password database as long as the .Em targetpw option is not set. Other security policies may not support this. .It Fl V , -version Print the .Nm sudo version string as well as the version string of the security policy plugin and any I/O plugins. If the invoking user is already root the .Fl V option will display the arguments passed to configure when .Nm sudo was built and plugins may display more verbose information such as default options. .It Fl v , -validate Update the user's cached credentials, authenticating the user if necessary. For the .Em sudoers plugin, this extends the .Nm sudo timeout for another .Li @timeout@ minutes by default, but does not run a command. Not all security policies support cached credentials. .It Fl - The .Fl - option indicates that .Nm sudo should stop processing command line arguments. .El .Pp Environment variables to be set for the command may also be passed on the command line in the form of .Sy VAR Ns No = Ns Em value , e.g.\& .Sy LD_LIBRARY_PATH Ns No = Ns Em /usr/local/pkg/lib . Variables passed on the command line are subject to restrictions imposed by the security policy plugin. The .Em sudoers policy subjects variables passed on the command line to the same restrictions as normal environment variables with one important exception. If the .Em setenv option is set in .Em sudoers , the command to be run has the .Li SETENV tag set or the command matched is .Li ALL , the user may set variables that would otherwise be forbidden. See .Xr sudoers @mansectform@ for more information. .Sh COMMAND EXECUTION When .Nm sudo executes a command, the security policy specifies the execution environment for the command. Typically, the real and effective user and group and IDs are set to match those of the target user, as specified in the password database, and the group vector is initialized based on the group database (unless the .Fl P option was specified). .Pp The following parameters may be specified by security policy: .Bl -bullet .It real and effective user ID .It real and effective group ID .It supplementary group IDs .It the environment list .It current working directory .It file creation mode mask (umask) .It SELinux role and type .It Solaris project .It Solaris privileges .It BSD login class .It scheduling priority (aka nice value) .El .Ss Process model When .Nm sudo runs a command, it calls .Xr fork 2 , sets up the execution environment as described above, and calls the .Xr execve system call in the child process. The main .Nm sudo process waits until the command has completed, then passes the command's exit status to the security policy's close function and exits. If an I/O logging plugin is configured or if the security policy explicitly requests it, a new pseudo-terminal .Pq Dq pty is created and a second .Nm sudo process is used to relay job control signals between the user's existing pty and the new pty the command is being run in. This extra process makes it possible to, for example, suspend and resume the command. Without it, the command would be in what POSIX terms an .Dq orphaned process group and it would not receive any job control signals. As a special case, if the policy plugin does not define a close function and no pty is required, .Nm sudo will execute the command directly instead of calling .Xr fork 2 first. The .Em sudoers policy plugin will only define a close function when I/O logging is enabled, a pty is required, or the .Em pam_session or .Em pam_setcred options are enabled. Note that .Em pam_session and .Em pam_setcred are enabled by default on systems using PAM. .Ss Signal handling When the command is run as a child of the .Nm sudo process, .Nm sudo will relay signals it receives to the command. Unless the command is being run in a new pty, the .Dv SIGHUP , .Dv SIGINT and .Dv SIGQUIT signals are not relayed unless they are sent by a user process, not the kernel. Otherwise, the command would receive .Dv SIGINT twice every time the user entered control-C. Some signals, such as .Dv SIGSTOP and .Dv SIGKILL , cannot be caught and thus will not be relayed to the command. As a general rule, .Dv SIGTSTP should be used instead of .Dv SIGSTOP when you wish to suspend a command being run by .Nm sudo . .Pp As a special case, .Nm sudo will not relay signals that were sent by the command it is running. This prevents the command from accidentally killing itself. On some systems, the .Xr reboot @mansectsu@ command sends .Dv SIGTERM to all non-system processes other than itself before rebooting the system. This prevents .Nm sudo from relaying the .Dv SIGTERM signal it received back to .Xr reboot @mansectsu@ , which might then exit before the system was actually rebooted, leaving it in a half-dead state similar to single user mode. Note, however, that this check only applies to the command run by .Nm sudo and not any other processes that the command may create. As a result, running a script that calls .Xr reboot @mansectsu@ or .Xr shutdown @mansectsu@ via .Nm sudo may cause the system to end up in this undefined state unless the .Xr reboot @mansectsu@ or .Xr shutdown @mansectsu@ are run using the .Fn exec family of functions instead of .Fn system (which interposes a shell between the command and the calling process). .Pp If no I/O logging plugins are loaded and the policy plugin has not defined a .Fn close function, set a command timeout or required that the command be run in a new pty, .Nm sudo may execute the command directly instead of running it as a child process. .Ss Plugins Plugins may be specified via .Li Plugin directives in the .Xr sudo.conf @mansectform@ file. They may be loaded as dynamic shared objects (on systems that support them), or compiled directly into the .Nm sudo binary. If no .Xr sudo.conf @mansectform@ file is present, or it contains no .Li Plugin lines, .Nm sudo will use the traditional .Em sudoers security policy and I/O logging. See the .Xr sudo.conf @mansectform@ manual for details of the .Pa @sysconfdir@/sudo.conf file and the .Xr sudo_plugin @mansectsu@ manual for more information about the .Nm sudo plugin architecture. .Sh EXIT VALUE Upon successful execution of a program, the exit status from .Em sudo will simply be the exit status of the program that was executed. .Pp Otherwise, .Nm sudo exits with a value of 1 if there is a configuration/permission problem or if .Nm sudo cannot execute the given command. In the latter case the error string is printed to the standard error. If .Nm sudo cannot .Xr stat 2 one or more entries in the user's .Ev PATH , an error is printed on stderr. (If the directory does not exist or if it is not really a directory, the entry is ignored and no error is printed.) This should not happen under normal circumstances. The most common reason for .Xr stat 2 to return .Dq permission denied is if you are running an automounter and one of the directories in your .Ev PATH is on a machine that is currently unreachable. .Sh SECURITY NOTES .Nm sudo tries to be safe when executing external commands. .Pp To prevent command spoofing, .Nm sudo checks "." and "" (both denoting current directory) last when searching for a command in the user's .Ev PATH (if one or both are in the .Ev PATH ) . Note, however, that the actual .Ev PATH environment variable is .Em not modified and is passed unchanged to the program that .Nm sudo executes. .Pp Please note that .Nm sudo will normally only log the command it explicitly runs. If a user runs a command such as .Li sudo su or .Li sudo sh , subsequent commands run from that shell are not subject to .Nm sudo Ns No 's security policy. The same is true for commands that offer shell escapes (including most editors). If I/O logging is enabled, subsequent commands will have their input and/or output logged, but there will not be traditional logs for those commands. Because of this, care must be taken when giving users access to commands via .Nm sudo to verify that the command does not inadvertently give the user an effective root shell. For more information, please see the .Em PREVENTING SHELL ESCAPES section in .Xr sudoers @mansectform@ . .Pp To prevent the disclosure of potentially sensitive information, .Nm sudo disables core dumps by default while it is executing (they are re-enabled for the command that is run). To aid in debugging .Nm sudo crashes, you may wish to re-enable core dumps by setting .Dq disable_coredump to false in the .Xr sudo.conf @mansectform@ file as follows: .Bd -literal -offset indent Set disable_coredump false .Ed .Pp See the .Xr sudo.conf @mansectform@ manual for more information. .Sh ENVIRONMENT .Nm sudo utilizes the following environment variables. The security policy has control over the actual content of the command's environment. .Bl -tag -width 15n .It Ev EDITOR Default editor to use in .Fl e (sudoedit) mode if neither .Ev SUDO_EDITOR nor .Ev VISUAL is set. .It Ev MAIL In .Fl i mode or when .Em env_reset is enabled in .Em sudoers , set to the mail spool of the target user. .It Ev HOME Set to the home directory of the target user if .Fl i or .Fl H are specified, .Em env_reset or .Em always_set_home are set in .Em sudoers , or when the .Fl s option is specified and .Em set_home is set in .Em sudoers . .It Ev PATH May be overridden by the security policy. .It Ev SHELL Used to determine shell to run with .Fl s option. .It Ev SUDO_ASKPASS Specifies the path to a helper program used to read the password if no terminal is available or if the .Fl A option is specified. .It Ev SUDO_COMMAND Set to the command run by sudo. .It Ev SUDO_EDITOR Default editor to use in .Fl e (sudoedit) mode. .It Ev SUDO_GID Set to the group ID of the user who invoked sudo. .It Ev SUDO_PROMPT Used as the default password prompt. .It Ev SUDO_PS1 If set, .Ev PS1 will be set to its value for the program being run. .It Ev SUDO_UID Set to the user ID of the user who invoked sudo. .It Ev SUDO_USER Set to the login name of the user who invoked sudo. .It Ev USER Set to the target user (root unless the .Fl u option is specified). .It Ev VISUAL Default editor to use in .Fl e (sudoedit) mode if .Ev SUDO_EDITOR is not set. .El .Sh FILES .Bl -tag -width 24n .It Pa @sysconfdir@/sudo.conf .Nm sudo front end configuration .El .Sh EXAMPLES Note: the following examples assume a properly configured security policy. .Pp To get a file listing of an unreadable directory: .Bd -literal -offset indent $ sudo ls /usr/local/protected .Ed .Pp To list the home directory of user yaz on a machine where the file system holding ~yaz is not exported as root: .Bd -literal -offset indent $ sudo -u yaz ls ~yaz .Ed .Pp To edit the .Pa index.html file as user www: .Bd -literal -offset indent $ sudo -u www vi ~www/htdocs/index.html .Ed .Pp To view system logs only accessible to root and users in the adm group: .Bd -literal -offset indent $ sudo -g adm view /var/log/syslog .Ed .Pp To run an editor as jim with a different primary group: .Bd -literal -offset indent $ sudo -u jim -g audio vi ~jim/sound.txt .Ed .Pp To shut down a machine: .Bd -literal -offset indent $ sudo shutdown -r +15 "quick reboot" .Ed .Pp To make a usage listing of the directories in the /home partition. Note that this runs the commands in a sub-shell to make the .Li cd and file redirection work. .Bd -literal -offset indent $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" .Ed .Sh SEE ALSO .Xr su 1 , .Xr stat 2 , .Xr login_cap 3 , .Xr passwd @mansectform@ , .Xr sudo.conf @mansectform@ , .Xr sudoers @mansectform@ , .Xr sudo_plugin @mansectsu@ , .Xr sudoreplay @mansectsu@ , .Xr visudo @mansectsu@ .Sh HISTORY See the HISTORY file in the .Nm sudo distribution (http://www.sudo.ws/sudo/history.html) for a brief history of sudo. .Sh AUTHORS Many people have worked on .Nm sudo over the years; this version consists of code written primarily by: .Bd -ragged -offset indent Todd C. Miller .Ed .Pp See the CONTRIBUTORS file in the .Nm sudo distribution (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of people who have contributed to .Nm sudo . .Sh CAVEATS There is no easy way to prevent a user from gaining a root shell if that user is allowed to run arbitrary commands via .Nm sudo . Also, many programs (such as editors) allow the user to run commands via shell escapes, thus avoiding .Nm sudo Ns No 's checks. However, on most systems it is possible to prevent shell escapes with the .Xr sudoers @mansectform@ plugin's .Em noexec functionality. .Pp It is not meaningful to run the .Li cd command directly via sudo, e.g., .Bd -literal -offset indent $ sudo cd /usr/local/protected .Ed .Pp since when the command exits the parent process (your shell) will still be the same. Please see the .Sx EXAMPLES section for more information. .Pp Running shell scripts via .Nm sudo can expose the same kernel bugs that make setuid shell scripts unsafe on some operating systems (if your OS has a /dev/fd/ directory, setuid shell scripts are generally safe). .Sh BUGS If you feel you have found a bug in .Nm sudo , please submit a bug report at http://www.sudo.ws/sudo/bugs/ .Sh SUPPORT Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. .Sh DISCLAIMER .Nm sudo is provided .Dq AS IS and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with .Nm sudo or http://www.sudo.ws/sudo/license.html for complete details. sudo-1.8.9p5/doc/sudo_plugin.cat010064400175440000012000002210021226304127600161320ustar00millertstaffSUDO_PLUGIN(4) Programmer's Manual SUDO_PLUGIN(4) NNAAMMEE ssuuddoo__pplluuggiinn - Sudo Plugin API DDEESSCCRRIIPPTTIIOONN Starting with version 1.8, ssuuddoo supports a plugin API for policy and session logging. Plugins may be compiled as dynamic shared objects (the default on systems that support them) or compiled statically into the ssuuddoo binary itself. By default, the ssuuddooeerrss policy plugin and an associated I/O logging plugin are used. Via the plugin API, ssuuddoo can be configured to use alternate policy and/or I/O logging plugins provided by third parties. The plugins to be used are specified in the sudo.conf(4) file. The API is versioned with a major and minor number. The minor version number is incremented when additions are made. The major number is incremented when incompatible changes are made. A plugin should be check the version passed to it and make sure that the major version matches. The plugin API is defined by the sudo_plugin.h header file. PPoolliiccyy pplluuggiinn AAPPII A policy plugin must declare and populate a policy_plugin struct in the global scope. This structure contains pointers to the functions that implement the ssuuddoo policy checks. The name of the symbol should be specified in sudo.conf(4) along with a path to the plugin so that ssuuddoo can load it. struct policy_plugin { #define SUDO_POLICY_PLUGIN 1 unsigned int type; /* always SUDO_POLICY_PLUGIN */ unsigned int version; /* always SUDO_API_VERSION */ int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], char * const user_info[], char * const user_env[], char * const plugin_options[]); void (*close)(int exit_status, int error); int (*show_version)(int verbose); int (*check_policy)(int argc, char * const argv[], char *env_add[], char **command_info[], char **argv_out[], char **user_env_out[]); int (*list)(int argc, char * const argv[], int verbose, const char *list_user); int (*validate)(void); void (*invalidate)(int remove); int (*init_session)(struct passwd *pwd, char **user_env[]); void (*register_hooks)(int version, int (*register_hook)(struct sudo_hook *hook)); void (*deregister_hooks)(int version, int (*deregister_hook)(struct sudo_hook *hook)); }; The policy_plugin struct has the following fields: type The type field should always be set to SUDO_POLICY_PLUGIN. version The version field should be set to SUDO_API_VERSION. This allows ssuuddoo to determine the API version the plugin was built against. open int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], char * const user_info[], char * const user_env[], char * const plugin_options[]); Returns 1 on success, 0 on failure, -1 if a general error occurred, or -2 if there was a usage error. In the latter case, ssuuddoo will print a usage message before it exits. If an error occurs, the plugin may optionally call the ccoonnvveerrssaattiioonn() or pplluuggiinn__pprriinnttff() function with SUDO_CONF_ERROR_MSG to present additional error information to the user. The function arguments are as follows: version The version passed in by ssuuddoo allows the plugin to determine the major and minor version number of the plugin API supported by ssuuddoo. conversation A pointer to the ccoonnvveerrssaattiioonn() function that can be used by the plugin to interact with the user (see below). Returns 0 on success and -1 on failure. plugin_printf A pointer to a pprriinnttff()-style function that may be used to display informational or error messages (see below). Returns the number of characters printed on success and -1 on failure. settings A vector of user-supplied ssuuddoo settings in the form of ``name=value'' strings. The vector is terminated by a NULL pointer. These settings correspond to flags the user specified when running ssuuddoo. As such, they will only be present when the corresponding flag has been specified on the command line. When parsing _s_e_t_t_i_n_g_s, the plugin should split on the ffiirrsstt equal sign (`=') since the _n_a_m_e field will never include one itself but the _v_a_l_u_e might. bsdauth_type=string Authentication type, if specified by the --aa flag, to use on systems where BSD authentication is supported. closefrom=number If specified, the user has requested via the --CC flag that ssuuddoo close all files descriptors with a value of _n_u_m_b_e_r or higher. The plugin may optionally pass this, or another value, back in the _c_o_m_m_a_n_d___i_n_f_o list. debug_flags=string A comma-separated list of debug flags that correspond to ssuuddoo's Debug entry in sudo.conf(4), if there is one. The flags are passed to the plugin as they appear in sudo.conf(4). The syntax used by ssuuddoo and the ssuuddooeerrss plugin is _s_u_b_s_y_s_t_e_m@_p_r_i_o_r_i_t_y but the plugin is free to use a different format so long as it does not include a comma (`,'). There is not currently a way to specify a set of debug flags specific to the plugin--the flags are shared by ssuuddoo and the plugin. debug_level=number This setting has been deprecated in favor of _d_e_b_u_g___f_l_a_g_s. ignore_ticket=bool Set to true if the user specified the --kk flag along with a command, indicating that the user wishes to ignore any cached authentication credentials. _i_m_p_l_i_e_d___s_h_e_l_l to true. This allows ssuuddoo with no arguments to be used similarly to su(1). If the plugin does not to support this usage, it may return a value of -2 from the cchheecckk__ppoolliiccyy() function, which will cause ssuuddoo to print a usage message and exit. implied_shell=bool If the user does not specify a program on the command line, ssuuddoo will pass the plugin the path to the user's shell and set login_class=string BSD login class to use when setting resource limits and nice value, if specified by the --cc flag. login_shell=bool Set to true if the user specified the --ii flag, indicating that the user wishes to run a login shell. max_groups=int The maximum number of groups a user may belong to. This will only be present if there is a corresponding setting in sudo.conf(4). network_addrs=list A space-separated list of IP network addresses and netmasks in the form ``addr/netmask'', e.g. ``192.168.1.2/255.255.255.0''. The address and netmask pairs may be either IPv4 or IPv6, depending on what the operating system supports. If the address contains a colon (`:'), it is an IPv6 address, else it is IPv4. noninteractive=bool Set to true if the user specified the --nn flag, indicating that ssuuddoo should operate in non-interactive mode. The plugin may reject a command run in non- interactive mode if user interaction is required. plugin_dir=string The default plugin directory used by the ssuuddoo front end. This is the default directory set at compile time and may not correspond to the directory the running plugin was loaded from. It may be used by a plugin to locate support files. preserve_environment=bool Set to true if the user specified the --EE flag, indicating that the user wishes to preserve the environment. preserve_groups=bool Set to true if the user specified the --PP flag, indicating that the user wishes to preserve the group vector instead of setting it based on the runas user. progname=string The command name that sudo was run as, typically ``sudo'' or ``sudoedit''. prompt=string The prompt to use when requesting a password, if specified via the --pp flag. remote_host=string The name of the remote host to run the command on, if specified via the --hh option. Support for running the command on a remote host is meant to be implemented via a helper program that is executed in place of the user- specified command. The ssuuddoo front end is only capable of executing commands on the local host. Only available starting with API version 1.4. run_shell=bool Set to true if the user specified the --ss flag, indicating that the user wishes to run a shell. runas_group=string The group name or gid to run the command as, if specified via the --gg flag. runas_user=string The user name or uid to run the command as, if specified via the --uu flag. selinux_role=string SELinux role to use when executing the command, if specified by the --rr flag. selinux_type=string SELinux type to use when executing the command, if specified by the --tt flag. set_home=bool Set to true if the user specified the --HH flag. If true, set the HOME environment variable to the target user's home directory. sudoedit=bool Set to true when the --ee flag is is specified or if invoked as ssuuddooeeddiitt. The plugin shall substitute an editor into _a_r_g_v in the cchheecckk__ppoolliiccyy() function or return -2 with a usage error if the plugin does not support _s_u_d_o_e_d_i_t. For more information, see the _c_h_e_c_k___p_o_l_i_c_y section. Additional settings may be added in the future so the plugin should silently ignore settings that it does not recognize. user_info A vector of information about the user running the command in the form of ``name=value'' strings. The vector is terminated by a NULL pointer. When parsing _u_s_e_r___i_n_f_o, the plugin should split on the ffiirrsstt equal sign (`=') since the _n_a_m_e field will never include one itself but the _v_a_l_u_e might. cols=int The number of columns the user's terminal supports. If there is no terminal device available, a default value of 80 is used. cwd=string The user's current working directory. egid=gid_t The effective group ID of the user invoking ssuuddoo. euid=uid_t The effective user ID of the user invoking ssuuddoo. gid=gid_t The real group ID of the user invoking ssuuddoo. groups=list The user's supplementary group list formatted as a string of comma-separated group IDs. host=string The local machine's hostname as returned by the gethostname(2) system call. lines=int The number of lines the user's terminal supports. If there is no terminal device available, a default value of 24 is used. pgid=int The ID of the process group that the running ssuuddoo process is a member of. Only available starting with API version 1.2. pid=int The process ID of the running ssuuddoo process. Only available starting with API version 1.2. plugin_options Any (non-comment) strings immediately after the plugin path are passed as arguments to the plugin. These arguments are split on a white space boundary and are passed to the plugin in the form of a NULL-terminated array of strings. If no arguments were specified, _p_l_u_g_i_n___o_p_t_i_o_n_s will be the NULL pointer. NOTE: the _p_l_u_g_i_n___o_p_t_i_o_n_s parameter is only available starting with API version 1.2. A plugin mmuusstt check the API version specified by the ssuuddoo front end before using _p_l_u_g_i_n___o_p_t_i_o_n_s. Failure to do so may result in a crash. ppid=int The parent process ID of the running ssuuddoo process. Only available starting with API version 1.2. sid=int The session ID of the running ssuuddoo process or 0 if ssuuddoo is not part of a POSIX job control session. Only available starting with API version 1.2. tcpgid=int The ID of the foreground process group associated with the terminal device associated with the ssuuddoo process or -1 if there is no terminal present. Only available starting with API version 1.2. tty=string The path to the user's terminal device. If the user has no terminal device associated with the session, the value will be empty, as in ``tty=''. uid=uid_t The real user ID of the user invoking ssuuddoo. user=string The name of the user invoking ssuuddoo. user_env The user's environment in the form of a NULL-terminated vector of ``name=value'' strings. When parsing _u_s_e_r___e_n_v, the plugin should split on the ffiirrsstt equal sign (`=') since the _n_a_m_e field will never include one itself but the _v_a_l_u_e might. close void (*close)(int exit_status, int error); The cclloossee() function is called when the command being run by ssuuddoo finishes. The function arguments are as follows: exit_status The command's exit status, as returned by the wait(2) system call. The value of exit_status is undefined if error is non- zero. error If the command could not be executed, this is set to the value of errno set by the execve(2) system call. The plugin is responsible for displaying error information via the ccoonnvveerrssaattiioonn() or pplluuggiinn__pprriinnttff() function. If the command was successfully executed, the value of error is 0. If no cclloossee() function is defined, no I/O logging plugins are loaded, and neither the _t_i_m_e_o_u_t not _u_s_e___p_t_y options are set in the command_info list, the ssuuddoo front end may execute the command directly instead of running it as a child process. show_version int (*show_version)(int verbose); The sshhooww__vveerrssiioonn() function is called by ssuuddoo when the user specifies the --VV option. The plugin may display its version information to the user via the ccoonnvveerrssaattiioonn() or pplluuggiinn__pprriinnttff() function using SUDO_CONV_INFO_MSG. If the user requests detailed version information, the verbose flag will be set. check_policy int (*check_policy)(int argc, char * const argv[] char *env_add[], char **command_info[], char **argv_out[], char **user_env_out[]); The cchheecckk__ppoolliiccyy() function is called by ssuuddoo to determine whether the user is allowed to run the specified commands. If the _s_u_d_o_e_d_i_t option was enabled in the _s_e_t_t_i_n_g_s array passed to the ooppeenn() function, the user has requested _s_u_d_o_e_d_i_t mode. _s_u_d_o_e_d_i_t is a mechanism for editing one or more files where an editor is run with the user's credentials instead of with elevated privileges. ssuuddoo achieves this by creating user-writable temporary copies of the files to be edited and then overwriting the originals with the temporary copies after editing is complete. If the plugin supports _s_u_d_o_e_d_i_t, it should choose the editor to be used, potentially from a variable in the user's environment, such as EDITOR, and include it in _a_r_g_v___o_u_t (note that environment variables may include command line flags). The files to be edited should be copied from _a_r_g_v into _a_r_g_v___o_u_t, separated from the editor and its arguments by a ``--'' element. The ``--'' will be removed by ssuuddoo before the editor is executed. The plugin should also set _s_u_d_o_e_d_i_t_=_t_r_u_e in the _c_o_m_m_a_n_d___i_n_f_o list. The cchheecckk__ppoolliiccyy() function returns 1 if the command is allowed, 0 if not allowed, -1 for a general error, or -2 for a usage error or if _s_u_d_o_e_d_i_t was specified but is unsupported by the plugin. In the latter case, ssuuddoo will print a usage message before it exits. If an error occurs, the plugin may optionally call the ccoonnvveerrssaattiioonn() or pplluuggiinn__pprriinnttff() function with SUDO_CONF_ERROR_MSG to present additional error information to the user. The function arguments are as follows: argc The number of elements in _a_r_g_v, not counting the final NULL pointer. argv The argument vector describing the command the user wishes to run, in the same form as what would be passed to the execve(2) system call. The vector is terminated by a NULL pointer. env_add Additional environment variables specified by the user on the command line in the form of a NULL-terminated vector of ``name=value'' strings. The plugin may reject the command if one or more variables are not allowed to be set, or it may silently ignore such variables. When parsing _e_n_v___a_d_d, the plugin should split on the ffiirrsstt equal sign (`=') since the _n_a_m_e field will never include one itself but the _v_a_l_u_e might. command_info Information about the command being run in the form of ``name=value'' strings. These values are used by ssuuddoo to set the execution environment when running a command. The plugin is responsible for creating and populating the vector, which must be terminated with a NULL pointer. The following values are recognized by ssuuddoo: chroot=string The root directory to use when running the command. closefrom=number If specified, ssuuddoo will close all files descriptors with a value of _n_u_m_b_e_r or higher. command=string Fully qualified path to the command to be executed. cwd=string The current working directory to change to when executing the command. exec_background=bool By default, ssuuddoo runs a command as the foreground process as long as ssuuddoo itself is running in the foreground. When _e_x_e_c___b_a_c_k_g_r_o_u_n_d is enabled and the command is being run in a pty (due to I/O logging or the _u_s_e___p_t_y setting), the command will be run as a background process. Attempts to read from the controlling terminal (or to change terminal settings) will result in the command being suspended with the SIGTTIN signal (or SIGTTOU in the case of terminal settings). If this happens when ssuuddoo is a foreground process, the command will be granted the controlling terminal and resumed in the foreground with no user intervention required. The advantage of initially running the command in the background is that ssuuddoo need not read from the terminal unless the command explicitly requests it. Otherwise, any terminal input must be passed to the command, whether it has required it or not (the kernel buffers terminals so it is not possible to tell whether the command really wants the input). This is different from historic _s_u_d_o behavior or when the command is not being run in a pty. For this to work seamlessly, the operating system must support the automatic restarting of system calls. Unfortunately, not all operating systems do this by default, and even those that do may have bugs. For example, Mac OS X fails to restart the ttccggeettaattttrr() and ttccsseettaattttrr() system calls (this is a bug in Mac OS X). Furthermore, because this behavior depends on the command stopping with the SIGTTIN or SIGTTOU signals, programs that catch these signals and suspend themselves with a different signal (usually SIGTOP) will not be automatically foregrounded. Some versions of the linux su(1) command behave this way. Because of this, a plugin should not set _e_x_e_c___b_a_c_k_g_r_o_u_n_d unless it is explicitly enabled by the administrator and there should be a way to enabled or disable it on a per- command basis. This setting has no effect unless I/O logging is enabled or _u_s_e___p_t_y is enabled. iolog_compress=bool Set to true if the I/O logging plugins, if any, should compress the log data. This is a hint to the I/O logging plugin which may choose to ignore it. iolog_path=string Fully qualified path to the file or directory in which I/O log is to be stored. This is a hint to the I/O logging plugin which may choose to ignore it. If no I/O logging plugin is loaded, this setting has no effect. iolog_stdin=bool Set to true if the I/O logging plugins, if any, should log the standard input if it is not connected to a terminal device. This is a hint to the I/O logging plugin which may choose to ignore it. iolog_stdout=bool Set to true if the I/O logging plugins, if any, should log the standard output if it is not connected to a terminal device. This is a hint to the I/O logging plugin which may choose to ignore it. iolog_stderr=bool Set to true if the I/O logging plugins, if any, should log the standard error if it is not connected to a terminal device. This is a hint to the I/O logging plugin which may choose to ignore it. iolog_ttyin=bool Set to true if the I/O logging plugins, if any, should log all terminal input. This only includes input typed by the user and not from a pipe or redirected from a file. This is a hint to the I/O logging plugin which may choose to ignore it. iolog_ttyout=bool Set to true if the I/O logging plugins, if any, should log all terminal output. This only includes output to the screen, not output to a pipe or file. This is a hint to the I/O logging plugin which may choose to ignore it. login_class=string BSD login class to use when setting resource limits and nice value (optional). This option is only set on systems that support login classes. nice=int Nice value (priority) to use when executing the command. The nice value, if specified, overrides the priority associated with the _l_o_g_i_n___c_l_a_s_s on BSD systems. noexec=bool If set, prevent the command from executing other programs. preserve_fds=list A comma-separated list of file descriptors that should be preserved, regardless of the value of the _c_l_o_s_e_f_r_o_m setting. Only available starting with API version 1.5. preserve_groups=bool If set, ssuuddoo will preserve the user's group vector instead of initializing the group vector based on runas_user. runas_egid=gid Effective group ID to run the command as. If not specified, the value of _r_u_n_a_s___g_i_d is used. runas_euid=uid Effective user ID to run the command as. If not specified, the value of _r_u_n_a_s___u_i_d is used. runas_gid=gid Group ID to run the command as. runas_groups=list The supplementary group vector to use for the command in the form of a comma-separated list of group IDs. If _p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, this option is ignored. runas_uid=uid User ID to run the command as. selinux_role=string SELinux role to use when executing the command. selinux_type=string SELinux type to use when executing the command. set_utmp=bool Create a utmp (or utmpx) entry when a pseudo-tty is allocated. By default, the new entry will be a copy of the user's existing utmp entry (if any), with the tty, time, type and pid fields updated. sudoedit=bool Set to true when in _s_u_d_o_e_d_i_t mode. The plugin may enable _s_u_d_o_e_d_i_t mode even if ssuuddoo was not invoked as ssuuddooeeddiitt. This allows the plugin to perform command substitution and transparently enable _s_u_d_o_e_d_i_t when the user attempts to run an editor. timeout=int Command timeout. If non-zero then when the timeout expires the command will be killed. umask=octal The file creation mask to use when executing the command. use_pty=bool Allocate a pseudo-tty to run the command in, regardless of whether or not I/O logging is in use. By default, ssuuddoo will only run the command in a pty when an I/O log plugin is loaded. utmp_user=string User name to use when constructing a new utmp (or utmpx) entry when _s_e_t___u_t_m_p is enabled. This option can be used to set the user field in the utmp entry to the user the command runs as rather than the invoking user. If not set, ssuuddoo will base the new entry on the invoking user's existing entry. Unsupported values will be ignored. argv_out The NULL-terminated argument vector to pass to the execve(2) system call when executing the command. The plugin is responsible for allocating and populating the vector. user_env_out The NULL-terminated environment vector to use when executing the command. The plugin is responsible for allocating and populating the vector. list int (*list)(int verbose, const char *list_user, int argc, char * const argv[]); List available privileges for the invoking user. Returns 1 on success, 0 on failure and -1 on error. On error, the plugin may optionally call the ccoonnvveerrssaattiioonn() or pplluuggiinn__pprriinnttff() function with SUDO_CONF_ERROR_MSG to present additional error information to the user. Privileges should be output via the ccoonnvveerrssaattiioonn() or pplluuggiinn__pprriinnttff() function using SUDO_CONV_INFO_MSG, verbose Flag indicating whether to list in verbose mode or not. list_user The name of a different user to list privileges for if the policy allows it. If NULL, the plugin should list the privileges of the invoking user. argc The number of elements in _a_r_g_v, not counting the final NULL pointer. argv If non-NULL, an argument vector describing a command the user wishes to check against the policy in the same form as what would be passed to the execve(2) system call. If the command is permitted by the policy, the fully-qualified path to the command should be displayed along with any command line arguments. validate int (*validate)(void); The vvaalliiddaattee() function is called when ssuuddoo is run with the --vv flag. For policy plugins such as ssuuddooeerrss that cache authentication credentials, this function will validate and cache the credentials. The vvaalliiddaattee() function should be NULL if the plugin does not support credential caching. Returns 1 on success, 0 on failure and -1 on error. On error, the plugin may optionally call the ccoonnvveerrssaattiioonn() or pplluuggiinn__pprriinnttff() function with SUDO_CONF_ERROR_MSG to present additional error information to the user. invalidate void (*invalidate)(int remove); The iinnvvaalliiddaattee() function is called when ssuuddoo is called with the --kk or --KK flag. For policy plugins such as ssuuddooeerrss that cache authentication credentials, this function will invalidate the credentials. If the _r_e_m_o_v_e flag is set, the plugin may remove the credentials instead of simply invalidating them. The iinnvvaalliiddaattee() function should be NULL if the plugin does not support credential caching. init_session int (*init_session)(struct passwd *pwd, char **user_envp[); The iinniitt__sseessssiioonn() function is called before ssuuddoo sets up the execution environment for the command. It is run in the parent ssuuddoo process and before any uid or gid changes. This can be used to perform session setup that is not supported by _c_o_m_m_a_n_d___i_n_f_o, such as opening the PAM session. The cclloossee() function can be used to tear down the session that was opened by init_session. The _p_w_d argument points to a passwd struct for the user the command will be run as if the uid the command will run as was found in the password database, otherwise it will be NULL. The _u_s_e_r___e_n_v argument points to the environment the command will run in, in the form of a NULL-terminated vector of ``name=value'' strings. This is the same string passed back to the front end via the Policy Plugin's _u_s_e_r___e_n_v___o_u_t parameter. If the iinniitt__sseessssiioonn() function needs to modify the user environment, it should update the pointer stored in _u_s_e_r___e_n_v. The expected use case is to merge the contents of the PAM environment (if any) with the contents of _u_s_e_r___e_n_v. NOTE: the _u_s_e_r___e_n_v parameter is only available starting with API version 1.2. A plugin mmuusstt check the API version specified by the ssuuddoo front end before using _u_s_e_r___e_n_v. Failure to do so may result in a crash. Returns 1 on success, 0 on failure and -1 on error. On error, the plugin may optionally call the ccoonnvveerrssaattiioonn() or pplluuggiinn__pprriinnttff() function with SUDO_CONF_ERROR_MSG to present additional error information to the user. register_hooks void (*register_hooks)(int version, int (*register_hook)(struct sudo_hook *hook)); The rreeggiisstteerr__hhooookkss() function is called by the sudo front end to register any hooks the plugin needs. If the plugin does not support hooks, register_hooks should be set to the NULL pointer. The _v_e_r_s_i_o_n argument describes the version of the hooks API supported by the ssuuddoo front end. The rreeggiisstteerr__hhooookk() function should be used to register any supported hooks the plugin needs. It returns 0 on success, 1 if the hook type is not supported and -1 if the major version in struct hook does not match the front end's major hook API version. See the _H_o_o_k _f_u_n_c_t_i_o_n _A_P_I section below for more information about hooks. NOTE: the rreeggiisstteerr__hhooookkss() function is only available starting with API version 1.2. If the ssuuddoo front end doesn't support API version 1.2 or higher, register_hooks will not be called. deregister_hooks void (*deregister_hooks)(int version, int (*deregister_hook)(struct sudo_hook *hook)); The ddeerreeggiisstteerr__hhooookkss() function is called by the sudo front end to deregister any hooks the plugin has registered. If the plugin does not support hooks, deregister_hooks should be set to the NULL pointer. The _v_e_r_s_i_o_n argument describes the version of the hooks API supported by the ssuuddoo front end. The ddeerreeggiisstteerr__hhooookk() function should be used to deregister any hooks that were put in place by the rreeggiisstteerr__hhooookk() function. If the plugin tries to deregister a hook that the front end does not support, deregister_hook will return an error. See the _H_o_o_k _f_u_n_c_t_i_o_n _A_P_I section below for more information about hooks. NOTE: the ddeerreeggiisstteerr__hhooookkss() function is only available starting with API version 1.2. If the ssuuddoo front end doesn't support API version 1.2 or higher, deregister_hooks will not be called. _P_o_l_i_c_y _P_l_u_g_i_n _V_e_r_s_i_o_n _M_a_c_r_o_s /* Plugin API version major/minor. */ #define SUDO_API_VERSION_MAJOR 1 #define SUDO_API_VERSION_MINOR 2 #define SUDO_API_MKVERSION(x, y) ((x << 16) | y) #define SUDO_API_VERSION SUDO_API_MKVERSION(SUDO_API_VERSION_MAJOR,\ SUDO_API_VERSION_MINOR) /* Getters and setters for API version */ #define SUDO_API_VERSION_GET_MAJOR(v) ((v) >> 16) #define SUDO_API_VERSION_GET_MINOR(v) ((v) & 0xffff) #define SUDO_API_VERSION_SET_MAJOR(vp, n) do { \ *(vp) = (*(vp) & 0x0000ffff) | ((n) << 16); \ } while(0) #define SUDO_VERSION_SET_MINOR(vp, n) do { \ *(vp) = (*(vp) & 0xffff0000) | (n); \ } while(0) II//OO pplluuggiinn AAPPII struct io_plugin { #define SUDO_IO_PLUGIN 2 unsigned int type; /* always SUDO_IO_PLUGIN */ unsigned int version; /* always SUDO_API_VERSION */ int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], char * const user_info[], char * const command_info[], int argc, char * const argv[], char * const user_env[], char * const plugin_options[]); void (*close)(int exit_status, int error); /* wait status or error */ int (*show_version)(int verbose); int (*log_ttyin)(const char *buf, unsigned int len); int (*log_ttyout)(const char *buf, unsigned int len); int (*log_stdin)(const char *buf, unsigned int len); int (*log_stdout)(const char *buf, unsigned int len); int (*log_stderr)(const char *buf, unsigned int len); void (*register_hooks)(int version, int (*register_hook)(struct sudo_hook *hook)); void (*deregister_hooks)(int version, int (*deregister_hook)(struct sudo_hook *hook)); }; When an I/O plugin is loaded, ssuuddoo runs the command in a pseudo-tty. This makes it possible to log the input and output from the user's session. If any of the standard input, standard output or standard error do not correspond to a tty, ssuuddoo will open a pipe to capture the I/O for logging before passing it on. The log_ttyin function receives the raw user input from the terminal device (note that this will include input even when echo is disabled, such as when a password is read). The log_ttyout function receives output from the pseudo-tty that is suitable for replaying the user's session at a later time. The lloogg__ssttddiinn(), lloogg__ssttddoouutt() and lloogg__ssttddeerrrr() functions are only called if the standard input, standard output or standard error respectively correspond to something other than a tty. Any of the logging functions may be set to the NULL pointer if no logging is to be performed. If the open function returns 0, no I/O will be sent to the plugin. The io_plugin struct has the following fields: type The type field should always be set to SUDO_IO_PLUGIN. version The version field should be set to SUDO_API_VERSION. This allows ssuuddoo to determine the API version the plugin was built against. open int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], char * const user_info[], int argc, char * const argv[], char * const user_env[], char * const plugin_options[]); The ooppeenn() function is run before the lloogg__iinnppuutt(), lloogg__oouuttppuutt() or sshhooww__vveerrssiioonn() functions are called. It is only called if the version is being requested or the cchheecckk__ppoolliiccyy() function has returned successfully. It returns 1 on success, 0 on failure, -1 if a general error occurred, or -2 if there was a usage error. In the latter case, ssuuddoo will print a usage message before it exits. If an error occurs, the plugin may optionally call the ccoonnvveerrssaattiioonn() or pplluuggiinn__pprriinnttff() function with SUDO_CONF_ERROR_MSG to present additional error information to the user. The function arguments are as follows: version The version passed in by ssuuddoo allows the plugin to determine the major and minor version number of the plugin API supported by ssuuddoo. conversation A pointer to the ccoonnvveerrssaattiioonn() function that may be used by the sshhooww__vveerrssiioonn() function to display version information (see sshhooww__vveerrssiioonn() below). The ccoonnvveerrssaattiioonn() function may also be used to display additional error message to the user. The ccoonnvveerrssaattiioonn() function returns 0 on success and -1 on failure. plugin_printf A pointer to a pprriinnttff()-style function that may be used by the sshhooww__vveerrssiioonn() function to display version information (see show_version below). The pplluuggiinn__pprriinnttff() function may also be used to display additional error message to the user. The pplluuggiinn__pprriinnttff() function returns number of characters printed on success and -1 on failure. settings A vector of user-supplied ssuuddoo settings in the form of ``name=value'' strings. The vector is terminated by a NULL pointer. These settings correspond to flags the user specified when running ssuuddoo. As such, they will only be present when the corresponding flag has been specified on the command line. When parsing _s_e_t_t_i_n_g_s, the plugin should split on the ffiirrsstt equal sign (`=') since the _n_a_m_e field will never include one itself but the _v_a_l_u_e might. See the _P_o_l_i_c_y _p_l_u_g_i_n _A_P_I section for a list of all possible settings. user_info A vector of information about the user running the command in the form of ``name=value'' strings. The vector is terminated by a NULL pointer. When parsing _u_s_e_r___i_n_f_o, the plugin should split on the ffiirrsstt equal sign (`=') since the _n_a_m_e field will never include one itself but the _v_a_l_u_e might. See the _P_o_l_i_c_y _p_l_u_g_i_n _A_P_I section for a list of all possible strings. argc The number of elements in _a_r_g_v, not counting the final NULL pointer. argv If non-NULL, an argument vector describing a command the user wishes to run in the same form as what would be passed to the execve(2) system call. user_env The user's environment in the form of a NULL-terminated vector of ``name=value'' strings. When parsing _u_s_e_r___e_n_v, the plugin should split on the ffiirrsstt equal sign (`=') since the _n_a_m_e field will never include one itself but the _v_a_l_u_e might. plugin_options Any (non-comment) strings immediately after the plugin path are treated as arguments to the plugin. These arguments are split on a white space boundary and are passed to the plugin in the form of a NULL-terminated array of strings. If no arguments were specified, _p_l_u_g_i_n___o_p_t_i_o_n_s will be the NULL pointer. NOTE: the _p_l_u_g_i_n___o_p_t_i_o_n_s parameter is only available starting with API version 1.2. A plugin mmuusstt check the API version specified by the ssuuddoo front end before using _p_l_u_g_i_n___o_p_t_i_o_n_s. Failure to do so may result in a crash. close void (*close)(int exit_status, int error); The cclloossee() function is called when the command being run by ssuuddoo finishes. The function arguments are as follows: exit_status The command's exit status, as returned by the wait(2) system call. The value of exit_status is undefined if error is non- zero. error If the command could not be executed, this is set to the value of errno set by the execve(2) system call. If the command was successfully executed, the value of error is 0. show_version int (*show_version)(int verbose); The sshhooww__vveerrssiioonn() function is called by ssuuddoo when the user specifies the --VV option. The plugin may display its version information to the user via the ccoonnvveerrssaattiioonn() or pplluuggiinn__pprriinnttff() function using SUDO_CONV_INFO_MSG. If the user requests detailed version information, the verbose flag will be set. log_ttyin int (*log_ttyin)(const char *buf, unsigned int len); The lloogg__ttttyyiinn() function is called whenever data can be read from the user but before it is passed to the running command. This allows the plugin to reject data if it chooses to (for instance if the input contains banned content). Returns 1 if the data should be passed to the command, 0 if the data is rejected (which will terminate the command) or -1 if an error occurred. The function arguments are as follows: buf The buffer containing user input. len The length of _b_u_f in bytes. log_ttyout int (*log_ttyout)(const char *buf, unsigned int len); The lloogg__ttttyyoouutt() function is called whenever data can be read from the command but before it is written to the user's terminal. This allows the plugin to reject data if it chooses to (for instance if the output contains banned content). Returns 1 if the data should be passed to the user, 0 if the data is rejected (which will terminate the command) or -1 if an error occurred. The function arguments are as follows: buf The buffer containing command output. len The length of _b_u_f in bytes. log_stdin int (*log_stdin)(const char *buf, unsigned int len); The lloogg__ssttddiinn() function is only used if the standard input does not correspond to a tty device. It is called whenever data can be read from the standard input but before it is passed to the running command. This allows the plugin to reject data if it chooses to (for instance if the input contains banned content). Returns 1 if the data should be passed to the command, 0 if the data is rejected (which will terminate the command) or -1 if an error occurred. The function arguments are as follows: buf The buffer containing user input. len The length of _b_u_f in bytes. log_stdout int (*log_stdout)(const char *buf, unsigned int len); The lloogg__ssttddoouutt() function is only used if the standard output does not correspond to a tty device. It is called whenever data can be read from the command but before it is written to the standard output. This allows the plugin to reject data if it chooses to (for instance if the output contains banned content). Returns 1 if the data should be passed to the user, 0 if the data is rejected (which will terminate the command) or -1 if an error occurred. The function arguments are as follows: buf The buffer containing command output. len The length of _b_u_f in bytes. log_stderr int (*log_stderr)(const char *buf, unsigned int len); The lloogg__ssttddeerrrr() function is only used if the standard error does not correspond to a tty device. It is called whenever data can be read from the command but before it is written to the standard error. This allows the plugin to reject data if it chooses to (for instance if the output contains banned content). Returns 1 if the data should be passed to the user, 0 if the data is rejected (which will terminate the command) or -1 if an error occurred. The function arguments are as follows: buf The buffer containing command output. len The length of _b_u_f in bytes. register_hooks See the _P_o_l_i_c_y _p_l_u_g_i_n _A_P_I section for a description of register_hooks. deregister_hooks See the _P_o_l_i_c_y _p_l_u_g_i_n _A_P_I section for a description of deregister_hooks. _I_/_O _P_l_u_g_i_n _V_e_r_s_i_o_n _M_a_c_r_o_s Same as for the _P_o_l_i_c_y _p_l_u_g_i_n _A_P_I. SSiiggnnaall hhaannddlleerrss The ssuuddoo front end installs default signal handlers to trap common signals while the plugin functions are run. The following signals are trapped by default before the command is executed: oo SIGALRM oo SIGHUP oo SIGINT oo SIGQUIT oo SIGTERM oo SIGTSTP oo SIGUSR1 oo SIGUSR2 If a fatal signal is received before the command is executed, ssuuddoo will call the plugin's cclloossee() function with an exit status of 128 plus the value of the signal that was received. This allows for consistent logging of commands killed by a signal for plugins that log such information in their cclloossee() function. A plugin may temporarily install its own signal handlers but must restore the original handler before the plugin function returns. HHooookk ffuunnccttiioonn AAPPII Beginning with plugin API version 1.2, it is possible to install hooks for certain functions called by the ssuuddoo front end. Currently, the only supported hooks relate to the handling of environment variables. Hooks can be used to intercept attempts to get, set, or remove environment variables so that these changes can be reflected in the version of the environment that is used to execute a command. A future version of the API will support hooking internal ssuuddoo front end functions as well. _H_o_o_k _s_t_r_u_c_t_u_r_e Hooks in ssuuddoo are described by the following structure: typedef int (*sudo_hook_fn_t)(); struct sudo_hook { int hook_version; int hook_type; sudo_hook_fn_t hook_fn; void *closure; }; The sudo_hook structure has the following fields: hook_version The hook_version field should be set to SUDO_HOOK_VERSION. hook_type The hook_type field may be one of the following supported hook types: SUDO_HOOK_SETENV The C library setenv(3) function. Any registered hooks will run before the C library implementation. The hook_fn field should be a function that matches the following typedef: typedef int (*sudo_hook_fn_setenv_t)(const char *name, const char *value, int overwrite, void *closure); If the registered hook does not match the typedef the results are unspecified. SUDO_HOOK_UNSETENV The C library unsetenv(3) function. Any registered hooks will run before the C library implementation. The hook_fn field should be a function that matches the following typedef: typedef int (*sudo_hook_fn_unsetenv_t)(const char *name, void *closure); SUDO_HOOK_GETENV The C library getenv(3) function. Any registered hooks will run before the C library implementation. The hook_fn field should be a function that matches the following typedef: typedef int (*sudo_hook_fn_getenv_t)(const char *name, char **value, void *closure); If the registered hook does not match the typedef the results are unspecified. SUDO_HOOK_PUTENV The C library putenv(3) function. Any registered hooks will run before the C library implementation. The hook_fn field should be a function that matches the following typedef: typedef int (*sudo_hook_fn_putenv_t)(char *string, void *closure); If the registered hook does not match the typedef the results are unspecified. hook_fn sudo_hook_fn_t hook_fn; The hook_fn field should be set to the plugin's hook implementation. The actual function arguments will vary depending on the hook_type (see hook_type above). In all cases, the closure field of struct sudo_hook is passed as the last function parameter. This can be used to pass arbitrary data to the plugin's hook implementation. The function return value may be one of the following: SUDO_HOOK_RET_ERROR The hook function encountered an error. SUDO_HOOK_RET_NEXT The hook completed without error, go on to the next hook (including the native implementation if applicable). For example, a getenv(3) hook might return SUDO_HOOK_RET_NEXT if the specified variable was not found in the private copy of the environment. SUDO_HOOK_RET_STOP The hook completed without error, stop processing hooks for this invocation. This can be used to replace the native implementation. For example, a setenv hook that operates on a private copy of the environment but leaves environ unchanged. Note that it is very easy to create an infinite loop when hooking C library functions. For example, a getenv(3) hook that calls the snprintf(3) function may create a loop if the snprintf(3) implementation calls getenv(3) to check the locale. To prevent this, you may wish to use a static variable in the hook function to guard against nested calls. For example: static int in_progress = 0; /* avoid recursion */ if (in_progress) return SUDO_HOOK_RET_NEXT; in_progress = 1; ... in_progress = 0; return SUDO_HOOK_RET_STOP; _H_o_o_k _A_P_I _V_e_r_s_i_o_n _M_a_c_r_o_s /* Hook API version major/minor */ #define SUDO_HOOK_VERSION_MAJOR 1 #define SUDO_HOOK_VERSION_MINOR 0 #define SUDO_HOOK_MKVERSION(x, y) ((x << 16) | y) #define SUDO_HOOK_VERSION SUDO_HOOK_MKVERSION(SUDO_HOOK_VERSION_MAJOR,\ SUDO_HOOK_VERSION_MINOR) /* Getters and setters for hook API version */ #define SUDO_HOOK_VERSION_GET_MAJOR(v) ((v) >> 16) #define SUDO_HOOK_VERSION_GET_MINOR(v) ((v) & 0xffff) #define SUDO_HOOK_VERSION_SET_MAJOR(vp, n) do { \ *(vp) = (*(vp) & 0x0000ffff) | ((n) << 16); \ } while(0) #define SUDO_HOOK_VERSION_SET_MINOR(vp, n) do { \ *(vp) = (*(vp) & 0xffff0000) | (n); \ } while(0) RReemmoottee ccoommmmaanndd eexxeeccuuttiioonn The ssuuddoo front end does not have native support for running remote commands. However, starting with ssuuddoo 1.8.8, the --hh option may be used to specify a remote host that is passed to the policy plugin. A plugin may also accept a _r_u_n_a_s___u_s_e_r in the form of ``user@hostname'' which will work with older versions of ssuuddoo. It is anticipated that remote commands will be supported by executing a ``helper'' program. The policy plugin should setup the execution environment such that the ssuuddoo front end will run the helper which, in turn, will connect to the remote host and run the command. For example, the policy plugin could utilize sssshh to perform remote command execution. The helper program would be responsible for running sssshh with the proper options to use a private key or certificate that the remote host will accept and run a program on the remote host that would setup the execution environment accordingly. Note that remote ssuuddooeeddiitt functionality must be handled by the policy plugin, not ssuuddoo itself as the front end has no knowledge that a remote command is being executed. This may be addressed in a future revision of the plugin API. CCoonnvveerrssaattiioonn AAPPII If the plugin needs to interact with the user, it may do so via the ccoonnvveerrssaattiioonn() function. A plugin should not attempt to read directly from the standard input or the user's tty (neither of which are guaranteed to exist). The caller must include a trailing newline in msg if one is to be printed. A pprriinnttff()-style function is also available that can be used to display informational or error messages to the user, which is usually more convenient for simple messages where no use input is required. struct sudo_conv_message { #define SUDO_CONV_PROMPT_ECHO_OFF 0x0001 /* do not echo user input */ #define SUDO_CONV_PROMPT_ECHO_ON 0x0002 /* echo user input */ #define SUDO_CONV_ERROR_MSG 0x0003 /* error message */ #define SUDO_CONV_INFO_MSG 0x0004 /* informational message */ #define SUDO_CONV_PROMPT_MASK 0x0005 /* mask user input */ #define SUDO_CONV_DEBUG_MSG 0x0006 /* debugging message */ #define SUDO_CONV_PROMPT_ECHO_OK 0x1000 /* flag: allow echo if no tty */ int msg_type; int timeout; const char *msg; }; #define SUDO_CONV_REPL_MAX 255 struct sudo_conv_reply { char *reply; }; typedef int (*sudo_conv_t)(int num_msgs, const struct sudo_conv_message msgs[], struct sudo_conv_reply replies[]); typedef int (*sudo_printf_t)(int msg_type, const char *fmt, ...); Pointers to the ccoonnvveerrssaattiioonn() and pprriinnttff()-style functions are passed in to the plugin's ooppeenn() function when the plugin is initialized. To use the ccoonnvveerrssaattiioonn() function, the plugin must pass an array of sudo_conv_message and sudo_conv_reply structures. There must be a struct sudo_conv_message and struct sudo_conv_reply for each message in the conversation. The plugin is responsible for freeing the reply buffer located in each struct sudo_conv_reply, if it is not NULL. SUDO_CONV_REPL_MAX represents the maximum length of the reply buffer (not including the trailing NUL character). In practical terms, this is the longest password ssuuddoo will support. It is also useful as a maximum value for the mmeemmsseett__ss() function when clearing passwords filled in by the conversation function. The pprriinnttff()-style function uses the same underlying mechanism as the ccoonnvveerrssaattiioonn() function but only supports SUDO_CONV_INFO_MSG, SUDO_CONV_ERROR_MSG and SUDO_CONV_DEBUG_MSG for the _m_s_g___t_y_p_e parameter. It can be more convenient than using the ccoonnvveerrssaattiioonn() function if no user reply is needed and supports standard pprriinnttff() escape sequences. Unlike, SUDO_CONV_INFO_MSG and Dv SUDO_CONV_ERROR_MSG , messages sent with the SUDO_CONV_DEBUG_MSG _m_s_g___t_y_p_e are not directly user-visible. Instead, they are logged to the file specified in the Debug statement (if any) in the sudo.conf(4). file. This allows a plugin to log debugging information and is intended to be used in conjunction with the _d_e_b_u_g___f_l_a_g_s setting. See the sample plugin for an example of the ccoonnvveerrssaattiioonn() function usage. SSuuddooeerrss ggrroouupp pplluuggiinn AAPPII The ssuuddooeerrss plugin supports its own plugin interface to allow non-Unix group lookups. This can be used to query a group source other than the standard Unix group database. Two sample group plugins are bundled with ssuuddoo, _g_r_o_u_p___f_i_l_e and _s_y_s_t_e_m___g_r_o_u_p, are detailed in sudoers(4). Third party group plugins include a QAS AD plugin available from Quest Software. A group plugin must declare and populate a sudoers_group_plugin struct in the global scope. This structure contains pointers to the functions that implement plugin initialization, cleanup and group lookup. struct sudoers_group_plugin { unsigned int version; int (*init)(int version, sudo_printf_t sudo_printf, char *const argv[]); void (*cleanup)(void); int (*query)(const char *user, const char *group, const struct passwd *pwd); }; The sudoers_group_plugin struct has the following fields: version The version field should be set to GROUP_API_VERSION. This allows ssuuddooeerrss to determine the API version the group plugin was built against. init int (*init)(int version, sudo_printf_t plugin_printf, char *const argv[]); The iinniitt() function is called after _s_u_d_o_e_r_s has been parsed but before any policy checks. It returns 1 on success, 0 on failure (or if the plugin is not configured), and -1 if a error occurred. If an error occurs, the plugin may call the pplluuggiinn__pprriinnttff() function with SUDO_CONF_ERROR_MSG to present additional error information to the user. The function arguments are as follows: version The version passed in by ssuuddooeerrss allows the plugin to determine the major and minor version number of the group plugin API supported by ssuuddooeerrss. plugin_printf A pointer to a pprriinnttff()-style function that may be used to display informational or error message to the user. Returns the number of characters printed on success and -1 on failure. argv A NULL-terminated array of arguments generated from the _g_r_o_u_p___p_l_u_g_i_n option in _s_u_d_o_e_r_s. If no arguments were given, _a_r_g_v will be NULL. cleanup void (*cleanup)(); The cclleeaannuupp() function is called when ssuuddooeerrss has finished its group checks. The plugin should free any memory it has allocated and close open file handles. query int (*query)(const char *user, const char *group, const struct passwd *pwd); The qquueerryy() function is used to ask the group plugin whether _u_s_e_r is a member of _g_r_o_u_p. The function arguments are as follows: user The name of the user being looked up in the external group database. group The name of the group being queried. pwd The password database entry for _u_s_e_r, if any. If _u_s_e_r is not present in the password database, _p_w_d will be NULL. _G_r_o_u_p _A_P_I _V_e_r_s_i_o_n _M_a_c_r_o_s /* Sudoers group plugin version major/minor */ #define GROUP_API_VERSION_MAJOR 1 #define GROUP_API_VERSION_MINOR 0 #define GROUP_API_VERSION ((GROUP_API_VERSION_MAJOR << 16) | \ GROUP_API_VERSION_MINOR) /* Getters and setters for group version */ #define GROUP_API_VERSION_GET_MAJOR(v) ((v) >> 16) #define GROUP_API_VERSION_GET_MINOR(v) ((v) & 0xffff) #define GROUP_API_VERSION_SET_MAJOR(vp, n) do { \ *(vp) = (*(vp) & 0x0000ffff) | ((n) << 16); \ } while(0) #define GROUP_API_VERSION_SET_MINOR(vp, n) do { \ *(vp) = (*(vp) & 0xffff0000) | (n); \ } while(0) PPLLUUGGIINN AAPPII CCHHAANNGGEELLOOGG The following revisions have been made to the Sudo Plugin API. Version 1.0 Initial API version. Version 1.1 (sudo 1.8.0) The I/O logging plugin's ooppeenn() function was modified to take the command_info list as an argument. Version 1.2 (sudo 1.8.5) The Policy and I/O logging plugins' ooppeenn() functions are now passed a list of plugin parameters if any are specified in sudo.conf(4). A simple hooks API has been introduced to allow plugins to hook in to the system's environment handling functions. The init_session Policy plugin function is now passed a pointer to the user environment which can be updated as needed. This can be used to merge in environment variables stored in the PAM handle before a command is run. Version 1.3 (sudo 1.8.7) Support for the _e_x_e_c___b_a_c_k_g_r_o_u_n_d entry has been added to the command_info list. The _m_a_x___g_r_o_u_p_s and _p_l_u_g_i_n___d_i_r entries were added to the settings list. The vveerrssiioonn() and cclloossee() functions are now optional. Previously, a missing vveerrssiioonn() or cclloossee() function would result in a crash. If no policy plugin cclloossee() function is defined, a default cclloossee() function will be provided by the ssuuddoo front end that displays a warning if the command could not be executed. The ssuuddoo front end now installs default signal handlers to trap common signals while the plugin functions are run. Version 1.4 (sudo 1.8.8) The _r_e_m_o_t_e___h_o_s_t entry was added to the settings list. Version 1.5 (sudo 1.8.9) The entry was added to the command_info list. SSEEEE AALLSSOO sudo.conf(4), sudoers(4), sudo(1m) BBUUGGSS If you feel you have found a bug in ssuuddoo, please submit a bug report at http://www.sudo.ws/sudo/bugs/ SSUUPPPPOORRTT Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. DDIISSCCLLAAIIMMEERR ssuuddoo is provided ``AS IS'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. Sudo 1.8.9 December 20, 2013 Sudo 1.8.9 sudo-1.8.9p5/doc/sudo_plugin.man.in010064400175440000012000001652331226304127600165600ustar00millertstaff.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! .\" IT IS GENERATED AUTOMATICALLY FROM sudo_plugin.mdoc.in .\" .\" Copyright (c) 2009-2013 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .TH "SUDO_PLUGIN" "5" "December 20, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual" .nh .if n .ad l .SH "NAME" \fBsudo_plugin\fR \- Sudo Plugin API .SH "DESCRIPTION" Starting with version 1.8, \fBsudo\fR supports a plugin API for policy and session logging. Plugins may be compiled as dynamic shared objects (the default on systems that support them) or compiled statically into the \fBsudo\fR binary itself. By default, the \fBsudoers\fR policy plugin and an associated I/O logging plugin are used. Via the plugin API, \fBsudo\fR can be configured to use alternate policy and/or I/O logging plugins provided by third parties. The plugins to be used are specified in the sudo.conf(@mansectform@) file. .PP The API is versioned with a major and minor number. The minor version number is incremented when additions are made. The major number is incremented when incompatible changes are made. A plugin should be check the version passed to it and make sure that the major version matches. .PP The plugin API is defined by the \fRsudo_plugin.h\fR header file. .SS "Policy plugin API" A policy plugin must declare and populate a \fRpolicy_plugin\fR struct in the global scope. This structure contains pointers to the functions that implement the \fBsudo\fR policy checks. The name of the symbol should be specified in sudo.conf(@mansectform@) along with a path to the plugin so that \fBsudo\fR can load it. .nf .sp .RS 0n struct policy_plugin { #define SUDO_POLICY_PLUGIN 1 unsigned int type; /* always SUDO_POLICY_PLUGIN */ unsigned int version; /* always SUDO_API_VERSION */ int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], char * const user_info[], char * const user_env[], char * const plugin_options[]); void (*close)(int exit_status, int error); int (*show_version)(int verbose); int (*check_policy)(int argc, char * const argv[], char *env_add[], char **command_info[], char **argv_out[], char **user_env_out[]); int (*list)(int argc, char * const argv[], int verbose, const char *list_user); int (*validate)(void); void (*invalidate)(int remove); int (*init_session)(struct passwd *pwd, char **user_env[]); void (*register_hooks)(int version, int (*register_hook)(struct sudo_hook *hook)); void (*deregister_hooks)(int version, int (*deregister_hook)(struct sudo_hook *hook)); }; .RE .fi .PP The policy_plugin struct has the following fields: .TP 6n type The \fRtype\fR field should always be set to SUDO_POLICY_PLUGIN. .TP 6n version The \fRversion\fR field should be set to \fRSUDO_API_VERSION\fR. .sp This allows \fBsudo\fR to determine the API version the plugin was built against. .TP 6n open .RS .nf .RS 0n int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], char * const user_info[], char * const user_env[], char * const plugin_options[]); .RE .fi .sp Returns 1 on success, 0 on failure, \-1 if a general error occurred, or \-2 if there was a usage error. In the latter case, \fBsudo\fR will print a usage message before it exits. If an error occurs, the plugin may optionally call the \fBconversation\fR() or \fBplugin_printf\fR() function with \fRSUDO_CONF_ERROR_MSG\fR to present additional error information to the user. .sp The function arguments are as follows: .TP 6n version The version passed in by \fBsudo\fR allows the plugin to determine the major and minor version number of the plugin API supported by \fBsudo\fR. .TP 6n conversation A pointer to the \fBconversation\fR() function that can be used by the plugin to interact with the user (see below). Returns 0 on success and \-1 on failure. .TP 6n plugin_printf A pointer to a \fBprintf\fR()-style function that may be used to display informational or error messages (see below). Returns the number of characters printed on success and \-1 on failure. .TP 6n settings A vector of user-supplied \fBsudo\fR settings in the form of ``name=value'' strings. The vector is terminated by a \fRNULL\fR pointer. These settings correspond to flags the user specified when running \fBsudo\fR. As such, they will only be present when the corresponding flag has been specified on the command line. .sp When parsing \fIsettings\fR, the plugin should split on the \fBfirst\fR equal sign (`=') since the \fIname\fR field will never include one itself but the \fIvalue\fR might. .RS .TP 6n bsdauth_type=string Authentication type, if specified by the \fB\-a\fR flag, to use on systems where BSD authentication is supported. .TP 6n closefrom=number If specified, the user has requested via the \fB\-C\fR flag that \fBsudo\fR close all files descriptors with a value of \fInumber\fR or higher. The plugin may optionally pass this, or another value, back in the \fIcommand_info\fR list. .TP 6n debug_flags=string A comma-separated list of debug flags that correspond to \fBsudo\fR's \fRDebug\fR entry in sudo.conf(@mansectform@), if there is one. The flags are passed to the plugin as they appear in sudo.conf(@mansectform@). The syntax used by \fBsudo\fR and the \fBsudoers\fR plugin is \fIsubsystem\fR@\fIpriority\fR but the plugin is free to use a different format so long as it does not include a comma (`,\&'). There is not currently a way to specify a set of debug flags specific to the plugin--the flags are shared by \fBsudo\fR and the plugin. .TP 6n debug_level=number This setting has been deprecated in favor of \fIdebug_flags\fR. .TP 6n ignore_ticket=bool Set to true if the user specified the \fB\-k\fR flag along with a command, indicating that the user wishes to ignore any cached authentication credentials. \fIimplied_shell\fR to true. This allows \fBsudo\fR with no arguments to be used similarly to su(1). If the plugin does not to support this usage, it may return a value of \-2 from the \fBcheck_policy\fR() function, which will cause \fBsudo\fR to print a usage message and exit. .TP 6n implied_shell=bool If the user does not specify a program on the command line, \fBsudo\fR will pass the plugin the path to the user's shell and set .TP 6n login_class=string BSD login class to use when setting resource limits and nice value, if specified by the \fB\-c\fR flag. .TP 6n login_shell=bool Set to true if the user specified the \fB\-i\fR flag, indicating that the user wishes to run a login shell. .TP 6n max_groups=int The maximum number of groups a user may belong to. This will only be present if there is a corresponding setting in sudo.conf(@mansectform@). .TP 6n network_addrs=list A space-separated list of IP network addresses and netmasks in the form ``addr/netmask'', e.g.\& ``192.168.1.2/255.255.255.0''. The address and netmask pairs may be either IPv4 or IPv6, depending on what the operating system supports. If the address contains a colon (`:\&'), it is an IPv6 address, else it is IPv4. .TP 6n noninteractive=bool Set to true if the user specified the \fB\-n\fR flag, indicating that \fBsudo\fR should operate in non-interactive mode. The plugin may reject a command run in non-interactive mode if user interaction is required. .TP 6n plugin_dir=string The default plugin directory used by the \fBsudo\fR front end. This is the default directory set at compile time and may not correspond to the directory the running plugin was loaded from. It may be used by a plugin to locate support files. .TP 6n preserve_environment=bool Set to true if the user specified the \fB\-E\fR flag, indicating that the user wishes to preserve the environment. .TP 6n preserve_groups=bool Set to true if the user specified the \fB\-P\fR flag, indicating that the user wishes to preserve the group vector instead of setting it based on the runas user. .TP 6n progname=string The command name that sudo was run as, typically ``sudo'' or ``sudoedit''. .TP 6n prompt=string The prompt to use when requesting a password, if specified via the \fB\-p\fR flag. .TP 6n remote_host=string The name of the remote host to run the command on, if specified via the \fB\-h\fR option. Support for running the command on a remote host is meant to be implemented via a helper program that is executed in place of the user-specified command. The \fBsudo\fR front end is only capable of executing commands on the local host. Only available starting with API version 1.4. .TP 6n run_shell=bool Set to true if the user specified the \fB\-s\fR flag, indicating that the user wishes to run a shell. .TP 6n runas_group=string The group name or gid to run the command as, if specified via the \fB\-g\fR flag. .TP 6n runas_user=string The user name or uid to run the command as, if specified via the \fB\-u\fR flag. .TP 6n selinux_role=string SELinux role to use when executing the command, if specified by the \fB\-r\fR flag. .TP 6n selinux_type=string SELinux type to use when executing the command, if specified by the \fB\-t\fR flag. .TP 6n set_home=bool Set to true if the user specified the \fB\-H\fR flag. If true, set the \fRHOME\fR environment variable to the target user's home directory. .TP 6n sudoedit=bool Set to true when the \fB\-e\fR flag is is specified or if invoked as \fBsudoedit\fR. The plugin shall substitute an editor into \fIargv\fR in the \fBcheck_policy\fR() function or return \-2 with a usage error if the plugin does not support \fIsudoedit\fR. For more information, see the \fIcheck_policy\fR section. .PP Additional settings may be added in the future so the plugin should silently ignore settings that it does not recognize. .PP .RE .PD 0 .TP 6n user_info A vector of information about the user running the command in the form of ``name=value'' strings. The vector is terminated by a \fRNULL\fR pointer. .sp When parsing \fIuser_info\fR, the plugin should split on the \fBfirst\fR equal sign (`=') since the \fIname\fR field will never include one itself but the \fIvalue\fR might. .RS .PD .TP 6n cols=int The number of columns the user's terminal supports. If there is no terminal device available, a default value of 80 is used. .TP 6n cwd=string The user's current working directory. .TP 6n egid=gid_t The effective group ID of the user invoking \fBsudo\fR. .TP 6n euid=uid_t The effective user ID of the user invoking \fBsudo\fR. .TP 6n gid=gid_t The real group ID of the user invoking \fBsudo\fR. .TP 6n groups=list The user's supplementary group list formatted as a string of comma-separated group IDs. .TP 6n host=string The local machine's hostname as returned by the gethostname(2) system call. .TP 6n lines=int The number of lines the user's terminal supports. If there is no terminal device available, a default value of 24 is used. .TP 6n pgid=int The ID of the process group that the running \fBsudo\fR process is a member of. Only available starting with API version 1.2. .TP 6n pid=int The process ID of the running \fBsudo\fR process. Only available starting with API version 1.2. .TP 6n plugin_options Any (non-comment) strings immediately after the plugin path are passed as arguments to the plugin. These arguments are split on a white space boundary and are passed to the plugin in the form of a \fRNULL\fR-terminated array of strings. If no arguments were specified, \fIplugin_options\fR will be the \fRNULL\fR pointer. .sp NOTE: the \fIplugin_options\fR parameter is only available starting with API version 1.2. A plugin \fBmust\fR check the API version specified by the \fBsudo\fR front end before using \fIplugin_options\fR. Failure to do so may result in a crash. .TP 6n ppid=int The parent process ID of the running \fBsudo\fR process. Only available starting with API version 1.2. .TP 6n sid=int The session ID of the running \fBsudo\fR process or 0 if \fBsudo\fR is not part of a POSIX job control session. Only available starting with API version 1.2. .TP 6n tcpgid=int The ID of the foreground process group associated with the terminal device associated with the \fBsudo\fR process or \-1 if there is no terminal present. Only available starting with API version 1.2. .TP 6n tty=string The path to the user's terminal device. If the user has no terminal device associated with the session, the value will be empty, as in ``\fRtty=\fR''. .TP 6n uid=uid_t The real user ID of the user invoking \fBsudo\fR. .TP 6n user=string The name of the user invoking \fBsudo\fR. .PP .RE .PD 0 .TP 6n user_env The user's environment in the form of a \fRNULL\fR-terminated vector of ``name=value'' strings. .sp When parsing \fIuser_env\fR, the plugin should split on the \fBfirst\fR equal sign (`=') since the \fIname\fR field will never include one itself but the \fIvalue\fR might. .PD .PP .RE .PD 0 .TP 6n close .br .RS .nf .RS 0n void (*close)(int exit_status, int error); .RE .fi .sp The \fBclose\fR() function is called when the command being run by \fBsudo\fR finishes. .sp The function arguments are as follows: .PD .TP 6n exit_status The command's exit status, as returned by the wait(2) system call. The value of \fRexit_status\fR is undefined if \fRerror\fR is non-zero. .TP 6n error .br If the command could not be executed, this is set to the value of \fRerrno\fR set by the execve(2) system call. The plugin is responsible for displaying error information via the \fBconversation\fR() or \fBplugin_printf\fR() function. If the command was successfully executed, the value of \fRerror\fR is 0. .PP If no \fBclose\fR() function is defined, no I/O logging plugins are loaded, and neither the \fItimeout\fR not \fIuse_pty\fR options are set in the \fRcommand_info\fR list, the \fBsudo\fR front end may execute the command directly instead of running it as a child process. .PP .RE .PD 0 .TP 6n show_version .RS .nf .RS 0n int (*show_version)(int verbose); .RE .fi .sp The \fBshow_version\fR() function is called by \fBsudo\fR when the user specifies the \fB\-V\fR option. The plugin may display its version information to the user via the \fBconversation\fR() or \fBplugin_printf\fR() function using \fRSUDO_CONV_INFO_MSG\fR. If the user requests detailed version information, the verbose flag will be set. .PD .PP .RE .PD 0 .TP 6n check_policy .RS .nf .RS 0n int (*check_policy)(int argc, char * const argv[] char *env_add[], char **command_info[], char **argv_out[], char **user_env_out[]); .RE .fi .sp The \fBcheck_policy\fR() function is called by \fBsudo\fR to determine whether the user is allowed to run the specified commands. .sp If the \fIsudoedit\fR option was enabled in the \fIsettings\fR array passed to the \fBopen\fR() function, the user has requested \fIsudoedit\fR mode. \fIsudoedit\fR is a mechanism for editing one or more files where an editor is run with the user's credentials instead of with elevated privileges. \fBsudo\fR achieves this by creating user-writable temporary copies of the files to be edited and then overwriting the originals with the temporary copies after editing is complete. If the plugin supports \fIsudoedit\fR, it should choose the editor to be used, potentially from a variable in the user's environment, such as \fREDITOR\fR, and include it in \fIargv_out\fR (note that environment variables may include command line flags). The files to be edited should be copied from \fIargv\fR into \fIargv_out\fR, separated from the editor and its arguments by a ``\fR--\fR'' element. The ``\fR--\fR'' will be removed by \fBsudo\fR before the editor is executed. The plugin should also set \fIsudoedit=true\fR in the \fIcommand_info\fR list. .sp The \fBcheck_policy\fR() function returns 1 if the command is allowed, 0 if not allowed, \-1 for a general error, or \-2 for a usage error or if \fIsudoedit\fR was specified but is unsupported by the plugin. In the latter case, \fBsudo\fR will print a usage message before it exits. If an error occurs, the plugin may optionally call the \fBconversation\fR() or \fBplugin_printf\fR() function with \fRSUDO_CONF_ERROR_MSG\fR to present additional error information to the user. .sp The function arguments are as follows: .PD .TP 6n argc The number of elements in \fIargv\fR, not counting the final \fRNULL\fR pointer. .TP 6n argv The argument vector describing the command the user wishes to run, in the same form as what would be passed to the execve(2) system call. The vector is terminated by a \fRNULL\fR pointer. .TP 6n env_add Additional environment variables specified by the user on the command line in the form of a \fRNULL\fR-terminated vector of ``name=value'' strings. The plugin may reject the command if one or more variables are not allowed to be set, or it may silently ignore such variables. .sp When parsing \fIenv_add\fR, the plugin should split on the \fBfirst\fR equal sign (`=') since the \fIname\fR field will never include one itself but the \fIvalue\fR might. .TP 6n command_info Information about the command being run in the form of ``name=value'' strings. These values are used by \fBsudo\fR to set the execution environment when running a command. The plugin is responsible for creating and populating the vector, which must be terminated with a \fRNULL\fR pointer. The following values are recognized by \fBsudo\fR: .RS .TP 6n chroot=string The root directory to use when running the command. .TP 6n closefrom=number If specified, \fBsudo\fR will close all files descriptors with a value of \fInumber\fR or higher. .TP 6n command=string Fully qualified path to the command to be executed. .TP 6n cwd=string The current working directory to change to when executing the command. .TP 6n exec_background=bool By default, \fBsudo\fR runs a command as the foreground process as long as \fBsudo\fR itself is running in the foreground. When \fIexec_background\fR is enabled and the command is being run in a pty (due to I/O logging or the \fIuse_pty\fR setting), the command will be run as a background process. Attempts to read from the controlling terminal (or to change terminal settings) will result in the command being suspended with the \fRSIGTTIN\fR signal (or \fRSIGTTOU\fR in the case of terminal settings). If this happens when \fBsudo\fR is a foreground process, the command will be granted the controlling terminal and resumed in the foreground with no user intervention required. The advantage of initially running the command in the background is that \fBsudo\fR need not read from the terminal unless the command explicitly requests it. Otherwise, any terminal input must be passed to the command, whether it has required it or not (the kernel buffers terminals so it is not possible to tell whether the command really wants the input). This is different from historic \fIsudo\fR behavior or when the command is not being run in a pty. .sp For this to work seamlessly, the operating system must support the automatic restarting of system calls. Unfortunately, not all operating systems do this by default, and even those that do may have bugs. For example, Mac OS X fails to restart the \fBtcgetattr\fR() and \fBtcsetattr\fR() system calls (this is a bug in Mac OS X). Furthermore, because this behavior depends on the command stopping with the \fRSIGTTIN\fR or \fRSIGTTOU\fR signals, programs that catch these signals and suspend themselves with a different signal (usually \fRSIGTOP\fR) will not be automatically foregrounded. Some versions of the linux su(1) command behave this way. Because of this, a plugin should not set \fIexec_background\fR unless it is explicitly enabled by the administrator and there should be a way to enabled or disable it on a per-command basis. .sp This setting has no effect unless I/O logging is enabled or \fIuse_pty\fR is enabled. .TP 6n iolog_compress=bool Set to true if the I/O logging plugins, if any, should compress the log data. This is a hint to the I/O logging plugin which may choose to ignore it. .TP 6n iolog_path=string Fully qualified path to the file or directory in which I/O log is to be stored. This is a hint to the I/O logging plugin which may choose to ignore it. If no I/O logging plugin is loaded, this setting has no effect. .TP 6n iolog_stdin=bool Set to true if the I/O logging plugins, if any, should log the standard input if it is not connected to a terminal device. This is a hint to the I/O logging plugin which may choose to ignore it. .TP 6n iolog_stdout=bool Set to true if the I/O logging plugins, if any, should log the standard output if it is not connected to a terminal device. This is a hint to the I/O logging plugin which may choose to ignore it. .TP 6n iolog_stderr=bool Set to true if the I/O logging plugins, if any, should log the standard error if it is not connected to a terminal device. This is a hint to the I/O logging plugin which may choose to ignore it. .TP 6n iolog_ttyin=bool Set to true if the I/O logging plugins, if any, should log all terminal input. This only includes input typed by the user and not from a pipe or redirected from a file. This is a hint to the I/O logging plugin which may choose to ignore it. .TP 6n iolog_ttyout=bool Set to true if the I/O logging plugins, if any, should log all terminal output. This only includes output to the screen, not output to a pipe or file. This is a hint to the I/O logging plugin which may choose to ignore it. .TP 6n login_class=string BSD login class to use when setting resource limits and nice value (optional). This option is only set on systems that support login classes. .TP 6n nice=int Nice value (priority) to use when executing the command. The nice value, if specified, overrides the priority associated with the \fIlogin_class\fR on BSD systems. .TP 6n noexec=bool If set, prevent the command from executing other programs. .TP 6n preserve_fds=list A comma-separated list of file descriptors that should be preserved, regardless of the value of the \fIclosefrom\fR setting. Only available starting with API version 1.5. .TP 6n preserve_groups=bool If set, \fBsudo\fR will preserve the user's group vector instead of initializing the group vector based on \fRrunas_user\fR. .TP 6n runas_egid=gid Effective group ID to run the command as. If not specified, the value of \fIrunas_gid\fR is used. .TP 6n runas_euid=uid Effective user ID to run the command as. If not specified, the value of \fIrunas_uid\fR is used. .TP 6n runas_gid=gid Group ID to run the command as. .TP 6n runas_groups=list The supplementary group vector to use for the command in the form of a comma-separated list of group IDs. If \fIpreserve_groups\fR is set, this option is ignored. .TP 6n runas_uid=uid User ID to run the command as. .TP 6n selinux_role=string SELinux role to use when executing the command. .TP 6n selinux_type=string SELinux type to use when executing the command. .TP 6n set_utmp=bool Create a utmp (or utmpx) entry when a pseudo-tty is allocated. By default, the new entry will be a copy of the user's existing utmp entry (if any), with the tty, time, type and pid fields updated. .TP 6n sudoedit=bool Set to true when in \fIsudoedit\fR mode. The plugin may enable \fIsudoedit\fR mode even if \fBsudo\fR was not invoked as \fBsudoedit\fR. This allows the plugin to perform command substitution and transparently enable \fIsudoedit\fR when the user attempts to run an editor. .TP 6n timeout=int Command timeout. If non-zero then when the timeout expires the command will be killed. .TP 6n umask=octal The file creation mask to use when executing the command. .TP 6n use_pty=bool Allocate a pseudo-tty to run the command in, regardless of whether or not I/O logging is in use. By default, \fBsudo\fR will only run the command in a pty when an I/O log plugin is loaded. .TP 6n utmp_user=string User name to use when constructing a new utmp (or utmpx) entry when \fIset_utmp\fR is enabled. This option can be used to set the user field in the utmp entry to the user the command runs as rather than the invoking user. If not set, \fBsudo\fR will base the new entry on the invoking user's existing entry. .PP Unsupported values will be ignored. .PP .RE .PD 0 .TP 6n argv_out The \fRNULL\fR-terminated argument vector to pass to the execve(2) system call when executing the command. The plugin is responsible for allocating and populating the vector. .PD .TP 6n user_env_out The \fRNULL\fR-terminated environment vector to use when executing the command. The plugin is responsible for allocating and populating the vector. .PP .RE .PD 0 .TP 6n list .RS .nf .RS 0n int (*list)(int verbose, const char *list_user, int argc, char * const argv[]); .RE .fi .sp List available privileges for the invoking user. Returns 1 on success, 0 on failure and \-1 on error. On error, the plugin may optionally call the \fBconversation\fR() or \fBplugin_printf\fR() function with \fRSUDO_CONF_ERROR_MSG\fR to present additional error information to the user. .sp Privileges should be output via the \fBconversation\fR() or \fBplugin_printf\fR() function using \fRSUDO_CONV_INFO_MSG\fR, .PD .TP 6n verbose Flag indicating whether to list in verbose mode or not. .TP 6n list_user The name of a different user to list privileges for if the policy allows it. If \fRNULL\fR, the plugin should list the privileges of the invoking user. .TP 6n argc The number of elements in \fIargv\fR, not counting the final \fRNULL\fR pointer. .TP 6n argv If non-\fRNULL\fR, an argument vector describing a command the user wishes to check against the policy in the same form as what would be passed to the execve(2) system call. If the command is permitted by the policy, the fully-qualified path to the command should be displayed along with any command line arguments. .PP .RE .PD 0 .TP 6n validate .RS .nf .RS 0n int (*validate)(void); .RE .fi .sp The \fBvalidate\fR() function is called when \fBsudo\fR is run with the \fB\-v\fR flag. For policy plugins such as \fBsudoers\fR that cache authentication credentials, this function will validate and cache the credentials. .sp The \fBvalidate\fR() function should be \fRNULL\fR if the plugin does not support credential caching. .sp Returns 1 on success, 0 on failure and \-1 on error. On error, the plugin may optionally call the \fBconversation\fR() or \fBplugin_printf\fR() function with \fRSUDO_CONF_ERROR_MSG\fR to present additional error information to the user. .PD .PP .RE .PD 0 .TP 6n invalidate .RS .nf .RS 0n void (*invalidate)(int remove); .RE .fi .sp The \fBinvalidate\fR() function is called when \fBsudo\fR is called with the \fB\-k\fR or \fB\-K\fR flag. For policy plugins such as \fBsudoers\fR that cache authentication credentials, this function will invalidate the credentials. If the \fIremove\fR flag is set, the plugin may remove the credentials instead of simply invalidating them. .sp The \fBinvalidate\fR() function should be \fRNULL\fR if the plugin does not support credential caching. .PD .PP .RE .PD 0 .TP 6n init_session .RS .nf .RS 0n int (*init_session)(struct passwd *pwd, char **user_envp[); .RE .fi .sp The \fBinit_session\fR() function is called before \fBsudo\fR sets up the execution environment for the command. It is run in the parent \fBsudo\fR process and before any uid or gid changes. This can be used to perform session setup that is not supported by \fIcommand_info\fR, such as opening the PAM session. The \fBclose\fR() function can be used to tear down the session that was opened by \fRinit_session\fR. .sp The \fIpwd\fR argument points to a passwd struct for the user the command will be run as if the uid the command will run as was found in the password database, otherwise it will be \fRNULL\fR. .sp The \fIuser_env\fR argument points to the environment the command will run in, in the form of a \fRNULL\fR-terminated vector of ``name=value'' strings. This is the same string passed back to the front end via the Policy Plugin's \fIuser_env_out\fR parameter. If the \fBinit_session\fR() function needs to modify the user environment, it should update the pointer stored in \fIuser_env\fR. The expected use case is to merge the contents of the PAM environment (if any) with the contents of \fIuser_env\fR. NOTE: the \fIuser_env\fR parameter is only available starting with API version 1.2. A plugin \fBmust\fR check the API version specified by the \fBsudo\fR front end before using \fIuser_env\fR. Failure to do so may result in a crash. .sp Returns 1 on success, 0 on failure and \-1 on error. On error, the plugin may optionally call the \fBconversation\fR() or \fBplugin_printf\fR() function with \fRSUDO_CONF_ERROR_MSG\fR to present additional error information to the user. .PD .PP .RE .PD 0 .TP 6n register_hooks .RS .nf .RS 0n void (*register_hooks)(int version, int (*register_hook)(struct sudo_hook *hook)); .RE .fi .sp The \fBregister_hooks\fR() function is called by the sudo front end to register any hooks the plugin needs. If the plugin does not support hooks, \fRregister_hooks\fR should be set to the \fRNULL\fR pointer. .sp The \fIversion\fR argument describes the version of the hooks API supported by the \fBsudo\fR front end. .sp The \fBregister_hook\fR() function should be used to register any supported hooks the plugin needs. It returns 0 on success, 1 if the hook type is not supported and \-1 if the major version in \fRstruct hook\fR does not match the front end's major hook API version. .sp See the \fIHook function API\fR section below for more information about hooks. .sp NOTE: the \fBregister_hooks\fR() function is only available starting with API version 1.2. If the \fBsudo\fR front end doesn't support API version 1.2 or higher, \fRregister_hooks\fR will not be called. .PD .PP .RE .PD 0 .TP 6n deregister_hooks .RS .nf .RS 0n void (*deregister_hooks)(int version, int (*deregister_hook)(struct sudo_hook *hook)); .RE .fi .sp The \fBderegister_hooks\fR() function is called by the sudo front end to deregister any hooks the plugin has registered. If the plugin does not support hooks, \fRderegister_hooks\fR should be set to the \fRNULL\fR pointer. .sp The \fIversion\fR argument describes the version of the hooks API supported by the \fBsudo\fR front end. .sp The \fBderegister_hook\fR() function should be used to deregister any hooks that were put in place by the \fBregister_hook\fR() function. If the plugin tries to deregister a hook that the front end does not support, \fRderegister_hook\fR will return an error. .sp See the \fIHook function API\fR section below for more information about hooks. .sp NOTE: the \fBderegister_hooks\fR() function is only available starting with API version 1.2. If the \fBsudo\fR front end doesn't support API version 1.2 or higher, \fRderegister_hooks\fR will not be called. .RE .PD .PP \fIPolicy Plugin Version Macros\fR .nf .sp .RS 0n /* Plugin API version major/minor. */ #define SUDO_API_VERSION_MAJOR 1 #define SUDO_API_VERSION_MINOR 2 #define SUDO_API_MKVERSION(x, y) ((x << 16) | y) #define SUDO_API_VERSION SUDO_API_MKVERSION(SUDO_API_VERSION_MAJOR,\e SUDO_API_VERSION_MINOR) /* Getters and setters for API version */ #define SUDO_API_VERSION_GET_MAJOR(v) ((v) >> 16) #define SUDO_API_VERSION_GET_MINOR(v) ((v) & 0xffff) #define SUDO_API_VERSION_SET_MAJOR(vp, n) do { \e *(vp) = (*(vp) & 0x0000ffff) | ((n) << 16); \e } while(0) #define SUDO_VERSION_SET_MINOR(vp, n) do { \e *(vp) = (*(vp) & 0xffff0000) | (n); \e } while(0) .RE .fi .SS "I/O plugin API" .nf .RS 0n struct io_plugin { #define SUDO_IO_PLUGIN 2 unsigned int type; /* always SUDO_IO_PLUGIN */ unsigned int version; /* always SUDO_API_VERSION */ int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], char * const user_info[], char * const command_info[], int argc, char * const argv[], char * const user_env[], char * const plugin_options[]); void (*close)(int exit_status, int error); /* wait status or error */ int (*show_version)(int verbose); int (*log_ttyin)(const char *buf, unsigned int len); int (*log_ttyout)(const char *buf, unsigned int len); int (*log_stdin)(const char *buf, unsigned int len); int (*log_stdout)(const char *buf, unsigned int len); int (*log_stderr)(const char *buf, unsigned int len); void (*register_hooks)(int version, int (*register_hook)(struct sudo_hook *hook)); void (*deregister_hooks)(int version, int (*deregister_hook)(struct sudo_hook *hook)); }; .RE .fi .PP When an I/O plugin is loaded, \fBsudo\fR runs the command in a pseudo-tty. This makes it possible to log the input and output from the user's session. If any of the standard input, standard output or standard error do not correspond to a tty, \fBsudo\fR will open a pipe to capture the I/O for logging before passing it on. .PP The log_ttyin function receives the raw user input from the terminal device (note that this will include input even when echo is disabled, such as when a password is read). The log_ttyout function receives output from the pseudo-tty that is suitable for replaying the user's session at a later time. The \fBlog_stdin\fR(), \fBlog_stdout\fR() and \fBlog_stderr\fR() functions are only called if the standard input, standard output or standard error respectively correspond to something other than a tty. .PP Any of the logging functions may be set to the \fRNULL\fR pointer if no logging is to be performed. If the open function returns 0, no I/O will be sent to the plugin. .PP The io_plugin struct has the following fields: .TP 6n type The \fRtype\fR field should always be set to \fRSUDO_IO_PLUGIN\fR. .TP 6n version The \fRversion\fR field should be set to \fRSUDO_API_VERSION\fR. .sp This allows \fBsudo\fR to determine the API version the plugin was built against. .TP 6n open .RS .nf .RS 0n int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], char * const user_info[], int argc, char * const argv[], char * const user_env[], char * const plugin_options[]); .RE .fi .sp The \fBopen\fR() function is run before the \fBlog_input\fR(), \fBlog_output\fR() or \fBshow_version\fR() functions are called. It is only called if the version is being requested or the \fBcheck_policy\fR() function has returned successfully. It returns 1 on success, 0 on failure, \-1 if a general error occurred, or \-2 if there was a usage error. In the latter case, \fBsudo\fR will print a usage message before it exits. If an error occurs, the plugin may optionally call the \fBconversation\fR() or \fBplugin_printf\fR() function with \fRSUDO_CONF_ERROR_MSG\fR to present additional error information to the user. .sp The function arguments are as follows: .TP 6n version The version passed in by \fBsudo\fR allows the plugin to determine the major and minor version number of the plugin API supported by \fBsudo\fR. .TP 6n conversation A pointer to the \fBconversation\fR() function that may be used by the \fBshow_version\fR() function to display version information (see \fBshow_version\fR() below). The \fBconversation\fR() function may also be used to display additional error message to the user. The \fBconversation\fR() function returns 0 on success and \-1 on failure. .TP 6n plugin_printf A pointer to a \fBprintf\fR()-style function that may be used by the \fBshow_version\fR() function to display version information (see show_version below). The \fBplugin_printf\fR() function may also be used to display additional error message to the user. The \fBplugin_printf\fR() function returns number of characters printed on success and \-1 on failure. .TP 6n settings A vector of user-supplied \fBsudo\fR settings in the form of ``name=value'' strings. The vector is terminated by a \fRNULL\fR pointer. These settings correspond to flags the user specified when running \fBsudo\fR. As such, they will only be present when the corresponding flag has been specified on the command line. .sp When parsing \fIsettings\fR, the plugin should split on the \fBfirst\fR equal sign (`=') since the \fIname\fR field will never include one itself but the \fIvalue\fR might. .sp See the \fIPolicy plugin API\fR section for a list of all possible settings. .TP 6n user_info A vector of information about the user running the command in the form of ``name=value'' strings. The vector is terminated by a \fRNULL\fR pointer. .sp When parsing \fIuser_info\fR, the plugin should split on the \fBfirst\fR equal sign (`=') since the \fIname\fR field will never include one itself but the \fIvalue\fR might. .sp See the \fIPolicy plugin API\fR section for a list of all possible strings. .TP 6n argc The number of elements in \fIargv\fR, not counting the final \fRNULL\fR pointer. .TP 6n argv If non-\fRNULL\fR, an argument vector describing a command the user wishes to run in the same form as what would be passed to the execve(2) system call. .TP 6n user_env The user's environment in the form of a \fRNULL\fR-terminated vector of ``name=value'' strings. .sp When parsing \fIuser_env\fR, the plugin should split on the \fBfirst\fR equal sign (`=') since the \fIname\fR field will never include one itself but the \fIvalue\fR might. .TP 6n plugin_options Any (non-comment) strings immediately after the plugin path are treated as arguments to the plugin. These arguments are split on a white space boundary and are passed to the plugin in the form of a \fRNULL\fR-terminated array of strings. If no arguments were specified, \fIplugin_options\fR will be the \fRNULL\fR pointer. .sp NOTE: the \fIplugin_options\fR parameter is only available starting with API version 1.2. A plugin \fBmust\fR check the API version specified by the \fBsudo\fR front end before using \fIplugin_options\fR. Failure to do so may result in a crash. .PP .RE .PD 0 .TP 6n close .br .RS .nf .RS 0n void (*close)(int exit_status, int error); .RE .fi .sp The \fBclose\fR() function is called when the command being run by \fBsudo\fR finishes. .sp The function arguments are as follows: .PD .TP 6n exit_status The command's exit status, as returned by the wait(2) system call. The value of \fRexit_status\fR is undefined if \fRerror\fR is non-zero. .TP 6n error .br If the command could not be executed, this is set to the value of \fRerrno\fR set by the execve(2) system call. If the command was successfully executed, the value of \fRerror\fR is 0. .PP .RE .PD 0 .TP 6n show_version .RS .nf .RS 0n int (*show_version)(int verbose); .RE .fi .sp The \fBshow_version\fR() function is called by \fBsudo\fR when the user specifies the \fB\-V\fR option. The plugin may display its version information to the user via the \fBconversation\fR() or \fBplugin_printf\fR() function using \fRSUDO_CONV_INFO_MSG\fR. If the user requests detailed version information, the verbose flag will be set. .PD .PP .RE .PD 0 .TP 6n log_ttyin .RS .nf .RS 0n int (*log_ttyin)(const char *buf, unsigned int len); .RE .fi .sp The \fBlog_ttyin\fR() function is called whenever data can be read from the user but before it is passed to the running command. This allows the plugin to reject data if it chooses to (for instance if the input contains banned content). Returns 1 if the data should be passed to the command, 0 if the data is rejected (which will terminate the command) or \-1 if an error occurred. .sp The function arguments are as follows: .PD .TP 6n buf The buffer containing user input. .TP 6n len The length of \fIbuf\fR in bytes. .PP .RE .PD 0 .TP 6n log_ttyout .RS .nf .RS 0n int (*log_ttyout)(const char *buf, unsigned int len); .RE .fi .sp The \fBlog_ttyout\fR() function is called whenever data can be read from the command but before it is written to the user's terminal. This allows the plugin to reject data if it chooses to (for instance if the output contains banned content). Returns 1 if the data should be passed to the user, 0 if the data is rejected (which will terminate the command) or \-1 if an error occurred. .sp The function arguments are as follows: .PD .TP 6n buf The buffer containing command output. .TP 6n len The length of \fIbuf\fR in bytes. .PP .RE .PD 0 .TP 6n log_stdin .RS .nf .RS 0n int (*log_stdin)(const char *buf, unsigned int len); .RE .fi .sp The \fBlog_stdin\fR() function is only used if the standard input does not correspond to a tty device. It is called whenever data can be read from the standard input but before it is passed to the running command. This allows the plugin to reject data if it chooses to (for instance if the input contains banned content). Returns 1 if the data should be passed to the command, 0 if the data is rejected (which will terminate the command) or \-1 if an error occurred. .sp The function arguments are as follows: .PD .TP 6n buf The buffer containing user input. .TP 6n len The length of \fIbuf\fR in bytes. .PP .RE .PD 0 .TP 6n log_stdout .RS .nf .RS 0n int (*log_stdout)(const char *buf, unsigned int len); .RE .fi .sp The \fBlog_stdout\fR() function is only used if the standard output does not correspond to a tty device. It is called whenever data can be read from the command but before it is written to the standard output. This allows the plugin to reject data if it chooses to (for instance if the output contains banned content). Returns 1 if the data should be passed to the user, 0 if the data is rejected (which will terminate the command) or \-1 if an error occurred. .sp The function arguments are as follows: .PD .TP 6n buf The buffer containing command output. .TP 6n len The length of \fIbuf\fR in bytes. .PP .RE .PD 0 .TP 6n log_stderr .RS .nf .RS 0n int (*log_stderr)(const char *buf, unsigned int len); .RE .fi .sp The \fBlog_stderr\fR() function is only used if the standard error does not correspond to a tty device. It is called whenever data can be read from the command but before it is written to the standard error. This allows the plugin to reject data if it chooses to (for instance if the output contains banned content). Returns 1 if the data should be passed to the user, 0 if the data is rejected (which will terminate the command) or \-1 if an error occurred. .sp The function arguments are as follows: .PD .TP 6n buf The buffer containing command output. .TP 6n len The length of \fIbuf\fR in bytes. .PP .RE .PD 0 .TP 6n register_hooks See the \fIPolicy plugin API\fR section for a description of \fRregister_hooks\fR. .PD .TP 6n deregister_hooks See the \fIPolicy plugin API\fR section for a description of \fRderegister_hooks.\fR .PP \fII/O Plugin Version Macros\fR .PP Same as for the \fIPolicy plugin API\fR. .SS "Signal handlers" The \fBsudo\fR front end installs default signal handlers to trap common signals while the plugin functions are run. The following signals are trapped by default before the command is executed: .TP 4n \fBo\fR \fRSIGALRM\fR .PD 0 .TP 4n \fBo\fR \fRSIGHUP\fR .TP 4n \fBo\fR \fRSIGINT\fR .TP 4n \fBo\fR \fRSIGQUIT\fR .TP 4n \fBo\fR \fRSIGTERM\fR .TP 4n \fBo\fR \fRSIGTSTP\fR .TP 4n \fBo\fR \fRSIGUSR1\fR .TP 4n \fBo\fR \fRSIGUSR2\fR .PD .PP If a fatal signal is received before the command is executed, \fBsudo\fR will call the plugin's \fBclose\fR() function with an exit status of 128 plus the value of the signal that was received. This allows for consistent logging of commands killed by a signal for plugins that log such information in their \fBclose\fR() function. .PP A plugin may temporarily install its own signal handlers but must restore the original handler before the plugin function returns. .SS "Hook function API" Beginning with plugin API version 1.2, it is possible to install hooks for certain functions called by the \fBsudo\fR front end. .PP Currently, the only supported hooks relate to the handling of environment variables. Hooks can be used to intercept attempts to get, set, or remove environment variables so that these changes can be reflected in the version of the environment that is used to execute a command. A future version of the API will support hooking internal \fBsudo\fR front end functions as well. .PP \fIHook structure\fR .PP Hooks in \fBsudo\fR are described by the following structure: .nf .sp .RS 0n typedef int (*sudo_hook_fn_t)(); struct sudo_hook { int hook_version; int hook_type; sudo_hook_fn_t hook_fn; void *closure; }; .RE .fi .PP The \fRsudo_hook\fR structure has the following fields: .TP 6n hook_version The \fRhook_version\fR field should be set to \fRSUDO_HOOK_VERSION\fR. .TP 6n hook_type The \fRhook_type\fR field may be one of the following supported hook types: .RS .TP 6n \fRSUDO_HOOK_SETENV\fR The C library setenv(3) function. Any registered hooks will run before the C library implementation. The \fRhook_fn\fR field should be a function that matches the following typedef: .RS .nf .sp .RS 0n typedef int (*sudo_hook_fn_setenv_t)(const char *name, const char *value, int overwrite, void *closure); .RE .fi .sp If the registered hook does not match the typedef the results are unspecified. .PP .RE .PD 0 .TP 6n \fRSUDO_HOOK_UNSETENV\fR The C library unsetenv(3) function. Any registered hooks will run before the C library implementation. The \fRhook_fn\fR field should be a function that matches the following typedef: .RS .nf .sp .RS 0n typedef int (*sudo_hook_fn_unsetenv_t)(const char *name, void *closure); .RE .fi .PD .PP .RE .PD 0 .TP 6n \fRSUDO_HOOK_GETENV\fR The C library getenv(3) function. Any registered hooks will run before the C library implementation. The \fRhook_fn\fR field should be a function that matches the following typedef: .RS .nf .sp .RS 0n typedef int (*sudo_hook_fn_getenv_t)(const char *name, char **value, void *closure); .RE .fi .sp If the registered hook does not match the typedef the results are unspecified. .PD .PP .RE .PD 0 .TP 6n \fRSUDO_HOOK_PUTENV\fR The C library putenv(3) function. Any registered hooks will run before the C library implementation. The \fRhook_fn\fR field should be a function that matches the following typedef: .RS .nf .sp .RS 0n typedef int (*sudo_hook_fn_putenv_t)(char *string, void *closure); .RE .fi .sp If the registered hook does not match the typedef the results are unspecified. .RE .PD .PP .RE .PD 0 .TP 6n hook_fn sudo_hook_fn_t hook_fn; .sp The \fRhook_fn\fR field should be set to the plugin's hook implementation. The actual function arguments will vary depending on the \fRhook_type\fR (see \fRhook_type\fR above). In all cases, the \fRclosure\fR field of \fRstruct sudo_hook\fR is passed as the last function parameter. This can be used to pass arbitrary data to the plugin's hook implementation. .sp The function return value may be one of the following: .RS .PD .TP 6n \fRSUDO_HOOK_RET_ERROR\fR The hook function encountered an error. .TP 6n \fRSUDO_HOOK_RET_NEXT\fR The hook completed without error, go on to the next hook (including the native implementation if applicable). For example, a getenv(3) hook might return \fRSUDO_HOOK_RET_NEXT\fR if the specified variable was not found in the private copy of the environment. .TP 6n \fRSUDO_HOOK_RET_STOP\fR The hook completed without error, stop processing hooks for this invocation. This can be used to replace the native implementation. For example, a \fRsetenv\fR hook that operates on a private copy of the environment but leaves \fRenviron\fR unchanged. .RE .PP Note that it is very easy to create an infinite loop when hooking C library functions. For example, a getenv(3) hook that calls the snprintf(3) function may create a loop if the snprintf(3) implementation calls getenv(3) to check the locale. To prevent this, you may wish to use a static variable in the hook function to guard against nested calls. For example: .nf .sp .RS 0n static int in_progress = 0; /* avoid recursion */ if (in_progress) return SUDO_HOOK_RET_NEXT; in_progress = 1; \&... in_progress = 0; return SUDO_HOOK_RET_STOP; .RE .fi .PP \fIHook API Version Macros\fR .nf .sp .RS 0n /* Hook API version major/minor */ #define SUDO_HOOK_VERSION_MAJOR 1 #define SUDO_HOOK_VERSION_MINOR 0 #define SUDO_HOOK_MKVERSION(x, y) ((x << 16) | y) #define SUDO_HOOK_VERSION SUDO_HOOK_MKVERSION(SUDO_HOOK_VERSION_MAJOR,\e SUDO_HOOK_VERSION_MINOR) /* Getters and setters for hook API version */ #define SUDO_HOOK_VERSION_GET_MAJOR(v) ((v) >> 16) #define SUDO_HOOK_VERSION_GET_MINOR(v) ((v) & 0xffff) #define SUDO_HOOK_VERSION_SET_MAJOR(vp, n) do { \e *(vp) = (*(vp) & 0x0000ffff) | ((n) << 16); \e } while(0) #define SUDO_HOOK_VERSION_SET_MINOR(vp, n) do { \e *(vp) = (*(vp) & 0xffff0000) | (n); \e } while(0) .RE .fi .SS "Remote command execution" The \fBsudo\fR front end does not have native support for running remote commands. However, starting with \fBsudo\fR 1.8.8, the \fB\-h\fR option may be used to specify a remote host that is passed to the policy plugin. A plugin may also accept a \fIrunas_user\fR in the form of ``user@hostname'' which will work with older versions of \fBsudo\fR. It is anticipated that remote commands will be supported by executing a ``helper'' program. The policy plugin should setup the execution environment such that the \fBsudo\fR front end will run the helper which, in turn, will connect to the remote host and run the command. .PP For example, the policy plugin could utilize \fBssh\fR to perform remote command execution. The helper program would be responsible for running \fBssh\fR with the proper options to use a private key or certificate that the remote host will accept and run a program on the remote host that would setup the execution environment accordingly. .PP Note that remote \fBsudoedit\fR functionality must be handled by the policy plugin, not \fBsudo\fR itself as the front end has no knowledge that a remote command is being executed. This may be addressed in a future revision of the plugin API. .SS "Conversation API" If the plugin needs to interact with the user, it may do so via the \fBconversation\fR() function. A plugin should not attempt to read directly from the standard input or the user's tty (neither of which are guaranteed to exist). The caller must include a trailing newline in \fRmsg\fR if one is to be printed. .PP A \fBprintf\fR()-style function is also available that can be used to display informational or error messages to the user, which is usually more convenient for simple messages where no use input is required. .nf .sp .RS 0n struct sudo_conv_message { #define SUDO_CONV_PROMPT_ECHO_OFF 0x0001 /* do not echo user input */ #define SUDO_CONV_PROMPT_ECHO_ON 0x0002 /* echo user input */ #define SUDO_CONV_ERROR_MSG 0x0003 /* error message */ #define SUDO_CONV_INFO_MSG 0x0004 /* informational message */ #define SUDO_CONV_PROMPT_MASK 0x0005 /* mask user input */ #define SUDO_CONV_DEBUG_MSG 0x0006 /* debugging message */ #define SUDO_CONV_PROMPT_ECHO_OK 0x1000 /* flag: allow echo if no tty */ int msg_type; int timeout; const char *msg; }; #define SUDO_CONV_REPL_MAX 255 struct sudo_conv_reply { char *reply; }; typedef int (*sudo_conv_t)(int num_msgs, const struct sudo_conv_message msgs[], struct sudo_conv_reply replies[]); typedef int (*sudo_printf_t)(int msg_type, const char *fmt, ...); .RE .fi .PP Pointers to the \fBconversation\fR() and \fBprintf\fR()-style functions are passed in to the plugin's \fBopen\fR() function when the plugin is initialized. .PP To use the \fBconversation\fR() function, the plugin must pass an array of \fRsudo_conv_message\fR and \fRsudo_conv_reply\fR structures. There must be a \fRstruct sudo_conv_message\fR and \fRstruct sudo_conv_reply\fR for each message in the conversation. The plugin is responsible for freeing the reply buffer located in each \fRstruct sudo_conv_reply\fR, if it is not \fRNULL\fR. \fRSUDO_CONV_REPL_MAX\fR represents the maximum length of the reply buffer (not including the trailing NUL character). In practical terms, this is the longest password \fBsudo\fR will support. It is also useful as a maximum value for the \fBmemset_s\fR() function when clearing passwords filled in by the conversation function. .PP The \fBprintf\fR()-style function uses the same underlying mechanism as the \fBconversation\fR() function but only supports \fRSUDO_CONV_INFO_MSG\fR, \fRSUDO_CONV_ERROR_MSG\fR and \fRSUDO_CONV_DEBUG_MSG\fR for the \fImsg_type\fR parameter. It can be more convenient than using the \fBconversation\fR() function if no user reply is needed and supports standard \fBprintf\fR() escape sequences. .PP Unlike, \fRSUDO_CONV_INFO_MSG\fR and Dv SUDO_CONV_ERROR_MSG , messages sent with the \fRSUDO_CONV_DEBUG_MSG\fR \fImsg_type\fR are not directly user-visible. Instead, they are logged to the file specified in the \fRDebug\fR statement (if any) in the sudo.conf(@mansectform@). file. This allows a plugin to log debugging information and is intended to be used in conjunction with the \fIdebug_flags\fR setting. .PP See the sample plugin for an example of the \fBconversation\fR() function usage. .SS "Sudoers group plugin API" The \fBsudoers\fR plugin supports its own plugin interface to allow non-Unix group lookups. This can be used to query a group source other than the standard Unix group database. Two sample group plugins are bundled with \fBsudo\fR, \fIgroup_file\fR and \fIsystem_group\fR, are detailed in sudoers(@mansectform@). Third party group plugins include a QAS AD plugin available from Quest Software. .PP A group plugin must declare and populate a \fRsudoers_group_plugin\fR struct in the global scope. This structure contains pointers to the functions that implement plugin initialization, cleanup and group lookup. .nf .sp .RS 0n struct sudoers_group_plugin { unsigned int version; int (*init)(int version, sudo_printf_t sudo_printf, char *const argv[]); void (*cleanup)(void); int (*query)(const char *user, const char *group, const struct passwd *pwd); }; .RE .fi .PP The \fRsudoers_group_plugin\fR struct has the following fields: .TP 6n version The \fRversion\fR field should be set to GROUP_API_VERSION. .sp This allows \fBsudoers\fR to determine the API version the group plugin was built against. .TP 6n init .RS .nf .RS 0n int (*init)(int version, sudo_printf_t plugin_printf, char *const argv[]); .RE .fi .sp The \fBinit\fR() function is called after \fIsudoers\fR has been parsed but before any policy checks. It returns 1 on success, 0 on failure (or if the plugin is not configured), and \-1 if a error occurred. If an error occurs, the plugin may call the \fBplugin_printf\fR() function with \fRSUDO_CONF_ERROR_MSG\fR to present additional error information to the user. .sp The function arguments are as follows: .TP 6n version The version passed in by \fBsudoers\fR allows the plugin to determine the major and minor version number of the group plugin API supported by \fBsudoers\fR. .TP 6n plugin_printf A pointer to a \fBprintf\fR()-style function that may be used to display informational or error message to the user. Returns the number of characters printed on success and \-1 on failure. .TP 6n argv A \fRNULL\fR-terminated array of arguments generated from the \fIgroup_plugin\fR option in \fIsudoers\fR. If no arguments were given, \fIargv\fR will be \fRNULL\fR. .PP .RE .PD 0 .TP 6n cleanup .RS .nf .RS 0n void (*cleanup)(); .RE .fi .sp The \fBcleanup\fR() function is called when \fBsudoers\fR has finished its group checks. The plugin should free any memory it has allocated and close open file handles. .PD .PP .RE .PD 0 .TP 6n query .br .RS .nf .RS 0n int (*query)(const char *user, const char *group, const struct passwd *pwd); .RE .fi .sp The \fBquery\fR() function is used to ask the group plugin whether \fIuser\fR is a member of \fIgroup\fR. .sp The function arguments are as follows: .PD .TP 6n user The name of the user being looked up in the external group database. .TP 6n group .br The name of the group being queried. .TP 6n pwd The password database entry for \fIuser\fR, if any. If \fIuser\fR is not present in the password database, \fIpwd\fR will be \fRNULL\fR. .RE .PP \fIGroup API Version Macros\fR .nf .sp .RS 0n /* Sudoers group plugin version major/minor */ #define GROUP_API_VERSION_MAJOR 1 #define GROUP_API_VERSION_MINOR 0 #define GROUP_API_VERSION ((GROUP_API_VERSION_MAJOR << 16) | \e GROUP_API_VERSION_MINOR) /* Getters and setters for group version */ #define GROUP_API_VERSION_GET_MAJOR(v) ((v) >> 16) #define GROUP_API_VERSION_GET_MINOR(v) ((v) & 0xffff) #define GROUP_API_VERSION_SET_MAJOR(vp, n) do { \e *(vp) = (*(vp) & 0x0000ffff) | ((n) << 16); \e } while(0) #define GROUP_API_VERSION_SET_MINOR(vp, n) do { \e *(vp) = (*(vp) & 0xffff0000) | (n); \e } while(0) .RE .fi .SH "PLUGIN API CHANGELOG" The following revisions have been made to the Sudo Plugin API. .TP 6n Version 1.0 Initial API version. .TP 6n Version 1.1 (sudo 1.8.0) The I/O logging plugin's \fBopen\fR() function was modified to take the \fRcommand_info\fR list as an argument. .TP 6n Version 1.2 (sudo 1.8.5) The Policy and I/O logging plugins' \fBopen\fR() functions are now passed a list of plugin parameters if any are specified in sudo.conf(@mansectform@). .sp A simple hooks API has been introduced to allow plugins to hook in to the system's environment handling functions. .sp The \fRinit_session\fR Policy plugin function is now passed a pointer to the user environment which can be updated as needed. This can be used to merge in environment variables stored in the PAM handle before a command is run. .TP 6n Version 1.3 (sudo 1.8.7) Support for the \fIexec_background\fR entry has been added to the \fRcommand_info\fR list. .sp The \fImax_groups\fR and \fIplugin_dir\fR entries were added to the \fRsettings\fR list. .sp The \fBversion\fR() and \fBclose\fR() functions are now optional. Previously, a missing \fBversion\fR() or \fBclose\fR() function would result in a crash. If no policy plugin \fBclose\fR() function is defined, a default \fBclose\fR() function will be provided by the \fBsudo\fR front end that displays a warning if the command could not be executed. .sp The \fBsudo\fR front end now installs default signal handlers to trap common signals while the plugin functions are run. .TP 6n Version 1.4 (sudo 1.8.8) The \fIremote_host\fR entry was added to the \fRsettings\fR list. .TP 6n Version 1.5 (sudo 1.8.9) The entry was added to the \fRcommand_info\fR list. .SH "SEE ALSO" sudo.conf(@mansectform@), sudoers(@mansectform@), sudo(@mansectsu@) .SH "BUGS" If you feel you have found a bug in \fBsudo\fR, please submit a bug report at http://www.sudo.ws/sudo/bugs/ .SH "SUPPORT" Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. .SH "DISCLAIMER" \fBsudo\fR is provided ``AS IS'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html for complete details. sudo-1.8.9p5/doc/sudo_plugin.mdoc.in010064400175440000012000001621271226304126200167210ustar00millertstaff.\" .\" Copyright (c) 2009-2013 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd December 20, 2013 .Dt SUDO_PLUGIN @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME .Nm sudo_plugin .Nd Sudo Plugin API .Sh DESCRIPTION Starting with version 1.8, .Nm sudo supports a plugin API for policy and session logging. Plugins may be compiled as dynamic shared objects (the default on systems that support them) or compiled statically into the .Nm sudo binary itself. By default, the .Nm sudoers policy plugin and an associated I/O logging plugin are used. Via the plugin API, .Nm sudo can be configured to use alternate policy and/or I/O logging plugins provided by third parties. The plugins to be used are specified in the .Xr sudo.conf @mansectform@ file. .Pp The API is versioned with a major and minor number. The minor version number is incremented when additions are made. The major number is incremented when incompatible changes are made. A plugin should be check the version passed to it and make sure that the major version matches. .Pp The plugin API is defined by the .Li sudo_plugin.h header file. .Ss Policy plugin API A policy plugin must declare and populate a .Li policy_plugin struct in the global scope. This structure contains pointers to the functions that implement the .Nm sudo policy checks. The name of the symbol should be specified in .Xr sudo.conf @mansectform@ along with a path to the plugin so that .Nm sudo can load it. .Bd -literal struct policy_plugin { #define SUDO_POLICY_PLUGIN 1 unsigned int type; /* always SUDO_POLICY_PLUGIN */ unsigned int version; /* always SUDO_API_VERSION */ int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], char * const user_info[], char * const user_env[], char * const plugin_options[]); void (*close)(int exit_status, int error); int (*show_version)(int verbose); int (*check_policy)(int argc, char * const argv[], char *env_add[], char **command_info[], char **argv_out[], char **user_env_out[]); int (*list)(int argc, char * const argv[], int verbose, const char *list_user); int (*validate)(void); void (*invalidate)(int remove); int (*init_session)(struct passwd *pwd, char **user_env[]); void (*register_hooks)(int version, int (*register_hook)(struct sudo_hook *hook)); void (*deregister_hooks)(int version, int (*deregister_hook)(struct sudo_hook *hook)); }; .Ed .Pp The policy_plugin struct has the following fields: .Bl -tag -width 4n .It type The .Li type field should always be set to SUDO_POLICY_PLUGIN. .It version The .Li version field should be set to .Dv SUDO_API_VERSION . .Pp This allows .Nm sudo to determine the API version the plugin was built against. .It open .Bd -literal -compact int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], char * const user_info[], char * const user_env[], char * const plugin_options[]); .Ed .Pp Returns 1 on success, 0 on failure, \-1 if a general error occurred, or \-2 if there was a usage error. In the latter case, .Nm sudo will print a usage message before it exits. If an error occurs, the plugin may optionally call the .Fn conversation or .Fn plugin_printf function with .Dv SUDO_CONF_ERROR_MSG to present additional error information to the user. .Pp The function arguments are as follows: .Bl -tag -width 4n .It version The version passed in by .Nm sudo allows the plugin to determine the major and minor version number of the plugin API supported by .Nm sudo . .It conversation A pointer to the .Fn conversation function that can be used by the plugin to interact with the user (see below). Returns 0 on success and \-1 on failure. .It plugin_printf A pointer to a .Fn printf Ns No -style function that may be used to display informational or error messages (see below). Returns the number of characters printed on success and \-1 on failure. .It settings A vector of user-supplied .Nm sudo settings in the form of .Dq name=value strings. The vector is terminated by a .Dv NULL pointer. These settings correspond to flags the user specified when running .Nm sudo . As such, they will only be present when the corresponding flag has been specified on the command line. .Pp When parsing .Em settings , the plugin should split on the .Sy first equal sign .Pq Ql = since the .Em name field will never include one itself but the .Em value might. .Bl -tag -width 4n .It bsdauth_type=string Authentication type, if specified by the .Fl a flag, to use on systems where BSD authentication is supported. .It closefrom=number If specified, the user has requested via the .Fl C flag that .Nm sudo close all files descriptors with a value of .Em number or higher. The plugin may optionally pass this, or another value, back in the .Em command_info list. .It debug_flags=string A comma-separated list of debug flags that correspond to .Nm sudo Ns No 's .Li Debug entry in .Xr sudo.conf @mansectform@ , if there is one. The flags are passed to the plugin as they appear in .Xr sudo.conf @mansectform@ . The syntax used by .Nm sudo and the .Nm sudoers plugin is .Em subsystem Ns No @ Ns Em priority but the plugin is free to use a different format so long as it does not include a comma .Pq Ql ,\& . There is not currently a way to specify a set of debug flags specific to the plugin--the flags are shared by .Nm sudo and the plugin. .It debug_level=number This setting has been deprecated in favor of .Em debug_flags . .It ignore_ticket=bool Set to true if the user specified the .Fl k flag along with a command, indicating that the user wishes to ignore any cached authentication credentials. .Em implied_shell to true. This allows .Nm sudo with no arguments to be used similarly to .Xr su 1 . If the plugin does not to support this usage, it may return a value of \-2 from the .Fn check_policy function, which will cause .Nm sudo to print a usage message and exit. .It implied_shell=bool If the user does not specify a program on the command line, .Nm sudo will pass the plugin the path to the user's shell and set .It login_class=string BSD login class to use when setting resource limits and nice value, if specified by the .Fl c flag. .It login_shell=bool Set to true if the user specified the .Fl i flag, indicating that the user wishes to run a login shell. .It max_groups=int The maximum number of groups a user may belong to. This will only be present if there is a corresponding setting in .Xr sudo.conf @mansectform@ . .It network_addrs=list A space-separated list of IP network addresses and netmasks in the form .Dq addr/netmask , e.g.\& .Dq 192.168.1.2/255.255.255.0 . The address and netmask pairs may be either IPv4 or IPv6, depending on what the operating system supports. If the address contains a colon .Pq Ql :\& , it is an IPv6 address, else it is IPv4. .It noninteractive=bool Set to true if the user specified the .Fl n flag, indicating that .Nm sudo should operate in non-interactive mode. The plugin may reject a command run in non-interactive mode if user interaction is required. .It plugin_dir=string The default plugin directory used by the .Nm sudo front end. This is the default directory set at compile time and may not correspond to the directory the running plugin was loaded from. It may be used by a plugin to locate support files. .It preserve_environment=bool Set to true if the user specified the .Fl E flag, indicating that the user wishes to preserve the environment. .It preserve_groups=bool Set to true if the user specified the .Fl P flag, indicating that the user wishes to preserve the group vector instead of setting it based on the runas user. .It progname=string The command name that sudo was run as, typically .Dq sudo or .Dq sudoedit . .It prompt=string The prompt to use when requesting a password, if specified via the .Fl p flag. .It remote_host=string The name of the remote host to run the command on, if specified via the .Fl h option. Support for running the command on a remote host is meant to be implemented via a helper program that is executed in place of the user-specified command. The .Nm sudo front end is only capable of executing commands on the local host. Only available starting with API version 1.4. .It run_shell=bool Set to true if the user specified the .Fl s flag, indicating that the user wishes to run a shell. .It runas_group=string The group name or gid to run the command as, if specified via the .Fl g flag. .It runas_user=string The user name or uid to run the command as, if specified via the .Fl u flag. .It selinux_role=string SELinux role to use when executing the command, if specified by the .Fl r flag. .It selinux_type=string SELinux type to use when executing the command, if specified by the .Fl t flag. .It set_home=bool Set to true if the user specified the .Fl H flag. If true, set the .Li HOME environment variable to the target user's home directory. .It sudoedit=bool Set to true when the .Fl e flag is is specified or if invoked as .Nm sudoedit . The plugin shall substitute an editor into .Em argv in the .Fn check_policy function or return \-2 with a usage error if the plugin does not support .Em sudoedit . For more information, see the .Em check_policy section. .El .Pp Additional settings may be added in the future so the plugin should silently ignore settings that it does not recognize. .It user_info A vector of information about the user running the command in the form of .Dq name=value strings. The vector is terminated by a .Dv NULL pointer. .Pp When parsing .Em user_info , the plugin should split on the .Sy first equal sign .Pq Ql = since the .Em name field will never include one itself but the .Em value might. .Bl -tag -width 4n .It cols=int The number of columns the user's terminal supports. If there is no terminal device available, a default value of 80 is used. .It cwd=string The user's current working directory. .It egid=gid_t The effective group ID of the user invoking .Nm sudo . .It euid=uid_t The effective user ID of the user invoking .Nm sudo . .It gid=gid_t The real group ID of the user invoking .Nm sudo . .It groups=list The user's supplementary group list formatted as a string of comma-separated group IDs. .It host=string The local machine's hostname as returned by the .Xr gethostname 2 system call. .It lines=int The number of lines the user's terminal supports. If there is no terminal device available, a default value of 24 is used. .It pgid=int The ID of the process group that the running .Nm sudo process is a member of. Only available starting with API version 1.2. .It pid=int The process ID of the running .Nm sudo process. Only available starting with API version 1.2. .It plugin_options Any (non-comment) strings immediately after the plugin path are passed as arguments to the plugin. These arguments are split on a white space boundary and are passed to the plugin in the form of a .Dv NULL Ns No -terminated array of strings. If no arguments were specified, .Em plugin_options will be the .Dv NULL pointer. .Pp NOTE: the .Em plugin_options parameter is only available starting with API version 1.2. A plugin .Sy must check the API version specified by the .Nm sudo front end before using .Em plugin_options . Failure to do so may result in a crash. .It ppid=int The parent process ID of the running .Nm sudo process. Only available starting with API version 1.2. .It sid=int The session ID of the running .Nm sudo process or 0 if .Nm sudo is not part of a POSIX job control session. Only available starting with API version 1.2. .It tcpgid=int The ID of the foreground process group associated with the terminal device associated with the .Nm sudo process or \-1 if there is no terminal present. Only available starting with API version 1.2. .It tty=string The path to the user's terminal device. If the user has no terminal device associated with the session, the value will be empty, as in .Dq Li tty= . .It uid=uid_t The real user ID of the user invoking .Nm sudo . .It user=string The name of the user invoking .Nm sudo . .El .It user_env The user's environment in the form of a .Dv NULL Ns No -terminated vector of .Dq name=value strings. .Pp When parsing .Em user_env , the plugin should split on the .Sy first equal sign .Pq Ql = since the .Em name field will never include one itself but the .Em value might. .El .It close .Bd -literal -compact void (*close)(int exit_status, int error); .Ed .Pp The .Fn close function is called when the command being run by .Nm sudo finishes. .Pp The function arguments are as follows: .Bl -tag -width 4n .It exit_status The command's exit status, as returned by the .Xr wait 2 system call. The value of .Li exit_status is undefined if .Li error is non-zero. .It error If the command could not be executed, this is set to the value of .Li errno set by the .Xr execve 2 system call. The plugin is responsible for displaying error information via the .Fn conversation or .Fn plugin_printf function. If the command was successfully executed, the value of .Li error is 0. .El .Pp If no .Fn close function is defined, no I/O logging plugins are loaded, and neither the .Em timeout not .Em use_pty options are set in the .Li command_info list, the .Nm sudo front end may execute the command directly instead of running it as a child process. .It show_version .Bd -literal -compact int (*show_version)(int verbose); .Ed .Pp The .Fn show_version function is called by .Nm sudo when the user specifies the .Fl V option. The plugin may display its version information to the user via the .Fn conversation or .Fn plugin_printf function using .Dv SUDO_CONV_INFO_MSG . If the user requests detailed version information, the verbose flag will be set. .It check_policy .Bd -literal -compact int (*check_policy)(int argc, char * const argv[] char *env_add[], char **command_info[], char **argv_out[], char **user_env_out[]); .Ed .Pp The .Fn check_policy function is called by .Nm sudo to determine whether the user is allowed to run the specified commands. .Pp If the .Em sudoedit option was enabled in the .Em settings array passed to the .Fn open function, the user has requested .Em sudoedit mode. .Em sudoedit is a mechanism for editing one or more files where an editor is run with the user's credentials instead of with elevated privileges. .Nm sudo achieves this by creating user-writable temporary copies of the files to be edited and then overwriting the originals with the temporary copies after editing is complete. If the plugin supports .Em sudoedit , it should choose the editor to be used, potentially from a variable in the user's environment, such as .Li EDITOR , and include it in .Em argv_out (note that environment variables may include command line flags). The files to be edited should be copied from .Em argv into .Em argv_out , separated from the editor and its arguments by a .Dq Li -- element. The .Dq Li -- will be removed by .Nm sudo before the editor is executed. The plugin should also set .Em sudoedit=true in the .Em command_info list. .Pp The .Fn check_policy function returns 1 if the command is allowed, 0 if not allowed, \-1 for a general error, or \-2 for a usage error or if .Em sudoedit was specified but is unsupported by the plugin. In the latter case, .Nm sudo will print a usage message before it exits. If an error occurs, the plugin may optionally call the .Fn conversation or .Fn plugin_printf function with .Dv SUDO_CONF_ERROR_MSG to present additional error information to the user. .Pp The function arguments are as follows: .Bl -tag -width 4n .It argc The number of elements in .Em argv , not counting the final .Dv NULL pointer. .It argv The argument vector describing the command the user wishes to run, in the same form as what would be passed to the .Xr execve 2 system call. The vector is terminated by a .Dv NULL pointer. .It env_add Additional environment variables specified by the user on the command line in the form of a .Dv NULL Ns No -terminated vector of .Dq name=value strings. The plugin may reject the command if one or more variables are not allowed to be set, or it may silently ignore such variables. .Pp When parsing .Em env_add , the plugin should split on the .Sy first equal sign .Pq Ql = since the .Em name field will never include one itself but the .Em value might. .It command_info Information about the command being run in the form of .Dq name=value strings. These values are used by .Nm sudo to set the execution environment when running a command. The plugin is responsible for creating and populating the vector, which must be terminated with a .Dv NULL pointer. The following values are recognized by .Nm sudo : .Bl -tag -width 4n .It chroot=string The root directory to use when running the command. .It closefrom=number If specified, .Nm sudo will close all files descriptors with a value of .Em number or higher. .It command=string Fully qualified path to the command to be executed. .It cwd=string The current working directory to change to when executing the command. .It exec_background=bool By default, .Nm sudo runs a command as the foreground process as long as .Nm sudo itself is running in the foreground. When .Em exec_background is enabled and the command is being run in a pty (due to I/O logging or the .Em use_pty setting), the command will be run as a background process. Attempts to read from the controlling terminal (or to change terminal settings) will result in the command being suspended with the .Dv SIGTTIN signal (or .Dv SIGTTOU in the case of terminal settings). If this happens when .Nm sudo is a foreground process, the command will be granted the controlling terminal and resumed in the foreground with no user intervention required. The advantage of initially running the command in the background is that .Nm sudo need not read from the terminal unless the command explicitly requests it. Otherwise, any terminal input must be passed to the command, whether it has required it or not (the kernel buffers terminals so it is not possible to tell whether the command really wants the input). This is different from historic .Em sudo behavior or when the command is not being run in a pty. .Pp For this to work seamlessly, the operating system must support the automatic restarting of system calls. Unfortunately, not all operating systems do this by default, and even those that do may have bugs. For example, Mac OS X fails to restart the .Fn tcgetattr and .Fn tcsetattr system calls (this is a bug in Mac OS X). Furthermore, because this behavior depends on the command stopping with the .Dv SIGTTIN or .Dv SIGTTOU signals, programs that catch these signals and suspend themselves with a different signal (usually .Dv SIGTOP ) will not be automatically foregrounded. Some versions of the linux .Xr su 1 command behave this way. Because of this, a plugin should not set .Em exec_background unless it is explicitly enabled by the administrator and there should be a way to enabled or disable it on a per-command basis. .Pp This setting has no effect unless I/O logging is enabled or .Em use_pty is enabled. .It iolog_compress=bool Set to true if the I/O logging plugins, if any, should compress the log data. This is a hint to the I/O logging plugin which may choose to ignore it. .It iolog_path=string Fully qualified path to the file or directory in which I/O log is to be stored. This is a hint to the I/O logging plugin which may choose to ignore it. If no I/O logging plugin is loaded, this setting has no effect. .It iolog_stdin=bool Set to true if the I/O logging plugins, if any, should log the standard input if it is not connected to a terminal device. This is a hint to the I/O logging plugin which may choose to ignore it. .It iolog_stdout=bool Set to true if the I/O logging plugins, if any, should log the standard output if it is not connected to a terminal device. This is a hint to the I/O logging plugin which may choose to ignore it. .It iolog_stderr=bool Set to true if the I/O logging plugins, if any, should log the standard error if it is not connected to a terminal device. This is a hint to the I/O logging plugin which may choose to ignore it. .It iolog_ttyin=bool Set to true if the I/O logging plugins, if any, should log all terminal input. This only includes input typed by the user and not from a pipe or redirected from a file. This is a hint to the I/O logging plugin which may choose to ignore it. .It iolog_ttyout=bool Set to true if the I/O logging plugins, if any, should log all terminal output. This only includes output to the screen, not output to a pipe or file. This is a hint to the I/O logging plugin which may choose to ignore it. .It login_class=string BSD login class to use when setting resource limits and nice value (optional). This option is only set on systems that support login classes. .It nice=int Nice value (priority) to use when executing the command. The nice value, if specified, overrides the priority associated with the .Em login_class on BSD systems. .It noexec=bool If set, prevent the command from executing other programs. .It preserve_fds=list A comma-separated list of file descriptors that should be preserved, regardless of the value of the .Em closefrom setting. Only available starting with API version 1.5. .It preserve_groups=bool If set, .Nm sudo will preserve the user's group vector instead of initializing the group vector based on .Li runas_user . .It runas_egid=gid Effective group ID to run the command as. If not specified, the value of .Em runas_gid is used. .It runas_euid=uid Effective user ID to run the command as. If not specified, the value of .Em runas_uid is used. .It runas_gid=gid Group ID to run the command as. .It runas_groups=list The supplementary group vector to use for the command in the form of a comma-separated list of group IDs. If .Em preserve_groups is set, this option is ignored. .It runas_uid=uid User ID to run the command as. .It selinux_role=string SELinux role to use when executing the command. .It selinux_type=string SELinux type to use when executing the command. .It set_utmp=bool Create a utmp (or utmpx) entry when a pseudo-tty is allocated. By default, the new entry will be a copy of the user's existing utmp entry (if any), with the tty, time, type and pid fields updated. .It sudoedit=bool Set to true when in .Em sudoedit mode. The plugin may enable .Em sudoedit mode even if .Nm sudo was not invoked as .Nm sudoedit . This allows the plugin to perform command substitution and transparently enable .Em sudoedit when the user attempts to run an editor. .It timeout=int Command timeout. If non-zero then when the timeout expires the command will be killed. .It umask=octal The file creation mask to use when executing the command. .It use_pty=bool Allocate a pseudo-tty to run the command in, regardless of whether or not I/O logging is in use. By default, .Nm sudo will only run the command in a pty when an I/O log plugin is loaded. .It utmp_user=string User name to use when constructing a new utmp (or utmpx) entry when .Em set_utmp is enabled. This option can be used to set the user field in the utmp entry to the user the command runs as rather than the invoking user. If not set, .Nm sudo will base the new entry on the invoking user's existing entry. .El .Pp Unsupported values will be ignored. .It argv_out The .Dv NULL Ns No -terminated argument vector to pass to the .Xr execve 2 system call when executing the command. The plugin is responsible for allocating and populating the vector. .It user_env_out The .Dv NULL Ns No -terminated environment vector to use when executing the command. The plugin is responsible for allocating and populating the vector. .El .It list .Bd -literal -compact int (*list)(int verbose, const char *list_user, int argc, char * const argv[]); .Ed .Pp List available privileges for the invoking user. Returns 1 on success, 0 on failure and \-1 on error. On error, the plugin may optionally call the .Fn conversation or .Fn plugin_printf function with .Dv SUDO_CONF_ERROR_MSG to present additional error information to the user. .Pp Privileges should be output via the .Fn conversation or .Fn plugin_printf function using .Dv SUDO_CONV_INFO_MSG , .Bl -tag -width 4n .It verbose Flag indicating whether to list in verbose mode or not. .It list_user The name of a different user to list privileges for if the policy allows it. If .Dv NULL , the plugin should list the privileges of the invoking user. .It argc The number of elements in .Em argv , not counting the final .Dv NULL pointer. .It argv If .No non- Ns Dv NULL , an argument vector describing a command the user wishes to check against the policy in the same form as what would be passed to the .Xr execve 2 system call. If the command is permitted by the policy, the fully-qualified path to the command should be displayed along with any command line arguments. .El .It validate .Bd -literal -compact int (*validate)(void); .Ed .Pp The .Fn validate function is called when .Nm sudo is run with the .Fl v flag. For policy plugins such as .Nm sudoers that cache authentication credentials, this function will validate and cache the credentials. .Pp The .Fn validate function should be .Dv NULL if the plugin does not support credential caching. .Pp Returns 1 on success, 0 on failure and \-1 on error. On error, the plugin may optionally call the .Fn conversation or .Fn plugin_printf function with .Dv SUDO_CONF_ERROR_MSG to present additional error information to the user. .It invalidate .Bd -literal -compact void (*invalidate)(int remove); .Ed .Pp The .Fn invalidate function is called when .Nm sudo is called with the .Fl k or .Fl K flag. For policy plugins such as .Nm sudoers that cache authentication credentials, this function will invalidate the credentials. If the .Em remove flag is set, the plugin may remove the credentials instead of simply invalidating them. .Pp The .Fn invalidate function should be .Dv NULL if the plugin does not support credential caching. .It init_session .Bd -literal -compact int (*init_session)(struct passwd *pwd, char **user_envp[); .Ed .Pp The .Fn init_session function is called before .Nm sudo sets up the execution environment for the command. It is run in the parent .Nm sudo process and before any uid or gid changes. This can be used to perform session setup that is not supported by .Em command_info , such as opening the PAM session. The .Fn close function can be used to tear down the session that was opened by .Li init_session . .Pp The .Em pwd argument points to a passwd struct for the user the command will be run as if the uid the command will run as was found in the password database, otherwise it will be .Dv NULL . .Pp The .Em user_env argument points to the environment the command will run in, in the form of a .Dv NULL Ns No -terminated vector of .Dq name=value strings. This is the same string passed back to the front end via the Policy Plugin's .Em user_env_out parameter. If the .Fn init_session function needs to modify the user environment, it should update the pointer stored in .Em user_env . The expected use case is to merge the contents of the PAM environment (if any) with the contents of .Em user_env . NOTE: the .Em user_env parameter is only available starting with API version 1.2. A plugin .Sy must check the API version specified by the .Nm sudo front end before using .Em user_env . Failure to do so may result in a crash. .Pp Returns 1 on success, 0 on failure and \-1 on error. On error, the plugin may optionally call the .Fn conversation or .Fn plugin_printf function with .Dv SUDO_CONF_ERROR_MSG to present additional error information to the user. .It register_hooks .Bd -literal -compact void (*register_hooks)(int version, int (*register_hook)(struct sudo_hook *hook)); .Ed .Pp The .Fn register_hooks function is called by the sudo front end to register any hooks the plugin needs. If the plugin does not support hooks, .Li register_hooks should be set to the .Dv NULL pointer. .Pp The .Em version argument describes the version of the hooks API supported by the .Nm sudo front end. .Pp The .Fn register_hook function should be used to register any supported hooks the plugin needs. It returns 0 on success, 1 if the hook type is not supported and \-1 if the major version in .Li struct hook does not match the front end's major hook API version. .Pp See the .Sx Hook function API section below for more information about hooks. .Pp NOTE: the .Fn register_hooks function is only available starting with API version 1.2. If the .Nm sudo front end doesn't support API version 1.2 or higher, .Li register_hooks will not be called. .It deregister_hooks .Bd -literal -compact void (*deregister_hooks)(int version, int (*deregister_hook)(struct sudo_hook *hook)); .Ed .Pp The .Fn deregister_hooks function is called by the sudo front end to deregister any hooks the plugin has registered. If the plugin does not support hooks, .Li deregister_hooks should be set to the .Dv NULL pointer. .Pp The .Em version argument describes the version of the hooks API supported by the .Nm sudo front end. .Pp The .Fn deregister_hook function should be used to deregister any hooks that were put in place by the .Fn register_hook function. If the plugin tries to deregister a hook that the front end does not support, .Li deregister_hook will return an error. .Pp See the .Sx Hook function API section below for more information about hooks. .Pp NOTE: the .Fn deregister_hooks function is only available starting with API version 1.2. If the .Nm sudo front end doesn't support API version 1.2 or higher, .Li deregister_hooks will not be called. .El .Pp .Em Policy Plugin Version Macros .Bd -literal /* Plugin API version major/minor. */ #define SUDO_API_VERSION_MAJOR 1 #define SUDO_API_VERSION_MINOR 2 #define SUDO_API_MKVERSION(x, y) ((x << 16) | y) #define SUDO_API_VERSION SUDO_API_MKVERSION(SUDO_API_VERSION_MAJOR,\e SUDO_API_VERSION_MINOR) /* Getters and setters for API version */ #define SUDO_API_VERSION_GET_MAJOR(v) ((v) >> 16) #define SUDO_API_VERSION_GET_MINOR(v) ((v) & 0xffff) #define SUDO_API_VERSION_SET_MAJOR(vp, n) do { \e *(vp) = (*(vp) & 0x0000ffff) | ((n) << 16); \e } while(0) #define SUDO_VERSION_SET_MINOR(vp, n) do { \e *(vp) = (*(vp) & 0xffff0000) | (n); \e } while(0) .Ed .Ss I/O plugin API .Bd -literal struct io_plugin { #define SUDO_IO_PLUGIN 2 unsigned int type; /* always SUDO_IO_PLUGIN */ unsigned int version; /* always SUDO_API_VERSION */ int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], char * const user_info[], char * const command_info[], int argc, char * const argv[], char * const user_env[], char * const plugin_options[]); void (*close)(int exit_status, int error); /* wait status or error */ int (*show_version)(int verbose); int (*log_ttyin)(const char *buf, unsigned int len); int (*log_ttyout)(const char *buf, unsigned int len); int (*log_stdin)(const char *buf, unsigned int len); int (*log_stdout)(const char *buf, unsigned int len); int (*log_stderr)(const char *buf, unsigned int len); void (*register_hooks)(int version, int (*register_hook)(struct sudo_hook *hook)); void (*deregister_hooks)(int version, int (*deregister_hook)(struct sudo_hook *hook)); }; .Ed .Pp When an I/O plugin is loaded, .Nm sudo runs the command in a pseudo-tty. This makes it possible to log the input and output from the user's session. If any of the standard input, standard output or standard error do not correspond to a tty, .Nm sudo will open a pipe to capture the I/O for logging before passing it on. .Pp The log_ttyin function receives the raw user input from the terminal device (note that this will include input even when echo is disabled, such as when a password is read). The log_ttyout function receives output from the pseudo-tty that is suitable for replaying the user's session at a later time. The .Fn log_stdin , .Fn log_stdout and .Fn log_stderr functions are only called if the standard input, standard output or standard error respectively correspond to something other than a tty. .Pp Any of the logging functions may be set to the .Dv NULL pointer if no logging is to be performed. If the open function returns 0, no I/O will be sent to the plugin. .Pp The io_plugin struct has the following fields: .Bl -tag -width 4n .It type The .Li type field should always be set to .Dv SUDO_IO_PLUGIN . .It version The .Li version field should be set to .Dv SUDO_API_VERSION . .Pp This allows .Nm sudo to determine the API version the plugin was built against. .It open .Bd -literal -compact int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], char * const user_info[], int argc, char * const argv[], char * const user_env[], char * const plugin_options[]); .Ed .Pp The .Fn open function is run before the .Fn log_input , .Fn log_output or .Fn show_version functions are called. It is only called if the version is being requested or the .Fn check_policy function has returned successfully. It returns 1 on success, 0 on failure, \-1 if a general error occurred, or \-2 if there was a usage error. In the latter case, .Nm sudo will print a usage message before it exits. If an error occurs, the plugin may optionally call the .Fn conversation or .Fn plugin_printf function with .Dv SUDO_CONF_ERROR_MSG to present additional error information to the user. .Pp The function arguments are as follows: .Bl -tag -width 4n .It version The version passed in by .Nm sudo allows the plugin to determine the major and minor version number of the plugin API supported by .Nm sudo . .It conversation A pointer to the .Fn conversation function that may be used by the .Fn show_version function to display version information (see .Fn show_version below). The .Fn conversation function may also be used to display additional error message to the user. The .Fn conversation function returns 0 on success and \-1 on failure. .It plugin_printf A pointer to a .Fn printf Ns No -style function that may be used by the .Fn show_version function to display version information (see show_version below). The .Fn plugin_printf function may also be used to display additional error message to the user. The .Fn plugin_printf function returns number of characters printed on success and \-1 on failure. .It settings A vector of user-supplied .Nm sudo settings in the form of .Dq name=value strings. The vector is terminated by a .Dv NULL pointer. These settings correspond to flags the user specified when running .Nm sudo . As such, they will only be present when the corresponding flag has been specified on the command line. .Pp When parsing .Em settings , the plugin should split on the .Sy first equal sign .Pq Ql = since the .Em name field will never include one itself but the .Em value might. .Pp See the .Sx Policy plugin API section for a list of all possible settings. .It user_info A vector of information about the user running the command in the form of .Dq name=value strings. The vector is terminated by a .Dv NULL pointer. .Pp When parsing .Em user_info , the plugin should split on the .Sy first equal sign .Pq Ql = since the .Em name field will never include one itself but the .Em value might. .Pp See the .Sx Policy plugin API section for a list of all possible strings. .It argc The number of elements in .Em argv , not counting the final .Dv NULL pointer. .It argv If .No non- Ns Dv NULL , an argument vector describing a command the user wishes to run in the same form as what would be passed to the .Xr execve 2 system call. .It user_env The user's environment in the form of a .Dv NULL Ns No -terminated vector of .Dq name=value strings. .Pp When parsing .Em user_env , the plugin should split on the .Sy first equal sign .Pq Ql = since the .Em name field will never include one itself but the .Em value might. .It plugin_options Any (non-comment) strings immediately after the plugin path are treated as arguments to the plugin. These arguments are split on a white space boundary and are passed to the plugin in the form of a .Dv NULL Ns No -terminated array of strings. If no arguments were specified, .Em plugin_options will be the .Dv NULL pointer. .Pp NOTE: the .Em plugin_options parameter is only available starting with API version 1.2. A plugin .Sy must check the API version specified by the .Nm sudo front end before using .Em plugin_options . Failure to do so may result in a crash. .El .It close .Bd -literal -compact void (*close)(int exit_status, int error); .Ed .Pp The .Fn close function is called when the command being run by .Nm sudo finishes. .Pp The function arguments are as follows: .Bl -tag -width 4n .It exit_status The command's exit status, as returned by the .Xr wait 2 system call. The value of .Li exit_status is undefined if .Li error is non-zero. .It error If the command could not be executed, this is set to the value of .Li errno set by the .Xr execve 2 system call. If the command was successfully executed, the value of .Li error is 0. .El .It show_version .Bd -literal -compact int (*show_version)(int verbose); .Ed .Pp The .Fn show_version function is called by .Nm sudo when the user specifies the .Fl V option. The plugin may display its version information to the user via the .Fn conversation or .Fn plugin_printf function using .Dv SUDO_CONV_INFO_MSG . If the user requests detailed version information, the verbose flag will be set. .It log_ttyin .Bd -literal -compact int (*log_ttyin)(const char *buf, unsigned int len); .Ed .Pp The .Fn log_ttyin function is called whenever data can be read from the user but before it is passed to the running command. This allows the plugin to reject data if it chooses to (for instance if the input contains banned content). Returns 1 if the data should be passed to the command, 0 if the data is rejected (which will terminate the command) or \-1 if an error occurred. .Pp The function arguments are as follows: .Bl -tag -width 4n .It buf The buffer containing user input. .It len The length of .Em buf in bytes. .El .It log_ttyout .Bd -literal -compact int (*log_ttyout)(const char *buf, unsigned int len); .Ed .Pp The .Fn log_ttyout function is called whenever data can be read from the command but before it is written to the user's terminal. This allows the plugin to reject data if it chooses to (for instance if the output contains banned content). Returns 1 if the data should be passed to the user, 0 if the data is rejected (which will terminate the command) or \-1 if an error occurred. .Pp The function arguments are as follows: .Bl -tag -width 4n .It buf The buffer containing command output. .It len The length of .Em buf in bytes. .El .It log_stdin .Bd -literal -compact int (*log_stdin)(const char *buf, unsigned int len); .Ed .Pp The .Fn log_stdin function is only used if the standard input does not correspond to a tty device. It is called whenever data can be read from the standard input but before it is passed to the running command. This allows the plugin to reject data if it chooses to (for instance if the input contains banned content). Returns 1 if the data should be passed to the command, 0 if the data is rejected (which will terminate the command) or \-1 if an error occurred. .Pp The function arguments are as follows: .Bl -tag -width 4n .It buf The buffer containing user input. .It len The length of .Em buf in bytes. .El .It log_stdout .Bd -literal -compact int (*log_stdout)(const char *buf, unsigned int len); .Ed .Pp The .Fn log_stdout function is only used if the standard output does not correspond to a tty device. It is called whenever data can be read from the command but before it is written to the standard output. This allows the plugin to reject data if it chooses to (for instance if the output contains banned content). Returns 1 if the data should be passed to the user, 0 if the data is rejected (which will terminate the command) or \-1 if an error occurred. .Pp The function arguments are as follows: .Bl -tag -width 4n .It buf The buffer containing command output. .It len The length of .Em buf in bytes. .El .It log_stderr .Bd -literal -compact int (*log_stderr)(const char *buf, unsigned int len); .Ed .Pp The .Fn log_stderr function is only used if the standard error does not correspond to a tty device. It is called whenever data can be read from the command but before it is written to the standard error. This allows the plugin to reject data if it chooses to (for instance if the output contains banned content). Returns 1 if the data should be passed to the user, 0 if the data is rejected (which will terminate the command) or \-1 if an error occurred. .Pp The function arguments are as follows: .Bl -tag -width 4n .It buf The buffer containing command output. .It len The length of .Em buf in bytes. .El .It register_hooks See the .Sx Policy plugin API section for a description of .Li register_hooks . .It deregister_hooks See the .Sx Policy plugin API section for a description of .Li deregister_hooks. .El .Pp .Em I/O Plugin Version Macros .Pp Same as for the .Sx Policy plugin API . .Ss Signal handlers The .Nm sudo front end installs default signal handlers to trap common signals while the plugin functions are run. The following signals are trapped by default before the command is executed: .Pp .Bl -bullet -compact .It .Dv SIGALRM .It .Dv SIGHUP .It .Dv SIGINT .It .Dv SIGQUIT .It .Dv SIGTERM .It .Dv SIGTSTP .It .Dv SIGUSR1 .It .Dv SIGUSR2 .El .Pp If a fatal signal is received before the command is executed, .Nm sudo will call the plugin's .Fn close function with an exit status of 128 plus the value of the signal that was received. This allows for consistent logging of commands killed by a signal for plugins that log such information in their .Fn close function. .Pp A plugin may temporarily install its own signal handlers but must restore the original handler before the plugin function returns. .Ss Hook function API Beginning with plugin API version 1.2, it is possible to install hooks for certain functions called by the .Nm sudo front end. .Pp Currently, the only supported hooks relate to the handling of environment variables. Hooks can be used to intercept attempts to get, set, or remove environment variables so that these changes can be reflected in the version of the environment that is used to execute a command. A future version of the API will support hooking internal .Nm sudo front end functions as well. .Pp .Em Hook structure .Pp Hooks in .Nm sudo are described by the following structure: .Bd -literal typedef int (*sudo_hook_fn_t)(); struct sudo_hook { int hook_version; int hook_type; sudo_hook_fn_t hook_fn; void *closure; }; .Ed .Pp The .Li sudo_hook structure has the following fields: .Bl -tag -width 4n .It hook_version The .Li hook_version field should be set to .Dv SUDO_HOOK_VERSION . .It hook_type The .Li hook_type field may be one of the following supported hook types: .Bl -tag -width 4n .It Dv SUDO_HOOK_SETENV The C library .Xr setenv 3 function. Any registered hooks will run before the C library implementation. The .Li hook_fn field should be a function that matches the following typedef: .Bd -literal typedef int (*sudo_hook_fn_setenv_t)(const char *name, const char *value, int overwrite, void *closure); .Ed .Pp If the registered hook does not match the typedef the results are unspecified. .It Dv SUDO_HOOK_UNSETENV The C library .Xr unsetenv 3 function. Any registered hooks will run before the C library implementation. The .Li hook_fn field should be a function that matches the following typedef: .Bd -literal typedef int (*sudo_hook_fn_unsetenv_t)(const char *name, void *closure); .Ed .It Dv SUDO_HOOK_GETENV The C library .Xr getenv 3 function. Any registered hooks will run before the C library implementation. The .Li hook_fn field should be a function that matches the following typedef: .Bd -literal typedef int (*sudo_hook_fn_getenv_t)(const char *name, char **value, void *closure); .Ed .Pp If the registered hook does not match the typedef the results are unspecified. .It Dv SUDO_HOOK_PUTENV The C library .Xr putenv 3 function. Any registered hooks will run before the C library implementation. The .Li hook_fn field should be a function that matches the following typedef: .Bd -literal typedef int (*sudo_hook_fn_putenv_t)(char *string, void *closure); .Ed .Pp If the registered hook does not match the typedef the results are unspecified. .El .It hook_fn sudo_hook_fn_t hook_fn; .Pp The .Li hook_fn field should be set to the plugin's hook implementation. The actual function arguments will vary depending on the .Li hook_type (see .Li hook_type above). In all cases, the .Li closure field of .Li struct sudo_hook is passed as the last function parameter. This can be used to pass arbitrary data to the plugin's hook implementation. .Pp The function return value may be one of the following: .Bl -tag -width 4n .It Dv SUDO_HOOK_RET_ERROR The hook function encountered an error. .It Dv SUDO_HOOK_RET_NEXT The hook completed without error, go on to the next hook (including the native implementation if applicable). For example, a .Xr getenv 3 hook might return .Dv SUDO_HOOK_RET_NEXT if the specified variable was not found in the private copy of the environment. .It Dv SUDO_HOOK_RET_STOP The hook completed without error, stop processing hooks for this invocation. This can be used to replace the native implementation. For example, a .Li setenv hook that operates on a private copy of the environment but leaves .Li environ unchanged. .El .El .Pp Note that it is very easy to create an infinite loop when hooking C library functions. For example, a .Xr getenv 3 hook that calls the .Xr snprintf 3 function may create a loop if the .Xr snprintf 3 implementation calls .Xr getenv 3 to check the locale. To prevent this, you may wish to use a static variable in the hook function to guard against nested calls. For example: .Bd -literal static int in_progress = 0; /* avoid recursion */ if (in_progress) return SUDO_HOOK_RET_NEXT; in_progress = 1; \&... in_progress = 0; return SUDO_HOOK_RET_STOP; .Ed .Pp .Em Hook API Version Macros .Bd -literal /* Hook API version major/minor */ #define SUDO_HOOK_VERSION_MAJOR 1 #define SUDO_HOOK_VERSION_MINOR 0 #define SUDO_HOOK_MKVERSION(x, y) ((x << 16) | y) #define SUDO_HOOK_VERSION SUDO_HOOK_MKVERSION(SUDO_HOOK_VERSION_MAJOR,\e SUDO_HOOK_VERSION_MINOR) /* Getters and setters for hook API version */ #define SUDO_HOOK_VERSION_GET_MAJOR(v) ((v) >> 16) #define SUDO_HOOK_VERSION_GET_MINOR(v) ((v) & 0xffff) #define SUDO_HOOK_VERSION_SET_MAJOR(vp, n) do { \e *(vp) = (*(vp) & 0x0000ffff) | ((n) << 16); \e } while(0) #define SUDO_HOOK_VERSION_SET_MINOR(vp, n) do { \e *(vp) = (*(vp) & 0xffff0000) | (n); \e } while(0) .Ed .Ss Remote command execution The .Nm sudo front end does not have native support for running remote commands. However, starting with .Nm sudo 1.8.8, the .Fl h option may be used to specify a remote host that is passed to the policy plugin. A plugin may also accept a .Em runas_user in the form of .Dq user@hostname which will work with older versions of .Nm sudo . It is anticipated that remote commands will be supported by executing a .Dq helper program. The policy plugin should setup the execution environment such that the .Nm sudo front end will run the helper which, in turn, will connect to the remote host and run the command. .Pp For example, the policy plugin could utilize .Nm ssh to perform remote command execution. The helper program would be responsible for running .Nm ssh with the proper options to use a private key or certificate that the remote host will accept and run a program on the remote host that would setup the execution environment accordingly. .Pp Note that remote .Nm sudoedit functionality must be handled by the policy plugin, not .Nm sudo itself as the front end has no knowledge that a remote command is being executed. This may be addressed in a future revision of the plugin API. .Ss Conversation API If the plugin needs to interact with the user, it may do so via the .Fn conversation function. A plugin should not attempt to read directly from the standard input or the user's tty (neither of which are guaranteed to exist). The caller must include a trailing newline in .Li msg if one is to be printed. .Pp A .Fn printf Ns No -style function is also available that can be used to display informational or error messages to the user, which is usually more convenient for simple messages where no use input is required. .Bd -literal struct sudo_conv_message { #define SUDO_CONV_PROMPT_ECHO_OFF 0x0001 /* do not echo user input */ #define SUDO_CONV_PROMPT_ECHO_ON 0x0002 /* echo user input */ #define SUDO_CONV_ERROR_MSG 0x0003 /* error message */ #define SUDO_CONV_INFO_MSG 0x0004 /* informational message */ #define SUDO_CONV_PROMPT_MASK 0x0005 /* mask user input */ #define SUDO_CONV_DEBUG_MSG 0x0006 /* debugging message */ #define SUDO_CONV_PROMPT_ECHO_OK 0x1000 /* flag: allow echo if no tty */ int msg_type; int timeout; const char *msg; }; #define SUDO_CONV_REPL_MAX 255 struct sudo_conv_reply { char *reply; }; typedef int (*sudo_conv_t)(int num_msgs, const struct sudo_conv_message msgs[], struct sudo_conv_reply replies[]); typedef int (*sudo_printf_t)(int msg_type, const char *fmt, ...); .Ed .Pp Pointers to the .Fn conversation and .Fn printf Ns No -style functions are passed in to the plugin's .Fn open function when the plugin is initialized. .Pp To use the .Fn conversation function, the plugin must pass an array of .Li sudo_conv_message and .Li sudo_conv_reply structures. There must be a .Li struct sudo_conv_message and .Li struct sudo_conv_reply for each message in the conversation. The plugin is responsible for freeing the reply buffer located in each .Li struct sudo_conv_reply , if it is not .Dv NULL . .Dv SUDO_CONV_REPL_MAX represents the maximum length of the reply buffer (not including the trailing NUL character). In practical terms, this is the longest password .Nm sudo will support. It is also useful as a maximum value for the .Fn memset_s function when clearing passwords filled in by the conversation function. .Pp The .Fn printf Ns No -style function uses the same underlying mechanism as the .Fn conversation function but only supports .Dv SUDO_CONV_INFO_MSG , .Dv SUDO_CONV_ERROR_MSG and .Dv SUDO_CONV_DEBUG_MSG for the .Em msg_type parameter. It can be more convenient than using the .Fn conversation function if no user reply is needed and supports standard .Fn printf escape sequences. .Pp Unlike, .Dv SUDO_CONV_INFO_MSG and Dv SUDO_CONV_ERROR_MSG , messages sent with the .Dv SUDO_CONV_DEBUG_MSG .Em msg_type are not directly user-visible. Instead, they are logged to the file specified in the .Li Debug statement (if any) in the .Xr sudo.conf @mansectform@ . file. This allows a plugin to log debugging information and is intended to be used in conjunction with the .Em debug_flags setting. .Pp See the sample plugin for an example of the .Fn conversation function usage. .Ss Sudoers group plugin API The .Nm sudoers plugin supports its own plugin interface to allow non-Unix group lookups. This can be used to query a group source other than the standard Unix group database. Two sample group plugins are bundled with .Nm sudo , .Em group_file and .Em system_group , are detailed in .Xr sudoers @mansectform@ . Third party group plugins include a QAS AD plugin available from Quest Software. .Pp A group plugin must declare and populate a .Li sudoers_group_plugin struct in the global scope. This structure contains pointers to the functions that implement plugin initialization, cleanup and group lookup. .Bd -literal struct sudoers_group_plugin { unsigned int version; int (*init)(int version, sudo_printf_t sudo_printf, char *const argv[]); void (*cleanup)(void); int (*query)(const char *user, const char *group, const struct passwd *pwd); }; .Ed .Pp The .Li sudoers_group_plugin struct has the following fields: .Bl -tag -width 4n .It version The .Li version field should be set to GROUP_API_VERSION. .Pp This allows .Nm sudoers to determine the API version the group plugin was built against. .It init .Bd -literal -compact int (*init)(int version, sudo_printf_t plugin_printf, char *const argv[]); .Ed .Pp The .Fn init function is called after .Em sudoers has been parsed but before any policy checks. It returns 1 on success, 0 on failure (or if the plugin is not configured), and \-1 if a error occurred. If an error occurs, the plugin may call the .Fn plugin_printf function with .Dv SUDO_CONF_ERROR_MSG to present additional error information to the user. .Pp The function arguments are as follows: .Bl -tag -width 4n .It version The version passed in by .Nm sudoers allows the plugin to determine the major and minor version number of the group plugin API supported by .Nm sudoers . .It plugin_printf A pointer to a .Fn printf Ns No -style function that may be used to display informational or error message to the user. Returns the number of characters printed on success and \-1 on failure. .It argv A .Dv NULL Ns No -terminated array of arguments generated from the .Em group_plugin option in .Em sudoers . If no arguments were given, .Em argv will be .Dv NULL . .El .It cleanup .Bd -literal -compact void (*cleanup)(); .Ed .Pp The .Fn cleanup function is called when .Nm sudoers has finished its group checks. The plugin should free any memory it has allocated and close open file handles. .It query .Bd -literal -compact int (*query)(const char *user, const char *group, const struct passwd *pwd); .Ed .Pp The .Fn query function is used to ask the group plugin whether .Em user is a member of .Em group . .Pp The function arguments are as follows: .Bl -tag -width 4n .It user The name of the user being looked up in the external group database. .It group The name of the group being queried. .It pwd The password database entry for .Em user , if any. If .Em user is not present in the password database, .Em pwd will be .Dv NULL . .El .El .Pp .Em Group API Version Macros .Bd -literal /* Sudoers group plugin version major/minor */ #define GROUP_API_VERSION_MAJOR 1 #define GROUP_API_VERSION_MINOR 0 #define GROUP_API_VERSION ((GROUP_API_VERSION_MAJOR << 16) | \e GROUP_API_VERSION_MINOR) /* Getters and setters for group version */ #define GROUP_API_VERSION_GET_MAJOR(v) ((v) >> 16) #define GROUP_API_VERSION_GET_MINOR(v) ((v) & 0xffff) #define GROUP_API_VERSION_SET_MAJOR(vp, n) do { \e *(vp) = (*(vp) & 0x0000ffff) | ((n) << 16); \e } while(0) #define GROUP_API_VERSION_SET_MINOR(vp, n) do { \e *(vp) = (*(vp) & 0xffff0000) | (n); \e } while(0) .Ed .Sh PLUGIN API CHANGELOG The following revisions have been made to the Sudo Plugin API. .Bl -tag -width 4n .It Version 1.0 Initial API version. .It Version 1.1 (sudo 1.8.0) The I/O logging plugin's .Fn open function was modified to take the .Li command_info list as an argument. .It Version 1.2 (sudo 1.8.5) The Policy and I/O logging plugins' .Fn open functions are now passed a list of plugin parameters if any are specified in .Xr sudo.conf @mansectform@ . .Pp A simple hooks API has been introduced to allow plugins to hook in to the system's environment handling functions. .Pp The .Li init_session Policy plugin function is now passed a pointer to the user environment which can be updated as needed. This can be used to merge in environment variables stored in the PAM handle before a command is run. .It Version 1.3 (sudo 1.8.7) Support for the .Em exec_background entry has been added to the .Li command_info list. .Pp The .Em max_groups and .Em plugin_dir entries were added to the .Li settings list. .Pp The .Fn version and .Fn close functions are now optional. Previously, a missing .Fn version or .Fn close function would result in a crash. If no policy plugin .Fn close function is defined, a default .Fn close function will be provided by the .Nm sudo front end that displays a warning if the command could not be executed. .Pp The .Nm sudo front end now installs default signal handlers to trap common signals while the plugin functions are run. .It Version 1.4 (sudo 1.8.8) The .Em remote_host entry was added to the .Li settings list. .It Version 1.5 (sudo 1.8.9) The .em preserve_fds entry was added to the .Li command_info list. .El .Sh SEE ALSO .Xr sudo.conf @mansectform@ , .Xr sudoers @mansectform@ , .Xr sudo @mansectsu@ .Sh BUGS If you feel you have found a bug in .Nm sudo , please submit a bug report at http://www.sudo.ws/sudo/bugs/ .Sh SUPPORT Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. .Sh DISCLAIMER .Nm sudo is provided .Dq AS IS and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with .Nm sudo or http://www.sudo.ws/sudo/license.html for complete details. sudo-1.8.9p5/doc/sudoers.cat010064400175440000012000003710761226304127600153070ustar00millertstaffSUDOERS(4) Programmer's Manual SUDOERS(4) NNAAMMEE ssuuddooeerrss - default sudo security policy plugin DDEESSCCRRIIPPTTIIOONN The _s_u_d_o_e_r_s policy plugin determines a user's ssuuddoo privileges. It is the default ssuuddoo policy plugin. The policy is driven by the _/_e_t_c_/_s_u_d_o_e_r_s file or, optionally in LDAP. The policy format is described in detail in the _S_U_D_O_E_R_S _F_I_L_E _F_O_R_M_A_T section. For information on storing _s_u_d_o_e_r_s policy information in LDAP, please see sudoers.ldap(4). CCoonnffiigguurriinngg ssuuddoo..ccoonnff ffoorr ssuuddooeerrss ssuuddoo consults the sudo.conf(4) file to determine which policy and and I/O logging plugins to load. If no sudo.conf(4) file is present, or if it contains no Plugin lines, ssuuddooeerrss will be used for policy decisions and I/O logging. To explicitly configure sudo.conf(4) to use the ssuuddooeerrss plugin, the following configuration can be used. Plugin sudoers_policy sudoers.so Plugin sudoers_io sudoers.so Starting with ssuuddoo 1.8.5, it is possible to specify optional arguments to the ssuuddooeerrss plugin in the sudo.conf(4) file. These arguments, if present, should be listed after the path to the plugin (i.e. after _s_u_d_o_e_r_s_._s_o). Multiple arguments may be specified, separated by white space. For example: Plugin sudoers_policy sudoers.so sudoers_mode=0400 The following plugin arguments are supported: ldap_conf=pathname The _l_d_a_p___c_o_n_f argument can be used to override the default path to the _l_d_a_p_._c_o_n_f file. ldap_secret=pathname The _l_d_a_p___s_e_c_r_e_t argument can be used to override the default path to the _l_d_a_p_._s_e_c_r_e_t file. sudoers_file=pathname The _s_u_d_o_e_r_s___f_i_l_e argument can be used to override the default path to the _s_u_d_o_e_r_s file. sudoers_uid=uid The _s_u_d_o_e_r_s___u_i_d argument can be used to override the default owner of the sudoers file. It should be specified as a numeric user ID. sudoers_gid=gid The _s_u_d_o_e_r_s___g_i_d argument can be used to override the default group of the sudoers file. It must be specified as a numeric group ID (not a group name). sudoers_mode=mode The _s_u_d_o_e_r_s___m_o_d_e argument can be used to override the default file mode for the sudoers file. It should be specified as an octal value. For more information on configuring sudo.conf(4), please refer to its manual. AAuutthheennttiiccaattiioonn aanndd llooggggiinngg The _s_u_d_o_e_r_s security policy requires that most users authenticate themselves before they can use ssuuddoo. A password is not required if the invoking user is root, if the target user is the same as the invoking user, or if the policy has disabled authentication for the user or command. Unlike su(1), when _s_u_d_o_e_r_s requires authentication, it validates the invoking user's credentials, not the target user's (or root's) credentials. This can be changed via the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w and _r_u_n_a_s_p_w flags, described later. If a user who is not listed in the policy tries to run a command via ssuuddoo, mail is sent to the proper authorities. The address used for such mail is configurable via the _m_a_i_l_t_o Defaults entry (described later) and defaults to root. Note that mail will not be sent if an unauthorized user tries to run ssuuddoo with the --ll or --vv option. This allows users to determine for themselves whether or not they are allowed to use ssuuddoo. If ssuuddoo is run by root and the SUDO_USER environment variable is set, the _s_u_d_o_e_r_s policy will use this value to determine who the actual user is. This can be used by a user to log commands through sudo even when a root shell has been invoked. It also allows the --ee option to remain useful even when invoked via a sudo-run script or program. Note, however, that the _s_u_d_o_e_r_s lookup is still done for root, not the user specified by SUDO_USER. _s_u_d_o_e_r_s uses time stamp files for credential caching. Once a user has been authenticated, the time stamp is updated and the user may then use sudo without a password for a short period of time (5 minutes unless overridden by the _t_i_m_e_o_u_t option). By default, _s_u_d_o_e_r_s uses a tty-based time stamp which means that there is a separate time stamp for each of a user's login sessions. The _t_t_y___t_i_c_k_e_t_s option can be disabled to force the use of a single time stamp for all of a user's sessions. _s_u_d_o_e_r_s can log both successful and unsuccessful attempts (as well as errors) to syslog(3), a log file, or both. By default, _s_u_d_o_e_r_s will log via syslog(3) but this is changeable via the _s_y_s_l_o_g and _l_o_g_f_i_l_e Defaults settings. _s_u_d_o_e_r_s also supports logging a command's input and output streams. I/O logging is not on by default but can be enabled using the _l_o_g___i_n_p_u_t and _l_o_g___o_u_t_p_u_t Defaults flags as well as the LOG_INPUT and LOG_OUTPUT command tags. CCoommmmaanndd eennvviirroonnmmeenntt Since environment variables can influence program behavior, _s_u_d_o_e_r_s provides a means to restrict which variables from the user's environment are inherited by the command to be run. There are two distinct ways _s_u_d_o_e_r_s can deal with environment variables. By default, the _e_n_v___r_e_s_e_t option is enabled. This causes commands to be executed with a new, minimal environment. On AIX (and Linux systems without PAM), the environment is initialized with the contents of the _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t file. On BSD systems, if the _u_s_e___l_o_g_i_n_c_l_a_s_s option is enabled, the environment is initialized based on the _p_a_t_h and _s_e_t_e_n_v settings in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. The new environment contains the TERM, PATH, HOME, MAIL, SHELL, LOGNAME, USER, USERNAME and SUDO_* variables in addition to variables from the invoking process permitted by the _e_n_v___c_h_e_c_k and _e_n_v___k_e_e_p options. This is effectively a whitelist for environment variables. If, however, the _e_n_v___r_e_s_e_t option is disabled, any variables not explicitly denied by the _e_n_v___c_h_e_c_k and _e_n_v___d_e_l_e_t_e options are inherited from the invoking process. In this case, _e_n_v___c_h_e_c_k and _e_n_v___d_e_l_e_t_e behave like a blacklist. Since it is not possible to blacklist all potentially dangerous environment variables, use of the default _e_n_v___r_e_s_e_t behavior is encouraged. In all cases, environment variables with a value beginning with () are removed as they could be interpreted as bbaasshh functions. The list of environment variables that ssuuddoo allows or denies is contained in the output of ``sudo -V'' when run as root. Note that the dynamic linker on most operating systems will remove variables that can control dynamic linking from the environment of setuid executables, including ssuuddoo. Depending on the operating system this may include _RLD*, DYLD_*, LD_*, LDR_*, LIBPATH, SHLIB_PATH, and others. These type of variables are removed from the environment before ssuuddoo even begins execution and, as such, it is not possible for ssuuddoo to preserve them. As a special case, if ssuuddoo's --ii option (initial login) is specified, _s_u_d_o_e_r_s will initialize the environment regardless of the value of _e_n_v___r_e_s_e_t. The DISPLAY, PATH and TERM variables remain unchanged; HOME, MAIL, SHELL, USER, and LOGNAME are set based on the target user. On AIX (and Linux systems without PAM), the contents of _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t are also included. On BSD systems, if the _u_s_e___l_o_g_i_n_c_l_a_s_s option is enabled, the _p_a_t_h and _s_e_t_e_n_v variables in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f are also applied. All other environment variables are removed. Finally, if the _e_n_v___f_i_l_e option is defined, any variables present in that file will be set to their specified values as long as they would not conflict with an existing environment variable. SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT The _s_u_d_o_e_r_s file is composed of two types of entries: aliases (basically variables) and user specifications (which specify who may run what). When multiple entries match for a user, they are applied in order. Where there are multiple matches, the last match is used (which is not necessarily the most specific match). The _s_u_d_o_e_r_s grammar will be described below in Extended Backus-Naur Form (EBNF). Don't despair if you are unfamiliar with EBNF; it is fairly simple, and the definitions below are annotated. QQuuiicckk gguuiiddee ttoo EEBBNNFF EBNF is a concise and exact way of describing the grammar of a language. Each EBNF definition is made up of _p_r_o_d_u_c_t_i_o_n _r_u_l_e_s. E.g., symbol ::= definition | alternate1 | alternate2 ... Each _p_r_o_d_u_c_t_i_o_n _r_u_l_e references others and thus makes up a grammar for the language. EBNF also contains the following operators, which many readers will recognize from regular expressions. Do not, however, confuse them with ``wildcard'' characters, which have different meanings. ? Means that the preceding symbol (or group of symbols) is optional. That is, it may appear once or not at all. * Means that the preceding symbol (or group of symbols) may appear zero or more times. + Means that the preceding symbol (or group of symbols) may appear one or more times. Parentheses may be used to group symbols together. For clarity, we will use single quotes ('') to designate what is a verbatim character string (as opposed to a symbol name). AAlliiaasseess There are four kinds of aliases: User_Alias, Runas_Alias, Host_Alias and Cmnd_Alias. Alias ::= 'User_Alias' User_Alias (':' User_Alias)* | 'Runas_Alias' Runas_Alias (':' Runas_Alias)* | 'Host_Alias' Host_Alias (':' Host_Alias)* | 'Cmnd_Alias' Cmnd_Alias (':' Cmnd_Alias)* User_Alias ::= NAME '=' User_List Runas_Alias ::= NAME '=' Runas_List Host_Alias ::= NAME '=' Host_List Cmnd_Alias ::= NAME '=' Cmnd_List NAME ::= [A-Z]([A-Z][0-9]_)* Each _a_l_i_a_s definition is of the form Alias_Type NAME = item1, item2, ... where _A_l_i_a_s___T_y_p_e is one of User_Alias, Runas_Alias, Host_Alias, or Cmnd_Alias. A NAME is a string of uppercase letters, numbers, and underscore characters (`_'). A NAME mmuusstt start with an uppercase letter. It is possible to put several alias definitions of the same type on a single line, joined by a colon (`:'). E.g., Alias_Type NAME = item1, item2, item3 : NAME = item4, item5 The definitions of what constitutes a valid _a_l_i_a_s member follow. User_List ::= User | User ',' User_List User ::= '!'* user name | '!'* #uid | '!'* %group | '!'* %#gid | '!'* +netgroup | '!'* %:nonunix_group | '!'* %:#nonunix_gid | '!'* User_Alias A User_List is made up of one or more user names, user IDs (prefixed with `#'), system group names and IDs (prefixed with `%' and `%#' respectively), netgroups (prefixed with `+'), non-Unix group names and IDs (prefixed with `%:' and `%:#' respectively) and User_Aliases. Each list item may be prefixed with zero or more `!' operators. An odd number of `!' operators negate the value of the item; an even number just cancel each other out. A user name, uid, group, gid, netgroup, nonunix_group or nonunix_gid may be enclosed in double quotes to avoid the need for escaping special characters. Alternately, special characters may be specified in escaped hex mode, e.g. \x20 for space. When using double quotes, any prefix characters must be included inside the quotes. The actual nonunix_group and nonunix_gid syntax depends on the underlying group provider plugin. For instance, the QAS AD plugin supports the following formats: oo Group in the same domain: "%:Group Name" oo Group in any domain: "%:Group Name@FULLY.QUALIFIED.DOMAIN" oo Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567" See _G_R_O_U_P _P_R_O_V_I_D_E_R _P_L_U_G_I_N_S for more information. Note that quotes around group names are optional. Unquoted strings must use a backslash (`\') to escape spaces and special characters. See _O_t_h_e_r _s_p_e_c_i_a_l _c_h_a_r_a_c_t_e_r_s _a_n_d _r_e_s_e_r_v_e_d _w_o_r_d_s for a list of characters that need to be escaped. Runas_List ::= Runas_Member | Runas_Member ',' Runas_List Runas_Member ::= '!'* user name | '!'* #uid | '!'* %group | '!'* %#gid | '!'* %:nonunix_group | '!'* %:#nonunix_gid | '!'* +netgroup | '!'* Runas_Alias A Runas_List is similar to a User_List except that instead of User_Aliases it can contain Runas_Aliases. Note that user names and groups are matched as strings. In other words, two users (groups) with the same uid (gid) are considered to be distinct. If you wish to match all user names with the same uid (e.g. root and toor), you can use a uid instead (#0 in the example given). Host_List ::= Host | Host ',' Host_List Host ::= '!'* host name | '!'* ip_addr | '!'* network(/netmask)? | '!'* +netgroup | '!'* Host_Alias A Host_List is made up of one or more host names, IP addresses, network numbers, netgroups (prefixed with `+') and other aliases. Again, the value of an item may be negated with the `!' operator. If you do not specify a netmask along with the network number, ssuuddoo will query each of the local host's network interfaces and, if the network number corresponds to one of the hosts's network interfaces, the corresponding netmask will be used. The netmask may be specified either in standard IP address notation (e.g. 255.255.255.0 or ffff:ffff:ffff:ffff::), or CIDR notation (number of bits, e.g. 24 or 64). A host name may include shell- style wildcards (see the _W_i_l_d_c_a_r_d_s section below), but unless the host name command on your machine returns the fully qualified host name, you'll need to use the _f_q_d_n option for wildcards to be useful. Note that ssuuddoo only inspects actual network interfaces; this means that IP address 127.0.0.1 (localhost) will never match. Also, the host name ``localhost'' will only match if that is the actual host name, which is usually only the case for non-networked systems. digest ::= [A-Fa-f0-9]+ | [[A-Za-z0-9+/=]+ Digest_Spec ::= "sha224" ':' digest | "sha256" ':' digest | "sha384" ':' digest | "sha512" ':' digest Cmnd_List ::= Cmnd | Cmnd ',' Cmnd_List command name ::= file name | file name args | file name '""' Cmnd ::= Digest_Spec? '!'* command name | '!'* directory | '!'* "sudoedit" | '!'* Cmnd_Alias A Cmnd_List is a list of one or more command names, directories, and other aliases. A command name is a fully qualified file name which may include shell-style wildcards (see the _W_i_l_d_c_a_r_d_s section below). A simple file name allows the user to run the command with any arguments he/she wishes. However, you may also specify command line arguments (including wildcards). Alternately, you can specify "" to indicate that the command may only be run wwiitthhoouutt command line arguments. A directory is a fully qualified path name ending in a `/'. When you specify a directory in a Cmnd_List, the user will be able to run any file within that directory (but not in any sub-directories therein). If a Cmnd has associated command line arguments, then the arguments in the Cmnd must match exactly those given by the user on the command line (or match the wildcards if there are any). Note that the following characters must be escaped with a `\' if they are used in command arguments: `,', `:', `=', `\'. The built-in command ``sudoedit'' is used to permit a user to run ssuuddoo with the --ee option (or as ssuuddooeeddiitt). It may take command line arguments just as a normal command does. Note that ``sudoedit'' is a command built into ssuuddoo itself and must be specified in _s_u_d_o_e_r_s without a leading path. If a command name is prefixed with a Digest_Spec, the command will only match successfully if it can be verified using the specified SHA-2 digest. This may be useful in situations where the user invoking ssuuddoo has write access to the command or its parent directory. The following digest formats are supported: sha224, sha256, sha384 and sha512. The string may be specified in either hex or base64 format (base64 is more compact). There are several utilities capable of generating SHA-2 digests in hex format such as openssl, shasum, sha224sum, sha256sum, sha384sum, sha512sum. For example, using openssl: $ openssl dgst -sha224 /bin/ls SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25 It is also possible to use openssl to generate base64 output: $ openssl dgst -binary -sha224 /bin/ls | openssl base64 EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ== Command digests are only supported by version 1.8.7 or higher. DDeeffaauullttss Certain configuration options may be changed from their default values at run-time via one or more Default_Entry lines. These may affect all users on any host, all users on a specific host, a specific user, a specific command, or commands being run as a specific user. Note that per-command entries may not include command line arguments. If you need to specify arguments, define a Cmnd_Alias and reference that instead. Default_Type ::= 'Defaults' | 'Defaults' '@' Host_List | 'Defaults' ':' User_List | 'Defaults' '!' Cmnd_List | 'Defaults' '>' Runas_List Default_Entry ::= Default_Type Parameter_List Parameter_List ::= Parameter | Parameter ',' Parameter_List Parameter ::= Parameter '=' Value | Parameter '+=' Value | Parameter '-=' Value | '!'* Parameter Parameters may be ffllaaggss, iinntteeggeerr values, ssttrriinnggss, or lliissttss. Flags are implicitly boolean and can be turned off via the `!' operator. Some integer, string and list parameters may also be used in a boolean context to disable them. Values may be enclosed in double quotes ("") when they contain multiple words. Special characters may be escaped with a backslash (`\'). Lists have two additional assignment operators, += and -=. These operators are used to add to and delete from a list respectively. It is not an error to use the -= operator to remove an element that does not exist in a list. Defaults entries are parsed in the following order: generic, host and user Defaults first, then runas Defaults and finally command defaults. See _S_U_D_O_E_R_S _O_P_T_I_O_N_S for a list of supported Defaults parameters. UUsseerr ssppeecciiffiiccaattiioonn User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \ (':' Host_List '=' Cmnd_Spec_List)* Cmnd_Spec_List ::= Cmnd_Spec | Cmnd_Spec ',' Cmnd_Spec_List Cmnd_Spec ::= Runas_Spec? SELinux_Spec? Solaris_Priv_Spec? Tag_Spec* Cmnd Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')' SELinux_Spec ::= ('ROLE=role' | 'TYPE=type') Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset') Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' | 'SETENV:' | 'NOSETENV:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' | 'LOG_OUTPUT:' | 'NOLOG_OUTPUT:') A uusseerr ssppeecciiffiiccaattiioonn determines which commands a user may run (and as what user) on specified hosts. By default, commands are run as rroooott, but this can be changed on a per-command basis. The basic structure of a user specification is ``who where = (as_whom) what''. Let's break that down into its constituent parts: RRuunnaass__SSppeecc A Runas_Spec determines the user and/or the group that a command may be run as. A fully-specified Runas_Spec consists of two Runas_Lists (as defined above) separated by a colon (`:') and enclosed in a set of parentheses. The first Runas_List indicates which users the command may be run as via ssuuddoo's --uu option. The second defines a list of groups that can be specified via ssuuddoo's --gg option. If both Runas_Lists are specified, the command may be run with any combination of users and groups listed in their respective Runas_Lists. If only the first is specified, the command may be run as any user in the list but no --gg option may be specified. If the first Runas_List is empty but the second is specified, the command may be run as the invoking user with the group set to any listed in the Runas_List. If both Runas_Lists are empty, the command may only be run as the invoking user. If no Runas_Spec is specified the command may be run as rroooott and no group may be specified. A Runas_Spec sets the default for the commands that follow it. What this means is that for the entry: dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm The user ddggbb may run _/_b_i_n_/_l_s, _/_b_i_n_/_k_i_l_l, and _/_u_s_r_/_b_i_n_/_l_p_r_m--but only as ooppeerraattoorr. E.g., $ sudo -u operator /bin/ls It is also possible to override a Runas_Spec later on in an entry. If we modify the entry like so: dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm Then user ddggbb is now allowed to run _/_b_i_n_/_l_s as ooppeerraattoorr, but _/_b_i_n_/_k_i_l_l and _/_u_s_r_/_b_i_n_/_l_p_r_m as rroooott. We can extend this to allow ddggbb to run /bin/ls with either the user or group set to ooppeerraattoorr: dgb boulder = (operator : operator) /bin/ls, (root) /bin/kill,\ /usr/bin/lprm Note that while the group portion of the Runas_Spec permits the user to run as command with that group, it does not force the user to do so. If no group is specified on the command line, the command will run with the group listed in the target user's password database entry. The following would all be permitted by the sudoers entry above: $ sudo -u operator /bin/ls $ sudo -u operator -g operator /bin/ls $ sudo -g operator /bin/ls In the following example, user ttccmm may run commands that access a modem device file with the dialer group. tcm boulder = (:dialer) /usr/bin/tip, /usr/bin/cu,\ /usr/local/bin/minicom Note that in this example only the group will be set, the command still runs as user ttccmm. E.g. $ sudo -g dialer /usr/bin/cu Multiple users and groups may be present in a Runas_Spec, in which case the user may select any combination of users and groups via the --uu and --gg options. In this example: alan ALL = (root, bin : operator, system) ALL user aallaann may run any command as either user root or bin, optionally setting the group to operator or system. SSEELLiinnuuxx__SSppeecc On systems with SELinux support, _s_u_d_o_e_r_s entries may optionally have an SELinux role and/or type associated with a command. If a role or type is specified with the command it will override any default values specified in _s_u_d_o_e_r_s. A role or type specified on the command line, however, will supersede the values in _s_u_d_o_e_r_s. SSoollaarriiss__PPrriivv__SSppeecc On Solaris systems, _s_u_d_o_e_r_s entries may optionally specify Solaris privilege set and/or limit privilege set associated with a command. If privileges or limit privileges are specified with the command it will override any default values specified in _s_u_d_o_e_r_s. A privilege set is a comma-separated list of privilege names. The ppriv(1) command can be used to list all privileges known to the system. For example: $ ppriv -l In addition, there are several ``special'' privilege strings: none the empty set all the set of all privileges zone the set of all privileges available in the current zone basic the default set of privileges normal users are granted at login time Privileges can be excluded from a set by prefixing the privilege name with either an `!' or `-' character. TTaagg__SSppeecc A command may have zero or more tags associated with it. There are ten possible tag values: NOPASSWD, PASSWD, NOEXEC, EXEC, SETENV, NOSETENV, LOG_INPUT, NOLOG_INPUT, LOG_OUTPUT and NOLOG_OUTPUT. Once a tag is set on a Cmnd, subsequent Cmnds in the Cmnd_Spec_List, inherit the tag unless it is overridden by the opposite tag (in other words, PASSWD overrides NOPASSWD and NOEXEC overrides EXEC). _N_O_P_A_S_S_W_D and _P_A_S_S_W_D By default, ssuuddoo requires that a user authenticate him or herself before running a command. This behavior can be modified via the NOPASSWD tag. Like a Runas_Spec, the NOPASSWD tag sets a default for the commands that follow it in the Cmnd_Spec_List. Conversely, the PASSWD tag can be used to reverse things. For example: ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm would allow the user rraayy to run _/_b_i_n_/_k_i_l_l, _/_b_i_n_/_l_s, and _/_u_s_r_/_b_i_n_/_l_p_r_m as rroooott on the machine rushmore without authenticating himself. If we only want rraayy to be able to run _/_b_i_n_/_k_i_l_l without a password the entry would be: ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm Note, however, that the PASSWD tag has no effect on users who are in the group specified by the _e_x_e_m_p_t___g_r_o_u_p option. By default, if the NOPASSWD tag is applied to any of the entries for a user on the current host, he or she will be able to run ``sudo -l'' without a password. Additionally, a user may only run ``sudo -v'' without a password if the NOPASSWD tag is present for all a user's entries that pertain to the current host. This behavior may be overridden via the _v_e_r_i_f_y_p_w and _l_i_s_t_p_w options. _N_O_E_X_E_C and _E_X_E_C If ssuuddoo has been compiled with _n_o_e_x_e_c support and the underlying operating system supports it, the NOEXEC tag can be used to prevent a dynamically-linked executable from running further commands itself. In the following example, user aaaarroonn may run _/_u_s_r_/_b_i_n_/_m_o_r_e and _/_u_s_r_/_b_i_n_/_v_i but shell escapes will be disabled. aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi See the _P_r_e_v_e_n_t_i_n_g _s_h_e_l_l _e_s_c_a_p_e_s section below for more details on how NOEXEC works and whether or not it will work on your system. _S_E_T_E_N_V and _N_O_S_E_T_E_N_V These tags override the value of the _s_e_t_e_n_v option on a per-command basis. Note that if SETENV has been set for a command, the user may disable the _e_n_v___r_e_s_e_t option from the command line via the --EE option. Additionally, environment variables set on the command line are not subject to the restrictions imposed by _e_n_v___c_h_e_c_k, _e_n_v___d_e_l_e_t_e, or _e_n_v___k_e_e_p. As such, only trusted users should be allowed to set variables in this manner. If the command matched is AALLLL, the SETENV tag is implied for that command; this default may be overridden by use of the NOSETENV tag. _L_O_G___I_N_P_U_T and _N_O_L_O_G___I_N_P_U_T These tags override the value of the _l_o_g___i_n_p_u_t option on a per-command basis. For more information, see the description of _l_o_g___i_n_p_u_t in the _S_U_D_O_E_R_S _O_P_T_I_O_N_S section below. _L_O_G___O_U_T_P_U_T and _N_O_L_O_G___O_U_T_P_U_T These tags override the value of the _l_o_g___o_u_t_p_u_t option on a per-command basis. For more information, see the description of _l_o_g___o_u_t_p_u_t in the _S_U_D_O_E_R_S _O_P_T_I_O_N_S section below. WWiillddccaarrddss ssuuddoo allows shell-style _w_i_l_d_c_a_r_d_s (aka meta or glob characters) to be used in host names, path names and command line arguments in the _s_u_d_o_e_r_s file. Wildcard matching is done via the glob(3) and fnmatch(3) functions as specified by IEEE Std 1003.1 (``POSIX.1''). Note that these are _n_o_t regular expressions. * Matches any set of zero or more characters. ? Matches any single character. [...] Matches any character in the specified range. [!...] Matches any character nnoott in the specified range. \x For any character `x', evaluates to `x'. This is used to escape special characters such as: `*', `?', `[', and `]'. Character classes may also be used if your system's glob(3) and fnmatch(3) functions support them. However, because the `:' character has special meaning in _s_u_d_o_e_r_s, it must be escaped. For example: /bin/ls [[:alpha:]]* Would match any file name beginning with a letter. Note that a forward slash (`/') will nnoott be matched by wildcards used in the path name. This is to make a path like: /usr/bin/* match _/_u_s_r_/_b_i_n_/_w_h_o but not _/_u_s_r_/_b_i_n_/_X_1_1_/_x_t_e_r_m. When matching the command line arguments, however, a slash ddooeess get matched by wildcards since command line arguments may contain arbitrary strings and not just path names. Wildcards in command line arguments should be used with care. Because command line arguments are matched as a single, concatenated string, a wildcard such as `?' or `*' can match multiple words. For example, while a sudoers entry like: %operator ALL = /bin/cat /var/log/messages* will allow command like: $ sudo cat /var/log/messages.1 It will also allow: $ sudo cat /var/log/messages /etc/shadow which is probably not what was intended. EExxcceeppttiioonnss ttoo wwiillddccaarrdd rruulleess The following exceptions apply to the above rules: "" If the empty string "" is the only command line argument in the _s_u_d_o_e_r_s entry it means that command is not allowed to be run with aannyy arguments. sudoedit Command line arguments to the _s_u_d_o_e_d_i_t built-in command should always be path names, so a forward slash (`/') will not be matched by a wildcard. IInncclluuddiinngg ootthheerr ffiilleess ffrroomm wwiitthhiinn ssuuddooeerrss It is possible to include other _s_u_d_o_e_r_s files from within the _s_u_d_o_e_r_s file currently being parsed using the #include and #includedir directives. This can be used, for example, to keep a site-wide _s_u_d_o_e_r_s file in addition to a local, per-machine file. For the sake of this example the site-wide _s_u_d_o_e_r_s will be _/_e_t_c_/_s_u_d_o_e_r_s and the per-machine one will be _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l. To include _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l from within _/_e_t_c_/_s_u_d_o_e_r_s we would use the following line in _/_e_t_c_/_s_u_d_o_e_r_s: #include /etc/sudoers.local When ssuuddoo reaches this line it will suspend processing of the current file (_/_e_t_c_/_s_u_d_o_e_r_s) and switch to _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l. Upon reaching the end of _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l, the rest of _/_e_t_c_/_s_u_d_o_e_r_s will be processed. Files that are included may themselves include other files. A hard limit of 128 nested include files is enforced to prevent include file loops. If the path to the include file is not fully-qualified (does not begin with a `/', it must be located in the same directory as the sudoers file it was included from. For example, if _/_e_t_c_/_s_u_d_o_e_r_s contains the line: #include sudoers.local the file that will be included is _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l. The file name may also include the %h escape, signifying the short form of the host name. In other words, if the machine's host name is ``xerxes'', then #include /etc/sudoers.%h will cause ssuuddoo to include the file _/_e_t_c_/_s_u_d_o_e_r_s_._x_e_r_x_e_s. The #includedir directive can be used to create a _s_u_d_o_._d directory that the system package manager can drop _s_u_d_o_e_r_s rules into as part of package installation. For example, given: #includedir /etc/sudoers.d ssuuddoo will read each file in _/_e_t_c_/_s_u_d_o_e_r_s_._d, skipping file names that end in `~' or contain a `.' character to avoid causing problems with package manager or editor temporary/backup files. Files are parsed in sorted lexical order. That is, _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_0_1___f_i_r_s_t will be parsed before _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1_0___s_e_c_o_n_d. Be aware that because the sorting is lexical, not numeric, _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1___w_h_o_o_p_s would be loaded aafftteerr _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1_0___s_e_c_o_n_d. Using a consistent number of leading zeroes in the file names can be used to avoid such problems. Note that unlike files included via #include, vviissuuddoo will not edit the files in a #includedir directory unless one of them contains a syntax error. It is still possible to run vviissuuddoo with the --ff flag to edit the files directly. OOtthheerr ssppeecciiaall cchhaarraacctteerrss aanndd rreesseerrvveedd wwoorrddss The pound sign (`#') is used to indicate a comment (unless it is part of a #include directive or unless it occurs in the context of a user name and is followed by one or more digits, in which case it is treated as a uid). Both the comment character and any text after it, up to the end of the line, are ignored. The reserved word AALLLL is a built-in _a_l_i_a_s that always causes a match to succeed. It can be used wherever one might otherwise use a Cmnd_Alias, User_Alias, Runas_Alias, or Host_Alias. You should not try to define your own _a_l_i_a_s called AALLLL as the built-in alias will be used in preference to your own. Please note that using AALLLL can be dangerous since in a command context, it allows the user to run aannyy command on the system. An exclamation point (`!') can be used as a logical _n_o_t operator in a list or _a_l_i_a_s as well as in front of a Cmnd. This allows one to exclude certain values. For the `!' operator to be effective, there must be something for it to exclude. For example, to match all users except for root one would use: ALL,!root If the AALLLL, is omitted, as in: !root it would explicitly deny root but not match any other users. This is different from a true ``negation'' operator. Note, however, that using a `!' in conjunction with the built-in AALLLL alias to allow a user to run ``all but a few'' commands rarely works as intended (see _S_E_C_U_R_I_T_Y _N_O_T_E_S below). Long lines can be continued with a backslash (`\') as the last character on the line. White space between elements in a list as well as special syntactic characters in a _U_s_e_r _S_p_e_c_i_f_i_c_a_t_i_o_n (`=', `:', `(', `)') is optional. The following characters must be escaped with a backslash (`\') when used as part of a word (e.g. a user name or host name): `!', `=', `:', `,', `(', `)', `\'. SSUUDDOOEERRSS OOPPTTIIOONNSS ssuuddoo's behavior can be modified by Default_Entry lines, as explained earlier. A list of all supported Defaults parameters, grouped by type, are listed below. BBoooolleeaann FFllaaggss: always_set_home If enabled, ssuuddoo will set the HOME environment variable to the home directory of the target user (which is root unless the --uu option is used). This effectively means that the --HH option is always implied. Note that HOME is already set when the _e_n_v___r_e_s_e_t option is enabled, so _a_l_w_a_y_s___s_e_t___h_o_m_e is only effective for configurations where either _e_n_v___r_e_s_e_t is disabled or HOME is present in the _e_n_v___k_e_e_p list. This flag is _o_f_f by default. authenticate If set, users must authenticate themselves via a password (or other means of authentication) before they may run commands. This default may be overridden via the PASSWD and NOPASSWD tags. This flag is _o_n by default. closefrom_override If set, the user may use ssuuddoo's --CC option which overrides the default starting point at which ssuuddoo begins closing open file descriptors. This flag is _o_f_f by default. compress_io If set, and ssuuddoo is configured to log a command's input or output, the I/O logs will be compressed using zzlliibb. This flag is _o_n by default when ssuuddoo is compiled with zzlliibb support. exec_background By default, ssuuddoo runs a command as the foreground process as long as ssuuddoo itself is running in the foreground. When the _e_x_e_c___b_a_c_k_g_r_o_u_n_d flag is enabled and the command is being run in a pty (due to I/O logging or the _u_s_e___p_t_y flag), the command will be run as a background process. Attempts to read from the controlling terminal (or to change terminal settings) will result in the command being suspended with the SIGTTIN signal (or SIGTTOU in the case of terminal settings). If this happens when ssuuddoo is a foreground process, the command will be granted the controlling terminal and resumed in the foreground with no user intervention required. The advantage of initially running the command in the background is that ssuuddoo need not read from the terminal unless the command explicitly requests it. Otherwise, any terminal input must be passed to the command, whether it has required it or not (the kernel buffers terminals so it is not possible to tell whether the command really wants the input). This is different from historic _s_u_d_o behavior or when the command is not being run in a pty. For this to work seamlessly, the operating system must support the automatic restarting of system calls. Unfortunately, not all operating systems do this by default, and even those that do may have bugs. For example, Mac OS X fails to restart the ttccggeettaattttrr() and ttccsseettaattttrr() system calls (this is a bug in Mac OS X). Furthermore, because this behavior depends on the command stopping with the SIGTTIN or SIGTTOU signals, programs that catch these signals and suspend themselves with a different signal (usually SIGTOP) will not be automatically foregrounded. Some versions of the linux su(1) command behave this way. This setting is only supported by version 1.8.7 or higher. It has no effect unless I/O logging is enabled or the _u_s_e___p_t_y flag is enabled. env_editor If set, vviissuuddoo will use the value of the EDITOR or VISUAL environment variables before falling back on the default editor list. Note that this may create a security hole as it allows the user to run any arbitrary command as root without logging. A safer alternative is to place a colon-separated list of editors in the editor variable. vviissuuddoo will then only use the EDITOR or VISUAL if they match a value specified in editor. This flag is _o_f_f by default. env_reset If set, ssuuddoo will run the command in a minimal environment containing the TERM, PATH, HOME, MAIL, SHELL, LOGNAME, USER, USERNAME and SUDO_* variables. Any variables in the caller's environment that match the env_keep and env_check lists are then added, followed by any variables present in the file specified by the _e_n_v___f_i_l_e option (if any). The default contents of the env_keep and env_check lists are displayed when ssuuddoo is run by root with the --VV option. If the _s_e_c_u_r_e___p_a_t_h option is set, its value will be used for the PATH environment variable. This flag is _o_n by default. fast_glob Normally, ssuuddoo uses the glob(3) function to do shell- style globbing when matching path names. However, since it accesses the file system, glob(3) can take a long time to complete for some patterns, especially when the pattern references a network file system that is mounted on demand (auto mounted). The _f_a_s_t___g_l_o_b option causes ssuuddoo to use the fnmatch(3) function, which does not access the file system to do its matching. The disadvantage of _f_a_s_t___g_l_o_b is that it is unable to match relative path names such as _._/_l_s or _._._/_b_i_n_/_l_s. This has security implications when path names that include globbing characters are used with the negation operator, `!', as such rules can be trivially bypassed. As such, this option should not be used when _s_u_d_o_e_r_s contains rules that contain negated path names which include globbing characters. This flag is _o_f_f by default. fqdn Set this flag if you want to put fully qualified host names in the _s_u_d_o_e_r_s file when the local host name (as returned by the hostname command) does not contain the domain name. In other words, instead of myhost you would use myhost.mydomain.edu. You may still use the short form if you wish (and even mix the two). This option is only effective when the ``canonical'' host name, as returned by the ggeettaaddddrriinnffoo() or ggeetthhoossttbbyynnaammee() function, is a fully-qualified domain name. This is usually the case when the system is configured to use DNS for host name resolution. If the system is configured to use the _/_e_t_c_/_h_o_s_t_s file in preference to DNS, the ``canonical'' host name may not be fully-qualified. The order that sources are queried for host name resolution is usually specified in the _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f, _/_e_t_c_/_n_e_t_s_v_c_._c_o_n_f, _/_e_t_c_/_h_o_s_t_._c_o_n_f, or, in some cases, _/_e_t_c_/_r_e_s_o_l_v_._c_o_n_f file. In the _/_e_t_c_/_h_o_s_t_s file, the first host name of the entry is considered to be the ``canonical'' name; subsequent names are aliases that are not used by ssuuddooeerrss. For example, the following hosts file line for the machine ``xyzzy'' has the fully-qualified domain name as the ``canonical'' host name, and the short version as an alias. 192.168.1.1 xyzzy.sudo.ws xyzzy If the machine's hosts file entry is not formatted properly, the _f_q_d_n option will not be effective if it is queried before DNS. Beware that when using DNS for host name resolution, turning on _f_q_d_n requires ssuuddooeerrss to make DNS lookups which renders ssuuddoo unusable if DNS stops working (for example if the machine is disconnected from the network). Also note that just like with the hosts file, you must use the ``canonical'' name as DNS knows it. That is, you may not use a host alias (CNAME entry) due to performance issues and the fact that there is no way to get all aliases from DNS. This flag is _o_f_f by default. ignore_dot If set, ssuuddoo will ignore "." or "" (both denoting current directory) in the PATH environment variable; the PATH itself is not modified. This flag is _o_f_f by default. ignore_local_sudoers If set via LDAP, parsing of _/_e_t_c_/_s_u_d_o_e_r_s will be skipped. This is intended for Enterprises that wish to prevent the usage of local sudoers files so that only LDAP is used. This thwarts the efforts of rogue operators who would attempt to add roles to _/_e_t_c_/_s_u_d_o_e_r_s. When this option is present, _/_e_t_c_/_s_u_d_o_e_r_s does not even need to exist. Since this option tells ssuuddoo how to behave when no specific LDAP entries have been matched, this sudoOption is only meaningful for the cn=defaults section. This flag is _o_f_f by default. insults If set, ssuuddoo will insult users when they enter an incorrect password. This flag is _o_f_f by default. log_host If set, the host name will be logged in the (non- syslog) ssuuddoo log file. This flag is _o_f_f by default. log_input If set, ssuuddoo will run the command in a _p_s_e_u_d_o _t_t_y and log all user input. If the standard input is not connected to the user's tty, due to I/O redirection or because the command is part of a pipeline, that input is also captured and stored in a separate log file. Input is logged to the directory specified by the _i_o_l_o_g___d_i_r option (_/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o by default) using a unique session ID that is included in the normal ssuuddoo log line, prefixed with ``TSID=''. The _i_o_l_o_g___f_i_l_e option may be used to control the format of the session ID. Note that user input may contain sensitive information such as passwords (even if they are not echoed to the screen), which will be stored in the log file unencrypted. In most cases, logging the command output via _l_o_g___o_u_t_p_u_t is all that is required. log_output If set, ssuuddoo will run the command in a _p_s_e_u_d_o _t_t_y and log all output that is sent to the screen, similar to the script(1) command. If the standard output or standard error is not connected to the user's tty, due to I/O redirection or because the command is part of a pipeline, that output is also captured and stored in separate log files. Output is logged to the directory specified by the _i_o_l_o_g___d_i_r option (_/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o by default) using a unique session ID that is included in the normal ssuuddoo log line, prefixed with ``TSID=''. The _i_o_l_o_g___f_i_l_e option may be used to control the format of the session ID. Output logs may be viewed with the sudoreplay(1m) utility, which can also be used to list or search the available logs. log_year If set, the four-digit year will be logged in the (non- syslog) ssuuddoo log file. This flag is _o_f_f by default. long_otp_prompt When validating with a One Time Password (OTP) scheme such as SS//KKeeyy or OOPPIIEE, a two-line prompt is used to make it easier to cut and paste the challenge to a local window. It's not as pretty as the default but some people find it more convenient. This flag is _o_f_f by default. mail_always Send mail to the _m_a_i_l_t_o user every time a users runs ssuuddoo. This flag is _o_f_f by default. mail_badpass Send mail to the _m_a_i_l_t_o user if the user running ssuuddoo does not enter the correct password. If the command the user is attempting to run is not permitted by _s_u_d_o_e_r_s and one of the _m_a_i_l___a_l_w_a_y_s, _m_a_i_l___n_o___h_o_s_t, _m_a_i_l___n_o___p_e_r_m_s or _m_a_i_l___n_o___u_s_e_r flags are set, this flag will have no effect. This flag is _o_f_f by default. mail_no_host If set, mail will be sent to the _m_a_i_l_t_o user if the invoking user exists in the _s_u_d_o_e_r_s file, but is not allowed to run commands on the current host. This flag is _o_f_f by default. mail_no_perms If set, mail will be sent to the _m_a_i_l_t_o user if the invoking user is allowed to use ssuuddoo but the command they are trying is not listed in their _s_u_d_o_e_r_s file entry or is explicitly denied. This flag is _o_f_f by default. mail_no_user If set, mail will be sent to the _m_a_i_l_t_o user if the invoking user is not in the _s_u_d_o_e_r_s file. This flag is _o_n by default. noexec If set, all commands run via ssuuddoo will behave as if the NOEXEC tag has been set, unless overridden by a EXEC tag. See the description of _N_O_E_X_E_C _a_n_d _E_X_E_C below as well as the _P_r_e_v_e_n_t_i_n_g _s_h_e_l_l _e_s_c_a_p_e_s section at the end of this manual. This flag is _o_f_f by default. pam_session On systems that use PAM for authentication, ssuuddoo will create a new PAM session for the command to be run in. Disabling _p_a_m___s_e_s_s_i_o_n may be needed on older PAM implementations or on operating systems where opening a PAM session changes the utmp or wtmp files. If PAM session support is disabled, resource limits may not be updated for the command being run. If _p_a_m___s_e_s_s_i_o_n, _p_a_m___s_e_t_c_r_e_d, and _u_s_e___p_t_y are disabled and I/O logging has not been configured, ssuuddoo will execute the command directly instead of running it as a child process. This flag is _o_n by default. This setting is only supported by version 1.8.7 or higher. pam_setcred On systems that use PAM for authentication, ssuuddoo will attempt to establish credentials for the target user by default, if supported by the underlying authentication system. One example of a credential is a Kerberos ticket. If _p_a_m___s_e_s_s_i_o_n, _p_a_m___s_e_t_c_r_e_d, and _u_s_e___p_t_y are disabled and I/O logging has not been configured, ssuuddoo will execute the command directly instead of running it as a child process. This flag is _o_n by default. This setting is only supported by version 1.8.8 or higher. passprompt_override The password prompt specified by _p_a_s_s_p_r_o_m_p_t will normally only be used if the password prompt provided by systems such as PAM matches the string ``Password:''. If _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e is set, _p_a_s_s_p_r_o_m_p_t will always be used. This flag is _o_f_f by default. path_info Normally, ssuuddoo will tell the user when a command could not be found in their PATH environment variable. Some sites may wish to disable this as it could be used to gather information on the location of executables that the normal user does not have access to. The disadvantage is that if the executable is simply not in the user's PATH, ssuuddoo will tell the user that they are not allowed to run it, which can be confusing. This flag is _o_n by default. preserve_groups By default, ssuuddoo will initialize the group vector to the list of groups the target user is in. When _p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, the user's existing group vector is left unaltered. The real and effective group IDs, however, are still set to match the target user. This flag is _o_f_f by default. pwfeedback By default, ssuuddoo reads the password like most other Unix programs, by turning off echo until the user hits the return (or enter) key. Some users become confused by this as it appears to them that ssuuddoo has hung at this point. When _p_w_f_e_e_d_b_a_c_k is set, ssuuddoo will provide visual feedback when the user presses a key. Note that this does have a security impact as an onlooker may be able to determine the length of the password being entered. This flag is _o_f_f by default. requiretty If set, ssuuddoo will only run when the user is logged in to a real tty. When this flag is set, ssuuddoo can only be run from a login session and not via other means such as cron(1m) or cgi-bin scripts. This flag is _o_f_f by default. root_sudo If set, root is allowed to run ssuuddoo too. Disabling this prevents users from ``chaining'' ssuuddoo commands to get a root shell by doing something like ``sudo sudo /bin/sh''. Note, however, that turning off _r_o_o_t___s_u_d_o will also prevent root from running ssuuddooeeddiitt. Disabling _r_o_o_t___s_u_d_o provides no real additional security; it exists purely for historical reasons. This flag is _o_n by default. rootpw If set, ssuuddoo will prompt for the root password instead of the password of the invoking user. This flag is _o_f_f by default. runaspw If set, ssuuddoo will prompt for the password of the user defined by the _r_u_n_a_s___d_e_f_a_u_l_t option (defaults to root) instead of the password of the invoking user. This flag is _o_f_f by default. set_home If enabled and ssuuddoo is invoked with the --ss option the HOME environment variable will be set to the home directory of the target user (which is root unless the --uu option is used). This effectively makes the --ss option imply --HH. Note that HOME is already set when the _e_n_v___r_e_s_e_t option is enabled, so _s_e_t___h_o_m_e is only effective for configurations where either _e_n_v___r_e_s_e_t is disabled or HOME is present in the _e_n_v___k_e_e_p list. This flag is _o_f_f by default. set_logname Normally, ssuuddoo will set the LOGNAME, USER and USERNAME environment variables to the name of the target user (usually root unless the --uu option is given). However, since some programs (including the RCS revision control system) use LOGNAME to determine the real identity of the user, it may be desirable to change this behavior. This can be done by negating the set_logname option. Note that if the _e_n_v___r_e_s_e_t option has not been disabled, entries in the _e_n_v___k_e_e_p list will override the value of _s_e_t___l_o_g_n_a_m_e. This flag is _o_n by default. set_utmp When enabled, ssuuddoo will create an entry in the utmp (or utmpx) file when a pseudo-tty is allocated. A pseudo- tty is allocated by ssuuddoo when the _l_o_g___i_n_p_u_t, _l_o_g___o_u_t_p_u_t or _u_s_e___p_t_y flags are enabled. By default, the new entry will be a copy of the user's existing utmp entry (if any), with the tty, time, type and pid fields updated. This flag is _o_n by default. setenv Allow the user to disable the _e_n_v___r_e_s_e_t option from the command line via the --EE option. Additionally, environment variables set via the command line are not subject to the restrictions imposed by _e_n_v___c_h_e_c_k, _e_n_v___d_e_l_e_t_e, or _e_n_v___k_e_e_p. As such, only trusted users should be allowed to set variables in this manner. This flag is _o_f_f by default. shell_noargs If set and ssuuddoo is invoked with no arguments it acts as if the --ss option had been given. That is, it runs a shell as root (the shell is determined by the SHELL environment variable if it is set, falling back on the shell listed in the invoking user's /etc/passwd entry if not). This flag is _o_f_f by default. stay_setuid Normally, when ssuuddoo executes a command the real and effective UIDs are set to the target user (root by default). This option changes that behavior such that the real UID is left as the invoking user's UID. In other words, this makes ssuuddoo act as a setuid wrapper. This can be useful on systems that disable some potentially dangerous functionality when a program is run setuid. This option is only effective on systems that support either the setreuid(2) or setresuid(2) system call. This flag is _o_f_f by default. targetpw If set, ssuuddoo will prompt for the password of the user specified by the --uu option (defaults to root) instead of the password of the invoking user. In addition, the time stamp file name will include the target user's name. Note that this flag precludes the use of a uid not listed in the passwd database as an argument to the --uu option. This flag is _o_f_f by default. tty_tickets If set, users must authenticate on a per-tty basis. With this flag enabled, ssuuddoo will use a file named for the tty the user is logged in on in the user's time stamp directory. If disabled, the time stamp of the directory is used instead. This flag is _o_n by default. umask_override If set, ssuuddoo will set the umask as specified by _s_u_d_o_e_r_s without modification. This makes it possible to specify a more permissive umask in _s_u_d_o_e_r_s than the user's own umask and matches historical behavior. If _u_m_a_s_k___o_v_e_r_r_i_d_e is not set, ssuuddoo will set the umask to be the union of the user's umask and what is specified in _s_u_d_o_e_r_s. This flag is _o_f_f by default. use_loginclass If set, ssuuddoo will apply the defaults specified for the target user's login class if one exists. Only available if ssuuddoo is configured with the --with-logincap option. This flag is _o_f_f by default. use_pty If set, ssuuddoo will run the command in a pseudo-pty even if no I/O logging is being gone. A malicious program run under ssuuddoo could conceivably fork a background process that retains to the user's terminal device after the main program has finished executing. Use of this option will make that impossible. This flag is _o_f_f by default. utmp_runas If set, ssuuddoo will store the name of the runas user when updating the utmp (or utmpx) file. By default, ssuuddoo stores the name of the invoking user. This flag is _o_f_f by default. visiblepw By default, ssuuddoo will refuse to run if the user must enter a password but it is not possible to disable echo on the terminal. If the _v_i_s_i_b_l_e_p_w flag is set, ssuuddoo will prompt for a password even when it would be visible on the screen. This makes it possible to run things like ``ssh somehost sudo ls'' since by default, ssh(1) does not allocate a tty when running a command. This flag is _o_f_f by default. IInntteeggeerrss: closefrom Before it executes a command, ssuuddoo will close all open file descriptors other than standard input, standard output and standard error (ie: file descriptors 0-2). The _c_l_o_s_e_f_r_o_m option can be used to specify a different file descriptor at which to start closing. The default is 3. passwd_tries The number of tries a user gets to enter his/her password before ssuuddoo logs the failure and exits. The default is 3. IInntteeggeerrss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt: loglinelen Number of characters per line for the file log. This value is used to decide when to wrap lines for nicer log files. This has no effect on the syslog log file, only the file log. The default is 80 (use 0 or negate the option to disable word wrap). passwd_timeout Number of minutes before the ssuuddoo password prompt times out, or 0 for no timeout. The timeout may include a fractional component if minute granularity is insufficient, for example 2.5. The default is 5. timestamp_timeout Number of minutes that can elapse before ssuuddoo will ask for a passwd again. The timeout may include a fractional component if minute granularity is insufficient, for example 2.5. The default is 5. Set this to 0 to always prompt for a password. If set to a value less than 0 the user's time stamp will never expire. This can be used to allow users to create or delete their own time stamps via ``sudo -v'' and ``sudo -k'' respectively. umask Umask to use when running the command. Negate this option or set it to 0777 to preserve the user's umask. The actual umask that is used will be the union of the user's umask and the value of the _u_m_a_s_k option, which defaults to 0022. This guarantees that ssuuddoo never lowers the umask when running a command. Note: on systems that use PAM, the default PAM configuration may specify its own umask which will override the value set in _s_u_d_o_e_r_s. SSttrriinnggss: badpass_message Message that is displayed if a user enters an incorrect password. The default is Sorry, try again. unless insults are enabled. editor A colon (`:') separated list of editors allowed to be used with vviissuuddoo. vviissuuddoo will choose the editor that matches the user's EDITOR environment variable if possible, or the first editor in the list that exists and is executable. The default is _v_i. iolog_dir The top-level directory to use when constructing the path name for the input/output log directory. Only used if the _l_o_g___i_n_p_u_t or _l_o_g___o_u_t_p_u_t options are enabled or when the LOG_INPUT or LOG_OUTPUT tags are present for a command. The session sequence number, if any, is stored in the directory. The default is _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o. The following percent (`%') escape sequences are supported: %{seq} expanded to a monotonically increasing base-36 sequence number, such as 0100A5, where every two digits are used to form a new directory, e.g. _0_1_/_0_0_/_A_5 %{user} expanded to the invoking user's login name %{group} expanded to the name of the invoking user's real group ID %{runas_user} expanded to the login name of the user the command will be run as (e.g. root) %{runas_group} expanded to the group name of the user the command will be run as (e.g. wheel) %{hostname} expanded to the local host name without the domain name %{command} expanded to the base name of the command being run In addition, any escape sequences supported by the system's strftime(3) function will be expanded. To include a literal `%' character, the string `%%' should be used. iolog_file The path name, relative to _i_o_l_o_g___d_i_r, in which to store input/output logs when the _l_o_g___i_n_p_u_t or _l_o_g___o_u_t_p_u_t options are enabled or when the LOG_INPUT or LOG_OUTPUT tags are present for a command. Note that _i_o_l_o_g___f_i_l_e may contain directory components. The default is ``%{seq}''. See the _i_o_l_o_g___d_i_r option above for a list of supported percent (`%') escape sequences. In addition to the escape sequences, path names that end in six or more Xs will have the Xs replaced with a unique combination of digits and letters, similar to the mktemp(3) function. If the path created by concatenating _i_o_l_o_g___d_i_r and _i_o_l_o_g___f_i_l_e already exists, the existing I/O log file will be truncated and overwritten unless _i_o_l_o_g___f_i_l_e ends in six or more Xs. limitprivs The default Solaris limit privileges to use when constructing a new privilege set for a command. This bounds all privileges of the executing process. The default limit privileges may be overridden on a per- command basis in _s_u_d_o_e_r_s. This option is only available if ssuuddooeerrss is built on Solaris 10 or higher. mailsub Subject of the mail sent to the _m_a_i_l_t_o user. The escape %h will expand to the host name of the machine. Default is ``*** SECURITY information for %h ***''. maxseq The maximum sequence number that will be substituted for the ``%{seq}'' escape in the I/O log file (see the _i_o_l_o_g___d_i_r description above for more information). While the value substituted for ``%{seq}'' is in base 36, _m_a_x_s_e_q itself should be expressed in decimal. Values larger than 2176782336 (which corresponds to the base 36 sequence number ``ZZZZZZ'') will be silently truncated to 2176782336. The default value is 2176782336. Once the local sequence number reaches the value of _m_a_x_s_e_q, it will ``roll over'' to zero, after which ssuuddooeerrss will truncate and re-use any existing I/O log path names. This setting is only supported by version 1.8.7 or higher. noexec_file As of ssuuddoo version 1.8.1 this option is no longer supported. The path to the noexec file should now be set in the sudo.conf(4) file. pam_login_service On systems that use PAM for authentication, this is the service name used when the --ii option is specified. The default value is ``sudo''. See the description of _p_a_m___s_e_r_v_i_c_e for more information. This setting is only supported by version 1.8.8 or higher. pam_service On systems that use PAM for authentication, the service name specifies the PAM policy to apply. This usually corresponds to an entry in the _p_a_m_._c_o_n_f file or a file in the _/_e_t_c_/_p_a_m_._d directory. The default value is ``sudo''. This setting is only supported by version 1.8.8 or higher. passprompt The default prompt to use when asking for a password; can be overridden via the --pp option or the SUDO_PROMPT environment variable. The following percent (`%') escape sequences are supported: %H expanded to the local host name including the domain name (only if the machine's host name is fully qualified or the _f_q_d_n option is set) %h expanded to the local host name without the domain name %p expanded to the user whose password is being asked for (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w and _r_u_n_a_s_p_w flags in _s_u_d_o_e_r_s) %U expanded to the login name of the user the command will be run as (defaults to root) %u expanded to the invoking user's login name %% two consecutive % characters are collapsed into a single % character The default value is ``Password:''. privs The default Solaris privileges to use when constructing a new privilege set for a command. This is passed to the executing process via the inherited privilege set, but is bounded by the limit privileges. If the _p_r_i_v_s option is specified but the _l_i_m_i_t_p_r_i_v_s option is not, the limit privileges of the executing process is set to _p_r_i_v_s. The default privileges may be overridden on a per-command basis in _s_u_d_o_e_r_s. This option is only available if ssuuddooeerrss is built on Solaris 10 or higher. role The default SELinux role to use when constructing a new security context to run the command. The default role may be overridden on a per-command basis in _s_u_d_o_e_r_s or via command line options. This option is only available when ssuuddoo is built with SELinux support. runas_default The default user to run commands as if the --uu option is not specified on the command line. This defaults to root. syslog_badpri Syslog priority to use when user authenticates unsuccessfully. Defaults to alert. The following syslog priorities are supported: aalleerrtt, ccrriitt, ddeebbuugg, eemmeerrgg, eerrrr, iinnffoo, nnoottiiccee, and wwaarrnniinngg. syslog_goodpri Syslog priority to use when user authenticates successfully. Defaults to notice. See _s_y_s_l_o_g___b_a_d_p_r_i for the list of supported syslog priorities. sudoers_locale Locale to use when parsing the sudoers file, logging commands, and sending email. Note that changing the locale may affect how sudoers is interpreted. Defaults to ``C''. timestampdir The directory in which ssuuddoo stores its time stamp files. The default is _/_v_a_r_/_a_d_m_/_s_u_d_o. timestampowner The owner of the time stamp directory and the time stamps stored therein. The default is root. type The default SELinux type to use when constructing a new security context to run the command. The default type may be overridden on a per-command basis in _s_u_d_o_e_r_s or via command line options. This option is only available when ssuuddoo is built with SELinux support. SSttrriinnggss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt: env_file The _e_n_v___f_i_l_e option specifies the fully qualified path to a file containing variables to be set in the environment of the program being run. Entries in this file should either be of the form ``VARIABLE=value'' or ``export VARIABLE=value''. The value may optionally be surrounded by single or double quotes. Variables in this file are subject to other ssuuddoo environment settings such as _e_n_v___k_e_e_p and _e_n_v___c_h_e_c_k. exempt_group Users in this group are exempt from password and PATH requirements. The group name specified should not include a % prefix. This is not set by default. group_plugin A string containing a _s_u_d_o_e_r_s group plugin with optional arguments. The string should consist of the plugin path, either fully-qualified or relative to the _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o directory, followed by any configuration arguments the plugin requires. These arguments (if any) will be passed to the plugin's initialization function. If arguments are present, the string must be enclosed in double quotes (""). For more information see GROUP PROVIDER PLUGINS. lecture This option controls when a short lecture will be printed along with the password prompt. It has the following possible values: always Always lecture the user. never Never lecture the user. once Only lecture the user the first time they run ssuuddoo. If no value is specified, a value of _o_n_c_e is implied. Negating the option results in a value of _n_e_v_e_r being used. The default value is _o_n_c_e. lecture_file Path to a file containing an alternate ssuuddoo lecture that will be used in place of the standard lecture if the named file exists. By default, ssuuddoo uses a built-in lecture. listpw This option controls when a password will be required when a user runs ssuuddoo with the --ll option. It has the following possible values: all All the user's _s_u_d_o_e_r_s entries for the current host must have the NOPASSWD flag set to avoid entering a password. always The user must always enter a password to use the --ll option. any At least one of the user's _s_u_d_o_e_r_s entries for the current host must have the NOPASSWD flag set to avoid entering a password. never The user need never enter a password to use the --ll option. If no value is specified, a value of _a_n_y is implied. Negating the option results in a value of _n_e_v_e_r being used. The default value is _a_n_y. logfile Path to the ssuuddoo log file (not the syslog log file). Setting a path turns on logging to a file; negating this option turns it off. By default, ssuuddoo logs via syslog. mailerflags Flags to use when invoking mailer. Defaults to --tt. mailerpath Path to mail program used to send warning mail. Defaults to the path to sendmail found at configure time. mailfrom Address to use for the ``from'' address when sending warning and error mail. The address should be enclosed in double quotes ("") to protect against ssuuddoo interpreting the @ sign. Defaults to the name of the user running ssuuddoo. mailto Address to send warning and error mail to. The address should be enclosed in double quotes ("") to protect against ssuuddoo interpreting the @ sign. Defaults to root. secure_path Path used for every command run from ssuuddoo. If you don't trust the people running ssuuddoo to have a sane PATH environment variable you may want to use this. Another use is if you want to have the ``root path'' be separate from the ``user path''. Users in the group specified by the _e_x_e_m_p_t___g_r_o_u_p option are not affected by _s_e_c_u_r_e___p_a_t_h. This option is not set by default. syslog Syslog facility if syslog is being used for logging (negate to disable syslog logging). Defaults to auth. The following syslog facilities are supported: aauutthhpprriivv (if your OS supports it), aauutthh, ddaaeemmoonn, uusseerr, llooccaall00, llooccaall11, llooccaall22, llooccaall33, llooccaall44, llooccaall55, llooccaall66, and llooccaall77. verifypw This option controls when a password will be required when a user runs ssuuddoo with the --vv option. It has the following possible values: all All the user's _s_u_d_o_e_r_s entries for the current host must have the NOPASSWD flag set to avoid entering a password. always The user must always enter a password to use the --vv option. any At least one of the user's _s_u_d_o_e_r_s entries for the current host must have the NOPASSWD flag set to avoid entering a password. never The user need never enter a password to use the --vv option. If no value is specified, a value of _a_l_l is implied. Negating the option results in a value of _n_e_v_e_r being used. The default value is _a_l_l. LLiissttss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt: env_check Environment variables to be removed from the user's environment if the variable's value contains `%' or `/' characters. This can be used to guard against printf- style format vulnerabilities in poorly-written programs. The argument may be a double-quoted, space- separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the =, +=, -=, and ! operators respectively. Regardless of whether the env_reset option is enabled or disabled, variables specified by env_check will be preserved in the environment if they pass the aforementioned check. The default list of environment variables to check is displayed when ssuuddoo is run by root with the --VV option. env_delete Environment variables to be removed from the user's environment when the _e_n_v___r_e_s_e_t option is not in effect. The argument may be a double-quoted, space-separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the =, +=, -=, and ! operators respectively. The default list of environment variables to remove is displayed when ssuuddoo is run by root with the --VV option. Note that many operating systems will remove potentially dangerous variables from the environment of any setuid process (such as ssuuddoo). env_keep Environment variables to be preserved in the user's environment when the _e_n_v___r_e_s_e_t option is in effect. This allows fine-grained control over the environment ssuuddoo-spawned processes will receive. The argument may be a double-quoted, space-separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the =, +=, -=, and ! operators respectively. The default list of variables to keep is displayed when ssuuddoo is run by root with the --VV option. GGRROOUUPP PPRROOVVIIDDEERR PPLLUUGGIINNSS The ssuuddooeerrss plugin supports its own plugin interface to allow non-Unix group lookups which can query a group source other than the standard Unix group database. This can be used to implement support for the nonunix_group syntax described earlier. Group provider plugins are specified via the _g_r_o_u_p___p_l_u_g_i_n Defaults setting. The argument to _g_r_o_u_p___p_l_u_g_i_n should consist of the plugin path, either fully-qualified or relative to the _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o directory, followed by any configuration options the plugin requires. These options (if specified) will be passed to the plugin's initialization function. If options are present, the string must be enclosed in double quotes (""). The following group provider plugins are installed by default: group_file The _g_r_o_u_p___f_i_l_e plugin supports an alternate group file that uses the same syntax as the _/_e_t_c_/_g_r_o_u_p file. The path to the group file should be specified as an option to the plugin. For example, if the group file to be used is _/_e_t_c_/_s_u_d_o_-_g_r_o_u_p: Defaults group_plugin="group_file.so /etc/sudo-group" system_group The _s_y_s_t_e_m___g_r_o_u_p plugin supports group lookups via the standard C library functions ggeettggrrnnaamm() and ggeettggrriidd(). This plugin can be used in instances where the user belongs to groups not present in the user's supplemental group vector. This plugin takes no options: Defaults group_plugin=system_group.so The group provider plugin API is described in detail in sudo_plugin(1m). LLOOGG FFOORRMMAATT ssuuddooeerrss can log events using either syslog(3) or a simple log file. In each case the log format is almost identical. AAcccceepptteedd ccoommmmaanndd lloogg eennttrriieess Commands that sudo runs are logged using the following format (split into multiple lines for readability): date hostname progname: username : TTY=ttyname ; PWD=cwd ; \ USER=runasuser ; GROUP=runasgroup ; TSID=logid ; \ ENV=env_vars COMMAND=command Where the fields are as follows: date The date the command was run. Typically, this is in the format ``MMM, DD, HH:MM:SS''. If logging via syslog(3), the actual date format is controlled by the syslog daemon. If logging to a file and the _l_o_g___y_e_a_r option is enabled, the date will also include the year. hostname The name of the host ssuuddoo was run on. This field is only present when logging via syslog(3). progname The name of the program, usually _s_u_d_o or _s_u_d_o_e_d_i_t. This field is only present when logging via syslog(3). username The login name of the user who ran ssuuddoo. ttyname The short name of the terminal (e.g. ``console'', ``tty01'', or ``pts/0'') ssuuddoo was run on, or ``unknown'' if there was no terminal present. cwd The current working directory that ssuuddoo was run in. runasuser The user the command was run as. runasgroup The group the command was run as if one was specified on the command line. logid An I/O log identifier that can be used to replay the command's output. This is only present when the _l_o_g___i_n_p_u_t or _l_o_g___o_u_t_p_u_t option is enabled. env_vars A list of environment variables specified on the command line, if specified. command The actual command that was executed. Messages are logged using the locale specified by _s_u_d_o_e_r_s___l_o_c_a_l_e, which defaults to the ``C'' locale. DDeenniieedd ccoommmmaanndd lloogg eennttrriieess If the user is not allowed to run the command, the reason for the denial will follow the user name. Possible reasons include: user NOT in sudoers The user is not listed in the _s_u_d_o_e_r_s file. user NOT authorized on host The user is listed in the _s_u_d_o_e_r_s file but is not allowed to run commands on the host. command not allowed The user is listed in the _s_u_d_o_e_r_s file for the host but they are not allowed to run the specified command. 3 incorrect password attempts The user failed to enter their password after 3 tries. The actual number of tries will vary based on the number of failed attempts and the value of the _p_a_s_s_w_d___t_r_i_e_s option. a password is required ssuuddoo's --nn option was specified but a password was required. sorry, you are not allowed to set the following environment variables The user specified environment variables on the command line that were not allowed by _s_u_d_o_e_r_s. EErrrroorr lloogg eennttrriieess If an error occurs, ssuuddooeerrss will log a message and, in most cases, send a message to the administrator via email. Possible errors include: parse error in /etc/sudoers near line N ssuuddooeerrss encountered an error when parsing the specified file. In some cases, the actual error may be one line above or below the line number listed, depending on the type of error. problem with defaults entries The _s_u_d_o_e_r_s file contains one or more unknown Defaults settings. This does not prevent ssuuddoo from running, but the _s_u_d_o_e_r_s file should be checked using vviissuuddoo. timestamp owner (username): No such user The time stamp directory owner, as specified by the _t_i_m_e_s_t_a_m_p_o_w_n_e_r setting, could not be found in the password database. unable to open/read /etc/sudoers The _s_u_d_o_e_r_s file could not be opened for reading. This can happen when the _s_u_d_o_e_r_s file is located on a remote file system that maps user ID 0 to a different value. Normally, ssuuddooeerrss tries to open _s_u_d_o_e_r_s using group permissions to avoid this problem. Consider either changing the ownership of _/_e_t_c_/_s_u_d_o_e_r_s or adding an argument like ``sudoers_uid=N'' (where `N' is the user ID that owns the _s_u_d_o_e_r_s file) to the end of the ssuuddooeerrss Plugin line in the sudo.conf(4) file. unable to stat /etc/sudoers The _/_e_t_c_/_s_u_d_o_e_r_s file is missing. /etc/sudoers is not a regular file The _/_e_t_c_/_s_u_d_o_e_r_s file exists but is not a regular file or symbolic link. /etc/sudoers is owned by uid N, should be 0 The _s_u_d_o_e_r_s file has the wrong owner. If you wish to change the _s_u_d_o_e_r_s file owner, please add ``sudoers_uid=N'' (where `N' is the user ID that owns the _s_u_d_o_e_r_s file) to the ssuuddooeerrss Plugin line in the sudo.conf(4) file. /etc/sudoers is world writable The permissions on the _s_u_d_o_e_r_s file allow all users to write to it. The _s_u_d_o_e_r_s file must not be world-writable, the default file mode is 0440 (readable by owner and group, writable by none). The default mode may be changed via the ``sudoers_mode'' option to the ssuuddooeerrss Plugin line in the sudo.conf(4) file. /etc/sudoers is owned by gid N, should be 1 The _s_u_d_o_e_r_s file has the wrong group ownership. If you wish to change the _s_u_d_o_e_r_s file group ownership, please add ``sudoers_gid=N'' (where `N' is the group ID that owns the _s_u_d_o_e_r_s file) to the ssuuddooeerrss Plugin line in the sudo.conf(4) file. unable to open /var/adm/sudo/username/ttyname _s_u_d_o_e_r_s was unable to read or create the user's time stamp file. unable to write to /var/adm/sudo/username/ttyname _s_u_d_o_e_r_s was unable to write to the user's time stamp file. unable to mkdir to /var/adm/sudo/username _s_u_d_o_e_r_s was unable to create the user's time stamp directory. NNootteess oonn llooggggiinngg vviiaa ssyysslloogg By default, _s_u_d_o_e_r_s logs messages via syslog(3). The _d_a_t_e, _h_o_s_t_n_a_m_e, and _p_r_o_g_n_a_m_e fields are added by the syslog daemon, not _s_u_d_o_e_r_s itself. As such, they may vary in format on different systems. On most systems, syslog(3) has a relatively small log buffer. To prevent the command line arguments from being truncated, ssuuddooeerrss will split up log messages that are larger than 960 characters (not including the date, hostname, and the string ``sudo''). When a message is split, additional parts will include the string ``(command continued)'' after the user name and before the continued command line arguments. NNootteess oonn llooggggiinngg ttoo aa ffiillee If the _l_o_g_f_i_l_e option is set, _s_u_d_o_e_r_s will log to a local file, such as _/_v_a_r_/_l_o_g_/_s_u_d_o. When logging to a file, _s_u_d_o_e_r_s uses a format similar to syslog(3), with a few important differences: 1. The _p_r_o_g_n_a_m_e and _h_o_s_t_n_a_m_e fields are not present. 2. If the _l_o_g___y_e_a_r option is enabled, the date will also include the year. 3. Lines that are longer than _l_o_g_l_i_n_e_l_e_n characters (80 by default) are word-wrapped and continued on the next line with a four character indent. This makes entries easier to read for a human being, but makes it more difficult to use grep(1) on the log files. If the _l_o_g_l_i_n_e_l_e_n option is set to 0 (or negated with a `!'), word wrap will be disabled. FFIILLEESS _/_e_t_c_/_s_u_d_o_._c_o_n_f Sudo front end configuration _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what _/_e_t_c_/_g_r_o_u_p Local groups file _/_e_t_c_/_n_e_t_g_r_o_u_p List of network groups _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o I/O log files _/_v_a_r_/_a_d_m_/_s_u_d_o Directory containing time stamps for the _s_u_d_o_e_r_s security policy _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t Initial environment for --ii mode on AIX and Linux systems EEXXAAMMPPLLEESS Below are example _s_u_d_o_e_r_s entries. Admittedly, some of these are a bit contrived. First, we allow a few environment variables to pass and then define our _a_l_i_a_s_e_s: # Run X applications through sudo; HOME is used to find the # .Xauthority file. Note that other programs use HOME to find # configuration files and this may lead to privilege escalation! Defaults env_keep += "DISPLAY HOME" # User alias specification User_Alias FULLTIMERS = millert, mikef, dowdy User_Alias PARTTIMERS = bostley, jwfox, crawl User_Alias WEBMASTERS = will, wendy, wim # Runas alias specification Runas_Alias OP = root, operator Runas_Alias DB = oracle, sybase Runas_Alias ADMINGRP = adm, oper # Host alias specification Host_Alias SPARC = bigtime, eclipse, moet, anchor :\ SGI = grolsch, dandelion, black :\ ALPHA = widget, thalamus, foobar :\ HPPA = boa, nag, python Host_Alias CUNETS = 128.138.0.0/255.255.0.0 Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 Host_Alias SERVERS = master, mail, www, ns Host_Alias CDROM = orion, perseus, hercules # Cmnd alias specification Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\ /usr/sbin/restore, /usr/sbin/rrestore,\ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \ /home/operator/bin/start_backups Cmnd_Alias KILL = /usr/bin/kill Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown Cmnd_Alias HALT = /usr/sbin/halt Cmnd_Alias REBOOT = /usr/sbin/reboot Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh,\ /usr/local/bin/tcsh, /usr/bin/rsh,\ /usr/local/bin/zsh Cmnd_Alias SU = /usr/bin/su Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less Here we override some of the compiled in default values. We want ssuuddoo to log via syslog(3) using the _a_u_t_h facility in all cases. We don't want to subject the full time staff to the ssuuddoo lecture, user mmiilllleerrtt need not give a password, and we don't want to reset the LOGNAME, USER or USERNAME environment variables when running commands as root. Additionally, on the machines in the _S_E_R_V_E_R_S Host_Alias, we keep an additional local log file and make sure we log the year in each log line since the log entries will be kept around for several years. Lastly, we disable shell escapes for the commands in the PAGERS Cmnd_Alias (_/_u_s_r_/_b_i_n_/_m_o_r_e, _/_u_s_r_/_b_i_n_/_p_g and _/_u_s_r_/_b_i_n_/_l_e_s_s). Note that this will not effectively constrain users with ssuuddoo AALLLL privileges. # Override built-in defaults Defaults syslog=auth Defaults>root !set_logname Defaults:FULLTIMERS !lecture Defaults:millert !authenticate Defaults@SERVERS log_year, logfile=/var/log/sudo.log Defaults!PAGERS noexec The _U_s_e_r _s_p_e_c_i_f_i_c_a_t_i_o_n is the part that actually determines who may run what. root ALL = (ALL) ALL %wheel ALL = (ALL) ALL We let rroooott and any user in group wwhheeeell run any command on any host as any user. FULLTIMERS ALL = NOPASSWD: ALL Full time sysadmins (mmiilllleerrtt, mmiikkeeff, and ddoowwddyy) may run any command on any host without authenticating themselves. PARTTIMERS ALL = ALL Part time sysadmins bboossttlleeyy, jjwwffooxx, and ccrraawwll) may run any command on any host but they must authenticate themselves first (since the entry lacks the NOPASSWD tag). jack CSNETS = ALL The user jjaacckk may run any command on the machines in the _C_S_N_E_T_S alias (the networks 128.138.243.0, 128.138.204.0, and 128.138.242.0). Of those networks, only 128.138.204.0 has an explicit netmask (in CIDR notation) indicating it is a class C network. For the other networks in _C_S_N_E_T_S, the local machine's netmask will be used during matching. lisa CUNETS = ALL The user lliissaa may run any command on any host in the _C_U_N_E_T_S alias (the class B network 128.138.0.0). operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\ sudoedit /etc/printcap, /usr/oper/bin/ The ooppeerraattoorr user may run commands limited to simple maintenance. Here, those are commands related to backups, killing processes, the printing system, shutting down the system, and any commands in the directory _/_u_s_r_/_o_p_e_r_/_b_i_n_/. Note that one command in the DUMPS Cmnd_Alias includes a sha224 digest, _/_h_o_m_e_/_o_p_e_r_a_t_o_r_/_b_i_n_/_s_t_a_r_t___b_a_c_k_u_p_s. This is because the directory containing the script is writable by the operator user. If the script is modified (resulting in a digest mismatch) it will no longer be possible to run it via ssuuddoo. joe ALL = /usr/bin/su operator The user jjooee may only su(1) to operator. pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root %opers ALL = (: ADMINGRP) /usr/sbin/ Users in the ooppeerrss group may run commands in _/_u_s_r_/_s_b_i_n_/ as themselves with any group in the _A_D_M_I_N_G_R_P Runas_Alias (the aaddmm and ooppeerr groups). The user ppeettee is allowed to change anyone's password except for root on the _H_P_P_A machines. Note that this assumes passwd(1) does not take multiple user names on the command line. bob SPARC = (OP) ALL : SGI = (OP) ALL The user bboobb may run anything on the _S_P_A_R_C and _S_G_I machines as any user listed in the _O_P Runas_Alias (rroooott and ooppeerraattoorr.) jim +biglab = ALL The user jjiimm may run any command on machines in the _b_i_g_l_a_b netgroup. ssuuddoo knows that ``biglab'' is a netgroup due to the `+' prefix. +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser Users in the sseeccrreettaarriieess netgroup need to help manage the printers as well as add and remove users, so they are allowed to run those commands on all machines. fred ALL = (DB) NOPASSWD: ALL The user ffrreedd can run commands as any user in the _D_B Runas_Alias (oorraaccllee or ssyybbaassee) without giving a password. john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* On the _A_L_P_H_A machines, user jjoohhnn may su to anyone except root but he is not allowed to specify any options to the su(1) command. jen ALL, !SERVERS = ALL The user jjeenn may run any command on any machine except for those in the _S_E_R_V_E_R_S Host_Alias (master, mail, www and ns). jill SERVERS = /usr/bin/, !SU, !SHELLS For any machine in the _S_E_R_V_E_R_S Host_Alias, jjiillll may run any commands in the directory _/_u_s_r_/_b_i_n_/ except for those commands belonging to the _S_U and _S_H_E_L_L_S Cmnd_Aliases. While not specifically mentioned in the rule, the commands in the _P_A_G_E_R_S Cmnd_Alias all reside in _/_u_s_r_/_b_i_n and have the _n_o_e_x_e_c option set. steve CSNETS = (operator) /usr/local/op_commands/ The user sstteevvee may run any command in the directory /usr/local/op_commands/ but only as user operator. matt valkyrie = KILL On his personal workstation, valkyrie, mmaatttt needs to be able to kill hung processes. WEBMASTERS www = (www) ALL, (root) /usr/bin/su www On the host www, any user in the _W_E_B_M_A_S_T_E_R_S User_Alias (will, wendy, and wim), may run any command as user www (which owns the web pages) or simply su(1) to www. ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\ /sbin/mount -o nosuid,nodev /dev/cd0a /CDROM Any user may mount or unmount a CD-ROM on the machines in the CDROM Host_Alias (orion, perseus, hercules) without entering a password. This is a bit tedious for users to type, so it is a prime candidate for encapsulating in a shell script. SSEECCUURRIITTYY NNOOTTEESS LLiimmiittaattiioonnss ooff tthhee ``!!'' ooppeerraattoorr It is generally not effective to ``subtract'' commands from AALLLL using the `!' operator. A user can trivially circumvent this by copying the desired command to a different name and then executing that. For example: bill ALL = ALL, !SU, !SHELLS Doesn't really prevent bbiillll from running the commands listed in _S_U or _S_H_E_L_L_S since he can simply copy those commands to a different name, or use a shell escape from an editor or other program. Therefore, these kind of restrictions should be considered advisory at best (and reinforced by policy). In general, if a user has sudo AALLLL there is nothing to prevent them from creating their own program that gives them a root shell (or making their own copy of a shell) regardless of any `!' elements in the user specification. SSeeccuurriittyy iimmpplliiccaattiioonnss ooff _f_a_s_t___g_l_o_b If the _f_a_s_t___g_l_o_b option is in use, it is not possible to reliably negate commands where the path name includes globbing (aka wildcard) characters. This is because the C library's fnmatch(3) function cannot resolve relative paths. While this is typically only an inconvenience for rules that grant privileges, it can result in a security issue for rules that subtract or revoke privileges. For example, given the following _s_u_d_o_e_r_s entry: john ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*,\ /usr/bin/chfn [a-zA-Z0-9]*, !/usr/bin/* root User jjoohhnn can still run /usr/bin/passwd root if _f_a_s_t___g_l_o_b is enabled by changing to _/_u_s_r_/_b_i_n and running ./passwd root instead. PPrreevveennttiinngg sshheellll eessccaappeess Once ssuuddoo executes a program, that program is free to do whatever it pleases, including run other programs. This can be a security issue since it is not uncommon for a program to allow shell escapes, which lets a user bypass ssuuddoo's access control and logging. Common programs that permit shell escapes include shells (obviously), editors, paginators, mail and terminal programs. There are two basic approaches to this problem: restrict Avoid giving users access to commands that allow the user to run arbitrary commands. Many editors have a restricted mode where shell escapes are disabled, though ssuuddooeeddiitt is a better solution to running editors via ssuuddoo. Due to the large number of programs that offer shell escapes, restricting users to the set of programs that do not is often unworkable. noexec Many systems that support shared libraries have the ability to override default library functions by pointing an environment variable (usually LD_PRELOAD) to an alternate shared library. On such systems, ssuuddoo's _n_o_e_x_e_c functionality can be used to prevent a program run by ssuuddoo from executing any other programs. Note, however, that this applies only to native dynamically-linked executables. Statically-linked executables and foreign executables running under binary emulation are not affected. The _n_o_e_x_e_c feature is known to work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX, MacOS X, HP-UX 11.x and AIX 5.3 and above. It should be supported on most operating systems that support the LD_PRELOAD environment variable. Check your operating system's manual pages for the dynamic linker (usually ld.so, ld.so.1, dyld, dld.sl, rld, or loader) to see if LD_PRELOAD is supported. On Solaris 10 and higher, _n_o_e_x_e_c uses Solaris privileges instead of the LD_PRELOAD environment variable. To enable _n_o_e_x_e_c for a command, use the NOEXEC tag as documented in the User Specification section above. Here is that example again: aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi This allows user aaaarroonn to run _/_u_s_r_/_b_i_n_/_m_o_r_e and _/_u_s_r_/_b_i_n_/_v_i with _n_o_e_x_e_c enabled. This will prevent those two commands from executing other commands (such as a shell). If you are unsure whether or not your system is capable of supporting _n_o_e_x_e_c you can always just try it out and check whether shell escapes work when _n_o_e_x_e_c is enabled. Note that restricting shell escapes is not a panacea. Programs running as root are still capable of many potentially hazardous operations (such as changing or overwriting files) that could lead to unintended privilege escalation. In the specific case of an editor, a safer approach is to give the user permission to run ssuuddooeeddiitt (see below). SSeeccuurree eeddiittiinngg The _s_u_d_o_e_r_s plugin includes ssuuddooeeddiitt support which allows users to securely edit files with the editor of their choice. As ssuuddooeeddiitt is a built-in command, it must be specified in _s_u_d_o_e_r_s without a leading path. However, it may take command line arguments just as a normal command does. For example, to allow user operator to edit the ``message of the day'' file: operator sudoedit /etc/motd The operator user then runs ssuuddooeeddiitt as follows: $ sudoedit /etc/motd The editor will run as the operator user, not root, on a temporary copy of _/_e_t_c_/_m_o_t_d. After the file has been edited, _/_e_t_c_/_m_o_t_d will be updated with the contents of the temporary copy. TTiimmee ssttaammpp ffiillee cchheecckkss _s_u_d_o_e_r_s will check the ownership of its time stamp directory (_/_v_a_r_/_a_d_m_/_s_u_d_o by default) and ignore the directory's contents if it is not owned by root or if it is writable by a user other than root. On systems that allow non-root users to give away files via chown(2), if the time stamp directory is located in a world-writable directory (e.g., _/_t_m_p), it is possible for a user to create the time stamp directory before ssuuddoo is run. However, because _s_u_d_o_e_r_s checks the ownership and mode of the directory and its contents, the only damage that can be done is to ``hide'' files by putting them in the time stamp dir. This is unlikely to happen since once the time stamp dir is owned by root and inaccessible by any other user, the user placing files there would be unable to get them back out. _s_u_d_o_e_r_s will not honor time stamps set far in the future. Time stamps with a date greater than current_time + 2 * TIMEOUT will be ignored and sudo will log and complain. This is done to keep a user from creating his/her own time stamp with a bogus date on systems that allow users to give away files if the time stamp directory is located in a world- writable directory. On systems where the boot time is available, _s_u_d_o_e_r_s will ignore time stamps that date from before the machine booted. Since time stamp files live in the file system, they can outlive a user's login session. As a result, a user may be able to login, run a command with ssuuddoo after authenticating, logout, login again, and run ssuuddoo without authenticating so long as the time stamp file's modification time is within 5 minutes (or whatever the timeout is set to in _s_u_d_o_e_r_s). When the _t_t_y___t_i_c_k_e_t_s option is enabled, the time stamp has per-tty granularity but still may outlive the user's session. On Linux systems where the devpts filesystem is used, Solaris systems with the devices filesystem, as well as other systems that utilize a devfs filesystem that monotonically increase the inode number of devices as they are created (such as Mac OS X), _s_u_d_o_e_r_s is able to determine when a tty-based time stamp file is stale and will ignore it. Administrators should not rely on this feature as it is not universally available. DDEEBBUUGGGGIINNGG Versions 1.8.4 and higher of the ssuuddooeerrss plugin support a flexible debugging framework that can help track down what the plugin is doing internally if there is a problem. This can be configured in the sudo.conf(4) file. The ssuuddooeerrss plugin uses the same debug flag format as the ssuuddoo front-end: _s_u_b_s_y_s_t_e_m@_p_r_i_o_r_i_t_y. The priorities used by ssuuddooeerrss, in order of decreasing severity, are: _c_r_i_t, _e_r_r, _w_a_r_n, _n_o_t_i_c_e, _d_i_a_g, _i_n_f_o, _t_r_a_c_e and _d_e_b_u_g. Each priority, when specified, also includes all priorities higher than it. For example, a priority of _n_o_t_i_c_e would include debug messages logged at _n_o_t_i_c_e and higher. The following subsystems are used by the ssuuddooeerrss plugin: _a_l_i_a_s User_Alias, Runas_Alias, Host_Alias and Cmnd_Alias processing _a_l_l matches every subsystem _a_u_d_i_t BSM and Linux audit code _a_u_t_h user authentication _d_e_f_a_u_l_t_s _s_u_d_o_e_r_s _D_e_f_a_u_l_t_s settings _e_n_v environment handling _l_d_a_p LDAP-based sudoers _l_o_g_g_i_n_g logging support _m_a_t_c_h matching of users, groups, hosts and netgroups in _s_u_d_o_e_r_s _n_e_t_i_f network interface handling _n_s_s network service switch handling in _s_u_d_o_e_r_s _p_a_r_s_e_r _s_u_d_o_e_r_s file parsing _p_e_r_m_s permission setting _p_l_u_g_i_n The equivalent of _m_a_i_n for the plugin. _p_t_y pseudo-tty related code _r_b_t_r_e_e redblack tree internals _s_s_s_d SSSD-based sudoers _u_t_i_l utility functions For example: Debug sudo /var/log/sudo_debug match@info,nss@info For more information, see the sudo.conf(4) manual. SSEEEE AALLSSOO ssh(1), su(1), fnmatch(3), glob(3), mktemp(3), strftime(3), sudo.conf(4), sudoers.ldap(4), sudo_plugin(1m), sudo(1m), visudo(1m) CCAAVVEEAATTSS The _s_u_d_o_e_r_s file should aallwwaayyss be edited by the vviissuuddoo command which locks the file and does grammatical checking. It is imperative that _s_u_d_o_e_r_s be free of syntax errors since ssuuddoo will not run with a syntactically incorrect _s_u_d_o_e_r_s file. When using netgroups of machines (as opposed to users), if you store fully qualified host name in the netgroup (as is usually the case), you either need to have the machine's host name be fully qualified as returned by the hostname command or use the _f_q_d_n option in _s_u_d_o_e_r_s. BBUUGGSS If you feel you have found a bug in ssuuddoo, please submit a bug report at http://www.sudo.ws/sudo/bugs/ SSUUPPPPOORRTT Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. DDIISSCCLLAAIIMMEERR ssuuddoo is provided ``AS IS'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. Sudo 1.8.9 January 1, 2014 Sudo 1.8.9 sudo-1.8.9p5/doc/sudoers.ldap.cat010064400175440000012000001203261226304127600162140ustar00millertstaffSUDOERS.LDAP(1m) System Manager's Manual SUDOERS.LDAP(1m) NNAAMMEE ssuuddooeerrss..llddaapp - sudo LDAP configuration DDEESSCCRRIIPPTTIIOONN In addition to the standard _s_u_d_o_e_r_s file, ssuuddoo may be configured via LDAP. This can be especially useful for synchronizing _s_u_d_o_e_r_s in a large, distributed environment. Using LDAP for _s_u_d_o_e_r_s has several benefits: oo ssuuddoo no longer needs to read _s_u_d_o_e_r_s in its entirety. When LDAP is used, there are only two or three LDAP queries per invocation. This makes it especially fast and particularly usable in LDAP environments. oo ssuuddoo no longer exits if there is a typo in _s_u_d_o_e_r_s. It is not possible to load LDAP data into the server that does not conform to the sudoers schema, so proper syntax is guaranteed. It is still possible to have typos in a user or host name, but this will not prevent ssuuddoo from running. oo It is possible to specify per-entry options that override the global default options. _/_e_t_c_/_s_u_d_o_e_r_s only supports default options and limited options associated with user/host/commands/aliases. The syntax is complicated and can be difficult for users to understand. Placing the options directly in the entry is more natural. oo The vviissuuddoo program is no longer needed. vviissuuddoo provides locking and syntax checking of the _/_e_t_c_/_s_u_d_o_e_r_s file. Since LDAP updates are atomic, locking is no longer necessary. Because syntax is checked when the data is inserted into LDAP, there is no need for a specialized tool to check syntax. Another major difference between LDAP and file-based _s_u_d_o_e_r_s is that in LDAP, ssuuddoo-specific Aliases are not supported. For the most part, there is really no need for ssuuddoo-specific Aliases. Unix groups, non-Unix groups (via the _g_r_o_u_p___p_l_u_g_i_n) or user netgroups can be used in place of User_Aliases and Runas_Aliases. Host netgroups can be used in place of Host_Aliases. Since groups and netgroups can also be stored in LDAP there is no real need for ssuuddoo-specific aliases. Cmnd_Aliases are not really required either since it is possible to have multiple users listed in a sudoRole. Instead of defining a Cmnd_Alias that is referenced by multiple users, one can create a sudoRole that contains the commands and assign multiple users to it. SSUUDDOOeerrss LLDDAAPP ccoonnttaaiinneerr The _s_u_d_o_e_r_s configuration is contained in the ou=SUDOers LDAP container. Sudo first looks for the cn=default entry in the SUDOers container. If found, the multi-valued sudoOption attribute is parsed in the same manner as a global Defaults line in _/_e_t_c_/_s_u_d_o_e_r_s. In the following example, the SSH_AUTH_SOCK variable will be preserved in the environment for all users. dn: cn=defaults,ou=SUDOers,dc=example,dc=com objectClass: top objectClass: sudoRole cn: defaults description: Default sudoOption's go here sudoOption: env_keep+=SSH_AUTH_SOCK The equivalent of a sudoer in LDAP is a sudoRole. It consists of the following attributes: ssuuddooUUsseerr A user name, user ID (prefixed with `#'), Unix group name or ID (prefixed with `%' or `%#' respectively), user netgroup (prefixed with `+'), or non-Unix group name or ID (prefixed with `%:' or `%:#' respectively). Non-Unix group support is only available when an appropriate _g_r_o_u_p___p_l_u_g_i_n is defined in the global _d_e_f_a_u_l_t_s sudoRole object. ssuuddooHHoosstt A host name, IP address, IP network, or host netgroup (prefixed with a `+'). The special value ALL will match any host. ssuuddooCCoommmmaanndd A fully-qualified Unix command name with optional command line arguments, potentially including globbing characters (aka wild cards). If a command name is preceded by an exclamation point, `!', the user will be prohibited from running that command. The built-in command ``sudoedit'' is used to permit a user to run ssuuddoo with the --ee option (or as ssuuddooeeddiitt). It may take command line arguments just as a normal command does. Note that ``sudoedit'' is a command built into ssuuddoo itself and must be specified in without a leading path. The special value ALL will match any command. If a command name is prefixed with a SHA-2 digest, it will only be allowed if the digest matches. This may be useful in situations where the user invoking ssuuddoo has write access to the command or its parent directory. The following digest formats are supported: sha224, sha256, sha384 and sha512. The digest name must be followed by a colon (`:') and then the actual digest, in either hex or base64 format. For example, given the following value for sudoCommand: sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ /bin/ls The user may only run _/_b_i_n_/_l_s if its sha224 digest matches the specified value. Command digests are only supported by version 1.8.7 or higher. ssuuddooOOppttiioonn Identical in function to the global options described above, but specific to the sudoRole in which it resides. ssuuddooRRuunnAAssUUsseerr A user name or uid (prefixed with `#') that commands may be run as or a Unix group (prefixed with a `%') or user netgroup (prefixed with a `+') that contains a list of users that commands may be run as. The special value ALL will match any user. The sudoRunAsUser attribute is only available in ssuuddoo versions 1.7.0 and higher. Older versions of ssuuddoo use the sudoRunAs attribute instead. ssuuddooRRuunnAAssGGrroouupp A Unix group or gid (prefixed with `#') that commands may be run as. The special value ALL will match any group. The sudoRunAsGroup attribute is only available in ssuuddoo versions 1.7.0 and higher. ssuuddooNNoottBBeeffoorree A timestamp in the form yyyymmddHHMMSSZ that can be used to provide a start date/time for when the sudoRole will be valid. If multiple sudoNotBefore entries are present, the earliest is used. Note that timestamps must be in Coordinated Universal Time (UTC), not the local timezone. The minute and seconds portions are optional, but some LDAP servers require that they be present (contrary to the RFC). The sudoNotBefore attribute is only available in ssuuddoo versions 1.7.5 and higher and must be explicitly enabled via the SSUUDDOOEERRSS__TTIIMMEEDD option in _/_e_t_c_/_l_d_a_p_._c_o_n_f. ssuuddooNNoottAAfftteerr A timestamp in the form yyyymmddHHMMSSZ that indicates an expiration date/time, after which the sudoRole will no longer be valid. If multiple sudoNotBefore entries are present, the last one is used. Note that timestamps must be in Coordinated Universal Time (UTC), not the local timezone. The minute and seconds portions are optional, but some LDAP servers require that they be present (contrary to the RFC). The sudoNotAfter attribute is only available in ssuuddoo versions 1.7.5 and higher and must be explicitly enabled via the SSUUDDOOEERRSS__TTIIMMEEDD option in _/_e_t_c_/_l_d_a_p_._c_o_n_f. ssuuddooOOrrddeerr The sudoRole entries retrieved from the LDAP directory have no inherent order. The sudoOrder attribute is an integer (or floating point value for LDAP servers that support it) that is used to sort the matching entries. This allows LDAP-based sudoers entries to more closely mimic the behavior of the sudoers file, where the of the entries influences the result. If multiple entries match, the entry with the highest sudoOrder attribute is chosen. This corresponds to the ``last match'' behavior of the sudoers file. If the sudoOrder attribute is not present, a value of 0 is assumed. The sudoOrder attribute is only available in ssuuddoo versions 1.7.5 and higher. Each attribute listed above should contain a single value, but there may be multiple instances of each attribute type. A sudoRole must contain at least one sudoUser, sudoHost and sudoCommand. The following example allows users in group wheel to run any command on any host via ssuuddoo: dn: cn=%wheel,ou=SUDOers,dc=example,dc=com objectClass: top objectClass: sudoRole cn: %wheel sudoUser: %wheel sudoHost: ALL sudoCommand: ALL AAnnaattoommyy ooff LLDDAAPP ssuuddooeerrss llooookkuupp When looking up a sudoer using LDAP there are only two or three LDAP queries per invocation. The first query is to parse the global options. The second is to match against the user's name and the groups that the user belongs to. (The special ALL tag is matched in this query too.) If no match is returned for the user's name and groups, a third query returns all entries containing user netgroups and checks to see if the user belongs to any of them. If timed entries are enabled with the SSUUDDOOEERRSS__TTIIMMEEDD configuration directive, the LDAP queries include a sub-filter that limits retrieval to entries that satisfy the time constraints, if any. DDiiffffeerreenncceess bbeettwweeeenn LLDDAAPP aanndd nnoonn--LLDDAAPP ssuuddooeerrss There are some subtle differences in the way sudoers is handled once in LDAP. Probably the biggest is that according to the RFC, LDAP ordering is arbitrary and you cannot expect that Attributes and Entries are returned in any specific order. The order in which different entries are applied can be controlled using the sudoOrder attribute, but there is no way to guarantee the order of attributes within a specific entry. If there are conflicting command rules in an entry, the negative takes precedence. This is called paranoid behavior (not necessarily the most specific match). Here is an example: # /etc/sudoers: # Allow all commands except shell johnny ALL=(root) ALL,!/bin/sh # Always allows all commands because ALL is matched last puddles ALL=(root) !/bin/sh,ALL # LDAP equivalent of johnny # Allows all commands except shell dn: cn=role1,ou=Sudoers,dc=my-domain,dc=com objectClass: sudoRole objectClass: top cn: role1 sudoUser: johnny sudoHost: ALL sudoCommand: ALL sudoCommand: !/bin/sh # LDAP equivalent of puddles # Notice that even though ALL comes last, it still behaves like # role1 since the LDAP code assumes the more paranoid configuration dn: cn=role2,ou=Sudoers,dc=my-domain,dc=com objectClass: sudoRole objectClass: top cn: role2 sudoUser: puddles sudoHost: ALL sudoCommand: !/bin/sh sudoCommand: ALL Another difference is that negations on the Host, User or Runas are currently ignored. For example, the following attributes do not behave the way one might expect. # does not match all but joe # rather, does not match anyone sudoUser: !joe # does not match all but joe # rather, matches everyone including Joe sudoUser: ALL sudoUser: !joe # does not match all but web01 # rather, matches all hosts including web01 sudoHost: ALL sudoHost: !web01 SSuuddooeerrss sscchheemmaa In order to use ssuuddoo's LDAP support, the ssuuddoo schema must be installed on your LDAP server. In addition, be sure to index the sudoUser attribute. Three versions of the schema: one for OpenLDAP servers (_s_c_h_e_m_a_._O_p_e_n_L_D_A_P), one for Netscape-derived servers (_s_c_h_e_m_a_._i_P_l_a_n_e_t), and one for Microsoft Active Directory (_s_c_h_e_m_a_._A_c_t_i_v_e_D_i_r_e_c_t_o_r_y) may be found in the ssuuddoo distribution. The schema for ssuuddoo in OpenLDAP form is also included in the _E_X_A_M_P_L_E_S section. CCoonnffiigguurriinngg llddaapp..ccoonnff Sudo reads the _/_e_t_c_/_l_d_a_p_._c_o_n_f file for LDAP-specific configuration. Typically, this file is shared between different LDAP-aware clients. As such, most of the settings are not ssuuddoo-specific. Note that ssuuddoo parses _/_e_t_c_/_l_d_a_p_._c_o_n_f itself and may support options that differ from those described in the system's ldap.conf(1m) manual. The path to _l_d_a_p_._c_o_n_f may be overridden via the _l_d_a_p___c_o_n_f plugin argument in sudo.conf(4). Also note that on systems using the OpenLDAP libraries, default values specified in _/_e_t_c_/_o_p_e_n_l_d_a_p_/_l_d_a_p_._c_o_n_f or the user's _._l_d_a_p_r_c files are not used. Only those options explicitly listed in _/_e_t_c_/_l_d_a_p_._c_o_n_f as being supported by ssuuddoo are honored. Configuration options are listed below in upper case but are parsed in a case-independent manner. The pound sign (`#') is used to indicate a comment. Both the comment character and any text after it, up to the end of the line, are ignored. Long lines can be continued with a backslash (`\') as the last character on the line. Note that leading white space is removed from the beginning of lines even when the continuation character is used. UURRII _l_d_a_p_[_s_]_:_/_/_[_h_o_s_t_n_a_m_e_[_:_p_o_r_t_]_] _._._. Specifies a white space-delimited list of one or more URIs describing the LDAP server(s) to connect to. The _p_r_o_t_o_c_o_l may be either _l_d_a_p _l_d_a_p_s, the latter being for servers that support TLS (SSL) encryption. If no _p_o_r_t is specified, the default is port 389 for ldap:// or port 636 for ldaps://. If no _h_o_s_t_n_a_m_e is specified, ssuuddoo will connect to _l_o_c_a_l_h_o_s_t. Multiple UURRII lines are treated identically to a UURRII line containing multiple entries. Only systems using the OpenSSL libraries support the mixing of ldap:// and ldaps:// URIs. Both the Netscape-derived and Tivoli LDAP libraries used on most commercial versions of Unix are only capable of supporting one or the other. HHOOSSTT _n_a_m_e_[_:_p_o_r_t_] _._._. If no UURRII is specified, the HHOOSSTT parameter specifies a white space- delimited list of LDAP servers to connect to. Each host may include an optional _p_o_r_t separated by a colon (`:'). The HHOOSSTT parameter is deprecated in favor of the UURRII specification and is included for backwards compatibility. PPOORRTT _p_o_r_t___n_u_m_b_e_r If no UURRII is specified, the PPOORRTT parameter specifies the default port to connect to on the LDAP server if a HHOOSSTT parameter does not specify the port itself. If no PPOORRTT parameter is used, the default is port 389 for LDAP and port 636 for LDAP over TLS (SSL). The PPOORRTT parameter is deprecated in favor of the UURRII specification and is included for backwards compatibility. BBIINNDD__TTIIMMEELLIIMMIITT _s_e_c_o_n_d_s The BBIINNDD__TTIIMMEELLIIMMIITT parameter specifies the amount of time, in seconds, to wait while trying to connect to an LDAP server. If multiple UURRIIs or HHOOSSTTs are specified, this is the amount of time to wait before trying the next one in the list. NNEETTWWOORRKK__TTIIMMEEOOUUTT _s_e_c_o_n_d_s An alias for BBIINNDD__TTIIMMEELLIIMMIITT for OpenLDAP compatibility. TTIIMMEELLIIMMIITT _s_e_c_o_n_d_s The TTIIMMEELLIIMMIITT parameter specifies the amount of time, in seconds, to wait for a response to an LDAP query. TTIIMMEEOOUUTT _s_e_c_o_n_d_s The TTIIMMEEOOUUTT parameter specifies the amount of time, in seconds, to wait for a response from the various LDAP APIs. SSUUDDOOEERRSS__BBAASSEE _b_a_s_e The base DN to use when performing ssuuddoo LDAP queries. Typically this is of the form ou=SUDOers,dc=example,dc=com for the domain example.com. Multiple SSUUDDOOEERRSS__BBAASSEE lines may be specified, in which case they are queried in the order specified. SSUUDDOOEERRSS__SSEEAARRCCHH__FFIILLTTEERR _l_d_a_p___f_i_l_t_e_r An LDAP filter which is used to restrict the set of records returned when performing a ssuuddoo LDAP query. Typically, this is of the form attribute=value or (&(attribute=value)(attribute2=value2)). SSUUDDOOEERRSS__TTIIMMEEDD _o_n_/_t_r_u_e_/_y_e_s_/_o_f_f_/_f_a_l_s_e_/_n_o Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes that implement time-dependent sudoers entries. SSUUDDOOEERRSS__DDEEBBUUGG _d_e_b_u_g___l_e_v_e_l This sets the debug level for ssuuddoo LDAP queries. Debugging information is printed to the standard error. A value of 1 results in a moderate amount of debugging information. A value of 2 shows the results of the matches themselves. This parameter should not be set in a production environment as the extra information is likely to confuse users. The SSUUDDOOEERRSS__DDEEBBUUGG parameter is deprecated and will be removed in a future release. The same information is now logged via the ssuuddoo debugging framework using the ``ldap'' subsystem at priorities _d_i_a_g and _i_n_f_o for _d_e_b_u_g___l_e_v_e_l values 1 and 2 respectively. See the sudo.conf(4) manual for details on how to configure ssuuddoo debugging. BBIINNDDDDNN _D_N The BBIINNDDDDNN parameter specifies the identity, in the form of a Distinguished Name (DN), to use when performing LDAP operations. If not specified, LDAP operations are performed with an anonymous identity. By default, most LDAP servers will allow anonymous access. BBIINNDDPPWW _s_e_c_r_e_t The BBIINNDDPPWW parameter specifies the password to use when performing LDAP operations. This is typically used in conjunction with the BBIINNDDDDNN parameter. RROOOOTTBBIINNDDDDNN _D_N The RROOOOTTBBIINNDDDDNN parameter specifies the identity, in the form of a Distinguished Name (DN), to use when performing privileged LDAP operations, such as _s_u_d_o_e_r_s queries. The password corresponding to the identity should be stored in the or the path specified by the _l_d_a_p___s_e_c_r_e_t plugin argument in sudo.conf(4), which defaults to _/_e_t_c_/_l_d_a_p_._s_e_c_r_e_t. If no RROOOOTTBBIINNDDDDNN is specified, the BBIINNDDDDNN identity is used (if any). LLDDAAPP__VVEERRSSIIOONN _n_u_m_b_e_r The version of the LDAP protocol to use when connecting to the server. The default value is protocol version 3. SSSSLL _o_n_/_t_r_u_e_/_y_e_s_/_o_f_f_/_f_a_l_s_e_/_n_o If the SSSSLL parameter is set to on, true or yes, TLS (SSL) encryption is always used when communicating with the LDAP server. Typically, this involves connecting to the server on port 636 (ldaps). SSSSLL _s_t_a_r_t___t_l_s If the SSSSLL parameter is set to start_tls, the LDAP server connection is initiated normally and TLS encryption is begun before the bind credentials are sent. This has the advantage of not requiring a dedicated port for encrypted communications. This parameter is only supported by LDAP servers that honor the _s_t_a_r_t___t_l_s extension, such as the OpenLDAP and Tivoli Directory servers. TTLLSS__CCHHEECCKKPPEEEERR _o_n_/_t_r_u_e_/_y_e_s_/_o_f_f_/_f_a_l_s_e_/_n_o If enabled, TTLLSS__CCHHEECCKKPPEEEERR will cause the LDAP server's TLS certificated to be verified. If the server's TLS certificate cannot be verified (usually because it is signed by an unknown certificate authority), ssuuddoo will be unable to connect to it. If TTLLSS__CCHHEECCKKPPEEEERR is disabled, no check is made. Note that disabling the check creates an opportunity for man-in-the-middle attacks since the server's identity will not be authenticated. If possible, the CA's certificate should be installed locally so it can be verified. This option is not supported by the Tivoli Directory Server LDAP libraries. TTLLSS__CCAACCEERRTT _f_i_l_e _n_a_m_e An alias for TTLLSS__CCAACCEERRTTFFIILLEE for OpenLDAP compatibility. TTLLSS__CCAACCEERRTTFFIILLEE _f_i_l_e _n_a_m_e The path to a certificate authority bundle which contains the certificates for all the Certificate Authorities the client knows to be valid, e.g. _/_e_t_c_/_s_s_l_/_c_a_-_b_u_n_d_l_e_._p_e_m. This option is only supported by the OpenLDAP libraries. Netscape-derived LDAP libraries use the same certificate database for CA and client certificates (see TTLLSS__CCEERRTT). TTLLSS__CCAACCEERRTTDDIIRR _d_i_r_e_c_t_o_r_y Similar to TTLLSS__CCAACCEERRTTFFIILLEE but instead of a file, it is a directory containing individual Certificate Authority certificates, e.g. _/_e_t_c_/_s_s_l_/_c_e_r_t_s. The directory specified by TTLLSS__CCAACCEERRTTDDIIRR is checked after TTLLSS__CCAACCEERRTTFFIILLEE. This option is only supported by the OpenLDAP libraries. TTLLSS__CCEERRTT _f_i_l_e _n_a_m_e The path to a file containing the client certificate which can be used to authenticate the client to the LDAP server. The certificate type depends on the LDAP libraries used. OpenLDAP: tls_cert /etc/ssl/client_cert.pem Netscape-derived: tls_cert /var/ldap/cert7.db Tivoli Directory Server: Unused, the key database specified by TTLLSS__KKEEYY contains both keys and certificates. When using Netscape-derived libraries, this file may also contain Certificate Authority certificates. TTLLSS__KKEEYY _f_i_l_e _n_a_m_e The path to a file containing the private key which matches the certificate specified by TTLLSS__CCEERRTT. The private key must not be password-protected. The key type depends on the LDAP libraries used. OpenLDAP: tls_key /etc/ssl/client_key.pem Netscape-derived: tls_key /var/ldap/key3.db Tivoli Directory Server: tls_key /usr/ldap/ldapkey.kdb When using Tivoli LDAP libraries, this file may also contain Certificate Authority and client certificates and may be encrypted. TTLLSS__KKEEYYPPWW _s_e_c_r_e_t The TTLLSS__KKEEYYPPWW contains the password used to decrypt the key database on clients using the Tivoli Directory Server LDAP library. This should be a simple string without quotes. The password may not include the comment character (`#') and escaping of special characters with a backslash (`\') is not supported. If this option is used, _/_e_t_c_/_l_d_a_p_._c_o_n_f must not be world-readable to avoid exposing the password. Alternately, a _s_t_a_s_h _f_i_l_e can be used to store the password in encrypted form (see below). If no TTLLSS__KKEEYYPPWW is specified, a _s_t_a_s_h _f_i_l_e will be used if it exists. The _s_t_a_s_h _f_i_l_e must have the same path as the file specified by TTLLSS__KKEEYY, but use a .sth file extension instead of .kdb, e.g. ldapkey.sth. The default ldapkey.kdb that ships with Tivoli Directory Server is encrypted with the password ssl_password. The _g_s_k_8_c_a_p_i_c_m_d utility can be used to manage the key database and create a _s_t_a_s_h _f_i_l_e. This option is only supported by the Tivoli LDAP libraries. TTLLSS__RRAANNDDFFIILLEE _f_i_l_e _n_a_m_e The TTLLSS__RRAANNDDFFIILLEE parameter specifies the path to an entropy source for systems that lack a random device. It is generally used in conjunction with _p_r_n_g_d or _e_g_d. This option is only supported by the OpenLDAP libraries. TTLLSS__CCIIPPHHEERRSS _c_i_p_h_e_r _l_i_s_t The TTLLSS__CCIIPPHHEERRSS parameter allows the administer to restrict which encryption algorithms may be used for TLS (SSL) connections. See the OpenLDAP or Tivoli Directory Server manual for a list of valid ciphers. This option is not supported by Netscape-derived libraries. UUSSEE__SSAASSLL _o_n_/_t_r_u_e_/_y_e_s_/_o_f_f_/_f_a_l_s_e_/_n_o Enable UUSSEE__SSAASSLL for LDAP servers that support SASL authentication. SSAASSLL__AAUUTTHH__IIDD _i_d_e_n_t_i_t_y The SASL user name to use when connecting to the LDAP server. By default, ssuuddoo will use an anonymous connection. RROOOOTTUUSSEE__SSAASSLL _o_n_/_t_r_u_e_/_y_e_s_/_o_f_f_/_f_a_l_s_e_/_n_o Enable RROOOOTTUUSSEE__SSAASSLL to enable SASL authentication when connecting to an LDAP server from a privileged process, such as ssuuddoo. RROOOOTTSSAASSLL__AAUUTTHH__IIDD _i_d_e_n_t_i_t_y The SASL user name to use when RROOOOTTUUSSEE__SSAASSLL is enabled. SSAASSLL__SSEECCPPRROOPPSS _n_o_n_e_/_p_r_o_p_e_r_t_i_e_s SASL security properties or _n_o_n_e for no properties. See the SASL programmer's manual for details. KKRRBB55__CCCCNNAAMMEE _f_i_l_e _n_a_m_e The path to the Kerberos 5 credential cache to use when authenticating with the remote server. DDEERREEFF _n_e_v_e_r_/_s_e_a_r_c_h_i_n_g_/_f_i_n_d_i_n_g_/_a_l_w_a_y_s How alias dereferencing is to be performed when searching. See the ldap.conf(1m) manual for a full description of this option. See the _l_d_a_p_._c_o_n_f entry in the _E_X_A_M_P_L_E_S section. CCoonnffiigguurriinngg nnsssswwiittcchh..ccoonnff Unless it is disabled at build time, ssuuddoo consults the Name Service Switch file, _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f, to specify the _s_u_d_o_e_r_s search order. Sudo looks for a line beginning with sudoers: and uses this to determine the search order. Note that ssuuddoo does not stop searching after the first match and later matches take precedence over earlier ones. The following sources are recognized: files read sudoers from _/_e_t_c_/_s_u_d_o_e_r_s ldap read sudoers from LDAP In addition, the entry [NOTFOUND=return] will short-circuit the search if the user was not found in the preceding source. To consult LDAP first followed by the local sudoers file (if it exists), use: sudoers: ldap files The local _s_u_d_o_e_r_s file can be ignored completely by using: sudoers: ldap If the _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f file is not present or there is no sudoers line, the following default is assumed: sudoers: files Note that _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f is supported even when the underlying operating system does not use an nsswitch.conf file, except on AIX (see below). CCoonnffiigguurriinngg nneettssvvcc..ccoonnff On AIX systems, the _/_e_t_c_/_n_e_t_s_v_c_._c_o_n_f file is consulted instead of _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f. ssuuddoo simply treats _n_e_t_s_v_c_._c_o_n_f as a variant of _n_s_s_w_i_t_c_h_._c_o_n_f; information in the previous section unrelated to the file format itself still applies. To consult LDAP first followed by the local sudoers file (if it exists), use: sudoers = ldap, files The local _s_u_d_o_e_r_s file can be ignored completely by using: sudoers = ldap To treat LDAP as authoritative and only use the local sudoers file if the user is not present in LDAP, use: sudoers = ldap = auth, files Note that in the above example, the auth qualifier only affects user lookups; both LDAP and _s_u_d_o_e_r_s will be queried for Defaults entries. If the _/_e_t_c_/_n_e_t_s_v_c_._c_o_n_f file is not present or there is no sudoers line, the following default is assumed: sudoers = files FFIILLEESS _/_e_t_c_/_l_d_a_p_._c_o_n_f LDAP configuration file _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f determines sudoers source order _/_e_t_c_/_n_e_t_s_v_c_._c_o_n_f determines sudoers source order on AIX EEXXAAMMPPLLEESS EExxaammppllee llddaapp..ccoonnff # Either specify one or more URIs or one or more host:port pairs. # If neither is specified sudo will default to localhost, port 389. # #host ldapserver #host ldapserver1 ldapserver2:390 # # Default port if host is specified without one, defaults to 389. #port 389 # # URI will override the host and port settings. uri ldap://ldapserver #uri ldaps://secureldapserver #uri ldaps://secureldapserver ldap://ldapserver # # The amount of time, in seconds, to wait while trying to connect to # an LDAP server. bind_timelimit 30 # # The amount of time, in seconds, to wait while performing an LDAP query. timelimit 30 # # Must be set or sudo will ignore LDAP; may be specified multiple times. sudoers_base ou=SUDOers,dc=example,dc=com # # verbose sudoers matching from ldap #sudoers_debug 2 # # Enable support for time-based entries in sudoers. #sudoers_timed yes # # optional proxy credentials #binddn #bindpw #rootbinddn # # LDAP protocol version, defaults to 3 #ldap_version 3 # # Define if you want to use an encrypted LDAP connection. # Typically, you must also set the port to 636 (ldaps). #ssl on # # Define if you want to use port 389 and switch to # encryption before the bind credentials are sent. # Only supported by LDAP servers that support the start_tls # extension such as OpenLDAP. #ssl start_tls # # Additional TLS options follow that allow tweaking of the # SSL/TLS connection. # #tls_checkpeer yes # verify server SSL certificate #tls_checkpeer no # ignore server SSL certificate # # If you enable tls_checkpeer, specify either tls_cacertfile # or tls_cacertdir. Only supported when using OpenLDAP. # #tls_cacertfile /etc/certs/trusted_signers.pem #tls_cacertdir /etc/certs # # For systems that don't have /dev/random # use this along with PRNGD or EGD.pl to seed the # random number pool to generate cryptographic session keys. # Only supported when using OpenLDAP. # #tls_randfile /etc/egd-pool # # You may restrict which ciphers are used. Consult your SSL # documentation for which options go here. # Only supported when using OpenLDAP. # #tls_ciphers # # Sudo can provide a client certificate when communicating to # the LDAP server. # Tips: # * Enable both lines at the same time. # * Do not password protect the key file. # * Ensure the keyfile is only readable by root. # # For OpenLDAP: #tls_cert /etc/certs/client_cert.pem #tls_key /etc/certs/client_key.pem # # For SunONE or iPlanet LDAP, tls_cert and tls_key may specify either # a directory, in which case the files in the directory must have the # default names (e.g. cert8.db and key4.db), or the path to the cert # and key files themselves. However, a bug in version 5.0 of the LDAP # SDK will prevent specific file names from working. For this reason # it is suggested that tls_cert and tls_key be set to a directory, # not a file name. # # The certificate database specified by tls_cert may contain CA certs # and/or the client's cert. If the client's cert is included, tls_key # should be specified as well. # For backward compatibility, "sslpath" may be used in place of tls_cert. #tls_cert /var/ldap #tls_key /var/ldap # # If using SASL authentication for LDAP (OpenSSL) # use_sasl yes # sasl_auth_id # rootuse_sasl yes # rootsasl_auth_id # sasl_secprops none # krb5_ccname /etc/.ldapcache SSuuddoo sscchheemmaa ffoorr OOppeennLLDDAAPP The following schema, in OpenLDAP format, is included with ssuuddoo source and binary distributions as _s_c_h_e_m_a_._O_p_e_n_L_D_A_P. Simply copy it to the schema directory (e.g. _/_e_t_c_/_o_p_e_n_l_d_a_p_/_s_c_h_e_m_a), add the proper include line in _s_l_a_p_d_._c_o_n_f and restart ssllaappdd. attributetype ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'Start of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributetype ( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'End of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributeTypes ( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an integer to order the sudoRole entries' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudoNotAfter $ sudoOrder $ description ) ) SSEEEE AALLSSOO ldap.conf(4), sudo.conf(4), sudoers(1m) CCAAVVEEAATTSS Note that there are differences in the way that LDAP-based _s_u_d_o_e_r_s is parsed compared to file-based _s_u_d_o_e_r_s. See the _D_i_f_f_e_r_e_n_c_e_s _b_e_t_w_e_e_n _L_D_A_P _a_n_d _n_o_n_-_L_D_A_P _s_u_d_o_e_r_s section for more information. BBUUGGSS If you feel you have found a bug in ssuuddoo, please submit a bug report at http://www.sudo.ws/sudo/bugs/ SSUUPPPPOORRTT Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. DDIISSCCLLAAIIMMEERR ssuuddoo is provided ``AS IS'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. Sudo 1.8.9 August 30, 2013 Sudo 1.8.9 sudo-1.8.9p5/doc/sudoers.ldap.man.in010064400175440000012000001032111226304127600166170ustar00millertstaff.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! .\" IT IS GENERATED AUTOMATICALLY FROM sudoers.ldap.mdoc.in .\" .\" Copyright (c) 2003-2013 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .TH "SUDOERS.LDAP" "8" "August 30, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD System Manager's Manual" .nh .if n .ad l .SH "NAME" \fBsudoers.ldap\fR \- sudo LDAP configuration .SH "DESCRIPTION" In addition to the standard \fIsudoers\fR file, \fBsudo\fR may be configured via LDAP. This can be especially useful for synchronizing \fIsudoers\fR in a large, distributed environment. .PP Using LDAP for \fIsudoers\fR has several benefits: .TP 4n \fBo\fR \fBsudo\fR no longer needs to read \fIsudoers\fR in its entirety. When LDAP is used, there are only two or three LDAP queries per invocation. This makes it especially fast and particularly usable in LDAP environments. .TP 4n \fBo\fR \fBsudo\fR no longer exits if there is a typo in \fIsudoers\fR. It is not possible to load LDAP data into the server that does not conform to the sudoers schema, so proper syntax is guaranteed. It is still possible to have typos in a user or host name, but this will not prevent \fBsudo\fR from running. .TP 4n \fBo\fR It is possible to specify per-entry options that override the global default options. \fI@sysconfdir@/sudoers\fR only supports default options and limited options associated with user/host/commands/aliases. The syntax is complicated and can be difficult for users to understand. Placing the options directly in the entry is more natural. .TP 4n \fBo\fR The \fBvisudo\fR program is no longer needed. \fBvisudo\fR provides locking and syntax checking of the \fI@sysconfdir@/sudoers\fR file. Since LDAP updates are atomic, locking is no longer necessary. Because syntax is checked when the data is inserted into LDAP, there is no need for a specialized tool to check syntax. .PP Another major difference between LDAP and file-based \fIsudoers\fR is that in LDAP, \fBsudo\fR-specific Aliases are not supported. .PP For the most part, there is really no need for \fBsudo\fR-specific Aliases. Unix groups, non-Unix groups (via the \fIgroup_plugin\fR) or user netgroups can be used in place of User_Aliases and Runas_Aliases. Host netgroups can be used in place of Host_Aliases. Since groups and netgroups can also be stored in LDAP there is no real need for \fBsudo\fR-specific aliases. .PP Cmnd_Aliases are not really required either since it is possible to have multiple users listed in a \fRsudoRole\fR. Instead of defining a Cmnd_Alias that is referenced by multiple users, one can create a \fRsudoRole\fR that contains the commands and assign multiple users to it. .SS "SUDOers LDAP container" The \fIsudoers\fR configuration is contained in the \fRou=SUDOers\fR LDAP container. .PP Sudo first looks for the \fRcn=default\fR entry in the SUDOers container. If found, the multi-valued \fRsudoOption\fR attribute is parsed in the same manner as a global \fRDefaults\fR line in \fI@sysconfdir@/sudoers\fR. In the following example, the \fRSSH_AUTH_SOCK\fR variable will be preserved in the environment for all users. .nf .sp .RS 4n dn: cn=defaults,ou=SUDOers,dc=example,dc=com objectClass: top objectClass: sudoRole cn: defaults description: Default sudoOption's go here sudoOption: env_keep+=SSH_AUTH_SOCK .RE .fi .PP The equivalent of a sudoer in LDAP is a \fRsudoRole\fR. It consists of the following attributes: .TP 6n \fBsudoUser\fR A user name, user ID (prefixed with `#'), Unix group name or ID (prefixed with `%' or `%#' respectively), user netgroup (prefixed with `+'), or non-Unix group name or ID (prefixed with `%:' or `%:#' respectively). Non-Unix group support is only available when an appropriate \fIgroup_plugin\fR is defined in the global \fIdefaults\fR \fRsudoRole\fR object. .TP 6n \fBsudoHost\fR A host name, IP address, IP network, or host netgroup (prefixed with a `+'). The special value \fRALL\fR will match any host. .TP 6n \fBsudoCommand\fR A fully-qualified Unix command name with optional command line arguments, potentially including globbing characters (aka wild cards). If a command name is preceded by an exclamation point, `\&!', the user will be prohibited from running that command. .sp The built-in command ``\fRsudoedit\fR'' is used to permit a user to run \fBsudo\fR with the \fB\-e\fR option (or as \fBsudoedit\fR). It may take command line arguments just as a normal command does. Note that ``\fRsudoedit\fR'' is a command built into \fBsudo\fR itself and must be specified in without a leading path. .sp The special value \fRALL\fR will match any command. .sp If a command name is prefixed with a SHA-2 digest, it will only be allowed if the digest matches. This may be useful in situations where the user invoking \fBsudo\fR has write access to the command or its parent directory. The following digest formats are supported: sha224, sha256, sha384 and sha512. The digest name must be followed by a colon (`:\&') and then the actual digest, in either hex or base64 format. For example, given the following value for sudoCommand: .RS .nf .sp .RS 4n sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ /bin/ls .RE .fi .sp The user may only run \fI/bin/ls\fR if its sha224 digest matches the specified value. Command digests are only supported by version 1.8.7 or higher. .PP .RE .PD 0 .TP 6n \fBsudoOption\fR Identical in function to the global options described above, but specific to the \fRsudoRole\fR in which it resides. .PD .TP 6n \fBsudoRunAsUser\fR A user name or uid (prefixed with `#') that commands may be run as or a Unix group (prefixed with a `%') or user netgroup (prefixed with a `+') that contains a list of users that commands may be run as. The special value \fRALL\fR will match any user. .sp The \fRsudoRunAsUser\fR attribute is only available in \fBsudo\fR versions 1.7.0 and higher. Older versions of \fBsudo\fR use the \fRsudoRunAs\fR attribute instead. .TP 6n \fBsudoRunAsGroup\fR A Unix group or gid (prefixed with `#') that commands may be run as. The special value \fRALL\fR will match any group. .sp The \fRsudoRunAsGroup\fR attribute is only available in \fBsudo\fR versions 1.7.0 and higher. .TP 6n \fBsudoNotBefore\fR A timestamp in the form \fRyyyymmddHHMMSSZ\fR that can be used to provide a start date/time for when the \fRsudoRole\fR will be valid. If multiple \fRsudoNotBefore\fR entries are present, the earliest is used. Note that timestamps must be in Coordinated Universal Time (UTC), not the local timezone. The minute and seconds portions are optional, but some LDAP servers require that they be present (contrary to the RFC). .sp The \fRsudoNotBefore\fR attribute is only available in \fBsudo\fR versions 1.7.5 and higher and must be explicitly enabled via the \fBSUDOERS_TIMED\fR option in \fI@ldap_conf@\fR. .TP 6n \fBsudoNotAfter\fR A timestamp in the form \fRyyyymmddHHMMSSZ\fR that indicates an expiration date/time, after which the \fRsudoRole\fR will no longer be valid. If multiple \fRsudoNotBefore\fR entries are present, the last one is used. Note that timestamps must be in Coordinated Universal Time (UTC), not the local timezone. The minute and seconds portions are optional, but some LDAP servers require that they be present (contrary to the RFC). .sp The \fRsudoNotAfter\fR attribute is only available in \fBsudo\fR versions 1.7.5 and higher and must be explicitly enabled via the \fBSUDOERS_TIMED\fR option in \fI@ldap_conf@\fR. .TP 6n \fBsudoOrder\fR The \fRsudoRole\fR entries retrieved from the LDAP directory have no inherent order. The \fRsudoOrder\fR attribute is an integer (or floating point value for LDAP servers that support it) that is used to sort the matching entries. This allows LDAP-based sudoers entries to more closely mimic the behavior of the sudoers file, where the of the entries influences the result. If multiple entries match, the entry with the highest \fRsudoOrder\fR attribute is chosen. This corresponds to the ``last match'' behavior of the sudoers file. If the \fRsudoOrder\fR attribute is not present, a value of 0 is assumed. .sp The \fRsudoOrder\fR attribute is only available in \fBsudo\fR versions 1.7.5 and higher. .PP Each attribute listed above should contain a single value, but there may be multiple instances of each attribute type. A \fRsudoRole\fR must contain at least one \fRsudoUser\fR, \fRsudoHost\fR and \fRsudoCommand\fR. .PP The following example allows users in group wheel to run any command on any host via \fBsudo\fR: .nf .sp .RS 4n dn: cn=%wheel,ou=SUDOers,dc=example,dc=com objectClass: top objectClass: sudoRole cn: %wheel sudoUser: %wheel sudoHost: ALL sudoCommand: ALL .RE .fi .SS "Anatomy of LDAP sudoers lookup" When looking up a sudoer using LDAP there are only two or three LDAP queries per invocation. The first query is to parse the global options. The second is to match against the user's name and the groups that the user belongs to. (The special \fRALL\fR tag is matched in this query too.) If no match is returned for the user's name and groups, a third query returns all entries containing user netgroups and checks to see if the user belongs to any of them. .PP If timed entries are enabled with the \fBSUDOERS_TIMED\fR configuration directive, the LDAP queries include a sub-filter that limits retrieval to entries that satisfy the time constraints, if any. .SS "Differences between LDAP and non-LDAP sudoers" There are some subtle differences in the way sudoers is handled once in LDAP. Probably the biggest is that according to the RFC, LDAP ordering is arbitrary and you cannot expect that Attributes and Entries are returned in any specific order. .PP The order in which different entries are applied can be controlled using the \fRsudoOrder\fR attribute, but there is no way to guarantee the order of attributes within a specific entry. If there are conflicting command rules in an entry, the negative takes precedence. This is called paranoid behavior (not necessarily the most specific match). .PP Here is an example: .nf .sp .RS 4n # /etc/sudoers: # Allow all commands except shell johnny ALL=(root) ALL,!/bin/sh # Always allows all commands because ALL is matched last puddles ALL=(root) !/bin/sh,ALL # LDAP equivalent of johnny # Allows all commands except shell dn: cn=role1,ou=Sudoers,dc=my-domain,dc=com objectClass: sudoRole objectClass: top cn: role1 sudoUser: johnny sudoHost: ALL sudoCommand: ALL sudoCommand: !/bin/sh # LDAP equivalent of puddles # Notice that even though ALL comes last, it still behaves like # role1 since the LDAP code assumes the more paranoid configuration dn: cn=role2,ou=Sudoers,dc=my-domain,dc=com objectClass: sudoRole objectClass: top cn: role2 sudoUser: puddles sudoHost: ALL sudoCommand: !/bin/sh sudoCommand: ALL .RE .fi .PP Another difference is that negations on the Host, User or Runas are currently ignored. For example, the following attributes do not behave the way one might expect. .nf .sp .RS 4n # does not match all but joe # rather, does not match anyone sudoUser: !joe # does not match all but joe # rather, matches everyone including Joe sudoUser: ALL sudoUser: !joe # does not match all but web01 # rather, matches all hosts including web01 sudoHost: ALL sudoHost: !web01 .RE .fi .SS "Sudoers schema" In order to use \fBsudo\fR's LDAP support, the \fBsudo\fR schema must be installed on your LDAP server. In addition, be sure to index the \fRsudoUser\fR attribute. .PP Three versions of the schema: one for OpenLDAP servers (\fIschema.OpenLDAP\fR), one for Netscape-derived servers (\fIschema.iPlanet\fR), and one for Microsoft Active Directory (\fIschema.ActiveDirectory\fR) may be found in the \fBsudo\fR distribution. .PP The schema for \fBsudo\fR in OpenLDAP form is also included in the \fIEXAMPLES\fR section. .SS "Configuring ldap.conf" Sudo reads the \fI@ldap_conf@\fR file for LDAP-specific configuration. Typically, this file is shared between different LDAP-aware clients. As such, most of the settings are not \fBsudo\fR-specific. Note that \fBsudo\fR parses \fI@ldap_conf@\fR itself and may support options that differ from those described in the system's ldap.conf(@mansectsu@) manual. The path to \fIldap.conf\fR may be overridden via the \fIldap_conf\fR plugin argument in sudo.conf(@mansectform@). .PP Also note that on systems using the OpenLDAP libraries, default values specified in \fI/etc/openldap/ldap.conf\fR or the user's \fI.ldaprc\fR files are not used. .PP Only those options explicitly listed in \fI@ldap_conf@\fR as being supported by \fBsudo\fR are honored. Configuration options are listed below in upper case but are parsed in a case-independent manner. .PP The pound sign (`#') is used to indicate a comment. Both the comment character and any text after it, up to the end of the line, are ignored. Long lines can be continued with a backslash (`\e') as the last character on the line. Note that leading white space is removed from the beginning of lines even when the continuation character is used. .TP 6n \fBURI\fR \fIldap[s]://[hostname[:port]] ...\fR Specifies a white space-delimited list of one or more URIs describing the LDAP server(s) to connect to. The \fIprotocol\fR may be either \fIldap\fR \fIldaps\fR, the latter being for servers that support TLS (SSL) encryption. If no \fIport\fR is specified, the default is port 389 for \fRldap://\fR or port 636 for \fRldaps://\fR. If no \fIhostname\fR is specified, \fBsudo\fR will connect to \fIlocalhost\fR. Multiple \fBURI\fR lines are treated identically to a \fBURI\fR line containing multiple entries. Only systems using the OpenSSL libraries support the mixing of \fRldap://\fR and \fRldaps://\fR URIs. Both the Netscape-derived and Tivoli LDAP libraries used on most commercial versions of Unix are only capable of supporting one or the other. .TP 6n \fBHOST\fR \fIname[:port] ...\fR If no \fBURI\fR is specified, the \fBHOST\fR parameter specifies a white space-delimited list of LDAP servers to connect to. Each host may include an optional \fIport\fR separated by a colon (`:\&'). The \fBHOST\fR parameter is deprecated in favor of the \fBURI\fR specification and is included for backwards compatibility. .TP 6n \fBPORT\fR \fIport_number\fR If no \fBURI\fR is specified, the \fBPORT\fR parameter specifies the default port to connect to on the LDAP server if a \fBHOST\fR parameter does not specify the port itself. If no \fBPORT\fR parameter is used, the default is port 389 for LDAP and port 636 for LDAP over TLS (SSL). The \fBPORT\fR parameter is deprecated in favor of the \fBURI\fR specification and is included for backwards compatibility. .TP 6n \fBBIND_TIMELIMIT\fR \fIseconds\fR The \fBBIND_TIMELIMIT\fR parameter specifies the amount of time, in seconds, to wait while trying to connect to an LDAP server. If multiple \fBURI\fRs or \fBHOST\fRs are specified, this is the amount of time to wait before trying the next one in the list. .TP 6n \fBNETWORK_TIMEOUT\fR \fIseconds\fR An alias for \fBBIND_TIMELIMIT\fR for OpenLDAP compatibility. .TP 6n \fBTIMELIMIT\fR \fIseconds\fR The \fBTIMELIMIT\fR parameter specifies the amount of time, in seconds, to wait for a response to an LDAP query. .TP 6n \fBTIMEOUT\fR \fIseconds\fR The \fBTIMEOUT\fR parameter specifies the amount of time, in seconds, to wait for a response from the various LDAP APIs. .TP 6n \fBSUDOERS_BASE\fR \fIbase\fR The base DN to use when performing \fBsudo\fR LDAP queries. Typically this is of the form \fRou=SUDOers,dc=example,dc=com\fR for the domain \fRexample.com\fR. Multiple \fBSUDOERS_BASE\fR lines may be specified, in which case they are queried in the order specified. .TP 6n \fBSUDOERS_SEARCH_FILTER\fR \fIldap_filter\fR An LDAP filter which is used to restrict the set of records returned when performing a \fBsudo\fR LDAP query. Typically, this is of the form \fRattribute=value\fR or \fR(&(attribute=value)(attribute2=value2))\fR. .TP 6n \fBSUDOERS_TIMED\fR \fIon/true/yes/off/false/no\fR Whether or not to evaluate the \fRsudoNotBefore\fR and \fRsudoNotAfter\fR attributes that implement time-dependent sudoers entries. .TP 6n \fBSUDOERS_DEBUG\fR \fIdebug_level\fR This sets the debug level for \fBsudo\fR LDAP queries. Debugging information is printed to the standard error. A value of 1 results in a moderate amount of debugging information. A value of 2 shows the results of the matches themselves. This parameter should not be set in a production environment as the extra information is likely to confuse users. .sp The \fBSUDOERS_DEBUG\fR parameter is deprecated and will be removed in a future release. The same information is now logged via the \fBsudo\fR debugging framework using the ``ldap'' subsystem at priorities \fIdiag\fR and \fIinfo\fR for \fIdebug_level\fR values 1 and 2 respectively. See the sudo.conf(@mansectform@) manual for details on how to configure \fBsudo\fR debugging. .TP 6n \fBBINDDN\fR \fIDN\fR The \fBBINDDN\fR parameter specifies the identity, in the form of a Distinguished Name (DN), to use when performing LDAP operations. If not specified, LDAP operations are performed with an anonymous identity. By default, most LDAP servers will allow anonymous access. .TP 6n \fBBINDPW\fR \fIsecret\fR The \fBBINDPW\fR parameter specifies the password to use when performing LDAP operations. This is typically used in conjunction with the \fBBINDDN\fR parameter. .TP 6n \fBROOTBINDDN\fR \fIDN\fR The \fBROOTBINDDN\fR parameter specifies the identity, in the form of a Distinguished Name (DN), to use when performing privileged LDAP operations, such as \fIsudoers\fR queries. The password corresponding to the identity should be stored in the or the path specified by the \fIldap_secret\fR plugin argument in sudo.conf(@mansectform@), which defaults to \fI@ldap_secret@\fR. If no \fBROOTBINDDN\fR is specified, the \fBBINDDN\fR identity is used (if any). .TP 6n \fBLDAP_VERSION\fR \fInumber\fR The version of the LDAP protocol to use when connecting to the server. The default value is protocol version 3. .TP 6n \fBSSL\fR \fIon/true/yes/off/false/no\fR If the \fBSSL\fR parameter is set to \fRon\fR, \fRtrue\fR \fRor\fR \fRyes\fR, TLS (SSL) encryption is always used when communicating with the LDAP server. Typically, this involves connecting to the server on port 636 (ldaps). .TP 6n \fBSSL\fR \fIstart_tls\fR If the \fBSSL\fR parameter is set to \fRstart_tls\fR, the LDAP server connection is initiated normally and TLS encryption is begun before the bind credentials are sent. This has the advantage of not requiring a dedicated port for encrypted communications. This parameter is only supported by LDAP servers that honor the \fIstart_tls\fR extension, such as the OpenLDAP and Tivoli Directory servers. .TP 6n \fBTLS_CHECKPEER\fR \fIon/true/yes/off/false/no\fR If enabled, \fBTLS_CHECKPEER\fR will cause the LDAP server's TLS certificated to be verified. If the server's TLS certificate cannot be verified (usually because it is signed by an unknown certificate authority), \fBsudo\fR will be unable to connect to it. If \fBTLS_CHECKPEER\fR is disabled, no check is made. Note that disabling the check creates an opportunity for man-in-the-middle attacks since the server's identity will not be authenticated. If possible, the CA's certificate should be installed locally so it can be verified. This option is not supported by the Tivoli Directory Server LDAP libraries. .TP 6n \fBTLS_CACERT\fR \fIfile name\fR An alias for \fBTLS_CACERTFILE\fR for OpenLDAP compatibility. .TP 6n \fBTLS_CACERTFILE\fR \fIfile name\fR The path to a certificate authority bundle which contains the certificates for all the Certificate Authorities the client knows to be valid, e.g.\& \fI/etc/ssl/ca-bundle.pem\fR. This option is only supported by the OpenLDAP libraries. Netscape-derived LDAP libraries use the same certificate database for CA and client certificates (see \fBTLS_CERT\fR). .TP 6n \fBTLS_CACERTDIR\fR \fIdirectory\fR Similar to \fBTLS_CACERTFILE\fR but instead of a file, it is a directory containing individual Certificate Authority certificates, e.g.\& \fI/etc/ssl/certs\fR. The directory specified by \fBTLS_CACERTDIR\fR is checked after \fBTLS_CACERTFILE\fR. This option is only supported by the OpenLDAP libraries. .TP 6n \fBTLS_CERT\fR \fIfile name\fR The path to a file containing the client certificate which can be used to authenticate the client to the LDAP server. The certificate type depends on the LDAP libraries used. .RS .TP 6n OpenLDAP: \fRtls_cert /etc/ssl/client_cert.pem\fR .TP 6n Netscape-derived: \fRtls_cert /var/ldap/cert7.db\fR .TP 6n Tivoli Directory Server: Unused, the key database specified by \fBTLS_KEY\fR contains both keys and certificates. .sp When using Netscape-derived libraries, this file may also contain Certificate Authority certificates. .PP .RE .PD 0 .TP 6n \fBTLS_KEY\fR \fIfile name\fR The path to a file containing the private key which matches the certificate specified by \fBTLS_CERT\fR. The private key must not be password-protected. The key type depends on the LDAP libraries used. .RS .PD .TP 6n OpenLDAP: \fRtls_key /etc/ssl/client_key.pem\fR .TP 6n Netscape-derived: \fRtls_key /var/ldap/key3.db\fR .TP 6n Tivoli Directory Server: \fRtls_key /usr/ldap/ldapkey.kdb\fR .PD 0 .PP .PD When using Tivoli LDAP libraries, this file may also contain Certificate Authority and client certificates and may be encrypted. .PP .RE .PD 0 .TP 6n \fBTLS_KEYPW\fR \fIsecret\fR The \fBTLS_KEYPW\fR contains the password used to decrypt the key database on clients using the Tivoli Directory Server LDAP library. This should be a simple string without quotes. The password may not include the comment character (`#') and escaping of special characters with a backslash (`\e') is not supported. If this option is used, \fI@ldap_conf@\fR must not be world-readable to avoid exposing the password. Alternately, a \fIstash file\fR can be used to store the password in encrypted form (see below). .sp If no \fBTLS_KEYPW\fR is specified, a \fIstash file\fR will be used if it exists. The \fIstash file\fR must have the same path as the file specified by \fBTLS_KEY\fR, but use a \fR.sth\fR file extension instead of \fR.kdb\fR, e.g.\& \fRldapkey.sth\fR. The default \fRldapkey.kdb\fR that ships with Tivoli Directory Server is encrypted with the password \fRssl_password\fR. The \fIgsk8capicmd\fR utility can be used to manage the key database and create a \fIstash file\fR. This option is only supported by the Tivoli LDAP libraries. .PD .TP 6n \fBTLS_RANDFILE\fR \fIfile name\fR The \fBTLS_RANDFILE\fR parameter specifies the path to an entropy source for systems that lack a random device. It is generally used in conjunction with \fIprngd\fR or \fIegd\fR. This option is only supported by the OpenLDAP libraries. .TP 6n \fBTLS_CIPHERS\fR \fIcipher list\fR The \fBTLS_CIPHERS\fR parameter allows the administer to restrict which encryption algorithms may be used for TLS (SSL) connections. See the OpenLDAP or Tivoli Directory Server manual for a list of valid ciphers. This option is not supported by Netscape-derived libraries. .TP 6n \fBUSE_SASL\fR \fIon/true/yes/off/false/no\fR Enable \fBUSE_SASL\fR for LDAP servers that support SASL authentication. .TP 6n \fBSASL_AUTH_ID\fR \fIidentity\fR The SASL user name to use when connecting to the LDAP server. By default, \fBsudo\fR will use an anonymous connection. .TP 6n \fBROOTUSE_SASL\fR \fIon/true/yes/off/false/no\fR Enable \fBROOTUSE_SASL\fR to enable SASL authentication when connecting to an LDAP server from a privileged process, such as \fBsudo\fR. .TP 6n \fBROOTSASL_AUTH_ID\fR \fIidentity\fR The SASL user name to use when \fBROOTUSE_SASL\fR is enabled. .TP 6n \fBSASL_SECPROPS\fR \fInone/properties\fR SASL security properties or \fInone\fR for no properties. See the SASL programmer's manual for details. .TP 6n \fBKRB5_CCNAME\fR \fIfile name\fR The path to the Kerberos 5 credential cache to use when authenticating with the remote server. .TP 6n \fBDEREF\fR \fInever/searching/finding/always\fR How alias dereferencing is to be performed when searching. See the ldap.conf(@mansectsu@) manual for a full description of this option. .PP See the \fIldap.conf\fR entry in the \fIEXAMPLES\fR section. .SS "Configuring nsswitch.conf" Unless it is disabled at build time, \fBsudo\fR consults the Name Service Switch file, \fI@nsswitch_conf@\fR, to specify the \fIsudoers\fR search order. Sudo looks for a line beginning with \fRsudoers\fR: and uses this to determine the search order. Note that \fBsudo\fR does not stop searching after the first match and later matches take precedence over earlier ones. The following sources are recognized: .TP 10n files read sudoers from \fI@sysconfdir@/sudoers\fR .PD 0 .TP 10n ldap read sudoers from LDAP .PD .PP In addition, the entry \fR[NOTFOUND=return]\fR will short-circuit the search if the user was not found in the preceding source. .PP To consult LDAP first followed by the local sudoers file (if it exists), use: .nf .sp .RS 4n sudoers: ldap files .RE .fi .PP The local \fIsudoers\fR file can be ignored completely by using: .nf .sp .RS 4n sudoers: ldap .RE .fi .PP If the \fI@nsswitch_conf@\fR file is not present or there is no sudoers line, the following default is assumed: .nf .sp .RS 4n sudoers: files .RE .fi .PP Note that \fI@nsswitch_conf@\fR is supported even when the underlying operating system does not use an nsswitch.conf file, except on AIX (see below). .SS "Configuring netsvc.conf" On AIX systems, the \fI@netsvc_conf@\fR file is consulted instead of \fI@nsswitch_conf@\fR. \fBsudo\fR simply treats \fInetsvc.conf\fR as a variant of \fInsswitch.conf\fR; information in the previous section unrelated to the file format itself still applies. .PP To consult LDAP first followed by the local sudoers file (if it exists), use: .nf .sp .RS 4n sudoers = ldap, files .RE .fi .PP The local \fIsudoers\fR file can be ignored completely by using: .nf .sp .RS 4n sudoers = ldap .RE .fi .PP To treat LDAP as authoritative and only use the local sudoers file if the user is not present in LDAP, use: .nf .sp .RS 4n sudoers = ldap = auth, files .RE .fi .PP Note that in the above example, the \fRauth\fR qualifier only affects user lookups; both LDAP and \fIsudoers\fR will be queried for \fRDefaults\fR entries. .PP If the \fI@netsvc_conf@\fR file is not present or there is no sudoers line, the following default is assumed: .nf .sp .RS 4n sudoers = files .RE .fi .SH "FILES" .TP 26n \fI@ldap_conf@\fR LDAP configuration file .TP 26n \fI@nsswitch_conf@\fR determines sudoers source order .TP 26n \fI@netsvc_conf@\fR determines sudoers source order on AIX .SH "EXAMPLES" .SS "Example ldap.conf" .nf .RS 2n # Either specify one or more URIs or one or more host:port pairs. # If neither is specified sudo will default to localhost, port 389. # #host ldapserver #host ldapserver1 ldapserver2:390 # # Default port if host is specified without one, defaults to 389. #port 389 # # URI will override the host and port settings. uri ldap://ldapserver #uri ldaps://secureldapserver #uri ldaps://secureldapserver ldap://ldapserver # # The amount of time, in seconds, to wait while trying to connect to # an LDAP server. bind_timelimit 30 # # The amount of time, in seconds, to wait while performing an LDAP query. timelimit 30 # # Must be set or sudo will ignore LDAP; may be specified multiple times. sudoers_base ou=SUDOers,dc=example,dc=com # # verbose sudoers matching from ldap #sudoers_debug 2 # # Enable support for time-based entries in sudoers. #sudoers_timed yes # # optional proxy credentials #binddn #bindpw #rootbinddn # # LDAP protocol version, defaults to 3 #ldap_version 3 # # Define if you want to use an encrypted LDAP connection. # Typically, you must also set the port to 636 (ldaps). #ssl on # # Define if you want to use port 389 and switch to # encryption before the bind credentials are sent. # Only supported by LDAP servers that support the start_tls # extension such as OpenLDAP. #ssl start_tls # # Additional TLS options follow that allow tweaking of the # SSL/TLS connection. # #tls_checkpeer yes # verify server SSL certificate #tls_checkpeer no # ignore server SSL certificate # # If you enable tls_checkpeer, specify either tls_cacertfile # or tls_cacertdir. Only supported when using OpenLDAP. # #tls_cacertfile /etc/certs/trusted_signers.pem #tls_cacertdir /etc/certs # # For systems that don't have /dev/random # use this along with PRNGD or EGD.pl to seed the # random number pool to generate cryptographic session keys. # Only supported when using OpenLDAP. # #tls_randfile /etc/egd-pool # # You may restrict which ciphers are used. Consult your SSL # documentation for which options go here. # Only supported when using OpenLDAP. # #tls_ciphers # # Sudo can provide a client certificate when communicating to # the LDAP server. # Tips: # * Enable both lines at the same time. # * Do not password protect the key file. # * Ensure the keyfile is only readable by root. # # For OpenLDAP: #tls_cert /etc/certs/client_cert.pem #tls_key /etc/certs/client_key.pem # # For SunONE or iPlanet LDAP, tls_cert and tls_key may specify either # a directory, in which case the files in the directory must have the # default names (e.g. cert8.db and key4.db), or the path to the cert # and key files themselves. However, a bug in version 5.0 of the LDAP # SDK will prevent specific file names from working. For this reason # it is suggested that tls_cert and tls_key be set to a directory, # not a file name. # # The certificate database specified by tls_cert may contain CA certs # and/or the client's cert. If the client's cert is included, tls_key # should be specified as well. # For backward compatibility, "sslpath" may be used in place of tls_cert. #tls_cert /var/ldap #tls_key /var/ldap # # If using SASL authentication for LDAP (OpenSSL) # use_sasl yes # sasl_auth_id # rootuse_sasl yes # rootsasl_auth_id # sasl_secprops none # krb5_ccname /etc/.ldapcache .RE .fi .SS "Sudo schema for OpenLDAP" The following schema, in OpenLDAP format, is included with \fBsudo\fR source and binary distributions as \fIschema.OpenLDAP\fR. Simply copy it to the schema directory (e.g.\& \fI/etc/openldap/schema\fR), add the proper \fRinclude\fR line in \fIslapd.conf\fR and restart \fBslapd\fR. .nf .sp .RS 2n attributetype ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'Start of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributetype ( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'End of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributeTypes ( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an integer to order the sudoRole entries' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudoNotAfter $ sudoOrder $ description ) ) .RE .fi .SH "SEE ALSO" ldap.conf(@mansectform@), sudo.conf(@mansectform@), sudoers(@mansectsu@) .SH "CAVEATS" Note that there are differences in the way that LDAP-based \fIsudoers\fR is parsed compared to file-based \fIsudoers\fR. See the \fIDifferences between LDAP and non-LDAP sudoers\fR section for more information. .SH "BUGS" If you feel you have found a bug in \fBsudo\fR, please submit a bug report at http://www.sudo.ws/sudo/bugs/ .SH "SUPPORT" Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. .SH "DISCLAIMER" \fBsudo\fR is provided ``AS IS'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html for complete details. sudo-1.8.9p5/doc/sudoers.ldap.mdoc.in010064400175440000012000001016221226304126200167650ustar00millertstaff.\" .\" Copyright (c) 2003-2013 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd August 30, 2013 .Dt SUDOERS.LDAP @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME .Nm sudoers.ldap .Nd sudo LDAP configuration .Sh DESCRIPTION In addition to the standard .Em sudoers file, .Nm sudo may be configured via LDAP. This can be especially useful for synchronizing .Em sudoers in a large, distributed environment. .Pp Using LDAP for .Em sudoers has several benefits: .Bl -bullet .It .Nm sudo no longer needs to read .Em sudoers in its entirety. When LDAP is used, there are only two or three LDAP queries per invocation. This makes it especially fast and particularly usable in LDAP environments. .It .Nm sudo no longer exits if there is a typo in .Em sudoers . It is not possible to load LDAP data into the server that does not conform to the sudoers schema, so proper syntax is guaranteed. It is still possible to have typos in a user or host name, but this will not prevent .Nm sudo from running. .It It is possible to specify per-entry options that override the global default options. .Pa @sysconfdir@/sudoers only supports default options and limited options associated with user/host/commands/aliases. The syntax is complicated and can be difficult for users to understand. Placing the options directly in the entry is more natural. .It The .Nm visudo program is no longer needed. .Nm visudo provides locking and syntax checking of the .Pa @sysconfdir@/sudoers file. Since LDAP updates are atomic, locking is no longer necessary. Because syntax is checked when the data is inserted into LDAP, there is no need for a specialized tool to check syntax. .El .Pp Another major difference between LDAP and file-based .Em sudoers is that in LDAP, .Nm sudo Ns No -specific Aliases are not supported. .Pp For the most part, there is really no need for .Nm sudo Ns No -specific Aliases. Unix groups, non-Unix groups (via the .Em group_plugin ) or user netgroups can be used in place of User_Aliases and Runas_Aliases. Host netgroups can be used in place of Host_Aliases. Since groups and netgroups can also be stored in LDAP there is no real need for .Nm sudo Ns No -specific aliases. .Pp Cmnd_Aliases are not really required either since it is possible to have multiple users listed in a .Li sudoRole . Instead of defining a Cmnd_Alias that is referenced by multiple users, one can create a .Li sudoRole that contains the commands and assign multiple users to it. .Ss SUDOers LDAP container The .Em sudoers configuration is contained in the .Li ou=SUDOers LDAP container. .Pp Sudo first looks for the .Li cn=default entry in the SUDOers container. If found, the multi-valued .Li sudoOption attribute is parsed in the same manner as a global .Li Defaults line in .Pa @sysconfdir@/sudoers . In the following example, the .Ev SSH_AUTH_SOCK variable will be preserved in the environment for all users. .Bd -literal -offset 4n dn: cn=defaults,ou=SUDOers,dc=example,dc=com objectClass: top objectClass: sudoRole cn: defaults description: Default sudoOption's go here sudoOption: env_keep+=SSH_AUTH_SOCK .Ed .Pp The equivalent of a sudoer in LDAP is a .Li sudoRole . It consists of the following attributes: .Bl -tag -width 4n .It Sy sudoUser A user name, user ID (prefixed with .Ql # ) , Unix group name or ID (prefixed with .Ql % or .Ql %# respectively), user netgroup (prefixed with .Ql + ) , or non-Unix group name or ID (prefixed with .Ql %: or .Ql %:# respectively). Non-Unix group support is only available when an appropriate .Em group_plugin is defined in the global .Em defaults .Li sudoRole object. .It Sy sudoHost A host name, IP address, IP network, or host netgroup (prefixed with a .Ql + ) . The special value .Li ALL will match any host. .It Sy sudoCommand A fully-qualified Unix command name with optional command line arguments, potentially including globbing characters (aka wild cards). If a command name is preceded by an exclamation point, .Ql \&! , the user will be prohibited from running that command. .Pp The built-in command .Dq Li sudoedit is used to permit a user to run .Nm sudo with the .Fl e option (or as .Nm sudoedit ) . It may take command line arguments just as a normal command does. Note that .Dq Li sudoedit is a command built into .Nm sudo itself and must be specified in without a leading path. .Pp The special value .Li ALL will match any command. .Pp If a command name is prefixed with a SHA-2 digest, it will only be allowed if the digest matches. This may be useful in situations where the user invoking .Nm sudo has write access to the command or its parent directory. The following digest formats are supported: sha224, sha256, sha384 and sha512. The digest name must be followed by a colon .Pq Ql :\& and then the actual digest, in either hex or base64 format. For example, given the following value for sudoCommand: .Bd -literal -offset 4n sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ /bin/ls .Ed .Pp The user may only run .Pa /bin/ls if its sha224 digest matches the specified value. Command digests are only supported by version 1.8.7 or higher. .It Sy sudoOption Identical in function to the global options described above, but specific to the .Li sudoRole in which it resides. .It Sy sudoRunAsUser A user name or uid (prefixed with .Ql # ) that commands may be run as or a Unix group (prefixed with a .Ql % ) or user netgroup (prefixed with a .Ql + ) that contains a list of users that commands may be run as. The special value .Li ALL will match any user. .Pp The .Li sudoRunAsUser attribute is only available in .Nm sudo versions 1.7.0 and higher. Older versions of .Nm sudo use the .Li sudoRunAs attribute instead. .It Sy sudoRunAsGroup A Unix group or gid (prefixed with .Ql # ) that commands may be run as. The special value .Li ALL will match any group. .Pp The .Li sudoRunAsGroup attribute is only available in .Nm sudo versions 1.7.0 and higher. .It Sy sudoNotBefore A timestamp in the form .Li yyyymmddHHMMSSZ that can be used to provide a start date/time for when the .Li sudoRole will be valid. If multiple .Li sudoNotBefore entries are present, the earliest is used. Note that timestamps must be in Coordinated Universal Time (UTC), not the local timezone. The minute and seconds portions are optional, but some LDAP servers require that they be present (contrary to the RFC). .Pp The .Li sudoNotBefore attribute is only available in .Nm sudo versions 1.7.5 and higher and must be explicitly enabled via the .Sy SUDOERS_TIMED option in .Pa @ldap_conf@ . .It Sy sudoNotAfter A timestamp in the form .Li yyyymmddHHMMSSZ that indicates an expiration date/time, after which the .Li sudoRole will no longer be valid. If multiple .Li sudoNotBefore entries are present, the last one is used. Note that timestamps must be in Coordinated Universal Time (UTC), not the local timezone. The minute and seconds portions are optional, but some LDAP servers require that they be present (contrary to the RFC). .Pp The .Li sudoNotAfter attribute is only available in .Nm sudo versions 1.7.5 and higher and must be explicitly enabled via the .Sy SUDOERS_TIMED option in .Pa @ldap_conf@ . .It Sy sudoOrder The .Li sudoRole entries retrieved from the LDAP directory have no inherent order. The .Li sudoOrder attribute is an integer (or floating point value for LDAP servers that support it) that is used to sort the matching entries. This allows LDAP-based sudoers entries to more closely mimic the behavior of the sudoers file, where the of the entries influences the result. If multiple entries match, the entry with the highest .Li sudoOrder attribute is chosen. This corresponds to the .Dq last match behavior of the sudoers file. If the .Li sudoOrder attribute is not present, a value of 0 is assumed. .Pp The .Li sudoOrder attribute is only available in .Nm sudo versions 1.7.5 and higher. .El .Pp Each attribute listed above should contain a single value, but there may be multiple instances of each attribute type. A .Li sudoRole must contain at least one .Li sudoUser , .Li sudoHost and .Li sudoCommand . .Pp The following example allows users in group wheel to run any command on any host via .Nm sudo : .Bd -literal -offset 4n dn: cn=%wheel,ou=SUDOers,dc=example,dc=com objectClass: top objectClass: sudoRole cn: %wheel sudoUser: %wheel sudoHost: ALL sudoCommand: ALL .Ed .Ss Anatomy of LDAP sudoers lookup When looking up a sudoer using LDAP there are only two or three LDAP queries per invocation. The first query is to parse the global options. The second is to match against the user's name and the groups that the user belongs to. (The special .Li ALL tag is matched in this query too.) If no match is returned for the user's name and groups, a third query returns all entries containing user netgroups and checks to see if the user belongs to any of them. .Pp If timed entries are enabled with the .Sy SUDOERS_TIMED configuration directive, the LDAP queries include a sub-filter that limits retrieval to entries that satisfy the time constraints, if any. .Ss Differences between LDAP and non-LDAP sudoers There are some subtle differences in the way sudoers is handled once in LDAP. Probably the biggest is that according to the RFC, LDAP ordering is arbitrary and you cannot expect that Attributes and Entries are returned in any specific order. .Pp The order in which different entries are applied can be controlled using the .Li sudoOrder attribute, but there is no way to guarantee the order of attributes within a specific entry. If there are conflicting command rules in an entry, the negative takes precedence. This is called paranoid behavior (not necessarily the most specific match). .Pp Here is an example: .Bd -literal -offset 4n # /etc/sudoers: # Allow all commands except shell johnny ALL=(root) ALL,!/bin/sh # Always allows all commands because ALL is matched last puddles ALL=(root) !/bin/sh,ALL # LDAP equivalent of johnny # Allows all commands except shell dn: cn=role1,ou=Sudoers,dc=my-domain,dc=com objectClass: sudoRole objectClass: top cn: role1 sudoUser: johnny sudoHost: ALL sudoCommand: ALL sudoCommand: !/bin/sh # LDAP equivalent of puddles # Notice that even though ALL comes last, it still behaves like # role1 since the LDAP code assumes the more paranoid configuration dn: cn=role2,ou=Sudoers,dc=my-domain,dc=com objectClass: sudoRole objectClass: top cn: role2 sudoUser: puddles sudoHost: ALL sudoCommand: !/bin/sh sudoCommand: ALL .Ed .Pp Another difference is that negations on the Host, User or Runas are currently ignored. For example, the following attributes do not behave the way one might expect. .Bd -literal -offset 4n # does not match all but joe # rather, does not match anyone sudoUser: !joe # does not match all but joe # rather, matches everyone including Joe sudoUser: ALL sudoUser: !joe # does not match all but web01 # rather, matches all hosts including web01 sudoHost: ALL sudoHost: !web01 .Ed .Ss Sudoers schema In order to use .Nm sudo Ns No 's LDAP support, the .Nm sudo schema must be installed on your LDAP server. In addition, be sure to index the .Li sudoUser attribute. .Pp Three versions of the schema: one for OpenLDAP servers .Pq Pa schema.OpenLDAP , one for Netscape-derived servers .Pq Pa schema.iPlanet , and one for Microsoft Active Directory .Pq Pa schema.ActiveDirectory may be found in the .Nm sudo distribution. .Pp The schema for .Nm sudo in OpenLDAP form is also included in the .Sx EXAMPLES section. .Ss Configuring ldap.conf Sudo reads the .Pa @ldap_conf@ file for LDAP-specific configuration. Typically, this file is shared between different LDAP-aware clients. As such, most of the settings are not .Nm sudo Ns No -specific. Note that .Nm sudo parses .Pa @ldap_conf@ itself and may support options that differ from those described in the system's .Xr ldap.conf @mansectsu@ manual. The path to .Pa ldap.conf may be overridden via the .Em ldap_conf plugin argument in .Xr sudo.conf @mansectform@ . .Pp Also note that on systems using the OpenLDAP libraries, default values specified in .Pa /etc/openldap/ldap.conf or the user's .Pa .ldaprc files are not used. .Pp Only those options explicitly listed in .Pa @ldap_conf@ as being supported by .Nm sudo are honored. Configuration options are listed below in upper case but are parsed in a case-independent manner. .Pp The pound sign .Pq Ql # is used to indicate a comment. Both the comment character and any text after it, up to the end of the line, are ignored. Long lines can be continued with a backslash .Pq Ql \e as the last character on the line. Note that leading white space is removed from the beginning of lines even when the continuation character is used. .Bl -tag -width 4n .It Sy URI Ar ldap[s]://[hostname[:port]] ... Specifies a white space-delimited list of one or more URIs describing the LDAP server(s) to connect to. The .Em protocol may be either .Em ldap .Em ldaps , the latter being for servers that support TLS (SSL) encryption. If no .Em port is specified, the default is port 389 for .Li ldap:// or port 636 for .Li ldaps:// . If no .Em hostname is specified, .Nm sudo will connect to .Em localhost . Multiple .Sy URI lines are treated identically to a .Sy URI line containing multiple entries. Only systems using the OpenSSL libraries support the mixing of .Li ldap:// and .Li ldaps:// URIs. Both the Netscape-derived and Tivoli LDAP libraries used on most commercial versions of Unix are only capable of supporting one or the other. .It Sy HOST Ar name[:port] ... If no .Sy URI is specified, the .Sy HOST parameter specifies a white space-delimited list of LDAP servers to connect to. Each host may include an optional .Em port separated by a colon .Pq Ql :\& . The .Sy HOST parameter is deprecated in favor of the .Sy URI specification and is included for backwards compatibility. .It Sy PORT Ar port_number If no .Sy URI is specified, the .Sy PORT parameter specifies the default port to connect to on the LDAP server if a .Sy HOST parameter does not specify the port itself. If no .Sy PORT parameter is used, the default is port 389 for LDAP and port 636 for LDAP over TLS (SSL). The .Sy PORT parameter is deprecated in favor of the .Sy URI specification and is included for backwards compatibility. .It Sy BIND_TIMELIMIT Ar seconds The .Sy BIND_TIMELIMIT parameter specifies the amount of time, in seconds, to wait while trying to connect to an LDAP server. If multiple .Sy URI Ns No s or .Sy HOST Ns No s are specified, this is the amount of time to wait before trying the next one in the list. .It Sy NETWORK_TIMEOUT Ar seconds An alias for .Sy BIND_TIMELIMIT for OpenLDAP compatibility. .It Sy TIMELIMIT Ar seconds The .Sy TIMELIMIT parameter specifies the amount of time, in seconds, to wait for a response to an LDAP query. .It Sy TIMEOUT Ar seconds The .Sy TIMEOUT parameter specifies the amount of time, in seconds, to wait for a response from the various LDAP APIs. .It Sy SUDOERS_BASE Ar base The base DN to use when performing .Nm sudo LDAP queries. Typically this is of the form .Li ou=SUDOers,dc=example,dc=com for the domain .Li example.com . Multiple .Sy SUDOERS_BASE lines may be specified, in which case they are queried in the order specified. .It Sy SUDOERS_SEARCH_FILTER Ar ldap_filter An LDAP filter which is used to restrict the set of records returned when performing a .Nm sudo LDAP query. Typically, this is of the form .Li attribute=value or .Li (&(attribute=value)(attribute2=value2)) . .It Sy SUDOERS_TIMED Ar on/true/yes/off/false/no Whether or not to evaluate the .Li sudoNotBefore and .Li sudoNotAfter attributes that implement time-dependent sudoers entries. .It Sy SUDOERS_DEBUG Ar debug_level This sets the debug level for .Nm sudo LDAP queries. Debugging information is printed to the standard error. A value of 1 results in a moderate amount of debugging information. A value of 2 shows the results of the matches themselves. This parameter should not be set in a production environment as the extra information is likely to confuse users. .Pp The .Sy SUDOERS_DEBUG parameter is deprecated and will be removed in a future release. The same information is now logged via the .Nm sudo debugging framework using the .Dq ldap subsystem at priorities .Em diag and .Em info for .Em debug_level values 1 and 2 respectively. See the .Xr sudo.conf @mansectform@ manual for details on how to configure .Nm sudo debugging. .It Sy BINDDN Ar DN The .Sy BINDDN parameter specifies the identity, in the form of a Distinguished Name (DN), to use when performing LDAP operations. If not specified, LDAP operations are performed with an anonymous identity. By default, most LDAP servers will allow anonymous access. .It Sy BINDPW Ar secret The .Sy BINDPW parameter specifies the password to use when performing LDAP operations. This is typically used in conjunction with the .Sy BINDDN parameter. .It Sy ROOTBINDDN Ar DN The .Sy ROOTBINDDN parameter specifies the identity, in the form of a Distinguished Name (DN), to use when performing privileged LDAP operations, such as .Em sudoers queries. The password corresponding to the identity should be stored in the or the path specified by the .Em ldap_secret plugin argument in .Xr sudo.conf @mansectform@ , which defaults to .Pa @ldap_secret@ . If no .Sy ROOTBINDDN is specified, the .Sy BINDDN identity is used (if any). .It Sy LDAP_VERSION Ar number The version of the LDAP protocol to use when connecting to the server. The default value is protocol version 3. .It Sy SSL Ar on/true/yes/off/false/no If the .Sy SSL parameter is set to .Li on , .Li true .Li or .Li yes , TLS (SSL) encryption is always used when communicating with the LDAP server. Typically, this involves connecting to the server on port 636 (ldaps). .It Sy SSL Ar start_tls If the .Sy SSL parameter is set to .Li start_tls , the LDAP server connection is initiated normally and TLS encryption is begun before the bind credentials are sent. This has the advantage of not requiring a dedicated port for encrypted communications. This parameter is only supported by LDAP servers that honor the .Em start_tls extension, such as the OpenLDAP and Tivoli Directory servers. .It Sy TLS_CHECKPEER Ar on/true/yes/off/false/no If enabled, .Sy TLS_CHECKPEER will cause the LDAP server's TLS certificated to be verified. If the server's TLS certificate cannot be verified (usually because it is signed by an unknown certificate authority), .Nm sudo will be unable to connect to it. If .Sy TLS_CHECKPEER is disabled, no check is made. Note that disabling the check creates an opportunity for man-in-the-middle attacks since the server's identity will not be authenticated. If possible, the CA's certificate should be installed locally so it can be verified. This option is not supported by the Tivoli Directory Server LDAP libraries. .It Sy TLS_CACERT Ar file name An alias for .Sy TLS_CACERTFILE for OpenLDAP compatibility. .It Sy TLS_CACERTFILE Ar file name The path to a certificate authority bundle which contains the certificates for all the Certificate Authorities the client knows to be valid, e.g.\& .Pa /etc/ssl/ca-bundle.pem . This option is only supported by the OpenLDAP libraries. Netscape-derived LDAP libraries use the same certificate database for CA and client certificates (see .Sy TLS_CERT ) . .It Sy TLS_CACERTDIR Ar directory Similar to .Sy TLS_CACERTFILE but instead of a file, it is a directory containing individual Certificate Authority certificates, e.g.\& .Pa /etc/ssl/certs . The directory specified by .Sy TLS_CACERTDIR is checked after .Sy TLS_CACERTFILE . This option is only supported by the OpenLDAP libraries. .It Sy TLS_CERT Ar file name The path to a file containing the client certificate which can be used to authenticate the client to the LDAP server. The certificate type depends on the LDAP libraries used. .Bl -tag -width 4n .It OpenLDAP: .Li tls_cert /etc/ssl/client_cert.pem .It Netscape-derived: .Li tls_cert /var/ldap/cert7.db .It Tivoli Directory Server: Unused, the key database specified by .Sy TLS_KEY contains both keys and certificates. .Pp When using Netscape-derived libraries, this file may also contain Certificate Authority certificates. .El .It Sy TLS_KEY Ar file name The path to a file containing the private key which matches the certificate specified by .Sy TLS_CERT . The private key must not be password-protected. The key type depends on the LDAP libraries used. .Bl -tag -width 4n .It OpenLDAP: .Li tls_key /etc/ssl/client_key.pem .It Netscape-derived: .Li tls_key /var/ldap/key3.db .It Tivoli Directory Server: .Li tls_key /usr/ldap/ldapkey.kdb .El When using Tivoli LDAP libraries, this file may also contain Certificate Authority and client certificates and may be encrypted. .It Sy TLS_KEYPW Ar secret The .Sy TLS_KEYPW contains the password used to decrypt the key database on clients using the Tivoli Directory Server LDAP library. This should be a simple string without quotes. The password may not include the comment character .Pq Ql # and escaping of special characters with a backslash .Pq Ql \e is not supported. If this option is used, .Pa @ldap_conf@ must not be world-readable to avoid exposing the password. Alternately, a .Em stash file can be used to store the password in encrypted form (see below). .Pp If no .Sy TLS_KEYPW is specified, a .Em stash file will be used if it exists. The .Em stash file must have the same path as the file specified by .Sy TLS_KEY , but use a .Li .sth file extension instead of .Li .kdb , e.g.\& .Li ldapkey.sth . The default .Li ldapkey.kdb that ships with Tivoli Directory Server is encrypted with the password .Li ssl_password . The .Em gsk8capicmd utility can be used to manage the key database and create a .Em stash file . This option is only supported by the Tivoli LDAP libraries. .It Sy TLS_RANDFILE Ar file name The .Sy TLS_RANDFILE parameter specifies the path to an entropy source for systems that lack a random device. It is generally used in conjunction with .Em prngd or .Em egd . This option is only supported by the OpenLDAP libraries. .It Sy TLS_CIPHERS Ar cipher list The .Sy TLS_CIPHERS parameter allows the administer to restrict which encryption algorithms may be used for TLS (SSL) connections. See the OpenLDAP or Tivoli Directory Server manual for a list of valid ciphers. This option is not supported by Netscape-derived libraries. .It Sy USE_SASL Ar on/true/yes/off/false/no Enable .Sy USE_SASL for LDAP servers that support SASL authentication. .It Sy SASL_AUTH_ID Ar identity The SASL user name to use when connecting to the LDAP server. By default, .Nm sudo will use an anonymous connection. .It Sy ROOTUSE_SASL Ar on/true/yes/off/false/no Enable .Sy ROOTUSE_SASL to enable SASL authentication when connecting to an LDAP server from a privileged process, such as .Nm sudo . .It Sy ROOTSASL_AUTH_ID Ar identity The SASL user name to use when .Sy ROOTUSE_SASL is enabled. .It Sy SASL_SECPROPS Ar none/properties SASL security properties or .Em none for no properties. See the SASL programmer's manual for details. .It Sy KRB5_CCNAME Ar file name The path to the Kerberos 5 credential cache to use when authenticating with the remote server. .It Sy DEREF Ar never/searching/finding/always How alias dereferencing is to be performed when searching. See the .Xr ldap.conf @mansectsu@ manual for a full description of this option. .El .Pp See the .Pa ldap.conf entry in the .Sx EXAMPLES section. .Ss Configuring nsswitch.conf Unless it is disabled at build time, .Nm sudo consults the Name Service Switch file, .Pa @nsswitch_conf@ , to specify the .Em sudoers search order. Sudo looks for a line beginning with .Li sudoers : and uses this to determine the search order. Note that .Nm sudo does not stop searching after the first match and later matches take precedence over earlier ones. The following sources are recognized: .Pp .Bl -tag -width 8n -offset 4n -compact .It files read sudoers from .Pa @sysconfdir@/sudoers .It ldap read sudoers from LDAP .El .Pp In addition, the entry .Li [NOTFOUND=return] will short-circuit the search if the user was not found in the preceding source. .Pp To consult LDAP first followed by the local sudoers file (if it exists), use: .Bd -literal -offset 4n sudoers: ldap files .Ed .Pp The local .Em sudoers file can be ignored completely by using: .Bd -literal -offset 4n sudoers: ldap .Ed .Pp If the .Pa @nsswitch_conf@ file is not present or there is no sudoers line, the following default is assumed: .Bd -literal -offset 4n sudoers: files .Ed .Pp Note that .Pa @nsswitch_conf@ is supported even when the underlying operating system does not use an nsswitch.conf file, except on AIX (see below). .Ss Configuring netsvc.conf On AIX systems, the .Pa @netsvc_conf@ file is consulted instead of .Pa @nsswitch_conf@ . .Nm sudo simply treats .Pa netsvc.conf as a variant of .Pa nsswitch.conf ; information in the previous section unrelated to the file format itself still applies. .Pp To consult LDAP first followed by the local sudoers file (if it exists), use: .Bd -literal -offset 4n sudoers = ldap, files .Ed .Pp The local .Em sudoers file can be ignored completely by using: .Bd -literal -offset 4n sudoers = ldap .Ed .Pp To treat LDAP as authoritative and only use the local sudoers file if the user is not present in LDAP, use: .Bd -literal -offset 4n sudoers = ldap = auth, files .Ed .Pp Note that in the above example, the .Li auth qualifier only affects user lookups; both LDAP and .Em sudoers will be queried for .Li Defaults entries. .Pp If the .Pa @netsvc_conf@ file is not present or there is no sudoers line, the following default is assumed: .Bd -literal -offset 4n sudoers = files .Ed .Sh FILES .Bl -tag -width 24n .It Pa @ldap_conf@ LDAP configuration file .It Pa @nsswitch_conf@ determines sudoers source order .It Pa @netsvc_conf@ determines sudoers source order on AIX .El .Sh EXAMPLES .Ss Example ldap.conf .Bd -literal -offset 2n # Either specify one or more URIs or one or more host:port pairs. # If neither is specified sudo will default to localhost, port 389. # #host ldapserver #host ldapserver1 ldapserver2:390 # # Default port if host is specified without one, defaults to 389. #port 389 # # URI will override the host and port settings. uri ldap://ldapserver #uri ldaps://secureldapserver #uri ldaps://secureldapserver ldap://ldapserver # # The amount of time, in seconds, to wait while trying to connect to # an LDAP server. bind_timelimit 30 # # The amount of time, in seconds, to wait while performing an LDAP query. timelimit 30 # # Must be set or sudo will ignore LDAP; may be specified multiple times. sudoers_base ou=SUDOers,dc=example,dc=com # # verbose sudoers matching from ldap #sudoers_debug 2 # # Enable support for time-based entries in sudoers. #sudoers_timed yes # # optional proxy credentials #binddn #bindpw #rootbinddn # # LDAP protocol version, defaults to 3 #ldap_version 3 # # Define if you want to use an encrypted LDAP connection. # Typically, you must also set the port to 636 (ldaps). #ssl on # # Define if you want to use port 389 and switch to # encryption before the bind credentials are sent. # Only supported by LDAP servers that support the start_tls # extension such as OpenLDAP. #ssl start_tls # # Additional TLS options follow that allow tweaking of the # SSL/TLS connection. # #tls_checkpeer yes # verify server SSL certificate #tls_checkpeer no # ignore server SSL certificate # # If you enable tls_checkpeer, specify either tls_cacertfile # or tls_cacertdir. Only supported when using OpenLDAP. # #tls_cacertfile /etc/certs/trusted_signers.pem #tls_cacertdir /etc/certs # # For systems that don't have /dev/random # use this along with PRNGD or EGD.pl to seed the # random number pool to generate cryptographic session keys. # Only supported when using OpenLDAP. # #tls_randfile /etc/egd-pool # # You may restrict which ciphers are used. Consult your SSL # documentation for which options go here. # Only supported when using OpenLDAP. # #tls_ciphers # # Sudo can provide a client certificate when communicating to # the LDAP server. # Tips: # * Enable both lines at the same time. # * Do not password protect the key file. # * Ensure the keyfile is only readable by root. # # For OpenLDAP: #tls_cert /etc/certs/client_cert.pem #tls_key /etc/certs/client_key.pem # # For SunONE or iPlanet LDAP, tls_cert and tls_key may specify either # a directory, in which case the files in the directory must have the # default names (e.g. cert8.db and key4.db), or the path to the cert # and key files themselves. However, a bug in version 5.0 of the LDAP # SDK will prevent specific file names from working. For this reason # it is suggested that tls_cert and tls_key be set to a directory, # not a file name. # # The certificate database specified by tls_cert may contain CA certs # and/or the client's cert. If the client's cert is included, tls_key # should be specified as well. # For backward compatibility, "sslpath" may be used in place of tls_cert. #tls_cert /var/ldap #tls_key /var/ldap # # If using SASL authentication for LDAP (OpenSSL) # use_sasl yes # sasl_auth_id # rootuse_sasl yes # rootsasl_auth_id # sasl_secprops none # krb5_ccname /etc/.ldapcache .Ed .Ss Sudo schema for OpenLDAP The following schema, in OpenLDAP format, is included with .Nm sudo source and binary distributions as .Pa schema.OpenLDAP . Simply copy it to the schema directory (e.g.\& .Pa /etc/openldap/schema ) , add the proper .Li include line in .Pa slapd.conf and restart .Nm slapd . .Bd -literal -offset 2n attributetype ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'Start of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributetype ( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'End of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributeTypes ( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an integer to order the sudoRole entries' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudoNotAfter $ sudoOrder $ description ) ) .Ed .Sh SEE ALSO .Xr ldap.conf @mansectform@ , .Xr sudo.conf @mansectform@ , .Xr sudoers @mansectsu@ .Sh CAVEATS Note that there are differences in the way that LDAP-based .Em sudoers is parsed compared to file-based .Em sudoers . See the .Sx Differences between LDAP and non-LDAP sudoers section for more information. .Sh BUGS If you feel you have found a bug in .Nm sudo , please submit a bug report at http://www.sudo.ws/sudo/bugs/ .Sh SUPPORT Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. .Sh DISCLAIMER .Nm sudo is provided .Dq AS IS and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with .Nm sudo or http://www.sudo.ws/sudo/license.html for complete details. sudo-1.8.9p5/doc/sudoers.man.in010064400175440000012000003136221226304127600157110ustar00millertstaff.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! .\" IT IS GENERATED AUTOMATICALLY FROM sudoers.mdoc.in .\" .\" Copyright (c) 1994-1996, 1998-2005, 2007-2014 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .\" Sponsored in part by the Defense Advanced Research Projects .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" .TH "SUDOERS" "@mansectsu@" "January 1, 2014" "Sudo @PACKAGE_VERSION@" "Programmer's Manual" .nh .if n .ad l .SH "NAME" \fBsudoers\fR \- default sudo security policy plugin .SH "DESCRIPTION" The \fIsudoers\fR policy plugin determines a user's \fBsudo\fR privileges. It is the default \fBsudo\fR policy plugin. The policy is driven by the \fI@sysconfdir@/sudoers\fR file or, optionally in LDAP. The policy format is described in detail in the \fISUDOERS FILE FORMAT\fR section. For information on storing \fIsudoers\fR policy information in LDAP, please see sudoers.ldap(@mansectform@). .SS "Configuring sudo.conf for sudoers" \fBsudo\fR consults the sudo.conf(@mansectform@) file to determine which policy and and I/O logging plugins to load. If no sudo.conf(@mansectform@) file is present, or if it contains no \fRPlugin\fR lines, \fBsudoers\fR will be used for policy decisions and I/O logging. To explicitly configure sudo.conf(@mansectform@) to use the \fBsudoers\fR plugin, the following configuration can be used. .nf .sp .RS 6n Plugin sudoers_policy sudoers.so Plugin sudoers_io sudoers.so .RE .fi .PP Starting with \fBsudo\fR 1.8.5, it is possible to specify optional arguments to the \fBsudoers\fR plugin in the sudo.conf(@mansectform@) file. These arguments, if present, should be listed after the path to the plugin (i.e.\& after \fIsudoers.so\fR). Multiple arguments may be specified, separated by white space. For example: .nf .sp .RS 6n Plugin sudoers_policy sudoers.so sudoers_mode=0400 .RE .fi .PP The following plugin arguments are supported: .TP 10n ldap_conf=pathname The \fIldap_conf\fR argument can be used to override the default path to the \fIldap.conf\fR file. .TP 10n ldap_secret=pathname The \fIldap_secret\fR argument can be used to override the default path to the \fIldap.secret\fR file. .TP 10n sudoers_file=pathname The \fIsudoers_file\fR argument can be used to override the default path to the \fIsudoers\fR file. .TP 10n sudoers_uid=uid The \fIsudoers_uid\fR argument can be used to override the default owner of the sudoers file. It should be specified as a numeric user ID. .TP 10n sudoers_gid=gid The \fIsudoers_gid\fR argument can be used to override the default group of the sudoers file. It must be specified as a numeric group ID (not a group name). .TP 10n sudoers_mode=mode The \fIsudoers_mode\fR argument can be used to override the default file mode for the sudoers file. It should be specified as an octal value. .PP For more information on configuring sudo.conf(@mansectform@), please refer to its manual. .SS "Authentication and logging" The \fIsudoers\fR security policy requires that most users authenticate themselves before they can use \fBsudo\fR. A password is not required if the invoking user is root, if the target user is the same as the invoking user, or if the policy has disabled authentication for the user or command. Unlike su(1), when \fIsudoers\fR requires authentication, it validates the invoking user's credentials, not the target user's (or root's) credentials. This can be changed via the \fIrootpw\fR, \fItargetpw\fR and \fIrunaspw\fR flags, described later. .PP If a user who is not listed in the policy tries to run a command via \fBsudo\fR, mail is sent to the proper authorities. The address used for such mail is configurable via the \fImailto\fR Defaults entry (described later) and defaults to \fR@mailto@\fR. .PP Note that mail will not be sent if an unauthorized user tries to run \fBsudo\fR with the \fB\-l\fR or \fB\-v\fR option. This allows users to determine for themselves whether or not they are allowed to use \fBsudo\fR. .PP If \fBsudo\fR is run by root and the \fRSUDO_USER\fR environment variable is set, the \fIsudoers\fR policy will use this value to determine who the actual user is. This can be used by a user to log commands through sudo even when a root shell has been invoked. It also allows the \fB\-e\fR option to remain useful even when invoked via a sudo-run script or program. Note, however, that the \fIsudoers\fR lookup is still done for root, not the user specified by \fRSUDO_USER\fR. .PP \fIsudoers\fR uses time stamp files for credential caching. Once a user has been authenticated, the time stamp is updated and the user may then use sudo without a password for a short period of time (\fR@timeout@\fR minutes unless overridden by the \fItimeout\fR option) \&. By default, \fIsudoers\fR uses a tty-based time stamp which means that there is a separate time stamp for each of a user's login sessions. The \fItty_tickets\fR option can be disabled to force the use of a single time stamp for all of a user's sessions. .PP \fIsudoers\fR can log both successful and unsuccessful attempts (as well as errors) to syslog(3), a log file, or both. By default, \fIsudoers\fR will log via syslog(3) but this is changeable via the \fIsyslog\fR and \fIlogfile\fR Defaults settings. .PP \fIsudoers\fR also supports logging a command's input and output streams. I/O logging is not on by default but can be enabled using the \fIlog_input\fR and \fIlog_output\fR Defaults flags as well as the \fRLOG_INPUT\fR and \fRLOG_OUTPUT\fR command tags. .SS "Command environment" Since environment variables can influence program behavior, \fIsudoers\fR provides a means to restrict which variables from the user's environment are inherited by the command to be run. There are two distinct ways \fIsudoers\fR can deal with environment variables. .PP By default, the \fIenv_reset\fR option is enabled. This causes commands to be executed with a new, minimal environment. On AIX (and Linux systems without PAM), the environment is initialized with the contents of the \fI/etc/environment\fR file. On BSD systems, if the \fIuse_loginclass\fR option is enabled, the environment is initialized based on the \fIpath\fR and \fIsetenv\fR settings in \fI/etc/login.conf\fR. The new environment contains the \fRTERM\fR, \fRPATH\fR, \fRHOME\fR, \fRMAIL\fR, \fRSHELL\fR, \fRLOGNAME\fR, \fRUSER\fR, \fRUSERNAME\fR and \fRSUDO_*\fR variables in addition to variables from the invoking process permitted by the \fIenv_check\fR and \fIenv_keep\fR options. This is effectively a whitelist for environment variables. .PP If, however, the \fIenv_reset\fR option is disabled, any variables not explicitly denied by the \fIenv_check\fR and \fIenv_delete\fR options are inherited from the invoking process. In this case, \fIenv_check\fR and \fIenv_delete\fR behave like a blacklist. Since it is not possible to blacklist all potentially dangerous environment variables, use of the default \fIenv_reset\fR behavior is encouraged. .PP In all cases, environment variables with a value beginning with \fR()\fR are removed as they could be interpreted as \fBbash\fR functions. The list of environment variables that \fBsudo\fR allows or denies is contained in the output of ``\fRsudo -V\fR'' when run as root. .PP Note that the dynamic linker on most operating systems will remove variables that can control dynamic linking from the environment of setuid executables, including \fBsudo\fR. Depending on the operating system this may include \fR_RLD*\fR, \fRDYLD_*\fR, \fRLD_*\fR, \fRLDR_*\fR, \fRLIBPATH\fR, \fRSHLIB_PATH\fR, and others. These type of variables are removed from the environment before \fBsudo\fR even begins execution and, as such, it is not possible for \fBsudo\fR to preserve them. .PP As a special case, if \fBsudo\fR's \fB\-i\fR option (initial login) is specified, \fIsudoers\fR will initialize the environment regardless of the value of \fIenv_reset\fR. The \fRDISPLAY\fR, \fRPATH\fR and \fRTERM\fR variables remain unchanged; \fRHOME\fR, \fRMAIL\fR, \fRSHELL\fR, \fRUSER\fR, and \fRLOGNAME\fR are set based on the target user. On AIX (and Linux systems without PAM), the contents of \fI/etc/environment\fR are also included. On BSD systems, if the \fIuse_loginclass\fR option is enabled, the \fIpath\fR and \fIsetenv\fR variables in \fI/etc/login.conf\fR are also applied. All other environment variables are removed. .PP Finally, if the \fIenv_file\fR option is defined, any variables present in that file will be set to their specified values as long as they would not conflict with an existing environment variable. .SH "SUDOERS FILE FORMAT" The \fIsudoers\fR file is composed of two types of entries: aliases (basically variables) and user specifications (which specify who may run what). .PP When multiple entries match for a user, they are applied in order. Where there are multiple matches, the last match is used (which is not necessarily the most specific match). .PP The \fIsudoers\fR grammar will be described below in Extended Backus-Naur Form (EBNF). Don't despair if you are unfamiliar with EBNF; it is fairly simple, and the definitions below are annotated. .SS "Quick guide to EBNF" EBNF is a concise and exact way of describing the grammar of a language. Each EBNF definition is made up of \fIproduction rules\fR. E.g., .PP \fRsymbol ::= definition\fR | \fRalternate1\fR | \fRalternate2 ...\fR .PP Each \fIproduction rule\fR references others and thus makes up a grammar for the language. EBNF also contains the following operators, which many readers will recognize from regular expressions. Do not, however, confuse them with ``wildcard'' characters, which have different meanings. .TP 6n \fR\&?\fR Means that the preceding symbol (or group of symbols) is optional. That is, it may appear once or not at all. .TP 6n \fR*\fR Means that the preceding symbol (or group of symbols) may appear zero or more times. .TP 6n \fR+\fR Means that the preceding symbol (or group of symbols) may appear one or more times. .PP Parentheses may be used to group symbols together. For clarity, we will use single quotes ('') to designate what is a verbatim character string (as opposed to a symbol name). .SS "Aliases" There are four kinds of aliases: \fRUser_Alias\fR, \fRRunas_Alias\fR, \fRHost_Alias\fR and \fRCmnd_Alias\fR. .nf .sp .RS 0n Alias ::= 'User_Alias' User_Alias (':' User_Alias)* | 'Runas_Alias' Runas_Alias (':' Runas_Alias)* | 'Host_Alias' Host_Alias (':' Host_Alias)* | 'Cmnd_Alias' Cmnd_Alias (':' Cmnd_Alias)* User_Alias ::= NAME '=' User_List Runas_Alias ::= NAME '=' Runas_List Host_Alias ::= NAME '=' Host_List Cmnd_Alias ::= NAME '=' Cmnd_List NAME ::= [A-Z]([A-Z][0-9]_)* .RE .fi .PP Each \fIalias\fR definition is of the form .nf .sp .RS 0n Alias_Type NAME = item1, item2, ... .RE .fi .PP where \fIAlias_Type\fR is one of \fRUser_Alias\fR, \fRRunas_Alias\fR, \fRHost_Alias\fR, or \fRCmnd_Alias\fR. A \fRNAME\fR is a string of uppercase letters, numbers, and underscore characters (`_'). A \fRNAME\fR \fBmust\fR start with an uppercase letter. It is possible to put several alias definitions of the same type on a single line, joined by a colon (`:\&'). E.g., .nf .sp .RS 0n Alias_Type NAME = item1, item2, item3 : NAME = item4, item5 .RE .fi .PP The definitions of what constitutes a valid \fIalias\fR member follow. .nf .sp .RS 0n User_List ::= User | User ',' User_List User ::= '!'* user name | '!'* #uid | '!'* %group | '!'* %#gid | '!'* +netgroup | '!'* %:nonunix_group | '!'* %:#nonunix_gid | '!'* User_Alias .RE .fi .PP A \fRUser_List\fR is made up of one or more user names, user IDs (prefixed with `#'), system group names and IDs (prefixed with `%' and `%#' respectively), netgroups (prefixed with `+'), non-Unix group names and IDs (prefixed with `%:' and `%:#' respectively) and \fRUser_Alias\fRes. Each list item may be prefixed with zero or more `\&!' operators. An odd number of `\&!' operators negate the value of the item; an even number just cancel each other out. .PP A \fRuser name\fR, \fRuid\fR, \fRgroup\fR, \fRgid\fR, \fRnetgroup\fR, \fRnonunix_group\fR or \fRnonunix_gid\fR may be enclosed in double quotes to avoid the need for escaping special characters. Alternately, special characters may be specified in escaped hex mode, e.g.\& \ex20 for space. When using double quotes, any prefix characters must be included inside the quotes. .PP The actual \fRnonunix_group\fR and \fRnonunix_gid\fR syntax depends on the underlying group provider plugin. For instance, the QAS AD plugin supports the following formats: .TP 6n \fBo\fR Group in the same domain: "%:Group Name" .TP 6n \fBo\fR Group in any domain: "%:Group Name@FULLY.QUALIFIED.DOMAIN" .TP 6n \fBo\fR Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567" .PP See \fIGROUP PROVIDER PLUGINS\fR for more information. .PP Note that quotes around group names are optional. Unquoted strings must use a backslash (`\e') to escape spaces and special characters. See \fIOther special characters and reserved words\fR for a list of characters that need to be escaped. .nf .sp .RS 0n Runas_List ::= Runas_Member | Runas_Member ',' Runas_List Runas_Member ::= '!'* user name | '!'* #uid | '!'* %group | '!'* %#gid | '!'* %:nonunix_group | '!'* %:#nonunix_gid | '!'* +netgroup | '!'* Runas_Alias .RE .fi .PP A \fRRunas_List\fR is similar to a \fRUser_List\fR except that instead of \fRUser_Alias\fRes it can contain \fRRunas_Alias\fRes. Note that user names and groups are matched as strings. In other words, two users (groups) with the same uid (gid) are considered to be distinct. If you wish to match all user names with the same uid (e.g.\& root and toor), you can use a uid instead (#0 in the example given). .nf .sp .RS 0n Host_List ::= Host | Host ',' Host_List Host ::= '!'* host name | '!'* ip_addr | '!'* network(/netmask)? | '!'* +netgroup | '!'* Host_Alias .RE .fi .PP A \fRHost_List\fR is made up of one or more host names, IP addresses, network numbers, netgroups (prefixed with `+') and other aliases. Again, the value of an item may be negated with the `\&!' operator. If you do not specify a netmask along with the network number, \fBsudo\fR will query each of the local host's network interfaces and, if the network number corresponds to one of the hosts's network interfaces, the corresponding netmask will be used. The netmask may be specified either in standard IP address notation (e.g.\& 255.255.255.0 or ffff:ffff:ffff:ffff::), or CIDR notation (number of bits, e.g.\& 24 or 64). A host name may include shell-style wildcards (see the \fIWildcards\fR section below), but unless the \fRhost name\fR command on your machine returns the fully qualified host name, you'll need to use the \fIfqdn\fR option for wildcards to be useful. Note that \fBsudo\fR only inspects actual network interfaces; this means that IP address 127.0.0.1 (localhost) will never match. Also, the host name ``localhost'' will only match if that is the actual host name, which is usually only the case for non-networked systems. .nf .sp .RS 0n digest ::= [A-Fa-f0-9]+ | [[A-Za-z0-9\+/=]+ Digest_Spec ::= "sha224" ':' digest | "sha256" ':' digest | "sha384" ':' digest | "sha512" ':' digest Cmnd_List ::= Cmnd | Cmnd ',' Cmnd_List command name ::= file name | file name args | file name '""' Cmnd ::= Digest_Spec? '!'* command name | '!'* directory | '!'* "sudoedit" | '!'* Cmnd_Alias .RE .fi .PP A \fRCmnd_List\fR is a list of one or more command names, directories, and other aliases. A command name is a fully qualified file name which may include shell-style wildcards (see the \fIWildcards\fR section below). A simple file name allows the user to run the command with any arguments he/she wishes. However, you may also specify command line arguments (including wildcards). Alternately, you can specify \fR\&""\fR to indicate that the command may only be run \fBwithout\fR command line arguments. A directory is a fully qualified path name ending in a `/'. When you specify a directory in a \fRCmnd_List\fR, the user will be able to run any file within that directory (but not in any sub-directories therein). .PP If a \fRCmnd\fR has associated command line arguments, then the arguments in the \fRCmnd\fR must match exactly those given by the user on the command line (or match the wildcards if there are any). Note that the following characters must be escaped with a `\e' if they are used in command arguments: `,\&', `:\&', `=\&', `\e'. The built-in command ``\fRsudoedit\fR'' is used to permit a user to run \fBsudo\fR with the \fB\-e\fR option (or as \fBsudoedit\fR). It may take command line arguments just as a normal command does. Note that ``\fRsudoedit\fR'' is a command built into \fBsudo\fR itself and must be specified in \fIsudoers\fR without a leading path. .PP If a \fRcommand name\fR is prefixed with a \fRDigest_Spec\fR, the command will only match successfully if it can be verified using the specified SHA-2 digest. This may be useful in situations where the user invoking \fBsudo\fR has write access to the command or its parent directory. The following digest formats are supported: sha224, sha256, sha384 and sha512. The string may be specified in either hex or base64 format (base64 is more compact). There are several utilities capable of generating SHA-2 digests in hex format such as openssl, shasum, sha224sum, sha256sum, sha384sum, sha512sum. .PP For example, using openssl: .nf .sp .RS 0n $ openssl dgst -sha224 /bin/ls SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25 .RE .fi .PP It is also possible to use openssl to generate base64 output: .nf .sp .RS 0n $ openssl dgst -binary -sha224 /bin/ls | openssl base64 EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ== .RE .fi .PP Command digests are only supported by version 1.8.7 or higher. .SS "Defaults" Certain configuration options may be changed from their default values at run-time via one or more \fRDefault_Entry\fR lines. These may affect all users on any host, all users on a specific host, a specific user, a specific command, or commands being run as a specific user. Note that per-command entries may not include command line arguments. If you need to specify arguments, define a \fRCmnd_Alias\fR and reference that instead. .nf .sp .RS 0n Default_Type ::= 'Defaults' | 'Defaults' '@' Host_List | 'Defaults' ':' User_List | 'Defaults' '!' Cmnd_List | 'Defaults' '>' Runas_List Default_Entry ::= Default_Type Parameter_List Parameter_List ::= Parameter | Parameter ',' Parameter_List Parameter ::= Parameter '=' Value | Parameter '+=' Value | Parameter '-=' Value | '!'* Parameter .RE .fi .PP Parameters may be \fBflags\fR, \fBinteger\fR values, \fBstrings\fR, or \fBlists\fR. Flags are implicitly boolean and can be turned off via the `\&!' operator. Some integer, string and list parameters may also be used in a boolean context to disable them. Values may be enclosed in double quotes (\&"") when they contain multiple words. Special characters may be escaped with a backslash (`\e'). .PP Lists have two additional assignment operators, \fR+=\fR and \fR-=\fR. These operators are used to add to and delete from a list respectively. It is not an error to use the \fR-=\fR operator to remove an element that does not exist in a list. .PP Defaults entries are parsed in the following order: generic, host and user Defaults first, then runas Defaults and finally command defaults. .PP See \fISUDOERS OPTIONS\fR for a list of supported Defaults parameters. .SS "User specification" .nf .RS 0n User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \e (':' Host_List '=' Cmnd_Spec_List)* Cmnd_Spec_List ::= Cmnd_Spec | Cmnd_Spec ',' Cmnd_Spec_List Cmnd_Spec ::= Runas_Spec? SELinux_Spec? Solaris_Priv_Spec? Tag_Spec* Cmnd Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')' SELinux_Spec ::= ('ROLE=role' | 'TYPE=type') Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset') Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' | 'SETENV:' | 'NOSETENV:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' | 'LOG_OUTPUT:' | 'NOLOG_OUTPUT:') .RE .fi .PP A \fBuser specification\fR determines which commands a user may run (and as what user) on specified hosts. By default, commands are run as \fBroot\fR, but this can be changed on a per-command basis. .PP The basic structure of a user specification is ``who where = (as_whom) what''. Let's break that down into its constituent parts: .SS "Runas_Spec" A \fRRunas_Spec\fR determines the user and/or the group that a command may be run as. A fully-specified \fRRunas_Spec\fR consists of two \fRRunas_List\fRs (as defined above) separated by a colon (`:\&') and enclosed in a set of parentheses. The first \fRRunas_List\fR indicates which users the command may be run as via \fBsudo\fR's \fB\-u\fR option. The second defines a list of groups that can be specified via \fBsudo\fR's \fB\-g\fR option. If both \fRRunas_List\fRs are specified, the command may be run with any combination of users and groups listed in their respective \fRRunas_List\fRs. If only the first is specified, the command may be run as any user in the list but no \fB\-g\fR option may be specified. If the first \fRRunas_List\fR is empty but the second is specified, the command may be run as the invoking user with the group set to any listed in the \fRRunas_List\fR. If both \fRRunas_List\fRs are empty, the command may only be run as the invoking user. If no \fRRunas_Spec\fR is specified the command may be run as \fBroot\fR and no group may be specified. .PP A \fRRunas_Spec\fR sets the default for the commands that follow it. What this means is that for the entry: .nf .sp .RS 0n dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm .RE .fi .PP The user \fBdgb\fR may run \fI/bin/ls\fR, \fI/bin/kill\fR, and \fI/usr/bin/lprm\fR\(embut only as \fBoperator\fR. E.g., .nf .sp .RS 0n $ sudo -u operator /bin/ls .RE .fi .PP It is also possible to override a \fRRunas_Spec\fR later on in an entry. If we modify the entry like so: .nf .sp .RS 0n dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm .RE .fi .PP Then user \fBdgb\fR is now allowed to run \fI/bin/ls\fR as \fBoperator\fR, but \fI/bin/kill\fR and \fI/usr/bin/lprm\fR as \fBroot\fR. .PP We can extend this to allow \fBdgb\fR to run \fR/bin/ls\fR with either the user or group set to \fBoperator\fR: .nf .sp .RS 0n dgb boulder = (operator : operator) /bin/ls, (root) /bin/kill,\e /usr/bin/lprm .RE .fi .PP Note that while the group portion of the \fRRunas_Spec\fR permits the user to run as command with that group, it does not force the user to do so. If no group is specified on the command line, the command will run with the group listed in the target user's password database entry. The following would all be permitted by the sudoers entry above: .nf .sp .RS 0n $ sudo -u operator /bin/ls $ sudo -u operator -g operator /bin/ls $ sudo -g operator /bin/ls .RE .fi .PP In the following example, user \fBtcm\fR may run commands that access a modem device file with the dialer group. .nf .sp .RS 0n tcm boulder = (:dialer) /usr/bin/tip, /usr/bin/cu,\e /usr/local/bin/minicom .RE .fi .PP Note that in this example only the group will be set, the command still runs as user \fBtcm\fR. E.g.\& .nf .sp .RS 0n $ sudo -g dialer /usr/bin/cu .RE .fi .PP Multiple users and groups may be present in a \fRRunas_Spec\fR, in which case the user may select any combination of users and groups via the \fB\-u\fR and \fB\-g\fR options. In this example: .nf .sp .RS 0n alan ALL = (root, bin : operator, system) ALL .RE .fi .PP user \fBalan\fR may run any command as either user root or bin, optionally setting the group to operator or system. .SS "SELinux_Spec" On systems with SELinux support, \fIsudoers\fR entries may optionally have an SELinux role and/or type associated with a command. If a role or type is specified with the command it will override any default values specified in \fIsudoers\fR. A role or type specified on the command line, however, will supersede the values in \fIsudoers\fR. .SS "Solaris_Priv_Spec" On Solaris systems, \fIsudoers\fR entries may optionally specify Solaris privilege set and/or limit privilege set associated with a command. If privileges or limit privileges are specified with the command it will override any default values specified in \fIsudoers\fR. .PP A privilege set is a comma-separated list of privilege names. The ppriv(1) command can be used to list all privileges known to the system. For example: .nf .sp .RS 0n $ ppriv -l .RE .fi .PP In addition, there are several ``special'' privilege strings: .TP 10n none the empty set .TP 10n all the set of all privileges .TP 10n zone the set of all privileges available in the current zone .TP 10n basic the default set of privileges normal users are granted at login time .PP Privileges can be excluded from a set by prefixing the privilege name with either an `\&!' or `\-' character. .SS "Tag_Spec" A command may have zero or more tags associated with it. There are ten possible tag values: \fRNOPASSWD\fR, \fRPASSWD\fR, \fRNOEXEC\fR, \fREXEC\fR, \fRSETENV\fR, \fRNOSETENV\fR, \fRLOG_INPUT\fR, \fRNOLOG_INPUT\fR, \fRLOG_OUTPUT\fR and \fRNOLOG_OUTPUT\fR. Once a tag is set on a \fRCmnd\fR, subsequent \fRCmnd\fRs in the \fRCmnd_Spec_List\fR, inherit the tag unless it is overridden by the opposite tag (in other words, \fRPASSWD\fR overrides \fRNOPASSWD\fR and \fRNOEXEC\fR overrides \fREXEC\fR). .TP 2n \fINOPASSWD\fR and \fIPASSWD\fR .sp By default, \fBsudo\fR requires that a user authenticate him or herself before running a command. This behavior can be modified via the \fRNOPASSWD\fR tag. Like a \fRRunas_Spec\fR, the \fRNOPASSWD\fR tag sets a default for the commands that follow it in the \fRCmnd_Spec_List\fR. Conversely, the \fRPASSWD\fR tag can be used to reverse things. For example: .RS .nf .sp .RS 0n ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm .RE .fi .sp would allow the user \fBray\fR to run \fI/bin/kill\fR, \fI/bin/ls\fR, and \fI/usr/bin/lprm\fR as \fBroot\fR on the machine rushmore without authenticating himself. If we only want \fBray\fR to be able to run \fI/bin/kill\fR without a password the entry would be: .nf .sp .RS 0n ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm .RE .fi .sp Note, however, that the \fRPASSWD\fR tag has no effect on users who are in the group specified by the \fIexempt_group\fR option. .sp By default, if the \fRNOPASSWD\fR tag is applied to any of the entries for a user on the current host, he or she will be able to run ``\fRsudo -l\fR'' without a password. Additionally, a user may only run ``\fRsudo -v\fR'' without a password if the \fRNOPASSWD\fR tag is present for all a user's entries that pertain to the current host. This behavior may be overridden via the \fIverifypw\fR and \fIlistpw\fR options. .PP .RE .PD 0 .TP 2n \fINOEXEC\fR and \fIEXEC\fR .sp If \fBsudo\fR has been compiled with \fInoexec\fR support and the underlying operating system supports it, the \fRNOEXEC\fR tag can be used to prevent a dynamically-linked executable from running further commands itself. .sp In the following example, user \fBaaron\fR may run \fI/usr/bin/more\fR and \fI/usr/bin/vi\fR but shell escapes will be disabled. .RS .nf .sp .RS 0n aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi .RE .fi .sp See the \fIPreventing shell escapes\fR section below for more details on how \fRNOEXEC\fR works and whether or not it will work on your system. .PD .PP .RE .PD 0 .TP 2n \fISETENV\fR and \fINOSETENV\fR .sp These tags override the value of the \fIsetenv\fR option on a per-command basis. Note that if \fRSETENV\fR has been set for a command, the user may disable the \fIenv_reset\fR option from the command line via the \fB\-E\fR option. Additionally, environment variables set on the command line are not subject to the restrictions imposed by \fIenv_check\fR, \fIenv_delete\fR, or \fIenv_keep\fR. As such, only trusted users should be allowed to set variables in this manner. If the command matched is \fBALL\fR, the \fRSETENV\fR tag is implied for that command; this default may be overridden by use of the \fRNOSETENV\fR tag. .PD .TP 2n \fILOG_INPUT\fR and \fINOLOG_INPUT\fR .sp These tags override the value of the \fIlog_input\fR option on a per-command basis. For more information, see the description of \fIlog_input\fR in the \fISUDOERS OPTIONS\fR section below. .TP 2n \fILOG_OUTPUT\fR and \fINOLOG_OUTPUT\fR .sp These tags override the value of the \fIlog_output\fR option on a per-command basis. For more information, see the description of \fIlog_output\fR in the \fISUDOERS OPTIONS\fR section below. .SS "Wildcards" \fBsudo\fR allows shell-style \fIwildcards\fR (aka meta or glob characters) to be used in host names, path names and command line arguments in the \fIsudoers\fR file. Wildcard matching is done via the glob(3) and fnmatch(3) functions as specified by IEEE Std 1003.1 (\(lqPOSIX.1\(rq). Note that these are \fInot\fR regular expressions. .TP 10n \fR*\fR Matches any set of zero or more characters. .TP 10n \fR\&?\fR Matches any single character. .TP 10n \fR[...]\fR Matches any character in the specified range. .TP 10n \fR[!...]\fR Matches any character \fBnot\fR in the specified range. .TP 10n \fR\ex\fR For any character `x', evaluates to `x'. This is used to escape special characters such as: `*', `\&?', `[\&', and `]\&'. .PP Character classes may also be used if your system's glob(3) and fnmatch(3) functions support them. However, because the `:\&' character has special meaning in \fIsudoers\fR, it must be escaped. For example: .nf .sp .RS 4n /bin/ls [[\:alpha\:]]* .RE .fi .PP Would match any file name beginning with a letter. .PP Note that a forward slash (`/') will \fBnot\fR be matched by wildcards used in the path name. This is to make a path like: .nf .sp .RS 4n /usr/bin/* .RE .fi .PP match \fI/usr/bin/who\fR but not \fI/usr/bin/X11/xterm\fR. .PP When matching the command line arguments, however, a slash \fBdoes\fR get matched by wildcards since command line arguments may contain arbitrary strings and not just path names. .PP Wildcards in command line arguments should be used with care. Because command line arguments are matched as a single, concatenated string, a wildcard such as `\&?' or `*' can match multiple words. For example, while a sudoers entry like: .nf .sp .RS 4n %operator ALL = /bin/cat /var/log/messages* .RE .fi .PP will allow command like: .nf .sp .RS 4n $ sudo cat /var/log/messages.1 .RE .fi .PP It will also allow: .nf .sp .RS 4n $ sudo cat /var/log/messages /etc/shadow .RE .fi .PP which is probably not what was intended. .SS "Exceptions to wildcard rules" The following exceptions apply to the above rules: .TP 10n \fR\&""\fR If the empty string \fR\&""\fR is the only command line argument in the \fIsudoers\fR entry it means that command is not allowed to be run with \fBany\fR arguments. .TP 10n sudoedit Command line arguments to the \fIsudoedit\fR built-in command should always be path names, so a forward slash (`/') will not be matched by a wildcard. .SS "Including other files from within sudoers" It is possible to include other \fIsudoers\fR files from within the \fIsudoers\fR file currently being parsed using the \fR#include\fR and \fR#includedir\fR directives. .PP This can be used, for example, to keep a site-wide \fIsudoers\fR file in addition to a local, per-machine file. For the sake of this example the site-wide \fIsudoers\fR will be \fI/etc/sudoers\fR and the per-machine one will be \fI/etc/sudoers.local\fR. To include \fI/etc/sudoers.local\fR from within \fI/etc/sudoers\fR we would use the following line in \fI/etc/sudoers\fR: .nf .sp .RS 4n #include /etc/sudoers.local .RE .fi .PP When \fBsudo\fR reaches this line it will suspend processing of the current file (\fI/etc/sudoers\fR) and switch to \fI/etc/sudoers.local\fR. Upon reaching the end of \fI/etc/sudoers.local\fR, the rest of \fI/etc/sudoers\fR will be processed. Files that are included may themselves include other files. A hard limit of 128 nested include files is enforced to prevent include file loops. .PP If the path to the include file is not fully-qualified (does not begin with a `/', it must be located in the same directory as the sudoers file it was included from. For example, if \fI/etc/sudoers\fR contains the line: .nf .sp .RS 4n \fR#include sudoers.local\fR .RE .fi .PP the file that will be included is \fI/etc/sudoers.local\fR. .PP The file name may also include the \fR%h\fR escape, signifying the short form of the host name. In other words, if the machine's host name is ``xerxes'', then .nf .sp .RS 4n #include /etc/sudoers.%h .RE .fi .PP will cause \fBsudo\fR to include the file \fI/etc/sudoers.xerxes\fR. .PP The \fR#includedir\fR directive can be used to create a \fIsudo.d\fR directory that the system package manager can drop \fIsudoers\fR rules into as part of package installation. For example, given: .nf .sp .RS 4n #includedir /etc/sudoers.d .RE .fi .PP \fBsudo\fR will read each file in \fI/etc/sudoers.d\fR, skipping file names that end in `~' or contain a `.\&' character to avoid causing problems with package manager or editor temporary/backup files. Files are parsed in sorted lexical order. That is, \fI/etc/sudoers.d/01_first\fR will be parsed before \fI/etc/sudoers.d/10_second\fR. Be aware that because the sorting is lexical, not numeric, \fI/etc/sudoers.d/1_whoops\fR would be loaded \fBafter\fR \fI/etc/sudoers.d/10_second\fR. Using a consistent number of leading zeroes in the file names can be used to avoid such problems. .PP Note that unlike files included via \fR#include\fR, \fBvisudo\fR will not edit the files in a \fR#includedir\fR directory unless one of them contains a syntax error. It is still possible to run \fBvisudo\fR with the \fB\-f\fR flag to edit the files directly. .SS "Other special characters and reserved words" The pound sign (`#') is used to indicate a comment (unless it is part of a #include directive or unless it occurs in the context of a user name and is followed by one or more digits, in which case it is treated as a uid). Both the comment character and any text after it, up to the end of the line, are ignored. .PP The reserved word \fBALL\fR is a built-in \fIalias\fR that always causes a match to succeed. It can be used wherever one might otherwise use a \fRCmnd_Alias\fR, \fRUser_Alias\fR, \fRRunas_Alias\fR, or \fRHost_Alias\fR. You should not try to define your own \fIalias\fR called \fBALL\fR as the built-in alias will be used in preference to your own. Please note that using \fBALL\fR can be dangerous since in a command context, it allows the user to run \fBany\fR command on the system. .PP An exclamation point (`\&!') can be used as a logical \fInot\fR operator in a list or \fIalias\fR as well as in front of a \fRCmnd\fR. This allows one to exclude certain values. For the `\&!' operator to be effective, there must be something for it to exclude. For example, to match all users except for root one would use: .nf .sp .RS 4n ALL,!root .RE .fi .PP If the \fBALL\fR, is omitted, as in: .nf .sp .RS 4n !root .RE .fi .PP it would explicitly deny root but not match any other users. This is different from a true ``negation'' operator. .PP Note, however, that using a `\&!' in conjunction with the built-in \fBALL\fR alias to allow a user to run ``all but a few'' commands rarely works as intended (see \fISECURITY NOTES\fR below). .PP Long lines can be continued with a backslash (`\e') as the last character on the line. .PP White space between elements in a list as well as special syntactic characters in a \fIUser Specification\fR (`=\&', `:\&', `(\&', `)\&') is optional. .PP The following characters must be escaped with a backslash (`\e') when used as part of a word (e.g.\& a user name or host name): `\&!', `=\&', `:\&', `,\&', `(\&', `)\&', `\e'. .SH "SUDOERS OPTIONS" \fBsudo\fR's behavior can be modified by \fRDefault_Entry\fR lines, as explained earlier. A list of all supported Defaults parameters, grouped by type, are listed below. .PP \fBBoolean Flags\fR: .TP 18n always_set_home If enabled, \fBsudo\fR will set the \fRHOME\fR environment variable to the home directory of the target user (which is root unless the \fB\-u\fR option is used). This effectively means that the \fB\-H\fR option is always implied. Note that \fRHOME\fR is already set when the \fIenv_reset\fR option is enabled, so \fIalways_set_home\fR is only effective for configurations where either \fIenv_reset\fR is disabled or \fRHOME\fR is present in the \fIenv_keep\fR list. This flag is \fIoff\fR by default. .TP 18n authenticate If set, users must authenticate themselves via a password (or other means of authentication) before they may run commands. This default may be overridden via the \fRPASSWD\fR and \fRNOPASSWD\fR tags. This flag is \fIon\fR by default. .TP 18n closefrom_override If set, the user may use \fBsudo\fR's \fB\-C\fR option which overrides the default starting point at which \fBsudo\fR begins closing open file descriptors. This flag is \fIoff\fR by default. .TP 18n compress_io If set, and \fBsudo\fR is configured to log a command's input or output, the I/O logs will be compressed using \fBzlib\fR. This flag is \fIon\fR by default when \fBsudo\fR is compiled with \fBzlib\fR support. .TP 18n exec_background By default, \fBsudo\fR runs a command as the foreground process as long as \fBsudo\fR itself is running in the foreground. When the \fIexec_background\fR flag is enabled and the command is being run in a pty (due to I/O logging or the \fIuse_pty\fR flag), the command will be run as a background process. Attempts to read from the controlling terminal (or to change terminal settings) will result in the command being suspended with the \fRSIGTTIN\fR signal (or \fRSIGTTOU\fR in the case of terminal settings). If this happens when \fBsudo\fR is a foreground process, the command will be granted the controlling terminal and resumed in the foreground with no user intervention required. The advantage of initially running the command in the background is that \fBsudo\fR need not read from the terminal unless the command explicitly requests it. Otherwise, any terminal input must be passed to the command, whether it has required it or not (the kernel buffers terminals so it is not possible to tell whether the command really wants the input). This is different from historic \fIsudo\fR behavior or when the command is not being run in a pty. .sp For this to work seamlessly, the operating system must support the automatic restarting of system calls. Unfortunately, not all operating systems do this by default, and even those that do may have bugs. For example, Mac OS X fails to restart the \fBtcgetattr\fR() and \fBtcsetattr\fR() system calls (this is a bug in Mac OS X). Furthermore, because this behavior depends on the command stopping with the \fRSIGTTIN\fR or \fRSIGTTOU\fR signals, programs that catch these signals and suspend themselves with a different signal (usually \fRSIGTOP\fR) will not be automatically foregrounded. Some versions of the linux su(1) command behave this way. .sp This setting is only supported by version 1.8.7 or higher. It has no effect unless I/O logging is enabled or the \fIuse_pty\fR flag is enabled. .TP 18n env_editor If set, \fBvisudo\fR will use the value of the \fREDITOR\fR or \fRVISUAL\fR environment variables before falling back on the default editor list. Note that this may create a security hole as it allows the user to run any arbitrary command as root without logging. A safer alternative is to place a colon-separated list of editors in the \fReditor\fR variable. \fBvisudo\fR will then only use the \fREDITOR\fR or \fRVISUAL\fR if they match a value specified in \fReditor\fR. This flag is \fI@env_editor@\fR by default. .TP 18n env_reset If set, \fBsudo\fR will run the command in a minimal environment containing the \fRTERM\fR, \fRPATH\fR, \fRHOME\fR, \fRMAIL\fR, \fRSHELL\fR, \fRLOGNAME\fR, \fRUSER\fR, \fRUSERNAME\fR and \fRSUDO_*\fR variables. Any variables in the caller's environment that match the \fRenv_keep\fR and \fRenv_check\fR lists are then added, followed by any variables present in the file specified by the \fIenv_file\fR option (if any). The default contents of the \fRenv_keep\fR and \fRenv_check\fR lists are displayed when \fBsudo\fR is run by root with the \fB\-V\fR option. If the \fIsecure_path\fR option is set, its value will be used for the \fRPATH\fR environment variable. This flag is \fI@env_reset@\fR by default. .TP 18n fast_glob Normally, \fBsudo\fR uses the glob(3) function to do shell-style globbing when matching path names. However, since it accesses the file system, glob(3) can take a long time to complete for some patterns, especially when the pattern references a network file system that is mounted on demand (auto mounted). The \fIfast_glob\fR option causes \fBsudo\fR to use the fnmatch(3) function, which does not access the file system to do its matching. The disadvantage of \fIfast_glob\fR is that it is unable to match relative path names such as \fI./ls\fR or \fI../bin/ls\fR. This has security implications when path names that include globbing characters are used with the negation operator, `!\&', as such rules can be trivially bypassed. As such, this option should not be used when \fIsudoers\fR contains rules that contain negated path names which include globbing characters. This flag is \fIoff\fR by default. .TP 18n fqdn Set this flag if you want to put fully qualified host names in the \fIsudoers\fR file when the local host name (as returned by the \fRhostname\fR command) does not contain the domain name. In other words, instead of myhost you would use myhost.mydomain.edu. You may still use the short form if you wish (and even mix the two). This option is only effective when the ``canonical'' host name, as returned by the \fBgetaddrinfo\fR() or \fBgethostbyname\fR() function, is a fully-qualified domain name. This is usually the case when the system is configured to use DNS for host name resolution. .sp If the system is configured to use the \fI/etc/hosts\fR file in preference to DNS, the ``canonical'' host name may not be fully-qualified. The order that sources are queried for host name resolution is usually specified in the \fI@nsswitch_conf@\fR, \fI@netsvc_conf@\fR, \fI/etc/host.conf\fR, or, in some cases, \fI/etc/resolv.conf\fR file. In the \fI/etc/hosts\fR file, the first host name of the entry is considered to be the ``canonical'' name; subsequent names are aliases that are not used by \fBsudoers\fR. For example, the following hosts file line for the machine ``xyzzy'' has the fully-qualified domain name as the ``canonical'' host name, and the short version as an alias. .sp .RS 6n 192.168.1.1 xyzzy.sudo.ws xyzzy .RE .sp If the machine's hosts file entry is not formatted properly, the \fIfqdn\fR option will not be effective if it is queried before DNS. .sp Beware that when using DNS for host name resolution, turning on \fIfqdn\fR requires \fBsudoers\fR to make DNS lookups which renders \fBsudo\fR unusable if DNS stops working (for example if the machine is disconnected from the network). Also note that just like with the hosts file, you must use the ``canonical'' name as DNS knows it. That is, you may not use a host alias (\fRCNAME\fR entry) due to performance issues and the fact that there is no way to get all aliases from DNS. .sp This flag is \fI@fqdn@\fR by default. .TP 18n ignore_dot If set, \fBsudo\fR will ignore "." or "" (both denoting current directory) in the \fRPATH\fR environment variable; the \fRPATH\fR itself is not modified. This flag is \fI@ignore_dot@\fR by default. .TP 18n ignore_local_sudoers If set via LDAP, parsing of \fI@sysconfdir@/sudoers\fR will be skipped. This is intended for Enterprises that wish to prevent the usage of local sudoers files so that only LDAP is used. This thwarts the efforts of rogue operators who would attempt to add roles to \fI@sysconfdir@/sudoers\fR. When this option is present, \fI@sysconfdir@/sudoers\fR does not even need to exist. Since this option tells \fBsudo\fR how to behave when no specific LDAP entries have been matched, this sudoOption is only meaningful for the \fRcn=defaults\fR section. This flag is \fIoff\fR by default. .TP 18n insults If set, \fBsudo\fR will insult users when they enter an incorrect password. This flag is \fI@insults@\fR by default. .TP 18n log_host If set, the host name will be logged in the (non-syslog) \fBsudo\fR log file. This flag is \fIoff\fR by default. .TP 18n log_input If set, \fBsudo\fR will run the command in a \fIpseudo tty\fR and log all user input. If the standard input is not connected to the user's tty, due to I/O redirection or because the command is part of a pipeline, that input is also captured and stored in a separate log file. .sp Input is logged to the directory specified by the \fIiolog_dir\fR option (\fI@iolog_dir@\fR by default) using a unique session ID that is included in the normal \fBsudo\fR log line, prefixed with ``\fRTSID=\fR''. The \fIiolog_file\fR option may be used to control the format of the session ID. .sp Note that user input may contain sensitive information such as passwords (even if they are not echoed to the screen), which will be stored in the log file unencrypted. In most cases, logging the command output via \fIlog_output\fR is all that is required. .TP 18n log_output If set, \fBsudo\fR will run the command in a \fIpseudo tty\fR and log all output that is sent to the screen, similar to the script(1) command. If the standard output or standard error is not connected to the user's tty, due to I/O redirection or because the command is part of a pipeline, that output is also captured and stored in separate log files. .sp Output is logged to the directory specified by the \fIiolog_dir\fR option (\fI@iolog_dir@\fR by default) using a unique session ID that is included in the normal \fBsudo\fR log line, prefixed with ``\fRTSID=\fR''. The \fIiolog_file\fR option may be used to control the format of the session ID. .sp Output logs may be viewed with the sudoreplay(@mansectsu@) utility, which can also be used to list or search the available logs. .TP 18n log_year If set, the four-digit year will be logged in the (non-syslog) \fBsudo\fR log file. This flag is \fIoff\fR by default. .TP 18n long_otp_prompt When validating with a One Time Password (OTP) scheme such as \fBS/Key\fR or \fBOPIE\fR, a two-line prompt is used to make it easier to cut and paste the challenge to a local window. It's not as pretty as the default but some people find it more convenient. This flag is \fI@long_otp_prompt@\fR by default. .TP 18n mail_always Send mail to the \fImailto\fR user every time a users runs \fBsudo\fR. This flag is \fIoff\fR by default. .TP 18n mail_badpass Send mail to the \fImailto\fR user if the user running \fBsudo\fR does not enter the correct password. If the command the user is attempting to run is not permitted by \fIsudoers\fR and one of the \fImail_always\fR, \fImail_no_host\fR, \fImail_no_perms\fR or \fImail_no_user\fR flags are set, this flag will have no effect. This flag is \fIoff\fR by default. .TP 18n mail_no_host If set, mail will be sent to the \fImailto\fR user if the invoking user exists in the \fIsudoers\fR file, but is not allowed to run commands on the current host. This flag is \fI@mail_no_host@\fR by default. .TP 18n mail_no_perms If set, mail will be sent to the \fImailto\fR user if the invoking user is allowed to use \fBsudo\fR but the command they are trying is not listed in their \fIsudoers\fR file entry or is explicitly denied. This flag is \fI@mail_no_perms@\fR by default. .TP 18n mail_no_user If set, mail will be sent to the \fImailto\fR user if the invoking user is not in the \fIsudoers\fR file. This flag is \fI@mail_no_user@\fR by default. .TP 18n noexec If set, all commands run via \fBsudo\fR will behave as if the \fRNOEXEC\fR tag has been set, unless overridden by a \fREXEC\fR tag. See the description of \fINOEXEC and EXEC\fR below as well as the \fIPreventing shell escapes\fR section at the end of this manual. This flag is \fIoff\fR by default. .TP 18n pam_session On systems that use PAM for authentication, \fBsudo\fR will create a new PAM session for the command to be run in. Disabling \fIpam_session\fR may be needed on older PAM implementations or on operating systems where opening a PAM session changes the utmp or wtmp files. If PAM session support is disabled, resource limits may not be updated for the command being run. If \fIpam_session\fR, \fIpam_setcred\fR, and \fIuse_pty\fR are disabled and I/O logging has not been configured, \fBsudo\fR will execute the command directly instead of running it as a child process. This flag is \fI@pam_session@\fR by default. .sp This setting is only supported by version 1.8.7 or higher. .TP 18n pam_setcred On systems that use PAM for authentication, \fBsudo\fR will attempt to establish credentials for the target user by default, if supported by the underlying authentication system. One example of a credential is a Kerberos ticket. If \fIpam_session\fR, \fIpam_setcred\fR, and \fIuse_pty\fR are disabled and I/O logging has not been configured, \fBsudo\fR will execute the command directly instead of running it as a child process. This flag is \fIon\fR by default. .sp This setting is only supported by version 1.8.8 or higher. .TP 18n passprompt_override The password prompt specified by \fIpassprompt\fR will normally only be used if the password prompt provided by systems such as PAM matches the string ``Password:''. If \fIpassprompt_override\fR is set, \fIpassprompt\fR will always be used. This flag is \fIoff\fR by default. .TP 18n path_info Normally, \fBsudo\fR will tell the user when a command could not be found in their \fRPATH\fR environment variable. Some sites may wish to disable this as it could be used to gather information on the location of executables that the normal user does not have access to. The disadvantage is that if the executable is simply not in the user's \fRPATH\fR, \fBsudo\fR will tell the user that they are not allowed to run it, which can be confusing. This flag is \fI@path_info@\fR by default. .TP 18n preserve_groups By default, \fBsudo\fR will initialize the group vector to the list of groups the target user is in. When \fIpreserve_groups\fR is set, the user's existing group vector is left unaltered. The real and effective group IDs, however, are still set to match the target user. This flag is \fIoff\fR by default. .TP 18n pwfeedback By default, \fBsudo\fR reads the password like most other Unix programs, by turning off echo until the user hits the return (or enter) key. Some users become confused by this as it appears to them that \fBsudo\fR has hung at this point. When \fIpwfeedback\fR is set, \fBsudo\fR will provide visual feedback when the user presses a key. Note that this does have a security impact as an onlooker may be able to determine the length of the password being entered. This flag is \fIoff\fR by default. .TP 18n requiretty If set, \fBsudo\fR will only run when the user is logged in to a real tty. When this flag is set, \fBsudo\fR can only be run from a login session and not via other means such as cron(@mansectsu@) or cgi-bin scripts. This flag is \fIoff\fR by default. .TP 18n root_sudo If set, root is allowed to run \fBsudo\fR too. Disabling this prevents users from ``chaining'' \fBsudo\fR commands to get a root shell by doing something like ``\fRsudo sudo /bin/sh\fR''. Note, however, that turning off \fIroot_sudo\fR will also prevent root from running \fBsudoedit\fR. Disabling \fIroot_sudo\fR provides no real additional security; it exists purely for historical reasons. This flag is \fI@root_sudo@\fR by default. .TP 18n rootpw If set, \fBsudo\fR will prompt for the root password instead of the password of the invoking user. This flag is \fIoff\fR by default. .TP 18n runaspw If set, \fBsudo\fR will prompt for the password of the user defined by the \fIrunas_default\fR option (defaults to \fR@runas_default@\fR) instead of the password of the invoking user. This flag is \fIoff\fR by default. .TP 18n set_home If enabled and \fBsudo\fR is invoked with the \fB\-s\fR option the \fRHOME\fR environment variable will be set to the home directory of the target user (which is root unless the \fB\-u\fR option is used). This effectively makes the \fB\-s\fR option imply \fB\-H\fR. Note that \fRHOME\fR is already set when the \fIenv_reset\fR option is enabled, so \fIset_home\fR is only effective for configurations where either \fIenv_reset\fR is disabled or \fRHOME\fR is present in the \fIenv_keep\fR list. This flag is \fIoff\fR by default. .TP 18n set_logname Normally, \fBsudo\fR will set the \fRLOGNAME\fR, \fRUSER\fR and \fRUSERNAME\fR environment variables to the name of the target user (usually root unless the \fB\-u\fR option is given). However, since some programs (including the RCS revision control system) use \fRLOGNAME\fR to determine the real identity of the user, it may be desirable to change this behavior. This can be done by negating the set_logname option. Note that if the \fIenv_reset\fR option has not been disabled, entries in the \fIenv_keep\fR list will override the value of \fIset_logname\fR. This flag is \fIon\fR by default. .TP 18n set_utmp When enabled, \fBsudo\fR will create an entry in the utmp (or utmpx) file when a pseudo-tty is allocated. A pseudo-tty is allocated by \fBsudo\fR when the \fIlog_input\fR, \fIlog_output\fR or \fIuse_pty\fR flags are enabled. By default, the new entry will be a copy of the user's existing utmp entry (if any), with the tty, time, type and pid fields updated. This flag is \fIon\fR by default. .TP 18n setenv Allow the user to disable the \fIenv_reset\fR option from the command line via the \fB\-E\fR option. Additionally, environment variables set via the command line are not subject to the restrictions imposed by \fIenv_check\fR, \fIenv_delete\fR, or \fIenv_keep\fR. As such, only trusted users should be allowed to set variables in this manner. This flag is \fIoff\fR by default. .TP 18n shell_noargs If set and \fBsudo\fR is invoked with no arguments it acts as if the \fB\-s\fR option had been given. That is, it runs a shell as root (the shell is determined by the \fRSHELL\fR environment variable if it is set, falling back on the shell listed in the invoking user's /etc/passwd entry if not). This flag is \fIoff\fR by default. .TP 18n stay_setuid Normally, when \fBsudo\fR executes a command the real and effective UIDs are set to the target user (root by default). This option changes that behavior such that the real UID is left as the invoking user's UID. In other words, this makes \fBsudo\fR act as a setuid wrapper. This can be useful on systems that disable some potentially dangerous functionality when a program is run setuid. This option is only effective on systems that support either the setreuid(2) or setresuid(2) system call. This flag is \fIoff\fR by default. .TP 18n targetpw If set, \fBsudo\fR will prompt for the password of the user specified by the \fB\-u\fR option (defaults to \fRroot\fR) instead of the password of the invoking user. In addition, the time stamp file name will include the target user's name. Note that this flag precludes the use of a uid not listed in the passwd database as an argument to the \fB\-u\fR option. This flag is \fIoff\fR by default. .TP 18n tty_tickets If set, users must authenticate on a per-tty basis. With this flag enabled, \fBsudo\fR will use a file named for the tty the user is logged in on in the user's time stamp directory. If disabled, the time stamp of the directory is used instead. This flag is \fI@tty_tickets@\fR by default. .TP 18n umask_override If set, \fBsudo\fR will set the umask as specified by \fIsudoers\fR without modification. This makes it possible to specify a more permissive umask in \fIsudoers\fR than the user's own umask and matches historical behavior. If \fIumask_override\fR is not set, \fBsudo\fR will set the umask to be the union of the user's umask and what is specified in \fIsudoers\fR. This flag is \fI@umask_override@\fR by default. .TP 18n use_loginclass If set, \fBsudo\fR will apply the defaults specified for the target user's login class if one exists. Only available if \fBsudo\fR is configured with the \fR--with-logincap\fR option. This flag is \fIoff\fR by default. .TP 18n use_pty If set, \fBsudo\fR will run the command in a pseudo-pty even if no I/O logging is being gone. A malicious program run under \fBsudo\fR could conceivably fork a background process that retains to the user's terminal device after the main program has finished executing. Use of this option will make that impossible. This flag is \fIoff\fR by default. .TP 18n utmp_runas If set, \fBsudo\fR will store the name of the runas user when updating the utmp (or utmpx) file. By default, \fBsudo\fR stores the name of the invoking user. This flag is \fIoff\fR by default. .TP 18n visiblepw By default, \fBsudo\fR will refuse to run if the user must enter a password but it is not possible to disable echo on the terminal. If the \fIvisiblepw\fR flag is set, \fBsudo\fR will prompt for a password even when it would be visible on the screen. This makes it possible to run things like ``\fRssh somehost sudo ls\fR'' since by default, ssh(1) does not allocate a tty when running a command. This flag is \fIoff\fR by default. .PP \fBIntegers\fR: .TP 18n closefrom Before it executes a command, \fBsudo\fR will close all open file descriptors other than standard input, standard output and standard error (ie: file descriptors 0-2). The \fIclosefrom\fR option can be used to specify a different file descriptor at which to start closing. The default is \fR3\fR. .TP 18n passwd_tries The number of tries a user gets to enter his/her password before \fBsudo\fR logs the failure and exits. The default is \fR@passwd_tries@\fR. .PP \fBIntegers that can be used in a boolean context\fR: .TP 18n loglinelen Number of characters per line for the file log. This value is used to decide when to wrap lines for nicer log files. This has no effect on the syslog log file, only the file log. The default is \fR@loglen@\fR (use 0 or negate the option to disable word wrap). .TP 18n passwd_timeout Number of minutes before the \fBsudo\fR password prompt times out, or \fR0\fR for no timeout. The timeout may include a fractional component if minute granularity is insufficient, for example \fR2.5\fR. The default is \fR@password_timeout@\fR. .TP 18n timestamp_timeout .br Number of minutes that can elapse before \fBsudo\fR will ask for a passwd again. The timeout may include a fractional component if minute granularity is insufficient, for example \fR2.5\fR. The default is \fR@timeout@\fR. Set this to \fR0\fR to always prompt for a password. If set to a value less than \fR0\fR the user's time stamp will never expire. This can be used to allow users to create or delete their own time stamps via ``\fRsudo -v\fR'' and ``\fRsudo -k\fR'' respectively. .TP 18n umask Umask to use when running the command. Negate this option or set it to 0777 to preserve the user's umask. The actual umask that is used will be the union of the user's umask and the value of the \fIumask\fR option, which defaults to \fR@sudo_umask@\fR. This guarantees that \fBsudo\fR never lowers the umask when running a command. Note: on systems that use PAM, the default PAM configuration may specify its own umask which will override the value set in \fIsudoers\fR. .PP \fBStrings\fR: .TP 18n badpass_message Message that is displayed if a user enters an incorrect password. The default is \fR@badpass_message@\fR unless insults are enabled. .TP 18n editor A colon (`:\&') separated list of editors allowed to be used with \fBvisudo\fR. \fBvisudo\fR will choose the editor that matches the user's \fREDITOR\fR environment variable if possible, or the first editor in the list that exists and is executable. The default is \fI@editor@\fR. .TP 18n iolog_dir The top-level directory to use when constructing the path name for the input/output log directory. Only used if the \fIlog_input\fR or \fIlog_output\fR options are enabled or when the \fRLOG_INPUT\fR or \fRLOG_OUTPUT\fR tags are present for a command. The session sequence number, if any, is stored in the directory. The default is \fI@iolog_dir@\fR. .sp The following percent (`%') escape sequences are supported: .RS .TP 6n \fR%{seq}\fR expanded to a monotonically increasing base-36 sequence number, such as 0100A5, where every two digits are used to form a new directory, e.g.\& \fI01/00/A5\fR .TP 6n \fR%{user}\fR expanded to the invoking user's login name .TP 6n \fR%{group}\fR expanded to the name of the invoking user's real group ID .TP 6n \fR%{runas_user}\fR expanded to the login name of the user the command will be run as (e.g.\& root) .TP 6n \fR%{runas_group}\fR expanded to the group name of the user the command will be run as (e.g.\& wheel) .TP 6n \fR%{hostname}\fR expanded to the local host name without the domain name .TP 6n \fR%{command}\fR expanded to the base name of the command being run .PP In addition, any escape sequences supported by the system's strftime(3) function will be expanded. .sp To include a literal `%' character, the string `%%' should be used. .PP .RE .PD 0 .TP 18n iolog_file The path name, relative to \fIiolog_dir\fR, in which to store input/output logs when the \fIlog_input\fR or \fIlog_output\fR options are enabled or when the \fRLOG_INPUT\fR or \fRLOG_OUTPUT\fR tags are present for a command. Note that \fIiolog_file\fR may contain directory components. The default is ``\fR%{seq}\fR''. .sp See the \fIiolog_dir\fR option above for a list of supported percent (`%') escape sequences. .sp In addition to the escape sequences, path names that end in six or more \fRX\fRs will have the \fRX\fRs replaced with a unique combination of digits and letters, similar to the mktemp(3) function. .sp If the path created by concatenating \fIiolog_dir\fR and \fIiolog_file\fR already exists, the existing I/O log file will be truncated and overwritten unless \fIiolog_file\fR ends in six or more \fRX\fRs. .PD .TP 18n limitprivs The default Solaris limit privileges to use when constructing a new privilege set for a command. This bounds all privileges of the executing process. The default limit privileges may be overridden on a per-command basis in \fIsudoers\fR. This option is only available if \fBsudoers\fR is built on Solaris 10 or higher. .TP 18n mailsub Subject of the mail sent to the \fImailto\fR user. The escape \fR%h\fR will expand to the host name of the machine. Default is ``\fR@mailsub@\fR''. .TP 18n maxseq The maximum sequence number that will be substituted for the ``\fR%{seq}\fR'' escape in the I/O log file (see the \fIiolog_dir\fR description above for more information). While the value substituted for ``\fR%{seq}\fR'' is in base 36, \fImaxseq\fR itself should be expressed in decimal. Values larger than 2176782336 (which corresponds to the base 36 sequence number ``ZZZZZZ'') will be silently truncated to 2176782336. The default value is 2176782336. .sp Once the local sequence number reaches the value of \fImaxseq\fR, it will ``roll over'' to zero, after which \fBsudoers\fR will truncate and re-use any existing I/O log path names. .sp This setting is only supported by version 1.8.7 or higher. .TP 18n noexec_file As of \fBsudo\fR version 1.8.1 this option is no longer supported. The path to the noexec file should now be set in the sudo.conf(@mansectform@) file. .TP 18n pam_login_service .br On systems that use PAM for authentication, this is the service name used when the \fB\-i\fR option is specified. The default value is ``\fR@pam_login_service@\fR''. See the description of \fIpam_service\fR for more information. .sp This setting is only supported by version 1.8.8 or higher. .TP 18n pam_service On systems that use PAM for authentication, the service name specifies the PAM policy to apply. This usually corresponds to an entry in the \fIpam.conf\fR file or a file in the \fI/etc/pam.d\fR directory. The default value is ``\fRsudo\fR''. .sp This setting is only supported by version 1.8.8 or higher. .TP 18n passprompt The default prompt to use when asking for a password; can be overridden via the \fB\-p\fR option or the \fRSUDO_PROMPT\fR environment variable. The following percent (`%') escape sequences are supported: .RS .TP 6n \fR%H\fR expanded to the local host name including the domain name (only if the machine's host name is fully qualified or the \fIfqdn\fR option is set) .TP 6n \fR%h\fR expanded to the local host name without the domain name .TP 6n \fR%p\fR expanded to the user whose password is being asked for (respects the \fIrootpw\fR, \fItargetpw\fR and \fIrunaspw\fR flags in \fIsudoers\fR) .TP 6n \fR\&%U\fR expanded to the login name of the user the command will be run as (defaults to root) .TP 6n \fR%u\fR expanded to the invoking user's login name .TP 6n \fR%%\fR two consecutive \fR%\fR characters are collapsed into a single \fR%\fR character .PP The default value is ``\fR@passprompt@\fR''. .PP .RE .PD 0 .TP 18n privs The default Solaris privileges to use when constructing a new privilege set for a command. This is passed to the executing process via the inherited privilege set, but is bounded by the limit privileges. If the \fIprivs\fR option is specified but the \fIlimitprivs\fR option is not, the limit privileges of the executing process is set to \fIprivs\fR. The default privileges may be overridden on a per-command basis in \fIsudoers\fR. This option is only available if \fBsudoers\fR is built on Solaris 10 or higher. .PD .TP 18n role The default SELinux role to use when constructing a new security context to run the command. The default role may be overridden on a per-command basis in \fIsudoers\fR or via command line options. This option is only available when \fBsudo\fR is built with SELinux support. .TP 18n runas_default The default user to run commands as if the \fB\-u\fR option is not specified on the command line. This defaults to \fR@runas_default@\fR. .TP 18n syslog_badpri Syslog priority to use when user authenticates unsuccessfully. Defaults to \fR@badpri@\fR. .sp The following syslog priorities are supported: \fBalert\fR, \fBcrit\fR, \fBdebug\fR, \fBemerg\fR, \fBerr\fR, \fBinfo\fR, \fBnotice\fR, and \fBwarning\fR. .TP 18n syslog_goodpri Syslog priority to use when user authenticates successfully. Defaults to \fR@goodpri@\fR. .sp See \fIsyslog_badpri\fR for the list of supported syslog priorities. .TP 18n sudoers_locale Locale to use when parsing the sudoers file, logging commands, and sending email. Note that changing the locale may affect how sudoers is interpreted. Defaults to ``\fRC\fR''. .TP 18n timestampdir The directory in which \fBsudo\fR stores its time stamp files. The default is \fI@timedir@\fR. .TP 18n timestampowner The owner of the time stamp directory and the time stamps stored therein. The default is \fRroot\fR. .TP 18n type The default SELinux type to use when constructing a new security context to run the command. The default type may be overridden on a per-command basis in \fIsudoers\fR or via command line options. This option is only available when \fBsudo\fR is built with SELinux support. .PP \fBStrings that can be used in a boolean context\fR: .TP 14n env_file The \fIenv_file\fR option specifies the fully qualified path to a file containing variables to be set in the environment of the program being run. Entries in this file should either be of the form ``\fRVARIABLE=value\fR'' or ``\fRexport VARIABLE=value\fR''. The value may optionally be surrounded by single or double quotes. Variables in this file are subject to other \fBsudo\fR environment settings such as \fIenv_keep\fR and \fIenv_check\fR. .TP 14n exempt_group Users in this group are exempt from password and PATH requirements. The group name specified should not include a \fR%\fR prefix. This is not set by default. .TP 14n group_plugin A string containing a \fIsudoers\fR group plugin with optional arguments. The string should consist of the plugin path, either fully-qualified or relative to the \fI@PLUGINDIR@\fR directory, followed by any configuration arguments the plugin requires. These arguments (if any) will be passed to the plugin's initialization function. If arguments are present, the string must be enclosed in double quotes (\&""). .sp For more information see GROUP PROVIDER PLUGINS. .TP 14n lecture This option controls when a short lecture will be printed along with the password prompt. It has the following possible values: .RS .TP 8n always Always lecture the user. .TP 8n never Never lecture the user. .TP 8n once Only lecture the user the first time they run \fBsudo\fR. .PP If no value is specified, a value of \fIonce\fR is implied. Negating the option results in a value of \fInever\fR being used. The default value is \fI@lecture@\fR. .PP .RE .PD 0 .TP 14n lecture_file Path to a file containing an alternate \fBsudo\fR lecture that will be used in place of the standard lecture if the named file exists. By default, \fBsudo\fR uses a built-in lecture. .PD .TP 14n listpw This option controls when a password will be required when a user runs \fBsudo\fR with the \fB\-l\fR option. It has the following possible values: .RS .TP 10n all All the user's \fIsudoers\fR entries for the current host must have the \fRNOPASSWD\fR flag set to avoid entering a password. .TP 10n always The user must always enter a password to use the \fB\-l\fR option. .TP 10n any At least one of the user's \fIsudoers\fR entries for the current host must have the \fRNOPASSWD\fR flag set to avoid entering a password. .TP 10n never The user need never enter a password to use the \fB\-l\fR option. .PP If no value is specified, a value of \fIany\fR is implied. Negating the option results in a value of \fInever\fR being used. The default value is \fIany\fR. .PP .RE .PD 0 .TP 14n logfile Path to the \fBsudo\fR log file (not the syslog log file). Setting a path turns on logging to a file; negating this option turns it off. By default, \fBsudo\fR logs via syslog. .PD .TP 14n mailerflags Flags to use when invoking mailer. Defaults to \fB\-t\fR. .TP 14n mailerpath Path to mail program used to send warning mail. Defaults to the path to sendmail found at configure time. .TP 14n mailfrom Address to use for the ``from'' address when sending warning and error mail. The address should be enclosed in double quotes (\&"") to protect against \fBsudo\fR interpreting the \fR@\fR sign. Defaults to the name of the user running \fBsudo\fR. .TP 14n mailto Address to send warning and error mail to. The address should be enclosed in double quotes (\&"") to protect against \fBsudo\fR interpreting the \fR@\fR sign. Defaults to \fR@mailto@\fR. .TP 14n secure_path Path used for every command run from \fBsudo\fR. If you don't trust the people running \fBsudo\fR to have a sane \fRPATH\fR environment variable you may want to use this. Another use is if you want to have the ``root path'' be separate from the ``user path''. Users in the group specified by the \fIexempt_group\fR option are not affected by \fIsecure_path\fR. This option is @secure_path@ by default. .TP 14n syslog Syslog facility if syslog is being used for logging (negate to disable syslog logging). Defaults to \fR@logfac@\fR. .sp The following syslog facilities are supported: \fBauthpriv\fR (if your OS supports it), \fBauth\fR, \fBdaemon\fR, \fBuser\fR, \fBlocal0\fR, \fBlocal1\fR, \fBlocal2\fR, \fBlocal3\fR, \fBlocal4\fR, \fBlocal5\fR, \fBlocal6\fR, and \fBlocal7\fR. .TP 14n verifypw This option controls when a password will be required when a user runs \fBsudo\fR with the \fB\-v\fR option. It has the following possible values: .RS .TP 8n all All the user's \fIsudoers\fR entries for the current host must have the \fRNOPASSWD\fR flag set to avoid entering a password. .TP 8n always The user must always enter a password to use the \fB\-v\fR option. .TP 8n any At least one of the user's \fIsudoers\fR entries for the current host must have the \fRNOPASSWD\fR flag set to avoid entering a password. .TP 8n never The user need never enter a password to use the \fB\-v\fR option. .PP If no value is specified, a value of \fIall\fR is implied. Negating the option results in a value of \fInever\fR being used. The default value is \fIall\fR. .RE .PP \fBLists that can be used in a boolean context\fR: .TP 18n env_check Environment variables to be removed from the user's environment if the variable's value contains `%' or `/' characters. This can be used to guard against printf-style format vulnerabilities in poorly-written programs. The argument may be a double-quoted, space-separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the \fR=\fR, \fR+=\fR, \fR-=\fR, and \fR\&!\fR operators respectively. Regardless of whether the \fRenv_reset\fR option is enabled or disabled, variables specified by \fRenv_check\fR will be preserved in the environment if they pass the aforementioned check. The default list of environment variables to check is displayed when \fBsudo\fR is run by root with the \fB\-V\fR option. .TP 18n env_delete Environment variables to be removed from the user's environment when the \fIenv_reset\fR option is not in effect. The argument may be a double-quoted, space-separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the \fR=\fR, \fR+=\fR, \fR-=\fR, and \fR\&!\fR operators respectively. The default list of environment variables to remove is displayed when \fBsudo\fR is run by root with the \fB\-V\fR option. Note that many operating systems will remove potentially dangerous variables from the environment of any setuid process (such as \fBsudo\fR). .TP 18n env_keep Environment variables to be preserved in the user's environment when the \fIenv_reset\fR option is in effect. This allows fine-grained control over the environment \fBsudo\fR-spawned processes will receive. The argument may be a double-quoted, space-separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the \fR=\fR, \fR+=\fR, \fR-=\fR, and \fR\&!\fR operators respectively. The default list of variables to keep is displayed when \fBsudo\fR is run by root with the \fB\-V\fR option. .SH "GROUP PROVIDER PLUGINS" The \fBsudoers\fR plugin supports its own plugin interface to allow non-Unix group lookups which can query a group source other than the standard Unix group database. This can be used to implement support for the \fRnonunix_group\fR syntax described earlier. .PP Group provider plugins are specified via the \fIgroup_plugin\fR Defaults setting. The argument to \fIgroup_plugin\fR should consist of the plugin path, either fully-qualified or relative to the \fI@PLUGINDIR@\fR directory, followed by any configuration options the plugin requires. These options (if specified) will be passed to the plugin's initialization function. If options are present, the string must be enclosed in double quotes (\&""). .PP The following group provider plugins are installed by default: .TP 10n group_file The \fIgroup_file\fR plugin supports an alternate group file that uses the same syntax as the \fI/etc/group\fR file. The path to the group file should be specified as an option to the plugin. For example, if the group file to be used is \fI/etc/sudo-group\fR: .RS .nf .sp .RS 0n Defaults group_plugin="group_file.so /etc/sudo-group" .RE .fi .PP .RE .PD 0 .TP 10n system_group The \fIsystem_group\fR plugin supports group lookups via the standard C library functions \fBgetgrnam\fR() and \fBgetgrid\fR(). This plugin can be used in instances where the user belongs to groups not present in the user's supplemental group vector. This plugin takes no options: .RS .nf .sp .RS 0n Defaults group_plugin=system_group.so .RE .fi .RE .PD .PP The group provider plugin API is described in detail in sudo_plugin(@mansectsu@). .SH "LOG FORMAT" \fBsudoers\fR can log events using either syslog(3) or a simple log file. In each case the log format is almost identical. .SS "Accepted command log entries" Commands that sudo runs are logged using the following format (split into multiple lines for readability): .nf .sp .RS 4n date hostname progname: username : TTY=ttyname ; PWD=cwd ; \e USER=runasuser ; GROUP=runasgroup ; TSID=logid ; \e ENV=env_vars COMMAND=command .RE .fi .PP Where the fields are as follows: .TP 14n date The date the command was run. Typically, this is in the format ``MMM, DD, HH:MM:SS''. If logging via syslog(3), the actual date format is controlled by the syslog daemon. If logging to a file and the \fIlog_year\fR option is enabled, the date will also include the year. .TP 14n hostname The name of the host \fBsudo\fR was run on. This field is only present when logging via syslog(3). .TP 14n progname The name of the program, usually \fIsudo\fR or \fIsudoedit\fR. This field is only present when logging via syslog(3). .TP 14n username The login name of the user who ran \fBsudo\fR. .TP 14n ttyname The short name of the terminal (e.g.\& ``console'', ``tty01'', or ``pts/0'') \fBsudo\fR was run on, or ``unknown'' if there was no terminal present. .TP 14n cwd The current working directory that \fBsudo\fR was run in. .TP 14n runasuser The user the command was run as. .TP 14n runasgroup The group the command was run as if one was specified on the command line. .TP 14n logid An I/O log identifier that can be used to replay the command's output. This is only present when the \fIlog_input\fR or \fIlog_output\fR option is enabled. .TP 14n env_vars A list of environment variables specified on the command line, if specified. .TP 14n command The actual command that was executed. .PP Messages are logged using the locale specified by \fIsudoers_locale\fR, which defaults to the ``\fRC\fR'' locale. .SS "Denied command log entries" If the user is not allowed to run the command, the reason for the denial will follow the user name. Possible reasons include: .TP 3n user NOT in sudoers The user is not listed in the \fIsudoers\fR file. .TP 3n user NOT authorized on host The user is listed in the \fIsudoers\fR file but is not allowed to run commands on the host. .TP 3n command not allowed The user is listed in the \fIsudoers\fR file for the host but they are not allowed to run the specified command. .TP 3n 3 incorrect password attempts The user failed to enter their password after 3 tries. The actual number of tries will vary based on the number of failed attempts and the value of the \fIpasswd_tries\fR option. .TP 3n a password is required \fBsudo\fR's \fB\-n\fR option was specified but a password was required. .TP 3n sorry, you are not allowed to set the following environment variables The user specified environment variables on the command line that were not allowed by \fIsudoers\fR. .SS "Error log entries" If an error occurs, \fBsudoers\fR will log a message and, in most cases, send a message to the administrator via email. Possible errors include: .TP 3n parse error in @sysconfdir@/sudoers near line N \fBsudoers\fR encountered an error when parsing the specified file. In some cases, the actual error may be one line above or below the line number listed, depending on the type of error. .TP 3n problem with defaults entries The \fIsudoers\fR file contains one or more unknown Defaults settings. This does not prevent \fBsudo\fR from running, but the \fIsudoers\fR file should be checked using \fBvisudo\fR. .TP 3n timestamp owner (username): \&No such user The time stamp directory owner, as specified by the \fItimestampowner\fR setting, could not be found in the password database. .TP 3n unable to open/read @sysconfdir@/sudoers The \fIsudoers\fR file could not be opened for reading. This can happen when the \fIsudoers\fR file is located on a remote file system that maps user ID 0 to a different value. Normally, \fBsudoers\fR tries to open \fIsudoers\fR using group permissions to avoid this problem. Consider either changing the ownership of \fI@sysconfdir@/sudoers\fR or adding an argument like ``sudoers_uid=N'' (where `N' is the user ID that owns the \fIsudoers\fR file) to the end of the \fBsudoers\fR \fRPlugin\fR line in the sudo.conf(@mansectform@) file. .TP 3n unable to stat @sysconfdir@/sudoers The \fI@sysconfdir@/sudoers\fR file is missing. .TP 3n @sysconfdir@/sudoers is not a regular file The \fI@sysconfdir@/sudoers\fR file exists but is not a regular file or symbolic link. .TP 3n @sysconfdir@/sudoers is owned by uid N, should be 0 The \fIsudoers\fR file has the wrong owner. If you wish to change the \fIsudoers\fR file owner, please add ``sudoers_uid=N'' (where `N' is the user ID that owns the \fIsudoers\fR file) to the \fBsudoers\fR \fRPlugin\fR line in the sudo.conf(@mansectform@) file. .TP 3n @sysconfdir@/sudoers is world writable The permissions on the \fIsudoers\fR file allow all users to write to it. The \fIsudoers\fR file must not be world-writable, the default file mode is 0440 (readable by owner and group, writable by none). The default mode may be changed via the ``sudoers_mode'' option to the \fBsudoers\fR \fRPlugin\fR line in the sudo.conf(@mansectform@) file. .TP 3n @sysconfdir@/sudoers is owned by gid N, should be 1 The \fIsudoers\fR file has the wrong group ownership. If you wish to change the \fIsudoers\fR file group ownership, please add ``sudoers_gid=N'' (where `N' is the group ID that owns the \fIsudoers\fR file) to the \fBsudoers\fR \fRPlugin\fR line in the sudo.conf(@mansectform@) file. .TP 3n unable to open @timedir@/username/ttyname \fIsudoers\fR was unable to read or create the user's time stamp file. .TP 3n unable to write to @timedir@/username/ttyname \fIsudoers\fR was unable to write to the user's time stamp file. .TP 3n unable to mkdir to @timedir@/username \fIsudoers\fR was unable to create the user's time stamp directory. .SS "Notes on logging via syslog" By default, \fIsudoers\fR logs messages via syslog(3). The \fIdate\fR, \fIhostname\fR, and \fIprogname\fR fields are added by the syslog daemon, not \fIsudoers\fR itself. As such, they may vary in format on different systems. .PP On most systems, syslog(3) has a relatively small log buffer. To prevent the command line arguments from being truncated, \fBsudoers\fR will split up log messages that are larger than 960 characters (not including the date, hostname, and the string ``sudo''). When a message is split, additional parts will include the string ``(command continued)'' after the user name and before the continued command line arguments. .SS "Notes on logging to a file" If the \fIlogfile\fR option is set, \fIsudoers\fR will log to a local file, such as \fI/var/log/sudo\fR. When logging to a file, \fIsudoers\fR uses a format similar to syslog(3), with a few important differences: .TP 5n 1. The \fIprogname\fR and \fIhostname\fR fields are not present. .TP 5n 2. If the \fIlog_year\fR option is enabled, the date will also include the year. .TP 5n 3. Lines that are longer than \fIloglinelen\fR characters (80 by default) are word-wrapped and continued on the next line with a four character indent. This makes entries easier to read for a human being, but makes it more difficult to use grep(1) on the log files. If the \fIloglinelen\fR option is set to 0 (or negated with a `\&!'), word wrap will be disabled. .SH "FILES" .TP 26n \fI@sysconfdir@/sudo.conf\fR Sudo front end configuration .TP 26n \fI@sysconfdir@/sudoers\fR List of who can run what .TP 26n \fI/etc/group\fR Local groups file .TP 26n \fI/etc/netgroup\fR List of network groups .TP 26n \fI@iolog_dir@\fR I/O log files .TP 26n \fI@timedir@\fR Directory containing time stamps for the \fIsudoers\fR security policy .TP 26n \fI/etc/environment\fR Initial environment for \fB\-i\fR mode on AIX and Linux systems .SH "EXAMPLES" Below are example \fIsudoers\fR entries. Admittedly, some of these are a bit contrived. First, we allow a few environment variables to pass and then define our \fIaliases\fR: .nf .sp .RS 0n # Run X applications through sudo; HOME is used to find the # .Xauthority file. Note that other programs use HOME to find # configuration files and this may lead to privilege escalation! Defaults env_keep += "DISPLAY HOME" # User alias specification User_Alias FULLTIMERS = millert, mikef, dowdy User_Alias PARTTIMERS = bostley, jwfox, crawl User_Alias WEBMASTERS = will, wendy, wim # Runas alias specification Runas_Alias OP = root, operator Runas_Alias DB = oracle, sybase Runas_Alias ADMINGRP = adm, oper # Host alias specification Host_Alias SPARC = bigtime, eclipse, moet, anchor :\e SGI = grolsch, dandelion, black :\e ALPHA = widget, thalamus, foobar :\e HPPA = boa, nag, python Host_Alias CUNETS = 128.138.0.0/255.255.0.0 Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 Host_Alias SERVERS = master, mail, www, ns Host_Alias CDROM = orion, perseus, hercules # Cmnd alias specification Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e /usr/sbin/restore, /usr/sbin/rrestore,\e sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \e /home/operator/bin/start_backups Cmnd_Alias KILL = /usr/bin/kill Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown Cmnd_Alias HALT = /usr/sbin/halt Cmnd_Alias REBOOT = /usr/sbin/reboot Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh,\e /usr/local/bin/tcsh, /usr/bin/rsh,\e /usr/local/bin/zsh Cmnd_Alias SU = /usr/bin/su Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less .RE .fi .PP Here we override some of the compiled in default values. We want \fBsudo\fR to log via syslog(3) using the \fIauth\fR facility in all cases. We don't want to subject the full time staff to the \fBsudo\fR lecture, user \fBmillert\fR need not give a password, and we don't want to reset the \fRLOGNAME\fR, \fRUSER\fR or \fRUSERNAME\fR environment variables when running commands as root. Additionally, on the machines in the \fISERVERS\fR \fRHost_Alias\fR, we keep an additional local log file and make sure we log the year in each log line since the log entries will be kept around for several years. Lastly, we disable shell escapes for the commands in the PAGERS \fRCmnd_Alias\fR (\fI/usr/bin/more\fR, \fI/usr/bin/pg\fR and \fI/usr/bin/less\fR) \&. Note that this will not effectively constrain users with \fBsudo\fR \fBALL\fR privileges. .nf .sp .RS 0n # Override built-in defaults Defaults syslog=auth Defaults>root !set_logname Defaults:FULLTIMERS !lecture Defaults:millert !authenticate Defaults@SERVERS log_year, logfile=/var/log/sudo.log Defaults!PAGERS noexec .RE .fi .PP The \fIUser specification\fR is the part that actually determines who may run what. .nf .sp .RS 0n root ALL = (ALL) ALL %wheel ALL = (ALL) ALL .RE .fi .PP We let \fBroot\fR and any user in group \fBwheel\fR run any command on any host as any user. .nf .sp .RS 0n FULLTIMERS ALL = NOPASSWD: ALL .RE .fi .PP Full time sysadmins (\fBmillert\fR, \fBmikef\fR, and \fBdowdy\fR) may run any command on any host without authenticating themselves. .nf .sp .RS 0n PARTTIMERS ALL = ALL .RE .fi .PP Part time sysadmins \fBbostley\fR, \fBjwfox\fR, and \fBcrawl\fR) may run any command on any host but they must authenticate themselves first (since the entry lacks the \fRNOPASSWD\fR tag). .nf .sp .RS 0n jack CSNETS = ALL .RE .fi .PP The user \fBjack\fR may run any command on the machines in the \fICSNETS\fR alias (the networks \fR128.138.243.0\fR, \fR128.138.204.0\fR, and \fR128.138.242.0\fR). Of those networks, only \fR128.138.204.0\fR has an explicit netmask (in CIDR notation) indicating it is a class C network. For the other networks in \fICSNETS\fR, the local machine's netmask will be used during matching. .nf .sp .RS 0n lisa CUNETS = ALL .RE .fi .PP The user \fBlisa\fR may run any command on any host in the \fICUNETS\fR alias (the class B network \fR128.138.0.0\fR). .nf .sp .RS 0n operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\e sudoedit /etc/printcap, /usr/oper/bin/ .RE .fi .PP The \fBoperator\fR user may run commands limited to simple maintenance. Here, those are commands related to backups, killing processes, the printing system, shutting down the system, and any commands in the directory \fI/usr/oper/bin/\fR. Note that one command in the \fRDUMPS\fR Cmnd_Alias includes a sha224 digest, \fI/home/operator/bin/start_backups\fR. This is because the directory containing the script is writable by the operator user. If the script is modified (resulting in a digest mismatch) it will no longer be possible to run it via \fBsudo\fR. .nf .sp .RS 0n joe ALL = /usr/bin/su operator .RE .fi .PP The user \fBjoe\fR may only su(1) to operator. .nf .sp .RS 0n pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root %opers ALL = (: ADMINGRP) /usr/sbin/ .RE .fi .PP Users in the \fBopers\fR group may run commands in \fI/usr/sbin/\fR as themselves with any group in the \fIADMINGRP\fR \fRRunas_Alias\fR (the \fBadm\fR and \fBoper\fR groups). .PP The user \fBpete\fR is allowed to change anyone's password except for root on the \fIHPPA\fR machines. Note that this assumes passwd(1) does not take multiple user names on the command line. .nf .sp .RS 0n bob SPARC = (OP) ALL : SGI = (OP) ALL .RE .fi .PP The user \fBbob\fR may run anything on the \fISPARC\fR and \fISGI\fR machines as any user listed in the \fIOP\fR \fRRunas_Alias\fR (\fBroot\fR and \fBoperator\fR.) .nf .sp .RS 0n jim +biglab = ALL .RE .fi .PP The user \fBjim\fR may run any command on machines in the \fIbiglab\fR netgroup. \fBsudo\fR knows that ``biglab'' is a netgroup due to the `+' prefix. .nf .sp .RS 0n +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser .RE .fi .PP Users in the \fBsecretaries\fR netgroup need to help manage the printers as well as add and remove users, so they are allowed to run those commands on all machines. .nf .sp .RS 0n fred ALL = (DB) NOPASSWD: ALL .RE .fi .PP The user \fBfred\fR can run commands as any user in the \fIDB\fR \fRRunas_Alias\fR (\fBoracle\fR or \fBsybase\fR) without giving a password. .nf .sp .RS 0n john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* .RE .fi .PP On the \fIALPHA\fR machines, user \fBjohn\fR may su to anyone except root but he is not allowed to specify any options to the su(1) command. .nf .sp .RS 0n jen ALL, !SERVERS = ALL .RE .fi .PP The user \fBjen\fR may run any command on any machine except for those in the \fISERVERS\fR \fRHost_Alias\fR (master, mail, www and ns). .nf .sp .RS 0n jill SERVERS = /usr/bin/, !SU, !SHELLS .RE .fi .PP For any machine in the \fISERVERS\fR \fRHost_Alias\fR, \fBjill\fR may run any commands in the directory \fI/usr/bin/\fR except for those commands belonging to the \fISU\fR and \fISHELLS\fR \fRCmnd_Aliases\fR. While not specifically mentioned in the rule, the commands in the \fIPAGERS\fR \fRCmnd_Alias\fR all reside in \fI/usr/bin\fR and have the \fInoexec\fR option set. .nf .sp .RS 0n steve CSNETS = (operator) /usr/local/op_commands/ .RE .fi .PP The user \fBsteve\fR may run any command in the directory /usr/local/op_commands/ but only as user operator. .nf .sp .RS 0n matt valkyrie = KILL .RE .fi .PP On his personal workstation, valkyrie, \fBmatt\fR needs to be able to kill hung processes. .nf .sp .RS 0n WEBMASTERS www = (www) ALL, (root) /usr/bin/su www .RE .fi .PP On the host www, any user in the \fIWEBMASTERS\fR \fRUser_Alias\fR (will, wendy, and wim), may run any command as user www (which owns the web pages) or simply su(1) to www. .nf .sp .RS 0n ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\e /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM .RE .fi .PP Any user may mount or unmount a CD-ROM on the machines in the CDROM \fRHost_Alias\fR (orion, perseus, hercules) without entering a password. This is a bit tedious for users to type, so it is a prime candidate for encapsulating in a shell script. .SH "SECURITY NOTES" .SS "Limitations of the `!\&' operator" It is generally not effective to ``subtract'' commands from \fBALL\fR using the `!\&' operator. A user can trivially circumvent this by copying the desired command to a different name and then executing that. For example: .nf .sp .RS 0n bill ALL = ALL, !SU, !SHELLS .RE .fi .PP Doesn't really prevent \fBbill\fR from running the commands listed in \fISU\fR or \fISHELLS\fR since he can simply copy those commands to a different name, or use a shell escape from an editor or other program. Therefore, these kind of restrictions should be considered advisory at best (and reinforced by policy). .PP In general, if a user has sudo \fBALL\fR there is nothing to prevent them from creating their own program that gives them a root shell (or making their own copy of a shell) regardless of any `!\&' elements in the user specification. .SS "Security implications of \fIfast_glob\fR" If the \fIfast_glob\fR option is in use, it is not possible to reliably negate commands where the path name includes globbing (aka wildcard) characters. This is because the C library's fnmatch(3) function cannot resolve relative paths. While this is typically only an inconvenience for rules that grant privileges, it can result in a security issue for rules that subtract or revoke privileges. .PP For example, given the following \fIsudoers\fR entry: .nf .sp .RS 0n john ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*,\e /usr/bin/chfn [a-zA-Z0-9]*, !/usr/bin/* root .RE .fi .PP User \fBjohn\fR can still run \fR/usr/bin/passwd root\fR if \fIfast_glob\fR is enabled by changing to \fI/usr/bin\fR and running \fR./passwd root\fR instead. .SS "Preventing shell escapes" Once \fBsudo\fR executes a program, that program is free to do whatever it pleases, including run other programs. This can be a security issue since it is not uncommon for a program to allow shell escapes, which lets a user bypass \fBsudo\fR's access control and logging. Common programs that permit shell escapes include shells (obviously), editors, paginators, mail and terminal programs. .PP There are two basic approaches to this problem: .TP 10n restrict Avoid giving users access to commands that allow the user to run arbitrary commands. Many editors have a restricted mode where shell escapes are disabled, though \fBsudoedit\fR is a better solution to running editors via \fBsudo\fR. Due to the large number of programs that offer shell escapes, restricting users to the set of programs that do not is often unworkable. .TP 10n noexec Many systems that support shared libraries have the ability to override default library functions by pointing an environment variable (usually \fRLD_PRELOAD\fR) to an alternate shared library. On such systems, \fBsudo\fR's \fInoexec\fR functionality can be used to prevent a program run by \fBsudo\fR from executing any other programs. Note, however, that this applies only to native dynamically-linked executables. Statically-linked executables and foreign executables running under binary emulation are not affected. .sp The \fInoexec\fR feature is known to work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX, MacOS X, HP-UX 11.x and AIX 5.3 and above. It should be supported on most operating systems that support the \fRLD_PRELOAD\fR environment variable. Check your operating system's manual pages for the dynamic linker (usually ld.so, ld.so.1, dyld, dld.sl, rld, or loader) to see if \fRLD_PRELOAD\fR is supported. .sp On Solaris 10 and higher, \fInoexec\fR uses Solaris privileges instead of the \fRLD_PRELOAD\fR environment variable. .sp To enable \fInoexec\fR for a command, use the \fRNOEXEC\fR tag as documented in the User Specification section above. Here is that example again: .RS .nf .sp .RS 0n aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi .RE .fi .sp This allows user \fBaaron\fR to run \fI/usr/bin/more\fR and \fI/usr/bin/vi\fR with \fInoexec\fR enabled. This will prevent those two commands from executing other commands (such as a shell). If you are unsure whether or not your system is capable of supporting \fInoexec\fR you can always just try it out and check whether shell escapes work when \fInoexec\fR is enabled. .RE .PP Note that restricting shell escapes is not a panacea. Programs running as root are still capable of many potentially hazardous operations (such as changing or overwriting files) that could lead to unintended privilege escalation. In the specific case of an editor, a safer approach is to give the user permission to run \fBsudoedit\fR (see below). .SS "Secure editing" The \fIsudoers\fR plugin includes \fBsudoedit\fR support which allows users to securely edit files with the editor of their choice. As \fBsudoedit\fR is a built-in command, it must be specified in \fIsudoers\fR without a leading path. However, it may take command line arguments just as a normal command does. For example, to allow user operator to edit the ``message of the day'' file: .nf .sp .RS 6n operator sudoedit /etc/motd .RE .fi .PP The operator user then runs \fBsudoedit\fR as follows: .nf .sp .RS 6n $ sudoedit /etc/motd .RE .fi .PP The editor will run as the operator user, not root, on a temporary copy of \fI/etc/motd\fR. After the file has been edited, \fI/etc/motd\fR will be updated with the contents of the temporary copy. .SS "Time stamp file checks" \fIsudoers\fR will check the ownership of its time stamp directory (\fI@timedir@\fR by default) and ignore the directory's contents if it is not owned by root or if it is writable by a user other than root. On systems that allow non-root users to give away files via chown(2), if the time stamp directory is located in a world-writable directory (e.g.\&, \fI/tmp\fR), it is possible for a user to create the time stamp directory before \fBsudo\fR is run. However, because \fIsudoers\fR checks the ownership and mode of the directory and its contents, the only damage that can be done is to ``hide'' files by putting them in the time stamp dir. This is unlikely to happen since once the time stamp dir is owned by root and inaccessible by any other user, the user placing files there would be unable to get them back out. .PP \fIsudoers\fR will not honor time stamps set far in the future. Time stamps with a date greater than current_time + 2 * \fRTIMEOUT\fR will be ignored and sudo will log and complain. This is done to keep a user from creating his/her own time stamp with a bogus date on systems that allow users to give away files if the time stamp directory is located in a world-writable directory. .PP On systems where the boot time is available, \fIsudoers\fR will ignore time stamps that date from before the machine booted. .PP Since time stamp files live in the file system, they can outlive a user's login session. As a result, a user may be able to login, run a command with \fBsudo\fR after authenticating, logout, login again, and run \fBsudo\fR without authenticating so long as the time stamp file's modification time is within \fR@timeout@\fR minutes (or whatever the timeout is set to in \fIsudoers\fR). When the \fItty_tickets\fR option is enabled, the time stamp has per-tty granularity but still may outlive the user's session. On Linux systems where the devpts filesystem is used, Solaris systems with the devices filesystem, as well as other systems that utilize a devfs filesystem that monotonically increase the inode number of devices as they are created (such as Mac OS X), \fIsudoers\fR is able to determine when a tty-based time stamp file is stale and will ignore it. Administrators should not rely on this feature as it is not universally available. .SH "DEBUGGING" Versions 1.8.4 and higher of the \fBsudoers\fR plugin support a flexible debugging framework that can help track down what the plugin is doing internally if there is a problem. This can be configured in the sudo.conf(@mansectform@) file. .PP The \fBsudoers\fR plugin uses the same debug flag format as the \fBsudo\fR front-end: \fIsubsystem\fR@\fIpriority\fR. .PP The priorities used by \fBsudoers\fR, in order of decreasing severity, are: \fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR and \fIdebug\fR. Each priority, when specified, also includes all priorities higher than it. For example, a priority of \fInotice\fR would include debug messages logged at \fInotice\fR and higher. .PP The following subsystems are used by the \fBsudoers\fR plugin: .TP 10n \fIalias\fR \fRUser_Alias\fR, \fRRunas_Alias\fR, \fRHost_Alias\fR and \fRCmnd_Alias\fR processing .TP 10n \fIall\fR matches every subsystem .TP 10n \fIaudit\fR BSM and Linux audit code .TP 10n \fIauth\fR user authentication .TP 10n \fIdefaults\fR \fIsudoers\fR \fIDefaults\fR settings .TP 10n \fIenv\fR environment handling .TP 10n \fIldap\fR LDAP-based sudoers .TP 10n \fIlogging\fR logging support .TP 10n \fImatch\fR matching of users, groups, hosts and netgroups in \fIsudoers\fR .TP 10n \fInetif\fR network interface handling .TP 10n \fInss\fR network service switch handling in \fIsudoers\fR .TP 10n \fIparser\fR \fIsudoers\fR file parsing .TP 10n \fIperms\fR permission setting .TP 10n \fIplugin\fR The equivalent of \fImain\fR for the plugin. .TP 10n \fIpty\fR pseudo-tty related code .TP 10n \fIrbtree\fR redblack tree internals .TP 10n \fIsssd\fR SSSD-based sudoers .TP 10n \fIutil\fR utility functions .PD 0 .PP .PD For example: .nf .sp .RS 0n Debug sudo /var/log/sudo_debug match@info,nss@info .RE .fi .PP For more information, see the sudo.conf(@mansectform@) manual. .SH "SEE ALSO" ssh(1), su(1), fnmatch(3), glob(3), mktemp(3), strftime(3), sudo.conf(@mansectform@), sudoers.ldap(@mansectform@), sudo_plugin(@mansectsu@), sudo(@mansectsu@), visudo(@mansectsu@) .SH "CAVEATS" The \fIsudoers\fR file should \fBalways\fR be edited by the \fBvisudo\fR command which locks the file and does grammatical checking. It is imperative that \fIsudoers\fR be free of syntax errors since \fBsudo\fR will not run with a syntactically incorrect \fIsudoers\fR file. .PP When using netgroups of machines (as opposed to users), if you store fully qualified host name in the netgroup (as is usually the case), you either need to have the machine's host name be fully qualified as returned by the \fRhostname\fR command or use the \fIfqdn\fR option in \fIsudoers\fR. .SH "BUGS" If you feel you have found a bug in \fBsudo\fR, please submit a bug report at http://www.sudo.ws/sudo/bugs/ .SH "SUPPORT" Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. .SH "DISCLAIMER" \fBsudo\fR is provided ``AS IS'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html for complete details. sudo-1.8.9p5/doc/sudoers.mdoc.in010064400175440000012000003070461226304126200160560ustar00millertstaff.\" .\" Copyright (c) 1994-1996, 1998-2005, 2007-2014 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .\" Sponsored in part by the Defense Advanced Research Projects .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" .Dd January 1, 2014 .Dt SUDOERS @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME .Nm sudoers .Nd default sudo security policy plugin .Sh DESCRIPTION The .Em sudoers policy plugin determines a user's .Nm sudo privileges. It is the default .Nm sudo policy plugin. The policy is driven by the .Pa @sysconfdir@/sudoers file or, optionally in LDAP. The policy format is described in detail in the .Sx SUDOERS FILE FORMAT section. For information on storing .Em sudoers policy information in LDAP, please see .Xr sudoers.ldap @mansectform@ . .Ss Configuring sudo.conf for sudoers .Nm sudo consults the .Xr sudo.conf @mansectform@ file to determine which policy and and I/O logging plugins to load. If no .Xr sudo.conf @mansectform@ file is present, or if it contains no .Li Plugin lines, .Nm sudoers will be used for policy decisions and I/O logging. To explicitly configure .Xr sudo.conf @mansectform@ to use the .Nm sudoers plugin, the following configuration can be used. .Bd -literal -offset indent Plugin sudoers_policy sudoers.so Plugin sudoers_io sudoers.so .Ed .Pp Starting with .Nm sudo 1.8.5, it is possible to specify optional arguments to the .Nm sudoers plugin in the .Xr sudo.conf @mansectform@ file. These arguments, if present, should be listed after the path to the plugin (i.e.\& after .Pa sudoers.so ) . Multiple arguments may be specified, separated by white space. For example: .Bd -literal -offset indent Plugin sudoers_policy sudoers.so sudoers_mode=0400 .Ed .Pp The following plugin arguments are supported: .Bl -tag -width 8n .It ldap_conf=pathname The .Em ldap_conf argument can be used to override the default path to the .Pa ldap.conf file. .It ldap_secret=pathname The .Em ldap_secret argument can be used to override the default path to the .Pa ldap.secret file. .It sudoers_file=pathname The .Em sudoers_file argument can be used to override the default path to the .Em sudoers file. .It sudoers_uid=uid The .Em sudoers_uid argument can be used to override the default owner of the sudoers file. It should be specified as a numeric user ID. .It sudoers_gid=gid The .Em sudoers_gid argument can be used to override the default group of the sudoers file. It must be specified as a numeric group ID (not a group name). .It sudoers_mode=mode The .Em sudoers_mode argument can be used to override the default file mode for the sudoers file. It should be specified as an octal value. .El .Pp For more information on configuring .Xr sudo.conf @mansectform@ , please refer to its manual. .Ss Authentication and logging The .Em sudoers security policy requires that most users authenticate themselves before they can use .Nm sudo . A password is not required if the invoking user is root, if the target user is the same as the invoking user, or if the policy has disabled authentication for the user or command. Unlike .Xr su 1 , when .Em sudoers requires authentication, it validates the invoking user's credentials, not the target user's (or root's) credentials. This can be changed via the .Em rootpw , .Em targetpw and .Em runaspw flags, described later. .Pp If a user who is not listed in the policy tries to run a command via .Nm sudo , mail is sent to the proper authorities. The address used for such mail is configurable via the .Em mailto Defaults entry (described later) and defaults to .Li @mailto@ . .Pp Note that mail will not be sent if an unauthorized user tries to run .Nm sudo with the .Fl l or .Fl v option. This allows users to determine for themselves whether or not they are allowed to use .Nm sudo . .Pp If .Nm sudo is run by root and the .Ev SUDO_USER environment variable is set, the .Em sudoers policy will use this value to determine who the actual user is. This can be used by a user to log commands through sudo even when a root shell has been invoked. It also allows the .Fl e option to remain useful even when invoked via a sudo-run script or program. Note, however, that the .Em sudoers lookup is still done for root, not the user specified by .Ev SUDO_USER . .Pp .Em sudoers uses time stamp files for credential caching. Once a user has been authenticated, the time stamp is updated and the user may then use sudo without a password for a short period of time .Po .Li @timeout@ minutes unless overridden by the .Em timeout option .Pc . By default, .Em sudoers uses a tty-based time stamp which means that there is a separate time stamp for each of a user's login sessions. The .Em tty_tickets option can be disabled to force the use of a single time stamp for all of a user's sessions. .Pp .Em sudoers can log both successful and unsuccessful attempts (as well as errors) to .Xr syslog 3 , a log file, or both. By default, .Em sudoers will log via .Xr syslog 3 but this is changeable via the .Em syslog and .Em logfile Defaults settings. .Pp .Em sudoers also supports logging a command's input and output streams. I/O logging is not on by default but can be enabled using the .Em log_input and .Em log_output Defaults flags as well as the .Li LOG_INPUT and .Li LOG_OUTPUT command tags. .Ss Command environment Since environment variables can influence program behavior, .Em sudoers provides a means to restrict which variables from the user's environment are inherited by the command to be run. There are two distinct ways .Em sudoers can deal with environment variables. .Pp By default, the .Em env_reset option is enabled. This causes commands to be executed with a new, minimal environment. On AIX (and Linux systems without PAM), the environment is initialized with the contents of the .Pa /etc/environment file. On BSD systems, if the .Em use_loginclass option is enabled, the environment is initialized based on the .Em path and .Em setenv settings in .Pa /etc/login.conf . The new environment contains the .Ev TERM , .Ev PATH , .Ev HOME , .Ev MAIL , .Ev SHELL , .Ev LOGNAME , .Ev USER , .Ev USERNAME and .Ev SUDO_* variables in addition to variables from the invoking process permitted by the .Em env_check and .Em env_keep options. This is effectively a whitelist for environment variables. .Pp If, however, the .Em env_reset option is disabled, any variables not explicitly denied by the .Em env_check and .Em env_delete options are inherited from the invoking process. In this case, .Em env_check and .Em env_delete behave like a blacklist. Since it is not possible to blacklist all potentially dangerous environment variables, use of the default .Em env_reset behavior is encouraged. .Pp In all cases, environment variables with a value beginning with .Li () are removed as they could be interpreted as .Sy bash functions. The list of environment variables that .Nm sudo allows or denies is contained in the output of .Dq Li sudo -V when run as root. .Pp Note that the dynamic linker on most operating systems will remove variables that can control dynamic linking from the environment of setuid executables, including .Nm sudo . Depending on the operating system this may include .Ev _RLD* , .Ev DYLD_* , .Ev LD_* , .Ev LDR_* , .Ev LIBPATH , .Ev SHLIB_PATH , and others. These type of variables are removed from the environment before .Nm sudo even begins execution and, as such, it is not possible for .Nm sudo to preserve them. .Pp As a special case, if .Nm sudo Ns No 's .Fl i option (initial login) is specified, .Em sudoers will initialize the environment regardless of the value of .Em env_reset . The .Ev DISPLAY , .Ev PATH and .Ev TERM variables remain unchanged; .Ev HOME , .Ev MAIL , .Ev SHELL , .Ev USER , and .Ev LOGNAME are set based on the target user. On AIX (and Linux systems without PAM), the contents of .Pa /etc/environment are also included. On BSD systems, if the .Em use_loginclass option is enabled, the .Em path and .Em setenv variables in .Pa /etc/login.conf are also applied. All other environment variables are removed. .Pp Finally, if the .Em env_file option is defined, any variables present in that file will be set to their specified values as long as they would not conflict with an existing environment variable. .Sh SUDOERS FILE FORMAT The .Em sudoers file is composed of two types of entries: aliases (basically variables) and user specifications (which specify who may run what). .Pp When multiple entries match for a user, they are applied in order. Where there are multiple matches, the last match is used (which is not necessarily the most specific match). .Pp The .Em sudoers grammar will be described below in Extended Backus-Naur Form (EBNF). Don't despair if you are unfamiliar with EBNF; it is fairly simple, and the definitions below are annotated. .Ss Quick guide to EBNF EBNF is a concise and exact way of describing the grammar of a language. Each EBNF definition is made up of .Em production rules . E.g., .Pp .Li symbol ::= definition | alternate1 | alternate2 ... .Pp Each .Em production rule references others and thus makes up a grammar for the language. EBNF also contains the following operators, which many readers will recognize from regular expressions. Do not, however, confuse them with .Dq wildcard characters, which have different meanings. .Bl -tag -width 4n .It Li \&? Means that the preceding symbol (or group of symbols) is optional. That is, it may appear once or not at all. .It Li * Means that the preceding symbol (or group of symbols) may appear zero or more times. .It Li + Means that the preceding symbol (or group of symbols) may appear one or more times. .El .Pp Parentheses may be used to group symbols together. For clarity, we will use single quotes .Pq '' to designate what is a verbatim character string (as opposed to a symbol name). .Ss Aliases There are four kinds of aliases: .Li User_Alias , .Li Runas_Alias , .Li Host_Alias and .Li Cmnd_Alias . .Bd -literal Alias ::= 'User_Alias' User_Alias (':' User_Alias)* | 'Runas_Alias' Runas_Alias (':' Runas_Alias)* | 'Host_Alias' Host_Alias (':' Host_Alias)* | 'Cmnd_Alias' Cmnd_Alias (':' Cmnd_Alias)* User_Alias ::= NAME '=' User_List Runas_Alias ::= NAME '=' Runas_List Host_Alias ::= NAME '=' Host_List Cmnd_Alias ::= NAME '=' Cmnd_List NAME ::= [A-Z]([A-Z][0-9]_)* .Ed .Pp Each .Em alias definition is of the form .Bd -literal Alias_Type NAME = item1, item2, ... .Ed .Pp where .Em Alias_Type is one of .Li User_Alias , .Li Runas_Alias , .Li Host_Alias , or .Li Cmnd_Alias . A .Li NAME is a string of uppercase letters, numbers, and underscore characters .Pq Ql _ . A .Li NAME .Sy must start with an uppercase letter. It is possible to put several alias definitions of the same type on a single line, joined by a colon .Pq Ql :\& . E.g., .Bd -literal Alias_Type NAME = item1, item2, item3 : NAME = item4, item5 .Ed .Pp The definitions of what constitutes a valid .Em alias member follow. .Bd -literal User_List ::= User | User ',' User_List User ::= '!'* user name | '!'* #uid | '!'* %group | '!'* %#gid | '!'* +netgroup | '!'* %:nonunix_group | '!'* %:#nonunix_gid | '!'* User_Alias .Ed .Pp A .Li User_List is made up of one or more user names, user IDs (prefixed with .Ql # ) , system group names and IDs (prefixed with .Ql % and .Ql %# respectively), netgroups (prefixed with .Ql + ) , non-Unix group names and IDs (prefixed with .Ql %: and .Ql %:# respectively) and .Li User_Alias Ns No es. Each list item may be prefixed with zero or more .Ql \&! operators. An odd number of .Ql \&! operators negate the value of the item; an even number just cancel each other out. .Pp A .Li user name , .Li uid , .Li group , .Li gid , .Li netgroup , .Li nonunix_group or .Li nonunix_gid may be enclosed in double quotes to avoid the need for escaping special characters. Alternately, special characters may be specified in escaped hex mode, e.g.\& \ex20 for space. When using double quotes, any prefix characters must be included inside the quotes. .Pp The actual .Li nonunix_group and .Li nonunix_gid syntax depends on the underlying group provider plugin. For instance, the QAS AD plugin supports the following formats: .Bl -bullet -width 4n .It Group in the same domain: "%:Group Name" .It Group in any domain: "%:Group Name@FULLY.QUALIFIED.DOMAIN" .It Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567" .El .Pp See .Sx "GROUP PROVIDER PLUGINS" for more information. .Pp Note that quotes around group names are optional. Unquoted strings must use a backslash .Pq Ql \e to escape spaces and special characters. See .Sx Other special characters and reserved words for a list of characters that need to be escaped. .Bd -literal Runas_List ::= Runas_Member | Runas_Member ',' Runas_List Runas_Member ::= '!'* user name | '!'* #uid | '!'* %group | '!'* %#gid | '!'* %:nonunix_group | '!'* %:#nonunix_gid | '!'* +netgroup | '!'* Runas_Alias .Ed .Pp A .Li Runas_List is similar to a .Li User_List except that instead of .Li User_Alias Ns No es it can contain .Li Runas_Alias Ns No es . Note that user names and groups are matched as strings. In other words, two users (groups) with the same uid (gid) are considered to be distinct. If you wish to match all user names with the same uid (e.g.\& root and toor), you can use a uid instead (#0 in the example given). .Bd -literal Host_List ::= Host | Host ',' Host_List Host ::= '!'* host name | '!'* ip_addr | '!'* network(/netmask)? | '!'* +netgroup | '!'* Host_Alias .Ed .Pp A .Li Host_List is made up of one or more host names, IP addresses, network numbers, netgroups (prefixed with .Ql + ) and other aliases. Again, the value of an item may be negated with the .Ql \&! operator. If you do not specify a netmask along with the network number, .Nm sudo will query each of the local host's network interfaces and, if the network number corresponds to one of the hosts's network interfaces, the corresponding netmask will be used. The netmask may be specified either in standard IP address notation (e.g.\& 255.255.255.0 or ffff:ffff:ffff:ffff::), or CIDR notation (number of bits, e.g.\& 24 or 64). A host name may include shell-style wildcards (see the .Sx Wildcards section below), but unless the .Li host name command on your machine returns the fully qualified host name, you'll need to use the .Em fqdn option for wildcards to be useful. Note that .Nm sudo only inspects actual network interfaces; this means that IP address 127.0.0.1 (localhost) will never match. Also, the host name .Dq localhost will only match if that is the actual host name, which is usually only the case for non-networked systems. .Bd -literal digest ::= [A-Fa-f0-9]+ | [[A-Za-z0-9\+/=]+ Digest_Spec ::= "sha224" ':' digest | "sha256" ':' digest | "sha384" ':' digest | "sha512" ':' digest Cmnd_List ::= Cmnd | Cmnd ',' Cmnd_List command name ::= file name | file name args | file name '""' Cmnd ::= Digest_Spec? '!'* command name | '!'* directory | '!'* "sudoedit" | '!'* Cmnd_Alias .Ed .Pp A .Li Cmnd_List is a list of one or more command names, directories, and other aliases. A command name is a fully qualified file name which may include shell-style wildcards (see the .Sx Wildcards section below). A simple file name allows the user to run the command with any arguments he/she wishes. However, you may also specify command line arguments (including wildcards). Alternately, you can specify .Li \&"" to indicate that the command may only be run .Sy without command line arguments. A directory is a fully qualified path name ending in a .Ql / . When you specify a directory in a .Li Cmnd_List , the user will be able to run any file within that directory (but not in any sub-directories therein). .Pp If a .Li Cmnd has associated command line arguments, then the arguments in the .Li Cmnd must match exactly those given by the user on the command line (or match the wildcards if there are any). Note that the following characters must be escaped with a .Ql \e if they are used in command arguments: .Ql ,\& , .Ql :\& , .Ql =\& , .Ql \e . The built-in command .Dq Li sudoedit is used to permit a user to run .Nm sudo with the .Fl e option (or as .Nm sudoedit ) . It may take command line arguments just as a normal command does. Note that .Dq Li sudoedit is a command built into .Nm sudo itself and must be specified in .Em sudoers without a leading path. .Pp If a .Li command name is prefixed with a .Li Digest_Spec , the command will only match successfully if it can be verified using the specified SHA-2 digest. This may be useful in situations where the user invoking .Nm sudo has write access to the command or its parent directory. The following digest formats are supported: sha224, sha256, sha384 and sha512. The string may be specified in either hex or base64 format (base64 is more compact). There are several utilities capable of generating SHA-2 digests in hex format such as openssl, shasum, sha224sum, sha256sum, sha384sum, sha512sum. .Pp For example, using openssl: .Bd -literal $ openssl dgst -sha224 /bin/ls SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25 .Ed .Pp It is also possible to use openssl to generate base64 output: .Bd -literal $ openssl dgst -binary -sha224 /bin/ls | openssl base64 EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ== .Ed .Pp Command digests are only supported by version 1.8.7 or higher. .Ss Defaults Certain configuration options may be changed from their default values at run-time via one or more .Li Default_Entry lines. These may affect all users on any host, all users on a specific host, a specific user, a specific command, or commands being run as a specific user. Note that per-command entries may not include command line arguments. If you need to specify arguments, define a .Li Cmnd_Alias and reference that instead. .Bd -literal Default_Type ::= 'Defaults' | 'Defaults' '@' Host_List | 'Defaults' ':' User_List | 'Defaults' '!' Cmnd_List | 'Defaults' '>' Runas_List Default_Entry ::= Default_Type Parameter_List Parameter_List ::= Parameter | Parameter ',' Parameter_List Parameter ::= Parameter '=' Value | Parameter '+=' Value | Parameter '-=' Value | '!'* Parameter .Ed .Pp Parameters may be .Sy flags , .Sy integer values, .Sy strings , or .Sy lists . Flags are implicitly boolean and can be turned off via the .Ql \&! operator. Some integer, string and list parameters may also be used in a boolean context to disable them. Values may be enclosed in double quotes .Pq \&"" when they contain multiple words. Special characters may be escaped with a backslash .Pq Ql \e . .Pp Lists have two additional assignment operators, .Li += and .Li -= . These operators are used to add to and delete from a list respectively. It is not an error to use the .Li -= operator to remove an element that does not exist in a list. .Pp Defaults entries are parsed in the following order: generic, host and user Defaults first, then runas Defaults and finally command defaults. .Pp See .Sx SUDOERS OPTIONS for a list of supported Defaults parameters. .Ss User specification .Bd -literal User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \e (':' Host_List '=' Cmnd_Spec_List)* Cmnd_Spec_List ::= Cmnd_Spec | Cmnd_Spec ',' Cmnd_Spec_List Cmnd_Spec ::= Runas_Spec? SELinux_Spec? Solaris_Priv_Spec? Tag_Spec* Cmnd Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')' SELinux_Spec ::= ('ROLE=role' | 'TYPE=type') Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset') Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' | 'SETENV:' | 'NOSETENV:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' | 'LOG_OUTPUT:' | 'NOLOG_OUTPUT:') .Ed .Pp A .Sy user specification determines which commands a user may run (and as what user) on specified hosts. By default, commands are run as .Sy root , but this can be changed on a per-command basis. .Pp The basic structure of a user specification is .Dq who where = (as_whom) what . Let's break that down into its constituent parts: .Ss Runas_Spec A .Li Runas_Spec determines the user and/or the group that a command may be run as. A fully-specified .Li Runas_Spec consists of two .Li Runas_List Ns No s (as defined above) separated by a colon .Pq Ql :\& and enclosed in a set of parentheses. The first .Li Runas_List indicates which users the command may be run as via .Nm sudo Ns No 's .Fl u option. The second defines a list of groups that can be specified via .Nm sudo Ns No 's .Fl g option. If both .Li Runas_List Ns No s are specified, the command may be run with any combination of users and groups listed in their respective .Li Runas_List Ns No s. If only the first is specified, the command may be run as any user in the list but no .Fl g option may be specified. If the first .Li Runas_List is empty but the second is specified, the command may be run as the invoking user with the group set to any listed in the .Li Runas_List . If both .Li Runas_List Ns No s are empty, the command may only be run as the invoking user. If no .Li Runas_Spec is specified the command may be run as .Sy root and no group may be specified. .Pp A .Li Runas_Spec sets the default for the commands that follow it. What this means is that for the entry: .Bd -literal dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm .Ed .Pp The user .Sy dgb may run .Pa /bin/ls , .Pa /bin/kill , and .Pa /usr/bin/lprm Ns No \(em Ns but only as .Sy operator . E.g., .Bd -literal $ sudo -u operator /bin/ls .Ed .Pp It is also possible to override a .Li Runas_Spec later on in an entry. If we modify the entry like so: .Bd -literal dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm .Ed .Pp Then user .Sy dgb is now allowed to run .Pa /bin/ls as .Sy operator , but .Pa /bin/kill and .Pa /usr/bin/lprm as .Sy root . .Pp We can extend this to allow .Sy dgb to run .Li /bin/ls with either the user or group set to .Sy operator : .Bd -literal dgb boulder = (operator : operator) /bin/ls, (root) /bin/kill,\e /usr/bin/lprm .Ed .Pp Note that while the group portion of the .Li Runas_Spec permits the user to run as command with that group, it does not force the user to do so. If no group is specified on the command line, the command will run with the group listed in the target user's password database entry. The following would all be permitted by the sudoers entry above: .Bd -literal $ sudo -u operator /bin/ls $ sudo -u operator -g operator /bin/ls $ sudo -g operator /bin/ls .Ed .Pp In the following example, user .Sy tcm may run commands that access a modem device file with the dialer group. .Bd -literal tcm boulder = (:dialer) /usr/bin/tip, /usr/bin/cu,\e /usr/local/bin/minicom .Ed .Pp Note that in this example only the group will be set, the command still runs as user .Sy tcm . E.g.\& .Bd -literal $ sudo -g dialer /usr/bin/cu .Ed .Pp Multiple users and groups may be present in a .Li Runas_Spec , in which case the user may select any combination of users and groups via the .Fl u and .Fl g options. In this example: .Bd -literal alan ALL = (root, bin : operator, system) ALL .Ed .Pp user .Sy alan may run any command as either user root or bin, optionally setting the group to operator or system. .Ss SELinux_Spec On systems with SELinux support, .Em sudoers entries may optionally have an SELinux role and/or type associated with a command. If a role or type is specified with the command it will override any default values specified in .Em sudoers . A role or type specified on the command line, however, will supersede the values in .Em sudoers . .Ss Solaris_Priv_Spec On Solaris systems, .Em sudoers entries may optionally specify Solaris privilege set and/or limit privilege set associated with a command. If privileges or limit privileges are specified with the command it will override any default values specified in .Em sudoers . .Pp A privilege set is a comma-separated list of privilege names. The .Xr ppriv 1 command can be used to list all privileges known to the system. For example: .Bd -literal $ ppriv -l .Ed .Pp In addition, there are several .Dq special privilege strings: .Bl -tag -width 8n .It none the empty set .It all the set of all privileges .It zone the set of all privileges available in the current zone .It basic the default set of privileges normal users are granted at login time .El .Pp Privileges can be excluded from a set by prefixing the privilege name with either an .Ql \&! or .Ql \- character. .Ss Tag_Spec A command may have zero or more tags associated with it. There are ten possible tag values: .Li NOPASSWD , .Li PASSWD , .Li NOEXEC , .Li EXEC , .Li SETENV , .Li NOSETENV , .Li LOG_INPUT , .Li NOLOG_INPUT , .Li LOG_OUTPUT and .Li NOLOG_OUTPUT . Once a tag is set on a .Li Cmnd , subsequent .Li Cmnd Ns No s in the .Li Cmnd_Spec_List , inherit the tag unless it is overridden by the opposite tag (in other words, .Li PASSWD overrides .Li NOPASSWD and .Li NOEXEC overrides .Li EXEC ) . .Bl -hang -width 0n .It Em NOPASSWD No and Em PASSWD .sp By default, .Nm sudo requires that a user authenticate him or herself before running a command. This behavior can be modified via the .Li NOPASSWD tag. Like a .Li Runas_Spec , the .Li NOPASSWD tag sets a default for the commands that follow it in the .Li Cmnd_Spec_List . Conversely, the .Li PASSWD tag can be used to reverse things. For example: .Bd -literal ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm .Ed .Pp would allow the user .Sy ray to run .Pa /bin/kill , .Pa /bin/ls , and .Pa /usr/bin/lprm as .Sy root on the machine rushmore without authenticating himself. If we only want .Sy ray to be able to run .Pa /bin/kill without a password the entry would be: .Bd -literal ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm .Ed .Pp Note, however, that the .Li PASSWD tag has no effect on users who are in the group specified by the .Em exempt_group option. .Pp By default, if the .Li NOPASSWD tag is applied to any of the entries for a user on the current host, he or she will be able to run .Dq Li sudo -l without a password. Additionally, a user may only run .Dq Li sudo -v without a password if the .Li NOPASSWD tag is present for all a user's entries that pertain to the current host. This behavior may be overridden via the .Em verifypw and .Em listpw options. .It Em NOEXEC No and Em EXEC .sp If .Nm sudo has been compiled with .Em noexec support and the underlying operating system supports it, the .Li NOEXEC tag can be used to prevent a dynamically-linked executable from running further commands itself. .Pp In the following example, user .Sy aaron may run .Pa /usr/bin/more and .Pa /usr/bin/vi but shell escapes will be disabled. .Bd -literal aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi .Ed .Pp See the .Sx Preventing shell escapes section below for more details on how .Li NOEXEC works and whether or not it will work on your system. .It Em SETENV No and Em NOSETENV .sp These tags override the value of the .Em setenv option on a per-command basis. Note that if .Li SETENV has been set for a command, the user may disable the .Em env_reset option from the command line via the .Fl E option. Additionally, environment variables set on the command line are not subject to the restrictions imposed by .Em env_check , .Em env_delete , or .Em env_keep . As such, only trusted users should be allowed to set variables in this manner. If the command matched is .Sy ALL , the .Li SETENV tag is implied for that command; this default may be overridden by use of the .Li NOSETENV tag. .It Em LOG_INPUT No and Em NOLOG_INPUT .sp These tags override the value of the .Em log_input option on a per-command basis. For more information, see the description of .Em log_input in the .Sx SUDOERS OPTIONS section below. .It Em LOG_OUTPUT No and Em NOLOG_OUTPUT .sp These tags override the value of the .Em log_output option on a per-command basis. For more information, see the description of .Em log_output in the .Sx SUDOERS OPTIONS section below. .El .Ss Wildcards .Nm sudo allows shell-style .Em wildcards (aka meta or glob characters) to be used in host names, path names and command line arguments in the .Em sudoers file. Wildcard matching is done via the .Xr glob 3 and .Xr fnmatch 3 functions as specified by .St -p1003.1 . Note that these are .Em not regular expressions. .Bl -tag -width 8n .It Li * Matches any set of zero or more characters. .It Li \&? Matches any single character. .It Li [...] Matches any character in the specified range. .It Li [!...] Matches any character .Sy not in the specified range. .It Li \ex For any character .Sq x , evaluates to .Sq x . This is used to escape special characters such as: .Ql * , .Ql \&? , .Ql [\& , and .Ql ]\& . .El .Pp Character classes may also be used if your system's .Xr glob 3 and .Xr fnmatch 3 functions support them. However, because the .Ql :\& character has special meaning in .Em sudoers , it must be escaped. For example: .Bd -literal -offset 4n /bin/ls [[\:alpha\:]]* .Ed .Pp Would match any file name beginning with a letter. .Pp Note that a forward slash .Pq Ql / will .Sy not be matched by wildcards used in the path name. This is to make a path like: .Bd -literal -offset 4n /usr/bin/* .Ed .Pp match .Pa /usr/bin/who but not .Pa /usr/bin/X11/xterm . .Pp When matching the command line arguments, however, a slash .Sy does get matched by wildcards since command line arguments may contain arbitrary strings and not just path names. .Pp Wildcards in command line arguments should be used with care. Because command line arguments are matched as a single, concatenated string, a wildcard such as .Ql \&? or .Ql * can match multiple words. For example, while a sudoers entry like: .Bd -literal -offset 4n %operator ALL = /bin/cat /var/log/messages* .Ed .Pp will allow command like: .Bd -literal -offset 4n $ sudo cat /var/log/messages.1 .Ed .Pp It will also allow: .Bd -literal -offset 4n $ sudo cat /var/log/messages /etc/shadow .Ed .Pp which is probably not what was intended. .Ss Exceptions to wildcard rules The following exceptions apply to the above rules: .Bl -tag -width 8n .It Li \&"" If the empty string .Li \&"" is the only command line argument in the .Em sudoers entry it means that command is not allowed to be run with .Sy any arguments. .It sudoedit Command line arguments to the .Em sudoedit built-in command should always be path names, so a forward slash .Pq Ql / will not be matched by a wildcard. .El .Ss Including other files from within sudoers It is possible to include other .Em sudoers files from within the .Em sudoers file currently being parsed using the .Li #include and .Li #includedir directives. .Pp This can be used, for example, to keep a site-wide .Em sudoers file in addition to a local, per-machine file. For the sake of this example the site-wide .Em sudoers will be .Pa /etc/sudoers and the per-machine one will be .Pa /etc/sudoers.local . To include .Pa /etc/sudoers.local from within .Pa /etc/sudoers we would use the following line in .Pa /etc/sudoers : .Bd -literal -offset 4n #include /etc/sudoers.local .Ed .Pp When .Nm sudo reaches this line it will suspend processing of the current file .Pq Pa /etc/sudoers and switch to .Pa /etc/sudoers.local . Upon reaching the end of .Pa /etc/sudoers.local , the rest of .Pa /etc/sudoers will be processed. Files that are included may themselves include other files. A hard limit of 128 nested include files is enforced to prevent include file loops. .Pp If the path to the include file is not fully-qualified (does not begin with a .Ql / , it must be located in the same directory as the sudoers file it was included from. For example, if .Pa /etc/sudoers contains the line: .Bd -literal -offset 4n .Li #include sudoers.local .Ed .Pp the file that will be included is .Pa /etc/sudoers.local . .Pp The file name may also include the .Li %h escape, signifying the short form of the host name. In other words, if the machine's host name is .Dq xerxes , then .Bd -literal -offset 4n #include /etc/sudoers.%h .Ed .Pp will cause .Nm sudo to include the file .Pa /etc/sudoers.xerxes . .Pp The .Li #includedir directive can be used to create a .Pa sudo.d directory that the system package manager can drop .Em sudoers rules into as part of package installation. For example, given: .Bd -literal -offset 4n #includedir /etc/sudoers.d .Ed .Pp .Nm sudo will read each file in .Pa /etc/sudoers.d , skipping file names that end in .Ql ~ or contain a .Ql .\& character to avoid causing problems with package manager or editor temporary/backup files. Files are parsed in sorted lexical order. That is, .Pa /etc/sudoers.d/01_first will be parsed before .Pa /etc/sudoers.d/10_second . Be aware that because the sorting is lexical, not numeric, .Pa /etc/sudoers.d/1_whoops would be loaded .Sy after .Pa /etc/sudoers.d/10_second . Using a consistent number of leading zeroes in the file names can be used to avoid such problems. .Pp Note that unlike files included via .Li #include , .Nm visudo will not edit the files in a .Li #includedir directory unless one of them contains a syntax error. It is still possible to run .Nm visudo with the .Fl f flag to edit the files directly. .Ss Other special characters and reserved words The pound sign .Pq Ql # is used to indicate a comment (unless it is part of a #include directive or unless it occurs in the context of a user name and is followed by one or more digits, in which case it is treated as a uid). Both the comment character and any text after it, up to the end of the line, are ignored. .Pp The reserved word .Sy ALL is a built-in .Em alias that always causes a match to succeed. It can be used wherever one might otherwise use a .Li Cmnd_Alias , .Li User_Alias , .Li Runas_Alias , or .Li Host_Alias . You should not try to define your own .Em alias called .Sy ALL as the built-in alias will be used in preference to your own. Please note that using .Sy ALL can be dangerous since in a command context, it allows the user to run .Sy any command on the system. .Pp An exclamation point .Pq Ql \&! can be used as a logical .Em not operator in a list or .Em alias as well as in front of a .Li Cmnd . This allows one to exclude certain values. For the .Ql \&! operator to be effective, there must be something for it to exclude. For example, to match all users except for root one would use: .Bd -literal -offset 4n ALL,!root .Ed .Pp If the .Sy ALL , is omitted, as in: .Bd -literal -offset 4n !root .Ed .Pp it would explicitly deny root but not match any other users. This is different from a true .Dq negation operator. .Pp Note, however, that using a .Ql \&! in conjunction with the built-in .Sy ALL alias to allow a user to run .Dq all but a few commands rarely works as intended (see .Sx SECURITY NOTES below). .Pp Long lines can be continued with a backslash .Pq Ql \e as the last character on the line. .Pp White space between elements in a list as well as special syntactic characters in a .Em User Specification .Po .Ql =\& , .Ql :\& , .Ql (\& , .Ql )\& .Pc is optional. .Pp The following characters must be escaped with a backslash .Pq Ql \e when used as part of a word (e.g.\& a user name or host name): .Ql \&! , .Ql =\& , .Ql :\& , .Ql ,\& , .Ql (\& , .Ql )\& , .Ql \e . .Sh SUDOERS OPTIONS .Nm sudo Ns No 's behavior can be modified by .Li Default_Entry lines, as explained earlier. A list of all supported Defaults parameters, grouped by type, are listed below. .Pp .Sy Boolean Flags : .Bl -tag -width 16n .It always_set_home If enabled, .Nm sudo will set the .Ev HOME environment variable to the home directory of the target user (which is root unless the .Fl u option is used). This effectively means that the .Fl H option is always implied. Note that .Ev HOME is already set when the .Em env_reset option is enabled, so .Em always_set_home is only effective for configurations where either .Em env_reset is disabled or .Ev HOME is present in the .Em env_keep list. This flag is .Em off by default. .It authenticate If set, users must authenticate themselves via a password (or other means of authentication) before they may run commands. This default may be overridden via the .Li PASSWD and .Li NOPASSWD tags. This flag is .Em on by default. .It closefrom_override If set, the user may use .Nm sudo Ns No 's .Fl C option which overrides the default starting point at which .Nm sudo begins closing open file descriptors. This flag is .Em off by default. .It compress_io If set, and .Nm sudo is configured to log a command's input or output, the I/O logs will be compressed using .Sy zlib . This flag is .Em on by default when .Nm sudo is compiled with .Sy zlib support. .It exec_background By default, .Nm sudo runs a command as the foreground process as long as .Nm sudo itself is running in the foreground. When the .Em exec_background flag is enabled and the command is being run in a pty (due to I/O logging or the .Em use_pty flag), the command will be run as a background process. Attempts to read from the controlling terminal (or to change terminal settings) will result in the command being suspended with the .Dv SIGTTIN signal (or .Dv SIGTTOU in the case of terminal settings). If this happens when .Nm sudo is a foreground process, the command will be granted the controlling terminal and resumed in the foreground with no user intervention required. The advantage of initially running the command in the background is that .Nm sudo need not read from the terminal unless the command explicitly requests it. Otherwise, any terminal input must be passed to the command, whether it has required it or not (the kernel buffers terminals so it is not possible to tell whether the command really wants the input). This is different from historic .Em sudo behavior or when the command is not being run in a pty. .Pp For this to work seamlessly, the operating system must support the automatic restarting of system calls. Unfortunately, not all operating systems do this by default, and even those that do may have bugs. For example, Mac OS X fails to restart the .Fn tcgetattr and .Fn tcsetattr system calls (this is a bug in Mac OS X). Furthermore, because this behavior depends on the command stopping with the .Dv SIGTTIN or .Dv SIGTTOU signals, programs that catch these signals and suspend themselves with a different signal (usually .Dv SIGTOP ) will not be automatically foregrounded. Some versions of the linux .Xr su 1 command behave this way. .Pp This setting is only supported by version 1.8.7 or higher. It has no effect unless I/O logging is enabled or the .Em use_pty flag is enabled. .It env_editor If set, .Nm visudo will use the value of the .Ev EDITOR or .Ev VISUAL environment variables before falling back on the default editor list. Note that this may create a security hole as it allows the user to run any arbitrary command as root without logging. A safer alternative is to place a colon-separated list of editors in the .Li editor variable. .Nm visudo will then only use the .Ev EDITOR or .Ev VISUAL if they match a value specified in .Li editor . This flag is .Em @env_editor@ by default. .It env_reset If set, .Nm sudo will run the command in a minimal environment containing the .Ev TERM , .Ev PATH , .Ev HOME , .Ev MAIL , .Ev SHELL , .Ev LOGNAME , .Ev USER , .Ev USERNAME and .Ev SUDO_* variables. Any variables in the caller's environment that match the .Li env_keep and .Li env_check lists are then added, followed by any variables present in the file specified by the .Em env_file option (if any). The default contents of the .Li env_keep and .Li env_check lists are displayed when .Nm sudo is run by root with the .Fl V option. If the .Em secure_path option is set, its value will be used for the .Ev PATH environment variable. This flag is .Em @env_reset@ by default. .It fast_glob Normally, .Nm sudo uses the .Xr glob 3 function to do shell-style globbing when matching path names. However, since it accesses the file system, .Xr glob 3 can take a long time to complete for some patterns, especially when the pattern references a network file system that is mounted on demand (auto mounted). The .Em fast_glob option causes .Nm sudo to use the .Xr fnmatch 3 function, which does not access the file system to do its matching. The disadvantage of .Em fast_glob is that it is unable to match relative path names such as .Pa ./ls or .Pa ../bin/ls . This has security implications when path names that include globbing characters are used with the negation operator, .Ql !\& , as such rules can be trivially bypassed. As such, this option should not be used when .Em sudoers contains rules that contain negated path names which include globbing characters. This flag is .Em off by default. .It fqdn Set this flag if you want to put fully qualified host names in the .Em sudoers file when the local host name (as returned by the .Li hostname command) does not contain the domain name. In other words, instead of myhost you would use myhost.mydomain.edu. You may still use the short form if you wish (and even mix the two). This option is only effective when the .Dq canonical host name, as returned by the .Fn getaddrinfo or .Fn gethostbyname function, is a fully-qualified domain name. This is usually the case when the system is configured to use DNS for host name resolution. .Pp If the system is configured to use the .Pa /etc/hosts file in preference to DNS, the .Dq canonical host name may not be fully-qualified. The order that sources are queried for host name resolution is usually specified in the .Pa @nsswitch_conf@ , .Pa @netsvc_conf@ , .Pa /etc/host.conf , or, in some cases, .Pa /etc/resolv.conf file. In the .Pa /etc/hosts file, the first host name of the entry is considered to be the .Dq canonical name; subsequent names are aliases that are not used by .Nm sudoers . For example, the following hosts file line for the machine .Dq xyzzy has the fully-qualified domain name as the .Dq canonical host name, and the short version as an alias. .sp .Dl 192.168.1.1 xyzzy.sudo.ws xyzzy .sp If the machine's hosts file entry is not formatted properly, the .Em fqdn option will not be effective if it is queried before DNS. .Pp Beware that when using DNS for host name resolution, turning on .Em fqdn requires .Nm sudoers to make DNS lookups which renders .Nm sudo unusable if DNS stops working (for example if the machine is disconnected from the network). Also note that just like with the hosts file, you must use the .Dq canonical name as DNS knows it. That is, you may not use a host alias .Po .Li CNAME entry .Pc due to performance issues and the fact that there is no way to get all aliases from DNS. .Pp This flag is .Em @fqdn@ by default. .It ignore_dot If set, .Nm sudo will ignore "." or "" (both denoting current directory) in the .Ev PATH environment variable; the .Ev PATH itself is not modified. This flag is .Em @ignore_dot@ by default. .It ignore_local_sudoers If set via LDAP, parsing of .Pa @sysconfdir@/sudoers will be skipped. This is intended for Enterprises that wish to prevent the usage of local sudoers files so that only LDAP is used. This thwarts the efforts of rogue operators who would attempt to add roles to .Pa @sysconfdir@/sudoers . When this option is present, .Pa @sysconfdir@/sudoers does not even need to exist. Since this option tells .Nm sudo how to behave when no specific LDAP entries have been matched, this sudoOption is only meaningful for the .Li cn=defaults section. This flag is .Em off by default. .It insults If set, .Nm sudo will insult users when they enter an incorrect password. This flag is .Em @insults@ by default. .It log_host If set, the host name will be logged in the (non-syslog) .Nm sudo log file. This flag is .Em off by default. .It log_input If set, .Nm sudo will run the command in a .Em pseudo tty and log all user input. If the standard input is not connected to the user's tty, due to I/O redirection or because the command is part of a pipeline, that input is also captured and stored in a separate log file. .Pp Input is logged to the directory specified by the .Em iolog_dir option .Po .Pa @iolog_dir@ by default .Pc using a unique session ID that is included in the normal .Nm sudo log line, prefixed with .Dq Li TSID= . The .Em iolog_file option may be used to control the format of the session ID. .Pp Note that user input may contain sensitive information such as passwords (even if they are not echoed to the screen), which will be stored in the log file unencrypted. In most cases, logging the command output via .Em log_output is all that is required. .It log_output If set, .Nm sudo will run the command in a .Em pseudo tty and log all output that is sent to the screen, similar to the .Xr script 1 command. If the standard output or standard error is not connected to the user's tty, due to I/O redirection or because the command is part of a pipeline, that output is also captured and stored in separate log files. .Pp Output is logged to the directory specified by the .Em iolog_dir option .Po .Pa @iolog_dir@ by default .Pc using a unique session ID that is included in the normal .Nm sudo log line, prefixed with .Dq Li TSID= . The .Em iolog_file option may be used to control the format of the session ID. .Pp Output logs may be viewed with the .Xr sudoreplay @mansectsu@ utility, which can also be used to list or search the available logs. .It log_year If set, the four-digit year will be logged in the (non-syslog) .Nm sudo log file. This flag is .Em off by default. .It long_otp_prompt When validating with a One Time Password (OTP) scheme such as .Sy S/Key or .Sy OPIE , a two-line prompt is used to make it easier to cut and paste the challenge to a local window. It's not as pretty as the default but some people find it more convenient. This flag is .Em @long_otp_prompt@ by default. .It mail_always Send mail to the .Em mailto user every time a users runs .Nm sudo . This flag is .Em off by default. .It mail_badpass Send mail to the .Em mailto user if the user running .Nm sudo does not enter the correct password. If the command the user is attempting to run is not permitted by .Em sudoers and one of the .Em mail_always , .Em mail_no_host , .Em mail_no_perms or .Em mail_no_user flags are set, this flag will have no effect. This flag is .Em off by default. .It mail_no_host If set, mail will be sent to the .Em mailto user if the invoking user exists in the .Em sudoers file, but is not allowed to run commands on the current host. This flag is .Em @mail_no_host@ by default. .It mail_no_perms If set, mail will be sent to the .Em mailto user if the invoking user is allowed to use .Nm sudo but the command they are trying is not listed in their .Em sudoers file entry or is explicitly denied. This flag is .Em @mail_no_perms@ by default. .It mail_no_user If set, mail will be sent to the .Em mailto user if the invoking user is not in the .Em sudoers file. This flag is .Em @mail_no_user@ by default. .It noexec If set, all commands run via .Nm sudo will behave as if the .Li NOEXEC tag has been set, unless overridden by a .Li EXEC tag. See the description of .Em NOEXEC and EXEC below as well as the .Sx Preventing shell escapes section at the end of this manual. This flag is .Em off by default. .It pam_session On systems that use PAM for authentication, .Nm sudo will create a new PAM session for the command to be run in. Disabling .Em pam_session may be needed on older PAM implementations or on operating systems where opening a PAM session changes the utmp or wtmp files. If PAM session support is disabled, resource limits may not be updated for the command being run. If .Em pam_session , .Em pam_setcred , and .Em use_pty are disabled and I/O logging has not been configured, .Nm sudo will execute the command directly instead of running it as a child process. This flag is .Em @pam_session@ by default. .Pp This setting is only supported by version 1.8.7 or higher. .It pam_setcred On systems that use PAM for authentication, .Nm sudo will attempt to establish credentials for the target user by default, if supported by the underlying authentication system. One example of a credential is a Kerberos ticket. If .Em pam_session , .Em pam_setcred , and .Em use_pty are disabled and I/O logging has not been configured, .Nm sudo will execute the command directly instead of running it as a child process. This flag is .Em on by default. .Pp This setting is only supported by version 1.8.8 or higher. .It passprompt_override The password prompt specified by .Em passprompt will normally only be used if the password prompt provided by systems such as PAM matches the string .Dq Password: . If .Em passprompt_override is set, .Em passprompt will always be used. This flag is .Em off by default. .It path_info Normally, .Nm sudo will tell the user when a command could not be found in their .Ev PATH environment variable. Some sites may wish to disable this as it could be used to gather information on the location of executables that the normal user does not have access to. The disadvantage is that if the executable is simply not in the user's .Ev PATH , .Nm sudo will tell the user that they are not allowed to run it, which can be confusing. This flag is .Em @path_info@ by default. .It preserve_groups By default, .Nm sudo will initialize the group vector to the list of groups the target user is in. When .Em preserve_groups is set, the user's existing group vector is left unaltered. The real and effective group IDs, however, are still set to match the target user. This flag is .Em off by default. .It pwfeedback By default, .Nm sudo reads the password like most other Unix programs, by turning off echo until the user hits the return (or enter) key. Some users become confused by this as it appears to them that .Nm sudo has hung at this point. When .Em pwfeedback is set, .Nm sudo will provide visual feedback when the user presses a key. Note that this does have a security impact as an onlooker may be able to determine the length of the password being entered. This flag is .Em off by default. .It requiretty If set, .Nm sudo will only run when the user is logged in to a real tty. When this flag is set, .Nm sudo can only be run from a login session and not via other means such as .Xr cron @mansectsu@ or cgi-bin scripts. This flag is .Em off by default. .It root_sudo If set, root is allowed to run .Nm sudo too. Disabling this prevents users from .Dq chaining .Nm sudo commands to get a root shell by doing something like .Dq Li sudo sudo /bin/sh . Note, however, that turning off .Em root_sudo will also prevent root from running .Nm sudoedit . Disabling .Em root_sudo provides no real additional security; it exists purely for historical reasons. This flag is .Em @root_sudo@ by default. .It rootpw If set, .Nm sudo will prompt for the root password instead of the password of the invoking user. This flag is .Em off by default. .It runaspw If set, .Nm sudo will prompt for the password of the user defined by the .Em runas_default option (defaults to .Li @runas_default@ ) instead of the password of the invoking user. This flag is .Em off by default. .It set_home If enabled and .Nm sudo is invoked with the .Fl s option the .Ev HOME environment variable will be set to the home directory of the target user (which is root unless the .Fl u option is used). This effectively makes the .Fl s option imply .Fl H . Note that .Ev HOME is already set when the .Em env_reset option is enabled, so .Em set_home is only effective for configurations where either .Em env_reset is disabled or .Ev HOME is present in the .Em env_keep list. This flag is .Em off by default. .It set_logname Normally, .Nm sudo will set the .Ev LOGNAME , .Ev USER and .Ev USERNAME environment variables to the name of the target user (usually root unless the .Fl u option is given). However, since some programs (including the RCS revision control system) use .Ev LOGNAME to determine the real identity of the user, it may be desirable to change this behavior. This can be done by negating the set_logname option. Note that if the .Em env_reset option has not been disabled, entries in the .Em env_keep list will override the value of .Em set_logname . This flag is .Em on by default. .It set_utmp When enabled, .Nm sudo will create an entry in the utmp (or utmpx) file when a pseudo-tty is allocated. A pseudo-tty is allocated by .Nm sudo when the .Em log_input , .Em log_output or .Em use_pty flags are enabled. By default, the new entry will be a copy of the user's existing utmp entry (if any), with the tty, time, type and pid fields updated. This flag is .Em on by default. .It setenv Allow the user to disable the .Em env_reset option from the command line via the .Fl E option. Additionally, environment variables set via the command line are not subject to the restrictions imposed by .Em env_check , .Em env_delete , or .Em env_keep . As such, only trusted users should be allowed to set variables in this manner. This flag is .Em off by default. .It shell_noargs If set and .Nm sudo is invoked with no arguments it acts as if the .Fl s option had been given. That is, it runs a shell as root (the shell is determined by the .Ev SHELL environment variable if it is set, falling back on the shell listed in the invoking user's /etc/passwd entry if not). This flag is .Em off by default. .It stay_setuid Normally, when .Nm sudo executes a command the real and effective UIDs are set to the target user (root by default). This option changes that behavior such that the real UID is left as the invoking user's UID. In other words, this makes .Nm sudo act as a setuid wrapper. This can be useful on systems that disable some potentially dangerous functionality when a program is run setuid. This option is only effective on systems that support either the .Xr setreuid 2 or .Xr setresuid 2 system call. This flag is .Em off by default. .It targetpw If set, .Nm sudo will prompt for the password of the user specified by the .Fl u option (defaults to .Li root ) instead of the password of the invoking user. In addition, the time stamp file name will include the target user's name. Note that this flag precludes the use of a uid not listed in the passwd database as an argument to the .Fl u option. This flag is .Em off by default. .It tty_tickets If set, users must authenticate on a per-tty basis. With this flag enabled, .Nm sudo will use a file named for the tty the user is logged in on in the user's time stamp directory. If disabled, the time stamp of the directory is used instead. This flag is .Em @tty_tickets@ by default. .It umask_override If set, .Nm sudo will set the umask as specified by .Em sudoers without modification. This makes it possible to specify a more permissive umask in .Em sudoers than the user's own umask and matches historical behavior. If .Em umask_override is not set, .Nm sudo will set the umask to be the union of the user's umask and what is specified in .Em sudoers . This flag is .Em @umask_override@ by default. .It use_loginclass If set, .Nm sudo will apply the defaults specified for the target user's login class if one exists. Only available if .Nm sudo is configured with the .Li --with-logincap option. This flag is .Em off by default. .It use_pty If set, .Nm sudo will run the command in a pseudo-pty even if no I/O logging is being gone. A malicious program run under .Nm sudo could conceivably fork a background process that retains to the user's terminal device after the main program has finished executing. Use of this option will make that impossible. This flag is .Em off by default. .It utmp_runas If set, .Nm sudo will store the name of the runas user when updating the utmp (or utmpx) file. By default, .Nm sudo stores the name of the invoking user. This flag is .Em off by default. .It visiblepw By default, .Nm sudo will refuse to run if the user must enter a password but it is not possible to disable echo on the terminal. If the .Em visiblepw flag is set, .Nm sudo will prompt for a password even when it would be visible on the screen. This makes it possible to run things like .Dq Li ssh somehost sudo ls since by default, .Xr ssh 1 does not allocate a tty when running a command. This flag is .Em off by default. .El .Pp .Sy Integers : .Bl -tag -width 16n .It closefrom Before it executes a command, .Nm sudo will close all open file descriptors other than standard input, standard output and standard error (ie: file descriptors 0-2). The .Em closefrom option can be used to specify a different file descriptor at which to start closing. The default is .Li 3 . .It passwd_tries The number of tries a user gets to enter his/her password before .Nm sudo logs the failure and exits. The default is .Li @passwd_tries@ . .El .Pp .Sy Integers that can be used in a boolean context : .Bl -tag -width 16n .It loglinelen Number of characters per line for the file log. This value is used to decide when to wrap lines for nicer log files. This has no effect on the syslog log file, only the file log. The default is .Li @loglen@ (use 0 or negate the option to disable word wrap). .It passwd_timeout Number of minutes before the .Nm sudo password prompt times out, or .Li 0 for no timeout. The timeout may include a fractional component if minute granularity is insufficient, for example .Li 2.5 . The default is .Li @password_timeout@ . .It timestamp_timeout Number of minutes that can elapse before .Nm sudo will ask for a passwd again. The timeout may include a fractional component if minute granularity is insufficient, for example .Li 2.5 . The default is .Li @timeout@ . Set this to .Li 0 to always prompt for a password. If set to a value less than .Li 0 the user's time stamp will never expire. This can be used to allow users to create or delete their own time stamps via .Dq Li sudo -v and .Dq Li sudo -k respectively. .It umask Umask to use when running the command. Negate this option or set it to 0777 to preserve the user's umask. The actual umask that is used will be the union of the user's umask and the value of the .Em umask option, which defaults to .Li @sudo_umask@ . This guarantees that .Nm sudo never lowers the umask when running a command. Note: on systems that use PAM, the default PAM configuration may specify its own umask which will override the value set in .Em sudoers . .El .Pp .Sy Strings : .Bl -tag -width 16n .It badpass_message Message that is displayed if a user enters an incorrect password. The default is .Li @badpass_message@ unless insults are enabled. .It editor A colon .Pq Ql :\& separated list of editors allowed to be used with .Nm visudo . .Nm visudo will choose the editor that matches the user's .Ev EDITOR environment variable if possible, or the first editor in the list that exists and is executable. The default is .Pa @editor@ . .It iolog_dir The top-level directory to use when constructing the path name for the input/output log directory. Only used if the .Em log_input or .Em log_output options are enabled or when the .Li LOG_INPUT or .Li LOG_OUTPUT tags are present for a command. The session sequence number, if any, is stored in the directory. The default is .Pa @iolog_dir@ . .Pp The following percent .Pq Ql % escape sequences are supported: .Bl -tag -width 4n .It Li %{seq} expanded to a monotonically increasing base-36 sequence number, such as 0100A5, where every two digits are used to form a new directory, e.g.\& .Pa 01/00/A5 .It Li %{user} expanded to the invoking user's login name .It Li %{group} expanded to the name of the invoking user's real group ID .It Li %{runas_user} expanded to the login name of the user the command will be run as (e.g.\& root) .It Li %{runas_group} expanded to the group name of the user the command will be run as (e.g.\& wheel) .It Li %{hostname} expanded to the local host name without the domain name .It Li %{command} expanded to the base name of the command being run .El .Pp In addition, any escape sequences supported by the system's .Xr strftime 3 function will be expanded. .Pp To include a literal .Ql % character, the string .Ql %% should be used. .It iolog_file The path name, relative to .Em iolog_dir , in which to store input/output logs when the .Em log_input or .Em log_output options are enabled or when the .Li LOG_INPUT or .Li LOG_OUTPUT tags are present for a command. Note that .Em iolog_file may contain directory components. The default is .Dq Li %{seq} . .Pp See the .Em iolog_dir option above for a list of supported percent .Pq Ql % escape sequences. .Pp In addition to the escape sequences, path names that end in six or more .Li X Ns No s will have the .Li X Ns No s replaced with a unique combination of digits and letters, similar to the .Xr mktemp 3 function. .Pp If the path created by concatenating .Em iolog_dir and .Em iolog_file already exists, the existing I/O log file will be truncated and overwritten unless .Em iolog_file ends in six or more .Li X Ns No s . .It limitprivs The default Solaris limit privileges to use when constructing a new privilege set for a command. This bounds all privileges of the executing process. The default limit privileges may be overridden on a per-command basis in .Em sudoers . This option is only available if .Nm is built on Solaris 10 or higher. .It mailsub Subject of the mail sent to the .Em mailto user. The escape .Li %h will expand to the host name of the machine. Default is .Dq Li @mailsub@ . .It maxseq The maximum sequence number that will be substituted for the .Dq Li %{seq} escape in the I/O log file (see the .Em iolog_dir description above for more information). While the value substituted for .Dq Li %{seq} is in base 36, .Em maxseq itself should be expressed in decimal. Values larger than 2176782336 (which corresponds to the base 36 sequence number .Dq ZZZZZZ ) will be silently truncated to 2176782336. The default value is 2176782336. .Pp Once the local sequence number reaches the value of .Em maxseq , it will .Dq roll over to zero, after which .Nm sudoers will truncate and re-use any existing I/O log path names. .Pp This setting is only supported by version 1.8.7 or higher. .It noexec_file As of .Nm sudo version 1.8.1 this option is no longer supported. The path to the noexec file should now be set in the .Xr sudo.conf @mansectform@ file. .It pam_login_service On systems that use PAM for authentication, this is the service name used when the .Fl i option is specified. The default value is .Dq Li @pam_login_service@ . See the description of .Em pam_service for more information. .Pp This setting is only supported by version 1.8.8 or higher. .It pam_service On systems that use PAM for authentication, the service name specifies the PAM policy to apply. This usually corresponds to an entry in the .Pa pam.conf file or a file in the .Pa /etc/pam.d directory. The default value is .Dq Li sudo . .Pp This setting is only supported by version 1.8.8 or higher. .It passprompt The default prompt to use when asking for a password; can be overridden via the .Fl p option or the .Ev SUDO_PROMPT environment variable. The following percent .Pq Ql % escape sequences are supported: .Bl -tag -width 4n .It Li %H expanded to the local host name including the domain name (only if the machine's host name is fully qualified or the .Em fqdn option is set) .It Li %h expanded to the local host name without the domain name .It Li %p expanded to the user whose password is being asked for (respects the .Em rootpw , .Em targetpw and .Em runaspw flags in .Em sudoers ) .It Li \&%U expanded to the login name of the user the command will be run as (defaults to root) .It Li %u expanded to the invoking user's login name .It Li %% two consecutive .Li % characters are collapsed into a single .Li % character .El .Pp The default value is .Dq Li @passprompt@ . .It privs The default Solaris privileges to use when constructing a new privilege set for a command. This is passed to the executing process via the inherited privilege set, but is bounded by the limit privileges. If the .Em privs option is specified but the .Em limitprivs option is not, the limit privileges of the executing process is set to .Em privs . The default privileges may be overridden on a per-command basis in .Em sudoers . This option is only available if .Nm is built on Solaris 10 or higher. .It role The default SELinux role to use when constructing a new security context to run the command. The default role may be overridden on a per-command basis in .Em sudoers or via command line options. This option is only available when .Nm sudo is built with SELinux support. .It runas_default The default user to run commands as if the .Fl u option is not specified on the command line. This defaults to .Li @runas_default@ . .It syslog_badpri Syslog priority to use when user authenticates unsuccessfully. Defaults to .Li @badpri@ . .Pp The following syslog priorities are supported: .Sy alert , .Sy crit , .Sy debug , .Sy emerg , .Sy err , .Sy info , .Sy notice , and .Sy warning . .It syslog_goodpri Syslog priority to use when user authenticates successfully. Defaults to .Li @goodpri@ . .Pp See .Em syslog_badpri for the list of supported syslog priorities. .It sudoers_locale Locale to use when parsing the sudoers file, logging commands, and sending email. Note that changing the locale may affect how sudoers is interpreted. Defaults to .Dq Li C . .It timestampdir The directory in which .Nm sudo stores its time stamp files. The default is .Pa @timedir@ . .It timestampowner The owner of the time stamp directory and the time stamps stored therein. The default is .Li root . .It type The default SELinux type to use when constructing a new security context to run the command. The default type may be overridden on a per-command basis in .Em sudoers or via command line options. This option is only available when .Nm sudo is built with SELinux support. .El .Pp .Sy Strings that can be used in a boolean context : .Bl -tag -width 12n .It env_file The .Em env_file option specifies the fully qualified path to a file containing variables to be set in the environment of the program being run. Entries in this file should either be of the form .Dq Li VARIABLE=value or .Dq Li export VARIABLE=value . The value may optionally be surrounded by single or double quotes. Variables in this file are subject to other .Nm sudo environment settings such as .Em env_keep and .Em env_check . .It exempt_group Users in this group are exempt from password and PATH requirements. The group name specified should not include a .Li % prefix. This is not set by default. .It group_plugin A string containing a .Em sudoers group plugin with optional arguments. The string should consist of the plugin path, either fully-qualified or relative to the .Pa @PLUGINDIR@ directory, followed by any configuration arguments the plugin requires. These arguments (if any) will be passed to the plugin's initialization function. If arguments are present, the string must be enclosed in double quotes .Pq \&"" . .Pp For more information see .Xr "GROUP PROVIDER PLUGINS" . .It lecture This option controls when a short lecture will be printed along with the password prompt. It has the following possible values: .Bl -tag -width 6n .It always Always lecture the user. .It never Never lecture the user. .It once Only lecture the user the first time they run .Nm sudo . .El .Pp If no value is specified, a value of .Em once is implied. Negating the option results in a value of .Em never being used. The default value is .Em @lecture@ . .It lecture_file Path to a file containing an alternate .Nm sudo lecture that will be used in place of the standard lecture if the named file exists. By default, .Nm sudo uses a built-in lecture. .It listpw This option controls when a password will be required when a user runs .Nm sudo with the .Fl l option. It has the following possible values: .Bl -tag -width 8n .It all All the user's .Em sudoers entries for the current host must have the .Li NOPASSWD flag set to avoid entering a password. .It always The user must always enter a password to use the .Fl l option. .It any At least one of the user's .Em sudoers entries for the current host must have the .Li NOPASSWD flag set to avoid entering a password. .It never The user need never enter a password to use the .Fl l option. .El .Pp If no value is specified, a value of .Em any is implied. Negating the option results in a value of .Em never being used. The default value is .Em any . .It logfile Path to the .Nm sudo log file (not the syslog log file). Setting a path turns on logging to a file; negating this option turns it off. By default, .Nm sudo logs via syslog. .It mailerflags Flags to use when invoking mailer. Defaults to .Fl t . .It mailerpath Path to mail program used to send warning mail. Defaults to the path to sendmail found at configure time. .It mailfrom Address to use for the .Dq from address when sending warning and error mail. The address should be enclosed in double quotes .Pq \&"" to protect against .Nm sudo interpreting the .Li @ sign. Defaults to the name of the user running .Nm sudo . .It mailto Address to send warning and error mail to. The address should be enclosed in double quotes .Pq \&"" to protect against .Nm sudo interpreting the .Li @ sign. Defaults to .Li @mailto@ . .It secure_path Path used for every command run from .Nm sudo . If you don't trust the people running .Nm sudo to have a sane .Ev PATH environment variable you may want to use this. Another use is if you want to have the .Dq root path be separate from the .Dq user path . Users in the group specified by the .Em exempt_group option are not affected by .Em secure_path . This option is @secure_path@ by default. .It syslog Syslog facility if syslog is being used for logging (negate to disable syslog logging). Defaults to .Li @logfac@ . .Pp The following syslog facilities are supported: .Sy authpriv (if your OS supports it), .Sy auth , .Sy daemon , .Sy user , .Sy local0 , .Sy local1 , .Sy local2 , .Sy local3 , .Sy local4 , .Sy local5 , .Sy local6 , and .Sy local7 . .It verifypw This option controls when a password will be required when a user runs .Nm sudo with the .Fl v option. It has the following possible values: .Bl -tag -width 6n .It all All the user's .Em sudoers entries for the current host must have the .Li NOPASSWD flag set to avoid entering a password. .It always The user must always enter a password to use the .Fl v option. .It any At least one of the user's .Em sudoers entries for the current host must have the .Li NOPASSWD flag set to avoid entering a password. .It never The user need never enter a password to use the .Fl v option. .El .Pp If no value is specified, a value of .Em all is implied. Negating the option results in a value of .Em never being used. The default value is .Em all . .El .Pp .Sy Lists that can be used in a boolean context : .Bl -tag -width 16n .It env_check Environment variables to be removed from the user's environment if the variable's value contains .Ql % or .Ql / characters. This can be used to guard against printf-style format vulnerabilities in poorly-written programs. The argument may be a double-quoted, space-separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the .Li = , .Li += , .Li -= , and .Li \&! operators respectively. Regardless of whether the .Li env_reset option is enabled or disabled, variables specified by .Li env_check will be preserved in the environment if they pass the aforementioned check. The default list of environment variables to check is displayed when .Nm sudo is run by root with the .Fl V option. .It env_delete Environment variables to be removed from the user's environment when the .Em env_reset option is not in effect. The argument may be a double-quoted, space-separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the .Li = , .Li += , .Li -= , and .Li \&! operators respectively. The default list of environment variables to remove is displayed when .Nm sudo is run by root with the .Fl V option. Note that many operating systems will remove potentially dangerous variables from the environment of any setuid process (such as .Nm sudo ) . .It env_keep Environment variables to be preserved in the user's environment when the .Em env_reset option is in effect. This allows fine-grained control over the environment .Nm sudo Ns No -spawned processes will receive. The argument may be a double-quoted, space-separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the .Li = , .Li += , .Li -= , and .Li \&! operators respectively. The default list of variables to keep is displayed when .Nm sudo is run by root with the .Fl V option. .El .Sh GROUP PROVIDER PLUGINS The .Nm sudoers plugin supports its own plugin interface to allow non-Unix group lookups which can query a group source other than the standard Unix group database. This can be used to implement support for the .Li nonunix_group syntax described earlier. .Pp Group provider plugins are specified via the .Em group_plugin Defaults setting. The argument to .Em group_plugin should consist of the plugin path, either fully-qualified or relative to the .Pa @PLUGINDIR@ directory, followed by any configuration options the plugin requires. These options (if specified) will be passed to the plugin's initialization function. If options are present, the string must be enclosed in double quotes .Pq \&"" . .Pp The following group provider plugins are installed by default: .Bl -tag -width 8n .It group_file The .Em group_file plugin supports an alternate group file that uses the same syntax as the .Pa /etc/group file. The path to the group file should be specified as an option to the plugin. For example, if the group file to be used is .Pa /etc/sudo-group : .Bd -literal Defaults group_plugin="group_file.so /etc/sudo-group" .Ed .It system_group The .Em system_group plugin supports group lookups via the standard C library functions .Fn getgrnam and .Fn getgrid . This plugin can be used in instances where the user belongs to groups not present in the user's supplemental group vector. This plugin takes no options: .Bd -literal Defaults group_plugin=system_group.so .Ed .El .Pp The group provider plugin API is described in detail in .Xr sudo_plugin @mansectsu@ . .Sh LOG FORMAT .Nm sudoers can log events using either .Xr syslog 3 or a simple log file. In each case the log format is almost identical. .Ss Accepted command log entries Commands that sudo runs are logged using the following format (split into multiple lines for readability): .Bd -literal -offset 4n date hostname progname: username : TTY=ttyname ; PWD=cwd ; \e USER=runasuser ; GROUP=runasgroup ; TSID=logid ; \e ENV=env_vars COMMAND=command .Ed .Pp Where the fields are as follows: .Bl -tag -width 12n .It date The date the command was run. Typically, this is in the format .Dq MMM, DD, HH:MM:SS . If logging via .Xr syslog 3 , the actual date format is controlled by the syslog daemon. If logging to a file and the .Em log_year option is enabled, the date will also include the year. .It hostname The name of the host .Nm sudo was run on. This field is only present when logging via .Xr syslog 3 . .It progname The name of the program, usually .Em sudo or .Em sudoedit . This field is only present when logging via .Xr syslog 3 . .It username The login name of the user who ran .Nm sudo . .It ttyname The short name of the terminal (e.g.\& .Dq console , .Dq tty01 , or .Dq pts/0 ) .Nm sudo was run on, or .Dq unknown if there was no terminal present. .It cwd The current working directory that .Nm sudo was run in. .It runasuser The user the command was run as. .It runasgroup The group the command was run as if one was specified on the command line. .It logid An I/O log identifier that can be used to replay the command's output. This is only present when the .Em log_input or .Em log_output option is enabled. .It env_vars A list of environment variables specified on the command line, if specified. .It command The actual command that was executed. .El .Pp Messages are logged using the locale specified by .Em sudoers_locale , which defaults to the .Dq Li C locale. .Ss Denied command log entries If the user is not allowed to run the command, the reason for the denial will follow the user name. Possible reasons include: .Bl -tag -width 4 .It user NOT in sudoers The user is not listed in the .Em sudoers file. .It user NOT authorized on host The user is listed in the .Em sudoers file but is not allowed to run commands on the host. .It command not allowed The user is listed in the .Em sudoers file for the host but they are not allowed to run the specified command. .It 3 incorrect password attempts The user failed to enter their password after 3 tries. The actual number of tries will vary based on the number of failed attempts and the value of the .Em passwd_tries option. .It a password is required .Nm sudo Ns No 's .Fl n option was specified but a password was required. .It sorry, you are not allowed to set the following environment variables The user specified environment variables on the command line that were not allowed by .Em sudoers . .El .Ss Error log entries If an error occurs, .Nm sudoers will log a message and, in most cases, send a message to the administrator via email. Possible errors include: .Bl -tag -width 4 .It parse error in @sysconfdir@/sudoers near line N .Nm sudoers encountered an error when parsing the specified file. In some cases, the actual error may be one line above or below the line number listed, depending on the type of error. .It problem with defaults entries The .Em sudoers file contains one or more unknown Defaults settings. This does not prevent .Nm sudo from running, but the .Em sudoers file should be checked using .Nm visudo . .It timestamp owner (username): \&No such user The time stamp directory owner, as specified by the .Em timestampowner setting, could not be found in the password database. .It unable to open/read @sysconfdir@/sudoers The .Em sudoers file could not be opened for reading. This can happen when the .Em sudoers file is located on a remote file system that maps user ID 0 to a different value. Normally, .Nm sudoers tries to open .Em sudoers using group permissions to avoid this problem. Consider either changing the ownership of .Pa @sysconfdir@/sudoers or adding an argument like .Dq sudoers_uid=N (where .Sq N is the user ID that owns the .Em sudoers file) to the end of the .Nm sudoers .Li Plugin line in the .Xr sudo.conf @mansectform@ file. .It unable to stat @sysconfdir@/sudoers The .Pa @sysconfdir@/sudoers file is missing. .It @sysconfdir@/sudoers is not a regular file The .Pa @sysconfdir@/sudoers file exists but is not a regular file or symbolic link. .It @sysconfdir@/sudoers is owned by uid N, should be 0 The .Em sudoers file has the wrong owner. If you wish to change the .Em sudoers file owner, please add .Dq sudoers_uid=N (where .Sq N is the user ID that owns the .Em sudoers file) to the .Nm sudoers .Li Plugin line in the .Xr sudo.conf @mansectform@ file. .It @sysconfdir@/sudoers is world writable The permissions on the .Em sudoers file allow all users to write to it. The .Em sudoers file must not be world-writable, the default file mode is 0440 (readable by owner and group, writable by none). The default mode may be changed via the .Dq sudoers_mode option to the .Nm sudoers .Li Plugin line in the .Xr sudo.conf @mansectform@ file. .It @sysconfdir@/sudoers is owned by gid N, should be 1 The .Em sudoers file has the wrong group ownership. If you wish to change the .Em sudoers file group ownership, please add .Dq sudoers_gid=N (where .Sq N is the group ID that owns the .Em sudoers file) to the .Nm sudoers .Li Plugin line in the .Xr sudo.conf @mansectform@ file. .It unable to open @timedir@/username/ttyname .Em sudoers was unable to read or create the user's time stamp file. .It unable to write to @timedir@/username/ttyname .Em sudoers was unable to write to the user's time stamp file. .It unable to mkdir to @timedir@/username .Em sudoers was unable to create the user's time stamp directory. .El .Ss Notes on logging via syslog By default, .Em sudoers logs messages via .Xr syslog 3 . The .Em date , .Em hostname , and .Em progname fields are added by the syslog daemon, not .Em sudoers itself. As such, they may vary in format on different systems. .Pp On most systems, .Xr syslog 3 has a relatively small log buffer. To prevent the command line arguments from being truncated, .Nm sudoers will split up log messages that are larger than 960 characters (not including the date, hostname, and the string .Dq sudo ) . When a message is split, additional parts will include the string .Dq Pq command continued after the user name and before the continued command line arguments. .Ss Notes on logging to a file If the .Em logfile option is set, .Em sudoers will log to a local file, such as .Pa /var/log/sudo . When logging to a file, .Em sudoers uses a format similar to .Xr syslog 3 , with a few important differences: .Bl -enum .It The .Em progname and .Em hostname fields are not present. .It If the .Em log_year option is enabled, the date will also include the year. .It Lines that are longer than .Em loglinelen characters (80 by default) are word-wrapped and continued on the next line with a four character indent. This makes entries easier to read for a human being, but makes it more difficult to use .Xr grep 1 on the log files. If the .Em loglinelen option is set to 0 (or negated with a .Ql \&! ) , word wrap will be disabled. .El .Sh FILES .Bl -tag -width 24n .It Pa @sysconfdir@/sudo.conf Sudo front end configuration .It Pa @sysconfdir@/sudoers List of who can run what .It Pa /etc/group Local groups file .It Pa /etc/netgroup List of network groups .It Pa @iolog_dir@ I/O log files .It Pa @timedir@ Directory containing time stamps for the .Em sudoers security policy .It Pa /etc/environment Initial environment for .Fl i mode on AIX and Linux systems .El .Sh EXAMPLES Below are example .Em sudoers entries. Admittedly, some of these are a bit contrived. First, we allow a few environment variables to pass and then define our .Em aliases : .Bd -literal # Run X applications through sudo; HOME is used to find the # .Xauthority file. Note that other programs use HOME to find # configuration files and this may lead to privilege escalation! Defaults env_keep += "DISPLAY HOME" # User alias specification User_Alias FULLTIMERS = millert, mikef, dowdy User_Alias PARTTIMERS = bostley, jwfox, crawl User_Alias WEBMASTERS = will, wendy, wim # Runas alias specification Runas_Alias OP = root, operator Runas_Alias DB = oracle, sybase Runas_Alias ADMINGRP = adm, oper # Host alias specification Host_Alias SPARC = bigtime, eclipse, moet, anchor :\e SGI = grolsch, dandelion, black :\e ALPHA = widget, thalamus, foobar :\e HPPA = boa, nag, python Host_Alias CUNETS = 128.138.0.0/255.255.0.0 Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 Host_Alias SERVERS = master, mail, www, ns Host_Alias CDROM = orion, perseus, hercules # Cmnd alias specification Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e /usr/sbin/restore, /usr/sbin/rrestore,\e sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \e /home/operator/bin/start_backups Cmnd_Alias KILL = /usr/bin/kill Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown Cmnd_Alias HALT = /usr/sbin/halt Cmnd_Alias REBOOT = /usr/sbin/reboot Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh,\e /usr/local/bin/tcsh, /usr/bin/rsh,\e /usr/local/bin/zsh Cmnd_Alias SU = /usr/bin/su Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less .Ed .Pp Here we override some of the compiled in default values. We want .Nm sudo to log via .Xr syslog 3 using the .Em auth facility in all cases. We don't want to subject the full time staff to the .Nm sudo lecture, user .Sy millert need not give a password, and we don't want to reset the .Ev LOGNAME , .Ev USER or .Ev USERNAME environment variables when running commands as root. Additionally, on the machines in the .Em SERVERS .Li Host_Alias , we keep an additional local log file and make sure we log the year in each log line since the log entries will be kept around for several years. Lastly, we disable shell escapes for the commands in the PAGERS .Li Cmnd_Alias .Po .Pa /usr/bin/more , .Pa /usr/bin/pg and .Pa /usr/bin/less .Pc . Note that this will not effectively constrain users with .Nm sudo .Sy ALL privileges. .Bd -literal # Override built-in defaults Defaults syslog=auth Defaults>root !set_logname Defaults:FULLTIMERS !lecture Defaults:millert !authenticate Defaults@SERVERS log_year, logfile=/var/log/sudo.log Defaults!PAGERS noexec .Ed .Pp The .Em User specification is the part that actually determines who may run what. .Bd -literal root ALL = (ALL) ALL %wheel ALL = (ALL) ALL .Ed .Pp We let .Sy root and any user in group .Sy wheel run any command on any host as any user. .Bd -literal FULLTIMERS ALL = NOPASSWD: ALL .Ed .Pp Full time sysadmins .Po .Sy millert , .Sy mikef , and .Sy dowdy .Pc may run any command on any host without authenticating themselves. .Bd -literal PARTTIMERS ALL = ALL .Ed .Pp Part time sysadmins .Sy bostley , .Sy jwfox , and .Sy crawl ) may run any command on any host but they must authenticate themselves first (since the entry lacks the .Li NOPASSWD tag). .Bd -literal jack CSNETS = ALL .Ed .Pp The user .Sy jack may run any command on the machines in the .Em CSNETS alias (the networks .Li 128.138.243.0 , .Li 128.138.204.0 , and .Li 128.138.242.0 ) . Of those networks, only .Li 128.138.204.0 has an explicit netmask (in CIDR notation) indicating it is a class C network. For the other networks in .Em CSNETS , the local machine's netmask will be used during matching. .Bd -literal lisa CUNETS = ALL .Ed .Pp The user .Sy lisa may run any command on any host in the .Em CUNETS alias (the class B network .Li 128.138.0.0 ) . .Bd -literal operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\e sudoedit /etc/printcap, /usr/oper/bin/ .Ed .Pp The .Sy operator user may run commands limited to simple maintenance. Here, those are commands related to backups, killing processes, the printing system, shutting down the system, and any commands in the directory .Pa /usr/oper/bin/ . Note that one command in the .Li DUMPS Cmnd_Alias includes a sha224 digest, .Pa /home/operator/bin/start_backups . This is because the directory containing the script is writable by the operator user. If the script is modified (resulting in a digest mismatch) it will no longer be possible to run it via .Nm sudo . .Bd -literal joe ALL = /usr/bin/su operator .Ed .Pp The user .Sy joe may only .Xr su 1 to operator. .Bd -literal pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root %opers ALL = (: ADMINGRP) /usr/sbin/ .Ed .Pp Users in the .Sy opers group may run commands in .Pa /usr/sbin/ as themselves with any group in the .Em ADMINGRP .Li Runas_Alias (the .Sy adm and .Sy oper groups). .Pp The user .Sy pete is allowed to change anyone's password except for root on the .Em HPPA machines. Note that this assumes .Xr passwd 1 does not take multiple user names on the command line. .Bd -literal bob SPARC = (OP) ALL : SGI = (OP) ALL .Ed .Pp The user .Sy bob may run anything on the .Em SPARC and .Em SGI machines as any user listed in the .Em OP .Li Runas_Alias .Po .Sy root and .Sy operator . .Pc .Bd -literal jim +biglab = ALL .Ed .Pp The user .Sy jim may run any command on machines in the .Em biglab netgroup. .Nm sudo knows that .Dq biglab is a netgroup due to the .Ql + prefix. .Bd -literal +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser .Ed .Pp Users in the .Sy secretaries netgroup need to help manage the printers as well as add and remove users, so they are allowed to run those commands on all machines. .Bd -literal fred ALL = (DB) NOPASSWD: ALL .Ed .Pp The user .Sy fred can run commands as any user in the .Em DB .Li Runas_Alias .Po .Sy oracle or .Sy sybase .Pc without giving a password. .Bd -literal john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* .Ed .Pp On the .Em ALPHA machines, user .Sy john may su to anyone except root but he is not allowed to specify any options to the .Xr su 1 command. .Bd -literal jen ALL, !SERVERS = ALL .Ed .Pp The user .Sy jen may run any command on any machine except for those in the .Em SERVERS .Li Host_Alias (master, mail, www and ns). .Bd -literal jill SERVERS = /usr/bin/, !SU, !SHELLS .Ed .Pp For any machine in the .Em SERVERS .Li Host_Alias , .Sy jill may run any commands in the directory .Pa /usr/bin/ except for those commands belonging to the .Em SU and .Em SHELLS .Li Cmnd_Aliases . While not specifically mentioned in the rule, the commands in the .Em PAGERS .Li Cmnd_Alias all reside in .Pa /usr/bin and have the .Em noexec option set. .Bd -literal steve CSNETS = (operator) /usr/local/op_commands/ .Ed .Pp The user .Sy steve may run any command in the directory /usr/local/op_commands/ but only as user operator. .Bd -literal matt valkyrie = KILL .Ed .Pp On his personal workstation, valkyrie, .Sy matt needs to be able to kill hung processes. .Bd -literal WEBMASTERS www = (www) ALL, (root) /usr/bin/su www .Ed .Pp On the host www, any user in the .Em WEBMASTERS .Li User_Alias (will, wendy, and wim), may run any command as user www (which owns the web pages) or simply .Xr su 1 to www. .Bd -literal ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\e /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM .Ed .Pp Any user may mount or unmount a CD-ROM on the machines in the CDROM .Li Host_Alias (orion, perseus, hercules) without entering a password. This is a bit tedious for users to type, so it is a prime candidate for encapsulating in a shell script. .Sh SECURITY NOTES .Ss Limitations of the So !\& Sc operator It is generally not effective to .Dq subtract commands from .Sy ALL using the .Ql !\& operator. A user can trivially circumvent this by copying the desired command to a different name and then executing that. For example: .Bd -literal bill ALL = ALL, !SU, !SHELLS .Ed .Pp Doesn't really prevent .Sy bill from running the commands listed in .Em SU or .Em SHELLS since he can simply copy those commands to a different name, or use a shell escape from an editor or other program. Therefore, these kind of restrictions should be considered advisory at best (and reinforced by policy). .Pp In general, if a user has sudo .Sy ALL there is nothing to prevent them from creating their own program that gives them a root shell (or making their own copy of a shell) regardless of any .Ql !\& elements in the user specification. .Ss Security implications of Em fast_glob If the .Em fast_glob option is in use, it is not possible to reliably negate commands where the path name includes globbing (aka wildcard) characters. This is because the C library's .Xr fnmatch 3 function cannot resolve relative paths. While this is typically only an inconvenience for rules that grant privileges, it can result in a security issue for rules that subtract or revoke privileges. .Pp For example, given the following .Em sudoers entry: .Bd -literal john ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*,\e /usr/bin/chfn [a-zA-Z0-9]*, !/usr/bin/* root .Ed .Pp User .Sy john can still run .Li /usr/bin/passwd root if .Em fast_glob is enabled by changing to .Pa /usr/bin and running .Li ./passwd root instead. .Ss Preventing shell escapes Once .Nm sudo executes a program, that program is free to do whatever it pleases, including run other programs. This can be a security issue since it is not uncommon for a program to allow shell escapes, which lets a user bypass .Nm sudo Ns No 's access control and logging. Common programs that permit shell escapes include shells (obviously), editors, paginators, mail and terminal programs. .Pp There are two basic approaches to this problem: .Bl -tag -width 8n .It restrict Avoid giving users access to commands that allow the user to run arbitrary commands. Many editors have a restricted mode where shell escapes are disabled, though .Nm sudoedit is a better solution to running editors via .Nm sudo . Due to the large number of programs that offer shell escapes, restricting users to the set of programs that do not is often unworkable. .It noexec Many systems that support shared libraries have the ability to override default library functions by pointing an environment variable (usually .Ev LD_PRELOAD ) to an alternate shared library. On such systems, .Nm sudo Ns No 's .Em noexec functionality can be used to prevent a program run by .Nm sudo from executing any other programs. Note, however, that this applies only to native dynamically-linked executables. Statically-linked executables and foreign executables running under binary emulation are not affected. .Pp The .Em noexec feature is known to work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX, MacOS X, HP-UX 11.x and AIX 5.3 and above. It should be supported on most operating systems that support the .Ev LD_PRELOAD environment variable. Check your operating system's manual pages for the dynamic linker (usually ld.so, ld.so.1, dyld, dld.sl, rld, or loader) to see if .Ev LD_PRELOAD is supported. .Pp On Solaris 10 and higher, .Em noexec uses Solaris privileges instead of the .Ev LD_PRELOAD environment variable. .Pp To enable .Em noexec for a command, use the .Li NOEXEC tag as documented in the User Specification section above. Here is that example again: .Bd -literal aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi .Ed .Pp This allows user .Sy aaron to run .Pa /usr/bin/more and .Pa /usr/bin/vi with .Em noexec enabled. This will prevent those two commands from executing other commands (such as a shell). If you are unsure whether or not your system is capable of supporting .Em noexec you can always just try it out and check whether shell escapes work when .Em noexec is enabled. .El .Pp Note that restricting shell escapes is not a panacea. Programs running as root are still capable of many potentially hazardous operations (such as changing or overwriting files) that could lead to unintended privilege escalation. In the specific case of an editor, a safer approach is to give the user permission to run .Nm sudoedit (see below). .Ss Secure editing The .Em sudoers plugin includes .Nm sudoedit support which allows users to securely edit files with the editor of their choice. As .Nm sudoedit is a built-in command, it must be specified in .Em sudoers without a leading path. However, it may take command line arguments just as a normal command does. For example, to allow user operator to edit the .Dq message of the day file: .Bd -literal -offset indent operator sudoedit /etc/motd .Ed .Pp The operator user then runs .Nm sudoedit as follows: .Bd -literal -offset indent $ sudoedit /etc/motd .Ed .Pp The editor will run as the operator user, not root, on a temporary copy of .Pa /etc/motd . After the file has been edited, .Pa /etc/motd will be updated with the contents of the temporary copy. .Ss Time stamp file checks .Em sudoers will check the ownership of its time stamp directory .Po .Pa @timedir@ by default .Pc and ignore the directory's contents if it is not owned by root or if it is writable by a user other than root. On systems that allow non-root users to give away files via .Xr chown 2 , if the time stamp directory is located in a world-writable directory (e.g.\&, .Pa /tmp ) , it is possible for a user to create the time stamp directory before .Nm sudo is run. However, because .Em sudoers checks the ownership and mode of the directory and its contents, the only damage that can be done is to .Dq hide files by putting them in the time stamp dir. This is unlikely to happen since once the time stamp dir is owned by root and inaccessible by any other user, the user placing files there would be unable to get them back out. .Pp .Em sudoers will not honor time stamps set far in the future. Time stamps with a date greater than current_time + 2 * .Li TIMEOUT will be ignored and sudo will log and complain. This is done to keep a user from creating his/her own time stamp with a bogus date on systems that allow users to give away files if the time stamp directory is located in a world-writable directory. .Pp On systems where the boot time is available, .Em sudoers will ignore time stamps that date from before the machine booted. .Pp Since time stamp files live in the file system, they can outlive a user's login session. As a result, a user may be able to login, run a command with .Nm sudo after authenticating, logout, login again, and run .Nm sudo without authenticating so long as the time stamp file's modification time is within .Li @timeout@ minutes (or whatever the timeout is set to in .Em sudoers ) . When the .Em tty_tickets option is enabled, the time stamp has per-tty granularity but still may outlive the user's session. On Linux systems where the devpts filesystem is used, Solaris systems with the devices filesystem, as well as other systems that utilize a devfs filesystem that monotonically increase the inode number of devices as they are created (such as Mac OS X), .Em sudoers is able to determine when a tty-based time stamp file is stale and will ignore it. Administrators should not rely on this feature as it is not universally available. .Sh DEBUGGING Versions 1.8.4 and higher of the .Nm sudoers plugin support a flexible debugging framework that can help track down what the plugin is doing internally if there is a problem. This can be configured in the .Xr sudo.conf @mansectform@ file. .Pp The .Nm sudoers plugin uses the same debug flag format as the .Nm sudo front-end: .Em subsystem Ns No @ Ns Em priority . .Pp The priorities used by .Nm sudoers , in order of decreasing severity, are: .Em crit , err , warn , notice , diag , info , trace and .Em debug . Each priority, when specified, also includes all priorities higher than it. For example, a priority of .Em notice would include debug messages logged at .Em notice and higher. .Pp The following subsystems are used by the .Nm sudoers plugin: .Bl -tag -width 8n .It Em alias .Li User_Alias , .Li Runas_Alias , .Li Host_Alias and .Li Cmnd_Alias processing .It Em all matches every subsystem .It Em audit BSM and Linux audit code .It Em auth user authentication .It Em defaults .Em sudoers .Em Defaults settings .It Em env environment handling .It Em ldap LDAP-based sudoers .It Em logging logging support .It Em match matching of users, groups, hosts and netgroups in .Em sudoers .It Em netif network interface handling .It Em nss network service switch handling in .Em sudoers .It Em parser .Em sudoers file parsing .It Em perms permission setting .It Em plugin The equivalent of .Em main for the plugin. .It Em pty pseudo-tty related code .It Em rbtree redblack tree internals .It Em sssd SSSD-based sudoers .It Em util utility functions .El For example: .Bd -literal Debug sudo /var/log/sudo_debug match@info,nss@info .Ed .Pp For more information, see the .Xr sudo.conf @mansectform@ manual. .Sh SEE ALSO .Xr ssh 1 , .Xr su 1 , .Xr fnmatch 3 , .Xr glob 3 , .Xr mktemp 3 , .Xr strftime 3 , .Xr sudo.conf @mansectform@ , .Xr sudoers.ldap @mansectform@ , .Xr sudo_plugin @mansectsu@ , .Xr sudo @mansectsu@ , .Xr visudo @mansectsu@ .Sh CAVEATS The .Em sudoers file should .Sy always be edited by the .Nm visudo command which locks the file and does grammatical checking. It is imperative that .Em sudoers be free of syntax errors since .Nm sudo will not run with a syntactically incorrect .Em sudoers file. .Pp When using netgroups of machines (as opposed to users), if you store fully qualified host name in the netgroup (as is usually the case), you either need to have the machine's host name be fully qualified as returned by the .Li hostname command or use the .Em fqdn option in .Em sudoers . .Sh BUGS If you feel you have found a bug in .Nm sudo , please submit a bug report at http://www.sudo.ws/sudo/bugs/ .Sh SUPPORT Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. .Sh DISCLAIMER .Nm sudo is provided .Dq AS IS and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with .Nm sudo or http://www.sudo.ws/sudo/license.html for complete details. sudo-1.8.9p5/doc/sudoreplay.cat010064400175440000012000000307341226304127600160030ustar00millertstaffSUDOREPLAY(1m) System Manager's Manual SUDOREPLAY(1m) NNAAMMEE ssuuddoorreeppllaayy - replay sudo session logs SSYYNNOOPPSSIISS ssuuddoorreeppllaayy [--hh] [--dd _d_i_r] [--ff _f_i_l_t_e_r] [--mm _n_u_m] [--ss _n_u_m] ID ssuuddoorreeppllaayy [--hh] [--dd _d_i_r] --ll [search expression] DDEESSCCRRIIPPTTIIOONN ssuuddoorreeppllaayy plays back or lists the output logs created by ssuuddoo. When replaying, ssuuddoorreeppllaayy can play the session back in real-time, or the playback speed may be adjusted (faster or slower) based on the command line options. The _I_D should either be a six character sequence of digits and upper case letters, e.g. 0100A5, or a pattern matching the _i_o_l_o_g___f_i_l_e option in the _s_u_d_o_e_r_s file. When a command is run via ssuuddoo with _l_o_g___o_u_t_p_u_t enabled in the _s_u_d_o_e_r_s file, a TSID=ID string is logged via syslog or to the ssuuddoo log file. The _I_D may also be determined using ssuuddoorreeppllaayy's list mode. In list mode, ssuuddoorreeppllaayy can be used to find the ID of a session based on a number of criteria such as the user, tty or command run. In replay mode, if the standard output has not been redirected, ssuuddoorreeppllaayy will act on the following keys: `\n' or `\r' Skip to the next replay event; useful for long pauses. ` ' (space) Pause output; press any key to resume. `<' Reduce the playback speed by one half. `>' Double the playback speed. The options are as follows: --dd _d_i_r, ----ddiirreeccttoorryy=_d_i_r Store session logs in _d_i_r instead of the default, _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o. --ff _f_i_l_t_e_r, ----ffiilltteerr=_f_i_l_t_e_r Select which I/O type(s) to display. By default, ssuuddoorreeppllaayy will display the command's standard output, standard error and tty output. The _f_i_l_t_e_r argument is a comma-separated list, consisting of one or more of following: _s_t_d_o_u_t, _s_t_d_e_r_r, and _t_t_y_o_u_t. --hh, ----hheellpp Display a short help message to the standard output and exit. --ll, ----lliisstt [_s_e_a_r_c_h _e_x_p_r_e_s_s_i_o_n] Enable ``list mode''. In this mode, ssuuddoorreeppllaayy will list available sessions in a format similar to the ssuuddoo log file format, sorted by file name (or sequence number). If a _s_e_a_r_c_h _e_x_p_r_e_s_s_i_o_n is specified, it will be used to restrict the IDs that are displayed. An expression is composed of the following predicates: command _p_a_t_t_e_r_n Evaluates to true if the command run matches _p_a_t_t_e_r_n. On systems with POSIX regular expression support, the pattern may be an extended regular expression. On systems without POSIX regular expression support, a simple sub-string match is performed instead. cwd _d_i_r_e_c_t_o_r_y Evaluates to true if the command was run with the specified current working directory. fromdate _d_a_t_e Evaluates to true if the command was run on or after _d_a_t_e. See _D_a_t_e _a_n_d _t_i_m_e _f_o_r_m_a_t for a description of supported date and time formats. group _r_u_n_a_s___g_r_o_u_p Evaluates to true if the command was run with the specified _r_u_n_a_s___g_r_o_u_p. Note that unless a _r_u_n_a_s___g_r_o_u_p was explicitly specified when ssuuddoo was run this field will be empty in the log. runas _r_u_n_a_s___u_s_e_r Evaluates to true if the command was run as the specified _r_u_n_a_s___u_s_e_r. Note that ssuuddoo runs commands as user _r_o_o_t by default. todate _d_a_t_e Evaluates to true if the command was run on or prior to _d_a_t_e. See _D_a_t_e _a_n_d _t_i_m_e _f_o_r_m_a_t for a description of supported date and time formats. tty _t_t_y _n_a_m_e Evaluates to true if the command was run on the specified terminal device. The _t_t_y _n_a_m_e should be specified without the _/_d_e_v_/ prefix, e.g. _t_t_y_0_1 instead of _/_d_e_v_/_t_t_y_0_1. user _u_s_e_r _n_a_m_e Evaluates to true if the ID matches a command run by _u_s_e_r _n_a_m_e. Predicates may be abbreviated to the shortest unique string (currently all predicates may be shortened to a single character). Predicates may be combined using _a_n_d, _o_r and _! operators as well as `(' and `)' grouping (note that parentheses must generally be escaped from the shell). The _a_n_d operator is optional, adjacent predicates have an implied _a_n_d unless separated by an _o_r. --mm, ----mmaaxx--wwaaiitt _m_a_x___w_a_i_t Specify an upper bound on how long to wait between key presses or output data. By default, ssuuddoorreeppllaayy will accurately reproduce the delays between key presses or program output. However, this can be tedious when the session includes long pauses. When the --mm option is specified, ssuuddoorreeppllaayy will limit these pauses to at most _m_a_x___w_a_i_t seconds. The value may be specified as a floating point number, e.g. _2_._5. --ss, ----ssppeeeedd _s_p_e_e_d___f_a_c_t_o_r This option causes ssuuddoorreeppllaayy to adjust the number of seconds it will wait between key presses or program output. This can be used to slow down or speed up the display. For example, a _s_p_e_e_d___f_a_c_t_o_r of _2 would make the output twice as fast whereas a _s_p_e_e_d___f_a_c_t_o_r of _._5 would make the output twice as slow. --VV, ----vveerrssiioonn Print the ssuuddoorreeppllaayy versions version number and exit. DDaattee aanndd ttiimmee ffoorrmmaatt The time and date may be specified multiple ways, common formats include: HH:MM:SS am MM/DD/CCYY timezone 24 hour time may be used in place of am/pm. HH:MM:SS am Month, Day Year timezone 24 hour time may be used in place of am/pm, and month and day names may be abbreviated. Note that month and day of the week names must be specified in English. CCYY-MM-DD HH:MM:SS ISO time format DD Month CCYY HH:MM:SS The month name may be abbreviated. Either time or date may be omitted, the am/pm and timezone are optional. If no date is specified, the current day is assumed; if no time is specified, the first second of the specified date is used. The less significant parts of both time and date may also be omitted, in which case zero is assumed. The following are all valid time and date specifications: now The current time and date. tomorrow Exactly one day from now. yesterday 24 hours ago. 2 hours ago 2 hours ago. next Friday The first second of the Friday in the next (upcoming) week. Not to be confused with ``this friday'' which would match the friday of the current week. last week The current time but 7 days ago. This is equivalent to ``a week ago''. a fortnight ago The current time but 14 days ago. 10:01 am 9/17/2009 10:01 am, September 17, 2009. 10:01 am 10:01 am on the current day. 10 10:00 am on the current day. 9/17/2009 00:00 am, September 17, 2009. 10:01 am Sep 17, 2009 10:01 am, September 17, 2009. Note that relative time specifications do not always work as expected. For example, the ``next'' qualifier is intended to be used in conjunction with a day such as ``next Monday''. When used with units of weeks, months, years, etc the result will be one more than expected. For example, ``next week'' will result in a time exactly two weeks from now, which is probably not what was intended. This will be addressed in a future version of ssuuddoorreeppllaayy. FFIILLEESS _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o The default I/O log directory. _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_l_o_g Example session log info. _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_i_n Example session standard input log. _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_o_u_t Example session standard output log. _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_e_r_r Example session standard error log. _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_t_y_i_n Example session tty input file. _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_t_y_o_u_t Example session tty output file. _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_i_m_i_n_g Example session timing file. Note that the _s_t_d_i_n, _s_t_d_o_u_t and _s_t_d_e_r_r files will be empty unless ssuuddoo was used as part of a pipeline for a particular command. EEXXAAMMPPLLEESS List sessions run by user _m_i_l_l_e_r_t: # sudoreplay -l user millert List sessions run by user _b_o_b with a command containing the string vi: # sudoreplay -l user bob command vi List sessions run by user _j_e_f_f that match a regular expression: # sudoreplay -l user jeff command '/bin/[a-z]*sh' List sessions run by jeff or bob on the console: # sudoreplay -l ( user jeff or user bob ) tty console SSEEEE AALLSSOO sudo(1m), script(1) AAUUTTHHOORRSS Todd C. Miller BBUUGGSS If you feel you have found a bug in ssuuddoorreeppllaayy, please submit a bug report at http://www.sudo.ws/sudo/bugs/ SSUUPPPPOORRTT Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. DDIISSCCLLAAIIMMEERR ssuuddoorreeppllaayy is provided ``AS IS'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. Sudo 1.8.9 October 28, 2013 Sudo 1.8.9 sudo-1.8.9p5/doc/sudoreplay.man.in010064400175440000012000000243601226304127600164120ustar00millertstaff.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! .\" IT IS GENERATED AUTOMATICALLY FROM sudoreplay.mdoc.in .\" .\" Copyright (c) 2009-2013 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .TH "SUDOREPLAY" "@mansectsu@" "October 28, 2013" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .nh .if n .ad l .SH "NAME" \fBsudoreplay\fR \- replay sudo session logs .SH "SYNOPSIS" .HP 11n \fBsudoreplay\fR [\fB\-h\fR] [\fB\-d\fR\ \fIdir\fR] [\fB\-f\fR\ \fIfilter\fR] [\fB\-m\fR\ \fInum\fR] [\fB\-s\fR\ \fInum\fR] ID .HP 11n \fBsudoreplay\fR [\fB\-h\fR] [\fB\-d\fR\ \fIdir\fR] \fB\-l\fR [search expression] .SH "DESCRIPTION" \fBsudoreplay\fR plays back or lists the output logs created by \fBsudo\fR. When replaying, \fBsudoreplay\fR can play the session back in real-time, or the playback speed may be adjusted (faster or slower) based on the command line options. .PP The \fIID\fR should either be a six character sequence of digits and upper case letters, e.g.\& \fR0100A5\fR, or a pattern matching the \fIiolog_file\fR option in the \fIsudoers\fR file. When a command is run via \fBsudo\fR with \fIlog_output\fR enabled in the \fIsudoers\fR file, a \fRTSID=ID\fR string is logged via syslog or to the \fBsudo\fR log file. The \fIID\fR may also be determined using \fBsudoreplay\fR's list mode. .PP In list mode, \fBsudoreplay\fR can be used to find the ID of a session based on a number of criteria such as the user, tty or command run. .PP In replay mode, if the standard output has not been redirected, \fBsudoreplay\fR will act on the following keys: .TP 14n `\fR\en\fR' or `\fR\er\fR' Skip to the next replay event; useful for long pauses. .TP 14n `\fR\ \fR' (space) Pause output; press any key to resume. .TP 14n `<' Reduce the playback speed by one half. .TP 14n `>' Double the playback speed. .PP The options are as follows: .TP 12n \fB\-d\fR \fIdir\fR, \fB\--directory\fR=\fIdir\fR Store session logs in \fIdir\fR instead of the default, \fI@iolog_dir@\fR. .TP 12n \fB\-f\fR \fIfilter\fR, \fB\--filter\fR=\fIfilter\fR Select which I/O type(s) to display. By default, \fBsudoreplay\fR will display the command's standard output, standard error and tty output. The \fIfilter\fR argument is a comma-separated list, consisting of one or more of following: \fIstdout\fR, \fIstderr\fR, and \fIttyout\fR. .TP 12n \fB\-h\fR, \fB\--help\fR Display a short help message to the standard output and exit. .TP 12n \fB\-l\fR, \fB\--list\fR [\fIsearch expression\fR] Enable ``list mode''. In this mode, \fBsudoreplay\fR will list available sessions in a format similar to the \fBsudo\fR log file format, sorted by file name (or sequence number). If a \fIsearch expression\fR is specified, it will be used to restrict the IDs that are displayed. An expression is composed of the following predicates: .RS .TP 8n command \fIpattern\fR Evaluates to true if the command run matches \fIpattern\fR. On systems with POSIX regular expression support, the pattern may be an extended regular expression. On systems without POSIX regular expression support, a simple sub-string match is performed instead. .TP 8n cwd \fIdirectory\fR Evaluates to true if the command was run with the specified current working directory. .TP 8n fromdate \fIdate\fR Evaluates to true if the command was run on or after \fIdate\fR. See \fIDate and time format\fR for a description of supported date and time formats. .TP 8n group \fIrunas_group\fR Evaluates to true if the command was run with the specified \fIrunas_group\fR. Note that unless a \fIrunas_group\fR was explicitly specified when \fBsudo\fR was run this field will be empty in the log. .TP 8n runas \fIrunas_user\fR Evaluates to true if the command was run as the specified \fIrunas_user\fR. Note that \fBsudo\fR runs commands as user \fIroot\fR by default. .TP 8n todate \fIdate\fR Evaluates to true if the command was run on or prior to \fIdate\fR. See \fIDate and time format\fR for a description of supported date and time formats. .TP 8n tty \fItty name\fR Evaluates to true if the command was run on the specified terminal device. The \fItty name\fR should be specified without the \fI/dev/\fR prefix, e.g.\& \fItty01\fR instead of \fI/dev/tty01\fR. .TP 8n user \fIuser name\fR Evaluates to true if the ID matches a command run by \fIuser name\fR. .PP Predicates may be abbreviated to the shortest unique string (currently all predicates may be shortened to a single character). .sp Predicates may be combined using \fIand\fR, \fIor\fR and \fI\&!\fR operators as well as `\&(' and `\&)' grouping (note that parentheses must generally be escaped from the shell). The \fIand\fR operator is optional, adjacent predicates have an implied \fIand\fR unless separated by an \fIor\fR. .PP .RE .PD 0 .TP 12n \fB\-m\fR, \fB\--max-wait\fR \fImax_wait\fR Specify an upper bound on how long to wait between key presses or output data. By default, \fBsudoreplay\fR will accurately reproduce the delays between key presses or program output. However, this can be tedious when the session includes long pauses. When the \fB\-m\fR option is specified, \fBsudoreplay\fR will limit these pauses to at most \fImax_wait\fR seconds. The value may be specified as a floating point number, e.g.\& \fI2.5\fR. .PD .TP 12n \fB\-s\fR, \fB\--speed\fR \fIspeed_factor\fR This option causes \fBsudoreplay\fR to adjust the number of seconds it will wait between key presses or program output. This can be used to slow down or speed up the display. For example, a \fIspeed_factor\fR of \fI2\fR would make the output twice as fast whereas a \fIspeed_factor\fR of \fI.5\fR would make the output twice as slow. .TP 12n \fB\-V\fR, \fB\--version\fR Print the \fBsudoreplay\fR versions version number and exit. .SS "Date and time format" The time and date may be specified multiple ways, common formats include: .TP 8n HH:MM:SS am MM/DD/CCYY timezone 24 hour time may be used in place of am/pm. .TP 8n HH:MM:SS am Month, Day Year timezone 24 hour time may be used in place of am/pm, and month and day names may be abbreviated. Note that month and day of the week names must be specified in English. .TP 8n CCYY-MM-DD HH:MM:SS ISO time format .TP 8n DD Month CCYY HH:MM:SS The month name may be abbreviated. .PP Either time or date may be omitted, the am/pm and timezone are optional. If no date is specified, the current day is assumed; if no time is specified, the first second of the specified date is used. The less significant parts of both time and date may also be omitted, in which case zero is assumed. .PP The following are all valid time and date specifications: .TP 8n now The current time and date. .TP 8n tomorrow Exactly one day from now. .TP 8n yesterday 24 hours ago. .TP 8n 2 hours ago 2 hours ago. .TP 8n next Friday The first second of the Friday in the next (upcoming) week. Not to be confused with ``this friday'' which would match the friday of the current week. .TP 8n last week The current time but 7 days ago. This is equivalent to ``a week ago''. .TP 8n a fortnight ago The current time but 14 days ago. .TP 8n 10:01 am 9/17/2009 10:01 am, September 17, 2009. .TP 8n 10:01 am 10:01 am on the current day. .TP 8n 10 10:00 am on the current day. .TP 8n 9/17/2009 00:00 am, September 17, 2009. .TP 8n 10:01 am Sep 17, 2009 10:01 am, September 17, 2009. .PP Note that relative time specifications do not always work as expected. For example, the ``next'' qualifier is intended to be used in conjunction with a day such as ``next Monday''. When used with units of weeks, months, years, etc the result will be one more than expected. For example, ``next week'' will result in a time exactly two weeks from now, which is probably not what was intended. This will be addressed in a future version of \fBsudoreplay\fR. .SH "FILES" .TP 26n \fI@iolog_dir@\fR The default I/O log directory. .TP 26n \fI@iolog_dir@/00/00/01/log\fR Example session log info. .TP 26n \fI@iolog_dir@/00/00/01/stdin\fR Example session standard input log. .TP 26n \fI@iolog_dir@/00/00/01/stdout\fR Example session standard output log. .TP 26n \fI@iolog_dir@/00/00/01/stderr\fR Example session standard error log. .TP 26n \fI@iolog_dir@/00/00/01/ttyin\fR Example session tty input file. .TP 26n \fI@iolog_dir@/00/00/01/ttyout\fR Example session tty output file. .TP 26n \fI@iolog_dir@/00/00/01/timing\fR Example session timing file. .PP Note that the \fIstdin\fR, \fIstdout\fR and \fIstderr\fR files will be empty unless \fBsudo\fR was used as part of a pipeline for a particular command. .SH "EXAMPLES" List sessions run by user \fImillert\fR: .nf .sp .RS 6n # sudoreplay -l user millert .RE .fi .PP List sessions run by user \fIbob\fR with a command containing the string vi: .nf .sp .RS 6n # sudoreplay -l user bob command vi .RE .fi .PP List sessions run by user \fIjeff\fR that match a regular expression: .nf .sp .RS 6n # sudoreplay -l user jeff command '/bin/[a-z]*sh' .RE .fi .PP List sessions run by jeff or bob on the console: .nf .sp .RS 6n # sudoreplay -l ( user jeff or user bob ) tty console .RE .fi .SH "SEE ALSO" sudo(@mansectsu@), script(1) .SH "AUTHORS" Todd C. Miller .SH "BUGS" If you feel you have found a bug in \fBsudoreplay\fR, please submit a bug report at http://www.sudo.ws/sudo/bugs/ .SH "SUPPORT" Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. .SH "DISCLAIMER" \fBsudoreplay\fR is provided ``AS IS'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html for complete details. sudo-1.8.9p5/doc/sudoreplay.mdoc.in010064400175440000012000000236041226304126200165540ustar00millertstaff.\" .\" Copyright (c) 2009-2013 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd October 28, 2013 .Dt SUDOREPLAY @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME .Nm sudoreplay .Nd replay sudo session logs .Sh SYNOPSIS .Nm sudoreplay .Op Fl h .Bk -words .Op Fl d Ar dir .Ek .Bk -words .Op Fl f Ar filter .Ek .Bk -words .Op Fl m Ar num .Ek .Bk -words .Op Fl s Ar num .Ek ID .Pp .Nm sudoreplay .Op Fl h .Bk -words .Op Fl d Ar dir .Ek .Fl l .Op search expression .Sh DESCRIPTION .Nm sudoreplay plays back or lists the output logs created by .Nm sudo . When replaying, .Nm sudoreplay can play the session back in real-time, or the playback speed may be adjusted (faster or slower) based on the command line options. .Pp The .Em ID should either be a six character sequence of digits and upper case letters, e.g.\& .Li 0100A5 , or a pattern matching the .Em iolog_file option in the .Em sudoers file. When a command is run via .Nm sudo with .Em log_output enabled in the .Em sudoers file, a .Li TSID=ID string is logged via syslog or to the .Nm sudo log file. The .Em ID may also be determined using .Nm sudoreplay Ns No 's list mode. .Pp In list mode, .Nm sudoreplay can be used to find the ID of a session based on a number of criteria such as the user, tty or command run. .Pp In replay mode, if the standard output has not been redirected, .Nm sudoreplay will act on the following keys: .Bl -tag -width 12n .It So Li \en Sc No or So Li \er Sc Skip to the next replay event; useful for long pauses. .It So Li \ Sc No (space) Pause output; press any key to resume. .It Ql < Reduce the playback speed by one half. .It Ql > Double the playback speed. .El .Pp The options are as follows: .Bl -tag -width Fl .It Fl d Ar dir , Fl -directory Ns No = Ns Ar dir Store session logs in .Ar dir instead of the default, .Pa @iolog_dir@ . .It Fl f Ar filter , Fl -filter Ns No = Ns Ar filter Select which I/O type(s) to display. By default, .Nm sudoreplay will display the command's standard output, standard error and tty output. The .Ar filter argument is a comma-separated list, consisting of one or more of following: .Em stdout , .Em stderr , and .Em ttyout . .It Fl h , -help Display a short help message to the standard output and exit. .It Fl l , -list Op Ar search expression Enable .Dq list mode . In this mode, .Nm sudoreplay will list available sessions in a format similar to the .Nm sudo log file format, sorted by file name (or sequence number). If a .Ar search expression is specified, it will be used to restrict the IDs that are displayed. An expression is composed of the following predicates: .Bl -tag -width 6n .It command Ar pattern Evaluates to true if the command run matches .Ar pattern . On systems with POSIX regular expression support, the pattern may be an extended regular expression. On systems without POSIX regular expression support, a simple sub-string match is performed instead. .It cwd Ar directory Evaluates to true if the command was run with the specified current working directory. .It fromdate Ar date Evaluates to true if the command was run on or after .Ar date . See .Sx Date and time format for a description of supported date and time formats. .It group Ar runas_group Evaluates to true if the command was run with the specified .Ar runas_group . Note that unless a .Ar runas_group was explicitly specified when .Nm sudo was run this field will be empty in the log. .It runas Ar runas_user Evaluates to true if the command was run as the specified .Ar runas_user . Note that .Nm sudo runs commands as user .Em root by default. .It todate Ar date Evaluates to true if the command was run on or prior to .Ar date . See .Sx Date and time format for a description of supported date and time formats. .It tty Ar tty name Evaluates to true if the command was run on the specified terminal device. The .Ar tty name should be specified without the .Pa /dev/ prefix, e.g.\& .Pa tty01 instead of .Pa /dev/tty01 . .It user Ar user name Evaluates to true if the ID matches a command run by .Ar user name . .El .Pp Predicates may be abbreviated to the shortest unique string (currently all predicates may be shortened to a single character). .Pp Predicates may be combined using .Em and , .Em or and .Em \&! operators as well as .Ql \&( and .Ql \&) grouping (note that parentheses must generally be escaped from the shell). The .Em and operator is optional, adjacent predicates have an implied .Em and unless separated by an .Em or . .It Fl m , -max-wait Ar max_wait Specify an upper bound on how long to wait between key presses or output data. By default, .Nm sudoreplay will accurately reproduce the delays between key presses or program output. However, this can be tedious when the session includes long pauses. When the .Fl m option is specified, .Nm sudoreplay will limit these pauses to at most .Em max_wait seconds. The value may be specified as a floating point number, e.g.\& .Em 2.5 . .It Fl s , -speed Ar speed_factor This option causes .Nm sudoreplay to adjust the number of seconds it will wait between key presses or program output. This can be used to slow down or speed up the display. For example, a .Ar speed_factor of .Em 2 would make the output twice as fast whereas a .Ar speed_factor of .Em .5 would make the output twice as slow. .It Fl V , -version Print the .Nm sudoreplay versions version number and exit. .El .Ss Date and time format The time and date may be specified multiple ways, common formats include: .Bl -tag -width 6n .It HH:MM:SS am MM/DD/CCYY timezone 24 hour time may be used in place of am/pm. .It HH:MM:SS am Month, Day Year timezone 24 hour time may be used in place of am/pm, and month and day names may be abbreviated. Note that month and day of the week names must be specified in English. .It CCYY-MM-DD HH:MM:SS ISO time format .It DD Month CCYY HH:MM:SS The month name may be abbreviated. .El .Pp Either time or date may be omitted, the am/pm and timezone are optional. If no date is specified, the current day is assumed; if no time is specified, the first second of the specified date is used. The less significant parts of both time and date may also be omitted, in which case zero is assumed. .Pp The following are all valid time and date specifications: .Bl -tag -width 6n .It now The current time and date. .It tomorrow Exactly one day from now. .It yesterday 24 hours ago. .It 2 hours ago 2 hours ago. .It next Friday The first second of the Friday in the next (upcoming) week. Not to be confused with .Dq this friday which would match the friday of the current week. .It last week The current time but 7 days ago. This is equivalent to .Dq a week ago . .It a fortnight ago The current time but 14 days ago. .It 10:01 am 9/17/2009 10:01 am, September 17, 2009. .It 10:01 am 10:01 am on the current day. .It 10 10:00 am on the current day. .It 9/17/2009 00:00 am, September 17, 2009. .It 10:01 am Sep 17, 2009 10:01 am, September 17, 2009. .El .Pp Note that relative time specifications do not always work as expected. For example, the .Dq next qualifier is intended to be used in conjunction with a day such as .Dq next Monday . When used with units of weeks, months, years, etc the result will be one more than expected. For example, .Dq next week will result in a time exactly two weeks from now, which is probably not what was intended. This will be addressed in a future version of .Nm sudoreplay . .Sh FILES .Bl -tag -width 24n .It Pa @iolog_dir@ The default I/O log directory. .It Pa @iolog_dir@/00/00/01/log Example session log info. .It Pa @iolog_dir@/00/00/01/stdin Example session standard input log. .It Pa @iolog_dir@/00/00/01/stdout Example session standard output log. .It Pa @iolog_dir@/00/00/01/stderr Example session standard error log. .It Pa @iolog_dir@/00/00/01/ttyin Example session tty input file. .It Pa @iolog_dir@/00/00/01/ttyout Example session tty output file. .It Pa @iolog_dir@/00/00/01/timing Example session timing file. .El .Pp Note that the .Em stdin , .Em stdout and .Em stderr files will be empty unless .Nm sudo was used as part of a pipeline for a particular command. .Sh EXAMPLES List sessions run by user .Em millert : .Bd -literal -offset indent # sudoreplay -l user millert .Ed .Pp List sessions run by user .Em bob with a command containing the string vi: .Bd -literal -offset indent # sudoreplay -l user bob command vi .Ed .Pp List sessions run by user .Em jeff that match a regular expression: .Bd -literal -offset indent # sudoreplay -l user jeff command '/bin/[a-z]*sh' .Ed .Pp List sessions run by jeff or bob on the console: .Bd -literal -offset indent # sudoreplay -l ( user jeff or user bob ) tty console .Ed .Sh SEE ALSO .Xr sudo @mansectsu@ , .Xr script 1 .Sh AUTHORS Todd C. Miller .Sh BUGS If you feel you have found a bug in .Nm sudoreplay , please submit a bug report at http://www.sudo.ws/sudo/bugs/ .Sh SUPPORT Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. .Sh DISCLAIMER .Nm sudoreplay is provided .Dq AS IS and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with .Nm sudo or http://www.sudo.ws/sudo/license.html for complete details. sudo-1.8.9p5/doc/visudo.cat010064400175440000012000000206421226304127600151220ustar00millertstaffVISUDO(1m) System Manager's Manual VISUDO(1m) NNAAMMEE vviissuuddoo - edit the sudoers file SSYYNNOOPPSSIISS vviissuuddoo [--cchhqqssVV] [--ff _s_u_d_o_e_r_s] [--xx _f_i_l_e] DDEESSCCRRIIPPTTIIOONN vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous to vipw(1m). vviissuuddoo locks the _s_u_d_o_e_r_s file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the _s_u_d_o_e_r_s file is currently being edited you will receive a message to try again later. There is a hard-coded list of one or more editors that vviissuuddoo will use set at compile-time that may be overridden via the _e_d_i_t_o_r _s_u_d_o_e_r_s Default variable. This list defaults to vi. Normally, vviissuuddoo does not honor the VISUAL or EDITOR environment variables unless they contain an editor in the aforementioned editors list. However, if vviissuuddoo is configured with the --with-env-editor option or the _e_n_v___e_d_i_t_o_r Default variable is set in _s_u_d_o_e_r_s, vviissuuddoo will use any the editor defines by VISUAL or EDITOR. Note that this can be a security hole since it allows the user to execute any program they wish simply by setting VISUAL or EDITOR. vviissuuddoo parses the _s_u_d_o_e_r_s file after the edit and will not save the changes if there is a syntax error. Upon finding an error, vviissuuddoo will print a message stating the line number(s) where the error occurred and the user will receive the ``What now?'' prompt. At this point the user may enter `e' to re-edit the _s_u_d_o_e_r_s file, `x' to exit without saving the changes, or `Q' to quit and save changes. The `Q' option should be used with extreme care because if vviissuuddoo believes there to be a parse error, so will ssuuddoo and no one will be able to ssuuddoo again until the error is fixed. If `e' is typed to edit the _s_u_d_o_e_r_s file after a parse error has been detected, the cursor will be placed on the line where the error occurred (if the editor supports this feature). The options are as follows: --cc, ----cchheecckk Enable _c_h_e_c_k_-_o_n_l_y mode. The existing _s_u_d_o_e_r_s file will be checked for syntax errors, owner and mode. A message will be printed to the standard output describing the status of _s_u_d_o_e_r_s unless the --qq option was specified. If the check completes successfully, vviissuuddoo will exit with a value of 0. If an error is encountered, vviissuuddoo will exit with a value of 1. --ff _s_u_d_o_e_r_s, ----ffiillee=_s_u_d_o_e_r_s Specify an alternate _s_u_d_o_e_r_s file location. With this option, vviissuuddoo will edit (or check) the _s_u_d_o_e_r_s file of your choice, instead of the default, _/_e_t_c_/_s_u_d_o_e_r_s. The lock file used is the specified _s_u_d_o_e_r_s file with ``.tmp'' appended to it. In _c_h_e_c_k_-_o_n_l_y mode only, the argument to --ff may be `-', indicating that _s_u_d_o_e_r_s will be read from the standard input. --hh, ----hheellpp Display a short help message to the standard output and exit. --qq, ----qquuiieett Enable _q_u_i_e_t mode. In this mode details about syntax errors are not printed. This option is only useful when combined with the --cc option. --ss, ----ssttrriicctt Enable _s_t_r_i_c_t checking of the _s_u_d_o_e_r_s file. If an alias is used before it is defined, vviissuuddoo will consider this a parse error. Note that it is not possible to differentiate between an alias and a host name or user name that consists solely of uppercase letters, digits, and the underscore (`_') character. --VV, ----vveerrssiioonn Print the vviissuuddoo and _s_u_d_o_e_r_s grammar versions and exit. --xx _f_i_l_e, ----eexxppoorrtt=_f_i_l_e Export _s_u_d_o_e_r_s in JSON format and write it to _f_i_l_e. If _f_i_l_e is `-', the exported _s_u_d_o_e_r_s policy will to be written to the standard output. The exported format is intended to be easier for third-party applications to parse that the traditional _s_u_d_o_e_r_s format. The various values have explicit types which removes much of the ambiguity of the _s_u_d_o_e_r_s format. EENNVVIIRROONNMMEENNTT The following environment variables may be consulted depending on the value of the _e_d_i_t_o_r and _e_n_v___e_d_i_t_o_r _s_u_d_o_e_r_s settings: VISUAL Invoked by vviissuuddoo as the editor to use EDITOR Used by vviissuuddoo if VISUAL is not set FFIILLEESS _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what _/_e_t_c_/_s_u_d_o_e_r_s_._t_m_p Lock file for visudo DDIIAAGGNNOOSSTTIICCSS sudoers file busy, try again later. Someone else is currently editing the _s_u_d_o_e_r_s file. /etc/sudoers.tmp: Permission denied You didn't run vviissuuddoo as root. Can't find you in the passwd database Your user ID does not appear in the system passwd file. Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed that consists solely of uppercase letters, digits, and the underscore (`_') character. In the latter case, you can ignore the warnings (ssuuddoo will not complain). In --ss (strict) mode these are errors, not warnings. Warning: unused {User,Runas,Host,Cmnd}_Alias The specified {User,Runas,Host,Cmnd}_Alias was defined but never used. You may wish to comment out or remove the unused alias. In --ss (strict) mode this is an error, not a warning. Warning: cycle in {User,Runas,Host,Cmnd}_Alias The specified {User,Runas,Host,Cmnd}_Alias includes a reference to itself, either directly or through an alias it includes. This is only a warning by default as ssuuddoo will ignore cycles when parsing the _s_u_d_o_e_r_s file. SSEEEE AALLSSOO vi(1), sudoers(4), sudo(1m), vipw(1m) AAUUTTHHOORRSS Many people have worked on ssuuddoo over the years; this version consists of code written primarily by: Todd C. Miller See the CONTRIBUTORS file in the ssuuddoo distribution (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of people who have contributed to ssuuddoo. CCAAVVEEAATTSS There is no easy way to prevent a user from gaining a root shell if the editor used by vviissuuddoo allows shell escapes. BBUUGGSS If you feel you have found a bug in vviissuuddoo, please submit a bug report at http://www.sudo.ws/sudo/bugs/ SSUUPPPPOORRTT Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. DDIISSCCLLAAIIMMEERR vviissuuddoo is provided ``AS IS'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. Sudo 1.8.9 December 16, 2013 Sudo 1.8.9 sudo-1.8.9p5/doc/visudo.man.in010064400175440000012000000202511226304127600155270ustar00millertstaff.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! .\" IT IS GENERATED AUTOMATICALLY FROM visudo.mdoc.in .\" .\" Copyright (c) 1996,1998-2005, 2007-2013 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .\" Sponsored in part by the Defense Advanced Research Projects .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" .TH "VISUDO" "@mansectsu@" "December 16, 2013" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .nh .if n .ad l .SH "NAME" \fBvisudo\fR \- edit the sudoers file .SH "SYNOPSIS" .HP 7n \fBvisudo\fR [\fB\-chqsV\fR] [\fB\-f\fR\ \fIsudoers\fR] [\fB\-x\fR\ \fIfile\fR] .SH "DESCRIPTION" \fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to vipw(@mansectsu@). \fBvisudo\fR locks the \fIsudoers\fR file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the \fIsudoers\fR file is currently being edited you will receive a message to try again later. .PP There is a hard-coded list of one or more editors that \fBvisudo\fR will use set at compile-time that may be overridden via the \fIeditor\fR \fIsudoers\fR \fRDefault\fR variable. This list defaults to \fR@editor@\fR. Normally, \fBvisudo\fR does not honor the \fRVISUAL\fR or \fREDITOR\fR environment variables unless they contain an editor in the aforementioned editors list. However, if \fBvisudo\fR is configured with the \fR--with-env-editor\fR option or the \fIenv_editor\fR \fRDefault\fR variable is set in \fIsudoers\fR, \fBvisudo\fR will use any the editor defines by \fRVISUAL\fR or \fREDITOR\fR. Note that this can be a security hole since it allows the user to execute any program they wish simply by setting \fRVISUAL\fR or \fREDITOR\fR. .PP \fBvisudo\fR parses the \fIsudoers\fR file after the edit and will not save the changes if there is a syntax error. Upon finding an error, \fBvisudo\fR will print a message stating the line number(s) where the error occurred and the user will receive the ``What now?'' prompt. At this point the user may enter `e' to re-edit the \fIsudoers\fR file, `x' to exit without saving the changes, or `Q' to quit and save changes. The `Q' option should be used with extreme care because if \fBvisudo\fR believes there to be a parse error, so will \fBsudo\fR and no one will be able to \fBsudo\fR again until the error is fixed. If `e' is typed to edit the \fIsudoers\fR file after a parse error has been detected, the cursor will be placed on the line where the error occurred (if the editor supports this feature). .PP The options are as follows: .TP 12n \fB\-c\fR, \fB\--check\fR Enable \fIcheck-only\fR mode. The existing \fIsudoers\fR file will be checked for syntax errors, owner and mode. A message will be printed to the standard output describing the status of \fIsudoers\fR unless the \fB\-q\fR option was specified. If the check completes successfully, \fBvisudo\fR will exit with a value of 0. If an error is encountered, \fBvisudo\fR will exit with a value of 1. .TP 12n \fB\-f\fR \fIsudoers\fR, \fB\--file\fR=\fIsudoers\fR Specify an alternate \fIsudoers\fR file location. With this option, \fBvisudo\fR will edit (or check) the \fIsudoers\fR file of your choice, instead of the default, \fI@sysconfdir@/sudoers\fR. The lock file used is the specified \fIsudoers\fR file with ``\.tmp'' appended to it. In \fIcheck-only\fR mode only, the argument to \fB\-f\fR may be `-', indicating that \fIsudoers\fR will be read from the standard input. .TP 12n \fB\-h\fR, \fB\--help\fR Display a short help message to the standard output and exit. .TP 12n \fB\-q\fR, \fB\--quiet\fR Enable \fIquiet\fR mode. In this mode details about syntax errors are not printed. This option is only useful when combined with the \fB\-c\fR option. .TP 12n \fB\-s\fR, \fB\--strict\fR Enable \fIstrict\fR checking of the \fIsudoers\fR file. If an alias is used before it is defined, \fBvisudo\fR will consider this a parse error. Note that it is not possible to differentiate between an alias and a host name or user name that consists solely of uppercase letters, digits, and the underscore (`_') character. .TP 12n \fB\-V\fR, \fB\--version\fR Print the \fBvisudo\fR and \fIsudoers\fR grammar versions and exit. .TP 12n \fB\-x\fR \fIfile\fR, \fB\--export\fR=\fIfile\fR Export \fIsudoers\fR in JSON format and write it to \fIfile\fR. If \fIfile\fR is `-', the exported \fIsudoers\fR policy will to be written to the standard output. The exported format is intended to be easier for third-party applications to parse that the traditional \fIsudoers\fR format. The various values have explicit types which removes much of the ambiguity of the \fIsudoers\fR format. .SH "ENVIRONMENT" The following environment variables may be consulted depending on the value of the \fIeditor\fR and \fIenv_editor\fR \fIsudoers\fR settings: .TP 17n \fRVISUAL\fR Invoked by \fBvisudo\fR as the editor to use .TP 17n \fREDITOR\fR Used by \fBvisudo\fR if \fRVISUAL\fR is not set .SH "FILES" .TP 26n \fI@sysconfdir@/sudoers\fR List of who can run what .TP 26n \fI@sysconfdir@/sudoers.tmp\fR Lock file for visudo .SH "DIAGNOSTICS" .TP 6n \fRsudoers file busy, try again later.\fR Someone else is currently editing the \fIsudoers\fR file. .TP 6n \fR@sysconfdir@/sudoers.tmp: Permission denied\fR You didn't run \fBvisudo\fR as root. .TP 6n \fRCan't find you in the passwd database\fR Your user ID does not appear in the system passwd file. .TP 6n \fRWarning: {User,Runas,Host,Cmnd}_Alias referenced but not defined\fR Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed that consists solely of uppercase letters, digits, and the underscore (`_') character. In the latter case, you can ignore the warnings (\fBsudo\fR will not complain) \&. In \fB\-s\fR (strict) mode these are errors, not warnings. .TP 6n \fRWarning: unused {User,Runas,Host,Cmnd}_Alias\fR The specified {User,Runas,Host,Cmnd}_Alias was defined but never used. You may wish to comment out or remove the unused alias. In \fB\-s\fR (strict) mode this is an error, not a warning. .TP 6n \fRWarning: cycle in {User,Runas,Host,Cmnd}_Alias\fR The specified {User,Runas,Host,Cmnd}_Alias includes a reference to itself, either directly or through an alias it includes. This is only a warning by default as \fBsudo\fR will ignore cycles when parsing the \fIsudoers\fR file. .SH "SEE ALSO" vi(1), sudoers(@mansectform@), sudo(@mansectsu@), vipw(@mansectsu@) .SH "AUTHORS" Many people have worked on \fBsudo\fR over the years; this version consists of code written primarily by: .sp .RS 6n Todd C. Miller .RE .PP See the CONTRIBUTORS file in the \fBsudo\fR distribution (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of people who have contributed to \fBsudo\fR. .SH "CAVEATS" There is no easy way to prevent a user from gaining a root shell if the editor used by \fBvisudo\fR allows shell escapes. .SH "BUGS" If you feel you have found a bug in \fBvisudo\fR, please submit a bug report at http://www.sudo.ws/sudo/bugs/ .SH "SUPPORT" Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. .SH "DISCLAIMER" \fBvisudo\fR is provided ``AS IS'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html for complete details. sudo-1.8.9p5/doc/visudo.mdoc.in010064400175440000012000000175421226304126200157020ustar00millertstaff.\" .\" Copyright (c) 1996,1998-2005, 2007-2013 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .\" Sponsored in part by the Defense Advanced Research Projects .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" .Dd December 16, 2013 .Dt VISUDO @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME .Nm visudo .Nd edit the sudoers file .Sh SYNOPSIS .Nm visudo .Op Fl chqsV .Bk -words .Op Fl f Ar sudoers .Ek .Bk -words .Op Fl x Ar file .Ek .Sh DESCRIPTION .Nm visudo edits the .Em sudoers file in a safe fashion, analogous to .Xr vipw @mansectsu@ . .Nm visudo locks the .Em sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the .Em sudoers file is currently being edited you will receive a message to try again later. .Pp There is a hard-coded list of one or more editors that .Nm visudo will use set at compile-time that may be overridden via the .Em editor .Em sudoers .Li Default variable. This list defaults to .Li "@editor@" . Normally, .Nm visudo does not honor the .Ev VISUAL or .Ev EDITOR environment variables unless they contain an editor in the aforementioned editors list. However, if .Nm visudo is configured with the .Li --with-env-editor option or the .Em env_editor .Li Default variable is set in .Em sudoers , .Nm visudo will use any the editor defines by .Ev VISUAL or .Ev EDITOR . Note that this can be a security hole since it allows the user to execute any program they wish simply by setting .Ev VISUAL or .Ev EDITOR . .Pp .Nm visudo parses the .Em sudoers file after the edit and will not save the changes if there is a syntax error. Upon finding an error, .Nm visudo will print a message stating the line number(s) where the error occurred and the user will receive the .Dq What now? prompt. At this point the user may enter .Ql e to re-edit the .Em sudoers file, .Ql x to exit without saving the changes, or .Ql Q to quit and save changes. The .Ql Q option should be used with extreme care because if .Nm visudo believes there to be a parse error, so will .Nm sudo and no one will be able to .Nm sudo again until the error is fixed. If .Ql e is typed to edit the .Em sudoers file after a parse error has been detected, the cursor will be placed on the line where the error occurred (if the editor supports this feature). .Pp The options are as follows: .Bl -tag -width Fl .It Fl c , -check Enable .Em check-only mode. The existing .Em sudoers file will be checked for syntax errors, owner and mode. A message will be printed to the standard output describing the status of .Em sudoers unless the .Fl q option was specified. If the check completes successfully, .Nm visudo will exit with a value of 0. If an error is encountered, .Nm visudo will exit with a value of 1. .It Fl f Ar sudoers , Fl -file Ns No = Ns Ar sudoers Specify an alternate .Em sudoers file location. With this option, .Nm visudo will edit (or check) the .Em sudoers file of your choice, instead of the default, .Pa @sysconfdir@/sudoers . The lock file used is the specified .Em sudoers file with .Dq \.tmp appended to it. In .Em check-only mode only, the argument to .Fl f may be .Ql - , indicating that .Em sudoers will be read from the standard input. .It Fl h , -help Display a short help message to the standard output and exit. .It Fl q , -quiet Enable .Em quiet mode. In this mode details about syntax errors are not printed. This option is only useful when combined with the .Fl c option. .It Fl s , -strict Enable .Em strict checking of the .Em sudoers file. If an alias is used before it is defined, .Nm visudo will consider this a parse error. Note that it is not possible to differentiate between an alias and a host name or user name that consists solely of uppercase letters, digits, and the underscore .Pq Ql _ character. .It Fl V , -version Print the .Nm visudo and .Em sudoers grammar versions and exit. .It Fl x Ar file , Fl -export Ns No = Ns Ar file Export .Em sudoers in JSON format and write it to .Ar file . If .Ar file is .Ql - , the exported .Em sudoers policy will to be written to the standard output. The exported format is intended to be easier for third-party applications to parse that the traditional .Em sudoers format. The various values have explicit types which removes much of the ambiguity of the .Em sudoers format. .El .Sh ENVIRONMENT The following environment variables may be consulted depending on the value of the .Em editor and .Em env_editor .Em sudoers settings: .Bl -tag -width 15n .It Ev VISUAL Invoked by .Nm visudo as the editor to use .It Ev EDITOR Used by .Nm visudo if .Ev VISUAL is not set .El .Sh FILES .Bl -tag -width 24n .It Pa @sysconfdir@/sudoers List of who can run what .It Pa @sysconfdir@/sudoers.tmp Lock file for visudo .El .Sh DIAGNOSTICS .Bl -tag -width 4n .It Li sudoers file busy, try again later. Someone else is currently editing the .Em sudoers file. .It Li @sysconfdir@/sudoers.tmp: Permission denied You didn't run .Nm visudo as root. .It Li Can't find you in the passwd database Your user ID does not appear in the system passwd file. .It Li Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed that consists solely of uppercase letters, digits, and the underscore .Pq Ql _ character. In the latter case, you can ignore the warnings .Po .Nm sudo will not complain .Pc . In .Fl s (strict) mode these are errors, not warnings. .It Li Warning: unused {User,Runas,Host,Cmnd}_Alias The specified {User,Runas,Host,Cmnd}_Alias was defined but never used. You may wish to comment out or remove the unused alias. In .Fl s (strict) mode this is an error, not a warning. .It Li Warning: cycle in {User,Runas,Host,Cmnd}_Alias The specified {User,Runas,Host,Cmnd}_Alias includes a reference to itself, either directly or through an alias it includes. This is only a warning by default as .Nm sudo will ignore cycles when parsing the .Em sudoers file. .El .Sh SEE ALSO .Xr vi 1 , .Xr sudoers @mansectform@ , .Xr sudo @mansectsu@ , .Xr vipw @mansectsu@ .Sh AUTHORS Many people have worked on .Nm sudo over the years; this version consists of code written primarily by: .Bd -ragged -offset indent Todd C. Miller .Ed .Pp See the CONTRIBUTORS file in the .Nm sudo distribution (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of people who have contributed to .Nm sudo . .Sh CAVEATS There is no easy way to prevent a user from gaining a root shell if the editor used by .Nm visudo allows shell escapes. .Sh BUGS If you feel you have found a bug in .Nm visudo , please submit a bug report at http://www.sudo.ws/sudo/bugs/ .Sh SUPPORT Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. .Sh DISCLAIMER .Nm visudo is provided .Dq AS IS and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with .Nm sudo or http://www.sudo.ws/sudo/license.html for complete details. sudo-1.8.9p5/include/Makefile.in010064400175440000012000000041341226304126200160340ustar00millertstaff# # Copyright (c) 2011-2012 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # @configure_input@ # #### Start of system configuration section. #### srcdir = @srcdir@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ includedir = @includedir@ cross_compiling = @CROSS_COMPILING@ # Our install program supports extra flags... INSTALL = $(SHELL) $(top_srcdir)/install-sh -c # Where to install things... prefix = @prefix@ exec_prefix = @exec_prefix@ bindir = @bindir@ sbindir = @sbindir@ sysconfdir = @sysconfdir@ libexecdir = @libexecdir@ datarootdir = @datarootdir@ localstatedir = @localstatedir@ # User and group ids the installed files should be "owned" by install_uid = 0 install_gid = 0 #### End of system configuration section. #### SHELL = @SHELL@ all: Makefile: $(srcdir)/Makefile.in (cd $(top_builddir) && ./config.status --file include/Makefile) .SUFFIXES: .h pre-install: install: install-includes install-dirs: $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(includedir) install-binaries: install-doc: install-includes: install-dirs $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 $(srcdir)/sudo_plugin.h $(DESTDIR)$(includedir) install-plugin: uninstall: -rm -f $(DESTDIR)$(includedir)/sudo_plugin.h check: clean: mostlyclean: clean distclean: clean -rm -rf Makefile clobber: distclean realclean: distclean cleandir: distclean sudo-1.8.9p5/include/alloc.h010064400175440000012000000026401226304126200152320ustar00millertstaff/* * Copyright (c) 2009-2010, 2012-1013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDO_ALLOC_H #define _SUDO_ALLOC_H #include #undef efree #define efree(x) free((void *)(x)) int easprintf(char **, const char *, ...) __printflike(2, 3); int evasprintf(char **, const char *, va_list) __printflike(2, 0); void *ecalloc(size_t, size_t) __malloc_like; void *emalloc(size_t) __malloc_like; void *emalloc2(size_t, size_t) __malloc_like; void *erealloc(void *, size_t); void *erealloc3(void *, size_t, size_t); void *erecalloc(void *, size_t, size_t, size_t); char *estrdup(const char *) __malloc_like; char *estrndup(const char *, size_t) __malloc_like; #endif /* _SUDO_ALLOC_H */ sudo-1.8.9p5/include/fatal.h010064400175440000012000000134651226304126300152370ustar00millertstaff/* * Copyright (c) 2004, 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDO_FATAL_H_ #define _SUDO_FATAL_H_ #include #include /* * We wrap fatal/fatalx and warning/warningx so that the same output can * go to the debug file, if there is one. */ #if (defined(SUDO_ERROR_WRAP) && SUDO_ERROR_WRAP == 0) || defined(NO_VARIADIC_MACROS) # define fatal fatal_nodebug # define fatalx fatalx_nodebug # define warning warning_nodebug # define warningx warningx_nodebug # define vfatal(fmt, ap) fatal_nodebug((fmt), (ap)) # define vfatalx(fmt, ap) fatalx_nodebug((fmt), (ap)) # define vwarning(fmt, ap) warning_nodebug((fmt), (ap)) # define vwarningx(fmt, ap) warningx_nodebug((fmt), (ap)) #else /* SUDO_ERROR_WRAP */ # if defined(__GNUC__) && __GNUC__ == 2 # define fatal(fmt...) do { \ sudo_debug_printf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO|sudo_debug_subsys, \ fmt); \ fatal_nodebug(fmt); \ } while (0) # define fatalx(fmt...) do { \ sudo_debug_printf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|sudo_debug_subsys, fmt); \ fatalx_nodebug(fmt); \ } while (0) # define warning(fmt...) do { \ sudo_debug_printf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO|sudo_debug_subsys, \ fmt); \ warning_nodebug(fmt); \ } while (0) # define warningx(fmt...) do { \ sudo_debug_printf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|sudo_debug_subsys, fmt); \ warningx_nodebug(fmt); \ } while (0) # else # define fatal(...) do { \ sudo_debug_printf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO|sudo_debug_subsys, \ __VA_ARGS__); \ fatal_nodebug(__VA_ARGS__); \ } while (0) # define fatalx(...) do { \ sudo_debug_printf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|sudo_debug_subsys, __VA_ARGS__); \ fatalx_nodebug(__VA_ARGS__); \ } while (0) # define warning(...) do { \ sudo_debug_printf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO|sudo_debug_subsys, \ __VA_ARGS__); \ warning_nodebug(__VA_ARGS__); \ } while (0) # define warningx(...) do { \ sudo_debug_printf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|sudo_debug_subsys, __VA_ARGS__); \ warningx_nodebug(__VA_ARGS__); \ } while (0) # endif /* __GNUC__ == 2 */ # define vfatal(fmt, ap) do { \ va_list ap2; \ va_copy(ap2, (ap)); \ sudo_debug_vprintf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO|sudo_debug_subsys, \ (fmt), ap2); \ vfatal_nodebug((fmt), (ap)); \ } while (0) # define vfatalx(fmt, ap) do { \ va_list ap2; \ va_copy(ap2, (ap)); \ sudo_debug_vprintf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|sudo_debug_subsys, (fmt), ap2); \ vfatalx_nodebug((fmt), (ap)); \ } while (0) # define vwarning(fmt, ap) do { \ va_list ap2; \ va_copy(ap2, (ap)); \ sudo_debug_vprintf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO|sudo_debug_subsys, \ (fmt), ap2); \ vwarning_nodebug((fmt), (ap)); \ } while (0) # define vwarningx(fmt, ap) do { \ va_list ap2; \ va_copy(ap2, (ap)); \ sudo_debug_vprintf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|sudo_debug_subsys, (fmt), ap2); \ vwarningx_nodebug((fmt), (ap)); \ } while (0) #endif /* SUDO_ERROR_WRAP */ #define fatal_setjmp() (fatal_enable_setjmp(), sigsetjmp(fatal_jmp, 1)) #define fatal_longjmp(val) siglongjmp(fatal_jmp, val) extern int (*sudo_printf)(int msg_type, const char *fmt, ...); extern sigjmp_buf fatal_jmp; int fatal_callback_register(void (*func)(void)); char *warning_gettext(const char *msgid) __format_arg(1); void fatal_disable_setjmp(void); void fatal_enable_setjmp(void); void fatal_nodebug(const char *, ...) __printf0like(1, 2) __attribute__((__noreturn__)); void fatalx_nodebug(const char *, ...) __printflike(1, 2) __attribute__((__noreturn__)); void vfatal_nodebug(const char *, va_list ap) __printf0like(1, 0) __attribute__((__noreturn__)); void vfatalx_nodebug(const char *, va_list ap) __printflike(1, 0) __attribute__((__noreturn__)); void warning_nodebug(const char *, ...) __printf0like(1, 2); void warningx_nodebug(const char *, ...) __printflike(1, 2); void vwarning_nodebug(const char *, va_list ap) __printf0like(1, 0); void vwarningx_nodebug(const char *, va_list ap) __printflike(1, 0); #endif /* _SUDO_FATAL_H_ */ sudo-1.8.9p5/include/fileops.h010064400175440000012000000023271226304126300156040ustar00millertstaff/* * Copyright (c) 2010, 2011, 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDO_FILEOPS_H #define _SUDO_FILEOPS_H /* * Flags for lock_file() */ #define SUDO_LOCK 1 /* lock a file */ #define SUDO_TLOCK 2 /* test & lock a file (non-blocking) */ #define SUDO_UNLOCK 4 /* unlock a file */ struct timeval; bool lock_file(int, int); int touch(int, char *, struct timeval *); ssize_t sudo_parseln(char **buf, size_t *bufsize, unsigned int *lineno, FILE *fp); #endif /* _SUDO_FILEOPS_H */ sudo-1.8.9p5/include/gettext.h010064400175440000012000000045671226304126300156370ustar00millertstaff/* * Copyright (c) 2011-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDO_GETTEXT_H #define _SUDO_GETTEXT_H /* * Solaris locale.h includes libintl.h which causes problems when we * redefine the gettext functions. We include it first to avoid this. */ #include #ifdef HAVE_LIBINTL_H # include /* * If DEFAULT_TEXT_DOMAIN is defined, use its value as the domain for * gettext() and ngettext() instead of the value set by textdomain(). * This is used by the sudoers plugin as well as the convenience libraries. */ # ifdef DEFAULT_TEXT_DOMAIN # undef gettext # define gettext(String) \ dgettext(DEFAULT_TEXT_DOMAIN, String) # undef ngettext # define ngettext(String, String_Plural, N) \ dngettext(DEFAULT_TEXT_DOMAIN, String, String_Plural, N) # endif /* * Older versions of Solaris lack ngettext() so we have to kludge it. */ # ifndef HAVE_NGETTEXT # undef ngettext # define ngettext(String, String_Plural, N) \ ((N) == 1 ? gettext(String) : gettext(String_Plural)) # endif /* Gettext convenience macros */ # define _(String) gettext(String) # define gettext_noop(String) String # define N_(String) gettext_noop(String) # define U_(String) warning_gettext(String) #else /* !HAVE_LIBINTL_H */ /* * Internationalization is either unavailable or has been disabled. * Define away the gettext functions used by sudo. */ # define _(String) String # define N_(String) String # define U_(String) String # define textdomain(Domain) # define bindtextdomain(Package, Directory) # define ngettext(String, String_Plural, N) \ ((N) == 1 ? (String) : (String_Plural)) #endif /* HAVE_LIBINTL_H */ #endif /* _SUDO_GETTEXT_H */ sudo-1.8.9p5/include/lbuf.h010064400175440000012000000027261226304126300150760ustar00millertstaff/* * Copyright (c) 2007, 2010, 2011 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef _SUDO_LBUF_H #define _SUDO_LBUF_H /* * Line buffer struct. */ struct lbuf { int (*output)(const char *); char *buf; const char *continuation; int indent; int len; int size; int cols; }; void lbuf_init(struct lbuf *, int (*)(const char *), int, const char *, int); void lbuf_destroy(struct lbuf *); void lbuf_append(struct lbuf *, const char *, ...) __printflike(2, 3); void lbuf_append_quoted(struct lbuf *, const char *, const char *, ...) __printflike(3, 4); void lbuf_print(struct lbuf *); #endif /* _SUDO_LBUF_H */ sudo-1.8.9p5/include/missing.h010064400175440000012000000265351227253432500156310ustar00millertstaff/* * Copyright (c) 1996, 1998-2005, 2008, 2009-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #ifndef _SUDO_MISSING_H #define _SUDO_MISSING_H #include #ifdef STDC_HEADERS # include #endif #include /* * Macros and functions that may be missing on some operating systems. */ #ifndef __GNUC_PREREQ__ # ifdef __GNUC__ # define __GNUC_PREREQ__(ma, mi) \ ((__GNUC__ > (ma)) || (__GNUC__ == (ma) && __GNUC_MINOR__ >= (mi))) # else # define __GNUC_PREREQ__(ma, mi) 0 # endif #endif /* Define away __attribute__ for non-gcc or old gcc */ #if !defined(__attribute__) && !__GNUC_PREREQ__(2, 5) # define __attribute__(x) #endif /* For catching format string mismatches */ #ifndef __printflike # if __GNUC_PREREQ__(3, 3) # define __printflike(f, v) __attribute__((__format__ (__printf__, f, v))) __attribute__((__nonnull__ (f))) # elif __GNUC_PREREQ__(2, 7) # define __printflike(f, v) __attribute__((__format__ (__printf__, f, v))) # else # define __printflike(f, v) # endif #endif #ifndef __printf0like # if __GNUC_PREREQ__(2, 7) # define __printf0like(f, v) __attribute__((__format__ (__printf__, f, v))) # else # define __printf0like(f, v) # endif #endif #ifndef __format_arg # if __GNUC_PREREQ__(2, 7) # define __format_arg(f) __attribute__((__format_arg__ (f))) # else # define __format_arg(f) # endif #endif /* Hint to compiler that returned pointer is unique (malloc but not realloc). */ #ifndef __malloc_like # if __GNUC_PREREQ__(2, 96) # define __malloc_like __attribute__((__malloc__)) # else # define __malloc_like # endif #endif /* * Given the pointer x to the member m of the struct s, return * a pointer to the containing structure. */ #ifndef __containerof # define __containerof(x, s, m) ((s *)((char *)(x) - offsetof(s, m))) #endif #ifndef __dso_public # ifdef HAVE_DSO_VISIBILITY # if defined(__GNUC__) # define __dso_public __attribute__((__visibility__("default"))) # define __dso_hidden __attribute__((__visibility__("hidden"))) # elif defined(__SUNPRO_C) # define __dso_public __global # define __dso_hidden __hidden # else # define __dso_public __declspec(dllexport) # define __dso_hidden # endif # else # define __dso_public # define __dso_hidden # endif #endif /* * Pre-C99 compilers may lack a va_copy macro. */ #ifndef va_copy # ifdef __va_copy # define va_copy(d, s) __va_copy(d, s) # else # define va_copy(d, s) memcpy(&(d), &(s), sizeof(d)); # endif #endif /* * Some systems lack full limit definitions. */ #ifndef OPEN_MAX # define OPEN_MAX 256 #endif #ifndef LLONG_MAX # if defined(QUAD_MAX) # define LLONG_MAX QUAD_MAX # else # define LLONG_MAX 0x7fffffffffffffffLL # endif #endif #ifndef LLONG_MIN # if defined(QUAD_MIN) # define LLONG_MIN QUAD_MIN # else # define LLONG_MIN (-0x7fffffffffffffffLL-1) # endif #endif #ifndef ULLONG_MAX # if defined(UQUAD_MAX) # define ULLONG_MAX UQUAD_MAX # else # define ULLONG_MAX 0xffffffffffffffffULL # endif #endif #ifndef PATH_MAX # ifdef _POSIX_PATH_MAX # define PATH_MAX _POSIX_PATH_MAX # else # define PATH_MAX 256 # endif #endif #ifndef HOST_NAME_MAX # ifdef _POSIX_HOST_NAME_MAX # define HOST_NAME_MAX _POSIX_HOST_NAME_MAX # else # define HOST_NAME_MAX 255 # endif #endif /* * Posix versions for those without... */ #ifndef _S_IFMT # define _S_IFMT S_IFMT #endif /* _S_IFMT */ #ifndef _S_IFREG # define _S_IFREG S_IFREG #endif /* _S_IFREG */ #ifndef _S_IFDIR # define _S_IFDIR S_IFDIR #endif /* _S_IFDIR */ #ifndef _S_IFLNK # define _S_IFLNK S_IFLNK #endif /* _S_IFLNK */ #ifndef S_ISREG # define S_ISREG(m) (((m) & _S_IFMT) == _S_IFREG) #endif /* S_ISREG */ #ifndef S_ISDIR # define S_ISDIR(m) (((m) & _S_IFMT) == _S_IFDIR) #endif /* S_ISDIR */ /* * Some OS's may not have this. */ #ifndef S_IRWXU # define S_IRWXU 0000700 /* rwx for owner */ #endif /* S_IRWXU */ /* * These should be defined in but not everyone has them. */ #ifndef STDIN_FILENO # define STDIN_FILENO 0 #endif #ifndef STDOUT_FILENO # define STDOUT_FILENO 1 #endif #ifndef STDERR_FILENO # define STDERR_FILENO 2 #endif /* * BSD defines these in but we don't include that anymore. */ #ifndef MIN # define MIN(a,b) (((a)<(b))?(a):(b)) #endif #ifndef MAX # define MAX(a,b) (((a)>(b))?(a):(b)) #endif /* Macros to set/clear/test flags. */ #undef SET #define SET(t, f) ((t) |= (f)) #undef CLR #define CLR(t, f) ((t) &= ~(f)) #undef ISSET #define ISSET(t, f) ((t) & (f)) /* * Older systems may be missing stddef.h and/or offsetof macro */ #ifndef offsetof # ifdef __offsetof # define offsetof(type, field) __offsetof(type, field) # else # define offsetof(type, field) ((size_t)(&((type *)0)->field)) # endif #endif /* * Simple isblank() macro and function for systems without it. */ #ifndef HAVE_ISBLANK int isblank(int); # define isblank(_x) ((_x) == ' ' || (_x) == '\t') #endif /* * NCR's SVr4 has _innetgr(3) instead of innetgr(3) for some reason. */ #ifdef HAVE__INNETGR # define innetgr(n, h, u, d) (_innetgr(n, h, u, d)) # define HAVE_INNETGR 1 #endif /* HAVE__INNETGR */ /* * On POSIX systems, O_NOCTTY is the default so some OS's may lack this define. */ #ifndef O_NOCTTY # define O_NOCTTY 0 #endif /* O_NOCTTY */ /* * Add IRIX-like sigaction_t for those without it. * SA_RESTART is not required by POSIX; SunOS has SA_INTERRUPT instead. */ #ifndef HAVE_SIGACTION_T typedef struct sigaction sigaction_t; #endif #ifndef SA_INTERRUPT # define SA_INTERRUPT 0 #endif #ifndef SA_RESTART # define SA_RESTART 0 #endif /* * If dirfd() does not exists, hopefully dd_fd does. */ #if !defined(HAVE_DIRFD) && defined(HAVE_DD_FD) # define dirfd(_d) ((_d)->dd_fd) # define HAVE_DIRFD #endif /* * Define futimes() in terms of futimesat() if needed. */ #if !defined(HAVE_FUTIMES) && defined(HAVE_FUTIMESAT) # define futimes(_f, _tv) futimesat(_f, NULL, _tv) # define HAVE_FUTIMES #endif #if !defined(HAVE_KILLPG) && !defined(killpg) # define killpg(s) kill(-(s)) #endif /* * If we lack getprogname(), emulate with __progname if possible. * Otherwise, add a prototype for use with our own getprogname.c. */ #ifndef HAVE_GETPROGNAME # ifdef HAVE___PROGNAME extern const char *__progname; # define getprogname() (__progname) # else const char *getprogname(void); # endif /* HAVE___PROGNAME */ #endif /* !HAVE_GETPROGNAME */ /* * Declare errno if errno.h doesn't do it for us. */ #if defined(HAVE_DECL_ERRNO) && !HAVE_DECL_ERRNO extern int errno; #endif /* !HAVE_DECL_ERRNO */ #ifndef timevalclear # define timevalclear(tv) ((tv)->tv_sec = (tv)->tv_usec = 0) #endif #ifndef timevalisset # define timevalisset(tv) ((tv)->tv_sec || (tv)->tv_usec) #endif #ifndef timevalcmp # define timevalcmp(tv1, tv2, op) \ (((tv1)->tv_sec == (tv2)->tv_sec) ? \ ((tv1)->tv_usec op (tv2)->tv_usec) : \ ((tv1)->tv_sec op (tv2)->tv_sec)) #endif #ifndef timevaladd # define timevaladd(tv1, tv2) \ do { \ (tv1)->tv_sec += (tv2)->tv_sec; \ (tv1)->tv_usec += (tv2)->tv_usec; \ if ((tv1)->tv_usec >= 1000000) { \ (tv1)->tv_sec++; \ (tv1)->tv_usec -= 1000000; \ } \ } while (0) #endif #ifndef timevalsub # define timevalsub(tv1, tv2) \ do { \ (tv1)->tv_sec -= (tv2)->tv_sec; \ (tv1)->tv_usec -= (tv2)->tv_usec; \ if ((tv1)->tv_usec < 0) { \ (tv1)->tv_sec--; \ (tv1)->tv_usec += 1000000; \ } \ } while (0) #endif /* Not all systems define NSIG in signal.h */ #if !defined(NSIG) # if defined(_NSIG) # define NSIG _NSIG # elif defined(__NSIG) # define NSIG __NSIG # else # define NSIG 64 # endif #endif /* For sig2str() */ #ifndef SIG2STR_MAX # define SIG2STR_MAX 32 #endif #ifndef WCOREDUMP # define WCOREDUMP(x) ((x) & 0x80) #endif #ifndef HAVE_SETEUID # if defined(HAVE_SETRESUID) # define seteuid(u) setresuid(-1, (u), -1) # define setegid(g) setresgid(-1, (g), -1) # define HAVE_SETEUID 1 # elif defined(HAVE_SETREUID) # define seteuid(u) setreuid(-1, (u)) # define setegid(g) setregid(-1, (g)) # define HAVE_SETEUID 1 # endif #endif /* HAVE_SETEUID */ /* * HP-UX does not declare innetgr() or getdomainname(). * Solaris does not declare getdomainname(). */ #if defined(__hpux) int innetgr(const char *, const char *, const char *, const char *); #endif #if defined(__hpux) || defined(__sun) int getdomainname(char *, size_t); #endif /* Functions "missing" from libc. */ struct timeval; struct timespec; #ifndef HAVE_CLOSEFROM void closefrom(int); #endif #ifndef HAVE_GETCWD char *getcwd(char *, size_t size); #endif #ifndef HAVE_GETGROUPLIST int getgrouplist(const char *, gid_t, gid_t *, int *); #endif #ifndef HAVE_GETLINE ssize_t getline(char **, size_t *, FILE *); #endif #ifndef HAVE_UTIMES int utimes(const char *, const struct timeval *); #endif #ifdef HAVE_FUTIME int futimes(int, const struct timeval *); #endif #if !defined(HAVE_SNPRINTF) || defined(PREFER_PORTABLE_SNPRINTF) int rpl_snprintf(char *, size_t, const char *, ...) __printflike(3, 4); # undef snprintf # define snprintf rpl_snprintf #endif #if !defined(HAVE_VSNPRINTF) || defined(PREFER_PORTABLE_SNPRINTF) int rpl_vsnprintf(char *, size_t, const char *, va_list) __printflike(3, 0); # undef vsnprintf # define vsnprintf rpl_vsnprintf #endif #if !defined(HAVE_ASPRINTF) || defined(PREFER_PORTABLE_SNPRINTF) int rpl_asprintf(char **, const char *, ...) __printflike(2, 3); # undef asprintf # define asprintf rpl_asprintf #endif #if !defined(HAVE_VASPRINTF) || defined(PREFER_PORTABLE_SNPRINTF) int rpl_vasprintf(char **, const char *, va_list) __printflike(2, 0); # undef vasprintf # define vasprintf rpl_vasprintf #endif #ifndef HAVE_STRLCAT size_t strlcat(char *, const char *, size_t); #endif #ifndef HAVE_STRLCPY size_t strlcpy(char *, const char *, size_t); #endif #ifndef HAVE_MEMRCHR void *memrchr(const void *, int, size_t); #endif #ifndef HAVE_MEMSET_S errno_t memset_s(void *, rsize_t, int, rsize_t); #endif #ifndef HAVE_MKDTEMP char *mkdtemp(char *); #endif #ifndef HAVE_MKSTEMPS int mkstemps(char *, int); #endif #ifndef HAVE_PW_DUP struct passwd *pw_dup(const struct passwd *); #endif #ifndef HAVE_SETENV int setenv(const char *, const char *, int); #endif #ifndef HAVE_UNSETENV int unsetenv(const char *); #endif #ifndef HAVE_STRSIGNAL char *strsignal(int); #endif #ifndef HAVE_SIG2STR int sig2str(int, char *); #endif #ifndef HAVE_STRTONUM long long rpl_strtonum(const char *, long long, long long, const char **); # undef strtonum # define strtonum rpl_strtonum #endif #endif /* _SUDO_MISSING_H */ sudo-1.8.9p5/include/queue.h010064400175440000012000000635661226304126300153030ustar00millertstaff/* * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)queue.h 8.5 (Berkeley) 8/20/94 * $FreeBSD: head/sys/sys/queue.h 251887 2013-06-18 02:57:56Z lstewart $ */ #ifndef _SUDO_QUEUE_H_ #define _SUDO_QUEUE_H_ /* * This file defines four types of data structures: singly-linked lists, * singly-linked tail queues, lists and tail queues. * * A singly-linked list is headed by a single forward pointer. The elements * are singly linked for minimum space and pointer manipulation overhead at * the expense of O(n) removal for arbitrary elements. New elements can be * added to the list after an existing element or at the head of the list. * Elements being removed from the head of the list should use the explicit * macro for this purpose for optimum efficiency. A singly-linked list may * only be traversed in the forward direction. Singly-linked lists are ideal * for applications with large datasets and few or no removals or for * implementing a LIFO queue. * * A singly-linked tail queue is headed by a pair of pointers, one to the * head of the list and the other to the tail of the list. The elements are * singly linked for minimum space and pointer manipulation overhead at the * expense of O(n) removal for arbitrary elements. New elements can be added * to the list after an existing element, at the head of the list, or at the * end of the list. Elements being removed from the head of the tail queue * should use the explicit macro for this purpose for optimum efficiency. * A singly-linked tail queue may only be traversed in the forward direction. * Singly-linked tail queues are ideal for applications with large datasets * and few or no removals or for implementing a FIFO queue. * * A list is headed by a single forward pointer (or an array of forward * pointers for a hash table header). The elements are doubly linked * so that an arbitrary element can be removed without a need to * traverse the list. New elements can be added to the list before * or after an existing element or at the head of the list. A list * may be traversed in either direction. * * A tail queue is headed by a pair of pointers, one to the head of the * list and the other to the tail of the list. The elements are doubly * linked so that an arbitrary element can be removed without a need to * traverse the list. New elements can be added to the list before or * after an existing element, at the head of the list, or at the end of * the list. A tail queue may be traversed in either direction. * * A headless tail queue lacks a head structure, The first element acts * as a de facto list head. It uses the same entry struct as a regular * tail queue for easy conversion from headless to headful. * It is capable of concatenating queues as well as individual elements. * Traversing in reverse is more expensive due to lack of a list head. * Note: elements must be initialized before use. * * For details on the use of these macros, see the queue(3) manual page. * * * SLIST LIST STAILQ TAILQ * _HEAD + + + + * _HEAD_INITIALIZER + + + + * _ENTRY + + + + * _INIT + + + + * _EMPTY + + + + * _FIRST + + + + * _NEXT + + + + * _PREV - + - + * _LAST - - + + * _FOREACH + + + + * _FOREACH_FROM + + + + * _FOREACH_SAFE + + + + * _FOREACH_FROM_SAFE + + + + * _FOREACH_REVERSE - - - + * _FOREACH_REVERSE_FROM - - - + * _FOREACH_REVERSE_SAFE - - - + * _FOREACH_REVERSE_FROM_SAFE - - - + * _INSERT_HEAD + + + + * _INSERT_BEFORE - + - + * _INSERT_AFTER + + + + * _INSERT_TAIL - - + + * _CONCAT - - + + * _REMOVE_AFTER + - + - * _REMOVE_HEAD + - + - * _REMOVE + + + + * _SWAP + + + + * */ #ifdef QUEUE_MACRO_DEBUG /* Store the last 2 places the queue element or head was altered */ struct qm_trace { unsigned long lastline; unsigned long prevline; const char *lastfile; const char *prevfile; }; #undef TRACEBUF #define TRACEBUF struct qm_trace trace; #undef TRACEBUF_INITIALIZER #define TRACEBUF_INITIALIZER { __FILE__, __LINE__, NULL, 0 } , #undef TRASHIT #define TRASHIT(x) do {(x) = (void *)-1;} while (0) #undef QMD_SAVELINK #define QMD_SAVELINK(name, link) void **name = (void *)&(link) #undef QMD_TRACE_HEAD #define QMD_TRACE_HEAD(head) do { \ (head)->trace.prevline = (head)->trace.lastline; \ (head)->trace.prevfile = (head)->trace.lastfile; \ (head)->trace.lastline = __LINE__; \ (head)->trace.lastfile = __FILE__; \ } while (0) #undef QMD_TRACE_ELEM #define QMD_TRACE_ELEM(elem) do { \ (elem)->trace.prevline = (elem)->trace.lastline; \ (elem)->trace.prevfile = (elem)->trace.lastfile; \ (elem)->trace.lastline = __LINE__; \ (elem)->trace.lastfile = __FILE__; \ } while (0) #else #undef QMD_TRACE_ELEM #define QMD_TRACE_ELEM(elem) #undef QMD_TRACE_HEAD #define QMD_TRACE_HEAD(head) #undef QMD_SAVELINK #define QMD_SAVELINK(name, link) #undef TRACEBUF #define TRACEBUF #undef TRACEBUF_INITIALIZER #define TRACEBUF_INITIALIZER #undef TRASHIT #define TRASHIT(x) #endif /* QUEUE_MACRO_DEBUG */ /* * Singly-linked List declarations. */ #undef SLIST_HEAD #define SLIST_HEAD(name, type) \ struct name { \ struct type *slh_first; /* first element */ \ } #undef SLIST_HEAD_INITIALIZER #define SLIST_HEAD_INITIALIZER(head) \ { NULL } #undef SLIST_ENTRY #define SLIST_ENTRY(type) \ struct { \ struct type *sle_next; /* next element */ \ } /* * Singly-linked List functions. */ #undef SLIST_EMPTY #define SLIST_EMPTY(head) ((head)->slh_first == NULL) #undef SLIST_FIRST #define SLIST_FIRST(head) ((head)->slh_first) #undef SLIST_FOREACH #define SLIST_FOREACH(var, head, field) \ for ((var) = SLIST_FIRST((head)); \ (var); \ (var) = SLIST_NEXT((var), field)) #undef SLIST_FOREACH_FROM #define SLIST_FOREACH_FROM(var, head, field) \ for ((var) = ((var) ? (var) : SLIST_FIRST((head))); \ (var); \ (var) = SLIST_NEXT((var), field)) #undef SLIST_FOREACH_SAFE #define SLIST_FOREACH_SAFE(var, head, field, tvar) \ for ((var) = SLIST_FIRST((head)); \ (var) && ((tvar) = SLIST_NEXT((var), field), 1); \ (var) = (tvar)) #undef SLIST_FOREACH_FROM_SAFE #define SLIST_FOREACH_FROM_SAFE(var, head, field, tvar) \ for ((var) = ((var) ? (var) : SLIST_FIRST((head))); \ (var) && ((tvar) = SLIST_NEXT((var), field), 1); \ (var) = (tvar)) #undef SLIST_FOREACH_PREVPTR #define SLIST_FOREACH_PREVPTR(var, varp, head, field) \ for ((varp) = &SLIST_FIRST((head)); \ ((var) = *(varp)) != NULL; \ (varp) = &SLIST_NEXT((var), field)) #undef SLIST_INIT #define SLIST_INIT(head) do { \ SLIST_FIRST((head)) = NULL; \ } while (0) #undef SLIST_INSERT_AFTER #define SLIST_INSERT_AFTER(slistelm, elm, field) do { \ SLIST_NEXT((elm), field) = SLIST_NEXT((slistelm), field); \ SLIST_NEXT((slistelm), field) = (elm); \ } while (0) #undef SLIST_INSERT_HEAD #define SLIST_INSERT_HEAD(head, elm, field) do { \ SLIST_NEXT((elm), field) = SLIST_FIRST((head)); \ SLIST_FIRST((head)) = (elm); \ } while (0) #undef SLIST_NEXT #define SLIST_NEXT(elm, field) ((elm)->field.sle_next) #undef SLIST_REMOVE #define SLIST_REMOVE(head, elm, type, field) do { \ QMD_SAVELINK(oldnext, (elm)->field.sle_next); \ if (SLIST_FIRST((head)) == (elm)) { \ SLIST_REMOVE_HEAD((head), field); \ } \ else { \ struct type *curelm = SLIST_FIRST((head)); \ while (SLIST_NEXT(curelm, field) != (elm)) \ curelm = SLIST_NEXT(curelm, field); \ SLIST_REMOVE_AFTER(curelm, field); \ } \ TRASHIT(*oldnext); \ } while (0) #undef SLIST_REMOVE_AFTER #define SLIST_REMOVE_AFTER(elm, field) do { \ SLIST_NEXT(elm, field) = \ SLIST_NEXT(SLIST_NEXT(elm, field), field); \ } while (0) #undef SLIST_REMOVE_HEAD #define SLIST_REMOVE_HEAD(head, field) do { \ SLIST_FIRST((head)) = SLIST_NEXT(SLIST_FIRST((head)), field); \ } while (0) #undef SLIST_SWAP #define SLIST_SWAP(head1, head2, type) do { \ struct type *swap_first = SLIST_FIRST(head1); \ SLIST_FIRST(head1) = SLIST_FIRST(head2); \ SLIST_FIRST(head2) = swap_first; \ } while (0) /* * Singly-linked Tail queue declarations. */ #undef STAILQ_HEAD #define STAILQ_HEAD(name, type) \ struct name { \ struct type *stqh_first;/* first element */ \ struct type **stqh_last;/* addr of last next element */ \ } #undef STAILQ_HEAD_INITIALIZER #define STAILQ_HEAD_INITIALIZER(head) \ { NULL, &(head).stqh_first } #undef STAILQ_ENTRY #define STAILQ_ENTRY(type) \ struct { \ struct type *stqe_next; /* next element */ \ } /* * Singly-linked Tail queue functions. */ #undef STAILQ_CONCAT #define STAILQ_CONCAT(head1, head2) do { \ if (!STAILQ_EMPTY((head2))) { \ *(head1)->stqh_last = (head2)->stqh_first; \ (head1)->stqh_last = (head2)->stqh_last; \ STAILQ_INIT((head2)); \ } \ } while (0) #undef STAILQ_EMPTY #define STAILQ_EMPTY(head) ((head)->stqh_first == NULL) #undef STAILQ_FIRST #define STAILQ_FIRST(head) ((head)->stqh_first) #undef STAILQ_FOREACH #define STAILQ_FOREACH(var, head, field) \ for ((var) = STAILQ_FIRST((head)); \ (var); \ (var) = STAILQ_NEXT((var), field)) #undef STAILQ_FOREACH_FROM #define STAILQ_FOREACH_FROM(var, head, field) \ for ((var) = ((var) ? (var) : STAILQ_FIRST((head))); \ (var); \ (var) = STAILQ_NEXT((var), field)) #undef STAILQ_FOREACH_SAFE #define STAILQ_FOREACH_SAFE(var, head, field, tvar) \ for ((var) = STAILQ_FIRST((head)); \ (var) && ((tvar) = STAILQ_NEXT((var), field), 1); \ (var) = (tvar)) #undef STAILQ_FOREACH_FROM_SAFE #define STAILQ_FOREACH_FROM_SAFE(var, head, field, tvar) \ for ((var) = ((var) ? (var) : STAILQ_FIRST((head))); \ (var) && ((tvar) = STAILQ_NEXT((var), field), 1); \ (var) = (tvar)) #undef STAILQ_INIT #define STAILQ_INIT(head) do { \ STAILQ_FIRST((head)) = NULL; \ (head)->stqh_last = &STAILQ_FIRST((head)); \ } while (0) #undef STAILQ_INSERT_AFTER #define STAILQ_INSERT_AFTER(head, tqelm, elm, field) do { \ if ((STAILQ_NEXT((elm), field) = STAILQ_NEXT((tqelm), field)) == NULL)\ (head)->stqh_last = &STAILQ_NEXT((elm), field); \ STAILQ_NEXT((tqelm), field) = (elm); \ } while (0) #undef STAILQ_INSERT_HEAD #define STAILQ_INSERT_HEAD(head, elm, field) do { \ if ((STAILQ_NEXT((elm), field) = STAILQ_FIRST((head))) == NULL) \ (head)->stqh_last = &STAILQ_NEXT((elm), field); \ STAILQ_FIRST((head)) = (elm); \ } while (0) #undef STAILQ_INSERT_TAIL #define STAILQ_INSERT_TAIL(head, elm, field) do { \ STAILQ_NEXT((elm), field) = NULL; \ *(head)->stqh_last = (elm); \ (head)->stqh_last = &STAILQ_NEXT((elm), field); \ } while (0) #undef STAILQ_LAST #define STAILQ_LAST(head, type, field) \ (STAILQ_EMPTY((head)) ? NULL : \ __containerof((head)->stqh_last, struct type, field.stqe_next)) #undef STAILQ_NEXT #define STAILQ_NEXT(elm, field) ((elm)->field.stqe_next) #undef STAILQ_REMOVE #define STAILQ_REMOVE(head, elm, type, field) do { \ QMD_SAVELINK(oldnext, (elm)->field.stqe_next); \ if (STAILQ_FIRST((head)) == (elm)) { \ STAILQ_REMOVE_HEAD((head), field); \ } \ else { \ struct type *curelm = STAILQ_FIRST((head)); \ while (STAILQ_NEXT(curelm, field) != (elm)) \ curelm = STAILQ_NEXT(curelm, field); \ STAILQ_REMOVE_AFTER(head, curelm, field); \ } \ TRASHIT(*oldnext); \ } while (0) #undef STAILQ_REMOVE_AFTER #define STAILQ_REMOVE_AFTER(head, elm, field) do { \ if ((STAILQ_NEXT(elm, field) = \ STAILQ_NEXT(STAILQ_NEXT(elm, field), field)) == NULL) \ (head)->stqh_last = &STAILQ_NEXT((elm), field); \ } while (0) #undef STAILQ_REMOVE_HEAD #define STAILQ_REMOVE_HEAD(head, field) do { \ if ((STAILQ_FIRST((head)) = \ STAILQ_NEXT(STAILQ_FIRST((head)), field)) == NULL) \ (head)->stqh_last = &STAILQ_FIRST((head)); \ } while (0) #undef STAILQ_SWAP #define STAILQ_SWAP(head1, head2, type) do { \ struct type *swap_first = STAILQ_FIRST(head1); \ struct type **swap_last = (head1)->stqh_last; \ STAILQ_FIRST(head1) = STAILQ_FIRST(head2); \ (head1)->stqh_last = (head2)->stqh_last; \ STAILQ_FIRST(head2) = swap_first; \ (head2)->stqh_last = swap_last; \ if (STAILQ_EMPTY(head1)) \ (head1)->stqh_last = &STAILQ_FIRST(head1); \ if (STAILQ_EMPTY(head2)) \ (head2)->stqh_last = &STAILQ_FIRST(head2); \ } while (0) /* * List declarations. */ #undef LIST_HEAD #define LIST_HEAD(name, type) \ struct name { \ struct type *lh_first; /* first element */ \ } #undef LIST_HEAD_INITIALIZER #define LIST_HEAD_INITIALIZER(head) \ { NULL } #undef LIST_ENTRY #define LIST_ENTRY(type) \ struct { \ struct type *le_next; /* next element */ \ struct type **le_prev; /* address of previous next element */ \ } /* * List functions. */ #undef LIST_EMPTY #define LIST_EMPTY(head) ((head)->lh_first == NULL) #undef LIST_FIRST #define LIST_FIRST(head) ((head)->lh_first) #undef LIST_FOREACH #define LIST_FOREACH(var, head, field) \ for ((var) = LIST_FIRST((head)); \ (var); \ (var) = LIST_NEXT((var), field)) #undef LIST_FOREACH_FROM #define LIST_FOREACH_FROM(var, head, field) \ for ((var) = ((var) ? (var) : LIST_FIRST((head))); \ (var); \ (var) = LIST_NEXT((var), field)) #undef LIST_FOREACH_SAFE #define LIST_FOREACH_SAFE(var, head, field, tvar) \ for ((var) = LIST_FIRST((head)); \ (var) && ((tvar) = LIST_NEXT((var), field), 1); \ (var) = (tvar)) #undef LIST_FOREACH_FROM_SAFE #define LIST_FOREACH_FROM_SAFE(var, head, field, tvar) \ for ((var) = ((var) ? (var) : LIST_FIRST((head))); \ (var) && ((tvar) = LIST_NEXT((var), field), 1); \ (var) = (tvar)) #undef LIST_INIT #define LIST_INIT(head) do { \ LIST_FIRST((head)) = NULL; \ } while (0) #undef LIST_INSERT_AFTER #define LIST_INSERT_AFTER(listelm, elm, field) do { \ if ((LIST_NEXT((elm), field) = LIST_NEXT((listelm), field)) != NULL)\ LIST_NEXT((listelm), field)->field.le_prev = \ &LIST_NEXT((elm), field); \ LIST_NEXT((listelm), field) = (elm); \ (elm)->field.le_prev = &LIST_NEXT((listelm), field); \ } while (0) #undef LIST_INSERT_BEFORE #define LIST_INSERT_BEFORE(listelm, elm, field) do { \ (elm)->field.le_prev = (listelm)->field.le_prev; \ LIST_NEXT((elm), field) = (listelm); \ *(listelm)->field.le_prev = (elm); \ (listelm)->field.le_prev = &LIST_NEXT((elm), field); \ } while (0) #undef LIST_INSERT_HEAD #define LIST_INSERT_HEAD(head, elm, field) do { \ if ((LIST_NEXT((elm), field) = LIST_FIRST((head))) != NULL) \ LIST_FIRST((head))->field.le_prev = &LIST_NEXT((elm), field);\ LIST_FIRST((head)) = (elm); \ (elm)->field.le_prev = &LIST_FIRST((head)); \ } while (0) #undef LIST_NEXT #define LIST_NEXT(elm, field) ((elm)->field.le_next) #undef LIST_PREV #define LIST_PREV(elm, head, type, field) \ ((elm)->field.le_prev == &LIST_FIRST((head)) ? NULL : \ __containerof((elm)->field.le_prev, struct type, field.le_next)) #undef LIST_REMOVE #define LIST_REMOVE(elm, field) do { \ QMD_SAVELINK(oldnext, (elm)->field.le_next); \ QMD_SAVELINK(oldprev, (elm)->field.le_prev); \ if (LIST_NEXT((elm), field) != NULL) \ LIST_NEXT((elm), field)->field.le_prev = \ (elm)->field.le_prev; \ *(elm)->field.le_prev = LIST_NEXT((elm), field); \ TRASHIT(*oldnext); \ TRASHIT(*oldprev); \ } while (0) #undef LIST_SWAP #define LIST_SWAP(head1, head2, type, field) do { \ struct type *swap_tmp = LIST_FIRST((head1)); \ LIST_FIRST((head1)) = LIST_FIRST((head2)); \ LIST_FIRST((head2)) = swap_tmp; \ if ((swap_tmp = LIST_FIRST((head1))) != NULL) \ swap_tmp->field.le_prev = &LIST_FIRST((head1)); \ if ((swap_tmp = LIST_FIRST((head2))) != NULL) \ swap_tmp->field.le_prev = &LIST_FIRST((head2)); \ } while (0) /* * Tail queue declarations. */ #undef TAILQ_HEAD #define TAILQ_HEAD(name, type) \ struct name { \ struct type *tqh_first; /* first element */ \ struct type **tqh_last; /* addr of last next element */ \ TRACEBUF \ } #undef TAILQ_HEAD_INITIALIZER #define TAILQ_HEAD_INITIALIZER(head) \ { NULL, &(head).tqh_first, TRACEBUF_INITIALIZER } #undef TAILQ_ENTRY #define TAILQ_ENTRY(type) \ struct { \ struct type *tqe_next; /* next element */ \ struct type **tqe_prev; /* address of previous next element */ \ TRACEBUF \ } /* * Tail queue functions. */ #undef TAILQ_CONCAT #define TAILQ_CONCAT(head1, head2, field) do { \ if (!TAILQ_EMPTY(head2)) { \ *(head1)->tqh_last = (head2)->tqh_first; \ (head2)->tqh_first->field.tqe_prev = (head1)->tqh_last; \ (head1)->tqh_last = (head2)->tqh_last; \ TAILQ_INIT((head2)); \ QMD_TRACE_HEAD(head1); \ QMD_TRACE_HEAD(head2); \ } \ } while (0) #undef TAILQ_EMPTY #define TAILQ_EMPTY(head) ((head)->tqh_first == NULL) #undef TAILQ_FIRST #define TAILQ_FIRST(head) ((head)->tqh_first) #undef TAILQ_FOREACH #define TAILQ_FOREACH(var, head, field) \ for ((var) = TAILQ_FIRST((head)); \ (var); \ (var) = TAILQ_NEXT((var), field)) #undef TAILQ_FOREACH_FROM #define TAILQ_FOREACH_FROM(var, head, field) \ for ((var) = ((var) ? (var) : TAILQ_FIRST((head))); \ (var); \ (var) = TAILQ_NEXT((var), field)) #undef TAILQ_FOREACH_SAFE #define TAILQ_FOREACH_SAFE(var, head, field, tvar) \ for ((var) = TAILQ_FIRST((head)); \ (var) && ((tvar) = TAILQ_NEXT((var), field), 1); \ (var) = (tvar)) #undef TAILQ_FOREACH_FROM_SAFE #define TAILQ_FOREACH_FROM_SAFE(var, head, field, tvar) \ for ((var) = ((var) ? (var) : TAILQ_FIRST((head))); \ (var) && ((tvar) = TAILQ_NEXT((var), field), 1); \ (var) = (tvar)) #undef TAILQ_FOREACH_REVERSE #define TAILQ_FOREACH_REVERSE(var, head, headname, field) \ for ((var) = TAILQ_LAST((head), headname); \ (var); \ (var) = TAILQ_PREV((var), headname, field)) #undef TAILQ_FOREACH_REVERSE_FROM #define TAILQ_FOREACH_REVERSE_FROM(var, head, headname, field) \ for ((var) = ((var) ? (var) : TAILQ_LAST((head), headname)); \ (var); \ (var) = TAILQ_PREV((var), headname, field)) #undef TAILQ_FOREACH_REVERSE_SAFE #define TAILQ_FOREACH_REVERSE_SAFE(var, head, headname, field, tvar) \ for ((var) = TAILQ_LAST((head), headname); \ (var) && ((tvar) = TAILQ_PREV((var), headname, field), 1); \ (var) = (tvar)) #undef TAILQ_FOREACH_REVERSE_FROM_SAFE #define TAILQ_FOREACH_REVERSE_FROM_SAFE(var, head, headname, field, tvar) \ for ((var) = ((var) ? (var) : TAILQ_LAST((head), headname)); \ (var) && ((tvar) = TAILQ_PREV((var), headname, field), 1); \ (var) = (tvar)) #undef TAILQ_INIT #define TAILQ_INIT(head) do { \ TAILQ_FIRST((head)) = NULL; \ (head)->tqh_last = &TAILQ_FIRST((head)); \ QMD_TRACE_HEAD(head); \ } while (0) #undef TAILQ_INSERT_AFTER #define TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \ if ((TAILQ_NEXT((elm), field) = TAILQ_NEXT((listelm), field)) != NULL)\ TAILQ_NEXT((elm), field)->field.tqe_prev = \ &TAILQ_NEXT((elm), field); \ else { \ (head)->tqh_last = &TAILQ_NEXT((elm), field); \ QMD_TRACE_HEAD(head); \ } \ TAILQ_NEXT((listelm), field) = (elm); \ (elm)->field.tqe_prev = &TAILQ_NEXT((listelm), field); \ QMD_TRACE_ELEM(&(elm)->field); \ QMD_TRACE_ELEM(&listelm->field); \ } while (0) #undef TAILQ_INSERT_BEFORE #define TAILQ_INSERT_BEFORE(listelm, elm, field) do { \ (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \ TAILQ_NEXT((elm), field) = (listelm); \ *(listelm)->field.tqe_prev = (elm); \ (listelm)->field.tqe_prev = &TAILQ_NEXT((elm), field); \ QMD_TRACE_ELEM(&(elm)->field); \ QMD_TRACE_ELEM(&listelm->field); \ } while (0) #undef TAILQ_INSERT_HEAD #define TAILQ_INSERT_HEAD(head, elm, field) do { \ if ((TAILQ_NEXT((elm), field) = TAILQ_FIRST((head))) != NULL) \ TAILQ_FIRST((head))->field.tqe_prev = \ &TAILQ_NEXT((elm), field); \ else \ (head)->tqh_last = &TAILQ_NEXT((elm), field); \ TAILQ_FIRST((head)) = (elm); \ (elm)->field.tqe_prev = &TAILQ_FIRST((head)); \ QMD_TRACE_HEAD(head); \ QMD_TRACE_ELEM(&(elm)->field); \ } while (0) #undef TAILQ_INSERT_TAIL #define TAILQ_INSERT_TAIL(head, elm, field) do { \ TAILQ_NEXT((elm), field) = NULL; \ (elm)->field.tqe_prev = (head)->tqh_last; \ *(head)->tqh_last = (elm); \ (head)->tqh_last = &TAILQ_NEXT((elm), field); \ QMD_TRACE_HEAD(head); \ QMD_TRACE_ELEM(&(elm)->field); \ } while (0) #undef TAILQ_LAST #define TAILQ_LAST(head, headname) \ (*(((struct headname *)((head)->tqh_last))->tqh_last)) #undef TAILQ_NEXT #define TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) #undef TAILQ_PREV #define TAILQ_PREV(elm, headname, field) \ (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last)) #undef TAILQ_REMOVE #define TAILQ_REMOVE(head, elm, field) do { \ QMD_SAVELINK(oldnext, (elm)->field.tqe_next); \ QMD_SAVELINK(oldprev, (elm)->field.tqe_prev); \ if ((TAILQ_NEXT((elm), field)) != NULL) \ TAILQ_NEXT((elm), field)->field.tqe_prev = \ (elm)->field.tqe_prev; \ else { \ (head)->tqh_last = (elm)->field.tqe_prev; \ QMD_TRACE_HEAD(head); \ } \ *(elm)->field.tqe_prev = TAILQ_NEXT((elm), field); \ TRASHIT(*oldnext); \ TRASHIT(*oldprev); \ QMD_TRACE_ELEM(&(elm)->field); \ } while (0) #undef TAILQ_SWAP #define TAILQ_SWAP(head1, head2, type, field) do { \ struct type *swap_first = (head1)->tqh_first; \ struct type **swap_last = (head1)->tqh_last; \ (head1)->tqh_first = (head2)->tqh_first; \ (head1)->tqh_last = (head2)->tqh_last; \ (head2)->tqh_first = swap_first; \ (head2)->tqh_last = swap_last; \ if ((swap_first = (head1)->tqh_first) != NULL) \ swap_first->field.tqe_prev = &(head1)->tqh_first; \ else \ (head1)->tqh_last = &(head1)->tqh_first; \ if ((swap_first = (head2)->tqh_first) != NULL) \ swap_first->field.tqe_prev = &(head2)->tqh_first; \ else \ (head2)->tqh_last = &(head2)->tqh_first; \ } while (0) /* * Headless Tail queue definitions. */ #undef HLTQ_ENTRY #define HLTQ_ENTRY(type) TAILQ_ENTRY(type) #undef HLTQ_INIT #define HLTQ_INIT(entry, field) do { \ (entry)->field.tqe_next = NULL; \ (entry)->field.tqe_prev = &(entry)->field.tqe_next; \ } while (0) #undef HLTQ_INITIALIZER #define HLTQ_INITIALIZER(entry, field) \ { NULL, &(entry)->field.tqe_next } #undef HLTQ_FIRST #define HLTQ_FIRST(elm) (elm) #undef HLTQ_END #define HLTQ_END(elm) NULL #undef HLTQ_NEXT #define HLTQ_NEXT(elm, field) ((elm)->field.tqe_next) #undef HLTQ_LAST #define HLTQ_LAST(elm, type, field) \ ((elm)->field.tqe_next == NULL ? (elm) : \ __containerof((elm)->field.tqe_prev, struct type, field.tqe_next)) #undef HLTQ_PREV #define HLTQ_PREV(elm, type, field) \ (*(elm)->field.tqe_prev == NULL ? NULL : \ __containerof((elm)->field.tqe_prev, struct type, field.tqe_next)) #undef HLTQ_FOREACH #define HLTQ_FOREACH(var, head, field) \ for ((var) = HLTQ_FIRST(head); \ (var) != HLTQ_END(head); \ (var) = HLTQ_NEXT(var, field)) #undef HLTQ_FOREACH_SAFE #define HLTQ_FOREACH_SAFE(var, head, field, tvar) \ for ((var) = HLTQ_FIRST(head); \ (var) != HLTQ_END(head) && \ ((tvar) = HLTQ_NEXT(var, field), 1); \ (var) = (tvar)) #undef HLTQ_FOREACH_REVERSE #define HLTQ_FOREACH_REVERSE(var, head, headname, field) \ for ((var) = HLTQ_LAST(head, headname); \ (var) != HLTQ_END(head); \ (var) = HLTQ_PREV(var, headname, field)) #undef HLTQ_FOREACH_REVERSE_SAFE #define HLTQ_FOREACH_REVERSE_SAFE(var, head, headname, field, tvar) \ for ((var) = HLTQ_LAST(head, headname); \ (var) != HLTQ_END(head) && \ ((tvar) = HLTQ_PREV(var, headname, field), 1); \ (var) = (tvar)) /* Concatenate queue2 to the end of queue1. */ #undef HLTQ_CONCAT #define HLTQ_CONCAT(queue1, queue2, field) do { \ (queue2)->field.tqe_prev = (queue1)->field.tqe_prev; \ *(queue1)->field.tqe_prev = (queue2); \ (queue1)->field.tqe_prev = &(queue2)->field.tqe_next; \ } while (0) /* Convert a headless tailq to a headful one. */ #define HLTQ_TO_TAILQ(head, hl, field) do { \ (head)->tqh_first = (hl); \ (head)->tqh_last = (hl)->field.tqe_prev; \ (hl)->field.tqe_prev = &(head)->tqh_first; \ } while (0) /* Concatenate a headless tail queue to the end of a regular tail queue. */ #define TAILQ_CONCAT_HLTQ(head, hl, field) do { \ void *last = (hl)->field.tqe_prev; \ (hl)->field.tqe_prev = (head)->tqh_last; \ *(head)->tqh_last = (hl); \ (head)->tqh_last = last; \ } while (0) #endif /* !_SUDO_QUEUE_H_ */ sudo-1.8.9p5/include/secure_path.h010064400175440000012000000025031226304126300164410ustar00millertstaff/* * Copyright (c) 2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDO_SECURE_PATH_H #define _SUDO_SECURE_PATH_H #define SUDO_PATH_SECURE 0 #define SUDO_PATH_MISSING -1 #define SUDO_PATH_BAD_TYPE -2 #define SUDO_PATH_WRONG_OWNER -3 #define SUDO_PATH_WORLD_WRITABLE -4 #define SUDO_PATH_GROUP_WRITABLE -5 int sudo_secure_dir(const char *path, uid_t uid, gid_t gid, struct stat *sbp); int sudo_secure_file(const char *path, uid_t uid, gid_t gid, struct stat *sbp); int sudo_secure_path(const char *path, unsigned int type, uid_t uid, gid_t gid, struct stat *sbp); #endif /* _SUDO_SECURE_PATH_H */ sudo-1.8.9p5/include/sudo_conf.h010064400175440000012000000031611226304126300161170ustar00millertstaff/* * Copyright (c) 2011-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDO_CONF_H #define _SUDO_CONF_H #include "queue.h" #define GROUP_SOURCE_ADAPTIVE 0 #define GROUP_SOURCE_STATIC 1 #define GROUP_SOURCE_DYNAMIC 2 struct plugin_info { TAILQ_ENTRY(plugin_info) entries; const char *path; const char *symbol_name; char * const * options; int lineno; }; TAILQ_HEAD(plugin_info_list, plugin_info); /* Read main sudo.conf file. */ void sudo_conf_read(const char *); /* Accessor functions. */ const char *sudo_conf_askpass_path(void); const char *sudo_conf_sesh_path(void); const char *sudo_conf_noexec_path(void); const char *sudo_conf_plugin_dir_path(void); const char *sudo_conf_debug_flags(void); struct plugin_info_list *sudo_conf_plugins(void); bool sudo_conf_disable_coredump(void); int sudo_conf_group_source(void); int sudo_conf_max_groups(void); #endif /* _SUDO_CONF_H */ sudo-1.8.9p5/include/sudo_debug.h010064400175440000012000000231451226550333200162660ustar00millertstaff/* * Copyright (c) 2011-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDO_DEBUG_H #define _SUDO_DEBUG_H #include /* * The priority and subsystem are encoded in a single 32-bit value. * The lower 4 bits are the priority and the top 26 bits are the subsystem. * This allows for 16 priorities and a very large number of subsystems. * Bit 5 is used as a flag to specify whether to log the errno value. * Bit 6 specifies whether to log the function, file and line number data. */ /* * Sudo debug priorities, ordered least to most verbose, * in other words, highest to lowest priority. Max pri is 15. * Note: order must match sudo_debug_priorities[] */ #define SUDO_DEBUG_CRIT 1 /* critical errors */ #define SUDO_DEBUG_ERROR 2 /* non-critical errors */ #define SUDO_DEBUG_WARN 3 /* non-fatal warnings */ #define SUDO_DEBUG_NOTICE 4 /* non-error condition notices */ #define SUDO_DEBUG_DIAG 5 /* diagnostic messages */ #define SUDO_DEBUG_INFO 6 /* informational message */ #define SUDO_DEBUG_TRACE 7 /* log function enter/exit */ #define SUDO_DEBUG_DEBUG 8 /* very verbose debugging */ /* * Sudo debug subsystems. * This includes subsystems in the sudoers plugin. * Note: order must match sudo_debug_subsystems[] */ #define SUDO_DEBUG_MAIN ( 1<<6) /* sudo main() */ #define SUDO_DEBUG_ARGS ( 2<<6) /* command line argument processing */ #define SUDO_DEBUG_EXEC ( 3<<6) /* command execution */ #define SUDO_DEBUG_PTY ( 4<<6) /* pseudo-tty */ #define SUDO_DEBUG_UTMP ( 5<<6) /* utmp file ops */ #define SUDO_DEBUG_CONV ( 6<<6) /* user conversation */ #define SUDO_DEBUG_PCOMM ( 7<<6) /* plugin communications */ #define SUDO_DEBUG_UTIL ( 8<<6) /* utility functions */ #define SUDO_DEBUG_NETIF ( 9<<6) /* network interface functions */ #define SUDO_DEBUG_AUDIT (10<<6) /* audit */ #define SUDO_DEBUG_EDIT (11<<6) /* sudoedit */ #define SUDO_DEBUG_SELINUX (12<<6) /* selinux */ #define SUDO_DEBUG_LDAP (13<<6) /* sudoers LDAP */ #define SUDO_DEBUG_MATCH (14<<6) /* sudoers matching */ #define SUDO_DEBUG_PARSER (15<<6) /* sudoers parser */ #define SUDO_DEBUG_ALIAS (16<<6) /* sudoers alias functions */ #define SUDO_DEBUG_DEFAULTS (17<<6) /* sudoers defaults settings */ #define SUDO_DEBUG_AUTH (18<<6) /* authentication functions */ #define SUDO_DEBUG_ENV (19<<6) /* environment handling */ #define SUDO_DEBUG_LOGGING (20<<6) /* logging functions */ #define SUDO_DEBUG_NSS (21<<6) /* network service switch */ #define SUDO_DEBUG_RBTREE (22<<6) /* red-black tree functions */ #define SUDO_DEBUG_PERMS (23<<6) /* uid/gid swapping functions */ #define SUDO_DEBUG_PLUGIN (24<<6) /* main plugin functions */ #define SUDO_DEBUG_HOOKS (25<<6) /* hook functions */ #define SUDO_DEBUG_SSSD (26<<6) /* sudoers SSSD */ #define SUDO_DEBUG_EVENT (27<<6) /* event handling */ #define SUDO_DEBUG_ALL 0xfff0 /* all subsystems */ /* Flag to include string version of errno in debug info. */ #define SUDO_DEBUG_ERRNO (1<<4) /* Flag to include function, file and line number in debug info. */ #define SUDO_DEBUG_LINENO (1<<5) /* Extract priority and convert to an index. */ #define SUDO_DEBUG_PRI(n) (((n) & 0xf) - 1) /* Extract subsystem and convert to an index. */ #define SUDO_DEBUG_SUBSYS(n) (((n) >> 6) - 1) /* * Wrapper for sudo_debug_enter() that declares __func__ as needed * and sets sudo_debug_subsys for sudo_debug_exit(). */ #ifdef HAVE___FUNC__ # define debug_decl(funcname, subsys) \ const int sudo_debug_subsys = (subsys); \ sudo_debug_enter(__func__, __FILE__, __LINE__, sudo_debug_subsys); #else # define debug_decl(funcname, subsys) \ const int sudo_debug_subsys = (subsys); \ const char *__func__ = #funcname; \ sudo_debug_enter(__func__, __FILE__, __LINE__, sudo_debug_subsys); #endif /* * Wrappers for sudo_debug_exit() and friends. */ #define debug_return \ do { \ sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); \ return; \ } while (0) #define debug_return_int(rval) \ do { \ int sudo_debug_rval = (rval); \ sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, \ sudo_debug_rval); \ return sudo_debug_rval; \ } while (0) #define debug_return_size_t(rval) \ do { \ size_t sudo_debug_rval = (rval); \ sudo_debug_exit_size_t(__func__, __FILE__, __LINE__, sudo_debug_subsys,\ sudo_debug_rval); \ return sudo_debug_rval; \ } while (0) #define debug_return_long(rval) \ do { \ long sudo_debug_rval = (rval); \ sudo_debug_exit_long(__func__, __FILE__, __LINE__, sudo_debug_subsys, \ sudo_debug_rval); \ return sudo_debug_rval; \ } while (0) #define debug_return_bool(rval) \ do { \ int sudo_debug_rval = (rval); \ sudo_debug_exit_bool(__func__, __FILE__, __LINE__, sudo_debug_subsys, \ sudo_debug_rval); \ return sudo_debug_rval; \ } while (0) #define debug_return_str(rval) \ do { \ char *sudo_debug_rval = (rval); \ sudo_debug_exit_str(__func__, __FILE__, __LINE__, sudo_debug_subsys, \ sudo_debug_rval); \ return sudo_debug_rval; \ } while (0) #define debug_return_const_str(rval) \ do { \ const char *sudo_debug_rval = (rval); \ sudo_debug_exit_str(__func__, __FILE__, __LINE__, sudo_debug_subsys, \ sudo_debug_rval); \ return sudo_debug_rval; \ } while (0) #define debug_return_str_masked(rval) \ do { \ char *sudo_debug_rval = (rval); \ sudo_debug_exit_str_masked(__func__, __FILE__, __LINE__, \ sudo_debug_subsys, sudo_debug_rval); \ return sudo_debug_rval; \ } while (0) #define debug_return_ptr(rval) \ do { \ void *sudo_debug_rval = (rval); \ sudo_debug_exit_ptr(__func__, __FILE__, __LINE__, sudo_debug_subsys, \ sudo_debug_rval); \ return sudo_debug_rval; \ } while (0) #define debug_return_const_ptr(rval) \ do { \ const void *sudo_debug_rval = (rval); \ sudo_debug_exit_ptr(__func__, __FILE__, __LINE__, sudo_debug_subsys, \ sudo_debug_rval); \ return sudo_debug_rval; \ } while (0) /* * Variadic macros are a C99 feature but GNU cpp has supported * a (different) version of them for a long time. */ #if defined(NO_VARIADIC_MACROS) # define sudo_debug_printf sudo_debug_printf_nvm #elif defined(__GNUC__) && __GNUC__ == 2 # define sudo_debug_printf(pri, fmt...) \ sudo_debug_printf2(__func__, __FILE__, __LINE__, (pri)|sudo_debug_subsys, \ fmt) #else # define sudo_debug_printf(pri, ...) \ sudo_debug_printf2(__func__, __FILE__, __LINE__, (pri)|sudo_debug_subsys, \ __VA_ARGS__) #endif #define sudo_debug_execve(pri, path, argv, envp) \ sudo_debug_execve2((pri)|sudo_debug_subsys, (path), (argv), (envp)) /* * NULL-terminated string lists of priorities and subsystems. */ extern const char *const sudo_debug_priorities[]; extern const char *const sudo_debug_subsystems[]; void sudo_debug_enter(const char *func, const char *file, int line, int subsys); void sudo_debug_execve2(int level, const char *path, char *const argv[], char *const envp[]); void sudo_debug_exit(const char *func, const char *file, int line, int subsys); void sudo_debug_exit_int(const char *func, const char *file, int line, int subsys, int rval); void sudo_debug_exit_long(const char *func, const char *file, int line, int subsys, long rval); void sudo_debug_exit_size_t(const char *func, const char *file, int line, int subsys, size_t rval); void sudo_debug_exit_bool(const char *func, const char *file, int line, int subsys, int rval); void sudo_debug_exit_str(const char *func, const char *file, int line, int subsys, const char *rval); void sudo_debug_exit_str_masked(const char *func, const char *file, int line, int subsys, const char *rval); void sudo_debug_exit_ptr(const char *func, const char *file, int line, int subsys, const void *rval); int sudo_debug_fd_get(void); int sudo_debug_fd_set(int fd); int sudo_debug_init(const char *debugfile, const char *settings); void sudo_debug_printf_nvm(int pri, const char *fmt, ...) __printf0like(2, 3); void sudo_debug_printf2(const char *func, const char *file, int line, int level, const char *fmt, ...) __printf0like(5, 6); void sudo_debug_vprintf2(const char *func, const char *file, int line, int level, const char *fmt, va_list ap) __printf0like(5, 0); void sudo_debug_write(const char *str, int len, int errno_val); void sudo_debug_write2(const char *func, const char *file, int line, const char *str, int len, int errno_val); pid_t sudo_debug_fork(void); #endif /* _SUDO_DEBUG_H */ sudo-1.8.9p5/include/sudo_dso.h010064400175440000012000000033751226304126300157660ustar00millertstaff/* * Copyright (c) 2010, 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDO_DSO_H #define _SUDO_DSO_H /* Values for sudo_dso_load() mode. */ #define SUDO_DSO_LAZY 0x1 #define SUDO_DSO_NOW 0x2 #define SUDO_DSO_GLOBAL 0x4 #define SUDO_DSO_LOCAL 0x8 /* Special handle arguments for sudo_dso_findsym(). */ #define SUDO_DSO_NEXT ((void *)-1) /* Search subsequent objects. */ #define SUDO_DSO_DEFAULT ((void *)-2) /* Use default search algorithm. */ #define SUDO_DSO_SELF ((void *)-3) /* Search the caller itself. */ /* Internal structs for static linking of plugins. */ struct sudo_preload_symbol { const char *name; void *addr; }; struct sudo_preload_table { const char *path; void *handle; struct sudo_preload_symbol *symbols; }; /* Public functions. */ char *sudo_dso_strerror(void); int sudo_dso_unload(void *handle); void *sudo_dso_findsym(void *handle, const char *symbol); void *sudo_dso_load(const char *path, int mode); void sudo_dso_preload_table(struct sudo_preload_table *table); #endif /* _SUDO_DSO_H */ sudo-1.8.9p5/include/sudo_event.h010064400175440000012000000132431226304126300163150ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDO_EVENT_H #define _SUDO_EVENT_H #include "queue.h" /* Event types */ #define SUDO_EV_TIMEOUT 0x01 /* fire after timeout */ #define SUDO_EV_READ 0x02 /* fire when readable */ #define SUDO_EV_WRITE 0x04 /* fire when writable */ #define SUDO_EV_PERSIST 0x08 /* persist until deleted */ /* Event flags (internal) */ #define SUDO_EVQ_INSERTED 0x01 /* event is on the event queue */ #define SUDO_EVQ_ACTIVE 0x02 /* event is on the active queue */ #define SUDO_EVQ_TIMEOUTS 0x04 /* event is on the timeouts queue */ /* Event loop flags */ #define SUDO_EVLOOP_ONCE 0x01 /* Only run once through the loop */ #define SUDO_EVLOOP_NONBLOCK 0x02 /* Do not block in event loop */ /* Event base flags (internal) */ #define SUDO_EVBASE_LOOPEXIT 0x01 #define SUDO_EVBASE_LOOPBREAK 0x02 #define SUDO_EVBASE_LOOPCONT 0x04 #define SUDO_EVBASE_GOT_EXIT 0x10 #define SUDO_EVBASE_GOT_BREAK 0x20 #define SUDO_EVBASE_GOT_MASK 0xf0 typedef void (*sudo_ev_callback_t)(int fd, int what, void *closure); /* Member of struct sudo_event_base. */ struct sudo_event { TAILQ_ENTRY(sudo_event) entries; TAILQ_ENTRY(sudo_event) active_entries; TAILQ_ENTRY(sudo_event) timeouts_entries; struct sudo_event_base *base; /* base this event belongs to */ int fd; /* fd we are interested in */ short events; /* SUDO_EV_* flags (in) */ short revents; /* SUDO_EV_* flags (out) */ short flags; /* internal event flags */ short pfd_idx; /* index into pfds array (XXX) */ sudo_ev_callback_t callback;/* user-provided callback */ struct timeval timeout; /* for SUDO_EV_TIMEOUT */ void *closure; /* user-provided data pointer */ }; TAILQ_HEAD(sudo_event_list, sudo_event); struct sudo_event_base { struct sudo_event_list events; /* tail queue of all events */ struct sudo_event_list active; /* tail queue of active events */ struct sudo_event_list timeouts; /* tail queue of timeout events */ #ifdef HAVE_POLL struct pollfd *pfds; /* array of struct pollfd */ int pfd_max; /* size of the pfds array */ int pfd_high; /* highest slot used */ int pfd_free; /* idx of next free entry or pfd_max if full */ #else fd_set *readfds_in; /* read I/O descriptor set (in) */ fd_set *writefds_in; /* write I/O descriptor set (in) */ fd_set *readfds_out; /* read I/O descriptor set (out) */ fd_set *writefds_out; /* write I/O descriptor set (out) */ int maxfd; /* max fd we can store in readfds/writefds */ int highfd; /* highest fd to pass as 1st arg to select */ #endif /* HAVE_POLL */ unsigned int flags; /* SUDO_EVBASE_* */ }; /* Allocate a new event base. */ struct sudo_event_base *sudo_ev_base_alloc(void); /* Free an event base. */ void sudo_ev_base_free(struct sudo_event_base *base); /* Allocate a new event. */ struct sudo_event *sudo_ev_alloc(int fd, short events, sudo_ev_callback_t callback, void *closure); /* Free an event. */ void sudo_ev_free(struct sudo_event *ev); /* Add an event, returns 0 on success, -1 on error */ int sudo_ev_add(struct sudo_event_base *head, struct sudo_event *ev, struct timeval *timo, bool tohead); /* Delete an event, returns 0 on success, -1 on error */ int sudo_ev_del(struct sudo_event_base *head, struct sudo_event *ev); /* Main event loop, returns SUDO_CB_SUCCESS, SUDO_CB_BREAK or SUDO_CB_ERROR */ int sudo_ev_loop(struct sudo_event_base *head, int flags); /* Return the remaining timeout associated with an event. */ int sudo_ev_get_timeleft(struct sudo_event *ev, struct timeval *tv); /* Cause the event loop to exit after one run through. */ void sudo_ev_loopexit(struct sudo_event_base *base); /* Break out of the event loop right now. */ void sudo_ev_loopbreak(struct sudo_event_base *base); /* Rescan for events and restart the event loop. */ void sudo_ev_loopcontinue(struct sudo_event_base *base); /* Returns true if event loop stopped due to sudo_ev_loopexit(). */ bool sudo_ev_got_exit(struct sudo_event_base *base); /* Returns true if event loop stopped due to sudo_ev_loopbreak(). */ bool sudo_ev_got_break(struct sudo_event_base *base); /* Return the fd associated with an event. */ #define sudo_ev_get_fd(_ev) ((_ev) ? (_ev)->fd : -1) /* Return the (absolute) timeout associated with an event or NULL. */ #define sudo_ev_get_timeout(_ev) \ (ISSET((_ev)->flags, SUDO_EVQ_TIMEOUTS) ? &(_ev)->timeout : NULL) /* Return the base an event is associated with or NULL. */ #define sudo_ev_get_base(_ev) ((_ev) ? (_ev)->base : NULL) /* Magic pointer value to use self pointer as callback arg. */ #define sudo_ev_self_cbarg() ((void *)-1) /* * Backend implementation. */ int sudo_ev_base_alloc_impl(struct sudo_event_base *base); void sudo_ev_base_free_impl(struct sudo_event_base *base); int sudo_ev_add_impl(struct sudo_event_base *base, struct sudo_event *ev); int sudo_ev_del_impl(struct sudo_event_base *base, struct sudo_event *ev); int sudo_ev_scan_impl(struct sudo_event_base *base, int flags); #endif /* _SUDO_EVENT_H */ sudo-1.8.9p5/include/sudo_plugin.h010064400175440000012000000171461226304126300165000ustar00millertstaff/* * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDO_PLUGIN_H #define _SUDO_PLUGIN_H /* API version major/minor */ #define SUDO_API_VERSION_MAJOR 1 #define SUDO_API_VERSION_MINOR 5 #define SUDO_API_MKVERSION(x, y) ((x << 16) | y) #define SUDO_API_VERSION SUDO_API_MKVERSION(SUDO_API_VERSION_MAJOR, SUDO_API_VERSION_MINOR) /* Getters and setters for API version */ #define SUDO_API_VERSION_GET_MAJOR(v) ((v) >> 16) #define SUDO_API_VERSION_GET_MINOR(v) ((v) & 0xffff) #define SUDO_API_VERSION_SET_MAJOR(vp, n) do { \ *(vp) = (*(vp) & 0x0000ffff) | ((n) << 16); \ } while(0) #define SUDO_API_VERSION_SET_MINOR(vp, n) do { \ *(vp) = (*(vp) & 0xffff0000) | (n); \ } while(0) /* Conversation function types and defines */ struct sudo_conv_message { #define SUDO_CONV_PROMPT_ECHO_OFF 0x0001 /* do not echo user input */ #define SUDO_CONV_PROMPT_ECHO_ON 0x0002 /* echo user input */ #define SUDO_CONV_ERROR_MSG 0x0003 /* error message */ #define SUDO_CONV_INFO_MSG 0x0004 /* informational message */ #define SUDO_CONV_PROMPT_MASK 0x0005 /* mask user input */ #define SUDO_CONV_DEBUG_MSG 0x0006 /* debugging message */ #define SUDO_CONV_PROMPT_ECHO_OK 0x1000 /* flag: allow echo if no tty */ int msg_type; int timeout; const char *msg; }; /* * Maximum length of a reply (not including the trailing NUL) when * conversing with the user. In practical terms, this is the longest * password sudo will support. This means that a buffer of size * SUDO_CONV_REPL_MAX+1 is guaranteed to be able to hold any reply * from the conversation function. It is also useful as a max value * for memset_s() when clearing passwords returned by the conversation * function. */ #define SUDO_CONV_REPL_MAX 255 struct sudo_conv_reply { char *reply; }; typedef int (*sudo_conv_t)(int num_msgs, const struct sudo_conv_message msgs[], struct sudo_conv_reply replies[]); typedef int (*sudo_printf_t)(int msg_type, const char *fmt, ...); /* * Hooks allow a plugin to hook into specific sudo and/or libc functions. */ /* Hook functions typedefs. */ typedef int (*sudo_hook_fn_t)(); typedef int (*sudo_hook_fn_setenv_t)(const char *name, const char *value, int overwrite, void *closure); typedef int (*sudo_hook_fn_putenv_t)(char *string, void *closure); typedef int (*sudo_hook_fn_getenv_t)(const char *name, char **value, void *closure); typedef int (*sudo_hook_fn_unsetenv_t)(const char *name, void *closure); /* Hook structure definition. */ struct sudo_hook { int hook_version; int hook_type; sudo_hook_fn_t hook_fn; void *closure; }; /* Hook API version major/minor */ #define SUDO_HOOK_VERSION_MAJOR 1 #define SUDO_HOOK_VERSION_MINOR 0 #define SUDO_HOOK_MKVERSION(x, y) ((x << 16) | y) #define SUDO_HOOK_VERSION SUDO_HOOK_MKVERSION(SUDO_HOOK_VERSION_MAJOR, SUDO_HOOK_VERSION_MINOR) /* Getters and setters for hook API version */ #define SUDO_HOOK_VERSION_GET_MAJOR(v) ((v) >> 16) #define SUDO_HOOK_VERSION_GET_MINOR(v) ((v) & 0xffff) #define SUDO_HOOK_VERSION_SET_MAJOR(vp, n) do { \ *(vp) = (*(vp) & 0x0000ffff) | ((n) << 16); \ } while(0) #define SUDO_HOOK_VERSION_SET_MINOR(vp, n) do { \ *(vp) = (*(vp) & 0xffff0000) | (n); \ } while(0) /* * Hook function return values. */ #define SUDO_HOOK_RET_ERROR -1 /* error */ #define SUDO_HOOK_RET_NEXT 0 /* go to the next hook in the list */ #define SUDO_HOOK_RET_STOP 1 /* stop hook processing for this type */ /* * Hooks for setenv/unsetenv/putenv/getenv. * This allows the plugin to be notified when a PAM module modifies * the environment so it can update the copy of the environment that * is passed to execve(). */ #define SUDO_HOOK_SETENV 1 #define SUDO_HOOK_UNSETENV 2 #define SUDO_HOOK_PUTENV 3 #define SUDO_HOOK_GETENV 4 /* Policy plugin type and defines */ struct passwd; struct policy_plugin { #define SUDO_POLICY_PLUGIN 1 unsigned int type; /* always SUDO_POLICY_PLUGIN */ unsigned int version; /* always SUDO_API_VERSION */ int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t sudo_printf, char * const settings[], char * const user_info[], char * const user_env[], char * const plugin_plugins[]); void (*close)(int exit_status, int error); /* wait status or error */ int (*show_version)(int verbose); int (*check_policy)(int argc, char * const argv[], char *env_add[], char **command_info[], char **argv_out[], char **user_env_out[]); int (*list)(int argc, char * const argv[], int verbose, const char *list_user); int (*validate)(void); void (*invalidate)(int remove); int (*init_session)(struct passwd *pwd, char **user_env_out[]); void (*register_hooks)(int version, int (*register_hook)(struct sudo_hook *hook)); void (*deregister_hooks)(int version, int (*deregister_hook)(struct sudo_hook *hook)); }; /* I/O plugin type and defines */ struct io_plugin { #define SUDO_IO_PLUGIN 2 unsigned int type; /* always SUDO_IO_PLUGIN */ unsigned int version; /* always SUDO_API_VERSION */ int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t sudo_printf, char * const settings[], char * const user_info[], char * const command_info[], int argc, char * const argv[], char * const user_env[], char * const plugin_plugins[]); void (*close)(int exit_status, int error); /* wait status or error */ int (*show_version)(int verbose); int (*log_ttyin)(const char *buf, unsigned int len); int (*log_ttyout)(const char *buf, unsigned int len); int (*log_stdin)(const char *buf, unsigned int len); int (*log_stdout)(const char *buf, unsigned int len); int (*log_stderr)(const char *buf, unsigned int len); void (*register_hooks)(int version, int (*register_hook)(struct sudo_hook *hook)); void (*deregister_hooks)(int version, int (*deregister_hook)(struct sudo_hook *hook)); }; /* Sudoers group plugin version major/minor */ #define GROUP_API_VERSION_MAJOR 1 #define GROUP_API_VERSION_MINOR 0 #define GROUP_API_VERSION ((GROUP_API_VERSION_MAJOR << 16) | GROUP_API_VERSION_MINOR) /* Getters and setters for group version */ #define GROUP_API_VERSION_GET_MAJOR(v) ((v) >> 16) #define GROUP_API_VERSION_GET_MINOR(v) ((v) & 0xffff) #define GROUP_API_VERSION_SET_MAJOR(vp, n) do { \ *(vp) = (*(vp) & 0x0000ffff) | ((n) << 16); \ } while(0) #define GROUP_API_VERSION_SET_MINOR(vp, n) do { \ *(vp) = (*(vp) & 0xffff0000) | (n); \ } while(0) /* * version: for compatibility checking * group_init: return 1 on success, 0 if unconfigured, -1 on error. * group_cleanup: called to clean up resources used by provider * user_in_group: returns 1 if user is in group, 0 if not. * note that pwd may be NULL if the user is not in passwd. */ struct sudoers_group_plugin { unsigned int version; int (*init)(int version, sudo_printf_t sudo_printf, char *const argv[]); void (*cleanup)(void); int (*query)(const char *user, const char *group, const struct passwd *pwd); }; #endif /* _SUDO_PLUGIN_H */ sudo-1.8.9p5/include/sudo_util.h010064400175440000012000000034141226304126300161500ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDO_UTIL_H #define _SUDO_UTIL_H #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif /* HAVE_STDBOOL_H */ /* aix.c */ void aix_prep_user(char *user, const char *tty); void aix_restoreauthdb(void); void aix_setauthdb(char *user); /* atobool.c */ int atobool(const char *str); /* atoid.c */ id_t atoid(const char *str, const char *sep, char **endp, const char **errstr); /* atomode.c */ int atomode(const char *cp, const char **errstr); /* fmt_string.h */ char *fmt_string(const char *var, const char *value); /* gidlist.c */ int parse_gid_list(const char *gidstr, const gid_t *basegid, GETGROUPS_T **gidsp); /* progname.c */ void initprogname(const char *); /* setgroups.c */ int sudo_setgroups(int ngids, const GETGROUPS_T *gids); /* term.c */ int term_cbreak(int); int term_copy(int, int); int term_noecho(int); int term_raw(int, int); int term_restore(int, int); /* ttysize.c */ void get_ttysize(int *rowp, int *colp); #endif /* _SUDO_UTIL_H */ sudo-1.8.9p5/indent.pro010064400175440000012000000004121226304126300143430ustar00millertstaff-br -cdb -ce -d0 -di1 -ei -i4 -nlp -npcs -npsl -ps -sc -TYYSTYPE -TLIST -TLINK -Tu_char -Tu_short -Tu_int -Tu_long -Tushort -Tuint -Tdaddr_t -Tcaddr_t -Tino_t -Tswblk_t -Tsize_t -Ttime_t -Tdev_t -Toff_t -Tuid_t -Tgid_t -Tfixpt_t -Tkey_t -Tpaddr_t -Tfd_mask -Tfd_set sudo-1.8.9p5/install-sh010075500175440000012000000076001226304126300143520ustar00millertstaff#! /bin/sh ## (From INN-1.4, written by Rich Salz) ## $Revision$ ## A script to install files and directories. PROGNAME=`basename $0` ## Paths to programs. CHOWN, STRIP and WHOAMI are checked below. CHOWN=chown CHGRP=chgrp CHMOD=chmod CP=cp LN=ln MKDIR=mkdir MV=mv RM=rm STRIP=strip WHOAMI="echo root" ## Some systems don't support -x, so we have to use -f. for d in /sbin /etc /usr/sbin /usr/etc; do if [ -f $d/chown ]; then CHOWN=${d}/chown break fi done for d in /usr/bin /bin /usr/ucb /usr/bsd; do if [ -f $d/whoami ]; then WHOAMI=${d}/whoami break elif [ -f $d/id ]; then WHOAMI=${d}/id | sed -n 's/^[^(]*(\([^)]*\)).*/\1/p' fi done for d in /usr/ccs/bin /usr/bin /bin; do if [ -f $d/strip ]; then STRIP=${d}/strip break fi done ## Defaults. CHOWNIT=false CHGROUPIT=false CHMODIT=false STRIPIT=false BACKIT=false TOUCHIT=true DIRMODE=false case `${WHOAMI}` in root) ROOT=true ;; *) ROOT=false ;; esac ## Process JCL. MORETODO=true while ${MORETODO} ; do case X"$1" in X-b) BACKIT=true BACKUP="$2" shift ;; X-b*) BACKIT=true BACKUP="`echo \"$1\" | sed 's/^..//'`" ;; X-c) # backwards compatibility ;; X-d) DIRMODE=true ;; X-g) GROUP="$2" CHGROUPIT=true shift ;; X-g*) GROUP="`echo \"$1\" | sed 's/^..//'`" CHGROUPIT=true ;; X-G) GROUP="$2" shift ${ROOT} && CHGROUPIT=true ;; X-G*) if ${ROOT} ; then GROUP="`echo \"$1\" | sed 's/^..//'`" CHGROUPIT=true fi ;; X-m) MODE="$2" CHMODIT=true shift ;; X-m*) MODE="`echo \"$1\" | sed 's/^..//'`" CHMODIT=true ;; X-M) MODE="$2" ${ROOT} && CHMODIT=true shift ;; X-M*) MODE="`echo \"$1\" | sed 's/^..//'`" ${ROOT} && CHMODIT=true ;; X-n) TOUCHIT=false ;; X-o) OWNER="$2" CHOWNIT=true shift ;; X-o*) OWNER="`echo \"$1\" | sed 's/^..//'`" CHOWNIT=true ;; X-O) OWNER="$2" shift ${ROOT} && CHOWNIT=true ;; X-O*) if ${ROOT} ; then OWNER="`echo \"$1\" | sed 's/^..//'`" CHOWNIT=true fi ;; X-s) STRIPIT=true ;; X--) shift MORETODO=false ;; X-*) echo "${PROGNAME}: Unknown flag $1" 1>&2 exit 1 ;; *) MORETODO=false ;; esac ${MORETODO} && shift done ## Making a directory? if ${DIRMODE} ; then while test $# != 0; do DEST="$1" if [ ! -d "${DEST}" ] ; then ${MKDIR} "${DEST}" || exit 1 fi if ${CHOWNIT} ; then ${CHOWN} "${OWNER}" "${DEST}" || exit 1 fi if ${CHGROUPIT} ; then ${CHGRP} "${GROUP}" "${DEST}" || exit 1 fi if ${CHMODIT} ; then ${CHMOD} "${MODE}" "${DEST}" || exit 1 fi shift; done exit 0 fi ## Process arguments. if [ $# -ne 2 ] ; then echo "Usage: ${PROGNAME} [flags] source destination" exit 1 fi ## Get the destination and a temp file in the destination diretory. if [ -d "$2" ] ; then DEST="$2/`basename $1`" TEMP="$2/$$.tmp" else DEST="$2" TEMP="`expr "$2" : '\(.*\)/.*'`/$$.tmp" fi ## If not given the same name, we must try to copy. if [ X"$1" != X"$2" ] ; then if cmp -s "$1" "${DEST}" ; then ## Files are same; touch or not. ${TOUCHIT} && touch "${DEST}" else ## If destination exists and we wish to backup, link to backup. if [ -f "${DEST}" ] ; then if ${BACKIT} ; then ${RM} -f "${DEST}${BACKUP}" ${LN} "${DEST}" "${DEST}${BACKUP}" fi fi ## Copy source to the right dir, then move to right spot. ## Done in two parts so we can hope for atomicity. ## We need to rm DEST due to bugs in "mv -f" on some systems. ${RM} -f "${TEMP}" || exit 1 ${CP} "$1" "${TEMP}" || exit 1 ${RM} -f "${DEST}" || exit 1 ${MV} -f "${TEMP}" "${DEST}" || exit 1 fi fi ## Strip and set the modes. if ${STRIPIT} ; then ${STRIP} "${DEST}" || exit 1 fi if ${CHOWNIT} ; then ${CHOWN} "${OWNER}" "${DEST}" || exit 1 fi if ${CHGROUPIT} ; then ${CHGRP} "${GROUP}" "${DEST}" || exit 1 fi if ${CHMODIT} ; then ${CHMOD} "${MODE}" "${DEST}" || exit 1 fi exit 0 sudo-1.8.9p5/ltmain.sh010064400175440000012000011550521227416652300142050ustar00millertstaff#! /bin/sh # libtool (GNU libtool) 2.4.2.418 # Provide generalized library-building support services. # Written by Gordon Matzigkeit , 1996 # Copyright (C) 1996-2013 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # GNU Libtool is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # As a special exception to the GNU General Public License, # if you distribute this file as part of a program or library that # is built using GNU Libtool, you may include this file under the # same distribution terms that you use for the rest of that program. # # GNU Libtool is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . PROGRAM=libtool PACKAGE=libtool VERSION=2.4.2.418 package_revision=2.4.2.418 ## ------ ## ## Usage. ## ## ------ ## # Run './libtool --help' for help with using this script from the # command line. ## ------------------------------- ## ## User overridable command paths. ## ## ------------------------------- ## # After configure completes, it has a better idea of some of the # shell tools we need than the defaults used by the functions shared # with bootstrap, so set those here where they can still be over- # ridden by the user, but otherwise take precedence. : ${AUTOCONF="autoconf"} : ${AUTOMAKE="automake"} ## -------------------------- ## ## Source external libraries. ## ## -------------------------- ## # Much of our low-level functionality needs to be sourced from external # libraries, which are installed to $pkgauxdir. # Set a version string for this script. scriptversion=2013-08-23.20; # UTC # General shell script boiler plate, and helper functions. # Written by Gary V. Vaughan, 2004 # Copyright (C) 2004-2013 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # As a special exception to the GNU General Public License, if you distribute # this file as part of a program or library that is built using GNU Libtool, # you may include this file under the same distribution terms that you use # for the rest of that program. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Please report bugs or propose patches to gary@gnu.org. ## ------ ## ## Usage. ## ## ------ ## # Evaluate this file near the top of your script to gain access to # the functions and variables defined here: # # . `echo "$0" | ${SED-sed} 's|[^/]*$||'`/build-aux/funclib.sh # # If you need to override any of the default environment variable # settings, do that before evaluating this file. ## -------------------- ## ## Shell normalisation. ## ## -------------------- ## # Some shells need a little help to be as Bourne compatible as possible. # Before doing anything else, make sure all that help has been provided! DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi # NLS nuisances: We save the old values in case they are required later. _G_user_locale= _G_safe_locale= for _G_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES do eval "if test set = \"\${$_G_var+set}\"; then save_$_G_var=\$$_G_var $_G_var=C export $_G_var _G_user_locale=\"$_G_var=\\\$save_\$_G_var; \$_G_user_locale\" _G_safe_locale=\"$_G_var=C; \$_G_safe_locale\" fi" done # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # Make sure IFS has a sensible default sp=' ' nl=' ' IFS="$sp $nl" # There are still modern systems that have problems with 'echo' mis- # handling backslashes, among others, so make sure $bs_echo is set to a # command that correctly interprets backslashes. # (this code from Autoconf 2.68) # Printing a long string crashes Solaris 7 /usr/bin/printf. bs_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' bs_echo=$bs_echo$bs_echo$bs_echo$bs_echo$bs_echo bs_echo=$bs_echo$bs_echo$bs_echo$bs_echo$bs_echo$bs_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $bs_echo`" = "X$bs_echo") 2>/dev/null; then bs_echo='print -r --' bs_echo_n='print -rn --' elif (test "X`printf %s $bs_echo`" = "X$bs_echo") 2>/dev/null; then bs_echo='printf %s\n' bs_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $bs_echo) 2>/dev/null`" = "X-n $bs_echo"; then bs_echo_body='eval /usr/ucb/echo -n "$1$nl"' bs_echo_n='/usr/ucb/echo -n' else bs_echo_body='eval expr "X$1" : "X\\(.*\\)"' bs_echo_n_body='eval arg=$1; case $arg in #( *"$nl"*) expr "X$arg" : "X\\(.*\\)$nl"; arg=`expr "X$arg" : ".*$nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$nl" ' export bs_echo_n_body bs_echo_n='sh -c $bs_echo_n_body bs_echo' fi export bs_echo_body bs_echo='sh -c $bs_echo_body bs_echo' fi ## ------------------------------- ## ## User overridable command paths. ## ## ------------------------------- ## # All uppercase variable names are used for environment variables. These # variables can be overridden by the user before calling a script that # uses them if a suitable command of that name is not already available # in the command search PATH. : ${CP="cp -f"} : ${ECHO="$bs_echo"} : ${EGREP="grep -E"} : ${FGREP="grep -F"} : ${GREP="grep"} : ${LN_S="ln -s"} : ${MAKE="make"} : ${MKDIR="mkdir"} : ${MV="mv -f"} : ${RM="rm -f"} : ${SED="sed"} : ${SHELL="${CONFIG_SHELL-/bin/sh}"} ## -------------------- ## ## Useful sed snippets. ## ## -------------------- ## sed_dirname='s|/[^/]*$||' sed_basename='s|^.*/||' # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. sed_quote_subst='s|\([`"$\\]\)|\\\1|g' # Same as above, but do not quote variable references. sed_double_quote_subst='s/\(["`\\]\)/\\\1/g' # Sed substitution that turns a string into a regex matching for the # string literally. sed_make_literal_regex='s|[].[^$\\*\/]|\\&|g' # Sed substitution that converts a w32 file name or path # that contains forward slashes, into one that contains # (escaped) backslashes. A very naive implementation. sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' # Re-'\' parameter expansions in output of sed_double_quote_subst that # were '\'-ed in input to the same. If an odd number of '\' preceded a # '$' in input to sed_double_quote_subst, that '$' was protected from # expansion. Since each input '\' is now two '\'s, look for any number # of runs of four '\'s followed by two '\'s and then a '$'. '\' that '$'. _G_bs='\\' _G_bs2='\\\\' _G_bs4='\\\\\\\\' _G_dollar='\$' sed_double_backslash="\ s/$_G_bs4/&\\ /g s/^$_G_bs2$_G_dollar/$_G_bs&/ s/\\([^$_G_bs]\\)$_G_bs2$_G_dollar/\\1$_G_bs2$_G_bs$_G_dollar/g s/\n//g" ## ----------------- ## ## Global variables. ## ## ----------------- ## # Except for the global variables explicitly listed below, the following # functions in the '^func_' namespace, and the '^require_' namespace # variables initialised in the 'Resource management' section, sourcing # this file will not pollute your global namespace with anything # else. There's no portable way to scope variables in Bourne shell # though, so actually running these functions will sometimes place # results into a variable named after the function, and often use # temporary variables in the '^_G_' namespace. If you are careful to # avoid using those namespaces casually in your sourcing script, things # should continue to work as you expect. And, of course, you can freely # overwrite any of the functions or variables defined here before # calling anything to customize them. EXIT_SUCCESS=0 EXIT_FAILURE=1 EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. # Allow overriding, eg assuming that you follow the convention of # putting '$debug_cmd' at the start of all your functions, you can get # bash to show function call trace with: # # debug_cmd='eval echo "${FUNCNAME[0]} $*" >&2' bash your-script-name debug_cmd=${debug_cmd-":"} exit_cmd=: # By convention, finish your script with: # # exit $exit_status # # so that you can set exit_status to non-zero if you want to indicate # something went wrong during execution without actually bailing out at # the point of failure. exit_status=$EXIT_SUCCESS # Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh # is ksh but when the shell is invoked as "sh" and the current value of # the _XPG environment variable is not equal to 1 (one), the special # positional parameter $0, within a function call, is the name of the # function. progpath=$0 # The name of this program. progname=`$bs_echo "$progpath" |$SED "$sed_basename"` # Make sure we have an absolute progpath for reexecution: case $progpath in [\\/]*|[A-Za-z]:\\*) ;; *[\\/]*) progdir=`$bs_echo "$progpath" |$SED "$sed_dirname"` progdir=`cd "$progdir" && pwd` progpath=$progdir/$progname ;; *) _G_IFS=$IFS IFS=${PATH_SEPARATOR-:} for progdir in $PATH; do IFS=$_G_IFS test -x "$progdir/$progname" && break done IFS=$_G_IFS test -n "$progdir" || progdir=`pwd` progpath=$progdir/$progname ;; esac ## ----------------- ## ## Standard options. ## ## ----------------- ## # The following options affect the operation of the functions defined # below, and should be set appropriately depending on run-time para- # meters passed on the command line. opt_dry_run=false opt_quiet=false opt_verbose=false # Categories 'all' and 'none' are always available. Append any others # you will pass as the first argument to func_warning from your own # code. warning_categories= # By default, display warnings according to 'opt_warning_types'. Set # 'warning_func' to ':' to elide all warnings, or func_fatal_error to # treat the next displayed warning as a fatal error. warning_func=func_warn_and_continue # Set to 'all' to display all warnings, 'none' to suppress all # warnings, or a space delimited list of some subset of # 'warning_categories' to display only the listed warnings. opt_warning_types=all ## -------------------- ## ## Resource management. ## ## -------------------- ## # This section contains definitions for functions that each ensure a # particular resource (a file, or a non-empty configuration variable for # example) is available, and if appropriate to extract default values # from pertinent package files. Call them using their associated # 'require_*' variable to ensure that they are executed, at most, once. # # It's entirely deliberate that calling these functions can set # variables that don't obey the namespace limitations obeyed by the rest # of this file, in order that that they be as useful as possible to # callers. # require_term_colors # ------------------- # Allow display of bold text on terminals that support it. require_term_colors=func_require_term_colors func_require_term_colors () { $debug_cmd test -t 1 && { # COLORTERM and USE_ANSI_COLORS environment variables take # precedence, because most terminfo databases neglect to describe # whether color sequences are supported. test -n "${COLORTERM+set}" && : ${USE_ANSI_COLORS="1"} if test 1 = "$USE_ANSI_COLORS"; then # Standard ANSI escape sequences tc_reset='' tc_bold=''; tc_standout='' tc_red=''; tc_green='' tc_blue=''; tc_cyan='' else # Otherwise trust the terminfo database after all. test -n "`tput sgr0 2>/dev/null`" && { tc_reset=`tput sgr0` test -n "`tput bold 2>/dev/null`" && tc_bold=`tput bold` tc_standout=$tc_bold test -n "`tput smso 2>/dev/null`" && tc_standout=`tput smso` test -n "`tput setaf 1 2>/dev/null`" && tc_red=`tput setaf 1` test -n "`tput setaf 2 2>/dev/null`" && tc_green=`tput setaf 2` test -n "`tput setaf 4 2>/dev/null`" && tc_blue=`tput setaf 4` test -n "`tput setaf 5 2>/dev/null`" && tc_cyan=`tput setaf 5` } fi } require_term_colors=: } ## ----------------- ## ## Function library. ## ## ----------------- ## # This section contains a variety of useful functions to call in your # scripts. Take note of the portable wrappers for features provided by # some modern shells, which will fall back to slower equivalents on # less featureful shells. # func_append VAR VALUE # --------------------- # Append VALUE onto the existing contents of VAR. # We should try to minimise forks, especially on Windows where they are # unreasonably slow, so skip the feature probes when bash or zsh are # being used: if test set = "${BASH_VERSION+set}${ZSH_VERSION+set}"; then : ${_G_HAVE_ARITH_OP="yes"} : ${_G_HAVE_XSI_OPS="yes"} # The += operator was introduced in bash 3.1 case $BASH_VERSION in [12].* | 3.0 | 3.0*) ;; *) : ${_G_HAVE_PLUSEQ_OP="yes"} ;; esac fi # _G_HAVE_PLUSEQ_OP # Can be empty, in which case the shell is probed, "yes" if += is # useable or anything else if it does not work. test -z "$_G_HAVE_PLUSEQ_OP" \ && (eval 'x=a; x+=" b"; test "a b" = "$x"') 2>/dev/null \ && _G_HAVE_PLUSEQ_OP=yes if test yes = "$_G_HAVE_PLUSEQ_OP" then # This is an XSI compatible shell, allowing a faster implementation... eval 'func_append () { $debug_cmd eval "$1+=\$2" }' else # ...otherwise fall back to using expr, which is often a shell builtin. func_append () { $debug_cmd eval "$1=\$$1\$2" } fi # func_append_quoted VAR VALUE # ---------------------------- # Quote VALUE and append to the end of shell variable VAR, separated # by a space. if test yes = "$_G_HAVE_PLUSEQ_OP"; then eval 'func_append_quoted () { $debug_cmd func_quote_for_eval "$2" eval "$1+=\\ \$func_quote_for_eval_result" }' else func_append_quoted () { $debug_cmd func_quote_for_eval "$2" eval "$1=\$$1\\ \$func_quote_for_eval_result" } fi # func_append_uniq VAR VALUE # -------------------------- # Append unique VALUE onto the existing contents of VAR, assuming # entries are delimited by the first character of VALUE. For example: # # func_append_uniq options " --another-option option-argument" # # will only append to $options if " --another-option option-argument " # is not already present somewhere in $options already (note spaces at # each end implied by leading space in second argument). func_append_uniq () { $debug_cmd eval _G_current_value='`$bs_echo $'$1'`' _G_delim=`expr "$2" : '\(.\)'` case $_G_delim$_G_current_value$_G_delim in *"$2$_G_delim"*) ;; *) func_append "$@" ;; esac } # func_arith TERM... # ------------------ # Set func_arith_result to the result of evaluating TERMs. test -z "$_G_HAVE_ARITH_OP" \ && (eval 'test 2 = $(( 1 + 1 ))') 2>/dev/null \ && _G_HAVE_ARITH_OP=yes if test yes = "$_G_HAVE_ARITH_OP"; then eval 'func_arith () { $debug_cmd func_arith_result=$(( $* )) }' else func_arith () { $debug_cmd func_arith_result=`expr "$@"` } fi # func_basename FILE # ------------------ # Set func_basename_result to FILE with everything up to and including # the last / stripped. if test yes = "$_G_HAVE_XSI_OPS"; then # If this shell supports suffix pattern removal, then use it to avoid # forking. Hide the definitions single quotes in case the shell chokes # on unsupported syntax... _b='func_basename_result=${1##*/}' _d='case $1 in */*) func_dirname_result=${1%/*}$2 ;; * ) func_dirname_result=$3 ;; esac' else # ...otherwise fall back to using sed. _b='func_basename_result=`$ECHO "$1" |$SED "$sed_basename"`' _d='func_dirname_result=`$ECHO "$1" |$SED "$sed_dirname"` if test "X$func_dirname_result" = "X$1"; then func_dirname_result=$3 else func_append func_dirname_result "$2" fi' fi eval 'func_basename () { $debug_cmd '"$_b"' }' # func_dirname FILE APPEND NONDIR_REPLACEMENT # ------------------------------------------- # Compute the dirname of FILE. If nonempty, add APPEND to the result, # otherwise set result to NONDIR_REPLACEMENT. eval 'func_dirname () { $debug_cmd '"$_d"' }' # func_dirname_and_basename FILE APPEND NONDIR_REPLACEMENT # -------------------------------------------------------- # Perform func_basename and func_dirname in a single function # call: # dirname: Compute the dirname of FILE. If nonempty, # add APPEND to the result, otherwise set result # to NONDIR_REPLACEMENT. # value returned in "$func_dirname_result" # basename: Compute filename of FILE. # value retuned in "$func_basename_result" # For efficiency, we do not delegate to the functions above but instead # duplicate the functionality here. eval 'func_dirname_and_basename () { $debug_cmd '"$_b"' '"$_d"' }' # func_echo ARG... # ---------------- # Echo program name prefixed message. func_echo () { $debug_cmd _G_message=$* func_echo_IFS=$IFS IFS=$nl for _G_line in $_G_message; do IFS=$func_echo_IFS $bs_echo "$progname: $_G_line" done IFS=$func_echo_IFS } # func_echo_all ARG... # -------------------- # Invoke $ECHO with all args, space-separated. func_echo_all () { $ECHO "$*" } # func_echo_infix_1 INFIX ARG... # ------------------------------ # Echo program name, followed by INFIX on the first line, with any # additional lines not showing INFIX. func_echo_infix_1 () { $debug_cmd $require_term_colors _G_infix=$1; shift _G_indent=$_G_infix _G_prefix="$progname: $_G_infix: " _G_message=$* # Strip color escape sequences before counting printable length for _G_tc in "$tc_reset" "$tc_bold" "$tc_standout" "$tc_red" "$tc_green" "$tc_blue" "$tc_cyan" do test -n "$_G_tc" && { _G_esc_tc=`$bs_echo "$_G_tc" | sed "$sed_make_literal_regex"` _G_indent=`$bs_echo "$_G_indent" | sed "s|$_G_esc_tc||g"` } done _G_indent="$progname: "`echo "$_G_indent" | sed 's|.| |g'`" " ## exclude from sc_prohibit_nested_quotes func_echo_infix_1_IFS=$IFS IFS=$nl for _G_line in $_G_message; do IFS=$func_echo_infix_1_IFS $bs_echo "$_G_prefix$tc_bold$_G_line$tc_reset" >&2 _G_prefix=$_G_indent done IFS=$func_echo_infix_1_IFS } # func_error ARG... # ----------------- # Echo program name prefixed message to standard error. func_error () { $debug_cmd $require_term_colors func_echo_infix_1 " $tc_standout${tc_red}error$tc_reset" "$*" >&2 } # func_fatal_error ARG... # ----------------------- # Echo program name prefixed message to standard error, and exit. func_fatal_error () { $debug_cmd func_error "$*" exit $EXIT_FAILURE } # func_grep EXPRESSION FILENAME # ----------------------------- # Check whether EXPRESSION matches any line of FILENAME, without output. func_grep () { $debug_cmd $GREP "$1" "$2" >/dev/null 2>&1 } # func_len STRING # --------------- # Set func_len_result to the length of STRING. STRING may not # start with a hyphen. test -z "$_G_HAVE_XSI_OPS" \ && (eval 'x=a/b/c; test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ && _G_HAVE_XSI_OPS=yes if test yes = "$_G_HAVE_XSI_OPS"; then eval 'func_len () { $debug_cmd func_len_result=${#1} }' else func_len () { $debug_cmd func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len` } fi # func_mkdir_p DIRECTORY-PATH # --------------------------- # Make sure the entire path to DIRECTORY-PATH is available. func_mkdir_p () { $debug_cmd _G_directory_path=$1 _G_dir_list= if test -n "$_G_directory_path" && test : != "$opt_dry_run"; then # Protect directory names starting with '-' case $_G_directory_path in -*) _G_directory_path=./$_G_directory_path ;; esac # While some portion of DIR does not yet exist... while test ! -d "$_G_directory_path"; do # ...make a list in topmost first order. Use a colon delimited # list incase some portion of path contains whitespace. _G_dir_list=$_G_directory_path:$_G_dir_list # If the last portion added has no slash in it, the list is done case $_G_directory_path in */*) ;; *) break ;; esac # ...otherwise throw away the child directory and loop _G_directory_path=`$ECHO "$_G_directory_path" | $SED -e "$sed_dirname"` done _G_dir_list=`$ECHO "$_G_dir_list" | $SED 's|:*$||'` func_mkdir_p_IFS=$IFS; IFS=: for _G_dir in $_G_dir_list; do IFS=$func_mkdir_p_IFS # mkdir can fail with a 'File exist' error if two processes # try to create one of the directories concurrently. Don't # stop in that case! $MKDIR "$_G_dir" 2>/dev/null || : done IFS=$func_mkdir_p_IFS # Bail out if we (or some other process) failed to create a directory. test -d "$_G_directory_path" || \ func_fatal_error "Failed to create '$1'" fi } # func_mktempdir [BASENAME] # ------------------------- # Make a temporary directory that won't clash with other running # libtool processes, and avoids race conditions if possible. If # given, BASENAME is the basename for that directory. func_mktempdir () { $debug_cmd _G_template=${TMPDIR-/tmp}/${1-$progname} if test : = "$opt_dry_run"; then # Return a directory name, but don't create it in dry-run mode _G_tmpdir=$_G_template-$$ else # If mktemp works, use that first and foremost _G_tmpdir=`mktemp -d "$_G_template-XXXXXXXX" 2>/dev/null` if test ! -d "$_G_tmpdir"; then # Failing that, at least try and use $RANDOM to avoid a race _G_tmpdir=$_G_template-${RANDOM-0}$$ func_mktempdir_umask=`umask` umask 0077 $MKDIR "$_G_tmpdir" umask $func_mktempdir_umask fi # If we're not in dry-run mode, bomb out on failure test -d "$_G_tmpdir" || \ func_fatal_error "cannot create temporary directory '$_G_tmpdir'" fi $ECHO "$_G_tmpdir" } # func_normal_abspath PATH # ------------------------ # Remove doubled-up and trailing slashes, "." path components, # and cancel out any ".." path components in PATH after making # it an absolute path. func_normal_abspath () { $debug_cmd # These SED scripts presuppose an absolute path with a trailing slash. _G_pathcar='s|^/\([^/]*\).*$|\1|' _G_pathcdr='s|^/[^/]*||' _G_removedotparts=':dotsl s|/\./|/|g t dotsl s|/\.$|/|' _G_collapseslashes='s|/\{1,\}|/|g' _G_finalslash='s|/*$|/|' # Start from root dir and reassemble the path. func_normal_abspath_result= func_normal_abspath_tpath=$1 func_normal_abspath_altnamespace= case $func_normal_abspath_tpath in "") # Empty path, that just means $cwd. func_stripname '' '/' "`pwd`" func_normal_abspath_result=$func_stripname_result return ;; # The next three entries are used to spot a run of precisely # two leading slashes without using negated character classes; # we take advantage of case's first-match behaviour. ///*) # Unusual form of absolute path, do nothing. ;; //*) # Not necessarily an ordinary path; POSIX reserves leading '//' # and for example Cygwin uses it to access remote file shares # over CIFS/SMB, so we conserve a leading double slash if found. func_normal_abspath_altnamespace=/ ;; /*) # Absolute path, do nothing. ;; *) # Relative path, prepend $cwd. func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath ;; esac # Cancel out all the simple stuff to save iterations. We also want # the path to end with a slash for ease of parsing, so make sure # there is one (and only one) here. func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ -e "$_G_removedotparts" -e "$_G_collapseslashes" -e "$_G_finalslash"` while :; do # Processed it all yet? if test / = "$func_normal_abspath_tpath"; then # If we ascended to the root using ".." the result may be empty now. if test -z "$func_normal_abspath_result"; then func_normal_abspath_result=/ fi break fi func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \ -e "$_G_pathcar"` func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ -e "$_G_pathcdr"` # Figure out what to do with it case $func_normal_abspath_tcomponent in "") # Trailing empty path component, ignore it. ;; ..) # Parent dir; strip last assembled component from result. func_dirname "$func_normal_abspath_result" func_normal_abspath_result=$func_dirname_result ;; *) # Actual path component, append it. func_append func_normal_abspath_result "/$func_normal_abspath_tcomponent" ;; esac done # Restore leading double-slash if one was found on entry. func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result } # func_notquiet ARG... # -------------------- # Echo program name prefixed message only when not in quiet mode. func_notquiet () { $debug_cmd $opt_quiet || func_echo ${1+"$@"} # A bug in bash halts the script if the last line of a function # fails when set -e is in force, so we need another command to # work around that: : } # func_relative_path SRCDIR DSTDIR # -------------------------------- # Set func_relative_path_result to the relative path from SRCDIR to DSTDIR. func_relative_path () { $debug_cmd func_relative_path_result= func_normal_abspath "$1" func_relative_path_tlibdir=$func_normal_abspath_result func_normal_abspath "$2" func_relative_path_tbindir=$func_normal_abspath_result # Ascend the tree starting from libdir while :; do # check if we have found a prefix of bindir case $func_relative_path_tbindir in $func_relative_path_tlibdir) # found an exact match func_relative_path_tcancelled= break ;; $func_relative_path_tlibdir*) # found a matching prefix func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir" func_relative_path_tcancelled=$func_stripname_result if test -z "$func_relative_path_result"; then func_relative_path_result=. fi break ;; *) func_dirname $func_relative_path_tlibdir func_relative_path_tlibdir=$func_dirname_result if test -z "$func_relative_path_tlibdir"; then # Have to descend all the way to the root! func_relative_path_result=../$func_relative_path_result func_relative_path_tcancelled=$func_relative_path_tbindir break fi func_relative_path_result=../$func_relative_path_result ;; esac done # Now calculate path; take care to avoid doubling-up slashes. func_stripname '' '/' "$func_relative_path_result" func_relative_path_result=$func_stripname_result func_stripname '/' '/' "$func_relative_path_tcancelled" if test -n "$func_stripname_result"; then func_append func_relative_path_result "/$func_stripname_result" fi # Normalisation. If bindir is libdir, return '.' else relative path. if test -n "$func_relative_path_result"; then func_stripname './' '' "$func_relative_path_result" func_relative_path_result=$func_stripname_result fi test -n "$func_relative_path_result" || func_relative_path_result=. : } # func_quote_for_eval ARG... # -------------------------- # Aesthetically quote ARGs to be evaled later. # This function returns two values: # i) func_quote_for_eval_result # double-quoted, suitable for a subsequent eval # ii) func_quote_for_eval_unquoted_result # has all characters that are still active within double # quotes backslashified. func_quote_for_eval () { $debug_cmd func_quote_for_eval_unquoted_result= func_quote_for_eval_result= while test 0 -lt $#; do case $1 in *[\\\`\"\$]*) _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;; *) _G_unquoted_arg=$1 ;; esac if test -n "$func_quote_for_eval_unquoted_result"; then func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg" else func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg" fi case $_G_unquoted_arg in # Double-quote args containing shell metacharacters to delay # word splitting, command substitution and variable expansion # for a subsequent eval. # Many Bourne shells cannot handle close brackets correctly # in scan sets, so we specify it separately. *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") _G_quoted_arg=\"$_G_unquoted_arg\" ;; *) _G_quoted_arg=$_G_unquoted_arg ;; esac if test -n "$func_quote_for_eval_result"; then func_append func_quote_for_eval_result " $_G_quoted_arg" else func_append func_quote_for_eval_result "$_G_quoted_arg" fi shift done } # func_quote_for_expand ARG # ------------------------- # Aesthetically quote ARG to be evaled later; same as above, # but do not quote variable references. func_quote_for_expand () { $debug_cmd case $1 in *[\\\`\"]*) _G_arg=`$ECHO "$1" | $SED \ -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;; *) _G_arg=$1 ;; esac case $_G_arg in # Double-quote args containing shell metacharacters to delay # word splitting and command substitution for a subsequent eval. # Many Bourne shells cannot handle close brackets correctly # in scan sets, so we specify it separately. *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") _G_arg=\"$_G_arg\" ;; esac func_quote_for_expand_result=$_G_arg } # func_stripname PREFIX SUFFIX NAME # --------------------------------- # strip PREFIX and SUFFIX from NAME, and store in func_stripname_result. # PREFIX and SUFFIX must not contain globbing or regex special # characters, hashes, percent signs, but SUFFIX may contain a leading # dot (in which case that matches only a dot). if test yes = "$_G_HAVE_XSI_OPS"; then eval 'func_stripname () { $debug_cmd # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are # positional parameters, so assign one to ordinary variable first. func_stripname_result=$3 func_stripname_result=${func_stripname_result#"$1"} func_stripname_result=${func_stripname_result%"$2"} }' else func_stripname () { $debug_cmd case $2 in .*) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%\\\\$2\$%%"`;; *) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%$2\$%%"`;; esac } fi # func_show_eval CMD [FAIL_EXP] # ----------------------------- # Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is # not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP # is given, then evaluate it. func_show_eval () { $debug_cmd _G_cmd=$1 _G_fail_exp=${2-':'} func_quote_for_expand "$_G_cmd" eval "func_notquiet $func_quote_for_expand_result" $opt_dry_run || { eval "$_G_cmd" _G_status=$? if test 0 -ne "$_G_status"; then eval "(exit $_G_status); $_G_fail_exp" fi } } # func_show_eval_locale CMD [FAIL_EXP] # ------------------------------------ # Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is # not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP # is given, then evaluate it. Use the saved locale for evaluation. func_show_eval_locale () { $debug_cmd _G_cmd=$1 _G_fail_exp=${2-':'} $opt_quiet || { func_quote_for_expand "$_G_cmd" eval "func_echo $func_quote_for_expand_result" } $opt_dry_run || { eval "$_G_user_locale $_G_cmd" _G_status=$? eval "$_G_safe_locale" if test 0 -ne "$_G_status"; then eval "(exit $_G_status); $_G_fail_exp" fi } } # func_tr_sh # ---------- # Turn $1 into a string suitable for a shell variable name. # Result is stored in $func_tr_sh_result. All characters # not in the set a-zA-Z0-9_ are replaced with '_'. Further, # if $1 begins with a digit, a '_' is prepended as well. func_tr_sh () { $debug_cmd case $1 in [0-9]* | *[!a-zA-Z0-9_]*) func_tr_sh_result=`$ECHO "$1" | $SED -e 's/^\([0-9]\)/_\1/' -e 's/[^a-zA-Z0-9_]/_/g'` ;; * ) func_tr_sh_result=$1 ;; esac } # func_verbose ARG... # ------------------- # Echo program name prefixed message in verbose mode only. func_verbose () { $debug_cmd $opt_verbose && func_echo "$*" : } # func_warn_and_continue ARG... # ----------------------------- # Echo program name prefixed warning message to standard error. func_warn_and_continue () { $debug_cmd $require_term_colors func_echo_infix_1 "${tc_red}warning$tc_reset" "$*" >&2 } # func_warning CATEGORY ARG... # ---------------------------- # Echo program name prefixed warning message to standard error. Warning # messages can be filtered according to CATEGORY, where this function # elides messages where CATEGORY is not listed in the global variable # 'opt_warning_types'. func_warning () { $debug_cmd # CATEGORY must be in the warning_categories list! case " $warning_categories " in *" $1 "*) ;; *) func_internal_error "invalid warning category '$1'" ;; esac _G_category=$1 shift case " $opt_warning_types " in *" $_G_category "*) $warning_func ${1+"$@"} ;; esac } # func_sort_ver VER1 VER2 # ----------------------- # 'sort -V' is not generally available. # Note this deviates from the version comparison in automake # in that it treats 1.5 < 1.5.0, and treats 1.4.4a < 1.4-p3a # but this should suffice as we won't be specifying old # version formats or redundant trailing .0 in bootstrap.conf. # If we did want full compatibility then we should probably # use m4_version_compare from autoconf. func_sort_ver () { $debug_cmd ver1=$1 ver2=$2 # Split on '.' and compare each component. i=1 while :; do p1=`echo "$ver1" |cut -d. -f$i` p2=`echo "$ver2" |cut -d. -f$i` if test ! "$p1"; then echo "$1 $2" break elif test ! "$p2"; then echo "$2 $1" break elif test ! "$p1" = "$p2"; then if test "$p1" -gt "$p2" 2>/dev/null; then # numeric comparison echo "$2 $1" elif test "$p2" -gt "$p1" 2>/dev/null; then # numeric comparison echo "$1 $2" else # numeric, then lexicographic comparison lp=`printf "$p1\n$p2\n" |sort -n |tail -n1` if test "$lp" = "$p2"; then echo "$1 $2" else echo "$2 $1" fi fi break fi i=`expr $i + 1` done } # Local variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" # time-stamp-time-zone: "UTC" # End: #! /bin/sh # Set a version string for this script. scriptversion=2012-10-21.11; # UTC # A portable, pluggable option parser for Bourne shell. # Written by Gary V. Vaughan, 2010 # Copyright (C) 2010-2013 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Please report bugs or propose patches to gary@gnu.org. ## ------ ## ## Usage. ## ## ------ ## # This file is a library for parsing options in your shell scripts along # with assorted other useful supporting features that you can make use # of too. # # For the simplest scripts you might need only: # # #!/bin/sh # . relative/path/to/funclib.sh # . relative/path/to/options-parser # scriptversion=1.0 # func_options ${1+"$@"} # eval set dummy "$func_options_result"; shift # ...rest of your script... # # In order for the '--version' option to work, you will need to have a # suitably formatted comment like the one at the top of this file # starting with '# Written by ' and ending with '# warranty; '. # # For '-h' and '--help' to work, you will also need a one line # description of your script's purpose in a comment directly above the # '# Written by ' line, like the one at the top of this file. # # The default options also support '--debug', which will turn on shell # execution tracing (see the comment above debug_cmd below for another # use), and '--verbose' and the func_verbose function to allow your script # to display verbose messages only when your user has specified # '--verbose'. # # After sourcing this file, you can plug processing for additional # options by amending the variables from the 'Configuration' section # below, and following the instructions in the 'Option parsing' # section further down. ## -------------- ## ## Configuration. ## ## -------------- ## # You should override these variables in your script after sourcing this # file so that they reflect the customisations you have added to the # option parser. # The usage line for option parsing errors and the start of '-h' and # '--help' output messages. You can embed shell variables for delayed # expansion at the time the message is displayed, but you will need to # quote other shell meta-characters carefully to prevent them being # expanded when the contents are evaled. usage='$progpath [OPTION]...' # Short help message in response to '-h' and '--help'. Add to this or # override it after sourcing this library to reflect the full set of # options your script accepts. usage_message="\ --debug enable verbose shell tracing -W, --warnings=CATEGORY report the warnings falling in CATEGORY [all] -v, --verbose verbosely report processing --version print version information and exit -h, --help print short or long help message and exit " # Additional text appended to 'usage_message' in response to '--help'. long_help_message=" Warning categories include: 'all' show all warnings 'none' turn off all the warnings 'error' warnings are treated as fatal errors" # Help message printed before fatal option parsing errors. fatal_help="Try '\$progname --help' for more information." ## ------------------------- ## ## Hook function management. ## ## ------------------------- ## # This section contains functions for adding, removing, and running hooks # to the main code. A hook is just a named list of of function, that can # be run in order later on. # func_hookable FUNC_NAME # ----------------------- # Declare that FUNC_NAME will run hooks added with # 'func_add_hook FUNC_NAME ...'. func_hookable () { $debug_cmd func_append hookable_fns " $1" } # func_add_hook FUNC_NAME HOOK_FUNC # --------------------------------- # Request that FUNC_NAME call HOOK_FUNC before it returns. FUNC_NAME must # first have been declared "hookable" by a call to 'func_hookable'. func_add_hook () { $debug_cmd case " $hookable_fns " in *" $1 "*) ;; *) func_fatal_error "'$1' does not accept hook functions." ;; esac eval func_append ${1}_hooks '" $2"' } # func_remove_hook FUNC_NAME HOOK_FUNC # ------------------------------------ # Remove HOOK_FUNC from the list of functions called by FUNC_NAME. func_remove_hook () { $debug_cmd eval ${1}_hooks='`$bs_echo "\$'$1'_hooks" |$SED "s| '$2'||"`' } # func_run_hooks FUNC_NAME [ARG]... # --------------------------------- # Run all hook functions registered to FUNC_NAME. # It is assumed that the list of hook functions contains nothing more # than a whitespace-delimited list of legal shell function names, and # no effort is wasted trying to catch shell meta-characters or preserve # whitespace. func_run_hooks () { $debug_cmd case " $hookable_fns " in *" $1 "*) ;; *) func_fatal_error "'$1' does not support hook funcions.n" ;; esac eval _G_hook_fns=\$$1_hooks; shift for _G_hook in $_G_hook_fns; do eval $_G_hook '"$@"' # store returned options list back into positional # parameters for next 'cmd' execution. eval _G_hook_result=\$${_G_hook}_result eval set dummy "$_G_hook_result"; shift done func_quote_for_eval ${1+"$@"} func_run_hooks_result=$func_quote_for_eval_result } ## --------------- ## ## Option parsing. ## ## --------------- ## # In order to add your own option parsing hooks, you must accept the # full positional parameter list in your hook function, remove any # options that you action, and then pass back the remaining unprocessed # options in '_result', escaped suitably for # 'eval'. Like this: # # my_options_prep () # { # $debug_cmd # # # Extend the existing usage message. # usage_message=$usage_message' # -s, --silent don'\''t print informational messages # ' # # func_quote_for_eval ${1+"$@"} # my_options_prep_result=$func_quote_for_eval_result # } # func_add_hook func_options_prep my_options_prep # # # my_silent_option () # { # $debug_cmd # # # Note that for efficiency, we parse as many options as we can # # recognise in a loop before passing the remainder back to the # # caller on the first unrecognised argument we encounter. # while test $# -gt 0; do # opt=$1; shift # case $opt in # --silent|-s) opt_silent=: ;; # # Separate non-argument short options: # -s*) func_split_short_opt "$_G_opt" # set dummy "$func_split_short_opt_name" \ # "-$func_split_short_opt_arg" ${1+"$@"} # shift # ;; # *) set dummy "$_G_opt" "$*"; shift; break ;; # esac # done # # func_quote_for_eval ${1+"$@"} # my_silent_option_result=$func_quote_for_eval_result # } # func_add_hook func_parse_options my_silent_option # # # my_option_validation () # { # $debug_cmd # # $opt_silent && $opt_verbose && func_fatal_help "\ # '--silent' and '--verbose' options are mutually exclusive." # # func_quote_for_eval ${1+"$@"} # my_option_validation_result=$func_quote_for_eval_result # } # func_add_hook func_validate_options my_option_validation # # You'll alse need to manually amend $usage_message to reflect the extra # options you parse. It's preferable to append if you can, so that # multiple option parsing hooks can be added safely. # func_options [ARG]... # --------------------- # All the functions called inside func_options are hookable. See the # individual implementations for details. func_hookable func_options func_options () { $debug_cmd func_options_prep ${1+"$@"} eval func_parse_options \ ${func_options_prep_result+"$func_options_prep_result"} eval func_validate_options \ ${func_parse_options_result+"$func_parse_options_result"} eval func_run_hooks func_options \ ${func_validate_options_result+"$func_validate_options_result"} # save modified positional parameters for caller func_options_result=$func_run_hooks_result } # func_options_prep [ARG]... # -------------------------- # All initialisations required before starting the option parse loop. # Note that when calling hook functions, we pass through the list of # positional parameters. If a hook function modifies that list, and # needs to propogate that back to rest of this script, then the complete # modified list must be put in 'func_run_hooks_result' before # returning. func_hookable func_options_prep func_options_prep () { $debug_cmd # Option defaults: opt_verbose=false opt_warning_types= func_run_hooks func_options_prep ${1+"$@"} # save modified positional parameters for caller func_options_prep_result=$func_run_hooks_result } # func_parse_options [ARG]... # --------------------------- # The main option parsing loop. func_hookable func_parse_options func_parse_options () { $debug_cmd func_parse_options_result= # this just eases exit handling while test $# -gt 0; do # Defer to hook functions for initial option parsing, so they # get priority in the event of reusing an option name. func_run_hooks func_parse_options ${1+"$@"} # Adjust func_parse_options positional parameters to match eval set dummy "$func_run_hooks_result"; shift # Break out of the loop if we already parsed every option. test $# -gt 0 || break _G_opt=$1 shift case $_G_opt in --debug|-x) debug_cmd='set -x' func_echo "enabling shell trace mode" $debug_cmd ;; --no-warnings|--no-warning|--no-warn) set dummy --warnings none ${1+"$@"} shift ;; --warnings|--warning|-W) test $# = 0 && func_missing_arg $_G_opt && break case " $warning_categories $1" in *" $1 "*) # trailing space prevents matching last $1 above func_append_uniq opt_warning_types " $1" ;; *all) opt_warning_types=$warning_categories ;; *none) opt_warning_types=none warning_func=: ;; *error) opt_warning_types=$warning_categories warning_func=func_fatal_error ;; *) func_fatal_error \ "unsupported warning category: '$1'" ;; esac shift ;; --verbose|-v) opt_verbose=: ;; --version) func_version ;; -\?|-h) func_usage ;; --help) func_help ;; # Separate optargs to long options (plugins may need this): --*=*) func_split_equals "$_G_opt" set dummy "$func_split_equals_lhs" \ "$func_split_equals_rhs" ${1+"$@"} shift ;; # Separate optargs to short options: -W*) func_split_short_opt "$_G_opt" set dummy "$func_split_short_opt_name" \ "$func_split_short_opt_arg" ${1+"$@"} shift ;; # Separate non-argument short options: -\?*|-h*|-v*|-x*) func_split_short_opt "$_G_opt" set dummy "$func_split_short_opt_name" \ "-$func_split_short_opt_arg" ${1+"$@"} shift ;; --) break ;; -*) func_fatal_help "unrecognised option: '$_G_opt'" ;; *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; esac done # save modified positional parameters for caller func_quote_for_eval ${1+"$@"} func_parse_options_result=$func_quote_for_eval_result } # func_validate_options [ARG]... # ------------------------------ # Perform any sanity checks on option settings and/or unconsumed # arguments. func_hookable func_validate_options func_validate_options () { $debug_cmd # Display all warnings if -W was not given. test -n "$opt_warning_types" || opt_warning_types=" $warning_categories" func_run_hooks func_validate_options ${1+"$@"} # Bail if the options were screwed! $exit_cmd $EXIT_FAILURE # save modified positional parameters for caller func_validate_options_result=$func_run_hooks_result } ## ------------------## ## Helper functions. ## ## ------------------## # This section contains the helper functions used by the rest of the # hookable option parser framework in ascii-betical order. # func_fatal_help ARG... # ---------------------- # Echo program name prefixed message to standard error, followed by # a help hint, and exit. func_fatal_help () { $debug_cmd eval \$bs_echo \""Usage: $usage"\" eval \$bs_echo \""$fatal_help"\" func_error ${1+"$@"} exit $EXIT_FAILURE } # func_help # --------- # Echo long help message to standard output and exit. func_help () { $debug_cmd func_usage_message $bs_echo "$long_help_message" exit 0 } # func_missing_arg ARGNAME # ------------------------ # Echo program name prefixed message to standard error and set global # exit_cmd. func_missing_arg () { $debug_cmd func_error "Missing argument for '$1'." exit_cmd=exit } # func_split_equals STRING # ------------------------ # Set func_split_equals_lhs and func_split_equals_rhs shell variables after # splitting STRING at the '=' sign. test -z "$_G_HAVE_XSI_OPS" \ && (eval 'x=a/b/c; test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ && _G_HAVE_XSI_OPS=yes if test yes = "$_G_HAVE_XSI_OPS" then # This is an XSI compatible shell, allowing a faster implementation... eval 'func_split_equals () { $debug_cmd func_split_equals_lhs=${1%%=*} func_split_equals_rhs=${1#*=} test "x$func_split_equals_lhs" = "x$1" \ && func_split_equals_rhs= }' else # ...otherwise fall back to using expr, which is often a shell builtin. func_split_equals () { $debug_cmd func_split_equals_lhs=`expr "x$1" : 'x\([^=]*\)'` func_split_equals_rhs= test "x$func_split_equals_lhs" = "x$1" \ || func_split_equals_rhs=`expr "x$1" : 'x[^=]*=\(.*\)$'` } fi #func_split_equals # func_split_short_opt SHORTOPT # ----------------------------- # Set func_split_short_opt_name and func_split_short_opt_arg shell # variables after splitting SHORTOPT after the 2nd character. if test yes = "$_G_HAVE_XSI_OPS" then # This is an XSI compatible shell, allowing a faster implementation... eval 'func_split_short_opt () { $debug_cmd func_split_short_opt_arg=${1#??} func_split_short_opt_name=${1%"$func_split_short_opt_arg"} }' else # ...otherwise fall back to using expr, which is often a shell builtin. func_split_short_opt () { $debug_cmd func_split_short_opt_name=`expr "x$1" : 'x-\(.\)'` func_split_short_opt_arg=`expr "x$1" : 'x-.\(.*\)$'` } fi #func_split_short_opt # func_usage # ---------- # Echo short help message to standard output and exit. func_usage () { $debug_cmd func_usage_message $bs_echo "Run '$progname --help |${PAGER-more}' for full usage" exit 0 } # func_usage_message # ------------------ # Echo short help message to standard output. func_usage_message () { $debug_cmd eval \$bs_echo \""Usage: $usage"\" echo $SED -n 's|^# || /^Written by/{ x;p;x } h /^Written by/q' < "$progpath" echo eval \$bs_echo \""$usage_message"\" } # func_version # ------------ # Echo version message to standard output and exit. func_version () { $debug_cmd printf '%s\n' "$progname $scriptversion" $SED -n '/^##/q /(C)/!b go :more /\./!{ N s|\n# | | b more } :go /^# Written by /,/# warranty; / { s|^# || s|^# *$|| s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2| p } /^# Written by / { s|^# || p } /^warranty; /q' < "$progpath" exit $? } # Local variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" # time-stamp-time-zone: "UTC" # End: # Set a version string. scriptversion='(GNU libtool) 2.4.2.418' # func_echo ARG... # ---------------- # Libtool also displays the current mode in messages, so override # funclib.sh func_echo with this custom definition. func_echo () { $debug_cmd _G_message=$* func_echo_IFS=$IFS IFS=$nl for _G_line in $_G_message; do IFS=$func_echo_IFS $bs_echo "$progname${opt_mode+: $opt_mode}: $_G_line" done IFS=$func_echo_IFS } # func_warning ARG... # ------------------- # Libtool warnings are not categorized, so override funclib.sh # func_warning with this simpler definition. func_warning () { $debug_cmd $warning_func ${1+"$@"} } ## ---------------- ## ## Options parsing. ## ## ---------------- ## # Hook in the functions to make sure our own options are parsed during # the option parsing loop. usage='$progpath [OPTION]... [MODE-ARG]...' # Short help message in response to '-h'. usage_message="Options: --config show all configuration variables --debug enable verbose shell tracing -n, --dry-run display commands without modifying any files --features display basic configuration information and exit --mode=MODE use operation mode MODE --no-warnings equivalent to '-Wnone' --preserve-dup-deps don't remove duplicate dependency libraries --quiet, --silent don't print informational messages --tag=TAG use configuration variables from tag TAG -v, --verbose print more informational messages than default --version print version information -W, --warnings=CATEGORY report the warnings falling in CATEGORY [all] -h, --help, --help-all print short, long, or detailed help message " # Additional text appended to 'usage_message' in response to '--help'. long_help_message=$long_help_message" MODE must be one of the following: clean remove files from the build directory compile compile a source file into a libtool object execute automatically set library path, then run a program finish complete the installation of libtool libraries install install libraries or executables link create a library or an executable uninstall remove libraries from an installed directory MODE-ARGS vary depending on the MODE. When passed as first option, '--mode=MODE' may be abbreviated as 'MODE' or a unique abbreviation of that. Try '$progname --help --mode=MODE' for a more detailed description of MODE. When reporting a bug, please describe a test case to reproduce it and include the following information: host-triplet: $host shell: $SHELL compiler: $LTCC compiler flags: $LTCFLAGS linker: $LD (gnu? $with_gnu_ld) version: $progname (GNU libtool) 2.4.2.418 automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` Report bugs to . GNU libtool home page: . General help using GNU software: ." # func_lo2o OBJECT-NAME # --------------------- # Transform OBJECT-NAME from a '.lo' suffix to the platform specific # object suffix. lo2o=s/\\.lo\$/.$objext/ o2lo=s/\\.$objext\$/.lo/ if test yes = "$_G_HAVE_XSI_OPS"; then eval 'func_lo2o () { case $1 in *.lo) func_lo2o_result=${1%.lo}.$objext ;; * ) func_lo2o_result=$1 ;; esac }' # func_xform LIBOBJ-OR-SOURCE # --------------------------- # Transform LIBOBJ-OR-SOURCE from a '.o' or '.c' (or otherwise) # suffix to a '.lo' libtool-object suffix. eval 'func_xform () { func_xform_result=${1%.*}.lo }' else # ...otherwise fall back to using sed. func_lo2o () { func_lo2o_result=`$ECHO "$1" | $SED "$lo2o"` } func_xform () { func_xform_result=`$ECHO "$1" | $SED 's|\.[^.]*$|.lo|'` } fi # func_fatal_configuration ARG... # ------------------------------- # Echo program name prefixed message to standard error, followed by # a configuration failure hint, and exit. func_fatal_configuration () { func__fatal_error ${1+"$@"} \ "See the $PACKAGE documentation for more information." \ "Fatal configuration error." } # func_config # ----------- # Display the configuration for all the tags in this script. func_config () { re_begincf='^# ### BEGIN LIBTOOL' re_endcf='^# ### END LIBTOOL' # Default configuration. $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath" # Now print the configurations for the tags. for tagname in $taglist; do $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath" done exit $? } # func_features # ------------- # Display the features supported by this script. func_features () { echo "host: $host" if test yes = "$build_libtool_libs"; then echo "enable shared libraries" else echo "disable shared libraries" fi if test yes = "$build_old_libs"; then echo "enable static libraries" else echo "disable static libraries" fi exit $? } # func_enable_tag TAGNAME # ----------------------- # Verify that TAGNAME is valid, and either flag an error and exit, or # enable the TAGNAME tag. We also add TAGNAME to the global $taglist # variable here. func_enable_tag () { # Global variable: tagname=$1 re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" sed_extractcf=/$re_begincf/,/$re_endcf/p # Validate tagname. case $tagname in *[!-_A-Za-z0-9,/]*) func_fatal_error "invalid tag name: $tagname" ;; esac # Don't test for the "default" C tag, as we know it's # there but not specially marked. case $tagname in CC) ;; *) if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then taglist="$taglist $tagname" # Evaluate the configuration. Be careful to quote the path # and the sed script, to avoid splitting on whitespace, but # also don't use non-portable quotes within backquotes within # quotes we have to do it in 2 steps: extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` eval "$extractedcf" else func_error "ignoring unknown tag $tagname" fi ;; esac } # func_check_version_match # ------------------------ # Ensure that we are using m4 macros, and libtool script from the same # release of libtool. func_check_version_match () { if test "$package_revision" != "$macro_revision"; then if test "$VERSION" != "$macro_version"; then if test -z "$macro_version"; then cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, but the $progname: definition of this LT_INIT comes from an older release. $progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION $progname: and run autoconf again. _LT_EOF else cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, but the $progname: definition of this LT_INIT comes from $PACKAGE $macro_version. $progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION $progname: and run autoconf again. _LT_EOF fi else cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, $progname: but the definition of this LT_INIT comes from revision $macro_revision. $progname: You should recreate aclocal.m4 with macros from revision $package_revision $progname: of $PACKAGE $VERSION and run autoconf again. _LT_EOF fi exit $EXIT_MISMATCH fi } # libtool_options_prep [ARG]... # ----------------------------- # Preparation for options parsed by libtool. libtool_options_prep () { $debug_mode # Option defaults: opt_config=false opt_dlopen= opt_dry_run=false opt_help=false opt_mode= opt_preserve_dup_deps=false opt_quiet=false nonopt= preserve_args= # Shorthand for --mode=foo, only valid as the first argument case $1 in clean|clea|cle|cl) shift; set dummy --mode clean ${1+"$@"}; shift ;; compile|compil|compi|comp|com|co|c) shift; set dummy --mode compile ${1+"$@"}; shift ;; execute|execut|execu|exec|exe|ex|e) shift; set dummy --mode execute ${1+"$@"}; shift ;; finish|finis|fini|fin|fi|f) shift; set dummy --mode finish ${1+"$@"}; shift ;; install|instal|insta|inst|ins|in|i) shift; set dummy --mode install ${1+"$@"}; shift ;; link|lin|li|l) shift; set dummy --mode link ${1+"$@"}; shift ;; uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) shift; set dummy --mode uninstall ${1+"$@"}; shift ;; esac # Pass back the list of options. func_quote_for_eval ${1+"$@"} libtool_options_prep_result=$func_quote_for_eval_result } func_add_hook func_options_prep libtool_options_prep # libtool_parse_options [ARG]... # --------------------------------- # Provide handling for libtool specific options. libtool_parse_options () { $debug_cmd # Perform our own loop to consume as many options as possible in # each iteration. while test $# -gt 0; do _G_opt=$1 shift case $_G_opt in --dry-run|--dryrun|-n) opt_dry_run=: ;; --config) func_config ;; --dlopen|-dlopen) opt_dlopen="${opt_dlopen+$opt_dlopen }$1" shift ;; --preserve-dup-deps) opt_preserve_dup_deps=: ;; --features) func_features ;; --finish) set dummy --mode finish ${1+"$@"}; shift ;; --help) opt_help=: ;; --help-all) opt_help=': help-all' ;; --mode) test $# = 0 && func_missing_arg $_G_opt && break opt_mode=$1 case $1 in # Valid mode arguments: clean|compile|execute|finish|install|link|relink|uninstall) ;; # Catch anything else as an error *) func_error "invalid argument for $_G_opt" exit_cmd=exit break ;; esac shift ;; --no-silent|--no-quiet) opt_quiet=false func_append preserve_args " $_G_opt" ;; --no-warnings|--no-warning|--no-warn) opt_warning=false func_append preserve_args " $_G_opt" ;; --no-verbose) opt_verbose=false func_append preserve_args " $_G_opt" ;; --silent|--quiet) opt_quiet=: opt_verbose=false func_append preserve_args " $_G_opt" ;; --tag) test $# = 0 && func_missing_arg $_G_opt && break opt_tag=$1 func_append preserve_args " $_G_opt $1" func_enable_tag "$1" shift ;; --verbose|-v) opt_quiet=false opt_verbose=: func_append preserve_args " $_G_opt" ;; # An option not handled by this hook function: *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; esac done # save modified positional parameters for caller func_quote_for_eval ${1+"$@"} libtool_parse_options_result=$func_quote_for_eval_result } func_add_hook func_parse_options libtool_parse_options # libtool_validate_options [ARG]... # --------------------------------- # Perform any sanity checks on option settings and/or unconsumed # arguments. libtool_validate_options () { # save first non-option argument if test 0 -lt $#; then nonopt=$1 shift fi # preserve --debug test : = "$debug_cmd" || func_append preserve_args " --debug" case $host in *cygwin* | *mingw* | *pw32* | *cegcc*) # don't eliminate duplications in $postdeps and $predeps opt_duplicate_compiler_generated_deps=: ;; *) opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps ;; esac $opt_help || { # Sanity checks first: func_check_version_match test yes != "$build_libtool_libs" \ && test yes != "$build_old_libs" \ && func_fatal_configuration "not configured to build any kind of library" # Darwin sucks eval std_shrext=\"$shrext_cmds\" # Only execute mode is allowed to have -dlopen flags. if test -n "$opt_dlopen" && test execute != "$opt_mode"; then func_error "unrecognized option '-dlopen'" $ECHO "$help" 1>&2 exit $EXIT_FAILURE fi # Change the help message to a mode-specific one. generic_help=$help help="Try '$progname --help --mode=$opt_mode' for more information." } # Pass back the unparsed argument list func_quote_for_eval ${1+"$@"} libtool_validate_options_result=$func_quote_for_eval_result } func_add_hook func_validate_options libtool_validate_options # Process options as early as possible so that --help and --version # can return quickly. func_options ${1+"$@"} eval set dummy "$func_options_result"; shift ## ----------- ## ## Main. ## ## ----------- ## magic='%%%MAGIC variable%%%' magic_exe='%%%MAGIC EXE variable%%%' # Global variables. extracted_archives= extracted_serial=0 # If this variable is set in any of the actions, the command in it # will be execed at the end. This prevents here-documents from being # left over by shells. exec_cmd= # A function that is used when there is no print builtin or printf. func_fallback_echo () { eval 'cat <<_LTECHO_EOF $1 _LTECHO_EOF' } # func_lalib_p file # True iff FILE is a libtool '.la' library or '.lo' object file. # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_lalib_p () { test -f "$1" && $SED -e 4q "$1" 2>/dev/null \ | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 } # func_lalib_unsafe_p file # True iff FILE is a libtool '.la' library or '.lo' object file. # This function implements the same check as func_lalib_p without # resorting to external programs. To this end, it redirects stdin and # closes it afterwards, without saving the original file descriptor. # As a safety measure, use it only where a negative result would be # fatal anyway. Works if 'file' does not exist. func_lalib_unsafe_p () { lalib_p=no if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then for lalib_p_l in 1 2 3 4 do read lalib_p_line case $lalib_p_line in \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; esac done exec 0<&5 5<&- fi test yes = "$lalib_p" } # func_ltwrapper_script_p file # True iff FILE is a libtool wrapper script # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_ltwrapper_script_p () { func_lalib_p "$1" } # func_ltwrapper_executable_p file # True iff FILE is a libtool wrapper executable # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_ltwrapper_executable_p () { func_ltwrapper_exec_suffix= case $1 in *.exe) ;; *) func_ltwrapper_exec_suffix=.exe ;; esac $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1 } # func_ltwrapper_scriptname file # Assumes file is an ltwrapper_executable # uses $file to determine the appropriate filename for a # temporary ltwrapper_script. func_ltwrapper_scriptname () { func_dirname_and_basename "$1" "" "." func_stripname '' '.exe' "$func_basename_result" func_ltwrapper_scriptname_result=$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper } # func_ltwrapper_p file # True iff FILE is a libtool wrapper script or wrapper executable # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_ltwrapper_p () { func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1" } # func_execute_cmds commands fail_cmd # Execute tilde-delimited COMMANDS. # If FAIL_CMD is given, eval that upon failure. # FAIL_CMD may read-access the current command in variable CMD! func_execute_cmds () { $debug_cmd save_ifs=$IFS; IFS='~' for cmd in $1; do IFS=$sp$nl eval cmd=\"$cmd\" IFS=$save_ifs func_show_eval "$cmd" "${2-:}" done IFS=$save_ifs } # func_source file # Source FILE, adding directory component if necessary. # Note that it is not necessary on cygwin/mingw to append a dot to # FILE even if both FILE and FILE.exe exist: automatic-append-.exe # behavior happens only for exec(3), not for open(2)! Also, sourcing # 'FILE.' does not work on cygwin managed mounts. func_source () { $debug_cmd case $1 in */* | *\\*) . "$1" ;; *) . "./$1" ;; esac } # func_resolve_sysroot PATH # Replace a leading = in PATH with a sysroot. Store the result into # func_resolve_sysroot_result func_resolve_sysroot () { func_resolve_sysroot_result=$1 case $func_resolve_sysroot_result in =*) func_stripname '=' '' "$func_resolve_sysroot_result" func_resolve_sysroot_result=$lt_sysroot$func_stripname_result ;; esac } # func_replace_sysroot PATH # If PATH begins with the sysroot, replace it with = and # store the result into func_replace_sysroot_result. func_replace_sysroot () { case $lt_sysroot:$1 in ?*:"$lt_sysroot"*) func_stripname "$lt_sysroot" '' "$1" func_replace_sysroot_result='='$func_stripname_result ;; *) # Including no sysroot. func_replace_sysroot_result=$1 ;; esac } # func_infer_tag arg # Infer tagged configuration to use if any are available and # if one wasn't chosen via the "--tag" command line option. # Only attempt this if the compiler in the base compile # command doesn't match the default compiler. # arg is usually of the form 'gcc ...' func_infer_tag () { $debug_cmd if test -n "$available_tags" && test -z "$tagname"; then CC_quoted= for arg in $CC; do func_append_quoted CC_quoted "$arg" done CC_expanded=`func_echo_all $CC` CC_quoted_expanded=`func_echo_all $CC_quoted` case $@ in # Blanks in the command may have been stripped by the calling shell, # but not from the CC environment variable when configure was run. " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) ;; # Blanks at the start of $base_compile will cause this to fail # if we don't check for them as well. *) for z in $available_tags; do if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then # Evaluate the configuration. eval "`$SED -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" CC_quoted= for arg in $CC; do # Double-quote args containing other shell metacharacters. func_append_quoted CC_quoted "$arg" done CC_expanded=`func_echo_all $CC` CC_quoted_expanded=`func_echo_all $CC_quoted` case "$@ " in " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) # The compiler in the base compile command matches # the one in the tagged configuration. # Assume this is the tagged configuration we want. tagname=$z break ;; esac fi done # If $tagname still isn't set, then no tagged configuration # was found and let the user know that the "--tag" command # line option must be used. if test -z "$tagname"; then func_echo "unable to infer tagged configuration" func_fatal_error "specify a tag with '--tag'" # else # func_verbose "using $tagname tagged configuration" fi ;; esac fi } # func_write_libtool_object output_name pic_name nonpic_name # Create a libtool object file (analogous to a ".la" file), # but don't create it if we're doing a dry run. func_write_libtool_object () { write_libobj=$1 if test yes = "$build_libtool_libs"; then write_lobj=\'$2\' else write_lobj=none fi if test yes = "$build_old_libs"; then write_oldobj=\'$3\' else write_oldobj=none fi $opt_dry_run || { cat >${write_libobj}T </dev/null` if test "$?" -eq 0 && test -n "$func_convert_core_file_wine_to_w32_tmp"; then func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" | $SED -e "$sed_naive_backslashify"` else func_convert_core_file_wine_to_w32_result= fi fi } # end: func_convert_core_file_wine_to_w32 # func_convert_core_path_wine_to_w32 ARG # Helper function used by path conversion functions when $build is *nix, and # $host is mingw, cygwin, or some other w32 environment. Relies on a correctly # configured wine environment available, with the winepath program in $build's # $PATH. Assumes ARG has no leading or trailing path separator characters. # # ARG is path to be converted from $build format to win32. # Result is available in $func_convert_core_path_wine_to_w32_result. # Unconvertible file (directory) names in ARG are skipped; if no directory names # are convertible, then the result may be empty. func_convert_core_path_wine_to_w32 () { $debug_cmd # unfortunately, winepath doesn't convert paths, only file names func_convert_core_path_wine_to_w32_result= if test -n "$1"; then oldIFS=$IFS IFS=: for func_convert_core_path_wine_to_w32_f in $1; do IFS=$oldIFS func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f" if test -n "$func_convert_core_file_wine_to_w32_result"; then if test -z "$func_convert_core_path_wine_to_w32_result"; then func_convert_core_path_wine_to_w32_result=$func_convert_core_file_wine_to_w32_result else func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result" fi fi done IFS=$oldIFS fi } # end: func_convert_core_path_wine_to_w32 # func_cygpath ARGS... # Wrapper around calling the cygpath program via LT_CYGPATH. This is used when # when (1) $build is *nix and Cygwin is hosted via a wine environment; or (2) # $build is MSYS and $host is Cygwin, or (3) $build is Cygwin. In case (1) or # (2), returns the Cygwin file name or path in func_cygpath_result (input # file name or path is assumed to be in w32 format, as previously converted # from $build's *nix or MSYS format). In case (3), returns the w32 file name # or path in func_cygpath_result (input file name or path is assumed to be in # Cygwin format). Returns an empty string on error. # # ARGS are passed to cygpath, with the last one being the file name or path to # be converted. # # Specify the absolute *nix (or w32) name to cygpath in the LT_CYGPATH # environment variable; do not put it in $PATH. func_cygpath () { $debug_cmd if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null` if test "$?" -ne 0; then # on failure, ensure result is empty func_cygpath_result= fi else func_cygpath_result= func_error "LT_CYGPATH is empty or specifies non-existent file: '$LT_CYGPATH'" fi } #end: func_cygpath # func_convert_core_msys_to_w32 ARG # Convert file name or path ARG from MSYS format to w32 format. Return # result in func_convert_core_msys_to_w32_result. func_convert_core_msys_to_w32 () { $debug_cmd # awkward: cmd appends spaces to result func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null | $SED -e 's/[ ]*$//' -e "$sed_naive_backslashify"` } #end: func_convert_core_msys_to_w32 # func_convert_file_check ARG1 ARG2 # Verify that ARG1 (a file name in $build format) was converted to $host # format in ARG2. Otherwise, emit an error message, but continue (resetting # func_to_host_file_result to ARG1). func_convert_file_check () { $debug_cmd if test -z "$2" && test -n "$1"; then func_error "Could not determine host file name corresponding to" func_error " '$1'" func_error "Continuing, but uninstalled executables may not work." # Fallback: func_to_host_file_result=$1 fi } # end func_convert_file_check # func_convert_path_check FROM_PATHSEP TO_PATHSEP FROM_PATH TO_PATH # Verify that FROM_PATH (a path in $build format) was converted to $host # format in TO_PATH. Otherwise, emit an error message, but continue, resetting # func_to_host_file_result to a simplistic fallback value (see below). func_convert_path_check () { $debug_cmd if test -z "$4" && test -n "$3"; then func_error "Could not determine the host path corresponding to" func_error " '$3'" func_error "Continuing, but uninstalled executables may not work." # Fallback. This is a deliberately simplistic "conversion" and # should not be "improved". See libtool.info. if test "x$1" != "x$2"; then lt_replace_pathsep_chars="s|$1|$2|g" func_to_host_path_result=`echo "$3" | $SED -e "$lt_replace_pathsep_chars"` else func_to_host_path_result=$3 fi fi } # end func_convert_path_check # func_convert_path_front_back_pathsep FRONTPAT BACKPAT REPL ORIG # Modifies func_to_host_path_result by prepending REPL if ORIG matches FRONTPAT # and appending REPL if ORIG matches BACKPAT. func_convert_path_front_back_pathsep () { $debug_cmd case $4 in $1 ) func_to_host_path_result=$3$func_to_host_path_result ;; esac case $4 in $2 ) func_append func_to_host_path_result "$3" ;; esac } # end func_convert_path_front_back_pathsep ################################################## # $build to $host FILE NAME CONVERSION FUNCTIONS # ################################################## # invoked via '$to_host_file_cmd ARG' # # In each case, ARG is the path to be converted from $build to $host format. # Result will be available in $func_to_host_file_result. # func_to_host_file ARG # Converts the file name ARG from $build format to $host format. Return result # in func_to_host_file_result. func_to_host_file () { $debug_cmd $to_host_file_cmd "$1" } # end func_to_host_file # func_to_tool_file ARG LAZY # converts the file name ARG from $build format to toolchain format. Return # result in func_to_tool_file_result. If the conversion in use is listed # in (the comma separated) LAZY, no conversion takes place. func_to_tool_file () { $debug_cmd case ,$2, in *,"$to_tool_file_cmd",*) func_to_tool_file_result=$1 ;; *) $to_tool_file_cmd "$1" func_to_tool_file_result=$func_to_host_file_result ;; esac } # end func_to_tool_file # func_convert_file_noop ARG # Copy ARG to func_to_host_file_result. func_convert_file_noop () { func_to_host_file_result=$1 } # end func_convert_file_noop # func_convert_file_msys_to_w32 ARG # Convert file name ARG from (mingw) MSYS to (mingw) w32 format; automatic # conversion to w32 is not available inside the cwrapper. Returns result in # func_to_host_file_result. func_convert_file_msys_to_w32 () { $debug_cmd func_to_host_file_result=$1 if test -n "$1"; then func_convert_core_msys_to_w32 "$1" func_to_host_file_result=$func_convert_core_msys_to_w32_result fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_msys_to_w32 # func_convert_file_cygwin_to_w32 ARG # Convert file name ARG from Cygwin to w32 format. Returns result in # func_to_host_file_result. func_convert_file_cygwin_to_w32 () { $debug_cmd func_to_host_file_result=$1 if test -n "$1"; then # because $build is cygwin, we call "the" cygpath in $PATH; no need to use # LT_CYGPATH in this case. func_to_host_file_result=`cygpath -m "$1"` fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_cygwin_to_w32 # func_convert_file_nix_to_w32 ARG # Convert file name ARG from *nix to w32 format. Requires a wine environment # and a working winepath. Returns result in func_to_host_file_result. func_convert_file_nix_to_w32 () { $debug_cmd func_to_host_file_result=$1 if test -n "$1"; then func_convert_core_file_wine_to_w32 "$1" func_to_host_file_result=$func_convert_core_file_wine_to_w32_result fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_nix_to_w32 # func_convert_file_msys_to_cygwin ARG # Convert file name ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. # Returns result in func_to_host_file_result. func_convert_file_msys_to_cygwin () { $debug_cmd func_to_host_file_result=$1 if test -n "$1"; then func_convert_core_msys_to_w32 "$1" func_cygpath -u "$func_convert_core_msys_to_w32_result" func_to_host_file_result=$func_cygpath_result fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_msys_to_cygwin # func_convert_file_nix_to_cygwin ARG # Convert file name ARG from *nix to Cygwin format. Requires Cygwin installed # in a wine environment, working winepath, and LT_CYGPATH set. Returns result # in func_to_host_file_result. func_convert_file_nix_to_cygwin () { $debug_cmd func_to_host_file_result=$1 if test -n "$1"; then # convert from *nix to w32, then use cygpath to convert from w32 to cygwin. func_convert_core_file_wine_to_w32 "$1" func_cygpath -u "$func_convert_core_file_wine_to_w32_result" func_to_host_file_result=$func_cygpath_result fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_nix_to_cygwin ############################################# # $build to $host PATH CONVERSION FUNCTIONS # ############################################# # invoked via '$to_host_path_cmd ARG' # # In each case, ARG is the path to be converted from $build to $host format. # The result will be available in $func_to_host_path_result. # # Path separators are also converted from $build format to $host format. If # ARG begins or ends with a path separator character, it is preserved (but # converted to $host format) on output. # # All path conversion functions are named using the following convention: # file name conversion function : func_convert_file_X_to_Y () # path conversion function : func_convert_path_X_to_Y () # where, for any given $build/$host combination the 'X_to_Y' value is the # same. If conversion functions are added for new $build/$host combinations, # the two new functions must follow this pattern, or func_init_to_host_path_cmd # will break. # func_init_to_host_path_cmd # Ensures that function "pointer" variable $to_host_path_cmd is set to the # appropriate value, based on the value of $to_host_file_cmd. to_host_path_cmd= func_init_to_host_path_cmd () { $debug_cmd if test -z "$to_host_path_cmd"; then func_stripname 'func_convert_file_' '' "$to_host_file_cmd" to_host_path_cmd=func_convert_path_$func_stripname_result fi } # func_to_host_path ARG # Converts the path ARG from $build format to $host format. Return result # in func_to_host_path_result. func_to_host_path () { $debug_cmd func_init_to_host_path_cmd $to_host_path_cmd "$1" } # end func_to_host_path # func_convert_path_noop ARG # Copy ARG to func_to_host_path_result. func_convert_path_noop () { func_to_host_path_result=$1 } # end func_convert_path_noop # func_convert_path_msys_to_w32 ARG # Convert path ARG from (mingw) MSYS to (mingw) w32 format; automatic # conversion to w32 is not available inside the cwrapper. Returns result in # func_to_host_path_result. func_convert_path_msys_to_w32 () { $debug_cmd func_to_host_path_result=$1 if test -n "$1"; then # Remove leading and trailing path separator characters from ARG. MSYS # behavior is inconsistent here; cygpath turns them into '.;' and ';.'; # and winepath ignores them completely. func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" func_to_host_path_result=$func_convert_core_msys_to_w32_result func_convert_path_check : ";" \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" fi } # end func_convert_path_msys_to_w32 # func_convert_path_cygwin_to_w32 ARG # Convert path ARG from Cygwin to w32 format. Returns result in # func_to_host_file_result. func_convert_path_cygwin_to_w32 () { $debug_cmd func_to_host_path_result=$1 if test -n "$1"; then # See func_convert_path_msys_to_w32: func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_to_host_path_result=`cygpath -m -p "$func_to_host_path_tmp1"` func_convert_path_check : ";" \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" fi } # end func_convert_path_cygwin_to_w32 # func_convert_path_nix_to_w32 ARG # Convert path ARG from *nix to w32 format. Requires a wine environment and # a working winepath. Returns result in func_to_host_file_result. func_convert_path_nix_to_w32 () { $debug_cmd func_to_host_path_result=$1 if test -n "$1"; then # See func_convert_path_msys_to_w32: func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" func_to_host_path_result=$func_convert_core_path_wine_to_w32_result func_convert_path_check : ";" \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" fi } # end func_convert_path_nix_to_w32 # func_convert_path_msys_to_cygwin ARG # Convert path ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. # Returns result in func_to_host_file_result. func_convert_path_msys_to_cygwin () { $debug_cmd func_to_host_path_result=$1 if test -n "$1"; then # See func_convert_path_msys_to_w32: func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" func_cygpath -u -p "$func_convert_core_msys_to_w32_result" func_to_host_path_result=$func_cygpath_result func_convert_path_check : : \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" : "$1" fi } # end func_convert_path_msys_to_cygwin # func_convert_path_nix_to_cygwin ARG # Convert path ARG from *nix to Cygwin format. Requires Cygwin installed in a # a wine environment, working winepath, and LT_CYGPATH set. Returns result in # func_to_host_file_result. func_convert_path_nix_to_cygwin () { $debug_cmd func_to_host_path_result=$1 if test -n "$1"; then # Remove leading and trailing path separator characters from # ARG. msys behavior is inconsistent here, cygpath turns them # into '.;' and ';.', and winepath ignores them completely. func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result" func_to_host_path_result=$func_cygpath_result func_convert_path_check : : \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" : "$1" fi } # end func_convert_path_nix_to_cygwin # func_dll_def_p FILE # True iff FILE is a Windows DLL '.def' file. # Keep in sync with _LT_DLL_DEF_P in libtool.m4 func_dll_def_p () { $debug_cmd func_dll_def_p_tmp=`$SED -n \ -e 's/^[ ]*//' \ -e '/^\(;.*\)*$/d' \ -e 's/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p' \ -e q \ "$1"` test DEF = "$func_dll_def_p_tmp" } # func_mode_compile arg... func_mode_compile () { $debug_cmd # Get the compilation command and the source file. base_compile= srcfile=$nonopt # always keep a non-empty value in "srcfile" suppress_opt=yes suppress_output= arg_mode=normal libobj= later= pie_flag= for arg do case $arg_mode in arg ) # do not "continue". Instead, add this to base_compile lastarg=$arg arg_mode=normal ;; target ) libobj=$arg arg_mode=normal continue ;; normal ) # Accept any command-line options. case $arg in -o) test -n "$libobj" && \ func_fatal_error "you cannot specify '-o' more than once" arg_mode=target continue ;; -pie | -fpie | -fPIE) func_append pie_flag " $arg" continue ;; -shared | -static | -prefer-pic | -prefer-non-pic) func_append later " $arg" continue ;; -no-suppress) suppress_opt=no continue ;; -Xcompiler) arg_mode=arg # the next one goes into the "base_compile" arg list continue # The current "srcfile" will either be retained or ;; # replaced later. I would guess that would be a bug. -Wc,*) func_stripname '-Wc,' '' "$arg" args=$func_stripname_result lastarg= save_ifs=$IFS; IFS=, for arg in $args; do IFS=$save_ifs func_append_quoted lastarg "$arg" done IFS=$save_ifs func_stripname ' ' '' "$lastarg" lastarg=$func_stripname_result # Add the arguments to base_compile. func_append base_compile " $lastarg" continue ;; *) # Accept the current argument as the source file. # The previous "srcfile" becomes the current argument. # lastarg=$srcfile srcfile=$arg ;; esac # case $arg ;; esac # case $arg_mode # Aesthetically quote the previous argument. func_append_quoted base_compile "$lastarg" done # for arg case $arg_mode in arg) func_fatal_error "you must specify an argument for -Xcompile" ;; target) func_fatal_error "you must specify a target with '-o'" ;; *) # Get the name of the library object. test -z "$libobj" && { func_basename "$srcfile" libobj=$func_basename_result } ;; esac # Recognize several different file suffixes. # If the user specifies -o file.o, it is replaced with file.lo case $libobj in *.[cCFSifmso] | \ *.ada | *.adb | *.ads | *.asm | \ *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \ *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup) func_xform "$libobj" libobj=$func_xform_result ;; esac case $libobj in *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;; *) func_fatal_error "cannot determine name of library object from '$libobj'" ;; esac func_infer_tag $base_compile for arg in $later; do case $arg in -shared) test yes = "$build_libtool_libs" \ || func_fatal_configuration "cannot build a shared library" build_old_libs=no continue ;; -static) build_libtool_libs=no build_old_libs=yes continue ;; -prefer-pic) pic_mode=yes continue ;; -prefer-non-pic) pic_mode=no continue ;; esac done func_quote_for_eval "$libobj" test "X$libobj" != "X$func_quote_for_eval_result" \ && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \ && func_warning "libobj name '$libobj' may not contain shell special characters." func_dirname_and_basename "$obj" "/" "" objname=$func_basename_result xdir=$func_dirname_result lobj=$xdir$objdir/$objname test -z "$base_compile" && \ func_fatal_help "you must specify a compilation command" # Delete any leftover library objects. if test yes = "$build_old_libs"; then removelist="$obj $lobj $libobj ${libobj}T" else removelist="$lobj $libobj ${libobj}T" fi # On Cygwin there's no "real" PIC flag so we must build both object types case $host_os in cygwin* | mingw* | pw32* | os2* | cegcc*) pic_mode=default ;; esac if test no = "$pic_mode" && test pass_all != "$deplibs_check_method"; then # non-PIC code in shared libraries is not supported pic_mode=default fi # Calculate the filename of the output object if compiler does # not support -o with -c if test no = "$compiler_c_o"; then output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.$objext lockfile=$output_obj.lock else output_obj= need_locks=no lockfile= fi # Lock this critical section if it is needed # We use this script file to make the link, it avoids creating a new file if test yes = "$need_locks"; then until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do func_echo "Waiting for $lockfile to be removed" sleep 2 done elif test warn = "$need_locks"; then if test -f "$lockfile"; then $ECHO "\ *** ERROR, $lockfile exists and contains: `cat $lockfile 2>/dev/null` This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support '-c' and '-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $opt_dry_run || $RM $removelist exit $EXIT_FAILURE fi func_append removelist " $output_obj" $ECHO "$srcfile" > "$lockfile" fi $opt_dry_run || $RM $removelist func_append removelist " $lockfile" trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15 func_to_tool_file "$srcfile" func_convert_file_msys_to_w32 srcfile=$func_to_tool_file_result func_quote_for_eval "$srcfile" qsrcfile=$func_quote_for_eval_result # Only build a PIC object if we are building libtool libraries. if test yes = "$build_libtool_libs"; then # Without this assignment, base_compile gets emptied. fbsd_hideous_sh_bug=$base_compile if test no != "$pic_mode"; then command="$base_compile $qsrcfile $pic_flag" else # Don't build PIC code command="$base_compile $qsrcfile" fi func_mkdir_p "$xdir$objdir" if test -z "$output_obj"; then # Place PIC objects in $objdir func_append command " -o $lobj" fi func_show_eval_locale "$command" \ 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE' if test warn = "$need_locks" && test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then $ECHO "\ *** ERROR, $lockfile contains: `cat $lockfile 2>/dev/null` but it should contain: $srcfile This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support '-c' and '-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $opt_dry_run || $RM $removelist exit $EXIT_FAILURE fi # Just move the object if needed, then go on to compile the next one if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then func_show_eval '$MV "$output_obj" "$lobj"' \ 'error=$?; $opt_dry_run || $RM $removelist; exit $error' fi # Allow error messages only from the first compilation. if test yes = "$suppress_opt"; then suppress_output=' >/dev/null 2>&1' fi fi # Only build a position-dependent object if we build old libraries. if test yes = "$build_old_libs"; then if test yes != "$pic_mode"; then # Don't build PIC code command="$base_compile $qsrcfile$pie_flag" else command="$base_compile $qsrcfile $pic_flag" fi if test yes = "$compiler_c_o"; then func_append command " -o $obj" fi # Suppress compiler output if we already did a PIC compilation. func_append command "$suppress_output" func_show_eval_locale "$command" \ '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' if test warn = "$need_locks" && test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then $ECHO "\ *** ERROR, $lockfile contains: `cat $lockfile 2>/dev/null` but it should contain: $srcfile This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support '-c' and '-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $opt_dry_run || $RM $removelist exit $EXIT_FAILURE fi # Just move the object if needed if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then func_show_eval '$MV "$output_obj" "$obj"' \ 'error=$?; $opt_dry_run || $RM $removelist; exit $error' fi fi $opt_dry_run || { func_write_libtool_object "$libobj" "$objdir/$objname" "$objname" # Unlock the critical section if it was locked if test no != "$need_locks"; then removelist=$lockfile $RM "$lockfile" fi } exit $EXIT_SUCCESS } $opt_help || { test compile = "$opt_mode" && func_mode_compile ${1+"$@"} } func_mode_help () { # We need to display help for each of the modes. case $opt_mode in "") # Generic help is extracted from the usage comments # at the start of this file. func_help ;; clean) $ECHO \ "Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE... Remove files from the build directory. RM is the name of the program to use to delete files associated with each FILE (typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed to RM. If FILE is a libtool library, object or program, all the files associated with it are deleted. Otherwise, only FILE itself is deleted using RM." ;; compile) $ECHO \ "Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE Compile a source file into a libtool library object. This mode accepts the following additional options: -o OUTPUT-FILE set the output file name to OUTPUT-FILE -no-suppress do not suppress compiler output for multiple passes -prefer-pic try to build PIC objects only -prefer-non-pic try to build non-PIC objects only -shared do not build a '.o' file suitable for static linking -static only build a '.o' file suitable for static linking -Wc,FLAG pass FLAG directly to the compiler COMPILE-COMMAND is a command to be used in creating a 'standard' object file from the given SOURCEFILE. The output file name is determined by removing the directory component from SOURCEFILE, then substituting the C source code suffix '.c' with the library object suffix, '.lo'." ;; execute) $ECHO \ "Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]... Automatically set library path, then run a program. This mode accepts the following additional options: -dlopen FILE add the directory containing FILE to the library path This mode sets the library path environment variable according to '-dlopen' flags. If any of the ARGS are libtool executable wrappers, then they are translated into their corresponding uninstalled binary, and any of their required library directories are added to the library path. Then, COMMAND is executed, with ARGS as arguments." ;; finish) $ECHO \ "Usage: $progname [OPTION]... --mode=finish [LIBDIR]... Complete the installation of libtool libraries. Each LIBDIR is a directory that contains libtool libraries. The commands that this mode executes may require superuser privileges. Use the '--dry-run' option if you just want to see what would be executed." ;; install) $ECHO \ "Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND... Install executables or libraries. INSTALL-COMMAND is the installation command. The first component should be either the 'install' or 'cp' program. The following components of INSTALL-COMMAND are treated specially: -inst-prefix-dir PREFIX-DIR Use PREFIX-DIR as a staging area for installation The rest of the components are interpreted as arguments to that command (only BSD-compatible install options are recognized)." ;; link) $ECHO \ "Usage: $progname [OPTION]... --mode=link LINK-COMMAND... Link object files or libraries together to form another library, or to create an executable program. LINK-COMMAND is a command using the C compiler that you would use to create a program from several object files. The following components of LINK-COMMAND are treated specially: -all-static do not do any dynamic linking at all -avoid-version do not add a version suffix if possible -bindir BINDIR specify path to binaries directory (for systems where libraries must be found in the PATH setting at runtime) -dlopen FILE '-dlpreopen' FILE if it cannot be dlopened at runtime -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) -export-symbols SYMFILE try to export only the symbols listed in SYMFILE -export-symbols-regex REGEX try to export only the symbols matching REGEX -LLIBDIR search LIBDIR for required installed libraries -lNAME OUTPUT-FILE requires the installed library libNAME -module build a library that can dlopened -no-fast-install disable the fast-install mode -no-install link a not-installable executable -no-undefined declare that a library does not refer to external symbols -o OUTPUT-FILE create OUTPUT-FILE from the specified objects -objectlist FILE Use a list of object files found in FILE to specify objects -precious-files-regex REGEX don't remove output files matching REGEX -release RELEASE specify package release information -rpath LIBDIR the created library will eventually be installed in LIBDIR -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries -shared only do dynamic linking of libtool libraries -shrext SUFFIX override the standard shared library file extension -static do not do any dynamic linking of uninstalled libtool libraries -static-libtool-libs do not do any dynamic linking of libtool libraries -version-info CURRENT[:REVISION[:AGE]] specify library version info [each variable defaults to 0] -weak LIBNAME declare that the target provides the LIBNAME interface -Wc,FLAG -Xcompiler FLAG pass linker-specific FLAG directly to the compiler -Wl,FLAG -Xlinker FLAG pass linker-specific FLAG directly to the linker -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC) All other options (arguments beginning with '-') are ignored. Every other argument is treated as a filename. Files ending in '.la' are treated as uninstalled libtool libraries, other files are standard or library object files. If the OUTPUT-FILE ends in '.la', then a libtool library is created, only library objects ('.lo' files) may be specified, and '-rpath' is required, except when creating a convenience library. If OUTPUT-FILE ends in '.a' or '.lib', then a standard library is created using 'ar' and 'ranlib', or on Windows using 'lib'. If OUTPUT-FILE ends in '.lo' or '.$objext', then a reloadable object file is created, otherwise an executable program is created." ;; uninstall) $ECHO \ "Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE... Remove libraries from an installation directory. RM is the name of the program to use to delete files associated with each FILE (typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed to RM. If FILE is a libtool library, all the files associated with it are deleted. Otherwise, only FILE itself is deleted using RM." ;; *) func_fatal_help "invalid operation mode '$opt_mode'" ;; esac echo $ECHO "Try '$progname --help' for more information about other modes." } # Now that we've collected a possible --mode arg, show help if necessary if $opt_help; then if test : = "$opt_help"; then func_mode_help else { func_help noexit for opt_mode in compile link execute install finish uninstall clean; do func_mode_help done } | sed -n '1p; 2,$s/^Usage:/ or: /p' { func_help noexit for opt_mode in compile link execute install finish uninstall clean; do echo func_mode_help done } | sed '1d /^When reporting/,/^Report/{ H d } $x /information about other modes/d /more detailed .*MODE/d s/^Usage:.*--mode=\([^ ]*\) .*/Description of \1 mode:/' fi exit $? fi # func_mode_execute arg... func_mode_execute () { $debug_cmd # The first argument is the command name. cmd=$nonopt test -z "$cmd" && \ func_fatal_help "you must specify a COMMAND" # Handle -dlopen flags immediately. for file in $opt_dlopen; do test -f "$file" \ || func_fatal_help "'$file' is not a file" dir= case $file in *.la) func_resolve_sysroot "$file" file=$func_resolve_sysroot_result # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$file" \ || func_fatal_help "'$lib' is not a valid libtool archive" # Read the libtool library. dlname= library_names= func_source "$file" # Skip this library if it cannot be dlopened. if test -z "$dlname"; then # Warn if it was a shared library. test -n "$library_names" && \ func_warning "'$file' was not linked with '-export-dynamic'" continue fi func_dirname "$file" "" "." dir=$func_dirname_result if test -f "$dir/$objdir/$dlname"; then func_append dir "/$objdir" else if test ! -f "$dir/$dlname"; then func_fatal_error "cannot find '$dlname' in '$dir' or '$dir/$objdir'" fi fi ;; *.lo) # Just add the directory containing the .lo file. func_dirname "$file" "" "." dir=$func_dirname_result ;; *) func_warning "'-dlopen' is ignored for non-libtool libraries and objects" continue ;; esac # Get the absolute pathname. absdir=`cd "$dir" && pwd` test -n "$absdir" && dir=$absdir # Now add the directory to shlibpath_var. if eval "test -z \"\$$shlibpath_var\""; then eval "$shlibpath_var=\"\$dir\"" else eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\"" fi done # This variable tells wrapper scripts just to set shlibpath_var # rather than running their programs. libtool_execute_magic=$magic # Check if any of the arguments is a wrapper script. args= for file do case $file in -* | *.la | *.lo ) ;; *) # Do a test to see if this is really a libtool program. if func_ltwrapper_script_p "$file"; then func_source "$file" # Transform arg to wrapped name. file=$progdir/$program elif func_ltwrapper_executable_p "$file"; then func_ltwrapper_scriptname "$file" func_source "$func_ltwrapper_scriptname_result" # Transform arg to wrapped name. file=$progdir/$program fi ;; esac # Quote arguments (to preserve shell metacharacters). func_append_quoted args "$file" done if $opt_dry_run; then # Display what would be done. if test -n "$shlibpath_var"; then eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" echo "export $shlibpath_var" fi $ECHO "$cmd$args" exit $EXIT_SUCCESS else if test -n "$shlibpath_var"; then # Export the shlibpath_var. eval "export $shlibpath_var" fi # Restore saved environment variables for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES do eval "if test \"\${save_$lt_var+set}\" = set; then $lt_var=\$save_$lt_var; export $lt_var else $lt_unset $lt_var fi" done # Now prepare to actually exec the command. exec_cmd=\$cmd$args fi } test execute = "$opt_mode" && func_mode_execute ${1+"$@"} # func_mode_finish arg... func_mode_finish () { $debug_cmd libs= libdirs= admincmds= for opt in "$nonopt" ${1+"$@"} do if test -d "$opt"; then func_append libdirs " $opt" elif test -f "$opt"; then if func_lalib_unsafe_p "$opt"; then func_append libs " $opt" else func_warning "'$opt' is not a valid libtool archive" fi else func_fatal_error "invalid argument '$opt'" fi done if test -n "$libs"; then if test -n "$lt_sysroot"; then sysroot_regex=`$ECHO "$lt_sysroot" | $SED "$sed_make_literal_regex"` sysroot_cmd="s/\([ ']\)$sysroot_regex/\1/g;" else sysroot_cmd= fi # Remove sysroot references if $opt_dry_run; then for lib in $libs; do echo "removing references to $lt_sysroot and '=' prefixes from $lib" done else tmpdir=`func_mktempdir` for lib in $libs; do sed -e "$sysroot_cmd s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \ > $tmpdir/tmp-la mv -f $tmpdir/tmp-la $lib done ${RM}r "$tmpdir" fi fi if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then for libdir in $libdirs; do if test -n "$finish_cmds"; then # Do each command in the finish commands. func_execute_cmds "$finish_cmds" 'admincmds="$admincmds '"$cmd"'"' fi if test -n "$finish_eval"; then # Do the single finish_eval. eval cmds=\"$finish_eval\" $opt_dry_run || eval "$cmds" || func_append admincmds " $cmds" fi done fi # Exit here if they wanted silent mode. $opt_quiet && exit $EXIT_SUCCESS if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then echo "----------------------------------------------------------------------" echo "Libraries have been installed in:" for libdir in $libdirs; do $ECHO " $libdir" done echo echo "If you ever happen to want to link against installed libraries" echo "in a given directory, LIBDIR, you must either use libtool, and" echo "specify the full pathname of the library, or use the '-LLIBDIR'" echo "flag during linking and do at least one of the following:" if test -n "$shlibpath_var"; then echo " - add LIBDIR to the '$shlibpath_var' environment variable" echo " during execution" fi if test -n "$runpath_var"; then echo " - add LIBDIR to the '$runpath_var' environment variable" echo " during linking" fi if test -n "$hardcode_libdir_flag_spec"; then libdir=LIBDIR eval flag=\"$hardcode_libdir_flag_spec\" $ECHO " - use the '$flag' linker flag" fi if test -n "$admincmds"; then $ECHO " - have your system administrator run these commands:$admincmds" fi if test -f /etc/ld.so.conf; then echo " - have your system administrator add LIBDIR to '/etc/ld.so.conf'" fi echo echo "See any operating system documentation about shared libraries for" case $host in solaris2.[6789]|solaris2.1[0-9]) echo "more information, such as the ld(1), crle(1) and ld.so(8) manual" echo "pages." ;; *) echo "more information, such as the ld(1) and ld.so(8) manual pages." ;; esac echo "----------------------------------------------------------------------" fi exit $EXIT_SUCCESS } test finish = "$opt_mode" && func_mode_finish ${1+"$@"} # func_mode_install arg... func_mode_install () { $debug_cmd # There may be an optional sh(1) argument at the beginning of # install_prog (especially on Windows NT). if test "$SHELL" = "$nonopt" || test /bin/sh = "$nonopt" || # Allow the use of GNU shtool's install command. case $nonopt in *shtool*) :;; *) false;; esac then # Aesthetically quote it. func_quote_for_eval "$nonopt" install_prog="$func_quote_for_eval_result " arg=$1 shift else install_prog= arg=$nonopt fi # The real first argument should be the name of the installation program. # Aesthetically quote it. func_quote_for_eval "$arg" func_append install_prog "$func_quote_for_eval_result" install_shared_prog=$install_prog case " $install_prog " in *[\\\ /]cp\ *) install_cp=: ;; *) install_cp=false ;; esac # We need to accept at least all the BSD install flags. dest= files= opts= prev= install_type= isdir=false stripme= no_mode=: for arg do arg2= if test -n "$dest"; then func_append files " $dest" dest=$arg continue fi case $arg in -d) isdir=: ;; -f) if $install_cp; then :; else prev=$arg fi ;; -g | -m | -o) prev=$arg ;; -s) stripme=" -s" continue ;; -*) ;; *) # If the previous option needed an argument, then skip it. if test -n "$prev"; then if test X-m = "X$prev" && test -n "$install_override_mode"; then arg2=$install_override_mode no_mode=false fi prev= else dest=$arg continue fi ;; esac # Aesthetically quote the argument. func_quote_for_eval "$arg" func_append install_prog " $func_quote_for_eval_result" if test -n "$arg2"; then func_quote_for_eval "$arg2" fi func_append install_shared_prog " $func_quote_for_eval_result" done test -z "$install_prog" && \ func_fatal_help "you must specify an install program" test -n "$prev" && \ func_fatal_help "the '$prev' option requires an argument" if test -n "$install_override_mode" && $no_mode; then if $install_cp; then :; else func_quote_for_eval "$install_override_mode" func_append install_shared_prog " -m $func_quote_for_eval_result" fi fi if test -z "$files"; then if test -z "$dest"; then func_fatal_help "no file or destination specified" else func_fatal_help "you must specify a destination" fi fi # Strip any trailing slash from the destination. func_stripname '' '/' "$dest" dest=$func_stripname_result # Check to see that the destination is a directory. test -d "$dest" && isdir=: if $isdir; then destdir=$dest destname= else func_dirname_and_basename "$dest" "" "." destdir=$func_dirname_result destname=$func_basename_result # Not a directory, so check to see that there is only one file specified. set dummy $files; shift test "$#" -gt 1 && \ func_fatal_help "'$dest' is not a directory" fi case $destdir in [\\/]* | [A-Za-z]:[\\/]*) ;; *) for file in $files; do case $file in *.lo) ;; *) func_fatal_help "'$destdir' must be an absolute directory name" ;; esac done ;; esac # This variable tells wrapper scripts just to set variables rather # than running their programs. libtool_install_magic=$magic staticlibs= future_libdirs= current_libdirs= for file in $files; do # Do each installation. case $file in *.$libext) # Do the static libraries later. func_append staticlibs " $file" ;; *.la) func_resolve_sysroot "$file" file=$func_resolve_sysroot_result # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$file" \ || func_fatal_help "'$file' is not a valid libtool archive" library_names= old_library= relink_command= func_source "$file" # Add the libdir to current_libdirs if it is the destination. if test "X$destdir" = "X$libdir"; then case "$current_libdirs " in *" $libdir "*) ;; *) func_append current_libdirs " $libdir" ;; esac else # Note the libdir as a future libdir. case "$future_libdirs " in *" $libdir "*) ;; *) func_append future_libdirs " $libdir" ;; esac fi func_dirname "$file" "/" "" dir=$func_dirname_result func_append dir "$objdir" if test -n "$relink_command"; then # Determine the prefix the user has applied to our future dir. inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"` # Don't allow the user to place us outside of our expected # location b/c this prevents finding dependent libraries that # are installed to the same prefix. # At present, this check doesn't affect windows .dll's that # are installed into $libdir/../bin (currently, that works fine) # but it's something to keep an eye on. test "$inst_prefix_dir" = "$destdir" && \ func_fatal_error "error: cannot install '$file' to a directory not ending in $libdir" if test -n "$inst_prefix_dir"; then # Stick the inst_prefix_dir data into the link command. relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` else relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"` fi func_warning "relinking '$file'" func_show_eval "$relink_command" \ 'func_fatal_error "error: relink '\''$file'\'' with the above command before installing it"' fi # See the names of the shared library. set dummy $library_names; shift if test -n "$1"; then realname=$1 shift srcname=$realname test -n "$relink_command" && srcname=${realname}T # Install the shared library and build the symlinks. func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \ 'exit $?' tstripme=$stripme case $host_os in cygwin* | mingw* | pw32* | cegcc*) case $realname in *.dll.a) tstripme= ;; esac ;; esac if test -n "$tstripme" && test -n "$striplib"; then func_show_eval "$striplib $destdir/$realname" 'exit $?' fi if test "$#" -gt 0; then # Delete the old symlinks, and create new ones. # Try 'ln -sf' first, because the 'ln' binary might depend on # the symlink we replace! Solaris /bin/ln does not understand -f, # so we also need to try rm && ln -s. for linkname do test "$linkname" != "$realname" \ && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })" done fi # Do each command in the postinstall commands. lib=$destdir/$realname func_execute_cmds "$postinstall_cmds" 'exit $?' fi # Install the pseudo-library for information purposes. func_basename "$file" name=$func_basename_result instname=$dir/${name}i func_show_eval "$install_prog $instname $destdir/$name" 'exit $?' # Maybe install the static library, too. test -n "$old_library" && func_append staticlibs " $dir/$old_library" ;; *.lo) # Install (i.e. copy) a libtool object. # Figure out destination file name, if it wasn't already specified. if test -n "$destname"; then destfile=$destdir/$destname else func_basename "$file" destfile=$func_basename_result destfile=$destdir/$destfile fi # Deduce the name of the destination old-style object file. case $destfile in *.lo) func_lo2o "$destfile" staticdest=$func_lo2o_result ;; *.$objext) staticdest=$destfile destfile= ;; *) func_fatal_help "cannot copy a libtool object to '$destfile'" ;; esac # Install the libtool object if requested. test -n "$destfile" && \ func_show_eval "$install_prog $file $destfile" 'exit $?' # Install the old object if enabled. if test yes = "$build_old_libs"; then # Deduce the name of the old-style object file. func_lo2o "$file" staticobj=$func_lo2o_result func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?' fi exit $EXIT_SUCCESS ;; *) # Figure out destination file name, if it wasn't already specified. if test -n "$destname"; then destfile=$destdir/$destname else func_basename "$file" destfile=$func_basename_result destfile=$destdir/$destfile fi # If the file is missing, and there is a .exe on the end, strip it # because it is most likely a libtool script we actually want to # install stripped_ext= case $file in *.exe) if test ! -f "$file"; then func_stripname '' '.exe' "$file" file=$func_stripname_result stripped_ext=.exe fi ;; esac # Do a test to see if this is really a libtool program. case $host in *cygwin* | *mingw*) if func_ltwrapper_executable_p "$file"; then func_ltwrapper_scriptname "$file" wrapper=$func_ltwrapper_scriptname_result else func_stripname '' '.exe' "$file" wrapper=$func_stripname_result fi ;; *) wrapper=$file ;; esac if func_ltwrapper_script_p "$wrapper"; then notinst_deplibs= relink_command= func_source "$wrapper" # Check the variables that should have been set. test -z "$generated_by_libtool_version" && \ func_fatal_error "invalid libtool wrapper script '$wrapper'" finalize=: for lib in $notinst_deplibs; do # Check to see that each library is installed. libdir= if test -f "$lib"; then func_source "$lib" fi libfile=$libdir/`$ECHO "$lib" | $SED 's%^.*/%%g'` if test -n "$libdir" && test ! -f "$libfile"; then func_warning "'$lib' has not been installed in '$libdir'" finalize=false fi done relink_command= func_source "$wrapper" outputname= if test no = "$fast_install" && test -n "$relink_command"; then $opt_dry_run || { if $finalize; then tmpdir=`func_mktempdir` func_basename "$file$stripped_ext" file=$func_basename_result outputname=$tmpdir/$file # Replace the output file specification. relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` $opt_quiet || { func_quote_for_expand "$relink_command" eval "func_echo $func_quote_for_expand_result" } if eval "$relink_command"; then : else func_error "error: relink '$file' with the above command before installing it" $opt_dry_run || ${RM}r "$tmpdir" continue fi file=$outputname else func_warning "cannot relink '$file'" fi } else # Install the binary that we compiled earlier. file=`$ECHO "$file$stripped_ext" | $SED "s%\([^/]*\)$%$objdir/\1%"` fi fi # remove .exe since cygwin /usr/bin/install will append another # one anyway case $install_prog,$host in */usr/bin/install*,*cygwin*) case $file:$destfile in *.exe:*.exe) # this is ok ;; *.exe:*) destfile=$destfile.exe ;; *:*.exe) func_stripname '' '.exe' "$destfile" destfile=$func_stripname_result ;; esac ;; esac func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?' $opt_dry_run || if test -n "$outputname"; then ${RM}r "$tmpdir" fi ;; esac done for file in $staticlibs; do func_basename "$file" name=$func_basename_result # Set up the ranlib parameters. oldlib=$destdir/$name func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 tool_oldlib=$func_to_tool_file_result func_show_eval "$install_prog \$file \$oldlib" 'exit $?' if test -n "$stripme" && test -n "$old_striplib"; then func_show_eval "$old_striplib $tool_oldlib" 'exit $?' fi # Do each command in the postinstall commands. func_execute_cmds "$old_postinstall_cmds" 'exit $?' done test -n "$future_libdirs" && \ func_warning "remember to run '$progname --finish$future_libdirs'" if test -n "$current_libdirs"; then # Maybe just do a dry run. $opt_dry_run && current_libdirs=" -n$current_libdirs" exec_cmd='$SHELL "$progpath" $preserve_args --finish$current_libdirs' else exit $EXIT_SUCCESS fi } test install = "$opt_mode" && func_mode_install ${1+"$@"} # func_generate_dlsyms outputname originator pic_p # Extract symbols from dlprefiles and create ${outputname}S.o with # a dlpreopen symbol table. func_generate_dlsyms () { $debug_cmd my_outputname=$1 my_originator=$2 my_pic_p=${3-false} my_prefix=`$ECHO "$my_originator" | sed 's%[^a-zA-Z0-9]%_%g'` my_dlsyms= if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then if test -n "$NM" && test -n "$global_symbol_pipe"; then my_dlsyms=${my_outputname}S.c else func_error "not configured to extract global symbols from dlpreopened files" fi fi if test -n "$my_dlsyms"; then case $my_dlsyms in "") ;; *.c) # Discover the nlist of each of the dlfiles. nlist=$output_objdir/$my_outputname.nm func_show_eval "$RM $nlist ${nlist}S ${nlist}T" # Parse the name list into a source file. func_verbose "creating $output_objdir/$my_dlsyms" $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\ /* $my_dlsyms - symbol resolution table for '$my_outputname' dlsym emulation. */ /* Generated by $PROGRAM (GNU $PACKAGE) $VERSION */ #ifdef __cplusplus extern \"C\" { #endif #if defined __GNUC__ && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4)) #pragma GCC diagnostic ignored \"-Wstrict-prototypes\" #endif /* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ #if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE /* DATA imports from DLLs on WIN32 can't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */ # define LT_DLSYM_CONST #elif defined __osf__ /* This system does not cope well with relocations in const data. */ # define LT_DLSYM_CONST #else # define LT_DLSYM_CONST const #endif #define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) /* External symbol declarations for the compiler. */\ " if test yes = "$dlself"; then func_verbose "generating symbol list for '$output'" $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist" # Add our own program objects to the symbol list. progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP` for progfile in $progfiles; do func_to_tool_file "$progfile" func_convert_file_msys_to_w32 func_verbose "extracting global C symbols from '$func_to_tool_file_result'" $opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'" done if test -n "$exclude_expsyms"; then $opt_dry_run || { eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' } fi if test -n "$export_symbols_regex"; then $opt_dry_run || { eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' } fi # Prepare the list of exported symbols if test -z "$export_symbols"; then export_symbols=$output_objdir/$outputname.exp $opt_dry_run || { $RM $export_symbols eval "$SED -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' case $host in *cygwin* | *mingw* | *cegcc* ) eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"' ;; esac } else $opt_dry_run || { eval "$SED -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' case $host in *cygwin* | *mingw* | *cegcc* ) eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' ;; esac } fi fi for dlprefile in $dlprefiles; do func_verbose "extracting global C symbols from '$dlprefile'" func_basename "$dlprefile" name=$func_basename_result case $host in *cygwin* | *mingw* | *cegcc* ) # if an import library, we need to obtain dlname if func_win32_import_lib_p "$dlprefile"; then func_tr_sh "$dlprefile" eval "curr_lafile=\$libfile_$func_tr_sh_result" dlprefile_dlbasename= if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then # Use subshell, to avoid clobbering current variable values dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"` if test -n "$dlprefile_dlname"; then func_basename "$dlprefile_dlname" dlprefile_dlbasename=$func_basename_result else # no lafile. user explicitly requested -dlpreopen . $sharedlib_from_linklib_cmd "$dlprefile" dlprefile_dlbasename=$sharedlib_from_linklib_result fi fi $opt_dry_run || { if test -n "$dlprefile_dlbasename"; then eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"' else func_warning "Could not compute DLL name from $name" eval '$ECHO ": $name " >> "$nlist"' fi func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe | $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'" } else # not an import lib $opt_dry_run || { eval '$ECHO ": $name " >> "$nlist"' func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" } fi ;; *) $opt_dry_run || { eval '$ECHO ": $name " >> "$nlist"' func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" } ;; esac done $opt_dry_run || { # Make sure we have at least an empty file. test -f "$nlist" || : > "$nlist" if test -n "$exclude_expsyms"; then $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T $MV "$nlist"T "$nlist" fi # Try sorting and uniquifying the output. if $GREP -v "^: " < "$nlist" | if sort -k 3 /dev/null 2>&1; then sort -k 3 else sort +2 fi | uniq > "$nlist"S; then : else $GREP -v "^: " < "$nlist" > "$nlist"S fi if test -f "$nlist"S; then eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"' else echo '/* NONE */' >> "$output_objdir/$my_dlsyms" fi func_show_eval '$RM "${nlist}I"' if test -n "$global_symbol_to_import"; then eval "$global_symbol_to_import"' < "$nlist"S > "$nlist"I' fi echo >> "$output_objdir/$my_dlsyms" "\ /* The mapping between symbol names and symbols. */ typedef struct { const char *name; void *address; } lt_dlsymlist; extern LT_DLSYM_CONST lt_dlsymlist lt_${my_prefix}_LTX_preloaded_symbols[];\ " if test -s "$nlist"I; then echo >> "$output_objdir/$my_dlsyms" "\ static void lt_syminit(void) { LT_DLSYM_CONST lt_dlsymlist *symbol = lt_${my_prefix}_LTX_preloaded_symbols; for (; symbol->name; ++symbol) {" $SED 's/.*/ if (STREQ (symbol->name, \"&\")) symbol->address = (void *) \&&;/' < "$nlist"I >> "$output_objdir/$my_dlsyms" echo >> "$output_objdir/$my_dlsyms" "\ } }" fi echo >> "$output_objdir/$my_dlsyms" "\ LT_DLSYM_CONST lt_dlsymlist lt_${my_prefix}_LTX_preloaded_symbols[] = { {\"$my_originator\", (void *) 0}," if test -s "$nlist"I; then echo >> "$output_objdir/$my_dlsyms" "\ {\"@INIT@\", (void *) <_syminit}," fi case $need_lib_prefix in no) eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms" ;; *) eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms" ;; esac echo >> "$output_objdir/$my_dlsyms" "\ {0, (void *) 0} }; /* This works around a problem in FreeBSD linker */ #ifdef FREEBSD_WORKAROUND static const void *lt_preloaded_setup() { return lt_${my_prefix}_LTX_preloaded_symbols; } #endif #ifdef __cplusplus } #endif\ " } # !$opt_dry_run pic_flag_for_symtable= case "$compile_command " in *" -static "*) ;; *) case $host in # compiling the symbol table file with pic_flag works around # a FreeBSD bug that causes programs to crash when -lm is # linked before any other PIC object. But we must not use # pic_flag when linking with -static. The problem exists in # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; *-*-hpux*) pic_flag_for_symtable=" $pic_flag" ;; *) $my_pic_p && pic_flag_for_symtable=" $pic_flag" ;; esac ;; esac symtab_cflags= for arg in $LTCFLAGS; do case $arg in -pie | -fpie | -fPIE) ;; *) func_append symtab_cflags " $arg" ;; esac done # Now compile the dynamic symbol file. func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?' # Clean up the generated files. func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T" "${nlist}I"' # Transform the symbol file into the correct name. symfileobj=$output_objdir/${my_outputname}S.$objext case $host in *cygwin* | *mingw* | *cegcc* ) if test -f "$output_objdir/$my_outputname.def"; then compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` else compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` fi ;; *) compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` ;; esac ;; *) func_fatal_error "unknown suffix for '$my_dlsyms'" ;; esac else # We keep going just in case the user didn't refer to # lt_preloaded_symbols. The linker will fail if global_symbol_pipe # really was required. # Nullify the symbol file. compile_command=`$ECHO "$compile_command" | $SED "s% @SYMFILE@%%"` finalize_command=`$ECHO "$finalize_command" | $SED "s% @SYMFILE@%%"` fi } # func_cygming_gnu_implib_p ARG # This predicate returns with zero status (TRUE) if # ARG is a GNU/binutils-style import library. Returns # with nonzero status (FALSE) otherwise. func_cygming_gnu_implib_p () { $debug_cmd func_to_tool_file "$1" func_convert_file_msys_to_w32 func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'` test -n "$func_cygming_gnu_implib_tmp" } # func_cygming_ms_implib_p ARG # This predicate returns with zero status (TRUE) if # ARG is an MS-style import library. Returns # with nonzero status (FALSE) otherwise. func_cygming_ms_implib_p () { $debug_cmd func_to_tool_file "$1" func_convert_file_msys_to_w32 func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'` test -n "$func_cygming_ms_implib_tmp" } # func_win32_libid arg # return the library type of file 'arg' # # Need a lot of goo to handle *both* DLLs and import libs # Has to be a shell function in order to 'eat' the argument # that is supplied when $file_magic_command is called. # Despite the name, also deal with 64 bit binaries. func_win32_libid () { $debug_cmd win32_libid_type=unknown win32_fileres=`file -L $1 2>/dev/null` case $win32_fileres in *ar\ archive\ import\ library*) # definitely import win32_libid_type="x86 archive import" ;; *ar\ archive*) # could be an import, or static # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD. if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then case $nm_interface in "MS dumpbin") if func_cygming_ms_implib_p "$1" || func_cygming_gnu_implib_p "$1" then win32_nmres=import else win32_nmres= fi ;; *) func_to_tool_file "$1" func_convert_file_msys_to_w32 win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" | $SED -n -e ' 1,100{ / I /{ s|.*|import| p q } }'` ;; esac case $win32_nmres in import*) win32_libid_type="x86 archive import";; *) win32_libid_type="x86 archive static";; esac fi ;; *DLL*) win32_libid_type="x86 DLL" ;; *executable*) # but shell scripts are "executable" too... case $win32_fileres in *MS\ Windows\ PE\ Intel*) win32_libid_type="x86 DLL" ;; esac ;; esac $ECHO "$win32_libid_type" } # func_cygming_dll_for_implib ARG # # Platform-specific function to extract the # name of the DLL associated with the specified # import library ARG. # Invoked by eval'ing the libtool variable # $sharedlib_from_linklib_cmd # Result is available in the variable # $sharedlib_from_linklib_result func_cygming_dll_for_implib () { $debug_cmd sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"` } # func_cygming_dll_for_implib_fallback_core SECTION_NAME LIBNAMEs # # The is the core of a fallback implementation of a # platform-specific function to extract the name of the # DLL associated with the specified import library LIBNAME. # # SECTION_NAME is either .idata$6 or .idata$7, depending # on the platform and compiler that created the implib. # # Echos the name of the DLL associated with the # specified import library. func_cygming_dll_for_implib_fallback_core () { $debug_cmd match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"` $OBJDUMP -s --section "$1" "$2" 2>/dev/null | $SED '/^Contents of section '"$match_literal"':/{ # Place marker at beginning of archive member dllname section s/.*/====MARK====/ p d } # These lines can sometimes be longer than 43 characters, but # are always uninteresting /:[ ]*file format pe[i]\{,1\}-/d /^In archive [^:]*:/d # Ensure marker is printed /^====MARK====/p # Remove all lines with less than 43 characters /^.\{43\}/!d # From remaining lines, remove first 43 characters s/^.\{43\}//' | $SED -n ' # Join marker and all lines until next marker into a single line /^====MARK====/ b para H $ b para b :para x s/\n//g # Remove the marker s/^====MARK====// # Remove trailing dots and whitespace s/[\. \t]*$// # Print /./p' | # we now have a list, one entry per line, of the stringified # contents of the appropriate section of all members of the # archive that possess that section. Heuristic: eliminate # all those that have a first or second character that is # a '.' (that is, objdump's representation of an unprintable # character.) This should work for all archives with less than # 0x302f exports -- but will fail for DLLs whose name actually # begins with a literal '.' or a single character followed by # a '.'. # # Of those that remain, print the first one. $SED -e '/^\./d;/^.\./d;q' } # func_cygming_dll_for_implib_fallback ARG # Platform-specific function to extract the # name of the DLL associated with the specified # import library ARG. # # This fallback implementation is for use when $DLLTOOL # does not support the --identify-strict option. # Invoked by eval'ing the libtool variable # $sharedlib_from_linklib_cmd # Result is available in the variable # $sharedlib_from_linklib_result func_cygming_dll_for_implib_fallback () { $debug_cmd if func_cygming_gnu_implib_p "$1"; then # binutils import library sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"` elif func_cygming_ms_implib_p "$1"; then # ms-generated import library sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"` else # unknown sharedlib_from_linklib_result= fi } # func_extract_an_archive dir oldlib func_extract_an_archive () { $debug_cmd f_ex_an_ar_dir=$1; shift f_ex_an_ar_oldlib=$1 if test yes = "$lock_old_archive_extraction"; then lockfile=$f_ex_an_ar_oldlib.lock until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do func_echo "Waiting for $lockfile to be removed" sleep 2 done fi func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \ 'stat=$?; rm -f "$lockfile"; exit $stat' if test yes = "$lock_old_archive_extraction"; then $opt_dry_run || rm -f "$lockfile" fi if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then : else func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" fi } # func_extract_archives gentop oldlib ... func_extract_archives () { $debug_cmd my_gentop=$1; shift my_oldlibs=${1+"$@"} my_oldobjs= my_xlib= my_xabs= my_xdir= for my_xlib in $my_oldlibs; do # Extract the objects. case $my_xlib in [\\/]* | [A-Za-z]:[\\/]*) my_xabs=$my_xlib ;; *) my_xabs=`pwd`"/$my_xlib" ;; esac func_basename "$my_xlib" my_xlib=$func_basename_result my_xlib_u=$my_xlib while :; do case " $extracted_archives " in *" $my_xlib_u "*) func_arith $extracted_serial + 1 extracted_serial=$func_arith_result my_xlib_u=lt$extracted_serial-$my_xlib ;; *) break ;; esac done extracted_archives="$extracted_archives $my_xlib_u" my_xdir=$my_gentop/$my_xlib_u func_mkdir_p "$my_xdir" case $host in *-darwin*) func_verbose "Extracting $my_xabs" # Do not bother doing anything if just a dry run $opt_dry_run || { darwin_orig_dir=`pwd` cd $my_xdir || exit $? darwin_archive=$my_xabs darwin_curdir=`pwd` func_basename "$darwin_archive" darwin_base_archive=$func_basename_result darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true` if test -n "$darwin_arches"; then darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'` darwin_arch= func_verbose "$darwin_base_archive has multiple architectures $darwin_arches" for darwin_arch in $darwin_arches; do func_mkdir_p "unfat-$$/$darwin_base_archive-$darwin_arch" $LIPO -thin $darwin_arch -output "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" "$darwin_archive" cd "unfat-$$/$darwin_base_archive-$darwin_arch" func_extract_an_archive "`pwd`" "$darwin_base_archive" cd "$darwin_curdir" $RM "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" done # $darwin_arches ## Okay now we've a bunch of thin objects, gotta fatten them up :) darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$basename" | sort -u` darwin_file= darwin_files= for darwin_file in $darwin_filelist; do darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP` $LIPO -create -output "$darwin_file" $darwin_files done # $darwin_filelist $RM -rf unfat-$$ cd "$darwin_orig_dir" else cd $darwin_orig_dir func_extract_an_archive "$my_xdir" "$my_xabs" fi # $darwin_arches } # !$opt_dry_run ;; *) func_extract_an_archive "$my_xdir" "$my_xabs" ;; esac my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP` done func_extract_archives_result=$my_oldobjs } # func_emit_wrapper [arg=no] # # Emit a libtool wrapper script on stdout. # Don't directly open a file because we may want to # incorporate the script contents within a cygwin/mingw # wrapper executable. Must ONLY be called from within # func_mode_link because it depends on a number of variables # set therein. # # ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR # variable will take. If 'yes', then the emitted script # will assume that the directory where it is stored is # the $objdir directory. This is a cygwin/mingw-specific # behavior. func_emit_wrapper () { func_emit_wrapper_arg1=${1-no} $ECHO "\ #! $SHELL # $output - temporary wrapper script for $objdir/$outputname # Generated by $PROGRAM (GNU $PACKAGE) $VERSION # # The $output program cannot be directly executed until all the libtool # libraries that it depends on are installed. # # This wrapper script should never be moved out of the build directory. # If it is, it will not operate correctly. # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. sed_quote_subst='$sed_quote_subst' # Be Bourne compatible if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac fi BIN_SH=xpg4; export BIN_SH # for Tru64 DUALCASE=1; export DUALCASE # for MKS sh # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH relink_command=\"$relink_command\" # This environment variable determines our operation mode. if test \"\$libtool_install_magic\" = \"$magic\"; then # install mode needs the following variables: generated_by_libtool_version='$macro_version' notinst_deplibs='$notinst_deplibs' else # When we are sourced in execute mode, \$file and \$ECHO are already set. if test \"\$libtool_execute_magic\" != \"$magic\"; then file=\"\$0\"" qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"` $ECHO "\ # A function that is used when there is no print builtin or printf. func_fallback_echo () { eval 'cat <<_LTECHO_EOF \$1 _LTECHO_EOF' } ECHO=\"$qECHO\" fi # Very basic option parsing. These options are (a) specific to # the libtool wrapper, (b) are identical between the wrapper # /script/ and the wrapper /executable/ that is used only on # windows platforms, and (c) all begin with the string "--lt-" # (application programs are unlikely to have options that match # this pattern). # # There are only two supported options: --lt-debug and # --lt-dump-script. There is, deliberately, no --lt-help. # # The first argument to this parsing function should be the # script's $0 value, followed by "$@". lt_option_debug= func_parse_lt_options () { lt_script_arg0=\$0 shift for lt_opt do case \"\$lt_opt\" in --lt-debug) lt_option_debug=1 ;; --lt-dump-script) lt_dump_D=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%/[^/]*$%%'\` test \"X\$lt_dump_D\" = \"X\$lt_script_arg0\" && lt_dump_D=. lt_dump_F=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%^.*/%%'\` cat \"\$lt_dump_D/\$lt_dump_F\" exit 0 ;; --lt-*) \$ECHO \"Unrecognized --lt- option: '\$lt_opt'\" 1>&2 exit 1 ;; esac done # Print the debug banner immediately: if test -n \"\$lt_option_debug\"; then echo \"$outputname:$output:\$LINENO: libtool wrapper (GNU $PACKAGE) $VERSION\" 1>&2 fi } # Used when --lt-debug. Prints its arguments to stdout # (redirection is the responsibility of the caller) func_lt_dump_args () { lt_dump_args_N=1; for lt_arg do \$ECHO \"$outputname:$output:\$LINENO: newargv[\$lt_dump_args_N]: \$lt_arg\" lt_dump_args_N=\`expr \$lt_dump_args_N + 1\` done } # Core function for launching the target application func_exec_program_core () { " case $host in # Backslashes separate directories on plain windows *-*-mingw | *-*-os2* | *-cegcc*) $ECHO "\ if test -n \"\$lt_option_debug\"; then \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir\\\\\$program\" 1>&2 func_lt_dump_args \${1+\"\$@\"} 1>&2 fi exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} " ;; *) $ECHO "\ if test -n \"\$lt_option_debug\"; then \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir/\$program\" 1>&2 func_lt_dump_args \${1+\"\$@\"} 1>&2 fi exec \"\$progdir/\$program\" \${1+\"\$@\"} " ;; esac $ECHO "\ \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2 exit 1 } # A function to encapsulate launching the target application # Strips options in the --lt-* namespace from \$@ and # launches target application with the remaining arguments. func_exec_program () { case \" \$* \" in *\\ --lt-*) for lt_wr_arg do case \$lt_wr_arg in --lt-*) ;; *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; esac shift done ;; esac func_exec_program_core \${1+\"\$@\"} } # Parse options func_parse_lt_options \"\$0\" \${1+\"\$@\"} # Find the directory that this script lives in. thisdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*$%%'\` test \"x\$thisdir\" = \"x\$file\" && thisdir=. # Follow symbolic links until we get to the real thisdir. file=\`ls -ld \"\$file\" | $SED -n 's/.*-> //p'\` while test -n \"\$file\"; do destdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*\$%%'\` # If there was a directory component, then change thisdir. if test \"x\$destdir\" != \"x\$file\"; then case \"\$destdir\" in [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;; *) thisdir=\"\$thisdir/\$destdir\" ;; esac fi file=\`\$ECHO \"\$file\" | $SED 's%^.*/%%'\` file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\` done # Usually 'no', except on cygwin/mingw when embedded into # the cwrapper. WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1 if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then # special case for '.' if test \"\$thisdir\" = \".\"; then thisdir=\`pwd\` fi # remove .libs from thisdir case \"\$thisdir\" in *[\\\\/]$objdir ) thisdir=\`\$ECHO \"\$thisdir\" | $SED 's%[\\\\/][^\\\\/]*$%%'\` ;; $objdir ) thisdir=. ;; esac fi # Try to get the absolute directory name. absdir=\`cd \"\$thisdir\" && pwd\` test -n \"\$absdir\" && thisdir=\"\$absdir\" " if test yes = "$fast_install"; then $ECHO "\ program=lt-'$outputname'$exeext progdir=\"\$thisdir/$objdir\" if test ! -f \"\$progdir/\$program\" || { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | $SED 1q\`; \\ test \"X\$file\" != \"X\$progdir/\$program\"; }; then file=\"\$\$-\$program\" if test ! -d \"\$progdir\"; then $MKDIR \"\$progdir\" else $RM \"\$progdir/\$file\" fi" $ECHO "\ # relink executable if necessary if test -n \"\$relink_command\"; then if relink_command_output=\`eval \$relink_command 2>&1\`; then : else $ECHO \"\$relink_command_output\" >&2 $RM \"\$progdir/\$file\" exit 1 fi fi $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null || { $RM \"\$progdir/\$program\"; $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; } $RM \"\$progdir/\$file\" fi" else $ECHO "\ program='$outputname' progdir=\"\$thisdir/$objdir\" " fi $ECHO "\ if test -f \"\$progdir/\$program\"; then" # fixup the dll searchpath if we need to. # # Fix the DLL searchpath if we need to. Do this before prepending # to shlibpath, because on Windows, both are PATH and uninstalled # libraries must come first. if test -n "$dllsearchpath"; then $ECHO "\ # Add the dll search path components to the executable PATH PATH=$dllsearchpath:\$PATH " fi # Export our shlibpath_var if we have one. if test yes = "$shlibpath_overrides_runpath" && test -n "$shlibpath_var" && test -n "$temp_rpath"; then $ECHO "\ # Add our own library path to $shlibpath_var $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" # Some systems cannot cope with colon-terminated $shlibpath_var # The second colon is a workaround for a bug in BeOS R4 sed $shlibpath_var=\`\$ECHO \"\$$shlibpath_var\" | $SED 's/::*\$//'\` export $shlibpath_var " fi $ECHO "\ if test \"\$libtool_execute_magic\" != \"$magic\"; then # Run the actual program with our arguments. func_exec_program \${1+\"\$@\"} fi else # The program doesn't exist. \$ECHO \"\$0: error: '\$progdir/\$program' does not exist\" 1>&2 \$ECHO \"This script is just a wrapper for \$program.\" 1>&2 \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 exit 1 fi fi\ " } # func_emit_cwrapperexe_src # emit the source code for a wrapper executable on stdout # Must ONLY be called from within func_mode_link because # it depends on a number of variable set therein. func_emit_cwrapperexe_src () { cat < #include #ifdef _MSC_VER # include # include # include #else # include # include # ifdef __CYGWIN__ # include # endif #endif #include #include #include #include #include #include #include #include #define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) /* declarations of non-ANSI functions */ #if defined __MINGW32__ # ifdef __STRICT_ANSI__ int _putenv (const char *); # endif #elif defined __CYGWIN__ # ifdef __STRICT_ANSI__ char *realpath (const char *, char *); int putenv (char *); int setenv (const char *, const char *, int); # endif /* #elif defined other_platform || defined ... */ #endif /* portability defines, excluding path handling macros */ #if defined _MSC_VER # define setmode _setmode # define stat _stat # define chmod _chmod # define getcwd _getcwd # define putenv _putenv # define S_IXUSR _S_IEXEC #elif defined __MINGW32__ # define setmode _setmode # define stat _stat # define chmod _chmod # define getcwd _getcwd # define putenv _putenv #elif defined __CYGWIN__ # define HAVE_SETENV # define FOPEN_WB "wb" /* #elif defined other platforms ... */ #endif #if defined PATH_MAX # define LT_PATHMAX PATH_MAX #elif defined MAXPATHLEN # define LT_PATHMAX MAXPATHLEN #else # define LT_PATHMAX 1024 #endif #ifndef S_IXOTH # define S_IXOTH 0 #endif #ifndef S_IXGRP # define S_IXGRP 0 #endif /* path handling portability macros */ #ifndef DIR_SEPARATOR # define DIR_SEPARATOR '/' # define PATH_SEPARATOR ':' #endif #if defined _WIN32 || defined __MSDOS__ || defined __DJGPP__ || \ defined __OS2__ # define HAVE_DOS_BASED_FILE_SYSTEM # define FOPEN_WB "wb" # ifndef DIR_SEPARATOR_2 # define DIR_SEPARATOR_2 '\\' # endif # ifndef PATH_SEPARATOR_2 # define PATH_SEPARATOR_2 ';' # endif #endif #ifndef DIR_SEPARATOR_2 # define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR) #else /* DIR_SEPARATOR_2 */ # define IS_DIR_SEPARATOR(ch) \ (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2)) #endif /* DIR_SEPARATOR_2 */ #ifndef PATH_SEPARATOR_2 # define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR) #else /* PATH_SEPARATOR_2 */ # define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) #endif /* PATH_SEPARATOR_2 */ #ifndef FOPEN_WB # define FOPEN_WB "w" #endif #ifndef _O_BINARY # define _O_BINARY 0 #endif #define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) #define XFREE(stale) do { \ if (stale) { free (stale); stale = 0; } \ } while (0) #if defined LT_DEBUGWRAPPER static int lt_debug = 1; #else static int lt_debug = 0; #endif const char *program_name = "libtool-wrapper"; /* in case xstrdup fails */ void *xmalloc (size_t num); char *xstrdup (const char *string); const char *base_name (const char *name); char *find_executable (const char *wrapper); char *chase_symlinks (const char *pathspec); int make_executable (const char *path); int check_executable (const char *path); char *strendzap (char *str, const char *pat); void lt_debugprintf (const char *file, int line, const char *fmt, ...); void lt_fatal (const char *file, int line, const char *message, ...); static const char *nonnull (const char *s); static const char *nonempty (const char *s); void lt_setenv (const char *name, const char *value); char *lt_extend_str (const char *orig_value, const char *add, int to_end); void lt_update_exe_path (const char *name, const char *value); void lt_update_lib_path (const char *name, const char *value); char **prepare_spawn (char **argv); void lt_dump_script (FILE *f); EOF cat <= 0) && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) return 1; else return 0; } int make_executable (const char *path) { int rval = 0; struct stat st; lt_debugprintf (__FILE__, __LINE__, "(make_executable): %s\n", nonempty (path)); if ((!path) || (!*path)) return 0; if (stat (path, &st) >= 0) { rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR); } return rval; } /* Searches for the full path of the wrapper. Returns newly allocated full path name if found, NULL otherwise Does not chase symlinks, even on platforms that support them. */ char * find_executable (const char *wrapper) { int has_slash = 0; const char *p; const char *p_next; /* static buffer for getcwd */ char tmp[LT_PATHMAX + 1]; size_t tmp_len; char *concat_name; lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n", nonempty (wrapper)); if ((wrapper == NULL) || (*wrapper == '\0')) return NULL; /* Absolute path? */ #if defined HAVE_DOS_BASED_FILE_SYSTEM if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':') { concat_name = xstrdup (wrapper); if (check_executable (concat_name)) return concat_name; XFREE (concat_name); } else { #endif if (IS_DIR_SEPARATOR (wrapper[0])) { concat_name = xstrdup (wrapper); if (check_executable (concat_name)) return concat_name; XFREE (concat_name); } #if defined HAVE_DOS_BASED_FILE_SYSTEM } #endif for (p = wrapper; *p; p++) if (*p == '/') { has_slash = 1; break; } if (!has_slash) { /* no slashes; search PATH */ const char *path = getenv ("PATH"); if (path != NULL) { for (p = path; *p; p = p_next) { const char *q; size_t p_len; for (q = p; *q; q++) if (IS_PATH_SEPARATOR (*q)) break; p_len = (size_t) (q - p); p_next = (*q == '\0' ? q : q + 1); if (p_len == 0) { /* empty path: current directory */ if (getcwd (tmp, LT_PATHMAX) == NULL) lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", nonnull (strerror (errno))); tmp_len = strlen (tmp); concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); memcpy (concat_name, tmp, tmp_len); concat_name[tmp_len] = '/'; strcpy (concat_name + tmp_len + 1, wrapper); } else { concat_name = XMALLOC (char, p_len + 1 + strlen (wrapper) + 1); memcpy (concat_name, p, p_len); concat_name[p_len] = '/'; strcpy (concat_name + p_len + 1, wrapper); } if (check_executable (concat_name)) return concat_name; XFREE (concat_name); } } /* not found in PATH; assume curdir */ } /* Relative path | not found in path: prepend cwd */ if (getcwd (tmp, LT_PATHMAX) == NULL) lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", nonnull (strerror (errno))); tmp_len = strlen (tmp); concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); memcpy (concat_name, tmp, tmp_len); concat_name[tmp_len] = '/'; strcpy (concat_name + tmp_len + 1, wrapper); if (check_executable (concat_name)) return concat_name; XFREE (concat_name); return NULL; } char * chase_symlinks (const char *pathspec) { #ifndef S_ISLNK return xstrdup (pathspec); #else char buf[LT_PATHMAX]; struct stat s; char *tmp_pathspec = xstrdup (pathspec); char *p; int has_symlinks = 0; while (strlen (tmp_pathspec) && !has_symlinks) { lt_debugprintf (__FILE__, __LINE__, "checking path component for symlinks: %s\n", tmp_pathspec); if (lstat (tmp_pathspec, &s) == 0) { if (S_ISLNK (s.st_mode) != 0) { has_symlinks = 1; break; } /* search backwards for last DIR_SEPARATOR */ p = tmp_pathspec + strlen (tmp_pathspec) - 1; while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) p--; if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) { /* no more DIR_SEPARATORS left */ break; } *p = '\0'; } else { lt_fatal (__FILE__, __LINE__, "error accessing file \"%s\": %s", tmp_pathspec, nonnull (strerror (errno))); } } XFREE (tmp_pathspec); if (!has_symlinks) { return xstrdup (pathspec); } tmp_pathspec = realpath (pathspec, buf); if (tmp_pathspec == 0) { lt_fatal (__FILE__, __LINE__, "could not follow symlinks for %s", pathspec); } return xstrdup (tmp_pathspec); #endif } char * strendzap (char *str, const char *pat) { size_t len, patlen; assert (str != NULL); assert (pat != NULL); len = strlen (str); patlen = strlen (pat); if (patlen <= len) { str += len - patlen; if (STREQ (str, pat)) *str = '\0'; } return str; } void lt_debugprintf (const char *file, int line, const char *fmt, ...) { va_list args; if (lt_debug) { (void) fprintf (stderr, "%s:%s:%d: ", program_name, file, line); va_start (args, fmt); (void) vfprintf (stderr, fmt, args); va_end (args); } } static void lt_error_core (int exit_status, const char *file, int line, const char *mode, const char *message, va_list ap) { fprintf (stderr, "%s:%s:%d: %s: ", program_name, file, line, mode); vfprintf (stderr, message, ap); fprintf (stderr, ".\n"); if (exit_status >= 0) exit (exit_status); } void lt_fatal (const char *file, int line, const char *message, ...) { va_list ap; va_start (ap, message); lt_error_core (EXIT_FAILURE, file, line, "FATAL", message, ap); va_end (ap); } static const char * nonnull (const char *s) { return s ? s : "(null)"; } static const char * nonempty (const char *s) { return (s && !*s) ? "(empty)" : nonnull (s); } void lt_setenv (const char *name, const char *value) { lt_debugprintf (__FILE__, __LINE__, "(lt_setenv) setting '%s' to '%s'\n", nonnull (name), nonnull (value)); { #ifdef HAVE_SETENV /* always make a copy, for consistency with !HAVE_SETENV */ char *str = xstrdup (value); setenv (name, str, 1); #else size_t len = strlen (name) + 1 + strlen (value) + 1; char *str = XMALLOC (char, len); sprintf (str, "%s=%s", name, value); if (putenv (str) != EXIT_SUCCESS) { XFREE (str); } #endif } } char * lt_extend_str (const char *orig_value, const char *add, int to_end) { char *new_value; if (orig_value && *orig_value) { size_t orig_value_len = strlen (orig_value); size_t add_len = strlen (add); new_value = XMALLOC (char, add_len + orig_value_len + 1); if (to_end) { strcpy (new_value, orig_value); strcpy (new_value + orig_value_len, add); } else { strcpy (new_value, add); strcpy (new_value + add_len, orig_value); } } else { new_value = xstrdup (add); } return new_value; } void lt_update_exe_path (const char *name, const char *value) { lt_debugprintf (__FILE__, __LINE__, "(lt_update_exe_path) modifying '%s' by prepending '%s'\n", nonnull (name), nonnull (value)); if (name && *name && value && *value) { char *new_value = lt_extend_str (getenv (name), value, 0); /* some systems can't cope with a ':'-terminated path #' */ size_t len = strlen (new_value); while ((len > 0) && IS_PATH_SEPARATOR (new_value[len-1])) { new_value[--len] = '\0'; } lt_setenv (name, new_value); XFREE (new_value); } } void lt_update_lib_path (const char *name, const char *value) { lt_debugprintf (__FILE__, __LINE__, "(lt_update_lib_path) modifying '%s' by prepending '%s'\n", nonnull (name), nonnull (value)); if (name && *name && value && *value) { char *new_value = lt_extend_str (getenv (name), value, 0); lt_setenv (name, new_value); XFREE (new_value); } } EOF case $host_os in mingw*) cat <<"EOF" /* Prepares an argument vector before calling spawn(). Note that spawn() does not by itself call the command interpreter (getenv ("COMSPEC") != NULL ? getenv ("COMSPEC") : ({ OSVERSIONINFO v; v.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); GetVersionEx(&v); v.dwPlatformId == VER_PLATFORM_WIN32_NT; }) ? "cmd.exe" : "command.com"). Instead it simply concatenates the arguments, separated by ' ', and calls CreateProcess(). We must quote the arguments since Win32 CreateProcess() interprets characters like ' ', '\t', '\\', '"' (but not '<' and '>') in a special way: - Space and tab are interpreted as delimiters. They are not treated as delimiters if they are surrounded by double quotes: "...". - Unescaped double quotes are removed from the input. Their only effect is that within double quotes, space and tab are treated like normal characters. - Backslashes not followed by double quotes are not special. - But 2*n+1 backslashes followed by a double quote become n backslashes followed by a double quote (n >= 0): \" -> " \\\" -> \" \\\\\" -> \\" */ #define SHELL_SPECIAL_CHARS "\"\\ \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" #define SHELL_SPACE_CHARS " \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" char ** prepare_spawn (char **argv) { size_t argc; char **new_argv; size_t i; /* Count number of arguments. */ for (argc = 0; argv[argc] != NULL; argc++) ; /* Allocate new argument vector. */ new_argv = XMALLOC (char *, argc + 1); /* Put quoted arguments into the new argument vector. */ for (i = 0; i < argc; i++) { const char *string = argv[i]; if (string[0] == '\0') new_argv[i] = xstrdup ("\"\""); else if (strpbrk (string, SHELL_SPECIAL_CHARS) != NULL) { int quote_around = (strpbrk (string, SHELL_SPACE_CHARS) != NULL); size_t length; unsigned int backslashes; const char *s; char *quoted_string; char *p; length = 0; backslashes = 0; if (quote_around) length++; for (s = string; *s != '\0'; s++) { char c = *s; if (c == '"') length += backslashes + 1; length++; if (c == '\\') backslashes++; else backslashes = 0; } if (quote_around) length += backslashes + 1; quoted_string = XMALLOC (char, length + 1); p = quoted_string; backslashes = 0; if (quote_around) *p++ = '"'; for (s = string; *s != '\0'; s++) { char c = *s; if (c == '"') { unsigned int j; for (j = backslashes + 1; j > 0; j--) *p++ = '\\'; } *p++ = c; if (c == '\\') backslashes++; else backslashes = 0; } if (quote_around) { unsigned int j; for (j = backslashes; j > 0; j--) *p++ = '\\'; *p++ = '"'; } *p = '\0'; new_argv[i] = quoted_string; } else new_argv[i] = (char *) string; } new_argv[argc] = NULL; return new_argv; } EOF ;; esac cat <<"EOF" void lt_dump_script (FILE* f) { EOF func_emit_wrapper yes | $SED -n -e ' s/^\(.\{79\}\)\(..*\)/\1\ \2/ h s/\([\\"]\)/\\\1/g s/$/\\n/ s/\([^\n]*\).*/ fputs ("\1", f);/p g D' cat <<"EOF" } EOF } # end: func_emit_cwrapperexe_src # func_win32_import_lib_p ARG # True if ARG is an import lib, as indicated by $file_magic_cmd func_win32_import_lib_p () { $debug_cmd case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in *import*) : ;; *) false ;; esac } # func_mode_link arg... func_mode_link () { $debug_cmd case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) # It is impossible to link a dll without this setting, and # we shouldn't force the makefile maintainer to figure out # what system we are compiling for in order to pass an extra # flag for every libtool invocation. # allow_undefined=no # FIXME: Unfortunately, there are problems with the above when trying # to make a dll that has undefined symbols, in which case not # even a static library is built. For now, we need to specify # -no-undefined on the libtool link line when we can be certain # that all symbols are satisfied, otherwise we get a static library. allow_undefined=yes ;; *) allow_undefined=yes ;; esac libtool_args=$nonopt base_compile="$nonopt $@" compile_command=$nonopt finalize_command=$nonopt compile_rpath= finalize_rpath= compile_shlibpath= finalize_shlibpath= convenience= old_convenience= deplibs= old_deplibs= compiler_flags= linker_flags= dllsearchpath= lib_search_path=`pwd` inst_prefix_dir= new_inherited_linker_flags= avoid_version=no bindir= dlfiles= dlprefiles= dlself=no export_dynamic=no export_symbols= export_symbols_regex= generated= libobjs= ltlibs= module=no no_install=no objs= non_pic_objects= precious_files_regex= prefer_static_libs=no preload=false prev= prevarg= release= rpath= xrpath= perm_rpath= temp_rpath= thread_safe=no vinfo= vinfo_number=no weak_libs= single_module=$wl-single_module func_infer_tag $base_compile # We need to know -static, to get the right output filenames. for arg do case $arg in -shared) test yes != "$build_libtool_libs" \ && func_fatal_configuration "cannot build a shared library" build_old_libs=no break ;; -all-static | -static | -static-libtool-libs) case $arg in -all-static) if test yes = "$build_libtool_libs" && test -z "$link_static_flag"; then func_warning "complete static linking is impossible in this configuration" fi if test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=yes ;; -static) if test -z "$pic_flag" && test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=built ;; -static-libtool-libs) if test -z "$pic_flag" && test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=yes ;; esac build_libtool_libs=no build_old_libs=yes break ;; esac done # See if our shared archives depend on static archives. test -n "$old_archive_from_new_cmds" && build_old_libs=yes # Go through the arguments, transforming them on the way. while test "$#" -gt 0; do arg=$1 shift func_quote_for_eval "$arg" qarg=$func_quote_for_eval_unquoted_result func_append libtool_args " $func_quote_for_eval_result" # If the previous option needs an argument, assign it. if test -n "$prev"; then case $prev in output) func_append compile_command " @OUTPUT@" func_append finalize_command " @OUTPUT@" ;; esac case $prev in bindir) bindir=$arg prev= continue ;; dlfiles|dlprefiles) $preload || { # Add the symbol object into the linking commands. func_append compile_command " @SYMFILE@" func_append finalize_command " @SYMFILE@" preload=: } case $arg in *.la | *.lo) ;; # We handle these cases below. force) if test no = "$dlself"; then dlself=needless export_dynamic=yes fi prev= continue ;; self) if test dlprefiles = "$prev"; then dlself=yes elif test dlfiles = "$prev" && test yes != "$dlopen_self"; then dlself=yes else dlself=needless export_dynamic=yes fi prev= continue ;; *) if test dlfiles = "$prev"; then func_append dlfiles " $arg" else func_append dlprefiles " $arg" fi prev= continue ;; esac ;; expsyms) export_symbols=$arg test -f "$arg" \ || func_fatal_error "symbol file '$arg' does not exist" prev= continue ;; expsyms_regex) export_symbols_regex=$arg prev= continue ;; framework) case $host in *-*-darwin*) case "$deplibs " in *" $qarg.ltframework "*) ;; *) func_append deplibs " $qarg.ltframework" # this is fixed later ;; esac ;; esac prev= continue ;; inst_prefix) inst_prefix_dir=$arg prev= continue ;; mllvm) # Clang does not use LLVM to link, so we can simply discard any # '-mllvm $arg' options when doing the link step. prev= continue ;; objectlist) if test -f "$arg"; then save_arg=$arg moreargs= for fil in `cat "$save_arg"` do # func_append moreargs " $fil" arg=$fil # A libtool-controlled object. # Check to see that this really is a libtool object. if func_lalib_unsafe_p "$arg"; then pic_object= non_pic_object= # Read the .lo file func_source "$arg" if test -z "$pic_object" || test -z "$non_pic_object" || test none = "$pic_object" && test none = "$non_pic_object"; then func_fatal_error "cannot find name of object for '$arg'" fi # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir=$func_dirname_result if test none != "$pic_object"; then # Prepend the subdirectory the object is found in. pic_object=$xdir$pic_object if test dlfiles = "$prev"; then if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then func_append dlfiles " $pic_object" prev= continue else # If libtool objects are unsupported, then we need to preload. prev=dlprefiles fi fi # CHECK ME: I think I busted this. -Ossama if test dlprefiles = "$prev"; then # Preload the old-style object. func_append dlprefiles " $pic_object" prev= fi # A PIC object. func_append libobjs " $pic_object" arg=$pic_object fi # Non-PIC object. if test none != "$non_pic_object"; then # Prepend the subdirectory the object is found in. non_pic_object=$xdir$non_pic_object # A standard non-PIC object func_append non_pic_objects " $non_pic_object" if test -z "$pic_object" || test none = "$pic_object"; then arg=$non_pic_object fi else # If the PIC object exists, use it instead. # $xdir was prepended to $pic_object above. non_pic_object=$pic_object func_append non_pic_objects " $non_pic_object" fi else # Only an error if not doing a dry-run. if $opt_dry_run; then # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir=$func_dirname_result func_lo2o "$arg" pic_object=$xdir$objdir/$func_lo2o_result non_pic_object=$xdir$func_lo2o_result func_append libobjs " $pic_object" func_append non_pic_objects " $non_pic_object" else func_fatal_error "'$arg' is not a valid libtool object" fi fi done else func_fatal_error "link input file '$arg' does not exist" fi arg=$save_arg prev= continue ;; precious_regex) precious_files_regex=$arg prev= continue ;; release) release=-$arg prev= continue ;; rpath | xrpath) # We need an absolute path. case $arg in [\\/]* | [A-Za-z]:[\\/]*) ;; *) func_fatal_error "only absolute run-paths are allowed" ;; esac if test rpath = "$prev"; then case "$rpath " in *" $arg "*) ;; *) func_append rpath " $arg" ;; esac else case "$xrpath " in *" $arg "*) ;; *) func_append xrpath " $arg" ;; esac fi prev= continue ;; shrext) shrext_cmds=$arg prev= continue ;; weak) func_append weak_libs " $arg" prev= continue ;; xcclinker) func_append linker_flags " $qarg" func_append compiler_flags " $qarg" prev= func_append compile_command " $qarg" func_append finalize_command " $qarg" continue ;; xcompiler) func_append compiler_flags " $qarg" prev= func_append compile_command " $qarg" func_append finalize_command " $qarg" continue ;; xlinker) func_append linker_flags " $qarg" func_append compiler_flags " $wl$qarg" prev= func_append compile_command " $wl$qarg" func_append finalize_command " $wl$qarg" continue ;; *) eval "$prev=\"\$arg\"" prev= continue ;; esac fi # test -n "$prev" prevarg=$arg case $arg in -all-static) if test -n "$link_static_flag"; then # See comment for -static flag below, for more details. func_append compile_command " $link_static_flag" func_append finalize_command " $link_static_flag" fi continue ;; -allow-undefined) # FIXME: remove this flag sometime in the future. func_fatal_error "'-allow-undefined' must not be used because it is the default" ;; -avoid-version) avoid_version=yes continue ;; -bindir) prev=bindir continue ;; -dlopen) prev=dlfiles continue ;; -dlpreopen) prev=dlprefiles continue ;; -export-dynamic) export_dynamic=yes continue ;; -export-symbols | -export-symbols-regex) if test -n "$export_symbols" || test -n "$export_symbols_regex"; then func_fatal_error "more than one -exported-symbols argument is not allowed" fi if test X-export-symbols = "X$arg"; then prev=expsyms else prev=expsyms_regex fi continue ;; -framework) prev=framework continue ;; -inst-prefix-dir) prev=inst_prefix continue ;; # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:* # so, if we see these flags be careful not to treat them like -L -L[A-Z][A-Z]*:*) case $with_gcc/$host in no/*-*-irix* | /*-*-irix*) func_append compile_command " $arg" func_append finalize_command " $arg" ;; esac continue ;; -L*) func_stripname "-L" '' "$arg" if test -z "$func_stripname_result"; then if test "$#" -gt 0; then func_fatal_error "require no space between '-L' and '$1'" else func_fatal_error "need path for '-L' option" fi fi func_resolve_sysroot "$func_stripname_result" dir=$func_resolve_sysroot_result # We need an absolute path. case $dir in [\\/]* | [A-Za-z]:[\\/]*) ;; *) absdir=`cd "$dir" && pwd` test -z "$absdir" && \ func_fatal_error "cannot determine absolute directory name of '$dir'" dir=$absdir ;; esac case "$deplibs " in *" -L$dir "* | *" $arg "*) # Will only happen for absolute or sysroot arguments ;; *) # Preserve sysroot, but never include relative directories case $dir in [\\/]* | [A-Za-z]:[\\/]* | =*) func_append deplibs " $arg" ;; *) func_append deplibs " -L$dir" ;; esac func_append lib_search_path " $dir" ;; esac case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'` case :$dllsearchpath: in *":$dir:"*) ;; ::) dllsearchpath=$dir;; *) func_append dllsearchpath ":$dir";; esac case :$dllsearchpath: in *":$testbindir:"*) ;; ::) dllsearchpath=$testbindir;; *) func_append dllsearchpath ":$testbindir";; esac ;; esac continue ;; -l*) if test X-lc = "X$arg" || test X-lm = "X$arg"; then case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*) # These systems don't actually have a C or math library (as such) continue ;; *-*-os2*) # These systems don't actually have a C library (as such) test X-lc = "X$arg" && continue ;; *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) # Do not include libc due to us having libc/libc_r. test X-lc = "X$arg" && continue ;; *-*-rhapsody* | *-*-darwin1.[012]) # Rhapsody C and math libraries are in the System framework func_append deplibs " System.ltframework" continue ;; *-*-sco3.2v5* | *-*-sco5v6*) # Causes problems with __ctype test X-lc = "X$arg" && continue ;; *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) # Compiler inserts libc in the correct place for threads to work test X-lc = "X$arg" && continue ;; esac elif test X-lc_r = "X$arg"; then case $host in *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) # Do not include libc_r directly, use -pthread flag. continue ;; esac fi func_append deplibs " $arg" continue ;; -mllvm) prev=mllvm continue ;; -module) module=yes continue ;; # Tru64 UNIX uses -model [arg] to determine the layout of C++ # classes, name mangling, and exception handling. # Darwin uses the -arch flag to determine output architecture. -model|-arch|-isysroot|--sysroot) func_append compiler_flags " $arg" func_append compile_command " $arg" func_append finalize_command " $arg" prev=xcompiler continue ;; -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) func_append compiler_flags " $arg" func_append compile_command " $arg" func_append finalize_command " $arg" case "$new_inherited_linker_flags " in *" $arg "*) ;; * ) func_append new_inherited_linker_flags " $arg" ;; esac continue ;; -multi_module) single_module=$wl-multi_module continue ;; -no-fast-install) fast_install=no continue ;; -no-install) case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*) # The PATH hackery in wrapper scripts is required on Windows # and Darwin in order for the loader to find any dlls it needs. func_warning "'-no-install' is ignored for $host" func_warning "assuming '-no-fast-install' instead" fast_install=no ;; *) no_install=yes ;; esac continue ;; -no-undefined) allow_undefined=no continue ;; -objectlist) prev=objectlist continue ;; -o) prev=output ;; -precious-files-regex) prev=precious_regex continue ;; -release) prev=release continue ;; -rpath) prev=rpath continue ;; -R) prev=xrpath continue ;; -R*) func_stripname '-R' '' "$arg" dir=$func_stripname_result # We need an absolute path. case $dir in [\\/]* | [A-Za-z]:[\\/]*) ;; =*) func_stripname '=' '' "$dir" dir=$lt_sysroot$func_stripname_result ;; *) func_fatal_error "only absolute run-paths are allowed" ;; esac case "$xrpath " in *" $dir "*) ;; *) func_append xrpath " $dir" ;; esac continue ;; -shared) # The effects of -shared are defined in a previous loop. continue ;; -shrext) prev=shrext continue ;; -static | -static-libtool-libs) # The effects of -static are defined in a previous loop. # We used to do the same as -all-static on platforms that # didn't have a PIC flag, but the assumption that the effects # would be equivalent was wrong. It would break on at least # Digital Unix and AIX. continue ;; -thread-safe) thread_safe=yes continue ;; -version-info) prev=vinfo continue ;; -version-number) prev=vinfo vinfo_number=yes continue ;; -weak) prev=weak continue ;; -Wc,*) func_stripname '-Wc,' '' "$arg" args=$func_stripname_result arg= save_ifs=$IFS; IFS=, for flag in $args; do IFS=$save_ifs func_quote_for_eval "$flag" func_append arg " $func_quote_for_eval_result" func_append compiler_flags " $func_quote_for_eval_result" done IFS=$save_ifs func_stripname ' ' '' "$arg" arg=$func_stripname_result ;; -Wl,*) func_stripname '-Wl,' '' "$arg" args=$func_stripname_result arg= save_ifs=$IFS; IFS=, for flag in $args; do IFS=$save_ifs func_quote_for_eval "$flag" func_append arg " $wl$func_quote_for_eval_result" func_append compiler_flags " $wl$func_quote_for_eval_result" func_append linker_flags " $func_quote_for_eval_result" done IFS=$save_ifs func_stripname ' ' '' "$arg" arg=$func_stripname_result ;; -Xcompiler) prev=xcompiler continue ;; -Xlinker) prev=xlinker continue ;; -XCClinker) prev=xcclinker continue ;; # -msg_* for osf cc -msg_*) func_quote_for_eval "$arg" arg=$func_quote_for_eval_result ;; # Flags to be passed through unchanged, with rationale: # -64, -mips[0-9] enable 64-bit mode for the SGI compiler # -r[0-9][0-9]* specify processor for the SGI compiler # -xarch=*, -xtarget=* enable 64-bit mode for the Sun compiler # +DA*, +DD* enable 64-bit mode for the HP compiler # -q* compiler args for the IBM compiler # -m*, -t[45]*, -txscale* architecture-specific flags for GCC # -F/path path to uninstalled frameworks, gcc on darwin # -p, -pg, --coverage, -fprofile-* profiling flags for GCC # @file GCC response files # -tp=* Portland pgcc target processor selection # --sysroot=* for sysroot support # -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization # -stdlib=* select c++ std lib with clang -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-stdlib=*) func_quote_for_eval "$arg" arg=$func_quote_for_eval_result func_append compile_command " $arg" func_append finalize_command " $arg" func_append compiler_flags " $arg" continue ;; # Some other compiler flag. -* | +*) func_quote_for_eval "$arg" arg=$func_quote_for_eval_result ;; *.$objext) # A standard object. func_append objs " $arg" ;; *.lo) # A libtool-controlled object. # Check to see that this really is a libtool object. if func_lalib_unsafe_p "$arg"; then pic_object= non_pic_object= # Read the .lo file func_source "$arg" if test -z "$pic_object" || test -z "$non_pic_object" || test none = "$pic_object" && test none = "$non_pic_object"; then func_fatal_error "cannot find name of object for '$arg'" fi # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir=$func_dirname_result test none = "$pic_object" || { # Prepend the subdirectory the object is found in. pic_object=$xdir$pic_object if test dlfiles = "$prev"; then if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then func_append dlfiles " $pic_object" prev= continue else # If libtool objects are unsupported, then we need to preload. prev=dlprefiles fi fi # CHECK ME: I think I busted this. -Ossama if test dlprefiles = "$prev"; then # Preload the old-style object. func_append dlprefiles " $pic_object" prev= fi # A PIC object. func_append libobjs " $pic_object" arg=$pic_object } # Non-PIC object. if test none != "$non_pic_object"; then # Prepend the subdirectory the object is found in. non_pic_object=$xdir$non_pic_object # A standard non-PIC object func_append non_pic_objects " $non_pic_object" if test -z "$pic_object" || test none = "$pic_object"; then arg=$non_pic_object fi else # If the PIC object exists, use it instead. # $xdir was prepended to $pic_object above. non_pic_object=$pic_object func_append non_pic_objects " $non_pic_object" fi else # Only an error if not doing a dry-run. if $opt_dry_run; then # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir=$func_dirname_result func_lo2o "$arg" pic_object=$xdir$objdir/$func_lo2o_result non_pic_object=$xdir$func_lo2o_result func_append libobjs " $pic_object" func_append non_pic_objects " $non_pic_object" else func_fatal_error "'$arg' is not a valid libtool object" fi fi ;; *.$libext) # An archive. func_append deplibs " $arg" func_append old_deplibs " $arg" continue ;; *.la) # A libtool-controlled library. func_resolve_sysroot "$arg" if test dlfiles = "$prev"; then # This library was specified with -dlopen. func_append dlfiles " $func_resolve_sysroot_result" prev= elif test dlprefiles = "$prev"; then # The library was specified with -dlpreopen. func_append dlprefiles " $func_resolve_sysroot_result" prev= else func_append deplibs " $func_resolve_sysroot_result" fi continue ;; # Some other compiler argument. *) # Unknown arguments in both finalize_command and compile_command need # to be aesthetically quoted because they are evaled later. func_quote_for_eval "$arg" arg=$func_quote_for_eval_result ;; esac # arg # Now actually substitute the argument into the commands. if test -n "$arg"; then func_append compile_command " $arg" func_append finalize_command " $arg" fi done # argument parsing loop test -n "$prev" && \ func_fatal_help "the '$prevarg' option requires an argument" if test yes = "$export_dynamic" && test -n "$export_dynamic_flag_spec"; then eval arg=\"$export_dynamic_flag_spec\" func_append compile_command " $arg" func_append finalize_command " $arg" fi oldlibs= # calculate the name of the file, without its directory func_basename "$output" outputname=$func_basename_result libobjs_save=$libobjs if test -n "$shlibpath_var"; then # get the directories listed in $shlibpath_var eval shlib_search_path=\`\$ECHO \"\$$shlibpath_var\" \| \$SED \'s/:/ /g\'\` else shlib_search_path= fi eval sys_lib_search_path=\"$sys_lib_search_path_spec\" eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" func_dirname "$output" "/" "" output_objdir=$func_dirname_result$objdir func_to_tool_file "$output_objdir/" tool_output_objdir=$func_to_tool_file_result # Create the object directory. func_mkdir_p "$output_objdir" # Determine the type of output case $output in "") func_fatal_help "you must specify an output file" ;; *.$libext) linkmode=oldlib ;; *.lo | *.$objext) linkmode=obj ;; *.la) linkmode=lib ;; *) linkmode=prog ;; # Anything else should be a program. esac specialdeplibs= libs= # Find all interdependent deplibs by searching for libraries # that are linked more than once (e.g. -la -lb -la) for deplib in $deplibs; do if $opt_preserve_dup_deps; then case "$libs " in *" $deplib "*) func_append specialdeplibs " $deplib" ;; esac fi func_append libs " $deplib" done if test lib = "$linkmode"; then libs="$predeps $libs $compiler_lib_search_path $postdeps" # Compute libraries that are listed more than once in $predeps # $postdeps and mark them as special (i.e., whose duplicates are # not to be eliminated). pre_post_deps= if $opt_duplicate_compiler_generated_deps; then for pre_post_dep in $predeps $postdeps; do case "$pre_post_deps " in *" $pre_post_dep "*) func_append specialdeplibs " $pre_post_deps" ;; esac func_append pre_post_deps " $pre_post_dep" done fi pre_post_deps= fi deplibs= newdependency_libs= newlib_search_path= need_relink=no # whether we're linking any uninstalled libtool libraries notinst_deplibs= # not-installed libtool libraries notinst_path= # paths that contain not-installed libtool libraries case $linkmode in lib) passes="conv dlpreopen link" for file in $dlfiles $dlprefiles; do case $file in *.la) ;; *) func_fatal_help "libraries can '-dlopen' only libtool libraries: $file" ;; esac done ;; prog) compile_deplibs= finalize_deplibs= alldeplibs=false newdlfiles= newdlprefiles= passes="conv scan dlopen dlpreopen link" ;; *) passes="conv" ;; esac for pass in $passes; do # The preopen pass in lib mode reverses $deplibs; put it back here # so that -L comes before libs that need it for instance... if test lib,link = "$linkmode,$pass"; then ## FIXME: Find the place where the list is rebuilt in the wrong ## order, and fix it there properly tmp_deplibs= for deplib in $deplibs; do tmp_deplibs="$deplib $tmp_deplibs" done deplibs=$tmp_deplibs fi if test lib,link = "$linkmode,$pass" || test prog,scan = "$linkmode,$pass"; then libs=$deplibs deplibs= fi if test prog = "$linkmode"; then case $pass in dlopen) libs=$dlfiles ;; dlpreopen) libs=$dlprefiles ;; link) libs="$deplibs %DEPLIBS% $dependency_libs" ;; esac fi if test lib,dlpreopen = "$linkmode,$pass"; then # Collect and forward deplibs of preopened libtool libs for lib in $dlprefiles; do # Ignore non-libtool-libs dependency_libs= func_resolve_sysroot "$lib" case $lib in *.la) func_source "$func_resolve_sysroot_result" ;; esac # Collect preopened libtool deplibs, except any this library # has declared as weak libs for deplib in $dependency_libs; do func_basename "$deplib" deplib_base=$func_basename_result case " $weak_libs " in *" $deplib_base "*) ;; *) func_append deplibs " $deplib" ;; esac done done libs=$dlprefiles fi if test dlopen = "$pass"; then # Collect dlpreopened libraries save_deplibs=$deplibs deplibs= fi for deplib in $libs; do lib= found=false case $deplib in -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) if test prog,link = "$linkmode,$pass"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else func_append compiler_flags " $deplib" if test lib = "$linkmode"; then case "$new_inherited_linker_flags " in *" $deplib "*) ;; * ) func_append new_inherited_linker_flags " $deplib" ;; esac fi fi continue ;; -l*) if test lib != "$linkmode" && test prog != "$linkmode"; then func_warning "'-l' is ignored for archives/objects" continue fi func_stripname '-l' '' "$deplib" name=$func_stripname_result if test lib = "$linkmode"; then searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path" else searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path" fi for searchdir in $searchdirs; do for search_ext in .la $std_shrext .so .a; do # Search the libtool library lib=$searchdir/lib$name$search_ext if test -f "$lib"; then if test .la = "$search_ext"; then found=: else found=false fi break 2 fi done done if $found; then # deplib is a libtool library # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, # We need to do some special things here, and not later. if test yes = "$allow_libtool_libs_with_static_runtimes"; then case " $predeps $postdeps " in *" $deplib "*) if func_lalib_p "$lib"; then library_names= old_library= func_source "$lib" for l in $old_library $library_names; do ll=$l done if test "X$ll" = "X$old_library"; then # only static version available found=false func_dirname "$lib" "" "." ladir=$func_dirname_result lib=$ladir/$old_library if test prog,link = "$linkmode,$pass"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" fi continue fi fi ;; *) ;; esac fi else # deplib doesn't seem to be a libtool library if test prog,link = "$linkmode,$pass"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" fi continue fi ;; # -l *.ltframework) if test prog,link = "$linkmode,$pass"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" if test lib = "$linkmode"; then case "$new_inherited_linker_flags " in *" $deplib "*) ;; * ) func_append new_inherited_linker_flags " $deplib" ;; esac fi fi continue ;; -L*) case $linkmode in lib) deplibs="$deplib $deplibs" test conv = "$pass" && continue newdependency_libs="$deplib $newdependency_libs" func_stripname '-L' '' "$deplib" func_resolve_sysroot "$func_stripname_result" func_append newlib_search_path " $func_resolve_sysroot_result" ;; prog) if test conv = "$pass"; then deplibs="$deplib $deplibs" continue fi if test scan = "$pass"; then deplibs="$deplib $deplibs" else compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" fi func_stripname '-L' '' "$deplib" func_resolve_sysroot "$func_stripname_result" func_append newlib_search_path " $func_resolve_sysroot_result" ;; *) func_warning "'-L' is ignored for archives/objects" ;; esac # linkmode continue ;; # -L -R*) if test link = "$pass"; then func_stripname '-R' '' "$deplib" func_resolve_sysroot "$func_stripname_result" dir=$func_resolve_sysroot_result # Make sure the xrpath contains only unique directories. case "$xrpath " in *" $dir "*) ;; *) func_append xrpath " $dir" ;; esac fi deplibs="$deplib $deplibs" continue ;; *.la) func_resolve_sysroot "$deplib" lib=$func_resolve_sysroot_result ;; *.$libext) if test conv = "$pass"; then deplibs="$deplib $deplibs" continue fi case $linkmode in lib) # Linking convenience modules into shared libraries is allowed, # but linking other static libraries is non-portable. case " $dlpreconveniencelibs " in *" $deplib "*) ;; *) valid_a_lib=false case $deplibs_check_method in match_pattern*) set dummy $deplibs_check_method; shift match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \ | $EGREP "$match_pattern_regex" > /dev/null; then valid_a_lib=: fi ;; pass_all) valid_a_lib=: ;; esac if $valid_a_lib; then echo $ECHO "*** Warning: Linking the shared library $output against the" $ECHO "*** static library $deplib is not portable!" deplibs="$deplib $deplibs" else echo $ECHO "*** Warning: Trying to link with static lib archive $deplib." echo "*** I have the capability to make that library automatically link in when" echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have" echo "*** because the file extensions .$libext of this argument makes me believe" echo "*** that it is just a static archive that I should not use here." fi ;; esac continue ;; prog) if test link != "$pass"; then deplibs="$deplib $deplibs" else compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" fi continue ;; esac # linkmode ;; # *.$libext *.lo | *.$objext) if test conv = "$pass"; then deplibs="$deplib $deplibs" elif test prog = "$linkmode"; then if test dlpreopen = "$pass" || test yes != "$dlopen_support" || test no = "$build_libtool_libs"; then # If there is no dlopen support or we're linking statically, # we need to preload. func_append newdlprefiles " $deplib" compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else func_append newdlfiles " $deplib" fi fi continue ;; %DEPLIBS%) alldeplibs=: continue ;; esac # case $deplib $found || test -f "$lib" \ || func_fatal_error "cannot find the library '$lib' or unhandled argument '$deplib'" # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$lib" \ || func_fatal_error "'$lib' is not a valid libtool archive" func_dirname "$lib" "" "." ladir=$func_dirname_result dlname= dlopen= dlpreopen= libdir= library_names= old_library= inherited_linker_flags= # If the library was installed with an old release of libtool, # it will not redefine variables installed, or shouldnotlink installed=yes shouldnotlink=no avoidtemprpath= # Read the .la file func_source "$lib" # Convert "-framework foo" to "foo.ltframework" if test -n "$inherited_linker_flags"; then tmp_inherited_linker_flags=`$ECHO "$inherited_linker_flags" | $SED 's/-framework \([^ $]*\)/\1.ltframework/g'` for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do case " $new_inherited_linker_flags " in *" $tmp_inherited_linker_flag "*) ;; *) func_append new_inherited_linker_flags " $tmp_inherited_linker_flag";; esac done fi dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` if test lib,link = "$linkmode,$pass" || test prog,scan = "$linkmode,$pass" || { test prog != "$linkmode" && test lib != "$linkmode"; }; then test -n "$dlopen" && func_append dlfiles " $dlopen" test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen" fi if test conv = "$pass"; then # Only check for convenience libraries deplibs="$lib $deplibs" if test -z "$libdir"; then if test -z "$old_library"; then func_fatal_error "cannot find name of link library for '$lib'" fi # It is a libtool convenience library, so add in its objects. func_append convenience " $ladir/$objdir/$old_library" func_append old_convenience " $ladir/$objdir/$old_library" elif test prog != "$linkmode" && test lib != "$linkmode"; then func_fatal_error "'$lib' is not a convenience library" fi tmp_libs= for deplib in $dependency_libs; do deplibs="$deplib $deplibs" if $opt_preserve_dup_deps; then case "$tmp_libs " in *" $deplib "*) func_append specialdeplibs " $deplib" ;; esac fi func_append tmp_libs " $deplib" done continue fi # $pass = conv # Get the name of the library we link against. linklib= if test -n "$old_library" && { test yes = "$prefer_static_libs" || test built,no = "$prefer_static_libs,$installed"; }; then linklib=$old_library else for l in $old_library $library_names; do linklib=$l done fi if test -z "$linklib"; then func_fatal_error "cannot find name of link library for '$lib'" fi # This library was specified with -dlopen. if test dlopen = "$pass"; then test -z "$libdir" \ && func_fatal_error "cannot -dlopen a convenience library: '$lib'" if test -z "$dlname" || test yes != "$dlopen_support" || test no = "$build_libtool_libs" then # If there is no dlname, no dlopen support or we're linking # statically, we need to preload. We also need to preload any # dependent libraries so libltdl's deplib preloader doesn't # bomb out in the load deplibs phase. func_append dlprefiles " $lib $dependency_libs" else func_append newdlfiles " $lib" fi continue fi # $pass = dlopen # We need an absolute path. case $ladir in [\\/]* | [A-Za-z]:[\\/]*) abs_ladir=$ladir ;; *) abs_ladir=`cd "$ladir" && pwd` if test -z "$abs_ladir"; then func_warning "cannot determine absolute directory name of '$ladir'" func_warning "passing it literally to the linker, although it might fail" abs_ladir=$ladir fi ;; esac func_basename "$lib" laname=$func_basename_result # Find the relevant object directory and library name. if test yes = "$installed"; then if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then func_warning "library '$lib' was moved." dir=$ladir absdir=$abs_ladir libdir=$abs_ladir else dir=$lt_sysroot$libdir absdir=$lt_sysroot$libdir fi test yes = "$hardcode_automatic" && avoidtemprpath=yes else if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then dir=$ladir absdir=$abs_ladir # Remove this search path later func_append notinst_path " $abs_ladir" else dir=$ladir/$objdir absdir=$abs_ladir/$objdir # Remove this search path later func_append notinst_path " $abs_ladir" fi fi # $installed = yes func_stripname 'lib' '.la' "$laname" name=$func_stripname_result # This library was specified with -dlpreopen. if test dlpreopen = "$pass"; then if test -z "$libdir" && test prog = "$linkmode"; then func_fatal_error "only libraries may -dlpreopen a convenience library: '$lib'" fi case $host in # special handling for platforms with PE-DLLs. *cygwin* | *mingw* | *cegcc* ) # Linker will automatically link against shared library if both # static and shared are present. Therefore, ensure we extract # symbols from the import library if a shared library is present # (otherwise, the dlopen module name will be incorrect). We do # this by putting the import library name into $newdlprefiles. # We recover the dlopen module name by 'saving' the la file # name in a special purpose variable, and (later) extracting the # dlname from the la file. if test -n "$dlname"; then func_tr_sh "$dir/$linklib" eval "libfile_$func_tr_sh_result=\$abs_ladir/\$laname" func_append newdlprefiles " $dir/$linklib" else func_append newdlprefiles " $dir/$old_library" # Keep a list of preopened convenience libraries to check # that they are being used correctly in the link pass. test -z "$libdir" && \ func_append dlpreconveniencelibs " $dir/$old_library" fi ;; * ) # Prefer using a static library (so that no silly _DYNAMIC symbols # are required to link). if test -n "$old_library"; then func_append newdlprefiles " $dir/$old_library" # Keep a list of preopened convenience libraries to check # that they are being used correctly in the link pass. test -z "$libdir" && \ func_append dlpreconveniencelibs " $dir/$old_library" # Otherwise, use the dlname, so that lt_dlopen finds it. elif test -n "$dlname"; then func_append newdlprefiles " $dir/$dlname" else func_append newdlprefiles " $dir/$linklib" fi ;; esac fi # $pass = dlpreopen if test -z "$libdir"; then # Link the convenience library if test lib = "$linkmode"; then deplibs="$dir/$old_library $deplibs" elif test prog,link = "$linkmode,$pass"; then compile_deplibs="$dir/$old_library $compile_deplibs" finalize_deplibs="$dir/$old_library $finalize_deplibs" else deplibs="$lib $deplibs" # used for prog,scan pass fi continue fi if test prog = "$linkmode" && test link != "$pass"; then func_append newlib_search_path " $ladir" deplibs="$lib $deplibs" linkalldeplibs=false if test no != "$link_all_deplibs" || test -z "$library_names" || test no = "$build_libtool_libs"; then linkalldeplibs=: fi tmp_libs= for deplib in $dependency_libs; do case $deplib in -L*) func_stripname '-L' '' "$deplib" func_resolve_sysroot "$func_stripname_result" func_append newlib_search_path " $func_resolve_sysroot_result" ;; esac # Need to link against all dependency_libs? if $linkalldeplibs; then deplibs="$deplib $deplibs" else # Need to hardcode shared library paths # or/and link against static libraries newdependency_libs="$deplib $newdependency_libs" fi if $opt_preserve_dup_deps; then case "$tmp_libs " in *" $deplib "*) func_append specialdeplibs " $deplib" ;; esac fi func_append tmp_libs " $deplib" done # for deplib continue fi # $linkmode = prog... if test prog,link = "$linkmode,$pass"; then if test -n "$library_names" && { { test no = "$prefer_static_libs" || test built,yes = "$prefer_static_libs,$installed"; } || test -z "$old_library"; }; then # We need to hardcode the library path if test -n "$shlibpath_var" && test -z "$avoidtemprpath"; then # Make sure the rpath contains only unique directories. case $temp_rpath: in *"$absdir:"*) ;; *) func_append temp_rpath "$absdir:" ;; esac fi # Hardcode the library path. # Skip directories that are in the system default run-time # search path. case " $sys_lib_dlsearch_path " in *" $absdir "*) ;; *) case "$compile_rpath " in *" $absdir "*) ;; *) func_append compile_rpath " $absdir" ;; esac ;; esac case " $sys_lib_dlsearch_path " in *" $libdir "*) ;; *) case "$finalize_rpath " in *" $libdir "*) ;; *) func_append finalize_rpath " $libdir" ;; esac ;; esac fi # $linkmode,$pass = prog,link... if $alldeplibs && { test pass_all = "$deplibs_check_method" || { test yes = "$build_libtool_libs" && test -n "$library_names"; }; }; then # We only need to search for static libraries continue fi fi link_static=no # Whether the deplib will be linked statically use_static_libs=$prefer_static_libs if test built = "$use_static_libs" && test yes = "$installed"; then use_static_libs=no fi if test -n "$library_names" && { test no = "$use_static_libs" || test -z "$old_library"; }; then case $host in *cygwin* | *mingw* | *cegcc*) # No point in relinking DLLs because paths are not encoded func_append notinst_deplibs " $lib" need_relink=no ;; *) if test no = "$installed"; then func_append notinst_deplibs " $lib" need_relink=yes fi ;; esac # This is a shared library # Warn about portability, can't link against -module's on some # systems (darwin). Don't bleat about dlopened modules though! dlopenmodule= for dlpremoduletest in $dlprefiles; do if test "X$dlpremoduletest" = "X$lib"; then dlopenmodule=$dlpremoduletest break fi done if test -z "$dlopenmodule" && test yes = "$shouldnotlink" && test link = "$pass"; then echo if test prog = "$linkmode"; then $ECHO "*** Warning: Linking the executable $output against the loadable module" else $ECHO "*** Warning: Linking the shared library $output against the loadable module" fi $ECHO "*** $linklib is not portable!" fi if test lib = "$linkmode" && test yes = "$hardcode_into_libs"; then # Hardcode the library path. # Skip directories that are in the system default run-time # search path. case " $sys_lib_dlsearch_path " in *" $absdir "*) ;; *) case "$compile_rpath " in *" $absdir "*) ;; *) func_append compile_rpath " $absdir" ;; esac ;; esac case " $sys_lib_dlsearch_path " in *" $libdir "*) ;; *) case "$finalize_rpath " in *" $libdir "*) ;; *) func_append finalize_rpath " $libdir" ;; esac ;; esac fi if test -n "$old_archive_from_expsyms_cmds"; then # figure out the soname set dummy $library_names shift realname=$1 shift libname=`eval "\\$ECHO \"$libname_spec\""` # use dlname if we got it. it's perfectly good, no? if test -n "$dlname"; then soname=$dlname elif test -n "$soname_spec"; then # bleh windows case $host in *cygwin* | mingw* | *cegcc*) func_arith $current - $age major=$func_arith_result versuffix=-$major ;; esac eval soname=\"$soname_spec\" else soname=$realname fi # Make a new name for the extract_expsyms_cmds to use soroot=$soname func_basename "$soroot" soname=$func_basename_result func_stripname 'lib' '.dll' "$soname" newlib=libimp-$func_stripname_result.a # If the library has no export list, then create one now if test -f "$output_objdir/$soname-def"; then : else func_verbose "extracting exported symbol list from '$soname'" func_execute_cmds "$extract_expsyms_cmds" 'exit $?' fi # Create $newlib if test -f "$output_objdir/$newlib"; then :; else func_verbose "generating import library for '$soname'" func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?' fi # make sure the library variables are pointing to the new library dir=$output_objdir linklib=$newlib fi # test -n "$old_archive_from_expsyms_cmds" if test prog = "$linkmode" || test relink != "$opt_mode"; then add_shlibpath= add_dir= add= lib_linked=yes case $hardcode_action in immediate | unsupported) if test no = "$hardcode_direct"; then add=$dir/$linklib case $host in *-*-sco3.2v5.0.[024]*) add_dir=-L$dir ;; *-*-sysv4*uw2*) add_dir=-L$dir ;; *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ *-*-unixware7*) add_dir=-L$dir ;; *-*-darwin* ) # if the lib is a (non-dlopened) module then we cannot # link against it, someone is ignoring the earlier warnings if /usr/bin/file -L $add 2> /dev/null | $GREP ": [^:]* bundle" >/dev/null; then if test "X$dlopenmodule" != "X$lib"; then $ECHO "*** Warning: lib $linklib is a module, not a shared library" if test -z "$old_library"; then echo echo "*** And there doesn't seem to be a static archive available" echo "*** The link will probably fail, sorry" else add=$dir/$old_library fi elif test -n "$old_library"; then add=$dir/$old_library fi fi esac elif test no = "$hardcode_minus_L"; then case $host in *-*-sunos*) add_shlibpath=$dir ;; esac add_dir=-L$dir add=-l$name elif test no = "$hardcode_shlibpath_var"; then add_shlibpath=$dir add=-l$name else lib_linked=no fi ;; relink) if test yes = "$hardcode_direct" && test no = "$hardcode_direct_absolute"; then add=$dir/$linklib elif test yes = "$hardcode_minus_L"; then add_dir=-L$absdir # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in [\\/]*) func_append add_dir " -L$inst_prefix_dir$libdir" ;; esac fi add=-l$name elif test yes = "$hardcode_shlibpath_var"; then add_shlibpath=$dir add=-l$name else lib_linked=no fi ;; *) lib_linked=no ;; esac if test yes != "$lib_linked"; then func_fatal_configuration "unsupported hardcode properties" fi if test -n "$add_shlibpath"; then case :$compile_shlibpath: in *":$add_shlibpath:"*) ;; *) func_append compile_shlibpath "$add_shlibpath:" ;; esac fi if test prog = "$linkmode"; then test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" test -n "$add" && compile_deplibs="$add $compile_deplibs" else test -n "$add_dir" && deplibs="$add_dir $deplibs" test -n "$add" && deplibs="$add $deplibs" if test yes != "$hardcode_direct" && test yes != "$hardcode_minus_L" && test yes = "$hardcode_shlibpath_var"; then case :$finalize_shlibpath: in *":$libdir:"*) ;; *) func_append finalize_shlibpath "$libdir:" ;; esac fi fi fi if test prog = "$linkmode" || test relink = "$opt_mode"; then add_shlibpath= add_dir= add= # Finalize command for both is simple: just hardcode it. if test yes = "$hardcode_direct" && test no = "$hardcode_direct_absolute"; then add=$libdir/$linklib elif test yes = "$hardcode_minus_L"; then add_dir=-L$libdir add=-l$name elif test yes = "$hardcode_shlibpath_var"; then case :$finalize_shlibpath: in *":$libdir:"*) ;; *) func_append finalize_shlibpath "$libdir:" ;; esac add=-l$name elif test yes = "$hardcode_automatic"; then if test -n "$inst_prefix_dir" && test -f "$inst_prefix_dir$libdir/$linklib"; then add=$inst_prefix_dir$libdir/$linklib else add=$libdir/$linklib fi else # We cannot seem to hardcode it, guess we'll fake it. add_dir=-L$libdir # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in [\\/]*) func_append add_dir " -L$inst_prefix_dir$libdir" ;; esac fi add=-l$name fi if test prog = "$linkmode"; then test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" test -n "$add" && finalize_deplibs="$add $finalize_deplibs" else test -n "$add_dir" && deplibs="$add_dir $deplibs" test -n "$add" && deplibs="$add $deplibs" fi fi elif test prog = "$linkmode"; then # Here we assume that one of hardcode_direct or hardcode_minus_L # is not unsupported. This is valid on all known static and # shared platforms. if test unsupported != "$hardcode_direct"; then test -n "$old_library" && linklib=$old_library compile_deplibs="$dir/$linklib $compile_deplibs" finalize_deplibs="$dir/$linklib $finalize_deplibs" else compile_deplibs="-l$name -L$dir $compile_deplibs" finalize_deplibs="-l$name -L$dir $finalize_deplibs" fi elif test yes = "$build_libtool_libs"; then # Not a shared library if test pass_all != "$deplibs_check_method"; then # We're trying link a shared library against a static one # but the system doesn't support it. # Just print a warning and add the library to dependency_libs so # that the program can be linked against the static library. echo $ECHO "*** Warning: This system cannot link to static lib archive $lib." echo "*** I have the capability to make that library automatically link in when" echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have." if test yes = "$module"; then echo "*** But as you try to build a module library, libtool will still create " echo "*** a static module, that should work as long as the dlopening application" echo "*** is linked with the -dlopen flag to resolve symbols at runtime." if test -z "$global_symbol_pipe"; then echo echo "*** However, this would only work if libtool was able to extract symbol" echo "*** lists from a program, using 'nm' or equivalent, but libtool could" echo "*** not find such a program. So, this module is probably useless." echo "*** 'nm' from GNU binutils and a full rebuild may help." fi if test no = "$build_old_libs"; then build_libtool_libs=module build_old_libs=yes else build_libtool_libs=no fi fi else deplibs="$dir/$old_library $deplibs" link_static=yes fi fi # link shared/static library? if test lib = "$linkmode"; then if test -n "$dependency_libs" && { test yes != "$hardcode_into_libs" || test yes = "$build_old_libs" || test yes = "$link_static"; }; then # Extract -R from dependency_libs temp_deplibs= for libdir in $dependency_libs; do case $libdir in -R*) func_stripname '-R' '' "$libdir" temp_xrpath=$func_stripname_result case " $xrpath " in *" $temp_xrpath "*) ;; *) func_append xrpath " $temp_xrpath";; esac;; *) func_append temp_deplibs " $libdir";; esac done dependency_libs=$temp_deplibs fi func_append newlib_search_path " $absdir" # Link against this library test no = "$link_static" && newdependency_libs="$abs_ladir/$laname $newdependency_libs" # ... and its dependency_libs tmp_libs= for deplib in $dependency_libs; do newdependency_libs="$deplib $newdependency_libs" case $deplib in -L*) func_stripname '-L' '' "$deplib" func_resolve_sysroot "$func_stripname_result";; *) func_resolve_sysroot "$deplib" ;; esac if $opt_preserve_dup_deps; then case "$tmp_libs " in *" $func_resolve_sysroot_result "*) func_append specialdeplibs " $func_resolve_sysroot_result" ;; esac fi func_append tmp_libs " $func_resolve_sysroot_result" done if test no != "$link_all_deplibs"; then # Add the search paths of all dependency libraries for deplib in $dependency_libs; do path= case $deplib in -L*) path=$deplib ;; *.la) func_resolve_sysroot "$deplib" deplib=$func_resolve_sysroot_result func_dirname "$deplib" "" "." dir=$func_dirname_result # We need an absolute path. case $dir in [\\/]* | [A-Za-z]:[\\/]*) absdir=$dir ;; *) absdir=`cd "$dir" && pwd` if test -z "$absdir"; then func_warning "cannot determine absolute directory name of '$dir'" absdir=$dir fi ;; esac if $GREP "^installed=no" $deplib > /dev/null; then case $host in *-*-darwin*) depdepl= eval deplibrary_names=`$SED -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` if test -n "$deplibrary_names"; then for tmp in $deplibrary_names; do depdepl=$tmp done if test -f "$absdir/$objdir/$depdepl"; then depdepl=$absdir/$objdir/$depdepl darwin_install_name=`$OTOOL -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` if test -z "$darwin_install_name"; then darwin_install_name=`$OTOOL64 -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` fi func_append compiler_flags " $wl-dylib_file $wl$darwin_install_name:$depdepl" func_append linker_flags " -dylib_file $darwin_install_name:$depdepl" path= fi fi ;; *) path=-L$absdir/$objdir ;; esac else eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` test -z "$libdir" && \ func_fatal_error "'$deplib' is not a valid libtool archive" test "$absdir" != "$libdir" && \ func_warning "'$deplib' seems to be moved" path=-L$absdir fi ;; esac case " $deplibs " in *" $path "*) ;; *) deplibs="$path $deplibs" ;; esac done fi # link_all_deplibs != no fi # linkmode = lib done # for deplib in $libs if test link = "$pass"; then if test prog = "$linkmode"; then compile_deplibs="$new_inherited_linker_flags $compile_deplibs" finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs" else compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` fi fi dependency_libs=$newdependency_libs if test dlpreopen = "$pass"; then # Link the dlpreopened libraries before other libraries for deplib in $save_deplibs; do deplibs="$deplib $deplibs" done fi if test dlopen != "$pass"; then test conv = "$pass" || { # Make sure lib_search_path contains only unique directories. lib_search_path= for dir in $newlib_search_path; do case "$lib_search_path " in *" $dir "*) ;; *) func_append lib_search_path " $dir" ;; esac done newlib_search_path= } if test prog,link = "$linkmode,$pass"; then vars="compile_deplibs finalize_deplibs" else vars=deplibs fi for var in $vars dependency_libs; do # Add libraries to $var in reverse order eval tmp_libs=\"\$$var\" new_libs= for deplib in $tmp_libs; do # FIXME: Pedantically, this is the right thing to do, so # that some nasty dependency loop isn't accidentally # broken: #new_libs="$deplib $new_libs" # Pragmatically, this seems to cause very few problems in # practice: case $deplib in -L*) new_libs="$deplib $new_libs" ;; -R*) ;; *) # And here is the reason: when a library appears more # than once as an explicit dependence of a library, or # is implicitly linked in more than once by the # compiler, it is considered special, and multiple # occurrences thereof are not removed. Compare this # with having the same library being listed as a # dependency of multiple other libraries: in this case, # we know (pedantically, we assume) the library does not # need to be listed more than once, so we keep only the # last copy. This is not always right, but it is rare # enough that we require users that really mean to play # such unportable linking tricks to link the library # using -Wl,-lname, so that libtool does not consider it # for duplicate removal. case " $specialdeplibs " in *" $deplib "*) new_libs="$deplib $new_libs" ;; *) case " $new_libs " in *" $deplib "*) ;; *) new_libs="$deplib $new_libs" ;; esac ;; esac ;; esac done tmp_libs= for deplib in $new_libs; do case $deplib in -L*) case " $tmp_libs " in *" $deplib "*) ;; *) func_append tmp_libs " $deplib" ;; esac ;; *) func_append tmp_libs " $deplib" ;; esac done eval $var=\"$tmp_libs\" done # for var fi # Last step: remove runtime libs from dependency_libs # (they stay in deplibs) tmp_libs= for i in $dependency_libs; do case " $predeps $postdeps $compiler_lib_search_path " in *" $i "*) i= ;; esac if test -n "$i"; then func_append tmp_libs " $i" fi done dependency_libs=$tmp_libs done # for pass if test prog = "$linkmode"; then dlfiles=$newdlfiles fi if test prog = "$linkmode" || test lib = "$linkmode"; then dlprefiles=$newdlprefiles fi case $linkmode in oldlib) if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then func_warning "'-dlopen' is ignored for archives" fi case " $deplibs" in *\ -l* | *\ -L*) func_warning "'-l' and '-L' are ignored for archives" ;; esac test -n "$rpath" && \ func_warning "'-rpath' is ignored for archives" test -n "$xrpath" && \ func_warning "'-R' is ignored for archives" test -n "$vinfo" && \ func_warning "'-version-info/-version-number' is ignored for archives" test -n "$release" && \ func_warning "'-release' is ignored for archives" test -n "$export_symbols$export_symbols_regex" && \ func_warning "'-export-symbols' is ignored for archives" # Now set the variables for building old libraries. build_libtool_libs=no oldlibs=$output func_append objs "$old_deplibs" ;; lib) # Make sure we only generate libraries of the form 'libNAME.la'. case $outputname in lib*) func_stripname 'lib' '.la' "$outputname" name=$func_stripname_result eval shared_ext=\"$shrext_cmds\" eval libname=\"$libname_spec\" ;; *) test no = "$module" \ && func_fatal_help "libtool library '$output' must begin with 'lib'" if test no != "$need_lib_prefix"; then # Add the "lib" prefix for modules if required func_stripname '' '.la' "$outputname" name=$func_stripname_result eval shared_ext=\"$shrext_cmds\" eval libname=\"$libname_spec\" else func_stripname '' '.la' "$outputname" libname=$func_stripname_result fi ;; esac if test -n "$objs"; then if test pass_all != "$deplibs_check_method"; then func_fatal_error "cannot build libtool library '$output' from non-libtool objects on this host:$objs" else echo $ECHO "*** Warning: Linking the shared library $output against the non-libtool" $ECHO "*** objects $objs is not portable!" func_append libobjs " $objs" fi fi test no = "$dlself" \ || func_warning "'-dlopen self' is ignored for libtool libraries" set dummy $rpath shift test 1 -lt "$#" \ && func_warning "ignoring multiple '-rpath's for a libtool library" install_libdir=$1 oldlibs= if test -z "$rpath"; then if test yes = "$build_libtool_libs"; then # Building a libtool convenience library. # Some compilers have problems with a '.al' extension so # convenience libraries should have the same extension an # archive normally would. oldlibs="$output_objdir/$libname.$libext $oldlibs" build_libtool_libs=convenience build_old_libs=yes fi test -n "$vinfo" && \ func_warning "'-version-info/-version-number' is ignored for convenience libraries" test -n "$release" && \ func_warning "'-release' is ignored for convenience libraries" else # Parse the version information argument. save_ifs=$IFS; IFS=: set dummy $vinfo 0 0 0 shift IFS=$save_ifs test -n "$7" && \ func_fatal_help "too many parameters to '-version-info'" # convert absolute version numbers to libtool ages # this retains compatibility with .la files and attempts # to make the code below a bit more comprehensible case $vinfo_number in yes) number_major=$1 number_minor=$2 number_revision=$3 # # There are really only two kinds -- those that # use the current revision as the major version # and those that subtract age and use age as # a minor version. But, then there is irix # that has an extra 1 added just for fun # case $version_type in # correct linux to gnu/linux during the next big refactor darwin|linux|osf|windows|none) func_arith $number_major + $number_minor current=$func_arith_result age=$number_minor revision=$number_revision ;; freebsd-aout|freebsd-elf|qnx|sunos) current=$number_major revision=$number_minor age=0 ;; irix|nonstopux) func_arith $number_major + $number_minor current=$func_arith_result age=$number_minor revision=$number_minor lt_irix_increment=no ;; esac ;; no) current=$1 revision=$2 age=$3 ;; esac # Check that each of the things are valid numbers. case $current in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) func_error "CURRENT '$current' must be a nonnegative integer" func_fatal_error "'$vinfo' is not valid version information" ;; esac case $revision in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) func_error "REVISION '$revision' must be a nonnegative integer" func_fatal_error "'$vinfo' is not valid version information" ;; esac case $age in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) func_error "AGE '$age' must be a nonnegative integer" func_fatal_error "'$vinfo' is not valid version information" ;; esac if test "$age" -gt "$current"; then func_error "AGE '$age' is greater than the current interface number '$current'" func_fatal_error "'$vinfo' is not valid version information" fi # Calculate the version variables. major= versuffix= verstring= case $version_type in none) ;; darwin) # Like Linux, but with the current version available in # verstring for coding it into the library header func_arith $current - $age major=.$func_arith_result versuffix=$major.$age.$revision # Darwin ld doesn't like 0 for these options... func_arith $current + 1 minor_current=$func_arith_result xlcverstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" # On Darwin other compilers case $CC in nagfor*) verstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" ;; *) verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" ;; esac ;; freebsd-aout) major=.$current versuffix=.$current.$revision ;; freebsd-elf) major=.$current versuffix=.$current ;; irix | nonstopux) if test no = "$lt_irix_increment"; then func_arith $current - $age else func_arith $current - $age + 1 fi major=$func_arith_result case $version_type in nonstopux) verstring_prefix=nonstopux ;; *) verstring_prefix=sgi ;; esac verstring=$verstring_prefix$major.$revision # Add in all the interfaces that we are compatible with. loop=$revision while test 0 -ne "$loop"; do func_arith $revision - $loop iface=$func_arith_result func_arith $loop - 1 loop=$func_arith_result verstring=$verstring_prefix$major.$iface:$verstring done # Before this point, $major must not contain '.'. major=.$major versuffix=$major.$revision ;; linux) # correct to gnu/linux during the next big refactor func_arith $current - $age major=.$func_arith_result versuffix=$major.$age.$revision ;; osf) func_arith $current - $age major=.$func_arith_result versuffix=.$current.$age.$revision verstring=$current.$age.$revision # Add in all the interfaces that we are compatible with. loop=$age while test 0 -ne "$loop"; do func_arith $current - $loop iface=$func_arith_result func_arith $loop - 1 loop=$func_arith_result verstring=$verstring:$iface.0 done # Make executables depend on our current version. func_append verstring ":$current.0" ;; qnx) major=.$current versuffix=.$current ;; sunos) major=.$current versuffix=.$current.$revision ;; windows) # Use '-' rather than '.', since we only want one # extension on DOS 8.3 file systems. func_arith $current - $age major=$func_arith_result versuffix=-$major ;; *) func_fatal_configuration "unknown library version type '$version_type'" ;; esac # Clear the version info if we defaulted, and they specified a release. if test -z "$vinfo" && test -n "$release"; then major= case $version_type in darwin) # we can't check for "0.0" in archive_cmds due to quoting # problems, so we reset it completely verstring= ;; *) verstring=0.0 ;; esac if test no = "$need_version"; then versuffix= else versuffix=.0.0 fi fi # Remove version info from name if versioning should be avoided if test yes,no = "$avoid_version,$need_version"; then major= versuffix= verstring= fi # Check to see if the archive will have undefined symbols. if test yes = "$allow_undefined"; then if test unsupported = "$allow_undefined_flag"; then if test yes = "$build_old_libs"; then func_warning "undefined symbols not allowed in $host shared libraries; building static only" build_libtool_libs=no else func_fatal_error "can't build $host shared library unless -no-undefined is specified" fi fi else # Don't allow undefined symbols. allow_undefined_flag=$no_undefined_flag fi fi func_generate_dlsyms "$libname" "$libname" : func_append libobjs " $symfileobj" test " " = "$libobjs" && libobjs= if test relink != "$opt_mode"; then # Remove our outputs, but don't remove object files since they # may have been created when compiling PIC objects. removelist= tempremovelist=`$ECHO "$output_objdir/*"` for p in $tempremovelist; do case $p in *.$objext | *.gcno) ;; $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/$libname$release.*) if test -n "$precious_files_regex"; then if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 then continue fi fi func_append removelist " $p" ;; *) ;; esac done test -n "$removelist" && \ func_show_eval "${RM}r \$removelist" fi # Now set the variables for building old libraries. if test yes = "$build_old_libs" && test convenience != "$build_libtool_libs"; then func_append oldlibs " $output_objdir/$libname.$libext" # Transform .lo files to .o files. oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; $lo2o" | $NL2SP` fi # Eliminate all temporary directories. #for path in $notinst_path; do # lib_search_path=`$ECHO "$lib_search_path " | $SED "s% $path % %g"` # deplibs=`$ECHO "$deplibs " | $SED "s% -L$path % %g"` # dependency_libs=`$ECHO "$dependency_libs " | $SED "s% -L$path % %g"` #done if test -n "$xrpath"; then # If the user specified any rpath flags, then add them. temp_xrpath= for libdir in $xrpath; do func_replace_sysroot "$libdir" func_append temp_xrpath " -R$func_replace_sysroot_result" case "$finalize_rpath " in *" $libdir "*) ;; *) func_append finalize_rpath " $libdir" ;; esac done if test yes != "$hardcode_into_libs" || test yes = "$build_old_libs"; then dependency_libs="$temp_xrpath $dependency_libs" fi fi # Make sure dlfiles contains only unique files that won't be dlpreopened old_dlfiles=$dlfiles dlfiles= for lib in $old_dlfiles; do case " $dlprefiles $dlfiles " in *" $lib "*) ;; *) func_append dlfiles " $lib" ;; esac done # Make sure dlprefiles contains only unique files old_dlprefiles=$dlprefiles dlprefiles= for lib in $old_dlprefiles; do case "$dlprefiles " in *" $lib "*) ;; *) func_append dlprefiles " $lib" ;; esac done if test yes = "$build_libtool_libs"; then if test -n "$rpath"; then case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*) # these systems don't actually have a c library (as such)! ;; *-*-rhapsody* | *-*-darwin1.[012]) # Rhapsody C library is in the System framework func_append deplibs " System.ltframework" ;; *-*-netbsd*) # Don't link with libc until the a.out ld.so is fixed. ;; *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) # Do not include libc due to us having libc/libc_r. ;; *-*-sco3.2v5* | *-*-sco5v6*) # Causes problems with __ctype ;; *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) # Compiler inserts libc in the correct place for threads to work ;; *) # Add libc to deplibs on all other systems if necessary. if test yes = "$build_libtool_need_lc"; then func_append deplibs " -lc" fi ;; esac fi # Transform deplibs into only deplibs that can be linked in shared. name_save=$name libname_save=$libname release_save=$release versuffix_save=$versuffix major_save=$major # I'm not sure if I'm treating the release correctly. I think # release should show up in the -l (ie -lgmp5) so we don't want to # add it in twice. Is that correct? release= versuffix= major= newdeplibs= droppeddeps=no case $deplibs_check_method in pass_all) # Don't check for shared/static. Everything works. # This might be a little naive. We might want to check # whether the library exists or not. But this is on # osf3 & osf4 and I'm not really sure... Just # implementing what was already the behavior. newdeplibs=$deplibs ;; test_compile) # This code stresses the "libraries are programs" paradigm to its # limits. Maybe even breaks it. We compile a program, linking it # against the deplibs as a proxy for the library. Then we can check # whether they linked in statically or dynamically with ldd. $opt_dry_run || $RM conftest.c cat > conftest.c </dev/null` $nocaseglob else potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null` fi for potent_lib in $potential_libs; do # Follow soft links. if ls -lLd "$potent_lib" 2>/dev/null | $GREP " -> " >/dev/null; then continue fi # The statement above tries to avoid entering an # endless loop below, in case of cyclic links. # We might still enter an endless loop, since a link # loop can be closed while we follow links, # but so what? potlib=$potent_lib while test -h "$potlib" 2>/dev/null; do potliblink=`ls -ld $potlib | $SED 's/.* -> //'` case $potliblink in [\\/]* | [A-Za-z]:[\\/]*) potlib=$potliblink;; *) potlib=`$ECHO "$potlib" | $SED 's|[^/]*$||'`"$potliblink";; esac done if eval $file_magic_cmd \"\$potlib\" 2>/dev/null | $SED -e 10q | $EGREP "$file_magic_regex" > /dev/null; then func_append newdeplibs " $a_deplib" a_deplib= break 2 fi done done fi if test -n "$a_deplib"; then droppeddeps=yes echo $ECHO "*** Warning: linker path does not have real file for library $a_deplib." echo "*** I have the capability to make that library automatically link in when" echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have" echo "*** because I did check the linker path looking for a file starting" if test -z "$potlib"; then $ECHO "*** with $libname but no candidates were found. (...for file magic test)" else $ECHO "*** with $libname and none of the candidates passed a file format test" $ECHO "*** using a file magic. Last file checked: $potlib" fi fi ;; *) # Add a -L argument. func_append newdeplibs " $a_deplib" ;; esac done # Gone through all deplibs. ;; match_pattern*) set dummy $deplibs_check_method; shift match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` for a_deplib in $deplibs; do case $a_deplib in -l*) func_stripname -l '' "$a_deplib" name=$func_stripname_result if test yes = "$allow_libtool_libs_with_static_runtimes"; then case " $predeps $postdeps " in *" $a_deplib "*) func_append newdeplibs " $a_deplib" a_deplib= ;; esac fi if test -n "$a_deplib"; then libname=`eval "\\$ECHO \"$libname_spec\""` for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do potential_libs=`ls $i/$libname[.-]* 2>/dev/null` for potent_lib in $potential_libs; do potlib=$potent_lib # see symlink-check above in file_magic test if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \ $EGREP "$match_pattern_regex" > /dev/null; then func_append newdeplibs " $a_deplib" a_deplib= break 2 fi done done fi if test -n "$a_deplib"; then droppeddeps=yes echo $ECHO "*** Warning: linker path does not have real file for library $a_deplib." echo "*** I have the capability to make that library automatically link in when" echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have" echo "*** because I did check the linker path looking for a file starting" if test -z "$potlib"; then $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)" else $ECHO "*** with $libname and none of the candidates passed a file format test" $ECHO "*** using a regex pattern. Last file checked: $potlib" fi fi ;; *) # Add a -L argument. func_append newdeplibs " $a_deplib" ;; esac done # Gone through all deplibs. ;; none | unknown | *) newdeplibs= tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'` if test yes = "$allow_libtool_libs_with_static_runtimes"; then for i in $predeps $postdeps; do # can't use Xsed below, because $i might contain '/' tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s|$i||"` done fi case $tmp_deplibs in *[!\ \ ]*) echo if test none = "$deplibs_check_method"; then echo "*** Warning: inter-library dependencies are not supported in this platform." else echo "*** Warning: inter-library dependencies are not known to be supported." fi echo "*** All declared inter-library dependencies are being dropped." droppeddeps=yes ;; esac ;; esac versuffix=$versuffix_save major=$major_save release=$release_save libname=$libname_save name=$name_save case $host in *-*-rhapsody* | *-*-darwin1.[012]) # On Rhapsody replace the C library with the System framework newdeplibs=`$ECHO " $newdeplibs" | $SED 's/ -lc / System.ltframework /'` ;; esac if test yes = "$droppeddeps"; then if test yes = "$module"; then echo echo "*** Warning: libtool could not satisfy all declared inter-library" $ECHO "*** dependencies of module $libname. Therefore, libtool will create" echo "*** a static module, that should work as long as the dlopening" echo "*** application is linked with the -dlopen flag." if test -z "$global_symbol_pipe"; then echo echo "*** However, this would only work if libtool was able to extract symbol" echo "*** lists from a program, using 'nm' or equivalent, but libtool could" echo "*** not find such a program. So, this module is probably useless." echo "*** 'nm' from GNU binutils and a full rebuild may help." fi if test no = "$build_old_libs"; then oldlibs=$output_objdir/$libname.$libext build_libtool_libs=module build_old_libs=yes else build_libtool_libs=no fi else echo "*** The inter-library dependencies that have been dropped here will be" echo "*** automatically added whenever a program is linked with this library" echo "*** or is declared to -dlopen it." if test no = "$allow_undefined"; then echo echo "*** Since this library must not contain undefined symbols," echo "*** because either the platform does not support them or" echo "*** it was explicitly requested with -no-undefined," echo "*** libtool will only create a static version of it." if test no = "$build_old_libs"; then oldlibs=$output_objdir/$libname.$libext build_libtool_libs=module build_old_libs=yes else build_libtool_libs=no fi fi fi fi # Done checking deplibs! deplibs=$newdeplibs fi # Time to change all our "foo.ltframework" stuff back to "-framework foo" case $host in *-*-darwin*) newdeplibs=`$ECHO " $newdeplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` new_inherited_linker_flags=`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` deplibs=`$ECHO " $deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` ;; esac # move library search paths that coincide with paths to not yet # installed libraries to the beginning of the library search list new_libs= for path in $notinst_path; do case " $new_libs " in *" -L$path/$objdir "*) ;; *) case " $deplibs " in *" -L$path/$objdir "*) func_append new_libs " -L$path/$objdir" ;; esac ;; esac done for deplib in $deplibs; do case $deplib in -L*) case " $new_libs " in *" $deplib "*) ;; *) func_append new_libs " $deplib" ;; esac ;; *) func_append new_libs " $deplib" ;; esac done deplibs=$new_libs # All the library-specific variables (install_libdir is set above). library_names= old_library= dlname= # Test again, we may have decided not to build it any more if test yes = "$build_libtool_libs"; then # Remove $wl instances when linking with ld. # FIXME: should test the right _cmds variable. case $archive_cmds in *\$LD\ *) wl= ;; esac if test yes = "$hardcode_into_libs"; then # Hardcode the library paths hardcode_libdirs= dep_rpath= rpath=$finalize_rpath test relink = "$opt_mode" || rpath=$compile_rpath$rpath for libdir in $rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then func_replace_sysroot "$libdir" libdir=$func_replace_sysroot_result if test -z "$hardcode_libdirs"; then hardcode_libdirs=$libdir else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" func_append dep_rpath " $flag" fi elif test -n "$runpath_var"; then case "$perm_rpath " in *" $libdir "*) ;; *) func_append perm_rpath " $libdir" ;; esac fi done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir=$hardcode_libdirs eval "dep_rpath=\"$hardcode_libdir_flag_spec\"" fi if test -n "$runpath_var" && test -n "$perm_rpath"; then # We should set the runpath_var. rpath= for dir in $perm_rpath; do func_append rpath "$dir:" done eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var" fi test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" fi shlibpath=$finalize_shlibpath test relink = "$opt_mode" || shlibpath=$compile_shlibpath$shlibpath if test -n "$shlibpath"; then eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" fi # Get the real and link names of the library. eval shared_ext=\"$shrext_cmds\" eval library_names=\"$library_names_spec\" set dummy $library_names shift realname=$1 shift if test -n "$soname_spec"; then eval soname=\"$soname_spec\" else soname=$realname fi if test -z "$dlname"; then dlname=$soname fi lib=$output_objdir/$realname linknames= for link do func_append linknames " $link" done # Use standard objects if they are pic test -z "$pic_flag" && libobjs=`$ECHO "$libobjs" | $SP2NL | $SED "$lo2o" | $NL2SP` test "X$libobjs" = "X " && libobjs= delfiles= if test -n "$export_symbols" && test -n "$include_expsyms"; then $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp" export_symbols=$output_objdir/$libname.uexp func_append delfiles " $export_symbols" fi orig_export_symbols= case $host_os in cygwin* | mingw* | cegcc*) if test -n "$export_symbols" && test -z "$export_symbols_regex"; then # exporting using user supplied symfile func_dll_def_p "$export_symbols" || { # and it's NOT already a .def file. Must figure out # which of the given symbols are data symbols and tag # them as such. So, trigger use of export_symbols_cmds. # export_symbols gets reassigned inside the "prepare # the list of exported symbols" if statement, so the # include_expsyms logic still works. orig_export_symbols=$export_symbols export_symbols= always_export_symbols=yes } fi ;; esac # Prepare the list of exported symbols if test -z "$export_symbols"; then if test yes = "$always_export_symbols" || test -n "$export_symbols_regex"; then func_verbose "generating symbol list for '$libname.la'" export_symbols=$output_objdir/$libname.exp $opt_dry_run || $RM $export_symbols cmds=$export_symbols_cmds save_ifs=$IFS; IFS='~' for cmd1 in $cmds; do IFS=$save_ifs # Take the normal branch if the nm_file_list_spec branch # doesn't work or if tool conversion is not needed. case $nm_file_list_spec~$to_tool_file_cmd in *~func_convert_file_noop | *~func_convert_file_msys_to_w32 | ~*) try_normal_branch=yes eval cmd=\"$cmd1\" func_len " $cmd" len=$func_len_result ;; *) try_normal_branch=no ;; esac if test yes = "$try_normal_branch" \ && { test "$len" -lt "$max_cmd_len" \ || test "$max_cmd_len" -le -1; } then func_show_eval "$cmd" 'exit $?' skipped_export=false elif test -n "$nm_file_list_spec"; then func_basename "$output" output_la=$func_basename_result save_libobjs=$libobjs save_output=$output output=$output_objdir/$output_la.nm func_to_tool_file "$output" libobjs=$nm_file_list_spec$func_to_tool_file_result func_append delfiles " $output" func_verbose "creating $NM input file list: $output" for obj in $save_libobjs; do func_to_tool_file "$obj" $ECHO "$func_to_tool_file_result" done > "$output" eval cmd=\"$cmd1\" func_show_eval "$cmd" 'exit $?' output=$save_output libobjs=$save_libobjs skipped_export=false else # The command line is too long to execute in one step. func_verbose "using reloadable object file for export list..." skipped_export=: # Break out early, otherwise skipped_export may be # set to false by a later but shorter cmd. break fi done IFS=$save_ifs if test -n "$export_symbols_regex" && test : != "$skipped_export"; then func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' func_show_eval '$MV "${export_symbols}T" "$export_symbols"' fi fi fi if test -n "$export_symbols" && test -n "$include_expsyms"; then tmp_export_symbols=$export_symbols test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' fi if test : != "$skipped_export" && test -n "$orig_export_symbols"; then # The given exports_symbols file has to be filtered, so filter it. func_verbose "filter symbol list for '$libname.la' to tag DATA exports" # FIXME: $output_objdir/$libname.filter potentially contains lots of # 's' commands, which not all seds can handle. GNU sed should be fine # though. Also, the filter scales superlinearly with the number of # global variables. join(1) would be nice here, but unfortunately # isn't a blessed tool. $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter func_append delfiles " $export_symbols $output_objdir/$libname.filter" export_symbols=$output_objdir/$libname.def $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols fi tmp_deplibs= for test_deplib in $deplibs; do case " $convenience " in *" $test_deplib "*) ;; *) func_append tmp_deplibs " $test_deplib" ;; esac done deplibs=$tmp_deplibs if test -n "$convenience"; then if test -n "$whole_archive_flag_spec" && test yes = "$compiler_needs_object" && test -z "$libobjs"; then # extract the archives, so we have objects to list. # TODO: could optimize this to just extract one archive. whole_archive_flag_spec= fi if test -n "$whole_archive_flag_spec"; then save_libobjs=$libobjs eval libobjs=\"\$libobjs $whole_archive_flag_spec\" test "X$libobjs" = "X " && libobjs= else gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_extract_archives $gentop $convenience func_append libobjs " $func_extract_archives_result" test "X$libobjs" = "X " && libobjs= fi fi if test yes = "$thread_safe" && test -n "$thread_safe_flag_spec"; then eval flag=\"$thread_safe_flag_spec\" func_append linker_flags " $flag" fi # Make a backup of the uninstalled library when relinking if test relink = "$opt_mode"; then $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $? fi # Do each of the archive commands. if test yes = "$module" && test -n "$module_cmds"; then if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then eval test_cmds=\"$module_expsym_cmds\" cmds=$module_expsym_cmds else eval test_cmds=\"$module_cmds\" cmds=$module_cmds fi else if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then eval test_cmds=\"$archive_expsym_cmds\" cmds=$archive_expsym_cmds else eval test_cmds=\"$archive_cmds\" cmds=$archive_cmds fi fi if test : != "$skipped_export" && func_len " $test_cmds" && len=$func_len_result && test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then : else # The command line is too long to link in one step, link piecewise # or, if using GNU ld and skipped_export is not :, use a linker # script. # Save the value of $output and $libobjs because we want to # use them later. If we have whole_archive_flag_spec, we # want to use save_libobjs as it was before # whole_archive_flag_spec was expanded, because we can't # assume the linker understands whole_archive_flag_spec. # This may have to be revisited, in case too many # convenience libraries get linked in and end up exceeding # the spec. if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then save_libobjs=$libobjs fi save_output=$output func_basename "$output" output_la=$func_basename_result # Clear the reloadable object creation command queue and # initialize k to one. test_cmds= concat_cmds= objlist= last_robj= k=1 if test -n "$save_libobjs" && test : != "$skipped_export" && test yes = "$with_gnu_ld"; then output=$output_objdir/$output_la.lnkscript func_verbose "creating GNU ld script: $output" echo 'INPUT (' > $output for obj in $save_libobjs do func_to_tool_file "$obj" $ECHO "$func_to_tool_file_result" >> $output done echo ')' >> $output func_append delfiles " $output" func_to_tool_file "$output" output=$func_to_tool_file_result elif test -n "$save_libobjs" && test : != "$skipped_export" && test -n "$file_list_spec"; then output=$output_objdir/$output_la.lnk func_verbose "creating linker input file list: $output" : > $output set x $save_libobjs shift firstobj= if test yes = "$compiler_needs_object"; then firstobj="$1 " shift fi for obj do func_to_tool_file "$obj" $ECHO "$func_to_tool_file_result" >> $output done func_append delfiles " $output" func_to_tool_file "$output" output=$firstobj\"$file_list_spec$func_to_tool_file_result\" else if test -n "$save_libobjs"; then func_verbose "creating reloadable object files..." output=$output_objdir/$output_la-$k.$objext eval test_cmds=\"$reload_cmds\" func_len " $test_cmds" len0=$func_len_result len=$len0 # Loop over the list of objects to be linked. for obj in $save_libobjs do func_len " $obj" func_arith $len + $func_len_result len=$func_arith_result if test -z "$objlist" || test "$len" -lt "$max_cmd_len"; then func_append objlist " $obj" else # The command $test_cmds is almost too long, add a # command to the queue. if test 1 -eq "$k"; then # The first file doesn't have a previous command to add. reload_objs=$objlist eval concat_cmds=\"$reload_cmds\" else # All subsequent reloadable object files will link in # the last one created. reload_objs="$objlist $last_robj" eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\" fi last_robj=$output_objdir/$output_la-$k.$objext func_arith $k + 1 k=$func_arith_result output=$output_objdir/$output_la-$k.$objext objlist=" $obj" func_len " $last_robj" func_arith $len0 + $func_len_result len=$func_arith_result fi done # Handle the remaining objects by creating one last # reloadable object file. All subsequent reloadable object # files will link in the last one created. test -z "$concat_cmds" || concat_cmds=$concat_cmds~ reload_objs="$objlist $last_robj" eval concat_cmds=\"\$concat_cmds$reload_cmds\" if test -n "$last_robj"; then eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" fi func_append delfiles " $output" else output= fi ${skipped_export-false} && { func_verbose "generating symbol list for '$libname.la'" export_symbols=$output_objdir/$libname.exp $opt_dry_run || $RM $export_symbols libobjs=$output # Append the command to create the export file. test -z "$concat_cmds" || concat_cmds=$concat_cmds~ eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\" if test -n "$last_robj"; then eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" fi } test -n "$save_libobjs" && func_verbose "creating a temporary reloadable object file: $output" # Loop through the commands generated above and execute them. save_ifs=$IFS; IFS='~' for cmd in $concat_cmds; do IFS=$save_ifs $opt_quiet || { func_quote_for_expand "$cmd" eval "func_echo $func_quote_for_expand_result" } $opt_dry_run || eval "$cmd" || { lt_exit=$? # Restore the uninstalled library and exit if test relink = "$opt_mode"; then ( cd "$output_objdir" && \ $RM "${realname}T" && \ $MV "${realname}U" "$realname" ) fi exit $lt_exit } done IFS=$save_ifs if test -n "$export_symbols_regex" && ${skipped_export-false}; then func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' func_show_eval '$MV "${export_symbols}T" "$export_symbols"' fi fi ${skipped_export-false} && { if test -n "$export_symbols" && test -n "$include_expsyms"; then tmp_export_symbols=$export_symbols test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' fi if test -n "$orig_export_symbols"; then # The given exports_symbols file has to be filtered, so filter it. func_verbose "filter symbol list for '$libname.la' to tag DATA exports" # FIXME: $output_objdir/$libname.filter potentially contains lots of # 's' commands, which not all seds can handle. GNU sed should be fine # though. Also, the filter scales superlinearly with the number of # global variables. join(1) would be nice here, but unfortunately # isn't a blessed tool. $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter func_append delfiles " $export_symbols $output_objdir/$libname.filter" export_symbols=$output_objdir/$libname.def $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols fi } libobjs=$output # Restore the value of output. output=$save_output if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then eval libobjs=\"\$libobjs $whole_archive_flag_spec\" test "X$libobjs" = "X " && libobjs= fi # Expand the library linking commands again to reset the # value of $libobjs for piecewise linking. # Do each of the archive commands. if test yes = "$module" && test -n "$module_cmds"; then if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then cmds=$module_expsym_cmds else cmds=$module_cmds fi else if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then cmds=$archive_expsym_cmds else cmds=$archive_cmds fi fi fi if test -n "$delfiles"; then # Append the command to remove temporary files to $cmds. eval cmds=\"\$cmds~\$RM $delfiles\" fi # Add any objects from preloaded convenience libraries if test -n "$dlprefiles"; then gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_extract_archives $gentop $dlprefiles func_append libobjs " $func_extract_archives_result" test "X$libobjs" = "X " && libobjs= fi save_ifs=$IFS; IFS='~' for cmd in $cmds; do IFS=$sp$nl eval cmd=\"$cmd\" IFS=$save_ifs $opt_quiet || { func_quote_for_expand "$cmd" eval "func_echo $func_quote_for_expand_result" } $opt_dry_run || eval "$cmd" || { lt_exit=$? # Restore the uninstalled library and exit if test relink = "$opt_mode"; then ( cd "$output_objdir" && \ $RM "${realname}T" && \ $MV "${realname}U" "$realname" ) fi exit $lt_exit } done IFS=$save_ifs # Restore the uninstalled library and exit if test relink = "$opt_mode"; then $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $? if test -n "$convenience"; then if test -z "$whole_archive_flag_spec"; then func_show_eval '${RM}r "$gentop"' fi fi exit $EXIT_SUCCESS fi # Create links to the real library. for linkname in $linknames; do if test "$realname" != "$linkname"; then func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?' fi done # If -module or -export-dynamic was specified, set the dlname. if test yes = "$module" || test yes = "$export_dynamic"; then # On all known operating systems, these are identical. dlname=$soname fi fi ;; obj) if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then func_warning "'-dlopen' is ignored for objects" fi case " $deplibs" in *\ -l* | *\ -L*) func_warning "'-l' and '-L' are ignored for objects" ;; esac test -n "$rpath" && \ func_warning "'-rpath' is ignored for objects" test -n "$xrpath" && \ func_warning "'-R' is ignored for objects" test -n "$vinfo" && \ func_warning "'-version-info' is ignored for objects" test -n "$release" && \ func_warning "'-release' is ignored for objects" case $output in *.lo) test -n "$objs$old_deplibs" && \ func_fatal_error "cannot build library object '$output' from non-libtool objects" libobj=$output func_lo2o "$libobj" obj=$func_lo2o_result ;; *) libobj= obj=$output ;; esac # Delete the old objects. $opt_dry_run || $RM $obj $libobj # Objects from convenience libraries. This assumes # single-version convenience libraries. Whenever we create # different ones for PIC/non-PIC, this we'll have to duplicate # the extraction. reload_conv_objs= gentop= # reload_cmds runs $LD directly, so let us get rid of # -Wl from whole_archive_flag_spec and hope we can get by with # turning comma into space.. wl= if test -n "$convenience"; then if test -n "$whole_archive_flag_spec"; then eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" reload_conv_objs=$reload_objs\ `$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'` else gentop=$output_objdir/${obj}x func_append generated " $gentop" func_extract_archives $gentop $convenience reload_conv_objs="$reload_objs $func_extract_archives_result" fi fi # If we're not building shared, we need to use non_pic_objs test yes = "$build_libtool_libs" || libobjs=$non_pic_objects # Create the old-style object. reload_objs=$objs$old_deplibs' '`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; /\.lib$/d; $lo2o" | $NL2SP`' '$reload_conv_objs output=$obj func_execute_cmds "$reload_cmds" 'exit $?' # Exit if we aren't doing a library object file. if test -z "$libobj"; then if test -n "$gentop"; then func_show_eval '${RM}r "$gentop"' fi exit $EXIT_SUCCESS fi test yes = "$build_libtool_libs" || { if test -n "$gentop"; then func_show_eval '${RM}r "$gentop"' fi # Create an invalid libtool object if no PIC, so that we don't # accidentally link it into a program. # $show "echo timestamp > $libobj" # $opt_dry_run || eval "echo timestamp > $libobj" || exit $? exit $EXIT_SUCCESS } if test -n "$pic_flag" || test default != "$pic_mode"; then # Only do commands if we really have different PIC objects. reload_objs="$libobjs $reload_conv_objs" output=$libobj func_execute_cmds "$reload_cmds" 'exit $?' fi if test -n "$gentop"; then func_show_eval '${RM}r "$gentop"' fi exit $EXIT_SUCCESS ;; prog) case $host in *cygwin*) func_stripname '' '.exe' "$output" output=$func_stripname_result.exe;; esac test -n "$vinfo" && \ func_warning "'-version-info' is ignored for programs" test -n "$release" && \ func_warning "'-release' is ignored for programs" $preload \ && test unknown,unknown,unknown = "$dlopen_support,$dlopen_self,$dlopen_self_static" \ && func_warning "'LT_INIT([dlopen])' not used. Assuming no dlopen support." case $host in *-*-rhapsody* | *-*-darwin1.[012]) # On Rhapsody replace the C library is the System framework compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's/ -lc / System.ltframework /'` finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's/ -lc / System.ltframework /'` ;; esac case $host in *-*-darwin*) # Don't allow lazy linking, it breaks C++ global constructors # But is supposedly fixed on 10.4 or later (yay!). if test CXX = "$tagname"; then case ${MACOSX_DEPLOYMENT_TARGET-10.0} in 10.[0123]) func_append compile_command " $wl-bind_at_load" func_append finalize_command " $wl-bind_at_load" ;; esac fi # Time to change all our "foo.ltframework" stuff back to "-framework foo" compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` ;; esac # move library search paths that coincide with paths to not yet # installed libraries to the beginning of the library search list new_libs= for path in $notinst_path; do case " $new_libs " in *" -L$path/$objdir "*) ;; *) case " $compile_deplibs " in *" -L$path/$objdir "*) func_append new_libs " -L$path/$objdir" ;; esac ;; esac done for deplib in $compile_deplibs; do case $deplib in -L*) case " $new_libs " in *" $deplib "*) ;; *) func_append new_libs " $deplib" ;; esac ;; *) func_append new_libs " $deplib" ;; esac done compile_deplibs=$new_libs func_append compile_command " $compile_deplibs" func_append finalize_command " $finalize_deplibs" if test -n "$rpath$xrpath"; then # If the user specified any rpath flags, then add them. for libdir in $rpath $xrpath; do # This is the magic to use -rpath. case "$finalize_rpath " in *" $libdir "*) ;; *) func_append finalize_rpath " $libdir" ;; esac done fi # Now hardcode the library paths rpath= hardcode_libdirs= for libdir in $compile_rpath $finalize_rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then hardcode_libdirs=$libdir else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" func_append rpath " $flag" fi elif test -n "$runpath_var"; then case "$perm_rpath " in *" $libdir "*) ;; *) func_append perm_rpath " $libdir" ;; esac fi case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) testbindir=`$ECHO "$libdir" | $SED -e 's*/lib$*/bin*'` case :$dllsearchpath: in *":$libdir:"*) ;; ::) dllsearchpath=$libdir;; *) func_append dllsearchpath ":$libdir";; esac case :$dllsearchpath: in *":$testbindir:"*) ;; ::) dllsearchpath=$testbindir;; *) func_append dllsearchpath ":$testbindir";; esac ;; esac done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir=$hardcode_libdirs eval rpath=\" $hardcode_libdir_flag_spec\" fi compile_rpath=$rpath rpath= hardcode_libdirs= for libdir in $finalize_rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then hardcode_libdirs=$libdir else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" func_append rpath " $flag" fi elif test -n "$runpath_var"; then case "$finalize_perm_rpath " in *" $libdir "*) ;; *) func_append finalize_perm_rpath " $libdir" ;; esac fi done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir=$hardcode_libdirs eval rpath=\" $hardcode_libdir_flag_spec\" fi finalize_rpath=$rpath if test -n "$libobjs" && test yes = "$build_old_libs"; then # Transform all the library objects into standard objects. compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP` finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP` fi func_generate_dlsyms "$outputname" "@PROGRAM@" false # template prelinking step if test -n "$prelink_cmds"; then func_execute_cmds "$prelink_cmds" 'exit $?' fi wrappers_required=: case $host in *cegcc* | *mingw32ce*) # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway. wrappers_required=false ;; *cygwin* | *mingw* ) test yes = "$build_libtool_libs" || wrappers_required=false ;; *) if test no = "$need_relink" || test yes != "$build_libtool_libs"; then wrappers_required=false fi ;; esac $wrappers_required || { # Replace the output file specification. compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'` link_command=$compile_command$compile_rpath # We have no uninstalled library dependencies, so finalize right now. exit_status=0 func_show_eval "$link_command" 'exit_status=$?' if test -n "$postlink_cmds"; then func_to_tool_file "$output" postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` func_execute_cmds "$postlink_cmds" 'exit $?' fi # Delete the generated files. if test -f "$output_objdir/${outputname}S.$objext"; then func_show_eval '$RM "$output_objdir/${outputname}S.$objext"' fi exit $exit_status } if test -n "$compile_shlibpath$finalize_shlibpath"; then compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" fi if test -n "$finalize_shlibpath"; then finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command" fi compile_var= finalize_var= if test -n "$runpath_var"; then if test -n "$perm_rpath"; then # We should set the runpath_var. rpath= for dir in $perm_rpath; do func_append rpath "$dir:" done compile_var="$runpath_var=\"$rpath\$$runpath_var\" " fi if test -n "$finalize_perm_rpath"; then # We should set the runpath_var. rpath= for dir in $finalize_perm_rpath; do func_append rpath "$dir:" done finalize_var="$runpath_var=\"$rpath\$$runpath_var\" " fi fi if test yes = "$no_install"; then # We don't need to create a wrapper script. link_command=$compile_var$compile_command$compile_rpath # Replace the output file specification. link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'` # Delete the old output file. $opt_dry_run || $RM $output # Link the executable and exit func_show_eval "$link_command" 'exit $?' if test -n "$postlink_cmds"; then func_to_tool_file "$output" postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` func_execute_cmds "$postlink_cmds" 'exit $?' fi exit $EXIT_SUCCESS fi case $hardcode_action,$fast_install in relink,*) # Fast installation is not supported link_command=$compile_var$compile_command$compile_rpath relink_command=$finalize_var$finalize_command$finalize_rpath func_warning "this platform does not like uninstalled shared libraries" func_warning "'$output' will be relinked during installation" ;; *,yes) link_command=$finalize_var$compile_command$finalize_rpath relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'` ;; *,no) link_command=$compile_var$compile_command$compile_rpath relink_command=$finalize_var$finalize_command$finalize_rpath ;; *,needless) link_command=$finalize_var$compile_command$finalize_rpath relink_command= ;; esac # Replace the output file specification. link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` # Delete the old output files. $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname func_show_eval "$link_command" 'exit $?' if test -n "$postlink_cmds"; then func_to_tool_file "$output_objdir/$outputname" postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` func_execute_cmds "$postlink_cmds" 'exit $?' fi # Now create the wrapper script. func_verbose "creating $output" # Quote the relink command for shipping. if test -n "$relink_command"; then # Preserve any variables that may affect compiler behavior for var in $variables_saved_for_relink; do if eval test -z \"\${$var+set}\"; then relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" elif eval var_value=\$$var; test -z "$var_value"; then relink_command="$var=; export $var; $relink_command" else func_quote_for_eval "$var_value" relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" fi done relink_command="(cd `pwd`; $relink_command)" relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` fi # Only actually do things if not in dry run mode. $opt_dry_run || { # win32 will think the script is a binary if it has # a .exe suffix, so we strip it off here. case $output in *.exe) func_stripname '' '.exe' "$output" output=$func_stripname_result ;; esac # test for cygwin because mv fails w/o .exe extensions case $host in *cygwin*) exeext=.exe func_stripname '' '.exe' "$outputname" outputname=$func_stripname_result ;; *) exeext= ;; esac case $host in *cygwin* | *mingw* ) func_dirname_and_basename "$output" "" "." output_name=$func_basename_result output_path=$func_dirname_result cwrappersource=$output_path/$objdir/lt-$output_name.c cwrapper=$output_path/$output_name.exe $RM $cwrappersource $cwrapper trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 func_emit_cwrapperexe_src > $cwrappersource # The wrapper executable is built using the $host compiler, # because it contains $host paths and files. If cross- # compiling, it, like the target executable, must be # executed on the $host or under an emulation environment. $opt_dry_run || { $LTCC $LTCFLAGS -o $cwrapper $cwrappersource $STRIP $cwrapper } # Now, create the wrapper script for func_source use: func_ltwrapper_scriptname $cwrapper $RM $func_ltwrapper_scriptname_result trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15 $opt_dry_run || { # note: this script will not be executed, so do not chmod. if test "x$build" = "x$host"; then $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result else func_emit_wrapper no > $func_ltwrapper_scriptname_result fi } ;; * ) $RM $output trap "$RM $output; exit $EXIT_FAILURE" 1 2 15 func_emit_wrapper no > $output chmod +x $output ;; esac } exit $EXIT_SUCCESS ;; esac # See if we need to build an old-fashioned archive. for oldlib in $oldlibs; do case $build_libtool_libs in convenience) oldobjs="$libobjs_save $symfileobj" addlibs=$convenience build_libtool_libs=no ;; module) oldobjs=$libobjs_save addlibs=$old_convenience build_libtool_libs=no ;; *) oldobjs="$old_deplibs $non_pic_objects" $preload && test -f "$symfileobj" \ && func_append oldobjs " $symfileobj" addlibs=$old_convenience ;; esac if test -n "$addlibs"; then gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_extract_archives $gentop $addlibs func_append oldobjs " $func_extract_archives_result" fi # Do each command in the archive commands. if test -n "$old_archive_from_new_cmds" && test yes = "$build_libtool_libs"; then cmds=$old_archive_from_new_cmds else # Add any objects from preloaded convenience libraries if test -n "$dlprefiles"; then gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_extract_archives $gentop $dlprefiles func_append oldobjs " $func_extract_archives_result" fi # POSIX demands no paths to be encoded in archives. We have # to avoid creating archives with duplicate basenames if we # might have to extract them afterwards, e.g., when creating a # static archive out of a convenience library, or when linking # the entirety of a libtool archive into another (currently # not supported by libtool). if (for obj in $oldobjs do func_basename "$obj" $ECHO "$func_basename_result" done | sort | sort -uc >/dev/null 2>&1); then : else echo "copying selected object files to avoid basename conflicts..." gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_mkdir_p "$gentop" save_oldobjs=$oldobjs oldobjs= counter=1 for obj in $save_oldobjs do func_basename "$obj" objbase=$func_basename_result case " $oldobjs " in " ") oldobjs=$obj ;; *[\ /]"$objbase "*) while :; do # Make sure we don't pick an alternate name that also # overlaps. newobj=lt$counter-$objbase func_arith $counter + 1 counter=$func_arith_result case " $oldobjs " in *[\ /]"$newobj "*) ;; *) if test ! -f "$gentop/$newobj"; then break; fi ;; esac done func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj" func_append oldobjs " $gentop/$newobj" ;; *) func_append oldobjs " $obj" ;; esac done fi func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 tool_oldlib=$func_to_tool_file_result eval cmds=\"$old_archive_cmds\" func_len " $cmds" len=$func_len_result if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then cmds=$old_archive_cmds elif test -n "$archiver_list_spec"; then func_verbose "using command file archive linking..." for obj in $oldobjs do func_to_tool_file "$obj" $ECHO "$func_to_tool_file_result" done > $output_objdir/$libname.libcmd func_to_tool_file "$output_objdir/$libname.libcmd" oldobjs=" $archiver_list_spec$func_to_tool_file_result" cmds=$old_archive_cmds else # the command line is too long to link in one step, link in parts func_verbose "using piecewise archive linking..." save_RANLIB=$RANLIB RANLIB=: objlist= concat_cmds= save_oldobjs=$oldobjs oldobjs= # Is there a better way of finding the last object in the list? for obj in $save_oldobjs do last_oldobj=$obj done eval test_cmds=\"$old_archive_cmds\" func_len " $test_cmds" len0=$func_len_result len=$len0 for obj in $save_oldobjs do func_len " $obj" func_arith $len + $func_len_result len=$func_arith_result func_append objlist " $obj" if test "$len" -lt "$max_cmd_len"; then : else # the above command should be used before it gets too long oldobjs=$objlist if test "$obj" = "$last_oldobj"; then RANLIB=$save_RANLIB fi test -z "$concat_cmds" || concat_cmds=$concat_cmds~ eval concat_cmds=\"\$concat_cmds$old_archive_cmds\" objlist= len=$len0 fi done RANLIB=$save_RANLIB oldobjs=$objlist if test -z "$oldobjs"; then eval cmds=\"\$concat_cmds\" else eval cmds=\"\$concat_cmds~\$old_archive_cmds\" fi fi fi func_execute_cmds "$cmds" 'exit $?' done test -n "$generated" && \ func_show_eval "${RM}r$generated" # Now create the libtool archive. case $output in *.la) old_library= test yes = "$build_old_libs" && old_library=$libname.$libext func_verbose "creating $output" # Preserve any variables that may affect compiler behavior for var in $variables_saved_for_relink; do if eval test -z \"\${$var+set}\"; then relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" elif eval var_value=\$$var; test -z "$var_value"; then relink_command="$var=; export $var; $relink_command" else func_quote_for_eval "$var_value" relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" fi done # Quote the link command for shipping. relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` if test yes = "$hardcode_automatic"; then relink_command= fi # Only create the output if not a dry run. $opt_dry_run || { for installed in no yes; do if test yes = "$installed"; then if test -z "$install_libdir"; then break fi output=$output_objdir/${outputname}i # Replace all uninstalled libtool libraries with the installed ones newdependency_libs= for deplib in $dependency_libs; do case $deplib in *.la) func_basename "$deplib" name=$func_basename_result func_resolve_sysroot "$deplib" eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` test -z "$libdir" && \ func_fatal_error "'$deplib' is not a valid libtool archive" func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name" ;; -L*) func_stripname -L '' "$deplib" func_replace_sysroot "$func_stripname_result" func_append newdependency_libs " -L$func_replace_sysroot_result" ;; -R*) func_stripname -R '' "$deplib" func_replace_sysroot "$func_stripname_result" func_append newdependency_libs " -R$func_replace_sysroot_result" ;; *) func_append newdependency_libs " $deplib" ;; esac done dependency_libs=$newdependency_libs newdlfiles= for lib in $dlfiles; do case $lib in *.la) func_basename "$lib" name=$func_basename_result eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` test -z "$libdir" && \ func_fatal_error "'$lib' is not a valid libtool archive" func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name" ;; *) func_append newdlfiles " $lib" ;; esac done dlfiles=$newdlfiles newdlprefiles= for lib in $dlprefiles; do case $lib in *.la) # Only pass preopened files to the pseudo-archive (for # eventual linking with the app. that links it) if we # didn't already link the preopened objects directly into # the library: func_basename "$lib" name=$func_basename_result eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` test -z "$libdir" && \ func_fatal_error "'$lib' is not a valid libtool archive" func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name" ;; esac done dlprefiles=$newdlprefiles else newdlfiles= for lib in $dlfiles; do case $lib in [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; *) abs=`pwd`"/$lib" ;; esac func_append newdlfiles " $abs" done dlfiles=$newdlfiles newdlprefiles= for lib in $dlprefiles; do case $lib in [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; *) abs=`pwd`"/$lib" ;; esac func_append newdlprefiles " $abs" done dlprefiles=$newdlprefiles fi $RM $output # place dlname in correct position for cygwin # In fact, it would be nice if we could use this code for all target # systems that can't hard-code library paths into their executables # and that have no shared library path variable independent of PATH, # but it turns out we can't easily determine that from inspecting # libtool variables, so we have to hard-code the OSs to which it # applies here; at the moment, that means platforms that use the PE # object format with DLL files. See the long comment at the top of # tests/bindir.at for full details. tdlname=$dlname case $host,$output,$installed,$module,$dlname in *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) # If a -bindir argument was supplied, place the dll there. if test -n "$bindir"; then func_relative_path "$install_libdir" "$bindir" tdlname=$func_relative_path_result/$dlname else # Otherwise fall back on heuristic. tdlname=../bin/$dlname fi ;; esac $ECHO > $output "\ # $outputname - a libtool library file # Generated by $PROGRAM (GNU $PACKAGE) $VERSION # # Please DO NOT delete this file! # It is necessary for linking the library. # The name that we can dlopen(3). dlname='$tdlname' # Names of this library. library_names='$library_names' # The name of the static archive. old_library='$old_library' # Linker flags that cannot go in dependency_libs. inherited_linker_flags='$new_inherited_linker_flags' # Libraries that this one depends upon. dependency_libs='$dependency_libs' # Names of additional weak libraries provided by this library weak_library_names='$weak_libs' # Version information for $libname. current=$current age=$age revision=$revision # Is this an already installed library? installed=$installed # Should we warn about portability when linking against -modules? shouldnotlink=$module # Files to dlopen/dlpreopen dlopen='$dlfiles' dlpreopen='$dlprefiles' # Directory that this library needs to be installed in: libdir='$install_libdir'" if test no,yes = "$installed,$need_relink"; then $ECHO >> $output "\ relink_command=\"$relink_command\"" fi done } # Do a symbolic link so that the libtool archive can be found in # LD_LIBRARY_PATH before the program is installed. func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?' ;; esac exit $EXIT_SUCCESS } if test link = "$opt_mode" || test relink = "$opt_mode"; then func_mode_link ${1+"$@"} fi # func_mode_uninstall arg... func_mode_uninstall () { $debug_cmd RM=$nonopt files= rmforce=false exit_status=0 # This variable tells wrapper scripts just to set variables rather # than running their programs. libtool_install_magic=$magic for arg do case $arg in -f) func_append RM " $arg"; rmforce=: ;; -*) func_append RM " $arg" ;; *) func_append files " $arg" ;; esac done test -z "$RM" && \ func_fatal_help "you must specify an RM program" rmdirs= for file in $files; do func_dirname "$file" "" "." dir=$func_dirname_result if test . = "$dir"; then odir=$objdir else odir=$dir/$objdir fi func_basename "$file" name=$func_basename_result test uninstall = "$opt_mode" && odir=$dir # Remember odir for removal later, being careful to avoid duplicates if test clean = "$opt_mode"; then case " $rmdirs " in *" $odir "*) ;; *) func_append rmdirs " $odir" ;; esac fi # Don't error if the file doesn't exist and rm -f was used. if { test -L "$file"; } >/dev/null 2>&1 || { test -h "$file"; } >/dev/null 2>&1 || test -f "$file"; then : elif test -d "$file"; then exit_status=1 continue elif $rmforce; then continue fi rmfiles=$file case $name in *.la) # Possibly a libtool archive, so verify it. if func_lalib_p "$file"; then func_source $dir/$name # Delete the libtool libraries and symlinks. for n in $library_names; do func_append rmfiles " $odir/$n" done test -n "$old_library" && func_append rmfiles " $odir/$old_library" case $opt_mode in clean) case " $library_names " in *" $dlname "*) ;; *) test -n "$dlname" && func_append rmfiles " $odir/$dlname" ;; esac test -n "$libdir" && func_append rmfiles " $odir/$name $odir/${name}i" ;; uninstall) if test -n "$library_names"; then # Do each command in the postuninstall commands. func_execute_cmds "$postuninstall_cmds" '$rmforce || exit_status=1' fi if test -n "$old_library"; then # Do each command in the old_postuninstall commands. func_execute_cmds "$old_postuninstall_cmds" '$rmforce || exit_status=1' fi # FIXME: should reinstall the best remaining shared library. ;; esac fi ;; *.lo) # Possibly a libtool object, so verify it. if func_lalib_p "$file"; then # Read the .lo file func_source $dir/$name # Add PIC object to the list of files to remove. if test -n "$pic_object" && test none != "$pic_object"; then func_append rmfiles " $dir/$pic_object" fi # Add non-PIC object to the list of files to remove. if test -n "$non_pic_object" && test none != "$non_pic_object"; then func_append rmfiles " $dir/$non_pic_object" fi fi ;; *) if test clean = "$opt_mode"; then noexename=$name case $file in *.exe) func_stripname '' '.exe' "$file" file=$func_stripname_result func_stripname '' '.exe' "$name" noexename=$func_stripname_result # $file with .exe has already been added to rmfiles, # add $file without .exe func_append rmfiles " $file" ;; esac # Do a test to see if this is a libtool program. if func_ltwrapper_p "$file"; then if func_ltwrapper_executable_p "$file"; then func_ltwrapper_scriptname "$file" relink_command= func_source $func_ltwrapper_scriptname_result func_append rmfiles " $func_ltwrapper_scriptname_result" else relink_command= func_source $dir/$noexename fi # note $name still contains .exe if it was in $file originally # as does the version of $file that was added into $rmfiles func_append rmfiles " $odir/$name $odir/${name}S.$objext" if test yes = "$fast_install" && test -n "$relink_command"; then func_append rmfiles " $odir/lt-$name" fi if test "X$noexename" != "X$name"; then func_append rmfiles " $odir/lt-$noexename.c" fi fi fi ;; esac func_show_eval "$RM $rmfiles" 'exit_status=1' done # Try to remove the $objdir's in the directories where we deleted files for dir in $rmdirs; do if test -d "$dir"; then func_show_eval "rmdir $dir >/dev/null 2>&1" fi done exit $exit_status } if test uninstall = "$opt_mode" || test clean = "$opt_mode"; then func_mode_uninstall ${1+"$@"} fi test -z "$opt_mode" && { help=$generic_help func_fatal_help "you must specify a MODE" } test -z "$exec_cmd" && \ func_fatal_help "invalid operation mode '$opt_mode'" if test -n "$exec_cmd"; then eval exec "$exec_cmd" exit $EXIT_FAILURE fi exit $exit_status # The TAGs below are defined such that we never get into a situation # where we disable both kinds of libraries. Given conflicting # choices, we go for a static library, that is the most portable, # since we can't tell whether shared libraries were disabled because # the user asked for that or because the platform doesn't support # them. This is particularly important on AIX, because we don't # support having both static and shared libraries enabled at the same # time on that platform, so we default to a shared-only configuration. # If a disable-shared tag is given, we'll fallback to a static-only # configuration. But we'll never go from static-only to shared-only. # ### BEGIN LIBTOOL TAG CONFIG: disable-shared build_libtool_libs=no build_old_libs=yes # ### END LIBTOOL TAG CONFIG: disable-shared # ### BEGIN LIBTOOL TAG CONFIG: disable-static build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` # ### END LIBTOOL TAG CONFIG: disable-static # Local Variables: # mode:shell-script # sh-indentation:2 # End: sudo-1.8.9p5/m4/ax_check_compile_flag.m4010064400175440000012000000062511226304126300173770ustar00millertstaff# =========================================================================== # http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html # =========================================================================== # # SYNOPSIS # # AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS]) # # DESCRIPTION # # Check whether the given FLAG works with the current language's compiler # or gives an error. (Warnings, however, are ignored) # # ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on # success/failure. # # If EXTRA-FLAGS is defined, it is added to the current language's default # flags (e.g. CFLAGS) when the check is done. The check is thus made with # the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to # force the compiler to issue an error when a bad flag is given. # # NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this # macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG. # # LICENSE # # Copyright (c) 2008 Guido U. Draheim # Copyright (c) 2011 Maarten Bosmans # # This program is free software: you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation, either version 3 of the License, or (at your # option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General # Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure # scripts that are the output of Autoconf when processing the Macro. You # need not follow the terms of the GNU General Public License when using # or distributing such scripts, even though portions of the text of the # Macro appear in them. The GNU General Public License (GPL) does govern # all other use of the material that constitutes the Autoconf Macro. # # This special exception to the GPL applies to versions of the Autoconf # Macro released by the Autoconf Archive. When you make and distribute a # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. #serial 2 AC_DEFUN([AX_CHECK_COMPILE_FLAG], [AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [ ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1" AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], [AS_VAR_SET(CACHEVAR,[yes])], [AS_VAR_SET(CACHEVAR,[no])]) _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags]) AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes], [m4_default([$2], :)], [m4_default([$3], :)]) AS_VAR_POPDEF([CACHEVAR])dnl ])dnl AX_CHECK_COMPILE_FLAGS sudo-1.8.9p5/m4/ax_check_link_flag.m4010064400175440000012000000057601226304126300167100ustar00millertstaff# =========================================================================== # http://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html # =========================================================================== # # SYNOPSIS # # AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS]) # # DESCRIPTION # # Check whether the given FLAG works with the linker or gives an error. # (Warnings, however, are ignored) # # ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on # success/failure. # # If EXTRA-FLAGS is defined, it is added to the linker's default flags # when the check is done. The check is thus made with the flags: "LDFLAGS # EXTRA-FLAGS FLAG". This can for example be used to force the linker to # issue an error when a bad flag is given. # # NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this # macro in sync with AX_CHECK_{PREPROC,COMPILE}_FLAG. # # LICENSE # # Copyright (c) 2008 Guido U. Draheim # Copyright (c) 2011 Maarten Bosmans # # This program is free software: you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation, either version 3 of the License, or (at your # option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General # Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure # scripts that are the output of Autoconf when processing the Macro. You # need not follow the terms of the GNU General Public License when using # or distributing such scripts, even though portions of the text of the # Macro appear in them. The GNU General Public License (GPL) does govern # all other use of the material that constitutes the Autoconf Macro. # # This special exception to the GPL applies to versions of the Autoconf # Macro released by the Autoconf Archive. When you make and distribute a # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. #serial 2 AC_DEFUN([AX_CHECK_LINK_FLAG], [AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [ ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS $4 $1" AC_LINK_IFELSE([AC_LANG_PROGRAM()], [AS_VAR_SET(CACHEVAR,[yes])], [AS_VAR_SET(CACHEVAR,[no])]) LDFLAGS=$ax_check_save_flags]) AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes], [m4_default([$2], :)], [m4_default([$3], :)]) AS_VAR_POPDEF([CACHEVAR])dnl ])dnl AX_CHECK_LINK_FLAGS sudo-1.8.9p5/m4/ax_func_getaddrinfo.m4010064400175440000012000000040571226304126300171240ustar00millertstaff# # SYNOPSIS # # AX_FUNC_GETADDRINFO # # DESCRIPTION # # Checks for the getaddrinfo function in the standard C library, # as well as the socket and inet libraries, if they are present. # If extra libraries are required, they are added to LIBS. # If no getaddrinfo function is found, it is added to LIBOBJS. # Note: Tru64 UNIX contains two versions of getaddrinfo and we must # include netdb.h to get the proper definition. # # LICENSE # # Placed in the public domain by Todd C. Miller on November 20, 2013. # AC_DEFUN([AX_FUNC_GETADDRINFO], [AC_MSG_CHECKING(for getaddrinfo) AC_CACHE_VAL(ax_cv_func_getaddrinfo, [AC_LINK_IFELSE([AC_LANG_SOURCE([[#include #include #include int main() { return getaddrinfo(0, 0, 0, 0); }]])], [ax_cv_func_getaddrinfo=yes], [ax_cv_func_getaddrinfo=no])]) AC_MSG_RESULT([$ax_cv_func_getaddrinfo]) if test X"$ax_cv_func_getaddrinfo" = X"yes"; then AC_DEFINE(HAVE_GETADDRINFO, 1, [Define to 1 if you have the `getaddrinfo' function.]) else # Not found in libc, check libsocket and libinet _found=no for _libs in "-lsocket" "-linet" "-lsocket -lnsl"; do _cv="ax_cv_lib_getaddrinfo`echo \"$_libs\"|sed -e 's/-l/_/g' -e 's/ *//g'`" AC_MSG_CHECKING([for getaddrinfo in $_libs]) AC_CACHE_VAL([$_cv], [ _nlibs= for _l in $_libs; do case "$LIBS" in *"$_l"*) ;; *) _nlibs="$_nlibs $_l";; esac done _libs="${_nlibs# }" if test -z "$_libs"; then # No new libs to check eval $_cv=no else AX_FUNC_GETADDRINFO_OLIBS="$LIBS" LIBS="$LIBS $_libs" AC_LINK_IFELSE([AC_LANG_SOURCE([[#include #include #include int main() { return getaddrinfo(0, 0, 0, 0); }]])], [eval $_cv=yes], [eval $_cv=no]) LIBS="$AX_FUNC_GETADDRINFO_OLIBS" fi ]) if eval test \$$_cv = "yes"; then AC_MSG_RESULT([yes]) AC_DEFINE(HAVE_GETADDRINFO) test -n "$_libs" && LIBS="$LIBS $_libs" break fi AC_MSG_RESULT([no]) done if eval test \$$_cv != "yes"; then AC_LIBOBJ(getaddrinfo) fi fi ]) sudo-1.8.9p5/m4/ax_func_snprintf.m4010064400175440000012000000054761226304126300165070ustar00millertstaff# =========================================================================== # http://www.gnu.org/software/autoconf-archive/ax_func_snprintf.html # =========================================================================== # # SYNOPSIS # # AX_FUNC_SNPRINTF # # DESCRIPTION # # Checks for a fully C99 compliant snprintf, in particular checks whether # it does bounds checking and returns the correct string length; does the # same check for vsnprintf. If no working snprintf or vsnprintf is found, # request a replacement and warn the user about it. Note: the mentioned # replacement is freely available and may be used in any project # regardless of it's license. # # LICENSE # # Copyright (c) 2008 Ruediger Kuhlmann # # Copying and distribution of this file, with or without modification, are # permitted in any medium without royalty provided the copyright notice # and this notice are preserved. This file is offered as-is, without any # warranty. #serial 5 AC_DEFUN([AX_FUNC_SNPRINTF], [AC_CHECK_FUNCS(snprintf vsnprintf) AC_MSG_CHECKING(for working snprintf) AC_CACHE_VAL(ac_cv_have_working_snprintf, [AC_RUN_IFELSE([AC_LANG_SOURCE([[#include int main(void) { char bufs[5] = { 'x', 'x', 'x', '\0', '\0' }; char bufd[5] = { 'x', 'x', 'x', '\0', '\0' }; int i; i = snprintf (bufs, 2, "%s", "111"); if (strcmp (bufs, "1")) exit (1); if (i != 3) exit (1); i = snprintf (bufd, 2, "%d", 111); if (strcmp (bufd, "1")) exit (1); if (i != 3) exit (1); exit(0); }]])],[ac_cv_have_working_snprintf=yes],[ac_cv_have_working_snprintf=no],[ac_cv_have_working_snprintf=cross])]) AC_MSG_RESULT([$ac_cv_have_working_snprintf]) AC_MSG_CHECKING(for working vsnprintf) AC_CACHE_VAL(ac_cv_have_working_vsnprintf, [AC_RUN_IFELSE([AC_LANG_SOURCE([[#include #include int my_vsnprintf (char *buf, const char *tmpl, ...) { int i; va_list args; va_start (args, tmpl); i = vsnprintf (buf, 2, tmpl, args); va_end (args); return i; } int main(void) { char bufs[5] = { 'x', 'x', 'x', '\0', '\0' }; char bufd[5] = { 'x', 'x', 'x', '\0', '\0' }; int i; i = my_vsnprintf (bufs, "%s", "111"); if (strcmp (bufs, "1")) exit (1); if (i != 3) exit (1); i = my_vsnprintf (bufd, "%d", 111); if (strcmp (bufd, "1")) exit (1); if (i != 3) exit (1); exit(0); }]])],[ac_cv_have_working_vsnprintf=yes],[ac_cv_have_working_vsnprintf=no],[ac_cv_have_working_vsnprintf=cross])]) AC_MSG_RESULT([$ac_cv_have_working_vsnprintf]) if test x$ac_cv_have_working_snprintf$ac_cv_have_working_vsnprintf != "xyesyes"; then AC_LIBOBJ(snprintf) AC_MSG_WARN([Replacing missing/broken (v)snprintf() with sudo's version.]) AC_DEFINE(PREFER_PORTABLE_SNPRINTF, 1, [Enable replacement (v)snprintf if system (v)snprintf is broken.]) fi]) sudo-1.8.9p5/m4/libtool.m4010064400175440000012000010543211227416652300146100ustar00millertstaff# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- # # Copyright (C) 1996-2001, 2003-2013 Free Software Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. m4_define([_LT_COPYING], [dnl # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, # 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is part of GNU Libtool. # # GNU Libtool is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation; either version 2 of # the License, or (at your option) any later version. # # As a special exception to the GNU General Public License, # if you distribute this file as part of a program or library that # is built using GNU Libtool, you may include this file under the # same distribution terms that you use for the rest of that program. # # GNU Libtool is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GNU Libtool; see the file COPYING. If not, a copy # can be downloaded from http://www.gnu.org/licenses/gpl.html, or # obtained by writing to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. ]) # serial 58 LT_INIT # LT_PREREQ(VERSION) # ------------------ # Complain and exit if this libtool version is less that VERSION. m4_defun([LT_PREREQ], [m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1, [m4_default([$3], [m4_fatal([Libtool version $1 or higher is required], 63)])], [$2])]) # _LT_CHECK_BUILDDIR # ------------------ # Complain if the absolute build directory name contains unusual characters m4_defun([_LT_CHECK_BUILDDIR], [case `pwd` in *\ * | *\ *) AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;; esac ]) # LT_INIT([OPTIONS]) # ------------------ AC_DEFUN([LT_INIT], [AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl AC_BEFORE([$0], [LT_LANG])dnl AC_BEFORE([$0], [LT_OUTPUT])dnl AC_BEFORE([$0], [LTDL_INIT])dnl m4_require([_LT_CHECK_BUILDDIR])dnl dnl Autoconf doesn't catch unexpanded LT_ macros by default: m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4 dnl unless we require an AC_DEFUNed macro: AC_REQUIRE([LTOPTIONS_VERSION])dnl AC_REQUIRE([LTSUGAR_VERSION])dnl AC_REQUIRE([LTVERSION_VERSION])dnl AC_REQUIRE([LTOBSOLETE_VERSION])dnl m4_require([_LT_PROG_LTMAIN])dnl _LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}]) dnl Parse OPTIONS _LT_SET_OPTIONS([$0], [$1]) # This can be used to rebuild libtool when needed LIBTOOL_DEPS=$ltmain # Always use our own libtool. LIBTOOL='$(SHELL) $(top_builddir)/libtool' AC_SUBST(LIBTOOL)dnl _LT_SETUP # Only expand once: m4_define([LT_INIT]) ])# LT_INIT # Old names: AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT]) AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_PROG_LIBTOOL], []) dnl AC_DEFUN([AM_PROG_LIBTOOL], []) # _LT_CC_BASENAME(CC) # ------------------- # Calculate cc_basename. Skip known compiler wrappers and cross-prefix. m4_defun([_LT_CC_BASENAME], [for cc_temp in $1""; do case $cc_temp in compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` ]) # _LT_FILEUTILS_DEFAULTS # ---------------------- # It is okay to use these file commands and assume they have been set # sensibly after 'm4_require([_LT_FILEUTILS_DEFAULTS])'. m4_defun([_LT_FILEUTILS_DEFAULTS], [: ${CP="cp -f"} : ${MV="mv -f"} : ${RM="rm -f"} ])# _LT_FILEUTILS_DEFAULTS # _LT_SETUP # --------- m4_defun([_LT_SETUP], [AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl _LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl dnl _LT_DECL([], [host_alias], [0], [The host system])dnl _LT_DECL([], [host], [0])dnl _LT_DECL([], [host_os], [0])dnl dnl _LT_DECL([], [build_alias], [0], [The build system])dnl _LT_DECL([], [build], [0])dnl _LT_DECL([], [build_os], [0])dnl dnl AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([LT_PATH_LD])dnl AC_REQUIRE([LT_PATH_NM])dnl dnl AC_REQUIRE([AC_PROG_LN_S])dnl test -z "$LN_S" && LN_S="ln -s" _LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl dnl AC_REQUIRE([LT_CMD_MAX_LEN])dnl _LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl _LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_CHECK_SHELL_FEATURES])dnl m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl m4_require([_LT_CMD_RELOAD])dnl m4_require([_LT_CHECK_MAGIC_METHOD])dnl m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl m4_require([_LT_CMD_OLD_ARCHIVE])dnl m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl m4_require([_LT_WITH_SYSROOT])dnl _LT_CONFIG_LIBTOOL_INIT([ # See if we are running on zsh, and set the options that allow our # commands through without removal of \ escapes INIT. if test -n "\${ZSH_VERSION+set}"; then setopt NO_GLOB_SUBST fi ]) if test -n "${ZSH_VERSION+set}"; then setopt NO_GLOB_SUBST fi _LT_CHECK_OBJDIR m4_require([_LT_TAG_COMPILER])dnl case $host_os in aix3*) # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test set != "${COLLECT_NAMES+set}"; then COLLECT_NAMES= export COLLECT_NAMES fi ;; esac # Global variables: ofile=libtool can_build_shared=yes # All known linkers require a '.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a with_gnu_ld=$lt_cv_prog_gnu_ld old_CC=$CC old_CFLAGS=$CFLAGS # Set sane defaults for various variables test -z "$CC" && CC=cc test -z "$LTCC" && LTCC=$CC test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS test -z "$LD" && LD=ld test -z "$ac_objext" && ac_objext=o _LT_CC_BASENAME([$compiler]) # Only perform the check for file, if the check method requires it test -z "$MAGIC_CMD" && MAGIC_CMD=file case $deplibs_check_method in file_magic*) if test "$file_magic_cmd" = '$MAGIC_CMD'; then _LT_PATH_MAGIC fi ;; esac # Use C for the default configuration in the libtool script LT_SUPPORTED_TAG([CC]) _LT_LANG_C_CONFIG _LT_LANG_DEFAULT_CONFIG _LT_CONFIG_COMMANDS ])# _LT_SETUP # _LT_PREPARE_SED_QUOTE_VARS # -------------------------- # Define a few sed substitution that help us do robust quoting. m4_defun([_LT_PREPARE_SED_QUOTE_VARS], [# Backslashify metacharacters that are still active within # double-quoted strings. sed_quote_subst='s/\([["`$\\]]\)/\\\1/g' # Same as above, but do not quote variable references. double_quote_subst='s/\([["`\\]]\)/\\\1/g' # Sed substitution to delay expansion of an escaped shell variable in a # double_quote_subst'ed string. delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' # Sed substitution to delay expansion of an escaped single quote. delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' # Sed substitution to avoid accidental globbing in evaled expressions no_glob_subst='s/\*/\\\*/g' ]) # _LT_PROG_LTMAIN # --------------- # Note that this code is called both from 'configure', and 'config.status' # now that we use AC_CONFIG_COMMANDS to generate libtool. Notably, # 'config.status' has no value for ac_aux_dir unless we are using Automake, # so we pass a copy along to make sure it has a sensible value anyway. m4_defun([_LT_PROG_LTMAIN], [m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl _LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir']) ltmain=$ac_aux_dir/ltmain.sh ])# _LT_PROG_LTMAIN ## ------------------------------------- ## ## Accumulate code for creating libtool. ## ## ------------------------------------- ## # So that we can recreate a full libtool script including additional # tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS # in macros and then make a single call at the end using the 'libtool' # label. # _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS]) # ---------------------------------------- # Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later. m4_define([_LT_CONFIG_LIBTOOL_INIT], [m4_ifval([$1], [m4_append([_LT_OUTPUT_LIBTOOL_INIT], [$1 ])])]) # Initialize. m4_define([_LT_OUTPUT_LIBTOOL_INIT]) # _LT_CONFIG_LIBTOOL([COMMANDS]) # ------------------------------ # Register COMMANDS to be passed to AC_CONFIG_COMMANDS later. m4_define([_LT_CONFIG_LIBTOOL], [m4_ifval([$1], [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS], [$1 ])])]) # Initialize. m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS]) # _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS]) # ----------------------------------------------------- m4_defun([_LT_CONFIG_SAVE_COMMANDS], [_LT_CONFIG_LIBTOOL([$1]) _LT_CONFIG_LIBTOOL_INIT([$2]) ]) # _LT_FORMAT_COMMENT([COMMENT]) # ----------------------------- # Add leading comment marks to the start of each line, and a trailing # full-stop to the whole comment if one is not present already. m4_define([_LT_FORMAT_COMMENT], [m4_ifval([$1], [ m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])], [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.]) )]) ## ------------------------ ## ## FIXME: Eliminate VARNAME ## ## ------------------------ ## # _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?]) # ------------------------------------------------------------------- # CONFIGNAME is the name given to the value in the libtool script. # VARNAME is the (base) name used in the configure script. # VALUE may be 0, 1 or 2 for a computed quote escaped value based on # VARNAME. Any other value will be used directly. m4_define([_LT_DECL], [lt_if_append_uniq([lt_decl_varnames], [$2], [, ], [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name], [m4_ifval([$1], [$1], [$2])]) lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3]) m4_ifval([$4], [lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])]) lt_dict_add_subkey([lt_decl_dict], [$2], [tagged?], [m4_ifval([$5], [yes], [no])])]) ]) # _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION]) # -------------------------------------------------------- m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])]) # lt_decl_tag_varnames([SEPARATOR], [VARNAME1...]) # ------------------------------------------------ m4_define([lt_decl_tag_varnames], [_lt_decl_filter([tagged?], [yes], $@)]) # _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..]) # --------------------------------------------------------- m4_define([_lt_decl_filter], [m4_case([$#], [0], [m4_fatal([$0: too few arguments: $#])], [1], [m4_fatal([$0: too few arguments: $#: $1])], [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)], [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)], [lt_dict_filter([lt_decl_dict], $@)])[]dnl ]) # lt_decl_quote_varnames([SEPARATOR], [VARNAME1...]) # -------------------------------------------------- m4_define([lt_decl_quote_varnames], [_lt_decl_filter([value], [1], $@)]) # lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...]) # --------------------------------------------------- m4_define([lt_decl_dquote_varnames], [_lt_decl_filter([value], [2], $@)]) # lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...]) # --------------------------------------------------- m4_define([lt_decl_varnames_tagged], [m4_assert([$# <= 2])dnl _$0(m4_quote(m4_default([$1], [[, ]])), m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]), m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))]) m4_define([_lt_decl_varnames_tagged], [m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])]) # lt_decl_all_varnames([SEPARATOR], [VARNAME1...]) # ------------------------------------------------ m4_define([lt_decl_all_varnames], [_$0(m4_quote(m4_default([$1], [[, ]])), m4_if([$2], [], m4_quote(lt_decl_varnames), m4_quote(m4_shift($@))))[]dnl ]) m4_define([_lt_decl_all_varnames], [lt_join($@, lt_decl_varnames_tagged([$1], lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl ]) # _LT_CONFIG_STATUS_DECLARE([VARNAME]) # ------------------------------------ # Quote a variable value, and forward it to 'config.status' so that its # declaration there will have the same value as in 'configure'. VARNAME # must have a single quote delimited value for this to work. m4_define([_LT_CONFIG_STATUS_DECLARE], [$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`']) # _LT_CONFIG_STATUS_DECLARATIONS # ------------------------------ # We delimit libtool config variables with single quotes, so when # we write them to config.status, we have to be sure to quote all # embedded single quotes properly. In configure, this macro expands # each variable declared with _LT_DECL (and _LT_TAGDECL) into: # # ='`$ECHO "$" | $SED "$delay_single_quote_subst"`' m4_defun([_LT_CONFIG_STATUS_DECLARATIONS], [m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames), [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])]) # _LT_LIBTOOL_TAGS # ---------------- # Output comment and list of tags supported by the script m4_defun([_LT_LIBTOOL_TAGS], [_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl available_tags='_LT_TAGS'dnl ]) # _LT_LIBTOOL_DECLARE(VARNAME, [TAG]) # ----------------------------------- # Extract the dictionary values for VARNAME (optionally with TAG) and # expand to a commented shell variable setting: # # # Some comment about what VAR is for. # visible_name=$lt_internal_name m4_define([_LT_LIBTOOL_DECLARE], [_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [description])))[]dnl m4_pushdef([_libtool_name], m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])), [0], [_libtool_name=[$]$1], [1], [_libtool_name=$lt_[]$1], [2], [_libtool_name=$lt_[]$1], [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl ]) # _LT_LIBTOOL_CONFIG_VARS # ----------------------- # Produce commented declarations of non-tagged libtool config variables # suitable for insertion in the LIBTOOL CONFIG section of the 'libtool' # script. Tagged libtool config variables (even for the LIBTOOL CONFIG # section) are produced by _LT_LIBTOOL_TAG_VARS. m4_defun([_LT_LIBTOOL_CONFIG_VARS], [m4_foreach([_lt_var], m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)), [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])]) # _LT_LIBTOOL_TAG_VARS(TAG) # ------------------------- m4_define([_LT_LIBTOOL_TAG_VARS], [m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames), [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])]) # _LT_TAGVAR(VARNAME, [TAGNAME]) # ------------------------------ m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])]) # _LT_CONFIG_COMMANDS # ------------------- # Send accumulated output to $CONFIG_STATUS. Thanks to the lists of # variables for single and double quote escaping we saved from calls # to _LT_DECL, we can put quote escaped variables declarations # into 'config.status', and then the shell code to quote escape them in # for loops in 'config.status'. Finally, any additional code accumulated # from calls to _LT_CONFIG_LIBTOOL_INIT is expanded. m4_defun([_LT_CONFIG_COMMANDS], [AC_PROVIDE_IFELSE([LT_OUTPUT], dnl If the libtool generation code has been placed in $CONFIG_LT, dnl instead of duplicating it all over again into config.status, dnl then we will have config.status run $CONFIG_LT later, so it dnl needs to know what name is stored there: [AC_CONFIG_COMMANDS([libtool], [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])], dnl If the libtool generation code is destined for config.status, dnl expand the accumulated commands and init code now: [AC_CONFIG_COMMANDS([libtool], [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])]) ])#_LT_CONFIG_COMMANDS # Initialize. m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT], [ # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH sed_quote_subst='$sed_quote_subst' double_quote_subst='$double_quote_subst' delay_variable_subst='$delay_variable_subst' _LT_CONFIG_STATUS_DECLARATIONS LTCC='$LTCC' LTCFLAGS='$LTCFLAGS' compiler='$compiler_DEFAULT' # A function that is used when there is no print builtin or printf. func_fallback_echo () { eval 'cat <<_LTECHO_EOF \$[]1 _LTECHO_EOF' } # Quote evaled strings. for var in lt_decl_all_varnames([[ \ ]], lt_decl_quote_varnames); do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[[\\\\\\\`\\"\\\$]]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done # Double-quote double-evaled strings. for var in lt_decl_all_varnames([[ \ ]], lt_decl_dquote_varnames); do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[[\\\\\\\`\\"\\\$]]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done _LT_OUTPUT_LIBTOOL_INIT ]) # _LT_GENERATED_FILE_INIT(FILE, [COMMENT]) # ------------------------------------ # Generate a child script FILE with all initialization necessary to # reuse the environment learned by the parent script, and make the # file executable. If COMMENT is supplied, it is inserted after the # '#!' sequence but before initialization text begins. After this # macro, additional text can be appended to FILE to form the body of # the child script. The macro ends with non-zero status if the # file could not be fully written (such as if the disk is full). m4_ifdef([AS_INIT_GENERATED], [m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])], [m4_defun([_LT_GENERATED_FILE_INIT], [m4_require([AS_PREPARE])]dnl [m4_pushdef([AS_MESSAGE_LOG_FD])]dnl [lt_write_fail=0 cat >$1 <<_ASEOF || lt_write_fail=1 #! $SHELL # Generated by $as_me. $2 SHELL=\${CONFIG_SHELL-$SHELL} export SHELL _ASEOF cat >>$1 <<\_ASEOF || lt_write_fail=1 AS_SHELL_SANITIZE _AS_PREPARE exec AS_MESSAGE_FD>&1 _ASEOF test 0 = "$lt_write_fail" && chmod +x $1[]dnl m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT # LT_OUTPUT # --------- # This macro allows early generation of the libtool script (before # AC_OUTPUT is called), incase it is used in configure for compilation # tests. AC_DEFUN([LT_OUTPUT], [: ${CONFIG_LT=./config.lt} AC_MSG_NOTICE([creating $CONFIG_LT]) _LT_GENERATED_FILE_INIT(["$CONFIG_LT"], [# Run this file to recreate a libtool stub with the current configuration.]) cat >>"$CONFIG_LT" <<\_LTEOF lt_cl_silent=false exec AS_MESSAGE_LOG_FD>>config.log { echo AS_BOX([Running $as_me.]) } >&AS_MESSAGE_LOG_FD lt_cl_help="\ '$as_me' creates a local libtool stub from the current configuration, for use in further configure time tests before the real libtool is generated. Usage: $[0] [[OPTIONS]] -h, --help print this help, then exit -V, --version print version number, then exit -q, --quiet do not print progress messages -d, --debug don't remove temporary files Report bugs to ." lt_cl_version="\ m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION]) configured by $[0], generated by m4_PACKAGE_STRING. Copyright (C) 2011 Free Software Foundation, Inc. This config.lt script is free software; the Free Software Foundation gives unlimited permision to copy, distribute and modify it." while test 0 != $[#] do case $[1] in --version | --v* | -V ) echo "$lt_cl_version"; exit 0 ;; --help | --h* | -h ) echo "$lt_cl_help"; exit 0 ;; --debug | --d* | -d ) debug=: ;; --quiet | --q* | --silent | --s* | -q ) lt_cl_silent=: ;; -*) AC_MSG_ERROR([unrecognized option: $[1] Try '$[0] --help' for more information.]) ;; *) AC_MSG_ERROR([unrecognized argument: $[1] Try '$[0] --help' for more information.]) ;; esac shift done if $lt_cl_silent; then exec AS_MESSAGE_FD>/dev/null fi _LTEOF cat >>"$CONFIG_LT" <<_LTEOF _LT_OUTPUT_LIBTOOL_COMMANDS_INIT _LTEOF cat >>"$CONFIG_LT" <<\_LTEOF AC_MSG_NOTICE([creating $ofile]) _LT_OUTPUT_LIBTOOL_COMMANDS AS_EXIT(0) _LTEOF chmod +x "$CONFIG_LT" # configure is writing to config.log, but config.lt does its own redirection, # appending to config.log, which fails on DOS, as config.log is still kept # open by configure. Here we exec the FD to /dev/null, effectively closing # config.log, so it can be properly (re)opened and appended to by config.lt. lt_cl_success=: test yes = "$silent" && lt_config_lt_args="$lt_config_lt_args --quiet" exec AS_MESSAGE_LOG_FD>/dev/null $SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false exec AS_MESSAGE_LOG_FD>>config.log $lt_cl_success || AS_EXIT(1) ])# LT_OUTPUT # _LT_CONFIG(TAG) # --------------- # If TAG is the built-in tag, create an initial libtool script with a # default configuration from the untagged config vars. Otherwise add code # to config.status for appending the configuration named by TAG from the # matching tagged config vars. m4_defun([_LT_CONFIG], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl _LT_CONFIG_SAVE_COMMANDS([ m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl m4_if(_LT_TAG, [C], [ # See if we are running on zsh, and set the options that allow our # commands through without removal of \ escapes. if test -n "${ZSH_VERSION+set}"; then setopt NO_GLOB_SUBST fi cfgfile=${ofile}T trap "$RM \"$cfgfile\"; exit 1" 1 2 15 $RM "$cfgfile" cat <<_LT_EOF >> "$cfgfile" #! $SHELL # `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. # Generated automatically by $as_me ($PACKAGE) $VERSION # Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. # _LT_COPYING _LT_LIBTOOL_TAGS # ### BEGIN LIBTOOL CONFIG _LT_LIBTOOL_CONFIG_VARS _LT_LIBTOOL_TAG_VARS # ### END LIBTOOL CONFIG _LT_EOF case $host_os in aix3*) cat <<\_LT_EOF >> "$cfgfile" # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test set != "${COLLECT_NAMES+set}"; then COLLECT_NAMES= export COLLECT_NAMES fi _LT_EOF ;; esac _LT_PROG_LTMAIN # We use sed instead of cat because bash on DJGPP gets confused if # if finds mixed CR/LF and LF-only lines. Since sed operates in # text mode, it properly converts lines to CR/LF. This bash problem # is reportedly fixed, but why not run on old versions too? sed '$q' "$ltmain" >> "$cfgfile" \ || (rm -f "$cfgfile"; exit 1) mv -f "$cfgfile" "$ofile" || (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") chmod +x "$ofile" ], [cat <<_LT_EOF >> "$ofile" dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded dnl in a comment (ie after a #). # ### BEGIN LIBTOOL TAG CONFIG: $1 _LT_LIBTOOL_TAG_VARS(_LT_TAG) # ### END LIBTOOL TAG CONFIG: $1 _LT_EOF ])dnl /m4_if ], [m4_if([$1], [], [ PACKAGE='$PACKAGE' VERSION='$VERSION' RM='$RM' ofile='$ofile'], []) ])dnl /_LT_CONFIG_SAVE_COMMANDS ])# _LT_CONFIG # LT_SUPPORTED_TAG(TAG) # --------------------- # Trace this macro to discover what tags are supported by the libtool # --tag option, using: # autoconf --trace 'LT_SUPPORTED_TAG:$1' AC_DEFUN([LT_SUPPORTED_TAG], []) # C support is built-in for now m4_define([_LT_LANG_C_enabled], []) m4_define([_LT_TAGS], []) # LT_LANG(LANG) # ------------- # Enable libtool support for the given language if not already enabled. AC_DEFUN([LT_LANG], [AC_BEFORE([$0], [LT_OUTPUT])dnl m4_case([$1], [C], [_LT_LANG(C)], [C++], [_LT_LANG(CXX)], [Go], [_LT_LANG(GO)], [Java], [_LT_LANG(GCJ)], [Fortran 77], [_LT_LANG(F77)], [Fortran], [_LT_LANG(FC)], [Windows Resource], [_LT_LANG(RC)], [m4_ifdef([_LT_LANG_]$1[_CONFIG], [_LT_LANG($1)], [m4_fatal([$0: unsupported language: "$1"])])])dnl ])# LT_LANG # _LT_LANG(LANGNAME) # ------------------ m4_defun([_LT_LANG], [m4_ifdef([_LT_LANG_]$1[_enabled], [], [LT_SUPPORTED_TAG([$1])dnl m4_append([_LT_TAGS], [$1 ])dnl m4_define([_LT_LANG_]$1[_enabled], [])dnl _LT_LANG_$1_CONFIG($1)])dnl ])# _LT_LANG m4_ifndef([AC_PROG_GO], [ ############################################################ # NOTE: This macro has been submitted for inclusion into # # GNU Autoconf as AC_PROG_GO. When it is available in # # a released version of Autoconf we should remove this # # macro and use it instead. # ############################################################ m4_defun([AC_PROG_GO], [AC_LANG_PUSH(Go)dnl AC_ARG_VAR([GOC], [Go compiler command])dnl AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl _AC_ARG_VAR_LDFLAGS()dnl AC_CHECK_TOOL(GOC, gccgo) if test -z "$GOC"; then if test -n "$ac_tool_prefix"; then AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo]) fi fi if test -z "$GOC"; then AC_CHECK_PROG(GOC, gccgo, gccgo, false) fi ])#m4_defun ])#m4_ifndef # _LT_LANG_DEFAULT_CONFIG # ----------------------- m4_defun([_LT_LANG_DEFAULT_CONFIG], [AC_PROVIDE_IFELSE([AC_PROG_CXX], [LT_LANG(CXX)], [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])]) AC_PROVIDE_IFELSE([AC_PROG_F77], [LT_LANG(F77)], [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])]) AC_PROVIDE_IFELSE([AC_PROG_FC], [LT_LANG(FC)], [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])]) dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal dnl pulling things in needlessly. AC_PROVIDE_IFELSE([AC_PROG_GCJ], [LT_LANG(GCJ)], [AC_PROVIDE_IFELSE([A][M_PROG_GCJ], [LT_LANG(GCJ)], [AC_PROVIDE_IFELSE([LT_PROG_GCJ], [LT_LANG(GCJ)], [m4_ifdef([AC_PROG_GCJ], [m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])]) m4_ifdef([A][M_PROG_GCJ], [m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])]) m4_ifdef([LT_PROG_GCJ], [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])]) AC_PROVIDE_IFELSE([AC_PROG_GO], [LT_LANG(GO)], [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])]) AC_PROVIDE_IFELSE([LT_PROG_RC], [LT_LANG(RC)], [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])]) ])# _LT_LANG_DEFAULT_CONFIG # Obsolete macros: AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)]) AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)]) AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)]) AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)]) AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_CXX], []) dnl AC_DEFUN([AC_LIBTOOL_F77], []) dnl AC_DEFUN([AC_LIBTOOL_FC], []) dnl AC_DEFUN([AC_LIBTOOL_GCJ], []) dnl AC_DEFUN([AC_LIBTOOL_RC], []) # _LT_TAG_COMPILER # ---------------- m4_defun([_LT_TAG_COMPILER], [AC_REQUIRE([AC_PROG_CC])dnl _LT_DECL([LTCC], [CC], [1], [A C compiler])dnl _LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl _LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl _LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC ])# _LT_TAG_COMPILER # _LT_COMPILER_BOILERPLATE # ------------------------ # Check for compiler boilerplate output or warnings with # the simple compiler test code. m4_defun([_LT_COMPILER_BOILERPLATE], [m4_require([_LT_DECL_SED])dnl ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" >conftest.$ac_ext eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_compiler_boilerplate=`cat conftest.err` $RM conftest* ])# _LT_COMPILER_BOILERPLATE # _LT_LINKER_BOILERPLATE # ---------------------- # Check for linker boilerplate output or warnings with # the simple link test code. m4_defun([_LT_LINKER_BOILERPLATE], [m4_require([_LT_DECL_SED])dnl ac_outfile=conftest.$ac_objext echo "$lt_simple_link_test_code" >conftest.$ac_ext eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_linker_boilerplate=`cat conftest.err` $RM -r conftest* ])# _LT_LINKER_BOILERPLATE # _LT_REQUIRED_DARWIN_CHECKS # ------------------------- m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ case $host_os in rhapsody* | darwin*) AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:]) AC_CHECK_TOOL([NMEDIT], [nmedit], [:]) AC_CHECK_TOOL([LIPO], [lipo], [:]) AC_CHECK_TOOL([OTOOL], [otool], [:]) AC_CHECK_TOOL([OTOOL64], [otool64], [:]) _LT_DECL([], [DSYMUTIL], [1], [Tool to manipulate archived DWARF debug symbol files on Mac OS X]) _LT_DECL([], [NMEDIT], [1], [Tool to change global to local symbols on Mac OS X]) _LT_DECL([], [LIPO], [1], [Tool to manipulate fat objects and archives on Mac OS X]) _LT_DECL([], [OTOOL], [1], [ldd/readelf like tool for Mach-O binaries on Mac OS X]) _LT_DECL([], [OTOOL64], [1], [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4]) AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod], [lt_cv_apple_cc_single_mod=no if test -z "$LT_MULTI_MODULE"; then # By default we will add the -single_module flag. You can override # by either setting the environment variable LT_MULTI_MODULE # non-empty at configure time, or by adding -multi_module to the # link flags. rm -rf libconftest.dylib* echo "int foo(void){return 1;}" > conftest.c echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err _lt_result=$? # If there is a non-empty error log, and "single_module" # appears in it, assume the flag caused a linker warning if test -s conftest.err && $GREP single_module conftest.err; then cat conftest.err >&AS_MESSAGE_LOG_FD # Otherwise, if the output was created with a 0 exit code from # the compiler, it worked. elif test -f libconftest.dylib && test 0 = "$_lt_result"; then lt_cv_apple_cc_single_mod=yes else cat conftest.err >&AS_MESSAGE_LOG_FD fi rm -rf libconftest.dylib* rm -f conftest.* fi]) AC_CACHE_CHECK([for -exported_symbols_list linker flag], [lt_cv_ld_exported_symbols_list], [lt_cv_ld_exported_symbols_list=no save_LDFLAGS=$LDFLAGS echo "_main" > conftest.sym LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], [lt_cv_ld_exported_symbols_list=yes], [lt_cv_ld_exported_symbols_list=no]) LDFLAGS=$save_LDFLAGS ]) AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load], [lt_cv_ld_force_load=no cat > conftest.c << _LT_EOF int forced_loaded() { return 2;} _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD cat > conftest.c << _LT_EOF int main() { return 0;} _LT_EOF echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err _lt_result=$? if test -s conftest.err && $GREP force_load conftest.err; then cat conftest.err >&AS_MESSAGE_LOG_FD elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then lt_cv_ld_force_load=yes else cat conftest.err >&AS_MESSAGE_LOG_FD fi rm -f conftest.err libconftest.a conftest conftest.c rm -rf conftest.dSYM ]) case $host_os in rhapsody* | darwin1.[[012]]) _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; darwin1.*) _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; darwin*) # darwin 5.x on # if running on 10.5 or later, the deployment target defaults # to the OS version, if on x86, and 10.4, the deployment # target defaults to 10.4. Don't you love it? case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; 10.[[012]]*) _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; 10.*) _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; esac ;; esac if test yes = "$lt_cv_apple_cc_single_mod"; then _lt_dar_single_mod='$single_module' fi if test yes = "$lt_cv_ld_exported_symbols_list"; then _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' else _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib' fi if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then _lt_dsymutil='~$DSYMUTIL $lib || :' else _lt_dsymutil= fi ;; esac ]) # _LT_DARWIN_LINKER_FEATURES([TAG]) # --------------------------------- # Checks for linker and compiler features on darwin m4_defun([_LT_DARWIN_LINKER_FEATURES], [ m4_require([_LT_REQUIRED_DARWIN_CHECKS]) _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported if test yes = "$lt_cv_ld_force_load"; then _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes], [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes]) else _LT_TAGVAR(whole_archive_flag_spec, $1)='' fi _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(allow_undefined_flag, $1)=$_lt_dar_allow_undefined case $cc_basename in ifort*|nagfor*) _lt_dar_can_shared=yes ;; *) _lt_dar_can_shared=$GCC ;; esac if test yes = "$_lt_dar_can_shared"; then output_verbose_link_cmd=func_echo_all _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil" _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil" _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" m4_if([$1], [CXX], [ if test yes != "$lt_cv_apple_cc_single_mod"; then _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil" _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil" fi ],[]) else _LT_TAGVAR(ld_shlibs, $1)=no fi ]) # _LT_SYS_MODULE_PATH_AIX([TAGNAME]) # ---------------------------------- # Links a minimal program and checks the executable # for the system default hardcoded library path. In most cases, # this is /usr/lib:/lib, but when the MPI compilers are used # the location of the communication and MPI libs are included too. # If we don't find anything, use the default library path according # to the aix ld manual. # Store the results from the different compilers for each TAGNAME. # Allow to override them for all tags through lt_cv_aix_libpath. m4_defun([_LT_SYS_MODULE_PATH_AIX], [m4_require([_LT_DECL_SED])dnl if test set = "${lt_cv_aix_libpath+set}"; then aix_libpath=$lt_cv_aix_libpath else AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])], [AC_LINK_IFELSE([AC_LANG_PROGRAM],[ lt_aix_libpath_sed='[ /Import File Strings/,/^$/ { /^0/ { s/^0 *\([^ ]*\) *$/\1/ p } }]' _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi],[]) if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=/usr/lib:/lib fi ]) aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1]) fi ])# _LT_SYS_MODULE_PATH_AIX # _LT_SHELL_INIT(ARG) # ------------------- m4_define([_LT_SHELL_INIT], [m4_divert_text([M4SH-INIT], [$1 ])])# _LT_SHELL_INIT # _LT_PROG_ECHO_BACKSLASH # ----------------------- # Find how we can fake an echo command that does not interpret backslash. # In particular, with Autoconf 2.60 or later we add some code to the start # of the generated configure script that will find a shell with a builtin # printf (that we can use as an echo command). m4_defun([_LT_PROG_ECHO_BACKSLASH], [ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO AC_MSG_CHECKING([how to print strings]) # Test print first, because it will be a builtin if present. if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then ECHO='print -r --' elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then ECHO='printf %s\n' else # Use this function as a fallback that always works. func_fallback_echo () { eval 'cat <<_LTECHO_EOF $[]1 _LTECHO_EOF' } ECHO='func_fallback_echo' fi # func_echo_all arg... # Invoke $ECHO with all args, space-separated. func_echo_all () { $ECHO "$*" } case $ECHO in printf*) AC_MSG_RESULT([printf]) ;; print*) AC_MSG_RESULT([print -r]) ;; *) AC_MSG_RESULT([cat]) ;; esac m4_ifdef([_AS_DETECT_SUGGESTED], [_AS_DETECT_SUGGESTED([ test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || ( ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO PATH=/empty FPATH=/empty; export PATH FPATH test "X`printf %s $ECHO`" = "X$ECHO" \ || test "X`print -r -- $ECHO`" = "X$ECHO" )])]) _LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts]) _LT_DECL([], [ECHO], [1], [An echo program that protects backslashes]) ])# _LT_PROG_ECHO_BACKSLASH # _LT_WITH_SYSROOT # ---------------- AC_DEFUN([_LT_WITH_SYSROOT], [AC_MSG_CHECKING([for sysroot]) AC_ARG_WITH([sysroot], [AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@], [Search for dependent libraries within DIR (or the compiler's sysroot if not specified).])], [], [with_sysroot=no]) dnl lt_sysroot will always be passed unquoted. We quote it here dnl in case the user passed a directory name. lt_sysroot= case $with_sysroot in #( yes) if test yes = "$GCC"; then lt_sysroot=`$CC --print-sysroot 2>/dev/null` fi ;; #( /*) lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` ;; #( no|'') ;; #( *) AC_MSG_RESULT([$with_sysroot]) AC_MSG_ERROR([The sysroot must be an absolute path.]) ;; esac AC_MSG_RESULT([${lt_sysroot:-no}]) _LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl [dependent libraries, and where our libraries should be installed.])]) # _LT_ENABLE_LOCK # --------------- m4_defun([_LT_ENABLE_LOCK], [AC_ARG_ENABLE([libtool-lock], [AS_HELP_STRING([--disable-libtool-lock], [avoid locking (might break parallel builds)])]) test no = "$enable_libtool_lock" || enable_libtool_lock=yes # Some flags need to be propagated to the compiler or linker for good # libtool support. case $host in ia64-*-hpux*) # Find out what ABI is being produced by ac_compile, and set mode # options accordingly. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.$ac_objext` in *ELF-32*) HPUX_IA64_MODE=32 ;; *ELF-64*) HPUX_IA64_MODE=64 ;; esac fi rm -rf conftest* ;; *-*-irix6*) # Find out what ABI is being produced by ac_compile, and set linker # options accordingly. echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then if test yes = "$lt_cv_prog_gnu_ld"; then case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -melf32bsmip" ;; *N32*) LD="${LD-ld} -melf32bmipn32" ;; *64-bit*) LD="${LD-ld} -melf64bmip" ;; esac else case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -32" ;; *N32*) LD="${LD-ld} -n32" ;; *64-bit*) LD="${LD-ld} -64" ;; esac fi fi rm -rf conftest* ;; mips64*-*linux*) # Find out what ABI is being produced by ac_compile, and set linker # options accordingly. echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then emul=elf case `/usr/bin/file conftest.$ac_objext` in *32-bit*) emul="${emul}32" ;; *64-bit*) emul="${emul}64" ;; esac case `/usr/bin/file conftest.$ac_objext` in *MSB*) emul="${emul}btsmip" ;; *LSB*) emul="${emul}ltsmip" ;; esac case `/usr/bin/file conftest.$ac_objext` in *N32*) emul="${emul}n32" ;; esac LD="${LD-ld} -m $emul" fi rm -rf conftest* ;; x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) # Find out what ABI is being produced by ac_compile, and set linker # options accordingly. Note that the listed cases only cover the # situations where additional linker options are needed (such as when # doing 32-bit compilation for a host where ld defaults to 64-bit, or # vice versa); the common cases where no linker options are needed do # not appear in the list. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in *32-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_i386_fbsd" ;; x86_64-*linux*) case `/usr/bin/file conftest.o` in *x86-64*) LD="${LD-ld} -m elf32_x86_64" ;; *) LD="${LD-ld} -m elf_i386" ;; esac ;; powerpc64le-*linux*) LD="${LD-ld} -m elf32lppclinux" ;; powerpc64-*linux*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) LD="${LD-ld} -m elf_s390" ;; sparc64-*linux*) LD="${LD-ld} -m elf32_sparc" ;; esac ;; *64-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_x86_64_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; powerpcle-*linux*) LD="${LD-ld} -m elf64lppc" ;; powerpc-*linux*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) LD="${LD-ld} -m elf64_s390" ;; sparc*-*linux*) LD="${LD-ld} -m elf64_sparc" ;; esac ;; esac fi rm -rf conftest* ;; *-*-sco3.2v5*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. SAVE_CFLAGS=$CFLAGS CFLAGS="$CFLAGS -belf" AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, [AC_LANG_PUSH(C) AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no]) AC_LANG_POP]) if test yes != "$lt_cv_cc_needs_belf"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf CFLAGS=$SAVE_CFLAGS fi ;; *-*solaris*) # Find out what ABI is being produced by ac_compile, and set linker # options accordingly. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in yes*) case $host in i?86-*-solaris*|x86_64-*-solaris*) LD="${LD-ld} -m elf_x86_64" ;; sparc*-*-solaris*) LD="${LD-ld} -m elf64_sparc" ;; esac # GNU ld 2.21 introduced _sol2 emulations. Use them if available. if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then LD=${LD-ld}_sol2 fi ;; *) if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then LD="${LD-ld} -64" fi ;; esac ;; esac fi rm -rf conftest* ;; esac need_locks=$enable_libtool_lock ])# _LT_ENABLE_LOCK # _LT_PROG_AR # ----------- m4_defun([_LT_PROG_AR], [AC_CHECK_TOOLS(AR, [ar], false) : ${AR=ar} : ${AR_FLAGS=cru} _LT_DECL([], [AR], [1], [The archiver]) _LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive]) AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file], [lt_cv_ar_at_file=no AC_COMPILE_IFELSE([AC_LANG_PROGRAM], [echo conftest.$ac_objext > conftest.lst lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD' AC_TRY_EVAL([lt_ar_try]) if test 0 -eq "$ac_status"; then # Ensure the archiver fails upon bogus file names. rm -f conftest.$ac_objext libconftest.a AC_TRY_EVAL([lt_ar_try]) if test 0 -ne "$ac_status"; then lt_cv_ar_at_file=@ fi fi rm -f conftest.* libconftest.a ]) ]) if test no = "$lt_cv_ar_at_file"; then archiver_list_spec= else archiver_list_spec=$lt_cv_ar_at_file fi _LT_DECL([], [archiver_list_spec], [1], [How to feed a file listing to the archiver]) ])# _LT_PROG_AR # _LT_CMD_OLD_ARCHIVE # ------------------- m4_defun([_LT_CMD_OLD_ARCHIVE], [_LT_PROG_AR AC_CHECK_TOOL(STRIP, strip, :) test -z "$STRIP" && STRIP=: _LT_DECL([], [STRIP], [1], [A symbol stripping program]) AC_CHECK_TOOL(RANLIB, ranlib, :) test -z "$RANLIB" && RANLIB=: _LT_DECL([], [RANLIB], [1], [Commands used to install an old-style archive]) # Determine commands to create old-style static archives. old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' old_postinstall_cmds='chmod 644 $oldlib' old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in bitrig* | openbsd*) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" ;; *) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" ;; esac old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" fi case $host_os in darwin*) lock_old_archive_extraction=yes ;; *) lock_old_archive_extraction=no ;; esac _LT_DECL([], [old_postinstall_cmds], [2]) _LT_DECL([], [old_postuninstall_cmds], [2]) _LT_TAGDECL([], [old_archive_cmds], [2], [Commands used to build an old-style archive]) _LT_DECL([], [lock_old_archive_extraction], [0], [Whether to use a lock for old archive extraction]) ])# _LT_CMD_OLD_ARCHIVE # _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, # [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE]) # ---------------------------------------------------------------- # Check whether the given compiler option works AC_DEFUN([_LT_COMPILER_OPTION], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_SED])dnl AC_CACHE_CHECK([$1], [$2], [$2=no m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4]) echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="$3" ## exclude from sc_useless_quotes_in_assignment # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&AS_MESSAGE_LOG_FD echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then $2=yes fi fi $RM conftest* ]) if test yes = "[$]$2"; then m4_if([$5], , :, [$5]) else m4_if([$6], , :, [$6]) fi ])# _LT_COMPILER_OPTION # Old name: AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], []) # _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, # [ACTION-SUCCESS], [ACTION-FAILURE]) # ---------------------------------------------------- # Check whether the given linker option works AC_DEFUN([_LT_LINKER_OPTION], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_SED])dnl AC_CACHE_CHECK([$1], [$2], [$2=no save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS $3" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&AS_MESSAGE_LOG_FD $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then $2=yes fi else $2=yes fi fi $RM -r conftest* LDFLAGS=$save_LDFLAGS ]) if test yes = "[$]$2"; then m4_if([$4], , :, [$4]) else m4_if([$5], , :, [$5]) fi ])# _LT_LINKER_OPTION # Old name: AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], []) # LT_CMD_MAX_LEN #--------------- AC_DEFUN([LT_CMD_MAX_LEN], [AC_REQUIRE([AC_CANONICAL_HOST])dnl # find the maximum length of command line arguments AC_MSG_CHECKING([the maximum length of command line arguments]) AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl i=0 teststring=ABCD case $build_os in msdosdjgpp*) # On DJGPP, this test can blow up pretty badly due to problems in libc # (any single argument exceeding 2000 bytes causes a buffer overrun # during glob expansion). Even if it were fixed, the result of this # check would be larger than it should be. lt_cv_sys_max_cmd_len=12288; # 12K is about right ;; gnu*) # Under GNU Hurd, this test is not required because there is # no limit to the length of command line arguments. # Libtool will interpret -1 as no limit whatsoever lt_cv_sys_max_cmd_len=-1; ;; cygwin* | mingw* | cegcc*) # On Win9x/ME, this test blows up -- it succeeds, but takes # about 5 minutes as the teststring grows exponentially. # Worse, since 9x/ME are not pre-emptively multitasking, # you end up with a "frozen" computer, even though with patience # the test eventually succeeds (with a max line length of 256k). # Instead, let's just punt: use the minimum linelength reported by # all of the supported platforms: 8192 (on NT/2K/XP). lt_cv_sys_max_cmd_len=8192; ;; mint*) # On MiNT this can take a long time and run out of memory. lt_cv_sys_max_cmd_len=8192; ;; amigaos*) # On AmigaOS with pdksh, this test takes hours, literally. # So we just punt and use a minimum line length of 8192. lt_cv_sys_max_cmd_len=8192; ;; bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` elif test -x /usr/sbin/sysctl; then lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` else lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs fi # And add a safety zone lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` ;; interix*) # We know the value 262144 and hardcode it with a safety zone (like BSD) lt_cv_sys_max_cmd_len=196608 ;; os2*) # The test takes a long time on OS/2. lt_cv_sys_max_cmd_len=8192 ;; osf*) # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not # nice to cause kernel panics so lets avoid the loop below. # First set a reasonable default. lt_cv_sys_max_cmd_len=16384 # if test -x /sbin/sysconfig; then case `/sbin/sysconfig -q proc exec_disable_arg_limit` in *1*) lt_cv_sys_max_cmd_len=-1 ;; esac fi ;; sco3.2v5*) lt_cv_sys_max_cmd_len=102400 ;; sysv5* | sco5v6* | sysv4.2uw2*) kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` if test -n "$kargmax"; then lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'` else lt_cv_sys_max_cmd_len=32768 fi ;; *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` if test -n "$lt_cv_sys_max_cmd_len" && \ test undefined != "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else # Make teststring a little bigger before we do anything with it. # a 1K string should be a reasonable start. for i in 1 2 3 4 5 6 7 8; do teststring=$teststring$teststring done SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. while { test X`env echo "$teststring$teststring" 2>/dev/null` \ = "X$teststring$teststring"; } >/dev/null 2>&1 && test 17 != "$i" # 1/2 MB should be enough do i=`expr $i + 1` teststring=$teststring$teststring done # Only check the string length outside the loop. lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` teststring= # Add a significant safety factor because C++ compilers can tack on # massive amounts of additional arguments before passing them to the # linker. It appears as though 1/2 is a usable value. lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` fi ;; esac ]) if test -n "$lt_cv_sys_max_cmd_len"; then AC_MSG_RESULT($lt_cv_sys_max_cmd_len) else AC_MSG_RESULT(none) fi max_cmd_len=$lt_cv_sys_max_cmd_len _LT_DECL([], [max_cmd_len], [0], [What is the maximum length of a command?]) ])# LT_CMD_MAX_LEN # Old name: AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], []) # _LT_HEADER_DLFCN # ---------------- m4_defun([_LT_HEADER_DLFCN], [AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl ])# _LT_HEADER_DLFCN # _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE, # ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING) # ---------------------------------------------------------------- m4_defun([_LT_TRY_DLOPEN_SELF], [m4_require([_LT_HEADER_DLFCN])dnl if test yes = "$cross_compiling"; then : [$4] else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF [#line $LINENO "configure" #include "confdefs.h" #if HAVE_DLFCN_H #include #endif #include #ifdef RTLD_GLOBAL # define LT_DLGLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LT_DLGLOBAL DL_GLOBAL # else # define LT_DLGLOBAL 0 # endif #endif /* We may have to define LT_DLLAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LT_DLLAZY_OR_NOW # ifdef RTLD_LAZY # define LT_DLLAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LT_DLLAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LT_DLLAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LT_DLLAZY_OR_NOW DL_NOW # else # define LT_DLLAZY_OR_NOW 0 # endif # endif # endif # endif #endif /* When -fvisbility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ #if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); #endif int fnord () { return 42; } int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; else { if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; else puts (dlerror ()); } /* dlclose (self); */ } else puts (dlerror ()); return status; }] _LT_EOF if AC_TRY_EVAL(ac_link) && test -s "conftest$ac_exeext" 2>/dev/null; then (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null lt_status=$? case x$lt_status in x$lt_dlno_uscore) $1 ;; x$lt_dlneed_uscore) $2 ;; x$lt_dlunknown|x*) $3 ;; esac else : # compilation failed $3 fi fi rm -fr conftest* ])# _LT_TRY_DLOPEN_SELF # LT_SYS_DLOPEN_SELF # ------------------ AC_DEFUN([LT_SYS_DLOPEN_SELF], [m4_require([_LT_HEADER_DLFCN])dnl if test yes != "$enable_dlopen"; then enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown else lt_cv_dlopen=no lt_cv_dlopen_libs= case $host_os in beos*) lt_cv_dlopen=load_add_on lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ;; mingw* | pw32* | cegcc*) lt_cv_dlopen=LoadLibrary lt_cv_dlopen_libs= ;; cygwin*) lt_cv_dlopen=dlopen lt_cv_dlopen_libs= ;; darwin*) # if libdl is installed we need to link against it AC_CHECK_LIB([dl], [dlopen], [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],[ lt_cv_dlopen=dyld lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ]) ;; tpf*) # Don't try to run any link tests for TPF. We know it's impossible # because TPF is a cross-compiler, and we know how we open DSOs. lt_cv_dlopen=dlopen lt_cv_dlopen_libs= lt_cv_dlopen_self=no ;; *) AC_CHECK_FUNC([shl_load], [lt_cv_dlopen=shl_load], [AC_CHECK_LIB([dld], [shl_load], [lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld], [AC_CHECK_FUNC([dlopen], [lt_cv_dlopen=dlopen], [AC_CHECK_LIB([dl], [dlopen], [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl], [AC_CHECK_LIB([svld], [dlopen], [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld], [AC_CHECK_LIB([dld], [dld_link], [lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld]) ]) ]) ]) ]) ]) ;; esac if test no = "$lt_cv_dlopen"; then enable_dlopen=no else enable_dlopen=yes fi case $lt_cv_dlopen in dlopen) save_CPPFLAGS=$CPPFLAGS test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" save_LDFLAGS=$LDFLAGS wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" save_LIBS=$LIBS LIBS="$lt_cv_dlopen_libs $LIBS" AC_CACHE_CHECK([whether a program can dlopen itself], lt_cv_dlopen_self, [dnl _LT_TRY_DLOPEN_SELF( lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes, lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross) ]) if test yes = "$lt_cv_dlopen_self"; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" AC_CACHE_CHECK([whether a statically linked program can dlopen itself], lt_cv_dlopen_self_static, [dnl _LT_TRY_DLOPEN_SELF( lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross) ]) fi CPPFLAGS=$save_CPPFLAGS LDFLAGS=$save_LDFLAGS LIBS=$save_LIBS ;; esac case $lt_cv_dlopen_self in yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; *) enable_dlopen_self=unknown ;; esac case $lt_cv_dlopen_self_static in yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; *) enable_dlopen_self_static=unknown ;; esac fi _LT_DECL([dlopen_support], [enable_dlopen], [0], [Whether dlopen is supported]) _LT_DECL([dlopen_self], [enable_dlopen_self], [0], [Whether dlopen of programs is supported]) _LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0], [Whether dlopen of statically linked programs is supported]) ])# LT_SYS_DLOPEN_SELF # Old name: AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], []) # _LT_COMPILER_C_O([TAGNAME]) # --------------------------- # Check to see if options -c and -o are simultaneously supported by compiler. # This macro does not hard code the compiler like AC_PROG_CC_C_O. m4_defun([_LT_COMPILER_C_O], [m4_require([_LT_DECL_SED])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_TAG_COMPILER])dnl AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext], [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)], [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no $RM -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&AS_MESSAGE_LOG_FD echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes fi fi chmod u+w . 2>&AS_MESSAGE_LOG_FD $RM conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files $RM out/* && rmdir out cd .. $RM -r conftest $RM conftest* ]) _LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1], [Does compiler simultaneously support -c and -o options?]) ])# _LT_COMPILER_C_O # _LT_COMPILER_FILE_LOCKS([TAGNAME]) # ---------------------------------- # Check to see if we can do hard links to lock some files if needed m4_defun([_LT_COMPILER_FILE_LOCKS], [m4_require([_LT_ENABLE_LOCK])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl _LT_COMPILER_C_O([$1]) hard_links=nottested if test no = "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" && test no != "$need_locks"; then # do not overwrite the value of need_locks provided by the user AC_MSG_CHECKING([if we can lock with hard links]) hard_links=yes $RM conftest* ln conftest.a conftest.b 2>/dev/null && hard_links=no touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no AC_MSG_RESULT([$hard_links]) if test no = "$hard_links"; then AC_MSG_WARN(['$CC' does not support '-c -o', so 'make -j' may be unsafe]) need_locks=warn fi else need_locks=no fi _LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?]) ])# _LT_COMPILER_FILE_LOCKS # _LT_CHECK_OBJDIR # ---------------- m4_defun([_LT_CHECK_OBJDIR], [AC_CACHE_CHECK([for objdir], [lt_cv_objdir], [rm -f .libs 2>/dev/null mkdir .libs 2>/dev/null if test -d .libs; then lt_cv_objdir=.libs else # MS-DOS does not allow filenames that begin with a dot. lt_cv_objdir=_libs fi rmdir .libs 2>/dev/null]) objdir=$lt_cv_objdir _LT_DECL([], [objdir], [0], [The name of the directory that contains temporary libtool files])dnl m4_pattern_allow([LT_OBJDIR])dnl AC_DEFINE_UNQUOTED([LT_OBJDIR], "$lt_cv_objdir/", [Define to the sub-directory where libtool stores uninstalled libraries.]) ])# _LT_CHECK_OBJDIR # _LT_LINKER_HARDCODE_LIBPATH([TAGNAME]) # -------------------------------------- # Check hardcoding attributes. m4_defun([_LT_LINKER_HARDCODE_LIBPATH], [AC_MSG_CHECKING([how to hardcode library paths into programs]) _LT_TAGVAR(hardcode_action, $1)= if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" || test -n "$_LT_TAGVAR(runpath_var, $1)" || test yes = "$_LT_TAGVAR(hardcode_automatic, $1)"; then # We can hardcode non-existent directories. if test no != "$_LT_TAGVAR(hardcode_direct, $1)" && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" && test no != "$_LT_TAGVAR(hardcode_minus_L, $1)"; then # Linking always hardcodes the temporary library directory. _LT_TAGVAR(hardcode_action, $1)=relink else # We can link without hardcoding, and we can hardcode nonexisting dirs. _LT_TAGVAR(hardcode_action, $1)=immediate fi else # We cannot hardcode anything, or else we can only hardcode existing # directories. _LT_TAGVAR(hardcode_action, $1)=unsupported fi AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)]) if test relink = "$_LT_TAGVAR(hardcode_action, $1)" || test yes = "$_LT_TAGVAR(inherit_rpath, $1)"; then # Fast installation is not supported enable_fast_install=no elif test yes = "$shlibpath_overrides_runpath" || test no = "$enable_shared"; then # Fast installation is not necessary enable_fast_install=needless fi _LT_TAGDECL([], [hardcode_action], [0], [How to hardcode a shared library path into an executable]) ])# _LT_LINKER_HARDCODE_LIBPATH # _LT_CMD_STRIPLIB # ---------------- m4_defun([_LT_CMD_STRIPLIB], [m4_require([_LT_DECL_EGREP]) striplib= old_striplib= AC_MSG_CHECKING([whether stripping libraries is possible]) if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" test -z "$striplib" && striplib="$STRIP --strip-unneeded" AC_MSG_RESULT([yes]) else # FIXME - insert some real tests, host_os isn't really good enough case $host_os in darwin*) if test -n "$STRIP"; then striplib="$STRIP -x" old_striplib="$STRIP -S" AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) fi ;; *) AC_MSG_RESULT([no]) ;; esac fi _LT_DECL([], [old_striplib], [1], [Commands to strip libraries]) _LT_DECL([], [striplib], [1]) ])# _LT_CMD_STRIPLIB # _LT_SYS_DYNAMIC_LINKER([TAG]) # ----------------------------- # PORTME Fill in your ld.so characteristics m4_defun([_LT_SYS_DYNAMIC_LINKER], [AC_REQUIRE([AC_CANONICAL_HOST])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_OBJDUMP])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_CHECK_SHELL_FEATURES])dnl AC_MSG_CHECKING([dynamic linker characteristics]) m4_if([$1], [], [ if test yes = "$GCC"; then case $host_os in darwin*) lt_awk_arg='/^libraries:/,/LR/' ;; *) lt_awk_arg='/^libraries:/' ;; esac case $host_os in mingw* | cegcc*) lt_sed_strip_eq='s|=\([[A-Za-z]]:\)|\1|g' ;; *) lt_sed_strip_eq='s|=/|/|g' ;; esac lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` case $lt_search_path_spec in *\;*) # if the path contains ";" then we assume it to be the separator # otherwise default to the standard path separator (i.e. ":") - it is # assumed that no part of a normal pathname contains ";" but that should # okay in the real world where ";" in dirpaths is itself problematic. lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` ;; *) lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` ;; esac # Ok, now we have the path, separated by spaces, we can step through it # and add multilib dir if necessary... lt_tmp_lt_search_path_spec= lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` # ...but if some path component already ends with the multilib dir we assume # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer). case "$lt_multi_os_dir; $lt_search_path_spec " in "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*) lt_multi_os_dir= ;; esac for lt_sys_path in $lt_search_path_spec; do if test -d "$lt_sys_path$lt_multi_os_dir"; then lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir" elif test -n "$lt_multi_os_dir"; then test -d "$lt_sys_path" && \ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" fi done lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' BEGIN {RS = " "; FS = "/|\n";} { lt_foo = ""; lt_count = 0; for (lt_i = NF; lt_i > 0; lt_i--) { if ($lt_i != "" && $lt_i != ".") { if ($lt_i == "..") { lt_count++; } else { if (lt_count == 0) { lt_foo = "/" $lt_i lt_foo; } else { lt_count--; } } } } if (lt_foo != "") { lt_freq[[lt_foo]]++; } if (lt_freq[[lt_foo]] == 1) { print lt_foo; } }'` # AWK program above erroneously prepends '/' to C:/dos/paths # for these hosts. case $host_os in mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ $SED 's|/\([[A-Za-z]]:\)|\1|g'` ;; esac sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` else sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" fi]) library_names_spec= libname_spec='lib$name' soname_spec= shrext_cmds=.so postinstall_cmds= postuninstall_cmds= finish_cmds= finish_eval= shlibpath_var= shlibpath_overrides_runpath=unknown version_type=none dynamic_linker="$host_os ld.so" sys_lib_dlsearch_path_spec="/lib /usr/lib" need_lib_prefix=unknown hardcode_into_libs=no # when you set need_version to no, make sure it does not cause -set_version # flags to be left without arguments need_version=unknown case $host_os in aix3*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname$release$shared_ext$versuffix $libname.a' shlibpath_var=LIBPATH # AIX 3 has no versioning support, so we append a major version to the name. soname_spec='$libname$release$shared_ext$major' ;; aix[[4-9]]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no hardcode_into_libs=yes if test ia64 = "$host_cpu"; then # AIX 5 supports IA64 library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH else # With GCC up to 2.95.x, collect2 would create an import file # for dependence libraries. The import file would start with # the line '#! .'. This would cause the generated library to # depend on '.', always an invalid library. This was fixed in # development snapshots of GCC prior to 3.0. case $host_os in aix4 | aix4.[[01]] | aix4.[[01]].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then : else can_build_shared=no fi ;; esac # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. if test yes = "$aix_use_runtimelinking"; then # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' else # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. library_names_spec='$libname$release.a $libname.a' soname_spec='$libname$release$shared_ext$major' fi shlibpath_var=LIBPATH fi ;; amigaos*) case $host_cpu in powerpc) # Since July 2007 AmigaOS4 officially supports .so libraries. # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' ;; m68k) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; esac ;; beos*) library_names_spec='$libname$shared_ext' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH ;; bsdi[[45]]*) version_type=linux # correct to gnu/linux during the next big refactor need_version=no library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" # the default ld.so.conf also contains /usr/contrib/lib and # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow # libtool to hard-code these into programs ;; cygwin* | mingw* | pw32* | cegcc*) version_type=windows shrext_cmds=.dll need_version=no need_lib_prefix=no case $GCC,$cc_basename in yes,*) # gcc library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \$file`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ chmod a+x \$dldir/$dlname~ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; fi' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' shlibpath_overrides_runpath=yes case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' m4_if([$1], [],[ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"]) ;; mingw* | cegcc*) # MinGW DLLs use traditional 'lib' prefix soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' ;; esac dynamic_linker='Win32 ld.exe' ;; *,cl*) # Native MSVC libname_spec='$name' soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' library_names_spec='$libname.dll.lib' case $build_os in mingw*) sys_lib_search_path_spec= lt_save_ifs=$IFS IFS=';' for lt_path in $LIB do IFS=$lt_save_ifs # Let DOS variable expansion print the short 8.3 style file name. lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" done IFS=$lt_save_ifs # Convert to MSYS style. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'` ;; cygwin*) # Convert to unix form, then to dos form, then back to unix form # but this time dos style (no spaces!) so that the unix form looks # like /cygdrive/c/PROGRA~1:/cygdr... sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` ;; *) sys_lib_search_path_spec=$LIB if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then # It is most probably a Windows format PATH. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` else sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` fi # FIXME: find the short name or the path components, as spaces are # common. (e.g. "Program Files" -> "PROGRA~1") ;; esac # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \$file`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' shlibpath_overrides_runpath=yes dynamic_linker='Win32 link.exe' ;; *) # Assume MSVC wrapper library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib' dynamic_linker='Win32 ld.exe' ;; esac # FIXME: first we should search . and the directory the executable is in shlibpath_var=PATH ;; darwin* | rhapsody*) dynamic_linker="$host_os dyld" version_type=darwin need_lib_prefix=no need_version=no library_names_spec='$libname$release$major$shared_ext $libname$shared_ext' soname_spec='$libname$release$major$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' m4_if([$1], [],[ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"]) sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' ;; dgux*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH ;; freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. if test -x /usr/bin/objformat; then objformat=`/usr/bin/objformat` else case $host_os in freebsd[[23]].*) objformat=aout ;; *) objformat=elf ;; esac fi version_type=freebsd-$objformat case $version_type in freebsd-elf*) library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' need_version=no need_lib_prefix=no ;; freebsd-*) library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' need_version=yes ;; esac shlibpath_var=LD_LIBRARY_PATH case $host_os in freebsd2.*) shlibpath_overrides_runpath=yes ;; freebsd3.[[01]]* | freebsdelf3.[[01]]*) shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \ freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1) shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; *) # from 4.6 on, and DragonFly shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; esac ;; haiku*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no dynamic_linker="$host_os runtime_loader" library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' shlibpath_var=LIBRARY_PATH shlibpath_overrides_runpath=no sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' hardcode_into_libs=yes ;; hpux9* | hpux10* | hpux11*) # Give a soname corresponding to the major version so that dld.sl refuses to # link against other versions. version_type=sunos need_lib_prefix=no need_version=no case $host_cpu in ia64*) shrext_cmds='.so' hardcode_into_libs=yes dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' if test 32 = "$HPUX_IA64_MODE"; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" fi sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' hardcode_into_libs=yes dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; *) shrext_cmds='.sl' dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' ;; esac # HP-UX runs *really* slowly unless shared libraries are mode 555, ... postinstall_cmds='chmod 555 $lib' # or fails outright, so override atomically: install_override_mode=555 ;; interix[[3-9]]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; *) if test yes = "$lt_cv_prog_gnu_ld"; then version_type=linux # correct to gnu/linux during the next big refactor else version_type=irix fi ;; esac need_lib_prefix=no need_version=no soname_spec='$libname$release$shared_ext$major' library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext' case $host_os in irix5* | nonstopux*) libsuff= shlibsuff= ;; *) case $LD in # libtool.m4 will add one of these switches to LD *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= libmagic=32-bit;; *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 libmagic=N32;; *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 libmagic=64-bit;; *) libsuff= shlibsuff= libmagic=never-match;; esac ;; esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" hardcode_into_libs=yes ;; # No shared lib support for Linux oldld, aout, or coff. linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; linux*android*) version_type=none # Android doesn't support versioned libraries. need_lib_prefix=no need_version=no library_names_spec='$libname$release$shared_ext' soname_spec='$libname$release$shared_ext' finish_cmds= shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. hardcode_into_libs=yes dynamic_linker='Android linker' # Don't embed -rpath directories since the linker doesn't support them. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' ;; # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no # Some binutils ld are patched to set DT_RUNPATH AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath], [lt_cv_shlibpath_overrides_runpath=no save_LDFLAGS=$LDFLAGS save_libdir=$libdir eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \ LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\"" AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null], [lt_cv_shlibpath_overrides_runpath=yes])]) LDFLAGS=$save_LDFLAGS libdir=$save_libdir ]) shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. hardcode_into_libs=yes # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on # powerpc, because MkLinux only supported shared libraries with the # GNU dynamic linker. Since this was broken with cross compilers, # most powerpc-linux boxes support dynamic linking these days and # people can always --disable-shared, the test was removed, and we # assume the GNU/Linux dynamic linker is in use. dynamic_linker='GNU/Linux ld.so' ;; netbsd*) version_type=sunos need_lib_prefix=no need_version=no if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; newsos6) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; *nto* | *qnx*) version_type=qnx need_lib_prefix=no need_version=no library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='ldqnx.so' ;; openbsd* | bitrig*) version_type=sunos sys_lib_dlsearch_path_spec=/usr/lib need_lib_prefix=no if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then need_version=no else need_version=yes fi library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; os2*) libname_spec='$name' shrext_cmds=.dll need_lib_prefix=no library_names_spec='$libname$shared_ext $libname.a' dynamic_linker='OS/2 ld.exe' shlibpath_var=LIBPATH ;; osf3* | osf4* | osf5*) version_type=osf need_lib_prefix=no need_version=no soname_spec='$libname$release$shared_ext$major' library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; rdos*) dynamic_linker=no ;; solaris*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes # ldd complains unless libraries are executable postinstall_cmds='chmod +x $lib' ;; sunos4*) version_type=sunos library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes if test yes = "$with_gnu_ld"; then need_lib_prefix=no fi need_version=yes ;; sysv4 | sysv4.3*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH case $host_vendor in sni) shlibpath_overrides_runpath=no need_lib_prefix=no runpath_var=LD_RUN_PATH ;; siemens) need_lib_prefix=no ;; motorola) need_lib_prefix=no need_version=no shlibpath_overrides_runpath=no sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' ;; esac ;; sysv4*MP*) if test -d /usr/nec; then version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext' soname_spec='$libname$shared_ext.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) version_type=freebsd-elf need_lib_prefix=no need_version=no library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes if test yes = "$with_gnu_ld"; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' case $host_os in sco3.2v5*) sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" ;; esac fi sys_lib_dlsearch_path_spec='/usr/lib' ;; tpf*) # TPF is a cross-target only. Preferred cross-host = GNU/Linux. version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; uts4*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH ;; *) dynamic_linker=no ;; esac AC_MSG_RESULT([$dynamic_linker]) test no = "$dynamic_linker" && can_build_shared=no variables_saved_for_relink="PATH $shlibpath_var $runpath_var" if test yes = "$GCC"; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec fi if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec fi _LT_DECL([], [variables_saved_for_relink], [1], [Variables whose values should be saved in libtool wrapper scripts and restored at link time]) _LT_DECL([], [need_lib_prefix], [0], [Do we need the "lib" prefix for modules?]) _LT_DECL([], [need_version], [0], [Do we need a version for libraries?]) _LT_DECL([], [version_type], [0], [Library versioning type]) _LT_DECL([], [runpath_var], [0], [Shared library runtime path variable]) _LT_DECL([], [shlibpath_var], [0],[Shared library path variable]) _LT_DECL([], [shlibpath_overrides_runpath], [0], [Is shlibpath searched before the hard-coded library search path?]) _LT_DECL([], [libname_spec], [1], [Format of library name prefix]) _LT_DECL([], [library_names_spec], [1], [[List of archive names. First name is the real one, the rest are links. The last name is the one that the linker finds with -lNAME]]) _LT_DECL([], [soname_spec], [1], [[The coded name of the library, if different from the real name]]) _LT_DECL([], [install_override_mode], [1], [Permission mode override for installation of shared libraries]) _LT_DECL([], [postinstall_cmds], [2], [Command to use after installation of a shared archive]) _LT_DECL([], [postuninstall_cmds], [2], [Command to use after uninstallation of a shared archive]) _LT_DECL([], [finish_cmds], [2], [Commands used to finish a libtool library installation in a directory]) _LT_DECL([], [finish_eval], [1], [[As "finish_cmds", except a single script fragment to be evaled but not shown]]) _LT_DECL([], [hardcode_into_libs], [0], [Whether we should hardcode library paths into libraries]) _LT_DECL([], [sys_lib_search_path_spec], [2], [Compile-time system search path for libraries]) _LT_DECL([], [sys_lib_dlsearch_path_spec], [2], [Run-time system search path for libraries]) ])# _LT_SYS_DYNAMIC_LINKER # _LT_PATH_TOOL_PREFIX(TOOL) # -------------------------- # find a file program that can recognize shared library AC_DEFUN([_LT_PATH_TOOL_PREFIX], [m4_require([_LT_DECL_EGREP])dnl AC_MSG_CHECKING([for $1]) AC_CACHE_VAL(lt_cv_path_MAGIC_CMD, [case $MAGIC_CMD in [[\\/*] | ?:[\\/]*]) lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. ;; *) lt_save_MAGIC_CMD=$MAGIC_CMD lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR dnl $ac_dummy forces splitting on constant user-supplied paths. dnl POSIX.2 word splitting is done only on the output of word expansions, dnl not every word. This closes a longstanding sh security hole. ac_dummy="m4_if([$2], , $PATH, [$2])" for ac_dir in $ac_dummy; do IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$1"; then lt_cv_path_MAGIC_CMD=$ac_dir/"$1" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` MAGIC_CMD=$lt_cv_path_MAGIC_CMD if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : else cat <<_LT_EOF 1>&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. *** The result is that libtool may fail to recognize shared libraries *** as such. This will affect the creation of libtool libraries that *** depend on shared libraries, but programs linked with such libtool *** libraries will work regardless of this problem. Nevertheless, you *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org _LT_EOF fi ;; esac fi break fi done IFS=$lt_save_ifs MAGIC_CMD=$lt_save_MAGIC_CMD ;; esac]) MAGIC_CMD=$lt_cv_path_MAGIC_CMD if test -n "$MAGIC_CMD"; then AC_MSG_RESULT($MAGIC_CMD) else AC_MSG_RESULT(no) fi _LT_DECL([], [MAGIC_CMD], [0], [Used to examine libraries when file_magic_cmd begins with "file"])dnl ])# _LT_PATH_TOOL_PREFIX # Old name: AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], []) # _LT_PATH_MAGIC # -------------- # find a file program that can recognize a shared library m4_defun([_LT_PATH_MAGIC], [_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH) if test -z "$lt_cv_path_MAGIC_CMD"; then if test -n "$ac_tool_prefix"; then _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH) else MAGIC_CMD=: fi fi ])# _LT_PATH_MAGIC # LT_PATH_LD # ---------- # find the pathname to the GNU or non-GNU linker AC_DEFUN([LT_PATH_LD], [AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_PROG_ECHO_BACKSLASH])dnl AC_ARG_WITH([gnu-ld], [AS_HELP_STRING([--with-gnu-ld], [assume the C compiler uses GNU ld @<:@default=no@:>@])], [test no = "$withval" || with_gnu_ld=yes], [with_gnu_ld=no])dnl ac_prog=ld if test yes = "$GCC"; then # Check if gcc -print-prog-name=ld gives a path. AC_MSG_CHECKING([for ld used by $CC]) case $host in *-*-mingw*) # gcc leaves a trailing carriage return, which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; esac case $ac_prog in # Accept absolute paths. [[\\/]]* | ?:[[\\/]]*) re_direlt='/[[^/]][[^/]]*/\.\./' # Canonicalize the pathname of ld ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` done test -z "$LD" && LD=$ac_prog ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test yes = "$with_gnu_ld"; then AC_MSG_CHECKING([for GNU ld]) else AC_MSG_CHECKING([for non-GNU ld]) fi AC_CACHE_VAL(lt_cv_path_LD, [if test -z "$LD"; then lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then lt_cv_path_LD=$ac_dir/$ac_prog # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$lt_cv_path_LD" -v 2>&1 &1 /dev/null 2>&1; then lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' else # Keep this pattern in sync with the one in func_win32_libid. lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' lt_cv_file_magic_cmd='$OBJDUMP -f' fi ;; cegcc*) # use the weaker test based on 'objdump'. See mingw*. lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' lt_cv_file_magic_cmd='$OBJDUMP -f' ;; darwin* | rhapsody*) lt_cv_deplibs_check_method=pass_all ;; freebsd* | dragonfly*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then case $host_cpu in i*86 ) # Not sure whether the presence of OpenBSD here was a mistake. # Let's accept both of them until this is cleared up. lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` ;; esac else lt_cv_deplibs_check_method=pass_all fi ;; haiku*) lt_cv_deplibs_check_method=pass_all ;; hpux10.20* | hpux11*) lt_cv_file_magic_cmd=/usr/bin/file case $host_cpu in ia64*) lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64' lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so ;; hppa*64*) [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]'] lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl ;; *) lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library' lt_cv_file_magic_test_file=/usr/lib/libc.sl ;; esac ;; interix[[3-9]]*) # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$' ;; irix5* | irix6* | nonstopux*) case $LD in *-32|*"-32 ") libmagic=32-bit;; *-n32|*"-n32 ") libmagic=N32;; *-64|*"-64 ") libmagic=64-bit;; *) libmagic=never-match;; esac lt_cv_deplibs_check_method=pass_all ;; # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) lt_cv_deplibs_check_method=pass_all ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$' fi ;; newos6*) lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=/usr/lib/libnls.so ;; *nto* | *qnx*) lt_cv_deplibs_check_method=pass_all ;; openbsd* | bitrig*) if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' fi ;; osf3* | osf4* | osf5*) lt_cv_deplibs_check_method=pass_all ;; rdos*) lt_cv_deplibs_check_method=pass_all ;; solaris*) lt_cv_deplibs_check_method=pass_all ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) lt_cv_deplibs_check_method=pass_all ;; sysv4 | sysv4.3*) case $host_vendor in motorola) lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]' lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` ;; ncr) lt_cv_deplibs_check_method=pass_all ;; sequent) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )' ;; sni) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib" lt_cv_file_magic_test_file=/lib/libc.so ;; siemens) lt_cv_deplibs_check_method=pass_all ;; pc) lt_cv_deplibs_check_method=pass_all ;; esac ;; tpf*) lt_cv_deplibs_check_method=pass_all ;; esac ]) file_magic_glob= want_nocaseglob=no if test "$build" = "$host"; then case $host_os in mingw* | pw32*) if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then want_nocaseglob=yes else file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"` fi ;; esac fi file_magic_cmd=$lt_cv_file_magic_cmd deplibs_check_method=$lt_cv_deplibs_check_method test -z "$deplibs_check_method" && deplibs_check_method=unknown _LT_DECL([], [deplibs_check_method], [1], [Method to check whether dependent libraries are shared objects]) _LT_DECL([], [file_magic_cmd], [1], [Command to use when deplibs_check_method = "file_magic"]) _LT_DECL([], [file_magic_glob], [1], [How to find potential files when deplibs_check_method = "file_magic"]) _LT_DECL([], [want_nocaseglob], [1], [Find potential files using nocaseglob when deplibs_check_method = "file_magic"]) ])# _LT_CHECK_MAGIC_METHOD # LT_PATH_NM # ---------- # find the pathname to a BSD- or MS-compatible name lister AC_DEFUN([LT_PATH_NM], [AC_REQUIRE([AC_PROG_CC])dnl AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM, [if test -n "$NM"; then # Let the user override the test. lt_cv_path_NM=$NM else lt_nm_to_check=${ac_tool_prefix}nm if test -n "$ac_tool_prefix" && test "$build" = "$host"; then lt_nm_to_check="$lt_nm_to_check nm" fi for lt_tmp_nm in $lt_nm_to_check; do lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. tmp_nm=$ac_dir/$lt_tmp_nm if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then # Check to see if the nm accepts a BSD-compat flag. # Adding the 'sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored # Tru64's nm complains that /dev/null is an invalid object file case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in */dev/null* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" break 2 ;; *) case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in */dev/null*) lt_cv_path_NM="$tmp_nm -p" break 2 ;; *) lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but continue # so that we can try to find one that supports BSD flags ;; esac ;; esac fi done IFS=$lt_save_ifs done : ${lt_cv_path_NM=no} fi]) if test no != "$lt_cv_path_NM"; then NM=$lt_cv_path_NM else # Didn't find any BSD compatible name lister, look for dumpbin. if test -n "$DUMPBIN"; then : # Let the user override the test. else AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :) case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in *COFF*) DUMPBIN="$DUMPBIN -symbols -headers" ;; *) DUMPBIN=: ;; esac fi AC_SUBST([DUMPBIN]) if test : != "$DUMPBIN"; then NM=$DUMPBIN fi fi test -z "$NM" && NM=nm AC_SUBST([NM]) _LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface], [lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&AS_MESSAGE_LOG_FD (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&AS_MESSAGE_LOG_FD (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD) cat conftest.out >&AS_MESSAGE_LOG_FD if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" fi rm -f conftest*]) ])# LT_PATH_NM # Old names: AU_ALIAS([AM_PROG_NM], [LT_PATH_NM]) AU_ALIAS([AC_PROG_NM], [LT_PATH_NM]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AM_PROG_NM], []) dnl AC_DEFUN([AC_PROG_NM], []) # _LT_CHECK_SHAREDLIB_FROM_LINKLIB # -------------------------------- # how to determine the name of the shared library # associated with a specific link library. # -- PORTME fill in with the dynamic library characteristics m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB], [m4_require([_LT_DECL_EGREP]) m4_require([_LT_DECL_OBJDUMP]) m4_require([_LT_DECL_DLLTOOL]) AC_CACHE_CHECK([how to associate runtime and link libraries], lt_cv_sharedlib_from_linklib_cmd, [lt_cv_sharedlib_from_linklib_cmd='unknown' case $host_os in cygwin* | mingw* | pw32* | cegcc*) # two different shell functions defined in ltmain.sh; # decide which one to use based on capabilities of $DLLTOOL case `$DLLTOOL --help 2>&1` in *--identify-strict*) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib ;; *) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback ;; esac ;; *) # fallback: assume linklib IS sharedlib lt_cv_sharedlib_from_linklib_cmd=$ECHO ;; esac ]) sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO _LT_DECL([], [sharedlib_from_linklib_cmd], [1], [Command to associate shared and link libraries]) ])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB # _LT_PATH_MANIFEST_TOOL # ---------------------- # locate the manifest tool m4_defun([_LT_PATH_MANIFEST_TOOL], [AC_CHECK_TOOL(MANIFEST_TOOL, mt, :) test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool], [lt_cv_path_mainfest_tool=no echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out cat conftest.err >&AS_MESSAGE_LOG_FD if $GREP 'Manifest Tool' conftest.out > /dev/null; then lt_cv_path_mainfest_tool=yes fi rm -f conftest*]) if test yes != "$lt_cv_path_mainfest_tool"; then MANIFEST_TOOL=: fi _LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl ])# _LT_PATH_MANIFEST_TOOL # _LT_DLL_DEF_P([FILE]) # --------------------- # True iff FILE is a Windows DLL '.def' file. # Keep in sync with func_dll_def_p in the libtool script AC_DEFUN([_LT_DLL_DEF_P], [dnl test DEF = "`$SED -n dnl -e '\''s/^[[ ]]*//'\'' dnl Strip leading whitespace -e '\''/^\(;.*\)*$/d'\'' dnl Delete empty lines and comments -e '\''s/^\(EXPORTS\|LIBRARY\)\([[ ]].*\)*$/DEF/p'\'' dnl -e q dnl Only consider the first "real" line $1`" dnl ])# _LT_DLL_DEF_P # LT_LIB_M # -------- # check for math library AC_DEFUN([LT_LIB_M], [AC_REQUIRE([AC_CANONICAL_HOST])dnl LIBM= case $host in *-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*) # These system don't have libm, or don't need it ;; *-ncr-sysv4.3*) AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM=-lmw) AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm") ;; *) AC_CHECK_LIB(m, cos, LIBM=-lm) ;; esac AC_SUBST([LIBM]) ])# LT_LIB_M # Old name: AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_CHECK_LIBM], []) # _LT_COMPILER_NO_RTTI([TAGNAME]) # ------------------------------- m4_defun([_LT_COMPILER_NO_RTTI], [m4_require([_LT_TAG_COMPILER])dnl _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= if test yes = "$GCC"; then case $cc_basename in nvcc*) _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;; *) _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;; esac _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions], lt_cv_prog_compiler_rtti_exceptions, [-fno-rtti -fno-exceptions], [], [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"]) fi _LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1], [Compiler flag to turn off builtin functions]) ])# _LT_COMPILER_NO_RTTI # _LT_CMD_GLOBAL_SYMBOLS # ---------------------- m4_defun([_LT_CMD_GLOBAL_SYMBOLS], [AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([LT_PATH_NM])dnl AC_REQUIRE([LT_PATH_LD])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_TAG_COMPILER])dnl # Check for command to grab the raw symbol name followed by C symbol from nm. AC_MSG_CHECKING([command to parse $NM output from $compiler object]) AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe], [ # These are sane defaults that work on at least a few old systems. # [They come from Ultrix. What could be older than Ultrix?!! ;)] # Character class describing NM global symbol codes. symcode='[[BCDEGRST]]' # Regexp to match symbols that can be accessed directly from C. sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)' # Define system-specific variables. case $host_os in aix*) symcode='[[BCDT]]' ;; cygwin* | mingw* | pw32* | cegcc*) symcode='[[ABCDGISTW]]' ;; hpux*) if test ia64 = "$host_cpu"; then symcode='[[ABCDEGRST]]' fi ;; irix* | nonstopux*) symcode='[[BCDEGRST]]' ;; osf*) symcode='[[BCDEGQRST]]' ;; solaris*) symcode='[[BDRT]]' ;; sco3.2v5*) symcode='[[DT]]' ;; sysv4.2uw2*) symcode='[[DT]]' ;; sysv5* | sco5v6* | unixware* | OpenUNIX*) symcode='[[ABDT]]' ;; sysv4) symcode='[[DFNSTU]]' ;; esac # If we're using GNU nm, then use its standard symbol codes. case `$NM -V 2>&1` in *GNU* | *'with BFD'*) symcode='[[ABCDGIRSTW]]' ;; esac if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Gets list of data symbols to import. lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'" # Adjust the below global symbol transforms to fixup imported variables. lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'" lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'" lt_c_name_lib_hook="\ -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\ -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'" else # Disable hooks by default. lt_cv_sys_global_symbol_to_import= lt_cdecl_hook= lt_c_name_hook= lt_c_name_lib_hook= fi # Transform an extracted symbol line into a proper C declaration. # Some systems (esp. on ia64) link data and code symbols differently, # so use this general approach. lt_cv_sys_global_symbol_to_cdecl="sed -n"\ $lt_cdecl_hook\ " -e 's/^T .* \(.*\)$/extern int \1();/p'"\ " -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'" # Transform an extracted symbol line into symbol name and symbol address lt_cv_sys_global_symbol_to_c_name_address="sed -n"\ $lt_c_name_hook\ " -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ " -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'" # Transform an extracted symbol line into symbol name with lib prefix and # symbol address. lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\ $lt_c_name_lib_hook\ " -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ " -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\ " -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'" # Handle CRLF in mingw tool chain opt_cr= case $build_os in mingw*) opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp ;; esac # Try without a prefix underscore, then with it. for ac_symprfx in "" "_"; do # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. symxfrm="\\1 $ac_symprfx\\2 \\2" # Write the raw and C identifiers. if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Fake it for dumpbin and say T for any non-static function, # D for any global variable and I for any imported variable. # Also find C++ and __fastcall symbols from MSVC++, # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK ['"\ " {last_section=section; section=\$ 3};"\ " /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ " /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ " /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\ " /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\ " /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\ " \$ 0!~/External *\|/{next};"\ " / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ " {if(hide[section]) next};"\ " {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\ " {split(\$ 0,a,/\||\r/); split(a[2],s)};"\ " s[1]~/^[@?]/{print f,s[1],s[1]; next};"\ " s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\ " ' prfx=^$ac_symprfx]" else lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" fi lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" # Check to see that the pipe works correctly. pipe_works=no rm -f conftest* cat > conftest.$ac_ext <<_LT_EOF #ifdef __cplusplus extern "C" { #endif char nm_test_var; void nm_test_func(void); void nm_test_func(void){} #ifdef __cplusplus } #endif int main(){nm_test_var='a';nm_test_func();return(0);} _LT_EOF if AC_TRY_EVAL(ac_compile); then # Now try to grab the symbols. nlist=conftest.nm if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" else rm -f "$nlist"T fi # Make sure that we snagged all the symbols we need. if $GREP ' nm_test_var$' "$nlist" >/dev/null; then if $GREP ' nm_test_func$' "$nlist" >/dev/null; then cat <<_LT_EOF > conftest.$ac_ext /* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ #if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE /* DATA imports from DLLs on WIN32 can't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */ # define LT@&t@_DLSYM_CONST #elif defined __osf__ /* This system does not cope well with relocations in const data. */ # define LT@&t@_DLSYM_CONST #else # define LT@&t@_DLSYM_CONST const #endif #ifdef __cplusplus extern "C" { #endif _LT_EOF # Now generate the symbol file. eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' cat <<_LT_EOF >> conftest.$ac_ext /* The mapping between symbol names and symbols. */ LT@&t@_DLSYM_CONST struct { const char *name; void *address; } lt__PROGRAM__LTX_preloaded_symbols[[]] = { { "@PROGRAM@", (void *) 0 }, _LT_EOF $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext cat <<\_LT_EOF >> conftest.$ac_ext {0, (void *) 0} }; /* This works around a problem in FreeBSD linker */ #ifdef FREEBSD_WORKAROUND static const void *lt_preloaded_setup() { return lt__PROGRAM__LTX_preloaded_symbols; } #endif #ifdef __cplusplus } #endif _LT_EOF # Now try linking the two files. mv conftest.$ac_objext conftstm.$ac_objext lt_globsym_save_LIBS=$LIBS lt_globsym_save_CFLAGS=$CFLAGS LIBS=conftstm.$ac_objext CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)" if AC_TRY_EVAL(ac_link) && test -s conftest$ac_exeext; then pipe_works=yes fi LIBS=$lt_globsym_save_LIBS CFLAGS=$lt_globsym_save_CFLAGS else echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD fi else echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD fi else echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD fi else echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD cat conftest.$ac_ext >&5 fi rm -rf conftest* conftst* # Do not use the global_symbol_pipe unless it works. if test yes = "$pipe_works"; then break else lt_cv_sys_global_symbol_pipe= fi done ]) if test -z "$lt_cv_sys_global_symbol_pipe"; then lt_cv_sys_global_symbol_to_cdecl= fi if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then AC_MSG_RESULT(failed) else AC_MSG_RESULT(ok) fi # Response file support. if test "$lt_cv_nm_interface" = "MS dumpbin"; then nm_file_list_spec='@' elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then nm_file_list_spec='@' fi _LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1], [Take the output of nm and produce a listing of raw symbols and C names]) _LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1], [Transform the output of nm in a proper C declaration]) _LT_DECL([global_symbol_to_import], [lt_cv_sys_global_symbol_to_import], [1], [Transform the output of nm into a list of symbols to manually relocate]) _LT_DECL([global_symbol_to_c_name_address], [lt_cv_sys_global_symbol_to_c_name_address], [1], [Transform the output of nm in a C name address pair]) _LT_DECL([global_symbol_to_c_name_address_lib_prefix], [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1], [Transform the output of nm in a C name address pair when lib prefix is needed]) _LT_DECL([nm_interface], [lt_cv_nm_interface], [1], [The name lister interface]) _LT_DECL([], [nm_file_list_spec], [1], [Specify filename containing input files for $NM]) ]) # _LT_CMD_GLOBAL_SYMBOLS # _LT_COMPILER_PIC([TAGNAME]) # --------------------------- m4_defun([_LT_COMPILER_PIC], [m4_require([_LT_TAG_COMPILER])dnl _LT_TAGVAR(lt_prog_compiler_wl, $1)= _LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_static, $1)= m4_if([$1], [CXX], [ # C++ specific cases for pic, static, wl, etc. if test yes = "$GXX"; then _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' case $host_os in aix*) # All AIX code is PIC. if test ia64 = "$host_cpu"; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but # adding the '-m68020' flag to GCC prevents building anything better, # like '-m68040'. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' ;; esac ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | os2* | pw32* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' ;; *djgpp*) # DJGPP does not support shared libraries at all _LT_TAGVAR(lt_prog_compiler_pic, $1)= ;; haiku*) # PIC is the default for Haiku. # The "-static" flag exists, but is broken. _LT_TAGVAR(lt_prog_compiler_static, $1)= ;; interix[[3-9]]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; sysv4*MP*) if test -d /usr/nec; then _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic fi ;; hpux*) # PIC is the default for 64-bit PA HP-UX, but not for 32-bit # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag # sets the default TLS model and affects inlining. case $host_cpu in hppa*64*) ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac ;; *qnx* | *nto*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac else case $host_os in aix[[4-9]]*) # All AIX code is PIC. if test ia64 = "$host_cpu"; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' else _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' fi ;; chorus*) case $cc_basename in cxch68*) # Green Hills C++ Compiler # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" ;; esac ;; mingw* | cygwin* | os2* | pw32* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; dgux*) case $cc_basename in ec++*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' ;; ghcx*) # Green Hills C++ Compiler _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' ;; *) ;; esac ;; freebsd* | dragonfly*) # FreeBSD uses GNU C++ ;; hpux9* | hpux10* | hpux11*) case $cc_basename in CC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive' if test ia64 != "$host_cpu"; then _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' fi ;; aCC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive' case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' ;; esac ;; *) ;; esac ;; interix*) # This is c89, which is MS Visual C++ (no shared libs) # Anyone wants to do a port? ;; irix5* | irix6* | nonstopux*) case $cc_basename in CC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' # CC pic flag -KPIC is the default. ;; *) ;; esac ;; linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) case $cc_basename in KCC*) # KAI C++ Compiler _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; ecpc* ) # old Intel C++ for x86_64, which still supported -KPIC. _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; icpc* ) # Intel C++, used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; pgCC* | pgcpp*) # Portland Group C++ compiler _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; cxx*) # Compaq C++ # Make sure the PIC flag is empty. It appears that all Alpha # Linux and Compaq Tru64 Unix objects are PIC. _LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL 8.0, 9.0 on PPC and BlueGene _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' ;; esac ;; esac ;; lynxos*) ;; m88k*) ;; mvs*) case $cc_basename in cxx*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall' ;; *) ;; esac ;; netbsd*) ;; *qnx* | *nto*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; osf3* | osf4* | osf5*) case $cc_basename in KCC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' ;; RCC*) # Rational C++ 2.4.1 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' ;; cxx*) # Digital/Compaq C++ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # Make sure the PIC flag is empty. It appears that all Alpha # Linux and Compaq Tru64 Unix objects are PIC. _LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; *) ;; esac ;; psos*) ;; solaris*) case $cc_basename in CC* | sunCC*) # Sun C++ 4.2, 5.x and Centerline C++ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' ;; gcx*) # Green Hills C++ Compiler _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' ;; *) ;; esac ;; sunos4*) case $cc_basename in CC*) # Sun C++ 4.x _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; lcc*) # Lucid _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' ;; *) ;; esac ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) case $cc_basename in CC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; esac ;; tandem*) case $cc_basename in NCC*) # NonStop-UX NCC 3.20 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' ;; *) ;; esac ;; vxworks*) ;; *) _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no ;; esac fi ], [ if test yes = "$GCC"; then _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' case $host_os in aix*) # All AIX code is PIC. if test ia64 = "$host_cpu"; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but # adding the '-m68020' flag to GCC prevents building anything better, # like '-m68040'. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' ;; esac ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' ;; haiku*) # PIC is the default for Haiku. # The "-static" flag exists, but is broken. _LT_TAGVAR(lt_prog_compiler_static, $1)= ;; hpux*) # PIC is the default for 64-bit PA HP-UX, but not for 32-bit # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag # sets the default TLS model and affects inlining. case $host_cpu in hppa*64*) # +Z the default ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac ;; interix[[3-9]]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; msdosdjgpp*) # Just because we use GCC doesn't mean we suddenly get shared libraries # on systems that don't support them. _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no enable_shared=no ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; sysv4*MP*) if test -d /usr/nec; then _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic fi ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac case $cc_basename in nvcc*) # Cuda Compiler Driver 2.2 _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker ' if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)" fi ;; esac else # PORTME Check for flag to pass linker flags through the system compiler. case $host_os in aix*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' if test ia64 = "$host_cpu"; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' else _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' fi ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' case $cc_basename in nagfor*) # NAG Fortran compiler _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; esac ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; hpux9* | hpux10* | hpux11*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' ;; esac # Is there a better lt_prog_compiler_static that works with the bundled CC? _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive' ;; irix5* | irix6* | nonstopux*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # PIC (with -KPIC) is the default. _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) case $cc_basename in # old Intel for x86_64, which still supported -KPIC. ecc*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; # icc used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. icc* | ifort*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; # Lahey Fortran 8.1. lf95*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared' _LT_TAGVAR(lt_prog_compiler_static, $1)='--static' ;; nagfor*) # NAG Fortran compiler _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; tcc*) # Fabrice Bellard et al's Tiny C Compiler _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; ccc*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # All Alpha code is PIC. _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; xl* | bgxl* | bgf* | mpixl*) # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*) # Sun Fortran 8.3 passes all unrecognized flags to the linker _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='' ;; *Sun\ F* | *Sun*Fortran*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' ;; *Sun\ C*) # Sun C 5.9 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' ;; *Intel*\ [[CF]]*Compiler*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; *Portland\ Group*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; esac ;; esac ;; newsos6) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; osf3* | osf4* | osf5*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # All OSF/1 code is PIC. _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; rdos*) _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; solaris*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' case $cc_basename in f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';; *) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';; esac ;; sunos4*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; sysv4 | sysv4.2uw2* | sysv4.3*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; sysv4*MP*) if test -d /usr/nec; then _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; unicos*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no ;; uts4*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; *) _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no ;; esac fi ]) case $host_os in # For platforms that do not support PIC, -DPIC is meaningless: *djgpp*) _LT_TAGVAR(lt_prog_compiler_pic, $1)= ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])" ;; esac AC_CACHE_CHECK([for $compiler option to produce PIC], [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)], [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)]) _LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1) # # Check to make sure the PIC flag actually works. # if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works], [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)], [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [], [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in "" | " "*) ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;; esac], [_LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no]) fi _LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1], [Additional compiler flags for building library objects]) _LT_TAGDECL([wl], [lt_prog_compiler_wl], [1], [How to pass a linker flag through the compiler]) # # Check to make sure the static flag actually works. # wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\" _LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works], _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1), $lt_tmp_static_flag, [], [_LT_TAGVAR(lt_prog_compiler_static, $1)=]) _LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1], [Compiler flag to prevent dynamic linking]) ])# _LT_COMPILER_PIC # _LT_LINKER_SHLIBS([TAGNAME]) # ---------------------------- # See if the linker supports building shared libraries. m4_defun([_LT_LINKER_SHLIBS], [AC_REQUIRE([LT_PATH_LD])dnl AC_REQUIRE([LT_PATH_NM])dnl m4_require([_LT_PATH_MANIFEST_TOOL])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl m4_require([_LT_TAG_COMPILER])dnl AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) m4_if([$1], [CXX], [ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] case $host_os in aix[[4-9]]*) # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm # Also, AIX nm treats weak defined symbols like other global defined # symbols, whereas GNU nm marks them as "W". if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi ;; pw32*) _LT_TAGVAR(export_symbols_cmds, $1)=$ltdll_cmds ;; cygwin* | mingw* | cegcc*) case $cc_basename in cl*) _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] ;; esac ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' ;; esac ], [ runpath_var= _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_cmds, $1)= _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(compiler_needs_object, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(old_archive_from_new_cmds, $1)= _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)= _LT_TAGVAR(thread_safe_flag_spec, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= # include_expsyms should be a list of space-separated symbols to be *always* # included in the symbol list _LT_TAGVAR(include_expsyms, $1)= # exclude_expsyms can be an extended regexp of symbols to exclude # it will be wrapped by ' (' and ')$', so one must not match beginning or # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc', # as well as any symbol that contains 'd'. _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if # the symbol is explicitly referenced. Since portable code cannot # rely on this symbol name, it's probably fine to never include it in # preloaded symbol tables. # Exclude shared library initialization/finalization symbols. dnl Note also adjust exclude_expsyms for C++ above. extract_expsyms_cmds= case $host_os in cygwin* | mingw* | pw32* | cegcc*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. if test yes != "$GCC"; then with_gnu_ld=no fi ;; interix*) # we just hope/assume this is gcc and not c89 (= MSVC++) with_gnu_ld=yes ;; openbsd* | bitrig*) with_gnu_ld=no ;; esac _LT_TAGVAR(ld_shlibs, $1)=yes # On some targets, GNU ld is compatible enough with the native linker # that we're better off using the native interface for both. lt_use_gnu_ld_interface=no if test yes = "$with_gnu_ld"; then case $host_os in aix*) # The AIX port of GNU ld has always aspired to compatibility # with the native linker. However, as the warning in the GNU ld # block says, versions before 2.19.5* couldn't really create working # shared libraries, regardless of the interface used. case `$LD -v 2>&1` in *\ \(GNU\ Binutils\)\ 2.19.5*) ;; *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;; *\ \(GNU\ Binutils\)\ [[3-9]]*) ;; *) lt_use_gnu_ld_interface=yes ;; esac ;; *) lt_use_gnu_ld_interface=yes ;; esac fi if test yes = "$lt_use_gnu_ld_interface"; then # If archive_cmds runs LD, not CC, wlarc should be empty wlarc='$wl' # Set some defaults for GNU ld with shared library support. These # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' else _LT_TAGVAR(whole_archive_flag_spec, $1)= fi supports_anon_versioning=no case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in *GNU\ gold*) supports_anon_versioning=yes ;; *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... *\ 2.11.*) ;; # other 2.11 versions *) supports_anon_versioning=yes ;; esac # See if GNU ld supports shared libraries. case $host_os in aix[[3-9]]*) # On AIX/PPC, the GNU linker is very broken if test ia64 != "$host_cpu"; then _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 *** Warning: the GNU linker, at least up to release 2.19, is reported *** to be unable to reliably create shared libraries on AIX. *** Therefore, libtool is disabling shared libraries support. If you *** really care for shared libraries, you may want to install binutils *** 2.20 or above, or modify your PATH so that a non-GNU linker is found. *** You will then need to restart the configuration process. _LT_EOF fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='' ;; m68k) _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes ;; esac ;; beos*) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; cygwin* | mingw* | pw32* | cegcc*) # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file, use it as # is; otherwise, prepend EXPORTS... _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; haiku*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(link_all_deplibs, $1)=yes ;; interix[[3-9]]*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) tmp_diet=no if test linux-dietlibc = "$host_os"; then case $cc_basename in diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) esac fi if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ && test no = "$tmp_diet" then tmp_addflag=' $pic_flag' tmp_sharedflag='-shared' case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' tmp_addflag=' $pic_flag' ;; pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group f77 and f90 compilers _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 tmp_addflag=' -i_dynamic -nofor_main' ;; ifc* | ifort*) # Intel Fortran compiler tmp_addflag=' -nofor_main' ;; lf95*) # Lahey Fortran 8.1 _LT_TAGVAR(whole_archive_flag_spec, $1)= tmp_sharedflag='--shared' ;; nagfor*) # NAGFOR 5.3 tmp_sharedflag='-Wl,-shared' ;; xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below) tmp_sharedflag='-qmkshrobj' tmp_addflag= ;; nvcc*) # Cuda Compiler Driver 2.2 _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 tmp_sharedflag='-G' ;; esac _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' if test yes = "$supports_anon_versioning"; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' fi case $cc_basename in xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' if test yes = "$supports_anon_versioning"; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' fi ;; esac else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' fi ;; solaris*) if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 *** Warning: The releases 2.8.* of the GNU linker cannot reliably *** create shared libraries on Solaris systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.9.1 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) case `$LD -v 2>&1` in *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 *** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot *** reliably create shared libraries on SCO systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.16.91.0.3 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF ;; *) # For security reasons, it is highly recommended that you always # use absolute paths for naming shared libraries, and exclude the # DT_RUNPATH tag from executables and libraries. But doing so # requires that you compile everything twice, which is a pain. if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; sunos4*) _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' wlarc= _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac if test no = "$_LT_TAGVAR(ld_shlibs, $1)"; then runpath_var= _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= fi else # PORTME fill in a description of your system's linker (not GNU ld) case $host_os in aix3*) _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=yes _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. _LT_TAGVAR(hardcode_minus_L, $1)=yes if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. _LT_TAGVAR(hardcode_direct, $1)=unsupported fi ;; aix[[4-9]]*) if test ia64 = "$host_cpu"; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag= else # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm # Also, AIX nm treats weak defined symbols like other global # defined symbols, whereas GNU nm marks them as "W". if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) for ld_flag in $LDFLAGS; do if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then aix_use_runtimelinking=yes break fi done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. _LT_TAGVAR(archive_cmds, $1)='' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(file_list_spec, $1)='$wl-f,' if test yes = "$GCC"; then case $host_os in aix4.[[012]]|aix4.[[012]].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`$CC -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 _LT_TAGVAR(hardcode_direct, $1)=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)= fi ;; esac shared_flag='-shared' if test yes = "$aix_use_runtimelinking"; then shared_flag="$shared_flag "'$wl-G' fi else # not using gcc if test ia64 = "$host_cpu"; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test yes = "$aix_use_runtimelinking"; then shared_flag='$wl-G' else shared_flag='$wl-bM:SRE' fi fi fi _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. _LT_TAGVAR(always_export_symbols, $1)=yes if test yes = "$aix_use_runtimelinking"; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. _LT_TAGVAR(allow_undefined_flag, $1)='-berok' # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX([$1]) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag else if test ia64 = "$host_cpu"; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib' _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX([$1]) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok' _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok' if test yes = "$with_gnu_ld"; then # We only use this code for GNU lds that support --whole-archive. _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive' else # Exported symbols can be pulled into shared objects from archives _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' fi _LT_TAGVAR(archive_cmds_need_lc, $1)=yes # This is similar to how AIX traditionally builds its shared libraries. _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $wl-bnoentry $compiler_flags $wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='' ;; m68k) _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes ;; esac ;; bsdi[[45]]*) _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic ;; cygwin* | mingw* | pw32* | cegcc*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. case $cc_basename in cl*) # Native MSVC _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=yes _LT_TAGVAR(file_list_spec, $1)='@' # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=.dll # FIXME: Setting linknames here is a bad hack. _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then cp "$export_symbols" "$output_objdir/$soname.def"; echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; else $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; fi~ $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' # Don't use ranlib _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ lt_tool_outputfile="@TOOL_OUTPUT@"~ case $lt_outputfile in *.exe|*.EXE) ;; *) lt_outputfile=$lt_outputfile.exe lt_tool_outputfile=$lt_tool_outputfile.exe ;; esac~ if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; $RM "$lt_outputfile.manifest"; fi' ;; *) # Assume MSVC wrapper _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=.dll # FIXME: Setting linknames here is a bad hack. _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' # FIXME: Should let the user specify the lib program. _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes ;; esac ;; darwin* | rhapsody*) _LT_DARWIN_LINKER_FEATURES($1) ;; dgux*) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor # support. Future versions do this automatically, but an explicit c++rt0.o # does not break anything, and helps significantly (at the cost of a little # extra space). freebsd2.2*) _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; # Unfortunately, older versions of FreeBSD 2 do not have this feature. freebsd2.*) _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; # FreeBSD 3 and greater uses gcc -shared to do shared libraries. freebsd* | dragonfly*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; hpux9*) if test yes = "$GCC"; then _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' else _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_direct, $1)=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' ;; hpux10*) if test yes,no = "$GCC,$with_gnu_ld"; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi if test no = "$with_gnu_ld"; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_TAGVAR(hardcode_minus_L, $1)=yes fi ;; hpux11*) if test yes,no = "$GCC,$with_gnu_ld"; then case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac else case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) m4_if($1, [], [ # Older versions of the 11.00 compiler do not understand -b yet # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) _LT_LINKER_OPTION([if $CC understands -b], _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b], [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'], [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])], [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags']) ;; esac fi if test no = "$with_gnu_ld"; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: case $host_cpu in hppa*64*|ia64*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_TAGVAR(hardcode_minus_L, $1)=yes ;; esac fi ;; irix5* | irix6* | nonstopux*) if test yes = "$GCC"; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' # Try to use the -exported_symbol ld option, if it does not # work, assume that -exports_file does not work either and # implicitly export all symbols. # This should be the same for all languages, so no per-tag cache variable. AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol], [lt_cv_irix_exported_symbol], [save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null" AC_LINK_IFELSE( [AC_LANG_SOURCE( [AC_LANG_CASE([C], [[int foo (void) { return 0; }]], [C++], [[int foo (void) { return 0; }]], [Fortran 77], [[ subroutine foo end]], [Fortran], [[ subroutine foo end]])])], [lt_cv_irix_exported_symbol=yes], [lt_cv_irix_exported_symbol=no]) LDFLAGS=$save_LDFLAGS]) if test yes = "$lt_cv_irix_exported_symbol"; then _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' fi else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(inherit_rpath, $1)=yes _LT_TAGVAR(link_all_deplibs, $1)=yes ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else _LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; newsos6) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *nto* | *qnx*) ;; openbsd* | bitrig*) if test -f /usr/libexec/ld.so; then _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=yes if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' fi else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; os2*) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' ;; osf3*) if test yes = "$GCC"; then _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' else _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: ;; osf4* | osf5*) # as osf3* with the addition of -msym flag if test yes = "$GCC"; then _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' else _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp' # Both c and cxx compiler support -rpath directly _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' _LT_TAGVAR(hardcode_libdir_separator, $1)=: ;; solaris*) _LT_TAGVAR(no_undefined_flag, $1)=' -z defs' if test yes = "$GCC"; then wlarc='$wl' _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' else case `$CC -V 2>&1` in *"Compilers 5.0"*) wlarc='' _LT_TAGVAR(archive_cmds, $1)='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' ;; *) wlarc='$wl' _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' ;; esac fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands '-z linker_flag'. GCC discards it without '$wl', # but is careful enough not to reorder. # Supported since Solaris 2.6 (maybe 2.5.1?) if test yes = "$GCC"; then _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' else _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' fi ;; esac _LT_TAGVAR(link_all_deplibs, $1)=yes ;; sunos4*) if test sequent = "$host_vendor"; then # Use $CC to link under sequent, because it throws in some extra .o # files that make .init and .fini sections work. _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; sysv4) case $host_vendor in sni) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true??? ;; siemens) ## LD is ld it makes a PLAMLIB ## CC just makes a GrossModule. _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs' _LT_TAGVAR(hardcode_direct, $1)=no ;; motorola) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie ;; esac runpath_var='LD_RUN_PATH' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; sysv4.3*) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport' ;; sysv4*MP*) if test -d /usr/nec; then _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var=LD_RUN_PATH hardcode_runpath_var=yes _LT_TAGVAR(ld_shlibs, $1)=yes fi ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var='LD_RUN_PATH' if test yes = "$GCC"; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We CANNOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport' runpath_var='LD_RUN_PATH' if test yes = "$GCC"; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; uts4*) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) _LT_TAGVAR(ld_shlibs, $1)=no ;; esac if test sni = "$host_vendor"; then case $host in sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Blargedynsym' ;; esac fi fi ]) AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no _LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld _LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl _LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl _LT_DECL([], [extract_expsyms_cmds], [2], [The commands to extract the exported symbol list from a shared archive]) # # Do we need to explicitly link libc? # case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in x|xyes) # Assume -lc should be added _LT_TAGVAR(archive_cmds_need_lc, $1)=yes if test yes,yes = "$GCC,$enable_shared"; then case $_LT_TAGVAR(archive_cmds, $1) in *'~'*) # FIXME: we may have to deal with multi-command sequences. ;; '$CC '*) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. AC_CACHE_CHECK([whether -lc should be explicitly linked in], [lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1), [$RM conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext if AC_TRY_EVAL(ac_compile) 2>conftest.err; then soname=conftest lib=conftest libobjs=conftest.$ac_objext deplibs= wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1) compiler_flags=-v linker_flags=-v verstring= output_objdir=. libname=conftest lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1) _LT_TAGVAR(allow_undefined_flag, $1)= if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) then lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no else lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes fi _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag else cat conftest.err 1>&5 fi $RM conftest* ]) _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1) ;; esac fi ;; esac _LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0], [Whether or not to add -lc for building shared libraries]) _LT_TAGDECL([allow_libtool_libs_with_static_runtimes], [enable_shared_with_static_runtimes], [0], [Whether or not to disallow shared libs when runtime libs are static]) _LT_TAGDECL([], [export_dynamic_flag_spec], [1], [Compiler flag to allow reflexive dlopens]) _LT_TAGDECL([], [whole_archive_flag_spec], [1], [Compiler flag to generate shared objects directly from archives]) _LT_TAGDECL([], [compiler_needs_object], [1], [Whether the compiler copes with passing no objects directly]) _LT_TAGDECL([], [old_archive_from_new_cmds], [2], [Create an old-style archive from a shared archive]) _LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2], [Create a temporary old-style archive to link instead of a shared archive]) _LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive]) _LT_TAGDECL([], [archive_expsym_cmds], [2]) _LT_TAGDECL([], [module_cmds], [2], [Commands used to build a loadable module if different from building a shared archive.]) _LT_TAGDECL([], [module_expsym_cmds], [2]) _LT_TAGDECL([], [with_gnu_ld], [1], [Whether we are building with GNU ld or not]) _LT_TAGDECL([], [allow_undefined_flag], [1], [Flag that allows shared libraries with undefined symbols to be built]) _LT_TAGDECL([], [no_undefined_flag], [1], [Flag that enforces no undefined symbols]) _LT_TAGDECL([], [hardcode_libdir_flag_spec], [1], [Flag to hardcode $libdir into a binary during linking. This must work even if $libdir does not exist]) _LT_TAGDECL([], [hardcode_libdir_separator], [1], [Whether we need a single "-rpath" flag with a separated argument]) _LT_TAGDECL([], [hardcode_direct], [0], [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes DIR into the resulting binary]) _LT_TAGDECL([], [hardcode_direct_absolute], [0], [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes DIR into the resulting binary and the resulting library dependency is "absolute", i.e impossible to change by setting $shlibpath_var if the library is relocated]) _LT_TAGDECL([], [hardcode_minus_L], [0], [Set to "yes" if using the -LDIR flag during linking hardcodes DIR into the resulting binary]) _LT_TAGDECL([], [hardcode_shlibpath_var], [0], [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into the resulting binary]) _LT_TAGDECL([], [hardcode_automatic], [0], [Set to "yes" if building a shared library automatically hardcodes DIR into the library and all subsequent libraries and executables linked against it]) _LT_TAGDECL([], [inherit_rpath], [0], [Set to yes if linker adds runtime paths of dependent libraries to runtime path list]) _LT_TAGDECL([], [link_all_deplibs], [0], [Whether libtool must link a program against all its dependency libraries]) _LT_TAGDECL([], [always_export_symbols], [0], [Set to "yes" if exported symbols are required]) _LT_TAGDECL([], [export_symbols_cmds], [2], [The commands to list exported symbols]) _LT_TAGDECL([], [exclude_expsyms], [1], [Symbols that should not be listed in the preloaded symbols]) _LT_TAGDECL([], [include_expsyms], [1], [Symbols that must always be exported]) _LT_TAGDECL([], [prelink_cmds], [2], [Commands necessary for linking programs (against libraries) with templates]) _LT_TAGDECL([], [postlink_cmds], [2], [Commands necessary for finishing linking programs]) _LT_TAGDECL([], [file_list_spec], [1], [Specify filename containing input files]) dnl FIXME: Not yet implemented dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1], dnl [Compiler flag to generate thread safe objects]) ])# _LT_LINKER_SHLIBS # _LT_LANG_C_CONFIG([TAG]) # ------------------------ # Ensure that the configuration variables for a C compiler are suitably # defined. These variables are subsequently used by _LT_CONFIG to write # the compiler configuration to 'libtool'. m4_defun([_LT_LANG_C_CONFIG], [m4_require([_LT_DECL_EGREP])dnl lt_save_CC=$CC AC_LANG_PUSH(C) # Source file extension for C test sources. ac_ext=c # Object file extension for compiled C test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests lt_simple_link_test_code='int main(){return(0);}' _LT_TAG_COMPILER # Save the default compiler, since it gets overwritten when the other # tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. compiler_DEFAULT=$CC # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... if test -n "$compiler"; then _LT_COMPILER_NO_RTTI($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) LT_SYS_DLOPEN_SELF _LT_CMD_STRIPLIB # Report what library types will actually be built AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) test no = "$can_build_shared" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test yes = "$enable_shared" && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) if test ia64 != "$host_cpu" && test no = "$aix_use_runtimelinking"; then test yes = "$enable_shared" && enable_static=no fi ;; esac AC_MSG_RESULT([$enable_shared]) AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. test yes = "$enable_shared" || enable_static=yes AC_MSG_RESULT([$enable_static]) _LT_CONFIG($1) fi AC_LANG_POP CC=$lt_save_CC ])# _LT_LANG_C_CONFIG # _LT_LANG_CXX_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for a C++ compiler are suitably # defined. These variables are subsequently used by _LT_CONFIG to write # the compiler configuration to 'libtool'. m4_defun([_LT_LANG_CXX_CONFIG], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_PATH_MANIFEST_TOOL])dnl if test -n "$CXX" && ( test no != "$CXX" && ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) || (test g++ != "$CXX"))); then AC_PROG_CXXCPP else _lt_caught_CXX_error=yes fi AC_LANG_PUSH(C++) _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(compiler_needs_object, $1)=no _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no # Source file extension for C++ test sources. ac_ext=cpp # Object file extension for compiled C++ test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # No sense in running all these tests if we already determined that # the CXX compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. if test yes != "$_lt_caught_CXX_error"; then # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }' # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC=$CC lt_save_CFLAGS=$CFLAGS lt_save_LD=$LD lt_save_GCC=$GCC GCC=$GXX lt_save_with_gnu_ld=$with_gnu_ld lt_save_path_LD=$lt_cv_path_LD if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx else $as_unset lt_cv_prog_gnu_ld fi if test -n "${lt_cv_path_LDCXX+set}"; then lt_cv_path_LD=$lt_cv_path_LDCXX else $as_unset lt_cv_path_LD fi test -z "${LDCXX+set}" || LD=$LDCXX CC=${CXX-"c++"} CFLAGS=$CXXFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) if test -n "$compiler"; then # We don't want -fno-exception when compiling C++ code, so set the # no_builtin_flag separately if test yes = "$GXX"; then _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' else _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= fi if test yes = "$GXX"; then # Set up default GNU C++ configuration LT_PATH_LD # Check if GNU C++ uses GNU ld as the underlying linker, since the # archiving commands below assume that GNU ld is being used. if test yes = "$with_gnu_ld"; then _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' # If archive_cmds runs LD, not CC, wlarc should be empty # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to # investigate it a little bit more. (MM) wlarc='$wl' # ancient GNU ld didn't support --whole-archive et. al. if eval "`$CC -print-prog-name=ld` --help 2>&1" | $GREP 'no-whole-archive' > /dev/null; then _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' else _LT_TAGVAR(whole_archive_flag_spec, $1)= fi else with_gnu_ld=no wlarc= # A generic and very simple default shared library creation # command for GNU C++ for the case where it uses the native # linker, instead of GNU ld. If possible, this setting should # overridden to take advantage of the native linker features on # the platform it is being used on. _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' fi # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' else GXX=no with_gnu_ld=no wlarc= fi # PORTME: fill in a description of your system's C++ link characteristics AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) _LT_TAGVAR(ld_shlibs, $1)=yes case $host_os in aix3*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; aix[[4-9]]*) if test ia64 = "$host_cpu"; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag= else aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) for ld_flag in $LDFLAGS; do case $ld_flag in *-brtl*) aix_use_runtimelinking=yes break ;; esac done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. _LT_TAGVAR(archive_cmds, $1)='' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(file_list_spec, $1)='$wl-f,' if test yes = "$GXX"; then case $host_os in aix4.[[012]]|aix4.[[012]].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`$CC -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 _LT_TAGVAR(hardcode_direct, $1)=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)= fi esac shared_flag='-shared' if test yes = "$aix_use_runtimelinking"; then shared_flag=$shared_flag' $wl-G' fi else # not using gcc if test ia64 = "$host_cpu"; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test yes = "$aix_use_runtimelinking"; then shared_flag='$wl-G' else shared_flag='$wl-bM:SRE' fi fi fi _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to # export. _LT_TAGVAR(always_export_symbols, $1)=yes if test yes = "$aix_use_runtimelinking"; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. _LT_TAGVAR(allow_undefined_flag, $1)='-berok' # Determine the default libpath from the value encoded in an empty # executable. _LT_SYS_MODULE_PATH_AIX([$1]) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag else if test ia64 = "$host_cpu"; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib' _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX([$1]) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok' _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok' if test yes = "$with_gnu_ld"; then # We only use this code for GNU lds that support --whole-archive. _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive' else # Exported symbols can be pulled into shared objects from archives _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' fi _LT_TAGVAR(archive_cmds_need_lc, $1)=yes # This is similar to how AIX traditionally builds its shared # libraries. _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $wl-bnoentry $compiler_flags $wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; beos*) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; chorus*) case $cc_basename in *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; cygwin* | mingw* | pw32* | cegcc*) case $GXX,$cc_basename in ,cl* | no,cl*) # Native MSVC # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=yes _LT_TAGVAR(file_list_spec, $1)='@' # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=.dll # FIXME: Setting linknames here is a bad hack. _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then cp "$export_symbols" "$output_objdir/$soname.def"; echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; else $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; fi~ $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes # Don't use ranlib _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ lt_tool_outputfile="@TOOL_OUTPUT@"~ case $lt_outputfile in *.exe|*.EXE) ;; *) lt_outputfile=$lt_outputfile.exe lt_tool_outputfile=$lt_tool_outputfile.exe ;; esac~ func_to_tool_file "$lt_outputfile"~ if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; $RM "$lt_outputfile.manifest"; fi' ;; *) # g++ # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file, use it as # is; otherwise, prepend EXPORTS... _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; darwin* | rhapsody*) _LT_DARWIN_LINKER_FEATURES($1) ;; dgux*) case $cc_basename in ec++*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; ghcx*) # Green Hills C++ Compiler # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; freebsd2.*) # C++ shared libraries reported to be fairly broken before # switch to ELF _LT_TAGVAR(ld_shlibs, $1)=no ;; freebsd-elf*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;; freebsd* | dragonfly*) # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF # conventions _LT_TAGVAR(ld_shlibs, $1)=yes ;; haiku*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(link_all_deplibs, $1)=yes ;; hpux9*) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, # but as the default # location of the library. case $cc_basename in CC*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; aCC*) _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test yes = "$GXX"; then _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' else # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; hpux10*|hpux11*) if test no = "$with_gnu_ld"; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: case $host_cpu in hppa*64*|ia64*) ;; *) _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' ;; esac fi case $host_cpu in hppa*64*|ia64*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, # but as the default # location of the library. ;; esac case $cc_basename in CC*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; aCC*) case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; esac # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test yes = "$GXX"; then if test no = "$with_gnu_ld"; then case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; esac fi else # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; interix[[3-9]]*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; irix5* | irix6*) case $cc_basename in CC*) # SGI C++ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' # Archives containing C++ object files must be created using # "CC -ar", where "CC" is the IRIX C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs' ;; *) if test yes = "$GXX"; then if test no = "$with_gnu_ld"; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib' fi fi _LT_TAGVAR(link_all_deplibs, $1)=yes ;; esac _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(inherit_rpath, $1)=yes ;; linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) case $cc_basename in KCC*) # Kuck and Associates, Inc. (KAI) C++ Compiler # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' # Archives containing C++ object files must be created using # "CC -Bstatic", where "CC" is the KAI C++ compiler. _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; icpc* | ecpc* ) # Intel C++ with_gnu_ld=yes # version 8.0 and above of icpc choke on multiply defined symbols # if we add $predep_objects and $postdep_objects, however 7.1 and # earlier do not add the objects themselves. case `$CC -V 2>&1` in *"Version 7."*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' ;; *) # Version 8.0 or newer tmp_idyn= case $host_cpu in ia64*) tmp_idyn=' -i_dynamic';; esac _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' ;; esac _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive' ;; pgCC* | pgcpp*) # Portland Group C++ compiler case `$CC -V` in *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*) _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ $RANLIB $oldlib' _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' ;; *) # Version 6 and above use weak symbols _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' ;; esac _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl--rpath $wl$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' ;; cxx*) # Compaq C++ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib $wl-retain-symbols-file $wl$export_symbols' runpath_var=LD_RUN_PATH _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed' ;; xl* | mpixl* | bgxl*) # IBM XL 8.0 on PPC, with GNU ld _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' if test yes = "$supports_anon_versioning"; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' fi ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes # Not sure whether something based on # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 # would be better. output_verbose_link_cmd='func_echo_all' # Archives containing C++ object files must be created using # "CC -xar", where "CC" is the Sun C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' ;; esac ;; esac ;; lynxos*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; m88k*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; mvs*) case $cc_basename in cxx*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' wlarc= _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no fi # Workaround some broken pre-1.5 toolchains output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' ;; *nto* | *qnx*) _LT_TAGVAR(ld_shlibs, $1)=yes ;; openbsd* | bitrig*) if test -f /usr/libexec/ld.so; then _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib' _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' fi output_verbose_link_cmd=func_echo_all else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; osf3* | osf4* | osf5*) case $cc_basename in KCC*) # Kuck and Associates, Inc. (KAI) C++ Compiler # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Archives containing C++ object files must be created using # the KAI C++ compiler. case $host in osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;; esac ;; RCC*) # Rational C++ 2.4.1 # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; cxx*) case $host in osf3*) _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' ;; *) _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ echo "-hidden">> $lib.exp~ $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~ $RM $lib.exp' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' ;; esac _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test yes,no = "$GXX,$with_gnu_ld"; then _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' case $host in osf3*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' ;; esac _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' else # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; psos*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; sunos4*) case $cc_basename in CC*) # Sun C++ 4.x # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; lcc*) # Lucid # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; solaris*) case $cc_basename in CC* | sunCC*) # Sun C++ 4.2, 5.x and Centerline C++ _LT_TAGVAR(archive_cmds_need_lc,$1)=yes _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands '-z linker_flag'. # Supported since Solaris 2.6 (maybe 2.5.1?) _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' ;; esac _LT_TAGVAR(link_all_deplibs, $1)=yes output_verbose_link_cmd='func_echo_all' # Archives containing C++ object files must be created using # "CC -xar", where "CC" is the Sun C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' ;; gcx*) # Green Hills C++ Compiler _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' # The C++ compiler must be used to create the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs' ;; *) # GNU C++ compiler with Solaris linker if test yes,no = "$GXX,$with_gnu_ld"; then _LT_TAGVAR(no_undefined_flag, $1)=' $wl-z ${wl}defs' if $CC --version | $GREP -v '^2\.7' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' else # g++ 2.7 appears to require '-G' NOT '-shared' on this # platform. _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir' case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' ;; esac fi ;; esac ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var='LD_RUN_PATH' case $cc_basename in CC*) _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; esac ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We CANNOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport' runpath_var='LD_RUN_PATH' case $cc_basename in CC*) _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~ '"$_LT_TAGVAR(old_archive_cmds, $1)" _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~ '"$_LT_TAGVAR(reload_cmds, $1)" ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; esac ;; tandem*) case $cc_basename in NCC*) # NonStop-UX NCC 3.20 # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; vxworks*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no _LT_TAGVAR(GCC, $1)=$GXX _LT_TAGVAR(LD, $1)=$LD ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... _LT_SYS_HIDDEN_LIBDEPS($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi # test -n "$compiler" CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS LDCXX=$LD LD=$lt_save_LD GCC=$lt_save_GCC with_gnu_ld=$lt_save_with_gnu_ld lt_cv_path_LDCXX=$lt_cv_path_LD lt_cv_path_LD=$lt_save_path_LD lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld fi # test yes != "$_lt_caught_CXX_error" AC_LANG_POP ])# _LT_LANG_CXX_CONFIG # _LT_FUNC_STRIPNAME_CNF # ---------------------- # func_stripname_cnf prefix suffix name # strip PREFIX and SUFFIX off of NAME. # PREFIX and SUFFIX must not contain globbing or regex special # characters, hashes, percent signs, but SUFFIX may contain a leading # dot (in which case that matches only a dot). # # This function is identical to the (non-XSI) version of func_stripname, # except this one can be used by m4 code that may be executed by configure, # rather than the libtool script. m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl AC_REQUIRE([_LT_DECL_SED]) AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH]) func_stripname_cnf () { case @S|@2 in .*) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%\\\\@S|@2\$%%"`;; *) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%@S|@2\$%%"`;; esac } # func_stripname_cnf ])# _LT_FUNC_STRIPNAME_CNF # _LT_SYS_HIDDEN_LIBDEPS([TAGNAME]) # --------------------------------- # Figure out "hidden" library dependencies from verbose # compiler output when linking a shared library. # Parse the compiler output and extract the necessary # objects, libraries and library flags. m4_defun([_LT_SYS_HIDDEN_LIBDEPS], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl # Dependencies to place before and after the object being linked: _LT_TAGVAR(predep_objects, $1)= _LT_TAGVAR(postdep_objects, $1)= _LT_TAGVAR(predeps, $1)= _LT_TAGVAR(postdeps, $1)= _LT_TAGVAR(compiler_lib_search_path, $1)= dnl we can't use the lt_simple_compile_test_code here, dnl because it contains code intended for an executable, dnl not a library. It's possible we should let each dnl tag define a new lt_????_link_test_code variable, dnl but it's only used here... m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF int a; void foo (void) { a = 0; } _LT_EOF ], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF class Foo { public: Foo (void) { a = 0; } private: int a; }; _LT_EOF ], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF subroutine foo implicit none integer*4 a a=0 return end _LT_EOF ], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF subroutine foo implicit none integer a a=0 return end _LT_EOF ], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF public class foo { private int a; public void bar (void) { a = 0; } }; _LT_EOF ], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF package foo func foo() { } _LT_EOF ]) _lt_libdeps_save_CFLAGS=$CFLAGS case "$CC $CFLAGS " in #( *\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;; *\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;; *\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;; esac dnl Parse the compiler output and extract the necessary dnl objects, libraries and library flags. if AC_TRY_EVAL(ac_compile); then # Parse the compiler output and extract the necessary # objects, libraries and library flags. # Sentinel used to keep track of whether or not we are before # the conftest object file. pre_test_object_deps_done=no for p in `eval "$output_verbose_link_cmd"`; do case $prev$p in -L* | -R* | -l*) # Some compilers place space between "-{L,R}" and the path. # Remove the space. if test x-L = "$p" || test x-R = "$p"; then prev=$p continue fi # Expand the sysroot to ease extracting the directories later. if test -z "$prev"; then case $p in -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;; -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;; -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;; esac fi case $p in =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;; esac if test no = "$pre_test_object_deps_done"; then case $prev in -L | -R) # Internal compiler library paths should come after those # provided the user. The postdeps already come after the # user supplied libs so there is no need to process them. if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then _LT_TAGVAR(compiler_lib_search_path, $1)=$prev$p else _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} $prev$p" fi ;; # The "-l" case would never come before the object being # linked, so don't bother handling this case. esac else if test -z "$_LT_TAGVAR(postdeps, $1)"; then _LT_TAGVAR(postdeps, $1)=$prev$p else _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} $prev$p" fi fi prev= ;; *.lto.$objext) ;; # Ignore GCC LTO objects *.$objext) # This assumes that the test object file only shows up # once in the compiler output. if test "$p" = "conftest.$objext"; then pre_test_object_deps_done=yes continue fi if test no = "$pre_test_object_deps_done"; then if test -z "$_LT_TAGVAR(predep_objects, $1)"; then _LT_TAGVAR(predep_objects, $1)=$p else _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p" fi else if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then _LT_TAGVAR(postdep_objects, $1)=$p else _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p" fi fi ;; *) ;; # Ignore the rest. esac done # Clean up. rm -f a.out a.exe else echo "libtool.m4: error: problem compiling $1 test program" fi $RM -f confest.$objext CFLAGS=$_lt_libdeps_save_CFLAGS # PORTME: override above test on systems where it is broken m4_if([$1], [CXX], [case $host_os in interix[[3-9]]*) # Interix 3.5 installs completely hosed .la files for C++, so rather than # hack all around it, let's just trust "g++" to DTRT. _LT_TAGVAR(predep_objects,$1)= _LT_TAGVAR(postdep_objects,$1)= _LT_TAGVAR(postdeps,$1)= ;; linux*) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 # The more standards-conforming stlport4 library is # incompatible with the Cstd library. Avoid specifying # it if it's in CXXFLAGS. Ignore libCrun as # -library=stlport4 depends on it. case " $CXX $CXXFLAGS " in *" -library=stlport4 "*) solaris_use_stlport4=yes ;; esac if test yes != "$solaris_use_stlport4"; then _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' fi ;; esac ;; solaris*) case $cc_basename in CC* | sunCC*) # The more standards-conforming stlport4 library is # incompatible with the Cstd library. Avoid specifying # it if it's in CXXFLAGS. Ignore libCrun as # -library=stlport4 depends on it. case " $CXX $CXXFLAGS " in *" -library=stlport4 "*) solaris_use_stlport4=yes ;; esac # Adding this requires a known-good setup of shared libraries for # Sun compiler versions before 5.6, else PIC objects from an old # archive will be linked into the output, leading to subtle bugs. if test yes != "$solaris_use_stlport4"; then _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' fi ;; esac ;; esac ]) case " $_LT_TAGVAR(postdeps, $1) " in *" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;; esac _LT_TAGVAR(compiler_lib_search_dirs, $1)= if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | $SED -e 's! -L! !g' -e 's!^ !!'` fi _LT_TAGDECL([], [compiler_lib_search_dirs], [1], [The directories searched by this compiler when creating a shared library]) _LT_TAGDECL([], [predep_objects], [1], [Dependencies to place before and after the objects being linked to create a shared library]) _LT_TAGDECL([], [postdep_objects], [1]) _LT_TAGDECL([], [predeps], [1]) _LT_TAGDECL([], [postdeps], [1]) _LT_TAGDECL([], [compiler_lib_search_path], [1], [The library search path used internally by the compiler when linking a shared library]) ])# _LT_SYS_HIDDEN_LIBDEPS # _LT_LANG_F77_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for a Fortran 77 compiler are # suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to 'libtool'. m4_defun([_LT_LANG_F77_CONFIG], [AC_LANG_PUSH(Fortran 77) if test -z "$F77" || test no = "$F77"; then _lt_disable_F77=yes fi _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no # Source file extension for f77 test sources. ac_ext=f # Object file extension for compiled f77 test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # No sense in running all these tests if we already determined that # the F77 compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. if test yes != "$_lt_disable_F77"; then # Code to be used in simple compile tests lt_simple_compile_test_code="\ subroutine t return end " # Code to be used in simple link tests lt_simple_link_test_code="\ program t end " # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC=$CC lt_save_GCC=$GCC lt_save_CFLAGS=$CFLAGS CC=${F77-"f77"} CFLAGS=$FFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) GCC=$G77 if test -n "$compiler"; then AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) test no = "$can_build_shared" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test yes = "$enable_shared" && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) if test ia64 != "$host_cpu" && test no = "$aix_use_runtimelinking"; then test yes = "$enable_shared" && enable_static=no fi ;; esac AC_MSG_RESULT([$enable_shared]) AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. test yes = "$enable_shared" || enable_static=yes AC_MSG_RESULT([$enable_static]) _LT_TAGVAR(GCC, $1)=$G77 _LT_TAGVAR(LD, $1)=$LD ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi # test -n "$compiler" GCC=$lt_save_GCC CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS fi # test yes != "$_lt_disable_F77" AC_LANG_POP ])# _LT_LANG_F77_CONFIG # _LT_LANG_FC_CONFIG([TAG]) # ------------------------- # Ensure that the configuration variables for a Fortran compiler are # suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to 'libtool'. m4_defun([_LT_LANG_FC_CONFIG], [AC_LANG_PUSH(Fortran) if test -z "$FC" || test no = "$FC"; then _lt_disable_FC=yes fi _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no # Source file extension for fc test sources. ac_ext=${ac_fc_srcext-f} # Object file extension for compiled fc test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # No sense in running all these tests if we already determined that # the FC compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. if test yes != "$_lt_disable_FC"; then # Code to be used in simple compile tests lt_simple_compile_test_code="\ subroutine t return end " # Code to be used in simple link tests lt_simple_link_test_code="\ program t end " # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC=$CC lt_save_GCC=$GCC lt_save_CFLAGS=$CFLAGS CC=${FC-"f95"} CFLAGS=$FCFLAGS compiler=$CC GCC=$ac_cv_fc_compiler_gnu _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) if test -n "$compiler"; then AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) test no = "$can_build_shared" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test yes = "$enable_shared" && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) if test ia64 != "$host_cpu" && test no = "$aix_use_runtimelinking"; then test yes = "$enable_shared" && enable_static=no fi ;; esac AC_MSG_RESULT([$enable_shared]) AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. test yes = "$enable_shared" || enable_static=yes AC_MSG_RESULT([$enable_static]) _LT_TAGVAR(GCC, $1)=$ac_cv_fc_compiler_gnu _LT_TAGVAR(LD, $1)=$LD ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... _LT_SYS_HIDDEN_LIBDEPS($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi # test -n "$compiler" GCC=$lt_save_GCC CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS fi # test yes != "$_lt_disable_FC" AC_LANG_POP ])# _LT_LANG_FC_CONFIG # _LT_LANG_GCJ_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for the GNU Java Compiler compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to 'libtool'. m4_defun([_LT_LANG_GCJ_CONFIG], [AC_REQUIRE([LT_PROG_GCJ])dnl AC_LANG_SAVE # Source file extension for Java test sources. ac_ext=java # Object file extension for compiled Java test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="class foo {}" # Code to be used in simple link tests lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }' # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC=$CC lt_save_CFLAGS=$CFLAGS lt_save_GCC=$GCC GCC=yes CC=${GCJ-"gcj"} CFLAGS=$GCJFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_TAGVAR(LD, $1)=$LD _LT_CC_BASENAME([$compiler]) # GCJ did not exist at the time GCC didn't implicitly link libc in. _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... if test -n "$compiler"; then _LT_COMPILER_NO_RTTI($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi AC_LANG_RESTORE GCC=$lt_save_GCC CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS ])# _LT_LANG_GCJ_CONFIG # _LT_LANG_GO_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for the GNU Go compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to 'libtool'. m4_defun([_LT_LANG_GO_CONFIG], [AC_REQUIRE([LT_PROG_GO])dnl AC_LANG_SAVE # Source file extension for Go test sources. ac_ext=go # Object file extension for compiled Go test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="package main; func main() { }" # Code to be used in simple link tests lt_simple_link_test_code='package main; func main() { }' # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC=$CC lt_save_CFLAGS=$CFLAGS lt_save_GCC=$GCC GCC=yes CC=${GOC-"gccgo"} CFLAGS=$GOFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_TAGVAR(LD, $1)=$LD _LT_CC_BASENAME([$compiler]) # Go did not exist at the time GCC didn't implicitly link libc in. _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... if test -n "$compiler"; then _LT_COMPILER_NO_RTTI($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi AC_LANG_RESTORE GCC=$lt_save_GCC CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS ])# _LT_LANG_GO_CONFIG # _LT_LANG_RC_CONFIG([TAG]) # ------------------------- # Ensure that the configuration variables for the Windows resource compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to 'libtool'. m4_defun([_LT_LANG_RC_CONFIG], [AC_REQUIRE([LT_PROG_RC])dnl AC_LANG_SAVE # Source file extension for RC test sources. ac_ext=rc # Object file extension for compiled RC test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }' # Code to be used in simple link tests lt_simple_link_test_code=$lt_simple_compile_test_code # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC=$CC lt_save_CFLAGS=$CFLAGS lt_save_GCC=$GCC GCC= CC=${RC-"windres"} CFLAGS= compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes if test -n "$compiler"; then : _LT_CONFIG($1) fi GCC=$lt_save_GCC AC_LANG_RESTORE CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS ])# _LT_LANG_RC_CONFIG # LT_PROG_GCJ # ----------- AC_DEFUN([LT_PROG_GCJ], [m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ], [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ], [AC_CHECK_TOOL(GCJ, gcj,) test set = "${GCJFLAGS+set}" || GCJFLAGS="-g -O2" AC_SUBST(GCJFLAGS)])])[]dnl ]) # Old name: AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([LT_AC_PROG_GCJ], []) # LT_PROG_GO # ---------- AC_DEFUN([LT_PROG_GO], [AC_CHECK_TOOL(GOC, gccgo,) ]) # LT_PROG_RC # ---------- AC_DEFUN([LT_PROG_RC], [AC_CHECK_TOOL(RC, windres,) ]) # Old name: AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([LT_AC_PROG_RC], []) # _LT_DECL_EGREP # -------------- # If we don't have a new enough Autoconf to choose the best grep # available, choose the one first in the user's PATH. m4_defun([_LT_DECL_EGREP], [AC_REQUIRE([AC_PROG_EGREP])dnl AC_REQUIRE([AC_PROG_FGREP])dnl test -z "$GREP" && GREP=grep _LT_DECL([], [GREP], [1], [A grep program that handles long lines]) _LT_DECL([], [EGREP], [1], [An ERE matcher]) _LT_DECL([], [FGREP], [1], [A literal string matcher]) dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too AC_SUBST([GREP]) ]) # _LT_DECL_OBJDUMP # -------------- # If we don't have a new enough Autoconf to choose the best objdump # available, choose the one first in the user's PATH. m4_defun([_LT_DECL_OBJDUMP], [AC_CHECK_TOOL(OBJDUMP, objdump, false) test -z "$OBJDUMP" && OBJDUMP=objdump _LT_DECL([], [OBJDUMP], [1], [An object symbol dumper]) AC_SUBST([OBJDUMP]) ]) # _LT_DECL_DLLTOOL # ---------------- # Ensure DLLTOOL variable is set. m4_defun([_LT_DECL_DLLTOOL], [AC_CHECK_TOOL(DLLTOOL, dlltool, false) test -z "$DLLTOOL" && DLLTOOL=dlltool _LT_DECL([], [DLLTOOL], [1], [DLL creation program]) AC_SUBST([DLLTOOL]) ]) # _LT_DECL_SED # ------------ # Check for a fully-functional sed program, that truncates # as few characters as possible. Prefer GNU sed if found. m4_defun([_LT_DECL_SED], [AC_PROG_SED test -z "$SED" && SED=sed Xsed="$SED -e 1s/^X//" _LT_DECL([], [SED], [1], [A sed program that does not truncate output]) _LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"], [Sed that helps us avoid accidentally triggering echo(1) options like -n]) ])# _LT_DECL_SED m4_ifndef([AC_PROG_SED], [ ############################################################ # NOTE: This macro has been submitted for inclusion into # # GNU Autoconf as AC_PROG_SED. When it is available in # # a released version of Autoconf we should remove this # # macro and use it instead. # ############################################################ m4_defun([AC_PROG_SED], [AC_MSG_CHECKING([for a sed that does not truncate output]) AC_CACHE_VAL(lt_cv_path_SED, [# Loop through the user's path and test for sed and gsed. # Then use that list of sed's as ones to test for truncation. as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for lt_ac_prog in sed gsed; do for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" fi done done done IFS=$as_save_IFS lt_ac_max=0 lt_ac_count=0 # Add /usr/xpg4/bin/sed as it is typically found on Solaris # along with /bin/sed that truncates output. for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do test ! -f "$lt_ac_sed" && continue cat /dev/null > conftest.in lt_ac_count=0 echo $ECHO_N "0123456789$ECHO_C" >conftest.in # Check for GNU sed and select it if it is found. if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then lt_cv_path_SED=$lt_ac_sed break fi while true; do cat conftest.in conftest.in >conftest.tmp mv conftest.tmp conftest.in cp conftest.in conftest.nl echo >>conftest.nl $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break cmp -s conftest.out conftest.nl || break # 10000 chars as input seems more than enough test 10 -lt "$lt_ac_count" && break lt_ac_count=`expr $lt_ac_count + 1` if test "$lt_ac_count" -gt "$lt_ac_max"; then lt_ac_max=$lt_ac_count lt_cv_path_SED=$lt_ac_sed fi done done ]) SED=$lt_cv_path_SED AC_SUBST([SED]) AC_MSG_RESULT([$SED]) ])#AC_PROG_SED ])#m4_ifndef # Old name: AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([LT_AC_PROG_SED], []) # _LT_CHECK_SHELL_FEATURES # ------------------------ # Find out whether the shell is Bourne or XSI compatible, # or has some other useful features. m4_defun([_LT_CHECK_SHELL_FEATURES], [if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then lt_unset=unset else lt_unset=false fi _LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl # test EBCDIC or ASCII case `echo X|tr X '\101'` in A) # ASCII based system # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr lt_SP2NL='tr \040 \012' lt_NL2SP='tr \015\012 \040\040' ;; *) # EBCDIC based system lt_SP2NL='tr \100 \n' lt_NL2SP='tr \r\n \100\100' ;; esac _LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl _LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl ])# _LT_CHECK_SHELL_FEATURES # _LT_PATH_CONVERSION_FUNCTIONS # ----------------------------- # Determine what file name conversion functions should be used by # func_to_host_file (and, implicitly, by func_to_host_path). These are needed # for certain cross-compile configurations and native mingw. m4_defun([_LT_PATH_CONVERSION_FUNCTIONS], [AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl AC_MSG_CHECKING([how to convert $build file names to $host format]) AC_CACHE_VAL(lt_cv_to_host_file_cmd, [case $host in *-*-mingw* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 ;; *-*-cygwin* ) lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 ;; * ) # otherwise, assume *nix lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 ;; esac ;; *-*-cygwin* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin ;; *-*-cygwin* ) lt_cv_to_host_file_cmd=func_convert_file_noop ;; * ) # otherwise, assume *nix lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin ;; esac ;; * ) # unhandled hosts (and "normal" native builds) lt_cv_to_host_file_cmd=func_convert_file_noop ;; esac ]) to_host_file_cmd=$lt_cv_to_host_file_cmd AC_MSG_RESULT([$lt_cv_to_host_file_cmd]) _LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd], [0], [convert $build file names to $host format])dnl AC_MSG_CHECKING([how to convert $build file names to toolchain format]) AC_CACHE_VAL(lt_cv_to_tool_file_cmd, [#assume ordinary cross tools, or native build. lt_cv_to_tool_file_cmd=func_convert_file_noop case $host in *-*-mingw* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 ;; esac ;; esac ]) to_tool_file_cmd=$lt_cv_to_tool_file_cmd AC_MSG_RESULT([$lt_cv_to_tool_file_cmd]) _LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd], [0], [convert $build files to toolchain format])dnl ])# _LT_PATH_CONVERSION_FUNCTIONS sudo-1.8.9p5/m4/ltoptions.m4010064400175440000012000000277531227416652300152070ustar00millertstaff# Helper functions for option handling. -*- Autoconf -*- # # Copyright (C) 2004-2005, 2007-2009, 2011-2013 Free Software # Foundation, Inc. # Written by Gary V. Vaughan, 2004 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # serial 8 ltoptions.m4 # This is to help aclocal find these macros, as it can't see m4_define. AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])]) # _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME) # ------------------------------------------ m4_define([_LT_MANGLE_OPTION], [[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])]) # _LT_SET_OPTION(MACRO-NAME, OPTION-NAME) # --------------------------------------- # Set option OPTION-NAME for macro MACRO-NAME, and if there is a # matching handler defined, dispatch to it. Other OPTION-NAMEs are # saved as a flag. m4_define([_LT_SET_OPTION], [m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]), _LT_MANGLE_DEFUN([$1], [$2]), [m4_warning([Unknown $1 option '$2'])])[]dnl ]) # _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET]) # ------------------------------------------------------------ # Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. m4_define([_LT_IF_OPTION], [m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])]) # _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET) # ------------------------------------------------------- # Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME # are set. m4_define([_LT_UNLESS_OPTIONS], [m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option), [m4_define([$0_found])])])[]dnl m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3 ])[]dnl ]) # _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST) # ---------------------------------------- # OPTION-LIST is a space-separated list of Libtool options associated # with MACRO-NAME. If any OPTION has a matching handler declared with # LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about # the unknown option and exit. m4_defun([_LT_SET_OPTIONS], [# Set options m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), [_LT_SET_OPTION([$1], _LT_Option)]) m4_if([$1],[LT_INIT],[ dnl dnl Simply set some default values (i.e off) if boolean options were not dnl specified: _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no ]) _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no ]) dnl dnl If no reference was made to various pairs of opposing options, then dnl we run the default mode handler for the pair. For example, if neither dnl 'shared' nor 'disable-shared' was passed, we enable building of shared dnl archives by default: _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED]) _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC]) _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC]) _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install], [_LT_ENABLE_FAST_INSTALL]) ]) ])# _LT_SET_OPTIONS ## --------------------------------- ## ## Macros to handle LT_INIT options. ## ## --------------------------------- ## # _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME) # ----------------------------------------- m4_define([_LT_MANGLE_DEFUN], [[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])]) # LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE) # ----------------------------------------------- m4_define([LT_OPTION_DEFINE], [m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl ])# LT_OPTION_DEFINE # dlopen # ------ LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes ]) AU_DEFUN([AC_LIBTOOL_DLOPEN], [_LT_SET_OPTION([LT_INIT], [dlopen]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the 'dlopen' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], []) # win32-dll # --------- # Declare package support for building win32 dll's. LT_OPTION_DEFINE([LT_INIT], [win32-dll], [enable_win32_dll=yes case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*) AC_CHECK_TOOL(AS, as, false) AC_CHECK_TOOL(DLLTOOL, dlltool, false) AC_CHECK_TOOL(OBJDUMP, objdump, false) ;; esac test -z "$AS" && AS=as _LT_DECL([], [AS], [1], [Assembler program])dnl test -z "$DLLTOOL" && DLLTOOL=dlltool _LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl test -z "$OBJDUMP" && OBJDUMP=objdump _LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl ])# win32-dll AU_DEFUN([AC_LIBTOOL_WIN32_DLL], [AC_REQUIRE([AC_CANONICAL_HOST])dnl _LT_SET_OPTION([LT_INIT], [win32-dll]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the 'win32-dll' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], []) # _LT_ENABLE_SHARED([DEFAULT]) # ---------------------------- # implement the --enable-shared flag, and supports the 'shared' and # 'disable-shared' LT_INIT options. # DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'. m4_define([_LT_ENABLE_SHARED], [m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([shared], [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@], [build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])], [p=${PACKAGE-default} case $enableval in yes) enable_shared=yes ;; no) enable_shared=no ;; *) enable_shared=no # Look at the argument we got. We use all the common list separators. lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for pkg in $enableval; do IFS=$lt_save_ifs if test "X$pkg" = "X$p"; then enable_shared=yes fi done IFS=$lt_save_ifs ;; esac], [enable_shared=]_LT_ENABLE_SHARED_DEFAULT) _LT_DECL([build_libtool_libs], [enable_shared], [0], [Whether or not to build shared libraries]) ])# _LT_ENABLE_SHARED LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])]) LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])]) # Old names: AC_DEFUN([AC_ENABLE_SHARED], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared]) ]) AC_DEFUN([AC_DISABLE_SHARED], [_LT_SET_OPTION([LT_INIT], [disable-shared]) ]) AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)]) AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AM_ENABLE_SHARED], []) dnl AC_DEFUN([AM_DISABLE_SHARED], []) # _LT_ENABLE_STATIC([DEFAULT]) # ---------------------------- # implement the --enable-static flag, and support the 'static' and # 'disable-static' LT_INIT options. # DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'. m4_define([_LT_ENABLE_STATIC], [m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([static], [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@], [build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])], [p=${PACKAGE-default} case $enableval in yes) enable_static=yes ;; no) enable_static=no ;; *) enable_static=no # Look at the argument we got. We use all the common list separators. lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for pkg in $enableval; do IFS=$lt_save_ifs if test "X$pkg" = "X$p"; then enable_static=yes fi done IFS=$lt_save_ifs ;; esac], [enable_static=]_LT_ENABLE_STATIC_DEFAULT) _LT_DECL([build_old_libs], [enable_static], [0], [Whether or not to build static libraries]) ])# _LT_ENABLE_STATIC LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])]) LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])]) # Old names: AC_DEFUN([AC_ENABLE_STATIC], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static]) ]) AC_DEFUN([AC_DISABLE_STATIC], [_LT_SET_OPTION([LT_INIT], [disable-static]) ]) AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)]) AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AM_ENABLE_STATIC], []) dnl AC_DEFUN([AM_DISABLE_STATIC], []) # _LT_ENABLE_FAST_INSTALL([DEFAULT]) # ---------------------------------- # implement the --enable-fast-install flag, and support the 'fast-install' # and 'disable-fast-install' LT_INIT options. # DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'. m4_define([_LT_ENABLE_FAST_INSTALL], [m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([fast-install], [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@], [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])], [p=${PACKAGE-default} case $enableval in yes) enable_fast_install=yes ;; no) enable_fast_install=no ;; *) enable_fast_install=no # Look at the argument we got. We use all the common list separators. lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for pkg in $enableval; do IFS=$lt_save_ifs if test "X$pkg" = "X$p"; then enable_fast_install=yes fi done IFS=$lt_save_ifs ;; esac], [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT) _LT_DECL([fast_install], [enable_fast_install], [0], [Whether or not to optimize for fast installation])dnl ])# _LT_ENABLE_FAST_INSTALL LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])]) LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])]) # Old names: AU_DEFUN([AC_ENABLE_FAST_INSTALL], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the 'fast-install' option into LT_INIT's first parameter.]) ]) AU_DEFUN([AC_DISABLE_FAST_INSTALL], [_LT_SET_OPTION([LT_INIT], [disable-fast-install]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the 'disable-fast-install' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], []) dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], []) # _LT_WITH_PIC([MODE]) # -------------------- # implement the --with-pic flag, and support the 'pic-only' and 'no-pic' # LT_INIT options. # MODE is either 'yes' or 'no'. If omitted, it defaults to 'both'. m4_define([_LT_WITH_PIC], [AC_ARG_WITH([pic], [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@], [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], [lt_p=${PACKAGE-default} case $withval in yes|no) pic_mode=$withval ;; *) pic_mode=default # Look at the argument we got. We use all the common list separators. lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for lt_pkg in $withval; do IFS=$lt_save_ifs if test "X$lt_pkg" = "X$lt_p"; then pic_mode=yes fi done IFS=$lt_save_ifs ;; esac], [pic_mode=m4_default([$1], [default])]) _LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl ])# _LT_WITH_PIC LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])]) LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])]) # Old name: AU_DEFUN([AC_LIBTOOL_PICMODE], [_LT_SET_OPTION([LT_INIT], [pic-only]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the 'pic-only' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_PICMODE], []) ## ----------------- ## ## LTDL_INIT Options ## ## ----------------- ## m4_define([_LTDL_MODE], []) LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive], [m4_define([_LTDL_MODE], [nonrecursive])]) LT_OPTION_DEFINE([LTDL_INIT], [recursive], [m4_define([_LTDL_MODE], [recursive])]) LT_OPTION_DEFINE([LTDL_INIT], [subproject], [m4_define([_LTDL_MODE], [subproject])]) m4_define([_LTDL_TYPE], []) LT_OPTION_DEFINE([LTDL_INIT], [installable], [m4_define([_LTDL_TYPE], [installable])]) LT_OPTION_DEFINE([LTDL_INIT], [convenience], [m4_define([_LTDL_TYPE], [convenience])]) sudo-1.8.9p5/m4/ltsugar.m4010064400175440000012000000104401227416652300146160ustar00millertstaff# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*- # # Copyright (C) 2004-2005, 2007-2008, 2011-2013 Free Software # Foundation, Inc. # Written by Gary V. Vaughan, 2004 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # serial 6 ltsugar.m4 # This is to help aclocal find these macros, as it can't see m4_define. AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])]) # lt_join(SEP, ARG1, [ARG2...]) # ----------------------------- # Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their # associated separator. # Needed until we can rely on m4_join from Autoconf 2.62, since all earlier # versions in m4sugar had bugs. m4_define([lt_join], [m4_if([$#], [1], [], [$#], [2], [[$2]], [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])]) m4_define([_lt_join], [m4_if([$#$2], [2], [], [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])]) # lt_car(LIST) # lt_cdr(LIST) # ------------ # Manipulate m4 lists. # These macros are necessary as long as will still need to support # Autoconf-2.59, which quotes differently. m4_define([lt_car], [[$1]]) m4_define([lt_cdr], [m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])], [$#], 1, [], [m4_dquote(m4_shift($@))])]) m4_define([lt_unquote], $1) # lt_append(MACRO-NAME, STRING, [SEPARATOR]) # ------------------------------------------ # Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'. # Note that neither SEPARATOR nor STRING are expanded; they are appended # to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked). # No SEPARATOR is output if MACRO-NAME was previously undefined (different # than defined and empty). # # This macro is needed until we can rely on Autoconf 2.62, since earlier # versions of m4sugar mistakenly expanded SEPARATOR but not STRING. m4_define([lt_append], [m4_define([$1], m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])]) # lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...]) # ---------------------------------------------------------- # Produce a SEP delimited list of all paired combinations of elements of # PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list # has the form PREFIXmINFIXSUFFIXn. # Needed until we can rely on m4_combine added in Autoconf 2.62. m4_define([lt_combine], [m4_if(m4_eval([$# > 3]), [1], [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl [[m4_foreach([_Lt_prefix], [$2], [m4_foreach([_Lt_suffix], ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[, [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])]) # lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ]) # ----------------------------------------------------------------------- # Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited # by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ. m4_define([lt_if_append_uniq], [m4_ifdef([$1], [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1], [lt_append([$1], [$2], [$3])$4], [$5])], [lt_append([$1], [$2], [$3])$4])]) # lt_dict_add(DICT, KEY, VALUE) # ----------------------------- m4_define([lt_dict_add], [m4_define([$1($2)], [$3])]) # lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE) # -------------------------------------------- m4_define([lt_dict_add_subkey], [m4_define([$1($2:$3)], [$4])]) # lt_dict_fetch(DICT, KEY, [SUBKEY]) # ---------------------------------- m4_define([lt_dict_fetch], [m4_ifval([$3], m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]), m4_ifdef([$1($2)], [m4_defn([$1($2)])]))]) # lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE]) # ----------------------------------------------------------------- m4_define([lt_if_dict_fetch], [m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4], [$5], [$6])]) # lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...]) # -------------------------------------------------------------- m4_define([lt_dict_filter], [m4_if([$5], [], [], [lt_join(m4_quote(m4_default([$4], [[, ]])), lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]), [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl ]) sudo-1.8.9p5/m4/ltversion.m4010064400175440000012000000013131227416652300151610ustar00millertstaff# ltversion.m4 -- version numbers -*- Autoconf -*- # # Copyright (C) 2004, 2011-2013 Free Software Foundation, Inc. # Written by Scott James Remnant, 2004 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # @configure_input@ # serial 4038 ltversion.m4 # This file is part of GNU Libtool m4_define([LT_PACKAGE_VERSION], [2.4.2.418]) m4_define([LT_PACKAGE_REVISION], [2.4.2.418]) AC_DEFUN([LTVERSION_VERSION], [macro_version='2.4.2.418' macro_revision='2.4.2.418' _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) _LT_DECL(, macro_revision, 0) ]) sudo-1.8.9p5/m4/lt~obsolete.m4010064400175440000012000000137741227416652300155240ustar00millertstaff# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- # # Copyright (C) 2004-2005, 2007, 2009, 2011-2013 Free Software # Foundation, Inc. # Written by Scott James Remnant, 2004. # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # serial 5 lt~obsolete.m4 # These exist entirely to fool aclocal when bootstrapping libtool. # # In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN), # which have later been changed to m4_define as they aren't part of the # exported API, or moved to Autoconf or Automake where they belong. # # The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN # in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us # using a macro with the same name in our local m4/libtool.m4 it'll # pull the old libtool.m4 in (it doesn't see our shiny new m4_define # and doesn't know about Autoconf macros at all.) # # So we provide this file, which has a silly filename so it's always # included after everything else. This provides aclocal with the # AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything # because those macros already exist, or will be overwritten later. # We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6. # # Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here. # Yes, that means every name once taken will need to remain here until # we give up compatibility with versions before 1.7, at which point # we need to keep only those names which we still refer to. # This is to help aclocal find these macros, as it can't see m4_define. AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])]) m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])]) m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])]) m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])]) m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])]) m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])]) m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])]) m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])]) m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])]) m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])]) m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])]) m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])]) m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])]) m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])]) m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])]) m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])]) m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])]) m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])]) m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])]) m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])]) m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])]) m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])]) m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])]) m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])]) m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])]) m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])]) m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])]) m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])]) m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])]) m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])]) m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])]) m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])]) m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])]) m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])]) m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])]) m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])]) m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])]) m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])]) m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])]) m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])]) m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])]) m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])]) m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])]) m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])]) m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])]) m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])]) m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])]) m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])]) m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])]) m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])]) m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])]) m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS], [AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])]) m4_ifndef([_LT_AC_PROG_CXXCPP], [AC_DEFUN([_LT_AC_PROG_CXXCPP])]) m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS], [AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])]) m4_ifndef([_LT_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])]) m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])]) m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])]) m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])]) sudo-1.8.9p5/m4/sudo.m4010064400175440000012000000252761226304126400141140ustar00millertstaffdnl Local m4 macros for autoconf (used by sudo) dnl dnl Copyright (c) 1994-1996, 1998-2005, 2007-2013 dnl Todd C. Miller dnl dnl XXX - should cache values in all cases!!! dnl dnl checks for programs dnl dnl check for sendmail in well-known locations dnl AC_DEFUN([SUDO_PROG_SENDMAIL], [AC_MSG_CHECKING([for sendmail]) found=no for p in "/usr/sbin/sendmail" "/usr/lib/sendmail" "/usr/etc/sendmail" "/usr/ucblib/sendmail" "/usr/local/lib/sendmail" "/usr/local/bin/sendmail"; do if test -f "$p"; then found=yes AC_MSG_RESULT([$p]) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$p") break fi done if test X"$found" != X"yes"; then AC_MSG_RESULT([not found]) fi ])dnl dnl dnl check for vi in well-known locations dnl AC_DEFUN([SUDO_PROG_VI], [AC_MSG_CHECKING([for vi]) found=no for editor in "/usr/bin/vi" "/bin/vi" "/usr/ucb/vi" "/usr/bsd/vi" "/usr/local/bin/vi"; do if test -f "$editor"; then found=yes AC_MSG_RESULT([$editor]) SUDO_DEFINE_UNQUOTED(_PATH_VI, "$editor") break fi done if test X"$found" != X"yes"; then AC_MSG_RESULT([not found]) fi ])dnl dnl dnl check for mv in well-known locations dnl AC_DEFUN([SUDO_PROG_MV], [AC_MSG_CHECKING([for mv]) found=no for p in "/usr/bin/mv" "/bin/mv" "/usr/ucb/mv" "/usr/sbin/mv"; do if test -f "$p"; then found=yes AC_MSG_RESULT([$p]) SUDO_DEFINE_UNQUOTED(_PATH_MV, "$p") break fi done if test X"$found" != X"yes"; then AC_MSG_RESULT([not found]) fi ])dnl dnl dnl check for bourne shell in well-known locations dnl AC_DEFUN([SUDO_PROG_BSHELL], [AC_MSG_CHECKING([for bourne shell]) found=no for p in "/bin/sh" "/usr/bin/sh" "/sbin/sh" "/usr/sbin/sh" "/bin/ksh" "/usr/bin/ksh" "/bin/bash" "/usr/bin/bash"; do if test -f "$p"; then found=yes AC_MSG_RESULT([$p]) SUDO_DEFINE_UNQUOTED(_PATH_BSHELL, "$p") break fi done if test X"$found" != X"yes"; then AC_MSG_RESULT([not found]) fi ])dnl dnl dnl check for utmp file dnl AC_DEFUN([SUDO_PATH_UTMP], [AC_MSG_CHECKING([for utmp file path]) found=no for p in "/var/run/utmp" "/var/adm/utmp" "/etc/utmp"; do if test -r "$p"; then found=yes AC_MSG_RESULT([$p]) SUDO_DEFINE_UNQUOTED(_PATH_UTMP, "$p") break fi done if test X"$found" != X"yes"; then AC_MSG_RESULT([not found]) fi ])dnl dnl dnl Where the log file goes, use /var/log if it exists, else /{var,usr}/adm dnl AC_DEFUN([SUDO_LOGFILE], [AC_MSG_CHECKING(for log file location) if test -n "$with_logpath"; then AC_MSG_RESULT($with_logpath) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_LOGFILE, "$with_logpath") elif test -d "/var/log"; then AC_MSG_RESULT(/var/log/sudo.log) SUDO_DEFINE(_PATH_SUDO_LOGFILE, "/var/log/sudo.log") elif test -d "/var/adm"; then AC_MSG_RESULT(/var/adm/sudo.log) SUDO_DEFINE(_PATH_SUDO_LOGFILE, "/var/adm/sudo.log") elif test -d "/usr/adm"; then AC_MSG_RESULT(/usr/adm/sudo.log) SUDO_DEFINE(_PATH_SUDO_LOGFILE, "/usr/adm/sudo.log") else AC_MSG_RESULT(unknown, you will have to set _PATH_SUDO_LOGFILE by hand) fi ])dnl dnl dnl Where the timestamp files go. dnl AC_DEFUN([SUDO_TIMEDIR], [AC_MSG_CHECKING(for timestamp file location) timedir="$with_timedir" if test -z "$timedir"; then for d in /var/db /var/lib /var/adm /usr/adm; do if test -d "$d"; then timedir="$d/sudo" break fi done fi AC_MSG_RESULT([$timedir]) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_TIMEDIR, "$timedir") ])dnl dnl dnl Where the I/O log files go, use /var/log/sudo-io if dnl /var/log exists, else /{var,usr}/adm/sudo-io dnl AC_DEFUN([SUDO_IO_LOGDIR], [ AC_MSG_CHECKING(for I/O log dir location) if test "${with_iologdir-yes}" != "yes"; then iolog_dir="$with_iologdir" elif test -d "/var/log"; then iolog_dir="/var/log/sudo-io" elif test -d "/var/adm"; then iolog_dir="/var/adm/sudo-io" else iolog_dir="/usr/adm/sudo-io" fi if test "${with_iologdir}" != "no"; then SUDO_DEFINE_UNQUOTED(_PATH_SUDO_IO_LOGDIR, "$iolog_dir") fi AC_MSG_RESULT($iolog_dir) ])dnl dnl dnl check for working fnmatch(3) dnl AC_DEFUN([SUDO_FUNC_FNMATCH], [AC_MSG_CHECKING([for working fnmatch with FNM_CASEFOLD]) AC_CACHE_VAL(sudo_cv_func_fnmatch, [rm -f conftestdata; > conftestdata AC_RUN_IFELSE([AC_LANG_SOURCE([[#include main() { exit(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", FNM_CASEFOLD)); }]])], [sudo_cv_func_fnmatch=yes], [sudo_cv_func_fnmatch=no], [sudo_cv_func_fnmatch=no]) rm -f core core.* *.core]) AC_MSG_RESULT($sudo_cv_func_fnmatch) AS_IF([test $sudo_cv_func_fnmatch = yes], [$1], [$2])]) dnl dnl Attempt to check for working PIE support. dnl This is a bit of a hack but on Solaris 10 with GNU ld and GNU as dnl we can end up with strange values from malloc(). dnl A better check would be to verify that ASLR works with PIE. dnl AC_DEFUN([SUDO_WORKING_PIE], [AC_MSG_CHECKING([for working PIE support]) AC_CACHE_VAL(sudo_cv_working_pie, [rm -f conftestdata; > conftestdata AC_RUN_IFELSE([AC_LANG_SOURCE([AC_INCLUDES_DEFAULT main() { char *p = malloc(1024); if (p == NULL) return 1; memset(p, 0, 1024); return 0; }])], [sudo_cv_working_pie=yes], [sudo_cv_working_pie=no], [sudo_cv_working_pie=no]) rm -f core core.* *.core]) AC_MSG_RESULT($sudo_cv_working_pie) AS_IF([test $sudo_cv_working_pie = yes], [$1], [$2])]) dnl dnl check for isblank(3) dnl AC_DEFUN([SUDO_FUNC_ISBLANK], [AC_CACHE_CHECK([for isblank], [sudo_cv_func_isblank], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[return (isblank('a'));]])], [sudo_cv_func_isblank=yes], [sudo_cv_func_isblank=no])]) ] [ if test "$sudo_cv_func_isblank" = "yes"; then AC_DEFINE(HAVE_ISBLANK, 1, [Define if you have isblank(3).]) else AC_LIBOBJ(isblank) fi ]) AC_DEFUN([SUDO_CHECK_LIB], [ _sudo_check_lib_extras=`echo "$5"|sed -e 's/[ ]*//g' -e 's/-l/_/g'` AC_MSG_CHECKING([for $2 in -l$1${5+ }$5]) AC_CACHE_VAL([sudo_cv_lib_$1''_$2$_sudo_check_lib_extras], [ SUDO_CHECK_LIB_OLIBS="$LIBS" LIBS="$LIBS -l$1${5+ }$5" AC_LINK_IFELSE( [AC_LANG_CALL([], [$2])], [eval sudo_cv_lib_$1''_$2$_sudo_check_lib_extras=yes], [eval sudo_cv_lib_$1''_$2$_sudo_check_lib_extras=no] ) LIBS="$SUDO_CHECK_LIB_OLIBS" ]) if eval test \$sudo_cv_lib_$1''_$2$_sudo_check_lib_extras = "yes"; then AC_MSG_RESULT([yes]) $3 else AC_MSG_RESULT([no]) $4 fi ]) dnl dnl check unsetenv() return value dnl AC_DEFUN([SUDO_FUNC_UNSETENV_VOID], [AC_CACHE_CHECK([whether unsetenv returns void], [sudo_cv_func_unsetenv_void], [AC_RUN_IFELSE([AC_LANG_PROGRAM( [AC_INCLUDES_DEFAULT int unsetenv(); ], [ [return unsetenv("FOO") != 0;] ]) ], [sudo_cv_func_unsetenv_void=no], [sudo_cv_func_unsetenv_void=yes], [sudo_cv_func_unsetenv_void=no])]) if test $sudo_cv_func_unsetenv_void = yes; then AC_DEFINE(UNSETENV_VOID, 1, [Define to 1 if the `unsetenv' function returns void instead of `int'.]) fi ]) dnl dnl check putenv() argument for const dnl AC_DEFUN([SUDO_FUNC_PUTENV_CONST], [AC_CACHE_CHECK([whether putenv takes a const argument], sudo_cv_func_putenv_const, [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT int putenv(const char *string) {return 0;}], [])], [sudo_cv_func_putenv_const=yes], [sudo_cv_func_putenv_const=no]) ]) if test $sudo_cv_func_putenv_const = yes; then AC_DEFINE(PUTENV_CONST, const, [Define to const if the `putenv' takes a const argument.]) else AC_DEFINE(PUTENV_CONST, []) fi ]) dnl dnl check for sa_len field in struct sockaddr dnl AC_DEFUN([SUDO_SOCK_SA_LEN], [ AC_CHECK_MEMBER([struct sockaddr.sa_len], [AC_DEFINE(HAVE_STRUCT_SOCKADDR_SA_LEN, 1, [Define if your struct sockaddr has an sa_len field.])], [], [ # include # include ] )] ) dnl dnl check for sin_len field in struct sockaddr_in dnl AC_DEFUN([SUDO_SOCK_SIN_LEN], [ AC_CHECK_MEMBER([struct sockaddr_in.sin_len], [AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN_SIN_LEN, 1, [Define if your struct sockaddr_in has a sin_len field.])], [], [ # include # include ] )] ) dnl dnl check for max length of uid_t in string representation. dnl we can't really trust UID_MAX or MAXUID since they may exist dnl only for backwards compatibility. dnl AC_DEFUN([SUDO_UID_T_LEN], [AC_REQUIRE([AC_TYPE_UID_T]) AC_MSG_CHECKING(max length of uid_t) AC_CACHE_VAL(sudo_cv_uid_t_len, [rm -f conftestdata AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include #include #include #include #include main() { FILE *f; char b[1024]; uid_t u = (uid_t) -1; if ((f = fopen("conftestdata", "w")) == NULL) exit(1); (void) sprintf(b, "%lu", (unsigned long) u); (void) fprintf(f, "%d\n", strlen(b)); (void) fclose(f); exit(0); }]])], [sudo_cv_uid_t_len=`cat conftestdata`], [sudo_cv_uid_t_len=10], [sudo_cv_uid_t_len=10]) ]) rm -f conftestdata AC_MSG_RESULT($sudo_cv_uid_t_len) AC_DEFINE_UNQUOTED(MAX_UID_T_LEN, $sudo_cv_uid_t_len, [Define to the max length of a uid_t in string context (excluding the NUL).]) ]) dnl dnl Append a libpath to an LDFLAGS style variable if not already present. dnl Also appends to the _R version unless rpath is disabled. dnl AC_DEFUN([SUDO_APPEND_LIBPATH], [ case "${$1}" in *"-L$2"|*"-L$2 ") ;; *) $1="${$1} -L$2" if test X"$enable_rpath" = X"yes"; then $1_R="${$1_R} -R$2" fi ;; esac ]) dnl dnl Append a directory to CPPFLAGS if not already present. dnl AC_DEFUN([SUDO_APPEND_CPPFLAGS], [ case "${CPPFLAGS}" in *"$1"|*"$1 ") ;; *) if test X"${CPPFLAGS}" = X""; then CPPFLAGS="$1" else CPPFLAGS="${CPPFLAGS} $1" fi ;; esac ]) dnl dnl Determine the mail spool location dnl NOTE: must be run *after* check for paths.h dnl AC_DEFUN([SUDO_MAILDIR], [ maildir=no if test X"$ac_cv_header_paths_h" = X"yes"; then AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT #include ], [char *p = _PATH_MAILDIR;])], [maildir=yes], []) fi if test $maildir = no; then # Solaris has maillock.h which defines MAILDIR AC_CHECK_HEADERS(maillock.h, [ SUDO_DEFINE(_PATH_MAILDIR, MAILDIR) maildir=yes ]) if test $maildir = no; then for d in /var/mail /var/spool/mail /usr/spool/mail; do if test -d "$d"; then maildir=yes SUDO_DEFINE_UNQUOTED(_PATH_MAILDIR, "$d") break fi done if test $maildir = no; then # unable to find mail dir, hope for the best SUDO_DEFINE_UNQUOTED(_PATH_MAILDIR, "/var/mail") fi fi fi ]) dnl dnl private versions of AC_DEFINE and AC_DEFINE_UNQUOTED that don't support dnl tracing that we use to define paths for pathnames.h so autoheader doesn't dnl put them in config.h.in. An awful hack. dnl m4_define([SUDO_DEFINE], [cat >>confdefs.h <<\EOF [@%:@define] $1 m4_if($#, 2, [$2], $#, 3, [$2], 1) EOF ]) m4_define([SUDO_DEFINE_UNQUOTED], [cat >>confdefs.h < # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # use File::Temp qw/ :mktemp /; use Fcntl; use warnings; die "usage: $0 Makefile ...\n" unless $#ARGV >= 0; my @incpaths; my %dir_vars; my %implicit; my %generated; # Read in MANIFEST fail if present my %manifest; if (open(MANIFEST, ") { chomp; next unless /([^\/]+\.[cly])$/; $manifest{$1} = $_; } } foreach (@ARGV) { mkdep($_); } sub mkdep { my $file = $_[0]; $file =~ s:^\./+::; # strip off leading ./ my $makefile; if (open(MF, "<$file")) { local $/; # enable "slurp" mode $makefile = ; } else { warn "$0: $file: $!\n"; return undef; } close(MF); # New makefile, minus the autogenerated dependencies my $separator = "# Autogenerated dependencies, do not modify"; my $new_makefile = $makefile; $new_makefile =~ s/${separator}.*$//s; $new_makefile .= "$separator\n"; # Old makefile, join lines with continuation characters $makefile =~ s/\\\n//mg; # Expand some configure bits $makefile =~ s:\@DEV\@::g; $makefile =~ s:\@COMMON_OBJS\@:aix.lo event_poll.lo event_select.lo:; $makefile =~ s:\@SUDO_OBJS\@:openbsd.o preload.o selinux.o sesh.o solaris.o sudo_noexec.lo:; $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo sssd.lo:; # XXX - fill in AUTH_OBJS from contents of the auth dir instead $makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:; $makefile =~ s:\@LTLIBOBJS\@:closefrom.lo fnmatch.lo getaddrinfo.lo getcwd.lo getgrouplist.lo getline.lo getopt_long.lo glob.lo isblank.lo memrchr.lo memset_s.lo mksiglist.lo mksigname.lo mktemp.lo pw_dup.lo sig2str.lo siglist.lo signame.lo snprintf.lo strlcat.lo strlcpy.lo strsignal.lo strtonum.lo utimes.lo globtest.o fnm_test.o:; # Parse OBJS lines my %objs; while ($makefile =~ /^[A-Z0-9_]*OBJS\s*=\s*(.*)/mg) { foreach (split/\s+/, $1) { next if /^\$[\(\{].*[\)\}]$/; # skip included vars for now $objs{$_} = 1; } } # Find include paths @incpaths = (); while ($makefile =~ /-I(\S+)/mg) { push(@incpaths, $1) unless $1 eq "."; } # Check for generated files if ($makefile =~ /GENERATED\s*=\s*(.+)$/m) { foreach (split(/\s+/, $1)) { $generated{$_} = 1; } } # Values of srcdir, top_srcdir, top_builddir, incdir %dir_vars = (); $file =~ m:^(.*)/+[^/]+:; $dir_vars{'srcdir'} = $1 || '.'; $dir_vars{'devdir'} = $dir_vars{'srcdir'}; $dir_vars{'authdir'} = $dir_vars{'srcdir'} . "/auth"; $dir_vars{'top_srcdir'} = '.'; #$dir_vars{'top_builddir'} = '.'; $dir_vars{'incdir'} = 'include'; # Find implicit rules for generated .o and .lo files %implicit = (); while ($makefile =~ /^\.c\.(l?o):\s*\n\t+(.*)$/mg) { $implicit{$1} = $2; } # Find existing .o and .lo dependencies my %old_deps; while ($makefile =~ /^(\w+\.l?o):\s*(\S+\.c)/mg) { $old_deps{$1} = $2; } # Sort files so we do .lo files first foreach my $obj (sort keys %objs) { next unless $obj =~ /(\S+)\.(l?o)$/; if ($2 eq "o" && exists($objs{"$1.lo"})) { # If we have both .lo and .o files, make the .o depend on the .lo $new_makefile .= sprintf("%s: %s.lo\n", $obj, $1); } else { # Use old depenencies when mapping objects to their source. # If no old depenency, use the MANIFEST file to find the source. my $src = $1 . '.c'; my $ext = $2; if (exists $old_deps{$obj}) { $src = $old_deps{$obj}; } elsif (exists $manifest{$src}) { $src = $manifest{$src}; foreach (sort { length($b) <=> length($a) } keys %dir_vars) { next if $_ eq "devdir"; last if $src =~ s:^\Q$dir_vars{$_}/\E:\$\($_\)/:; } } else { warn "$file: unable to find source for $obj\n"; } my $imp = $implicit{$ext}; $imp =~ s/\$ 80) { my $off = 0; my $indent = length($obj) + 2; while (length($deps) - $off > 80 - $indent) { my $pos; if ($off != 0) { $new_makefile .= ' ' x $indent; $pos = rindex($deps, ' ', $off + 80 - $indent - 2); } else { $pos = rindex($deps, ' ', $off + 78); } $new_makefile .= substr($deps, $off, $pos - $off) . " \\\n"; $off = $pos + 1; } $new_makefile .= ' ' x $indent; $new_makefile .= substr($deps, $off) . "\n"; } else { $new_makefile .= "$deps\n"; } $new_makefile .= "\t$imp\n"; } } my $newfile = $file . ".new"; if (!open(MF, ">$newfile")) { warn("cannot open $newfile: $!\n"); } else { print MF $new_makefile || warn("cannot write $newfile: $!\n"); close(MF) || warn("cannot close $newfile: $!\n");; rename($newfile, $file); } } exit(0); sub find_depends { my $src = $_[0]; my ($deps, $code, %headers); if ($src !~ /\//) { # XXX - want build dir not src dir $src = "$dir_vars{'srcdir'}/$src"; } # resolve $(srcdir) etc. foreach (keys %dir_vars) { $src =~ s/\$[\(\{]$_[\)\}]/$dir_vars{$_}/g; } # find open source file and find headers used by it if (!open(FILE, "<$src")) { warn "unable to open $src\n"; return ""; } local $/; # enable "slurp" mode $code = ; close(FILE); # find all headers while ($code =~ /^#\s*include\s+["<](\S+)[">]/mg) { my ($hdr, $hdr_path) = find_header($1); if (defined($hdr)) { $headers{$hdr} = 1; # Look for other includes in the .h file foreach (find_depends($hdr_path)) { $headers{$_} = 1; } } } sort keys %headers; } # find the path to a header file # returns path or undef if not found sub find_header { my $hdr = $_[0]; # Look for .h.in files in top_builddir and build dir return ("\$(top_builddir\)/$hdr", "./${hdr}.in") if -r "./${hdr}.in"; return ("./$hdr", "$dir_vars{'srcdir'}/${hdr}.in") if -r "$dir_vars{'srcdir'}/${hdr}.in"; if (exists $generated{$hdr}) { my $hdr_path = $dir_vars{'devdir'} . '/' . $hdr; return ('$(devdir)/' . $hdr, $hdr_path) if -r $hdr_path; } foreach my $inc (@incpaths) { my $hdr_path = "$inc/$hdr"; # resolve variables in include path foreach (keys %dir_vars) { next if $_ eq "devdir"; $hdr_path =~ s/\$[\(\{]$_[\)\}]/$dir_vars{$_}/g; } return ("$inc/$hdr", $hdr_path) if -r $hdr_path; } undef; } sudo-1.8.9p5/mkinstalldirs010075500175440000012000000030751226304126400151570ustar00millertstaff#! /bin/sh # mkinstalldirs --- make directory hierarchy # Author: Noah Friedman # Created: 1993-05-16 # Public domain umask 022 errstatus=0 dirmode="" usage="\ Usage: mkinstalldirs [-h] [--help] [-m mode] dir ..." # process command line arguments while test $# -gt 0 ; do case $1 in -h | --help | --h*) # -h for help echo "$usage" 1>&2 exit 0 ;; -m) # -m PERM arg shift test $# -eq 0 && { echo "$usage" 1>&2; exit 1; } dirmode=$1 shift ;; --) # stop option processing shift break ;; -*) # unknown option echo "$usage" 1>&2 exit 1 ;; *) # first non-opt arg break ;; esac done for file do set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` shift pathcomp= for d do pathcomp="$pathcomp$d" case $pathcomp in -*) pathcomp=./$pathcomp ;; esac if test ! -d "$pathcomp"; then echo "mkdir $pathcomp" mkdir "$pathcomp" || lasterr=$? if test ! -d "$pathcomp"; then errstatus=$lasterr else if test ! -z "$dirmode"; then echo "chmod $dirmode $pathcomp" lasterr="" chmod "$dirmode" "$pathcomp" || lasterr=$? if test ! -z "$lasterr"; then errstatus=$lasterr fi fi fi fi pathcomp="$pathcomp/" done done exit $errstatus # Local Variables: # mode: shell-script # sh-indentation: 2 # End: # mkinstalldirs ends here sudo-1.8.9p5/mkpkg010075500175440000012000000224071226304127600134130ustar00millertstaff#!/bin/sh # # Copyright (c) 2010-2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # # Build a binary package using polypkg # Usage: mkpkg [--debug] [--flavor flavor] [--platform platform] [--osversion ver] # # Make sure IFS is set to space, tab, newline in that order. space=' ' tab=' ' nl=' ' IFS=" $nl" # Parse arguments usage="usage: mkpkg [--debug] [--flavor flavor] [--platform platform] [--osversion ver]" debug=0 flavor=vanilla crossbuild=false while test $# -gt 0; do case "$1" in --debug) set -x debug=1 PPFLAGS="--debug${PPFLAGS+$space}${PPFLAGS}" ;; --flavor=?*) flavor=`echo "$1" | sed -n 's/^--flavor=\(.*\)/\1/p'` PPVARS="${PPVARS}${PPVARS+$space}flavor=$flavor" ;; --flavor) if [ $# -lt 2 ]; then echo "$usage" 1>&2 exit 1 fi flavor="$2" PPVARS="${PPVARS}${PPVARS+$space}flavor=$flavor" shift ;; --platform=?*) arg=`echo "$1" | sed -n 's/^--platform=\(.*\)/\1/p'` PPFLAGS="${PPFLAGS}${PPFLAGS+$space}--platform $arg" ;; --platform) if [ $# -lt 2 ]; then echo "$usage" 1>&2 exit 1 fi PPFLAGS="${PPFLAGS}${PPFLAGS+$space}--platform $2" shift ;; --osversion=?*) arg=`echo "$1" | sed -n 's/^--osversion=\(.*\)/\1/p'` osversion="$arg" ;; --osversion) if [ $# -lt 2 ]; then echo "$usage" 1>&2 exit 1 fi osversion="$2" shift ;; --build|--host) crossbuild=true configure_opts="${configure_opts}${configure_opts+$tab}$1" ;; *) # Pass unknown options to configure configure_opts="${configure_opts}${configure_opts+$tab}$1" ;; esac shift done top_srcdir=`dirname $0` : ${osversion="`$top_srcdir/pp --probe`"} test -n "$osversion" || exit 1 osrelease=`echo "$osversion" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'` # Choose compiler options by osversion if not cross-compiling. if [ "$crossbuild" = "false" ]; then case "$osversion" in hpux*) # Use the HP ANSI C compiler on HP-UX if possible if [ -z "$CC" -a -x /opt/ansic/bin/cc ]; then CC=/opt/ansic/bin/cc; export CC if [ -z "$CFLAGS" ]; then CFLAGS=-O; export CFLAGS fi fi ;; sol[0-9]*) # Use the Sun Studio C compiler on Solaris if possible if [ -z "$CC" -a -x /usr/bin/cc ]; then CC=/usr/bin/cc; export CC if [ -z "$CFLAGS" ]; then CFLAGS=-O; export CFLAGS fi fi ;; esac fi # Choose configure options by osversion. # We use the same configure options as vendor packages when possible. case "$osversion" in centos*|rhel*) if [ $osrelease -ge 40 ]; then # RHEL 4 and up support SELinux configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux" fi if [ $osrelease -ge 50 ]; then # RHEL 5 and up has audit support and uses a separate PAM # config file for "sudo -i". configure_opts="${configure_opts}${configure_opts+$tab}--with-linux-audit" configure_opts="${configure_opts}${configure_opts+$tab}--with-pam-login" PPVARS="${PPVARS}${PPVARS+$space}linux_audit=1.4.0" fi if [ $osrelease -ge 60 ]; then # RHEL 6 and above builds sudo with SSSD support configure_opts="${configure_opts}${configure_opts+$tab}--with-sssd" fi # Note, must indent with tabs, not spaces due to IFS trickery configure_opts="--prefix=/usr --with-logging=syslog --with-logfac=authpriv --with-pam --enable-zlib=system --with-editor=/bin/vi --with-env-editor --with-ignore-dot --with-tty-tickets --with-ldap --with-passprompt=[sudo] password for %p: --with-sendmail=/usr/sbin/sendmail $configure_opts" ;; sles*) if [ $osrelease -ge 10 ]; then # SLES 11 and higher has SELinux if [ $osrelease -ge 11 ]; then configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux" fi fi # SuSE doesn't have /usr/libexec libexec=lib case "$osversion" in *64*) gcc -v 2>&1 | grep "with-cpu=[^ ]*32" >/dev/null || libexec=lib64 ;; esac # Note, must indent with tabs, not spaces due to IFS trickery # XXX - SuSE uses secure path but only for env_reset configure_opts="--prefix=/usr --libexecdir=/usr/$libexec --with-logging=syslog --with-logfac=auth --with-all-insults --with-ignore-dot --with-tty-tickets --enable-shell-sets-home --with-sudoers-mode=0440 --with-pam --enable-zlib=system --with-ldap --with-env-editor --with-passprompt=%p\'s password: --with-sendmail=/usr/sbin/sendmail $configure_opts" make_opts='docdir=$(datarootdir)/doc/packages/$(PACKAGE_TARNAME)' ;; deb*|ubu*) # Man pages should be compressed in .deb files export MANCOMPRESS='gzip -9' export MANCOMPRESSEXT='.gz' # If Ubuntu, add --enable-admin-flag case "$osversion" in ubu*) configure_opts="${configure_opts}${configure_opts+$tab}--enable-admin-flag${tab}--without-lecture" ;; esac # Note, must indent with tabs, not spaces due to IFS trickery if test "$flavor" = "ldap"; then configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap --with-ldap-conf-file=/etc/sudo-ldap.conf" fi configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux" configure_opts="--prefix=/usr --with-all-insults --with-pam --enable-zlib=system --with-fqdn --with-logging=syslog --with-logfac=authpriv --with-env-editor --with-editor=/usr/bin/editor --with-timeout=15 --with-password-timeout=0 --with-passprompt=[sudo] password for %p: --with-timedir=/var/lib/sudo --disable-root-mailer --disable-setresuid --with-sendmail=/usr/sbin/sendmail --mandir=/usr/share/man --libexecdir=/usr/lib --with-secure-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin $configure_opts" ;; macos*) case "$osversion" in *i386|*x86_64) # Build intel-only universal binaries ARCH_FLAGS="-arch i386 -arch x86_64" ;; esac if test "${osversion}" != "`$top_srcdir/pp --probe`"; then sdkvers=`echo "${osversion}" | sed 's/^macos\([0-9][0-9]\)\([0-9]*\)-.*$/\1.\2/'` # Newer Xcode puts /Developer under the app Contents dir. SDK_DIR="/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs" if test -d "${SDK_DIR}/MacOSX${sdkvers}.sdk"; then SDK_DIR="${SDK_DIR}/MacOSX${sdkvers}.sdk" elif test -d "/Developer/SDKs/MacOSX${sdkvers}.sdk"; then SDK_DIR="/Developer/SDKs/MacOSX${sdkvers}.sdk" fi SDK_FLAGS="-isysroot ${SDK_DIR} -mmacosx-version-min=${sdkvers}" fi export CFLAGS="-O2 -g $ARCH_FLAGS $SDK_FLAGS" export LDFLAGS="$ARCH_FLAGS $SDK_FLAGS" # Note, must indent with tabs, not spaces due to IFS trickery configure_opts="--with-pam --with-bsm-audit --without-tty-tickets --enable-zlib=system --with-ldap --with-insults=disabled --with-logging=syslog --with-logfac=authpriv --with-editor=/usr/bin/vim --with-env-editor $configure_opts" ;; aix*) # Use -gxcoff with gcc instead of -g for dbx-style debugging symbols. if test -z "$CC" && gcc -v >/dev/null 2>&1; then CFLAGS=-gxcoff; export CFLAGS fi # Note, must indent with tabs, not spaces due to IFS trickery # Note: we include our own zlib instead of relying on the # AIX freeware version being installed. configure_opts=" --prefix=/opt/freeware --mandir=/opt/freeware/man --with-insults=disabled --with-logging=syslog --with-logfac=auth --with-editor=/usr/bin/vi --with-env-editor --enable-zlib=builtin --disable-nls --with-sendmail=/usr/sbin/sendmail $configure_opts" PPVARS="${PPVARS}${PPVARS+$space}aix_freeware=true" ;; *) # For Solaris, add project support and use let configure choose zlib. # For all others, use the builtin zlib and disable NLS support. case "$osversion" in sol*) configure_opts="${configure_opts}${configure_opts+$tab}--with-project" if [ $osrelease -ge 11 ]; then configure_opts="${configure_opts}${configure_opts+$tab}--with-bsm-audit" fi ;; *) configure_opts="${configure_opts}${configure_opts+$tab}--enable-zlib=builtin${tab}--disable-nls" ;; esac if test "$flavor" = "ldap"; then configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap" fi # Note, must indent with tabs, not spaces due to IFS trickery configure_opts=" --with-insults=disabled --with-logging=syslog --with-logfac=auth --with-editor=/usr/bin/vim:/usr/bin/vi:/bin/vi --with-env-editor $configure_opts" ;; esac # Remove spaces from IFS when setting $@ so that passprompt may include them OIFS="$IFS" IFS=" $nl" set -- $configure_opts $extra_opts IFS="$OIFS" if [ -r Makefile ]; then make $make_opts distclean fi $top_srcdir/configure "$@" || exit 1 make $make_opts && make $make_opts PPFLAGS="$PPFLAGS" PPVARS="$PPVARS" package test $debug -eq 0 && rm -rf destdir sudo-1.8.9p5/pathnames.h.in010064400175440000012000000101731226304126400151040ustar00millertstaff/* * Copyright (c) 1996, 1998, 1999, 2001, 2004, 2005, 2007-2012 * Todd C. Miller . * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ /* * Pathnames to programs and files used by sudo. */ #ifdef HAVE_PATHS_H #include #endif /* HAVE_PATHS_H */ #ifdef HAVE_MAILLOCK_H #include #endif /* HAVE_MAILLOCK_H */ #ifndef _PATH_DEV #define _PATH_DEV "/dev/" #endif /* _PATH_DEV */ #ifndef _PATH_TTY #define _PATH_TTY "/dev/tty" #endif /* _PATH_TTY */ #ifndef _PATH_DEVNULL #define _PATH_DEVNULL "/dev/null" #endif /* _PATH_DEVNULL */ #ifndef _PATH_DEFPATH #define _PATH_DEFPATH "/usr/bin:/bin" #endif /* _PATH_DEFPATH */ #ifndef _PATH_STDPATH #define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" #endif /* _PATH_STDPATH */ #ifndef _PATH_ENVIRONMENT #define _PATH_ENVIRONMENT "/etc/environment" #endif /* _PATH_ENVIRONMENT */ /* * NOTE: _PATH_SUDO_CONF is usually overridden by the Makefile. */ #ifndef _PATH_SUDO_CONF #define _PATH_SUDO_CONF "/etc/sudo.conf" #endif /* _PATH_SUDO_CONF */ /* * NOTE: _PATH_SUDOERS is usually overridden by the Makefile. */ #ifndef _PATH_SUDOERS #define _PATH_SUDOERS "/etc/sudoers" #endif /* _PATH_SUDOERS */ /* * The following paths are controlled via the configure script. */ /* * Where to put the timestamp files. Defaults to /var/run/sudo, * /var/adm/sudo or /usr/adm/sudo depending on what exists. */ #ifndef _PATH_SUDO_TIMEDIR #undef _PATH_SUDO_TIMEDIR #endif /* _PATH_SUDO_TIMEDIR */ /* * Where to put the I/O log files. Defaults to /var/log/sudo-io, * /var/adm/sudo-io or /usr/adm/sudo-io depending on what exists. */ #ifndef _PATH_SUDO_IO_LOGDIR #undef _PATH_SUDO_IO_LOGDIR #endif /* _PATH_SUDO_IO_LOGDIR */ /* * Where to put the sudo log file when logging to a file. Defaults to * /var/log/sudo.log if /var/log exists, else /var/adm/sudo.log. */ #ifndef _PATH_SUDO_LOGFILE #undef _PATH_SUDO_LOGFILE #endif /* _PATH_SUDO_LOGFILE */ #ifndef _PATH_SUDO_SENDMAIL #undef _PATH_SUDO_SENDMAIL #endif /* _PATH_SUDO_SENDMAIL */ #ifndef _PATH_SUDO_NOEXEC #undef _PATH_SUDO_NOEXEC #endif /* _PATH_SUDO_NOEXEC */ #ifndef _PATH_SUDO_ASKPASS #undef _PATH_SUDO_ASKPASS #endif /* _PATH_SUDO_ASKPASS */ #ifndef _PATH_SUDO_PLUGIN_DIR #undef _PATH_SUDO_PLUGIN_DIR #endif /* _PATH_SUDO_PLUGIN_DIR */ #ifndef _PATH_VI #undef _PATH_VI #endif /* _PATH_VI */ #ifndef _PATH_MV #undef _PATH_MV #endif /* _PATH_MV */ #ifndef _PATH_BSHELL #undef _PATH_BSHELL #endif /* _PATH_BSHELL */ #ifndef _PATH_TMP #define _PATH_TMP "/tmp/" #endif /* _PATH_TMP */ #ifndef _PATH_VARTMP #define _PATH_VARTMP "/var/tmp/" #endif /* _PATH_VARTMP */ #ifndef _PATH_USRTMP #define _PATH_USRTMP "/usr/tmp/" #endif /* _PATH_USRTMP */ #ifndef _PATH_MAILDIR #undef _PATH_MAILDIR #endif /* _PATH_MAILDIR */ #ifndef _PATH_UTMP #undef _PATH_UTMP #endif /* _PATH_UTMP */ #ifndef _PATH_SUDO_SESH #undef _PATH_SUDO_SESH #endif /* _PATH_SUDO_SESH */ #ifndef _PATH_LDAP_CONF #undef _PATH_LDAP_CONF #endif /* _PATH_LDAP_CONF */ #ifndef _PATH_LDAP_SECRET #undef _PATH_LDAP_SECRET #endif /* _PATH_LDAP_SECRET */ #ifndef _PATH_SSSD_LIB #undef _PATH_SSSD_LIB #endif /* _PATH_SSSD_LIB */ #ifndef _PATH_NSSWITCH_CONF #undef _PATH_NSSWITCH_CONF #endif /* _PATH_NSSWITCH_CONF */ #ifndef _PATH_NETSVC_CONF #undef _PATH_NETSVC_CONF #endif /* _PATH_NETSVC_CONF */ sudo-1.8.9p5/plugins/group_file/Makefile.in010064400175440000012000000102371226304127600202330ustar00millertstaff# # Copyright (c) 2010-2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # @configure_input@ # #### Start of system configuration section. #### srcdir = @srcdir@ devdir = @devdir@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ incdir = $(top_srcdir)/include cross_compiling = @CROSS_COMPILING@ # Compiler & tools to use CC = @CC@ LIBTOOL = @LIBTOOL@ @LT_STATIC@ # Our install program supports extra flags... INSTALL = $(SHELL) $(top_srcdir)/install-sh -c # Libraries LT_LIBS = $(LIBOBJDIR)libreplace.la LIBS = $(LT_LIBS) # C preprocessor flags CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(top_srcdir) @CPPFLAGS@ # Usually -O and/or -g CFLAGS = @CFLAGS@ # Flags to pass to the link stage LDFLAGS = @LDFLAGS@ LT_LDFLAGS = @LT_LDFLAGS@ @LT_LDMAP@ @LT_LDOPT@ @LT_LDEXPORTS@ # PIE flags PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ # Stack smashing protection flags SSP_CFLAGS = @SSP_CFLAGS@ SSP_LDFLAGS = @SSP_LDFLAGS@ # Where to install things... prefix = @prefix@ exec_prefix = @exec_prefix@ bindir = @bindir@ sbindir = @sbindir@ sysconfdir = @sysconfdir@ libexecdir = @libexecdir@ datarootdir = @datarootdir@ localstatedir = @localstatedir@ plugindir = @PLUGINDIR@ # File extension, mode and map file to use for shared libraries/objects soext = @SOEXT@ shlib_mode = @SHLIB_MODE@ shlib_exp = $(srcdir)/group_file.exp shlib_map = group_file.map shlib_opt = group_file.opt # OS dependent defines DEFS = @OSDEFS@ #### End of system configuration section. #### SHELL = @SHELL@ OBJS = group_file.lo getgrent.lo LIBOBJDIR = $(top_builddir)/@ac_config_libobj_dir@/ VERSION = @PACKAGE_VERSION@ all: group_file.la Makefile: $(srcdir)/Makefile.in (cd $(top_builddir) && ./config.status --file plugins/group_file/Makefile) .SUFFIXES: .o .c .h .lo .c.lo: $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $< $(shlib_map): $(shlib_exp) @awk 'BEGIN { print "{\n\tglobal:" } { print "\t\t"$$0";" } END { print "\tlocal:\n\t\t*;\n};" }' $(shlib_exp) > $@ $(shlib_opt): $(shlib_exp) @sed 's/^/+e /' $(shlib_exp) > $@ group_file.la: $(OBJS) $(LT_LIBS) @LT_LDDEP@ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) -o $@ $(OBJS) $(LIBS) -module -avoid-version -rpath $(plugindir) pre-install: install: install-plugin install-dirs: $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir) install-binaries: install-includes: install-doc: install-plugin: install-dirs group_file.la if [ X"$(soext)" != X"" ]; then \ $(INSTALL) -b~ -m $(shlib_mode) .libs/group_file$(soext) $(DESTDIR)$(plugindir)/group_file.so; \ fi uninstall: -rm -f $(DESTDIR)$(plugindir)/group_file.so check: clean: -$(LIBTOOL) --mode=clean rm -f *.lo *.o *.la *.a stamp-* core *.core core.* mostlyclean: clean distclean: clean -rm -rf Makefile .libs clobber: distclean realclean: distclean rm -f TAGS tags cleandir: realclean # Autogenerated dependencies, do not modify getgrent.lo: $(srcdir)/getgrent.c $(incdir)/missing.h $(incdir)/sudo_util.h \ $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getgrent.c group_file.lo: $(srcdir)/group_file.c $(incdir)/missing.h \ $(incdir)/sudo_plugin.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/group_file.c sudo-1.8.9p5/plugins/group_file/getgrent.c010064400175440000012000000077321226304126400201540ustar00millertstaff/* * Copyright (c) 2005,2008,2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * Trivial replacements for the libc getgr{uid,nam}() routines. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include #include #include #include #include "missing.h" #include "sudo_util.h" #ifndef LINE_MAX # define LINE_MAX 2048 #endif #undef GRMEM_MAX #define GRMEM_MAX 200 static FILE *grf; static const char *grfile = "/etc/group"; static int gr_stayopen; void mysetgrfile(const char *); void mysetgrent(void); void myendgrent(void); struct group *mygetgrent(void); struct group *mygetgrnam(const char *); struct group *mygetgrgid(gid_t); void mysetgrfile(const char *file) { grfile = file; if (grf != NULL) myendgrent(); } void mysetgrent(void) { if (grf == NULL) { grf = fopen(grfile, "r"); if (grf != NULL) fcntl(fileno(grf), F_SETFD, FD_CLOEXEC); } else { rewind(grf); } gr_stayopen = 1; } void myendgrent(void) { if (grf != NULL) { fclose(grf); grf = NULL; } gr_stayopen = 0; } struct group * mygetgrent(void) { static struct group gr; static char grbuf[LINE_MAX], *gr_mem[GRMEM_MAX+1]; size_t len; id_t id; char *cp, *colon; const char *errstr; int n; next_entry: if ((colon = fgets(grbuf, sizeof(grbuf), grf)) == NULL) return NULL; memset(&gr, 0, sizeof(gr)); if ((colon = strchr(cp = colon, ':')) == NULL) goto next_entry; *colon++ = '\0'; gr.gr_name = cp; if ((colon = strchr(cp = colon, ':')) == NULL) goto next_entry; *colon++ = '\0'; gr.gr_passwd = cp; if ((colon = strchr(cp = colon, ':')) == NULL) goto next_entry; *colon++ = '\0'; id = atoid(cp, NULL, NULL, &errstr); if (errstr != NULL) goto next_entry; gr.gr_gid = (gid_t)id; len = strlen(colon); if (len > 0 && colon[len - 1] == '\n') colon[len - 1] = '\0'; if (*colon != '\0') { gr.gr_mem = gr_mem; cp = strtok(colon, ","); for (n = 0; cp != NULL && n < GRMEM_MAX; n++) { gr.gr_mem[n] = cp; cp = strtok(NULL, ","); } gr.gr_mem[n++] = NULL; } else gr.gr_mem = NULL; return &gr; } struct group * mygetgrnam(const char *name) { struct group *gr; if (grf == NULL) { if ((grf = fopen(grfile, "r")) == NULL) return NULL; fcntl(fileno(grf), F_SETFD, FD_CLOEXEC); } else { rewind(grf); } while ((gr = mygetgrent()) != NULL) { if (strcmp(gr->gr_name, name) == 0) break; } if (!gr_stayopen) { fclose(grf); grf = NULL; } return gr; } struct group * mygetgrgid(gid_t gid) { struct group *gr; if (grf == NULL) { if ((grf = fopen(grfile, "r")) == NULL) return NULL; fcntl(fileno(grf), F_SETFD, FD_CLOEXEC); } else { rewind(grf); } while ((gr = mygetgrent()) != NULL) { if (gr->gr_gid == gid) break; } if (!gr_stayopen) { fclose(grf); grf = NULL; } return gr; } sudo-1.8.9p5/plugins/group_file/group_file.c010064400175440000012000000065521226304126400204670ustar00millertstaff/* * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif /* HAVE_STDBOOL_H */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include #include #include #include "sudo_plugin.h" #include "missing.h" /* * Sample sudoers group plugin that uses an extra group file with the * same format as /etc/group. */ static sudo_printf_t sudo_log; extern void mysetgrfile(const char *); extern void mysetgrent(void); extern void myendgrent(void); extern struct group *mygetgrnam(const char *); static int sample_init(int version, sudo_printf_t sudo_printf, char *const argv[]) { struct stat sb; sudo_log = sudo_printf; if (GROUP_API_VERSION_GET_MAJOR(version) != GROUP_API_VERSION_MAJOR) { sudo_log(SUDO_CONV_ERROR_MSG, "group_file: incompatible major version %d, expected %d\n", GROUP_API_VERSION_GET_MAJOR(version), GROUP_API_VERSION_MAJOR); return -1; } /* Sanity check the specified group file. */ if (argv == NULL || argv[0] == NULL) { sudo_log(SUDO_CONV_ERROR_MSG, "group_file: path to group file not specified\n"); return -1; } if (stat(argv[0], &sb) != 0) { sudo_log(SUDO_CONV_ERROR_MSG, "group_file: %s: %s\n", argv[0], strerror(errno)); return -1; } if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { sudo_log(SUDO_CONV_ERROR_MSG, "%s must be only be writable by owner\n", argv[0]); return -1; } mysetgrfile(argv[0]); mysetgrent(); return true; } static void sample_cleanup(void) { myendgrent(); } /* * Returns true if "user" is a member of "group", else false. */ static int sample_query(const char *user, const char *group, const struct passwd *pwd) { struct group *grp; char **member; grp = mygetgrnam(group); if (grp != NULL) { for (member = grp->gr_mem; *member != NULL; member++) { if (strcasecmp(user, *member) == 0) return true; } } return false; } __dso_public struct sudoers_group_plugin group_plugin = { GROUP_API_VERSION, sample_init, sample_cleanup, sample_query }; sudo-1.8.9p5/plugins/group_file/group_file.exp010064400175440000012000000000151226304126400210250ustar00millertstaffgroup_plugin sudo-1.8.9p5/plugins/group_file/plugin_test.c010064400175440000012000000113611226304126400206630ustar00millertstaff/* * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #include #include #include #include #include #include #include "sudo_plugin.h" __dso_public int main(int argc, char *argv[]); /* * Simple driver to test sudoer group plugins. * usage: plugin_test [-p "plugin.so plugin_args ..."] user:group ... */ static void *group_handle; static struct sudoers_group_plugin *group_plugin; static int plugin_printf(int msg_type, const char *fmt, ...) { va_list ap; FILE *fp; switch (msg_type) { case SUDO_CONV_INFO_MSG: fp = stdout; break; case SUDO_CONV_ERROR_MSG: fp = stderr; break; default: errno = EINVAL; return -1; } va_start(ap, fmt); vfprintf(fp, fmt, ap); va_end(ap); return 0; } /* * Load the specified plugin and run its init function. * Returns -1 if unable to open the plugin, else it returns * the value from the plugin's init function. */ static int group_plugin_load(char *plugin_info) { char *args, path[PATH_MAX], savedch; char **argv = NULL; int rc; /* * Fill in .so path and split out args (if any). */ if ((args = strpbrk(plugin_info, " \t")) != NULL) { savedch = *args; *args = '\0'; } strncpy(path, plugin_info, sizeof(path) - 1); path[sizeof(path) - 1] = '\0'; if (args != NULL) *args++ = savedch; /* Open plugin and map in symbol. */ group_handle = dlopen(path, RTLD_LAZY); if (!group_handle) { fprintf(stderr, "unable to dlopen %s: %s\n", path, dlerror()); return -1; } group_plugin = dlsym(group_handle, "group_plugin"); if (group_plugin == NULL) { fprintf(stderr, "unable to find symbol \"group_plugin\" in %s\n", path); return -1; } if (GROUP_API_VERSION_GET_MAJOR(group_plugin->version) != GROUP_API_VERSION_MAJOR) { fprintf(stderr, "%s: incompatible group plugin major version %d, expected %d\n", path, GROUP_API_VERSION_GET_MAJOR(group_plugin->version), GROUP_API_VERSION_MAJOR); return -1; } /* * Split args into a vector if specified. */ if (args != NULL) { int ac = 0, wasblank = 1; char *cp; for (cp = args; *cp != '\0'; cp++) { if (isblank((unsigned char)*cp)) { wasblank = 1; } else if (wasblank) { wasblank = 0; ac++; } } if (ac != 0) { argv = malloc(ac * sizeof(char *)); if (argv == NULL) { perror(NULL); return -1; } ac = 0; for ((cp = strtok(args, " \t")); cp; (cp = strtok(NULL, " \t"))) argv[ac++] = cp; } } rc = (group_plugin->init)(GROUP_API_VERSION, plugin_printf, argv); free(argv); return rc; } static void group_plugin_unload(void) { (group_plugin->cleanup)(); dlclose(group_handle); group_handle = NULL; } static int group_plugin_query(const char *user, const char *group, const struct passwd *pwd) { return group_plugin->query)(user, group, pwd; } static void usage(void) { fprintf(stderr, "usage: plugin_test [-p \"plugin.so plugin_args ...\"] user:group ...\n"); exit(1); } int main(int argc, char *argv[]) { int ch, i, found; char *plugin = "group_file.so"; char *user, *group; struct passwd *pwd; while ((ch = getopt(argc, argv, "p:")) != -1) { switch (ch) { case 'p': plugin = optarg; break; default: usage(); } } argc -= optind; argv += optind; if (argc < 1) usage(); if (group_plugin_load(plugin) != 1) { fprintf(stderr, "unable to load plugin: %s\n", plugin); exit(1); } for (i = 0; argv[i] != NULL; i++) { user = argv[i]; group = strchr(argv[i], ':'); if (group == NULL) continue; *group++ = '\0'; pwd = getpwnam(user); found = group_plugin_query(user, group, pwd); printf("user %s %s in group %s\n", user, found ? "is" : "NOT ", group); } group_plugin_unload(); exit(0); } sudo-1.8.9p5/plugins/sample/Makefile.in010064400175440000012000000076631226304126400173670ustar00millertstaff# # Copyright (c) 2011-2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # @configure_input@ # #### Start of system configuration section. #### srcdir = @srcdir@ devdir = @devdir@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ incdir = $(top_srcdir)/include cross_compiling = @CROSS_COMPILING@ # Compiler & tools to use CC = @CC@ LIBTOOL = @LIBTOOL@ @LT_STATIC@ # Our install program supports extra flags... INSTALL = $(SHELL) $(top_srcdir)/install-sh -c # Libraries LIBS = $(LIBOBJDIR)/libreplace.la # C preprocessor flags CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(top_srcdir) @CPPFLAGS@ # Usually -O and/or -g CFLAGS = @CFLAGS@ # Flags to pass to the link stage LDFLAGS = @LDFLAGS@ LT_LDFLAGS = @LT_LDFLAGS@ @LT_LDMAP@ @LT_LDOPT@ @LT_LDEXPORTS@ # PIE flags PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ # Stack smashing protection flags SSP_CFLAGS = @SSP_CFLAGS@ SSP_LDFLAGS = @SSP_LDFLAGS@ # Where to install things... prefix = @prefix@ exec_prefix = @exec_prefix@ bindir = @bindir@ sbindir = @sbindir@ sysconfdir = @sysconfdir@ libexecdir = @libexecdir@ datarootdir = @datarootdir@ localstatedir = @localstatedir@ plugindir = @PLUGINDIR@ # File extension, mode and map file to use for shared libraries/objects soext = @SOEXT@ shlib_mode = @SHLIB_MODE@ shlib_exp = $(srcdir)/sample_plugin.exp shlib_map = sample_plugin.map shlib_opt = sample_plugin.opt # OS dependent defines DEFS = @OSDEFS@ #### End of system configuration section. #### SHELL = @SHELL@ OBJS = sample_plugin.lo LIBOBJDIR = $(top_builddir)/@ac_config_libobj_dir@/ VERSION = @PACKAGE_VERSION@ all: sample_plugin.la Makefile: $(srcdir)/Makefile.in (cd $(top_builddir) && ./config.status --file plugins/sample/Makefile) .SUFFIXES: .o .c .h .lo .c.lo: $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $< $(shlib_map): $(shlib_exp) @awk 'BEGIN { print "{\n\tglobal:" } { print "\t\t"$$0";" } END { print "\tlocal:\n\t\t*;\n};" }' $(shlib_exp) > $@ $(shlib_opt): $(shlib_exp) @sed 's/^/+e /' $(shlib_exp) > $@ sample_plugin.la: $(OBJS) @LT_LDDEP@ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) -o $@ $(OBJS) $(LIBS) -module -avoid-version -rpath $(plugindir) pre-install: install: install-plugin install-dirs: $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir) install-binaries: install-includes: install-doc: install-plugin: install-dirs sample_plugin.la if [ X"$(soext)" != X"" ]; then \ $(INSTALL) -b~ -m $(shlib_mode) .libs/sample_plugin$(soext) $(DESTDIR)$(plugindir)/sample_plugin.so; \ fi uninstall: -rm -f $(DESTDIR)$(plugindir)/sample_plugin.so check: clean: -$(LIBTOOL) --mode=clean rm -f *.lo *.o *.la *.a stamp-* core *.core core.* mostlyclean: clean distclean: clean -rm -rf Makefile .libs clobber: distclean realclean: distclean rm -f TAGS tags cleandir: realclean # Autogenerated dependencies, do not modify sample_plugin.lo: $(srcdir)/sample_plugin.c $(incdir)/missing.h \ $(incdir)/sudo_plugin.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sample_plugin.c sudo-1.8.9p5/plugins/sample/sample_plugin.c010064400175440000012000000316401226304126400203150ustar00millertstaff/* * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif /* HAVE_STDBOOL_H */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include #include #include #include #include "sudo_plugin.h" #include "missing.h" /* * Sample plugin module that allows any user who knows the password * ("test") to run any command as root. Since there is no credential * caching the validate and invalidate functions are NULL. */ #ifdef __TANDEM # define ROOT_UID 65535 #else # define ROOT_UID 0 #endif static struct plugin_state { char **envp; char * const *settings; char * const *user_info; } plugin_state; static sudo_conv_t sudo_conv; static sudo_printf_t sudo_log; static FILE *input, *output; static uid_t runas_uid = ROOT_UID; static gid_t runas_gid = -1; static int use_sudoedit = false; /* * Allocate storage for a name=value string and return it. */ static char * fmt_string(const char *var, const char *val) { size_t var_len = strlen(var); size_t val_len = strlen(val); char *cp, *str; cp = str = malloc(var_len + 1 + val_len + 1); if (str != NULL) { memcpy(cp, var, var_len); cp += var_len; *cp++ = '='; memcpy(cp, val, val_len); cp += val_len; *cp = '\0'; } return str; } /* * Plugin policy open function. */ static int policy_open(unsigned int version, sudo_conv_t conversation, sudo_printf_t sudo_printf, char * const settings[], char * const user_info[], char * const user_env[], char * const args[]) { char * const *ui; struct passwd *pw; const char *runas_user = NULL; struct group *gr; const char *runas_group = NULL; if (!sudo_conv) sudo_conv = conversation; if (!sudo_log) sudo_log = sudo_printf; if (SUDO_API_VERSION_GET_MAJOR(version) != SUDO_API_VERSION_MAJOR) { sudo_log(SUDO_CONV_ERROR_MSG, "the sample plugin requires API version %d.x\n", SUDO_API_VERSION_MAJOR); return -1; } /* Only allow commands to be run as root. */ for (ui = settings; *ui != NULL; ui++) { if (strncmp(*ui, "runas_user=", sizeof("runas_user=") - 1) == 0) { runas_user = *ui + sizeof("runas_user=") - 1; } if (strncmp(*ui, "runas_group=", sizeof("runas_group=") - 1) == 0) { runas_group = *ui + sizeof("runas_group=") - 1; } if (strncmp(*ui, "progname=", sizeof("progname=") - 1) == 0) { initprogname(*ui + sizeof("progname=") - 1); } /* Check to see if sudo was called as sudoedit or with -e flag. */ if (strncmp(*ui, "sudoedit=", sizeof("sudoedit=") - 1) == 0) { if (strcasecmp(*ui + sizeof("sudoedit=") - 1, "true") == 0) use_sudoedit = true; } /* This plugin doesn't support running sudo with no arguments. */ if (strncmp(*ui, "implied_shell=", sizeof("implied_shell=") - 1) == 0) { if (strcasecmp(*ui + sizeof("implied_shell=") - 1, "true") == 0) return -2; /* usage error */ } } if (runas_user != NULL) { if ((pw = getpwnam(runas_user)) == NULL) { sudo_log(SUDO_CONV_ERROR_MSG, "unknown user %s\n", runas_user); return 0; } runas_uid = pw->pw_uid; } if (runas_group != NULL) { if ((gr = getgrnam(runas_group)) == NULL) { sudo_log(SUDO_CONV_ERROR_MSG, "unknown group %s\n", runas_group); return 0; } runas_gid = gr->gr_gid; } /* Plugin state. */ plugin_state.envp = (char **)user_env; plugin_state.settings = settings; plugin_state.user_info = user_info; return 1; } static char * find_in_path(char *command, char **envp) { struct stat sb; char *path, *path0, **ep, *cp; char pathbuf[PATH_MAX], *qualified = NULL; if (strchr(command, '/') != NULL) return command; path = _PATH_DEFPATH; for (ep = plugin_state.envp; *ep != NULL; ep++) { if (strncmp(*ep, "PATH=", 5) == 0) { path = *ep + 5; break; } } path = path0 = strdup(path); do { if ((cp = strchr(path, ':'))) *cp = '\0'; snprintf(pathbuf, sizeof(pathbuf), "%s/%s", *path ? path : ".", command); if (stat(pathbuf, &sb) == 0) { if (S_ISREG(sb.st_mode) && (sb.st_mode & 0000111)) { qualified = pathbuf; break; } } path = cp + 1; } while (cp != NULL); free(path0); return qualified ? strdup(qualified) : NULL; } static int check_passwd(void) { struct sudo_conv_message msg; struct sudo_conv_reply repl; /* Prompt user for password via conversation function. */ memset(&msg, 0, sizeof(msg)); msg.msg_type = SUDO_CONV_PROMPT_ECHO_OFF; msg.msg = "Password: "; memset(&repl, 0, sizeof(repl)); sudo_conv(1, &msg, &repl); if (repl.reply == NULL) { sudo_log(SUDO_CONV_ERROR_MSG, "missing password\n"); return false; } if (strcmp(repl.reply, "test") != 0) { sudo_log(SUDO_CONV_ERROR_MSG, "incorrect password\n"); return false; } return true; } static char ** build_command_info(const char *command) { static char **command_info; int i = 0; /* Setup command info. */ command_info = calloc(32, sizeof(char *)); if (command_info == NULL) return NULL; if ((command_info[i++] = fmt_string("command", command)) == NULL || asprintf(&command_info[i++], "runas_euid=%ld", (long)runas_uid) == -1 || asprintf(&command_info[i++], "runas_uid=%ld", (long)runas_uid) == -1) { return NULL; } if (runas_gid != -1) { if (asprintf(&command_info[i++], "runas_gid=%ld", (long)runas_gid) == -1 || asprintf(&command_info[i++], "runas_egid=%ld", (long)runas_gid) == -1) { return NULL; } } if (use_sudoedit) { command_info[i] = strdup("sudoedit=true"); if (command_info[i++] == NULL) return NULL; } #ifdef USE_TIMEOUT command_info[i++] = "timeout=30"; #endif return command_info; } static char * find_editor(int nfiles, char * const files[], char **argv_out[]) { char *cp, **ep, **nargv, *editor, *editor_path; int ac, i, nargc, wasblank; /* Lookup EDITOR in user's environment. */ editor = _PATH_VI; for (ep = plugin_state.envp; *ep != NULL; ep++) { if (strncmp(*ep, "EDITOR=", 7) == 0) { editor = *ep + 7; break; } } editor = strdup(editor); if (editor == NULL) { sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n"); return NULL; } /* * Split editor into an argument vector; editor is reused (do not free). * The EDITOR environment variables may contain command * line args so look for those and alloc space for them too. */ nargc = 1; for (wasblank = 0, cp = editor; *cp != '\0'; cp++) { if (isblank((unsigned char) *cp)) wasblank = 1; else if (wasblank) { wasblank = 0; nargc++; } } /* If we can't find the editor in the user's PATH, give up. */ cp = strtok(editor, " \t"); if (cp == NULL || (editor_path = find_in_path(editor, plugin_state.envp)) == NULL) { free(editor); return NULL; } if (editor_path != editor) free(editor); nargv = (char **) malloc((nargc + 1 + nfiles + 1) * sizeof(char *)); if (nargv == NULL) { sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n"); free(editor_path); return NULL; } for (ac = 0; cp != NULL && ac < nargc; ac++) { nargv[ac] = cp; cp = strtok(NULL, " \t"); } nargv[ac++] = "--"; for (i = 0; i < nfiles; ) nargv[ac++] = files[i++]; nargv[ac] = NULL; *argv_out = nargv; return editor_path; } /* * Plugin policy check function. * Simple example that prompts for a password, hard-coded to "test". */ static int policy_check(int argc, char * const argv[], char *env_add[], char **command_info_out[], char **argv_out[], char **user_env_out[]) { char *command; if (!argc || argv[0] == NULL) { sudo_log(SUDO_CONV_ERROR_MSG, "no command specified\n"); return false; } if (!check_passwd()) return false; command = find_in_path(argv[0], plugin_state.envp); if (command == NULL) { sudo_log(SUDO_CONV_ERROR_MSG, "%s: command not found\n", argv[0]); return false; } /* If "sudo vi" is run, auto-convert to sudoedit. */ if (strcmp(command, _PATH_VI) == 0) use_sudoedit = true; if (use_sudoedit) { /* Rebuild argv using editor */ free(command); command = find_editor(argc - 1, argv + 1, argv_out); if (command == NULL) { sudo_log(SUDO_CONV_ERROR_MSG, "unable to find valid editor\n"); return -1; } use_sudoedit = true; } else { /* No changes needd to argv */ *argv_out = (char **)argv; } /* No changes to envp */ *user_env_out = plugin_state.envp; /* Setup command info. */ *command_info_out = build_command_info(command); free(command); if (*command_info_out == NULL) { sudo_log(SUDO_CONV_ERROR_MSG, "out of memory\n"); return -1; } return true; } static int policy_list(int argc, char * const argv[], int verbose, const char *list_user) { /* * List user's capabilities. */ sudo_log(SUDO_CONV_INFO_MSG, "Validated users may run any command\n"); return true; } static int policy_version(int verbose) { sudo_log(SUDO_CONV_INFO_MSG, "Sample policy plugin version %s\n", PACKAGE_VERSION); return true; } static void policy_close(int exit_status, int error) { /* * The policy might log the command exit status here. * In this example, we just print a message. */ if (error) { sudo_log(SUDO_CONV_ERROR_MSG, "Command error: %s\n", strerror(error)); } else { if (WIFEXITED(exit_status)) { sudo_log(SUDO_CONV_INFO_MSG, "Command exited with status %d\n", WEXITSTATUS(exit_status)); } else if (WIFSIGNALED(exit_status)) { sudo_log(SUDO_CONV_INFO_MSG, "Command killed by signal %d\n", WTERMSIG(exit_status)); } } } static int io_open(unsigned int version, sudo_conv_t conversation, sudo_printf_t sudo_printf, char * const settings[], char * const user_info[], char * const command_info[], int argc, char * const argv[], char * const user_env[], char * const args[]) { int fd; char path[PATH_MAX]; if (!sudo_conv) sudo_conv = conversation; if (!sudo_log) sudo_log = sudo_printf; /* Open input and output files. */ snprintf(path, sizeof(path), "/var/tmp/sample-%u.output", (unsigned int)getpid()); fd = open(path, O_WRONLY|O_CREAT|O_EXCL, 0644); if (fd == -1) return false; output = fdopen(fd, "w"); snprintf(path, sizeof(path), "/var/tmp/sample-%u.input", (unsigned int)getpid()); fd = open(path, O_WRONLY|O_CREAT|O_EXCL, 0644); if (fd == -1) return false; input = fdopen(fd, "w"); return true; } static void io_close(int exit_status, int error) { fclose(input); fclose(output); } static int io_version(int verbose) { sudo_log(SUDO_CONV_INFO_MSG, "Sample I/O plugin version %s\n", PACKAGE_VERSION); return true; } static int io_log_input(const char *buf, unsigned int len) { ignore_result(fwrite(buf, len, 1, input)); return true; } static int io_log_output(const char *buf, unsigned int len) { ignore_result(fwrite(buf, len, 1, output)); return true; } struct policy_plugin sample_policy = { SUDO_POLICY_PLUGIN, SUDO_API_VERSION, policy_open, policy_close, policy_version, policy_check, policy_list, NULL, /* validate */ NULL, /* invalidate */ NULL, /* init_session */ NULL, /* register_hooks */ NULL /* deregister_hooks */ }; /* * Note: This plugin does not differentiate between tty and pipe I/O. * It all gets logged to the same file. */ __dso_public struct io_plugin sample_io = { SUDO_IO_PLUGIN, SUDO_API_VERSION, io_open, io_close, io_version, io_log_input, /* tty input */ io_log_output, /* tty output */ io_log_input, /* command stdin if not tty */ io_log_output, /* command stdout if not tty */ io_log_output /* command stderr if not tty */ }; sudo-1.8.9p5/plugins/sample/sample_plugin.exp010064400175440000012000000000301226304126400206540ustar00millertstaffsample_policy sample_io sudo-1.8.9p5/plugins/sudoers/Makefile.in010064400175440000012000001452001226304127700175640ustar00millertstaff# # Copyright (c) 1996, 1998-2005, 2007-2013 # Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # Sponsored in part by the Defense Advanced Research Projects # Agency (DARPA) and Air Force Research Laboratory, Air Force # Materiel Command, USAF, under agreement number F39502-99-1-0512. # # @configure_input@ # #### Start of system configuration section. #### srcdir = @srcdir@ devdir = @devdir@ authdir = $(srcdir)/auth top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ incdir = $(top_srcdir)/include docdir = @docdir@ timedir = @timedir@ libdir = @libdir@ cross_compiling = @CROSS_COMPILING@ # Compiler & tools to use CC = @CC@ LIBTOOL = @LIBTOOL@ FLEX = @FLEX@ YACC = @YACC@ PERL = perl # Our install program supports extra flags... INSTALL = $(SHELL) $(top_srcdir)/install-sh -c # Libraries LT_LIBS = $(top_builddir)/common/libsudo_util.la $(LIBOBJDIR)libreplace.la LIBS = $(LT_LIBS) @LIBINTL@ NET_LIBS = @NET_LIBS@ SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBDL@ REPLAY_LIBS = @REPLAY_LIBS@ @ZLIB@ # C preprocessor flags CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(devdir) -I$(srcdir) -I$(top_srcdir) -DLIBDIR=\"$(libdir)\" @CPPFLAGS@ # Usually -O and/or -g CFLAGS = @CFLAGS@ # Flags to pass to the link stage LDFLAGS = @LDFLAGS@ LT_LDFLAGS = @SUDOERS_LDFLAGS@ @LT_LDFLAGS@ @LT_LDMAP@ @LT_LDOPT@ @LT_LDEXPORTS@ # PIE flags PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ # Stack smashing protection flags SSP_CFLAGS = @SSP_CFLAGS@ SSP_LDFLAGS = @SSP_LDFLAGS@ # Where to install things... prefix = @prefix@ exec_prefix = @exec_prefix@ bindir = @bindir@ sbindir = @sbindir@ sysconfdir = @sysconfdir@ libexecdir = @libexecdir@ datarootdir = @datarootdir@ localedir = @localedir@ localstatedir = @localstatedir@ # File extension, mode and map file to use for shared libraries/objects soext = @SOEXT@ shlib_mode = @SHLIB_MODE@ shlib_exp = $(srcdir)/sudoers.exp shlib_map = sudoers.map shlib_opt = sudoers.opt # Directory in which to install the sudoers plugin plugindir = @PLUGINDIR@ # Directory in which to install the sudoers file sudoersdir = $(sysconfdir) # Directory in which to install sudoreplay. replaydir = $(bindir) # Directory in which to install visudo visudodir = $(sbindir) # User and group ids the installed files should be "owned" by install_uid = 0 install_gid = 0 # User, group, and mode the sudoers file should be "owned" by (configure) sudoers_uid = @SUDOERS_UID@ sudoers_gid = @SUDOERS_GID@ sudoers_mode = @SUDOERS_MODE@ # Pass in paths and uid/gid + OS dependent defines DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" \ -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) \ -DSUDOERS_MODE=$(sudoers_mode) -DLOCALEDIR=\"$(localedir)\" # Set to non-empty for development mode DEVEL = @DEVEL@ #### End of system configuration section. #### SHELL = @SHELL@ PROGS = sudoers.la visudo sudoreplay testsudoers TEST_PROGS = check_iolog_path check_fill check_wrap check_addr check_symbols \ check_digest check_base64 AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@ LIBPARSESUDOERS_OBJS = alias.lo audit.lo base64.lo defaults.lo hexchar.lo \ gram.lo match.lo match_addr.lo pwutil.lo pwutil_impl.lo \ timestr.lo toke.lo toke_util.lo redblack.lo sha2.lo SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo env.lo find_path.lo \ goodpath.lo group_plugin.lo interfaces.lo iolog.lo \ iolog_path.lo locale.lo logging.lo logwrap.lo parse.lo \ policy.lo prompt.lo set_perms.lo sudo_nss.lo sudoers.lo \ timestamp.lo @SUDOERS_OBJS@ VISUDO_OBJS = find_path.o goodpath.o locale.o visudo.o visudo_json.o REPLAY_OBJS = getdate.o locale.o sudoreplay.o TEST_OBJS = group_plugin.o interfaces.o locale.o net_ifs.o \ testsudoers.o tsgetgrpw.o CHECK_ADDR_OBJS = check_addr.o interfaces.o locale.o match_addr.o CHECK_BASE64_OBJS = check_base64.o base64.o locale.o CHECK_DIGEST_OBJS = check_digest.o sha2.o CHECK_FILL_OBJS = check_fill.o hexchar.o locale.o toke_util.o CHECK_IOLOG_PATH_OBJS = check_iolog_path.o iolog_path.o locale.o \ pwutil.o pwutil_impl.o redblack.o CHECK_SYMBOLS_OBJS = check_symbols.o locale.o CHECK_WRAP_OBJS = check_wrap.o locale.o logwrap.o LIBOBJDIR = $(top_builddir)/@ac_config_libobj_dir@/ VERSION = @PACKAGE_VERSION@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ all: $(PROGS) .SUFFIXES: .o .c .h .l .y .lo .c.o: $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $< .c.lo: $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $< $(shlib_map): $(shlib_exp) @awk 'BEGIN { print "{\n\tglobal:" } { print "\t\t"$$0";" } END { print "\tlocal:\n\t\t*;\n};" }' $(shlib_exp) > $@ $(shlib_opt): $(shlib_exp) @sed 's/^/+e /' $(shlib_exp) > $@ # Prevent default rules from building .c files from .l and .y files .l.c: .y.c: Makefile: $(srcdir)/Makefile.in (cd $(top_builddir) && ./config.status --file plugins/sudoers/Makefile) libparsesudoers.la: $(LIBPARSESUDOERS_OBJS) $(LIBTOOL) --mode=link $(CC) -o $@ $(LIBPARSESUDOERS_OBJS) -no-install sudoers.la: $(SUDOERS_OBJS) $(LT_LIBS) libparsesudoers.la @LT_LDDEP@ $(LIBTOOL) @LT_STATIC@ --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) -o $@ $(SUDOERS_OBJS) libparsesudoers.la $(SUDOERS_LIBS) -module -avoid-version -rpath $(plugindir) visudo: libparsesudoers.la $(VISUDO_OBJS) $(LT_LIBS) $(LIBTOOL) --mode=link $(CC) -o $@ $(VISUDO_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(LIBS) $(NET_LIBS) sudoreplay: timestr.lo $(REPLAY_OBJS) $(LT_LIBS) $(LIBTOOL) --mode=link $(CC) -o $@ $(REPLAY_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) timestr.lo $(REPLAY_LIBS) $(LIBS) testsudoers: libparsesudoers.la $(TEST_OBJS) $(LT_LIBS) $(LIBTOOL) --mode=link $(CC) -o $@ $(TEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(LIBS) $(NET_LIBS) @LIBDL@ check_addr: $(CHECK_ADDR_OBJS) $(LT_LIBS) $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_ADDR_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) $(NET_LIBS) check_base64: $(CHECK_BASE64_OBJS) $(LT_LIBS) $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_BASE64_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) check_digest: $(CHECK_DIGEST_OBJS) $(LT_LIBS) $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_DIGEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) check_fill: $(CHECK_FILL_OBJS) $(LT_LIBS) $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_FILL_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) check_iolog_path: $(CHECK_IOLOG_PATH_OBJS) $(LT_LIBS) $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_IOLOG_PATH_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) # We need to link check_symbols with -lpthread on HP-UX since LDAP uses threads check_symbols: $(CHECK_SYMBOLS_OBJS) $(LT_LIBS) if [ X"$(soext)" != X"" ]; then \ $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_SYMBOLS_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @SUDO_LIBS@ @LIBDL@; \ fi check_wrap: $(CHECK_WRAP_OBJS) $(LT_LIBS) $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_WRAP_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) GENERATED = gram.h gram.c toke.c def_data.c def_data.h getdate.c $(devdir)/gram.c $(devdir)/gram.h: $(srcdir)/gram.y @if [ -n "$(DEVEL)" ]; then \ if test "$(srcdir)" = "."; then \ gram_y="gram.y"; \ else \ gram_y="$(srcdir)/gram.y"; \ fi; \ cmd='$(YACC) -d -p sudoers '"$$gram_y"'; echo "#include " > $(devdir)/gram.c; sed "s/^\\(#line .*\\) \"y\\.tab\\.c\"/\1 \"gram.c\"/" y.tab.c >> $(devdir)/gram.c; rm -f y.tab.c; mv -f y.tab.h $(devdir)/gram.h'; \ echo "$$cmd"; eval $$cmd; \ fi $(devdir)/toke.c: $(srcdir)/toke.l @if [ -n "$(DEVEL)" ]; then \ if test "$(srcdir)" = "."; then \ toke_l="toke.l"; \ else \ toke_l="$(srcdir)/toke.l"; \ fi; \ cmd='$(FLEX) '"$$toke_l"'; echo "#include " > $(devdir)/toke.c; cat lex.sudoers.c >> $(devdir)/toke.c; rm -f lex.sudoers.c'; \ echo "$$cmd"; eval $$cmd; \ fi $(devdir)/getdate.c: $(srcdir)/getdate.y @if [ -n "$(DEVEL)" ]; then \ echo "expect 10 shift/reduce conflicts"; \ if test "$(srcdir)" = "."; then \ getdate_y="getdate.y"; \ else \ getdate_y="$(srcdir)/getdate.y"; \ fi; \ cmd='$(YACC) '"$$getdate_y"'; echo "#include " > $(devdir)/getdate.c; sed "s/^\\(#line .*\\) \"y\\.tab\\.c\"/\1 \"getdate.c\"/" y.tab.c >> $(devdir)/getdate.c; rm -f y.tab.c'; \ echo "$$cmd"; eval $$cmd; \ fi $(devdir)/def_data.c $(devdir)/def_data.h: $(srcdir)/def_data.in @if [ -n "$(DEVEL)" ]; then \ cmd='$(PERL) $(srcdir)/mkdefaults -o $(devdir)/def_data $(srcdir)/def_data.in'; \ echo "$$cmd"; eval $$cmd; \ fi sudoers: $(srcdir)/sudoers.in (cd $(top_builddir) && $(SHELL) config.status --file=plugins/sudoers/$@) pre-install: @if test X"$(cross_compiling)" != X"yes" -a -r $(DESTDIR)$(sudoersdir)/sudoers; then \ echo "Checking existing sudoers file for syntax errors."; \ ./visudo -c -f $(DESTDIR)$(sudoersdir)/sudoers; \ fi install: install-plugin install-binaries install-sudoers install-doc install-dirs: $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir) \ $(DESTDIR)$(visudodir) $(DESTDIR)$(replaydir) \ $(DESTDIR)$(sudoersdir) $(DESTDIR)$(docdir) \ `echo $(DESTDIR)$(timedir)|sed 's,/[^/]*$$,,'` $(INSTALL) -d -O $(install_uid) -G $(install_gid) -m 0700 $(DESTDIR)$(timedir) install-binaries: visudo sudoreplay install-dirs $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m 0755 sudoreplay $(DESTDIR)$(replaydir)/sudoreplay $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m 0755 visudo $(DESTDIR)$(visudodir)/visudo install-includes: install-doc: install-dirs @LDAP@$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0755 $(srcdir)/sudoers2ldif $(DESTDIR)$(docdir) install-plugin: sudoers.la install-dirs if [ X"$(soext)" != X"" -a -e .libs/sudoers$(soext) ]; then \ test X"$$SUDO_PREINSTALL_CMD" != X"" && \ $$SUDO_PREINSTALL_CMD .libs/sudoers$(soext); \ $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m $(shlib_mode) .libs/sudoers$(soext) $(DESTDIR)$(plugindir)/sudoers.so; \ fi install-sudoers: install-dirs $(INSTALL) -d -O $(sudoers_uid) -G $(sudoers_gid) -m 0750 \ $(DESTDIR)$(sudoersdir)/sudoers.d test -r $(DESTDIR)$(sudoersdir)/sudoers || \ $(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -m $(sudoers_mode) \ sudoers $(DESTDIR)$(sudoersdir)/sudoers uninstall: -rm -f $(DESTDIR)$(plugindir)/sudoers.so -rm -f $(DESTDIR)$(replaydir)/sudoreplay -rm -f $(DESTDIR)$(visudodir)/visudo -cmp $(DESTDIR)$(sudoersdir)/sudoers $(srcdir)/sudoers >/dev/null && \ rm -f $(DESTDIR)$(sudoersdir)/sudoers check: $(TEST_PROGS) visudo testsudoers @if test X"$(cross_compiling)" != X"yes"; then \ rval=0; \ CWD=`pwd`; \ mkdir -p regress/parser; \ ./check_addr $(srcdir)/regress/parser/check_addr.in || rval=`expr $$rval + $$?`; \ ./check_base64 || rval=`expr $$rval + $$?`; \ ./check_digest > regress/parser/check_digest.out; \ diff regress/parser/check_digest.out $(srcdir)/regress/parser/check_digest.out.ok || rval=`expr $$rval + $$?`; \ ./check_fill || rval=`expr $$rval + $$?`; \ ./check_iolog_path $(srcdir)/regress/iolog_path/data || rval=`expr $$rval + $$?`; \ if [ X"$(soext)" != X"" -a -e .libs/sudoers$(soext) ]; then \ ./check_symbols .libs/sudoers$(soext) $(shlib_exp) || rval=`expr $$rval + $$?`; \ fi; \ mkdir -p regress/logging; \ ./check_wrap $(srcdir)/regress/logging/check_wrap.in > regress/logging/check_wrap.out; \ diff regress/logging/check_wrap.out $(srcdir)/regress/logging/check_wrap.out.ok || rval=`expr $$rval + $$?`; \ passed=0; failed=0; total=0; \ mkdir -p regress/sudoers; \ dir=sudoers; \ for t in $(srcdir)/regress/$$dir/*.in; do \ base=`basename $$t .in`; \ out="regress/sudoers/$${base}.out"; \ toke="regress/sudoers/$${base}.toke"; \ ./testsudoers -dt <$$t >$$out 2>$$toke || true; \ if cmp $$out $(srcdir)/$$out.ok >/dev/null; then \ passed=`expr $$passed + 1`; \ echo "$$dir/$$base (parse): OK"; \ else \ failed=`expr $$failed + 1`; \ echo "$$dir/$$base: FAIL"; \ diff $$out $(srcdir)/$$out.ok || true; \ fi; \ total=`expr $$total + 1`; \ if cmp $$toke $(srcdir)/$$toke.ok >/dev/null; then \ passed=`expr $$passed + 1`; \ echo "$$dir/$$base (toke): OK"; \ else \ failed=`expr $$failed + 1`; \ echo "$$dir/$$base (toke): FAIL"; \ diff $$out $(srcdir)/$$out.ok || true; \ fi; \ total=`expr $$total + 1`; \ done; \ echo "$$dir: $$passed/$$total tests passed; $$failed/$$total tests failed"; \ if test $$failed -ne 0; then \ rval=`expr $$rval + $$failed`; \ fi; \ for dir in testsudoers visudo; do \ mkdir -p regress/$$dir; \ passed=0; failed=0; total=0; \ for t in $(srcdir)/regress/$$dir/*.sh; do \ base=`basename $$t .sh`; \ out="regress/$$dir/$${base}.out"; \ err="regress/$$dir/$${base}.err"; \ TESTDIR=$(srcdir)/regress/$$dir \ $(SHELL) $$t >$$out 2>$$err; \ if cmp $$out $(srcdir)/$$out.ok >/dev/null; then \ passed=`expr $$passed + 1`; \ echo "$$dir/$$base: OK"; \ else \ failed=`expr $$failed + 1`; \ echo "$$dir/$$base: FAIL"; \ diff $$out $(srcdir)/$$out.ok || true; \ fi; \ total=`expr $$total + 1`; \ if test -s $(srcdir)/$$err.ok; then \ if cmp $$err $(srcdir)/$$err.ok >/dev/null; then \ passed=`expr $$passed + 1`; \ echo "$$dir/$$base (stderr): OK"; \ else \ failed=`expr $$failed + 1`; \ echo "$$dir/$$base (stderr): FAIL"; \ diff $$out $(srcdir)/$$out.ok || true; \ fi; \ total=`expr $$total + 1`; \ elif test -s $$err; then \ failed=`expr $$failed + 1`; \ echo "$$dir/$$base (stderr): FAIL"; \ cat $$err 1>&2; \ fi; \ done; \ echo "$$dir: $$passed/$$total tests passed; $$failed/$$total tests failed"; \ if test $$failed -ne 0; then \ rval=`expr $$rval + $$failed`; \ fi; \ done; \ exit $$rval; \ fi clean: -$(LIBTOOL) --mode=clean rm -f $(PROGS) $(TEST_PROGS) *.lo *.o *.la \ *.a stamp-* core *.core core.* regress/*/*.out regress/*/*.toke \ regress/*/*.err mostlyclean: clean distclean: clean -rm -rf Makefile sudoers sudoers.lo .libs $(LINKS) @if [ -n "$(DEVEL)" -a "$(devdir)" != "$(srcdir)" ]; then \ cmd='rm -rf $(GENERATED)'; \ echo "$$cmd"; eval $$cmd; \ fi clobber: distclean realclean: distclean rm -f TAGS tags cleandir: realclean # Autogenerated dependencies, do not modify afs.lo: $(authdir)/afs.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/afs.c aix_auth.lo: $(authdir)/aix_auth.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/aix_auth.c alias.lo: $(srcdir)/alias.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/alloc.h $(incdir)/fatal.h $(incdir)/fileops.h \ $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/queue.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/redblack.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/alias.c audit.lo: $(srcdir)/audit.c $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/sudo_debug.h $(srcdir)/bsm_audit.h $(srcdir)/linux_audit.h \ $(srcdir)/logging.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/audit.c base64.lo: $(srcdir)/base64.c $(incdir)/missing.h $(incdir)/sudo_debug.h \ $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/base64.c base64.o: base64.lo boottime.lo: $(srcdir)/boottime.c $(incdir)/missing.h $(incdir)/sudo_debug.h \ $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/boottime.c bsdauth.lo: $(authdir)/bsdauth.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/bsdauth.c bsm_audit.lo: $(srcdir)/bsm_audit.c $(incdir)/fatal.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/sudo_debug.h $(srcdir)/bsm_audit.h \ $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/bsm_audit.c check.lo: $(srcdir)/check.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/check.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/check.c check_addr.o: $(srcdir)/regress/parser/check_addr.c $(devdir)/def_data.h \ $(incdir)/alloc.h $(incdir)/fatal.h $(incdir)/fileops.h \ $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/queue.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_addr.c check_base64.o: $(srcdir)/regress/parser/check_base64.c $(incdir)/missing.h \ $(top_builddir)/config.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_base64.c check_digest.o: $(srcdir)/regress/parser/check_digest.c $(incdir)/missing.h \ $(srcdir)/sha2.h $(top_builddir)/config.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_digest.c check_fill.o: $(srcdir)/regress/parser/check_fill.c $(devdir)/gram.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_plugin.h \ $(srcdir)/parse.h $(srcdir)/toke.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_fill.c check_iolog_path.o: $(srcdir)/regress/iolog_path/check_iolog_path.c \ $(devdir)/def_data.c $(devdir)/def_data.h \ $(incdir)/alloc.h $(incdir)/fatal.h $(incdir)/fileops.h \ $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/queue.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/iolog_path/check_iolog_path.c check_symbols.o: $(srcdir)/regress/check_symbols/check_symbols.c \ $(incdir)/fatal.h $(incdir)/missing.h $(incdir)/sudo_dso.h \ $(incdir)/sudo_util.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/check_symbols/check_symbols.c check_wrap.o: $(srcdir)/regress/logging/check_wrap.c $(incdir)/fatal.h \ $(incdir)/missing.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/logging/check_wrap.c dce.lo: $(authdir)/dce.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/dce.c defaults.lo: $(srcdir)/defaults.c $(devdir)/def_data.c $(devdir)/def_data.h \ $(devdir)/gram.h $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/defaults.c env.lo: $(srcdir)/env.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/env.c find_path.lo: $(srcdir)/find_path.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/find_path.c find_path.o: find_path.lo fwtk.lo: $(authdir)/fwtk.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/fwtk.c getdate.o: $(devdir)/getdate.c $(incdir)/missing.h $(top_builddir)/config.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(devdir)/getdate.c getspwuid.lo: $(srcdir)/getspwuid.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getspwuid.c goodpath.lo: $(srcdir)/goodpath.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/goodpath.c goodpath.o: goodpath.lo gram.lo: $(devdir)/gram.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(srcdir)/toke.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(devdir)/gram.c group_plugin.lo: $(srcdir)/group_plugin.c $(devdir)/def_data.h \ $(incdir)/alloc.h $(incdir)/fatal.h $(incdir)/fileops.h \ $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/queue.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_dso.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/group_plugin.c group_plugin.o: group_plugin.lo hexchar.lo: $(srcdir)/hexchar.c $(incdir)/fatal.h $(incdir)/missing.h \ $(incdir)/sudo_debug.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/hexchar.c hexchar.o: hexchar.lo interfaces.lo: $(srcdir)/interfaces.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/interfaces.c interfaces.o: interfaces.lo iolog.lo: $(srcdir)/iolog.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/iolog.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/iolog.c iolog_path.lo: $(srcdir)/iolog_path.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/iolog_path.c iolog_path.o: iolog_path.lo kerb5.lo: $(authdir)/kerb5.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/kerb5.c ldap.lo: $(srcdir)/ldap.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/lbuf.h $(incdir)/missing.h $(incdir)/queue.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_dso.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/ldap.c linux_audit.lo: $(srcdir)/linux_audit.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/sudo_debug.h \ $(srcdir)/linux_audit.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/linux_audit.c locale.lo: $(srcdir)/locale.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/gettext.h $(incdir)/missing.h $(srcdir)/logging.h \ $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/locale.c locale.o: locale.lo logging.lo: $(srcdir)/logging.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/logging.c logwrap.lo: $(srcdir)/logwrap.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/logwrap.c logwrap.o: logwrap.lo match.lo: $(srcdir)/match.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/alloc.h $(incdir)/fatal.h $(incdir)/fileops.h \ $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/queue.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/sha2.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/fnmatch.h $(top_srcdir)/compat/glob.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/match.c match_addr.lo: $(srcdir)/match_addr.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/match_addr.c match_addr.o: match_addr.lo net_ifs.o: $(top_srcdir)/src/net_ifs.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/sudo_debug.h \ $(top_builddir)/config.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(top_srcdir)/src/net_ifs.c pam.lo: $(authdir)/pam.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/pam.c parse.lo: $(srcdir)/parse.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/alloc.h $(incdir)/fatal.h $(incdir)/fileops.h \ $(incdir)/gettext.h $(incdir)/lbuf.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/parse.c passwd.lo: $(authdir)/passwd.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/passwd.c policy.lo: $(srcdir)/policy.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_version.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/policy.c prompt.lo: $(srcdir)/prompt.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/prompt.c pwutil.lo: $(srcdir)/pwutil.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/pwutil.h $(srcdir)/redblack.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/pwutil.c pwutil.o: pwutil.lo pwutil_impl.lo: $(srcdir)/pwutil_impl.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/pwutil.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/pwutil_impl.c pwutil_impl.o: pwutil_impl.lo redblack.lo: $(srcdir)/redblack.c $(incdir)/alloc.h $(incdir)/missing.h \ $(incdir)/sudo_debug.h $(srcdir)/redblack.h \ $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/redblack.c redblack.o: redblack.lo rfc1938.lo: $(authdir)/rfc1938.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/rfc1938.c secureware.lo: $(authdir)/secureware.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/secureware.c securid5.lo: $(authdir)/securid5.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/securid5.c set_perms.lo: $(srcdir)/set_perms.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/set_perms.c sha2.lo: $(srcdir)/sha2.c $(incdir)/missing.h $(srcdir)/sha2.h \ $(top_builddir)/config.h $(top_srcdir)/compat/endian.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sha2.c sha2.o: sha2.lo sia.lo: $(authdir)/sia.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/sia.c sssd.lo: $(srcdir)/sssd.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/lbuf.h $(incdir)/missing.h $(incdir)/queue.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_dso.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sssd.c sudo_auth.lo: $(authdir)/sudo_auth.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/ins_2001.h \ $(srcdir)/ins_classic.h $(srcdir)/ins_csops.h \ $(srcdir)/ins_goons.h $(srcdir)/insults.h $(srcdir)/logging.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/sudo_auth.c sudo_nss.lo: $(srcdir)/sudo_nss.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/lbuf.h $(incdir)/missing.h $(incdir)/queue.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudo_nss.c sudoers.lo: $(srcdir)/sudoers.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/secure_path.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(srcdir)/auth/sudo_auth.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/getaddrinfo.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudoers.c sudoreplay.o: $(srcdir)/sudoreplay.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/queue.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_event.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(srcdir)/iolog.h $(srcdir)/logging.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/getopt.h $(top_srcdir)/compat/stdbool.h \ $(top_srcdir)/compat/timespec.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudoreplay.c testsudoers.o: $(srcdir)/testsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/alloc.h $(incdir)/fatal.h $(incdir)/fileops.h \ $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/queue.h \ $(incdir)/secure_path.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/tsgetgrpw.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/fnmatch.h $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/testsudoers.c timestamp.lo: $(srcdir)/timestamp.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/check.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/timestamp.c timestr.lo: $(srcdir)/timestr.c $(incdir)/missing.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/timestr.c toke.lo: $(devdir)/toke.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/alloc.h $(incdir)/fatal.h $(incdir)/fileops.h \ $(incdir)/gettext.h $(incdir)/lbuf.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/secure_path.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sha2.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/toke.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(devdir)/toke.c toke_util.lo: $(srcdir)/toke_util.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/alloc.h $(incdir)/fatal.h $(incdir)/fileops.h \ $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/queue.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/toke.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/toke_util.c toke_util.o: toke_util.lo tsgetgrpw.o: $(srcdir)/tsgetgrpw.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(srcdir)/tsgetgrpw.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/tsgetgrpw.c visudo.o: $(srcdir)/visudo.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/alloc.h $(incdir)/fatal.h $(incdir)/fileops.h \ $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/queue.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ $(srcdir)/parse.h $(srcdir)/redblack.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_version.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/getopt.h $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/visudo.c visudo_json.o: $(srcdir)/visudo_json.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/alloc.h $(incdir)/fatal.h $(incdir)/fileops.h \ $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/queue.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/visudo_json.c sudo-1.8.9p5/plugins/sudoers/aixcrypt.exp010064400175440000012000000000361226304126400200710ustar00millertstaff#! __setkey __encrypt __crypt sudo-1.8.9p5/plugins/sudoers/alias.c010064400175440000012000000120641226304126400167510ustar00millertstaff/* * Copyright (c) 2004-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include "sudoers.h" #include "parse.h" #include "redblack.h" #include /* * Globals */ struct rbtree *aliases; /* * Comparison function for the red-black tree. * Aliases are sorted by name with the type used as a tie-breaker. */ int alias_compare(const void *v1, const void *v2) { const struct alias *a1 = (const struct alias *)v1; const struct alias *a2 = (const struct alias *)v2; int res; debug_decl(alias_compare, SUDO_DEBUG_ALIAS) if (v1 == NULL) res = -1; else if (v2 == NULL) res = 1; else if ((res = strcmp(a1->name, a2->name)) == 0) res = a1->type - a2->type; debug_return_int(res); } /* * Search the tree for an alias with the specified name and type. * Returns a pointer to the alias structure or NULL if not found. * Caller is responsible for calling alias_put() on the returned * alias to mark it as unused. */ struct alias * alias_get(char *name, int type) { struct alias key; struct rbnode *node; struct alias *a = NULL; debug_decl(alias_get, SUDO_DEBUG_ALIAS) key.name = name; key.type = type; if ((node = rbfind(aliases, &key)) != NULL) { /* * Check whether this alias is already in use. * If so, we've detected a loop. If not, set the flag, * which the caller should clear with a call to alias_put(). */ a = node->data; if (a->used) { errno = ELOOP; debug_return_ptr(NULL); } a->used = true; } else { errno = ENOENT; } debug_return_ptr(a); } /* * Clear the "used" flag in an alias once the caller is done with it. */ void alias_put(struct alias *a) { debug_decl(alias_put, SUDO_DEBUG_ALIAS) a->used = false; debug_return; } /* * Add an alias to the aliases redblack tree. * Returns NULL on success and an error string on failure. */ char * alias_add(char *name, int type, struct member *members) { static char errbuf[512]; struct alias *a; debug_decl(alias_add, SUDO_DEBUG_ALIAS) a = ecalloc(1, sizeof(*a)); a->name = name; a->type = type; /* a->used = false; */ HLTQ_TO_TAILQ(&a->members, members, entries); if (rbinsert(aliases, a)) { snprintf(errbuf, sizeof(errbuf), N_("Alias `%s' already defined"), name); alias_free(a); debug_return_str(errbuf); } debug_return_str(NULL); } /* * Apply a function to each alias entry and pass in a cookie. */ void alias_apply(int (*func)(void *, void *), void *cookie) { debug_decl(alias_apply, SUDO_DEBUG_ALIAS) rbapply(aliases, func, cookie, inorder); debug_return; } /* * Returns true if there are no aliases, else false. */ bool no_aliases(void) { debug_decl(no_aliases, SUDO_DEBUG_ALIAS) debug_return_bool(rbisempty(aliases)); } /* * Free memory used by an alias struct and its members. */ void alias_free(void *v) { struct alias *a = (struct alias *)v; struct member *m; struct sudo_command *c; void *next; debug_decl(alias_free, SUDO_DEBUG_ALIAS) efree(a->name); TAILQ_FOREACH_SAFE(m, &a->members, entries, next) { if (m->type == COMMAND) { c = (struct sudo_command *) m->name; efree(c->cmnd); efree(c->args); } efree(m->name); efree(m); } efree(a); debug_return; } /* * Find the named alias, remove it from the tree and return it. */ struct alias * alias_remove(char *name, int type) { struct rbnode *node; struct alias key; debug_decl(alias_remove, SUDO_DEBUG_ALIAS) key.name = name; key.type = type; if ((node = rbfind(aliases, &key)) == NULL) { errno = ENOENT; return NULL; } debug_return_ptr(rbdelete(aliases, node)); } void init_aliases(void) { debug_decl(init_aliases, SUDO_DEBUG_ALIAS) if (aliases != NULL) rbdestroy(aliases, alias_free); aliases = rbcreate(alias_compare); debug_return; } sudo-1.8.9p5/plugins/sudoers/audit.c010064400175440000012000000042301226304126400167620ustar00millertstaff/* * Copyright (c) 2009-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif /* HAVE_STDBOOL_H */ #include #include "missing.h" #include "logging.h" #include "sudo_debug.h" #ifdef HAVE_BSM_AUDIT # include "bsm_audit.h" #endif #ifdef HAVE_LINUX_AUDIT # include "linux_audit.h" #endif #define DEFAULT_TEXT_DOMAIN "sudoers" #include "gettext.h" void audit_success(char *exec_args[]) { debug_decl(audit_success, SUDO_DEBUG_AUDIT) if (exec_args != NULL) { #ifdef HAVE_BSM_AUDIT bsm_audit_success(exec_args); #endif #ifdef HAVE_LINUX_AUDIT linux_audit_command(exec_args, 1); #endif } debug_return; } void audit_failure(char *exec_args[], char const *const fmt, ...) { va_list ap; int oldlocale; debug_decl(audit_success, SUDO_DEBUG_AUDIT) /* Audit error messages should be in the sudoers locale. */ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); if (exec_args != NULL) { va_start(ap, fmt); #ifdef HAVE_BSM_AUDIT bsm_audit_failure(exec_args, _(fmt), ap); #endif #ifdef HAVE_LINUX_AUDIT linux_audit_command(exec_args, 0); #endif va_end(ap); } sudoers_setlocale(oldlocale, NULL); debug_return; } sudo-1.8.9p5/plugins/sudoers/auth/API010064400175440000012000000111461226304126400170110ustar00millertstaffNOTE: the Sudo auth API is subject to change Purpose: to provide a simple API for authentication methods that encapsulates things nicely without turning into a maze of #ifdef's The sudo_auth struct looks like this: typedef struct sudo_auth { int flags; /* various flags, see below */ int status; /* status from verify routine */ char *name; /* name of the method in string form */ void *data; /* method-specific data pointer */ int (*init)(struct passwd *pw, sudo_auth *auth); int (*setup)(struct passwd *pw, char **prompt, sudo_auth *auth); int (*verify)(struct passwd *pw, char *p, sudo_auth *auth); int (*cleanup)(struct passwd *pw, sudo_auth *auth); int (*begin_session)(struct passwd *pw, sudo_auth *auth); int (*end_session)(sudo_auth *auth); } sudo_auth; The variables in the struct are as follows: flags Bitwise binary flags, see below. status Contains the return value from the last run of the "verify" function. Starts out as AUTH_FAILURE. name The name of the authentication method as a C string. data A pointer to method-specific data. This is passed to all the functions of an auth method and is usually initialized in the "init" or "setup" routines. Possible values of sudo_auth.flags: FLAG_USER Whether or not the auth functions should run with the euid of the invoking user instead of 0. FLAG_DISABLED Set if an "init" or "setup" function fails. FLAG_STANDALONE If set, this indicates that the method must be the only auth method configured, and that it will prompt for the password itself. FLAG_ONEANDONLY If set, this indicates that the method is the only one in use. Can be used by auth functions to determine whether to return a fatal or nonfatal error. The member functions can return the following values: AUTH_SUCCESS Function succeeded. For a ``verify'' function this means the user correctly authenticated. AUTH_FAILURE Function failed. If this is an ``init'' or ``setup'' routine, the auth method will be marked as !configured. AUTH_FATAL A fatal error occurred. The routine should have written an error message to stderr and optionally sent mail to the administrator. When verify_user() gets AUTH_FATAL from an auth function it does an exit(1). The functions in the struct are as follows: int init(struct passwd *pw, sudo_auth *auth) Function to do any one-time initialization for the auth method. All of the "init" functions are run before anything else. int setup(struct passwd *pw, char **prompt, sudo_auth *auth) Function to do method-specific setup. All the "setup" routines are run before any of the "verify" routines. A pointer to the prompt string may be used to add method-specific info to the prompt. int verify(struct passwd *pw, char *p, sudo_auth *auth) Function to do user verification for this auth method. For standalone auth methods ``p'' is the prompt string. For normal auth methods, ``p'' is the password the user entered. Note that standalone auth methods are responsible for rerading the password themselves. int cleanup(struct passwd *pw, sudo_auth *auth) Function to do per-auth method cleanup. This is only run at the end of the authentication process, after the user has completely failed or succeeded to authenticate. The ``auth->status'' variable contains the result of the last authentication attempt which may be interesting. A note about standalone methods. Some authentication methods can't coexist with any others. This may be because they encapsulate other methods (pam, sia) or because they have a special way of interacting with the user (securid). Adding a new authentication method: Each method should live in its own file. Add prototypes for the functions in sudo_auth.h. Add the method to the ``auth_switch'' in sudo_auth.c. Note that standalone methods must go first. If ``fooauth'' is a normal auth method, its entry would look like: #ifdef HAVE_FOOAUTH AUTH_ENTRY("foo", 0, foo_init, foo_setup, foo_verify, foo_cleanup, foo_begin_session, foo_end_session) #endif If this is a standalone method, it would be: #ifdef HAVE_FOOAUTH AUTH_ENTRY("foo", FLAG_STANDALONE, foo_init, foo_setup, foo_verify, foo_cleanup, foo_begin_session, foo_end_session) #endif If the method needs to run as the user, not root, add FLAG_USER to the second argument in the AUTH_ENTRY line. If you don't have an init/setup/cleanup/begin/end routine, just use a NULL for that field. sudo-1.8.9p5/plugins/sudoers/auth/afs.c010064400175440000012000000047501226304126400173750ustar00millertstaff/* * Copyright (c) 1999, 2001-2005, 2007, 2010-2012 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include "sudoers.h" #include "sudo_auth.h" int sudo_afs_verify(struct passwd *pw, char *pass, sudo_auth *auth) { struct ktc_encryptionKey afs_key; struct ktc_token afs_token; debug_decl(sudo_afs_verify, SUDO_DEBUG_AUTH) /* Try to just check the password */ ka_StringToKey(pass, NULL, &afs_key); if (ka_GetAdminToken(pw->pw_name, /* name */ NULL, /* instance */ NULL, /* realm */ &afs_key, /* key (contains password) */ 0, /* lifetime */ &afs_token, /* token */ 0) == 0) /* new */ debug_return_int(AUTH_SUCCESS); /* Fall back on old method XXX - needed? */ setpag(); if (ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION+KA_USERAUTH_DOSETPAG, pw->pw_name, /* name */ NULL, /* instance */ NULL, /* realm */ pass, /* password */ 0, /* lifetime */ NULL, /* expiration ptr (unused) */ 0, /* spare */ NULL) == 0) /* reason */ debug_return_int(AUTH_SUCCESS); debug_return_int(AUTH_FAILURE); } sudo-1.8.9p5/plugins/sudoers/auth/aix_auth.c010064400175440000012000000055061226304126400204260ustar00millertstaff/* * Copyright (c) 1999-2005, 2007-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include "sudoers.h" #include "sudo_auth.h" /* * For a description of the AIX authentication API, see * http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/libs/basetrf1/authenticate.htm */ int sudo_aix_verify(struct passwd *pw, char *prompt, sudo_auth *auth) { char *pass, *message = NULL; int result = 1, reenter = 0; int rval = AUTH_SUCCESS; debug_decl(sudo_aix_verify, SUDO_DEBUG_AUTH) do { pass = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF); if (pass == NULL) break; efree(message); message = NULL; result = authenticate(pw->pw_name, pass, &reenter, &message); memset_s(pass, SUDO_CONV_REPL_MAX, 0, strlen(pass)); prompt = message; } while (reenter); if (result != 0) { /* Display error message, if any. */ if (message != NULL) { struct sudo_conv_message msg; struct sudo_conv_reply repl; memset(&msg, 0, sizeof(msg)); msg.msg_type = SUDO_CONV_ERROR_MSG; msg.msg = message; memset(&repl, 0, sizeof(repl)); sudo_conv(1, &msg, &repl); } rval = pass ? AUTH_FAILURE : AUTH_INTR; } efree(message); debug_return_int(rval); } int sudo_aix_cleanup(struct passwd *pw, sudo_auth *auth) { debug_decl(sudo_aix_cleanup, SUDO_DEBUG_AUTH) /* Unset AUTHSTATE as it may not be correct for the runas user. */ sudo_unsetenv("AUTHSTATE"); debug_return_int(AUTH_SUCCESS); } sudo-1.8.9p5/plugins/sudoers/auth/bsdauth.c010064400175440000012000000122331226304126400202510ustar00millertstaff/* * Copyright (c) 2000-2005, 2007-2008, 2010-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include #include #include "sudoers.h" #include "sudo_auth.h" # ifndef LOGIN_DEFROOTCLASS # define LOGIN_DEFROOTCLASS "daemon" # endif struct bsdauth_state { auth_session_t *as; login_cap_t *lc; }; int bsdauth_init(struct passwd *pw, sudo_auth *auth) { static struct bsdauth_state state; debug_decl(bsdauth_init, SUDO_DEBUG_AUTH) /* Get login class based on auth user, which may not be invoking user. */ if (pw->pw_class && *pw->pw_class) state.lc = login_getclass(pw->pw_class); else state.lc = login_getclass(pw->pw_uid ? LOGIN_DEFCLASS : LOGIN_DEFROOTCLASS); if (state.lc == NULL) { log_warning(USE_ERRNO|NO_MAIL, N_("unable to get login class for user %s"), pw->pw_name); debug_return_int(AUTH_FATAL); } if ((state.as = auth_open()) == NULL) { log_warning(USE_ERRNO|NO_MAIL, N_("unable to begin bsd authentication")); login_close(state.lc); debug_return_int(AUTH_FATAL); } /* XXX - maybe sanity check the auth style earlier? */ login_style = login_getstyle(state.lc, login_style, "auth-sudo"); if (login_style == NULL) { log_warning(NO_MAIL, N_("invalid authentication type")); auth_close(state.as); login_close(state.lc); debug_return_int(AUTH_FATAL); } if (auth_setitem(state.as, AUTHV_STYLE, login_style) < 0 || auth_setitem(state.as, AUTHV_NAME, pw->pw_name) < 0 || auth_setitem(state.as, AUTHV_CLASS, login_class) < 0) { log_warning(NO_MAIL, N_("unable to initialize BSD authentication")); auth_close(state.as); login_close(state.lc); debug_return_int(AUTH_FATAL); } auth->data = (void *) &state; debug_return_int(AUTH_SUCCESS); } int bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth) { char *pass; char *s; size_t len; int authok = 0; sigaction_t sa, osa; auth_session_t *as = ((struct bsdauth_state *) auth->data)->as; debug_decl(bsdauth_verify, SUDO_DEBUG_AUTH) /* save old signal handler */ sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; sa.sa_handler = SIG_DFL; (void) sigaction(SIGCHLD, &sa, &osa); /* * If there is a challenge then print that instead of the normal * prompt. If the user just hits return we prompt again with echo * turned on, which is useful for challenge/response things like * S/Key. */ if ((s = auth_challenge(as)) == NULL) { pass = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF); } else { pass = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF); if (pass && *pass == '\0') { if ((prompt = strrchr(s, '\n'))) prompt++; else prompt = s; /* * Append '[echo on]' to the last line of the challenge and * reprompt with echo turned on. */ len = strlen(prompt) - 1; while (isspace(prompt[len]) || prompt[len] == ':') prompt[len--] = '\0'; easprintf(&s, "%s [echo on]: ", prompt); pass = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_ON); free(s); } } if (pass) { authok = auth_userresponse(as, pass, 1); memset_s(pass, SUDO_CONV_REPL_MAX, 0, strlen(pass)); } /* restore old signal handler */ (void) sigaction(SIGCHLD, &osa, NULL); if (authok) debug_return_int(AUTH_SUCCESS); if (!pass) debug_return_int(AUTH_INTR); if ((s = auth_getvalue(as, "errormsg")) != NULL) log_warning(NO_MAIL, "%s", s); debug_return_int(AUTH_FAILURE); } int bsdauth_cleanup(struct passwd *pw, sudo_auth *auth) { struct bsdauth_state *state = auth->data; debug_decl(bsdauth_cleanup, SUDO_DEBUG_AUTH) if (state != NULL) { auth_close(state->as); login_close(state->lc); } debug_return_int(AUTH_SUCCESS); } sudo-1.8.9p5/plugins/sudoers/auth/dce.c010064400175440000012000000162571226304126400173640ustar00millertstaff/* * Copyright (c) 1996, 1998-2005, 2010-2012 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ /* * The code below basically comes from the examples supplied on * the OSF DCE 1.0.3 manpages for the sec_login routines, with * enough additional polishing to make the routine work with the * rest of sudo. * * This code is known to work on HP 700 and 800 series systems * running HP-UX 9.X and 10.X, with either HP's version 1.2.1 of DCE. * (aka, OSF DCE 1.0.3) or with HP's version 1.4 of DCE (aka, OSF * DCE 1.1). */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include /* required to call dce_error_inq_text routine */ #include "sudoers.h" #include "sudo_auth.h" static int check_dce_status(error_status_t, char *); int sudo_dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth) { struct passwd temp_pw; sec_passwd_rec_t password_rec; sec_login_handle_t login_context; boolean32 reset_passwd; sec_login_auth_src_t auth_src; error_status_t status; debug_decl(sudo_dce_verify, SUDO_DEBUG_AUTH) /* * Create the local context of the DCE principal necessary * to perform authenticated network operations. The network * identity set up by this operation cannot be used until it * is validated via sec_login_validate_identity(). */ if (sec_login_setup_identity((unsigned_char_p_t) pw->pw_name, sec_login_no_flags, &login_context, &status)) { if (check_dce_status(status, "sec_login_setup_identity(1):")) debug_return_int(AUTH_FAILURE); password_rec.key.key_type = sec_passwd_plain; password_rec.key.tagged_union.plain = (idl_char *) plain_pw; password_rec.pepper = NULL; password_rec.version_number = sec_passwd_c_version_none; /* Validate the login context with the password */ if (sec_login_validate_identity(login_context, &password_rec, &reset_passwd, &auth_src, &status)) { if (check_dce_status(status, "sec_login_validate_identity(1):")) debug_return_int(AUTH_FAILURE); /* * Certify that the DCE Security Server used to set * up and validate a login context is legitimate. Makes * sure that we didn't get spoofed by another DCE server. */ if (!sec_login_certify_identity(login_context, &status)) { (void) fprintf(stderr, "Whoa! Bogus authentication server!\n"); (void) check_dce_status(status,"sec_login_certify_identity(1):"); debug_return_int(AUTH_FAILURE); } if (check_dce_status(status, "sec_login_certify_identity(2):")) debug_return_int(AUTH_FAILURE); /* * Sets the network credentials to those specified * by the now validated login context. */ sec_login_set_context(login_context, &status); if (check_dce_status(status, "sec_login_set_context:")) debug_return_int(AUTH_FAILURE); /* * Oops, your credentials were no good. Possibly * caused by clock times out of adjustment between * DCE client and DCE security server... */ if (auth_src != sec_login_auth_src_network) { (void) fprintf(stderr, "You have no network credentials.\n"); debug_return_int(AUTH_FAILURE); } /* Check if the password has aged and is thus no good */ if (reset_passwd) { (void) fprintf(stderr, "Your DCE password needs resetting.\n"); debug_return_int(AUTH_FAILURE); } /* * We should be a valid user by this point. Pull the * user's password structure from the DCE security * server just to make sure. If we get it with no * problems, then we really are legitimate... */ sec_login_get_pwent(login_context, (sec_login_passwd_t) &temp_pw, &status); if (check_dce_status(status, "sec_login_get_pwent:")) debug_return_int(AUTH_FAILURE); /* * If we get to here, then the pwent above properly fetched * the password structure from the DCE registry, so the user * must be valid. We don't really care what the user's * registry password is, just that the user could be * validated. In fact, if we tried to compare the local * password to the DCE entry at this point, the operation * would fail if the hidden password feature is turned on, * because the password field would contain an asterisk. * Also go ahead and destroy the user's DCE login context * before we leave here (and don't bother checking the * status), in order to clean up credentials files in * /opt/dcelocal/var/security/creds. By doing this, we are * assuming that the user will not need DCE authentication * later in the program, only local authentication. If this * is not true, then the login_context will have to be * returned to the calling program, and the context purged * somewhere later in the program. */ sec_login_purge_context(&login_context, &status); debug_return_int(AUTH_SUCCESS); } else { if(check_dce_status(status, "sec_login_validate_identity(2):")) debug_return_int(AUTH_FAILURE); sec_login_purge_context(&login_context, &status); if(check_dce_status(status, "sec_login_purge_context:")) debug_return_int(AUTH_FAILURE); } } (void) check_dce_status(status, "sec_login_setup_identity(2):"); debug_return_int(AUTH_FAILURE); } /* Returns 0 for DCE "ok" status, 1 otherwise */ static int check_dce_status(error_status_t input_status, char *comment) { int error_stat; unsigned char error_string[dce_c_error_string_len]; debug_decl(check_dce_status, SUDO_DEBUG_AUTH) if (input_status == rpc_s_ok) debug_return_bool(0); dce_error_inq_text(input_status, error_string, &error_stat); (void) fprintf(stderr, "%s %s\n", comment, error_string); debug_return_bool(1); } sudo-1.8.9p5/plugins/sudoers/auth/fwtk.c010064400175440000012000000112321226304126400175700ustar00millertstaff/* * Copyright (c) 1999-2005, 2008, 2010-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include "sudoers.h" #include "sudo_auth.h" int sudo_fwtk_init(struct passwd *pw, sudo_auth *auth) { static Cfg *confp; /* Configuration entry struct */ char resp[128]; /* Response from the server */ debug_decl(sudo_fwtk_init, SUDO_DEBUG_AUTH) if ((confp = cfg_read("sudo")) == (Cfg *)-1) { warningx(U_("unable to read fwtk config")); debug_return_int(AUTH_FATAL); } if (auth_open(confp)) { warningx(U_("unable to connect to authentication server")); debug_return_int(AUTH_FATAL); } /* Get welcome message from auth server */ if (auth_recv(resp, sizeof(resp))) { warningx(U_("lost connection to authentication server")); debug_return_int(AUTH_FATAL); } if (strncmp(resp, "Authsrv ready", 13) != 0) { warningx(U_("authentication server error:\n%s"), resp); debug_return_int(AUTH_FATAL); } debug_return_int(AUTH_SUCCESS); } int sudo_fwtk_verify(struct passwd *pw, char *prompt, sudo_auth *auth) { char *pass; /* Password from the user */ char buf[SUDO_CONV_REPL_MAX + 12]; /* General prupose buffer */ char resp[128]; /* Response from the server */ int error; debug_decl(sudo_fwtk_verify, SUDO_DEBUG_AUTH) /* Send username to authentication server. */ (void) snprintf(buf, sizeof(buf), "authorize %s 'sudo'", pw->pw_name); restart: if (auth_send(buf) || auth_recv(resp, sizeof(resp))) { warningx(U_("lost connection to authentication server")); debug_return_int(AUTH_FATAL); } /* Get the password/response from the user. */ if (strncmp(resp, "challenge ", 10) == 0) { (void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]); pass = auth_getpass(buf, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF); if (pass && *pass == '\0') { pass = auth_getpass("Response [echo on]: ", def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_ON); } } else if (strncmp(resp, "chalnecho ", 10) == 0) { pass = auth_getpass(&resp[10], def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF); } else if (strncmp(resp, "password", 8) == 0) { pass = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF); } else if (strncmp(resp, "display ", 8) == 0) { fprintf(stderr, "%s\n", &resp[8]); strlcpy(buf, "response dummy", sizeof(buf)); goto restart; } else { warningx("%s", resp); debug_return_int(AUTH_FATAL); } if (!pass) { /* ^C or error */ debug_return_int(AUTH_INTR); } /* Send the user's response to the server */ (void) snprintf(buf, sizeof(buf), "response '%s'", pass); if (auth_send(buf) || auth_recv(resp, sizeof(resp))) { warningx(U_("lost connection to authentication server")); error = AUTH_FATAL; goto done; } if (strncmp(resp, "ok", 2) == 0) { error = AUTH_SUCCESS; goto done; } /* Main loop prints "Permission Denied" or insult. */ if (strcmp(resp, "Permission Denied.") != 0) warningx("%s", resp); error = AUTH_FAILURE; done: memset_s(pass, SUDO_PASS_MAX, 0, strlen(pass)); memset_s(buf, sizeof(buf), 0, sizeof(buf)); debug_return_int(error); } int sudo_fwtk_cleanup(struct passwd *pw, sudo_auth *auth) { debug_decl(sudo_fwtk_cleanup, SUDO_DEBUG_AUTH) auth_close(); debug_return_int(AUTH_SUCCESS); } sudo-1.8.9p5/plugins/sudoers/auth/kerb5.c010064400175440000012000000235471226304126400176410ustar00millertstaff/* * Copyright (c) 1999-2005, 2007-2008, 2010-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #ifdef HAVE_HEIMDAL #include #endif #include "sudoers.h" #include "sudo_auth.h" #ifdef HAVE_HEIMDAL # define extract_name(c, p) krb5_principal_get_comp_string(c, p, 1) # define krb5_free_data_contents(c, d) krb5_data_free(d) #else # define extract_name(c, p) (krb5_princ_component(c, p, 1)->data) #endif #ifndef HAVE_KRB5_VERIFY_USER static int verify_krb_v5_tgt(krb5_context, krb5_creds *, char *); #endif static struct _sudo_krb5_data { krb5_context sudo_context; krb5_principal princ; krb5_ccache ccache; } sudo_krb5_data = { NULL, NULL, NULL }; typedef struct _sudo_krb5_data *sudo_krb5_datap; #ifdef SUDO_KRB5_INSTANCE static const char *sudo_krb5_instance = SUDO_KRB5_INSTANCE; #else static const char *sudo_krb5_instance = NULL; #endif #ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC static krb5_error_code krb5_get_init_creds_opt_alloc(krb5_context context, krb5_get_init_creds_opt **opts) { *opts = emalloc(sizeof(krb5_get_init_creds_opt)); krb5_get_init_creds_opt_init(*opts); return 0; } static void krb5_get_init_creds_opt_free(krb5_get_init_creds_opt *opts) { free(opts); } #endif int sudo_krb5_setup(struct passwd *pw, char **promptp, sudo_auth *auth) { static char *krb5_prompt; debug_decl(sudo_krb5_init, SUDO_DEBUG_AUTH) if (krb5_prompt == NULL) { krb5_context sudo_context; krb5_principal princ; char *pname; krb5_error_code error; sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context; princ = ((sudo_krb5_datap) auth->data)->princ; /* * Really, we need to tell the caller not to prompt for password. The * API does not currently provide this unless the auth is standalone. */ if ((error = krb5_unparse_name(sudo_context, princ, &pname))) { log_warning(NO_MAIL, N_("%s: unable to convert principal to string ('%s'): %s"), auth->name, pw->pw_name, error_message(error)); debug_return_int(AUTH_FAILURE); } /* Only rewrite prompt if user didn't specify their own. */ /*if (!strcmp(prompt, PASSPROMPT)) { */ easprintf(&krb5_prompt, "Password for %s: ", pname); /*}*/ free(pname); } *promptp = krb5_prompt; debug_return_int(AUTH_SUCCESS); } int sudo_krb5_init(struct passwd *pw, sudo_auth *auth) { krb5_context sudo_context; krb5_error_code error; char cache_name[64], *pname = pw->pw_name; debug_decl(sudo_krb5_init, SUDO_DEBUG_AUTH) auth->data = (void *) &sudo_krb5_data; /* Stash all our data here */ if (sudo_krb5_instance != NULL) { easprintf(&pname, "%s%s%s", pw->pw_name, sudo_krb5_instance[0] != '/' ? "/" : "", sudo_krb5_instance); } #ifdef HAVE_KRB5_INIT_SECURE_CONTEXT error = krb5_init_secure_context(&(sudo_krb5_data.sudo_context)); #else error = krb5_init_context(&(sudo_krb5_data.sudo_context)); #endif if (error) goto done; sudo_context = sudo_krb5_data.sudo_context; error = krb5_parse_name(sudo_context, pname, &(sudo_krb5_data.princ)); if (error) { log_warning(NO_MAIL, N_("%s: unable to parse '%s': %s"), auth->name, pname, error_message(error)); goto done; } (void) snprintf(cache_name, sizeof(cache_name), "MEMORY:sudocc_%ld", (long) getpid()); if ((error = krb5_cc_resolve(sudo_context, cache_name, &(sudo_krb5_data.ccache)))) { log_warning(NO_MAIL, N_("%s: unable to resolve credential cache: %s"), auth->name, error_message(error)); goto done; } done: if (sudo_krb5_instance != NULL) efree(pname); debug_return_int(error ? AUTH_FAILURE : AUTH_SUCCESS); } #ifdef HAVE_KRB5_VERIFY_USER int sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth) { krb5_context sudo_context; krb5_principal princ; krb5_ccache ccache; krb5_error_code error; debug_decl(sudo_krb5_verify, SUDO_DEBUG_AUTH) sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context; princ = ((sudo_krb5_datap) auth->data)->princ; ccache = ((sudo_krb5_datap) auth->data)->ccache; error = krb5_verify_user(sudo_context, princ, ccache, pass, 1, NULL); debug_return_int(error ? AUTH_FAILURE : AUTH_SUCCESS); } #else int sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth) { krb5_context sudo_context; krb5_principal princ; krb5_creds credbuf, *creds = NULL; krb5_ccache ccache; krb5_error_code error; krb5_get_init_creds_opt *opts = NULL; debug_decl(sudo_krb5_verify, SUDO_DEBUG_AUTH) sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context; princ = ((sudo_krb5_datap) auth->data)->princ; ccache = ((sudo_krb5_datap) auth->data)->ccache; /* Set default flags based on the local config file. */ error = krb5_get_init_creds_opt_alloc(sudo_context, &opts); if (error) { log_warning(NO_MAIL, N_("%s: unable to allocate options: %s"), auth->name, error_message(error)); goto done; } #ifdef HAVE_HEIMDAL krb5_get_init_creds_opt_set_default_flags(sudo_context, NULL, krb5_principal_get_realm(sudo_context, princ), opts); #endif /* Note that we always obtain a new TGT to verify the user */ if ((error = krb5_get_init_creds_password(sudo_context, &credbuf, princ, pass, krb5_prompter_posix, NULL, 0, NULL, opts))) { /* Don't print error if just a bad password */ if (error != KRB5KRB_AP_ERR_BAD_INTEGRITY) log_warning(NO_MAIL, N_("%s: unable to get credentials: %s"), auth->name, error_message(error)); goto done; } creds = &credbuf; /* Verify the TGT to prevent spoof attacks. */ if ((error = verify_krb_v5_tgt(sudo_context, creds, auth->name))) goto done; /* Store credential in cache. */ if ((error = krb5_cc_initialize(sudo_context, ccache, princ))) { log_warning(NO_MAIL, N_("%s: unable to initialize credential cache: %s"), auth->name, error_message(error)); } else if ((error = krb5_cc_store_cred(sudo_context, ccache, creds))) { log_warning(NO_MAIL, N_("%s: unable to store credential in cache: %s"), auth->name, error_message(error)); } done: if (opts) { #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS krb5_get_init_creds_opt_free(sudo_context, opts); #else krb5_get_init_creds_opt_free(opts); #endif } if (creds) krb5_free_cred_contents(sudo_context, creds); debug_return_int(error ? AUTH_FAILURE : AUTH_SUCCESS); } #endif int sudo_krb5_cleanup(struct passwd *pw, sudo_auth *auth) { krb5_context sudo_context; krb5_principal princ; krb5_ccache ccache; debug_decl(sudo_krb5_cleanup, SUDO_DEBUG_AUTH) sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context; princ = ((sudo_krb5_datap) auth->data)->princ; ccache = ((sudo_krb5_datap) auth->data)->ccache; if (sudo_context) { if (ccache) krb5_cc_destroy(sudo_context, ccache); if (princ) krb5_free_principal(sudo_context, princ); krb5_free_context(sudo_context); } debug_return_int(AUTH_SUCCESS); } #ifndef HAVE_KRB5_VERIFY_USER /* * Verify the Kerberos ticket-granting ticket just retrieved for the * user. If the Kerberos server doesn't respond, assume the user is * trying to fake us out (since we DID just get a TGT from what is * supposedly our KDC). * * Returns 0 for successful authentication, non-zero for failure. */ static int verify_krb_v5_tgt(krb5_context sudo_context, krb5_creds *cred, char *auth_name) { krb5_error_code error; krb5_principal server; krb5_verify_init_creds_opt vopt; debug_decl(verify_krb_v5_tgt, SUDO_DEBUG_AUTH) /* * Get the server principal for the local host. * (Use defaults of "host" and canonicalized local name.) */ if ((error = krb5_sname_to_principal(sudo_context, NULL, NULL, KRB5_NT_SRV_HST, &server))) { log_warning(NO_MAIL, N_("%s: unable to get host principal: %s"), auth_name, error_message(error)); debug_return_int(-1); } /* Initialize verify opts and set secure mode */ krb5_verify_init_creds_opt_init(&vopt); krb5_verify_init_creds_opt_set_ap_req_nofail(&vopt, 1); /* verify the Kerberos ticket-granting ticket we just retrieved */ error = krb5_verify_init_creds(sudo_context, cred, server, NULL, NULL, &vopt); krb5_free_principal(sudo_context, server); if (error) log_warning(NO_MAIL, N_("%s: Cannot verify TGT! Possible attack!: %s"), auth_name, error_message(error)); debug_return_int(error); } #endif sudo-1.8.9p5/plugins/sudoers/auth/pam.c010064400175440000012000000271061226304126400174010ustar00millertstaff/* * Copyright (c) 1999-2005, 2007-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #ifdef HAVE_PAM_PAM_APPL_H # include #else # include #endif #ifdef HAVE_LIBINTL_H # if defined(__LINUX_PAM__) # define PAM_TEXT_DOMAIN "Linux-PAM" # elif defined(__sun__) # define PAM_TEXT_DOMAIN "SUNW_OST_SYSOSPAM" # endif #endif /* We don't want to translate the strings in the calls to dgt(). */ #ifdef PAM_TEXT_DOMAIN # define dgt(d, t) dgettext(d, t) #endif #include "sudoers.h" #include "sudo_auth.h" /* Only OpenPAM and Linux PAM use const qualifiers. */ #if defined(_OPENPAM) || defined(OPENPAM_VERSION) || \ defined(__LIBPAM_VERSION) || defined(__LINUX_PAM__) # define PAM_CONST const #else # define PAM_CONST #endif #ifndef PAM_DATA_SILENT #define PAM_DATA_SILENT 0 #endif static int converse(int, PAM_CONST struct pam_message **, struct pam_response **, void *); static char *def_prompt = "Password:"; static int getpass_error; static pam_handle_t *pamh; int sudo_pam_init(struct passwd *pw, sudo_auth *auth) { static struct pam_conv pam_conv; static int pam_status; debug_decl(sudo_pam_init, SUDO_DEBUG_AUTH) /* Initial PAM setup */ auth->data = (void *) &pam_status; pam_conv.conv = converse; pam_status = pam_start(ISSET(sudo_mode, MODE_LOGIN_SHELL) ? def_pam_login_service : def_pam_service, pw->pw_name, &pam_conv, &pamh); if (pam_status != PAM_SUCCESS) { log_warning(USE_ERRNO|NO_MAIL, N_("unable to initialize PAM")); debug_return_int(AUTH_FATAL); } /* * Set PAM_RUSER to the invoking user (the "from" user). * We set PAM_RHOST to avoid a bug in Solaris 7 and below. */ (void) pam_set_item(pamh, PAM_RUSER, user_name); #ifdef __sun__ (void) pam_set_item(pamh, PAM_RHOST, user_host); #endif /* * Some versions of pam_lastlog have a bug that * will cause a crash if PAM_TTY is not set so if * there is no tty, set PAM_TTY to the empty string. */ if (user_ttypath == NULL) (void) pam_set_item(pamh, PAM_TTY, ""); else (void) pam_set_item(pamh, PAM_TTY, user_ttypath); /* * If PAM session and setcred support is disabled we don't * need to keep a sudo process around to close the session. */ if (!def_pam_session && !def_pam_setcred) auth->end_session = NULL; debug_return_int(AUTH_SUCCESS); } int sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth) { const char *s; int *pam_status = (int *) auth->data; debug_decl(sudo_pam_verify, SUDO_DEBUG_AUTH) def_prompt = prompt; /* for converse */ /* PAM_SILENT prevents the authentication service from generating output. */ *pam_status = pam_authenticate(pamh, PAM_SILENT); switch (*pam_status) { case PAM_SUCCESS: *pam_status = pam_acct_mgmt(pamh, PAM_SILENT); switch (*pam_status) { case PAM_SUCCESS: debug_return_int(AUTH_SUCCESS); case PAM_AUTH_ERR: log_warning(NO_MAIL, N_("account validation failure, " "is your account locked?")); debug_return_int(AUTH_FATAL); case PAM_NEW_AUTHTOK_REQD: log_warning(NO_MAIL, N_("Account or password is " "expired, reset your password and try again")); *pam_status = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); if (*pam_status == PAM_SUCCESS) debug_return_int(AUTH_SUCCESS); if ((s = pam_strerror(pamh, *pam_status)) != NULL) { log_warning(NO_MAIL, N_("unable to change expired password: %s"), s); } debug_return_int(AUTH_FAILURE); case PAM_AUTHTOK_EXPIRED: log_warning(NO_MAIL, N_("Password expired, contact your system administrator")); debug_return_int(AUTH_FATAL); case PAM_ACCT_EXPIRED: log_warning(NO_MAIL, N_("Account expired or PAM config lacks an \"account\" " "section for sudo, contact your system administrator")); debug_return_int(AUTH_FATAL); } /* FALLTHROUGH */ case PAM_AUTH_ERR: case PAM_AUTHINFO_UNAVAIL: if (getpass_error) { /* error or ^C from tgetpass() */ debug_return_int(AUTH_INTR); } /* FALLTHROUGH */ case PAM_MAXTRIES: case PAM_PERM_DENIED: debug_return_int(AUTH_FAILURE); default: if ((s = pam_strerror(pamh, *pam_status)) != NULL) log_warning(NO_MAIL, N_("PAM authentication error: %s"), s); debug_return_int(AUTH_FATAL); } } int sudo_pam_cleanup(struct passwd *pw, sudo_auth *auth) { int *pam_status = (int *) auth->data; debug_decl(sudo_pam_cleanup, SUDO_DEBUG_AUTH) /* If successful, we can't close the session until sudo_pam_end_session() */ if (*pam_status != PAM_SUCCESS || auth->end_session == NULL) { *pam_status = pam_end(pamh, *pam_status | PAM_DATA_SILENT); pamh = NULL; } debug_return_int(*pam_status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE); } int sudo_pam_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth) { int status = AUTH_SUCCESS; int *pam_status = (int *) auth->data; debug_decl(sudo_pam_begin_session, SUDO_DEBUG_AUTH) /* * If there is no valid user we cannot open a PAM session. * This is not an error as sudo can run commands with arbitrary * uids, it just means we are done from a session management standpoint. */ if (pw == NULL) { if (pamh != NULL) { (void) pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT); pamh = NULL; } goto done; } /* * Update PAM_USER to reference the user we are running the command * as, as opposed to the user we authenticated as. */ (void) pam_set_item(pamh, PAM_USER, pw->pw_name); /* * Set credentials (may include resource limits, device ownership, etc). * We don't worry about a failure from pam_setcred() since with * stacked PAM auth modules a failure from one module may override * PAM_SUCCESS from another. For example, given a non-local user, * pam_unix will fail but pam_ldap or pam_sss may succeed, but if * pam_unix is first in the stack, pam_setcred() will fail. */ if (def_pam_setcred) (void) pam_setcred(pamh, PAM_ESTABLISH_CRED); if (def_pam_session) { *pam_status = pam_open_session(pamh, 0); if (*pam_status != PAM_SUCCESS) { (void) pam_end(pamh, *pam_status | PAM_DATA_SILENT); pamh = NULL; status = AUTH_FAILURE; goto done; } } #ifdef HAVE_PAM_GETENVLIST /* * Update environment based on what is stored in pamh. * If no authentication is done we will only have environment * variables if pam_env is called via session. */ if (user_envp != NULL) { char **pam_envp = pam_getenvlist(pamh); if (pam_envp != NULL) { /* Merge pam env with user env. */ env_init(*user_envp); env_merge(pam_envp); *user_envp = env_get(); env_init(NULL); efree(pam_envp); /* XXX - we leak any duplicates that were in pam_envp */ } } #endif /* HAVE_PAM_GETENVLIST */ done: debug_return_int(status); } int sudo_pam_end_session(struct passwd *pw, sudo_auth *auth) { int status = AUTH_SUCCESS; debug_decl(sudo_pam_end_session, SUDO_DEBUG_AUTH) if (pamh != NULL) { /* * Update PAM_USER to reference the user we are running the command * as, as opposed to the user we authenticated as. * XXX - still needed now that session init is in parent? */ (void) pam_set_item(pamh, PAM_USER, pw->pw_name); if (def_pam_session) (void) pam_close_session(pamh, PAM_SILENT); if (def_pam_setcred) (void) pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); if (pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT) != PAM_SUCCESS) status = AUTH_FAILURE; pamh = NULL; } debug_return_int(status); } /* * ``Conversation function'' for PAM. * XXX - does not handle PAM_BINARY_PROMPT */ static int converse(int num_msg, PAM_CONST struct pam_message **msg, struct pam_response **response, void *appdata_ptr) { struct pam_response *pr; PAM_CONST struct pam_message *pm; const char *prompt; char *pass; int n, type, std_prompt; int ret = PAM_AUTH_ERR; debug_decl(converse, SUDO_DEBUG_AUTH) if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL) debug_return_int(PAM_SYSTEM_ERR); memset(*response, 0, num_msg * sizeof(struct pam_response)); for (pr = *response, pm = *msg, n = num_msg; n--; pr++, pm++) { type = SUDO_CONV_PROMPT_ECHO_OFF; switch (pm->msg_style) { case PAM_PROMPT_ECHO_ON: type = SUDO_CONV_PROMPT_ECHO_ON; /* FALLTHROUGH */ case PAM_PROMPT_ECHO_OFF: prompt = def_prompt; /* Error out if the last password read was interrupted. */ if (getpass_error) goto done; /* Is the sudo prompt standard? (If so, we'll just use PAM's) */ std_prompt = strncmp(def_prompt, "Password:", 9) == 0 && (def_prompt[9] == '\0' || (def_prompt[9] == ' ' && def_prompt[10] == '\0')); /* Only override PAM prompt if it matches /^Password: ?/ */ #if defined(PAM_TEXT_DOMAIN) && defined(HAVE_LIBINTL_H) if (!def_passprompt_override && (std_prompt || (strcmp(pm->msg, dgt(PAM_TEXT_DOMAIN, "Password: ")) && strcmp(pm->msg, dgt(PAM_TEXT_DOMAIN, "Password:"))))) prompt = pm->msg; #else if (!def_passprompt_override && (std_prompt || strncmp(pm->msg, "Password:", 9) || (pm->msg[9] != '\0' && (pm->msg[9] != ' ' || pm->msg[10] != '\0')))) prompt = pm->msg; #endif /* Read the password unless interrupted. */ pass = auth_getpass(prompt, def_passwd_timeout * 60, type); if (pass == NULL) { /* Error (or ^C) reading password, don't try again. */ getpass_error = 1; #if (defined(__darwin__) || defined(__APPLE__)) && !defined(OPENPAM_VERSION) pass = ""; #else goto done; #endif } pr->resp = estrdup(pass); memset_s(pass, SUDO_CONV_REPL_MAX, 0, strlen(pass)); break; case PAM_TEXT_INFO: if (pm->msg) (void) puts(pm->msg); break; case PAM_ERROR_MSG: if (pm->msg) { (void) fputs(pm->msg, stderr); (void) fputc('\n', stderr); } break; default: ret = PAM_CONV_ERR; goto done; } } ret = PAM_SUCCESS; done: if (ret != PAM_SUCCESS) { /* Zero and free allocated memory and return an error. */ for (pr = *response, n = num_msg; n--; pr++) { if (pr->resp != NULL) { memset_s(pr->resp, SUDO_CONV_REPL_MAX, 0, strlen(pr->resp)); free(pr->resp); pr->resp = NULL; } } free(*response); *response = NULL; } debug_return_int(ret); } sudo-1.8.9p5/plugins/sudoers/auth/passwd.c010064400175440000012000000066751226304127700201410ustar00millertstaff/* * Copyright (c) 1999-2005, 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include "sudoers.h" #include "sudo_auth.h" #define DESLEN 13 #define HAS_AGEINFO(p, l) (l == 18 && p[DESLEN] == ',') int sudo_passwd_init(struct passwd *pw, sudo_auth *auth) { debug_decl(sudo_passwd_init, SUDO_DEBUG_AUTH) #ifdef HAVE_SKEYACCESS if (skeyaccess(pw, user_tty, NULL, NULL) == 0) debug_return_int(AUTH_FAILURE); #endif sudo_setspent(); auth->data = sudo_getepw(pw); sudo_endspent(); debug_return_int(AUTH_SUCCESS); } int sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth) { char sav, *epass; char *pw_epasswd = auth->data; size_t pw_len; int matched = 0; debug_decl(sudo_passwd_verify, SUDO_DEBUG_AUTH) pw_len = strlen(pw_epasswd); #ifdef HAVE_GETAUTHUID /* Ultrix shadow passwords may use crypt16() */ epass = (char *) crypt16(pass, pw_epasswd); if (epass != NULL && strcmp(pw_epasswd, epass) == 0) debug_return_int(AUTH_SUCCESS); #endif /* HAVE_GETAUTHUID */ /* * Truncate to 8 chars if standard DES since not all crypt()'s do this. * If this turns out not to be safe we will have to use OS #ifdef's (sigh). */ sav = pass[8]; if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) pass[8] = '\0'; /* * Normal UN*X password check. * HP-UX may add aging info (separated by a ',') at the end so * only compare the first DESLEN characters in that case. */ epass = (char *) crypt(pass, pw_epasswd); pass[8] = sav; if (epass != NULL) { if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) matched = !strncmp(pw_epasswd, epass, DESLEN); else matched = !strcmp(pw_epasswd, epass); } debug_return_int(matched ? AUTH_SUCCESS : AUTH_FAILURE); } int sudo_passwd_cleanup(pw, auth) struct passwd *pw; sudo_auth *auth; { char *pw_epasswd = auth->data; debug_decl(sudo_passwd_cleanup, SUDO_DEBUG_AUTH) if (pw_epasswd != NULL) { memset_s(pw_epasswd, SUDO_CONV_REPL_MAX, 0, strlen(pw_epasswd)); efree(pw_epasswd); } debug_return_int(AUTH_SUCCESS); } sudo-1.8.9p5/plugins/sudoers/auth/rfc1938.c010064400175440000012000000077731226304126400177330ustar00millertstaff/* * Copyright (c) 1994-1996, 1998-2005, 2010-2012 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #if defined(HAVE_SKEY) # include # define RFC1938 skey # ifdef HAVE_RFC1938_SKEYCHALLENGE # define rfc1938challenge(a,b,c,d) skeychallenge((a),(b),(c),(d)) # else # define rfc1938challenge(a,b,c,d) skeychallenge((a),(b),(c)) # endif # define rfc1938verify(a,b) skeyverify((a),(b)) #elif defined(HAVE_OPIE) # include # define RFC1938 opie # define rfc1938challenge(a,b,c,d) opiechallenge((a),(b),(c)) # define rfc1938verify(a,b) opieverify((a),(b)) #endif #include "sudoers.h" #include "sudo_auth.h" int sudo_rfc1938_setup(struct passwd *pw, char **promptp, sudo_auth *auth) { char challenge[256]; static char *orig_prompt = NULL, *new_prompt = NULL; static int op_len, np_size; static struct RFC1938 rfc1938; debug_decl(sudo_rfc1938_setup, SUDO_DEBUG_AUTH) /* Stash a pointer to the rfc1938 struct if we have not initialized */ if (!auth->data) auth->data = &rfc1938; /* Save the original prompt */ if (orig_prompt == NULL) { orig_prompt = *promptp; op_len = strlen(orig_prompt); /* Ignore trailing colon (we will add our own) */ if (orig_prompt[op_len - 1] == ':') op_len--; else if (op_len >= 2 && orig_prompt[op_len - 1] == ' ' && orig_prompt[op_len - 2] == ':') op_len -= 2; } #ifdef HAVE_SKEY /* Close old stream */ if (rfc1938.keyfile) (void) fclose(rfc1938.keyfile); #endif /* * Look up the user and get the rfc1938 challenge. * If the user is not in the OTP db, only post a fatal error if * we are running alone (since they may just use a normal passwd). */ if (rfc1938challenge(&rfc1938, pw->pw_name, challenge, sizeof(challenge))) { if (IS_ONEANDONLY(auth)) { warningx(U_("you do not exist in the %s database"), auth->name); debug_return_int(AUTH_FATAL); } else { debug_return_int(AUTH_FAILURE); } } /* Get space for new prompt with embedded challenge */ if (np_size < op_len + strlen(challenge) + 7) { np_size = op_len + strlen(challenge) + 7; new_prompt = (char *) erealloc(new_prompt, np_size); } if (def_long_otp_prompt) (void) snprintf(new_prompt, np_size, "%s\n%s", challenge, orig_prompt); else (void) snprintf(new_prompt, np_size, "%.*s [ %s ]:", op_len, orig_prompt, challenge); *promptp = new_prompt; debug_return_int(AUTH_SUCCESS); } int sudo_rfc1938_verify(struct passwd *pw, char *pass, sudo_auth *auth) { debug_decl(sudo_rfc1938_verify, SUDO_DEBUG_AUTH) if (rfc1938verify((struct RFC1938 *) auth->data, pass) == 0) debug_return_int(AUTH_SUCCESS); else debug_return_int(AUTH_FAILURE); } sudo-1.8.9p5/plugins/sudoers/auth/secureware.c010064400175440000012000000060551226304127700207750ustar00millertstaff/* * Copyright (c) 1998-2005, 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #ifdef __hpux # undef MAXINT # include #else # include #endif /* __hpux */ #include #include "sudoers.h" #include "sudo_auth.h" int sudo_secureware_init(struct passwd *pw, sudo_auth *auth) { #ifdef __alpha extern int crypt_type; debug_decl(sudo_secureware_init, SUDO_DEBUG_AUTH) if (crypt_type == INT_MAX) debug_return_int(AUTH_FAILURE); /* no shadow */ #else debug_decl(secureware_init, SUDO_DEBUG_AUTH) #endif sudo_setspent(); auth->data = sudo_getepw(pw); sudo_endspent(); debug_return_int(AUTH_SUCCESS); } int sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth) { char *pw_epasswd = auth->data; char *epass = NULL; debug_decl(sudo_secureware_verify, SUDO_DEBUG_AUTH) #ifdef __alpha { extern int crypt_type; # ifdef HAVE_DISPCRYPT epass = dispcrypt(pass, pw_epasswd, crypt_type); # else if (crypt_type == AUTH_CRYPT_BIGCRYPT) epass = bigcrypt(pass, pw_epasswd); else if (crypt_type == AUTH_CRYPT_CRYPT16) epass = crypt(pass, pw_epasswd); } # endif /* HAVE_DISPCRYPT */ #elif defined(HAVE_BIGCRYPT) epass = bigcrypt(pass, pw_epasswd); #endif /* __alpha */ if (epass != NULL && strcmp(pw_epasswd, epass) == 0) debug_return_int(AUTH_SUCCESS); debug_return_int(AUTH_FAILURE); } int sudo_secureware_cleanup(pw, auth) struct passwd *pw; sudo_auth *auth; { char *pw_epasswd = auth->data; debug_decl(sudo_secureware_cleanup, SUDO_DEBUG_AUTH) if (pw_epasswd != NULL) { memset_s(pw_epasswd, SUDO_CONV_REPL_MAX, 0, strlen(pw_epasswd)); efree(pw_epasswd); } debug_return_int(AUTH_SUCCESS); } sudo-1.8.9p5/plugins/sudoers/auth/securid5.c010064400175440000012000000143011226304126400203400ustar00millertstaff/* * Copyright (c) 1999-2005, 2007, 2010-2012 * Todd C. Miller * Copyright (c) 2002 Michael Stroucken * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include /* Needed for SecurID v5.0 Authentication on UNIX */ #define UNIX 1 #include #include #include "sudoers.h" #include "sudo_auth.h" /* * securid_init - Initialises communications with ACE server * Arguments in: * pw - UNUSED * auth - sudo authentication structure * * Results out: * auth - auth->data contains pointer to new SecurID handle * return code - Fatal if initialization unsuccessful, otherwise * success. */ int sudo_securid_init(struct passwd *pw, sudo_auth *auth) { static SDI_HANDLE sd_dat; /* SecurID handle */ debug_decl(sudo_securid_init, SUDO_DEBUG_AUTH) auth->data = (void *) &sd_dat; /* For method-specific data */ /* Start communications */ if (AceInitialize() != SD_FALSE) debug_return_int(AUTH_SUCCESS); warningx(U_("failed to initialise the ACE API library")); debug_return_int(AUTH_FATAL); } /* * securid_setup - Initialises a SecurID transaction and locks out other * ACE servers * * Arguments in: * pw - struct passwd for username * promptp - UNUSED * auth - sudo authentication structure for SecurID handle * * Results out: * return code - Success if transaction started correctly, fatal * otherwise */ int sudo_securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth) { SDI_HANDLE *sd = (SDI_HANDLE *) auth->data; int retval; debug_decl(sudo_securid_setup, SUDO_DEBUG_AUTH) /* Re-initialize SecurID every time. */ if (SD_Init(sd) != ACM_OK) { warningx(U_("unable to contact the SecurID server")); debug_return_int(AUTH_FATAL); } /* Lock new PIN code */ retval = SD_Lock(*sd, pw->pw_name); switch (retval) { case ACM_OK: warningx(U_("User ID locked for SecurID Authentication")); debug_return_int(AUTH_SUCCESS); case ACE_UNDEFINED_USERNAME: warningx(U_("invalid username length for SecurID")); debug_return_int(AUTH_FATAL); case ACE_ERR_INVALID_HANDLE: warningx(U_("invalid Authentication Handle for SecurID")); debug_return_int(AUTH_FATAL); case ACM_ACCESS_DENIED: warningx(U_("SecurID communication failed")); debug_return_int(AUTH_FATAL); default: warningx(U_("unknown SecurID error")); debug_return_int(AUTH_FATAL); } } /* * securid_verify - Authenticates user and handles ACE responses * * Arguments in: * pw - struct passwd for username * pass - UNUSED * auth - sudo authentication structure for SecurID handle * * Results out: * return code - Success on successful authentication, failure on * incorrect authentication, fatal on errors */ int sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth) { SDI_HANDLE *sd = (SDI_HANDLE *) auth->data; int rval; debug_decl(sudo_securid_verify, SUDO_DEBUG_AUTH) pass = auth_getpass("Enter your PASSCODE: ", def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF); /* Have ACE verify password */ switch (SD_Check(*sd, pass, pw->pw_name)) { case ACM_OK: rval = AUTH_SUCESS; break; case ACE_UNDEFINED_PASSCODE: warningx(U_("invalid passcode length for SecurID")); rval = AUTH_FATAL; break; case ACE_UNDEFINED_USERNAME: warningx(U_("invalid username length for SecurID")); rval = AUTH_FATAL; break; case ACE_ERR_INVALID_HANDLE: warningx(U_("invalid Authentication Handle for SecurID")); rval = AUTH_FATAL; break; case ACM_ACCESS_DENIED: rval = AUTH_FAILURE; break; case ACM_NEXT_CODE_REQUIRED: /* Sometimes (when current token close to expire?) ACE challenges for the next token displayed (entered without the PIN) */ pass = auth_getpass("\ !!! ATTENTION !!!\n\ Wait for the token code to change, \n\ then enter the new token code.\n", \ def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF); if (SD_Next(*sd, pass) == ACM_OK) { rval = AUTH_SUCCESS; break; } rval = AUTH_FAILURE; break; case ACM_NEW_PIN_REQUIRED: /* * This user's SecurID has not been activated yet, * or the pin has been reset */ /* XXX - Is setting up a new PIN within sudo's scope? */ SD_Pin(*sd, ""); fprintf(stderr, "Your SecurID access has not yet been set up.\n"); fprintf(stderr, "Please set up a PIN before you try to authenticate.\n"); rval = AUTH_FATAL; break; default: warningx(U_("unknown SecurID error")); rval = AUTH_FATAL; break; } /* Free resources */ SD_Close(*sd); /* Return stored state to calling process */ debug_return_int(rval); } sudo-1.8.9p5/plugins/sudoers/auth/sia.c010064400175440000012000000101231226304126500173700ustar00millertstaff/* * Copyright (c) 1999-2005, 2007, 2010-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include "sudoers.h" #include "sudo_auth.h" static int sudo_collect(int, int, uchar_t *, int, prompt_t *); static char *def_prompt; static char **sudo_argv; static int sudo_argc; /* * Collection routine (callback) for limiting the timeouts in SIA * prompts and (possibly) setting a custom prompt. */ static int sudo_collect(int timeout, int rendition, uchar_t *title, int nprompts, prompt_t *prompts) { debug_decl(sudo_collect, SUDO_DEBUG_AUTH) switch (rendition) { case SIAFORM: case SIAONELINER: if (timeout <= 0 || timeout > def_passwd_timeout * 60) timeout = def_passwd_timeout * 60; /* * Substitute custom prompt if a) the sudo prompt is not "Password:" * and b) the SIA prompt is "Password:" (so we know it is safe). * This keeps us from overwriting things like S/Key challenges. */ if (strcmp((char *)prompts[0].prompt, "Password:") == 0 && strcmp(def_prompt, "Password:") != 0) prompts[0].prompt = (unsigned char *)def_prompt; break; default: break; } debug_return_int(sia_collect_trm(timeout, rendition, title, nprompts, prompts)); } int sudo_sia_setup(struct passwd *pw, char **promptp, sudo_auth *auth) { SIAENTITY *siah = NULL; int i; extern int NewArgc; extern char **NewArgv; debug_decl(sudo_sia_setup, SUDO_DEBUG_AUTH) /* Rebuild argv for sia_ses_init() */ sudo_argc = NewArgc + 1; sudo_argv = emalloc2(sudo_argc + 1, sizeof(char *)); sudo_argv[0] = "sudo"; for (i = 0; i < NewArgc; i++) sudo_argv[i + 1] = NewArgv[i]; sudo_argv[sudo_argc] = NULL; if (sia_ses_init(&siah, sudo_argc, sudo_argv, NULL, pw->pw_name, user_ttypath, 1, NULL) != SIASUCCESS) { log_warning(USE_ERRNO|NO_MAIL, N_("unable to initialize SIA session")); debug_return_int(AUTH_FATAL); } auth->data = (void *) siah; debug_return_int(AUTH_SUCCESS); } int sudo_sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth) { SIAENTITY *siah = (SIAENTITY *) auth->data; debug_decl(sudo_sia_verify, SUDO_DEBUG_AUTH) def_prompt = prompt; /* for sudo_collect */ /* XXX - need a way to detect user hitting return or EOF at prompt */ if (sia_ses_reauthent(sudo_collect, siah) == SIASUCCESS) debug_return_int(AUTH_SUCCESS); else debug_return_int(AUTH_FAILURE); } int sudo_sia_cleanup(struct passwd *pw, sudo_auth *auth) { SIAENTITY *siah = (SIAENTITY *) auth->data; debug_decl(sudo_sia_cleanup, SUDO_DEBUG_AUTH) (void) sia_ses_release(&siah); efree(sudo_argv); debug_return_int(AUTH_SUCCESS); } sudo-1.8.9p5/plugins/sudoers/auth/sudo_auth.c010064400175440000012000000254701226304126500206220ustar00millertstaff/* * Copyright (c) 1999-2005, 2008-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include "sudoers.h" #include "sudo_auth.h" #include "insults.h" static sudo_auth auth_switch[] = { /* Standalone entries first */ #ifdef HAVE_PAM AUTH_ENTRY("pam", FLAG_STANDALONE, sudo_pam_init, NULL, sudo_pam_verify, sudo_pam_cleanup, sudo_pam_begin_session, sudo_pam_end_session) #endif #ifdef HAVE_SECURID AUTH_ENTRY("SecurId", FLAG_STANDALONE, sudo_securid_init, sudo_securid_setup, sudo_securid_verify, NULL, NULL, NULL) #endif #ifdef HAVE_SIA_SES_INIT AUTH_ENTRY("sia", FLAG_STANDALONE, NULL, sudo_sia_setup, sudo_sia_verify, sudo_sia_cleanup, NULL, NULL) #endif #ifdef HAVE_AIXAUTH AUTH_ENTRY("aixauth", FLAG_STANDALONE, NULL, NULL, sudo_aix_verify, sudo_aix_cleanup, NULL, NULL) #endif #ifdef HAVE_FWTK AUTH_ENTRY("fwtk", FLAG_STANDALONE, sudo_fwtk_init, NULL, sudo_fwtk_verify, sudo_fwtk_cleanup, NULL, NULL) #endif #ifdef HAVE_BSD_AUTH_H AUTH_ENTRY("bsdauth", FLAG_STANDALONE, bsdauth_init, NULL, bsdauth_verify, bsdauth_cleanup, NULL, NULL) #endif /* Non-standalone entries */ #ifndef WITHOUT_PASSWD AUTH_ENTRY("passwd", 0, sudo_passwd_init, NULL, sudo_passwd_verify, sudo_passwd_cleanup, NULL, NULL) #endif #if defined(HAVE_GETPRPWNAM) && !defined(WITHOUT_PASSWD) AUTH_ENTRY("secureware", 0, sudo_secureware_init, NULL, sudo_secureware_verify, sudo_secureware_cleanup, NULL, NULL) #endif #ifdef HAVE_AFS AUTH_ENTRY("afs", 0, NULL, NULL, sudo_afs_verify, NULL, NULL, NULL) #endif #ifdef HAVE_DCE AUTH_ENTRY("dce", 0, NULL, NULL, sudo_dce_verify, NULL, NULL, NULL) #endif #ifdef HAVE_KERB5 AUTH_ENTRY("kerb5", 0, sudo_krb5_init, sudo_krb5_setup, sudo_krb5_verify, sudo_krb5_cleanup, NULL, NULL) #endif #ifdef HAVE_SKEY AUTH_ENTRY("S/Key", 0, NULL, sudo_rfc1938_setup, sudo_rfc1938_verify, NULL, NULL, NULL) #endif #ifdef HAVE_OPIE AUTH_ENTRY("OPIE", 0, NULL, sudo_rfc1938_setup, sudo_rfc1938_verify, NULL, NULL, NULL) #endif AUTH_ENTRY(NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL) }; static int standalone; extern char **NewArgv; /* XXX - for auditing */ static void pass_warn(void); /* * Initialize sudoers authentication method(s). * Returns 0 on success and -1 on error. */ int sudo_auth_init(struct passwd *pw) { sudo_auth *auth; int status = AUTH_SUCCESS; debug_decl(sudo_auth_init, SUDO_DEBUG_AUTH) if (auth_switch[0].name == NULL) debug_return_int(0); /* Make sure we haven't mixed standalone and shared auth methods. */ standalone = IS_STANDALONE(&auth_switch[0]); if (standalone && auth_switch[1].name != NULL) { audit_failure(NewArgv, N_("invalid authentication methods")); log_fatal(0, N_("Invalid authentication methods compiled into sudo! " "You may not mix standalone and non-standalone authentication.")); debug_return_int(-1); } /* Set FLAG_ONEANDONLY if there is only one auth method. */ if (auth_switch[1].name == NULL) SET(auth_switch[0].flags, FLAG_ONEANDONLY); /* Initialize auth methods and unconfigure the method if necessary. */ for (auth = auth_switch; auth->name; auth++) { if (auth->init && !IS_DISABLED(auth)) { if (NEEDS_USER(auth)) set_perms(PERM_USER); status = (auth->init)(pw, auth); if (NEEDS_USER(auth)) restore_perms(); /* Disable if it failed to init unless there was a fatal error. */ if (status == AUTH_FAILURE) SET(auth->flags, FLAG_DISABLED); else if (status == AUTH_FATAL) break; /* assume error msg already printed */ } } debug_return_int(status == AUTH_FATAL ? -1 : 0); } /* * Cleanup all authentication methods. * Returns 0 on success and -1 on error. */ int sudo_auth_cleanup(struct passwd *pw) { sudo_auth *auth; int status = AUTH_SUCCESS; debug_decl(sudo_auth_cleanup, SUDO_DEBUG_AUTH) /* Call cleanup routines. */ for (auth = auth_switch; auth->name; auth++) { if (auth->cleanup && !IS_DISABLED(auth)) { if (NEEDS_USER(auth)) set_perms(PERM_USER); status = (auth->cleanup)(pw, auth); if (NEEDS_USER(auth)) restore_perms(); if (status == AUTH_FATAL) break; /* assume error msg already printed */ } } debug_return_int(status == AUTH_FATAL ? -1 : 0); } /* * Verify the specified user. * Returns true if verified, false if not or -1 on error. */ int verify_user(struct passwd *pw, char *prompt, int validated) { unsigned int counter = def_passwd_tries + 1; int success = AUTH_FAILURE; int status, rval; char *p; sudo_auth *auth; sigaction_t sa, osa; debug_decl(verify_user, SUDO_DEBUG_AUTH) /* Enable suspend during password entry. */ sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; sa.sa_handler = SIG_DFL; (void) sigaction(SIGTSTP, &sa, &osa); /* Make sure we have at least one auth method. */ /* XXX - check FLAG_DISABLED too */ if (auth_switch[0].name == NULL) { audit_failure(NewArgv, N_("no authentication methods")); log_warning(0, N_("There are no authentication methods compiled into sudo! " "If you want to turn off authentication, use the " "--disable-authentication configure option.")); debug_return_int(-1); } while (--counter) { /* Do any per-method setup and unconfigure the method if needed */ for (auth = auth_switch; auth->name; auth++) { if (auth->setup && !IS_DISABLED(auth)) { if (NEEDS_USER(auth)) set_perms(PERM_USER); status = (auth->setup)(pw, &prompt, auth); if (NEEDS_USER(auth)) restore_perms(); if (status == AUTH_FAILURE) SET(auth->flags, FLAG_DISABLED); else if (status == AUTH_FATAL) goto done; /* assume error msg already printed */ } } /* Get the password unless the auth function will do it for us */ if (standalone) { p = prompt; } else { p = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF); if (p == NULL) break; } /* Call authentication functions. */ for (auth = auth_switch; auth->name; auth++) { if (IS_DISABLED(auth)) continue; if (NEEDS_USER(auth)) set_perms(PERM_USER); success = auth->status = (auth->verify)(pw, p, auth); if (NEEDS_USER(auth)) restore_perms(); if (auth->status != AUTH_FAILURE) goto done; } if (!standalone) memset_s(p, SUDO_CONV_REPL_MAX, 0, strlen(p)); pass_warn(); } done: switch (success) { case AUTH_SUCCESS: (void) sigaction(SIGTSTP, &osa, NULL); rval = true; break; case AUTH_INTR: case AUTH_FAILURE: if (counter != def_passwd_tries) validated |= FLAG_BAD_PASSWORD; log_auth_failure(validated, def_passwd_tries - counter); rval = false; break; case AUTH_FATAL: default: log_auth_failure(validated | FLAG_AUTH_ERROR, 0); rval = -1; break; } debug_return_int(rval); } /* * Call authentication method begin session hooks. * Returns 1 on success and -1 on error. */ int sudo_auth_begin_session(struct passwd *pw, char **user_env[]) { sudo_auth *auth; int status = AUTH_SUCCESS; debug_decl(sudo_auth_begin_session, SUDO_DEBUG_AUTH) for (auth = auth_switch; auth->name; auth++) { if (auth->begin_session && !IS_DISABLED(auth)) { status = (auth->begin_session)(pw, user_env, auth); if (status == AUTH_FATAL) break; /* assume error msg already printed */ } } debug_return_int(status == AUTH_FATAL ? -1 : 1); } bool sudo_auth_needs_end_session(void) { sudo_auth *auth; bool needed = false; debug_decl(sudo_auth_needs_end_session, SUDO_DEBUG_AUTH) for (auth = auth_switch; auth->name; auth++) { if (auth->end_session && !IS_DISABLED(auth)) { needed = true; break; } } debug_return_bool(needed); } /* * Call authentication method end session hooks. * Returns 1 on success and -1 on error. */ int sudo_auth_end_session(struct passwd *pw) { sudo_auth *auth; int status = AUTH_SUCCESS; debug_decl(sudo_auth_end_session, SUDO_DEBUG_AUTH) for (auth = auth_switch; auth->name; auth++) { if (auth->end_session && !IS_DISABLED(auth)) { status = (auth->end_session)(pw, auth); if (status == AUTH_FATAL) break; /* assume error msg already printed */ } } debug_return_int(status == AUTH_FATAL ? -1 : 1); } static void pass_warn(void) { const char *warning = def_badpass_message; debug_decl(pass_warn, SUDO_DEBUG_AUTH) #ifdef INSULT if (def_insults) warning = INSULT; #endif sudo_printf(SUDO_CONV_ERROR_MSG, "%s\n", warning); debug_return; } char * auth_getpass(const char *prompt, int timeout, int type) { struct sudo_conv_message msg; struct sudo_conv_reply repl; debug_decl(auth_getpass, SUDO_DEBUG_AUTH) /* Mask user input if pwfeedback set and echo is off. */ if (type == SUDO_CONV_PROMPT_ECHO_OFF && def_pwfeedback) type = SUDO_CONV_PROMPT_MASK; /* If visiblepw set, do not error out if there is no tty. */ if (def_visiblepw) type |= SUDO_CONV_PROMPT_ECHO_OK; /* Call conversation function */ memset(&msg, 0, sizeof(msg)); msg.msg_type = type; msg.timeout = def_passwd_timeout * 60; msg.msg = prompt; memset(&repl, 0, sizeof(repl)); sudo_conv(1, &msg, &repl); /* XXX - check for ENOTTY? */ debug_return_str_masked(repl.reply); } void dump_auth_methods(void) { sudo_auth *auth; debug_decl(dump_auth_methods, SUDO_DEBUG_AUTH) sudo_printf(SUDO_CONV_INFO_MSG, _("Authentication methods:")); for (auth = auth_switch; auth->name; auth++) sudo_printf(SUDO_CONV_INFO_MSG, " '%s'", auth->name); sudo_printf(SUDO_CONV_INFO_MSG, "\n"); debug_return; } sudo-1.8.9p5/plugins/sudoers/auth/sudo_auth.h010064400175440000012000000113761226304126500206270ustar00millertstaff/* * Copyright (c) 1999-2005, 2007-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef SUDO_AUTH_H #define SUDO_AUTH_H /* Auth function return values. */ #define AUTH_SUCCESS 0 #define AUTH_FAILURE 1 #define AUTH_INTR 2 #define AUTH_FATAL 3 typedef struct sudo_auth { int flags; /* various flags, see below */ int status; /* status from verify routine */ char *name; /* name of the method as a string */ void *data; /* method-specific data pointer */ int (*init)(struct passwd *pw, struct sudo_auth *auth); int (*setup)(struct passwd *pw, char **prompt, struct sudo_auth *auth); int (*verify)(struct passwd *pw, char *p, struct sudo_auth *auth); int (*cleanup)(struct passwd *pw, struct sudo_auth *auth); int (*begin_session)(struct passwd *pw, char **user_env[], struct sudo_auth *auth); int (*end_session)(struct passwd *pw, struct sudo_auth *auth); } sudo_auth; /* Values for sudo_auth.flags. */ #define FLAG_USER 0x01 /* functions must run as the user, not root */ #define FLAG_DISABLED 0x02 /* method disabled */ #define FLAG_STANDALONE 0x04 /* standalone auth method */ #define FLAG_ONEANDONLY 0x08 /* one and only auth method */ /* Shortcuts for using the flags above. */ #define NEEDS_USER(x) ((x)->flags & FLAG_USER) #define IS_DISABLED(x) ((x)->flags & FLAG_DISABLED) #define IS_STANDALONE(x) ((x)->flags & FLAG_STANDALONE) #define IS_ONEANDONLY(x) ((x)->flags & FLAG_ONEANDONLY) /* Like tgetpass() but uses conversation function */ char *auth_getpass(const char *prompt, int timeout, int type); /* Pointer to conversation function to use with auth_getpass(). */ extern sudo_conv_t sudo_conv; /* Prototypes for standalone methods */ int bsdauth_init(struct passwd *pw, sudo_auth *auth); int bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth); int bsdauth_cleanup(struct passwd *pw, sudo_auth *auth); int sudo_aix_verify(struct passwd *pw, char *pass, sudo_auth *auth); int sudo_aix_cleanup(struct passwd *pw, sudo_auth *auth); int sudo_fwtk_init(struct passwd *pw, sudo_auth *auth); int sudo_fwtk_verify(struct passwd *pw, char *prompt, sudo_auth *auth); int sudo_fwtk_cleanup(struct passwd *pw, sudo_auth *auth); int sudo_pam_init(struct passwd *pw, sudo_auth *auth); int sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth); int sudo_pam_cleanup(struct passwd *pw, sudo_auth *auth); int sudo_pam_begin_session(struct passwd *pw, char **user_env[], sudo_auth *auth); int sudo_pam_end_session(struct passwd *pw, sudo_auth *auth); int sudo_securid_init(struct passwd *pw, sudo_auth *auth); int sudo_securid_setup(struct passwd *pw, char **prompt, sudo_auth *auth); int sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth); int sudo_sia_setup(struct passwd *pw, char **prompt, sudo_auth *auth); int sudo_sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth); int sudo_sia_cleanup(struct passwd *pw, sudo_auth *auth); /* Prototypes for normal methods */ int sudo_afs_verify(struct passwd *pw, char *pass, sudo_auth *auth); int sudo_dce_verify(struct passwd *pw, char *pass, sudo_auth *auth); int sudo_krb5_init(struct passwd *pw, sudo_auth *auth); int sudo_krb5_setup(struct passwd *pw, char **prompt, sudo_auth *auth); int sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth); int sudo_krb5_cleanup(struct passwd *pw, sudo_auth *auth); int sudo_passwd_init(struct passwd *pw, sudo_auth *auth); int sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth); int sudo_passwd_cleanup(struct passwd *pw, sudo_auth *auth); int sudo_rfc1938_setup(struct passwd *pw, char **prompt, sudo_auth *auth); int sudo_rfc1938_verify(struct passwd *pw, char *pass, sudo_auth *auth); int sudo_secureware_init(struct passwd *pw, sudo_auth *auth); int sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth); int sudo_secureware_cleanup(struct passwd *pw, sudo_auth *auth); /* Fields: name, flags, init, setup, verify, cleanup, begin_sess, end_sess */ #define AUTH_ENTRY(n, f, i, s, v, c, b, e) \ { (f), AUTH_FAILURE, (n), NULL, (i), (s), (v), (c) , (b), (e) }, #endif /* SUDO_AUTH_H */ sudo-1.8.9p5/plugins/sudoers/base64.c010064400175440000012000000051121226304126500167410ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include "missing.h" #include "sudo_debug.h" /* * Decode a NUL-terminated string in base64 format and store the * result in dst. */ size_t base64_decode(const char *str, unsigned char *dst, size_t dsize) { static const char b64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; const unsigned char *dst0 = dst; const unsigned char *dend = dst + dsize; unsigned char ch[4]; char *pos; int i; debug_decl(base64_decode, SUDO_DEBUG_MATCH) /* * Convert from base64 to binary. Each base64 char holds 6 bits of data * so 4 base64 chars equals 3 chars of data. * Padding (with the '=' char) may or may not be present. */ while (*str != '\0') { for (i = 0; i < 4; i++) { switch (*str) { case '=': str++; /* FALLTHROUGH */ case '\0': ch[i] = '='; break; default: if ((pos = strchr(b64, *str++)) == NULL) debug_return_size_t((size_t)-1); ch[i] = (unsigned char)(pos - b64); break; } } if (ch[0] == '=' || ch[1] == '=' || dst == dend) break; *dst++ = (ch[0] << 2) | ((ch[1] & 0x30) >> 4); if (ch[2] == '=' || dst == dend) break; *dst++ = ((ch[1] & 0x0f) << 4) | ((ch[2] & 0x3c) >> 2); if (ch[3] == '=' || dst == dend) break; *dst++ = ((ch[2] & 0x03) << 6) | ch[3]; } debug_return_size_t((size_t)(dst - dst0)); } sudo-1.8.9p5/plugins/sudoers/boottime.c010064400175440000012000000067771226304126500175210ustar00millertstaff/* * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include #ifdef TIME_WITH_SYS_TIME # include #endif #ifndef __linux__ # if defined(HAVE_SYSCTL) && defined(KERN_BOOTTIME) # include # elif defined(HAVE_GETUTXID) # include # elif defined(HAVE_GETUTID) # include # endif #endif /* !__linux__ */ #include "missing.h" #include "sudo_debug.h" /* * Fill in a struct timeval with the time the system booted. * Returns 1 on success and 0 on failure. */ #if defined(__linux__) int get_boottime(struct timeval *tv) { char *ep, *line = NULL; size_t linesize = 0; ssize_t len; FILE * fp; debug_decl(get_boottime, SUDO_DEBUG_UTIL) /* read btime from /proc/stat */ fp = fopen("/proc/stat", "r"); if (fp != NULL) { while ((len = getline(&line, &linesize, fp)) != -1) { if (strncmp(line, "btime ", 6) == 0) { long long llval = strtonum(line + 6, 1, LLONG_MAX, NULL); if (llval > 0) { tv->tv_sec = (time_t)llval; tv->tv_usec = 0; debug_return_bool(1); } } } fclose(fp); free(line); } debug_return_bool(0); } #elif defined(HAVE_SYSCTL) && defined(KERN_BOOTTIME) int get_boottime(struct timeval *tv) { size_t size; int mib[2]; debug_decl(get_boottime, SUDO_DEBUG_UTIL) mib[0] = CTL_KERN; mib[1] = KERN_BOOTTIME; size = sizeof(*tv); if (sysctl(mib, 2, tv, &size, NULL, 0) != -1) debug_return_bool(1); debug_return_bool(0); } #elif defined(HAVE_GETUTXID) int get_boottime(struct timeval *tv) { struct utmpx *ut, key; debug_decl(get_boottime, SUDO_DEBUG_UTIL) memset(&key, 0, sizeof(key)); key.ut_type = BOOT_TIME; setutxent(); if ((ut = getutxid(&key)) != NULL) { tv->tv_sec = ut->ut_tv.tv_sec; tv->tv_usec = ut->ut_tv.tv_usec; } endutxent(); debug_return_bool(ut != NULL); } #elif defined(HAVE_GETUTID) int get_boottime(struct timeval *tv) { struct utmp *ut, key; debug_decl(get_boottime, SUDO_DEBUG_UTIL) memset(&key, 0, sizeof(key)); key.ut_type = BOOT_TIME; setutent(); if ((ut = getutid(&key)) != NULL) { tv->tv_sec = ut->ut_time; tv->tv_usec = 0; } endutent(); debug_return_bool(ut != NULL); } #else int get_boottime(struct timeval *tv) { debug_decl(get_boottime, SUDO_DEBUG_UTIL) debug_return_bool(0); } #endif sudo-1.8.9p5/plugins/sudoers/bsm_audit.c010064400175440000012000000123151226304126500176270ustar00millertstaff/* * Copyright (c) 2009-2013 Todd C. Miller * Copyright (c) 2009 Christian S.J. Peron * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #include #include #include #include #include #include "missing.h" #include "fatal.h" #include "gettext.h" #include "sudo_debug.h" #include "bsm_audit.h" /* * Solaris auditon() returns EINVAL if BSM audit not configured. * OpenBSM returns ENOSYS for unimplemented options. */ #ifdef __sun # define AUDIT_NOT_CONFIGURED EINVAL #else # define AUDIT_NOT_CONFIGURED ENOSYS #endif static int audit_sudo_selected(int sf) { auditinfo_addr_t ainfo_addr; struct au_mask *mask; auditinfo_t ainfo; int rc, sorf; debug_decl(audit_sudo_selected, SUDO_DEBUG_AUDIT) if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) < 0) { if (errno == ENOSYS) { if (getaudit(&ainfo) < 0) fatal("getaudit"); mask = &ainfo.ai_mask; } else fatal("getaudit"); } else mask = &ainfo_addr.ai_mask; sorf = (sf == 0) ? AU_PRS_SUCCESS : AU_PRS_FAILURE; rc = au_preselect(AUE_sudo, mask, sorf, AU_PRS_REREAD); debug_return_int(rc); } void bsm_audit_success(char **exec_args) { auditinfo_addr_t ainfo_addr; auditinfo_t ainfo; token_t *tok; au_id_t auid; long au_cond; int aufd; pid_t pid; debug_decl(bsm_audit_success, SUDO_DEBUG_AUDIT) pid = getpid(); /* * If we are not auditing, don't cut an audit record; just return. */ if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) { if (errno == AUDIT_NOT_CONFIGURED) return; fatal(U_("Could not determine audit condition")); } if (au_cond == AUC_NOAUDIT) debug_return; /* * Check to see if the preselection masks are interested in seeing * this event. */ if (!audit_sudo_selected(0)) debug_return; if (getauid(&auid) < 0) fatal("getauid"); if ((aufd = au_open()) == -1) fatal("au_open"); if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), getuid(), pid, pid, &ainfo_addr.ai_termid); } else if (errno == ENOSYS) { /* * NB: We should probably watch out for ERANGE here. */ if (getaudit(&ainfo) < 0) fatal("getaudit"); tok = au_to_subject(auid, geteuid(), getegid(), getuid(), getuid(), pid, pid, &ainfo.ai_termid); } else fatal("getaudit"); if (tok == NULL) fatal("au_to_subject"); au_write(aufd, tok); tok = au_to_exec_args(exec_args); if (tok == NULL) fatal("au_to_exec_args"); au_write(aufd, tok); tok = au_to_return32(0, 0); if (tok == NULL) fatal("au_to_return32"); au_write(aufd, tok); #ifdef __sun if (au_close(aufd, 1, AUE_sudo, 0) == -1) #else if (au_close(aufd, 1, AUE_sudo) == -1) #endif fatal(U_("unable to commit audit record")); debug_return; } void bsm_audit_failure(char **exec_args, char const *const fmt, va_list ap) { auditinfo_addr_t ainfo_addr; auditinfo_t ainfo; char text[256]; token_t *tok; long au_cond; au_id_t auid; pid_t pid; int aufd; debug_decl(bsm_audit_success, SUDO_DEBUG_AUDIT) pid = getpid(); /* * If we are not auditing, don't cut an audit record; just return. */ if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) { if (errno == AUDIT_NOT_CONFIGURED) debug_return; fatal(U_("Could not determine audit condition")); } if (au_cond == AUC_NOAUDIT) debug_return; if (!audit_sudo_selected(1)) debug_return; if (getauid(&auid) < 0) fatal("getauid"); if ((aufd = au_open()) == -1) fatal("au_open"); if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), getuid(), pid, pid, &ainfo_addr.ai_termid); } else if (errno == ENOSYS) { if (getaudit(&ainfo) < 0) fatal("getaudit"); tok = au_to_subject(auid, geteuid(), getegid(), getuid(), getuid(), pid, pid, &ainfo.ai_termid); } else fatal("getaudit"); if (tok == NULL) fatal("au_to_subject"); au_write(aufd, tok); tok = au_to_exec_args(exec_args); if (tok == NULL) fatal("au_to_exec_args"); au_write(aufd, tok); (void) vsnprintf(text, sizeof(text), fmt, ap); tok = au_to_text(text); if (tok == NULL) fatal("au_to_text"); au_write(aufd, tok); tok = au_to_return32(EPERM, 1); if (tok == NULL) fatal("au_to_return32"); au_write(aufd, tok); #ifdef __sun if (au_close(aufd, 1, AUE_sudo, PAD_FAILURE) == -1) #else if (au_close(aufd, 1, AUE_sudo) == -1) #endif fatal(U_("unable to commit audit record")); debug_return; } sudo-1.8.9p5/plugins/sudoers/bsm_audit.h010064400175440000012000000020251226304126500176310ustar00millertstaff/* * Copyright (c) 2009-2010, 2013 Todd C. Miller * Copyright (c) 2009 Christian S.J. Peron * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDOERS_BSM_AUDIT_H #define _SUDOERS_BSM_AUDIT_H void bsm_audit_success(char **); void bsm_audit_failure(char **, char const * const, va_list); #endif /* _SUDOERS_BSM_AUDIT_H */ sudo-1.8.9p5/plugins/sudoers/check.c010064400175440000012000000147771226304127700167560ustar00millertstaff/* * Copyright (c) 1993-1996,1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef TIME_WITH_SYS_TIME # include #endif #include #include #include #include #include "sudoers.h" #include "check.h" static bool display_lecture(int); static struct passwd *get_authpw(void); /* * Returns true if the user successfully authenticates, false if not * or -1 on error. */ static int check_user_interactive(int validated, int mode, struct passwd *auth_pw) { int status, rval = true; debug_decl(check_user_interactive, SUDO_DEBUG_AUTH) /* Always need a password when -k was specified with the command. */ if (ISSET(mode, MODE_IGNORE_TICKET)) SET(validated, FLAG_CHECK_USER); if (build_timestamp(auth_pw) == -1) { rval = -1; goto done; } status = timestamp_status(auth_pw); if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) { char *prompt; bool lectured; /* Bail out if we are non-interactive and a password is required */ if (ISSET(mode, MODE_NONINTERACTIVE)) { validated |= FLAG_NON_INTERACTIVE; log_auth_failure(validated, 0); rval = -1; goto done; } /* XXX - should not lecture if askpass helper is being used. */ lectured = display_lecture(status); /* Expand any escapes in the prompt. */ prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt, user_name, user_shost); rval = verify_user(auth_pw, prompt, validated); if (rval == true && lectured) set_lectured(); efree(prompt); } /* Only update timestamp if user was validated. */ if (rval == true && ISSET(validated, VALIDATE_OK) && !ISSET(mode, MODE_IGNORE_TICKET) && status != TS_ERROR) update_timestamp(auth_pw); done: debug_return_bool(rval); } /* * Returns true if the user successfully authenticates, false if not * or -1 on error. */ int check_user(int validated, int mode) { struct passwd *auth_pw; int rval = true; debug_decl(check_user, SUDO_DEBUG_AUTH) /* * Init authentication system regardless of whether we need a password. * Required for proper PAM session support. */ auth_pw = get_authpw(); if (sudo_auth_init(auth_pw) == -1) { rval = -1; goto done; } /* * Don't prompt for the root passwd or if the user is exempt. * If the user is not changing uid/gid, no need for a password. */ if (!def_authenticate || user_is_exempt()) goto done; if (user_uid == 0 || (user_uid == runas_pw->pw_uid && (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name)))) { #ifdef HAVE_SELINUX if (user_role == NULL && user_type == NULL) #endif #ifdef HAVE_PRIV_SET if (runas_privs == NULL && runas_limitprivs == NULL) #endif goto done; } rval = check_user_interactive(validated, mode, auth_pw); done: sudo_auth_cleanup(auth_pw); sudo_pw_delref(auth_pw); debug_return_bool(rval); } /* * Display sudo lecture (standard or custom). * Returns true if the user was lectured, else false. */ static bool display_lecture(int status) { FILE *fp; char buf[BUFSIZ]; ssize_t nread; struct sudo_conv_message msg; struct sudo_conv_reply repl; debug_decl(lecture, SUDO_DEBUG_AUTH) if (def_lecture == never || (def_lecture == once && already_lectured(status))) debug_return_bool(false); memset(&msg, 0, sizeof(msg)); memset(&repl, 0, sizeof(repl)); if (def_lecture_file && (fp = fopen(def_lecture_file, "r")) != NULL) { while ((nread = fread(buf, sizeof(char), sizeof(buf) - 1, fp)) != 0) { buf[nread] = '\0'; msg.msg_type = SUDO_CONV_ERROR_MSG; msg.msg = buf; sudo_conv(1, &msg, &repl); } fclose(fp); } else { msg.msg_type = SUDO_CONV_ERROR_MSG; msg.msg = _("\n" "We trust you have received the usual lecture from the local System\n" "Administrator. It usually boils down to these three things:\n\n" " #1) Respect the privacy of others.\n" " #2) Think before you type.\n" " #3) With great power comes great responsibility.\n\n"); sudo_conv(1, &msg, &repl); } debug_return_bool(true); } /* * Checks if the user is exempt from supplying a password. */ bool user_is_exempt(void) { bool rval = false; debug_decl(user_is_exempt, SUDO_DEBUG_AUTH) if (def_exempt_group) rval = user_in_group(sudo_user.pw, def_exempt_group); debug_return_bool(rval); } /* * Get passwd entry for the user we are going to authenticate as. * By default, this is the user invoking sudo. In the most common * case, this matches sudo_user.pw or runas_pw. */ static struct passwd * get_authpw(void) { struct passwd *pw; debug_decl(get_authpw, SUDO_DEBUG_AUTH) if (def_rootpw) { if ((pw = sudo_getpwuid(ROOT_UID)) == NULL) log_fatal(0, N_("unknown uid: %u"), ROOT_UID); } else if (def_runaspw) { if ((pw = sudo_getpwnam(def_runas_default)) == NULL) log_fatal(0, N_("unknown user: %s"), def_runas_default); } else if (def_targetpw) { if (runas_pw->pw_name == NULL) log_fatal(NO_MAIL|MSG_ONLY, N_("unknown uid: %u"), (unsigned int) runas_pw->pw_uid); sudo_pw_addref(runas_pw); pw = runas_pw; } else { sudo_pw_addref(sudo_user.pw); pw = sudo_user.pw; } debug_return_ptr(pw); } sudo-1.8.9p5/plugins/sudoers/check.h010064400175440000012000000035031226304126500167410ustar00millertstaff/* * Copyright (c) 1993-1996,1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #ifndef _SUDOERS_CHECK_H #define _SUDOERS_CHECK_H /* Status codes for timestamp_status() */ #define TS_CURRENT 0 #define TS_OLD 1 #define TS_MISSING 2 #define TS_NOFILE 3 #define TS_ERROR 4 /* This may be a function in some implementations. */ #define already_lectured(s) (s != TS_MISSING && s != TS_ERROR) /* * Info stored in tty ticket from stat(2) to help with tty matching. */ struct sudo_tty_info { dev_t dev; /* ID of device tty resides on */ dev_t rdev; /* tty device ID */ ino_t ino; /* tty inode number */ uid_t uid; /* tty owner */ gid_t gid; /* tty group */ pid_t sid; /* ID of session with controlling tty */ }; bool update_timestamp(struct passwd *pw); int build_timestamp(struct passwd *pw); int timestamp_status(struct passwd *pw); #endif /* _SUDOERS_CHECK_H */ sudo-1.8.9p5/plugins/sudoers/def_data.c010064400175440000012000000215211226304126500174060ustar00millertstaffstatic struct def_values def_data_lecture[] = { { "never", never }, { "once", once }, { "always", always }, { NULL, 0 }, }; static struct def_values def_data_listpw[] = { { "never", never }, { "any", any }, { "all", all }, { "always", always }, { NULL, 0 }, }; static struct def_values def_data_verifypw[] = { { "never", never }, { "all", all }, { "any", any }, { "always", always }, { NULL, 0 }, }; struct sudo_defs_types sudo_defs_table[] = { { "syslog", T_LOGFAC|T_BOOL, N_("Syslog facility if syslog is being used for logging: %s"), NULL, }, { "syslog_goodpri", T_LOGPRI, N_("Syslog priority to use when user authenticates successfully: %s"), NULL, }, { "syslog_badpri", T_LOGPRI, N_("Syslog priority to use when user authenticates unsuccessfully: %s"), NULL, }, { "long_otp_prompt", T_FLAG, N_("Put OTP prompt on its own line"), NULL, }, { "ignore_dot", T_FLAG, N_("Ignore '.' in $PATH"), NULL, }, { "mail_always", T_FLAG, N_("Always send mail when sudo is run"), NULL, }, { "mail_badpass", T_FLAG, N_("Send mail if user authentication fails"), NULL, }, { "mail_no_user", T_FLAG, N_("Send mail if the user is not in sudoers"), NULL, }, { "mail_no_host", T_FLAG, N_("Send mail if the user is not in sudoers for this host"), NULL, }, { "mail_no_perms", T_FLAG, N_("Send mail if the user is not allowed to run a command"), NULL, }, { "tty_tickets", T_FLAG, N_("Use a separate timestamp for each user/tty combo"), NULL, }, { "lecture", T_TUPLE|T_BOOL, N_("Lecture user the first time they run sudo"), def_data_lecture, }, { "lecture_file", T_STR|T_PATH|T_BOOL, N_("File containing the sudo lecture: %s"), NULL, }, { "authenticate", T_FLAG, N_("Require users to authenticate by default"), NULL, }, { "root_sudo", T_FLAG, N_("Root may run sudo"), NULL, }, { "log_host", T_FLAG, N_("Log the hostname in the (non-syslog) log file"), NULL, }, { "log_year", T_FLAG, N_("Log the year in the (non-syslog) log file"), NULL, }, { "shell_noargs", T_FLAG, N_("If sudo is invoked with no arguments, start a shell"), NULL, }, { "set_home", T_FLAG, N_("Set $HOME to the target user when starting a shell with -s"), NULL, }, { "always_set_home", T_FLAG, N_("Always set $HOME to the target user's home directory"), NULL, }, { "path_info", T_FLAG, N_("Allow some information gathering to give useful error messages"), NULL, }, { "fqdn", T_FLAG, N_("Require fully-qualified hostnames in the sudoers file"), NULL, }, { "insults", T_FLAG, N_("Insult the user when they enter an incorrect password"), NULL, }, { "requiretty", T_FLAG, N_("Only allow the user to run sudo if they have a tty"), NULL, }, { "env_editor", T_FLAG, N_("Visudo will honor the EDITOR environment variable"), NULL, }, { "rootpw", T_FLAG, N_("Prompt for root's password, not the users's"), NULL, }, { "runaspw", T_FLAG, N_("Prompt for the runas_default user's password, not the users's"), NULL, }, { "targetpw", T_FLAG, N_("Prompt for the target user's password, not the users's"), NULL, }, { "use_loginclass", T_FLAG, N_("Apply defaults in the target user's login class if there is one"), NULL, }, { "set_logname", T_FLAG, N_("Set the LOGNAME and USER environment variables"), NULL, }, { "stay_setuid", T_FLAG, N_("Only set the effective uid to the target user, not the real uid"), NULL, }, { "preserve_groups", T_FLAG, N_("Don't initialize the group vector to that of the target user"), NULL, }, { "loglinelen", T_UINT|T_BOOL, N_("Length at which to wrap log file lines (0 for no wrap): %u"), NULL, }, { "timestamp_timeout", T_FLOAT|T_BOOL, N_("Authentication timestamp timeout: %.1f minutes"), NULL, }, { "passwd_timeout", T_FLOAT|T_BOOL, N_("Password prompt timeout: %.1f minutes"), NULL, }, { "passwd_tries", T_UINT, N_("Number of tries to enter a password: %u"), NULL, }, { "umask", T_MODE|T_BOOL, N_("Umask to use or 0777 to use user's: 0%o"), NULL, }, { "logfile", T_STR|T_BOOL|T_PATH, N_("Path to log file: %s"), NULL, }, { "mailerpath", T_STR|T_BOOL|T_PATH, N_("Path to mail program: %s"), NULL, }, { "mailerflags", T_STR|T_BOOL, N_("Flags for mail program: %s"), NULL, }, { "mailto", T_STR|T_BOOL, N_("Address to send mail to: %s"), NULL, }, { "mailfrom", T_STR|T_BOOL, N_("Address to send mail from: %s"), NULL, }, { "mailsub", T_STR, N_("Subject line for mail messages: %s"), NULL, }, { "badpass_message", T_STR, N_("Incorrect password message: %s"), NULL, }, { "timestampdir", T_STR|T_PATH, N_("Path to authentication timestamp dir: %s"), NULL, }, { "timestampowner", T_STR, N_("Owner of the authentication timestamp dir: %s"), NULL, }, { "exempt_group", T_STR|T_BOOL, N_("Users in this group are exempt from password and PATH requirements: %s"), NULL, }, { "passprompt", T_STR, N_("Default password prompt: %s"), NULL, }, { "passprompt_override", T_FLAG, N_("If set, passprompt will override system prompt in all cases."), NULL, }, { "runas_default", T_STR, N_("Default user to run commands as: %s"), NULL, }, { "secure_path", T_STR|T_BOOL, N_("Value to override user's $PATH with: %s"), NULL, }, { "editor", T_STR|T_PATH, N_("Path to the editor for use by visudo: %s"), NULL, }, { "listpw", T_TUPLE|T_BOOL, N_("When to require a password for 'list' pseudocommand: %s"), def_data_listpw, }, { "verifypw", T_TUPLE|T_BOOL, N_("When to require a password for 'verify' pseudocommand: %s"), def_data_verifypw, }, { "noexec", T_FLAG, N_("Preload the dummy exec functions contained in the sudo_noexec library"), NULL, }, { "ignore_local_sudoers", T_FLAG, N_("If LDAP directory is up, do we ignore local sudoers file"), NULL, }, { "closefrom", T_INT, N_("File descriptors >= %d will be closed before executing a command"), NULL, }, { "closefrom_override", T_FLAG, N_("If set, users may override the value of `closefrom' with the -C option"), NULL, }, { "setenv", T_FLAG, N_("Allow users to set arbitrary environment variables"), NULL, }, { "env_reset", T_FLAG, N_("Reset the environment to a default set of variables"), NULL, }, { "env_check", T_LIST|T_BOOL, N_("Environment variables to check for sanity:"), NULL, }, { "env_delete", T_LIST|T_BOOL, N_("Environment variables to remove:"), NULL, }, { "env_keep", T_LIST|T_BOOL, N_("Environment variables to preserve:"), NULL, }, { "role", T_STR, N_("SELinux role to use in the new security context: %s"), NULL, }, { "type", T_STR, N_("SELinux type to use in the new security context: %s"), NULL, }, { "env_file", T_STR|T_PATH|T_BOOL, N_("Path to the sudo-specific environment file: %s"), NULL, }, { "sudoers_locale", T_STR, N_("Locale to use while parsing sudoers: %s"), NULL, }, { "visiblepw", T_FLAG, N_("Allow sudo to prompt for a password even if it would be visible"), NULL, }, { "pwfeedback", T_FLAG, N_("Provide visual feedback at the password prompt when there is user input"), NULL, }, { "fast_glob", T_FLAG, N_("Use faster globbing that is less accurate but does not access the filesystem"), NULL, }, { "umask_override", T_FLAG, N_("The umask specified in sudoers will override the user's, even if it is more permissive"), NULL, }, { "log_input", T_FLAG, N_("Log user's input for the command being run"), NULL, }, { "log_output", T_FLAG, N_("Log the output of the command being run"), NULL, }, { "compress_io", T_FLAG, N_("Compress I/O logs using zlib"), NULL, }, { "use_pty", T_FLAG, N_("Always run commands in a pseudo-tty"), NULL, }, { "group_plugin", T_STR, N_("Plugin for non-Unix group support: %s"), NULL, }, { "iolog_dir", T_STR|T_PATH, N_("Directory in which to store input/output logs: %s"), NULL, }, { "iolog_file", T_STR, N_("File in which to store the input/output log: %s"), NULL, }, { "set_utmp", T_FLAG, N_("Add an entry to the utmp/utmpx file when allocating a pty"), NULL, }, { "utmp_runas", T_FLAG, N_("Set the user in utmp to the runas user, not the invoking user"), NULL, }, { "privs", T_STR, N_("Set of permitted privileges"), NULL, }, { "limitprivs", T_STR, N_("Set of limit privileges"), NULL, }, { "exec_background", T_FLAG, N_("Run commands on a pty in the background"), NULL, }, { "pam_service", T_STR, N_("PAM service name to use"), NULL, }, { "pam_login_service", T_STR, N_("PAM service name to use for login shells"), NULL, }, { "pam_setcred", T_FLAG, N_("Attempt to establish PAM credentials for the target user"), NULL, }, { "pam_session", T_FLAG, N_("Create a new PAM session for the command to run in"), NULL, }, { "maxseq", T_UINT, N_("Maximum I/O log sequence number: %u"), NULL, }, { NULL, 0, NULL } }; sudo-1.8.9p5/plugins/sudoers/def_data.h010064400175440000012000000211611226304126500174130ustar00millertstaff#define def_syslog (sudo_defs_table[0].sd_un.ival) #define I_SYSLOG 0 #define def_syslog_goodpri (sudo_defs_table[1].sd_un.ival) #define I_SYSLOG_GOODPRI 1 #define def_syslog_badpri (sudo_defs_table[2].sd_un.ival) #define I_SYSLOG_BADPRI 2 #define def_long_otp_prompt (sudo_defs_table[3].sd_un.flag) #define I_LONG_OTP_PROMPT 3 #define def_ignore_dot (sudo_defs_table[4].sd_un.flag) #define I_IGNORE_DOT 4 #define def_mail_always (sudo_defs_table[5].sd_un.flag) #define I_MAIL_ALWAYS 5 #define def_mail_badpass (sudo_defs_table[6].sd_un.flag) #define I_MAIL_BADPASS 6 #define def_mail_no_user (sudo_defs_table[7].sd_un.flag) #define I_MAIL_NO_USER 7 #define def_mail_no_host (sudo_defs_table[8].sd_un.flag) #define I_MAIL_NO_HOST 8 #define def_mail_no_perms (sudo_defs_table[9].sd_un.flag) #define I_MAIL_NO_PERMS 9 #define def_tty_tickets (sudo_defs_table[10].sd_un.flag) #define I_TTY_TICKETS 10 #define def_lecture (sudo_defs_table[11].sd_un.tuple) #define I_LECTURE 11 #define def_lecture_file (sudo_defs_table[12].sd_un.str) #define I_LECTURE_FILE 12 #define def_authenticate (sudo_defs_table[13].sd_un.flag) #define I_AUTHENTICATE 13 #define def_root_sudo (sudo_defs_table[14].sd_un.flag) #define I_ROOT_SUDO 14 #define def_log_host (sudo_defs_table[15].sd_un.flag) #define I_LOG_HOST 15 #define def_log_year (sudo_defs_table[16].sd_un.flag) #define I_LOG_YEAR 16 #define def_shell_noargs (sudo_defs_table[17].sd_un.flag) #define I_SHELL_NOARGS 17 #define def_set_home (sudo_defs_table[18].sd_un.flag) #define I_SET_HOME 18 #define def_always_set_home (sudo_defs_table[19].sd_un.flag) #define I_ALWAYS_SET_HOME 19 #define def_path_info (sudo_defs_table[20].sd_un.flag) #define I_PATH_INFO 20 #define def_fqdn (sudo_defs_table[21].sd_un.flag) #define I_FQDN 21 #define def_insults (sudo_defs_table[22].sd_un.flag) #define I_INSULTS 22 #define def_requiretty (sudo_defs_table[23].sd_un.flag) #define I_REQUIRETTY 23 #define def_env_editor (sudo_defs_table[24].sd_un.flag) #define I_ENV_EDITOR 24 #define def_rootpw (sudo_defs_table[25].sd_un.flag) #define I_ROOTPW 25 #define def_runaspw (sudo_defs_table[26].sd_un.flag) #define I_RUNASPW 26 #define def_targetpw (sudo_defs_table[27].sd_un.flag) #define I_TARGETPW 27 #define def_use_loginclass (sudo_defs_table[28].sd_un.flag) #define I_USE_LOGINCLASS 28 #define def_set_logname (sudo_defs_table[29].sd_un.flag) #define I_SET_LOGNAME 29 #define def_stay_setuid (sudo_defs_table[30].sd_un.flag) #define I_STAY_SETUID 30 #define def_preserve_groups (sudo_defs_table[31].sd_un.flag) #define I_PRESERVE_GROUPS 31 #define def_loglinelen (sudo_defs_table[32].sd_un.uival) #define I_LOGLINELEN 32 #define def_timestamp_timeout (sudo_defs_table[33].sd_un.fval) #define I_TIMESTAMP_TIMEOUT 33 #define def_passwd_timeout (sudo_defs_table[34].sd_un.fval) #define I_PASSWD_TIMEOUT 34 #define def_passwd_tries (sudo_defs_table[35].sd_un.uival) #define I_PASSWD_TRIES 35 #define def_umask (sudo_defs_table[36].sd_un.mode) #define I_UMASK 36 #define def_logfile (sudo_defs_table[37].sd_un.str) #define I_LOGFILE 37 #define def_mailerpath (sudo_defs_table[38].sd_un.str) #define I_MAILERPATH 38 #define def_mailerflags (sudo_defs_table[39].sd_un.str) #define I_MAILERFLAGS 39 #define def_mailto (sudo_defs_table[40].sd_un.str) #define I_MAILTO 40 #define def_mailfrom (sudo_defs_table[41].sd_un.str) #define I_MAILFROM 41 #define def_mailsub (sudo_defs_table[42].sd_un.str) #define I_MAILSUB 42 #define def_badpass_message (sudo_defs_table[43].sd_un.str) #define I_BADPASS_MESSAGE 43 #define def_timestampdir (sudo_defs_table[44].sd_un.str) #define I_TIMESTAMPDIR 44 #define def_timestampowner (sudo_defs_table[45].sd_un.str) #define I_TIMESTAMPOWNER 45 #define def_exempt_group (sudo_defs_table[46].sd_un.str) #define I_EXEMPT_GROUP 46 #define def_passprompt (sudo_defs_table[47].sd_un.str) #define I_PASSPROMPT 47 #define def_passprompt_override (sudo_defs_table[48].sd_un.flag) #define I_PASSPROMPT_OVERRIDE 48 #define def_runas_default (sudo_defs_table[49].sd_un.str) #define I_RUNAS_DEFAULT 49 #define def_secure_path (sudo_defs_table[50].sd_un.str) #define I_SECURE_PATH 50 #define def_editor (sudo_defs_table[51].sd_un.str) #define I_EDITOR 51 #define def_listpw (sudo_defs_table[52].sd_un.tuple) #define I_LISTPW 52 #define def_verifypw (sudo_defs_table[53].sd_un.tuple) #define I_VERIFYPW 53 #define def_noexec (sudo_defs_table[54].sd_un.flag) #define I_NOEXEC 54 #define def_ignore_local_sudoers (sudo_defs_table[55].sd_un.flag) #define I_IGNORE_LOCAL_SUDOERS 55 #define def_closefrom (sudo_defs_table[56].sd_un.ival) #define I_CLOSEFROM 56 #define def_closefrom_override (sudo_defs_table[57].sd_un.flag) #define I_CLOSEFROM_OVERRIDE 57 #define def_setenv (sudo_defs_table[58].sd_un.flag) #define I_SETENV 58 #define def_env_reset (sudo_defs_table[59].sd_un.flag) #define I_ENV_RESET 59 #define def_env_check (sudo_defs_table[60].sd_un.list) #define I_ENV_CHECK 60 #define def_env_delete (sudo_defs_table[61].sd_un.list) #define I_ENV_DELETE 61 #define def_env_keep (sudo_defs_table[62].sd_un.list) #define I_ENV_KEEP 62 #define def_role (sudo_defs_table[63].sd_un.str) #define I_ROLE 63 #define def_type (sudo_defs_table[64].sd_un.str) #define I_TYPE 64 #define def_env_file (sudo_defs_table[65].sd_un.str) #define I_ENV_FILE 65 #define def_sudoers_locale (sudo_defs_table[66].sd_un.str) #define I_SUDOERS_LOCALE 66 #define def_visiblepw (sudo_defs_table[67].sd_un.flag) #define I_VISIBLEPW 67 #define def_pwfeedback (sudo_defs_table[68].sd_un.flag) #define I_PWFEEDBACK 68 #define def_fast_glob (sudo_defs_table[69].sd_un.flag) #define I_FAST_GLOB 69 #define def_umask_override (sudo_defs_table[70].sd_un.flag) #define I_UMASK_OVERRIDE 70 #define def_log_input (sudo_defs_table[71].sd_un.flag) #define I_LOG_INPUT 71 #define def_log_output (sudo_defs_table[72].sd_un.flag) #define I_LOG_OUTPUT 72 #define def_compress_io (sudo_defs_table[73].sd_un.flag) #define I_COMPRESS_IO 73 #define def_use_pty (sudo_defs_table[74].sd_un.flag) #define I_USE_PTY 74 #define def_group_plugin (sudo_defs_table[75].sd_un.str) #define I_GROUP_PLUGIN 75 #define def_iolog_dir (sudo_defs_table[76].sd_un.str) #define I_IOLOG_DIR 76 #define def_iolog_file (sudo_defs_table[77].sd_un.str) #define I_IOLOG_FILE 77 #define def_set_utmp (sudo_defs_table[78].sd_un.flag) #define I_SET_UTMP 78 #define def_utmp_runas (sudo_defs_table[79].sd_un.flag) #define I_UTMP_RUNAS 79 #define def_privs (sudo_defs_table[80].sd_un.str) #define I_PRIVS 80 #define def_limitprivs (sudo_defs_table[81].sd_un.str) #define I_LIMITPRIVS 81 #define def_exec_background (sudo_defs_table[82].sd_un.flag) #define I_EXEC_BACKGROUND 82 #define def_pam_service (sudo_defs_table[83].sd_un.str) #define I_PAM_SERVICE 83 #define def_pam_login_service (sudo_defs_table[84].sd_un.str) #define I_PAM_LOGIN_SERVICE 84 #define def_pam_setcred (sudo_defs_table[85].sd_un.flag) #define I_PAM_SETCRED 85 #define def_pam_session (sudo_defs_table[86].sd_un.flag) #define I_PAM_SESSION 86 #define def_maxseq (sudo_defs_table[87].sd_un.uival) #define I_MAXSEQ 87 enum def_tuple { never, once, always, any, all }; sudo-1.8.9p5/plugins/sudoers/def_data.in010064400175440000012000000146531226304126500176020ustar00millertstaff# # Format: # # var_name # TYPE # description (or NULL) # array of struct def_values if TYPE == T_TUPLE # # NOTE: for tuples that can be used in a boolean context the first # value corresponds to boolean FALSE and the second to TRUE. # syslog T_LOGFAC|T_BOOL "Syslog facility if syslog is being used for logging: %s" syslog_goodpri T_LOGPRI "Syslog priority to use when user authenticates successfully: %s" syslog_badpri T_LOGPRI "Syslog priority to use when user authenticates unsuccessfully: %s" long_otp_prompt T_FLAG "Put OTP prompt on its own line" ignore_dot T_FLAG "Ignore '.' in $PATH" mail_always T_FLAG "Always send mail when sudo is run" mail_badpass T_FLAG "Send mail if user authentication fails" mail_no_user T_FLAG "Send mail if the user is not in sudoers" mail_no_host T_FLAG "Send mail if the user is not in sudoers for this host" mail_no_perms T_FLAG "Send mail if the user is not allowed to run a command" tty_tickets T_FLAG "Use a separate timestamp for each user/tty combo" lecture T_TUPLE|T_BOOL "Lecture user the first time they run sudo" never once always lecture_file T_STR|T_PATH|T_BOOL "File containing the sudo lecture: %s" authenticate T_FLAG "Require users to authenticate by default" root_sudo T_FLAG "Root may run sudo" log_host T_FLAG "Log the hostname in the (non-syslog) log file" log_year T_FLAG "Log the year in the (non-syslog) log file" shell_noargs T_FLAG "If sudo is invoked with no arguments, start a shell" set_home T_FLAG "Set $HOME to the target user when starting a shell with -s" always_set_home T_FLAG "Always set $HOME to the target user's home directory" path_info T_FLAG "Allow some information gathering to give useful error messages" fqdn T_FLAG "Require fully-qualified hostnames in the sudoers file" insults T_FLAG "Insult the user when they enter an incorrect password" requiretty T_FLAG "Only allow the user to run sudo if they have a tty" env_editor T_FLAG "Visudo will honor the EDITOR environment variable" rootpw T_FLAG "Prompt for root's password, not the users's" runaspw T_FLAG "Prompt for the runas_default user's password, not the users's" targetpw T_FLAG "Prompt for the target user's password, not the users's" use_loginclass T_FLAG "Apply defaults in the target user's login class if there is one" set_logname T_FLAG "Set the LOGNAME and USER environment variables" stay_setuid T_FLAG "Only set the effective uid to the target user, not the real uid" preserve_groups T_FLAG "Don't initialize the group vector to that of the target user" loglinelen T_UINT|T_BOOL "Length at which to wrap log file lines (0 for no wrap): %u" timestamp_timeout T_FLOAT|T_BOOL "Authentication timestamp timeout: %.1f minutes" passwd_timeout T_FLOAT|T_BOOL "Password prompt timeout: %.1f minutes" passwd_tries T_UINT "Number of tries to enter a password: %u" umask T_MODE|T_BOOL "Umask to use or 0777 to use user's: 0%o" logfile T_STR|T_BOOL|T_PATH "Path to log file: %s" mailerpath T_STR|T_BOOL|T_PATH "Path to mail program: %s" mailerflags T_STR|T_BOOL "Flags for mail program: %s" mailto T_STR|T_BOOL "Address to send mail to: %s" mailfrom T_STR|T_BOOL "Address to send mail from: %s" mailsub T_STR "Subject line for mail messages: %s" badpass_message T_STR "Incorrect password message: %s" timestampdir T_STR|T_PATH "Path to authentication timestamp dir: %s" timestampowner T_STR "Owner of the authentication timestamp dir: %s" exempt_group T_STR|T_BOOL "Users in this group are exempt from password and PATH requirements: %s" passprompt T_STR "Default password prompt: %s" passprompt_override T_FLAG "If set, passprompt will override system prompt in all cases." runas_default T_STR "Default user to run commands as: %s" secure_path T_STR|T_BOOL "Value to override user's $PATH with: %s" editor T_STR|T_PATH "Path to the editor for use by visudo: %s" listpw T_TUPLE|T_BOOL "When to require a password for 'list' pseudocommand: %s" never any all always verifypw T_TUPLE|T_BOOL "When to require a password for 'verify' pseudocommand: %s" never all any always noexec T_FLAG "Preload the dummy exec functions contained in the sudo_noexec library" ignore_local_sudoers T_FLAG "If LDAP directory is up, do we ignore local sudoers file" closefrom T_INT "File descriptors >= %d will be closed before executing a command" closefrom_override T_FLAG "If set, users may override the value of `closefrom' with the -C option" setenv T_FLAG "Allow users to set arbitrary environment variables" env_reset T_FLAG "Reset the environment to a default set of variables" env_check T_LIST|T_BOOL "Environment variables to check for sanity:" env_delete T_LIST|T_BOOL "Environment variables to remove:" env_keep T_LIST|T_BOOL "Environment variables to preserve:" role T_STR "SELinux role to use in the new security context: %s" type T_STR "SELinux type to use in the new security context: %s" env_file T_STR|T_PATH|T_BOOL "Path to the sudo-specific environment file: %s" sudoers_locale T_STR "Locale to use while parsing sudoers: %s" visiblepw T_FLAG "Allow sudo to prompt for a password even if it would be visible" pwfeedback T_FLAG "Provide visual feedback at the password prompt when there is user input" fast_glob T_FLAG "Use faster globbing that is less accurate but does not access the filesystem" umask_override T_FLAG "The umask specified in sudoers will override the user's, even if it is more permissive" log_input T_FLAG "Log user's input for the command being run" log_output T_FLAG "Log the output of the command being run" compress_io T_FLAG "Compress I/O logs using zlib" use_pty T_FLAG "Always run commands in a pseudo-tty" group_plugin T_STR "Plugin for non-Unix group support: %s" iolog_dir T_STR|T_PATH "Directory in which to store input/output logs: %s" iolog_file T_STR "File in which to store the input/output log: %s" set_utmp T_FLAG "Add an entry to the utmp/utmpx file when allocating a pty" utmp_runas T_FLAG "Set the user in utmp to the runas user, not the invoking user" privs T_STR "Set of permitted privileges" limitprivs T_STR "Set of limit privileges" exec_background T_FLAG "Run commands on a pty in the background" pam_service T_STR "PAM service name to use" pam_login_service T_STR "PAM service name to use for login shells" pam_setcred T_FLAG "Attempt to establish PAM credentials for the target user" pam_session T_FLAG "Create a new PAM session for the command to run in" maxseq T_UINT "Maximum I/O log sequence number: %u" sudo-1.8.9p5/plugins/sudoers/defaults.c010064400175440000012000000534521226304126500174760ustar00millertstaff/* * Copyright (c) 1999-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ # ifdef HAVE_UNISTD_H #include #endif /* HAVE_UNISTD_H */ #include #include #include "sudoers.h" #include "parse.h" #include /* * For converting between syslog numbers and strings. */ struct strmap { char *name; int num; }; #ifdef LOG_NFACILITIES static struct strmap facilities[] = { #ifdef LOG_AUTHPRIV { "authpriv", LOG_AUTHPRIV }, #endif { "auth", LOG_AUTH }, { "daemon", LOG_DAEMON }, { "user", LOG_USER }, { "local0", LOG_LOCAL0 }, { "local1", LOG_LOCAL1 }, { "local2", LOG_LOCAL2 }, { "local3", LOG_LOCAL3 }, { "local4", LOG_LOCAL4 }, { "local5", LOG_LOCAL5 }, { "local6", LOG_LOCAL6 }, { "local7", LOG_LOCAL7 }, { NULL, -1 } }; #endif /* LOG_NFACILITIES */ static struct strmap priorities[] = { { "alert", LOG_ALERT }, { "crit", LOG_CRIT }, { "debug", LOG_DEBUG }, { "emerg", LOG_EMERG }, { "err", LOG_ERR }, { "info", LOG_INFO }, { "notice", LOG_NOTICE }, { "warning", LOG_WARNING }, { NULL, -1 } }; /* * Local prototypes. */ static bool store_int(char *, struct sudo_defs_types *, int); static bool store_list(char *, struct sudo_defs_types *, int); static bool store_mode(char *, struct sudo_defs_types *, int); static bool store_str(char *, struct sudo_defs_types *, int); static bool store_syslogfac(char *, struct sudo_defs_types *, int); static bool store_syslogpri(char *, struct sudo_defs_types *, int); static bool store_tuple(char *, struct sudo_defs_types *, int); static bool store_uint(char *, struct sudo_defs_types *, int); static bool store_float(char *, struct sudo_defs_types *, int); static void list_op(char *, size_t, struct sudo_defs_types *, enum list_ops); static const char *logfac2str(int); static const char *logpri2str(int); /* * Table describing compile-time and run-time options. */ #include /* * Print version and configure info. */ void dump_defaults(void) { struct sudo_defs_types *cur; struct list_member *item; struct def_values *def; char *desc; debug_decl(dump_defaults, SUDO_DEBUG_DEFAULTS) for (cur = sudo_defs_table; cur->name; cur++) { if (cur->desc) { desc = _(cur->desc); switch (cur->type & T_MASK) { case T_FLAG: if (cur->sd_un.flag) sudo_printf(SUDO_CONV_INFO_MSG, "%s\n", desc); break; case T_STR: if (cur->sd_un.str) { sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.str); sudo_printf(SUDO_CONV_INFO_MSG, "\n"); } break; case T_LOGFAC: if (cur->sd_un.ival) { sudo_printf(SUDO_CONV_INFO_MSG, desc, logfac2str(cur->sd_un.ival)); sudo_printf(SUDO_CONV_INFO_MSG, "\n"); } break; case T_LOGPRI: if (cur->sd_un.ival) { sudo_printf(SUDO_CONV_INFO_MSG, desc, logpri2str(cur->sd_un.ival)); sudo_printf(SUDO_CONV_INFO_MSG, "\n"); } break; case T_INT: sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.ival); sudo_printf(SUDO_CONV_INFO_MSG, "\n"); break; case T_UINT: sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.uival); sudo_printf(SUDO_CONV_INFO_MSG, "\n"); break; case T_FLOAT: sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.fval); sudo_printf(SUDO_CONV_INFO_MSG, "\n"); break; case T_MODE: sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.mode); sudo_printf(SUDO_CONV_INFO_MSG, "\n"); break; case T_LIST: if (!SLIST_EMPTY(&cur->sd_un.list)) { sudo_printf(SUDO_CONV_INFO_MSG, "%s\n", desc); SLIST_FOREACH(item, &cur->sd_un.list, entries) { sudo_printf(SUDO_CONV_INFO_MSG, "\t%s\n", item->value); } } break; case T_TUPLE: for (def = cur->values; def->sval; def++) { if (cur->sd_un.tuple == def->nval) { sudo_printf(SUDO_CONV_INFO_MSG, desc, def->sval); break; } } sudo_printf(SUDO_CONV_INFO_MSG, "\n"); break; } } } debug_return; } /* * Sets/clears an entry in the defaults structure * If a variable that takes a value is used in a boolean * context with op == 0, disable that variable. * Eg. you may want to turn off logging to a file for some hosts. * This is only meaningful for variables that are *optional*. */ bool set_default(char *var, char *val, int op) { struct sudo_defs_types *cur; int num; debug_decl(set_default, SUDO_DEBUG_DEFAULTS) for (cur = sudo_defs_table, num = 0; cur->name; cur++, num++) { if (strcmp(var, cur->name) == 0) break; } if (!cur->name) { warningx(U_("unknown defaults entry `%s'"), var); debug_return_bool(false); } switch (cur->type & T_MASK) { case T_LOGFAC: if (!store_syslogfac(val, cur, op)) { if (val) warningx(U_("value `%s' is invalid for option `%s'"), val, var); else warningx(U_("no value specified for `%s'"), var); debug_return_bool(false); } break; case T_LOGPRI: if (!store_syslogpri(val, cur, op)) { if (val) warningx(U_("value `%s' is invalid for option `%s'"), val, var); else warningx(U_("no value specified for `%s'"), var); debug_return_bool(false); } break; case T_STR: if (!val) { /* Check for bogus boolean usage or lack of a value. */ if (!ISSET(cur->type, T_BOOL) || op != false) { warningx(U_("no value specified for `%s'"), var); debug_return_bool(false); } } if (ISSET(cur->type, T_PATH) && val && *val != '/') { warningx(U_("values for `%s' must start with a '/'"), var); debug_return_bool(false); } if (!store_str(val, cur, op)) { warningx(U_("value `%s' is invalid for option `%s'"), val, var); debug_return_bool(false); } break; case T_INT: if (!val) { /* Check for bogus boolean usage or lack of a value. */ if (!ISSET(cur->type, T_BOOL) || op != false) { warningx(U_("no value specified for `%s'"), var); debug_return_bool(false); } } if (!store_int(val, cur, op)) { warningx(U_("value `%s' is invalid for option `%s'"), val, var); debug_return_bool(false); } break; case T_UINT: if (!val) { /* Check for bogus boolean usage or lack of a value. */ if (!ISSET(cur->type, T_BOOL) || op != false) { warningx(U_("no value specified for `%s'"), var); debug_return_bool(false); } } if (!store_uint(val, cur, op)) { warningx(U_("value `%s' is invalid for option `%s'"), val, var); debug_return_bool(false); } break; case T_FLOAT: if (!val) { /* Check for bogus boolean usage or lack of a value. */ if (!ISSET(cur->type, T_BOOL) || op != false) { warningx(U_("no value specified for `%s'"), var); debug_return_bool(false); } } if (!store_float(val, cur, op)) { warningx(U_("value `%s' is invalid for option `%s'"), val, var); debug_return_bool(false); } break; case T_MODE: if (!val) { /* Check for bogus boolean usage or lack of a value. */ if (!ISSET(cur->type, T_BOOL) || op != false) { warningx(U_("no value specified for `%s'"), var); debug_return_bool(false); } } if (!store_mode(val, cur, op)) { warningx(U_("value `%s' is invalid for option `%s'"), val, var); debug_return_bool(false); } break; case T_FLAG: if (val) { warningx(U_("option `%s' does not take a value"), var); debug_return_bool(false); } cur->sd_un.flag = op; break; case T_LIST: if (!val) { /* Check for bogus boolean usage or lack of a value. */ if (!ISSET(cur->type, T_BOOL) || op != false) { warningx(U_("no value specified for `%s'"), var); debug_return_bool(false); } } if (!store_list(val, cur, op)) { warningx(U_("value `%s' is invalid for option `%s'"), val, var); debug_return_bool(false); } break; case T_TUPLE: if (!val && !ISSET(cur->type, T_BOOL)) { warningx(U_("no value specified for `%s'"), var); debug_return_bool(false); } if (!store_tuple(val, cur, op)) { warningx(U_("value `%s' is invalid for option `%s'"), val, var); debug_return_bool(false); } break; } debug_return_bool(true); } /* * Set default options to compiled-in values. * Any of these may be overridden at runtime by a "Defaults" file. */ void init_defaults(void) { static int firsttime = 1; struct sudo_defs_types *def; debug_decl(init_defaults, SUDO_DEBUG_DEFAULTS) /* Clear any old settings. */ if (!firsttime) { for (def = sudo_defs_table; def->name; def++) { switch (def->type & T_MASK) { case T_STR: efree(def->sd_un.str); def->sd_un.str = NULL; break; case T_LIST: list_op(NULL, 0, def, freeall); break; } memset(&def->sd_un, 0, sizeof(def->sd_un)); } } /* First initialize the flags. */ #ifdef LONG_OTP_PROMPT def_long_otp_prompt = true; #endif #ifdef IGNORE_DOT_PATH def_ignore_dot = true; #endif #ifdef ALWAYS_SEND_MAIL def_mail_always = true; #endif #ifdef SEND_MAIL_WHEN_NO_USER def_mail_no_user = true; #endif #ifdef SEND_MAIL_WHEN_NO_HOST def_mail_no_host = true; #endif #ifdef SEND_MAIL_WHEN_NOT_OK def_mail_no_perms = true; #endif #ifndef NO_TTY_TICKETS def_tty_tickets = true; #endif #ifndef NO_LECTURE def_lecture = once; #endif #ifndef NO_AUTHENTICATION def_authenticate = true; #endif #ifndef NO_ROOT_SUDO def_root_sudo = true; #endif #ifdef HOST_IN_LOG def_log_host = true; #endif #ifdef SHELL_IF_NO_ARGS def_shell_noargs = true; #endif #ifdef SHELL_SETS_HOME def_set_home = true; #endif #ifndef DONT_LEAK_PATH_INFO def_path_info = true; #endif #ifdef FQDN def_fqdn = true; #endif #ifdef USE_INSULTS def_insults = true; #endif #ifdef ENV_EDITOR def_env_editor = true; #endif #ifdef UMASK_OVERRIDE def_umask_override = true; #endif def_iolog_file = estrdup("%{seq}"); def_iolog_dir = estrdup(_PATH_SUDO_IO_LOGDIR); def_sudoers_locale = estrdup("C"); def_env_reset = ENV_RESET; def_set_logname = true; def_closefrom = STDERR_FILENO + 1; def_pam_service = estrdup("sudo"); #ifdef HAVE_PAM_LOGIN def_pam_login_service = estrdup("sudo-i"); #else def_pam_login_service = estrdup("sudo"); #endif #ifdef NO_PAM_SESSION def_pam_session = false; #else def_pam_session = true; #endif /* Syslog options need special care since they both strings and ints */ #if (LOGGING & SLOG_SYSLOG) (void) store_syslogfac(LOGFAC, &sudo_defs_table[I_SYSLOG], true); (void) store_syslogpri(PRI_SUCCESS, &sudo_defs_table[I_SYSLOG_GOODPRI], true); (void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_SYSLOG_BADPRI], true); #endif /* Password flags also have a string and integer component. */ (void) store_tuple("any", &sudo_defs_table[I_LISTPW], true); (void) store_tuple("all", &sudo_defs_table[I_VERIFYPW], true); /* Then initialize the int-like things. */ #ifdef SUDO_UMASK def_umask = SUDO_UMASK; #else def_umask = 0777; #endif def_loglinelen = MAXLOGFILELEN; def_timestamp_timeout = TIMEOUT; def_passwd_timeout = PASSWORD_TIMEOUT; def_passwd_tries = TRIES_FOR_PASSWORD; #ifdef HAVE_ZLIB_H def_compress_io = true; #endif /* Now do the strings */ def_mailto = estrdup(MAILTO); def_mailsub = estrdup(N_(MAILSUBJECT)); def_badpass_message = estrdup(_(INCORRECT_PASSWORD)); def_timestampdir = estrdup(_PATH_SUDO_TIMEDIR); def_passprompt = estrdup(_(PASSPROMPT)); def_runas_default = estrdup(RUNAS_DEFAULT); #ifdef _PATH_SUDO_SENDMAIL def_mailerpath = estrdup(_PATH_SUDO_SENDMAIL); def_mailerflags = estrdup("-t"); #endif #if (LOGGING & SLOG_FILE) def_logfile = estrdup(_PATH_SUDO_LOGFILE); #endif #ifdef EXEMPTGROUP def_exempt_group = estrdup(EXEMPTGROUP); #endif #ifdef SECURE_PATH def_secure_path = estrdup(SECURE_PATH); #endif def_editor = estrdup(EDITOR); def_set_utmp = true; /* Finally do the lists (currently just environment tables). */ init_envtables(); firsttime = 0; debug_return; } /* * Update the defaults based on what was set by sudoers. * Pass in an OR'd list of which default types to update. */ bool update_defaults(int what) { struct defaults *def; bool rc = true; debug_decl(update_defaults, SUDO_DEBUG_DEFAULTS) TAILQ_FOREACH(def, &defaults, entries) { switch (def->type) { case DEFAULTS: if (ISSET(what, SETDEF_GENERIC) && !set_default(def->var, def->val, def->op)) rc = false; break; case DEFAULTS_USER: #if 1 if (ISSET(what, SETDEF_USER)) { int m; m = userlist_matches(sudo_user.pw, def->binding); if (m == ALLOW) { if (!set_default(def->var, def->val, def->op)) rc = false; } } #else if (ISSET(what, SETDEF_USER) && userlist_matches(sudo_user.pw, def->binding) == ALLOW && !set_default(def->var, def->val, def->op)) rc = false; #endif break; case DEFAULTS_RUNAS: if (ISSET(what, SETDEF_RUNAS) && runaslist_matches(def->binding, NULL, NULL, NULL) == ALLOW && !set_default(def->var, def->val, def->op)) rc = false; break; case DEFAULTS_HOST: if (ISSET(what, SETDEF_HOST) && hostlist_matches(def->binding) == ALLOW && !set_default(def->var, def->val, def->op)) rc = false; break; case DEFAULTS_CMND: if (ISSET(what, SETDEF_CMND) && cmndlist_matches(def->binding) == ALLOW && !set_default(def->var, def->val, def->op)) rc = false; break; } } debug_return_bool(rc); } /* * Check the defaults entries without actually setting them. * Pass in an OR'd list of which default types to check. */ bool check_defaults(int what, bool quiet) { struct sudo_defs_types *cur; struct defaults *def; bool rc = true; debug_decl(check_defaults, SUDO_DEBUG_DEFAULTS) TAILQ_FOREACH(def, &defaults, entries) { switch (def->type) { case DEFAULTS: if (!ISSET(what, SETDEF_GENERIC)) continue; break; case DEFAULTS_USER: if (!ISSET(what, SETDEF_USER)) continue; break; case DEFAULTS_RUNAS: if (!ISSET(what, SETDEF_RUNAS)) continue; break; case DEFAULTS_HOST: if (!ISSET(what, SETDEF_HOST)) continue; break; case DEFAULTS_CMND: if (!ISSET(what, SETDEF_CMND)) continue; break; } for (cur = sudo_defs_table; cur->name != NULL; cur++) { if (strcmp(def->var, cur->name) == 0) break; } if (cur->name == NULL) { if (!quiet) warningx(U_("unknown defaults entry `%s'"), def->var); rc = false; } } debug_return_bool(rc); } static bool store_int(char *val, struct sudo_defs_types *def, int op) { const char *errstr; int i; debug_decl(store_int, SUDO_DEBUG_DEFAULTS) if (op == false) { def->sd_un.ival = 0; } else { i = strtonum(val, INT_MIN, INT_MAX, &errstr); if (errstr != NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "%s: %s", val, errstr); debug_return_bool(false); } def->sd_un.ival = i; } if (def->callback) debug_return_bool(def->callback(val)); debug_return_bool(true); } static bool store_uint(char *val, struct sudo_defs_types *def, int op) { const char *errstr; unsigned int u; debug_decl(store_uint, SUDO_DEBUG_DEFAULTS) if (op == false) { def->sd_un.uival = 0; } else { u = strtonum(val, 0, UINT_MAX, &errstr); if (errstr != NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "%s: %s", val, errstr); debug_return_bool(false); } def->sd_un.uival = u; } if (def->callback) debug_return_bool(def->callback(val)); debug_return_bool(true); } static bool store_float(char *val, struct sudo_defs_types *def, int op) { char *endp; double d; debug_decl(store_float, SUDO_DEBUG_DEFAULTS) if (op == false) { def->sd_un.fval = 0.0; } else { d = strtod(val, &endp); if (*endp != '\0') debug_return_bool(false); /* XXX - should check against HUGE_VAL */ def->sd_un.fval = d; } if (def->callback) debug_return_bool(def->callback(val)); debug_return_bool(true); } static bool store_tuple(char *val, struct sudo_defs_types *def, int op) { struct def_values *v; debug_decl(store_tuple, SUDO_DEBUG_DEFAULTS) /* * Look up tuple value by name to find enum def_tuple value. * For negation to work the first element of enum def_tuple * must be equivalent to boolean false. */ if (!val) { def->sd_un.ival = (op == false) ? 0 : 1; } else { for (v = def->values; v->sval != NULL; v++) { if (strcmp(v->sval, val) == 0) { def->sd_un.tuple = v->nval; break; } } if (v->sval == NULL) debug_return_bool(false); } if (def->callback) debug_return_bool(def->callback(val)); debug_return_bool(true); } static bool store_str(char *val, struct sudo_defs_types *def, int op) { debug_decl(store_str, SUDO_DEBUG_DEFAULTS) efree(def->sd_un.str); if (op == false) def->sd_un.str = NULL; else def->sd_un.str = estrdup(val); if (def->callback) debug_return_bool(def->callback(val)); debug_return_bool(true); } static bool store_list(char *str, struct sudo_defs_types *def, int op) { char *start, *end; debug_decl(store_list, SUDO_DEBUG_DEFAULTS) /* Remove all old members. */ if (op == false || op == true) list_op(NULL, 0, def, freeall); /* Split str into multiple space-separated words and act on each one. */ if (op != false) { end = str; do { /* Remove leading blanks, if nothing but blanks we are done. */ for (start = end; isblank((unsigned char)*start); start++) ; if (*start == '\0') break; /* Find end position and perform operation. */ for (end = start; *end && !isblank((unsigned char)*end); end++) ; list_op(start, end - start, def, op == '-' ? delete : add); } while (*end++ != '\0'); } debug_return_bool(true); } static bool store_syslogfac(char *val, struct sudo_defs_types *def, int op) { struct strmap *fac; debug_decl(store_syslogfac, SUDO_DEBUG_DEFAULTS) if (op == false) { def->sd_un.ival = false; debug_return_bool(true); } #ifdef LOG_NFACILITIES if (!val) debug_return_bool(false); for (fac = facilities; fac->name && strcmp(val, fac->name); fac++) ; if (fac->name == NULL) debug_return_bool(false); /* not found */ def->sd_un.ival = fac->num; #else def->sd_un.ival = -1; #endif /* LOG_NFACILITIES */ debug_return_bool(true); } static const char * logfac2str(int n) { #ifdef LOG_NFACILITIES struct strmap *fac; debug_decl(logfac2str, SUDO_DEBUG_DEFAULTS) for (fac = facilities; fac->name && fac->num != n; fac++) ; debug_return_const_str(fac->name); #else return "default"; #endif /* LOG_NFACILITIES */ } static bool store_syslogpri(char *val, struct sudo_defs_types *def, int op) { struct strmap *pri; debug_decl(store_syslogpri, SUDO_DEBUG_DEFAULTS) if (op == false || !val) debug_return_bool(false); for (pri = priorities; pri->name && strcmp(val, pri->name); pri++) ; if (pri->name == NULL) debug_return_bool(false); /* not found */ def->sd_un.ival = pri->num; debug_return_bool(true); } static const char * logpri2str(int n) { struct strmap *pri; debug_decl(logpri2str, SUDO_DEBUG_DEFAULTS) for (pri = priorities; pri->name && pri->num != n; pri++) ; debug_return_const_str(pri->name); } static bool store_mode(char *val, struct sudo_defs_types *def, int op) { mode_t mode; const char *errstr; debug_decl(store_mode, SUDO_DEBUG_DEFAULTS) if (op == false) { def->sd_un.mode = 0777; } else { mode = atomode(val, &errstr); if (errstr != NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "%s is %s", val, errstr); debug_return_bool(false); } def->sd_un.mode = mode; } if (def->callback) debug_return_bool(def->callback(val)); debug_return_bool(true); } static void list_op(char *val, size_t len, struct sudo_defs_types *def, enum list_ops op) { struct list_member *cur, *prev = NULL; debug_decl(list_op, SUDO_DEBUG_DEFAULTS) if (op == freeall) { while ((cur = SLIST_FIRST(&def->sd_un.list)) != NULL) { SLIST_REMOVE_HEAD(&def->sd_un.list, entries); efree(cur->value); efree(cur); } debug_return; } SLIST_FOREACH(cur, &def->sd_un.list, entries) { if ((strncmp(cur->value, val, len) == 0 && cur->value[len] == '\0')) { if (op == add) debug_return; /* already exists */ /* Delete node */ if (prev == NULL) SLIST_REMOVE_HEAD(&def->sd_un.list, entries); else SLIST_REMOVE_AFTER(prev, entries); efree(cur->value); efree(cur); break; } prev = cur; } /* Add new node to the head of the list. */ if (op == add) { cur = ecalloc(1, sizeof(struct list_member)); cur->value = estrndup(val, len); SLIST_INSERT_HEAD(&def->sd_un.list, cur, entries); } debug_return; } sudo-1.8.9p5/plugins/sudoers/defaults.h010064400175440000012000000057201226304126500174760ustar00millertstaff/* * Copyright (c) 1999-2005, 2008-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #ifndef _SUDOERS_DEFAULTS_H #define _SUDOERS_DEFAULTS_H #include struct list_member { SLIST_ENTRY(list_member) entries; char *value; }; SLIST_HEAD(list_members, list_member); enum list_ops { add, delete, freeall }; /* Mapping of tuple string value to enum def_tuple. */ struct def_values { char *sval; /* string value */ enum def_tuple nval;/* numeric value */ }; /* * Structure describing compile-time and run-time options. */ struct sudo_defs_types { char *name; int type; char *desc; struct def_values *values; int (*callback)(const char *); union { int flag; int ival; unsigned int uival; double fval; enum def_tuple tuple; char *str; mode_t mode; struct list_members list; } sd_un; }; /* * Four types of defaults: strings, integers, and flags. * Also, T_INT, T_FLOAT or T_STR may be ANDed with T_BOOL to indicate that * a value is not required. Flags are boolean by nature... */ #undef T_INT #define T_INT 0x001 #undef T_UINT #define T_UINT 0x002 #undef T_STR #define T_STR 0x003 #undef T_FLAG #define T_FLAG 0x004 #undef T_MODE #define T_MODE 0x005 #undef T_LIST #define T_LIST 0x006 #undef T_LOGFAC #define T_LOGFAC 0x007 #undef T_LOGPRI #define T_LOGPRI 0x008 #undef T_TUPLE #define T_TUPLE 0x009 #undef T_FLOAT #define T_FLOAT 0x010 #undef T_MASK #define T_MASK 0x0FF #undef T_BOOL #define T_BOOL 0x100 #undef T_PATH #define T_PATH 0x200 /* * Argument to update_defaults() and check_defaults() */ #define SETDEF_GENERIC 0x01 #define SETDEF_HOST 0x02 #define SETDEF_USER 0x04 #define SETDEF_RUNAS 0x08 #define SETDEF_CMND 0x10 #define SETDEF_ALL (SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER|SETDEF_RUNAS|SETDEF_CMND) /* * Prototypes */ void dump_default(void); void init_defaults(void); bool set_default(char *var, char *val, int op); bool update_defaults(int what); bool check_defaults(int what, bool quiet); extern struct sudo_defs_types sudo_defs_table[]; #endif /* _SUDOERS_DEFAULTS_H */ sudo-1.8.9p5/plugins/sudoers/env.c010064400175440000012000000731641226304127700164640ustar00millertstaff/* * Copyright (c) 2000-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_LOGIN_CAP_H # include # ifndef LOGIN_SETENV # define LOGIN_SETENV 0 # endif #endif /* HAVE_LOGIN_CAP_H */ #include #include #include #include #include "sudoers.h" /* * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t * could be signed (as it is on SunOS 4.x). This just means that * emalloc2() and erealloc3() cannot allocate huge amounts on such a * platform but that is OK since sudo doesn't need to do so anyway. */ #ifndef SIZE_MAX # ifdef SIZE_T_MAX # define SIZE_MAX SIZE_T_MAX # else # define SIZE_MAX INT_MAX # endif /* SIZE_T_MAX */ #endif /* SIZE_MAX */ /* * Flags used in rebuild_env() */ #undef DID_TERM #define DID_TERM 0x0001 #undef DID_PATH #define DID_PATH 0x0002 #undef DID_HOME #define DID_HOME 0x0004 #undef DID_SHELL #define DID_SHELL 0x0008 #undef DID_LOGNAME #define DID_LOGNAME 0x0010 #undef DID_USER #define DID_USER 0x0020 #undef DID_USERNAME #define DID_USERNAME 0x0040 #undef DID_MAIL #define DID_MAIL 0x0080 #undef DID_MAX #define DID_MAX 0x00ff #undef KEPT_TERM #define KEPT_TERM 0x0100 #undef KEPT_PATH #define KEPT_PATH 0x0200 #undef KEPT_HOME #define KEPT_HOME 0x0400 #undef KEPT_SHELL #define KEPT_SHELL 0x0800 #undef KEPT_LOGNAME #define KEPT_LOGNAME 0x1000 #undef KEPT_USER #define KEPT_USER 0x2000 #undef KEPT_USERNAME #define KEPT_USERNAME 0x4000 #undef KEPT_MAIL #define KEPT_MAIL 0x8000 #undef KEPT_MAX #define KEPT_MAX 0xff00 struct environment { char * const *old_envp; /* pointer the environment we passed back */ char **envp; /* pointer to the new environment */ size_t env_size; /* size of new_environ in char **'s */ size_t env_len; /* number of slots used, not counting NULL */ }; /* * Copy of the sudo-managed environment. */ static struct environment env; /* * Default table of "bad" variables to remove from the environment. * XXX - how to omit TERMCAP if it starts with '/'? */ static const char *initial_badenv_table[] = { "IFS", "CDPATH", "LOCALDOMAIN", "RES_OPTIONS", "HOSTALIASES", "NLSPATH", "PATH_LOCALE", "LD_*", "_RLD*", #ifdef __hpux "SHLIB_PATH", #endif /* __hpux */ #ifdef _AIX "LDR_*", "LIBPATH", "AUTHSTATE", #endif #ifdef __APPLE__ "DYLD_*", #endif #ifdef HAVE_KERB5 "KRB5_CONFIG*", "KRB5_KTNAME", #endif /* HAVE_KERB5 */ #ifdef HAVE_SECURID "VAR_ACE", "USR_ACE", "DLC_ACE", #endif /* HAVE_SECURID */ "TERMINFO", /* terminfo, exclusive path to terminfo files */ "TERMINFO_DIRS", /* terminfo, path(s) to terminfo files */ "TERMPATH", /* termcap, path(s) to termcap files */ "TERMCAP", /* XXX - only if it starts with '/' */ "ENV", /* ksh, file to source before script runs */ "BASH_ENV", /* bash, file to source before script runs */ "PS4", /* bash, prefix for lines in xtrace mode */ "GLOBIGNORE", /* bash, globbing patterns to ignore */ "SHELLOPTS", /* bash, extra command line options */ "JAVA_TOOL_OPTIONS", /* java, extra command line options */ "PERLIO_DEBUG ", /* perl, debugging output file */ "PERLLIB", /* perl, search path for modules/includes */ "PERL5LIB", /* perl 5, search path for modules/includes */ "PERL5OPT", /* perl 5, extra command line options */ "PERL5DB", /* perl 5, command used to load debugger */ "FPATH", /* ksh, search path for functions */ "NULLCMD", /* zsh, command for null file redirection */ "READNULLCMD", /* zsh, command for null file redirection */ "ZDOTDIR", /* zsh, search path for dot files */ "TMPPREFIX", /* zsh, prefix for temporary files */ "PYTHONHOME", /* python, module search path */ "PYTHONPATH", /* python, search path */ "PYTHONINSPECT", /* python, allow inspection */ "PYTHONUSERBASE", /* python, per user site-packages directory */ "RUBYLIB", /* ruby, library load path */ "RUBYOPT", /* ruby, extra command line options */ NULL }; /* * Default table of variables to check for '%' and '/' characters. */ static const char *initial_checkenv_table[] = { "COLORTERM", "LANG", "LANGUAGE", "LC_*", "LINGUAS", "TERM", NULL }; /* * Default table of variables to preserve in the environment. */ static const char *initial_keepenv_table[] = { "COLORS", "DISPLAY", "HOSTNAME", "KRB5CCNAME", "LS_COLORS", "PATH", "PS1", "PS2", "TZ", "XAUTHORITY", "XAUTHORIZATION", NULL }; /* * Initialize env based on envp. */ void env_init(char * const envp[]) { char * const *ep; size_t len; debug_decl(env_init, SUDO_DEBUG_ENV) if (envp == NULL) { /* Reset to initial state but keep a pointer to what we allocated. */ envp = env.envp; memset(&env, 0, sizeof(env)); env.old_envp = envp; } else { /* Make private copy of envp. */ for (ep = envp; *ep != NULL; ep++) continue; len = (size_t)(ep - envp); env.env_len = len; env.env_size = len + 1 + 128; env.envp = emalloc2(env.env_size, sizeof(char *)); #ifdef ENV_DEBUG memset(env.envp, 0, env.env_size * sizeof(char *)); #endif memcpy(env.envp, envp, len * sizeof(char *)); env.envp[len] = NULL; /* Free the old envp we allocated, if any. */ if (env.old_envp != NULL) efree((void *)env.old_envp); } debug_return; } /* * Getter for private copy of the environment. */ char ** env_get(void) { return env.envp; } /* * Similar to putenv(3) but operates on sudo's private copy of the * environment (not environ) and it always overwrites. The dupcheck param * determines whether we need to verify that the variable is not already set. * Will only overwrite an existing variable if overwrite is set. * Does not include warnings or debugging to avoid recursive calls. */ static int sudo_putenv_nodebug(char *str, bool dupcheck, bool overwrite) { char **ep; size_t len; bool found = false; /* Make sure there is room for the new entry plus a NULL. */ if (env.env_size > 2 && env.env_len > env.env_size - 2) { char **nenvp; size_t nsize; if (env.env_size > SIZE_MAX - 128) { fatalx_nodebug(U_("internal error, %s overflow"), "sudo_putenv_nodebug()"); } nsize = env.env_size + 128; if (nsize > SIZE_MAX / sizeof(char *)) { fatalx_nodebug(U_("internal error, %s overflow"), "sudo_putenv_nodebug()"); } nenvp = realloc(env.envp, nsize * sizeof(char *)); if (nenvp == NULL) { errno = ENOMEM; return -1; } env.envp = nenvp; env.env_size = nsize; #ifdef ENV_DEBUG memset(env.envp + env.env_len, 0, (env.env_size - env.env_len) * sizeof(char *)); #endif } #ifdef ENV_DEBUG if (env.envp[env.env_len] != NULL) { errno = EINVAL; return -1; } #endif if (dupcheck) { len = (strchr(str, '=') - str) + 1; for (ep = env.envp; *ep != NULL; ep++) { if (strncmp(str, *ep, len) == 0) { if (overwrite) *ep = str; found = true; break; } } /* Prune out extra instances of the variable we just overwrote. */ if (found && overwrite) { while (*++ep != NULL) { if (strncmp(str, *ep, len) == 0) { char **cur = ep; while ((*cur = *(cur + 1)) != NULL) cur++; ep--; } } env.env_len = ep - env.envp; } } if (!found) { ep = env.envp + env.env_len; env.env_len++; *ep++ = str; *ep = NULL; } return 0; } /* * Similar to putenv(3) but operates on sudo's private copy of the * environment (not environ) and it always overwrites. The dupcheck param * determines whether we need to verify that the variable is not already set. * Will only overwrite an existing variable if overwrite is set. */ static int sudo_putenv(char *str, bool dupcheck, bool overwrite) { int rval; debug_decl(sudo_putenv, SUDO_DEBUG_ENV) sudo_debug_printf(SUDO_DEBUG_INFO, "sudo_putenv: %s", str); rval = sudo_putenv_nodebug(str, dupcheck, overwrite); if (rval == -1) { #ifdef ENV_DEBUG if (env.envp[env.env_len] != NULL) fatalx(U_("sudo_putenv: corrupted envp, length mismatch")); #endif fatal(NULL); } debug_return_int(rval); } /* * Similar to setenv(3) but operates on a private copy of the environment. * The dupcheck param determines whether we need to verify that the variable * is not already set. */ static int sudo_setenv2(const char *var, const char *val, bool dupcheck, bool overwrite) { char *estring; size_t esize; int rval; debug_decl(sudo_setenv2, SUDO_DEBUG_ENV) esize = strlen(var) + 1 + strlen(val) + 1; estring = emalloc(esize); /* Build environment string and insert it. */ if (strlcpy(estring, var, esize) >= esize || strlcat(estring, "=", esize) >= esize || strlcat(estring, val, esize) >= esize) { fatalx(U_("internal error, %s overflow"), "sudo_setenv2()"); } rval = sudo_putenv(estring, dupcheck, overwrite); if (rval == -1) efree(estring); debug_return_int(rval); } /* * Similar to setenv(3) but operates on a private copy of the environment. */ int sudo_setenv(const char *var, const char *val, int overwrite) { return sudo_setenv2(var, val, true, (bool)overwrite); } /* * Similar to setenv(3) but operates on a private copy of the environment. * Does not include warnings or debugging to avoid recursive calls. */ static int sudo_setenv_nodebug(const char *var, const char *val, int overwrite) { char *ep, *estring = NULL; const char *cp; size_t esize; int rval = -1; if (var == NULL || *var == '\0') { errno = EINVAL; goto done; } /* * POSIX says a var name with '=' is an error but BSD * just ignores the '=' and anything after it. */ for (cp = var; *cp && *cp != '='; cp++) ; esize = (size_t)(cp - var) + 2; if (val) { esize += strlen(val); /* glibc treats a NULL val as "" */ } /* Allocate and fill in estring. */ if ((estring = ep = malloc(esize)) == NULL) { errno = ENOMEM; goto done; } for (cp = var; *cp && *cp != '='; cp++) *ep++ = *cp; *ep++ = '='; if (val) { for (cp = val; *cp; cp++) *ep++ = *cp; } *ep = '\0'; rval = sudo_putenv_nodebug(estring, true, overwrite); done: if (rval == -1) free(estring); return rval; } /* * Similar to unsetenv(3) but operates on a private copy of the environment. * Does not include warnings or debugging to avoid recursive calls. */ static int sudo_unsetenv_nodebug(const char *var) { char **ep = env.envp; size_t len; if (ep == NULL || var == NULL || *var == '\0' || strchr(var, '=') != NULL) { errno = EINVAL; return -1; } len = strlen(var); while (*ep != NULL) { if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') { /* Found it; shift remainder + NULL over by one. */ char **cur = ep; while ((*cur = *(cur + 1)) != NULL) cur++; /* Keep going, could be multiple instances of the var. */ } else { ep++; } } return 0; } /* * Similar to unsetenv(3) but operates on a private copy of the environment. */ int sudo_unsetenv(const char *name) { int rval; debug_decl(sudo_unsetenv, SUDO_DEBUG_ENV) sudo_debug_printf(SUDO_DEBUG_INFO, "sudo_unsetenv: %s", name); rval = sudo_unsetenv_nodebug(name); debug_return_int(rval); } /* * Similar to getenv(3) but operates on a private copy of the environment. * Does not include warnings or debugging to avoid recursive calls. */ static char * sudo_getenv_nodebug(const char *name) { char **ep, *val = NULL; size_t namelen = 0; if (env.env_len != 0) { /* For BSD compatibility, treat '=' in name like end of string. */ while (name[namelen] != '\0' && name[namelen] != '=') namelen++; for (ep = env.envp; *ep != NULL; ep++) { if (strncmp(*ep, name, namelen) == 0 && (*ep)[namelen] == '=') { val = *ep + namelen + 1; break; } } } return val; } /* * Similar to getenv(3) but operates on a private copy of the environment. */ char * sudo_getenv(const char *name) { char *val; debug_decl(sudo_getenv, SUDO_DEBUG_ENV) sudo_debug_printf(SUDO_DEBUG_INFO, "sudo_getenv: %s", name); val = sudo_getenv_nodebug(name); debug_return_str(val); } /* * Check the env_delete blacklist. * Returns true if the variable was found, else false. */ static bool matches_env_delete(const char *var) { struct list_member *cur; size_t len; bool iswild; bool match = false; debug_decl(matches_env_delete, SUDO_DEBUG_ENV) /* Skip anything listed in env_delete. */ SLIST_FOREACH(cur, &def_env_delete, entries) { len = strlen(cur->value); /* Deal with '*' wildcard */ if (cur->value[len - 1] == '*') { len--; iswild = true; } else iswild = false; if (strncmp(cur->value, var, len) == 0 && (iswild || var[len] == '=')) { match = true; break; } } debug_return_bool(match); } /* * Apply the env_check list. * Returns true if the variable is allowed, false if denied * or -1 if no match. */ static int matches_env_check(const char *var) { struct list_member *cur; size_t len; bool iswild; int keepit = -1; debug_decl(matches_env_check, SUDO_DEBUG_ENV) SLIST_FOREACH(cur, &def_env_check, entries) { len = strlen(cur->value); /* Deal with '*' wildcard */ if (cur->value[len - 1] == '*') { len--; iswild = true; } else iswild = false; if (strncmp(cur->value, var, len) == 0 && (iswild || var[len] == '=')) { keepit = !strpbrk(var, "/%"); break; } } debug_return_bool(keepit); } /* * Check the env_keep list. * Returns true if the variable is allowed else false. */ static bool matches_env_keep(const char *var) { struct list_member *cur; size_t len; bool iswild, keepit = false; debug_decl(matches_env_keep, SUDO_DEBUG_ENV) /* Preserve SHELL variable for "sudo -s". */ if (ISSET(sudo_mode, MODE_SHELL) && strncmp(var, "SHELL=", 6) == 0) { keepit = true; goto done; } SLIST_FOREACH(cur, &def_env_keep, entries) { len = strlen(cur->value); /* Deal with '*' wildcard */ if (cur->value[len - 1] == '*') { len--; iswild = true; } else iswild = false; if (strncmp(cur->value, var, len) == 0 && (iswild || var[len] == '=')) { keepit = true; break; } } done: debug_return_bool(keepit); } /* * Look up var in the env_delete and env_check. * Returns true if we should delete the variable, else false. */ static bool env_should_delete(const char *var) { int delete_it; debug_decl(env_should_delete, SUDO_DEBUG_ENV); delete_it = matches_env_delete(var); if (!delete_it) delete_it = matches_env_check(var) == false; sudo_debug_printf(SUDO_DEBUG_INFO, "delete %s: %s", var, delete_it ? "YES" : "NO"); debug_return_bool(delete_it); } /* * Lookup var in the env_check and env_keep lists. * Returns true if the variable is allowed else false. */ static bool env_should_keep(const char *var) { int keepit; debug_decl(env_should_keep, SUDO_DEBUG_ENV) keepit = matches_env_check(var); if (keepit == -1) keepit = matches_env_keep(var); sudo_debug_printf(SUDO_DEBUG_INFO, "keep %s: %s", var, keepit ? "YES" : "NO"); debug_return_bool(keepit == true); } /* * Merge another environment with our private copy. * Only overwrite an existing variable if it is not * being preserved from the user's environment. */ void env_merge(char * const envp[]) { char * const *ep; debug_decl(env_merge, SUDO_DEBUG_ENV) for (ep = envp; *ep != NULL; ep++) sudo_putenv(*ep, true, !env_should_keep(*ep)); debug_return; } static void env_update_didvar(const char *ep, unsigned int *didvar) { switch (*ep) { case 'H': if (strncmp(ep, "HOME=", 5) == 0) SET(*didvar, DID_HOME); break; case 'L': if (strncmp(ep, "LOGNAME=", 8) == 0) SET(*didvar, DID_LOGNAME); break; case 'M': if (strncmp(ep, "MAIL=", 5) == 0) SET(*didvar, DID_MAIL); break; case 'P': if (strncmp(ep, "PATH=", 5) == 0) SET(*didvar, DID_PATH); break; case 'S': if (strncmp(ep, "SHELL=", 6) == 0) SET(*didvar, DID_SHELL); break; case 'T': if (strncmp(ep, "TERM=", 5) == 0) SET(*didvar, DID_TERM); break; case 'U': if (strncmp(ep, "USER=", 5) == 0) SET(*didvar, DID_USER); if (strncmp(ep, "USERNAME=", 5) == 0) SET(*didvar, DID_USERNAME); break; } } /* * Build a new environment and ether clear potentially dangerous * variables from the old one or start with a clean slate. * Also adds sudo-specific variables (SUDO_*). */ void rebuild_env(void) { char **old_envp, **ep, *cp, *ps1; char idbuf[MAX_UID_T_LEN + 1]; unsigned int didvar; bool reset_home = false; /* * Either clean out the environment or reset to a safe default. */ ps1 = NULL; didvar = 0; env.env_len = 0; env.env_size = 128; old_envp = env.envp; env.envp = emalloc2(env.env_size, sizeof(char *)); #ifdef ENV_DEBUG memset(env.envp, 0, env.env_size * sizeof(char *)); #else env.envp[0] = NULL; #endif /* Reset HOME based on target user if configured to. */ if (ISSET(sudo_mode, MODE_RUN)) { if (def_always_set_home || ISSET(sudo_mode, MODE_RESET_HOME | MODE_LOGIN_SHELL) || (ISSET(sudo_mode, MODE_SHELL) && def_set_home)) reset_home = true; } if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) { /* * If starting with a fresh environment, initialize it based on * /etc/environment or login.conf. For "sudo -i" we want those * variables to override the invoking user's environment, so we * defer reading them until later. */ if (!ISSET(sudo_mode, MODE_LOGIN_SHELL)) { #ifdef HAVE_LOGIN_CAP_H /* Insert login class environment variables. */ if (login_class) { login_cap_t *lc = login_getclass(login_class); if (lc != NULL) { setusercontext(lc, runas_pw, runas_pw->pw_uid, LOGIN_SETPATH|LOGIN_SETENV); login_close(lc); } } #endif /* HAVE_LOGIN_CAP_H */ #if defined(_AIX) || (defined(__linux__) && !defined(HAVE_PAM)) /* Insert system-wide environment variables. */ read_env_file(_PATH_ENVIRONMENT, true); #endif for (ep = env.envp; *ep; ep++) env_update_didvar(*ep, &didvar); } /* Pull in vars we want to keep from the old environment. */ for (ep = old_envp; *ep; ep++) { bool keepit; /* Skip variables with values beginning with () (bash functions) */ if ((cp = strchr(*ep, '=')) != NULL) { if (strncmp(cp, "=() ", 3) == 0) continue; } /* * Look up the variable in the env_check and env_keep lists. */ keepit = env_should_keep(*ep); /* * Do SUDO_PS1 -> PS1 conversion. * This must happen *after* env_should_keep() is called. */ if (strncmp(*ep, "SUDO_PS1=", 8) == 0) ps1 = *ep + 5; if (keepit) { /* Preserve variable. */ sudo_putenv(*ep, false, false); env_update_didvar(*ep, &didvar); } } didvar |= didvar << 8; /* convert DID_* to KEPT_* */ /* * Add in defaults. In -i mode these come from the runas user, * otherwise they may be from the user's environment (depends * on sudoers options). */ if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) { sudo_setenv2("SHELL", runas_pw->pw_shell, ISSET(didvar, DID_SHELL), true); sudo_setenv2("LOGNAME", runas_pw->pw_name, ISSET(didvar, DID_LOGNAME), true); sudo_setenv2("USER", runas_pw->pw_name, ISSET(didvar, DID_USER), true); sudo_setenv2("USERNAME", runas_pw->pw_name, ISSET(didvar, DID_USERNAME), true); } else { if (!ISSET(didvar, DID_SHELL)) sudo_setenv2("SHELL", sudo_user.pw->pw_shell, false, true); /* We will set LOGNAME later in the !def_set_logname case. */ if (!def_set_logname) { if (!ISSET(didvar, DID_LOGNAME)) sudo_setenv2("LOGNAME", user_name, false, true); if (!ISSET(didvar, DID_USER)) sudo_setenv2("USER", user_name, false, true); if (!ISSET(didvar, DID_USERNAME)) sudo_setenv2("USERNAME", user_name, false, true); } } /* If we didn't keep HOME, reset it based on target user. */ if (!ISSET(didvar, KEPT_HOME)) reset_home = true; /* * Set MAIL to target user in -i mode or if MAIL is not preserved * from user's environment. */ if (ISSET(sudo_mode, MODE_LOGIN_SHELL) || !ISSET(didvar, KEPT_MAIL)) { cp = _PATH_MAILDIR; if (cp[sizeof(_PATH_MAILDIR) - 2] == '/') easprintf(&cp, "MAIL=%s%s", _PATH_MAILDIR, runas_pw->pw_name); else easprintf(&cp, "MAIL=%s/%s", _PATH_MAILDIR, runas_pw->pw_name); sudo_putenv(cp, ISSET(didvar, DID_MAIL), true); } } else { /* * Copy environ entries as long as they don't match env_delete or * env_check. */ for (ep = old_envp; *ep; ep++) { /* Skip variables with values beginning with () (bash functions) */ if ((cp = strchr(*ep, '=')) != NULL) { if (strncmp(cp, "=() ", 3) == 0) continue; } /* Add variable unless it matches a black list. */ if (!env_should_delete(*ep)) { if (strncmp(*ep, "SUDO_PS1=", 9) == 0) ps1 = *ep + 5; else if (strncmp(*ep, "PATH=", 5) == 0) SET(didvar, DID_PATH); else if (strncmp(*ep, "TERM=", 5) == 0) SET(didvar, DID_TERM); sudo_putenv(*ep, false, false); } } } /* Replace the PATH envariable with a secure one? */ if (def_secure_path && !user_is_exempt()) { sudo_setenv2("PATH", def_secure_path, true, true); SET(didvar, DID_PATH); } /* * Set $USER, $LOGNAME and $USERNAME to target if "set_logname" is not * disabled. We skip this if we are running a login shell (because * they have already been set) or sudoedit (because we want the editor * to find the invoking user's startup files). */ if (def_set_logname && !ISSET(sudo_mode, MODE_LOGIN_SHELL|MODE_EDIT)) { if (!ISSET(didvar, KEPT_LOGNAME)) sudo_setenv2("LOGNAME", runas_pw->pw_name, true, true); if (!ISSET(didvar, KEPT_USER)) sudo_setenv2("USER", runas_pw->pw_name, true, true); if (!ISSET(didvar, KEPT_USERNAME)) sudo_setenv2("USERNAME", runas_pw->pw_name, true, true); } /* Set $HOME to target user if not preserving user's value. */ if (reset_home) sudo_setenv2("HOME", runas_pw->pw_dir, true, true); /* Provide default values for $TERM and $PATH if they are not set. */ if (!ISSET(didvar, DID_TERM)) sudo_putenv("TERM=unknown", false, false); if (!ISSET(didvar, DID_PATH)) sudo_setenv2("PATH", _PATH_STDPATH, false, true); /* Set PS1 if SUDO_PS1 is set. */ if (ps1 != NULL) sudo_putenv(ps1, true, true); /* Add the SUDO_COMMAND envariable (cmnd + args). */ if (user_args) { easprintf(&cp, "%s %s", user_cmnd, user_args); sudo_setenv2("SUDO_COMMAND", cp, true, true); efree(cp); } else { sudo_setenv2("SUDO_COMMAND", user_cmnd, true, true); } /* Add the SUDO_USER, SUDO_UID, SUDO_GID environment variables. */ sudo_setenv2("SUDO_USER", user_name, true, true); snprintf(idbuf, sizeof(idbuf), "%u", (unsigned int) user_uid); sudo_setenv2("SUDO_UID", idbuf, true, true); snprintf(idbuf, sizeof(idbuf), "%u", (unsigned int) user_gid); sudo_setenv2("SUDO_GID", idbuf, true, true); /* Free old environment. */ efree(old_envp); } void insert_env_vars(char * const envp[]) { char * const *ep; if (envp == NULL) return; /* Add user-specified environment variables. */ for (ep = envp; *ep != NULL; ep++) sudo_putenv(*ep, true, true); } /* * Validate the list of environment variables passed in on the command * line against env_delete, env_check, and env_keep. * Calls log_fatal() if any specified variables are not allowed. */ void validate_env_vars(char * const env_vars[]) { char * const *ep; char *eq, *bad = NULL; size_t len, blen = 0, bsize = 0; bool okvar; if (env_vars == NULL) return; /* Add user-specified environment variables. */ for (ep = env_vars; *ep != NULL; ep++) { if (def_secure_path && !user_is_exempt() && strncmp(*ep, "PATH=", 5) == 0) { okvar = false; } else if (def_env_reset) { okvar = env_should_keep(*ep); } else { okvar = !env_should_delete(*ep); } if (okvar == false) { /* Not allowed, add to error string, allocating as needed. */ if ((eq = strchr(*ep, '=')) != NULL) *eq = '\0'; len = strlen(*ep) + 2; if (blen + len >= bsize) { do { bsize += 1024; } while (blen + len >= bsize); bad = erealloc(bad, bsize); bad[blen] = '\0'; } strlcat(bad, *ep, bsize); strlcat(bad, ", ", bsize); blen += len; if (eq != NULL) *eq = '='; } } if (bad != NULL) { bad[blen - 2] = '\0'; /* remove trailing ", " */ log_fatal(NO_MAIL, N_("sorry, you are not allowed to set the following environment variables: %s"), bad); /* NOTREACHED */ efree(bad); } } /* * Read in /etc/environment ala AIX and Linux. * Lines may be in either of three formats: * NAME=VALUE * NAME="VALUE" * NAME='VALUE' * with an optional "export" prefix so the shell can source the file. * Invalid lines, blank lines, or lines consisting solely of a comment * character are skipped. */ void read_env_file(const char *path, int overwrite) { FILE *fp; char *cp, *var, *val, *line = NULL; size_t var_len, val_len, linesize = 0; if ((fp = fopen(path, "r")) == NULL) return; while (sudo_parseln(&line, &linesize, NULL, fp) != -1) { /* Skip blank or comment lines */ if (*(var = line) == '\0') continue; /* Skip optional "export " */ if (strncmp(var, "export", 6) == 0 && isspace((unsigned char) var[6])) { var += 7; while (isspace((unsigned char) *var)) { var++; } } /* Must be of the form name=["']value['"] */ for (val = var; *val != '\0' && *val != '='; val++) ; if (var == val || *val != '=') continue; var_len = (size_t)(val - var); val_len = strlen(++val); /* Strip leading and trailing single/double quotes */ if ((val[0] == '\'' || val[0] == '\"') && val[0] == val[val_len - 1]) { val[val_len - 1] = '\0'; val++; val_len -= 2; } cp = emalloc(var_len + 1 + val_len + 1); memcpy(cp, var, var_len + 1); /* includes '=' */ memcpy(cp + var_len + 1, val, val_len + 1); /* includes NUL */ sudo_putenv(cp, true, overwrite); } free(line); fclose(fp); } void init_envtables(void) { struct list_member *cur; const char **p; /* Fill in the "env_delete" list. */ for (p = initial_badenv_table; *p; p++) { cur = ecalloc(1, sizeof(struct list_member)); cur->value = estrdup(*p); SLIST_INSERT_HEAD(&def_env_delete, cur, entries); } /* Fill in the "env_check" list. */ for (p = initial_checkenv_table; *p; p++) { cur = ecalloc(1, sizeof(struct list_member)); cur->value = estrdup(*p); SLIST_INSERT_HEAD(&def_env_check, cur, entries); } /* Fill in the "env_keep" list. */ for (p = initial_keepenv_table; *p; p++) { cur = ecalloc(1, sizeof(struct list_member)); cur->value = estrdup(*p); SLIST_INSERT_HEAD(&def_env_keep, cur, entries); } } int sudoers_hook_getenv(const char *name, char **value, void *closure) { static bool in_progress = false; /* avoid recursion */ if (in_progress || env.envp == NULL) return SUDO_HOOK_RET_NEXT; in_progress = true; /* Hack to make GNU gettext() find the sudoers locale when needed. */ if (*name == 'L' && sudoers_getlocale() == SUDOERS_LOCALE_SUDOERS) { if (strcmp(name, "LANGUAGE") == 0 || strcmp(name, "LANG") == 0) { *value = NULL; goto done; } if (strcmp(name, "LC_ALL") == 0 || strcmp(name, "LC_MESSAGES") == 0) { *value = def_sudoers_locale; goto done; } } *value = sudo_getenv_nodebug(name); done: in_progress = false; return SUDO_HOOK_RET_STOP; } int sudoers_hook_putenv(char *string, void *closure) { static bool in_progress = false; /* avoid recursion */ if (in_progress || env.envp == NULL) return SUDO_HOOK_RET_NEXT; in_progress = true; sudo_putenv_nodebug(string, true, true); in_progress = false; return SUDO_HOOK_RET_STOP; } int sudoers_hook_setenv(const char *name, const char *value, int overwrite, void *closure) { static bool in_progress = false; /* avoid recursion */ if (in_progress || env.envp == NULL) return SUDO_HOOK_RET_NEXT; in_progress = true; sudo_setenv_nodebug(name, value, overwrite); in_progress = false; return SUDO_HOOK_RET_STOP; } int sudoers_hook_unsetenv(const char *name, void *closure) { static bool in_progress = false; /* avoid recursion */ if (in_progress || env.envp == NULL) return SUDO_HOOK_RET_NEXT; in_progress = true; sudo_unsetenv_nodebug(name); in_progress = false; return SUDO_HOOK_RET_STOP; } sudo-1.8.9p5/plugins/sudoers/find_path.c010064400175440000012000000074761226304126500176300ustar00millertstaff/* * Copyright (c) 1996, 1998-2005, 2010-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include "sudoers.h" /* * This function finds the full pathname for a command and * stores it in a statically allocated array, filling in a pointer * to the array. Returns FOUND if the command was found, NOT_FOUND * if it was not found, or NOT_FOUND_DOT if it would have been found * but it is in '.' and IGNORE_DOT is set. */ int find_path(char *infile, char **outfile, struct stat *sbp, char *path, int ignore_dot) { static char command[PATH_MAX]; /* qualified filename */ char *n; /* for traversing path */ char *origpath; /* so we can free path later */ bool found = false; /* did we find the command? */ bool checkdot = false; /* check current dir? */ int len; /* length parameter */ debug_decl(find_path, SUDO_DEBUG_UTIL) if (strlen(infile) >= PATH_MAX) { errno = ENAMETOOLONG; fatal("%s", infile); } /* * If we were given a fully qualified or relative path * there is no need to look at $PATH. */ if (strchr(infile, '/')) { strlcpy(command, infile, sizeof(command)); /* paranoia */ if (sudo_goodpath(command, sbp)) { *outfile = command; debug_return_int(FOUND); } else debug_return_int(NOT_FOUND); } if (path == NULL) debug_return_int(NOT_FOUND); path = estrdup(path); origpath = path; do { if ((n = strchr(path, ':'))) *n = '\0'; /* * Search current dir last if it is in PATH This will miss sneaky * things like using './' or './/' */ if (*path == '\0' || (*path == '.' && *(path + 1) == '\0')) { checkdot = 1; path = n + 1; continue; } /* * Resolve the path and exit the loop if found. */ len = snprintf(command, sizeof(command), "%s/%s", path, infile); if (len <= 0 || (size_t)len >= sizeof(command)) { errno = ENAMETOOLONG; fatal("%s", infile); } if ((found = sudo_goodpath(command, sbp))) break; path = n + 1; } while (n); efree(origpath); /* * Check current dir if dot was in the PATH */ if (!found && checkdot) { len = snprintf(command, sizeof(command), "./%s", infile); if (len <= 0 || (size_t)len >= sizeof(command)) { errno = ENAMETOOLONG; fatal("%s", infile); } found = sudo_goodpath(command, sbp); if (found && ignore_dot) debug_return_int(NOT_FOUND_DOT); } if (found) { *outfile = command; debug_return_int(FOUND); } else debug_return_int(NOT_FOUND); } sudo-1.8.9p5/plugins/sudoers/getdate.c010064400175440000012000001207741226304126500173060ustar00millertstaff#include #include #include #define YYBYACC 1 #define YYMAJOR 1 #define YYMINOR 9 #define YYLEX yylex() #define YYEMPTY -1 #define yyclearin (yychar=(YYEMPTY)) #define yyerrok (yyerrflag=0) #define YYRECOVERING() (yyerrflag!=0) #define YYPREFIX "yy" #line 2 "getdate.y" /* ** Originally written by Steven M. Bellovin while ** at the University of North Carolina at Chapel Hill. Later tweaked by ** a couple of people on Usenet. Completely overhauled by Rich $alz ** and Jim Berets in August, 1990; ** ** This grammar has 10 shift/reduce conflicts. ** ** This code is in the public domain and has no copyright. */ /* SUPPRESS 287 on yaccpar_sccsid *//* Unused static variable */ /* SUPPRESS 288 on yyerrlab *//* Label unused */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef TIME_WITH_SYS_TIME # include #endif #include #include "missing.h" #define EPOCH 1970 #define HOUR(x) ((time_t)(x) * 60) #define SECSPERDAY (24L * 60L * 60L) /* ** An entry in the lexical lookup table. */ typedef struct _TABLE { char *name; int type; time_t value; } TABLE; /* ** Daylight-savings mode: on, off, or not yet known. */ typedef enum _DSTMODE { DSTon, DSToff, DSTmaybe } DSTMODE; /* ** Meridian: am, pm, or 24-hour style. */ typedef enum _MERIDIAN { MERam, MERpm, MER24 } MERIDIAN; /* ** Global variables. We could get rid of most of these by using a good ** union as the yacc stack. (This routine was originally written before ** yacc had the %union construct.) Maybe someday; right now we only use ** the %union very rarely. */ static char *yyInput; static DSTMODE yyDSTmode; static time_t yyDayOrdinal; static time_t yyDayNumber; static int yyHaveDate; static int yyHaveDay; static int yyHaveRel; static int yyHaveTime; static int yyHaveZone; static time_t yyTimezone; static time_t yyDay; static time_t yyHour; static time_t yyMinutes; static time_t yyMonth; static time_t yySeconds; static time_t yyYear; static MERIDIAN yyMeridian; static time_t yyRelMonth; static time_t yyRelSeconds; static int yyerror(const char *s); static int yylex(void); int yyparse(void); #line 107 "getdate.y" #ifndef YYSTYPE_DEFINED #define YYSTYPE_DEFINED typedef union { time_t Number; enum _MERIDIAN Meridian; } YYSTYPE; #endif /* YYSTYPE_DEFINED */ #line 125 "getdate.c" #define tAGO 257 #define tDAY 258 #define tDAYZONE 259 #define tID 260 #define tMERIDIAN 261 #define tMINUTE_UNIT 262 #define tMONTH 263 #define tMONTH_UNIT 264 #define tSEC_UNIT 265 #define tSNUMBER 266 #define tUNUMBER 267 #define tZONE 268 #define tDST 269 #define YYERRCODE 256 #if defined(__cplusplus) || defined(__STDC__) const short yylhs[] = #else short yylhs[] = #endif { -1, 0, 0, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 3, 4, 4, 4, 6, 6, 6, 5, 5, 5, 5, 5, 5, 5, 5, 7, 7, 9, 9, 9, 9, 9, 9, 9, 9, 9, 8, 1, 1, }; #if defined(__cplusplus) || defined(__STDC__) const short yylen[] = #else short yylen[] = #endif { 2, 0, 2, 1, 1, 1, 1, 1, 1, 2, 4, 4, 6, 6, 1, 1, 2, 1, 2, 2, 3, 5, 3, 3, 2, 4, 2, 3, 2, 1, 2, 2, 1, 2, 2, 1, 2, 2, 1, 1, 0, 1, }; #if defined(__cplusplus) || defined(__STDC__) const short yydefred[] = #else short yydefred[] = #endif { 1, 0, 0, 15, 32, 0, 38, 35, 0, 0, 0, 2, 3, 4, 5, 6, 7, 8, 0, 18, 0, 31, 36, 33, 19, 9, 30, 0, 37, 34, 0, 0, 0, 16, 28, 0, 23, 27, 22, 0, 0, 25, 41, 11, 0, 10, 0, 0, 21, 13, 12, }; #if defined(__cplusplus) || defined(__STDC__) const short yydgoto[] = #else short yydgoto[] = #endif { 1, 45, 11, 12, 13, 14, 15, 16, 17, 18, }; #if defined(__cplusplus) || defined(__STDC__) const short yysindex[] = #else short yysindex[] = #endif { 0, -249, -38, 0, 0, -260, 0, 0, -240, -47, -248, 0, 0, 0, 0, 0, 0, 0, -237, 0, -18, 0, 0, 0, 0, 0, 0, -262, 0, 0, -239, -238, -236, 0, 0, -235, 0, 0, 0, -56, -19, 0, 0, 0, -234, 0, -232, -258, 0, 0, 0,}; #if defined(__cplusplus) || defined(__STDC__) const short yyrindex[] = #else short yyrindex[] = #endif { 0, 0, 1, 0, 0, 0, 0, 0, 0, 69, 12, 0, 0, 0, 0, 0, 0, 0, 23, 0, 34, 0, 0, 0, 0, 0, 0, 67, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 56, 45, 0, 0, 0, 0, 0, 0, 56, 0, 0, 0,}; #if defined(__cplusplus) || defined(__STDC__) const short yygindex[] = #else short yygindex[] = #endif { 0, -17, 0, 0, 0, 0, 0, 0, 0, 0, }; #define YYTABLESIZE 337 #if defined(__cplusplus) || defined(__STDC__) const short yytable[] = #else short yytable[] = #endif { 32, 17, 44, 42, 36, 37, 19, 20, 49, 2, 3, 31, 14, 4, 5, 6, 7, 8, 9, 10, 34, 33, 21, 29, 22, 23, 35, 38, 46, 39, 50, 40, 41, 47, 24, 48, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 40, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 26, 0, 39, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 42, 0, 0, 0, 0, 43, 24, 0, 0, 25, 26, 27, 28, 29, 30, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 17, 17, 0, 0, 17, 17, 17, 17, 17, 17, 17, 14, 14, 0, 0, 14, 14, 14, 14, 14, 14, 14, 29, 29, 0, 0, 29, 29, 29, 29, 29, 29, 29, 24, 24, 0, 0, 24, 24, 24, 24, 24, 24, 24, 20, 20, 0, 0, 20, 20, 20, 20, 20, 20, 20, 40, 40, 0, 0, 40, 40, 40, 40, 0, 40, 40, 26, 26, 0, 39, 26, 26, 26, 26, 0, 0, 26, 39, 39, }; #if defined(__cplusplus) || defined(__STDC__) const short yycheck[] = #else short yycheck[] = #endif { 47, 0, 58, 261, 266, 267, 44, 267, 266, 258, 259, 58, 0, 262, 263, 264, 265, 266, 267, 268, 257, 269, 262, 0, 264, 265, 44, 266, 47, 267, 47, 267, 267, 267, 0, 267, -1, -1, -1, -1, -1, -1, -1, -1, -1, 0, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 0, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 0, -1, 0, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 261, -1, -1, -1, -1, 266, 258, -1, -1, 261, 262, 263, 264, 265, 266, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 258, 259, -1, -1, 262, 263, 264, 265, 266, 267, 268, 258, 259, -1, -1, 262, 263, 264, 265, 266, 267, 268, 258, 259, -1, -1, 262, 263, 264, 265, 266, 267, 268, 258, 259, -1, -1, 262, 263, 264, 265, 266, 267, 268, 258, 259, -1, -1, 262, 263, 264, 265, 266, 267, 268, 258, 259, -1, -1, 262, 263, 264, 265, -1, 267, 268, 258, 259, -1, 259, 262, 263, 264, 265, -1, -1, 268, 267, 268, }; #define YYFINAL 1 #ifndef YYDEBUG #define YYDEBUG 0 #endif #define YYMAXTOKEN 269 #if YYDEBUG #if defined(__cplusplus) || defined(__STDC__) const char * const yyname[] = #else char *yyname[] = #endif { "end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,"','",0,0,"'/'",0,0,0,0,0,0,0,0,0,0,"':'",0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"tAGO","tDAY", "tDAYZONE","tID","tMERIDIAN","tMINUTE_UNIT","tMONTH","tMONTH_UNIT","tSEC_UNIT", "tSNUMBER","tUNUMBER","tZONE","tDST", }; #if defined(__cplusplus) || defined(__STDC__) const char * const yyrule[] = #else char *yyrule[] = #endif {"$accept : spec", "spec :", "spec : spec item", "item : time", "item : zone", "item : date", "item : day", "item : rel", "item : number", "time : tUNUMBER tMERIDIAN", "time : tUNUMBER ':' tUNUMBER o_merid", "time : tUNUMBER ':' tUNUMBER tSNUMBER", "time : tUNUMBER ':' tUNUMBER ':' tUNUMBER o_merid", "time : tUNUMBER ':' tUNUMBER ':' tUNUMBER tSNUMBER", "zone : tZONE", "zone : tDAYZONE", "zone : tZONE tDST", "day : tDAY", "day : tDAY ','", "day : tUNUMBER tDAY", "date : tUNUMBER '/' tUNUMBER", "date : tUNUMBER '/' tUNUMBER '/' tUNUMBER", "date : tUNUMBER tSNUMBER tSNUMBER", "date : tUNUMBER tMONTH tSNUMBER", "date : tMONTH tUNUMBER", "date : tMONTH tUNUMBER ',' tUNUMBER", "date : tUNUMBER tMONTH", "date : tUNUMBER tMONTH tUNUMBER", "rel : relunit tAGO", "rel : relunit", "relunit : tUNUMBER tMINUTE_UNIT", "relunit : tSNUMBER tMINUTE_UNIT", "relunit : tMINUTE_UNIT", "relunit : tSNUMBER tSEC_UNIT", "relunit : tUNUMBER tSEC_UNIT", "relunit : tSEC_UNIT", "relunit : tSNUMBER tMONTH_UNIT", "relunit : tUNUMBER tMONTH_UNIT", "relunit : tMONTH_UNIT", "number : tUNUMBER", "o_merid :", "o_merid : tMERIDIAN", }; #endif #ifdef YYSTACKSIZE #undef YYMAXDEPTH #define YYMAXDEPTH YYSTACKSIZE #else #ifdef YYMAXDEPTH #define YYSTACKSIZE YYMAXDEPTH #else #define YYSTACKSIZE 10000 #define YYMAXDEPTH 10000 #endif #endif #define YYINITSTACKSIZE 200 /* LINTUSED */ int yydebug; int yynerrs; int yyerrflag; int yychar; short *yyssp; YYSTYPE *yyvsp; YYSTYPE yyval; YYSTYPE yylval; short *yyss; short *yysslim; YYSTYPE *yyvs; unsigned int yystacksize; #line 326 "getdate.y" /* Month and day table. */ static TABLE const MonthDayTable[] = { { "january", tMONTH, 1 }, { "february", tMONTH, 2 }, { "march", tMONTH, 3 }, { "april", tMONTH, 4 }, { "may", tMONTH, 5 }, { "june", tMONTH, 6 }, { "july", tMONTH, 7 }, { "august", tMONTH, 8 }, { "september", tMONTH, 9 }, { "sept", tMONTH, 9 }, { "october", tMONTH, 10 }, { "november", tMONTH, 11 }, { "december", tMONTH, 12 }, { "sunday", tDAY, 0 }, { "monday", tDAY, 1 }, { "tuesday", tDAY, 2 }, { "tues", tDAY, 2 }, { "wednesday", tDAY, 3 }, { "wednes", tDAY, 3 }, { "thursday", tDAY, 4 }, { "thur", tDAY, 4 }, { "thurs", tDAY, 4 }, { "friday", tDAY, 5 }, { "saturday", tDAY, 6 }, { NULL } }; /* Time units table. */ static TABLE const UnitsTable[] = { { "year", tMONTH_UNIT, 12 }, { "month", tMONTH_UNIT, 1 }, { "fortnight", tMINUTE_UNIT, 14 * 24 * 60 }, { "week", tMINUTE_UNIT, 7 * 24 * 60 }, { "day", tMINUTE_UNIT, 1 * 24 * 60 }, { "hour", tMINUTE_UNIT, 60 }, { "minute", tMINUTE_UNIT, 1 }, { "min", tMINUTE_UNIT, 1 }, { "second", tSEC_UNIT, 1 }, { "sec", tSEC_UNIT, 1 }, { NULL } }; /* Assorted relative-time words. */ static TABLE const OtherTable[] = { { "tomorrow", tMINUTE_UNIT, 1 * 24 * 60 }, { "yesterday", tMINUTE_UNIT, -1 * 24 * 60 }, { "today", tMINUTE_UNIT, 0 }, { "now", tMINUTE_UNIT, 0 }, { "last", tUNUMBER, -1 }, { "this", tUNUMBER, 0 }, { "next", tUNUMBER, 2 }, { "first", tUNUMBER, 1 }, /* { "second", tUNUMBER, 2 }, */ { "third", tUNUMBER, 3 }, { "fourth", tUNUMBER, 4 }, { "fifth", tUNUMBER, 5 }, { "sixth", tUNUMBER, 6 }, { "seventh", tUNUMBER, 7 }, { "eighth", tUNUMBER, 8 }, { "ninth", tUNUMBER, 9 }, { "tenth", tUNUMBER, 10 }, { "eleventh", tUNUMBER, 11 }, { "twelfth", tUNUMBER, 12 }, { "ago", tAGO, 1 }, { NULL } }; /* The timezone table. */ /* Some of these are commented out because a time_t can't store a float. */ static TABLE const TimezoneTable[] = { { "gmt", tZONE, HOUR( 0) }, /* Greenwich Mean */ { "ut", tZONE, HOUR( 0) }, /* Universal (Coordinated) */ { "utc", tZONE, HOUR( 0) }, { "wet", tZONE, HOUR( 0) }, /* Western European */ { "bst", tDAYZONE, HOUR( 0) }, /* British Summer */ { "wat", tZONE, HOUR( 1) }, /* West Africa */ { "at", tZONE, HOUR( 2) }, /* Azores */ #if 0 /* For completeness. BST is also British Summer, and GST is * also Guam Standard. */ { "bst", tZONE, HOUR( 3) }, /* Brazil Standard */ { "gst", tZONE, HOUR( 3) }, /* Greenland Standard */ #endif #if 0 { "nft", tZONE, HOUR(3.5) }, /* Newfoundland */ { "nst", tZONE, HOUR(3.5) }, /* Newfoundland Standard */ { "ndt", tDAYZONE, HOUR(3.5) }, /* Newfoundland Daylight */ #endif { "ast", tZONE, HOUR( 4) }, /* Atlantic Standard */ { "adt", tDAYZONE, HOUR( 4) }, /* Atlantic Daylight */ { "est", tZONE, HOUR( 5) }, /* Eastern Standard */ { "edt", tDAYZONE, HOUR( 5) }, /* Eastern Daylight */ { "cst", tZONE, HOUR( 6) }, /* Central Standard */ { "cdt", tDAYZONE, HOUR( 6) }, /* Central Daylight */ { "mst", tZONE, HOUR( 7) }, /* Mountain Standard */ { "mdt", tDAYZONE, HOUR( 7) }, /* Mountain Daylight */ { "pst", tZONE, HOUR( 8) }, /* Pacific Standard */ { "pdt", tDAYZONE, HOUR( 8) }, /* Pacific Daylight */ { "yst", tZONE, HOUR( 9) }, /* Yukon Standard */ { "ydt", tDAYZONE, HOUR( 9) }, /* Yukon Daylight */ { "hst", tZONE, HOUR(10) }, /* Hawaii Standard */ { "hdt", tDAYZONE, HOUR(10) }, /* Hawaii Daylight */ { "cat", tZONE, HOUR(10) }, /* Central Alaska */ { "ahst", tZONE, HOUR(10) }, /* Alaska-Hawaii Standard */ { "nt", tZONE, HOUR(11) }, /* Nome */ { "idlw", tZONE, HOUR(12) }, /* International Date Line West */ { "cet", tZONE, -HOUR(1) }, /* Central European */ { "met", tZONE, -HOUR(1) }, /* Middle European */ { "mewt", tZONE, -HOUR(1) }, /* Middle European Winter */ { "mest", tDAYZONE, -HOUR(1) }, /* Middle European Summer */ { "swt", tZONE, -HOUR(1) }, /* Swedish Winter */ { "sst", tDAYZONE, -HOUR(1) }, /* Swedish Summer */ { "fwt", tZONE, -HOUR(1) }, /* French Winter */ { "fst", tDAYZONE, -HOUR(1) }, /* French Summer */ { "eet", tZONE, -HOUR(2) }, /* Eastern Europe, USSR Zone 1 */ { "bt", tZONE, -HOUR(3) }, /* Baghdad, USSR Zone 2 */ #if 0 { "it", tZONE, -HOUR(3.5) },/* Iran */ #endif { "zp4", tZONE, -HOUR(4) }, /* USSR Zone 3 */ { "zp5", tZONE, -HOUR(5) }, /* USSR Zone 4 */ #if 0 { "ist", tZONE, -HOUR(5.5) },/* Indian Standard */ #endif { "zp6", tZONE, -HOUR(6) }, /* USSR Zone 5 */ #if 0 /* For completeness. NST is also Newfoundland Stanard, and SST is * also Swedish Summer. */ { "nst", tZONE, -HOUR(6.5) },/* North Sumatra */ { "sst", tZONE, -HOUR(7) }, /* South Sumatra, USSR Zone 6 */ #endif /* 0 */ { "wast", tZONE, -HOUR(7) }, /* West Australian Standard */ { "wadt", tDAYZONE, -HOUR(7) }, /* West Australian Daylight */ #if 0 { "jt", tZONE, -HOUR(7.5) },/* Java (3pm in Cronusland!) */ #endif { "cct", tZONE, -HOUR(8) }, /* China Coast, USSR Zone 7 */ { "jst", tZONE, -HOUR(9) }, /* Japan Standard, USSR Zone 8 */ #if 0 { "cast", tZONE, -HOUR(9.5) },/* Central Australian Standard */ { "cadt", tDAYZONE, -HOUR(9.5) },/* Central Australian Daylight */ #endif { "east", tZONE, -HOUR(10) }, /* Eastern Australian Standard */ { "eadt", tDAYZONE, -HOUR(10) }, /* Eastern Australian Daylight */ { "gst", tZONE, -HOUR(10) }, /* Guam Standard, USSR Zone 9 */ { "nzt", tZONE, -HOUR(12) }, /* New Zealand */ { "nzst", tZONE, -HOUR(12) }, /* New Zealand Standard */ { "nzdt", tDAYZONE, -HOUR(12) }, /* New Zealand Daylight */ { "idle", tZONE, -HOUR(12) }, /* International Date Line East */ { NULL } }; /* Military timezone table. */ static TABLE const MilitaryTable[] = { { "a", tZONE, HOUR( 1) }, { "b", tZONE, HOUR( 2) }, { "c", tZONE, HOUR( 3) }, { "d", tZONE, HOUR( 4) }, { "e", tZONE, HOUR( 5) }, { "f", tZONE, HOUR( 6) }, { "g", tZONE, HOUR( 7) }, { "h", tZONE, HOUR( 8) }, { "i", tZONE, HOUR( 9) }, { "k", tZONE, HOUR( 10) }, { "l", tZONE, HOUR( 11) }, { "m", tZONE, HOUR( 12) }, { "n", tZONE, HOUR(- 1) }, { "o", tZONE, HOUR(- 2) }, { "p", tZONE, HOUR(- 3) }, { "q", tZONE, HOUR(- 4) }, { "r", tZONE, HOUR(- 5) }, { "s", tZONE, HOUR(- 6) }, { "t", tZONE, HOUR(- 7) }, { "u", tZONE, HOUR(- 8) }, { "v", tZONE, HOUR(- 9) }, { "w", tZONE, HOUR(-10) }, { "x", tZONE, HOUR(-11) }, { "y", tZONE, HOUR(-12) }, { "z", tZONE, HOUR( 0) }, { NULL } }; /* ARGSUSED */ static int yyerror(const char *s) { return 0; } static time_t ToSeconds(time_t Hours, time_t Minutes, time_t Seconds, MERIDIAN Meridian) { if (Minutes < 0 || Minutes > 59 || Seconds < 0 || Seconds > 59) return -1; switch (Meridian) { case MER24: if (Hours < 0 || Hours > 23) return -1; return (Hours * 60L + Minutes) * 60L + Seconds; case MERam: if (Hours < 1 || Hours > 12) return -1; if (Hours == 12) Hours = 0; return (Hours * 60L + Minutes) * 60L + Seconds; case MERpm: if (Hours < 1 || Hours > 12) return -1; if (Hours == 12) Hours = 0; return ((Hours + 12) * 60L + Minutes) * 60L + Seconds; default: abort (); } /* NOTREACHED */ } /* Year is either * A negative number, which means to use its absolute value (why?) * A number from 0 to 99, which means a year from 1900 to 1999, or * The actual year (>=100). */ static time_t Convert(time_t Month, time_t Day, time_t Year, time_t Hours, time_t Minutes, time_t Seconds, MERIDIAN Meridian, DSTMODE DSTmode) { static int DaysInMonth[12] = { 31, 0, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; time_t tod; time_t Julian; int i; if (Year < 0) Year = -Year; if (Year < 69) Year += 2000; else if (Year < 100) { Year += 1900; if (Year < EPOCH) Year += 100; } DaysInMonth[1] = Year % 4 == 0 && (Year % 100 != 0 || Year % 400 == 0) ? 29 : 28; /* 32-bit time_t cannot represent years past 2038 */ if (Year < EPOCH || (sizeof(time_t) == sizeof(int) && Year > 2038) || Month < 1 || Month > 12 /* Lint fluff: "conversion from long may lose accuracy" */ || Day < 1 || Day > DaysInMonth[(int)--Month]) return -1; for (Julian = Day - 1, i = 0; i < Month; i++) Julian += DaysInMonth[i]; for (i = EPOCH; i < Year; i++) Julian += 365 + (i % 4 == 0); Julian *= SECSPERDAY; Julian += yyTimezone * 60L; if ((tod = ToSeconds(Hours, Minutes, Seconds, Meridian)) < 0) return -1; Julian += tod; if (DSTmode == DSTon || (DSTmode == DSTmaybe && localtime(&Julian)->tm_isdst)) Julian -= 60 * 60; return Julian; } static time_t DSTcorrect(time_t Start, time_t Future) { time_t StartDay; time_t FutureDay; StartDay = (localtime(&Start)->tm_hour + 1) % 24; FutureDay = (localtime(&Future)->tm_hour + 1) % 24; return (Future - Start) + (StartDay - FutureDay) * 60L * 60L; } static time_t RelativeDate(time_t Start, time_t DayOrdinal, time_t DayNumber) { struct tm *tm; time_t now; now = Start; tm = localtime(&now); now += SECSPERDAY * ((DayNumber - tm->tm_wday + 7) % 7); now += 7 * SECSPERDAY * (DayOrdinal <= 0 ? DayOrdinal : DayOrdinal - 1); return DSTcorrect(Start, now); } static time_t RelativeMonth(time_t Start, time_t RelMonth) { struct tm *tm; time_t Month; time_t Year; if (RelMonth == 0) return 0; tm = localtime(&Start); Month = 12 * (tm->tm_year + 1900) + tm->tm_mon + RelMonth; Year = Month / 12; Month = Month % 12 + 1; return DSTcorrect(Start, Convert(Month, (time_t)tm->tm_mday, Year, (time_t)tm->tm_hour, (time_t)tm->tm_min, (time_t)tm->tm_sec, MER24, DSTmaybe)); } static int LookupWord(char *buff) { char *p; char *q; const TABLE *tp; int i; int abbrev; /* Make it lowercase. */ for (p = buff; *p; p++) if (isupper((unsigned char)*p)) *p = tolower((unsigned char)*p); if (strcmp(buff, "am") == 0 || strcmp(buff, "a.m.") == 0) { yylval.Meridian = MERam; return tMERIDIAN; } if (strcmp(buff, "pm") == 0 || strcmp(buff, "p.m.") == 0) { yylval.Meridian = MERpm; return tMERIDIAN; } /* See if we have an abbreviation for a month. */ if (strlen(buff) == 3) abbrev = 1; else if (strlen(buff) == 4 && buff[3] == '.') { abbrev = 1; buff[3] = '\0'; } else abbrev = 0; for (tp = MonthDayTable; tp->name; tp++) { if (abbrev) { if (strncmp(buff, tp->name, 3) == 0) { yylval.Number = tp->value; return tp->type; } } else if (strcmp(buff, tp->name) == 0) { yylval.Number = tp->value; return tp->type; } } for (tp = TimezoneTable; tp->name; tp++) if (strcmp(buff, tp->name) == 0) { yylval.Number = tp->value; return tp->type; } if (strcmp(buff, "dst") == 0) return tDST; for (tp = UnitsTable; tp->name; tp++) if (strcmp(buff, tp->name) == 0) { yylval.Number = tp->value; return tp->type; } /* Strip off any plural and try the units table again. */ i = strlen(buff) - 1; if (buff[i] == 's') { buff[i] = '\0'; for (tp = UnitsTable; tp->name; tp++) if (strcmp(buff, tp->name) == 0) { yylval.Number = tp->value; return tp->type; } buff[i] = 's'; /* Put back for "this" in OtherTable. */ } for (tp = OtherTable; tp->name; tp++) if (strcmp(buff, tp->name) == 0) { yylval.Number = tp->value; return tp->type; } /* Military timezones. */ if (buff[1] == '\0' && isalpha((unsigned char)*buff)) { for (tp = MilitaryTable; tp->name; tp++) if (strcmp(buff, tp->name) == 0) { yylval.Number = tp->value; return tp->type; } } /* Drop out any periods and try the timezone table again. */ for (i = 0, p = q = buff; *q; q++) if (*q != '.') *p++ = *q; else i++; *p = '\0'; if (i) for (tp = TimezoneTable; tp->name; tp++) if (strcmp(buff, tp->name) == 0) { yylval.Number = tp->value; return tp->type; } return tID; } static int yylex(void) { char c; char *p; char buff[20]; int Count; int sign; for ( ; ; ) { while (isspace((unsigned char)*yyInput)) yyInput++; if (isdigit((unsigned char)(c = *yyInput)) || c == '-' || c == '+') { if (c == '-' || c == '+') { sign = c == '-' ? -1 : 1; if (!isdigit((unsigned char)*++yyInput)) /* skip the '-' sign */ continue; } else sign = 0; for (yylval.Number = 0; isdigit((unsigned char)(c = *yyInput++)); ) yylval.Number = 10 * yylval.Number + c - '0'; yyInput--; if (sign < 0) yylval.Number = -yylval.Number; return sign ? tSNUMBER : tUNUMBER; } if (isalpha((unsigned char)c)) { for (p = buff; isalpha((unsigned char)(c = *yyInput++)) || c == '.'; ) if (p < &buff[sizeof buff - 1]) *p++ = c; *p = '\0'; yyInput--; return LookupWord(buff); } if (c != '(') return *yyInput++; Count = 0; do { c = *yyInput++; if (c == '\0') return c; if (c == '(') Count++; else if (c == ')') Count--; } while (Count > 0); } } #define TM_YEAR_ORIGIN 1900 /* Yield A - B, measured in seconds. */ static long difftm(struct tm *a, struct tm *b) { int ay = a->tm_year + (TM_YEAR_ORIGIN - 1); int by = b->tm_year + (TM_YEAR_ORIGIN - 1); int days = ( /* difference in day of year */ a->tm_yday - b->tm_yday /* + intervening leap days */ + ((ay >> 2) - (by >> 2)) - (ay/100 - by/100) + ((ay/100 >> 2) - (by/100 >> 2)) /* + difference in years * 365 */ + (long)(ay-by) * 365 ); return (60*(60*(24*days + (a->tm_hour - b->tm_hour)) + (a->tm_min - b->tm_min)) + (a->tm_sec - b->tm_sec)); } time_t get_date(char *p) { struct tm *tm, *gmt, gmtbuf; time_t Start; time_t tod; time_t now; time_t timezone; yyInput = p; (void)time (&now); gmt = gmtime (&now); if (gmt != NULL) { /* Make a copy, in case localtime modifies *tm (I think that comment now applies to *gmt, but I am too lazy to dig into how gmtime and locatime allocate the structures they return pointers to). */ gmtbuf = *gmt; gmt = &gmtbuf; } if (! (tm = localtime (&now))) return -1; if (gmt != NULL) timezone = difftm (gmt, tm) / 60; else /* We are on a system like VMS, where the system clock is in local time and the system has no concept of timezones. Hopefully we can fake this out (for the case in which the user specifies no timezone) by just saying the timezone is zero. */ timezone = 0; if(tm->tm_isdst) timezone += 60; tm = localtime(&now); yyYear = tm->tm_year + 1900; yyMonth = tm->tm_mon + 1; yyDay = tm->tm_mday; yyTimezone = timezone; yyDSTmode = DSTmaybe; yyHour = 0; yyMinutes = 0; yySeconds = 0; yyMeridian = MER24; yyRelSeconds = 0; yyRelMonth = 0; yyHaveDate = 0; yyHaveDay = 0; yyHaveRel = 0; yyHaveTime = 0; yyHaveZone = 0; if (yyparse() || yyHaveTime > 1 || yyHaveZone > 1 || yyHaveDate > 1 || yyHaveDay > 1) return -1; if (yyHaveDate || yyHaveTime || yyHaveDay) { Start = Convert(yyMonth, yyDay, yyYear, yyHour, yyMinutes, yySeconds, yyMeridian, yyDSTmode); if (Start < 0) return -1; } else { Start = now; if (!yyHaveRel) Start -= ((tm->tm_hour * 60L + tm->tm_min) * 60L) + tm->tm_sec; } Start += yyRelSeconds; Start += RelativeMonth(Start, yyRelMonth); if (yyHaveDay && !yyHaveDate) { tod = RelativeDate(Start, yyDayOrdinal, yyDayNumber); Start += tod; } /* Have to do *something* with a legitimate -1 so it's distinguishable * from the error return value. (Alternately could set errno on error.) */ return Start == -1 ? 0 : Start; } #ifdef TEST /* ARGSUSED */ int main(int argc, char *argv[]) { char buff[128]; time_t d; (void)printf("Enter date, or blank line to exit.\n\t> "); (void)fflush(stdout); while (fgets(buff, sizeof(buff), stdin) && buff[0]) { d = get_date(buff); if (d == -1) (void)printf("Bad format - couldn't convert.\n"); else (void)printf("%s", ctime(&d)); (void)printf("\t> "); (void)fflush(stdout); } exit(0); /* NOTREACHED */ } #endif /* TEST */ #line 954 "getdate.c" /* allocate initial stack or double stack size, up to YYMAXDEPTH */ #if defined(__cplusplus) || defined(__STDC__) static int yygrowstack(void) #else static int yygrowstack() #endif { unsigned int newsize; long sslen; short *newss; YYSTYPE *newvs; if ((newsize = yystacksize) == 0) newsize = YYINITSTACKSIZE; else if (newsize >= YYMAXDEPTH) return -1; else if ((newsize *= 2) > YYMAXDEPTH) newsize = YYMAXDEPTH; #ifdef SIZE_MAX #define YY_SIZE_MAX SIZE_MAX #else #ifdef __STDC__ #define YY_SIZE_MAX 0xffffffffU #else #define YY_SIZE_MAX (unsigned int)0xffffffff #endif #endif if (YY_SIZE_MAX / newsize < sizeof *newss) goto bail; sslen = yyssp - yyss; newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) : (short *)malloc(newsize * sizeof *newss); /* overflow check above */ if (newss == NULL) goto bail; yyss = newss; yyssp = newss + sslen; newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) : (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */ if (newvs == NULL) goto bail; yyvs = newvs; yyvsp = newvs + sslen; yystacksize = newsize; yysslim = yyss + newsize - 1; return 0; bail: if (yyss) free(yyss); if (yyvs) free(yyvs); yyss = yyssp = NULL; yyvs = yyvsp = NULL; yystacksize = 0; return -1; } #define YYABORT goto yyabort #define YYREJECT goto yyabort #define YYACCEPT goto yyaccept #define YYERROR goto yyerrlab int #if defined(__cplusplus) || defined(__STDC__) yyparse(void) #else yyparse() #endif { int yym, yyn, yystate; #if YYDEBUG #if defined(__cplusplus) || defined(__STDC__) const char *yys; #else /* !(defined(__cplusplus) || defined(__STDC__)) */ char *yys; #endif /* !(defined(__cplusplus) || defined(__STDC__)) */ if ((yys = getenv("YYDEBUG"))) { yyn = *yys; if (yyn >= '0' && yyn <= '9') yydebug = yyn - '0'; } #endif /* YYDEBUG */ yynerrs = 0; yyerrflag = 0; yychar = (-1); if (yyss == NULL && yygrowstack()) goto yyoverflow; yyssp = yyss; yyvsp = yyvs; *yyssp = yystate = 0; yyloop: if ((yyn = yydefred[yystate]) != 0) goto yyreduce; if (yychar < 0) { if ((yychar = yylex()) < 0) yychar = 0; #if YYDEBUG if (yydebug) { yys = 0; if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; if (!yys) yys = "illegal-symbol"; printf("%sdebug: state %d, reading %d (%s)\n", YYPREFIX, yystate, yychar, yys); } #endif } if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 && yyn <= YYTABLESIZE && yycheck[yyn] == yychar) { #if YYDEBUG if (yydebug) printf("%sdebug: state %d, shifting to state %d\n", YYPREFIX, yystate, yytable[yyn]); #endif if (yyssp >= yysslim && yygrowstack()) { goto yyoverflow; } *++yyssp = yystate = yytable[yyn]; *++yyvsp = yylval; yychar = (-1); if (yyerrflag > 0) --yyerrflag; goto yyloop; } if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 && yyn <= YYTABLESIZE && yycheck[yyn] == yychar) { yyn = yytable[yyn]; goto yyreduce; } if (yyerrflag) goto yyinrecovery; #if defined(lint) || defined(__GNUC__) goto yynewerror; #endif yynewerror: yyerror("syntax error"); #if defined(lint) || defined(__GNUC__) goto yyerrlab; #endif yyerrlab: ++yynerrs; yyinrecovery: if (yyerrflag < 3) { yyerrflag = 3; for (;;) { if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 && yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE) { #if YYDEBUG if (yydebug) printf("%sdebug: state %d, error recovery shifting\ to state %d\n", YYPREFIX, *yyssp, yytable[yyn]); #endif if (yyssp >= yysslim && yygrowstack()) { goto yyoverflow; } *++yyssp = yystate = yytable[yyn]; *++yyvsp = yylval; goto yyloop; } else { #if YYDEBUG if (yydebug) printf("%sdebug: error recovery discarding state %d\n", YYPREFIX, *yyssp); #endif if (yyssp <= yyss) goto yyabort; --yyssp; --yyvsp; } } } else { if (yychar == 0) goto yyabort; #if YYDEBUG if (yydebug) { yys = 0; if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; if (!yys) yys = "illegal-symbol"; printf("%sdebug: state %d, error recovery discards token %d (%s)\n", YYPREFIX, yystate, yychar, yys); } #endif yychar = (-1); goto yyloop; } yyreduce: #if YYDEBUG if (yydebug) printf("%sdebug: state %d, reducing by rule %d (%s)\n", YYPREFIX, yystate, yyn, yyrule[yyn]); #endif yym = yylen[yyn]; if (yym) yyval = yyvsp[1-yym]; else memset(&yyval, 0, sizeof yyval); switch (yyn) { case 3: #line 125 "getdate.y" { yyHaveTime++; } break; case 4: #line 128 "getdate.y" { yyHaveZone++; } break; case 5: #line 131 "getdate.y" { yyHaveDate++; } break; case 6: #line 134 "getdate.y" { yyHaveDay++; } break; case 7: #line 137 "getdate.y" { yyHaveRel++; } break; case 9: #line 143 "getdate.y" { yyHour = yyvsp[-1].Number; yyMinutes = 0; yySeconds = 0; yyMeridian = yyvsp[0].Meridian; } break; case 10: #line 149 "getdate.y" { yyHour = yyvsp[-3].Number; yyMinutes = yyvsp[-1].Number; yySeconds = 0; yyMeridian = yyvsp[0].Meridian; } break; case 11: #line 155 "getdate.y" { yyHour = yyvsp[-3].Number; yyMinutes = yyvsp[-1].Number; yyMeridian = MER24; yyDSTmode = DSToff; yyTimezone = - (yyvsp[0].Number % 100 + (yyvsp[0].Number / 100) * 60); } break; case 12: #line 162 "getdate.y" { yyHour = yyvsp[-5].Number; yyMinutes = yyvsp[-3].Number; yySeconds = yyvsp[-1].Number; yyMeridian = yyvsp[0].Meridian; } break; case 13: #line 168 "getdate.y" { yyHour = yyvsp[-5].Number; yyMinutes = yyvsp[-3].Number; yySeconds = yyvsp[-1].Number; yyMeridian = MER24; yyDSTmode = DSToff; yyTimezone = - (yyvsp[0].Number % 100 + (yyvsp[0].Number / 100) * 60); } break; case 14: #line 178 "getdate.y" { yyTimezone = yyvsp[0].Number; yyDSTmode = DSToff; } break; case 15: #line 182 "getdate.y" { yyTimezone = yyvsp[0].Number; yyDSTmode = DSTon; } break; case 16: #line 187 "getdate.y" { yyTimezone = yyvsp[-1].Number; yyDSTmode = DSTon; } break; case 17: #line 193 "getdate.y" { yyDayOrdinal = 1; yyDayNumber = yyvsp[0].Number; } break; case 18: #line 197 "getdate.y" { yyDayOrdinal = 1; yyDayNumber = yyvsp[-1].Number; } break; case 19: #line 201 "getdate.y" { yyDayOrdinal = yyvsp[-1].Number; yyDayNumber = yyvsp[0].Number; } break; case 20: #line 207 "getdate.y" { yyMonth = yyvsp[-2].Number; yyDay = yyvsp[0].Number; } break; case 21: #line 211 "getdate.y" { if (yyvsp[-4].Number >= 100) { yyYear = yyvsp[-4].Number; yyMonth = yyvsp[-2].Number; yyDay = yyvsp[0].Number; } else { yyMonth = yyvsp[-4].Number; yyDay = yyvsp[-2].Number; yyYear = yyvsp[0].Number; } } break; case 22: #line 222 "getdate.y" { /* ISO 8601 format. yyyy-mm-dd. */ yyYear = yyvsp[-2].Number; yyMonth = -yyvsp[-1].Number; yyDay = -yyvsp[0].Number; } break; case 23: #line 228 "getdate.y" { /* e.g. 17-JUN-1992. */ yyDay = yyvsp[-2].Number; yyMonth = yyvsp[-1].Number; yyYear = -yyvsp[0].Number; } break; case 24: #line 234 "getdate.y" { yyMonth = yyvsp[-1].Number; yyDay = yyvsp[0].Number; } break; case 25: #line 238 "getdate.y" { yyMonth = yyvsp[-3].Number; yyDay = yyvsp[-2].Number; yyYear = yyvsp[0].Number; } break; case 26: #line 243 "getdate.y" { yyMonth = yyvsp[0].Number; yyDay = yyvsp[-1].Number; } break; case 27: #line 247 "getdate.y" { yyMonth = yyvsp[-1].Number; yyDay = yyvsp[-2].Number; yyYear = yyvsp[0].Number; } break; case 28: #line 254 "getdate.y" { yyRelSeconds = -yyRelSeconds; yyRelMonth = -yyRelMonth; } break; case 30: #line 261 "getdate.y" { yyRelSeconds += yyvsp[-1].Number * yyvsp[0].Number * 60L; } break; case 31: #line 264 "getdate.y" { yyRelSeconds += yyvsp[-1].Number * yyvsp[0].Number * 60L; } break; case 32: #line 267 "getdate.y" { yyRelSeconds += yyvsp[0].Number * 60L; } break; case 33: #line 270 "getdate.y" { yyRelSeconds += yyvsp[-1].Number; } break; case 34: #line 273 "getdate.y" { yyRelSeconds += yyvsp[-1].Number; } break; case 35: #line 276 "getdate.y" { yyRelSeconds++; } break; case 36: #line 279 "getdate.y" { yyRelMonth += yyvsp[-1].Number * yyvsp[0].Number; } break; case 37: #line 282 "getdate.y" { yyRelMonth += yyvsp[-1].Number * yyvsp[0].Number; } break; case 38: #line 285 "getdate.y" { yyRelMonth += yyvsp[0].Number; } break; case 39: #line 290 "getdate.y" { if (yyHaveTime && yyHaveDate && !yyHaveRel) yyYear = yyvsp[0].Number; else { if(yyvsp[0].Number>10000) { yyHaveDate++; yyDay= (yyvsp[0].Number)%100; yyMonth= (yyvsp[0].Number/100)%100; yyYear = yyvsp[0].Number/10000; } else { yyHaveTime++; if (yyvsp[0].Number < 100) { yyHour = yyvsp[0].Number; yyMinutes = 0; } else { yyHour = yyvsp[0].Number / 100; yyMinutes = yyvsp[0].Number % 100; } yySeconds = 0; yyMeridian = MER24; } } } break; case 40: #line 317 "getdate.y" { yyval.Meridian = MER24; } break; case 41: #line 320 "getdate.y" { yyval.Meridian = yyvsp[0].Meridian; } break; #line 1452 "getdate.c" } yyssp -= yym; yystate = *yyssp; yyvsp -= yym; yym = yylhs[yyn]; if (yystate == 0 && yym == 0) { #if YYDEBUG if (yydebug) printf("%sdebug: after reduction, shifting from state 0 to\ state %d\n", YYPREFIX, YYFINAL); #endif yystate = YYFINAL; *++yyssp = YYFINAL; *++yyvsp = yyval; if (yychar < 0) { if ((yychar = yylex()) < 0) yychar = 0; #if YYDEBUG if (yydebug) { yys = 0; if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; if (!yys) yys = "illegal-symbol"; printf("%sdebug: state %d, reading %d (%s)\n", YYPREFIX, YYFINAL, yychar, yys); } #endif } if (yychar == 0) goto yyaccept; goto yyloop; } if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 && yyn <= YYTABLESIZE && yycheck[yyn] == yystate) yystate = yytable[yyn]; else yystate = yydgoto[yym]; #if YYDEBUG if (yydebug) printf("%sdebug: after reduction, shifting from state %d \ to state %d\n", YYPREFIX, *yyssp, yystate); #endif if (yyssp >= yysslim && yygrowstack()) { goto yyoverflow; } *++yyssp = yystate; *++yyvsp = yyval; goto yyloop; yyoverflow: yyerror("yacc stack overflow"); yyabort: if (yyss) free(yyss); if (yyvs) free(yyvs); yyss = yyssp = NULL; yyvs = yyvsp = NULL; yystacksize = 0; return (1); yyaccept: if (yyss) free(yyss); if (yyvs) free(yyvs); yyss = yyssp = NULL; yyvs = yyvsp = NULL; yystacksize = 0; return (0); } sudo-1.8.9p5/plugins/sudoers/getdate.y010064400175440000012000000545021226304126500173270ustar00millertstaff%{ /* ** Originally written by Steven M. Bellovin while ** at the University of North Carolina at Chapel Hill. Later tweaked by ** a couple of people on Usenet. Completely overhauled by Rich $alz ** and Jim Berets in August, 1990; ** ** This grammar has 10 shift/reduce conflicts. ** ** This code is in the public domain and has no copyright. */ /* SUPPRESS 287 on yaccpar_sccsid *//* Unused static variable */ /* SUPPRESS 288 on yyerrlab *//* Label unused */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef TIME_WITH_SYS_TIME # include #endif #include #include "missing.h" #define EPOCH 1970 #define HOUR(x) ((time_t)(x) * 60) #define SECSPERDAY (24L * 60L * 60L) /* ** An entry in the lexical lookup table. */ typedef struct _TABLE { char *name; int type; time_t value; } TABLE; /* ** Daylight-savings mode: on, off, or not yet known. */ typedef enum _DSTMODE { DSTon, DSToff, DSTmaybe } DSTMODE; /* ** Meridian: am, pm, or 24-hour style. */ typedef enum _MERIDIAN { MERam, MERpm, MER24 } MERIDIAN; /* ** Global variables. We could get rid of most of these by using a good ** union as the yacc stack. (This routine was originally written before ** yacc had the %union construct.) Maybe someday; right now we only use ** the %union very rarely. */ static char *yyInput; static DSTMODE yyDSTmode; static time_t yyDayOrdinal; static time_t yyDayNumber; static int yyHaveDate; static int yyHaveDay; static int yyHaveRel; static int yyHaveTime; static int yyHaveZone; static time_t yyTimezone; static time_t yyDay; static time_t yyHour; static time_t yyMinutes; static time_t yyMonth; static time_t yySeconds; static time_t yyYear; static MERIDIAN yyMeridian; static time_t yyRelMonth; static time_t yyRelSeconds; static int yyerror(const char *s); static int yylex(void); int yyparse(void); %} %union { time_t Number; enum _MERIDIAN Meridian; } %token tAGO tDAY tDAYZONE tID tMERIDIAN tMINUTE_UNIT tMONTH tMONTH_UNIT %token tSEC_UNIT tSNUMBER tUNUMBER tZONE tDST %type tDAY tDAYZONE tMINUTE_UNIT tMONTH tMONTH_UNIT %type tSEC_UNIT tSNUMBER tUNUMBER tZONE %type tMERIDIAN o_merid %% spec : /* NULL */ | spec item ; item : time { yyHaveTime++; } | zone { yyHaveZone++; } | date { yyHaveDate++; } | day { yyHaveDay++; } | rel { yyHaveRel++; } | number ; time : tUNUMBER tMERIDIAN { yyHour = $1; yyMinutes = 0; yySeconds = 0; yyMeridian = $2; } | tUNUMBER ':' tUNUMBER o_merid { yyHour = $1; yyMinutes = $3; yySeconds = 0; yyMeridian = $4; } | tUNUMBER ':' tUNUMBER tSNUMBER { yyHour = $1; yyMinutes = $3; yyMeridian = MER24; yyDSTmode = DSToff; yyTimezone = - ($4 % 100 + ($4 / 100) * 60); } | tUNUMBER ':' tUNUMBER ':' tUNUMBER o_merid { yyHour = $1; yyMinutes = $3; yySeconds = $5; yyMeridian = $6; } | tUNUMBER ':' tUNUMBER ':' tUNUMBER tSNUMBER { yyHour = $1; yyMinutes = $3; yySeconds = $5; yyMeridian = MER24; yyDSTmode = DSToff; yyTimezone = - ($6 % 100 + ($6 / 100) * 60); } ; zone : tZONE { yyTimezone = $1; yyDSTmode = DSToff; } | tDAYZONE { yyTimezone = $1; yyDSTmode = DSTon; } | tZONE tDST { yyTimezone = $1; yyDSTmode = DSTon; } ; day : tDAY { yyDayOrdinal = 1; yyDayNumber = $1; } | tDAY ',' { yyDayOrdinal = 1; yyDayNumber = $1; } | tUNUMBER tDAY { yyDayOrdinal = $1; yyDayNumber = $2; } ; date : tUNUMBER '/' tUNUMBER { yyMonth = $1; yyDay = $3; } | tUNUMBER '/' tUNUMBER '/' tUNUMBER { if ($1 >= 100) { yyYear = $1; yyMonth = $3; yyDay = $5; } else { yyMonth = $1; yyDay = $3; yyYear = $5; } } | tUNUMBER tSNUMBER tSNUMBER { /* ISO 8601 format. yyyy-mm-dd. */ yyYear = $1; yyMonth = -$2; yyDay = -$3; } | tUNUMBER tMONTH tSNUMBER { /* e.g. 17-JUN-1992. */ yyDay = $1; yyMonth = $2; yyYear = -$3; } | tMONTH tUNUMBER { yyMonth = $1; yyDay = $2; } | tMONTH tUNUMBER ',' tUNUMBER { yyMonth = $1; yyDay = $2; yyYear = $4; } | tUNUMBER tMONTH { yyMonth = $2; yyDay = $1; } | tUNUMBER tMONTH tUNUMBER { yyMonth = $2; yyDay = $1; yyYear = $3; } ; rel : relunit tAGO { yyRelSeconds = -yyRelSeconds; yyRelMonth = -yyRelMonth; } | relunit ; relunit : tUNUMBER tMINUTE_UNIT { yyRelSeconds += $1 * $2 * 60L; } | tSNUMBER tMINUTE_UNIT { yyRelSeconds += $1 * $2 * 60L; } | tMINUTE_UNIT { yyRelSeconds += $1 * 60L; } | tSNUMBER tSEC_UNIT { yyRelSeconds += $1; } | tUNUMBER tSEC_UNIT { yyRelSeconds += $1; } | tSEC_UNIT { yyRelSeconds++; } | tSNUMBER tMONTH_UNIT { yyRelMonth += $1 * $2; } | tUNUMBER tMONTH_UNIT { yyRelMonth += $1 * $2; } | tMONTH_UNIT { yyRelMonth += $1; } ; number : tUNUMBER { if (yyHaveTime && yyHaveDate && !yyHaveRel) yyYear = $1; else { if($1>10000) { yyHaveDate++; yyDay= ($1)%100; yyMonth= ($1/100)%100; yyYear = $1/10000; } else { yyHaveTime++; if ($1 < 100) { yyHour = $1; yyMinutes = 0; } else { yyHour = $1 / 100; yyMinutes = $1 % 100; } yySeconds = 0; yyMeridian = MER24; } } } ; o_merid : /* NULL */ { $$ = MER24; } | tMERIDIAN { $$ = $1; } ; %% /* Month and day table. */ static TABLE const MonthDayTable[] = { { "january", tMONTH, 1 }, { "february", tMONTH, 2 }, { "march", tMONTH, 3 }, { "april", tMONTH, 4 }, { "may", tMONTH, 5 }, { "june", tMONTH, 6 }, { "july", tMONTH, 7 }, { "august", tMONTH, 8 }, { "september", tMONTH, 9 }, { "sept", tMONTH, 9 }, { "october", tMONTH, 10 }, { "november", tMONTH, 11 }, { "december", tMONTH, 12 }, { "sunday", tDAY, 0 }, { "monday", tDAY, 1 }, { "tuesday", tDAY, 2 }, { "tues", tDAY, 2 }, { "wednesday", tDAY, 3 }, { "wednes", tDAY, 3 }, { "thursday", tDAY, 4 }, { "thur", tDAY, 4 }, { "thurs", tDAY, 4 }, { "friday", tDAY, 5 }, { "saturday", tDAY, 6 }, { NULL } }; /* Time units table. */ static TABLE const UnitsTable[] = { { "year", tMONTH_UNIT, 12 }, { "month", tMONTH_UNIT, 1 }, { "fortnight", tMINUTE_UNIT, 14 * 24 * 60 }, { "week", tMINUTE_UNIT, 7 * 24 * 60 }, { "day", tMINUTE_UNIT, 1 * 24 * 60 }, { "hour", tMINUTE_UNIT, 60 }, { "minute", tMINUTE_UNIT, 1 }, { "min", tMINUTE_UNIT, 1 }, { "second", tSEC_UNIT, 1 }, { "sec", tSEC_UNIT, 1 }, { NULL } }; /* Assorted relative-time words. */ static TABLE const OtherTable[] = { { "tomorrow", tMINUTE_UNIT, 1 * 24 * 60 }, { "yesterday", tMINUTE_UNIT, -1 * 24 * 60 }, { "today", tMINUTE_UNIT, 0 }, { "now", tMINUTE_UNIT, 0 }, { "last", tUNUMBER, -1 }, { "this", tUNUMBER, 0 }, { "next", tUNUMBER, 2 }, { "first", tUNUMBER, 1 }, /* { "second", tUNUMBER, 2 }, */ { "third", tUNUMBER, 3 }, { "fourth", tUNUMBER, 4 }, { "fifth", tUNUMBER, 5 }, { "sixth", tUNUMBER, 6 }, { "seventh", tUNUMBER, 7 }, { "eighth", tUNUMBER, 8 }, { "ninth", tUNUMBER, 9 }, { "tenth", tUNUMBER, 10 }, { "eleventh", tUNUMBER, 11 }, { "twelfth", tUNUMBER, 12 }, { "ago", tAGO, 1 }, { NULL } }; /* The timezone table. */ /* Some of these are commented out because a time_t can't store a float. */ static TABLE const TimezoneTable[] = { { "gmt", tZONE, HOUR( 0) }, /* Greenwich Mean */ { "ut", tZONE, HOUR( 0) }, /* Universal (Coordinated) */ { "utc", tZONE, HOUR( 0) }, { "wet", tZONE, HOUR( 0) }, /* Western European */ { "bst", tDAYZONE, HOUR( 0) }, /* British Summer */ { "wat", tZONE, HOUR( 1) }, /* West Africa */ { "at", tZONE, HOUR( 2) }, /* Azores */ #if 0 /* For completeness. BST is also British Summer, and GST is * also Guam Standard. */ { "bst", tZONE, HOUR( 3) }, /* Brazil Standard */ { "gst", tZONE, HOUR( 3) }, /* Greenland Standard */ #endif #if 0 { "nft", tZONE, HOUR(3.5) }, /* Newfoundland */ { "nst", tZONE, HOUR(3.5) }, /* Newfoundland Standard */ { "ndt", tDAYZONE, HOUR(3.5) }, /* Newfoundland Daylight */ #endif { "ast", tZONE, HOUR( 4) }, /* Atlantic Standard */ { "adt", tDAYZONE, HOUR( 4) }, /* Atlantic Daylight */ { "est", tZONE, HOUR( 5) }, /* Eastern Standard */ { "edt", tDAYZONE, HOUR( 5) }, /* Eastern Daylight */ { "cst", tZONE, HOUR( 6) }, /* Central Standard */ { "cdt", tDAYZONE, HOUR( 6) }, /* Central Daylight */ { "mst", tZONE, HOUR( 7) }, /* Mountain Standard */ { "mdt", tDAYZONE, HOUR( 7) }, /* Mountain Daylight */ { "pst", tZONE, HOUR( 8) }, /* Pacific Standard */ { "pdt", tDAYZONE, HOUR( 8) }, /* Pacific Daylight */ { "yst", tZONE, HOUR( 9) }, /* Yukon Standard */ { "ydt", tDAYZONE, HOUR( 9) }, /* Yukon Daylight */ { "hst", tZONE, HOUR(10) }, /* Hawaii Standard */ { "hdt", tDAYZONE, HOUR(10) }, /* Hawaii Daylight */ { "cat", tZONE, HOUR(10) }, /* Central Alaska */ { "ahst", tZONE, HOUR(10) }, /* Alaska-Hawaii Standard */ { "nt", tZONE, HOUR(11) }, /* Nome */ { "idlw", tZONE, HOUR(12) }, /* International Date Line West */ { "cet", tZONE, -HOUR(1) }, /* Central European */ { "met", tZONE, -HOUR(1) }, /* Middle European */ { "mewt", tZONE, -HOUR(1) }, /* Middle European Winter */ { "mest", tDAYZONE, -HOUR(1) }, /* Middle European Summer */ { "swt", tZONE, -HOUR(1) }, /* Swedish Winter */ { "sst", tDAYZONE, -HOUR(1) }, /* Swedish Summer */ { "fwt", tZONE, -HOUR(1) }, /* French Winter */ { "fst", tDAYZONE, -HOUR(1) }, /* French Summer */ { "eet", tZONE, -HOUR(2) }, /* Eastern Europe, USSR Zone 1 */ { "bt", tZONE, -HOUR(3) }, /* Baghdad, USSR Zone 2 */ #if 0 { "it", tZONE, -HOUR(3.5) },/* Iran */ #endif { "zp4", tZONE, -HOUR(4) }, /* USSR Zone 3 */ { "zp5", tZONE, -HOUR(5) }, /* USSR Zone 4 */ #if 0 { "ist", tZONE, -HOUR(5.5) },/* Indian Standard */ #endif { "zp6", tZONE, -HOUR(6) }, /* USSR Zone 5 */ #if 0 /* For completeness. NST is also Newfoundland Stanard, and SST is * also Swedish Summer. */ { "nst", tZONE, -HOUR(6.5) },/* North Sumatra */ { "sst", tZONE, -HOUR(7) }, /* South Sumatra, USSR Zone 6 */ #endif /* 0 */ { "wast", tZONE, -HOUR(7) }, /* West Australian Standard */ { "wadt", tDAYZONE, -HOUR(7) }, /* West Australian Daylight */ #if 0 { "jt", tZONE, -HOUR(7.5) },/* Java (3pm in Cronusland!) */ #endif { "cct", tZONE, -HOUR(8) }, /* China Coast, USSR Zone 7 */ { "jst", tZONE, -HOUR(9) }, /* Japan Standard, USSR Zone 8 */ #if 0 { "cast", tZONE, -HOUR(9.5) },/* Central Australian Standard */ { "cadt", tDAYZONE, -HOUR(9.5) },/* Central Australian Daylight */ #endif { "east", tZONE, -HOUR(10) }, /* Eastern Australian Standard */ { "eadt", tDAYZONE, -HOUR(10) }, /* Eastern Australian Daylight */ { "gst", tZONE, -HOUR(10) }, /* Guam Standard, USSR Zone 9 */ { "nzt", tZONE, -HOUR(12) }, /* New Zealand */ { "nzst", tZONE, -HOUR(12) }, /* New Zealand Standard */ { "nzdt", tDAYZONE, -HOUR(12) }, /* New Zealand Daylight */ { "idle", tZONE, -HOUR(12) }, /* International Date Line East */ { NULL } }; /* Military timezone table. */ static TABLE const MilitaryTable[] = { { "a", tZONE, HOUR( 1) }, { "b", tZONE, HOUR( 2) }, { "c", tZONE, HOUR( 3) }, { "d", tZONE, HOUR( 4) }, { "e", tZONE, HOUR( 5) }, { "f", tZONE, HOUR( 6) }, { "g", tZONE, HOUR( 7) }, { "h", tZONE, HOUR( 8) }, { "i", tZONE, HOUR( 9) }, { "k", tZONE, HOUR( 10) }, { "l", tZONE, HOUR( 11) }, { "m", tZONE, HOUR( 12) }, { "n", tZONE, HOUR(- 1) }, { "o", tZONE, HOUR(- 2) }, { "p", tZONE, HOUR(- 3) }, { "q", tZONE, HOUR(- 4) }, { "r", tZONE, HOUR(- 5) }, { "s", tZONE, HOUR(- 6) }, { "t", tZONE, HOUR(- 7) }, { "u", tZONE, HOUR(- 8) }, { "v", tZONE, HOUR(- 9) }, { "w", tZONE, HOUR(-10) }, { "x", tZONE, HOUR(-11) }, { "y", tZONE, HOUR(-12) }, { "z", tZONE, HOUR( 0) }, { NULL } }; /* ARGSUSED */ static int yyerror(const char *s) { return 0; } static time_t ToSeconds(time_t Hours, time_t Minutes, time_t Seconds, MERIDIAN Meridian) { if (Minutes < 0 || Minutes > 59 || Seconds < 0 || Seconds > 59) return -1; switch (Meridian) { case MER24: if (Hours < 0 || Hours > 23) return -1; return (Hours * 60L + Minutes) * 60L + Seconds; case MERam: if (Hours < 1 || Hours > 12) return -1; if (Hours == 12) Hours = 0; return (Hours * 60L + Minutes) * 60L + Seconds; case MERpm: if (Hours < 1 || Hours > 12) return -1; if (Hours == 12) Hours = 0; return ((Hours + 12) * 60L + Minutes) * 60L + Seconds; default: abort (); } /* NOTREACHED */ } /* Year is either * A negative number, which means to use its absolute value (why?) * A number from 0 to 99, which means a year from 1900 to 1999, or * The actual year (>=100). */ static time_t Convert(time_t Month, time_t Day, time_t Year, time_t Hours, time_t Minutes, time_t Seconds, MERIDIAN Meridian, DSTMODE DSTmode) { static int DaysInMonth[12] = { 31, 0, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; time_t tod; time_t Julian; int i; if (Year < 0) Year = -Year; if (Year < 69) Year += 2000; else if (Year < 100) { Year += 1900; if (Year < EPOCH) Year += 100; } DaysInMonth[1] = Year % 4 == 0 && (Year % 100 != 0 || Year % 400 == 0) ? 29 : 28; /* 32-bit time_t cannot represent years past 2038 */ if (Year < EPOCH || (sizeof(time_t) == sizeof(int) && Year > 2038) || Month < 1 || Month > 12 /* Lint fluff: "conversion from long may lose accuracy" */ || Day < 1 || Day > DaysInMonth[(int)--Month]) return -1; for (Julian = Day - 1, i = 0; i < Month; i++) Julian += DaysInMonth[i]; for (i = EPOCH; i < Year; i++) Julian += 365 + (i % 4 == 0); Julian *= SECSPERDAY; Julian += yyTimezone * 60L; if ((tod = ToSeconds(Hours, Minutes, Seconds, Meridian)) < 0) return -1; Julian += tod; if (DSTmode == DSTon || (DSTmode == DSTmaybe && localtime(&Julian)->tm_isdst)) Julian -= 60 * 60; return Julian; } static time_t DSTcorrect(time_t Start, time_t Future) { time_t StartDay; time_t FutureDay; StartDay = (localtime(&Start)->tm_hour + 1) % 24; FutureDay = (localtime(&Future)->tm_hour + 1) % 24; return (Future - Start) + (StartDay - FutureDay) * 60L * 60L; } static time_t RelativeDate(time_t Start, time_t DayOrdinal, time_t DayNumber) { struct tm *tm; time_t now; now = Start; tm = localtime(&now); now += SECSPERDAY * ((DayNumber - tm->tm_wday + 7) % 7); now += 7 * SECSPERDAY * (DayOrdinal <= 0 ? DayOrdinal : DayOrdinal - 1); return DSTcorrect(Start, now); } static time_t RelativeMonth(time_t Start, time_t RelMonth) { struct tm *tm; time_t Month; time_t Year; if (RelMonth == 0) return 0; tm = localtime(&Start); Month = 12 * (tm->tm_year + 1900) + tm->tm_mon + RelMonth; Year = Month / 12; Month = Month % 12 + 1; return DSTcorrect(Start, Convert(Month, (time_t)tm->tm_mday, Year, (time_t)tm->tm_hour, (time_t)tm->tm_min, (time_t)tm->tm_sec, MER24, DSTmaybe)); } static int LookupWord(char *buff) { char *p; char *q; const TABLE *tp; int i; int abbrev; /* Make it lowercase. */ for (p = buff; *p; p++) if (isupper((unsigned char)*p)) *p = tolower((unsigned char)*p); if (strcmp(buff, "am") == 0 || strcmp(buff, "a.m.") == 0) { yylval.Meridian = MERam; return tMERIDIAN; } if (strcmp(buff, "pm") == 0 || strcmp(buff, "p.m.") == 0) { yylval.Meridian = MERpm; return tMERIDIAN; } /* See if we have an abbreviation for a month. */ if (strlen(buff) == 3) abbrev = 1; else if (strlen(buff) == 4 && buff[3] == '.') { abbrev = 1; buff[3] = '\0'; } else abbrev = 0; for (tp = MonthDayTable; tp->name; tp++) { if (abbrev) { if (strncmp(buff, tp->name, 3) == 0) { yylval.Number = tp->value; return tp->type; } } else if (strcmp(buff, tp->name) == 0) { yylval.Number = tp->value; return tp->type; } } for (tp = TimezoneTable; tp->name; tp++) if (strcmp(buff, tp->name) == 0) { yylval.Number = tp->value; return tp->type; } if (strcmp(buff, "dst") == 0) return tDST; for (tp = UnitsTable; tp->name; tp++) if (strcmp(buff, tp->name) == 0) { yylval.Number = tp->value; return tp->type; } /* Strip off any plural and try the units table again. */ i = strlen(buff) - 1; if (buff[i] == 's') { buff[i] = '\0'; for (tp = UnitsTable; tp->name; tp++) if (strcmp(buff, tp->name) == 0) { yylval.Number = tp->value; return tp->type; } buff[i] = 's'; /* Put back for "this" in OtherTable. */ } for (tp = OtherTable; tp->name; tp++) if (strcmp(buff, tp->name) == 0) { yylval.Number = tp->value; return tp->type; } /* Military timezones. */ if (buff[1] == '\0' && isalpha((unsigned char)*buff)) { for (tp = MilitaryTable; tp->name; tp++) if (strcmp(buff, tp->name) == 0) { yylval.Number = tp->value; return tp->type; } } /* Drop out any periods and try the timezone table again. */ for (i = 0, p = q = buff; *q; q++) if (*q != '.') *p++ = *q; else i++; *p = '\0'; if (i) for (tp = TimezoneTable; tp->name; tp++) if (strcmp(buff, tp->name) == 0) { yylval.Number = tp->value; return tp->type; } return tID; } static int yylex(void) { char c; char *p; char buff[20]; int Count; int sign; for ( ; ; ) { while (isspace((unsigned char)*yyInput)) yyInput++; if (isdigit((unsigned char)(c = *yyInput)) || c == '-' || c == '+') { if (c == '-' || c == '+') { sign = c == '-' ? -1 : 1; if (!isdigit((unsigned char)*++yyInput)) /* skip the '-' sign */ continue; } else sign = 0; for (yylval.Number = 0; isdigit((unsigned char)(c = *yyInput++)); ) yylval.Number = 10 * yylval.Number + c - '0'; yyInput--; if (sign < 0) yylval.Number = -yylval.Number; return sign ? tSNUMBER : tUNUMBER; } if (isalpha((unsigned char)c)) { for (p = buff; isalpha((unsigned char)(c = *yyInput++)) || c == '.'; ) if (p < &buff[sizeof buff - 1]) *p++ = c; *p = '\0'; yyInput--; return LookupWord(buff); } if (c != '(') return *yyInput++; Count = 0; do { c = *yyInput++; if (c == '\0') return c; if (c == '(') Count++; else if (c == ')') Count--; } while (Count > 0); } } #define TM_YEAR_ORIGIN 1900 /* Yield A - B, measured in seconds. */ static long difftm(struct tm *a, struct tm *b) { int ay = a->tm_year + (TM_YEAR_ORIGIN - 1); int by = b->tm_year + (TM_YEAR_ORIGIN - 1); int days = ( /* difference in day of year */ a->tm_yday - b->tm_yday /* + intervening leap days */ + ((ay >> 2) - (by >> 2)) - (ay/100 - by/100) + ((ay/100 >> 2) - (by/100 >> 2)) /* + difference in years * 365 */ + (long)(ay-by) * 365 ); return (60*(60*(24*days + (a->tm_hour - b->tm_hour)) + (a->tm_min - b->tm_min)) + (a->tm_sec - b->tm_sec)); } time_t get_date(char *p) { struct tm *tm, *gmt, gmtbuf; time_t Start; time_t tod; time_t now; time_t timezone; yyInput = p; (void)time (&now); gmt = gmtime (&now); if (gmt != NULL) { /* Make a copy, in case localtime modifies *tm (I think that comment now applies to *gmt, but I am too lazy to dig into how gmtime and locatime allocate the structures they return pointers to). */ gmtbuf = *gmt; gmt = &gmtbuf; } if (! (tm = localtime (&now))) return -1; if (gmt != NULL) timezone = difftm (gmt, tm) / 60; else /* We are on a system like VMS, where the system clock is in local time and the system has no concept of timezones. Hopefully we can fake this out (for the case in which the user specifies no timezone) by just saying the timezone is zero. */ timezone = 0; if(tm->tm_isdst) timezone += 60; tm = localtime(&now); yyYear = tm->tm_year + 1900; yyMonth = tm->tm_mon + 1; yyDay = tm->tm_mday; yyTimezone = timezone; yyDSTmode = DSTmaybe; yyHour = 0; yyMinutes = 0; yySeconds = 0; yyMeridian = MER24; yyRelSeconds = 0; yyRelMonth = 0; yyHaveDate = 0; yyHaveDay = 0; yyHaveRel = 0; yyHaveTime = 0; yyHaveZone = 0; if (yyparse() || yyHaveTime > 1 || yyHaveZone > 1 || yyHaveDate > 1 || yyHaveDay > 1) return -1; if (yyHaveDate || yyHaveTime || yyHaveDay) { Start = Convert(yyMonth, yyDay, yyYear, yyHour, yyMinutes, yySeconds, yyMeridian, yyDSTmode); if (Start < 0) return -1; } else { Start = now; if (!yyHaveRel) Start -= ((tm->tm_hour * 60L + tm->tm_min) * 60L) + tm->tm_sec; } Start += yyRelSeconds; Start += RelativeMonth(Start, yyRelMonth); if (yyHaveDay && !yyHaveDate) { tod = RelativeDate(Start, yyDayOrdinal, yyDayNumber); Start += tod; } /* Have to do *something* with a legitimate -1 so it's distinguishable * from the error return value. (Alternately could set errno on error.) */ return Start == -1 ? 0 : Start; } #ifdef TEST /* ARGSUSED */ int main(int argc, char *argv[]) { char buff[128]; time_t d; (void)printf("Enter date, or blank line to exit.\n\t> "); (void)fflush(stdout); while (fgets(buff, sizeof(buff), stdin) && buff[0]) { d = get_date(buff); if (d == -1) (void)printf("Bad format - couldn't convert.\n"); else (void)printf("%s", ctime(&d)); (void)printf("\t> "); (void)fflush(stdout); } exit(0); /* NOTREACHED */ } #endif /* TEST */ sudo-1.8.9p5/plugins/sudoers/getspwuid.c010064400175440000012000000104541226304126500176750ustar00millertstaff/* * Copyright (c) 1996, 1998-2005, 2010-2012 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #ifdef HAVE_GETSPNAM # include #endif /* HAVE_GETSPNAM */ #ifdef HAVE_GETPRPWNAM # ifdef __hpux # undef MAXINT # include # else # include # endif /* __hpux */ # include #endif /* HAVE_GETPRPWNAM */ #ifdef HAVE_GETPWANAM # include # include # include #endif /* HAVE_GETPWANAM */ #ifdef HAVE_GETAUTHUID # include #endif /* HAVE_GETAUTHUID */ #include "sudoers.h" /* * Exported for auth/secureware.c */ #if defined(HAVE_GETPRPWNAM) && defined(__alpha) int crypt_type = INT_MAX; #endif /* HAVE_GETPRPWNAM && __alpha */ /* * Return a copy of the encrypted password for the user described by pw. * If shadow passwords are in use, look in the shadow file. */ char * sudo_getepw(const struct passwd *pw) { char *epw = NULL; debug_decl(sudo_getepw, SUDO_DEBUG_AUTH) /* If there is a function to check for shadow enabled, use it... */ #ifdef HAVE_ISCOMSEC if (!iscomsec()) goto done; #endif /* HAVE_ISCOMSEC */ #ifdef HAVE_ISSECURE if (!issecure()) goto done; #endif /* HAVE_ISSECURE */ #ifdef HAVE_GETPRPWNAM { struct pr_passwd *spw; if ((spw = getprpwnam(pw->pw_name)) && spw->ufld.fd_encrypt) { # ifdef __alpha crypt_type = spw->ufld.fd_oldcrypt; # endif /* __alpha */ epw = spw->ufld.fd_encrypt; } } #endif /* HAVE_GETPRPWNAM */ #ifdef HAVE_GETSPNAM { struct spwd *spw; if ((spw = getspnam(pw->pw_name)) && spw->sp_pwdp) epw = spw->sp_pwdp; } #endif /* HAVE_GETSPNAM */ #ifdef HAVE_GETSPWUID { struct s_passwd *spw; if ((spw = getspwuid(pw->pw_uid)) && spw->pw_passwd) epw = spw->pw_passwd; } #endif /* HAVE_GETSPWUID */ #ifdef HAVE_GETPWANAM { struct passwd_adjunct *spw; if ((spw = getpwanam(pw->pw_name)) && spw->pwa_passwd) epw = spw->pwa_passwd; } #endif /* HAVE_GETPWANAM */ #ifdef HAVE_GETAUTHUID { AUTHORIZATION *spw; if ((spw = getauthuid(pw->pw_uid)) && spw->a_password) epw = spw->a_password; } #endif /* HAVE_GETAUTHUID */ #if defined(HAVE_ISCOMSEC) || defined(HAVE_ISSECURE) done: #endif /* If no shadow password, fall back on regular password. */ debug_return_str(estrdup(epw ? epw : pw->pw_passwd)); } void sudo_setspent(void) { debug_decl(sudo_setspent, SUDO_DEBUG_AUTH) #ifdef HAVE_GETPRPWNAM setprpwent(); #endif #ifdef HAVE_GETSPNAM setspent(); #endif #ifdef HAVE_GETSPWUID setspwent(); #endif #ifdef HAVE_GETPWANAM setpwaent(); #endif #ifdef HAVE_GETAUTHUID setauthent(); #endif debug_return; } void sudo_endspent(void) { debug_decl(sudo_endspent, SUDO_DEBUG_AUTH) #ifdef HAVE_GETPRPWNAM endprpwent(); #endif #ifdef HAVE_GETSPNAM endspent(); #endif #ifdef HAVE_GETSPWUID endspwent(); #endif #ifdef HAVE_GETPWANAM endpwaent(); #endif #ifdef HAVE_GETAUTHUID endauthent(); #endif debug_return; } sudo-1.8.9p5/plugins/sudoers/goodpath.c010064400175440000012000000035321226304126500174660ustar00millertstaff/* * Copyright (c) 1996, 1998-2005, 2010-2012 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #include #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include "sudoers.h" /* * Verify that path is a normal file and executable by root. */ bool sudo_goodpath(const char *path, struct stat *sbp) { struct stat sb; bool rval = false; debug_decl(sudo_goodpath, SUDO_DEBUG_UTIL) if (path != NULL && stat(path, &sb) == 0) { /* Make sure path describes an executable regular file. */ if (S_ISREG(sb.st_mode) && ISSET(sb.st_mode, 0111)) rval = true; else errno = EACCES; if (sbp) (void) memcpy(sbp, &sb, sizeof(struct stat)); } debug_return_bool(rval); } sudo-1.8.9p5/plugins/sudoers/gram.c010064400175440000012000001535271226304126500166210ustar00millertstaff#include #include #include #define YYBYACC 1 #define YYMAJOR 1 #define YYMINOR 9 #define YYLEX yylex() #define YYEMPTY -1 #define yyclearin (yychar=(YYEMPTY)) #define yyerrok (yyerrflag=0) #define YYRECOVERING() (yyerrflag!=0) #define yyparse sudoersparse #define yylex sudoerslex #define yyerror sudoerserror #define yychar sudoerschar #define yyval sudoersval #define yylval sudoerslval #define yydebug sudoersdebug #define yynerrs sudoersnerrs #define yyerrflag sudoerserrflag #define yyss sudoersss #define yysslim sudoerssslim #define yyssp sudoersssp #define yyvs sudoersvs #define yyvsp sudoersvsp #define yystacksize sudoersstacksize #define yylhs sudoerslhs #define yylen sudoerslen #define yydefred sudoersdefred #define yydgoto sudoersdgoto #define yysindex sudoerssindex #define yyrindex sudoersrindex #define yygindex sudoersgindex #define yytable sudoerstable #define yycheck sudoerscheck #define yyname sudoersname #define yyrule sudoersrule #define YYPREFIX "sudoers" #line 2 "gram.y" /* * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef HAVE_INTTYPES_H # include #endif #if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__) # include #endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */ #include #include "sudoers.h" /* XXX */ #include "parse.h" #include "toke.h" /* * We must define SIZE_MAX for yacc's skeleton.c. * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t * could be signed (as it is on SunOS 4.x). */ #ifndef SIZE_MAX # ifdef SIZE_T_MAX # define SIZE_MAX SIZE_T_MAX # else # define SIZE_MAX INT_MAX # endif /* SIZE_T_MAX */ #endif /* SIZE_MAX */ /* * Globals */ bool sudoers_warnings = true; bool parse_error = false; int errorlineno = -1; const char *errorfile = NULL; struct defaults_list defaults = TAILQ_HEAD_INITIALIZER(defaults); struct userspec_list userspecs = TAILQ_HEAD_INITIALIZER(userspecs); /* * Local protoypes */ static void add_defaults(int, struct member *, struct defaults *); static void add_userspec(struct member *, struct privilege *); static struct defaults *new_default(char *, char *, int); static struct member *new_member(char *, int); static struct sudo_digest *new_digest(int, const char *); #line 92 "gram.y" #ifndef YYSTYPE_DEFINED #define YYSTYPE_DEFINED typedef union { struct cmndspec *cmndspec; struct defaults *defaults; struct member *member; struct runascontainer *runas; struct privilege *privilege; struct sudo_digest *digest; struct sudo_command command; struct cmndtag tag; struct selinux_info seinfo; struct solaris_privs_info privinfo; char *string; int tok; } YYSTYPE; #endif /* YYSTYPE_DEFINED */ #line 146 "gram.c" #define COMMAND 257 #define ALIAS 258 #define DEFVAR 259 #define NTWKADDR 260 #define NETGROUP 261 #define USERGROUP 262 #define WORD 263 #define DIGEST 264 #define DEFAULTS 265 #define DEFAULTS_HOST 266 #define DEFAULTS_USER 267 #define DEFAULTS_RUNAS 268 #define DEFAULTS_CMND 269 #define NOPASSWD 270 #define PASSWD 271 #define NOEXEC 272 #define EXEC 273 #define SETENV 274 #define NOSETENV 275 #define LOG_INPUT 276 #define NOLOG_INPUT 277 #define LOG_OUTPUT 278 #define NOLOG_OUTPUT 279 #define ALL 280 #define COMMENT 281 #define HOSTALIAS 282 #define CMNDALIAS 283 #define USERALIAS 284 #define RUNASALIAS 285 #define ERROR 286 #define TYPE 287 #define ROLE 288 #define PRIVS 289 #define LIMITPRIVS 290 #define MYSELF 291 #define SHA224 292 #define SHA256 293 #define SHA384 294 #define SHA512 295 #define YYERRCODE 256 #if defined(__cplusplus) || defined(__STDC__) const short sudoerslhs[] = #else short sudoerslhs[] = #endif { -1, 0, 0, 30, 30, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 4, 4, 3, 3, 3, 3, 3, 21, 21, 20, 11, 11, 9, 9, 9, 9, 9, 2, 2, 1, 29, 29, 29, 29, 7, 7, 6, 6, 24, 25, 23, 23, 23, 23, 23, 27, 28, 26, 26, 26, 26, 26, 18, 18, 19, 19, 19, 19, 19, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 5, 5, 5, 33, 33, 36, 10, 10, 34, 34, 37, 8, 8, 35, 35, 38, 32, 32, 39, 14, 14, 12, 12, 13, 13, 13, 13, 13, 17, 17, 15, 15, 16, 16, 16, }; #if defined(__cplusplus) || defined(__STDC__) const short sudoerslen[] = #else short sudoerslen[] = #endif { 2, 0, 1, 1, 2, 1, 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 1, 3, 1, 2, 3, 3, 3, 1, 3, 3, 1, 2, 1, 1, 1, 1, 1, 1, 3, 5, 3, 3, 3, 3, 1, 2, 1, 2, 3, 3, 0, 1, 1, 2, 2, 3, 3, 0, 1, 1, 2, 2, 0, 3, 0, 1, 3, 2, 1, 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 3, 3, 1, 3, 1, 3, 3, 1, 3, 1, 3, 3, 1, 3, 3, 1, 3, 1, 2, 1, 1, 1, 1, 1, 1, 3, 1, 2, 1, 1, 1, }; #if defined(__cplusplus) || defined(__STDC__) const short sudoersdefred[] = #else short sudoersdefred[] = #endif { 0, 0, 100, 102, 103, 104, 0, 0, 0, 0, 0, 101, 5, 0, 0, 0, 0, 0, 0, 96, 98, 0, 0, 3, 6, 0, 0, 17, 0, 29, 32, 31, 33, 30, 0, 27, 0, 83, 0, 0, 79, 78, 77, 0, 0, 0, 0, 0, 43, 41, 88, 0, 0, 0, 0, 80, 0, 0, 85, 0, 0, 93, 0, 0, 90, 99, 0, 0, 24, 0, 4, 0, 0, 0, 20, 0, 28, 0, 0, 0, 0, 44, 0, 0, 0, 0, 0, 0, 42, 0, 0, 0, 0, 0, 0, 0, 0, 97, 0, 0, 21, 22, 23, 18, 84, 37, 38, 39, 40, 89, 0, 81, 0, 86, 0, 94, 0, 91, 0, 34, 0, 0, 25, 0, 0, 0, 0, 0, 0, 0, 0, 0, 109, 111, 110, 0, 105, 107, 0, 0, 60, 35, 0, 0, 0, 0, 66, 0, 0, 50, 51, 108, 0, 0, 46, 45, 0, 0, 0, 57, 58, 106, 52, 53, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 36, }; #if defined(__cplusplus) || defined(__STDC__) const short sudoersdgoto[] = #else short sudoersdgoto[] = #endif { 18, 119, 120, 27, 28, 48, 49, 50, 51, 35, 67, 37, 19, 20, 21, 136, 137, 138, 121, 125, 68, 69, 158, 129, 130, 131, 146, 147, 148, 52, 22, 23, 60, 54, 57, 63, 55, 58, 64, 61, }; #if defined(__cplusplus) || defined(__STDC__) const short sudoerssindex[] = #else short sudoerssindex[] = #endif { -33, -277, 0, 0, 0, 0, -13, 75, 105, 105, -15, 0, 0, -246, -241, -217, -210, -226, 0, 0, 0, -5, -33, 0, 0, -3, -244, 0, 5, 0, 0, 0, 0, 0, -237, 0, -28, 0, -19, -19, 0, 0, 0, -251, -7, -1, 4, 7, 0, 0, 0, -14, -20, -2, 8, 0, 6, 11, 0, 9, 13, 0, 12, 14, 0, 0, 105, -11, 0, 18, 0, -203, -200, -188, 0, -13, 0, 75, 5, 5, 5, 0, -187, -185, -184, -183, -15, 5, 0, 75, -246, -15, -241, 105, -217, 105, -210, 0, 42, 75, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 39, 0, 40, 0, 43, 0, 43, 0, 45, 0, 44, -279, 0, 135, -6, 49, 42, 25, 32, -243, -195, -192, 0, 0, 0, -236, 0, 0, 54, 135, 0, 0, -164, -163, 41, 46, 0, -189, -180, 0, 0, 0, 135, 54, 0, 0, -159, -158, 585, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,}; #if defined(__cplusplus) || defined(__STDC__) const short sudoersrindex[] = #else short sudoersrindex[] = #endif { 106, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 110, 0, 0, 1, 0, 0, 181, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 211, 0, 0, 241, 0, 0, 271, 0, 0, 301, 0, 0, 0, 0, 0, 331, 0, 0, 0, 0, 0, 0, 0, 0, 361, 391, 421, 0, 0, 0, 0, 0, 0, 451, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 467, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 31, 0, 61, 0, 91, 0, 121, 0, 70, 0, 151, 495, 0, 71, 72, 0, 467, 0, 0, 615, 525, 555, 0, 0, 0, 0, 0, 0, 73, 0, 0, 0, 0, 0, 0, 0, 0, 645, 675, 0, 0, 0, 0, 74, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,}; #if defined(__cplusplus) || defined(__STDC__) const short sudoersgindex[] = #else short sudoersgindex[] = #endif { 0, -10, 0, 47, 17, 80, 65, -84, 27, 92, -4, 48, 62, 112, 2, -25, 10, -9, 0, 0, 33, 0, 0, 0, 3, 16, 0, -17, -12, 0, 0, 111, 0, 0, 0, 0, 50, 51, 52, 53, }; #define YYTABLESIZE 970 #if defined(__cplusplus) || defined(__STDC__) const short sudoerstable[] = #else short sudoerstable[] = #endif { 17, 19, 109, 36, 24, 26, 40, 41, 127, 128, 38, 39, 53, 43, 26, 74, 77, 56, 43, 26, 26, 29, 132, 30, 31, 66, 32, 133, 34, 42, 86, 82, 2, 77, 19, 3, 4, 5, 66, 66, 72, 59, 73, 33, 134, 19, 144, 145, 62, 75, 98, 82, 139, 78, 11, 79, 80, 83, 71, 89, 100, 87, 84, 101, 82, 85, 90, 91, 87, 92, 93, 94, 96, 95, 174, 102, 99, 105, 17, 106, 107, 108, 118, 77, 86, 110, 142, 66, 126, 82, 140, 95, 127, 143, 87, 114, 128, 116, 152, 154, 155, 145, 156, 123, 162, 163, 1, 157, 34, 144, 2, 61, 65, 62, 64, 63, 141, 88, 112, 87, 124, 92, 103, 81, 95, 104, 76, 161, 97, 65, 153, 160, 122, 70, 150, 159, 0, 0, 17, 0, 111, 0, 0, 113, 0, 151, 149, 115, 117, 95, 0, 26, 0, 0, 92, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 135, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 92, 0, 12, 0, 0, 26, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 26, 0, 9, 0, 0, 12, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 2, 0, 0, 3, 4, 5, 25, 6, 7, 8, 9, 10, 40, 41, 0, 25, 10, 40, 41, 9, 25, 25, 11, 12, 13, 14, 15, 16, 29, 0, 30, 31, 19, 32, 19, 42, 0, 19, 19, 19, 42, 19, 19, 19, 19, 19, 8, 0, 0, 10, 33, 0, 44, 45, 46, 47, 19, 19, 19, 19, 19, 19, 82, 0, 82, 0, 0, 82, 82, 82, 0, 82, 82, 82, 82, 82, 11, 0, 2, 8, 0, 3, 4, 5, 0, 0, 82, 82, 82, 82, 82, 82, 87, 0, 87, 0, 0, 87, 87, 87, 11, 87, 87, 87, 87, 87, 7, 0, 29, 11, 30, 31, 0, 32, 0, 0, 87, 87, 87, 87, 87, 87, 95, 0, 95, 0, 0, 95, 95, 95, 33, 95, 95, 95, 95, 95, 15, 0, 2, 7, 0, 3, 4, 5, 0, 0, 95, 95, 95, 95, 95, 95, 92, 0, 92, 0, 0, 92, 92, 92, 11, 92, 92, 92, 92, 92, 13, 0, 132, 15, 0, 0, 0, 133, 0, 0, 92, 92, 92, 92, 92, 92, 26, 0, 26, 0, 0, 26, 26, 26, 134, 26, 26, 26, 26, 26, 14, 0, 0, 13, 0, 0, 0, 0, 0, 0, 26, 26, 26, 26, 26, 26, 12, 0, 12, 0, 0, 12, 12, 12, 0, 12, 12, 12, 12, 12, 16, 0, 0, 14, 0, 0, 0, 0, 0, 0, 12, 12, 12, 12, 12, 12, 9, 0, 9, 0, 0, 9, 9, 9, 0, 9, 9, 9, 9, 9, 0, 0, 0, 16, 0, 0, 0, 0, 0, 0, 9, 9, 9, 9, 9, 9, 10, 0, 10, 59, 0, 10, 10, 10, 0, 10, 10, 10, 10, 10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 10, 10, 10, 10, 10, 10, 8, 47, 8, 0, 0, 8, 8, 8, 0, 8, 8, 8, 8, 8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 8, 8, 8, 8, 8, 8, 11, 48, 11, 0, 0, 11, 11, 11, 0, 11, 11, 11, 11, 11, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 11, 11, 11, 11, 11, 11, 7, 49, 7, 0, 0, 7, 7, 7, 0, 7, 7, 7, 7, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 7, 7, 7, 7, 7, 7, 15, 43, 15, 0, 0, 15, 15, 15, 0, 15, 15, 15, 15, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 15, 15, 15, 15, 15, 15, 13, 54, 13, 0, 0, 13, 13, 13, 0, 13, 13, 13, 13, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 13, 13, 13, 13, 13, 14, 55, 14, 0, 0, 14, 14, 14, 0, 14, 14, 14, 14, 14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 14, 14, 14, 14, 14, 14, 16, 56, 16, 0, 0, 16, 16, 16, 0, 16, 16, 16, 16, 16, 0, 0, 0, 59, 59, 0, 0, 0, 0, 0, 16, 16, 16, 16, 16, 16, 59, 59, 59, 59, 59, 59, 59, 59, 59, 59, 59, 0, 0, 0, 0, 47, 47, 59, 59, 59, 59, 0, 59, 59, 59, 59, 0, 0, 47, 47, 47, 47, 47, 47, 47, 47, 47, 47, 47, 0, 0, 0, 0, 0, 0, 48, 48, 47, 47, 0, 47, 47, 47, 47, 0, 0, 0, 0, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 0, 0, 0, 0, 0, 0, 49, 49, 48, 48, 0, 48, 48, 48, 48, 0, 0, 0, 0, 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, 0, 0, 0, 0, 0, 0, 40, 41, 49, 49, 0, 49, 49, 49, 49, 0, 0, 0, 0, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 42, 0, 0, 0, 0, 0, 0, 54, 54, 0, 0, 0, 44, 45, 46, 47, 0, 0, 0, 0, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 0, 0, 0, 0, 0, 0, 55, 55, 0, 0, 0, 54, 54, 54, 54, 0, 0, 0, 0, 55, 55, 55, 55, 55, 55, 55, 55, 55, 55, 55, 0, 0, 0, 0, 0, 0, 56, 56, 0, 0, 0, 55, 55, 55, 55, 0, 0, 0, 0, 56, 56, 56, 56, 56, 56, 56, 56, 56, 56, 56, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 56, 56, 56, 56, }; #if defined(__cplusplus) || defined(__STDC__) const short sudoerscheck[] = #else short sudoerscheck[] = #endif { 33, 0, 86, 7, 281, 33, 257, 258, 287, 288, 8, 9, 258, 33, 33, 259, 44, 258, 33, 33, 33, 258, 258, 260, 261, 44, 263, 263, 33, 280, 44, 0, 258, 44, 33, 261, 262, 263, 44, 44, 43, 258, 45, 280, 280, 44, 289, 290, 258, 44, 61, 58, 58, 36, 280, 38, 39, 58, 61, 61, 263, 0, 58, 263, 33, 58, 58, 61, 51, 58, 61, 58, 58, 61, 158, 263, 58, 264, 33, 264, 264, 264, 40, 44, 44, 89, 61, 44, 44, 58, 41, 0, 287, 61, 33, 93, 288, 95, 44, 263, 263, 290, 61, 58, 263, 263, 0, 61, 33, 289, 0, 41, 41, 41, 41, 41, 126, 52, 91, 58, 118, 0, 75, 43, 33, 77, 34, 152, 66, 17, 139, 148, 99, 22, 131, 147, -1, -1, 33, -1, 90, -1, -1, 92, -1, 135, 130, 94, 96, 58, -1, 0, -1, -1, 33, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 33, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 58, -1, 0, -1, -1, 33, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 58, -1, 0, -1, -1, 33, -1, -1, -1, -1, -1, -1, -1, -1, 256, -1, 258, -1, -1, 261, 262, 263, 259, 265, 266, 267, 268, 269, 257, 258, -1, 259, 0, 257, 258, 33, 259, 259, 280, 281, 282, 283, 284, 285, 258, -1, 260, 261, 256, 263, 258, 280, -1, 261, 262, 263, 280, 265, 266, 267, 268, 269, 0, -1, -1, 33, 280, -1, 292, 293, 294, 295, 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, 0, -1, 258, 33, -1, 261, 262, 263, -1, -1, 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, -1, 261, 262, 263, 280, 265, 266, 267, 268, 269, 0, -1, 258, 33, 260, 261, -1, 263, -1, -1, 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, -1, 261, 262, 263, 280, 265, 266, 267, 268, 269, 0, -1, 258, 33, -1, 261, 262, 263, -1, -1, 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, -1, 261, 262, 263, 280, 265, 266, 267, 268, 269, 0, -1, 258, 33, -1, -1, -1, 263, -1, -1, 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, -1, 261, 262, 263, 280, 265, 266, 267, 268, 269, 0, -1, -1, 33, -1, -1, -1, -1, -1, -1, 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, 0, -1, -1, 33, -1, -1, -1, -1, -1, -1, 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, -1, -1, -1, 33, -1, -1, -1, -1, -1, -1, 280, 281, 282, 283, 284, 285, 256, -1, 258, 33, -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, -1, -1, -1, 257, 258, -1, -1, -1, -1, -1, 280, 281, 282, 283, 284, 285, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, -1, -1, -1, -1, 257, 258, 287, 288, 289, 290, -1, 292, 293, 294, 295, -1, -1, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, -1, 257, 258, 289, 290, -1, 292, 293, 294, 295, -1, -1, -1, -1, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, -1, 257, 258, 289, 290, -1, 292, 293, 294, 295, -1, -1, -1, -1, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, -1, 257, 258, 289, 290, -1, 292, 293, 294, 295, -1, -1, -1, -1, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, -1, 257, 258, -1, -1, -1, 292, 293, 294, 295, -1, -1, -1, -1, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, -1, 257, 258, -1, -1, -1, 292, 293, 294, 295, -1, -1, -1, -1, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, -1, 257, 258, -1, -1, -1, 292, 293, 294, 295, -1, -1, -1, -1, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 292, 293, 294, 295, }; #define YYFINAL 18 #ifndef YYDEBUG #define YYDEBUG 0 #endif #define YYMAXTOKEN 295 #if YYDEBUG #if defined(__cplusplus) || defined(__STDC__) const char * const sudoersname[] = #else char *sudoersname[] = #endif { "end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, "'!'",0,0,0,0,0,0,"'('","')'",0,"'+'","','","'-'",0,0,0,0,0,0,0,0,0,0,0,0,"':'", 0,0,"'='",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, "COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DIGEST", "DEFAULTS","DEFAULTS_HOST","DEFAULTS_USER","DEFAULTS_RUNAS","DEFAULTS_CMND", "NOPASSWD","PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT", "NOLOG_INPUT","LOG_OUTPUT","NOLOG_OUTPUT","ALL","COMMENT","HOSTALIAS", "CMNDALIAS","USERALIAS","RUNASALIAS","ERROR","TYPE","ROLE","PRIVS","LIMITPRIVS", "MYSELF","SHA224","SHA256","SHA384","SHA512", }; #if defined(__cplusplus) || defined(__STDC__) const char * const sudoersrule[] = #else char *sudoersrule[] = #endif {"$accept : file", "file :", "file : line", "line : entry", "line : line entry", "entry : COMMENT", "entry : error COMMENT", "entry : userlist privileges", "entry : USERALIAS useraliases", "entry : HOSTALIAS hostaliases", "entry : CMNDALIAS cmndaliases", "entry : RUNASALIAS runasaliases", "entry : DEFAULTS defaults_list", "entry : DEFAULTS_USER userlist defaults_list", "entry : DEFAULTS_RUNAS userlist defaults_list", "entry : DEFAULTS_HOST hostlist defaults_list", "entry : DEFAULTS_CMND cmndlist defaults_list", "defaults_list : defaults_entry", "defaults_list : defaults_list ',' defaults_entry", "defaults_entry : DEFVAR", "defaults_entry : '!' DEFVAR", "defaults_entry : DEFVAR '=' WORD", "defaults_entry : DEFVAR '+' WORD", "defaults_entry : DEFVAR '-' WORD", "privileges : privilege", "privileges : privileges ':' privilege", "privilege : hostlist '=' cmndspeclist", "ophost : host", "ophost : '!' host", "host : ALIAS", "host : ALL", "host : NETGROUP", "host : NTWKADDR", "host : WORD", "cmndspeclist : cmndspec", "cmndspeclist : cmndspeclist ',' cmndspec", "cmndspec : runasspec selinux solarisprivs cmndtag digcmnd", "digest : SHA224 ':' DIGEST", "digest : SHA256 ':' DIGEST", "digest : SHA384 ':' DIGEST", "digest : SHA512 ':' DIGEST", "digcmnd : opcmnd", "digcmnd : digest opcmnd", "opcmnd : cmnd", "opcmnd : '!' cmnd", "rolespec : ROLE '=' WORD", "typespec : TYPE '=' WORD", "selinux :", "selinux : rolespec", "selinux : typespec", "selinux : rolespec typespec", "selinux : typespec rolespec", "privsspec : PRIVS '=' WORD", "limitprivsspec : LIMITPRIVS '=' WORD", "solarisprivs :", "solarisprivs : privsspec", "solarisprivs : limitprivsspec", "solarisprivs : privsspec limitprivsspec", "solarisprivs : limitprivsspec privsspec", "runasspec :", "runasspec : '(' runaslist ')'", "runaslist :", "runaslist : userlist", "runaslist : userlist ':' grouplist", "runaslist : ':' grouplist", "runaslist : ':'", "cmndtag :", "cmndtag : cmndtag NOPASSWD", "cmndtag : cmndtag PASSWD", "cmndtag : cmndtag NOEXEC", "cmndtag : cmndtag EXEC", "cmndtag : cmndtag SETENV", "cmndtag : cmndtag NOSETENV", "cmndtag : cmndtag LOG_INPUT", "cmndtag : cmndtag NOLOG_INPUT", "cmndtag : cmndtag LOG_OUTPUT", "cmndtag : cmndtag NOLOG_OUTPUT", "cmnd : ALL", "cmnd : ALIAS", "cmnd : COMMAND", "hostaliases : hostalias", "hostaliases : hostaliases ':' hostalias", "hostalias : ALIAS '=' hostlist", "hostlist : ophost", "hostlist : hostlist ',' ophost", "cmndaliases : cmndalias", "cmndaliases : cmndaliases ':' cmndalias", "cmndalias : ALIAS '=' cmndlist", "cmndlist : digcmnd", "cmndlist : cmndlist ',' digcmnd", "runasaliases : runasalias", "runasaliases : runasaliases ':' runasalias", "runasalias : ALIAS '=' userlist", "useraliases : useralias", "useraliases : useraliases ':' useralias", "useralias : ALIAS '=' userlist", "userlist : opuser", "userlist : userlist ',' opuser", "opuser : user", "opuser : '!' user", "user : ALIAS", "user : ALL", "user : NETGROUP", "user : USERGROUP", "user : WORD", "grouplist : opgroup", "grouplist : grouplist ',' opgroup", "opgroup : group", "opgroup : '!' group", "group : ALIAS", "group : ALL", "group : WORD", }; #endif #ifdef YYSTACKSIZE #undef YYMAXDEPTH #define YYMAXDEPTH YYSTACKSIZE #else #ifdef YYMAXDEPTH #define YYSTACKSIZE YYMAXDEPTH #else #define YYSTACKSIZE 10000 #define YYMAXDEPTH 10000 #endif #endif #define YYINITSTACKSIZE 200 /* LINTUSED */ int yydebug; int yynerrs; int yyerrflag; int yychar; short *yyssp; YYSTYPE *yyvsp; YYSTYPE yyval; YYSTYPE yylval; short *yyss; short *yysslim; YYSTYPE *yyvs; unsigned int yystacksize; #line 685 "gram.y" void sudoerserror(const char *s) { debug_decl(sudoerserror, SUDO_DEBUG_PARSER) /* If we last saw a newline the error is on the preceding line. */ if (last_token == COMMENT) sudolineno--; /* Save the line the first error occurred on. */ if (errorlineno == -1) { errorlineno = sudolineno; errorfile = estrdup(sudoers); } if (sudoers_warnings && s != NULL) { LEXTRACE("<*> "); #ifndef TRACELEXER if (trace_print == NULL || trace_print == sudoers_trace_print) { const char fmt[] = ">>> %s: %s near line %d <<<\n"; int oldlocale; /* Warnings are displayed in the user's locale. */ sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale); sudo_printf(SUDO_CONV_ERROR_MSG, _(fmt), sudoers, _(s), sudolineno); sudoers_setlocale(oldlocale, NULL); } #endif } parse_error = true; debug_return; } static struct defaults * new_default(char *var, char *val, int op) { struct defaults *d; debug_decl(new_default, SUDO_DEBUG_PARSER) d = ecalloc(1, sizeof(struct defaults)); d->var = var; d->val = val; /* d->type = 0; */ d->op = op; /* d->binding = NULL */ HLTQ_INIT(d, entries); debug_return_ptr(d); } static struct member * new_member(char *name, int type) { struct member *m; debug_decl(new_member, SUDO_DEBUG_PARSER) m = ecalloc(1, sizeof(struct member)); m->name = name; m->type = type; HLTQ_INIT(m, entries); debug_return_ptr(m); } struct sudo_digest * new_digest(int digest_type, const char *digest_str) { struct sudo_digest *dig; debug_decl(new_digest, SUDO_DEBUG_PARSER) dig = emalloc(sizeof(*dig)); dig->digest_type = digest_type; dig->digest_str = estrdup(digest_str); debug_return_ptr(dig); } /* * Add a list of defaults structures to the defaults list. * The binding, if non-NULL, specifies a list of hosts, users, or * runas users the entries apply to (specified by the type). */ static void add_defaults(int type, struct member *bmem, struct defaults *defs) { struct defaults *d; struct member_list *binding; debug_decl(add_defaults, SUDO_DEBUG_PARSER) if (defs != NULL) { /* * We use a single binding for each entry in defs. */ binding = emalloc(sizeof(*binding)); if (bmem != NULL) HLTQ_TO_TAILQ(binding, bmem, entries); else TAILQ_INIT(binding); /* * Set type and binding (who it applies to) for new entries. * Then add to the global defaults list. */ HLTQ_FOREACH(d, defs, entries) { d->type = type; d->binding = binding; } TAILQ_CONCAT_HLTQ(&defaults, defs, entries); } debug_return; } /* * Allocate a new struct userspec, populate it, and insert it at the * end of the userspecs list. */ static void add_userspec(struct member *members, struct privilege *privs) { struct userspec *u; debug_decl(add_userspec, SUDO_DEBUG_PARSER) u = ecalloc(1, sizeof(*u)); HLTQ_TO_TAILQ(&u->users, members, entries); HLTQ_TO_TAILQ(&u->privileges, privs, entries); TAILQ_INSERT_TAIL(&userspecs, u, entries); debug_return; } /* * Free up space used by data structures from a previous parser run and sets * the current sudoers file to path. */ void init_parser(const char *path, bool quiet) { struct member_list *binding; struct defaults *d, *d_next; struct userspec *us, *us_next; debug_decl(init_parser, SUDO_DEBUG_PARSER) TAILQ_FOREACH_SAFE(us, &userspecs, entries, us_next) { struct member *m, *m_next; struct privilege *priv, *priv_next; TAILQ_FOREACH_SAFE(m, &us->users, entries, m_next) { efree(m->name); efree(m); } TAILQ_FOREACH_SAFE(priv, &us->privileges, entries, priv_next) { struct member_list *runasuserlist = NULL, *runasgrouplist = NULL; struct cmndspec *cs, *cs_next; #ifdef HAVE_SELINUX char *role = NULL, *type = NULL; #endif /* HAVE_SELINUX */ #ifdef HAVE_PRIV_SET char *privs = NULL, *limitprivs = NULL; #endif /* HAVE_PRIV_SET */ TAILQ_FOREACH_SAFE(m, &priv->hostlist, entries, m_next) { efree(m->name); efree(m); } TAILQ_FOREACH_SAFE(cs, &priv->cmndlist, entries, cs_next) { #ifdef HAVE_SELINUX /* Only free the first instance of a role/type. */ if (cs->role != role) { role = cs->role; efree(cs->role); } if (cs->type != type) { type = cs->type; efree(cs->type); } #endif /* HAVE_SELINUX */ #ifdef HAVE_PRIV_SET /* Only free the first instance of privs/limitprivs. */ if (cs->privs != privs) { privs = cs->privs; efree(cs->privs); } if (cs->limitprivs != limitprivs) { limitprivs = cs->limitprivs; efree(cs->limitprivs); } #endif /* HAVE_PRIV_SET */ /* Only free the first instance of runas user/group lists. */ if (cs->runasuserlist && cs->runasuserlist != runasuserlist) { runasuserlist = cs->runasuserlist; TAILQ_FOREACH_SAFE(m, runasuserlist, entries, m_next) { efree(m->name); efree(m); } efree(runasuserlist); } if (cs->runasgrouplist && cs->runasgrouplist != runasgrouplist) { runasgrouplist = cs->runasgrouplist; TAILQ_FOREACH_SAFE(m, runasgrouplist, entries, m_next) { efree(m->name); efree(m); } efree(runasgrouplist); } if (cs->cmnd->type == COMMAND) { struct sudo_command *c = (struct sudo_command *) cs->cmnd->name; efree(c->cmnd); efree(c->args); } efree(cs->cmnd->name); efree(cs->cmnd); efree(cs); } efree(priv); } efree(us); } TAILQ_INIT(&userspecs); binding = NULL; TAILQ_FOREACH_SAFE(d, &defaults, entries, d_next) { if (d->binding != binding) { struct member *m, *m_next; binding = d->binding; TAILQ_FOREACH_SAFE(m, d->binding, entries, m_next) { if (m->type == COMMAND) { struct sudo_command *c = (struct sudo_command *) m->name; efree(c->cmnd); efree(c->args); } efree(m->name); efree(m); } efree(d->binding); } efree(d->var); efree(d->val); efree(d); } TAILQ_INIT(&defaults); init_aliases(); init_lexer(); efree(sudoers); sudoers = path ? estrdup(path) : NULL; parse_error = false; errorlineno = -1; errorfile = sudoers; sudoers_warnings = !quiet; debug_return; } #line 906 "gram.c" /* allocate initial stack or double stack size, up to YYMAXDEPTH */ #if defined(__cplusplus) || defined(__STDC__) static int yygrowstack(void) #else static int yygrowstack() #endif { unsigned int newsize; long sslen; short *newss; YYSTYPE *newvs; if ((newsize = yystacksize) == 0) newsize = YYINITSTACKSIZE; else if (newsize >= YYMAXDEPTH) return -1; else if ((newsize *= 2) > YYMAXDEPTH) newsize = YYMAXDEPTH; #ifdef SIZE_MAX #define YY_SIZE_MAX SIZE_MAX #else #ifdef __STDC__ #define YY_SIZE_MAX 0xffffffffU #else #define YY_SIZE_MAX (unsigned int)0xffffffff #endif #endif if (YY_SIZE_MAX / newsize < sizeof *newss) goto bail; sslen = yyssp - yyss; newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) : (short *)malloc(newsize * sizeof *newss); /* overflow check above */ if (newss == NULL) goto bail; yyss = newss; yyssp = newss + sslen; newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) : (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */ if (newvs == NULL) goto bail; yyvs = newvs; yyvsp = newvs + sslen; yystacksize = newsize; yysslim = yyss + newsize - 1; return 0; bail: if (yyss) free(yyss); if (yyvs) free(yyvs); yyss = yyssp = NULL; yyvs = yyvsp = NULL; yystacksize = 0; return -1; } #define YYABORT goto yyabort #define YYREJECT goto yyabort #define YYACCEPT goto yyaccept #define YYERROR goto yyerrlab int #if defined(__cplusplus) || defined(__STDC__) yyparse(void) #else yyparse() #endif { int yym, yyn, yystate; #if YYDEBUG #if defined(__cplusplus) || defined(__STDC__) const char *yys; #else /* !(defined(__cplusplus) || defined(__STDC__)) */ char *yys; #endif /* !(defined(__cplusplus) || defined(__STDC__)) */ if ((yys = getenv("YYDEBUG"))) { yyn = *yys; if (yyn >= '0' && yyn <= '9') yydebug = yyn - '0'; } #endif /* YYDEBUG */ yynerrs = 0; yyerrflag = 0; yychar = (-1); if (yyss == NULL && yygrowstack()) goto yyoverflow; yyssp = yyss; yyvsp = yyvs; *yyssp = yystate = 0; yyloop: if ((yyn = yydefred[yystate]) != 0) goto yyreduce; if (yychar < 0) { if ((yychar = yylex()) < 0) yychar = 0; #if YYDEBUG if (yydebug) { yys = 0; if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; if (!yys) yys = "illegal-symbol"; printf("%sdebug: state %d, reading %d (%s)\n", YYPREFIX, yystate, yychar, yys); } #endif } if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 && yyn <= YYTABLESIZE && yycheck[yyn] == yychar) { #if YYDEBUG if (yydebug) printf("%sdebug: state %d, shifting to state %d\n", YYPREFIX, yystate, yytable[yyn]); #endif if (yyssp >= yysslim && yygrowstack()) { goto yyoverflow; } *++yyssp = yystate = yytable[yyn]; *++yyvsp = yylval; yychar = (-1); if (yyerrflag > 0) --yyerrflag; goto yyloop; } if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 && yyn <= YYTABLESIZE && yycheck[yyn] == yychar) { yyn = yytable[yyn]; goto yyreduce; } if (yyerrflag) goto yyinrecovery; #if defined(lint) || defined(__GNUC__) goto yynewerror; #endif yynewerror: yyerror("syntax error"); #if defined(lint) || defined(__GNUC__) goto yyerrlab; #endif yyerrlab: ++yynerrs; yyinrecovery: if (yyerrflag < 3) { yyerrflag = 3; for (;;) { if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 && yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE) { #if YYDEBUG if (yydebug) printf("%sdebug: state %d, error recovery shifting\ to state %d\n", YYPREFIX, *yyssp, yytable[yyn]); #endif if (yyssp >= yysslim && yygrowstack()) { goto yyoverflow; } *++yyssp = yystate = yytable[yyn]; *++yyvsp = yylval; goto yyloop; } else { #if YYDEBUG if (yydebug) printf("%sdebug: error recovery discarding state %d\n", YYPREFIX, *yyssp); #endif if (yyssp <= yyss) goto yyabort; --yyssp; --yyvsp; } } } else { if (yychar == 0) goto yyabort; #if YYDEBUG if (yydebug) { yys = 0; if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; if (!yys) yys = "illegal-symbol"; printf("%sdebug: state %d, error recovery discards token %d (%s)\n", YYPREFIX, yystate, yychar, yys); } #endif yychar = (-1); goto yyloop; } yyreduce: #if YYDEBUG if (yydebug) printf("%sdebug: state %d, reducing by rule %d (%s)\n", YYPREFIX, yystate, yyn, yyrule[yyn]); #endif yym = yylen[yyn]; if (yym) yyval = yyvsp[1-yym]; else memset(&yyval, 0, sizeof yyval); switch (yyn) { case 1: #line 182 "gram.y" { ; } break; case 5: #line 190 "gram.y" { ; } break; case 6: #line 193 "gram.y" { yyerrok; } break; case 7: #line 196 "gram.y" { add_userspec(yyvsp[-1].member, yyvsp[0].privilege); } break; case 8: #line 199 "gram.y" { ; } break; case 9: #line 202 "gram.y" { ; } break; case 10: #line 205 "gram.y" { ; } break; case 11: #line 208 "gram.y" { ; } break; case 12: #line 211 "gram.y" { add_defaults(DEFAULTS, NULL, yyvsp[0].defaults); } break; case 13: #line 214 "gram.y" { add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults); } break; case 14: #line 217 "gram.y" { add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults); } break; case 15: #line 220 "gram.y" { add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults); } break; case 16: #line 223 "gram.y" { add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults); } break; case 18: #line 229 "gram.y" { HLTQ_CONCAT(yyvsp[-2].defaults, yyvsp[0].defaults, entries); yyval.defaults = yyvsp[-2].defaults; } break; case 19: #line 235 "gram.y" { yyval.defaults = new_default(yyvsp[0].string, NULL, true); } break; case 20: #line 238 "gram.y" { yyval.defaults = new_default(yyvsp[0].string, NULL, false); } break; case 21: #line 241 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, true); } break; case 22: #line 244 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+'); } break; case 23: #line 247 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-'); } break; case 25: #line 253 "gram.y" { HLTQ_CONCAT(yyvsp[-2].privilege, yyvsp[0].privilege, entries); yyval.privilege = yyvsp[-2].privilege; } break; case 26: #line 259 "gram.y" { struct privilege *p = ecalloc(1, sizeof(*p)); HLTQ_TO_TAILQ(&p->hostlist, yyvsp[-2].member, entries); HLTQ_TO_TAILQ(&p->cmndlist, yyvsp[0].cmndspec, entries); HLTQ_INIT(p, entries); yyval.privilege = p; } break; case 27: #line 268 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; case 28: #line 272 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; case 29: #line 278 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; case 30: #line 281 "gram.y" { yyval.member = new_member(NULL, ALL); } break; case 31: #line 284 "gram.y" { yyval.member = new_member(yyvsp[0].string, NETGROUP); } break; case 32: #line 287 "gram.y" { yyval.member = new_member(yyvsp[0].string, NTWKADDR); } break; case 33: #line 290 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); } break; case 35: #line 296 "gram.y" { struct cmndspec *prev; prev = HLTQ_LAST(yyvsp[-2].cmndspec, cmndspec, entries); HLTQ_CONCAT(yyvsp[-2].cmndspec, yyvsp[0].cmndspec, entries); #ifdef HAVE_SELINUX /* propagate role and type */ if (yyvsp[0].cmndspec->role == NULL) yyvsp[0].cmndspec->role = prev->role; if (yyvsp[0].cmndspec->type == NULL) yyvsp[0].cmndspec->type = prev->type; #endif /* HAVE_SELINUX */ #ifdef HAVE_PRIV_SET /* propagate privs & limitprivs */ if (yyvsp[0].cmndspec->privs == NULL) yyvsp[0].cmndspec->privs = prev->privs; if (yyvsp[0].cmndspec->limitprivs == NULL) yyvsp[0].cmndspec->limitprivs = prev->limitprivs; #endif /* HAVE_PRIV_SET */ /* propagate tags and runas list */ if (yyvsp[0].cmndspec->tags.nopasswd == UNSPEC) yyvsp[0].cmndspec->tags.nopasswd = prev->tags.nopasswd; if (yyvsp[0].cmndspec->tags.noexec == UNSPEC) yyvsp[0].cmndspec->tags.noexec = prev->tags.noexec; if (yyvsp[0].cmndspec->tags.setenv == UNSPEC && prev->tags.setenv != IMPLIED) yyvsp[0].cmndspec->tags.setenv = prev->tags.setenv; if (yyvsp[0].cmndspec->tags.log_input == UNSPEC) yyvsp[0].cmndspec->tags.log_input = prev->tags.log_input; if (yyvsp[0].cmndspec->tags.log_output == UNSPEC) yyvsp[0].cmndspec->tags.log_output = prev->tags.log_output; if ((yyvsp[0].cmndspec->runasuserlist == NULL && yyvsp[0].cmndspec->runasgrouplist == NULL) && (prev->runasuserlist != NULL || prev->runasgrouplist != NULL)) { yyvsp[0].cmndspec->runasuserlist = prev->runasuserlist; yyvsp[0].cmndspec->runasgrouplist = prev->runasgrouplist; } yyval.cmndspec = yyvsp[-2].cmndspec; } break; case 36: #line 337 "gram.y" { struct cmndspec *cs = ecalloc(1, sizeof(*cs)); if (yyvsp[-4].runas != NULL) { if (yyvsp[-4].runas->runasusers != NULL) { cs->runasuserlist = emalloc(sizeof(*cs->runasuserlist)); HLTQ_TO_TAILQ(cs->runasuserlist, yyvsp[-4].runas->runasusers, entries); } if (yyvsp[-4].runas->runasgroups != NULL) { cs->runasgrouplist = emalloc(sizeof(*cs->runasgrouplist)); HLTQ_TO_TAILQ(cs->runasgrouplist, yyvsp[-4].runas->runasgroups, entries); } efree(yyvsp[-4].runas); } #ifdef HAVE_SELINUX cs->role = yyvsp[-3].seinfo.role; cs->type = yyvsp[-3].seinfo.type; #endif #ifdef HAVE_PRIV_SET cs->privs = yyvsp[-2].privinfo.privs; cs->limitprivs = yyvsp[-2].privinfo.limitprivs; #endif cs->tags = yyvsp[-1].tag; cs->cmnd = yyvsp[0].member; HLTQ_INIT(cs, entries); /* sudo "ALL" implies the SETENV tag */ if (cs->cmnd->type == ALL && !cs->cmnd->negated && cs->tags.setenv == UNSPEC) cs->tags.setenv = IMPLIED; yyval.cmndspec = cs; } break; case 37: #line 373 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA224, yyvsp[0].string); } break; case 38: #line 376 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA256, yyvsp[0].string); } break; case 39: #line 379 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA384, yyvsp[0].string); } break; case 40: #line 382 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA512, yyvsp[0].string); } break; case 41: #line 387 "gram.y" { yyval.member = yyvsp[0].member; } break; case 42: #line 390 "gram.y" { /* XXX - yuck */ struct sudo_command *c = (struct sudo_command *)(yyvsp[0].member->name); c->digest = yyvsp[-1].digest; yyval.member = yyvsp[0].member; } break; case 43: #line 398 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; case 44: #line 402 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; case 45: #line 408 "gram.y" { yyval.string = yyvsp[0].string; } break; case 46: #line 413 "gram.y" { yyval.string = yyvsp[0].string; } break; case 47: #line 418 "gram.y" { yyval.seinfo.role = NULL; yyval.seinfo.type = NULL; } break; case 48: #line 422 "gram.y" { yyval.seinfo.role = yyvsp[0].string; yyval.seinfo.type = NULL; } break; case 49: #line 426 "gram.y" { yyval.seinfo.type = yyvsp[0].string; yyval.seinfo.role = NULL; } break; case 50: #line 430 "gram.y" { yyval.seinfo.role = yyvsp[-1].string; yyval.seinfo.type = yyvsp[0].string; } break; case 51: #line 434 "gram.y" { yyval.seinfo.type = yyvsp[-1].string; yyval.seinfo.role = yyvsp[0].string; } break; case 52: #line 440 "gram.y" { yyval.string = yyvsp[0].string; } break; case 53: #line 444 "gram.y" { yyval.string = yyvsp[0].string; } break; case 54: #line 449 "gram.y" { yyval.privinfo.privs = NULL; yyval.privinfo.limitprivs = NULL; } break; case 55: #line 453 "gram.y" { yyval.privinfo.privs = yyvsp[0].string; yyval.privinfo.limitprivs = NULL; } break; case 56: #line 457 "gram.y" { yyval.privinfo.privs = NULL; yyval.privinfo.limitprivs = yyvsp[0].string; } break; case 57: #line 461 "gram.y" { yyval.privinfo.privs = yyvsp[-1].string; yyval.privinfo.limitprivs = yyvsp[0].string; } break; case 58: #line 465 "gram.y" { yyval.privinfo.limitprivs = yyvsp[-1].string; yyval.privinfo.privs = yyvsp[0].string; } break; case 59: #line 471 "gram.y" { yyval.runas = NULL; } break; case 60: #line 474 "gram.y" { yyval.runas = yyvsp[-1].runas; } break; case 61: #line 479 "gram.y" { yyval.runas = ecalloc(1, sizeof(struct runascontainer)); yyval.runas->runasusers = new_member(NULL, MYSELF); /* $$->runasgroups = NULL; */ } break; case 62: #line 484 "gram.y" { yyval.runas = ecalloc(1, sizeof(struct runascontainer)); yyval.runas->runasusers = yyvsp[0].member; /* $$->runasgroups = NULL; */ } break; case 63: #line 489 "gram.y" { yyval.runas = ecalloc(1, sizeof(struct runascontainer)); yyval.runas->runasusers = yyvsp[-2].member; yyval.runas->runasgroups = yyvsp[0].member; } break; case 64: #line 494 "gram.y" { yyval.runas = ecalloc(1, sizeof(struct runascontainer)); /* $$->runasusers = NULL; */ yyval.runas->runasgroups = yyvsp[0].member; } break; case 65: #line 499 "gram.y" { yyval.runas = ecalloc(1, sizeof(struct runascontainer)); yyval.runas->runasusers = new_member(NULL, MYSELF); /* $$->runasgroups = NULL; */ } break; case 66: #line 506 "gram.y" { yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv = yyval.tag.log_input = yyval.tag.log_output = UNSPEC; } break; case 67: #line 510 "gram.y" { yyval.tag.nopasswd = true; } break; case 68: #line 513 "gram.y" { yyval.tag.nopasswd = false; } break; case 69: #line 516 "gram.y" { yyval.tag.noexec = true; } break; case 70: #line 519 "gram.y" { yyval.tag.noexec = false; } break; case 71: #line 522 "gram.y" { yyval.tag.setenv = true; } break; case 72: #line 525 "gram.y" { yyval.tag.setenv = false; } break; case 73: #line 528 "gram.y" { yyval.tag.log_input = true; } break; case 74: #line 531 "gram.y" { yyval.tag.log_input = false; } break; case 75: #line 534 "gram.y" { yyval.tag.log_output = true; } break; case 76: #line 537 "gram.y" { yyval.tag.log_output = false; } break; case 77: #line 542 "gram.y" { yyval.member = new_member(NULL, ALL); } break; case 78: #line 545 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; case 79: #line 548 "gram.y" { struct sudo_command *c = ecalloc(1, sizeof(*c)); c->cmnd = yyvsp[0].command.cmnd; c->args = yyvsp[0].command.args; yyval.member = new_member((char *)c, COMMAND); } break; case 82: #line 560 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) { sudoerserror(s); YYERROR; } } break; case 84: #line 570 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; case 87: #line 580 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) { sudoerserror(s); YYERROR; } } break; case 89: #line 590 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; case 92: #line 600 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) { sudoerserror(s); YYERROR; } } break; case 95: #line 613 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) { sudoerserror(s); YYERROR; } } break; case 97: #line 623 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; case 98: #line 629 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; case 99: #line 633 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; case 100: #line 639 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; case 101: #line 642 "gram.y" { yyval.member = new_member(NULL, ALL); } break; case 102: #line 645 "gram.y" { yyval.member = new_member(yyvsp[0].string, NETGROUP); } break; case 103: #line 648 "gram.y" { yyval.member = new_member(yyvsp[0].string, USERGROUP); } break; case 104: #line 651 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); } break; case 106: #line 657 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; case 107: #line 663 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; case 108: #line 667 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; case 109: #line 673 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; case 110: #line 676 "gram.y" { yyval.member = new_member(NULL, ALL); } break; case 111: #line 679 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); } break; #line 1798 "gram.c" } yyssp -= yym; yystate = *yyssp; yyvsp -= yym; yym = yylhs[yyn]; if (yystate == 0 && yym == 0) { #if YYDEBUG if (yydebug) printf("%sdebug: after reduction, shifting from state 0 to\ state %d\n", YYPREFIX, YYFINAL); #endif yystate = YYFINAL; *++yyssp = YYFINAL; *++yyvsp = yyval; if (yychar < 0) { if ((yychar = yylex()) < 0) yychar = 0; #if YYDEBUG if (yydebug) { yys = 0; if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; if (!yys) yys = "illegal-symbol"; printf("%sdebug: state %d, reading %d (%s)\n", YYPREFIX, YYFINAL, yychar, yys); } #endif } if (yychar == 0) goto yyaccept; goto yyloop; } if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 && yyn <= YYTABLESIZE && yycheck[yyn] == yystate) yystate = yytable[yyn]; else yystate = yydgoto[yym]; #if YYDEBUG if (yydebug) printf("%sdebug: after reduction, shifting from state %d \ to state %d\n", YYPREFIX, *yyssp, yystate); #endif if (yyssp >= yysslim && yygrowstack()) { goto yyoverflow; } *++yyssp = yystate; *++yyvsp = yyval; goto yyloop; yyoverflow: yyerror("yacc stack overflow"); yyabort: if (yyss) free(yyss); if (yyvs) free(yyvs); yyss = yyssp = NULL; yyvs = yyvsp = NULL; yystacksize = 0; return (1); yyaccept: if (yyss) free(yyss); if (yyvs) free(yyvs); yyss = yyssp = NULL; yyvs = yyvsp = NULL; yystacksize = 0; return (0); } sudo-1.8.9p5/plugins/sudoers/gram.h010064400175440000012000000024061226304126500166130ustar00millertstaff#define COMMAND 257 #define ALIAS 258 #define DEFVAR 259 #define NTWKADDR 260 #define NETGROUP 261 #define USERGROUP 262 #define WORD 263 #define DIGEST 264 #define DEFAULTS 265 #define DEFAULTS_HOST 266 #define DEFAULTS_USER 267 #define DEFAULTS_RUNAS 268 #define DEFAULTS_CMND 269 #define NOPASSWD 270 #define PASSWD 271 #define NOEXEC 272 #define EXEC 273 #define SETENV 274 #define NOSETENV 275 #define LOG_INPUT 276 #define NOLOG_INPUT 277 #define LOG_OUTPUT 278 #define NOLOG_OUTPUT 279 #define ALL 280 #define COMMENT 281 #define HOSTALIAS 282 #define CMNDALIAS 283 #define USERALIAS 284 #define RUNASALIAS 285 #define ERROR 286 #define TYPE 287 #define ROLE 288 #define PRIVS 289 #define LIMITPRIVS 290 #define MYSELF 291 #define SHA224 292 #define SHA256 293 #define SHA384 294 #define SHA512 295 #ifndef YYSTYPE_DEFINED #define YYSTYPE_DEFINED typedef union { struct cmndspec *cmndspec; struct defaults *defaults; struct member *member; struct runascontainer *runas; struct privilege *privilege; struct sudo_digest *digest; struct sudo_command command; struct cmndtag tag; struct selinux_info seinfo; struct solaris_privs_info privinfo; char *string; int tok; } YYSTYPE; #endif /* YYSTYPE_DEFINED */ extern YYSTYPE sudoerslval; sudo-1.8.9p5/plugins/sudoers/gram.y010064400175440000012000000533641226304126500166450ustar00millertstaff%{ /* * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef HAVE_INTTYPES_H # include #endif #if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__) # include #endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */ #include #include "sudoers.h" /* XXX */ #include "parse.h" #include "toke.h" /* * We must define SIZE_MAX for yacc's skeleton.c. * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t * could be signed (as it is on SunOS 4.x). */ #ifndef SIZE_MAX # ifdef SIZE_T_MAX # define SIZE_MAX SIZE_T_MAX # else # define SIZE_MAX INT_MAX # endif /* SIZE_T_MAX */ #endif /* SIZE_MAX */ /* * Globals */ bool sudoers_warnings = true; bool parse_error = false; int errorlineno = -1; const char *errorfile = NULL; struct defaults_list defaults = TAILQ_HEAD_INITIALIZER(defaults); struct userspec_list userspecs = TAILQ_HEAD_INITIALIZER(userspecs); /* * Local protoypes */ static void add_defaults(int, struct member *, struct defaults *); static void add_userspec(struct member *, struct privilege *); static struct defaults *new_default(char *, char *, int); static struct member *new_member(char *, int); static struct sudo_digest *new_digest(int, const char *); %} %union { struct cmndspec *cmndspec; struct defaults *defaults; struct member *member; struct runascontainer *runas; struct privilege *privilege; struct sudo_digest *digest; struct sudo_command command; struct cmndtag tag; struct selinux_info seinfo; struct solaris_privs_info privinfo; char *string; int tok; } %start file /* special start symbol */ %token COMMAND /* absolute pathname w/ optional args */ %token ALIAS /* an UPPERCASE alias name */ %token DEFVAR /* a Defaults variable name */ %token NTWKADDR /* ipv4 or ipv6 address */ %token NETGROUP /* a netgroup (+NAME) */ %token USERGROUP /* a usergroup (%NAME) */ %token WORD /* a word */ %token DIGEST /* a SHA-2 digest */ %token DEFAULTS /* Defaults entry */ %token DEFAULTS_HOST /* Host-specific defaults entry */ %token DEFAULTS_USER /* User-specific defaults entry */ %token DEFAULTS_RUNAS /* Runas-specific defaults entry */ %token DEFAULTS_CMND /* Command-specific defaults entry */ %token NOPASSWD /* no passwd req for command */ %token PASSWD /* passwd req for command (default) */ %token NOEXEC /* preload dummy execve() for cmnd */ %token EXEC /* don't preload dummy execve() */ %token SETENV /* user may set environment for cmnd */ %token NOSETENV /* user may not set environment */ %token LOG_INPUT /* log user's cmnd input */ %token NOLOG_INPUT /* don't log user's cmnd input */ %token LOG_OUTPUT /* log cmnd output */ %token NOLOG_OUTPUT /* don't log cmnd output */ %token ALL /* ALL keyword */ %token COMMENT /* comment and/or carriage return */ %token HOSTALIAS /* Host_Alias keyword */ %token CMNDALIAS /* Cmnd_Alias keyword */ %token USERALIAS /* User_Alias keyword */ %token RUNASALIAS /* Runas_Alias keyword */ %token ':' '=' ',' '!' '+' '-' /* union member tokens */ %token '(' ')' /* runas tokens */ %token ERROR %token TYPE /* SELinux type */ %token ROLE /* SELinux role */ %token PRIVS /* Solaris privileges */ %token LIMITPRIVS /* Solaris limit privileges */ %token MYSELF /* run as myself, not another user */ %token SHA224 /* sha224 digest */ %token SHA256 /* sha256 digest */ %token SHA384 /* sha384 digest */ %token SHA512 /* sha512 digest */ %type cmndspec %type cmndspeclist %type defaults_entry %type defaults_list %type cmnd %type opcmnd %type digcmnd %type cmndlist %type host %type hostlist %type ophost %type opuser %type user %type userlist %type opgroup %type group %type grouplist %type runasspec %type runaslist %type privilege %type privileges %type cmndtag %type selinux %type rolespec %type typespec %type solarisprivs %type privsspec %type limitprivsspec %type digest %% file : { ; } | line ; line : entry | line entry ; entry : COMMENT { ; } | error COMMENT { yyerrok; } | userlist privileges { add_userspec($1, $2); } | USERALIAS useraliases { ; } | HOSTALIAS hostaliases { ; } | CMNDALIAS cmndaliases { ; } | RUNASALIAS runasaliases { ; } | DEFAULTS defaults_list { add_defaults(DEFAULTS, NULL, $2); } | DEFAULTS_USER userlist defaults_list { add_defaults(DEFAULTS_USER, $2, $3); } | DEFAULTS_RUNAS userlist defaults_list { add_defaults(DEFAULTS_RUNAS, $2, $3); } | DEFAULTS_HOST hostlist defaults_list { add_defaults(DEFAULTS_HOST, $2, $3); } | DEFAULTS_CMND cmndlist defaults_list { add_defaults(DEFAULTS_CMND, $2, $3); } ; defaults_list : defaults_entry | defaults_list ',' defaults_entry { HLTQ_CONCAT($1, $3, entries); $$ = $1; } ; defaults_entry : DEFVAR { $$ = new_default($1, NULL, true); } | '!' DEFVAR { $$ = new_default($2, NULL, false); } | DEFVAR '=' WORD { $$ = new_default($1, $3, true); } | DEFVAR '+' WORD { $$ = new_default($1, $3, '+'); } | DEFVAR '-' WORD { $$ = new_default($1, $3, '-'); } ; privileges : privilege | privileges ':' privilege { HLTQ_CONCAT($1, $3, entries); $$ = $1; } ; privilege : hostlist '=' cmndspeclist { struct privilege *p = ecalloc(1, sizeof(*p)); HLTQ_TO_TAILQ(&p->hostlist, $1, entries); HLTQ_TO_TAILQ(&p->cmndlist, $3, entries); HLTQ_INIT(p, entries); $$ = p; } ; ophost : host { $$ = $1; $$->negated = false; } | '!' host { $$ = $2; $$->negated = true; } ; host : ALIAS { $$ = new_member($1, ALIAS); } | ALL { $$ = new_member(NULL, ALL); } | NETGROUP { $$ = new_member($1, NETGROUP); } | NTWKADDR { $$ = new_member($1, NTWKADDR); } | WORD { $$ = new_member($1, WORD); } ; cmndspeclist : cmndspec | cmndspeclist ',' cmndspec { struct cmndspec *prev; prev = HLTQ_LAST($1, cmndspec, entries); HLTQ_CONCAT($1, $3, entries); #ifdef HAVE_SELINUX /* propagate role and type */ if ($3->role == NULL) $3->role = prev->role; if ($3->type == NULL) $3->type = prev->type; #endif /* HAVE_SELINUX */ #ifdef HAVE_PRIV_SET /* propagate privs & limitprivs */ if ($3->privs == NULL) $3->privs = prev->privs; if ($3->limitprivs == NULL) $3->limitprivs = prev->limitprivs; #endif /* HAVE_PRIV_SET */ /* propagate tags and runas list */ if ($3->tags.nopasswd == UNSPEC) $3->tags.nopasswd = prev->tags.nopasswd; if ($3->tags.noexec == UNSPEC) $3->tags.noexec = prev->tags.noexec; if ($3->tags.setenv == UNSPEC && prev->tags.setenv != IMPLIED) $3->tags.setenv = prev->tags.setenv; if ($3->tags.log_input == UNSPEC) $3->tags.log_input = prev->tags.log_input; if ($3->tags.log_output == UNSPEC) $3->tags.log_output = prev->tags.log_output; if (($3->runasuserlist == NULL && $3->runasgrouplist == NULL) && (prev->runasuserlist != NULL || prev->runasgrouplist != NULL)) { $3->runasuserlist = prev->runasuserlist; $3->runasgrouplist = prev->runasgrouplist; } $$ = $1; } ; cmndspec : runasspec selinux solarisprivs cmndtag digcmnd { struct cmndspec *cs = ecalloc(1, sizeof(*cs)); if ($1 != NULL) { if ($1->runasusers != NULL) { cs->runasuserlist = emalloc(sizeof(*cs->runasuserlist)); HLTQ_TO_TAILQ(cs->runasuserlist, $1->runasusers, entries); } if ($1->runasgroups != NULL) { cs->runasgrouplist = emalloc(sizeof(*cs->runasgrouplist)); HLTQ_TO_TAILQ(cs->runasgrouplist, $1->runasgroups, entries); } efree($1); } #ifdef HAVE_SELINUX cs->role = $2.role; cs->type = $2.type; #endif #ifdef HAVE_PRIV_SET cs->privs = $3.privs; cs->limitprivs = $3.limitprivs; #endif cs->tags = $4; cs->cmnd = $5; HLTQ_INIT(cs, entries); /* sudo "ALL" implies the SETENV tag */ if (cs->cmnd->type == ALL && !cs->cmnd->negated && cs->tags.setenv == UNSPEC) cs->tags.setenv = IMPLIED; $$ = cs; } ; digest : SHA224 ':' DIGEST { $$ = new_digest(SUDO_DIGEST_SHA224, $3); } | SHA256 ':' DIGEST { $$ = new_digest(SUDO_DIGEST_SHA256, $3); } | SHA384 ':' DIGEST { $$ = new_digest(SUDO_DIGEST_SHA384, $3); } | SHA512 ':' DIGEST { $$ = new_digest(SUDO_DIGEST_SHA512, $3); } ; digcmnd : opcmnd { $$ = $1; } | digest opcmnd { /* XXX - yuck */ struct sudo_command *c = (struct sudo_command *)($2->name); c->digest = $1; $$ = $2; } ; opcmnd : cmnd { $$ = $1; $$->negated = false; } | '!' cmnd { $$ = $2; $$->negated = true; } ; rolespec : ROLE '=' WORD { $$ = $3; } ; typespec : TYPE '=' WORD { $$ = $3; } ; selinux : /* empty */ { $$.role = NULL; $$.type = NULL; } | rolespec { $$.role = $1; $$.type = NULL; } | typespec { $$.type = $1; $$.role = NULL; } | rolespec typespec { $$.role = $1; $$.type = $2; } | typespec rolespec { $$.type = $1; $$.role = $2; } ; privsspec : PRIVS '=' WORD { $$ = $3; } ; limitprivsspec : LIMITPRIVS '=' WORD { $$ = $3; } ; solarisprivs : /* empty */ { $$.privs = NULL; $$.limitprivs = NULL; } | privsspec { $$.privs = $1; $$.limitprivs = NULL; } | limitprivsspec { $$.privs = NULL; $$.limitprivs = $1; } | privsspec limitprivsspec { $$.privs = $1; $$.limitprivs = $2; } | limitprivsspec privsspec { $$.limitprivs = $1; $$.privs = $2; } ; runasspec : /* empty */ { $$ = NULL; } | '(' runaslist ')' { $$ = $2; } ; runaslist : /* empty */ { $$ = ecalloc(1, sizeof(struct runascontainer)); $$->runasusers = new_member(NULL, MYSELF); /* $$->runasgroups = NULL; */ } | userlist { $$ = ecalloc(1, sizeof(struct runascontainer)); $$->runasusers = $1; /* $$->runasgroups = NULL; */ } | userlist ':' grouplist { $$ = ecalloc(1, sizeof(struct runascontainer)); $$->runasusers = $1; $$->runasgroups = $3; } | ':' grouplist { $$ = ecalloc(1, sizeof(struct runascontainer)); /* $$->runasusers = NULL; */ $$->runasgroups = $2; } | ':' { $$ = ecalloc(1, sizeof(struct runascontainer)); $$->runasusers = new_member(NULL, MYSELF); /* $$->runasgroups = NULL; */ } ; cmndtag : /* empty */ { $$.nopasswd = $$.noexec = $$.setenv = $$.log_input = $$.log_output = UNSPEC; } | cmndtag NOPASSWD { $$.nopasswd = true; } | cmndtag PASSWD { $$.nopasswd = false; } | cmndtag NOEXEC { $$.noexec = true; } | cmndtag EXEC { $$.noexec = false; } | cmndtag SETENV { $$.setenv = true; } | cmndtag NOSETENV { $$.setenv = false; } | cmndtag LOG_INPUT { $$.log_input = true; } | cmndtag NOLOG_INPUT { $$.log_input = false; } | cmndtag LOG_OUTPUT { $$.log_output = true; } | cmndtag NOLOG_OUTPUT { $$.log_output = false; } ; cmnd : ALL { $$ = new_member(NULL, ALL); } | ALIAS { $$ = new_member($1, ALIAS); } | COMMAND { struct sudo_command *c = ecalloc(1, sizeof(*c)); c->cmnd = $1.cmnd; c->args = $1.args; $$ = new_member((char *)c, COMMAND); } ; hostaliases : hostalias | hostaliases ':' hostalias ; hostalias : ALIAS '=' hostlist { char *s; if ((s = alias_add($1, HOSTALIAS, $3)) != NULL) { sudoerserror(s); YYERROR; } } ; hostlist : ophost | hostlist ',' ophost { HLTQ_CONCAT($1, $3, entries); $$ = $1; } ; cmndaliases : cmndalias | cmndaliases ':' cmndalias ; cmndalias : ALIAS '=' cmndlist { char *s; if ((s = alias_add($1, CMNDALIAS, $3)) != NULL) { sudoerserror(s); YYERROR; } } ; cmndlist : digcmnd | cmndlist ',' digcmnd { HLTQ_CONCAT($1, $3, entries); $$ = $1; } ; runasaliases : runasalias | runasaliases ':' runasalias ; runasalias : ALIAS '=' userlist { char *s; if ((s = alias_add($1, RUNASALIAS, $3)) != NULL) { sudoerserror(s); YYERROR; } } ; useraliases : useralias | useraliases ':' useralias ; useralias : ALIAS '=' userlist { char *s; if ((s = alias_add($1, USERALIAS, $3)) != NULL) { sudoerserror(s); YYERROR; } } ; userlist : opuser | userlist ',' opuser { HLTQ_CONCAT($1, $3, entries); $$ = $1; } ; opuser : user { $$ = $1; $$->negated = false; } | '!' user { $$ = $2; $$->negated = true; } ; user : ALIAS { $$ = new_member($1, ALIAS); } | ALL { $$ = new_member(NULL, ALL); } | NETGROUP { $$ = new_member($1, NETGROUP); } | USERGROUP { $$ = new_member($1, USERGROUP); } | WORD { $$ = new_member($1, WORD); } ; grouplist : opgroup | grouplist ',' opgroup { HLTQ_CONCAT($1, $3, entries); $$ = $1; } ; opgroup : group { $$ = $1; $$->negated = false; } | '!' group { $$ = $2; $$->negated = true; } ; group : ALIAS { $$ = new_member($1, ALIAS); } | ALL { $$ = new_member(NULL, ALL); } | WORD { $$ = new_member($1, WORD); } ; %% void sudoerserror(const char *s) { debug_decl(sudoerserror, SUDO_DEBUG_PARSER) /* If we last saw a newline the error is on the preceding line. */ if (last_token == COMMENT) sudolineno--; /* Save the line the first error occurred on. */ if (errorlineno == -1) { errorlineno = sudolineno; errorfile = estrdup(sudoers); } if (sudoers_warnings && s != NULL) { LEXTRACE("<*> "); #ifndef TRACELEXER if (trace_print == NULL || trace_print == sudoers_trace_print) { const char fmt[] = ">>> %s: %s near line %d <<<\n"; int oldlocale; /* Warnings are displayed in the user's locale. */ sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale); sudo_printf(SUDO_CONV_ERROR_MSG, _(fmt), sudoers, _(s), sudolineno); sudoers_setlocale(oldlocale, NULL); } #endif } parse_error = true; debug_return; } static struct defaults * new_default(char *var, char *val, int op) { struct defaults *d; debug_decl(new_default, SUDO_DEBUG_PARSER) d = ecalloc(1, sizeof(struct defaults)); d->var = var; d->val = val; /* d->type = 0; */ d->op = op; /* d->binding = NULL */ HLTQ_INIT(d, entries); debug_return_ptr(d); } static struct member * new_member(char *name, int type) { struct member *m; debug_decl(new_member, SUDO_DEBUG_PARSER) m = ecalloc(1, sizeof(struct member)); m->name = name; m->type = type; HLTQ_INIT(m, entries); debug_return_ptr(m); } struct sudo_digest * new_digest(int digest_type, const char *digest_str) { struct sudo_digest *dig; debug_decl(new_digest, SUDO_DEBUG_PARSER) dig = emalloc(sizeof(*dig)); dig->digest_type = digest_type; dig->digest_str = estrdup(digest_str); debug_return_ptr(dig); } /* * Add a list of defaults structures to the defaults list. * The binding, if non-NULL, specifies a list of hosts, users, or * runas users the entries apply to (specified by the type). */ static void add_defaults(int type, struct member *bmem, struct defaults *defs) { struct defaults *d; struct member_list *binding; debug_decl(add_defaults, SUDO_DEBUG_PARSER) if (defs != NULL) { /* * We use a single binding for each entry in defs. */ binding = emalloc(sizeof(*binding)); if (bmem != NULL) HLTQ_TO_TAILQ(binding, bmem, entries); else TAILQ_INIT(binding); /* * Set type and binding (who it applies to) for new entries. * Then add to the global defaults list. */ HLTQ_FOREACH(d, defs, entries) { d->type = type; d->binding = binding; } TAILQ_CONCAT_HLTQ(&defaults, defs, entries); } debug_return; } /* * Allocate a new struct userspec, populate it, and insert it at the * end of the userspecs list. */ static void add_userspec(struct member *members, struct privilege *privs) { struct userspec *u; debug_decl(add_userspec, SUDO_DEBUG_PARSER) u = ecalloc(1, sizeof(*u)); HLTQ_TO_TAILQ(&u->users, members, entries); HLTQ_TO_TAILQ(&u->privileges, privs, entries); TAILQ_INSERT_TAIL(&userspecs, u, entries); debug_return; } /* * Free up space used by data structures from a previous parser run and sets * the current sudoers file to path. */ void init_parser(const char *path, bool quiet) { struct member_list *binding; struct defaults *d, *d_next; struct userspec *us, *us_next; debug_decl(init_parser, SUDO_DEBUG_PARSER) TAILQ_FOREACH_SAFE(us, &userspecs, entries, us_next) { struct member *m, *m_next; struct privilege *priv, *priv_next; TAILQ_FOREACH_SAFE(m, &us->users, entries, m_next) { efree(m->name); efree(m); } TAILQ_FOREACH_SAFE(priv, &us->privileges, entries, priv_next) { struct member_list *runasuserlist = NULL, *runasgrouplist = NULL; struct cmndspec *cs, *cs_next; #ifdef HAVE_SELINUX char *role = NULL, *type = NULL; #endif /* HAVE_SELINUX */ #ifdef HAVE_PRIV_SET char *privs = NULL, *limitprivs = NULL; #endif /* HAVE_PRIV_SET */ TAILQ_FOREACH_SAFE(m, &priv->hostlist, entries, m_next) { efree(m->name); efree(m); } TAILQ_FOREACH_SAFE(cs, &priv->cmndlist, entries, cs_next) { #ifdef HAVE_SELINUX /* Only free the first instance of a role/type. */ if (cs->role != role) { role = cs->role; efree(cs->role); } if (cs->type != type) { type = cs->type; efree(cs->type); } #endif /* HAVE_SELINUX */ #ifdef HAVE_PRIV_SET /* Only free the first instance of privs/limitprivs. */ if (cs->privs != privs) { privs = cs->privs; efree(cs->privs); } if (cs->limitprivs != limitprivs) { limitprivs = cs->limitprivs; efree(cs->limitprivs); } #endif /* HAVE_PRIV_SET */ /* Only free the first instance of runas user/group lists. */ if (cs->runasuserlist && cs->runasuserlist != runasuserlist) { runasuserlist = cs->runasuserlist; TAILQ_FOREACH_SAFE(m, runasuserlist, entries, m_next) { efree(m->name); efree(m); } efree(runasuserlist); } if (cs->runasgrouplist && cs->runasgrouplist != runasgrouplist) { runasgrouplist = cs->runasgrouplist; TAILQ_FOREACH_SAFE(m, runasgrouplist, entries, m_next) { efree(m->name); efree(m); } efree(runasgrouplist); } if (cs->cmnd->type == COMMAND) { struct sudo_command *c = (struct sudo_command *) cs->cmnd->name; efree(c->cmnd); efree(c->args); } efree(cs->cmnd->name); efree(cs->cmnd); efree(cs); } efree(priv); } efree(us); } TAILQ_INIT(&userspecs); binding = NULL; TAILQ_FOREACH_SAFE(d, &defaults, entries, d_next) { if (d->binding != binding) { struct member *m, *m_next; binding = d->binding; TAILQ_FOREACH_SAFE(m, d->binding, entries, m_next) { if (m->type == COMMAND) { struct sudo_command *c = (struct sudo_command *) m->name; efree(c->cmnd); efree(c->args); } efree(m->name); efree(m); } efree(d->binding); } efree(d->var); efree(d->val); efree(d); } TAILQ_INIT(&defaults); init_aliases(); init_lexer(); efree(sudoers); sudoers = path ? estrdup(path) : NULL; parse_error = false; errorlineno = -1; errorfile = sudoers; sudoers_warnings = !quiet; debug_return; } sudo-1.8.9p5/plugins/sudoers/group_plugin.c010064400175440000012000000125261226304126500203760ustar00millertstaff/* * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef TIME_WITH_SYS_TIME # include #endif #include #include #include #include "sudoers.h" #include "sudo_dso.h" #if defined(HAVE_DLOPEN) || defined(HAVE_SHL_LOAD) static void *group_handle; static struct sudoers_group_plugin *group_plugin; /* * Load the specified plugin and run its init function. * Returns -1 if unable to open the plugin, else it returns * the value from the plugin's init function. */ int group_plugin_load(char *plugin_info) { struct stat sb; char *args, path[PATH_MAX]; char **argv = NULL; int len, rc = -1; debug_decl(group_plugin_load, SUDO_DEBUG_UTIL) /* * Fill in .so path and split out args (if any). */ if ((args = strpbrk(plugin_info, " \t")) != NULL) { len = snprintf(path, sizeof(path), "%s%.*s", (*plugin_info != '/') ? _PATH_SUDO_PLUGIN_DIR : "", (int)(args - plugin_info), plugin_info); args++; } else { len = snprintf(path, sizeof(path), "%s%s", (*plugin_info != '/') ? _PATH_SUDO_PLUGIN_DIR : "", plugin_info); } if (len <= 0 || (size_t)len >= sizeof(path)) { errno = ENAMETOOLONG; warning("%s%s", (*plugin_info != '/') ? _PATH_SUDO_PLUGIN_DIR : "", plugin_info); goto done; } /* Sanity check plugin path. */ if (stat(path, &sb) != 0) { warning("%s", path); goto done; } if (sb.st_uid != ROOT_UID) { warningx(U_("%s must be owned by uid %d"), path, ROOT_UID); goto done; } if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { warningx(U_("%s must only be writable by owner"), path); goto done; } /* Open plugin and map in symbol. */ group_handle = sudo_dso_load(path, SUDO_DSO_LAZY|SUDO_DSO_GLOBAL); if (!group_handle) { warningx(U_("unable to load %s: %s"), path, sudo_dso_strerror()); goto done; } group_plugin = sudo_dso_findsym(group_handle, "group_plugin"); if (group_plugin == NULL) { warningx(U_("unable to find symbol \"group_plugin\" in %s"), path); goto done; } if (GROUP_API_VERSION_GET_MAJOR(group_plugin->version) != GROUP_API_VERSION_MAJOR) { warningx(U_("%s: incompatible group plugin major version %d, expected %d"), path, GROUP_API_VERSION_GET_MAJOR(group_plugin->version), GROUP_API_VERSION_MAJOR); goto done; } /* * Split args into a vector if specified. */ if (args != NULL) { int ac = 0; bool wasblank = true; char *cp; for (cp = args; *cp != '\0'; cp++) { if (isblank((unsigned char)*cp)) { wasblank = true; } else if (wasblank) { wasblank = false; ac++; } } if (ac != 0) { argv = emalloc2(ac, sizeof(char *)); ac = 0; for ((cp = strtok(args, " \t")); cp; (cp = strtok(NULL, " \t"))) argv[ac++] = cp; } } rc = (group_plugin->init)(GROUP_API_VERSION, sudo_printf, argv); done: efree(argv); if (rc != true) { if (group_handle != NULL) { sudo_dso_unload(group_handle); group_handle = NULL; group_plugin = NULL; } } debug_return_bool(rc); } void group_plugin_unload(void) { debug_decl(group_plugin_unload, SUDO_DEBUG_UTIL) if (group_plugin != NULL) { (group_plugin->cleanup)(); group_plugin = NULL; } if (group_handle != NULL) { sudo_dso_unload(group_handle); group_handle = NULL; } debug_return; } int group_plugin_query(const char *user, const char *group, const struct passwd *pwd) { debug_decl(group_plugin_query, SUDO_DEBUG_UTIL) if (group_plugin == NULL) debug_return_bool(false); debug_return_bool((group_plugin->query)(user, group, pwd)); } #else /* !HAVE_DLOPEN && !HAVE_SHL_LOAD */ /* * No loadable shared object support. */ int group_plugin_load(char *plugin_info) { debug_decl(group_plugin_load, SUDO_DEBUG_UTIL) debug_return_bool(false); } void group_plugin_unload(void) { debug_decl(group_plugin_unload, SUDO_DEBUG_UTIL) debug_return; } int group_plugin_query(const char *user, const char *group, const struct passwd *pwd) { debug_decl(group_plugin_query, SUDO_DEBUG_UTIL) debug_return_bool(false); } #endif /* HAVE_DLOPEN || HAVE_SHL_LOAD */ sudo-1.8.9p5/plugins/sudoers/hexchar.c010064400175440000012000000037421226304126500173060ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include "missing.h" #include "sudo_debug.h" #include "fatal.h" int hexchar(const char *s) { unsigned char result[2]; int i; debug_decl(hexchar, SUDO_DEBUG_UTIL) for (i = 0; i < 2; i++) { switch (s[i]) { case '0': result[i] = 0; break; case '1': result[i] = 1; break; case '2': result[i] = 2; break; case '3': result[i] = 3; break; case '4': result[i] = 4; break; case '5': result[i] = 5; break; case '6': result[i] = 6; break; case '7': result[i] = 7; break; case '8': result[i] = 8; break; case '9': result[i] = 9; break; case 'A': case 'a': result[i] = 10; break; case 'B': case 'b': result[i] = 11; break; case 'C': case 'c': result[i] = 12; break; case 'D': case 'd': result[i] = 13; break; case 'E': case 'e': result[i] = 14; break; case 'F': case 'f': result[i] = 15; break; default: /* Should not happen. */ fatalx("internal error, \\x%s not in proper hex format", s); } } debug_return_int((result[0] << 4) | result[1]); } sudo-1.8.9p5/plugins/sudoers/ins_2001.h010064400175440000012000000025161226304126500171220ustar00millertstaff/* * Copyright (c) 1996, 1998, 1999 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDOERS_INS_2001_H #define _SUDOERS_INS_2001_H /* * HAL insults (paraphrased) from 2001. */ "Just what do you think you're doing Dave?", "It can only be attributed to human error.", "That's something I cannot allow to happen.", "My mind is going. I can feel it.", "Sorry about this, I know it's a bit silly.", "Take a stress pill and think things over.", "This mission is too important for me to allow you to jeopardize it.", "I feel much better now.", #endif /* _SUDOERS_INS_2001_H */ sudo-1.8.9p5/plugins/sudoers/ins_classic.h010064400175440000012000000025241226304126500201600ustar00millertstaff/* * Copyright (c) 1996, 1998, 1999 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDOERS_INS_CLASSIC_H #define _SUDOERS_INS_CLASSIC_H /* * Insults from the original sudo(8). */ "Wrong! You cheating scum!", #ifdef PC_INSULTS "And you call yourself a Rocket Scientist!", #else "No soap, honkie-lips.", #endif "Where did you learn to type?", "Are you on drugs?", "My pet ferret can type better than you!", "You type like i drive.", "Do you think like you type?", "Your mind just hasn't been the same since the electro-shock, has it?", #endif /* _SUDOERS_INS_CLASSIC_H */ sudo-1.8.9p5/plugins/sudoers/ins_csops.h010064400175440000012000000030661226304126500176700ustar00millertstaff/* * Copyright (c) 1996, 1998, 1999, 2004 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDOERS_INS_CSOPS_H #define _SUDOERS_INS_CSOPS_H /* * CSOps insults (may be site dependent). */ "Maybe if you used more than just two fingers...", "BOB says: You seem to have forgotten your passwd, enter another!", "stty: unknown mode: doofus", "I can't hear you -- I'm using the scrambler.", "The more you drive -- the dumber you get.", #ifdef PC_INSULTS "Listen, broccoli brains, I don't have time to listen to this trash.", #else "Listen, burrito brains, I don't have time to listen to this trash.", #endif "I've seen penguins that can type better than that.", "Have you considered trying to match wits with a rutabaga?", "You speak an infinite deal of nothing", #endif /* _SUDOERS_INS_CSOPS_H */ sudo-1.8.9p5/plugins/sudoers/ins_goons.h010064400175440000012000000036731226304126500176720ustar00millertstaff/* * Copyright (c) 1996, 1998, 1999 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDOERS_INS_GOONS_H #define _SUDOERS_INS_GOONS_H /* * Insults from the "Goon Show." */ "You silly, twisted boy you.", "He has fallen in the water!", "We'll all be murdered in our beds!", "You can't come in. Our tiger has got flu", "I don't wish to know that.", "What, what, what, what, what, what, what, what, what, what?", "You can't get the wood, you know.", "You'll starve!", "... and it used to be so popular...", "Pauses for audience applause, not a sausage", "Hold it up to the light --- not a brain in sight!", "Have a gorilla...", "There must be cure for it!", "There's a lot of it about, you know.", "You do that again and see what happens...", "Ying Tong Iddle I Po", "Harm can come to a young lad like that!", "And with that remarks folks, the case of the Crown vs yourself was proven.", "Speak English you fool --- there are no subtitles in this scene.", "You gotta go owwwww!", "I have been called worse.", "It's only your word against mine.", "I think ... err ... I think ... I think I'll go home", #endif /* _SUDOERS_INS_GOONS_H */ sudo-1.8.9p5/plugins/sudoers/insults.h010064400175440000012000000031601226304126500173640ustar00millertstaff/* * Copyright (c) 1994-1996, 1998-1999, 2004 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDOERS_INSULTS_H #define _SUDOERS_INSULTS_H #if defined(HAL_INSULTS) || defined(GOONS_INSULTS) || defined(CLASSIC_INSULTS) || defined(CSOPS_INSULTS) /* * Use one or more set of insults as determined by configure */ char *insults[] = { # ifdef HAL_INSULTS # include "ins_2001.h" # endif # ifdef GOONS_INSULTS # include "ins_goons.h" # endif # ifdef CLASSIC_INSULTS # include "ins_classic.h" # endif # ifdef CSOPS_INSULTS # include "ins_csops.h" # endif (char *) 0 }; /* * How may I insult you? Let me count the ways... */ #define NOFINSULTS (sizeof(insults) / sizeof(insults[0]) - 1) /* * return a pseudo-random insult. */ #define INSULT (insults[time(NULL) % NOFINSULTS]) #endif /* HAL_INSULTS || GOONS_INSULTS || CLASSIC_INSULTS || CSOPS_INSULTS */ #endif /* _SUDOERS_INSULTS_H */ sudo-1.8.9p5/plugins/sudoers/interfaces.c010064400175440000012000000062271226304126500200100ustar00millertstaff/* * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include #include "sudoers.h" #include "interfaces.h" #ifndef INADDR_NONE # define INADDR_NONE ((unsigned int)-1) #endif static struct interface_list interfaces; /* * Parse a space-delimited list of IP address/netmask pairs and * store in a list of interface structures. */ void set_interfaces(const char *ai) { char *addrinfo, *addr, *mask; struct interface *ifp; debug_decl(set_interfaces, SUDO_DEBUG_NETIF) addrinfo = estrdup(ai); for (addr = strtok(addrinfo, " \t"); addr != NULL; addr = strtok(NULL, " \t")) { /* Separate addr and mask. */ if ((mask = strchr(addr, '/')) == NULL) continue; *mask++ = '\0'; /* Parse addr and store in list. */ ifp = ecalloc(1, sizeof(*ifp)); if (strchr(addr, ':')) { /* IPv6 */ #ifdef HAVE_STRUCT_IN6_ADDR ifp->family = AF_INET6; if (inet_pton(AF_INET6, addr, &ifp->addr.ip6) != 1 || inet_pton(AF_INET6, mask, &ifp->netmask.ip6) != 1) #endif { efree(ifp); continue; } } else { /* IPv4 */ ifp->family = AF_INET; ifp->addr.ip4.s_addr = inet_addr(addr); ifp->netmask.ip4.s_addr = inet_addr(mask); if (ifp->addr.ip4.s_addr == INADDR_NONE || ifp->netmask.ip4.s_addr == INADDR_NONE) { efree(ifp); continue; } } SLIST_INSERT_HEAD(&interfaces, ifp, entries); } efree(addrinfo); debug_return; } struct interface_list * get_interfaces(void) { return &interfaces; } void dump_interfaces(const char *ai) { char *cp, *addrinfo; debug_decl(set_interfaces, SUDO_DEBUG_NETIF) addrinfo = estrdup(ai); sudo_printf(SUDO_CONV_INFO_MSG, _("Local IP address and netmask pairs:\n")); for (cp = strtok(addrinfo, " \t"); cp != NULL; cp = strtok(NULL, " \t")) sudo_printf(SUDO_CONV_INFO_MSG, "\t%s\n", cp); efree(addrinfo); debug_return; } sudo-1.8.9p5/plugins/sudoers/interfaces.h010064400175440000012000000033721226304126500200130ustar00millertstaff/* * Copyright (c) 1996, 1998-2005, 2007, 2010-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #ifndef _SUDOERS_INTERFACES_H #define _SUDOERS_INTERFACES_H /* * Union to hold either strucr in_addr or in6_add */ union sudo_in_addr_un { struct in_addr ip4; #ifdef HAVE_STRUCT_IN6_ADDR struct in6_addr ip6; #endif }; /* * IP address and netmask pairs for checking against local interfaces. */ struct interface { SLIST_ENTRY(interface) entries; unsigned int family; /* AF_INET or AF_INET6 */ union sudo_in_addr_un addr; union sudo_in_addr_un netmask; }; SLIST_HEAD(interface_list, interface); /* * Prototypes for external functions. */ int get_net_ifs(char **addrinfo); void dump_interfaces(const char *); void set_interfaces(const char *); struct interface_list *get_interfaces(void); #endif /* _SUDOERS_INTERFACES_H */ sudo-1.8.9p5/plugins/sudoers/iolog.c010064400175440000012000000515331226304132200167700ustar00millertstaff/* * Copyright (c) 2009-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef TIME_WITH_SYS_TIME # include #endif #include #include #include #include #include #ifdef HAVE_ZLIB_H # include #endif #include "sudoers.h" #include "iolog.h" struct script_buf { int len; /* buffer length (how much read in) */ int off; /* write position (how much already consumed) */ char buf[16 * 1024]; }; /* XXX - separate sudoers.h and iolog.h? */ #undef runas_pw #undef runas_gr struct iolog_details { const char *cwd; const char *tty; const char *user; const char *command; const char *iolog_path; struct passwd *runas_pw; struct group *runas_gr; int lines; int cols; }; static int iolog_compress; static struct timeval last_time; static unsigned int sessid_max = SESSID_MAX; /* sudoers_io is declared at the end of this file. */ extern __dso_public struct io_plugin sudoers_io; /* * Create path and any parent directories as needed. * If is_temp is set, use mkdtemp() for the final directory. */ static void io_mkdirs(char *path, mode_t mode, bool is_temp) { struct stat sb; gid_t parent_gid = 0; char *slash = path; debug_decl(io_mkdirs, SUDO_DEBUG_UTIL) /* Fast path: not a temporary and already exists. */ if (!is_temp && stat(path, &sb) == 0) { if (!S_ISDIR(sb.st_mode)) { log_fatal(0, N_("%s exists but is not a directory (0%o)"), path, (unsigned int) sb.st_mode); } debug_return; } while ((slash = strchr(slash + 1, '/')) != NULL) { *slash = '\0'; if (stat(path, &sb) != 0) { if (mkdir(path, mode) != 0) log_fatal(USE_ERRNO, N_("unable to mkdir %s"), path); ignore_result(chown(path, (uid_t)-1, parent_gid)); } else if (!S_ISDIR(sb.st_mode)) { log_fatal(0, N_("%s exists but is not a directory (0%o)"), path, (unsigned int) sb.st_mode); } else { /* Inherit gid of parent dir for ownership. */ parent_gid = sb.st_gid; } *slash = '/'; } /* Create final path component. */ if (is_temp) { if (mkdtemp(path) == NULL) log_fatal(USE_ERRNO, N_("unable to mkdir %s"), path); ignore_result(chown(path, (uid_t)-1, parent_gid)); } else { if (mkdir(path, mode) != 0 && errno != EEXIST) log_fatal(USE_ERRNO, N_("unable to mkdir %s"), path); ignore_result(chown(path, (uid_t)-1, parent_gid)); } debug_return; } /* * Set max session ID (aka sequence number) */ int io_set_max_sessid(const char *maxval) { const char *errstr; unsigned int value; debug_decl(io_set_max_sessid, SUDO_DEBUG_UTIL) value = strtonum(maxval, 0, SESSID_MAX, &errstr); if (errstr != NULL) { if (errno != ERANGE) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "bad maxseq: %s: %s", maxval, errstr); debug_return_bool(false); } /* Out of range, clamp to SESSID_MAX as documented. */ value = SESSID_MAX; } sessid_max = value; debug_return_bool(true); } /* * Read the on-disk sequence number, set sessid to the next * number, and update the on-disk copy. * Uses file locking to avoid sequence number collisions. */ void io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]) { struct stat sb; char buf[32], *ep; int fd, i; unsigned long id = 0; int len; ssize_t nread; char pathbuf[PATH_MAX]; static const char b36char[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; debug_decl(io_nextid, SUDO_DEBUG_UTIL) /* * Create I/O log directory if it doesn't already exist. */ io_mkdirs(iolog_dir, S_IRWXU, false); /* * Open sequence file */ len = snprintf(pathbuf, sizeof(pathbuf), "%s/seq", iolog_dir); if (len <= 0 || (size_t)len >= sizeof(pathbuf)) { errno = ENAMETOOLONG; log_fatal(USE_ERRNO, "%s/seq", pathbuf); } fd = open(pathbuf, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR); if (fd == -1) log_fatal(USE_ERRNO, N_("unable to open %s"), pathbuf); lock_file(fd, SUDO_LOCK); /* * If there is no seq file in iolog_dir and a fallback dir was * specified, look for seq in the fallback dir. This is to work * around a bug in sudo 1.8.5 and older where iolog_dir was not * expanded before the sequence number was updated. */ if (iolog_dir_fallback != NULL && fstat(fd, &sb) == 0 && sb.st_size == 0) { char fallback[PATH_MAX]; len = snprintf(fallback, sizeof(fallback), "%s/seq", iolog_dir_fallback); if (len > 0 && (size_t)len < sizeof(fallback)) { int fd2 = open(fallback, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR); if (fd2 != -1) { nread = read(fd2, buf, sizeof(buf) - 1); if (nread > 0) { if (buf[nread - 1] == '\n') nread--; buf[nread] = '\0'; id = strtoul(buf, &ep, 36); if (ep == buf || *ep != '\0' || id >= sessid_max) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "%s: bad sequence number: %s", fallback, buf); id = 0; } } close(fd2); } } } /* Read current seq number (base 36). */ if (id == 0) { nread = read(fd, buf, sizeof(buf) - 1); if (nread != 0) { if (nread == -1) log_fatal(USE_ERRNO, N_("unable to read %s"), pathbuf); if (buf[nread - 1] == '\n') nread--; buf[nread] = '\0'; id = strtoul(buf, &ep, 36); if (ep == buf || *ep != '\0' || id >= sessid_max) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "%s: bad sequence number: %s", pathbuf, buf); id = 0; } } } id++; /* * Convert id to a string and stash in sessid. * Note that that least significant digits go at the end of the string. */ for (i = 5; i >= 0; i--) { buf[i] = b36char[id % 36]; id /= 36; } buf[6] = '\n'; /* Stash id for logging purposes. */ memcpy(sessid, buf, 6); sessid[6] = '\0'; /* Rewind and overwrite old seq file, including the NUL byte. */ if (lseek(fd, (off_t)0, SEEK_SET) == (off_t)-1 || write(fd, buf, 7) != 7) log_fatal(USE_ERRNO, N_("unable to write to %s"), pathbuf); close(fd); debug_return; } /* * Copy iolog_path to pathbuf and create the directory and any intermediate * directories. If iolog_path ends in 'XXXXXX', use mkdtemp(). */ static size_t mkdir_iopath(const char *iolog_path, char *pathbuf, size_t pathsize) { size_t len; bool is_temp = false; debug_decl(mkdir_iopath, SUDO_DEBUG_UTIL) len = strlcpy(pathbuf, iolog_path, pathsize); if (len >= pathsize) { errno = ENAMETOOLONG; log_fatal(USE_ERRNO, "%s", iolog_path); } /* * Create path and intermediate subdirs as needed. * If path ends in at least 6 Xs (ala POSIX mktemp), use mkdtemp(). */ if (len >= 6 && strcmp(&pathbuf[len - 6], "XXXXXX") == 0) is_temp = true; io_mkdirs(pathbuf, S_IRWXU, is_temp); debug_return_size_t(len); } /* * Append suffix to pathbuf after len chars and open the resulting file. * Note that the size of pathbuf is assumed to be PATH_MAX. * Uses zlib if docompress is true. * Stores the open file handle which has the close-on-exec flag set. */ static void open_io_fd(char *pathbuf, size_t len, struct io_log_file *iol, bool docompress) { int fd; debug_decl(open_io_fd, SUDO_DEBUG_UTIL) pathbuf[len] = '\0'; strlcat(pathbuf, iol->suffix, PATH_MAX); if (iol->enabled) { fd = open(pathbuf, O_CREAT|O_TRUNC|O_WRONLY, S_IRUSR|S_IWUSR); if (fd != -1) { fcntl(fd, F_SETFD, FD_CLOEXEC); #ifdef HAVE_ZLIB_H if (docompress) iol->fd.g = gzdopen(fd, "w"); else #endif iol->fd.f = fdopen(fd, "w"); } if (fd == -1 || iol->fd.v == NULL) log_fatal(USE_ERRNO, N_("unable to create %s"), pathbuf); } else { /* Remove old log file if we recycled sequence numbers. */ unlink(pathbuf); } debug_return; } /* * Pull out I/O log related data from user_info and command_info arrays. * Returns true if I/O logging is enabled, else false. */ static bool iolog_deserialize_info(struct iolog_details *details, char * const user_info[], char * const command_info[]) { const char *runas_uid_str = "0", *runas_euid_str = NULL; const char *runas_gid_str = "0", *runas_egid_str = NULL; const char *errstr; char idbuf[MAX_UID_T_LEN + 2]; char * const *cur; id_t id; uid_t runas_uid = 0; gid_t runas_gid = 0; debug_decl(iolog_deserialize_info, SUDO_DEBUG_UTIL) details->lines = 24; details->cols = 80; for (cur = user_info; *cur != NULL; cur++) { switch (**cur) { case 'c': if (strncmp(*cur, "cols=", sizeof("cols=") - 1) == 0) { int n = strtonum(*cur + sizeof("cols=") - 1, 1, INT_MAX, NULL); if (n > 0) details->cols = n; continue; } if (strncmp(*cur, "cwd=", sizeof("cwd=") - 1) == 0) { details->cwd = *cur + sizeof("cwd=") - 1; continue; } break; case 'l': if (strncmp(*cur, "lines=", sizeof("lines=") - 1) == 0) { int n = strtonum(*cur + sizeof("lines=") - 1, 1, INT_MAX, NULL); if (n > 0) details->lines = n; continue; } break; case 't': if (strncmp(*cur, "tty=", sizeof("tty=") - 1) == 0) { details->tty = *cur + sizeof("tty=") - 1; continue; } break; case 'u': if (strncmp(*cur, "user=", sizeof("user=") - 1) == 0) { details->user = *cur + sizeof("user=") - 1; continue; } break; } } for (cur = command_info; *cur != NULL; cur++) { switch (**cur) { case 'c': if (strncmp(*cur, "command=", sizeof("command=") - 1) == 0) { details->command = *cur + sizeof("command=") - 1; continue; } break; case 'i': if (strncmp(*cur, "iolog_path=", sizeof("iolog_path=") - 1) == 0) { details->iolog_path = *cur + sizeof("iolog_path=") - 1; continue; } if (strncmp(*cur, "iolog_stdin=", sizeof("iolog_stdin=") - 1) == 0) { if (atobool(*cur + sizeof("iolog_stdin=") - 1) == true) io_log_files[IOFD_STDIN].enabled = true; continue; } if (strncmp(*cur, "iolog_stdout=", sizeof("iolog_stdout=") - 1) == 0) { if (atobool(*cur + sizeof("iolog_stdout=") - 1) == true) io_log_files[IOFD_STDOUT].enabled = true; continue; } if (strncmp(*cur, "iolog_stderr=", sizeof("iolog_stderr=") - 1) == 0) { if (atobool(*cur + sizeof("iolog_stderr=") - 1) == true) io_log_files[IOFD_STDERR].enabled = true; continue; } if (strncmp(*cur, "iolog_ttyin=", sizeof("iolog_ttyin=") - 1) == 0) { if (atobool(*cur + sizeof("iolog_ttyin=") - 1) == true) io_log_files[IOFD_TTYIN].enabled = true; continue; } if (strncmp(*cur, "iolog_ttyout=", sizeof("iolog_ttyout=") - 1) == 0) { if (atobool(*cur + sizeof("iolog_ttyout=") - 1) == true) io_log_files[IOFD_TTYOUT].enabled = true; continue; } if (strncmp(*cur, "iolog_compress=", sizeof("iolog_compress=") - 1) == 0) { if (atobool(*cur + sizeof("iolog_compress=") - 1) == true) iolog_compress = true; /* must be global */ continue; } break; case 'm': if (strncmp(*cur, "maxseq=", sizeof("maxseq=") - 1) == 0) io_set_max_sessid(*cur + sizeof("maxseq=") - 1); break; case 'r': if (strncmp(*cur, "runas_gid=", sizeof("runas_gid=") - 1) == 0) { runas_gid_str = *cur + sizeof("runas_gid=") - 1; continue; } if (strncmp(*cur, "runas_egid=", sizeof("runas_egid=") - 1) == 0) { runas_egid_str = *cur + sizeof("runas_egid=") - 1; continue; } if (strncmp(*cur, "runas_uid=", sizeof("runas_uid=") - 1) == 0) { runas_uid_str = *cur + sizeof("runas_uid=") - 1; continue; } if (strncmp(*cur, "runas_euid=", sizeof("runas_euid=") - 1) == 0) { runas_euid_str = *cur + sizeof("runas_euid=") - 1; continue; } break; } } /* * Lookup runas user and group, preferring effective over real uid/gid. */ if (runas_euid_str != NULL) runas_uid_str = runas_euid_str; if (runas_uid_str != NULL) { id = atoid(runas_uid_str, NULL, NULL, &errstr); if (errstr != NULL) warningx("runas uid %s: %s", runas_uid_str, U_(errstr)); else runas_uid = (uid_t)id; } if (runas_egid_str != NULL) runas_gid_str = runas_egid_str; if (runas_gid_str != NULL) { id = atoid(runas_gid_str, NULL, NULL, &errstr); if (errstr != NULL) warningx("runas gid %s: %s", runas_gid_str, U_(errstr)); else runas_gid = (gid_t)id; } details->runas_pw = sudo_getpwuid(runas_uid); if (details->runas_pw == NULL) { idbuf[0] = '#'; strlcpy(&idbuf[1], runas_uid_str, sizeof(idbuf) - 1); details->runas_pw = sudo_fakepwnam(idbuf, runas_gid); } if (runas_gid != details->runas_pw->pw_gid) { details->runas_gr = sudo_getgrgid(runas_gid); if (details->runas_gr == NULL) { idbuf[0] = '#'; strlcpy(&idbuf[1], runas_gid_str, sizeof(idbuf) - 1); details->runas_gr = sudo_fakegrnam(idbuf); } } debug_return_bool( io_log_files[IOFD_STDIN].enabled || io_log_files[IOFD_STDOUT].enabled || io_log_files[IOFD_STDERR].enabled || io_log_files[IOFD_TTYIN].enabled || io_log_files[IOFD_TTYOUT].enabled); } /* * Write the "/log" file that contains the user and command info. */ void write_info_log(char *pathbuf, size_t len, struct iolog_details *details, char * const argv[], struct timeval *now) { char * const *av; FILE *fp; int fd; pathbuf[len] = '\0'; strlcat(pathbuf, "/log", PATH_MAX); fd = open(pathbuf, O_CREAT|O_TRUNC|O_WRONLY, S_IRUSR|S_IWUSR); if (fd == -1 || (fp = fdopen(fd, "w")) == NULL) log_fatal(USE_ERRNO, N_("unable to create %s"), pathbuf); fprintf(fp, "%lld:%s:%s:%s:%s:%d:%d\n%s\n%s", (long long)now->tv_sec, details->user ? details->user : "unknown", details->runas_pw->pw_name, details->runas_gr ? details->runas_gr->gr_name : "", details->tty ? details->tty : "unknown", details->lines, details->cols, details->cwd ? details->cwd : "unknown", details->command ? details->command : "unknown"); for (av = argv + 1; *av != NULL; av++) { fputc(' ', fp); fputs(*av, fp); } fputc('\n', fp); fclose(fp); } static int sudoers_io_open(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], char * const user_info[], char * const command_info[], int argc, char * const argv[], char * const user_env[], char * const args[]) { struct iolog_details details; char pathbuf[PATH_MAX], sessid[7]; char *tofree = NULL; char * const *cur; const char *debug_flags = NULL; size_t len; int i, rval = -1; debug_decl(sudoers_io_open, SUDO_DEBUG_PLUGIN) sudo_conv = conversation; sudo_printf = plugin_printf; /* If we have no command (because -V was specified) just return. */ if (argc == 0) debug_return_bool(true); memset(&details, 0, sizeof(details)); if (fatal_setjmp() != 0) { /* called via fatal(), fatalx() or log_fatal() */ rval = -1; goto done; } bindtextdomain("sudoers", LOCALEDIR); sudo_setpwent(); sudo_setgrent(); /* * Check for debug flags in settings list. */ for (cur = settings; *cur != NULL; cur++) { if (strncmp(*cur, "debug_flags=", sizeof("debug_flags=") - 1) == 0) debug_flags = *cur + sizeof("debug_flags=") - 1; } if (debug_flags != NULL) sudo_debug_init(NULL, debug_flags); /* * Pull iolog settings out of command_info. */ if (!iolog_deserialize_info(&details, user_info, command_info)) { rval = false; goto done; } /* If no I/O log path defined we need to figure it out ourselves. */ if (details.iolog_path == NULL) { /* Get next session ID and convert it into a path. */ tofree = emalloc(sizeof(_PATH_SUDO_IO_LOGDIR) + sizeof(sessid) + 2); memcpy(tofree, _PATH_SUDO_IO_LOGDIR, sizeof(_PATH_SUDO_IO_LOGDIR)); io_nextid(tofree, NULL, sessid); snprintf(tofree + sizeof(_PATH_SUDO_IO_LOGDIR), sizeof(sessid) + 2, "%c%c/%c%c/%c%c", sessid[0], sessid[1], sessid[2], sessid[3], sessid[4], sessid[5]); details.iolog_path = tofree; } /* * Make local copy of I/O log path and create it, along with any * intermediate subdirs. Calls mkdtemp() if iolog_path ends in XXXXXX. */ len = mkdir_iopath(details.iolog_path, pathbuf, sizeof(pathbuf)); if (len >= sizeof(pathbuf)) goto done; /* Write log file with user and command details. */ gettimeofday(&last_time, NULL); write_info_log(pathbuf, len, &details, argv, &last_time); /* Create the timing and I/O log files. */ for (i = 0; i < IOFD_MAX; i++) open_io_fd(pathbuf, len, &io_log_files[i], iolog_compress); /* * Clear I/O log function pointers for disabled log functions. */ if (!io_log_files[IOFD_STDIN].enabled) sudoers_io.log_stdin = NULL; if (!io_log_files[IOFD_STDOUT].enabled) sudoers_io.log_stdout = NULL; if (!io_log_files[IOFD_STDERR].enabled) sudoers_io.log_stderr = NULL; if (!io_log_files[IOFD_TTYIN].enabled) sudoers_io.log_ttyin = NULL; if (!io_log_files[IOFD_TTYOUT].enabled) sudoers_io.log_ttyout = NULL; rval = true; done: fatal_disable_setjmp(); efree(tofree); if (details.runas_pw) sudo_pw_delref(details.runas_pw); sudo_endpwent(); if (details.runas_gr) sudo_gr_delref(details.runas_gr); sudo_endgrent(); debug_return_bool(rval); } static void sudoers_io_close(int exit_status, int error) { int i; debug_decl(sudoers_io_close, SUDO_DEBUG_PLUGIN) if (fatal_setjmp() != 0) { /* called via fatal(), fatalx() or log_fatal() */ fatal_disable_setjmp(); debug_return; } for (i = 0; i < IOFD_MAX; i++) { if (io_log_files[i].fd.v == NULL) continue; #ifdef HAVE_ZLIB_H if (iolog_compress) gzclose(io_log_files[i].fd.g); else #endif fclose(io_log_files[i].fd.f); } debug_return; } static int sudoers_io_version(int verbose) { debug_decl(sudoers_io_version, SUDO_DEBUG_PLUGIN) if (fatal_setjmp() != 0) { /* called via fatal(), fatalx() or log_fatal() */ fatal_disable_setjmp(); debug_return_bool(-1); } sudo_printf(SUDO_CONV_INFO_MSG, "Sudoers I/O plugin version %s\n", PACKAGE_VERSION); debug_return_bool(true); } /* * Generic I/O logging function. Called by the I/O logging entry points. */ static int sudoers_io_log(const char *buf, unsigned int len, int idx) { struct timeval now, delay; debug_decl(sudoers_io_version, SUDO_DEBUG_PLUGIN) gettimeofday(&now, NULL); if (fatal_setjmp() != 0) { /* called via fatal(), fatalx() or log_fatal() */ fatal_disable_setjmp(); debug_return_bool(-1); } #ifdef HAVE_ZLIB_H if (iolog_compress) ignore_result(gzwrite(io_log_files[idx].fd.g, (const voidp)buf, len)); else #endif ignore_result(fwrite(buf, 1, len, io_log_files[idx].fd.f)); delay.tv_sec = now.tv_sec; delay.tv_usec = now.tv_usec; timevalsub(&delay, &last_time); #ifdef HAVE_ZLIB_H if (iolog_compress) gzprintf(io_log_files[IOFD_TIMING].fd.g, "%d %f %d\n", idx, delay.tv_sec + ((double)delay.tv_usec / 1000000), len); else #endif fprintf(io_log_files[IOFD_TIMING].fd.f, "%d %f %d\n", idx, delay.tv_sec + ((double)delay.tv_usec / 1000000), len); last_time.tv_sec = now.tv_sec; last_time.tv_usec = now.tv_usec; debug_return_bool(true); } static int sudoers_io_log_ttyin(const char *buf, unsigned int len) { return sudoers_io_log(buf, len, IOFD_TTYIN); } static int sudoers_io_log_ttyout(const char *buf, unsigned int len) { return sudoers_io_log(buf, len, IOFD_TTYOUT); } static int sudoers_io_log_stdin(const char *buf, unsigned int len) { return sudoers_io_log(buf, len, IOFD_STDIN); } static int sudoers_io_log_stdout(const char *buf, unsigned int len) { return sudoers_io_log(buf, len, IOFD_STDOUT); } static int sudoers_io_log_stderr(const char *buf, unsigned int len) { return sudoers_io_log(buf, len, IOFD_STDERR); } __dso_public struct io_plugin sudoers_io = { SUDO_IO_PLUGIN, SUDO_API_VERSION, sudoers_io_open, sudoers_io_close, sudoers_io_version, sudoers_io_log_ttyin, sudoers_io_log_ttyout, sudoers_io_log_stdin, sudoers_io_log_stdout, sudoers_io_log_stderr }; sudo-1.8.9p5/plugins/sudoers/iolog.h010064400175440000012000000033141226304126600167760ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDOERS_IOLOG_H #define _SUDOERS_IOLOG_H /* * I/O log fd numbers as stored in the timing file. * Changing these will result in incompatible I/O log files! */ #define IOFD_STDIN 0 #define IOFD_STDOUT 1 #define IOFD_STDERR 2 #define IOFD_TTYIN 3 #define IOFD_TTYOUT 4 #define IOFD_TIMING 5 #define IOFD_MAX 6 /* Default maximum session ID */ #define SESSID_MAX 2176782336U union io_fd { FILE *f; #ifdef HAVE_ZLIB_H gzFile g; #endif void *v; }; struct io_log_file { bool enabled; const char *suffix; union io_fd fd; }; static struct io_log_file io_log_files[] = { { false, "/stdin" }, /* IOFD_STDIN */ { false, "/stdout" }, /* IOFD_STDOUT */ { false, "/stderr" }, /* IOFD_STDERR */ { false, "/ttyin" }, /* IOFD_TTYIN */ { false, "/ttyout" }, /* IOFD_TTYOUT */ { true, "/timing" }, /* IOFD_TIMING */ { false, NULL } /* IOFD_MAX */ }; #endif /* _SUDOERS_IOLOG_H */ sudo-1.8.9p5/plugins/sudoers/iolog_path.c010064400175440000012000000163621226304126600200140ustar00millertstaff/* * Copyright (c) 2011-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include #include #include #include "sudoers.h" struct path_escape { const char *name; size_t (*copy_fn)(char *, size_t, char *); }; static size_t fill_seq(char *str, size_t strsize, char *logdir) { #ifdef SUDOERS_NO_SEQ debug_decl(fill_seq, SUDO_DEBUG_UTIL) debug_return_size_t(strlcpy(str, "%{seq}", strsize)); #else static char sessid[7]; int len; debug_decl(fill_seq, SUDO_DEBUG_UTIL) if (sessid[0] == '\0') io_nextid(logdir, def_iolog_dir, sessid); /* Path is of the form /var/log/sudo-io/00/00/01. */ len = snprintf(str, strsize, "%c%c/%c%c/%c%c", sessid[0], sessid[1], sessid[2], sessid[3], sessid[4], sessid[5]); if (len < 0) debug_return_size_t(strsize); /* handle non-standard snprintf() */ debug_return_size_t(len); #endif /* SUDOERS_NO_SEQ */ } static size_t fill_user(char *str, size_t strsize, char *unused) { debug_decl(fill_user, SUDO_DEBUG_UTIL) debug_return_size_t(strlcpy(str, user_name, strsize)); } static size_t fill_group(char *str, size_t strsize, char *unused) { struct group *grp; size_t len; debug_decl(fill_group, SUDO_DEBUG_UTIL) if ((grp = sudo_getgrgid(user_gid)) != NULL) { len = strlcpy(str, grp->gr_name, strsize); sudo_gr_delref(grp); } else { len = strlen(str); len = snprintf(str + len, strsize - len, "#%u", (unsigned int) user_gid); } debug_return_size_t(len); } static size_t fill_runas_user(char *str, size_t strsize, char *unused) { debug_decl(fill_runas_user, SUDO_DEBUG_UTIL) debug_return_size_t(strlcpy(str, runas_pw->pw_name, strsize)); } static size_t fill_runas_group(char *str, size_t strsize, char *unused) { struct group *grp; size_t len; debug_decl(fill_runas_group, SUDO_DEBUG_UTIL) if (runas_gr != NULL) { len = strlcpy(str, runas_gr->gr_name, strsize); } else { if ((grp = sudo_getgrgid(runas_pw->pw_gid)) != NULL) { len = strlcpy(str, grp->gr_name, strsize); sudo_gr_delref(grp); } else { len = strlen(str); len = snprintf(str + len, strsize - len, "#%u", (unsigned int) runas_pw->pw_gid); } } debug_return_size_t(len); } static size_t fill_hostname(char *str, size_t strsize, char *unused) { debug_decl(fill_hostname, SUDO_DEBUG_UTIL) debug_return_size_t(strlcpy(str, user_shost, strsize)); } static size_t fill_command(char *str, size_t strsize, char *unused) { debug_decl(fill_command, SUDO_DEBUG_UTIL) debug_return_size_t(strlcpy(str, user_base, strsize)); } /* Note: "seq" must be first in the list. */ static struct path_escape io_path_escapes[] = { { "seq", fill_seq }, { "user", fill_user }, { "group", fill_group }, { "runas_user", fill_runas_user }, { "runas_group", fill_runas_group }, { "hostname", fill_hostname }, { "command", fill_command }, { NULL, NULL } }; /* * Concatenate dir + file, expanding any escape sequences. * Returns the concatenated path and sets slashp point to * the path separator between the expanded dir and file. */ char * expand_iolog_path(const char *prefix, const char *dir, const char *file, char **slashp) { size_t len, prelen = 0; char *dst, *dst0, *path, *pathend, tmpbuf[PATH_MAX]; char *slash = NULL; const char *endbrace, *src = dir; struct path_escape *escapes = NULL; int pass, oldlocale; bool strfit; debug_decl(expand_iolog_path, SUDO_DEBUG_UTIL) /* Expanded path must be <= PATH_MAX */ if (prefix != NULL) prelen = strlen(prefix); dst = path = emalloc(prelen + PATH_MAX); *path = '\0'; pathend = path + prelen + PATH_MAX; /* Copy prefix, if present. */ if (prefix != NULL) { memcpy(path, prefix, prelen); dst += prelen; *dst = '\0'; } /* Trim leading slashes from file component. */ while (*file == '/') file++; for (pass = 0; pass < 3; pass++) { strfit = false; switch (pass) { case 0: src = dir; escapes = io_path_escapes + 1; /* skip "%{seq}" */ break; case 1: /* Trim trailing slashes from dir component. */ while (dst > path + prelen + 1 && dst[-1] == '/') dst--; /* The NUL will be replaced with a '/' at the end. */ if (dst + 1 >= pathend) goto bad; slash = dst++; continue; case 2: src = file; escapes = io_path_escapes; break; } dst0 = dst; for (; *src != '\0'; src++) { if (src[0] == '%') { if (src[1] == '{') { endbrace = strchr(src + 2, '}'); if (endbrace != NULL) { struct path_escape *esc; len = (size_t)(endbrace - src - 2); for (esc = escapes; esc->name != NULL; esc++) { if (strncmp(src + 2, esc->name, len) == 0 && esc->name[len] == '\0') break; } if (esc->name != NULL) { len = esc->copy_fn(dst, (size_t)(pathend - dst), path + prelen); if (len >= (size_t)(pathend - dst)) goto bad; dst += len; src = endbrace; continue; } } } else if (src[1] == '%') { /* Collapse %% -> % */ src++; } else { /* May need strftime() */ strfit = 1; } } /* Need at least 2 chars, including the NUL terminator. */ if (dst + 1 >= pathend) goto bad; *dst++ = *src; } *dst = '\0'; /* Expand strftime escapes as needed. */ if (strfit) { time_t now; struct tm *timeptr; time(&now); timeptr = localtime(&now); /* Use sudoers locale for strftime() */ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); /* We only call strftime() on the current part of the buffer. */ tmpbuf[sizeof(tmpbuf) - 1] = '\0'; len = strftime(tmpbuf, sizeof(tmpbuf), dst0, timeptr); /* Restore old locale. */ sudoers_setlocale(oldlocale, NULL); if (len == 0 || tmpbuf[sizeof(tmpbuf) - 1] != '\0') goto bad; /* strftime() failed, buf too small? */ if (len >= (size_t)(pathend - dst0)) goto bad; /* expanded buffer too big to fit. */ memcpy(dst0, tmpbuf, len); dst = dst0 + len; *dst = '\0'; } } if (slashp) *slashp = slash; *slash = '/'; debug_return_str(path); bad: efree(path); debug_return_str(NULL); } sudo-1.8.9p5/plugins/sudoers/ldap.c010064400175440000012000002443151226304126600166100ustar00millertstaff/* * Copyright (c) 2003-2013 Todd C. Miller * * This code is derived from software contributed by Aaron Spangler. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef TIME_WITH_SYS_TIME # include #endif #include #include #include #include #include #include #include #ifdef HAVE_LBER_H # include #endif #include #if defined(HAVE_LDAP_SSL_H) # include #elif defined(HAVE_MPS_LDAP_SSL_H) # include #endif #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S # ifdef HAVE_SASL_SASL_H # include # else # include # endif #endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */ #include "sudoers.h" #include "parse.h" #include "lbuf.h" #include "sudo_dso.h" /* Older Netscape LDAP SDKs don't prototype ldapssl_set_strength() */ #if defined(HAVE_LDAPSSL_SET_STRENGTH) && !defined(HAVE_LDAP_SSL_H) && !defined(HAVE_MPS_LDAP_SSL_H) extern int ldapssl_set_strength(LDAP *ldap, int strength); #endif #if !defined(LDAP_OPT_NETWORK_TIMEOUT) && defined(LDAP_OPT_CONNECT_TIMEOUT) # define LDAP_OPT_NETWORK_TIMEOUT LDAP_OPT_CONNECT_TIMEOUT #endif #ifndef LDAP_OPT_SUCCESS # define LDAP_OPT_SUCCESS LDAP_SUCCESS #endif #ifndef LDAPS_PORT # define LDAPS_PORT 636 #endif #if defined(HAVE_LDAP_SASL_INTERACTIVE_BIND_S) && !defined(LDAP_SASL_QUIET) # define LDAP_SASL_QUIET 0 #endif #ifndef HAVE_LDAP_UNBIND_EXT_S #define ldap_unbind_ext_s(a, b, c) ldap_unbind_s(a) #endif #ifndef HAVE_LDAP_SEARCH_EXT_S # ifdef HAVE_LDAP_SEARCH_ST # define ldap_search_ext_s(a, b, c, d, e, f, g, h, i, j, k) \ ldap_search_st(a, b, c, d, e, f, i, k) # else # define ldap_search_ext_s(a, b, c, d, e, f, g, h, i, j, k) \ ldap_search_s(a, b, c, d, e, f, k) # endif #endif #define LDAP_FOREACH(var, ld, res) \ for ((var) = ldap_first_entry((ld), (res)); \ (var) != NULL; \ (var) = ldap_next_entry((ld), (var))) #if defined(__GNUC__) && __GNUC__ == 2 # define DPRINTF1(fmt...) do { \ if (ldap_conf.debug >= 1) \ warningx(__VA_ARGS__); \ sudo_debug_printf(SUDO_DEBUG_DIAG, fmt); \ } while (0) # define DPRINTF2(fmt...) do { \ if (ldap_conf.debug >= 2) \ warningx(__VA_ARGS__); \ sudo_debug_printf(SUDO_DEBUG_INFO, fmt); \ } while (0) #else # define DPRINTF1(...) do { \ if (ldap_conf.debug >= 1) \ warningx(__VA_ARGS__); \ sudo_debug_printf(SUDO_DEBUG_DIAG, __VA_ARGS__); \ } while (0) # define DPRINTF2(...) do { \ if (ldap_conf.debug >= 2) \ warningx(__VA_ARGS__); \ sudo_debug_printf(SUDO_DEBUG_INFO, __VA_ARGS__); \ } while (0) #endif #define CONF_BOOL 0 #define CONF_INT 1 #define CONF_STR 2 #define CONF_LIST_STR 4 #define CONF_DEREF_VAL 5 #define SUDO_LDAP_CLEAR 0 #define SUDO_LDAP_SSL 1 #define SUDO_LDAP_STARTTLS 2 /* The TIMEFILTER_LENGTH is the length of the filter when timed entries are used. The length is computed as follows: 81 for the filter itself + 2 * 17 for the now timestamp */ #define TIMEFILTER_LENGTH 115 /* * The ldap_search structure implements a linked list of ldap and * search result pointers, which allows us to remove them after * all search results have been combined in memory. */ struct ldap_search_result { STAILQ_ENTRY(ldap_search_result) entries; LDAP *ldap; LDAPMessage *searchresult; }; STAILQ_HEAD(ldap_search_list, ldap_search_result); /* * The ldap_entry_wrapper structure is used to implement sorted result entries. * A double is used for the order to allow for insertion of new entries * without having to renumber everything. * Note: there is no standard floating point type in LDAP. * As a result, some LDAP servers will only allow an integer. */ struct ldap_entry_wrapper { LDAPMessage *entry; double order; }; /* * The ldap_result structure contains the list of matching searches as * well as an array of all result entries sorted by the sudoOrder attribute. */ struct ldap_result { struct ldap_search_list searches; struct ldap_entry_wrapper *entries; int allocated_entries; int nentries; int user_matches; int host_matches; }; #define ALLOCATION_INCREMENT 100 struct ldap_config_table { const char *conf_str; /* config file string */ int type; /* CONF_BOOL, CONF_INT, CONF_STR */ int opt_val; /* LDAP_OPT_* (or -1 for sudo internal) */ void *valp; /* pointer into ldap_conf */ }; struct ldap_config_str { STAILQ_ENTRY(ldap_config_str) entries; char val[1]; }; STAILQ_HEAD(ldap_config_str_list, ldap_config_str); /* LDAP configuration structure */ static struct ldap_config { int port; int version; int debug; int ldap_debug; int tls_checkpeer; int timelimit; int timeout; int bind_timelimit; int use_sasl; int rootuse_sasl; int ssl_mode; int timed; int deref; char *host; struct ldap_config_str_list uri; char *binddn; char *bindpw; char *rootbinddn; struct ldap_config_str_list base; char *search_filter; char *ssl; char *tls_cacertfile; char *tls_cacertdir; char *tls_random_file; char *tls_cipher_suite; char *tls_certfile; char *tls_keyfile; char *tls_keypw; char *sasl_auth_id; char *rootsasl_auth_id; char *sasl_secprops; char *krb5_ccname; } ldap_conf; static struct ldap_config_table ldap_conf_global[] = { { "sudoers_debug", CONF_INT, -1, &ldap_conf.debug }, { "host", CONF_STR, -1, &ldap_conf.host }, { "port", CONF_INT, -1, &ldap_conf.port }, { "ssl", CONF_STR, -1, &ldap_conf.ssl }, { "sslpath", CONF_STR, -1, &ldap_conf.tls_certfile }, { "uri", CONF_LIST_STR, -1, &ldap_conf.uri }, #ifdef LDAP_OPT_DEBUG_LEVEL { "debug", CONF_INT, LDAP_OPT_DEBUG_LEVEL, &ldap_conf.ldap_debug }, #endif #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT { "tls_checkpeer", CONF_BOOL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_conf.tls_checkpeer }, #else { "tls_checkpeer", CONF_BOOL, -1, &ldap_conf.tls_checkpeer }, #endif #ifdef LDAP_OPT_X_TLS_CACERTFILE { "tls_cacertfile", CONF_STR, LDAP_OPT_X_TLS_CACERTFILE, &ldap_conf.tls_cacertfile }, { "tls_cacert", CONF_STR, LDAP_OPT_X_TLS_CACERTFILE, &ldap_conf.tls_cacertfile }, #endif #ifdef LDAP_OPT_X_TLS_CACERTDIR { "tls_cacertdir", CONF_STR, LDAP_OPT_X_TLS_CACERTDIR, &ldap_conf.tls_cacertdir }, #endif #ifdef LDAP_OPT_X_TLS_RANDOM_FILE { "tls_randfile", CONF_STR, LDAP_OPT_X_TLS_RANDOM_FILE, &ldap_conf.tls_random_file }, #endif #ifdef LDAP_OPT_X_TLS_CIPHER_SUITE { "tls_ciphers", CONF_STR, LDAP_OPT_X_TLS_CIPHER_SUITE, &ldap_conf.tls_cipher_suite }, #elif defined(LDAP_OPT_SSL_CIPHER) { "tls_ciphers", CONF_STR, LDAP_OPT_SSL_CIPHER, &ldap_conf.tls_cipher_suite }, #endif #ifdef LDAP_OPT_X_TLS_CERTFILE { "tls_cert", CONF_STR, LDAP_OPT_X_TLS_CERTFILE, &ldap_conf.tls_certfile }, #else { "tls_cert", CONF_STR, -1, &ldap_conf.tls_certfile }, #endif #ifdef LDAP_OPT_X_TLS_KEYFILE { "tls_key", CONF_STR, LDAP_OPT_X_TLS_KEYFILE, &ldap_conf.tls_keyfile }, #else { "tls_key", CONF_STR, -1, &ldap_conf.tls_keyfile }, #endif #ifdef HAVE_LDAP_SSL_CLIENT_INIT { "tls_keypw", CONF_STR, -1, &ldap_conf.tls_keypw }, #endif { "binddn", CONF_STR, -1, &ldap_conf.binddn }, { "bindpw", CONF_STR, -1, &ldap_conf.bindpw }, { "rootbinddn", CONF_STR, -1, &ldap_conf.rootbinddn }, { "sudoers_base", CONF_LIST_STR, -1, &ldap_conf.base }, { "sudoers_timed", CONF_BOOL, -1, &ldap_conf.timed }, { "sudoers_search_filter", CONF_STR, -1, &ldap_conf.search_filter }, #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S { "use_sasl", CONF_BOOL, -1, &ldap_conf.use_sasl }, { "sasl_auth_id", CONF_STR, -1, &ldap_conf.sasl_auth_id }, { "rootuse_sasl", CONF_BOOL, -1, &ldap_conf.rootuse_sasl }, { "rootsasl_auth_id", CONF_STR, -1, &ldap_conf.rootsasl_auth_id }, { "krb5_ccname", CONF_STR, -1, &ldap_conf.krb5_ccname }, #endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */ { NULL } }; static struct ldap_config_table ldap_conf_conn[] = { #ifdef LDAP_OPT_PROTOCOL_VERSION { "ldap_version", CONF_INT, LDAP_OPT_PROTOCOL_VERSION, &ldap_conf.version }, #endif #ifdef LDAP_OPT_NETWORK_TIMEOUT { "bind_timelimit", CONF_INT, -1 /* needs timeval, set manually */, &ldap_conf.bind_timelimit }, { "network_timeout", CONF_INT, -1 /* needs timeval, set manually */, &ldap_conf.bind_timelimit }, #elif defined(LDAP_X_OPT_CONNECT_TIMEOUT) { "bind_timelimit", CONF_INT, LDAP_X_OPT_CONNECT_TIMEOUT, &ldap_conf.bind_timelimit }, { "network_timeout", CONF_INT, LDAP_X_OPT_CONNECT_TIMEOUT, &ldap_conf.bind_timelimit }, #endif { "timelimit", CONF_INT, LDAP_OPT_TIMELIMIT, &ldap_conf.timelimit }, #ifdef LDAP_OPT_TIMEOUT { "timeout", CONF_INT, -1 /* needs timeval, set manually */, &ldap_conf.timeout }, #endif #ifdef LDAP_OPT_DEREF { "deref", CONF_DEREF_VAL, LDAP_OPT_DEREF, &ldap_conf.deref }, #endif #ifdef LDAP_OPT_X_SASL_SECPROPS { "sasl_secprops", CONF_STR, LDAP_OPT_X_SASL_SECPROPS, &ldap_conf.sasl_secprops }, #endif { NULL } }; /* sudo_nss implementation */ static int sudo_ldap_open(struct sudo_nss *nss); static int sudo_ldap_close(struct sudo_nss *nss); static int sudo_ldap_parse(struct sudo_nss *nss); static int sudo_ldap_setdefs(struct sudo_nss *nss); static int sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag); static int sudo_ldap_display_cmnd(struct sudo_nss *nss, struct passwd *pw); static int sudo_ldap_display_defaults(struct sudo_nss *nss, struct passwd *pw, struct lbuf *lbuf); static int sudo_ldap_display_bound_defaults(struct sudo_nss *nss, struct passwd *pw, struct lbuf *lbuf); static int sudo_ldap_display_privs(struct sudo_nss *nss, struct passwd *pw, struct lbuf *lbuf); static struct ldap_result *sudo_ldap_result_get(struct sudo_nss *nss, struct passwd *pw); /* * LDAP sudo_nss handle. * We store the connection to the LDAP server, the cached ldap_result object * (if any), and the name of the user the query was performed for. * If a new query is launched with sudo_ldap_result_get() that specifies a * different user, the old cached result is freed before the new query is run. */ struct sudo_ldap_handle { LDAP *ld; struct ldap_result *result; char *username; struct group_list *grlist; }; struct sudo_nss sudo_nss_ldap = { { NULL, NULL }, sudo_ldap_open, sudo_ldap_close, sudo_ldap_parse, sudo_ldap_setdefs, sudo_ldap_lookup, sudo_ldap_display_cmnd, sudo_ldap_display_defaults, sudo_ldap_display_bound_defaults, sudo_ldap_display_privs }; #ifdef HAVE_LDAP_CREATE /* * Rebuild the hosts list and include a specific port for each host. * ldap_create() does not take a default port parameter so we must * append one if we want something other than LDAP_PORT. */ static void sudo_ldap_conf_add_ports(void) { char *host, *port, defport[13]; char hostbuf[LINE_MAX * 2]; int len; debug_decl(sudo_ldap_conf_add_ports, SUDO_DEBUG_LDAP) hostbuf[0] = '\0'; len = snprintf(defport, sizeof(defport), ":%d", ldap_conf.port); if (len <= 0 || (size_t)len >= sizeof(defport)) fatalx(U_("sudo_ldap_conf_add_ports: port too large")); for ((host = strtok(ldap_conf.host, " \t")); host; (host = strtok(NULL, " \t"))) { if (hostbuf[0] != '\0') { if (strlcat(hostbuf, " ", sizeof(hostbuf)) >= sizeof(hostbuf)) goto toobig; } if (strlcat(hostbuf, host, sizeof(hostbuf)) >= sizeof(hostbuf)) goto toobig; /* Append port if there is not one already. */ if ((port = strrchr(host, ':')) == NULL || !isdigit((unsigned char)port[1])) { if (strlcat(hostbuf, defport, sizeof(hostbuf)) >= sizeof(hostbuf)) goto toobig; } } efree(ldap_conf.host); ldap_conf.host = estrdup(hostbuf); debug_return; toobig: fatalx(U_("sudo_ldap_conf_add_ports: out of space expanding hostbuf")); } #endif #ifndef HAVE_LDAP_INITIALIZE /* * For each uri, convert to host:port pairs. For ldaps:// enable SSL * Accepts: uris of the form ldap:/// or ldap://hostname:portnum/ * where the trailing slash is optional. * Returns LDAP_SUCCESS on success, else non-zero. */ static int sudo_ldap_parse_uri(const struct ldap_config_str_list *uri_list) { const struct ldap_config_str *entry; char *buf, *uri, *host, *cp, *port; char hostbuf[LINE_MAX]; int nldap = 0, nldaps = 0; int rc = -1; debug_decl(sudo_ldap_parse_uri, SUDO_DEBUG_LDAP) hostbuf[0] = '\0'; STAILQ_FOREACH(entry, uri_list, entries) { buf = estrdup(entry->val); for ((uri = strtok(buf, " \t")); uri != NULL; (uri = strtok(NULL, " \t"))) { if (strncasecmp(uri, "ldap://", 7) == 0) { nldap++; host = uri + 7; } else if (strncasecmp(uri, "ldaps://", 8) == 0) { nldaps++; host = uri + 8; } else { warningx(U_("unsupported LDAP uri type: %s"), uri); goto done; } /* trim optional trailing slash */ if ((cp = strrchr(host, '/')) != NULL && cp[1] == '\0') { *cp = '\0'; } if (hostbuf[0] != '\0') { if (strlcat(hostbuf, " ", sizeof(hostbuf)) >= sizeof(hostbuf)) goto toobig; } if (*host == '\0') host = "localhost"; /* no host specified, use localhost */ if (strlcat(hostbuf, host, sizeof(hostbuf)) >= sizeof(hostbuf)) goto toobig; /* If using SSL and no port specified, add port 636 */ if (nldaps) { if ((port = strrchr(host, ':')) == NULL || !isdigit((unsigned char)port[1])) if (strlcat(hostbuf, ":636", sizeof(hostbuf)) >= sizeof(hostbuf)) goto toobig; } } if (nldaps != 0) { if (nldap != 0) { warningx(U_("unable to mix ldap and ldaps URIs")); goto done; } if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) warningx(U_("starttls not supported when using ldaps")); ldap_conf.ssl_mode = SUDO_LDAP_SSL; } efree(buf); } buf = NULL; /* Store parsed URI(s) in host for ldap_create() or ldap_init(). */ efree(ldap_conf.host); ldap_conf.host = estrdup(hostbuf); rc = LDAP_SUCCESS; done: efree(buf); debug_return_int(rc); toobig: fatalx(U_("sudo_ldap_parse_uri: out of space building hostbuf")); } #else static char * sudo_ldap_join_uri(struct ldap_config_str_list *uri_list) { struct ldap_config_str *uri; size_t len = 0; char *buf, *cp; debug_decl(sudo_ldap_join_uri, SUDO_DEBUG_LDAP) STAILQ_FOREACH(uri, uri_list, entries) { if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) { if (strncasecmp(uri->val, "ldaps://", 8) == 0) { warningx(U_("starttls not supported when using ldaps")); ldap_conf.ssl_mode = SUDO_LDAP_SSL; } } len += strlen(uri->val) + 1; } buf = cp = emalloc(len); buf[0] = '\0'; STAILQ_FOREACH(uri, uri_list, entries) { cp += strlcpy(cp, uri->val, len - (cp - buf)); *cp++ = ' '; } cp[-1] = '\0'; debug_return_str(buf); } #endif /* HAVE_LDAP_INITIALIZE */ /* * Wrapper for ldap_create() or ldap_init() that handles * SSL/TLS initialization as well. * Returns LDAP_SUCCESS on success, else non-zero. */ static int sudo_ldap_init(LDAP **ldp, const char *host, int port) { LDAP *ld; int rc = LDAP_CONNECT_ERROR; debug_decl(sudo_ldap_init, SUDO_DEBUG_LDAP) #ifdef HAVE_LDAPSSL_INIT if (ldap_conf.ssl_mode != SUDO_LDAP_CLEAR) { const int defsecure = ldap_conf.ssl_mode == SUDO_LDAP_SSL; DPRINTF2("ldapssl_clientauth_init(%s, %s)", ldap_conf.tls_certfile ? ldap_conf.tls_certfile : "NULL", ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL"); rc = ldapssl_clientauth_init(ldap_conf.tls_certfile, NULL, ldap_conf.tls_keyfile != NULL, ldap_conf.tls_keyfile, NULL); /* * Starting with version 5.0, Mozilla-derived LDAP SDKs require * the cert and key paths to be a directory, not a file. * If the user specified a file and it fails, try the parent dir. */ if (rc != LDAP_SUCCESS) { bool retry = false; if (ldap_conf.tls_certfile != NULL) { char *cp = strrchr(ldap_conf.tls_certfile, '/'); if (cp != NULL && strncmp(cp + 1, "cert", 4) == 0) { *cp = '\0'; retry = true; } } if (ldap_conf.tls_keyfile != NULL) { char *cp = strrchr(ldap_conf.tls_keyfile, '/'); if (cp != NULL && strncmp(cp + 1, "key", 3) == 0) { *cp = '\0'; retry = true; } } if (retry) { DPRINTF2("ldapssl_clientauth_init(%s, %s)", ldap_conf.tls_certfile ? ldap_conf.tls_certfile : "NULL", ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL"); rc = ldapssl_clientauth_init(ldap_conf.tls_certfile, NULL, ldap_conf.tls_keyfile != NULL, ldap_conf.tls_keyfile, NULL); } } if (rc != LDAP_SUCCESS) { warningx(U_("unable to initialize SSL cert and key db: %s"), ldapssl_err2string(rc)); if (ldap_conf.tls_certfile == NULL) warningx(U_("you must set TLS_CERT in %s to use SSL"), path_ldap_conf); goto done; } DPRINTF2("ldapssl_init(%s, %d, %d)", host, port, defsecure); if ((ld = ldapssl_init(host, port, defsecure)) != NULL) rc = LDAP_SUCCESS; } else #elif defined(HAVE_LDAP_SSL_INIT) && defined(HAVE_LDAP_SSL_CLIENT_INIT) if (ldap_conf.ssl_mode == SUDO_LDAP_SSL) { int sslrc; rc = ldap_ssl_client_init(ldap_conf.tls_keyfile, ldap_conf.tls_keypw, 0, &sslrc); if (rc != LDAP_SUCCESS) { warningx("ldap_ssl_client_init(): %s (SSL reason code %d)", ldap_err2string(rc), sslrc); goto done; } DPRINTF2("ldap_ssl_init(%s, %d, NULL)", host, port); if ((ld = ldap_ssl_init((char *)host, port, NULL)) != NULL) rc = LDAP_SUCCESS; } else #endif { #ifdef HAVE_LDAP_CREATE DPRINTF2("ldap_create()"); if ((rc = ldap_create(&ld)) != LDAP_SUCCESS) goto done; DPRINTF2("ldap_set_option(LDAP_OPT_HOST_NAME, %s)", host); rc = ldap_set_option(ld, LDAP_OPT_HOST_NAME, host); #else DPRINTF2("ldap_init(%s, %d)", host, port); if ((ld = ldap_init((char *)host, port)) == NULL) goto done; rc = LDAP_SUCCESS; #endif } *ldp = ld; done: debug_return_int(rc); } /* * Walk through search results and return true if we have a matching * non-Unix group (including netgroups), else false. */ static bool sudo_ldap_check_non_unix_group(LDAP *ld, LDAPMessage *entry, struct passwd *pw) { struct berval **bv, **p; char *val; int ret = false; debug_decl(sudo_ldap_check_non_unix_group, SUDO_DEBUG_LDAP) if (!entry) debug_return_bool(ret); /* get the values from the entry */ bv = ldap_get_values_len(ld, entry, "sudoUser"); if (bv == NULL) debug_return_bool(ret); /* walk through values */ for (p = bv; *p != NULL && !ret; p++) { val = (*p)->bv_val; if (*val == '+') { if (netgr_matches(val, NULL, NULL, pw->pw_name)) ret = true; DPRINTF2("ldap sudoUser netgroup '%s' ... %s", val, ret ? "MATCH!" : "not"); } else { if (group_plugin_query(pw->pw_name, val + 2, pw)) ret = true; DPRINTF2("ldap sudoUser non-Unix group '%s' ... %s", val, ret ? "MATCH!" : "not"); } } ldap_value_free_len(bv); /* cleanup */ debug_return_bool(ret); } /* * Walk through search results and return true if we have a * host match, else false. */ static bool sudo_ldap_check_host(LDAP *ld, LDAPMessage *entry) { struct berval **bv, **p; char *val; bool ret = false; debug_decl(sudo_ldap_check_host, SUDO_DEBUG_LDAP) if (!entry) debug_return_bool(ret); /* get the values from the entry */ bv = ldap_get_values_len(ld, entry, "sudoHost"); if (bv == NULL) debug_return_bool(ret); /* walk through values */ for (p = bv; *p != NULL && !ret; p++) { val = (*p)->bv_val; /* match any or address or netgroup or hostname */ if (!strcmp(val, "ALL") || addr_matches(val) || netgr_matches(val, user_host, user_shost, NULL) || hostname_matches(user_shost, user_host, val)) ret = true; DPRINTF2("ldap sudoHost '%s' ... %s", val, ret ? "MATCH!" : "not"); } ldap_value_free_len(bv); /* cleanup */ debug_return_bool(ret); } static int sudo_ldap_check_runas_user(LDAP *ld, LDAPMessage *entry) { struct berval **bv, **p; char *val; bool ret = false; debug_decl(sudo_ldap_check_runas_user, SUDO_DEBUG_LDAP) if (!runas_pw) debug_return_bool(UNSPEC); /* get the runas user from the entry */ bv = ldap_get_values_len(ld, entry, "sudoRunAsUser"); if (bv == NULL) bv = ldap_get_values_len(ld, entry, "sudoRunAs"); /* old style */ /* * BUG: * * if runas is not specified on the command line, the only information * as to which user to run as is in the runas_default option. We should * check to see if we have the local option present. Unfortunately we * don't parse these options until after this routine says yes or no. * The query has already returned, so we could peek at the attribute * values here though. * * For now just require users to always use -u option unless its set * in the global defaults. This behaviour is no different than the global * /etc/sudoers. * * Sigh - maybe add this feature later */ /* * If there are no runas entries, match runas_default against * what the user specified on the command line. */ if (bv == NULL) debug_return_bool(!strcasecmp(runas_pw->pw_name, def_runas_default)); /* walk through values returned, looking for a match */ for (p = bv; *p != NULL && !ret; p++) { val = (*p)->bv_val; switch (val[0]) { case '+': if (netgr_matches(val, NULL, NULL, runas_pw->pw_name)) ret = true; break; case '%': if (usergr_matches(val, runas_pw->pw_name, runas_pw)) ret = true; break; case 'A': if (strcmp(val, "ALL") == 0) { ret = true; break; } /* FALLTHROUGH */ default: if (userpw_matches(val, runas_pw->pw_name, runas_pw)) ret = true; break; } DPRINTF2("ldap sudoRunAsUser '%s' ... %s", val, ret ? "MATCH!" : "not"); } ldap_value_free_len(bv); /* cleanup */ debug_return_bool(ret); } static int sudo_ldap_check_runas_group(LDAP *ld, LDAPMessage *entry) { struct berval **bv, **p; char *val; bool ret = false; debug_decl(sudo_ldap_check_runas_group, SUDO_DEBUG_LDAP) /* runas_gr is only set if the user specified the -g flag */ if (!runas_gr) debug_return_bool(UNSPEC); /* get the values from the entry */ bv = ldap_get_values_len(ld, entry, "sudoRunAsGroup"); if (bv == NULL) debug_return_bool(ret); /* walk through values returned, looking for a match */ for (p = bv; *p != NULL && !ret; p++) { val = (*p)->bv_val; if (strcmp(val, "ALL") == 0 || group_matches(val, runas_gr)) ret = true; DPRINTF2("ldap sudoRunAsGroup '%s' ... %s", val, ret ? "MATCH!" : "not"); } ldap_value_free_len(bv); /* cleanup */ debug_return_bool(ret); } /* * Walk through search results and return true if we have a runas match, * else false. RunAs info is optional. */ static bool sudo_ldap_check_runas(LDAP *ld, LDAPMessage *entry) { bool ret; debug_decl(sudo_ldap_check_runas, SUDO_DEBUG_LDAP) if (!entry) debug_return_bool(false); ret = sudo_ldap_check_runas_user(ld, entry) != false && sudo_ldap_check_runas_group(ld, entry) != false; debug_return_bool(ret); } static struct sudo_digest * sudo_ldap_extract_digest(char **cmnd, struct sudo_digest *digest) { char *ep, *cp = *cmnd; int digest_type = SUDO_DIGEST_INVALID; debug_decl(sudo_ldap_check_command, SUDO_DEBUG_LDAP) /* * Check for and extract a digest prefix, e.g. * sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1 /bin/ls */ if (cp[0] == 's' && cp[1] == 'h' && cp[2] == 'a') { switch (cp[3]) { case '2': if (cp[4] == '2' && cp[5] == '4') digest_type = SUDO_DIGEST_SHA224; else if (cp[4] == '5' && cp[5] == '6') digest_type = SUDO_DIGEST_SHA256; break; case '3': if (cp[4] == '8' && cp[5] == '4') digest_type = SUDO_DIGEST_SHA384; break; case '5': if (cp[4] == '1' && cp[5] == '2') digest_type = SUDO_DIGEST_SHA512; break; } if (digest_type != SUDO_DIGEST_INVALID) { cp += 6; while (isblank((unsigned char)*cp)) cp++; if (*cp == ':') { cp++; while (isblank((unsigned char)*cp)) cp++; ep = cp; while (*ep != '\0' && !isblank((unsigned char)*ep)) ep++; if (*ep != '\0') { digest->digest_type = digest_type; digest->digest_str = estrndup(cp, (size_t)(ep - cp)); cp = ep + 1; while (isblank((unsigned char)*cp)) cp++; *cmnd = cp; DPRINTF1("%s digest %s for %s", digest_type == SUDO_DIGEST_SHA224 ? "sha224" : digest_type == SUDO_DIGEST_SHA256 ? "sha256" : digest_type == SUDO_DIGEST_SHA384 ? "sha384" : "sha512", digest->digest_str, cp); debug_return_ptr(digest); } } } } debug_return_ptr(NULL); } /* * Walk through search results and return true if we have a command match, * false if disallowed and UNSPEC if not matched. */ static int sudo_ldap_check_command(LDAP *ld, LDAPMessage *entry, int *setenv_implied) { struct sudo_digest digest, *allowed_digest = NULL; struct berval **bv, **p; char *allowed_cmnd, *allowed_args, *val; bool foundbang; int ret = UNSPEC; debug_decl(sudo_ldap_check_command, SUDO_DEBUG_LDAP) if (!entry) debug_return_bool(ret); bv = ldap_get_values_len(ld, entry, "sudoCommand"); if (bv == NULL) debug_return_bool(ret); for (p = bv; *p != NULL && ret != false; p++) { val = (*p)->bv_val; /* Match against ALL ? */ if (!strcmp(val, "ALL")) { ret = true; if (setenv_implied != NULL) *setenv_implied = true; DPRINTF2("ldap sudoCommand '%s' ... MATCH!", val); continue; } /* check for sha-2 digest */ allowed_digest = sudo_ldap_extract_digest(&val, &digest); /* check for !command */ if (*val == '!') { foundbang = true; allowed_cmnd = estrdup(1 + val); /* !command */ } else { foundbang = false; allowed_cmnd = estrdup(val); /* command */ } /* split optional args away from command */ allowed_args = strchr(allowed_cmnd, ' '); if (allowed_args) *allowed_args++ = '\0'; /* check the command like normal */ if (command_matches(allowed_cmnd, allowed_args, allowed_digest)) { /* * If allowed (no bang) set ret but keep on checking. * If disallowed (bang), exit loop. */ ret = foundbang ? false : true; } DPRINTF2("ldap sudoCommand '%s' ... %s", val, ret == true ? "MATCH!" : "not"); efree(allowed_cmnd); /* cleanup */ if (allowed_digest != NULL) efree(allowed_digest->digest_str); } ldap_value_free_len(bv); /* more cleanup */ debug_return_bool(ret); } /* * Search for boolean "option" in sudoOption. * Returns true if found and allowed, false if negated, else UNSPEC. */ static int sudo_ldap_check_bool(LDAP *ld, LDAPMessage *entry, char *option) { struct berval **bv, **p; char ch, *var; int ret = UNSPEC; debug_decl(sudo_ldap_check_bool, SUDO_DEBUG_LDAP) if (entry == NULL) debug_return_bool(ret); bv = ldap_get_values_len(ld, entry, "sudoOption"); if (bv == NULL) debug_return_bool(ret); /* walk through options */ for (p = bv; *p != NULL; p++) { var = (*p)->bv_val;; DPRINTF2("ldap sudoOption: '%s'", var); if ((ch = *var) == '!') var++; if (strcmp(var, option) == 0) ret = (ch != '!'); } ldap_value_free_len(bv); debug_return_bool(ret); } /* * Read sudoOption and modify the defaults as we go. This is used once * from the cn=defaults entry and also once when a final sudoRole is matched. */ static void sudo_ldap_parse_options(LDAP *ld, LDAPMessage *entry) { struct berval **bv, **p; char op, *var, *val; debug_decl(sudo_ldap_parse_options, SUDO_DEBUG_LDAP) if (entry == NULL) debug_return; bv = ldap_get_values_len(ld, entry, "sudoOption"); if (bv == NULL) debug_return; /* walk through options */ for (p = bv; *p != NULL; p++) { var = estrdup((*p)->bv_val); DPRINTF2("ldap sudoOption: '%s'", var); /* check for equals sign past first char */ val = strchr(var, '='); if (val > var) { *val++ = '\0'; /* split on = and truncate var */ op = *(val - 2); /* peek for += or -= cases */ if (op == '+' || op == '-') { *(val - 2) = '\0'; /* found, remove extra char */ /* case var+=val or var-=val */ set_default(var, val, (int) op); } else { /* case var=val */ set_default(var, val, true); } } else if (*var == '!') { /* case !var Boolean False */ set_default(var + 1, NULL, false); } else { /* case var Boolean True */ set_default(var, NULL, true); } efree(var); } ldap_value_free_len(bv); debug_return; } /* * Build an LDAP timefilter. * * Stores a filter in the buffer that makes sure only entries * are selected that have a sudoNotBefore in the past and a * sudoNotAfter in the future, i.e. a filter of the following * structure (spaced out a little more for better readability: * * (& * (| * (!(sudoNotAfter=*)) * (sudoNotAfter>__now__) * ) * (| * (!(sudoNotBefore=*)) * (sudoNotBefore<__now__) * ) * ) * * If either the sudoNotAfter or sudoNotBefore attributes are missing, * no time restriction shall be imposed. */ static int sudo_ldap_timefilter(char *buffer, size_t buffersize) { struct tm *tp; time_t now; char timebuffer[sizeof("20120727121554.0Z")]; int bytes = 0; debug_decl(sudo_ldap_timefilter, SUDO_DEBUG_LDAP) /* Make sure we have a formatted timestamp for __now__. */ time(&now); if ((tp = gmtime(&now)) == NULL) { warning(U_("unable to get GMT time")); goto done; } /* Format the timestamp according to the RFC. */ if (strftime(timebuffer, sizeof(timebuffer), "%Y%m%d%H%M%S.0Z", tp) == 0) { warningx(U_("unable to format timestamp")); goto done; } /* Build filter. */ bytes = snprintf(buffer, buffersize, "(&(|(!(sudoNotAfter=*))(sudoNotAfter>=%s))(|(!(sudoNotBefore=*))(sudoNotBefore<=%s)))", timebuffer, timebuffer); if (bytes <= 0 || (size_t)bytes >= buffersize) { warning(U_("unable to build time filter")); bytes = 0; } done: debug_return_int(bytes); } /* * Builds up a filter to search for default settings */ static char * sudo_ldap_build_default_filter(void) { char *filt; debug_decl(sudo_ldap_build_default_filter, SUDO_DEBUG_LDAP) if (ldap_conf.search_filter) easprintf(&filt, "(&%s(cn=defaults))", ldap_conf.search_filter); else filt = estrdup("cn=defaults"); debug_return_str(filt); } /* * Determine length of query value after escaping characters * as per RFC 4515. */ static size_t sudo_ldap_value_len(const char *value) { const char *s; size_t len = 0; for (s = value; *s != '\0'; s++) { switch (*s) { case '\\': case '(': case ')': case '*': len += 2; break; } } len += (size_t)(s - value); return len; } /* * Like strlcat() but escapes characters as per RFC 4515. */ static size_t sudo_ldap_value_cat(char *dst, const char *src, size_t size) { char *d = dst; const char *s = src; size_t n = size; size_t dlen; /* Find the end of dst and adjust bytes left but don't go past end */ while (n-- != 0 && *d != '\0') d++; dlen = d - dst; n = size - dlen; if (n == 0) return dlen + strlen(s); while (*s != '\0') { switch (*s) { case '\\': if (n < 3) goto done; *d++ = '\\'; *d++ = '5'; *d++ = 'c'; n -= 3; break; case '(': if (n < 3) goto done; *d++ = '\\'; *d++ = '2'; *d++ = '8'; n -= 3; break; case ')': if (n < 3) goto done; *d++ = '\\'; *d++ = '2'; *d++ = '9'; n -= 3; break; case '*': if (n < 3) goto done; *d++ = '\\'; *d++ = '2'; *d++ = 'a'; n -= 3; break; default: if (n < 1) goto done; *d++ = *s; n--; break; } s++; } done: *d = '\0'; while (*s != '\0') s++; return dlen + (s - src); /* count does not include NUL */ } /* * Builds up a filter to check against LDAP. */ static char * sudo_ldap_build_pass1(struct passwd *pw) { struct group *grp; char *buf, timebuffer[TIMEFILTER_LENGTH + 1], gidbuf[MAX_UID_T_LEN + 1]; struct group_list *grlist; size_t sz = 0; int i; debug_decl(sudo_ldap_build_pass1, SUDO_DEBUG_LDAP) /* If there is a filter, allocate space for the global AND. */ if (ldap_conf.timed || ldap_conf.search_filter) sz += 3; /* Add LDAP search filter if present. */ if (ldap_conf.search_filter) sz += strlen(ldap_conf.search_filter); /* Then add (|(sudoUser=USERNAME)(sudoUser=ALL)) + NUL */ sz += 29 + sudo_ldap_value_len(pw->pw_name); /* Add space for primary and supplementary groups and gids */ if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) { sz += 12 + sudo_ldap_value_len(grp->gr_name); } sz += 13 + MAX_UID_T_LEN; if ((grlist = sudo_get_grlist(pw)) != NULL) { for (i = 0; i < grlist->ngroups; i++) { if (grp != NULL && strcasecmp(grlist->groups[i], grp->gr_name) == 0) continue; sz += 12 + sudo_ldap_value_len(grlist->groups[i]); } for (i = 0; i < grlist->ngids; i++) { if (pw->pw_gid == grlist->gids[i]) continue; sz += 13 + MAX_UID_T_LEN; } } /* If timed, add space for time limits. */ if (ldap_conf.timed) sz += TIMEFILTER_LENGTH; buf = emalloc(sz); *buf = '\0'; /* * If timed or using a search filter, start a global AND clause to * contain the search filter, search criteria, and time restriction. */ if (ldap_conf.timed || ldap_conf.search_filter) (void) strlcpy(buf, "(&", sz); if (ldap_conf.search_filter) (void) strlcat(buf, ldap_conf.search_filter, sz); /* Global OR + sudoUser=user_name filter */ (void) strlcat(buf, "(|(sudoUser=", sz); (void) sudo_ldap_value_cat(buf, pw->pw_name, sz); (void) strlcat(buf, ")", sz); /* Append primary group and gid */ if (grp != NULL) { (void) strlcat(buf, "(sudoUser=%", sz); (void) sudo_ldap_value_cat(buf, grp->gr_name, sz); (void) strlcat(buf, ")", sz); } (void) snprintf(gidbuf, sizeof(gidbuf), "%u", (unsigned int)pw->pw_gid); (void) strlcat(buf, "(sudoUser=%#", sz); (void) strlcat(buf, gidbuf, sz); (void) strlcat(buf, ")", sz); /* Append supplementary groups and gids */ if (grlist != NULL) { for (i = 0; i < grlist->ngroups; i++) { if (grp != NULL && strcasecmp(grlist->groups[i], grp->gr_name) == 0) continue; (void) strlcat(buf, "(sudoUser=%", sz); (void) sudo_ldap_value_cat(buf, grlist->groups[i], sz); (void) strlcat(buf, ")", sz); } for (i = 0; i < grlist->ngids; i++) { if (pw->pw_gid == grlist->gids[i]) continue; (void) snprintf(gidbuf, sizeof(gidbuf), "%u", (unsigned int)grlist->gids[i]); (void) strlcat(buf, "(sudoUser=%#", sz); (void) strlcat(buf, gidbuf, sz); (void) strlcat(buf, ")", sz); } } /* Done with groups. */ if (grlist != NULL) sudo_grlist_delref(grlist); if (grp != NULL) sudo_gr_delref(grp); /* Add ALL to list and end the global OR */ if (strlcat(buf, "(sudoUser=ALL)", sz) >= sz) fatalx(U_("sudo_ldap_build_pass1 allocation mismatch")); /* Add the time restriction, or simply end the global OR. */ if (ldap_conf.timed) { strlcat(buf, ")", sz); /* closes the global OR */ sudo_ldap_timefilter(timebuffer, sizeof(timebuffer)); strlcat(buf, timebuffer, sz); } else if (ldap_conf.search_filter) { strlcat(buf, ")", sz); /* closes the global OR */ } strlcat(buf, ")", sz); /* closes the global OR or the global AND */ debug_return_str(buf); } /* * Builds up a filter to check against non-Unix group * entries in LDAP, including netgroups. */ static char * sudo_ldap_build_pass2(void) { char *filt, timebuffer[TIMEFILTER_LENGTH + 1]; debug_decl(sudo_ldap_build_pass2, SUDO_DEBUG_LDAP) if (ldap_conf.timed) sudo_ldap_timefilter(timebuffer, sizeof(timebuffer)); /* * Match all sudoUsers beginning with '+' or '%:'. * If a search filter or time restriction is specified, * those get ANDed in to the expression. */ if (def_group_plugin) { easprintf(&filt, "%s%s(|(sudoUser=+*)(sudoUser=%%:*))%s%s", (ldap_conf.timed || ldap_conf.search_filter) ? "(&" : "", ldap_conf.search_filter ? ldap_conf.search_filter : "", ldap_conf.timed ? timebuffer : "", (ldap_conf.timed || ldap_conf.search_filter) ? ")" : ""); } else { easprintf(&filt, "%s%s(sudoUser=+*)%s%s", (ldap_conf.timed || ldap_conf.search_filter) ? "(&" : "", ldap_conf.search_filter ? ldap_conf.search_filter : "", ldap_conf.timed ? timebuffer : "", (ldap_conf.timed || ldap_conf.search_filter) ? ")" : ""); } debug_return_str(filt); } static void sudo_ldap_read_secret(const char *path) { FILE *fp; char buf[LINE_MAX], *cp; debug_decl(sudo_ldap_read_secret, SUDO_DEBUG_LDAP) if ((fp = fopen(path_ldap_secret, "r")) != NULL) { if (fgets(buf, sizeof(buf), fp) != NULL) { if ((cp = strchr(buf, '\n')) != NULL) *cp = '\0'; /* copy to bindpw and binddn */ efree(ldap_conf.bindpw); ldap_conf.bindpw = estrdup(buf); efree(ldap_conf.binddn); ldap_conf.binddn = ldap_conf.rootbinddn; ldap_conf.rootbinddn = NULL; } fclose(fp); } debug_return; } /* * Look up keyword in config tables. * Returns true if found, else false. */ static bool sudo_ldap_parse_keyword(const char *keyword, const char *value, struct ldap_config_table *table) { struct ldap_config_table *cur; const char *errstr; debug_decl(sudo_ldap_parse_keyword, SUDO_DEBUG_LDAP) /* Look up keyword in config tables */ for (cur = table; cur->conf_str != NULL; cur++) { if (strcasecmp(keyword, cur->conf_str) == 0) { switch (cur->type) { case CONF_DEREF_VAL: if (strcasecmp(value, "searching") == 0) *(int *)(cur->valp) = LDAP_DEREF_SEARCHING; else if (strcasecmp(value, "finding") == 0) *(int *)(cur->valp) = LDAP_DEREF_FINDING; else if (strcasecmp(value, "always") == 0) *(int *)(cur->valp) = LDAP_DEREF_ALWAYS; else *(int *)(cur->valp) = LDAP_DEREF_NEVER; break; case CONF_BOOL: *(int *)(cur->valp) = atobool(value) == true; break; case CONF_INT: *(int *)(cur->valp) = strtonum(value, INT_MIN, INT_MAX, &errstr); if (errstr != NULL) { warningx(U_("%s: %s: %s: %s"), path_ldap_conf, keyword, value, U_(errstr)); } break; case CONF_STR: efree(*(char **)(cur->valp)); *(char **)(cur->valp) = estrdup(value); break; case CONF_LIST_STR: { struct ldap_config_str_list *head; struct ldap_config_str *str; size_t len = strlen(value); if (len > 0) { head = (struct ldap_config_str_list *)cur->valp; str = emalloc(sizeof(*str) + len); memcpy(str->val, value, len + 1); STAILQ_INSERT_TAIL(head, str, entries); } } break; } debug_return_bool(true); } } debug_return_bool(false); } #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S static const char * sudo_krb5_ccname_path(const char *old_ccname) { const char *ccname = old_ccname; debug_decl(sudo_krb5_ccname_path, SUDO_DEBUG_LDAP) /* Strip off leading FILE: or WRFILE: prefix. */ switch (ccname[0]) { case 'F': case 'f': if (strncasecmp(ccname, "FILE:", 5) == 0) ccname += 5; break; case 'W': case 'w': if (strncasecmp(ccname, "WRFILE:", 7) == 0) ccname += 7; break; } sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "ccache %s -> %s", old_ccname, ccname); /* Credential cache must be a fully-qualified path name. */ debug_return_const_str(*ccname == '/' ? ccname : NULL); } static bool sudo_check_krb5_ccname(const char *ccname) { int fd = -1; const char *ccname_path; debug_decl(sudo_check_krb5_ccname, SUDO_DEBUG_LDAP) /* Strip off prefix to get path name. */ ccname_path = sudo_krb5_ccname_path(ccname); if (ccname_path == NULL) { sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, "unsupported krb5 credential cache path: %s", ccname); debug_return_bool(false); } /* Make sure credential cache is fully-qualified and exists. */ fd = open(ccname_path, O_RDONLY|O_NONBLOCK, 0); if (fd == -1) { sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, "unable to open krb5 credential cache: %s", ccname_path); debug_return_bool(false); } close(fd); sudo_debug_printf(SUDO_DEBUG_INFO, "using krb5 credential cache: %s", ccname_path); debug_return_bool(true); } #endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */ static bool sudo_ldap_read_config(void) { FILE *fp; char *cp, *keyword, *value, *line = NULL; size_t linesize = 0; debug_decl(sudo_ldap_read_config, SUDO_DEBUG_LDAP) /* defaults */ ldap_conf.version = 3; ldap_conf.port = -1; ldap_conf.tls_checkpeer = -1; ldap_conf.timelimit = -1; ldap_conf.timeout = -1; ldap_conf.bind_timelimit = -1; ldap_conf.use_sasl = -1; ldap_conf.rootuse_sasl = -1; ldap_conf.deref = -1; STAILQ_INIT(&ldap_conf.uri); STAILQ_INIT(&ldap_conf.base); if ((fp = fopen(path_ldap_conf, "r")) == NULL) debug_return_bool(false); while (sudo_parseln(&line, &linesize, NULL, fp) != -1) { if (*line == '\0') continue; /* skip empty line */ /* split into keyword and value */ keyword = cp = line; while (*cp && !isblank((unsigned char) *cp)) cp++; if (*cp) *cp++ = '\0'; /* terminate keyword */ /* skip whitespace before value */ while (isblank((unsigned char) *cp)) cp++; value = cp; /* Look up keyword in config tables */ if (!sudo_ldap_parse_keyword(keyword, value, ldap_conf_global)) sudo_ldap_parse_keyword(keyword, value, ldap_conf_conn); } free(line); fclose(fp); if (!ldap_conf.host) ldap_conf.host = estrdup("localhost"); DPRINTF1("LDAP Config Summary"); DPRINTF1("==================="); if (!STAILQ_EMPTY(&ldap_conf.uri)) { struct ldap_config_str *uri; STAILQ_FOREACH(uri, &ldap_conf.uri, entries) { DPRINTF1("uri %s", uri->val); } } else { DPRINTF1("host %s", ldap_conf.host ? ldap_conf.host : "(NONE)"); DPRINTF1("port %d", ldap_conf.port); } DPRINTF1("ldap_version %d", ldap_conf.version); if (!STAILQ_EMPTY(&ldap_conf.base)) { struct ldap_config_str *base; STAILQ_FOREACH(base, &ldap_conf.base, entries) { DPRINTF1("sudoers_base %s", base->val); } } else { DPRINTF1("sudoers_base %s", "(NONE: LDAP disabled)"); } if (ldap_conf.search_filter) { DPRINTF1("search_filter %s", ldap_conf.search_filter); } DPRINTF1("binddn %s", ldap_conf.binddn ? ldap_conf.binddn : "(anonymous)"); DPRINTF1("bindpw %s", ldap_conf.bindpw ? ldap_conf.bindpw : "(anonymous)"); if (ldap_conf.bind_timelimit > 0) { DPRINTF1("bind_timelimit %d", ldap_conf.bind_timelimit); } if (ldap_conf.timelimit > 0) { DPRINTF1("timelimit %d", ldap_conf.timelimit); } if (ldap_conf.deref != -1) { DPRINTF1("deref %d", ldap_conf.deref); } DPRINTF1("ssl %s", ldap_conf.ssl ? ldap_conf.ssl : "(no)"); if (ldap_conf.tls_checkpeer != -1) { DPRINTF1("tls_checkpeer %s", ldap_conf.tls_checkpeer ? "(yes)" : "(no)"); } if (ldap_conf.tls_cacertfile != NULL) { DPRINTF1("tls_cacertfile %s", ldap_conf.tls_cacertfile); } if (ldap_conf.tls_cacertdir != NULL) { DPRINTF1("tls_cacertdir %s", ldap_conf.tls_cacertdir); } if (ldap_conf.tls_random_file != NULL) { DPRINTF1("tls_random_file %s", ldap_conf.tls_random_file); } if (ldap_conf.tls_cipher_suite != NULL) { DPRINTF1("tls_cipher_suite %s", ldap_conf.tls_cipher_suite); } if (ldap_conf.tls_certfile != NULL) { DPRINTF1("tls_certfile %s", ldap_conf.tls_certfile); } if (ldap_conf.tls_keyfile != NULL) { DPRINTF1("tls_keyfile %s", ldap_conf.tls_keyfile); } #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S if (ldap_conf.use_sasl != -1) { DPRINTF1("use_sasl %s", ldap_conf.use_sasl ? "yes" : "no"); DPRINTF1("sasl_auth_id %s", ldap_conf.sasl_auth_id ? ldap_conf.sasl_auth_id : "(NONE)"); DPRINTF1("rootuse_sasl %d", ldap_conf.rootuse_sasl); DPRINTF1("rootsasl_auth_id %s", ldap_conf.rootsasl_auth_id ? ldap_conf.rootsasl_auth_id : "(NONE)"); DPRINTF1("sasl_secprops %s", ldap_conf.sasl_secprops ? ldap_conf.sasl_secprops : "(NONE)"); DPRINTF1("krb5_ccname %s", ldap_conf.krb5_ccname ? ldap_conf.krb5_ccname : "(NONE)"); } #endif DPRINTF1("==================="); if (STAILQ_EMPTY(&ldap_conf.base)) debug_return_bool(false); /* if no base is defined, ignore LDAP */ if (ldap_conf.bind_timelimit > 0) ldap_conf.bind_timelimit *= 1000; /* convert to ms */ /* * Interpret SSL option */ if (ldap_conf.ssl != NULL) { if (strcasecmp(ldap_conf.ssl, "start_tls") == 0) ldap_conf.ssl_mode = SUDO_LDAP_STARTTLS; else if (atobool(ldap_conf.ssl) == true) ldap_conf.ssl_mode = SUDO_LDAP_SSL; } #if defined(HAVE_LDAPSSL_SET_STRENGTH) && !defined(LDAP_OPT_X_TLS_REQUIRE_CERT) if (ldap_conf.tls_checkpeer != -1) { ldapssl_set_strength(NULL, ldap_conf.tls_checkpeer ? LDAPSSL_AUTH_CERT : LDAPSSL_AUTH_WEAK); } #endif #ifndef HAVE_LDAP_INITIALIZE /* Convert uri list to host list if no ldap_initialize(). */ if (!STAILQ_EMPTY(&ldap_conf.uri)) { struct ldap_config_str *uri; if (sudo_ldap_parse_uri(&ldap_conf.uri) != LDAP_SUCCESS) debug_return_bool(false); while ((uri = STAILQ_FIRST(&ldap_conf.uri)) != NULL) { STAILQ_REMOVE_HEAD(&ldap_conf.uri, entries); efree(uri); } ldap_conf.port = LDAP_PORT; } #endif if (STAILQ_EMPTY(&ldap_conf.uri)) { /* Use port 389 for plaintext LDAP and port 636 for SSL LDAP */ if (ldap_conf.port < 0) ldap_conf.port = ldap_conf.ssl_mode == SUDO_LDAP_SSL ? LDAPS_PORT : LDAP_PORT; #ifdef HAVE_LDAP_CREATE /* * Cannot specify port directly to ldap_create(), each host must * include :port to override the default. */ if (ldap_conf.port != LDAP_PORT) sudo_ldap_conf_add_ports(); #endif } /* If search filter is not parenthesized, make it so. */ if (ldap_conf.search_filter && ldap_conf.search_filter[0] != '(') { size_t len = strlen(ldap_conf.search_filter); cp = ldap_conf.search_filter; ldap_conf.search_filter = emalloc(len + 3); ldap_conf.search_filter[0] = '('; memcpy(ldap_conf.search_filter + 1, cp, len); ldap_conf.search_filter[len + 1] = ')'; ldap_conf.search_filter[len + 2] = '\0'; efree(cp); } /* If rootbinddn set, read in /etc/ldap.secret if it exists. */ if (ldap_conf.rootbinddn) sudo_ldap_read_secret(path_ldap_secret); #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S /* * Make sure we can open the file specified by krb5_ccname. */ if (ldap_conf.krb5_ccname != NULL) { if (!sudo_check_krb5_ccname(ldap_conf.krb5_ccname)) ldap_conf.krb5_ccname = NULL; } #endif debug_return_bool(true); } /* * Extract the dn from an entry and return the first rdn from it. */ static char * sudo_ldap_get_first_rdn(LDAP *ld, LDAPMessage *entry) { #ifdef HAVE_LDAP_STR2DN char *dn, *rdn = NULL; LDAPDN tmpDN; debug_decl(sudo_ldap_get_first_rdn, SUDO_DEBUG_LDAP) if ((dn = ldap_get_dn(ld, entry)) == NULL) debug_return_str(NULL); if (ldap_str2dn(dn, &tmpDN, LDAP_DN_FORMAT_LDAP) == LDAP_SUCCESS) { ldap_rdn2str(tmpDN[0], &rdn, LDAP_DN_FORMAT_UFN); ldap_dnfree(tmpDN); } ldap_memfree(dn); debug_return_str(rdn); #else char *dn, **edn; debug_decl(sudo_ldap_get_first_rdn, SUDO_DEBUG_LDAP) if ((dn = ldap_get_dn(ld, entry)) == NULL) return NULL; edn = ldap_explode_dn(dn, 1); ldap_memfree(dn); debug_return_str(edn ? edn[0] : NULL); #endif } /* * Fetch and display the global Options. */ static int sudo_ldap_display_defaults(struct sudo_nss *nss, struct passwd *pw, struct lbuf *lbuf) { struct berval **bv, **p; struct timeval tv, *tvp = NULL; struct ldap_config_str *base; struct sudo_ldap_handle *handle = nss->handle; LDAP *ld; LDAPMessage *entry, *result; char *prefix, *filt; int rc, count = 0; debug_decl(sudo_ldap_display_defaults, SUDO_DEBUG_LDAP) if (handle == NULL || handle->ld == NULL) goto done; ld = handle->ld; filt = sudo_ldap_build_default_filter(); STAILQ_FOREACH(base, &ldap_conf.base, entries) { if (ldap_conf.timeout > 0) { tv.tv_sec = ldap_conf.timeout; tv.tv_usec = 0; tvp = &tv; } result = NULL; rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt, NULL, 0, NULL, NULL, tvp, 0, &result); if (rc == LDAP_SUCCESS && (entry = ldap_first_entry(ld, result))) { bv = ldap_get_values_len(ld, entry, "sudoOption"); if (bv != NULL) { if (lbuf->len == 0 || isspace((unsigned char)lbuf->buf[lbuf->len - 1])) prefix = " "; else prefix = ", "; for (p = bv; *p != NULL; p++) { lbuf_append(lbuf, "%s%s", prefix, (*p)->bv_val); prefix = ", "; count++; } ldap_value_free_len(bv); } } if (result) ldap_msgfree(result); } efree(filt); done: debug_return_int(count); } /* * STUB */ static int sudo_ldap_display_bound_defaults(struct sudo_nss *nss, struct passwd *pw, struct lbuf *lbuf) { debug_decl(sudo_ldap_display_bound_defaults, SUDO_DEBUG_LDAP) debug_return_int(0); } /* * Print a record in the short form, ala file sudoers. */ static int sudo_ldap_display_entry_short(LDAP *ld, LDAPMessage *entry, struct lbuf *lbuf) { struct berval **bv, **p; int count = 0; debug_decl(sudo_ldap_display_entry_short, SUDO_DEBUG_LDAP) lbuf_append(lbuf, " ("); /* get the RunAsUser Values from the entry */ bv = ldap_get_values_len(ld, entry, "sudoRunAsUser"); if (bv == NULL) bv = ldap_get_values_len(ld, entry, "sudoRunAs"); if (bv != NULL) { for (p = bv; *p != NULL; p++) { lbuf_append(lbuf, "%s%s", p != bv ? ", " : "", (*p)->bv_val); } ldap_value_free_len(bv); } else lbuf_append(lbuf, "%s", def_runas_default); /* get the RunAsGroup Values from the entry */ bv = ldap_get_values_len(ld, entry, "sudoRunAsGroup"); if (bv != NULL) { lbuf_append(lbuf, " : "); for (p = bv; *p != NULL; p++) { lbuf_append(lbuf, "%s%s", p != bv ? ", " : "", (*p)->bv_val); } ldap_value_free_len(bv); } lbuf_append(lbuf, ") "); /* get the Option Values from the entry */ bv = ldap_get_values_len(ld, entry, "sudoOption"); if (bv != NULL) { for (p = bv; *p != NULL; p++) { char *cp = (*p)->bv_val; if (*cp == '!') cp++; if (strcmp(cp, "authenticate") == 0) lbuf_append(lbuf, (*p)->bv_val[0] == '!' ? "NOPASSWD: " : "PASSWD: "); else if (strcmp(cp, "noexec") == 0) lbuf_append(lbuf, (*p)->bv_val[0] == '!' ? "EXEC: " : "NOEXEC: "); else if (strcmp(cp, "setenv") == 0) lbuf_append(lbuf, (*p)->bv_val[0] == '!' ? "NOSETENV: " : "SETENV: "); } ldap_value_free_len(bv); } /* get the Command Values from the entry */ bv = ldap_get_values_len(ld, entry, "sudoCommand"); if (bv != NULL) { for (p = bv; *p != NULL; p++) { lbuf_append(lbuf, "%s%s", p != bv ? ", " : "", (*p)->bv_val); count++; } ldap_value_free_len(bv); } lbuf_append(lbuf, "\n"); debug_return_int(count); } /* * Print a record in the long form. */ static int sudo_ldap_display_entry_long(LDAP *ld, LDAPMessage *entry, struct lbuf *lbuf) { struct berval **bv, **p; char *rdn; int count = 0; debug_decl(sudo_ldap_display_entry_long, SUDO_DEBUG_LDAP) /* extract the dn, only show the first rdn */ rdn = sudo_ldap_get_first_rdn(ld, entry); if (rdn != NULL) lbuf_append(lbuf, _("\nLDAP Role: %s\n"), rdn); else lbuf_append(lbuf, _("\nLDAP Role: UNKNOWN\n")); if (rdn) ldap_memfree(rdn); /* get the RunAsUser Values from the entry */ lbuf_append(lbuf, " RunAsUsers: "); bv = ldap_get_values_len(ld, entry, "sudoRunAsUser"); if (bv == NULL) bv = ldap_get_values_len(ld, entry, "sudoRunAs"); if (bv != NULL) { for (p = bv; *p != NULL; p++) { lbuf_append(lbuf, "%s%s", p != bv ? ", " : "", (*p)->bv_val); } ldap_value_free_len(bv); } else lbuf_append(lbuf, "%s", def_runas_default); lbuf_append(lbuf, "\n"); /* get the RunAsGroup Values from the entry */ bv = ldap_get_values_len(ld, entry, "sudoRunAsGroup"); if (bv != NULL) { lbuf_append(lbuf, " RunAsGroups: "); for (p = bv; *p != NULL; p++) { lbuf_append(lbuf, "%s%s", p != bv ? ", " : "", (*p)->bv_val); } ldap_value_free_len(bv); lbuf_append(lbuf, "\n"); } /* get the Option Values from the entry */ bv = ldap_get_values_len(ld, entry, "sudoOption"); if (bv != NULL) { lbuf_append(lbuf, " Options: "); for (p = bv; *p != NULL; p++) { lbuf_append(lbuf, "%s%s", p != bv ? ", " : "", (*p)->bv_val); } ldap_value_free_len(bv); lbuf_append(lbuf, "\n"); } /* * Display order attribute if present. This attribute is single valued, * so there is no need for a loop. */ bv = ldap_get_values_len(ld, entry, "sudoOrder"); if (bv != NULL) { if (*bv != NULL) { lbuf_append(lbuf, _(" Order: %s\n"), (*bv)->bv_val); } ldap_value_free_len(bv); } /* Get the command values from the entry. */ bv = ldap_get_values_len(ld, entry, "sudoCommand"); if (bv != NULL) { lbuf_append(lbuf, _(" Commands:\n")); for (p = bv; *p != NULL; p++) { lbuf_append(lbuf, "\t%s\n", (*p)->bv_val); count++; } ldap_value_free_len(bv); } debug_return_int(count); } /* * Like sudo_ldap_lookup(), except we just print entries. */ static int sudo_ldap_display_privs(struct sudo_nss *nss, struct passwd *pw, struct lbuf *lbuf) { struct sudo_ldap_handle *handle = nss->handle; LDAP *ld; struct ldap_result *lres; LDAPMessage *entry; int i, count = 0; debug_decl(sudo_ldap_display_privs, SUDO_DEBUG_LDAP) if (handle == NULL || handle->ld == NULL) goto done; ld = handle->ld; DPRINTF1("ldap search for command list"); lres = sudo_ldap_result_get(nss, pw); /* Display all matching entries. */ for (i = 0; i < lres->nentries; i++) { entry = lres->entries[i].entry; if (long_list) count += sudo_ldap_display_entry_long(ld, entry, lbuf); else count += sudo_ldap_display_entry_short(ld, entry, lbuf); } done: debug_return_int(count); } static int sudo_ldap_display_cmnd(struct sudo_nss *nss, struct passwd *pw) { struct sudo_ldap_handle *handle = nss->handle; LDAP *ld; struct ldap_result *lres; LDAPMessage *entry; bool found = false; int i; debug_decl(sudo_ldap_display_cmnd, SUDO_DEBUG_LDAP) if (handle == NULL || handle->ld == NULL) goto done; ld = handle->ld; /* * The sudo_ldap_result_get() function returns all nodes that match * the user and the host. */ DPRINTF1("ldap search for command list"); lres = sudo_ldap_result_get(nss, pw); for (i = 0; i < lres->nentries; i++) { entry = lres->entries[i].entry; if (sudo_ldap_check_command(ld, entry, NULL) && sudo_ldap_check_runas(ld, entry)) { found = true; goto done; } } done: if (found) printf("%s%s%s\n", safe_cmnd ? safe_cmnd : user_cmnd, user_args ? " " : "", user_args ? user_args : ""); debug_return_bool(!found); } #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S static unsigned int (*sudo_gss_krb5_ccache_name)(unsigned int *minor_status, const char *name, const char **old_name); static int sudo_set_krb5_ccache_name(const char *name, const char **old_name) { int rc = 0; unsigned int junk; static bool initialized; debug_decl(sudo_set_krb5_ccache_name, SUDO_DEBUG_LDAP) if (!initialized) { sudo_gss_krb5_ccache_name = sudo_dso_findsym(SUDO_DSO_DEFAULT, "gss_krb5_ccache_name"); initialized = true; } /* * Try to use gss_krb5_ccache_name() if possible. * We also need to set KRB5CCNAME since some LDAP libs may not use * gss_krb5_ccache_name(). */ if (sudo_gss_krb5_ccache_name != NULL) { rc = sudo_gss_krb5_ccache_name(&junk, name, old_name); } else { /* No gss_krb5_ccache_name(), fall back on KRB5CCNAME. */ if (old_name != NULL) *old_name = sudo_getenv("KRB5CCNAME"); } if (name != NULL && *name != '\0') sudo_setenv("KRB5CCNAME", name, true); else sudo_unsetenv("KRB5CCNAME"); debug_return_int(rc); } /* * Make a copy of the credential cache file specified by KRB5CCNAME * which must be readable by the user. The resulting cache file * is root-owned and will be removed after authenticating via SASL. */ static char * sudo_krb5_copy_cc_file(const char *old_ccname) { int ofd, nfd; ssize_t nread, nwritten = -1; static char new_ccname[sizeof(_PATH_TMP) + sizeof("sudocc_XXXXXXXX") - 1]; char buf[10240], *ret = NULL; debug_decl(sudo_krb5_copy_cc_file, SUDO_DEBUG_LDAP) old_ccname = sudo_krb5_ccname_path(old_ccname); if (old_ccname != NULL) { /* Open credential cache as user to prevent stolen creds. */ set_perms(PERM_USER); ofd = open(old_ccname, O_RDONLY|O_NONBLOCK); restore_perms(); if (ofd != -1) { (void) fcntl(ofd, F_SETFL, 0); if (lock_file(ofd, SUDO_LOCK)) { snprintf(new_ccname, sizeof(new_ccname), "%s%s", _PATH_TMP, "sudocc_XXXXXXXX"); nfd = mkstemp(new_ccname); if (nfd != -1) { sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "copy ccache %s -> %s", old_ccname, new_ccname); while ((nread = read(ofd, buf, sizeof(buf))) > 0) { ssize_t off = 0; do { nwritten = write(nfd, buf + off, nread - off); if (nwritten == -1) { warning("error writing to %s", new_ccname); goto write_error; } off += nwritten; } while (off < nread); } if (nread == -1) warning("unable to read %s", new_ccname); write_error: close(nfd); if (nread != -1 && nwritten != -1) { ret = new_ccname; /* success! */ } else { unlink(new_ccname); /* failed */ } } else { warning("unable to create temp file %s", new_ccname); } } close(ofd); } else { sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, "unable to open %s", old_ccname); } } debug_return_str(ret); } static int sudo_ldap_sasl_interact(LDAP *ld, unsigned int flags, void *_auth_id, void *_interact) { char *auth_id = (char *)_auth_id; sasl_interact_t *interact = (sasl_interact_t *)_interact; int rc = LDAP_SUCCESS; debug_decl(sudo_ldap_sasl_interact, SUDO_DEBUG_LDAP) for (; interact->id != SASL_CB_LIST_END; interact++) { if (interact->id != SASL_CB_USER) { warningx("sudo_ldap_sasl_interact: unexpected interact id %lu", interact->id); rc = LDAP_PARAM_ERROR; break; } if (auth_id != NULL) interact->result = auth_id; else if (interact->defresult != NULL) interact->result = interact->defresult; else interact->result = ""; interact->len = strlen(interact->result); #if SASL_VERSION_MAJOR < 2 interact->result = strdup(interact->result); if (interact->result == NULL) { rc = LDAP_NO_MEMORY; break; } #endif /* SASL_VERSION_MAJOR < 2 */ DPRINTF2("sudo_ldap_sasl_interact: SASL_CB_USER %s", (const char *)interact->result); } debug_return_int(rc); } #endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */ /* * Set LDAP options from the specified options table * Returns LDAP_SUCCESS on success, else non-zero. */ static int sudo_ldap_set_options_table(LDAP *ld, struct ldap_config_table *table) { struct ldap_config_table *cur; int ival, rc, errors = 0; char *sval; debug_decl(sudo_ldap_set_options_table, SUDO_DEBUG_LDAP) for (cur = table; cur->conf_str != NULL; cur++) { if (cur->opt_val == -1) continue; switch (cur->type) { case CONF_BOOL: case CONF_INT: ival = *(int *)(cur->valp); if (ival >= 0) { DPRINTF1("ldap_set_option: %s -> %d", cur->conf_str, ival); rc = ldap_set_option(ld, cur->opt_val, &ival); if (rc != LDAP_OPT_SUCCESS) { warningx("ldap_set_option: %s -> %d: %s", cur->conf_str, ival, ldap_err2string(rc)); errors++; } } break; case CONF_STR: sval = *(char **)(cur->valp); if (sval != NULL) { DPRINTF1("ldap_set_option: %s -> %s", cur->conf_str, sval); rc = ldap_set_option(ld, cur->opt_val, sval); if (rc != LDAP_OPT_SUCCESS) { warningx("ldap_set_option: %s -> %s: %s", cur->conf_str, sval, ldap_err2string(rc)); errors++; } } break; } } debug_return_int(errors ? -1 : LDAP_SUCCESS); } /* * Set LDAP options based on the global config table. * Returns LDAP_SUCCESS on success, else non-zero. */ static int sudo_ldap_set_options_global(void) { int rc; debug_decl(sudo_ldap_set_options_global, SUDO_DEBUG_LDAP) /* Set ber options */ #ifdef LBER_OPT_DEBUG_LEVEL if (ldap_conf.ldap_debug) ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, &ldap_conf.ldap_debug); #endif /* Parse global LDAP options table. */ rc = sudo_ldap_set_options_table(NULL, ldap_conf_global); debug_return_int(rc); } /* * Set LDAP options based on the per-connection config table. * Returns LDAP_SUCCESS on success, else non-zero. */ static int sudo_ldap_set_options_conn(LDAP *ld) { int rc; debug_decl(sudo_ldap_set_options_conn, SUDO_DEBUG_LDAP) /* Parse per-connection LDAP options table. */ rc = sudo_ldap_set_options_table(ld, ldap_conf_conn); if (rc == -1) debug_return_int(-1); #ifdef LDAP_OPT_TIMEOUT /* Convert timeout to a timeval */ if (ldap_conf.timeout > 0) { struct timeval tv; tv.tv_sec = ldap_conf.timeout; tv.tv_usec = 0; DPRINTF1("ldap_set_option(LDAP_OPT_TIMEOUT, %d)", ldap_conf.timeout); rc = ldap_set_option(ld, LDAP_OPT_TIMEOUT, &tv); if (rc != LDAP_OPT_SUCCESS) { warningx("ldap_set_option(TIMEOUT, %d): %s", ldap_conf.timeout, ldap_err2string(rc)); } } #endif #ifdef LDAP_OPT_NETWORK_TIMEOUT /* Convert bind_timelimit to a timeval */ if (ldap_conf.bind_timelimit > 0) { struct timeval tv; tv.tv_sec = ldap_conf.bind_timelimit / 1000; tv.tv_usec = 0; DPRINTF1("ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, %d)", ldap_conf.bind_timelimit / 1000); rc = ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tv); # if !defined(LDAP_OPT_CONNECT_TIMEOUT) || LDAP_VENDOR_VERSION != 510 /* Tivoli Directory Server 6.3 libs always return a (bogus) error. */ if (rc != LDAP_OPT_SUCCESS) { warningx("ldap_set_option(NETWORK_TIMEOUT, %d): %s", ldap_conf.bind_timelimit / 1000, ldap_err2string(rc)); } # endif } #endif #if defined(LDAP_OPT_X_TLS) && !defined(HAVE_LDAPSSL_INIT) if (ldap_conf.ssl_mode == SUDO_LDAP_SSL) { int val = LDAP_OPT_X_TLS_HARD; DPRINTF1("ldap_set_option(LDAP_OPT_X_TLS, LDAP_OPT_X_TLS_HARD)"); rc = ldap_set_option(ld, LDAP_OPT_X_TLS, &val); if (rc != LDAP_SUCCESS) { warningx("ldap_set_option(LDAP_OPT_X_TLS, LDAP_OPT_X_TLS_HARD): %s", ldap_err2string(rc)); debug_return_int(-1); } } #endif debug_return_int(LDAP_SUCCESS); } /* * Create a new sudo_ldap_result structure. */ static struct ldap_result * sudo_ldap_result_alloc(void) { struct ldap_result *result; debug_decl(sudo_ldap_result_alloc, SUDO_DEBUG_LDAP) result = ecalloc(1, sizeof(*result)); STAILQ_INIT(&result->searches); debug_return_ptr(result); } /* * Free the ldap result structure */ static void sudo_ldap_result_free(struct ldap_result *lres) { struct ldap_search_result *s; debug_decl(sudo_ldap_result_free, SUDO_DEBUG_LDAP) if (lres != NULL) { if (lres->nentries) { efree(lres->entries); lres->entries = NULL; } while ((s = STAILQ_FIRST(&lres->searches)) != NULL) { STAILQ_REMOVE_HEAD(&lres->searches, entries); ldap_msgfree(s->searchresult); efree(s); } efree(lres); } debug_return; } /* * Add a search result to the ldap_result structure. */ static struct ldap_search_result * sudo_ldap_result_add_search(struct ldap_result *lres, LDAP *ldap, LDAPMessage *searchresult) { struct ldap_search_result *news; debug_decl(sudo_ldap_result_add_search, SUDO_DEBUG_LDAP) /* Create new entry and add it to the end of the chain. */ news = ecalloc(1, sizeof(*news)); news->ldap = ldap; news->searchresult = searchresult; STAILQ_INSERT_TAIL(&lres->searches, news, entries); debug_return_ptr(news); } /* * Connect to the LDAP server specified by ld. * Returns LDAP_SUCCESS on success, else non-zero. */ static int sudo_ldap_bind_s(LDAP *ld) { int rc; debug_decl(sudo_ldap_bind_s, SUDO_DEBUG_LDAP) #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S if (ldap_conf.rootuse_sasl == true || (ldap_conf.rootuse_sasl != false && ldap_conf.use_sasl == true)) { const char *old_ccname = NULL; const char *new_ccname = ldap_conf.krb5_ccname; const char *tmp_ccname = NULL; void *auth_id = ldap_conf.rootsasl_auth_id ? ldap_conf.rootsasl_auth_id : ldap_conf.sasl_auth_id; /* Make temp copy of the user's credential cache as needed. */ if (ldap_conf.krb5_ccname == NULL && user_ccname != NULL) { new_ccname = tmp_ccname = sudo_krb5_copy_cc_file(user_ccname); if (tmp_ccname == NULL) { sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "unable to copy user ccache %s", user_ccname); } } if (new_ccname != NULL) { rc = sudo_set_krb5_ccache_name(new_ccname, &old_ccname); if (rc == 0) { sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "set ccache name %s -> %s", old_ccname ? old_ccname : "(none)", new_ccname); } else { sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, "gss_krb5_ccache_name() failed: %d", rc); } } rc = ldap_sasl_interactive_bind_s(ld, ldap_conf.binddn, "GSSAPI", NULL, NULL, LDAP_SASL_QUIET, sudo_ldap_sasl_interact, auth_id); if (new_ccname != NULL) { rc = sudo_set_krb5_ccache_name(old_ccname, NULL); if (rc == 0) { sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "restore ccache name %s -> %s", new_ccname, old_ccname); } else { sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, "gss_krb5_ccache_name() failed: %d", rc); } /* Remove temporary copy of user's credential cache. */ if (tmp_ccname != NULL) unlink(tmp_ccname); } if (rc != LDAP_SUCCESS) { warningx("ldap_sasl_interactive_bind_s(): %s", ldap_err2string(rc)); goto done; } DPRINTF1("ldap_sasl_interactive_bind_s() ok"); } else #endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */ #ifdef HAVE_LDAP_SASL_BIND_S { struct berval bv; bv.bv_val = ldap_conf.bindpw ? ldap_conf.bindpw : ""; bv.bv_len = strlen(bv.bv_val); rc = ldap_sasl_bind_s(ld, ldap_conf.binddn, LDAP_SASL_SIMPLE, &bv, NULL, NULL, NULL); if (rc != LDAP_SUCCESS) { warningx("ldap_sasl_bind_s(): %s", ldap_err2string(rc)); goto done; } DPRINTF1("ldap_sasl_bind_s() ok"); } #else { rc = ldap_simple_bind_s(ld, ldap_conf.binddn, ldap_conf.bindpw); if (rc != LDAP_SUCCESS) { warningx("ldap_simple_bind_s(): %s", ldap_err2string(rc)); goto done; } DPRINTF1("ldap_simple_bind_s() ok"); } #endif done: debug_return_int(rc); } /* * Open a connection to the LDAP server. * Returns 0 on success and non-zero on failure. */ static int sudo_ldap_open(struct sudo_nss *nss) { LDAP *ld; int rc = -1; sigaction_t sa, saved_sa_pipe; bool ldapnoinit = false; struct sudo_ldap_handle *handle; debug_decl(sudo_ldap_open, SUDO_DEBUG_LDAP) /* Ignore SIGPIPE if we cannot bind to the server. */ memset(&sa, 0, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_handler = SIG_IGN; (void) sigaction(SIGPIPE, &sa, &saved_sa_pipe); if (!sudo_ldap_read_config()) goto done; /* Prevent reading of user ldaprc and system defaults. */ if (sudo_getenv("LDAPNOINIT") == NULL) { ldapnoinit = true; sudo_setenv("LDAPNOINIT", "1", true); } /* Set global LDAP options */ if (sudo_ldap_set_options_global() != LDAP_SUCCESS) goto done; /* Connect to LDAP server */ #ifdef HAVE_LDAP_INITIALIZE if (!STAILQ_EMPTY(&ldap_conf.uri)) { char *buf = sudo_ldap_join_uri(&ldap_conf.uri); if (buf != NULL) { DPRINTF2("ldap_initialize(ld, %s)", buf); rc = ldap_initialize(&ld, buf); efree(buf); if (rc != LDAP_SUCCESS) { warningx(U_("unable to initialize LDAP: %s"), ldap_err2string(rc)); } } } else #endif rc = sudo_ldap_init(&ld, ldap_conf.host, ldap_conf.port); if (rc != LDAP_SUCCESS) goto done; /* Set LDAP per-connection options */ rc = sudo_ldap_set_options_conn(ld); if (rc != LDAP_SUCCESS) goto done; if (ldapnoinit) sudo_unsetenv("LDAPNOINIT"); if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) { #if defined(HAVE_LDAP_START_TLS_S) rc = ldap_start_tls_s(ld, NULL, NULL); if (rc != LDAP_SUCCESS) { warningx("ldap_start_tls_s(): %s", ldap_err2string(rc)); goto done; } DPRINTF1("ldap_start_tls_s() ok"); #elif defined(HAVE_LDAP_SSL_CLIENT_INIT) && defined(HAVE_LDAP_START_TLS_S_NP) int sslrc; rc = ldap_ssl_client_init(ldap_conf.tls_keyfile, ldap_conf.tls_keypw, 0, &sslrc); if (rc != LDAP_SUCCESS) { warningx("ldap_ssl_client_init(): %s (SSL reason code %d)", ldap_err2string(rc), sslrc); goto done; } rc = ldap_start_tls_s_np(ld, NULL); if (rc != LDAP_SUCCESS) { warningx("ldap_start_tls_s_np(): %s", ldap_err2string(rc)); goto done; } DPRINTF1("ldap_start_tls_s_np() ok"); #else warningx(U_("start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()")); #endif /* !HAVE_LDAP_START_TLS_S && !HAVE_LDAP_START_TLS_S_NP */ } /* Actually connect */ rc = sudo_ldap_bind_s(ld); if (rc != LDAP_SUCCESS) goto done; /* Create a handle container. */ handle = ecalloc(1, sizeof(struct sudo_ldap_handle)); handle->ld = ld; /* handle->result = NULL; */ /* handle->username = NULL; */ /* handle->grlist = NULL; */ nss->handle = handle; done: (void) sigaction(SIGPIPE, &saved_sa_pipe, NULL); debug_return_int(rc == LDAP_SUCCESS ? 0 : -1); } static int sudo_ldap_setdefs(struct sudo_nss *nss) { struct ldap_config_str *base; struct sudo_ldap_handle *handle = nss->handle; struct timeval tv, *tvp = NULL; LDAP *ld; LDAPMessage *entry, *result; char *filt; int rc; debug_decl(sudo_ldap_setdefs, SUDO_DEBUG_LDAP) if (handle == NULL || handle->ld == NULL) debug_return_int(-1); ld = handle->ld; filt = sudo_ldap_build_default_filter(); DPRINTF1("Looking for cn=defaults: %s", filt); STAILQ_FOREACH(base, &ldap_conf.base, entries) { if (ldap_conf.timeout > 0) { tv.tv_sec = ldap_conf.timeout; tv.tv_usec = 0; tvp = &tv; } result = NULL; rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt, NULL, 0, NULL, NULL, tvp, 0, &result); if (rc == LDAP_SUCCESS && (entry = ldap_first_entry(ld, result))) { DPRINTF1("found:%s", ldap_get_dn(ld, entry)); sudo_ldap_parse_options(ld, entry); } else { DPRINTF1("no default options found in %s", base->val); } if (result) ldap_msgfree(result); } efree(filt); debug_return_int(0); } /* * like sudoers_lookup() - only LDAP style */ static int sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag) { struct sudo_ldap_handle *handle = nss->handle; LDAP *ld; LDAPMessage *entry; int i, rc, setenv_implied; struct ldap_result *lres = NULL; debug_decl(sudo_ldap_lookup, SUDO_DEBUG_LDAP) if (handle == NULL || handle->ld == NULL) debug_return_int(ret); ld = handle->ld; /* Fetch list of sudoRole entries that match user and host. */ lres = sudo_ldap_result_get(nss, sudo_user.pw); /* * The following queries are only determine whether or not a * password is required, so the order of the entries doesn't matter. */ if (pwflag) { int doauth = UNSPEC; int matched = UNSPEC; enum def_tuple pwcheck = (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple; DPRINTF1("perform search for pwflag %d", pwflag); for (i = 0; i < lres->nentries; i++) { entry = lres->entries[i].entry; if ((pwcheck == any && doauth != false) || (pwcheck == all && doauth == false)) { doauth = sudo_ldap_check_bool(ld, entry, "authenticate"); } /* Only check the command when listing another user. */ if (user_uid == 0 || list_pw == NULL || user_uid == list_pw->pw_uid || sudo_ldap_check_command(ld, entry, NULL)) { matched = true; break; } } if (matched || user_uid == 0) { SET(ret, VALIDATE_OK); CLR(ret, VALIDATE_NOT_OK); if (def_authenticate) { switch (pwcheck) { case always: SET(ret, FLAG_CHECK_USER); break; case all: case any: if (doauth == false) def_authenticate = false; break; case never: def_authenticate = false; break; default: break; } } } goto done; } DPRINTF1("searching LDAP for sudoers entries"); setenv_implied = false; for (i = 0; i < lres->nentries; i++) { entry = lres->entries[i].entry; if (!sudo_ldap_check_runas(ld, entry)) continue; rc = sudo_ldap_check_command(ld, entry, &setenv_implied); if (rc != UNSPEC) { /* We have a match. */ DPRINTF1("Command %sallowed", rc == true ? "" : "NOT "); if (rc == true) { DPRINTF1("LDAP entry: %p", entry); /* Apply entry-specific options. */ if (setenv_implied) def_setenv = true; sudo_ldap_parse_options(ld, entry); #ifdef HAVE_SELINUX /* Set role and type if not specified on command line. */ if (user_role == NULL) user_role = def_role; if (user_type == NULL) user_type = def_type; #endif /* HAVE_SELINUX */ SET(ret, VALIDATE_OK); CLR(ret, VALIDATE_NOT_OK); } else { SET(ret, VALIDATE_NOT_OK); CLR(ret, VALIDATE_OK); } break; } } done: DPRINTF1("done with LDAP searches"); DPRINTF1("user_matches=%d", lres->user_matches); DPRINTF1("host_matches=%d", lres->host_matches); if (!ISSET(ret, VALIDATE_OK)) { /* No matching entries. */ if (pwflag && list_pw == NULL) SET(ret, FLAG_NO_CHECK); } if (lres->user_matches) CLR(ret, FLAG_NO_USER); if (lres->host_matches) CLR(ret, FLAG_NO_HOST); DPRINTF1("sudo_ldap_lookup(%d)=0x%02x", pwflag, ret); debug_return_int(ret); } /* * Comparison function for ldap_entry_wrapper structures, descending order. */ static int ldap_entry_compare(const void *a, const void *b) { const struct ldap_entry_wrapper *aw = a; const struct ldap_entry_wrapper *bw = b; debug_decl(ldap_entry_compare, SUDO_DEBUG_LDAP) debug_return_int(bw->order < aw->order ? -1 : (bw->order > aw->order ? 1 : 0)); } /* * Return the last entry in the list of searches, usually the * one currently being used to add entries. */ static struct ldap_search_result * sudo_ldap_result_last_search(struct ldap_result *lres) { debug_decl(sudo_ldap_result_last_search, SUDO_DEBUG_LDAP) debug_return_ptr(STAILQ_LAST(&lres->searches, ldap_search_result, entries)); } /* * Add an entry to the result structure. */ static struct ldap_entry_wrapper * sudo_ldap_result_add_entry(struct ldap_result *lres, LDAPMessage *entry) { struct ldap_search_result *last; struct berval **bv; double order = 0.0; char *ep; debug_decl(sudo_ldap_result_add_entry, SUDO_DEBUG_LDAP) /* Determine whether the entry has the sudoOrder attribute. */ last = sudo_ldap_result_last_search(lres); bv = ldap_get_values_len(last->ldap, entry, "sudoOrder"); if (bv != NULL) { if (ldap_count_values_len(bv) > 0) { /* Get the value of this attribute, 0 if not present. */ DPRINTF2("order attribute raw: %s", (*bv)->bv_val); order = strtod((*bv)->bv_val, &ep); if (ep == (*bv)->bv_val || *ep != '\0') { warningx(U_("invalid sudoOrder attribute: %s"), (*bv)->bv_val); order = 0.0; } DPRINTF2("order attribute: %f", order); } ldap_value_free_len(bv); } /* * Enlarge the array of entry wrappers as needed, preallocating blocks * of 100 entries to save on allocation time. */ if (++lres->nentries > lres->allocated_entries) { lres->allocated_entries += ALLOCATION_INCREMENT; lres->entries = erealloc3(lres->entries, lres->allocated_entries, sizeof(lres->entries[0])); } /* Fill in the new entry and return it. */ lres->entries[lres->nentries - 1].entry = entry; lres->entries[lres->nentries - 1].order = order; debug_return_ptr(&lres->entries[lres->nentries - 1]); } /* * Free the ldap result structure in the sudo_nss handle. */ static void sudo_ldap_result_free_nss(struct sudo_nss *nss) { struct sudo_ldap_handle *handle = nss->handle; debug_decl(sudo_ldap_result_free_nss, SUDO_DEBUG_LDAP) if (handle->result != NULL) { DPRINTF1("removing reusable search result"); sudo_ldap_result_free(handle->result); if (handle->username) { efree(handle->username); handle->username = NULL; } handle->grlist = NULL; handle->result = NULL; } debug_return; } /* * Perform the LDAP query for the user or return a cached query if * there is one for this user. */ static struct ldap_result * sudo_ldap_result_get(struct sudo_nss *nss, struct passwd *pw) { struct sudo_ldap_handle *handle = nss->handle; struct ldap_config_str *base; struct ldap_result *lres; struct timeval tv, *tvp = NULL; LDAPMessage *entry, *result; LDAP *ld = handle->ld; int pass, rc; char *filt; debug_decl(sudo_ldap_result_get, SUDO_DEBUG_LDAP) /* * If we already have a cached result, return it so we don't have to * have to contact the LDAP server again. */ if (handle->result) { if (handle->grlist == user_group_list && strcmp(pw->pw_name, handle->username) == 0) { DPRINTF1("reusing previous result (user %s) with %d entries", handle->username, handle->result->nentries); debug_return_ptr(handle->result); } /* User mismatch, cached result cannot be used. */ DPRINTF1("removing result (user %s), new search (user %s)", handle->username, pw->pw_name); sudo_ldap_result_free_nss(nss); } /* * Okay - time to search for anything that matches this user * Lets limit it to only two queries of the LDAP server * * The first pass will look by the username, groups, and * the keyword ALL. We will then inspect the results that * came back from the query. We don't need to inspect the * sudoUser in this pass since the LDAP server already scanned * it for us. * * The second pass will return all the entries that contain non- * Unix groups, including netgroups. Then we take the non-Unix * groups returned and try to match them against the username. * * Since we have to sort the possible entries before we make a * decision, we perform the queries and store all of the results in * an ldap_result object. The results are then sorted by sudoOrder. */ lres = sudo_ldap_result_alloc(); for (pass = 0; pass < 2; pass++) { filt = pass ? sudo_ldap_build_pass2() : sudo_ldap_build_pass1(pw); DPRINTF1("ldap search '%s'", filt); STAILQ_FOREACH(base, &ldap_conf.base, entries) { DPRINTF1("searching from base '%s'", base->val); if (ldap_conf.timeout > 0) { tv.tv_sec = ldap_conf.timeout; tv.tv_usec = 0; tvp = &tv; } result = NULL; rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt, NULL, 0, NULL, NULL, tvp, 0, &result); if (rc != LDAP_SUCCESS) { DPRINTF1("nothing found for '%s'", filt); continue; } lres->user_matches = true; /* Add the seach result to list of search results. */ DPRINTF1("adding search result"); sudo_ldap_result_add_search(lres, ld, result); LDAP_FOREACH(entry, ld, result) { if ((!pass || sudo_ldap_check_non_unix_group(ld, entry, pw)) && sudo_ldap_check_host(ld, entry)) { lres->host_matches = true; sudo_ldap_result_add_entry(lres, entry); } } DPRINTF1("result now has %d entries", lres->nentries); } efree(filt); } /* Sort the entries by the sudoOrder attribute. */ DPRINTF1("sorting remaining %d entries", lres->nentries); qsort(lres->entries, lres->nentries, sizeof(lres->entries[0]), ldap_entry_compare); /* Store everything in the sudo_nss handle. */ handle->result = lres; handle->username = estrdup(pw->pw_name); handle->grlist = user_group_list; debug_return_ptr(lres); } /* * Shut down the LDAP connection. */ static int sudo_ldap_close(struct sudo_nss *nss) { struct sudo_ldap_handle *handle = nss->handle; debug_decl(sudo_ldap_close, SUDO_DEBUG_LDAP) if (handle != NULL) { /* Free the result before unbinding; it may use the LDAP connection. */ sudo_ldap_result_free_nss(nss); /* Unbind and close the LDAP connection. */ if (handle->ld != NULL) { ldap_unbind_ext_s(handle->ld, NULL, NULL); handle->ld = NULL; } /* Free the handle container. */ efree(nss->handle); nss->handle = NULL; } debug_return_int(0); } /* * STUB */ static int sudo_ldap_parse(struct sudo_nss *nss) { return 0; } #if 0 /* * Create an ldap_result from an LDAP search result. * * This function is currently not used anywhere, it is left here as * an example of how to use the cached searches. */ static struct ldap_result * sudo_ldap_result_from_search(LDAP *ldap, LDAPMessage *searchresult) { /* * An ldap_result is built from several search results, which are * organized in a list. The head of the list is maintained in the * ldap_result structure, together with the wrappers that point * to individual entries, this has to be initialized first. */ struct ldap_result *result = sudo_ldap_result_alloc(); /* * Build a new list node for the search result, this creates the * list node. */ struct ldap_search_result *last = sudo_ldap_result_add_search(result, ldap, searchresult); /* * Now add each entry in the search result to the array of of entries * in the ldap_result object. */ LDAPMessage *entry; LDAP_FOREACH(entry, last->ldap, last->searchresult) { sudo_ldap_result_add_entry(result, entry); } DPRINTF1("sudo_ldap_result_from_search: %d entries found", result->nentries); return result; } #endif sudo-1.8.9p5/plugins/sudoers/linux_audit.c010064400175440000012000000052211226304126600202040ustar00millertstaff/* * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #include #include #include #include #include "missing.h" #include "fatal.h" #include "alloc.h" #include "gettext.h" #include "sudo_debug.h" #include "linux_audit.h" /* * Open audit connection if possible. * Returns audit fd on success and -1 on failure. */ int static linux_audit_open(void) { static int au_fd = -1; debug_decl(linux_audit_open, SUDO_DEBUG_AUDIT) if (au_fd != -1) debug_return_int(au_fd); au_fd = audit_open(); if (au_fd == -1) { /* Kernel may not have audit support. */ if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT) fatal(U_("unable to open audit system")); } else { (void)fcntl(au_fd, F_SETFD, FD_CLOEXEC); } debug_return_int(au_fd); } int linux_audit_command(char *argv[], int result) { int au_fd, rc; char *command, *cp, **av; size_t size, n; debug_decl(linux_audit_command, SUDO_DEBUG_AUDIT) if ((au_fd = linux_audit_open()) == -1) debug_return_int(-1); /* Convert argv to a flat string. */ for (size = 0, av = argv; *av != NULL; av++) size += strlen(*av) + 1; command = cp = emalloc(size); for (av = argv; *av != NULL; av++) { n = strlcpy(cp, *av, size - (cp - command)); if (n >= size - (cp - command)) { fatalx(U_("internal error, %s overflow"), "linux_audit_command()"); } cp += n; *cp++ = ' '; } *--cp = '\0'; /* Log command, ignoring ECONNREFUSED on error. */ rc = audit_log_user_command(au_fd, AUDIT_USER_CMD, command, NULL, result); if (rc <= 0 && errno != ECONNREFUSED) warning(U_("unable to send audit message")); efree(command); debug_return_int(rc); } sudo-1.8.9p5/plugins/sudoers/linux_audit.h010064400175440000012000000016771226304126600202240ustar00millertstaff/* * Copyright (c) 2010, 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDOERS_LINUX_AUDIT_H #define _SUDOERS_LINUX_AUDIT_H int linux_audit_command(char *argv[], int result); #endif /* _SUDOERS_LINUX_AUDIT_H */ sudo-1.8.9p5/plugins/sudoers/locale.c010064400175440000012000000062051226304126600171210ustar00millertstaff/* * Copyright (c) 2012-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif /* HAVE_STDBOOL_H */ #include "missing.h" #include "fatal.h" #include "alloc.h" #include "logging.h" #include "gettext.h" static int current_locale = SUDOERS_LOCALE_USER; static char *user_locale; static char *sudoers_locale; int sudoers_getlocale(void) { return current_locale; } void sudoers_initlocale(const char *ulocale, const char *slocale) { if (ulocale != NULL) { efree(user_locale); user_locale = estrdup(ulocale); } if (slocale != NULL) { efree(sudoers_locale); sudoers_locale = estrdup(slocale); } } /* * Set locale to user or sudoers value. * Returns true on success and false on failure, * If prevlocale is non-NULL it will be filled in with the * old SUDOERS_LOCALE_* value. */ bool sudoers_setlocale(int newlocale, int *prevlocale) { char *res = NULL; switch (newlocale) { case SUDOERS_LOCALE_USER: if (prevlocale) *prevlocale = current_locale; if (current_locale != SUDOERS_LOCALE_USER) { current_locale = SUDOERS_LOCALE_USER; res = setlocale(LC_ALL, user_locale ? user_locale : ""); if (res != NULL && user_locale == NULL) user_locale = estrdup(setlocale(LC_ALL, NULL)); } break; case SUDOERS_LOCALE_SUDOERS: if (prevlocale) *prevlocale = current_locale; if (current_locale != SUDOERS_LOCALE_SUDOERS) { current_locale = SUDOERS_LOCALE_SUDOERS; res = setlocale(LC_ALL, sudoers_locale ? sudoers_locale : "C"); if (res == NULL && sudoers_locale != NULL) { if (strcmp(sudoers_locale, "C") != 0) { efree(sudoers_locale); sudoers_locale = estrdup("C"); res = setlocale(LC_ALL, "C"); } } } break; } return res ? true : false; } #ifdef HAVE_LIBINTL_H char * warning_gettext(const char *msgid) { int warning_locale; char *msg; sudoers_setlocale(SUDOERS_LOCALE_USER, &warning_locale); msg = gettext(msgid); sudoers_setlocale(warning_locale, NULL); return msg; } #endif /* HAVE_LIBINTL_H */ sudo-1.8.9p5/plugins/sudoers/logging.c010064400175440000012000000603751226304127700173220ustar00millertstaff/* * Copyright (c) 1994-1996, 1998-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #ifdef __TANDEM # include #endif #include #include #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef HAVE_NL_LANGINFO # include #endif /* HAVE_NL_LANGINFO */ #include #include #include #include #include #include #include #include "sudoers.h" /* Special message for log_warning() so we know to use ngettext() */ #define INCORRECT_PASSWORD_ATTEMPT ((char *)0x01) static void do_syslog(int, char *); static void do_logfile(char *); static void send_mail(const char *fmt, ...); static int should_mail(int); static void mysyslog(int, const char *, ...); static char *new_logline(const char *, int); extern char **NewArgv; /* XXX - for auditing */ #define MAXSYSLOGTRIES 16 /* num of retries for broken syslogs */ /* * We do an openlog(3)/closelog(3) for each message because some * authentication methods (notably PAM) use syslog(3) for their * own nefarious purposes and may call openlog(3) and closelog(3). * Note that because we don't want to assume that all systems have * vsyslog(3) (HP-UX doesn't) "%m" will not be expanded. * Sadly this is a maze of #ifdefs. */ static void mysyslog(int pri, const char *fmt, ...) { #ifdef BROKEN_SYSLOG int i; #endif char buf[MAXSYSLOGLEN+1]; va_list ap; debug_decl(mysyslog, SUDO_DEBUG_LOGGING) va_start(ap, fmt); #ifdef LOG_NFACILITIES openlog("sudo", 0, def_syslog); #else openlog("sudo", 0); #endif vsnprintf(buf, sizeof(buf), fmt, ap); #ifdef BROKEN_SYSLOG /* * Some versions of syslog(3) don't guarantee success and return * an int (notably HP-UX < 10.0). So, if at first we don't succeed, * try, try again... */ for (i = 0; i < MAXSYSLOGTRIES; i++) if (syslog(pri, "%s", buf) == 0) break; #else syslog(pri, "%s", buf); #endif /* BROKEN_SYSLOG */ va_end(ap); closelog(); debug_return; } /* * Log a message to syslog, pre-pending the username and splitting the * message into parts if it is longer than MAXSYSLOGLEN. */ static void do_syslog(int pri, char *msg) { size_t len, maxlen; char *p, *tmp, save; const char *fmt; int oldlocale; debug_decl(do_syslog, SUDO_DEBUG_LOGGING) sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); /* * Log the full line, breaking into multiple syslog(3) calls if necessary */ fmt = _("%8s : %s"); maxlen = MAXSYSLOGLEN - (strlen(fmt) - 5 + strlen(user_name)); for (p = msg; *p != '\0'; ) { len = strlen(p); if (len > maxlen) { /* * Break up the line into what will fit on one syslog(3) line * Try to avoid breaking words into several lines if possible. */ tmp = memrchr(p, ' ', maxlen); if (tmp == NULL) tmp = p + maxlen; /* NULL terminate line, but save the char to restore later */ save = *tmp; *tmp = '\0'; mysyslog(pri, fmt, user_name, p); *tmp = save; /* restore saved character */ /* Advance p and eliminate leading whitespace */ for (p = tmp; *p == ' '; p++) ; } else { mysyslog(pri, fmt, user_name, p); p += len; } fmt = _("%8s : (command continued) %s"); maxlen = MAXSYSLOGLEN - (strlen(fmt) - 5 + strlen(user_name)); } sudoers_setlocale(oldlocale, NULL); debug_return; } static void do_logfile(char *msg) { char *full_line; size_t len; mode_t oldmask; time_t now; int oldlocale; FILE *fp; debug_decl(do_logfile, SUDO_DEBUG_LOGGING) sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); oldmask = umask(077); fp = fopen(def_logfile, "a"); (void) umask(oldmask); if (fp == NULL) { send_mail(_("unable to open log file: %s: %s"), def_logfile, strerror(errno)); } else if (!lock_file(fileno(fp), SUDO_LOCK)) { send_mail(_("unable to lock log file: %s: %s"), def_logfile, strerror(errno)); } else { time(&now); if ((size_t)def_loglinelen < sizeof(LOG_INDENT)) { /* Don't pretty-print long log file lines (hard to grep) */ if (def_log_host) { (void) fprintf(fp, "%s : %s : HOST=%s : %s\n", get_timestr(now, def_log_year), user_name, user_srunhost, msg); } else { (void) fprintf(fp, "%s : %s : %s\n", get_timestr(now, def_log_year), user_name, msg); } } else { if (def_log_host) { len = easprintf(&full_line, "%s : %s : HOST=%s : %s", get_timestr(now, def_log_year), user_name, user_srunhost, msg); } else { len = easprintf(&full_line, "%s : %s : %s", get_timestr(now, def_log_year), user_name, msg); } /* * Print out full_line with word wrap around def_loglinelen chars. */ writeln_wrap(fp, full_line, len, def_loglinelen); efree(full_line); } (void) fflush(fp); (void) lock_file(fileno(fp), SUDO_UNLOCK); (void) fclose(fp); } sudoers_setlocale(oldlocale, NULL); debug_return; } /* * Log, audit and mail the denial message, optionally informing the user. */ void log_denial(int status, bool inform_user) { const char *message; char *logline; int oldlocale; debug_decl(log_denial, SUDO_DEBUG_LOGGING) /* Handle auditing first (audit_failure() handles the locale itself). */ if (ISSET(status, FLAG_NO_USER | FLAG_NO_HOST)) audit_failure(NewArgv, N_("No user or host")); else audit_failure(NewArgv, N_("validation failure")); /* Log and mail messages should be in the sudoers locale. */ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); /* Set error message. */ if (ISSET(status, FLAG_NO_USER)) message = _("user NOT in sudoers"); else if (ISSET(status, FLAG_NO_HOST)) message = _("user NOT authorized on host"); else message = _("command not allowed"); logline = new_logline(message, 0); /* Become root if we are not already. */ set_perms(PERM_ROOT|PERM_NOEXIT); if (should_mail(status)) send_mail("%s", logline); /* send mail based on status */ /* * Log via syslog and/or a file. */ if (def_syslog) do_syslog(def_syslog_badpri, logline); if (def_logfile) do_logfile(logline); restore_perms(); efree(logline); /* Restore locale. */ sudoers_setlocale(oldlocale, NULL); /* Inform the user if they failed to authenticate (in their locale). */ if (inform_user) { sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale); if (ISSET(status, FLAG_NO_USER)) { sudo_printf(SUDO_CONV_ERROR_MSG, _("%s is not in the sudoers " "file. This incident will be reported.\n"), user_name); } else if (ISSET(status, FLAG_NO_HOST)) { sudo_printf(SUDO_CONV_ERROR_MSG, _("%s is not allowed to run sudo " "on %s. This incident will be reported.\n"), user_name, user_srunhost); } else if (ISSET(status, FLAG_NO_CHECK)) { sudo_printf(SUDO_CONV_ERROR_MSG, _("Sorry, user %s may not run " "sudo on %s.\n"), user_name, user_srunhost); } else { sudo_printf(SUDO_CONV_ERROR_MSG, _("Sorry, user %s is not allowed " "to execute '%s%s%s' as %s%s%s on %s.\n"), user_name, user_cmnd, user_args ? " " : "", user_args ? user_args : "", list_pw ? list_pw->pw_name : runas_pw ? runas_pw->pw_name : user_name, runas_gr ? ":" : "", runas_gr ? runas_gr->gr_name : "", user_host); } sudoers_setlocale(oldlocale, NULL); } debug_return; } /* * Log and audit that user was not allowed to run the command. */ void log_failure(int status, int flags) { bool inform_user = true; debug_decl(log_failure, SUDO_DEBUG_LOGGING) /* The user doesn't always get to see the log message (path info). */ if (!ISSET(status, FLAG_NO_USER | FLAG_NO_HOST) && def_path_info && (flags == NOT_FOUND_DOT || flags == NOT_FOUND)) inform_user = false; log_denial(status, inform_user); if (!inform_user) { /* * We'd like to not leak path info at all here, but that can * *really* confuse the users. To really close the leak we'd * have to say "not allowed to run foo" even when the problem * is just "no foo in path" since the user can trivially set * their path to just contain a single dir. */ if (flags == NOT_FOUND) warningx(U_("%s: command not found"), user_cmnd); else if (flags == NOT_FOUND_DOT) warningx(U_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd); } debug_return; } /* * Log and audit that user was not able to authenticate themselves. */ void log_auth_failure(int status, unsigned int tries) { int flags = NO_MAIL; debug_decl(log_auth_failure, SUDO_DEBUG_LOGGING) /* Handle auditing first. */ audit_failure(NewArgv, N_("authentication failure")); /* * Do we need to send mail? * We want to avoid sending multiple messages for the same command * so if we are going to send an email about the denial, that takes * precedence. */ if (ISSET(status, VALIDATE_OK)) { /* Command allowed, auth failed; do we need to send mail? */ if (def_mail_badpass || def_mail_always) flags = 0; } else { /* Command denied, auth failed; make sure we don't send mail twice. */ if (def_mail_badpass && !should_mail(status)) flags = 0; /* Don't log the bad password message, we'll log a denial instead. */ flags |= NO_LOG; } /* * If sudoers denied the command we'll log that separately. */ if (ISSET(status, FLAG_BAD_PASSWORD)) log_warning(flags, INCORRECT_PASSWORD_ATTEMPT, tries); else if (ISSET(status, FLAG_NON_INTERACTIVE)) log_warning(flags, N_("a password is required")); debug_return; } /* * Log and potentially mail the allowed command. */ void log_allowed(int status) { char *logline; int oldlocale; debug_decl(log_allowed, SUDO_DEBUG_LOGGING) /* Log and mail messages should be in the sudoers locale. */ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); logline = new_logline(NULL, 0); /* Become root if we are not already. */ set_perms(PERM_ROOT|PERM_NOEXIT); if (should_mail(status)) send_mail("%s", logline); /* send mail based on status */ /* * Log via syslog and/or a file. */ if (def_syslog) do_syslog(def_syslog_goodpri, logline); if (def_logfile) do_logfile(logline); restore_perms(); efree(logline); sudoers_setlocale(oldlocale, NULL); debug_return; } /* * Perform logging for log_warning()/log_fatal() */ static void vlog_warning(int flags, const char *fmt, va_list ap) { int oldlocale, serrno = errno; char *logline, *message; va_list ap2; debug_decl(vlog_error, SUDO_DEBUG_LOGGING) /* Need extra copy of ap for warning() below. */ if (!ISSET(flags, NO_STDERR)) va_copy(ap2, ap); /* Log messages should be in the sudoers locale. */ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); /* Expand printf-style format + args (with a special case). */ if (fmt == INCORRECT_PASSWORD_ATTEMPT) { unsigned int tries = va_arg(ap, unsigned int); easprintf(&message, ngettext("%u incorrect password attempt", "%u incorrect password attempts", tries), tries); } else { evasprintf(&message, _(fmt), ap); } /* Log to debug file. */ if (USE_ERRNO) { sudo_debug_printf2(NULL, NULL, 0, SUDO_DEBUG_WARN|SUDO_DEBUG_ERRNO|sudo_debug_subsys, "%s", message); } else { sudo_debug_printf2(NULL, NULL, 0, SUDO_DEBUG_WARN|sudo_debug_subsys, "%s", message); } if (ISSET(flags, MSG_ONLY)) { logline = message; } else { logline = new_logline(message, ISSET(flags, USE_ERRNO) ? serrno : 0); efree(message); } /* Become root if we are not already. */ set_perms(PERM_ROOT|PERM_NOEXIT); /* * Send a copy of the error via mail. */ if (!ISSET(flags, NO_MAIL)) send_mail("%s", logline); /* * Log to syslog and/or a file. */ if (!ISSET(flags, NO_LOG)) { if (def_syslog) do_syslog(def_syslog_badpri, logline); if (def_logfile) do_logfile(logline); } restore_perms(); efree(logline); sudoers_setlocale(oldlocale, NULL); /* * Tell the user (in their locale). */ if (!ISSET(flags, NO_STDERR)) { sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale); if (fmt == INCORRECT_PASSWORD_ATTEMPT) { unsigned int tries = va_arg(ap2, unsigned int); warningx_nodebug(ngettext("%u incorrect password attempt", "%u incorrect password attempts", tries), tries); } else { if (ISSET(flags, USE_ERRNO)) vwarning_nodebug(_(fmt), ap2); else vwarningx_nodebug(_(fmt), ap2); } sudoers_setlocale(oldlocale, NULL); va_end(ap2); } debug_return; } void log_warning(int flags, const char *fmt, ...) { va_list ap; debug_decl(log_error, SUDO_DEBUG_LOGGING) /* Log the error. */ va_start(ap, fmt); vlog_warning(flags, fmt, ap); va_end(ap); debug_return; } void log_fatal(int flags, const char *fmt, ...) { va_list ap; debug_decl(log_error, SUDO_DEBUG_LOGGING) /* Log the error. */ va_start(ap, fmt); vlog_warning(flags, fmt, ap); va_end(ap); /* Exit the plugin. */ sudoers_cleanup(); sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); fatal_longjmp(1); } #define MAX_MAILFLAGS 63 /* * Send a message to MAILTO user */ static void send_mail(const char *fmt, ...) { FILE *mail; char *p; int fd, pfd[2], status; pid_t pid, rv; sigaction_t sa; struct stat sb; va_list ap; #ifndef NO_ROOT_MAILER static char *root_envp[] = { "HOME=/", "PATH=/usr/bin:/bin:/usr/sbin:/sbin", "LOGNAME=root", "USERNAME=root", "USER=root", NULL }; #endif /* NO_ROOT_MAILER */ debug_decl(send_mail, SUDO_DEBUG_LOGGING) /* Just return if mailer is disabled. */ if (!def_mailerpath || !def_mailto) debug_return; /* Make sure the mailer exists and is a regular file. */ if (stat(def_mailerpath, &sb) != 0 || !S_ISREG(sb.st_mode)) debug_return; /* Fork and return, child will daemonize. */ switch (pid = sudo_debug_fork()) { case -1: /* Error. */ fatal(U_("unable to fork")); break; case 0: /* Child. */ switch (pid = fork()) { case -1: /* Error. */ mysyslog(LOG_ERR, _("unable to fork: %m")); sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to fork: %s", strerror(errno)); _exit(1); case 0: /* Grandchild continues below. */ break; default: /* Parent will wait for us. */ _exit(0); } break; default: /* Parent. */ do { rv = waitpid(pid, &status, 0); } while (rv == -1 && errno == EINTR); return; /* not debug */ } /* Daemonize - disassociate from session/tty. */ if (setsid() == -1) warning("setsid"); if (chdir("/") == -1) warning("chdir(/)"); if ((fd = open(_PATH_DEVNULL, O_RDWR, 0644)) != -1) { (void) dup2(fd, STDIN_FILENO); (void) dup2(fd, STDOUT_FILENO); (void) dup2(fd, STDERR_FILENO); } sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, NULL); /* Close password, group and other fds so we don't leak. */ sudo_endpwent(); sudo_endgrent(); closefrom(STDERR_FILENO + 1); /* Ignore SIGPIPE in case mailer exits prematurely (or is missing). */ memset(&sa, 0, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_flags = SA_INTERRUPT; sa.sa_handler = SIG_IGN; (void) sigaction(SIGPIPE, &sa, NULL); if (pipe(pfd) == -1) { mysyslog(LOG_ERR, _("unable to open pipe: %m")); sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to open pipe: %s", strerror(errno)); sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); _exit(1); } switch (pid = sudo_debug_fork()) { case -1: /* Error. */ mysyslog(LOG_ERR, _("unable to fork: %m")); sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to fork: %s", strerror(errno)); sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); _exit(1); break; case 0: { char *argv[MAX_MAILFLAGS + 1]; char *mflags, *mpath = def_mailerpath; int i; /* Child, set stdin to output side of the pipe */ if (pfd[0] != STDIN_FILENO) { if (dup2(pfd[0], STDIN_FILENO) == -1) { mysyslog(LOG_ERR, _("unable to dup stdin: %m")); sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to dup stdin: %s", strerror(errno)); _exit(127); } (void) close(pfd[0]); } (void) close(pfd[1]); /* Build up an argv based on the mailer path and flags */ mflags = estrdup(def_mailerflags); if ((argv[0] = strrchr(mpath, '/'))) argv[0]++; else argv[0] = mpath; i = 1; if ((p = strtok(mflags, " \t"))) { do { argv[i] = p; } while (++i < MAX_MAILFLAGS && (p = strtok(NULL, " \t"))); } argv[i] = NULL; /* * Depending on the config, either run the mailer as root * (so user cannot kill it) or as the user (for the paranoid). */ #ifndef NO_ROOT_MAILER set_perms(PERM_ROOT|PERM_NOEXIT); execve(mpath, argv, root_envp); #else set_perms(PERM_FULL_USER|PERM_NOEXIT); execv(mpath, argv); #endif /* NO_ROOT_MAILER */ mysyslog(LOG_ERR, _("unable to execute %s: %m"), mpath); sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to execute %s: %s", mpath, strerror(errno)); _exit(127); } break; } (void) close(pfd[0]); mail = fdopen(pfd[1], "w"); /* Pipes are all setup, send message. */ (void) fprintf(mail, "To: %s\nFrom: %s\nAuto-Submitted: %s\nSubject: ", def_mailto, def_mailfrom ? def_mailfrom : user_name, "auto-generated"); for (p = _(def_mailsub); *p; p++) { /* Expand escapes in the subject */ if (*p == '%' && *(p+1) != '%') { switch (*(++p)) { case 'h': (void) fputs(user_host, mail); break; case 'u': (void) fputs(user_name, mail); break; default: p--; break; } } else (void) fputc(*p, mail); } #ifdef HAVE_NL_LANGINFO if (strcmp(def_sudoers_locale, "C") != 0) (void) fprintf(mail, "\nContent-Type: text/plain; charset=\"%s\"\nContent-Transfer-Encoding: 8bit", nl_langinfo(CODESET)); #endif /* HAVE_NL_LANGINFO */ (void) fprintf(mail, "\n\n%s : %s : %s : ", user_host, get_timestr(time(NULL), def_log_year), user_name); va_start(ap, fmt); (void) vfprintf(mail, fmt, ap); va_end(ap); fputs("\n\n", mail); fclose(mail); do { rv = waitpid(pid, &status, 0); } while (rv == -1 && errno == EINTR); sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); _exit(0); } /* * Determine whether we should send mail based on "status" and defaults options. */ static int should_mail(int status) { debug_decl(should_mail, SUDO_DEBUG_LOGGING) debug_return_bool(def_mail_always || ISSET(status, VALIDATE_ERROR) || (def_mail_no_user && ISSET(status, FLAG_NO_USER)) || (def_mail_no_host && ISSET(status, FLAG_NO_HOST)) || (def_mail_no_perms && !ISSET(status, VALIDATE_OK))); } #define LL_TTY_STR "TTY=" #define LL_CWD_STR "PWD=" /* XXX - should be CWD= */ #define LL_USER_STR "USER=" #define LL_GROUP_STR "GROUP=" #define LL_ENV_STR "ENV=" #define LL_CMND_STR "COMMAND=" #define LL_TSID_STR "TSID=" #define IS_SESSID(s) ( \ isalnum((unsigned char)(s)[0]) && isalnum((unsigned char)(s)[1]) && \ (s)[2] == '/' && \ isalnum((unsigned char)(s)[3]) && isalnum((unsigned char)(s)[4]) && \ (s)[5] == '/' && \ isalnum((unsigned char)(s)[6]) && isalnum((unsigned char)(s)[7]) && \ (s)[8] == '\0') /* * Allocate and fill in a new logline. */ static char * new_logline(const char *message, int serrno) { char *line, *errstr = NULL, *evstr = NULL; #ifndef SUDOERS_NO_SEQ char sessid[7]; #endif const char *tsid = NULL; size_t len = 0; debug_decl(new_logline, SUDO_DEBUG_LOGGING) #ifndef SUDOERS_NO_SEQ /* A TSID may be a sudoers-style session ID or a free-form string. */ if (sudo_user.iolog_file != NULL) { if (IS_SESSID(sudo_user.iolog_file)) { sessid[0] = sudo_user.iolog_file[0]; sessid[1] = sudo_user.iolog_file[1]; sessid[2] = sudo_user.iolog_file[3]; sessid[3] = sudo_user.iolog_file[4]; sessid[4] = sudo_user.iolog_file[6]; sessid[5] = sudo_user.iolog_file[7]; sessid[6] = '\0'; tsid = sessid; } else { tsid = sudo_user.iolog_file; } } #endif /* * Compute line length */ if (message != NULL) len += strlen(message) + 3; if (serrno) { errstr = strerror(serrno); len += strlen(errstr) + 3; } len += sizeof(LL_TTY_STR) + 2 + strlen(user_tty); len += sizeof(LL_CWD_STR) + 2 + strlen(user_cwd); if (runas_pw != NULL) len += sizeof(LL_USER_STR) + 2 + strlen(runas_pw->pw_name); if (runas_gr != NULL) len += sizeof(LL_GROUP_STR) + 2 + strlen(runas_gr->gr_name); if (tsid != NULL) len += sizeof(LL_TSID_STR) + 2 + strlen(tsid); if (sudo_user.env_vars != NULL) { size_t evlen = 0; char * const *ep; for (ep = sudo_user.env_vars; *ep != NULL; ep++) evlen += strlen(*ep) + 1; evstr = emalloc(evlen); evstr[0] = '\0'; for (ep = sudo_user.env_vars; *ep != NULL; ep++) { strlcat(evstr, *ep, evlen); strlcat(evstr, " ", evlen); /* NOTE: last one will fail */ } len += sizeof(LL_ENV_STR) + 2 + evlen; } if (user_cmnd != NULL) { /* Note: we log "sudo -l command arg ..." as "list command arg ..." */ len += sizeof(LL_CMND_STR) - 1 + strlen(user_cmnd); if (ISSET(sudo_mode, MODE_CHECK)) len += sizeof("list ") - 1; if (user_args != NULL) len += strlen(user_args) + 1; } /* * Allocate and build up the line. */ line = emalloc(++len); line[0] = '\0'; if (message != NULL) { if (strlcat(line, message, len) >= len || strlcat(line, errstr ? " : " : " ; ", len) >= len) goto toobig; } if (serrno) { if (strlcat(line, errstr, len) >= len || strlcat(line, " ; ", len) >= len) goto toobig; } if (strlcat(line, LL_TTY_STR, len) >= len || strlcat(line, user_tty, len) >= len || strlcat(line, " ; ", len) >= len) goto toobig; if (strlcat(line, LL_CWD_STR, len) >= len || strlcat(line, user_cwd, len) >= len || strlcat(line, " ; ", len) >= len) goto toobig; if (runas_pw != NULL) { if (strlcat(line, LL_USER_STR, len) >= len || strlcat(line, runas_pw->pw_name, len) >= len || strlcat(line, " ; ", len) >= len) goto toobig; } if (runas_gr != NULL) { if (strlcat(line, LL_GROUP_STR, len) >= len || strlcat(line, runas_gr->gr_name, len) >= len || strlcat(line, " ; ", len) >= len) goto toobig; } if (tsid != NULL) { if (strlcat(line, LL_TSID_STR, len) >= len || strlcat(line, tsid, len) >= len || strlcat(line, " ; ", len) >= len) goto toobig; } if (evstr != NULL) { if (strlcat(line, LL_ENV_STR, len) >= len || strlcat(line, evstr, len) >= len || strlcat(line, " ; ", len) >= len) goto toobig; efree(evstr); } if (user_cmnd != NULL) { if (strlcat(line, LL_CMND_STR, len) >= len) goto toobig; if (ISSET(sudo_mode, MODE_CHECK) && strlcat(line, "list ", len) >= len) goto toobig; if (strlcat(line, user_cmnd, len) >= len) goto toobig; if (user_args != NULL) { if (strlcat(line, " ", len) >= len || strlcat(line, user_args, len) >= len) goto toobig; } } debug_return_str(line); toobig: fatalx(U_("internal error: insufficient space for log line")); } sudo-1.8.9p5/plugins/sudoers/logging.h010064400175440000012000000046571226304126600173260ustar00millertstaff/* * Copyright (c) 1999-2005, 2009-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDOERS_LOGGING_H #define _SUDOERS_LOGGING_H #include #ifdef __STDC__ # include #else # include #endif /* Logging types */ #define SLOG_SYSLOG 0x01 #define SLOG_FILE 0x02 #define SLOG_BOTH 0x03 /* * Values for sudoers_setlocale() */ #define SUDOERS_LOCALE_USER 0 #define SUDOERS_LOCALE_SUDOERS 1 /* Flags for log_warning()/log_fatal() */ #define MSG_ONLY 0x01 #define USE_ERRNO 0x02 #define NO_MAIL 0x04 #define NO_STDERR 0x08 #define NO_LOG 0x10 /* * Maximum number of characters to log per entry. The syslogger * will log this much, after that, it truncates the log line. * We need this here to make sure that we continue with another * syslog(3) call if the internal buffer is more than 1023 characters. */ #ifndef MAXSYSLOGLEN # define MAXSYSLOGLEN 960 #endif /* * Indentation level for file-based logs when word wrap is enabled. */ #define LOG_INDENT " " bool sudoers_setlocale(int newlocale, int *prevlocale); int sudoers_getlocale(void); void audit_success(char *exec_args[]); void audit_failure(char *exec_args[], char const *const fmt, ...) __printflike(2, 3); void log_allowed(int status); void log_auth_failure(int status, unsigned int tries); void log_denial(int status, bool inform_user); void log_failure(int status, int flags); void log_warning(int flags, const char *fmt, ...) __printflike(2, 3); void log_fatal(int flags, const char *fmt, ...) __printflike(2, 3) __attribute__((__noreturn__)); void sudoers_initlocale(const char *ulocale, const char *slocale); void writeln_wrap(FILE *fp, char *line, size_t len, size_t maxlen); #endif /* _SUDOERS_LOGGING_H */ sudo-1.8.9p5/plugins/sudoers/logwrap.c010064400175440000012000000040001226304126600173240ustar00millertstaff/* * Copyright (c) 2011 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include "sudoers.h" void writeln_wrap(FILE *fp, char *line, size_t len, size_t maxlen) { char *indent = ""; char *beg = line; char *end; debug_decl(writeln_wrap, SUDO_DEBUG_LOGGING) /* * Print out line with word wrap around maxlen characters. */ beg = line; while (len > maxlen) { end = beg + maxlen; while (end != beg && *end != ' ') end--; if (beg == end) { /* Unable to find word break within maxlen, look beyond. */ end = strchr(beg + maxlen, ' '); if (end == NULL) break; /* no word break */ } fprintf(fp, "%s%.*s\n", indent, (int)(end - beg), beg); while (*end == ' ') end++; len -= (end - beg); beg = end; if (indent[0] == '\0') { indent = LOG_INDENT; maxlen -= sizeof(LOG_INDENT) - 1; } } /* Print remainder, if any. */ if (len) fprintf(fp, "%s%s\n", indent, beg); debug_return; } sudo-1.8.9p5/plugins/sudoers/match.c010064400175440000012000000636331226304126600167660ustar00millertstaff/* * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #if defined(HAVE_STDINT_H) # include #elif defined(HAVE_INTTYPES_H) # include #endif #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef HAVE_FNMATCH # include #else # include "compat/fnmatch.h" #endif /* HAVE_FNMATCH */ #ifndef SUDOERS_NAME_MATCH # ifdef HAVE_GLOB # include # else # include "compat/glob.h" # endif /* HAVE_GLOB */ #endif /* SUDOERS_NAME_MATCH */ #ifdef HAVE_NETGROUP_H # include #else # include #endif /* HAVE_NETGROUP_H */ #ifdef HAVE_DIRENT_H # include # define NAMLEN(dirent) strlen((dirent)->d_name) #else # define dirent direct # define NAMLEN(dirent) (dirent)->d_namlen # ifdef HAVE_SYS_NDIR_H # include # endif # ifdef HAVE_SYS_DIR_H # include # endif # ifdef HAVE_NDIR_H # include # endif #endif #include #include #include #include #include "sudoers.h" #include "parse.h" #include "sha2.h" #include static struct member_list empty = TAILQ_HEAD_INITIALIZER(empty); static bool command_matches_dir(const char *sudoers_dir, size_t dlen); #ifndef SUDOERS_NAME_MATCH static bool command_matches_glob(const char *sudoers_cmnd, const char *sudoers_args); #endif static bool command_matches_fnmatch(const char *sudoers_cmnd, const char *sudoers_args); static bool command_matches_normal(const char *sudoers_cmnd, const char *sudoers_args, const struct sudo_digest *digest); /* * Returns true if string 's' contains meta characters. */ #define has_meta(s) (strpbrk(s, "\\?*[]") != NULL) /* * Check for user described by pw in a list of members. * Returns ALLOW, DENY or UNSPEC. */ int userlist_matches(const struct passwd *pw, const struct member_list *list) { struct member *m; struct alias *a; int rval, matched = UNSPEC; debug_decl(userlist_matches, SUDO_DEBUG_MATCH) TAILQ_FOREACH_REVERSE(m, list, member_list, entries) { switch (m->type) { case ALL: matched = !m->negated; break; case NETGROUP: if (netgr_matches(m->name, NULL, NULL, pw->pw_name)) matched = !m->negated; break; case USERGROUP: if (usergr_matches(m->name, pw->pw_name, pw)) matched = !m->negated; break; case ALIAS: if ((a = alias_get(m->name, USERALIAS)) != NULL) { rval = userlist_matches(pw, &a->members); if (rval != UNSPEC) matched = m->negated ? !rval : rval; alias_put(a); break; } /* FALLTHROUGH */ case WORD: if (userpw_matches(m->name, pw->pw_name, pw)) matched = !m->negated; break; } if (matched != UNSPEC) break; } debug_return_bool(matched); } /* * Check for user described by pw in a list of members. * If both lists are empty compare against def_runas_default. * Returns ALLOW, DENY or UNSPEC. */ int runaslist_matches(const struct member_list *user_list, const struct member_list *group_list, struct member **matching_user, struct member **matching_group) { struct member *m; struct alias *a; int rval; int user_matched = UNSPEC; int group_matched = UNSPEC; debug_decl(runaslist_matches, SUDO_DEBUG_MATCH) if (runas_pw != NULL) { /* If no runas user or runas group listed in sudoers, use default. */ if (user_list == NULL && group_list == NULL) debug_return_int(userpw_matches(def_runas_default, runas_pw->pw_name, runas_pw)); if (user_list != NULL) { TAILQ_FOREACH_REVERSE(m, user_list, member_list, entries) { switch (m->type) { case ALL: user_matched = !m->negated; break; case NETGROUP: if (netgr_matches(m->name, NULL, NULL, runas_pw->pw_name)) user_matched = !m->negated; break; case USERGROUP: if (usergr_matches(m->name, runas_pw->pw_name, runas_pw)) user_matched = !m->negated; break; case ALIAS: if ((a = alias_get(m->name, RUNASALIAS)) != NULL) { rval = runaslist_matches(&a->members, &empty, matching_user, NULL); if (rval != UNSPEC) user_matched = m->negated ? !rval : rval; alias_put(a); break; } /* FALLTHROUGH */ case WORD: if (userpw_matches(m->name, runas_pw->pw_name, runas_pw)) user_matched = !m->negated; break; case MYSELF: if (!ISSET(sudo_user.flags, RUNAS_USER_SPECIFIED) || strcmp(user_name, runas_pw->pw_name) == 0) user_matched = !m->negated; break; } if (user_matched != UNSPEC) { if (matching_user != NULL && m->type != ALIAS) *matching_user = m; break; } } } } if (runas_gr != NULL) { if (user_matched == UNSPEC) { if (runas_pw == NULL || strcmp(runas_pw->pw_name, user_name) == 0) user_matched = ALLOW; /* only changing group */ } if (group_list != NULL) { TAILQ_FOREACH_REVERSE(m, group_list, member_list, entries) { switch (m->type) { case ALL: group_matched = !m->negated; break; case ALIAS: if ((a = alias_get(m->name, RUNASALIAS)) != NULL) { rval = runaslist_matches(&empty, &a->members, NULL, matching_group); if (rval != UNSPEC) group_matched = m->negated ? !rval : rval; alias_put(a); break; } /* FALLTHROUGH */ case WORD: if (group_matches(m->name, runas_gr)) group_matched = !m->negated; break; } if (group_matched != UNSPEC) { if (matching_group != NULL && m->type != ALIAS) *matching_group = m; break; } } } if (group_matched == UNSPEC) { if (runas_pw != NULL && runas_pw->pw_gid == runas_gr->gr_gid) group_matched = ALLOW; /* runas group matches passwd db */ } } if (user_matched == DENY || group_matched == DENY) debug_return_int(DENY); if (user_matched == group_matched || runas_gr == NULL) debug_return_int(user_matched); debug_return_int(UNSPEC); } /* * Check for host and shost in a list of members. * Returns ALLOW, DENY or UNSPEC. */ int hostlist_matches(const struct member_list *list) { struct member *m; struct alias *a; int rval, matched = UNSPEC; debug_decl(hostlist_matches, SUDO_DEBUG_MATCH) TAILQ_FOREACH_REVERSE(m, list, member_list, entries) { switch (m->type) { case ALL: matched = !m->negated; break; case NETGROUP: if (netgr_matches(m->name, user_runhost, user_srunhost, NULL)) matched = !m->negated; break; case NTWKADDR: if (addr_matches(m->name)) matched = !m->negated; break; case ALIAS: if ((a = alias_get(m->name, HOSTALIAS)) != NULL) { rval = hostlist_matches(&a->members); if (rval != UNSPEC) matched = m->negated ? !rval : rval; alias_put(a); break; } /* FALLTHROUGH */ case WORD: if (hostname_matches(user_srunhost, user_runhost, m->name)) matched = !m->negated; break; } if (matched != UNSPEC) break; } debug_return_bool(matched); } /* * Check for cmnd and args in a list of members. * Returns ALLOW, DENY or UNSPEC. */ int cmndlist_matches(const struct member_list *list) { struct member *m; int matched = UNSPEC; debug_decl(cmndlist_matches, SUDO_DEBUG_MATCH) TAILQ_FOREACH_REVERSE(m, list, member_list, entries) { matched = cmnd_matches(m); if (matched != UNSPEC) break; } debug_return_bool(matched); } /* * Check cmnd and args. * Returns ALLOW, DENY or UNSPEC. */ int cmnd_matches(const struct member *m) { struct alias *a; struct sudo_command *c; int rval, matched = UNSPEC; debug_decl(cmnd_matches, SUDO_DEBUG_MATCH) switch (m->type) { case ALL: matched = !m->negated; break; case ALIAS: if ((a = alias_get(m->name, CMNDALIAS)) != NULL) { rval = cmndlist_matches(&a->members); if (rval != UNSPEC) matched = m->negated ? !rval : rval; alias_put(a); } break; case COMMAND: c = (struct sudo_command *)m->name; if (command_matches(c->cmnd, c->args, c->digest)) matched = !m->negated; break; } debug_return_bool(matched); } static bool command_args_match(const char *sudoers_cmnd, const char *sudoers_args) { int flags = 0; debug_decl(command_args_match, SUDO_DEBUG_MATCH) /* * If no args specified in sudoers, any user args are allowed. * If the empty string is specified in sudoers, no user args are allowed. */ if (!sudoers_args || (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args))) debug_return_bool(true); /* * If args are specified in sudoers, they must match the user args. * If running as sudoedit, all args are assumed to be paths. */ if (sudoers_args) { /* For sudoedit, all args are assumed to be pathnames. */ if (strcmp(sudoers_cmnd, "sudoedit") == 0) flags = FNM_PATHNAME; if (fnmatch(sudoers_args, user_args ? user_args : "", flags) == 0) debug_return_bool(true); } debug_return_bool(false); } /* * If path doesn't end in /, return true iff cmnd & path name the same inode; * otherwise, return true if user_cmnd names one of the inodes in path. */ bool command_matches(const char *sudoers_cmnd, const char *sudoers_args, const struct sudo_digest *digest) { bool rc = false; debug_decl(command_matches, SUDO_DEBUG_MATCH) /* Check for pseudo-commands */ if (sudoers_cmnd[0] != '/') { /* * Return true if both sudoers_cmnd and user_cmnd are "sudoedit" AND * a) there are no args in sudoers OR * b) there are no args on command line and none req by sudoers OR * c) there are args in sudoers and on command line and they match */ if (strcmp(sudoers_cmnd, "sudoedit") == 0 && strcmp(user_cmnd, "sudoedit") == 0 && command_args_match(sudoers_cmnd, sudoers_args)) { efree(safe_cmnd); safe_cmnd = estrdup(sudoers_cmnd); rc = true; } goto done; } if (has_meta(sudoers_cmnd)) { /* * If sudoers_cmnd has meta characters in it, we need to * use glob(3) and/or fnmatch(3) to do the matching. */ #ifdef SUDOERS_NAME_MATCH rc = command_matches_fnmatch(sudoers_cmnd, sudoers_args); #else if (def_fast_glob) rc = command_matches_fnmatch(sudoers_cmnd, sudoers_args); else rc = command_matches_glob(sudoers_cmnd, sudoers_args); #endif } else { rc = command_matches_normal(sudoers_cmnd, sudoers_args, digest); } done: sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "user command \"%s%s%s\" matches sudoers command \"%s%s%s\": %s", user_cmnd, user_args ? " " : "", user_args ? user_args : "", sudoers_cmnd, sudoers_args ? " " : "", sudoers_args ? sudoers_args : "", rc ? "true" : "false"); debug_return_bool(rc); } static bool command_matches_fnmatch(const char *sudoers_cmnd, const char *sudoers_args) { debug_decl(command_matches_fnmatch, SUDO_DEBUG_MATCH) /* * Return true if fnmatch(3) succeeds AND * a) there are no args in sudoers OR * b) there are no args on command line and none required by sudoers OR * c) there are args in sudoers and on command line and they match * else return false. */ if (fnmatch(sudoers_cmnd, user_cmnd, FNM_PATHNAME) != 0) debug_return_bool(false); if (command_args_match(sudoers_cmnd, sudoers_args)) { if (safe_cmnd) free(safe_cmnd); safe_cmnd = estrdup(user_cmnd); debug_return_bool(true); } debug_return_bool(false); } #ifndef SUDOERS_NAME_MATCH static bool command_matches_glob(const char *sudoers_cmnd, const char *sudoers_args) { struct stat sudoers_stat; size_t dlen; char **ap, *base, *cp; glob_t gl; debug_decl(command_matches_glob, SUDO_DEBUG_MATCH) /* * First check to see if we can avoid the call to glob(3). * Short circuit if there are no meta chars in the command itself * and user_base and basename(sudoers_cmnd) don't match. */ dlen = strlen(sudoers_cmnd); if (sudoers_cmnd[dlen - 1] != '/') { if ((base = strrchr(sudoers_cmnd, '/')) != NULL) { base++; if (!has_meta(base) && strcmp(user_base, base) != 0) debug_return_bool(false); } } /* * Return true if we find a match in the glob(3) results AND * a) there are no args in sudoers OR * b) there are no args on command line and none required by sudoers OR * c) there are args in sudoers and on command line and they match * else return false. */ if (glob(sudoers_cmnd, GLOB_NOSORT, NULL, &gl) != 0 || gl.gl_pathc == 0) { globfree(&gl); debug_return_bool(false); } /* For each glob match, compare basename, st_dev and st_ino. */ for (ap = gl.gl_pathv; (cp = *ap) != NULL; ap++) { /* If it ends in '/' it is a directory spec. */ dlen = strlen(cp); if (cp[dlen - 1] == '/') { if (command_matches_dir(cp, dlen)) debug_return_bool(true); continue; } /* Only proceed if user_base and basename(cp) match */ if ((base = strrchr(cp, '/')) != NULL) base++; else base = cp; if (strcmp(user_base, base) != 0 || stat(cp, &sudoers_stat) == -1) continue; if (user_stat == NULL || (user_stat->st_dev == sudoers_stat.st_dev && user_stat->st_ino == sudoers_stat.st_ino)) { efree(safe_cmnd); safe_cmnd = estrdup(cp); break; } } globfree(&gl); if (cp == NULL) debug_return_bool(false); if (command_args_match(sudoers_cmnd, sudoers_args)) { efree(safe_cmnd); safe_cmnd = estrdup(user_cmnd); debug_return_bool(true); } debug_return_bool(false); } #endif /* SUDOERS_NAME_MATCH */ #ifdef SUDOERS_NAME_MATCH static bool command_matches_normal(const char *sudoers_cmnd, const char *sudoers_args, const struct sudo_digest *digest) { size_t dlen; debug_decl(command_matches_normal, SUDO_DEBUG_MATCH) dlen = strlen(sudoers_cmnd); /* If it ends in '/' it is a directory spec. */ if (sudoers_cmnd[dlen - 1] == '/') debug_return_bool(command_matches_dir(sudoers_cmnd, dlen)); if (strcmp(user_cmnd, sudoers_cmnd) == 0) { if (command_args_match(sudoers_cmnd, sudoers_args)) { efree(safe_cmnd); safe_cmnd = estrdup(sudoers_cmnd); debug_return_bool(true); } } debug_return_bool(false); } #else /* !SUDOERS_NAME_MATCH */ static struct digest_function { const char *digest_name; const unsigned int digest_len; void (*init)(SHA2_CTX *); void (*update)(SHA2_CTX *, const unsigned char *, size_t); void (*final)(unsigned char *, SHA2_CTX *); } digest_functions[] = { { "SHA224", SHA224_DIGEST_LENGTH, SHA224Init, SHA224Update, SHA224Final }, { "SHA256", SHA256_DIGEST_LENGTH, SHA256Init, SHA256Update, SHA256Final }, { "SHA384", SHA384_DIGEST_LENGTH, SHA384Init, SHA384Update, SHA384Final }, { "SHA512", SHA512_DIGEST_LENGTH, SHA512Init, SHA512Update, SHA512Final }, { NULL } }; static bool digest_matches(const char *file, const struct sudo_digest *sd) { unsigned char file_digest[SHA512_DIGEST_LENGTH]; unsigned char sudoers_digest[SHA512_DIGEST_LENGTH]; unsigned char buf[32 * 1024]; struct digest_function *func = NULL; size_t nread; SHA2_CTX ctx; FILE *fp; unsigned int i; debug_decl(digest_matches, SUDO_DEBUG_MATCH) for (i = 0; digest_functions[i].digest_name != NULL; i++) { if (sd->digest_type == i) { func = &digest_functions[i]; break; } } if (func == NULL) { warningx(U_("unsupported digest type %d for %s"), sd->digest_type, file); debug_return_bool(false); } if (strlen(sd->digest_str) == func->digest_len * 2) { /* Convert the command digest from ascii hex to binary. */ for (i = 0; i < func->digest_len; i++) { if (!isxdigit((unsigned char)sd->digest_str[i + i]) || !isxdigit((unsigned char)sd->digest_str[i + i + 1])) { goto bad_format; } sudoers_digest[i] = hexchar(&sd->digest_str[i + i]); } } else { size_t len = base64_decode(sd->digest_str, sudoers_digest, sizeof(sudoers_digest)); if (len != func->digest_len) goto bad_format; } if ((fp = fopen(file, "r")) == NULL) { sudo_debug_printf(SUDO_DEBUG_INFO, "unable to open %s: %s", file, strerror(errno)); debug_return_bool(false); } func->init(&ctx); while ((nread = fread(buf, 1, sizeof(buf), fp)) != 0) { func->update(&ctx, buf, nread); } if (ferror(fp)) { warningx(U_("%s: read error"), file); fclose(fp); debug_return_bool(false); } fclose(fp); func->final(file_digest, &ctx); if (memcmp(file_digest, sudoers_digest, func->digest_len) == 0) debug_return_bool(true); sudo_debug_printf(SUDO_DEBUG_DIAG|SUDO_DEBUG_LINENO, "%s digest mismatch for %s, expecting %s", func->digest_name, file, sd->digest_str); debug_return_bool(false); bad_format: warningx(U_("digest for %s (%s) is not in %s form"), file, sd->digest_str, func->digest_name); debug_return_bool(false); } static bool command_matches_normal(const char *sudoers_cmnd, const char *sudoers_args, const struct sudo_digest *digest) { struct stat sudoers_stat; const char *base; size_t dlen; debug_decl(command_matches_normal, SUDO_DEBUG_MATCH) /* If it ends in '/' it is a directory spec. */ dlen = strlen(sudoers_cmnd); if (sudoers_cmnd[dlen - 1] == '/') debug_return_bool(command_matches_dir(sudoers_cmnd, dlen)); /* Only proceed if user_base and basename(sudoers_cmnd) match */ if ((base = strrchr(sudoers_cmnd, '/')) == NULL) base = sudoers_cmnd; else base++; if (strcmp(user_base, base) != 0 || stat(sudoers_cmnd, &sudoers_stat) == -1) debug_return_bool(false); /* * Return true if inode/device matches AND * a) there are no args in sudoers OR * b) there are no args on command line and none req by sudoers OR * c) there are args in sudoers and on command line and they match * d) there is a digest and it matches */ if (user_stat != NULL && (user_stat->st_dev != sudoers_stat.st_dev || user_stat->st_ino != sudoers_stat.st_ino)) debug_return_bool(false); if (!command_args_match(sudoers_cmnd, sudoers_args)) debug_return_bool(false); if (digest != NULL && !digest_matches(sudoers_cmnd, digest)) { /* XXX - log functions not available but we should log very loudly */ debug_return_bool(false); } efree(safe_cmnd); safe_cmnd = estrdup(sudoers_cmnd); debug_return_bool(true); } #endif /* SUDOERS_NAME_MATCH */ #ifdef SUDOERS_NAME_MATCH /* * Return true if user_cmnd begins with sudoers_dir, else false. * Note that sudoers_dir include the trailing '/' */ static bool command_matches_dir(const char *sudoers_dir, size_t dlen) { debug_decl(command_matches_dir, SUDO_DEBUG_MATCH) debug_return_bool(strncmp(user_cmnd, sudoers_dir, dlen) == 0); } #else /* !SUDOERS_NAME_MATCH */ /* * Return true if user_cmnd names one of the inodes in dir, else false. */ static bool command_matches_dir(const char *sudoers_dir, size_t dlen) { struct stat sudoers_stat; struct dirent *dent; char buf[PATH_MAX]; DIR *dirp; debug_decl(command_matches_dir, SUDO_DEBUG_MATCH) /* * Grot through directory entries, looking for user_base. */ dirp = opendir(sudoers_dir); if (dirp == NULL) debug_return_bool(false); if (strlcpy(buf, sudoers_dir, sizeof(buf)) >= sizeof(buf)) { closedir(dirp); debug_return_bool(false); } while ((dent = readdir(dirp)) != NULL) { /* ignore paths > PATH_MAX (XXX - log) */ buf[dlen] = '\0'; if (strlcat(buf, dent->d_name, sizeof(buf)) >= sizeof(buf)) continue; /* only stat if basenames are the same */ if (strcmp(user_base, dent->d_name) != 0 || stat(buf, &sudoers_stat) == -1) continue; if (user_stat == NULL || (user_stat->st_dev == sudoers_stat.st_dev && user_stat->st_ino == sudoers_stat.st_ino)) { efree(safe_cmnd); safe_cmnd = estrdup(buf); break; } } closedir(dirp); debug_return_bool(dent != NULL); } #endif /* SUDOERS_NAME_MATCH */ /* * Returns true if the hostname matches the pattern, else false */ bool hostname_matches(const char *shost, const char *lhost, const char *pattern) { debug_decl(hostname_matches, SUDO_DEBUG_MATCH) const char *host; bool rc; host = strchr(pattern, '.') != NULL ? lhost : shost; if (has_meta(pattern)) { rc = !fnmatch(pattern, host, FNM_CASEFOLD); } else { rc = !strcasecmp(host, pattern); } sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "host %s matches sudoers pattern %s: %s", host, pattern, rc ? "true" : "false"); debug_return_bool(rc); } /* * Returns true if the user/uid from sudoers matches the specified user/uid, * else returns false. */ bool userpw_matches(const char *sudoers_user, const char *user, const struct passwd *pw) { const char *errstr; uid_t uid; bool rc; debug_decl(userpw_matches, SUDO_DEBUG_MATCH) if (pw != NULL && *sudoers_user == '#') { uid = (uid_t) atoid(sudoers_user + 1, NULL, NULL, &errstr); if (errstr != NULL && uid == pw->pw_uid) { rc = true; goto done; } } rc = strcmp(sudoers_user, user) == 0; done: sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "user %s matches sudoers user %s: %s", user, sudoers_user, rc ? "true" : "false"); debug_return_bool(rc); } /* * Returns true if the group/gid from sudoers matches the specified group/gid, * else returns false. */ bool group_matches(const char *sudoers_group, const struct group *gr) { const char *errstr; gid_t gid; bool rc; debug_decl(group_matches, SUDO_DEBUG_MATCH) if (*sudoers_group == '#') { gid = (gid_t) atoid(sudoers_group + 1, NULL, NULL, &errstr); if (errstr != NULL && gid == gr->gr_gid) { rc = true; goto done; } } rc = strcmp(gr->gr_name, sudoers_group) == 0; done: sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "group %s matches sudoers group %s: %s", gr->gr_name, sudoers_group, rc ? "true" : "false"); debug_return_bool(rc); } /* * Returns true if the given user belongs to the named group, * else returns false. */ bool usergr_matches(const char *group, const char *user, const struct passwd *pw) { int matched = false; struct passwd *pw0 = NULL; debug_decl(usergr_matches, SUDO_DEBUG_MATCH) /* make sure we have a valid usergroup, sudo style */ if (*group++ != '%') { sudo_debug_printf(SUDO_DEBUG_DIAG, "user group %s has no leading '%%'", group); goto done; } if (*group == ':' && def_group_plugin) { matched = group_plugin_query(user, group + 1, pw); goto done; } /* look up user's primary gid in the passwd file */ if (pw == NULL) { if ((pw0 = sudo_getpwnam(user)) == NULL) { sudo_debug_printf(SUDO_DEBUG_DIAG, "unable to find %s in passwd db", user); goto done; } pw = pw0; } if (user_in_group(pw, group)) { matched = true; goto done; } /* not a Unix group, could be an external group */ if (def_group_plugin && group_plugin_query(user, group, pw)) { matched = true; goto done; } done: if (pw0 != NULL) sudo_pw_delref(pw0); sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "user %s matches group %s: %s", user, group, matched ? "true" : "false"); debug_return_bool(matched); } #ifdef HAVE_INNETGR /* * Get NIS-style domain name and return a malloc()ed copy or NULL if none. */ static char * sudo_getdomainname(void) { char *domain = NULL; #ifdef HAVE_GETDOMAINNAME char *buf, *cp; buf = emalloc(HOST_NAME_MAX + 1); if (getdomainname(buf, HOST_NAME_MAX + 1) == 0 && *buf != '\0') { domain = buf; for (cp = buf; *cp != '\0'; cp++) { /* Check for illegal characters, Linux may use "(none)". */ if (*cp == '(' || *cp == ')' || *cp == ',' || *cp == ' ') { domain = NULL; break; } } } if (domain == NULL) efree(buf); #endif /* HAVE_GETDOMAINNAME */ return domain; } #endif /* HAVE_INNETGR */ /* * Returns true if "host" and "user" belong to the netgroup "netgr", * else return false. Either of "lhost", "shost" or "user" may be NULL * in which case that argument is not checked... */ bool netgr_matches(const char *netgr, const char *lhost, const char *shost, const char *user) { #ifdef HAVE_INNETGR static char *domain; static int initialized; #endif bool rc = false; debug_decl(netgr_matches, SUDO_DEBUG_MATCH) #ifdef HAVE_INNETGR /* make sure we have a valid netgroup, sudo style */ if (*netgr++ != '+') { sudo_debug_printf(SUDO_DEBUG_DIAG, "netgroup %s has no leading '+'", netgr); debug_return_bool(false); } /* get the domain name (if any) */ if (!initialized) { domain = sudo_getdomainname(); initialized = 1; } if (innetgr(netgr, lhost, user, domain)) rc = true; else if (lhost != shost && innetgr(netgr, shost, user, domain)) rc = true; #endif /* HAVE_INNETGR */ sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "netgroup %s matches (%s|%s, %s, %s): %s", netgr, lhost ? lhost : "", shost ? shost : "", user ? user : "", domain ? domain : "", rc ? "true" : "false"); debug_return_bool(rc); } sudo-1.8.9p5/plugins/sudoers/match_addr.c010064400175440000012000000131331226304126600177460ustar00millertstaff/* * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include "sudoers.h" #include "interfaces.h" static bool addr_matches_if(const char *n) { union sudo_in_addr_un addr; struct interface *ifp; #ifdef HAVE_STRUCT_IN6_ADDR unsigned int j; #endif unsigned int family; debug_decl(addr_matches_if, SUDO_DEBUG_MATCH) #ifdef HAVE_STRUCT_IN6_ADDR if (inet_pton(AF_INET6, n, &addr.ip6) > 0) { family = AF_INET6; } else #endif /* HAVE_STRUCT_IN6_ADDR */ { family = AF_INET; addr.ip4.s_addr = inet_addr(n); } SLIST_FOREACH(ifp, get_interfaces(), entries) { if (ifp->family != family) continue; switch (family) { case AF_INET: if (ifp->addr.ip4.s_addr == addr.ip4.s_addr || (ifp->addr.ip4.s_addr & ifp->netmask.ip4.s_addr) == addr.ip4.s_addr) debug_return_bool(true); break; #ifdef HAVE_STRUCT_IN6_ADDR case AF_INET6: if (memcmp(ifp->addr.ip6.s6_addr, addr.ip6.s6_addr, sizeof(addr.ip6.s6_addr)) == 0) debug_return_bool(true); for (j = 0; j < sizeof(addr.ip6.s6_addr); j++) { if ((ifp->addr.ip6.s6_addr[j] & ifp->netmask.ip6.s6_addr[j]) != addr.ip6.s6_addr[j]) break; } if (j == sizeof(addr.ip6.s6_addr)) debug_return_bool(true); break; #endif /* HAVE_STRUCT_IN6_ADDR */ } } debug_return_bool(false); } static bool addr_matches_if_netmask(const char *n, const char *m) { unsigned int i; union sudo_in_addr_un addr, mask; struct interface *ifp; #ifdef HAVE_STRUCT_IN6_ADDR unsigned int j; #endif unsigned int family; const char *errstr; debug_decl(addr_matches_if, SUDO_DEBUG_MATCH) #ifdef HAVE_STRUCT_IN6_ADDR if (inet_pton(AF_INET6, n, &addr.ip6) > 0) family = AF_INET6; else #endif /* HAVE_STRUCT_IN6_ADDR */ { family = AF_INET; addr.ip4.s_addr = inet_addr(n); } if (family == AF_INET) { if (strchr(m, '.')) { mask.ip4.s_addr = inet_addr(m); } else { i = strtonum(m, 0, 32, &errstr); if (errstr != NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "IPv4 netmask %s: %s", m, errstr); debug_return_bool(false); } if (i == 0) mask.ip4.s_addr = 0; else if (i == 32) mask.ip4.s_addr = 0xffffffff; else mask.ip4.s_addr = 0xffffffff - (1 << (32 - i)) + 1; mask.ip4.s_addr = htonl(mask.ip4.s_addr); } addr.ip4.s_addr &= mask.ip4.s_addr; } #ifdef HAVE_STRUCT_IN6_ADDR else { if (inet_pton(AF_INET6, m, &mask.ip6) <= 0) { j = strtonum(m, 0, 128, &errstr); if (errstr != NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "IPv6 netmask %s: %s", m, errstr); debug_return_bool(false); } for (i = 0; i < sizeof(addr.ip6.s6_addr); i++) { if (j < i * 8) mask.ip6.s6_addr[i] = 0; else if (i * 8 + 8 <= j) mask.ip6.s6_addr[i] = 0xff; else mask.ip6.s6_addr[i] = 0xff00 >> (j - i * 8); addr.ip6.s6_addr[i] &= mask.ip6.s6_addr[i]; } } } #endif /* HAVE_STRUCT_IN6_ADDR */ SLIST_FOREACH(ifp, get_interfaces(), entries) { if (ifp->family != family) continue; switch (family) { case AF_INET: if ((ifp->addr.ip4.s_addr & mask.ip4.s_addr) == addr.ip4.s_addr) debug_return_bool(true); break; #ifdef HAVE_STRUCT_IN6_ADDR case AF_INET6: for (j = 0; j < sizeof(addr.ip6.s6_addr); j++) { if ((ifp->addr.ip6.s6_addr[j] & mask.ip6.s6_addr[j]) != addr.ip6.s6_addr[j]) break; } if (j == sizeof(addr.ip6.s6_addr)) debug_return_bool(true); break; #endif /* HAVE_STRUCT_IN6_ADDR */ } } debug_return_bool(false); } /* * Returns true if "n" is one of our ip addresses or if * "n" is a network that we are on, else returns false. */ bool addr_matches(char *n) { char *m; bool rc; debug_decl(addr_matches, SUDO_DEBUG_MATCH) /* If there's an explicit netmask, use it. */ if ((m = strchr(n, '/'))) { *m++ = '\0'; rc = addr_matches_if_netmask(n, m); *(m - 1) = '/'; } else rc = addr_matches_if(n); sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "IP address %s matches local host: %s", n, rc ? "true" : "false"); debug_return_bool(rc); } sudo-1.8.9p5/plugins/sudoers/mkdefaults010075500175440000012000000075711226304126600176120ustar00millertstaff#!/usr/bin/perl -w # # Generate sudo_defs_table and associated defines # # Input should be formatted thusly: # # var_name # TYPE # description (or NULL) # array of struct def_values if TYPE == T_TUPLE # Deal with optional -o (output) argument if ($#ARGV > 0 && $ARGV[0] eq "-o") { shift; $header = $cfile = shift; $header .= '.h'; $cfile .= '.c'; } die "usage: $0 [input_file]\n" unless $#ARGV == -1 || $#ARGV == 0; $infile = $ARGV[0] || "def_data.in"; if (!defined($header)) { $header = $infile; $header =~ s/(\.in)?$/.h/; } if (!defined($cfile)) { $cfile = $infile; $cfile =~ s/(\.in)?$/.c/; } open(IN, "<$infile") || die "$0: can't open $infile: $!\n"; open(HEADER, ">$header") || die "$0: can't open $header: $!\n"; open(CFILE, ">$cfile") || die "$0: can't open $cfile: $!\n"; $count = 0; @tuple_values = ( "never" ); @records = (); while() { chomp; s/\s*#.*$//; next if /^\s*$/; if (/^\S/) { # Store previous record and begin new one $records[$count++] = [$var, $type, $desc, $values, $callback] if defined($var); $var = $_; $type = ''; $desc = undef; $values = undef; $callback = undef; $field = 0; } else { $field++; s/^\s+//; s/\s+$//; if ($field == 1) { # type $type = $_; } elsif ($field == 2) { # description if ($_ eq "NULL") { $desc = "NULL"; } else { # Strip leading and trailing double quote and escape the rest s/^"//; s/"$//; s/"/\\"/g; $desc = "N_(\"$_\")"; } } elsif ($field == 3 || $field == 4) { if (s/^\*//) { $callback = $_; } else { die "$0: syntax error near line $.\n" if $type !~ /^T_TUPLE/; $values = [ split ]; foreach $v (@$values) { push(@tuple_values, $v) unless grep(/^$v$/, @tuple_values); } } } else { die "$0: syntax error near line $.\n"; } } } $records[$count++] = [$var, $type, $desc, $values, $callback] if defined($var); # Print out value arrays for ($i = 0; $i < $count; $i++) { if (defined($records[$i]->[3])) { die "Values list specified for non-tuple\n" unless $records[$i]->[1] =~ /^T_TUPLE/; printf CFILE "static struct def_values def_data_%s[] = {\n", $records[$i]->[0]; foreach (@{$records[$i]->[3]}) { print CFILE " { \"$_\", $_ },\n"; } print CFILE " { NULL, 0 },\n"; print CFILE "};\n\n"; } } # Print each record print CFILE "struct sudo_defs_types sudo_defs_table[] = {\n {\n"; for ($i = 0; $i < $count; $i++) { &print_record($records[$i], $i); } print CFILE "\tNULL, 0, NULL\n }\n};\n"; # Print out def_tuple if (@tuple_values) { print HEADER "\nenum def_tuple {\n"; for ($i = 0; $i <= $#tuple_values; $i++) { printf HEADER "\t%s%s\n", $tuple_values[$i], $i != $#tuple_values ? "," : ""; } print HEADER "};\n"; } close(IN); close(HEADER); close(CFILE); sub print_record { my ($rec, $recnum) = @_; my ($i, $v, $defname); # each variable gets a macro to access its value for ($rec->[1]) { if (/^T_INT/) { $v = "ival"; } elsif (/^T_UINT/) { $v = "uival"; } elsif (/^T_STR/) { $v = "str"; } elsif (/^T_FLAG/) { $v = "flag"; } elsif (/^T_MODE/) { $v = "mode"; } elsif (/^T_LIST/) { $v = "list"; } elsif (/^T_LOGFAC/) { $v = "ival"; } elsif (/^T_LOGPRI/) { $v = "ival"; } elsif (/^T_TUPLE/) { $v = "tuple"; } elsif (/^T_FLOAT/) { $v = "fval"; } else { die "$0: unknown defaults type: $_\n"; } } printf HEADER "#define %-23s (sudo_defs_table[$recnum].sd_un.${v})\n", "def_$rec->[0]"; $defname = "I_" . uc($rec->[0]); printf HEADER "#define %-24s%d", $defname, $recnum; #print HEADER "\t/* $rec->[2] */" if defined($rec->[2]); print HEADER "\n"; print CFILE "\t\"$rec->[0]\", $rec->[1],\n\t$rec->[2],\n"; if (defined($rec->[3])) { printf CFILE "\tdef_data_$rec->[0],\n"; } else { printf CFILE "\tNULL,\n"; } printf CFILE "\t$rec->[4],\n" if defined($rec->[4]); print CFILE " }, {\n"; } sudo-1.8.9p5/plugins/sudoers/parse.c010064400175440000012000000527121226304126600170000ustar00millertstaff/* * Copyright (c) 2004-2005, 2007-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include "sudoers.h" #include "parse.h" #include "lbuf.h" #include /* Characters that must be quoted in sudoers */ #define SUDOERS_QUOTED ":\\,=#\"" /* sudoers nsswitch routines */ struct sudo_nss sudo_nss_file = { { NULL, NULL }, sudo_file_open, sudo_file_close, sudo_file_parse, sudo_file_setdefs, sudo_file_lookup, sudo_file_display_cmnd, sudo_file_display_defaults, sudo_file_display_bound_defaults, sudo_file_display_privs }; /* * Local prototypes. */ static int display_bound_defaults(int dtype, struct lbuf *lbuf); static void print_member(struct lbuf *lbuf, struct member *m, int alias_type); static void print_member2(struct lbuf *lbuf, struct member *m, const char *separator, int alias_type); int sudo_file_open(struct sudo_nss *nss) { debug_decl(sudo_file_open, SUDO_DEBUG_NSS) if (def_ignore_local_sudoers) debug_return_int(-1); nss->handle = open_sudoers(sudoers_file, false, NULL); debug_return_int(nss->handle ? 0 : -1); } int sudo_file_close(struct sudo_nss *nss) { debug_decl(sudo_file_close, SUDO_DEBUG_NSS) /* Free parser data structures and close sudoers file. */ init_parser(NULL, false); if (nss->handle != NULL) { fclose(nss->handle); nss->handle = NULL; sudoersin = NULL; } debug_return_int(0); } /* * Parse the specified sudoers file. */ int sudo_file_parse(struct sudo_nss *nss) { debug_decl(sudo_file_close, SUDO_DEBUG_NSS) if (nss->handle == NULL) debug_return_int(-1); init_parser(sudoers_file, false); sudoersin = nss->handle; if (sudoersparse() != 0 || parse_error) { if (errorlineno != -1) { log_warning(0, N_("parse error in %s near line %d"), errorfile, errorlineno); } else { log_warning(0, N_("parse error in %s"), errorfile); } debug_return_int(-1); } debug_return_int(0); } /* * Wrapper around update_defaults() for nsswitch code. */ int sudo_file_setdefs(struct sudo_nss *nss) { debug_decl(sudo_file_setdefs, SUDO_DEBUG_NSS) if (nss->handle == NULL) debug_return_int(-1); if (!update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER)) debug_return_int(-1); debug_return_int(0); } /* * Look up the user in the parsed sudoers file and check to see if they are * allowed to run the specified command on this host as the target user. */ int sudo_file_lookup(struct sudo_nss *nss, int validated, int pwflag) { int match, host_match, runas_match, cmnd_match; struct cmndspec *cs; struct cmndtag *tags = NULL; struct privilege *priv; struct userspec *us; struct member *matching_user; debug_decl(sudo_file_lookup, SUDO_DEBUG_NSS) if (nss->handle == NULL) debug_return_int(validated); /* * Only check the actual command if pwflag is not set. * It is set for the "validate", "list" and "kill" pseudo-commands. * Always check the host and user. */ if (pwflag) { int nopass; enum def_tuple pwcheck; pwcheck = (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple; nopass = (pwcheck == all) ? true : false; if (list_pw == NULL) SET(validated, FLAG_NO_CHECK); CLR(validated, FLAG_NO_USER); CLR(validated, FLAG_NO_HOST); match = DENY; TAILQ_FOREACH(us, &userspecs, entries) { if (userlist_matches(sudo_user.pw, &us->users) != ALLOW) continue; TAILQ_FOREACH(priv, &us->privileges, entries) { if (hostlist_matches(&priv->hostlist) != ALLOW) continue; TAILQ_FOREACH(cs, &priv->cmndlist, entries) { /* Only check the command when listing another user. */ if (user_uid == 0 || list_pw == NULL || user_uid == list_pw->pw_uid || cmnd_matches(cs->cmnd) == ALLOW) match = ALLOW; if ((pwcheck == any && cs->tags.nopasswd == true) || (pwcheck == all && cs->tags.nopasswd != true)) nopass = cs->tags.nopasswd; } } } if (match == ALLOW || user_uid == 0) { /* User has an entry for this host. */ SET(validated, VALIDATE_OK); } else if (match == DENY) SET(validated, VALIDATE_NOT_OK); if (pwcheck == always && def_authenticate) SET(validated, FLAG_CHECK_USER); else if (pwcheck == never || nopass == true) def_authenticate = false; debug_return_int(validated); } /* Need to be runas user while stat'ing things. */ set_perms(PERM_RUNAS); match = UNSPEC; TAILQ_FOREACH_REVERSE(us, &userspecs, userspec_list, entries) { if (userlist_matches(sudo_user.pw, &us->users) != ALLOW) continue; CLR(validated, FLAG_NO_USER); TAILQ_FOREACH_REVERSE(priv, &us->privileges, privilege_list, entries) { host_match = hostlist_matches(&priv->hostlist); if (host_match == ALLOW) CLR(validated, FLAG_NO_HOST); else continue; TAILQ_FOREACH_REVERSE(cs, &priv->cmndlist, cmndspec_list, entries) { matching_user = NULL; runas_match = runaslist_matches(cs->runasuserlist, cs->runasgrouplist, &matching_user, NULL); if (runas_match == ALLOW) { cmnd_match = cmnd_matches(cs->cmnd); if (cmnd_match != UNSPEC) { match = cmnd_match; tags = &cs->tags; #ifdef HAVE_SELINUX /* Set role and type if not specified on command line. */ if (user_role == NULL) user_role = cs->role ? estrdup(cs->role) : def_role; if (user_type == NULL) user_type = cs->type ? estrdup(cs->type) : def_type; #endif /* HAVE_SELINUX */ #ifdef HAVE_PRIV_SET /* Set Solaris privilege sets */ if (runas_privs == NULL) runas_privs = cs->privs ? estrdup(cs->privs) : def_privs; if (runas_limitprivs == NULL) runas_limitprivs = cs->limitprivs ? estrdup(cs->limitprivs) : def_limitprivs; #endif /* HAVE_PRIV_SET */ /* * If user is running command as himself, * set runas_pw = sudo_user.pw. * XXX - hack, want more general solution */ if (matching_user && matching_user->type == MYSELF) { sudo_pw_delref(runas_pw); sudo_pw_addref(sudo_user.pw); runas_pw = sudo_user.pw; } goto matched2; } } } } } matched2: if (match == ALLOW) { SET(validated, VALIDATE_OK); CLR(validated, VALIDATE_NOT_OK); if (tags != NULL) { if (tags->nopasswd != UNSPEC) def_authenticate = !tags->nopasswd; if (tags->noexec != UNSPEC) def_noexec = tags->noexec; if (tags->setenv != UNSPEC) def_setenv = tags->setenv; if (tags->log_input != UNSPEC) def_log_input = tags->log_input; if (tags->log_output != UNSPEC) def_log_output = tags->log_output; } } else if (match == DENY) { SET(validated, VALIDATE_NOT_OK); CLR(validated, VALIDATE_OK); if (tags != NULL && tags->nopasswd != UNSPEC) def_authenticate = !tags->nopasswd; } restore_perms(); debug_return_int(validated); } #define TAG_SET(tt) \ ((tt) != UNSPEC && (tt) != IMPLIED) #define TAG_CHANGED(t) \ (TAG_SET(cs->tags.t) && cs->tags.t != tags->t) static void sudo_file_append_cmnd(struct cmndspec *cs, struct cmndtag *tags, struct lbuf *lbuf) { debug_decl(sudo_file_append_cmnd, SUDO_DEBUG_NSS) #ifdef HAVE_PRIV_SET if (cs->privs) lbuf_append(lbuf, "PRIVS=\"%s\" ", cs->privs); if (cs->limitprivs) lbuf_append(lbuf, "LIMITPRIVS=\"%s\" ", cs->limitprivs); #endif /* HAVE_PRIV_SET */ #ifdef HAVE_SELINUX if (cs->role) lbuf_append(lbuf, "ROLE=%s ", cs->role); if (cs->type) lbuf_append(lbuf, "TYPE=%s ", cs->type); #endif /* HAVE_SELINUX */ if (TAG_CHANGED(setenv)) { lbuf_append(lbuf, cs->tags.setenv ? "SETENV: " : "NOSETENV: "); tags->setenv = cs->tags.setenv; } if (TAG_CHANGED(noexec)) { lbuf_append(lbuf, cs->tags.noexec ? "NOEXEC: " : "EXEC: "); tags->noexec = cs->tags.noexec; } if (TAG_CHANGED(nopasswd)) { lbuf_append(lbuf, cs->tags.nopasswd ? "NOPASSWD: " : "PASSWD: "); tags->nopasswd = cs->tags.nopasswd; } if (TAG_CHANGED(log_input)) { lbuf_append(lbuf, cs->tags.log_input ? "LOG_INPUT: " : "NOLOG_INPUT: "); tags->log_input = cs->tags.log_input; } if (TAG_CHANGED(log_output)) { lbuf_append(lbuf, cs->tags.log_output ? "LOG_OUTPUT: " : "NOLOG_OUTPUT: "); tags->log_output = cs->tags.log_output; } print_member(lbuf, cs->cmnd, CMNDALIAS); debug_return; } #define RUNAS_CHANGED(cs1, cs2) \ (cs1 == NULL || cs2 == NULL || \ cs1->runasuserlist != cs2->runasuserlist || \ cs1->runasgrouplist != cs2->runasgrouplist) static int sudo_file_display_priv_short(struct passwd *pw, struct userspec *us, struct lbuf *lbuf) { struct cmndspec *cs, *prev_cs; struct member *m; struct privilege *priv; struct cmndtag tags; int nfound = 0; debug_decl(sudo_file_display_priv_short, SUDO_DEBUG_NSS) /* gcc -Wuninitialized false positive */ tags.noexec = UNSPEC; tags.setenv = UNSPEC; tags.nopasswd = UNSPEC; tags.log_input = UNSPEC; tags.log_output = UNSPEC; TAILQ_FOREACH(priv, &us->privileges, entries) { if (hostlist_matches(&priv->hostlist) != ALLOW) continue; prev_cs = NULL; TAILQ_FOREACH(cs, &priv->cmndlist, entries) { if (RUNAS_CHANGED(cs, prev_cs)) { if (cs != TAILQ_FIRST(&priv->cmndlist)) lbuf_append(lbuf, "\n"); lbuf_append(lbuf, " ("); if (cs->runasuserlist != NULL) { TAILQ_FOREACH(m, cs->runasuserlist, entries) { if (m != TAILQ_FIRST(cs->runasuserlist)) lbuf_append(lbuf, ", "); print_member(lbuf, m, RUNASALIAS); } } else if (cs->runasgrouplist == NULL) { lbuf_append(lbuf, "%s", def_runas_default); } else { lbuf_append(lbuf, "%s", pw->pw_name); } if (cs->runasgrouplist != NULL) { lbuf_append(lbuf, " : "); TAILQ_FOREACH(m, cs->runasgrouplist, entries) { if (m != TAILQ_FIRST(cs->runasgrouplist)) lbuf_append(lbuf, ", "); print_member(lbuf, m, RUNASALIAS); } } lbuf_append(lbuf, ") "); tags.noexec = UNSPEC; tags.setenv = UNSPEC; tags.nopasswd = UNSPEC; tags.log_input = UNSPEC; tags.log_output = UNSPEC; } else if (cs != TAILQ_FIRST(&priv->cmndlist)) { lbuf_append(lbuf, ", "); } sudo_file_append_cmnd(cs, &tags, lbuf); prev_cs = cs; nfound++; } lbuf_append(lbuf, "\n"); } debug_return_int(nfound); } #define TAGS_CHANGED(ot, nt) \ ((TAG_SET((nt).setenv) && (nt).setenv != (ot).setenv) || \ (TAG_SET((nt).noexec) && (nt).noexec != (ot).noexec) || \ (TAG_SET((nt).nopasswd) && (nt).nopasswd != (ot).nopasswd) || \ (TAG_SET((nt).log_input) && (nt).log_input != (ot).log_input) || \ (TAG_SET((nt).log_output) && (nt).log_output != (ot).log_output)) /* * Compare the current cmndspec with the previous one to determine * whether we need to start a new long entry for "sudo -ll". * Returns true if we should start a new long entry, else false. */ static bool new_long_entry(struct cmndspec *cs, struct cmndspec *prev_cs) { if (prev_cs == NULL) return true; if (RUNAS_CHANGED(cs, prev_cs) || TAGS_CHANGED(cs->tags, prev_cs->tags)) return true; #ifdef HAVE_PRIV_SET if (cs->privs && (!prev_cs->privs || strcmp(cs->privs, prev_cs->privs) != 0)) return true; if (cs->limitprivs && (!prev_cs->limitprivs || strcmp(cs->limitprivs, prev_cs->limitprivs) != 0)) return true; #endif /* HAVE_PRIV_SET */ #ifdef HAVE_SELINUX if (cs->role && (!prev_cs->role || strcmp(cs->role, prev_cs->role) != 0)) return true; if (cs->type && (!prev_cs->type || strcmp(cs->type, prev_cs->type) != 0)) return true; #endif /* HAVE_SELINUX */ return false; } static int sudo_file_display_priv_long(struct passwd *pw, struct userspec *us, struct lbuf *lbuf) { struct cmndspec *cs, *prev_cs; struct member *m; struct privilege *priv; int nfound = 0, olen; debug_decl(sudo_file_display_priv_long, SUDO_DEBUG_NSS) TAILQ_FOREACH(priv, &us->privileges, entries) { if (hostlist_matches(&priv->hostlist) != ALLOW) continue; prev_cs = NULL; TAILQ_FOREACH(cs, &priv->cmndlist, entries) { if (new_long_entry(cs, prev_cs)) { lbuf_append(lbuf, _("\nSudoers entry:\n")); lbuf_append(lbuf, _(" RunAsUsers: ")); if (cs->runasuserlist != NULL) { TAILQ_FOREACH(m, cs->runasuserlist, entries) { if (m != TAILQ_FIRST(cs->runasuserlist)) lbuf_append(lbuf, ", "); print_member(lbuf, m, RUNASALIAS); } } else if (cs->runasgrouplist == NULL) { lbuf_append(lbuf, "%s", def_runas_default); } else { lbuf_append(lbuf, "%s", pw->pw_name); } lbuf_append(lbuf, "\n"); if (cs->runasgrouplist != NULL) { lbuf_append(lbuf, _(" RunAsGroups: ")); TAILQ_FOREACH(m, cs->runasgrouplist, entries) { if (m != TAILQ_FIRST(cs->runasgrouplist)) lbuf_append(lbuf, ", "); print_member(lbuf, m, RUNASALIAS); } lbuf_append(lbuf, "\n"); } olen = lbuf->len; lbuf_append(lbuf, _(" Options: ")); if (TAG_SET(cs->tags.setenv)) lbuf_append(lbuf, "%ssetenv, ", cs->tags.setenv ? "" : "!"); if (TAG_SET(cs->tags.noexec)) lbuf_append(lbuf, "%snoexec, ", cs->tags.noexec ? "" : "!"); if (TAG_SET(cs->tags.nopasswd)) lbuf_append(lbuf, "%sauthenticate, ", cs->tags.nopasswd ? "!" : ""); if (TAG_SET(cs->tags.log_input)) lbuf_append(lbuf, "%slog_input, ", cs->tags.log_input ? "" : "!"); if (TAG_SET(cs->tags.log_output)) lbuf_append(lbuf, "%slog_output, ", cs->tags.log_output ? "" : "!"); if (lbuf->buf[lbuf->len - 2] == ',') { lbuf->len -= 2; /* remove trailing ", " */ lbuf_append(lbuf, "\n"); } else { lbuf->len = olen; /* no options */ } #ifdef HAVE_PRIV_SET if (cs->privs) lbuf_append(lbuf, " Privs: %s\n", cs->privs); if (cs->limitprivs) lbuf_append(lbuf, " Limitprivs: %s\n", cs->limitprivs); #endif /* HAVE_PRIV_SET */ #ifdef HAVE_SELINUX if (cs->role) lbuf_append(lbuf, " Role: %s\n", cs->role); if (cs->type) lbuf_append(lbuf, " Type: %s\n", cs->type); #endif /* HAVE_SELINUX */ lbuf_append(lbuf, _(" Commands:\n")); } lbuf_append(lbuf, "\t"); print_member2(lbuf, cs->cmnd, "\n\t", CMNDALIAS); lbuf_append(lbuf, "\n"); prev_cs = cs; nfound++; } } debug_return_int(nfound); } int sudo_file_display_privs(struct sudo_nss *nss, struct passwd *pw, struct lbuf *lbuf) { struct userspec *us; int nfound = 0; debug_decl(sudo_file_display_priv, SUDO_DEBUG_NSS) if (nss->handle == NULL) goto done; TAILQ_FOREACH(us, &userspecs, entries) { if (userlist_matches(pw, &us->users) != ALLOW) continue; if (long_list) nfound += sudo_file_display_priv_long(pw, us, lbuf); else nfound += sudo_file_display_priv_short(pw, us, lbuf); } done: debug_return_int(nfound); } /* * Display matching Defaults entries for the given user on this host. */ int sudo_file_display_defaults(struct sudo_nss *nss, struct passwd *pw, struct lbuf *lbuf) { struct defaults *d; char *prefix; int nfound = 0; debug_decl(sudo_file_display_defaults, SUDO_DEBUG_NSS) if (nss->handle == NULL) goto done; if (lbuf->len == 0 || isspace((unsigned char)lbuf->buf[lbuf->len - 1])) prefix = " "; else prefix = ", "; TAILQ_FOREACH(d, &defaults, entries) { switch (d->type) { case DEFAULTS_HOST: if (hostlist_matches(d->binding) != ALLOW) continue; break; case DEFAULTS_USER: if (userlist_matches(pw, d->binding) != ALLOW) continue; break; case DEFAULTS_RUNAS: case DEFAULTS_CMND: continue; } if (d->val != NULL) { lbuf_append(lbuf, "%s%s%s", prefix, d->var, d->op == '+' ? "+=" : d->op == '-' ? "-=" : "="); if (strpbrk(d->val, " \t") != NULL) { lbuf_append(lbuf, "\""); lbuf_append_quoted(lbuf, "\"", "%s", d->val); lbuf_append(lbuf, "\""); } else lbuf_append_quoted(lbuf, SUDOERS_QUOTED, "%s", d->val); } else lbuf_append(lbuf, "%s%s%s", prefix, d->op == false ? "!" : "", d->var); prefix = ", "; nfound++; } done: debug_return_int(nfound); } /* * Display Defaults entries that are per-runas or per-command */ int sudo_file_display_bound_defaults(struct sudo_nss *nss, struct passwd *pw, struct lbuf *lbuf) { int nfound = 0; debug_decl(sudo_file_display_bound_defaults, SUDO_DEBUG_NSS) /* XXX - should only print ones that match what the user can do. */ nfound += display_bound_defaults(DEFAULTS_RUNAS, lbuf); nfound += display_bound_defaults(DEFAULTS_CMND, lbuf); debug_return_int(nfound); } /* * Display Defaults entries of the given type. */ static int display_bound_defaults(int dtype, struct lbuf *lbuf) { struct defaults *d; struct member_list *binding = NULL; struct member *m; char *dsep; int atype, nfound = 0; debug_decl(display_bound_defaults, SUDO_DEBUG_NSS) switch (dtype) { case DEFAULTS_HOST: atype = HOSTALIAS; dsep = "@"; break; case DEFAULTS_USER: atype = USERALIAS; dsep = ":"; break; case DEFAULTS_RUNAS: atype = RUNASALIAS; dsep = ">"; break; case DEFAULTS_CMND: atype = CMNDALIAS; dsep = "!"; break; default: debug_return_int(-1); } TAILQ_FOREACH(d, &defaults, entries) { if (d->type != dtype) continue; nfound++; if (binding != d->binding) { binding = d->binding; if (nfound != 1) lbuf_append(lbuf, "\n"); lbuf_append(lbuf, " Defaults%s", dsep); TAILQ_FOREACH(m, binding, entries) { if (m != TAILQ_FIRST(binding)) lbuf_append(lbuf, ","); print_member(lbuf, m, atype); lbuf_append(lbuf, " "); } } else lbuf_append(lbuf, ", "); if (d->val != NULL) { lbuf_append(lbuf, "%s%s%s", d->var, d->op == '+' ? "+=" : d->op == '-' ? "-=" : "=", d->val); } else lbuf_append(lbuf, "%s%s", d->op == false ? "!" : "", d->var); } debug_return_int(nfound); } int sudo_file_display_cmnd(struct sudo_nss *nss, struct passwd *pw) { struct cmndspec *cs; struct member *match; struct privilege *priv; struct userspec *us; int rval = 1; int host_match, runas_match, cmnd_match; debug_decl(sudo_file_display_cmnd, SUDO_DEBUG_NSS) if (nss->handle == NULL) goto done; match = NULL; TAILQ_FOREACH_REVERSE(us, &userspecs, userspec_list, entries) { if (userlist_matches(pw, &us->users) != ALLOW) continue; TAILQ_FOREACH_REVERSE(priv, &us->privileges, privilege_list, entries) { host_match = hostlist_matches(&priv->hostlist); if (host_match != ALLOW) continue; TAILQ_FOREACH_REVERSE(cs, &priv->cmndlist, cmndspec_list, entries) { runas_match = runaslist_matches(cs->runasuserlist, cs->runasgrouplist, NULL, NULL); if (runas_match == ALLOW) { cmnd_match = cmnd_matches(cs->cmnd); if (cmnd_match != UNSPEC) { match = host_match && runas_match ? cs->cmnd : NULL; goto matched; } } } } } matched: if (match != NULL && !match->negated) { sudo_printf(SUDO_CONV_INFO_MSG, "%s%s%s\n", safe_cmnd, user_args ? " " : "", user_args ? user_args : ""); rval = 0; } done: debug_return_int(rval); } /* * Print the contents of a struct member to stdout */ static void _print_member(struct lbuf *lbuf, char *name, int type, int negated, const char *separator, int alias_type) { struct alias *a; struct member *m; struct sudo_command *c; debug_decl(_print_member, SUDO_DEBUG_NSS) switch (type) { case ALL: lbuf_append(lbuf, "%sALL", negated ? "!" : ""); break; case MYSELF: lbuf_append(lbuf, "%s%s", negated ? "!" : "", user_name); break; case COMMAND: c = (struct sudo_command *) name; if (negated) lbuf_append(lbuf, "!"); lbuf_append_quoted(lbuf, SUDOERS_QUOTED, "%s", c->cmnd); if (c->args) { lbuf_append(lbuf, " "); lbuf_append_quoted(lbuf, SUDOERS_QUOTED, "%s", c->args); } break; case ALIAS: if ((a = alias_get(name, alias_type)) != NULL) { TAILQ_FOREACH(m, &a->members, entries) { if (m != TAILQ_FIRST(&a->members)) lbuf_append(lbuf, "%s", separator); _print_member(lbuf, m->name, m->type, negated ? !m->negated : m->negated, separator, alias_type); } alias_put(a); break; } /* FALLTHROUGH */ default: lbuf_append(lbuf, "%s%s", negated ? "!" : "", name); break; } debug_return; } static void print_member(struct lbuf *lbuf, struct member *m, int alias_type) { _print_member(lbuf, m->name, m->type, m->negated, ", ", alias_type); } static void print_member2(struct lbuf *lbuf, struct member *m, const char *separator, int alias_type) { _print_member(lbuf, m->name, m->type, m->negated, separator, alias_type); } sudo-1.8.9p5/plugins/sudoers/parse.h010064400175440000012000000152131226304132000167670ustar00millertstaff/* * Copyright (c) 1996, 1998-2000, 2004, 2007-2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDOERS_PARSE_H #define _SUDOERS_PARSE_H #undef UNSPEC #define UNSPEC -1 #undef DENY #define DENY 0 #undef ALLOW #define ALLOW 1 #undef IMPLIED #define IMPLIED 2 #define SUDO_DIGEST_SHA224 0 #define SUDO_DIGEST_SHA256 1 #define SUDO_DIGEST_SHA384 2 #define SUDO_DIGEST_SHA512 3 #define SUDO_DIGEST_INVALID 4 struct sudo_digest { unsigned int digest_type; char *digest_str; }; /* * A command with option args and digest. * XXX - merge into struct member */ struct sudo_command { char *cmnd; char *args; struct sudo_digest *digest; }; /* * Tags associated with a command. * Possible values: true, false, IMPLIED, UNSPEC. */ struct cmndtag { signed int nopasswd: 3; signed int noexec: 3; signed int setenv: 3; signed int log_input: 3; signed int log_output: 3; }; /* * SELinux-specific container struct. * Currently just contains a role and type. */ struct selinux_info { char *role; char *type; }; /* * Solaris privileges container struct * Currently just contains permitted and limit privileges. * It could have PFEXEC and PRIV_AWARE flags added in the future. */ struct solaris_privs_info { char *privs; char *limitprivs; }; /* * The parsed sudoers file is stored as a collection of linked lists, * modelled after the yacc grammar. * * Other than the alias struct, which is stored in a red-black tree, * the data structure used is a doubly-linked tail queue. While sudoers * is being parsed, a headless tail queue is used where the first entry * acts as the head and the prev pointer does double duty as the tail pointer. * This makes it possible to trivally append sub-lists. In addition, the prev * pointer is always valid (even if it points to itself). Unlike a circle * queue, the next pointer of the last entry is NULL and does not point back * to the head. When the tail queue is finalized, it is converted to a * normal BSD tail queue. */ /* * Tail queue list head structure. */ TAILQ_HEAD(defaults_list, defaults); TAILQ_HEAD(userspec_list, userspec); TAILQ_HEAD(member_list, member); TAILQ_HEAD(privilege_list, privilege); TAILQ_HEAD(cmndspec_list, cmndspec); /* * Structure describing a user specification and list thereof. */ struct userspec { TAILQ_ENTRY(userspec) entries; struct member_list users; /* list of users */ struct privilege_list privileges; /* list of privileges */ }; /* * Structure describing a privilege specification. */ struct privilege { TAILQ_ENTRY(privilege) entries; struct member_list hostlist; /* list of hosts */ struct cmndspec_list cmndlist; /* list of Cmnd_Specs */ }; /* * Structure describing a linked list of Cmnd_Specs. */ struct cmndspec { TAILQ_ENTRY(cmndspec) entries; struct member_list *runasuserlist; /* list of runas users */ struct member_list *runasgrouplist; /* list of runas groups */ struct member *cmnd; /* command to allow/deny */ struct cmndtag tags; /* tag specificaion */ #ifdef HAVE_SELINUX char *role, *type; /* SELinux role and type */ #endif #ifdef HAVE_PRIV_SET char *privs, *limitprivs; /* Solaris privilege sets */ #endif }; /* * Generic structure to hold users, hosts, commands. */ struct member { TAILQ_ENTRY(member) entries; char *name; /* member name */ short type; /* type (see gram.h) */ short negated; /* negated via '!'? */ }; struct runascontainer { struct member *runasusers; struct member *runasgroups; }; /* * Generic structure to hold {User,Host,Runas,Cmnd}_Alias * Aliases are stored in a red-black tree, sorted by name and type. */ struct alias { char *name; /* alias name */ unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */ bool used; /* "used" flag for cycle detection */ struct member_list members; /* list of alias members */ }; /* * Structure describing a Defaults entry and a list thereof. */ struct defaults { TAILQ_ENTRY(defaults) entries; char *var; /* variable name */ char *val; /* variable value */ struct member_list *binding; /* user/host/runas binding */ int type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */ int op; /* true, false, '+', '-' */ }; /* * Parsed sudoers info. */ extern struct userspec_list userspecs; extern struct defaults_list defaults; /* alias.c */ bool no_aliases(void); char *alias_add(char *name, int type, struct member *members); int alias_compare(const void *a1, const void *a2); struct alias *alias_get(char *name, int type); struct alias *alias_remove(char *name, int type); void alias_apply(int (*func)(void *, void *), void *cookie); void alias_free(void *a); void alias_put(struct alias *a); void init_aliases(void); /* gram.c */ void init_parser(const char *, bool); /* match_addr.c */ bool addr_matches(char *n); /* match.c */ bool command_matches(const char *sudoers_cmnd, const char *sudoers_args, const struct sudo_digest *digest); bool group_matches(const char *sudoers_group, const struct group *gr); bool hostname_matches(const char *shost, const char *lhost, const char *pattern); bool netgr_matches(const char *netgr, const char *lhost, const char *shost, const char *user); bool usergr_matches(const char *group, const char *user, const struct passwd *pw); bool userpw_matches(const char *sudoers_user, const char *user, const struct passwd *pw); int cmnd_matches(const struct member *m); int cmndlist_matches(const struct member_list *list); int hostlist_matches(const struct member_list *list); int runaslist_matches(const struct member_list *user_list, const struct member_list *group_list, struct member **matching_user, struct member **matching_group); int userlist_matches(const struct passwd *pw, const struct member_list *list); /* toke.c */ void init_lexer(void); /* hexchar.c */ int hexchar(const char *s); /* base64.c */ size_t base64_decode(const char *str, unsigned char *dst, size_t dsize); #endif /* _SUDOERS_PARSE_H */ sudo-1.8.9p5/plugins/sudoers/po/README010064400175440000012000000013651226304126600170160ustar00millertstaffNLS Translations for sudo are coordinated through the Translation Project, at http://translationproject.org/ If you would like to contribute a translation for sudo, please join a translation team at the Translation Project instead of contributing a po file directly. This will avoid duplicated work if there is already a translation in progress. If you would like to become a member of a translation team, please follow the instructions at http://translationproject.org/html/translators.html The messages in sudo are split into two domains: sudo and sudoers. The former is used by the sudo front-end and utility functions. The latter is used by the sudoers policy and I/O logging plug-ins as well as the sudoers-specific commands visudo and sudoreplay. sudo-1.8.9p5/plugins/sudoers/po/da.mo010064400175440000012000001060501226304146200170520ustar00millertstaffÞ•R¬ É<`arƒ“¦¶fË´2çøý  ! !&!5!G!X!a!~!#ž!9Â!ü!&")<"f"}"F–"@Ý"###B#f#{#!–#$¸#Ý# õ#$3$3E$y$–$§$®$+½$(é$%;(%d%y%ˆ% —%¸%Ø%î%"&41&!f&$ˆ&-­&Û&*ø&+#'O'f'.€'<¯'#ì'd(Au(9·(ñ()+)>F)?…)2Å)#ø)!*4>*?s*8³*ì*.+3+#P+2t+§+#Ã+1ç+<,*V,", ¤,/Å,õ,$-@8-/y-©-8Ä-<ý-F:.3.µ.É.5è.q/)/:º/$õ/'0=B0-€0'®0)Ö0*1(+1#T1x1'ˆ12°1?ã1#2-±2ß2ü2(33=3%q3 —3(¡3Ê3ß3(ø3.!4%P4Ev4+¼4=è46&5G]5¥5Ä55à5(63?6s6'…6,­63Ú637B75_7'•75½7&ó7:8U8m8.‰8=¸8ö8C9'L9"t9 —9!¸97Ú9?:AR:V”:“ë:';0§;LØ;*%<.P<)<F©<'ð<1=1J=|=@œ= Ý=7è=9 >Z>3q>¥>¿>Ö>(ö>?CZCmC!‡C©C»CÎCíC D!D6DPD6nDI¥D&ïD#E\:E'—E)¿E8éE("F2KF,~F2«F"ÞFG(GFGbG"uG˜G&´G(ÛG1H&6H']H%…H"«HÎHëH I'IGI*eI$IµIÉIáIöI J*0J[JjJ}J˜J%¯J'ÕJýJK 4K,UKC‚KÆKÜK!üKL1LCL_LL—L4µLêLüL1M$IMnMˆM™M*¶M áMN N2N0MN~N3”NÈNÞNúN O$O=OTOdOuO‘O­O!ËO/íO-PKPgP{P%ŽP%´P ÚP*æP#Q&5Q-\Q–ŠQ!S6SHSZSqS‚So—S¥U­V¾VúÐVËW ÜWêWXX*X3X"NX#qXB•XØX$öX+YGY_YWzY?ÒY#Z#6ZZZrZZ$®ZÓZ êZöZ7[;=[y[–[§[®[.½[2ì[\I8\‚\•\ ©\·\Ô\ñ\]!$]?F]&†])­]3×] ^.,^1[^^¤^0»^>ì^$+_kP_M¼_A `L`j`"ˆ`D«`Fð`77a%oa •a/¶a;æa9"b\b5qb"§b+Êb2öb")c*Lc)wc1¡c+Ócÿcd25dhd(‡dE°d%öde:5eHpeN¹e9fBfXf:vfp±f0"gDSg!˜g/ºg:êg(%h*Nh!yh3›h)Ïhùhi02i4ciA˜i”Úi.ojžj ½j2Þj5k/Gk wk-„k²kÅk4Þk)l7=lLul/ÂlAòl34mOhm(¸mám2ÿm,2n1_n‘n'¥n2Ín7o68oooDo)Òo9üo'6p<^p›p¸p(ÕpHþpGqS]q0±qâq#r-%r3SrB‡rGÊrYs›ls3t;Aˆ¯sovd,j•I´8 "ánÏÌI><N„=@rб€¢©/Üt{5ï<›œa '+â1Ûfé)û£"—lðþ÷y˜JG‚ÝŪÿP0Š -‘H»¥Ÿ9àcºëæµE2LQ=g¦…]Rú$õ–HÔWDóÂSkä:Þ`XY* F32ZùìòTC¿.7!ÖP¤×wh§9b' Ñuñ~p_ šÈ 7&ÓÉ\$ç?‹MËŽ0Æö*å/3D,C61 }ÕAÚ -?¹Îq³ host unmatched Command allowed Command denied Command unmatched LDAP Role: %s LDAP Role: UNKNOWN Options: -c, --check check-only mode -f, --file=file specify sudoers file location -h, --help display help message and exit -q, --quiet less verbose (quiet) syntax error messages -s, --strict strict syntax checking -V, --version display version information and exit -x, --export=file export sudoers in JSON format Options: -d, --directory=dir specify directory for session logs -f, --filter=filter specify which I/O type(s) to display -h, --help display help message and exit -l, --list list available session IDs, with optional expression -m, --max-wait=num max number of seconds to wait between events -s, --speed=num speed up or slow down output -V, --version display version information and exit Sudoers entry: Sudoers path: %s We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Commands: Options: Order: %s RunAsGroups: RunAsUsers: %8s : %s%8s : (command continued) %s%s - replay sudo session logs %s - safely edit the sudoers file %s and %s not on the same file system, using mv to rename%s busy, try again later%s exists but is not a directory (0%o)%s exists but is not a regular file (0%o)%s grammar version %d %s is not a regular file%s is not allowed to run sudo on %s. This incident will be reported. %s is not in the sudoers file. This incident will be reported. %s is owned by gid %u, should be %u%s is owned by uid %u, should be %u%s is world writable%s must be owned by uid %d%s must only be writable by owner%s owned by uid %u, should be uid %u%s requires an argument%s unchanged%s version %s %s writable by non-owner (0%o), should be mode 0600%s writable by non-owner (0%o), should be mode 0700%s/%.2s/%.2s/%.2s/timing: %s%s/%s/timing: %s%s: %s%s: %s: %s: %s%s: Cannot verify TGT! Possible attack!: %s%s: bad permissions, should be mode 0%o %s: command not found%s: incompatible group plugin major version %d, expected %d%s: invalid log file%s: parsed OK %s: read error%s: runas group field is missing%s: runas user field is missing%s: time stamp %s: %s%s: time stamp field is missing%s: unable to allocate options: %s%s: unable to convert principal to string ('%s'): %s%s: unable to get credentials: %s%s: unable to get host principal: %s%s: unable to initialize credential cache: %s%s: unable to parse '%s': %s%s: unable to resolve credential cache: %s%s: unable to store credential in cache: %s%s: unused %s_Alias %s%s: user field is missing%s: wrong owner (uid, gid) should be (%u, %u) %u incorrect password attempt%u incorrect password attempts*** SECURITY information for %h ***Account expired or PAM config lacks an "account" section for sudo, contact your system administratorAccount or password is expired, reset your password and try againAdd an entry to the utmp/utmpx file when allocating a ptyAddress to send mail from: %sAddress to send mail to: %sAlias `%s' already definedAllow some information gathering to give useful error messagesAllow sudo to prompt for a password even if it would be visibleAllow users to set arbitrary environment variablesAlways run commands in a pseudo-ttyAlways send mail when sudo is runAlways set $HOME to the target user's home directoryApply defaults in the target user's login class if there is oneAttempt to establish PAM credentials for the target userAuthentication methods:Authentication timestamp timeout: %.1f minutesCompress I/O logs using zlibCould not determine audit conditionCreate a new PAM session for the command to run inDefault password prompt: %sDefault user to run commands as: %sDirectory in which to store input/output logs: %sDon't initialize the group vector to that of the target userEnvironment variables to check for sanity:Environment variables to preserve:Environment variables to remove:Error: %s_Alias `%s' referenced but not definedError: cycle in %s_Alias `%s'File containing the sudo lecture: %sFile descriptors >= %d will be closed before executing a commandFile in which to store the input/output log: %sFlags for mail program: %sIf LDAP directory is up, do we ignore local sudoers fileIf set, passprompt will override system prompt in all cases.If set, users may override the value of `closefrom' with the -C optionIf sudo is invoked with no arguments, start a shellIgnore '.' in $PATHIncorrect password message: %sInsult the user when they enter an incorrect passwordInvalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication.Lecture user the first time they run sudoLength at which to wrap log file lines (0 for no wrap): %uLocal IP address and netmask pairs: Locale to use while parsing sudoers: %sLog geometry is %d x %d, your terminal's geometry is %d x %d.Log the hostname in the (non-syslog) log fileLog the output of the command being runLog the year in the (non-syslog) log fileLog user's input for the command being runMatching Defaults entries for %s on %s: Maximum I/O log sequence number: %uNo user or hostNumber of tries to enter a password: %uOnly allow the user to run sudo if they have a ttyOnly set the effective uid to the target user, not the real uidOptions are: (e)dit sudoers file again e(x)it without saving changes to sudoers file (Q)uit and save changes to sudoers file (DANGER!) Owner of the authentication timestamp dir: %sPAM authentication error: %sPAM service name to usePAM service name to use for login shellsPassword expired, contact your system administratorPassword prompt timeout: %.1f minutesPassword:Path to authentication timestamp dir: %sPath to log file: %sPath to mail program: %sPath to the editor for use by visudo: %sPath to the sudo-specific environment file: %sPlugin for non-Unix group support: %sPreload the dummy exec functions contained in the sudo_noexec libraryPrompt for root's password, not the users'sPrompt for the runas_default user's password, not the users'sPrompt for the target user's password, not the users'sProvide visual feedback at the password prompt when there is user inputPut OTP prompt on its own lineReplaying sudo session: %s Require fully-qualified hostnames in the sudoers fileRequire users to authenticate by defaultReset the environment to a default set of variablesRoot may run sudoRun commands on a pty in the backgroundRunas and Command-specific defaults for %s: SELinux role to use in the new security context: %sSELinux type to use in the new security context: %sSecurID communication failedSend mail if the user is not allowed to run a commandSend mail if the user is not in sudoersSend mail if the user is not in sudoers for this hostSend mail if user authentication failsSet $HOME to the target user when starting a shell with -sSet of limit privilegesSet of permitted privilegesSet the LOGNAME and USER environment variablesSet the user in utmp to the runas user, not the invoking userSorry, try again.Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s. Sorry, user %s may not run sudo on %s. Subject line for mail messages: %sSudoers file grammar version %d Sudoers policy plugin version %s Syslog facility if syslog is being used for logging: %sSyslog priority to use when user authenticates successfully: %sSyslog priority to use when user authenticates unsuccessfully: %sThe umask specified in sudoers will override the user's, even if it is more permissiveThere are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option.Umask to use or 0777 to use user's: 0%oUse a separate timestamp for each user/tty comboUse faster globbing that is less accurate but does not access the filesystemUser %s is not allowed to run sudo on %s. User %s may run the following commands on %s: User ID locked for SecurID AuthenticationUsers in this group are exempt from password and PATH requirements: %sValue to override user's $PATH with: %sVisudo will honor the EDITOR environment variableWarning: %s_Alias `%s' referenced but not definedWarning: cycle in %s_Alias `%s'Warning: your terminal is too small to properly replay the log. What now? When to require a password for 'list' pseudocommand: %sWhen to require a password for 'verify' pseudocommand: %sa password is requiredaccount validation failure, is your account locked?ambiguous expression "%s"authentication failureauthentication server error: %scommand failed: '%s %s %s', %s unchangedcommand in current directorycommand not allowedcould not parse date "%s"digest for %s (%s) is not in %s formeditor (%s) failed, %s unchangederror renaming %s, %s unchangedfailed to initialise the ACE API libraryfailed to parse %s file, unknown errorfill_args: buffer overflowignoring `%s' found in '.' Use `sudo ./%s' if this is the `%s' you wish to run.illegal trailing "!"illegal trailing "or"internal error, %s overflowinternal error, unable to find %s in list!internal error: insufficient space for log lineinvalid Authentication Handle for SecurIDinvalid authentication methodsinvalid authentication typeinvalid filter option: %sinvalid max wait: %sinvalid passcode length for SecurIDinvalid regular expression: %sinvalid speed factor: %sinvalid sudoOrder attribute: %sinvalid timing file line: %sinvalid username length for SecurIDldap.conf path: %s ldap.secret path: %s lost connection to authentication serverno authentication methodsno editor found (editor path = %s)no ttyno valid sudoers sources found, quittingno value specified for `%s'nsswitch path: %s only root can use `-c %s'option `%s' does not take a valueparse error in %sparse error in %s parse error in %s near line %dparse error in %s near line %d perm stack overflowperm stack underflowpress return to edit %s: problem with defaults entriessorry, you are not allowed to preserve the environmentsorry, you are not allowed to set the following environment variables: %ssorry, you must have a tty to run sudospecified editor (%s) doesn't existstart_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()starttls not supported when using ldapssudo_ldap_build_pass1 allocation mismatchsudo_ldap_conf_add_ports: out of space expanding hostbufsudo_ldap_conf_add_ports: port too largesudo_ldap_parse_uri: out of space building hostbufsudo_putenv: corrupted envp, length mismatchsudoers specifies that root is not allowed to sudotimestamp owner (%s): No such usertimestamp path too long: %stimestamp too far in the future: %20.20stoo many levels of includestoo many processesunable to begin bsd authenticationunable to build time filterunable to cache gid %u, already existsunable to cache group %s, already existsunable to cache group list for %s, already existsunable to cache uid %u, already existsunable to cache user %s, already existsunable to change expired password: %sunable to change mode of %s to 0%ounable to change to root gidunable to change to runas gidunable to change to runas uidunable to change to sudoers gidunable to commit audit recordunable to connect to authentication serverunable to contact the SecurID serverunable to create %sunable to dup stdin: %munable to execute %sunable to execute %s: %munable to find symbol "%s" in %sunable to find symbol "group_plugin" in %sunable to forkunable to fork: %munable to format timestampunable to get GMT timeunable to get login class for user %sunable to initialize BSD authenticationunable to initialize LDAP: %sunable to initialize PAMunable to initialize SIA sessionunable to initialize SSL cert and key db: %sunable to initialize SSS source. Is SSSD installed on your machine?unable to load %s: %sunable to lock log file: %s: %sunable to mix ldap and ldaps URIsunable to mkdir %sunable to open %sunable to open audit systemunable to open log file: %s: %sunable to open pipe: %munable to parse groups for %sunable to re-open temporary file (%s), %s unchanged.unable to read %sunable to read fwtk configunable to remove %s, will reset to the Unix epochunable to reset %s to the Unix epochunable to resolve host %sunable to run %sunable to send audit messageunable to set (uid, gid) of %s to (%u, %u)unable to set runas group vectorunable to set tty to raw modeunable to stat %sunable to stat editor (%s)unable to stat temporary file (%s), %s unchangedunable to write to %sunabled to parse temporary file (%s), unknown errorunknown SecurID errorunknown defaults entry `%s'unknown group: %sunknown login class: %sunknown search term "%s"unknown search type %dunknown uid: %uunknown user: %sunmatched '(' in expressionunmatched ')' in expressionunsupported LDAP uri type: %sunsupported digest type %d for %susage: %s [-h] [-d dir] -l [search expression] usage: %s [-h] [-d dir] [-m num] [-s num] ID user NOT authorized on hostuser NOT in sudoersvalidation failurevalue `%s' is invalid for option `%s'values for `%s' must start with a '/'write erroryou are not permitted to use the -C optionyou do not exist in the %s databaseyou must set TLS_CERT in %s to use SSLzero length temporary file (%s), %s unchangedProject-Id-Version: sudoers 1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-17 10:47-0700 PO-Revision-Date: 2013-12-28 23:06+0100 Last-Translator: Joe Hansen Language-Team: Danish Language: da MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); host matchede ikke Kommando tilladt Kommando nægtet Kommando ikke matchet LDAP-rolle: %s LDAP-rolle: UKENDT Tilvalg: -c, --check kun kontroltilstand -f, --file=file angiv placering for sudoersfil -h, --help vis denne hjælpetekst og afslut -q, --quiet mindre uddybende (stille) beskeder for syntaksfejl -s, --strict streng syntakskontrol -V, --version vis information om version og afslut -x, --export ekporter sudoers i JSON-format Tilvalg: -d, --directory=dir angiv mappe for sessionslogge -f, --filter=filter angiv hvilken I/O-type at vise -h, --help vis denne hjælpetekst og afslut -l, --list vis tilgængelige sessions-ID'er med valgfrit udtryk -m, --max-wait=num maks antal sekunder at vente mellem hændelser -s, --speed=num øg eller sænk uddata -V, --version vis versionsinformation og afslut Sudoers-punkt: Sudoers-sti: %s Vi stoler pÃ¥, at du har modtaget den gængse advarsel fra den lokale systemadministrator. Det drejer sig normalt om følgende tre ting: #1) Respekter andres privatliv. #2) Tænk før du taster. #3) Med stor magt følger stort ansvar. Kommandoer: Tilvalg: Rækkefølge: %s KørSomGrupper: KørSomBrugere: %8s : %s%8s: (kommando fortsat) %s%s - genafspil sudosessionslogge %s - rediger sikkert sudoersfilen %s og %s er ikke pÃ¥ det samme filsystem, bruger mv til at omdøbe%s travl, forsøg igen senere%s findes men er ikke en mappe (0%o)%s findes men er ikke en regulær fil (0%o)%s grammatikversion %d %s er ikke en regulær fil%s har ikke tilladelse til at køre sudo pÃ¥ %s. Denne handling vil blive rapporteret. %s er ikke sudoersfilen. Denne handling vil blive rapporteret. %s er eget af gid %u, bør være %u%s er ejet af uid %u, bør være %u%s er skrivbar for alle%s skal være ejet af uid %d%s skal være skrivbar af ejer%s ejet af uid %u, bør være uid %u%s kræver et argument%s uændret%s version %s %s skrivbar af ikkeejer (0%o), bør være tilstand 0600%s er skrivbar for ikkeejer (0%o), bør være tilstand 0700%s/%.2s/%.2s/%.2s/timing: %s%s/%s/timing: %s%s: %s%s: %s: %s: %s%s: Kan ikke verifiere TGT! Muligt angreb!: %s%s: ugyldige rettigheder, bør være tilstand 0%o %s: Kommando ikke fundet%s: inkompatibel gruppeudvidelsesmodul for hovedversion %d, forventede %d%s: Ugyldig logfil%s: fortolket o.k. %s: læsefejl%s: runas-gruppefelt mangler%s: runas-brugerfelt mangler%s: Tidsstempel %s: %s%s: Tidsstempelfelt mangler%s: Kan ikke allokere tilvalg: %s%s: Kan ikke konvertere værtshovedstol til streng (»%s«): %s%s: Kan ikke indhente akkreditiver: %s%s: Kan ikke indhente værtshovedstol: %s%s: Kan ikke initialisere akkreditivmellemlager: %s%s: Kan ikke fortolke »%s«: %s%s: Kan ikke slÃ¥ akkreditivmellemlager op: %s%s: Kan ikke gemme akkreditiver i mellemlager: %s%s: ubrugt %s_Alias %s%s: Brugerfelt mangler%s: forkert ejer (uid, gid) bør være (%u, %u) %u ukorrekt adgangskodeforsøg%u ukorrekte adgangskodeforsøg*** SIKKERHEDSINFORMATION for %h ***Konto udløbet eller PAM-konfiguration mangler et »kontoafsnit« for sudo. Kontakt din systemadministratorKonto eller adgangskoder er udløbet, nulstil din adgangskode og forsøg igenTilføjer et punkt til utmp/utmpx-filen nÃ¥r der allokeres en ptyAdresse at sende post fra: %sAdresse at sende post til: %sAlias »%s« er allerede defineretTillad lidt informationsindsamling for at lave brugbare fejlbeskederTillad at sudo spørger om en adgangskode selv om den vil være synligTillad at brugere kan angive arbitrære miljøvariablerKør altid kommandoer i en pseudo-ttySend altid post nÃ¥r sudo køresAngiv altid $HOME for mÃ¥lbrugerens hjemmemappeBrug standarder i mÃ¥lbrugerens logindklasse hvis der er enForsøg pÃ¥ at etablere PAM-akkreditiver for mÃ¥lbrugerenGodkendelsesmetoder:Tidsudløb for godkendelsestidsstempel: %.1f minutterKomprimer I/O-log med brug af zlibKunne ikke bestemme overvÃ¥gningsbetingelseOpret en ny PAM-session som kommandoen kan køre iStandard for adgangskodeprompt: %sStandardbruger at køre kommandoer som: %sMappe at gemme inddata-/uddatalogge i: %sInitialiser ikke gruppevektoren til mÃ¥lbrugerensMiljøvariabler at indstillingskontrollere:Miljøvariabler at bevare:Miljøvariabler at fjerne:Fejl: %s_Alias »%s« refereret men ikke defineretFejl: Cyklus i %s_Alias »%s«Fil indeholdende sudo-undervisningen: %sFilbeskrivelser >= %d vil blive lukket før udførelse af en kommandoFil at gemme inddata-/uddatalog i: %sFlag for postprogram: %sHvis LDAP-mappe er sat op, ignorer vi sÃ¥ lokal sudoersfilHvis angivet vil adgangsprompt overskrive systemprompt i alle tilfælde.Hvis angivet kan brugere overskrive værdien af »closeform« med tilvalget -CHvis sudo er startet op uden argumenter sÃ¥ start en skalIgnorer ».« i $PATHUgyldig adgangskodebesked: %sFornærm brugeren nÃ¥r de indtaster en forkert adgangskodeUgyldige godkendelsesmetoder kompileret ind i sudo! Du kan ikke blande uafhængig og ikkeuafhængig godkendelse.Undervis brugere den første gang de kører sudoLængde hvor logfillinjer skal ombrydes (0 for ingen ombrydning): %uLokal IP-adresse og netmaskepar: Sprog at bruge under fortolkning af sudoers: %sLoggeometri er %d x %d, din terminals geometri er %d x %d.Log værtsnavnet i logfilen (non-syslog)Log uddata for kommandoen der bliver kørtLog Ã¥ret i logfilen (non-syslog)Log brugers inddata for kommandoen der bliver kørtMatchende standardpunkter for %s pÃ¥ %s: Maksimalt I/O-logsekvenstal: %uIngen bruger eller værtAntal forsøg for indtastning af adgangskode: %uTillad kun brugeren at køre sudo hvis de har en ttyAngiv kun den effektive uid til mÃ¥lbrugeren, ikke den reelle uidTilvalg er: r(e)diger sudoersfil igen afslut(x) uden at gemme ændringer til sudoersfil afslut(Q) og gem ændringer til sudoersfil (FARLIGT!) Ejer af mappen for godkendelsestidsstempel: %sPAM-godkendelsesserverfejl: %sPAM-tjenestenavn der skal brugesPAM-tjenestenavn der skal bruges for logindskallerAdgangskode udløbet, kontakt din systemadministratorTidsudløb for adgangskodeprompt: %.1f minutterAdgangskode:Sti til mappe for godkendelsestidsstempel: %sSti til logfil: %sStil til postprogram: %sSti til redigeringsprogrammet for brug af visudo: %sSti til den sudo-specifikke miljøfil: %sUdvidelsesmodul for ikke-Unix-gruppeunderstøttelse: %sPræindlæs attrap-udførelsesfunktioner indeholdt i biblioteket sudo_noexecSpørg om adgangskoden for root, ikke brugerensSpørg om brugerens kør som_standard adgangskode, ikke brugernesSpørg om mÃ¥lbrugerens adgangskode, ikke brugernesTilbyd visuel tilbagemeldning ved adgangskodeprompten nÃ¥r der er brugerinddataPlacer OTP-prompter pÃ¥ deres egen linjeGenafspiller sudosession: %s Kræv fuldkvalificerede værtsnavne i sudoersfilenKræv som standard at brugere skal godkendesNulstil miljøet til et standardsæt af variablerRoot kan køre sudoKør kommandoer pÃ¥ en pty i baggrundenKør som og kommandospecifikke standarder for %s: SELinux-rolle at bruge i den nye sikkerhedskontekst: %sSELinux-type at bruge i den nye sikkerhedskontekst: %sSecurID-kommunikation fejledeSend post hvis brugeren ikke har tilladelse til at køre en kommandoSend post hvis brugeren ikke er i suodersSend post hvis brugeren ikke er i sudoers for denne værtSend post hvis brugergodkendelse fejlerAngiv $HOME for mÃ¥lbrugeren nÃ¥r der startes en skal med -sSæt af begræns privilegierSæt af tilladte privilegierAngiv LOGNAME- og USER-miljøvariablerneAngiv brugeren i utmp til brugeren kør som, ikke den opstartende brugerBeklager, prøv igen.Beklager. Bruger %s har ikke tilladelse til at køre »%s%s%s« som %s%s%s pÃ¥ %s. Beklager. Bruger %s mÃ¥ ikke køre sudo pÃ¥ %s. Emnelinje for postbeskeder: %sGrammatikversion %d for sudoersfil Udvidelsesmodulversion %s for sudoerspolitik Syslog-facilitet hvis syslog bruges til logning: %sSyslog-prioritet at bruge nÃ¥r brugergodkendelser gÃ¥r igennem: %sSyslog-prioritet at bruge nÃ¥r brugergodkendelser ikke gÃ¥r igennem: %sUmask'en angivet i sudoers vil overskrive brugerens, ogsÃ¥ selv om den er mere tilladendeDer er ingen godkendelsesmetoder kompileret ind i sudo! Hvis du ønsker at fravælge godkendelse sÃ¥ brug konfigurationstilvalget --disable-authentication.Umask at bruge eller 0777 for at bruge brugers: 0%oBrug et separat tidsstempel for hver bruger/tty-kombinationBrug hurtigere globbing som er mindre præcis, men som ikke tilgÃ¥r filsystemetBruger %s har ikke tilladelse til at køre sudo pÃ¥ %s. Bruger %s mÃ¥ køre de følgende kommandoer pÃ¥ %s: Bruger-ID lÃ¥st for SecurID-godkendelseBrugere i denne gruppe er undtaget fra adgangskode og STI-krav: %sVærdi at overskrive brugers $PATH med: %sVisudo vil overholde EDITOR-miljøvariablenAdvarsel: %s_Alias »%s« refereret men ikke defineretAdvarsel: Cyklus i %s_Alias »%s«Advarsel: Din terminal er for lille til korrekt at afspille loggen. Hvad nu? HvornÃ¥r der skal kræves en adgangskode for »list« pseudokommando: %sHvornÃ¥r der skal kræves en adgangskode for »verify« pseudokommando: %sder kræves en adgangskodevalideringsfejl for konto, er din konto lÃ¥st?tvetydigt udtryk »%s«godkendelsesfejlgodkendelsesserverfejl: %skommando fejlede: »%s %s %s«, %s uændretkommando i aktuel mappekommando ikke tilladtkunne ikke fortolke dato »%s«sammendrag for %s (%s) er ikke i %s-formredigeringsprogram (%s) fejlede, %s uændretfejl under omdøbing af %s, %s uændretkunne ikke initialisere ACE API-biblioteketkunne ikke fortolke %s-fil, ukendt fejlfill_args: overløb for mellemlagerignorerer »%s« fundet i ».« Brug »sudo ./%s« hvis dette er »%s«, du ønsker at køre.ugyldig kæde »!«ugyldig kæde »or« (eller)intern fejl, %s-overløbintern fejl, kan ikke finde %s pÃ¥ listen!intern fejl: utilstrækkelig plads for loglinjeugyldigt godkendelseshÃ¥ndtag for SecurIDugyldige godkendelsesmetoderugyldig godkendelsestypeugyldigt filtertilvalg: %sugyldig maks ventetid: %sugyldig adgangskodelængde for SecurIDugyldigt regulært udtryk: %sugyldig hastighedsfaktor: %sugyldig sudoOrder-attribut: %sugyldig timingfillinje: %sugyldigt brugernavnslængde for SecurIDldap.conf-sti: %s ldap.secret-sti: %s mistede forbindelsen til godkendelseservereningen godkendelsesmetoderintet redigeringsprogram fundet (sti for redigeringsprogram = %s)ingen ttyingen gyldige sudoerskilder fundet, afslutteringen værdi angivet for »%s«nsswitch-sti: %s kun administrator (root) kan bruge »-c %s«indstilling »%s« kan ikke modtage en værdifortolkningsfejl i %sfortolkningsfejl i %s fortolkningsfejl i %s nær linje %dfortolkningsfejl i %s nær linje %d permanent stakoverløbpermanent stakunderløbtryk retur for at redigere %s: problem med standardpunkterbeklager men du har ikke tilladelse til at bevare miljøetbeklager, du har ikke tilladelse til at angive de følgende miljøvariabler: %sbeklager, du skal bruge en tty for at køre sudoangivet redigeringsprogram (%s) findes ikkestart_tls angivet men LDAP libs understøtter ikke ldap_start_tls_s() eller ldap_start_tls_s_np()starttls er ikke understøttet, nÃ¥r der bruges ldapssudo_ldap_build_pass1 forskellige allokeringersudo_ldap_conf_add_ports: stigende mellemlager for vært (hostbuf) har ikke nok pladssudo_ldap_conf_add_ports: port for storsudo_ldap_parse_uri: opbyggende mellemlager for vært (hostbuf) har ikke nok pladssudo_putenv: ødelagt envp, forskellig længdesudoers angiver at administrator (root) ikke har tilladelse til sudotidsstempelejer (%s): Ingen sÃ¥dan brugertidsstempelsti er for lang: %stidsstempel for langt ude i fremtiden: %20.20sfor mange niveauer af includes (inkluderinger)for mange processerkan ikke starte bsd-godkendelsekan ikke bygge tidsfilterkan ikke cache gid %u, findes alleredekan ikke cache gruppe %s, findes alleredekan ikke cache gruppeliste for %s, findes alleredekan ikke cache uid %u, findes alleredekan ikke cache bruger %s, findes alleredekan ikke ændre udløbet adgangskode: %skan ikke ændre tilstand pÃ¥ %s til 0%okan ikke ændre til root gidkan ikke ændre til kør som gidkan ikke ændre til kør som uidkan ikke ændre til sudoers gidkan ikke indsende overvÃ¥gningspostkan ikke forbinde til godkendelsesserverkan ikke kontakte SecurID-serverenkan ikke oprette %skan ikke dup stdin: %mkan ikke udføre %skan ikke køre %s: %mkan ikke finde symbol »%s« i %skan ikke finde symbol »group_plugin« i %skan ikke forgrenekan ikke forgrene: %mkan ikke formatere tidsstempelkan ikke indhente GMT-tidkan ikke hente logindklasse for bruger %skan ikke initialisere BSD-godkendelsekan ikke initialisere LDAP: %skan ikke initialisere PAMkan ikke initialisere SIA-sessionkan ikke initialisere SSL-cert og key db: %skan ikke initialisere SSS-kilde. Er SSSD installeret pÃ¥ din maskine?kan ikke indlæse %s: %skan ikke lÃ¥se logfil: %s: %skan ikke blande ldap og ldaps URI'erkan ikke mkdir %skan ikke Ã¥bne %skan ikke Ã¥bne overvÃ¥gningssystemkan ikke Ã¥bne logfil: %s: %skan ikke Ã¥bne datakanal: %mkan ikke fortolke grupper for %skan ikke genÃ¥bne midlertidig fil (%s), %s uændrede.kan ikke læse %skan ikke læse fwtk-konfigurationkan ikke fjerne %s, vil nulstille til Unix-epokenkan ikke nulstille %s til Unix-epokenkan ikke slÃ¥ vært %s opkan ikke køre %skan ikke sende overvÃ¥gningsbeskedkan ikke angive (uid, gid) af %s til (%u, %u)kan ikke angive kør som gruppevektorkan ikke angive tty til rÃ¥ (raw) tilstandkan ikke stat %skan ikke stat redigeringsprogram (%s)kan ikke stat midlertidig fil (%s), %s unchangedkan ikke skrive til %skan ikke fortolke midlertidig fil (%s), ukendt fejlukendt SecurID-fejlukendt standardpunkt »%s«ukendt gruppe: %sukendt logindklasse: %sukendt søgeterm »%s«ukendt søgeterm %dukendt uid: %uukendt bruger: %smangler »(« i udtrykmanglende »)« i udtrykikkeunderstøttet LDAP uri-type: %sej understøttet sammendragstype %d for %sbrug: %s [-h] [-d mappe] -l [søgeudtryk] brug: %s [-h] [-d mappe] [-m num] [-s num] ID bruger IKKE autoriseret pÃ¥ værtbruger IKKE i sudoersvalideringsfejlværdi »%s« er ugyldig for indstilling »%s«værdier for »%s« skal begynde med en »/«skrivefejldu har ikke tilladelse til at bruge tilvalget -Cdu findes ikke i %s-databasendu skal angive at TLS_CERT i %s skal bruge SSLmidlertidig fil med nullængde (%s), %s uændretsudo-1.8.9p5/plugins/sudoers/po/da.po010064400175440000012000001515301226304126600170620ustar00millertstaff# Danish translation of sudoers. # This file is put in the public domain. # Joe Hansen , 2011, 2012, 2013. # # audit -> overvÃ¥gning # dummy -> attrap # epoch -> epoke # execute -> udføre (run -> kør) # overflow -> overløb # principal -> værtshovedstol # runas -> runas ? (eller mÃ¥ske bedre med kør som. den er valgt indtil videre) # stat -> stat # # der bliver brugt masser af forskellige citationstegn i den her ('' \" \" ``, # nogle gange ogsÃ¥ tre styk). De er alle lavet med »« pÃ¥ dansk. # msgid "" msgstr "" "Project-Id-Version: sudoers 1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-17 10:47-0700\n" "PO-Revision-Date: 2013-12-28 23:06+0100\n" "Last-Translator: Joe Hansen \n" "Language-Team: Danish \n" "Language: da\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: confstr.sh:2 msgid "Password:" msgstr "Adgangskode:" #: confstr.sh:3 msgid "*** SECURITY information for %h ***" msgstr "*** SIKKERHEDSINFORMATION for %h ***" #: confstr.sh:4 msgid "Sorry, try again." msgstr "Beklager, prøv igen." #: plugins/sudoers/alias.c:136 #, c-format msgid "Alias `%s' already defined" msgstr "Alias »%s« er allerede defineret" #: plugins/sudoers/auth/bsdauth.c:75 #, c-format msgid "unable to get login class for user %s" msgstr "kan ikke hente logindklasse for bruger %s" #: plugins/sudoers/auth/bsdauth.c:81 msgid "unable to begin bsd authentication" msgstr "kan ikke starte bsd-godkendelse" #: plugins/sudoers/auth/bsdauth.c:89 msgid "invalid authentication type" msgstr "ugyldig godkendelsestype" #: plugins/sudoers/auth/bsdauth.c:98 msgid "unable to initialize BSD authentication" msgstr "kan ikke initialisere BSD-godkendelse" #: plugins/sudoers/auth/fwtk.c:59 msgid "unable to read fwtk config" msgstr "kan ikke læse fwtk-konfiguration" #: plugins/sudoers/auth/fwtk.c:64 msgid "unable to connect to authentication server" msgstr "kan ikke forbinde til godkendelsesserver" #: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 #: plugins/sudoers/auth/fwtk.c:127 msgid "lost connection to authentication server" msgstr "mistede forbindelsen til godkendelseserveren" #: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" "godkendelsesserverfejl:\n" "%s" #: plugins/sudoers/auth/kerb5.c:116 #, c-format msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s: Kan ikke konvertere værtshovedstol til streng (»%s«): %s" #: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: Kan ikke fortolke »%s«: %s" #: plugins/sudoers/auth/kerb5.c:169 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: Kan ikke slÃ¥ akkreditivmellemlager op: %s" #: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: Kan ikke allokere tilvalg: %s" #: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: Kan ikke indhente akkreditiver: %s" #: plugins/sudoers/auth/kerb5.c:246 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: Kan ikke initialisere akkreditivmellemlager: %s" #: plugins/sudoers/auth/kerb5.c:250 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: Kan ikke gemme akkreditiver i mellemlager: %s" #: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: Kan ikke indhente værtshovedstol: %s" #: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: Kan ikke verifiere TGT! Muligt angreb!: %s" #: plugins/sudoers/auth/pam.c:98 msgid "unable to initialize PAM" msgstr "kan ikke initialisere PAM" #: plugins/sudoers/auth/pam.c:149 msgid "account validation failure, is your account locked?" msgstr "valideringsfejl for konto, er din konto lÃ¥st?" #: plugins/sudoers/auth/pam.c:153 msgid "Account or password is expired, reset your password and try again" msgstr "Konto eller adgangskoder er udløbet, nulstil din adgangskode og forsøg igen" #: plugins/sudoers/auth/pam.c:161 #, c-format msgid "unable to change expired password: %s" msgstr "kan ikke ændre udløbet adgangskode: %s" #: plugins/sudoers/auth/pam.c:166 msgid "Password expired, contact your system administrator" msgstr "Adgangskode udløbet, kontakt din systemadministrator" #: plugins/sudoers/auth/pam.c:170 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Konto udløbet eller PAM-konfiguration mangler et »kontoafsnit« for sudo. Kontakt din systemadministrator" #: plugins/sudoers/auth/pam.c:187 #, c-format msgid "PAM authentication error: %s" msgstr "PAM-godkendelsesserverfejl: %s" #: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:222 #, c-format msgid "you do not exist in the %s database" msgstr "du findes ikke i %s-databasen" #: plugins/sudoers/auth/securid5.c:80 msgid "failed to initialise the ACE API library" msgstr "kunne ikke initialisere ACE API-biblioteket" #: plugins/sudoers/auth/securid5.c:106 msgid "unable to contact the SecurID server" msgstr "kan ikke kontakte SecurID-serveren" #: plugins/sudoers/auth/securid5.c:115 msgid "User ID locked for SecurID Authentication" msgstr "Bruger-ID lÃ¥st for SecurID-godkendelse" #: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 msgid "invalid username length for SecurID" msgstr "ugyldigt brugernavnslængde for SecurID" #: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 msgid "invalid Authentication Handle for SecurID" msgstr "ugyldigt godkendelseshÃ¥ndtag for SecurID" #: plugins/sudoers/auth/securid5.c:127 msgid "SecurID communication failed" msgstr "SecurID-kommunikation fejlede" #: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 msgid "unknown SecurID error" msgstr "ukendt SecurID-fejl" #: plugins/sudoers/auth/securid5.c:165 msgid "invalid passcode length for SecurID" msgstr "ugyldig adgangskodelængde for SecurID" #: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "kan ikke initialisere SIA-session" #: plugins/sudoers/auth/sudo_auth.c:119 msgid "invalid authentication methods" msgstr "ugyldige godkendelsesmetoder" #: plugins/sudoers/auth/sudo_auth.c:120 msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." msgstr "Ugyldige godkendelsesmetoder kompileret ind i sudo! Du kan ikke blande uafhængig og ikkeuafhængig godkendelse." #: plugins/sudoers/auth/sudo_auth.c:203 msgid "no authentication methods" msgstr "ingen godkendelsesmetoder" #: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "Der er ingen godkendelsesmetoder kompileret ind i sudo! Hvis du ønsker at fravælge godkendelse sÃ¥ brug konfigurationstilvalget --disable-authentication." #: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "Godkendelsesmetoder:" #: plugins/sudoers/bsm_audit.c:91 plugins/sudoers/bsm_audit.c:158 msgid "Could not determine audit condition" msgstr "Kunne ikke bestemme overvÃ¥gningsbetingelse" #: plugins/sudoers/bsm_audit.c:134 plugins/sudoers/bsm_audit.c:199 msgid "unable to commit audit record" msgstr "kan ikke indsende overvÃ¥gningspost" #: plugins/sudoers/check.c:189 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" "Administrator. It usually boils down to these three things:\n" "\n" " #1) Respect the privacy of others.\n" " #2) Think before you type.\n" " #3) With great power comes great responsibility.\n" "\n" msgstr "" "\n" "Vi stoler pÃ¥, at du har modtaget den gængse advarsel fra den lokale\n" "systemadministrator. Det drejer sig normalt om følgende tre ting:\n" "\n" " #1) Respekter andres privatliv.\n" " #2) Tænk før du taster.\n" " #3) Med stor magt følger stort ansvar.\n" "\n" #: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 #: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:588 #, c-format msgid "unknown uid: %u" msgstr "ukendt uid: %u" #: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:657 #: plugins/sudoers/sudoers.c:850 plugins/sudoers/testsudoers.c:211 #: plugins/sudoers/testsudoers.c:363 #, c-format msgid "unknown user: %s" msgstr "ukendt bruger: %s" #: plugins/sudoers/def_data.c:27 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "Syslog-facilitet hvis syslog bruges til logning: %s" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "Syslog-prioritet at bruge nÃ¥r brugergodkendelser gÃ¥r igennem: %s" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "Syslog-prioritet at bruge nÃ¥r brugergodkendelser ikke gÃ¥r igennem: %s" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" msgstr "Placer OTP-prompter pÃ¥ deres egen linje" #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" msgstr "Ignorer ».« i $PATH" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" msgstr "Send altid post nÃ¥r sudo køres" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" msgstr "Send post hvis brugergodkendelse fejler" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" msgstr "Send post hvis brugeren ikke er i suoders" #: plugins/sudoers/def_data.c:59 msgid "Send mail if the user is not in sudoers for this host" msgstr "Send post hvis brugeren ikke er i sudoers for denne vært" #: plugins/sudoers/def_data.c:63 msgid "Send mail if the user is not allowed to run a command" msgstr "Send post hvis brugeren ikke har tilladelse til at køre en kommando" #: plugins/sudoers/def_data.c:67 msgid "Use a separate timestamp for each user/tty combo" msgstr "Brug et separat tidsstempel for hver bruger/tty-kombination" #: plugins/sudoers/def_data.c:71 msgid "Lecture user the first time they run sudo" msgstr "Undervis brugere den første gang de kører sudo" #: plugins/sudoers/def_data.c:75 #, c-format msgid "File containing the sudo lecture: %s" msgstr "Fil indeholdende sudo-undervisningen: %s" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" msgstr "Kræv som standard at brugere skal godkendes" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" msgstr "Root kan køre sudo" #: plugins/sudoers/def_data.c:87 msgid "Log the hostname in the (non-syslog) log file" msgstr "Log værtsnavnet i logfilen (non-syslog)" #: plugins/sudoers/def_data.c:91 msgid "Log the year in the (non-syslog) log file" msgstr "Log Ã¥ret i logfilen (non-syslog)" #: plugins/sudoers/def_data.c:95 msgid "If sudo is invoked with no arguments, start a shell" msgstr "Hvis sudo er startet op uden argumenter sÃ¥ start en skal" #: plugins/sudoers/def_data.c:99 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "Angiv $HOME for mÃ¥lbrugeren nÃ¥r der startes en skal med -s" #: plugins/sudoers/def_data.c:103 msgid "Always set $HOME to the target user's home directory" msgstr "Angiv altid $HOME for mÃ¥lbrugerens hjemmemappe" #: plugins/sudoers/def_data.c:107 msgid "Allow some information gathering to give useful error messages" msgstr "Tillad lidt informationsindsamling for at lave brugbare fejlbeskeder" #: plugins/sudoers/def_data.c:111 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "Kræv fuldkvalificerede værtsnavne i sudoersfilen" #: plugins/sudoers/def_data.c:115 msgid "Insult the user when they enter an incorrect password" msgstr "Fornærm brugeren nÃ¥r de indtaster en forkert adgangskode" #: plugins/sudoers/def_data.c:119 msgid "Only allow the user to run sudo if they have a tty" msgstr "Tillad kun brugeren at køre sudo hvis de har en tty" #: plugins/sudoers/def_data.c:123 msgid "Visudo will honor the EDITOR environment variable" msgstr "Visudo vil overholde EDITOR-miljøvariablen" #: plugins/sudoers/def_data.c:127 msgid "Prompt for root's password, not the users's" msgstr "Spørg om adgangskoden for root, ikke brugerens" #: plugins/sudoers/def_data.c:131 msgid "Prompt for the runas_default user's password, not the users's" msgstr "Spørg om brugerens kør som_standard adgangskode, ikke brugernes" #: plugins/sudoers/def_data.c:135 msgid "Prompt for the target user's password, not the users's" msgstr "Spørg om mÃ¥lbrugerens adgangskode, ikke brugernes" #: plugins/sudoers/def_data.c:139 msgid "Apply defaults in the target user's login class if there is one" msgstr "Brug standarder i mÃ¥lbrugerens logindklasse hvis der er en" #: plugins/sudoers/def_data.c:143 msgid "Set the LOGNAME and USER environment variables" msgstr "Angiv LOGNAME- og USER-miljøvariablerne" #: plugins/sudoers/def_data.c:147 msgid "Only set the effective uid to the target user, not the real uid" msgstr "Angiv kun den effektive uid til mÃ¥lbrugeren, ikke den reelle uid" #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" msgstr "Initialiser ikke gruppevektoren til mÃ¥lbrugerens" #: plugins/sudoers/def_data.c:155 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %u" msgstr "Længde hvor logfillinjer skal ombrydes (0 for ingen ombrydning): %u" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "Tidsudløb for godkendelsestidsstempel: %.1f minutter" #: plugins/sudoers/def_data.c:163 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "Tidsudløb for adgangskodeprompt: %.1f minutter" #: plugins/sudoers/def_data.c:167 #, c-format msgid "Number of tries to enter a password: %u" msgstr "Antal forsøg for indtastning af adgangskode: %u" #: plugins/sudoers/def_data.c:171 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "Umask at bruge eller 0777 for at bruge brugers: 0%o" #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" msgstr "Sti til logfil: %s" #: plugins/sudoers/def_data.c:179 #, c-format msgid "Path to mail program: %s" msgstr "Stil til postprogram: %s" #: plugins/sudoers/def_data.c:183 #, c-format msgid "Flags for mail program: %s" msgstr "Flag for postprogram: %s" #: plugins/sudoers/def_data.c:187 #, c-format msgid "Address to send mail to: %s" msgstr "Adresse at sende post til: %s" #: plugins/sudoers/def_data.c:191 #, c-format msgid "Address to send mail from: %s" msgstr "Adresse at sende post fra: %s" #: plugins/sudoers/def_data.c:195 #, c-format msgid "Subject line for mail messages: %s" msgstr "Emnelinje for postbeskeder: %s" #: plugins/sudoers/def_data.c:199 #, c-format msgid "Incorrect password message: %s" msgstr "Ugyldig adgangskodebesked: %s" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "Sti til mappe for godkendelsestidsstempel: %s" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "Ejer af mappen for godkendelsestidsstempel: %s" #: plugins/sudoers/def_data.c:211 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "Brugere i denne gruppe er undtaget fra adgangskode og STI-krav: %s" #: plugins/sudoers/def_data.c:215 #, c-format msgid "Default password prompt: %s" msgstr "Standard for adgangskodeprompt: %s" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." msgstr "Hvis angivet vil adgangsprompt overskrive systemprompt i alle tilfælde." #: plugins/sudoers/def_data.c:223 #, c-format msgid "Default user to run commands as: %s" msgstr "Standardbruger at køre kommandoer som: %s" #: plugins/sudoers/def_data.c:227 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "Værdi at overskrive brugers $PATH med: %s" #: plugins/sudoers/def_data.c:231 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "Sti til redigeringsprogrammet for brug af visudo: %s" #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "HvornÃ¥r der skal kræves en adgangskode for »list« pseudokommando: %s" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "HvornÃ¥r der skal kræves en adgangskode for »verify« pseudokommando: %s" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in the sudo_noexec library" msgstr "Præindlæs attrap-udførelsesfunktioner indeholdt i biblioteket sudo_noexec" #: plugins/sudoers/def_data.c:247 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "Hvis LDAP-mappe er sat op, ignorer vi sÃ¥ lokal sudoersfil" #: plugins/sudoers/def_data.c:251 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "Filbeskrivelser >= %d vil blive lukket før udførelse af en kommando" #: plugins/sudoers/def_data.c:255 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "Hvis angivet kan brugere overskrive værdien af »closeform« med tilvalget -C" #: plugins/sudoers/def_data.c:259 msgid "Allow users to set arbitrary environment variables" msgstr "Tillad at brugere kan angive arbitrære miljøvariabler" #: plugins/sudoers/def_data.c:263 msgid "Reset the environment to a default set of variables" msgstr "Nulstil miljøet til et standardsæt af variabler" #: plugins/sudoers/def_data.c:267 msgid "Environment variables to check for sanity:" msgstr "Miljøvariabler at indstillingskontrollere:" #: plugins/sudoers/def_data.c:271 msgid "Environment variables to remove:" msgstr "Miljøvariabler at fjerne:" #: plugins/sudoers/def_data.c:275 msgid "Environment variables to preserve:" msgstr "Miljøvariabler at bevare:" #: plugins/sudoers/def_data.c:279 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "SELinux-rolle at bruge i den nye sikkerhedskontekst: %s" #: plugins/sudoers/def_data.c:283 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "SELinux-type at bruge i den nye sikkerhedskontekst: %s" #: plugins/sudoers/def_data.c:287 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "Sti til den sudo-specifikke miljøfil: %s" #: plugins/sudoers/def_data.c:291 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "Sprog at bruge under fortolkning af sudoers: %s" #: plugins/sudoers/def_data.c:295 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "Tillad at sudo spørger om en adgangskode selv om den vil være synlig" #: plugins/sudoers/def_data.c:299 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "Tilbyd visuel tilbagemeldning ved adgangskodeprompten nÃ¥r der er brugerinddata" #: plugins/sudoers/def_data.c:303 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "Brug hurtigere globbing som er mindre præcis, men som ikke tilgÃ¥r filsystemet" #: plugins/sudoers/def_data.c:307 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "Umask'en angivet i sudoers vil overskrive brugerens, ogsÃ¥ selv om den er mere tilladende" #: plugins/sudoers/def_data.c:311 msgid "Log user's input for the command being run" msgstr "Log brugers inddata for kommandoen der bliver kørt" #: plugins/sudoers/def_data.c:315 msgid "Log the output of the command being run" msgstr "Log uddata for kommandoen der bliver kørt" #: plugins/sudoers/def_data.c:319 msgid "Compress I/O logs using zlib" msgstr "Komprimer I/O-log med brug af zlib" #: plugins/sudoers/def_data.c:323 msgid "Always run commands in a pseudo-tty" msgstr "Kør altid kommandoer i en pseudo-tty" #: plugins/sudoers/def_data.c:327 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "Udvidelsesmodul for ikke-Unix-gruppeunderstøttelse: %s" #: plugins/sudoers/def_data.c:331 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "Mappe at gemme inddata-/uddatalogge i: %s" #: plugins/sudoers/def_data.c:335 #, c-format msgid "File in which to store the input/output log: %s" msgstr "Fil at gemme inddata-/uddatalog i: %s" #: plugins/sudoers/def_data.c:339 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "Tilføjer et punkt til utmp/utmpx-filen nÃ¥r der allokeres en pty" #: plugins/sudoers/def_data.c:343 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "Angiv brugeren i utmp til brugeren kør som, ikke den opstartende bruger" #: plugins/sudoers/def_data.c:347 msgid "Set of permitted privileges" msgstr "Sæt af tilladte privilegier" # engelsk fejl? Set of limited ... #: plugins/sudoers/def_data.c:351 msgid "Set of limit privileges" msgstr "Sæt af begræns privilegier" #: plugins/sudoers/def_data.c:355 msgid "Run commands on a pty in the background" msgstr "Kør kommandoer pÃ¥ en pty i baggrunden" #: plugins/sudoers/def_data.c:359 msgid "PAM service name to use" msgstr "PAM-tjenestenavn der skal bruges" #: plugins/sudoers/def_data.c:363 msgid "PAM service name to use for login shells" msgstr "PAM-tjenestenavn der skal bruges for logindskaller" #: plugins/sudoers/def_data.c:367 msgid "Attempt to establish PAM credentials for the target user" msgstr "Forsøg pÃ¥ at etablere PAM-akkreditiver for mÃ¥lbrugeren" #: plugins/sudoers/def_data.c:371 msgid "Create a new PAM session for the command to run in" msgstr "Opret en ny PAM-session som kommandoen kan køre i" #: plugins/sudoers/def_data.c:375 #, c-format msgid "Maximum I/O log sequence number: %u" msgstr "Maksimalt I/O-logsekvenstal: %u" #: plugins/sudoers/defaults.c:210 plugins/sudoers/defaults.c:596 #: plugins/sudoers/visudo_json.c:611 plugins/sudoers/visudo_json.c:647 #, c-format msgid "unknown defaults entry `%s'" msgstr "ukendt standardpunkt »%s«" #: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 #: plugins/sudoers/defaults.c:248 plugins/sudoers/defaults.c:261 #: plugins/sudoers/defaults.c:274 plugins/sudoers/defaults.c:287 #: plugins/sudoers/defaults.c:300 plugins/sudoers/defaults.c:320 #: plugins/sudoers/defaults.c:330 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "værdi »%s« er ugyldig for indstilling »%s«" #: plugins/sudoers/defaults.c:221 plugins/sudoers/defaults.c:231 #: plugins/sudoers/defaults.c:239 plugins/sudoers/defaults.c:256 #: plugins/sudoers/defaults.c:269 plugins/sudoers/defaults.c:282 #: plugins/sudoers/defaults.c:295 plugins/sudoers/defaults.c:315 #: plugins/sudoers/defaults.c:326 #, c-format msgid "no value specified for `%s'" msgstr "ingen værdi angivet for »%s«" #: plugins/sudoers/defaults.c:244 #, c-format msgid "values for `%s' must start with a '/'" msgstr "værdier for »%s« skal begynde med en »/«" #: plugins/sudoers/defaults.c:306 #, c-format msgid "option `%s' does not take a value" msgstr "indstilling »%s« kan ikke modtage en værdi" #: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 #: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 #: plugins/sudoers/policy.c:442 plugins/sudoers/policy.c:449 #: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:656 #: plugins/sudoers/testsudoers.c:241 #, c-format msgid "internal error, %s overflow" msgstr "intern fejl, %s-overløb" #: plugins/sudoers/env.c:367 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: ødelagt envp, forskellig længde" #: plugins/sudoers/env.c:1014 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "beklager, du har ikke tilladelse til at angive de følgende miljøvariabler: %s" #: plugins/sudoers/group_plugin.c:94 #, c-format msgid "%s must be owned by uid %d" msgstr "%s skal være ejet af uid %d" #: plugins/sudoers/group_plugin.c:98 #, c-format msgid "%s must only be writable by owner" msgstr "%s skal være skrivbar af ejer" #: plugins/sudoers/group_plugin.c:105 plugins/sudoers/sssd.c:251 #, c-format msgid "unable to load %s: %s" msgstr "kan ikke indlæse %s: %s" #: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "kan ikke finde symbol »group_plugin« i %s" #: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: inkompatibel gruppeudvidelsesmodul for hovedversion %d, forventede %d" #: plugins/sudoers/interfaces.c:118 msgid "Local IP address and netmask pairs:\n" msgstr "Lokal IP-adresse og netmaskepar:\n" #: plugins/sudoers/iolog.c:99 plugins/sudoers/iolog.c:112 #: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s findes men er ikke en mappe (0%o)" #: plugins/sudoers/iolog.c:109 plugins/sudoers/iolog.c:123 #: plugins/sudoers/iolog.c:127 plugins/sudoers/timestamp.c:165 #: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 #, c-format msgid "unable to mkdir %s" msgstr "kan ikke mkdir %s" #: plugins/sudoers/iolog.c:190 plugins/sudoers/sudoers.c:710 #: plugins/sudoers/sudoreplay.c:340 plugins/sudoers/sudoreplay.c:811 #: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/timestamp.c:155 #: plugins/sudoers/visudo.c:824 plugins/sudoers/visudo_json.c:995 #: plugins/sudoers/visudo_json.c:1003 #, c-format msgid "unable to open %s" msgstr "kan ikke Ã¥bne %s" #: plugins/sudoers/iolog.c:223 plugins/sudoers/sudoers.c:713 #: plugins/sudoers/sudoreplay.c:1112 #, c-format msgid "unable to read %s" msgstr "kan ikke læse %s" #: plugins/sudoers/iolog.c:247 plugins/sudoers/sudoreplay.c:580 #: plugins/sudoers/timestamp.c:159 #, c-format msgid "unable to write to %s" msgstr "kan ikke skrive til %s" #: plugins/sudoers/iolog.c:307 plugins/sudoers/iolog.c:500 #, c-format msgid "unable to create %s" msgstr "kan ikke oprette %s" #: plugins/sudoers/ldap.c:403 msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: port for stor" #: plugins/sudoers/ldap.c:426 msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: stigende mellemlager for vært (hostbuf) har ikke nok plads" #: plugins/sudoers/ldap.c:458 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "ikkeunderstøttet LDAP uri-type: %s" #: plugins/sudoers/ldap.c:489 msgid "unable to mix ldap and ldaps URIs" msgstr "kan ikke blande ldap og ldaps URI'er" #: plugins/sudoers/ldap.c:493 plugins/sudoers/ldap.c:525 msgid "starttls not supported when using ldaps" msgstr "starttls er ikke understøttet, nÃ¥r der bruges ldaps" #: plugins/sudoers/ldap.c:511 msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: opbyggende mellemlager for vært (hostbuf) har ikke nok plads" #: plugins/sudoers/ldap.c:592 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "kan ikke initialisere SSL-cert og key db: %s" #: plugins/sudoers/ldap.c:595 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "du skal angive at TLS_CERT i %s skal bruge SSL" #: plugins/sudoers/ldap.c:1086 msgid "unable to get GMT time" msgstr "kan ikke indhente GMT-tid" #: plugins/sudoers/ldap.c:1092 msgid "unable to format timestamp" msgstr "kan ikke formatere tidsstempel" #: plugins/sudoers/ldap.c:1100 msgid "unable to build time filter" msgstr "kan ikke bygge tidsfilter" #: plugins/sudoers/ldap.c:1319 msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "sudo_ldap_build_pass1 forskellige allokeringer" #: plugins/sudoers/ldap.c:1424 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" #: plugins/sudoers/ldap.c:1899 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" "\n" "LDAP-rolle: %s\n" #: plugins/sudoers/ldap.c:1901 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" "\n" "LDAP-rolle: UKENDT\n" #: plugins/sudoers/ldap.c:1948 #, c-format msgid " Order: %s\n" msgstr " Rækkefølge: %s\n" #: plugins/sudoers/ldap.c:1956 plugins/sudoers/parse.c:504 #: plugins/sudoers/sssd.c:1295 #, c-format msgid " Commands:\n" msgstr " Kommandoer:\n" #: plugins/sudoers/ldap.c:2499 #, c-format msgid "unable to initialize LDAP: %s" msgstr "kan ikke initialisere LDAP: %s" #: plugins/sudoers/ldap.c:2541 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls angivet men LDAP libs understøtter ikke ldap_start_tls_s() eller ldap_start_tls_s_np()" #: plugins/sudoers/ldap.c:2774 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "ugyldig sudoOrder-attribut: %s" #: plugins/sudoers/linux_audit.c:57 msgid "unable to open audit system" msgstr "kan ikke Ã¥bne overvÃ¥gningssystem" #: plugins/sudoers/linux_audit.c:93 msgid "unable to send audit message" msgstr "kan ikke sende overvÃ¥gningsbesked" #: plugins/sudoers/logging.c:136 #, c-format msgid "%8s : %s" msgstr "%8s : %s" #: plugins/sudoers/logging.c:164 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s: (kommando fortsat) %s" #: plugins/sudoers/logging.c:190 #, c-format msgid "unable to open log file: %s: %s" msgstr "kan ikke Ã¥bne logfil: %s: %s" #: plugins/sudoers/logging.c:193 #, c-format msgid "unable to lock log file: %s: %s" msgstr "kan ikke lÃ¥se logfil: %s: %s" #: plugins/sudoers/logging.c:245 msgid "No user or host" msgstr "Ingen bruger eller vært" #: plugins/sudoers/logging.c:247 msgid "validation failure" msgstr "valideringsfejl" #: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "bruger IKKE i sudoers" #: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "bruger IKKE autoriseret pÃ¥ vært" #: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "kommando ikke tilladt" #: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s er ikke sudoersfilen. Denne handling vil blive rapporteret.\n" #: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s har ikke tilladelse til at køre sudo pÃ¥ %s. Denne handling vil blive rapporteret.\n" #: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Beklager. Bruger %s mÃ¥ ikke køre sudo pÃ¥ %s.\n" #: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Beklager. Bruger %s har ikke tilladelse til at køre »%s%s%s« som %s%s%s pÃ¥ %s.\n" #: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:382 #: plugins/sudoers/sudoers.c:383 plugins/sudoers/sudoers.c:385 #: plugins/sudoers/sudoers.c:386 plugins/sudoers/sudoers.c:1017 #: plugins/sudoers/sudoers.c:1018 #, c-format msgid "%s: command not found" msgstr "%s: Kommando ikke fundet" #: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:378 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" "ignorerer »%s« fundet i ».«\n" "Brug »sudo ./%s« hvis dette er »%s«, du ønsker at køre." #: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "godkendelsesfejl" #: plugins/sudoers/logging.c:379 msgid "a password is required" msgstr "der kræves en adgangskode" #: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:497 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u ukorrekt adgangskodeforsøg" msgstr[1] "%u ukorrekte adgangskodeforsøg" #: plugins/sudoers/logging.c:582 msgid "unable to fork" msgstr "kan ikke forgrene" #: plugins/sudoers/logging.c:589 plugins/sudoers/logging.c:645 #, c-format msgid "unable to fork: %m" msgstr "kan ikke forgrene: %m" #: plugins/sudoers/logging.c:635 #, c-format msgid "unable to open pipe: %m" msgstr "kan ikke Ã¥bne datakanal: %m" #: plugins/sudoers/logging.c:660 #, c-format msgid "unable to dup stdin: %m" msgstr "kan ikke dup stdin: %m" #: plugins/sudoers/logging.c:695 #, c-format msgid "unable to execute %s: %m" msgstr "kan ikke køre %s: %m" #: plugins/sudoers/logging.c:914 msgid "internal error: insufficient space for log line" msgstr "intern fejl: utilstrækkelig plads for loglinje" #: plugins/sudoers/match.c:617 #, c-format msgid "unsupported digest type %d for %s" msgstr "ej understøttet sammendragstype %d for %s" #: plugins/sudoers/match.c:647 #, c-format msgid "%s: read error" msgstr "%s: læsefejl" #: plugins/sudoers/match.c:661 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "sammendrag for %s (%s) er ikke i %s-form" #: plugins/sudoers/parse.c:115 #, c-format msgid "parse error in %s near line %d" msgstr "fortolkningsfejl i %s nær linje %d" #: plugins/sudoers/parse.c:118 #, c-format msgid "parse error in %s" msgstr "fortolkningsfejl i %s" #: plugins/sudoers/parse.c:451 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" "\n" "Sudoers-punkt:\n" #: plugins/sudoers/parse.c:452 #, c-format msgid " RunAsUsers: " msgstr " KørSomBrugere: " #: plugins/sudoers/parse.c:466 #, c-format msgid " RunAsGroups: " msgstr " KørSomGrupper: " #: plugins/sudoers/parse.c:475 #, c-format msgid " Options: " msgstr " Tilvalg: " #: plugins/sudoers/policy.c:109 plugins/sudoers/policy.c:116 #: plugins/sudoers/policy.c:123 plugins/sudoers/policy.c:145 #: plugins/sudoers/policy.c:259 plugins/sudoers/policy.c:277 #: plugins/sudoers/policy.c:284 plugins/sudoers/policy.c:312 #: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:327 #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 #, c-format msgid "%s: %s" msgstr "%s: %s" #: plugins/sudoers/policy.c:539 plugins/sudoers/visudo.c:765 #, c-format msgid "unable to execute %s" msgstr "kan ikke udføre %s" #: plugins/sudoers/policy.c:681 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Udvidelsesmodulversion %s for sudoerspolitik\n" #: plugins/sudoers/policy.c:683 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Grammatikversion %d for sudoersfil\n" #: plugins/sudoers/policy.c:687 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" "\n" "Sudoers-sti: %s\n" #: plugins/sudoers/policy.c:690 #, c-format msgid "nsswitch path: %s\n" msgstr "nsswitch-sti: %s\n" #: plugins/sudoers/policy.c:692 #, c-format msgid "ldap.conf path: %s\n" msgstr "ldap.conf-sti: %s\n" #: plugins/sudoers/policy.c:693 #, c-format msgid "ldap.secret path: %s\n" msgstr "ldap.secret-sti: %s\n" #: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "kan ikke cache uid %u, findes allerede" #: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "kan ikke cache bruger %s, findes allerede" #: plugins/sudoers/pwutil.c:393 #, c-format msgid "unable to cache gid %u, already exists" msgstr "kan ikke cache gid %u, findes allerede" #: plugins/sudoers/pwutil.c:429 #, c-format msgid "unable to cache group %s, already exists" msgstr "kan ikke cache gruppe %s, findes allerede" #: plugins/sudoers/pwutil.c:592 plugins/sudoers/pwutil.c:614 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "kan ikke cache gruppeliste for %s, findes allerede" #: plugins/sudoers/pwutil.c:612 #, c-format msgid "unable to parse groups for %s" msgstr "kan ikke fortolke grupper for %s" #: plugins/sudoers/set_perms.c:124 plugins/sudoers/set_perms.c:449 #: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1149 #: plugins/sudoers/set_perms.c:1441 msgid "perm stack overflow" msgstr "permanent stakoverløb" #: plugins/sudoers/set_perms.c:132 plugins/sudoers/set_perms.c:457 #: plugins/sudoers/set_perms.c:860 plugins/sudoers/set_perms.c:1157 #: plugins/sudoers/set_perms.c:1449 msgid "perm stack underflow" msgstr "permanent stakunderløb" #: plugins/sudoers/set_perms.c:191 plugins/sudoers/set_perms.c:504 #: plugins/sudoers/set_perms.c:1208 plugins/sudoers/set_perms.c:1481 msgid "unable to change to root gid" msgstr "kan ikke ændre til root gid" #: plugins/sudoers/set_perms.c:280 plugins/sudoers/set_perms.c:601 #: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1285 msgid "unable to change to runas gid" msgstr "kan ikke ændre til kør som gid" #: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:613 #: plugins/sudoers/set_perms.c:999 plugins/sudoers/set_perms.c:1295 msgid "unable to change to runas uid" msgstr "kan ikke ændre til kør som uid" #: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:631 #: plugins/sudoers/set_perms.c:1015 plugins/sudoers/set_perms.c:1311 msgid "unable to change to sudoers gid" msgstr "kan ikke ændre til sudoers gid" #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 msgid "too many processes" msgstr "for mange processer" #: plugins/sudoers/set_perms.c:1595 msgid "unable to set runas group vector" msgstr "kan ikke angive kør som gruppevektor" #: plugins/sudoers/sssd.c:252 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "kan ikke initialisere SSS-kilde. Er SSSD installeret pÃ¥ din maskine?" #: plugins/sudoers/sssd.c:259 plugins/sudoers/sssd.c:267 #: plugins/sudoers/sssd.c:275 plugins/sudoers/sssd.c:283 #: plugins/sudoers/sssd.c:291 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "kan ikke finde symbol »%s« i %s" #: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Matchende standardpunkter for %s pÃ¥ %s:\n" #: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Kør som og kommandospecifikke standarder for %s:\n" #: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "Bruger %s mÃ¥ køre de følgende kommandoer pÃ¥ %s:\n" #: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Bruger %s har ikke tilladelse til at køre sudo pÃ¥ %s.\n" #: plugins/sudoers/sudoers.c:154 plugins/sudoers/sudoers.c:188 #: plugins/sudoers/sudoers.c:675 msgid "problem with defaults entries" msgstr "problem med standardpunkter" #: plugins/sudoers/sudoers.c:160 msgid "no valid sudoers sources found, quitting" msgstr "ingen gyldige sudoerskilder fundet, afslutter" #: plugins/sudoers/sudoers.c:222 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers angiver at administrator (root) ikke har tilladelse til sudo" #: plugins/sudoers/sudoers.c:261 msgid "you are not permitted to use the -C option" msgstr "du har ikke tilladelse til at bruge tilvalget -C" #: plugins/sudoers/sudoers.c:314 #, c-format msgid "timestamp owner (%s): No such user" msgstr "tidsstempelejer (%s): Ingen sÃ¥dan bruger" #: plugins/sudoers/sudoers.c:328 msgid "no tty" msgstr "ingen tty" #: plugins/sudoers/sudoers.c:329 msgid "sorry, you must have a tty to run sudo" msgstr "beklager, du skal bruge en tty for at køre sudo" #: plugins/sudoers/sudoers.c:377 msgid "command in current directory" msgstr "kommando i aktuel mappe" #: plugins/sudoers/sudoers.c:394 msgid "sorry, you are not allowed to preserve the environment" msgstr "beklager men du har ikke tilladelse til at bevare miljøet" #: plugins/sudoers/sudoers.c:725 plugins/sudoers/timestamp.c:216 #: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:326 #: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:591 #, c-format msgid "unable to stat %s" msgstr "kan ikke stat %s" #: plugins/sudoers/sudoers.c:728 #, c-format msgid "%s is not a regular file" msgstr "%s er ikke en regulær fil" #: plugins/sudoers/sudoers.c:731 toke.l:920 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s er ejet af uid %u, bør være %u" #: plugins/sudoers/sudoers.c:735 toke.l:927 #, c-format msgid "%s is world writable" msgstr "%s er skrivbar for alle" #: plugins/sudoers/sudoers.c:738 toke.l:932 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s er eget af gid %u, bør være %u" #: plugins/sudoers/sudoers.c:764 #, c-format msgid "only root can use `-c %s'" msgstr "kun administrator (root) kan bruge »-c %s«" #: plugins/sudoers/sudoers.c:781 plugins/sudoers/sudoers.c:783 #, c-format msgid "unknown login class: %s" msgstr "ukendt logindklasse: %s" #: plugins/sudoers/sudoers.c:815 #, c-format msgid "unable to resolve host %s" msgstr "kan ikke slÃ¥ vært %s op" #: plugins/sudoers/sudoers.c:878 plugins/sudoers/testsudoers.c:387 #, c-format msgid "unknown group: %s" msgstr "ukendt gruppe: %s" #: plugins/sudoers/sudoreplay.c:272 #, c-format msgid "invalid filter option: %s" msgstr "ugyldigt filtertilvalg: %s" #: plugins/sudoers/sudoreplay.c:285 #, c-format msgid "invalid max wait: %s" msgstr "ugyldig maks ventetid: %s" #: plugins/sudoers/sudoreplay.c:291 #, c-format msgid "invalid speed factor: %s" msgstr "ugyldig hastighedsfaktor: %s" #: plugins/sudoers/sudoreplay.c:294 plugins/sudoers/visudo.c:184 #, c-format msgid "%s version %s\n" msgstr "%s version %s\n" #: plugins/sudoers/sudoreplay.c:326 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/timing: %s" #: plugins/sudoers/sudoreplay.c:332 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/timing: %s" #: plugins/sudoers/sudoreplay.c:348 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Genafspiller sudosession: %s\n" #: plugins/sudoers/sudoreplay.c:354 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Advarsel: Din terminal er for lille til korrekt at afspille loggen.\n" #: plugins/sudoers/sudoreplay.c:355 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Loggeometri er %d x %d, din terminals geometri er %d x %d." #: plugins/sudoers/sudoreplay.c:410 msgid "unable to set tty to raw mode" msgstr "kan ikke angive tty til rÃ¥ (raw) tilstand" #: plugins/sudoers/sudoreplay.c:441 #, c-format msgid "invalid timing file line: %s" msgstr "ugyldig timingfillinje: %s" #: plugins/sudoers/sudoreplay.c:647 plugins/sudoers/sudoreplay.c:672 #, c-format msgid "ambiguous expression \"%s\"" msgstr "tvetydigt udtryk »%s«" #: plugins/sudoers/sudoreplay.c:694 msgid "unmatched ')' in expression" msgstr "manglende »)« i udtryk" #: plugins/sudoers/sudoreplay.c:698 #, c-format msgid "unknown search term \"%s\"" msgstr "ukendt søgeterm »%s«" #: plugins/sudoers/sudoreplay.c:712 #, c-format msgid "%s requires an argument" msgstr "%s kræver et argument" #: plugins/sudoers/sudoreplay.c:716 plugins/sudoers/sudoreplay.c:1085 #, c-format msgid "invalid regular expression: %s" msgstr "ugyldigt regulært udtryk: %s" #: plugins/sudoers/sudoreplay.c:722 #, c-format msgid "could not parse date \"%s\"" msgstr "kunne ikke fortolke dato »%s«" #: plugins/sudoers/sudoreplay.c:731 msgid "unmatched '(' in expression" msgstr "mangler »(« i udtryk" #: plugins/sudoers/sudoreplay.c:733 msgid "illegal trailing \"or\"" msgstr "ugyldig kæde »or« (eller)" #: plugins/sudoers/sudoreplay.c:735 msgid "illegal trailing \"!\"" msgstr "ugyldig kæde »!«" #: plugins/sudoers/sudoreplay.c:788 #, c-format msgid "unknown search type %d" msgstr "ukendt søgeterm %d" #: plugins/sudoers/sudoreplay.c:825 #, c-format msgid "%s: invalid log file" msgstr "%s: Ugyldig logfil" #: plugins/sudoers/sudoreplay.c:843 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: Tidsstempelfelt mangler" #: plugins/sudoers/sudoreplay.c:850 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: Tidsstempel %s: %s" #: plugins/sudoers/sudoreplay.c:857 #, c-format msgid "%s: user field is missing" msgstr "%s: Brugerfelt mangler" #: plugins/sudoers/sudoreplay.c:865 #, c-format msgid "%s: runas user field is missing" msgstr "%s: runas-brugerfelt mangler" #: plugins/sudoers/sudoreplay.c:873 #, c-format msgid "%s: runas group field is missing" msgstr "%s: runas-gruppefelt mangler" #: plugins/sudoers/sudoreplay.c:1225 #, c-format msgid "usage: %s [-h] [-d dir] [-m num] [-s num] ID\n" msgstr "brug: %s [-h] [-d mappe] [-m num] [-s num] ID\n" #: plugins/sudoers/sudoreplay.c:1228 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "brug: %s [-h] [-d mappe] -l [søgeudtryk]\n" #: plugins/sudoers/sudoreplay.c:1237 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" "%s - genafspil sudosessionslogge\n" "\n" #: plugins/sudoers/sudoreplay.c:1239 msgid "" "\n" "Options:\n" " -d, --directory=dir specify directory for session logs\n" " -f, --filter=filter specify which I/O type(s) to display\n" " -h, --help display help message and exit\n" " -l, --list list available session IDs, with optional expression\n" " -m, --max-wait=num max number of seconds to wait between events\n" " -s, --speed=num speed up or slow down output\n" " -V, --version display version information and exit" msgstr "" "\n" "Tilvalg:\n" " -d, --directory=dir angiv mappe for sessionslogge\n" " -f, --filter=filter angiv hvilken I/O-type at vise\n" " -h, --help vis denne hjælpetekst og afslut\n" " -l, --list vis tilgængelige sessions-ID'er med valgfrit udtryk\n" " -m, --max-wait=num maks antal sekunder at vente mellem hændelser\n" " -s, --speed=num øg eller sænk uddata\n" " -V, --version vis versionsinformation og afslut" #: plugins/sudoers/testsudoers.c:326 msgid "\thost unmatched" msgstr "\thost matchede ikke" #: plugins/sudoers/testsudoers.c:329 msgid "" "\n" "Command allowed" msgstr "" "\n" "Kommando tilladt" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command denied" msgstr "" "\n" "Kommando nægtet" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command unmatched" msgstr "" "\n" "Kommando ikke matchet" #: plugins/sudoers/timestamp.c:133 #, c-format msgid "timestamp path too long: %s" msgstr "tidsstempelsti er for lang: %s" #: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 #: plugins/sudoers/timestamp.c:290 #, c-format msgid "%s owned by uid %u, should be uid %u" msgstr "%s ejet af uid %u, bør være uid %u" #: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0700" msgstr "%s er skrivbar for ikkeejer (0%o), bør være tilstand 0700" #: plugins/sudoers/timestamp.c:284 #, c-format msgid "%s exists but is not a regular file (0%o)" msgstr "%s findes men er ikke en regulær fil (0%o)" #: plugins/sudoers/timestamp.c:296 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0600" msgstr "%s skrivbar af ikkeejer (0%o), bør være tilstand 0600" #: plugins/sudoers/timestamp.c:351 #, c-format msgid "timestamp too far in the future: %20.20s" msgstr "tidsstempel for langt ude i fremtiden: %20.20s" #: plugins/sudoers/timestamp.c:405 #, c-format msgid "unable to remove %s, will reset to the Unix epoch" msgstr "kan ikke fjerne %s, vil nulstille til Unix-epoken" #: plugins/sudoers/timestamp.c:413 #, c-format msgid "unable to reset %s to the Unix epoch" msgstr "kan ikke nulstille %s til Unix-epoken" #: plugins/sudoers/toke_util.c:176 msgid "fill_args: buffer overflow" msgstr "fill_args: overløb for mellemlager" #: plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" msgstr "%s grammatikversion %d\n" #: plugins/sudoers/visudo.c:257 plugins/sudoers/visudo.c:544 #, c-format msgid "press return to edit %s: " msgstr "tryk retur for at redigere %s: " #: plugins/sudoers/visudo.c:342 plugins/sudoers/visudo.c:348 msgid "write error" msgstr "skrivefejl" #: plugins/sudoers/visudo.c:430 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "kan ikke stat midlertidig fil (%s), %s unchanged" #: plugins/sudoers/visudo.c:435 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "midlertidig fil med nullængde (%s), %s uændret" #: plugins/sudoers/visudo.c:441 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "redigeringsprogram (%s) fejlede, %s uændret" #: plugins/sudoers/visudo.c:464 #, c-format msgid "%s unchanged" msgstr "%s uændret" #: plugins/sudoers/visudo.c:489 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "kan ikke genÃ¥bne midlertidig fil (%s), %s uændrede." #: plugins/sudoers/visudo.c:499 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "kan ikke fortolke midlertidig fil (%s), ukendt fejl" #: plugins/sudoers/visudo.c:535 #, c-format msgid "internal error, unable to find %s in list!" msgstr "intern fejl, kan ikke finde %s pÃ¥ listen!" #: plugins/sudoers/visudo.c:593 plugins/sudoers/visudo.c:602 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "kan ikke angive (uid, gid) af %s til (%u, %u)" #: plugins/sudoers/visudo.c:597 plugins/sudoers/visudo.c:607 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "kan ikke ændre tilstand pÃ¥ %s til 0%o" #: plugins/sudoers/visudo.c:624 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s og %s er ikke pÃ¥ det samme filsystem, bruger mv til at omdøbe" #: plugins/sudoers/visudo.c:638 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "kommando fejlede: »%s %s %s«, %s uændret" #: plugins/sudoers/visudo.c:648 #, c-format msgid "error renaming %s, %s unchanged" msgstr "fejl under omdøbing af %s, %s uændret" #: plugins/sudoers/visudo.c:710 msgid "What now? " msgstr "Hvad nu? " #: plugins/sudoers/visudo.c:724 msgid "" "Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" "Tilvalg er:\n" " r(e)diger sudoersfil igen\n" " afslut(x) uden at gemme ændringer til sudoersfil\n" " afslut(Q) og gem ændringer til sudoersfil (FARLIGT!)\n" #: plugins/sudoers/visudo.c:772 #, c-format msgid "unable to run %s" msgstr "kan ikke køre %s" #: plugins/sudoers/visudo.c:798 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: forkert ejer (uid, gid) bør være (%u, %u)\n" #: plugins/sudoers/visudo.c:805 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: ugyldige rettigheder, bør være tilstand 0%o\n" #: plugins/sudoers/visudo.c:830 plugins/sudoers/visudo_json.c:1009 #, c-format msgid "failed to parse %s file, unknown error" msgstr "kunne ikke fortolke %s-fil, ukendt fejl" #: plugins/sudoers/visudo.c:846 plugins/sudoers/visudo_json.c:1018 #, c-format msgid "parse error in %s near line %d\n" msgstr "fortolkningsfejl i %s nær linje %d\n" #: plugins/sudoers/visudo.c:849 plugins/sudoers/visudo_json.c:1021 #, c-format msgid "parse error in %s\n" msgstr "fortolkningsfejl i %s\n" #: plugins/sudoers/visudo.c:857 plugins/sudoers/visudo.c:864 #, c-format msgid "%s: parsed OK\n" msgstr "%s: fortolket o.k.\n" #: plugins/sudoers/visudo.c:910 #, c-format msgid "%s busy, try again later" msgstr "%s travl, forsøg igen senere" #: plugins/sudoers/visudo.c:954 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "angivet redigeringsprogram (%s) findes ikke" #: plugins/sudoers/visudo.c:977 #, c-format msgid "unable to stat editor (%s)" msgstr "kan ikke stat redigeringsprogram (%s)" #: plugins/sudoers/visudo.c:1025 #, c-format msgid "no editor found (editor path = %s)" msgstr "intet redigeringsprogram fundet (sti for redigeringsprogram = %s)" #: plugins/sudoers/visudo.c:1118 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "Fejl: Cyklus i %s_Alias »%s«" #: plugins/sudoers/visudo.c:1119 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "Advarsel: Cyklus i %s_Alias »%s«" #: plugins/sudoers/visudo.c:1125 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "Fejl: %s_Alias »%s« refereret men ikke defineret" #: plugins/sudoers/visudo.c:1126 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "Advarsel: %s_Alias »%s« refereret men ikke defineret" #: plugins/sudoers/visudo.c:1268 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s: ubrugt %s_Alias %s" #: plugins/sudoers/visudo.c:1330 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" "%s - rediger sikkert sudoersfilen\n" "\n" #: plugins/sudoers/visudo.c:1332 msgid "" "\n" "Options:\n" " -c, --check check-only mode\n" " -f, --file=file specify sudoers file location\n" " -h, --help display help message and exit\n" " -q, --quiet less verbose (quiet) syntax error messages\n" " -s, --strict strict syntax checking\n" " -V, --version display version information and exit\n" " -x, --export=file export sudoers in JSON format" msgstr "" "\n" "Tilvalg:\n" " -c, --check kun kontroltilstand\n" " -f, --file=file angiv placering for sudoersfil\n" " -h, --help vis denne hjælpetekst og afslut\n" " -q, --quiet mindre uddybende (stille) beskeder for syntaksfejl\n" " -s, --strict streng syntakskontrol\n" " -V, --version vis information om version og afslut\n" " -x, --export ekporter sudoers i JSON-format" #: toke.l:892 msgid "too many levels of includes" msgstr "for mange niveauer af includes (inkluderinger)" sudo-1.8.9p5/plugins/sudoers/po/de.mo010064400175440000012000001140751226304146200170640ustar00millertstaffÞ•R¬ É<`arƒ“¦¶fË´2çøý  ! !&!5!G!X!a!~!#ž!9Â!ü!&")<"f"}"F–"@Ý"###B#f#{#!–#$¸#Ý# õ#$3$3E$y$–$§$®$+½$(é$%;(%d%y%ˆ% —%¸%Ø%î%"&41&!f&$ˆ&-­&Û&*ø&+#'O'f'.€'<¯'#ì'd(Au(9·(ñ()+)>F)?…)2Å)#ø)!*4>*?s*8³*ì*.+3+#P+2t+§+#Ã+1ç+<,*V,", ¤,/Å,õ,$-@8-/y-©-8Ä-<ý-F:.3.µ.É.5è.q/)/:º/$õ/'0=B0-€0'®0)Ö0*1(+1#T1x1'ˆ12°1?ã1#2-±2ß2ü2(33=3%q3 —3(¡3Ê3ß3(ø3.!4%P4Ev4+¼4=è46&5G]5¥5Ä55à5(63?6s6'…6,­63Ú637B75_7'•75½7&ó7:8U8m8.‰8=¸8ö8C9'L9"t9 —9!¸97Ú9?:AR:V”:“ë:';0§;LØ;*%<.P<)<F©<'ð<1=1J=|=@œ= Ý=7è=9 >Z>3q>¥>¿>Ö>(ö>?CZCmC!‡C©C»CÎCíC D!D6DPD6nDI¥D&ïD#E\:E'—E)¿E8éE("F2KF,~F2«F"ÞFG(GFGbG"uG˜G&´G(ÛG1H&6H']H%…H"«HÎHëH I'IGI*eI$IµIÉIáIöI J*0J[JjJ}J˜J%¯J'ÕJýJK 4K,UKC‚KÆKÜK!üKL1LCL_LL—L4µLêLüL1M$IMnMˆM™M*¶M áMN N2N0MN~N3”NÈNÞNúN O$O=OTOdOuO‘O­O!ËO/íO-PKPgP{P%ŽP%´P ÚP*æP#Q&5Q-\Q¬ŠQ7STSfS{S‘S¢S‰ºS>DUƒW–W!©WËXÛXêXÿXY"Y+Y*KY,vYN£Y5òY-(Z2VZ‰Z¢ZE¿ZB[0H[)y[.£[Ò[:î[))\S\m\}\AŒ\AÎ\]+]:]A]<P]3]Á]MÝ]+^D^T^,j^.—^Æ^'Ý^*_K0_+|_1¨_6Ú_ `12`@d`¥`Á`5Ü`Pa'ca”‹aW bQxbÊb éb" c<-cPjc8»c*ôc.dKNdUšd?ðd0e>Je)‰e&³e;Úef>3f5rfG¨f#ðf$g$9g@^g-Ÿg ÍgPîg/?h$ohR”hXçhq@i;²iîi1j69jpj0kN?k!Žk=°kJîk:9l4tl6©l=àl,m+Km$wm.œm>ËmF nÉQn<o&Xoo/oNÍo6p Sp6]p”p«p1Æp4øp2-q?`q> qeßqXEr[žrAúr!1‚.p‚#Ÿ‚Âã‚!ÿ‚'!ƒ#Iƒ&mƒ&”ƒ»ƒ1Ùƒ „„.5„d„+ƒ„¯„4¸„í„ …! …*B…m……$–…"»…Þ…-þ…4,†#a†.…†O´†3‡.8‡tg‡+܇*ˆ>3ˆ+rˆ8žˆ7׈4‰2D‰w‰/“‰(Éì‰+þ‰0*ŠC[ŠFŸŠRæŠ39‹Gm‹1µ‹,ç‹ Œ!5Œ!WŒ#yŒ3Œ/ÑŒ'%)Ol…)¢1ÌþŽ&&Ž MŽ6nŽ+¥Ž"ÑŽôŽ)N<O‹ Û(ü;%+a##±(Õþ%‘MD‘!’‘'´‘PÜ‘.-’(\’"…’%¨’8Î’#“0+“)\“5†“P¼“% ”B3”v”#‘”µ”˔甕•0•+I•(u•'ž•.Æ•6õ•S,–3€–%´–Ú–4õ–2*— ]—)k—0•—EÆ—0 ˜+í4ÁGFý6RKƒLŒ¼¶” ¡zÇO«E[Àê|B%ø†i5mM¬@Ã)ÒV^’ž %Kã‡ØQB(“¾¸ÊOU(Ä#x;° Ùe &!.²®8¨4·Í#è½ßJ;:Nôü­>Aˆ¯sovd,j•I´8 "ánÏÌI><N„=@rб€¢©/Üt{5ï<›œa '+â1Ûfé)û£"—lðþ÷y˜JG‚ÝŪÿP0Š -‘H»¥Ÿ9àcºëæµE2LQ=g¦…]Rú$õ–HÔWDóÂSkä:Þ`XY* F32ZùìòTC¿.7!ÖP¤×wh§9b' Ñuñ~p_ šÈ 7&ÓÉ\$ç?‹MËŽ0Æö*å/3D,C61 }ÕAÚ -?¹Îq³ host unmatched Command allowed Command denied Command unmatched LDAP Role: %s LDAP Role: UNKNOWN Options: -c, --check check-only mode -f, --file=file specify sudoers file location -h, --help display help message and exit -q, --quiet less verbose (quiet) syntax error messages -s, --strict strict syntax checking -V, --version display version information and exit -x, --export=file export sudoers in JSON format Options: -d, --directory=dir specify directory for session logs -f, --filter=filter specify which I/O type(s) to display -h, --help display help message and exit -l, --list list available session IDs, with optional expression -m, --max-wait=num max number of seconds to wait between events -s, --speed=num speed up or slow down output -V, --version display version information and exit Sudoers entry: Sudoers path: %s We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Commands: Options: Order: %s RunAsGroups: RunAsUsers: %8s : %s%8s : (command continued) %s%s - replay sudo session logs %s - safely edit the sudoers file %s and %s not on the same file system, using mv to rename%s busy, try again later%s exists but is not a directory (0%o)%s exists but is not a regular file (0%o)%s grammar version %d %s is not a regular file%s is not allowed to run sudo on %s. This incident will be reported. %s is not in the sudoers file. This incident will be reported. %s is owned by gid %u, should be %u%s is owned by uid %u, should be %u%s is world writable%s must be owned by uid %d%s must only be writable by owner%s owned by uid %u, should be uid %u%s requires an argument%s unchanged%s version %s %s writable by non-owner (0%o), should be mode 0600%s writable by non-owner (0%o), should be mode 0700%s/%.2s/%.2s/%.2s/timing: %s%s/%s/timing: %s%s: %s%s: %s: %s: %s%s: Cannot verify TGT! Possible attack!: %s%s: bad permissions, should be mode 0%o %s: command not found%s: incompatible group plugin major version %d, expected %d%s: invalid log file%s: parsed OK %s: read error%s: runas group field is missing%s: runas user field is missing%s: time stamp %s: %s%s: time stamp field is missing%s: unable to allocate options: %s%s: unable to convert principal to string ('%s'): %s%s: unable to get credentials: %s%s: unable to get host principal: %s%s: unable to initialize credential cache: %s%s: unable to parse '%s': %s%s: unable to resolve credential cache: %s%s: unable to store credential in cache: %s%s: unused %s_Alias %s%s: user field is missing%s: wrong owner (uid, gid) should be (%u, %u) %u incorrect password attempt%u incorrect password attempts*** SECURITY information for %h ***Account expired or PAM config lacks an "account" section for sudo, contact your system administratorAccount or password is expired, reset your password and try againAdd an entry to the utmp/utmpx file when allocating a ptyAddress to send mail from: %sAddress to send mail to: %sAlias `%s' already definedAllow some information gathering to give useful error messagesAllow sudo to prompt for a password even if it would be visibleAllow users to set arbitrary environment variablesAlways run commands in a pseudo-ttyAlways send mail when sudo is runAlways set $HOME to the target user's home directoryApply defaults in the target user's login class if there is oneAttempt to establish PAM credentials for the target userAuthentication methods:Authentication timestamp timeout: %.1f minutesCompress I/O logs using zlibCould not determine audit conditionCreate a new PAM session for the command to run inDefault password prompt: %sDefault user to run commands as: %sDirectory in which to store input/output logs: %sDon't initialize the group vector to that of the target userEnvironment variables to check for sanity:Environment variables to preserve:Environment variables to remove:Error: %s_Alias `%s' referenced but not definedError: cycle in %s_Alias `%s'File containing the sudo lecture: %sFile descriptors >= %d will be closed before executing a commandFile in which to store the input/output log: %sFlags for mail program: %sIf LDAP directory is up, do we ignore local sudoers fileIf set, passprompt will override system prompt in all cases.If set, users may override the value of `closefrom' with the -C optionIf sudo is invoked with no arguments, start a shellIgnore '.' in $PATHIncorrect password message: %sInsult the user when they enter an incorrect passwordInvalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication.Lecture user the first time they run sudoLength at which to wrap log file lines (0 for no wrap): %uLocal IP address and netmask pairs: Locale to use while parsing sudoers: %sLog geometry is %d x %d, your terminal's geometry is %d x %d.Log the hostname in the (non-syslog) log fileLog the output of the command being runLog the year in the (non-syslog) log fileLog user's input for the command being runMatching Defaults entries for %s on %s: Maximum I/O log sequence number: %uNo user or hostNumber of tries to enter a password: %uOnly allow the user to run sudo if they have a ttyOnly set the effective uid to the target user, not the real uidOptions are: (e)dit sudoers file again e(x)it without saving changes to sudoers file (Q)uit and save changes to sudoers file (DANGER!) Owner of the authentication timestamp dir: %sPAM authentication error: %sPAM service name to usePAM service name to use for login shellsPassword expired, contact your system administratorPassword prompt timeout: %.1f minutesPassword:Path to authentication timestamp dir: %sPath to log file: %sPath to mail program: %sPath to the editor for use by visudo: %sPath to the sudo-specific environment file: %sPlugin for non-Unix group support: %sPreload the dummy exec functions contained in the sudo_noexec libraryPrompt for root's password, not the users'sPrompt for the runas_default user's password, not the users'sPrompt for the target user's password, not the users'sProvide visual feedback at the password prompt when there is user inputPut OTP prompt on its own lineReplaying sudo session: %s Require fully-qualified hostnames in the sudoers fileRequire users to authenticate by defaultReset the environment to a default set of variablesRoot may run sudoRun commands on a pty in the backgroundRunas and Command-specific defaults for %s: SELinux role to use in the new security context: %sSELinux type to use in the new security context: %sSecurID communication failedSend mail if the user is not allowed to run a commandSend mail if the user is not in sudoersSend mail if the user is not in sudoers for this hostSend mail if user authentication failsSet $HOME to the target user when starting a shell with -sSet of limit privilegesSet of permitted privilegesSet the LOGNAME and USER environment variablesSet the user in utmp to the runas user, not the invoking userSorry, try again.Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s. Sorry, user %s may not run sudo on %s. Subject line for mail messages: %sSudoers file grammar version %d Sudoers policy plugin version %s Syslog facility if syslog is being used for logging: %sSyslog priority to use when user authenticates successfully: %sSyslog priority to use when user authenticates unsuccessfully: %sThe umask specified in sudoers will override the user's, even if it is more permissiveThere are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option.Umask to use or 0777 to use user's: 0%oUse a separate timestamp for each user/tty comboUse faster globbing that is less accurate but does not access the filesystemUser %s is not allowed to run sudo on %s. User %s may run the following commands on %s: User ID locked for SecurID AuthenticationUsers in this group are exempt from password and PATH requirements: %sValue to override user's $PATH with: %sVisudo will honor the EDITOR environment variableWarning: %s_Alias `%s' referenced but not definedWarning: cycle in %s_Alias `%s'Warning: your terminal is too small to properly replay the log. What now? When to require a password for 'list' pseudocommand: %sWhen to require a password for 'verify' pseudocommand: %sa password is requiredaccount validation failure, is your account locked?ambiguous expression "%s"authentication failureauthentication server error: %scommand failed: '%s %s %s', %s unchangedcommand in current directorycommand not allowedcould not parse date "%s"digest for %s (%s) is not in %s formeditor (%s) failed, %s unchangederror renaming %s, %s unchangedfailed to initialise the ACE API libraryfailed to parse %s file, unknown errorfill_args: buffer overflowignoring `%s' found in '.' Use `sudo ./%s' if this is the `%s' you wish to run.illegal trailing "!"illegal trailing "or"internal error, %s overflowinternal error, unable to find %s in list!internal error: insufficient space for log lineinvalid Authentication Handle for SecurIDinvalid authentication methodsinvalid authentication typeinvalid filter option: %sinvalid max wait: %sinvalid passcode length for SecurIDinvalid regular expression: %sinvalid speed factor: %sinvalid sudoOrder attribute: %sinvalid timing file line: %sinvalid username length for SecurIDldap.conf path: %s ldap.secret path: %s lost connection to authentication serverno authentication methodsno editor found (editor path = %s)no ttyno valid sudoers sources found, quittingno value specified for `%s'nsswitch path: %s only root can use `-c %s'option `%s' does not take a valueparse error in %sparse error in %s parse error in %s near line %dparse error in %s near line %d perm stack overflowperm stack underflowpress return to edit %s: problem with defaults entriessorry, you are not allowed to preserve the environmentsorry, you are not allowed to set the following environment variables: %ssorry, you must have a tty to run sudospecified editor (%s) doesn't existstart_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()starttls not supported when using ldapssudo_ldap_build_pass1 allocation mismatchsudo_ldap_conf_add_ports: out of space expanding hostbufsudo_ldap_conf_add_ports: port too largesudo_ldap_parse_uri: out of space building hostbufsudo_putenv: corrupted envp, length mismatchsudoers specifies that root is not allowed to sudotimestamp owner (%s): No such usertimestamp path too long: %stimestamp too far in the future: %20.20stoo many levels of includestoo many processesunable to begin bsd authenticationunable to build time filterunable to cache gid %u, already existsunable to cache group %s, already existsunable to cache group list for %s, already existsunable to cache uid %u, already existsunable to cache user %s, already existsunable to change expired password: %sunable to change mode of %s to 0%ounable to change to root gidunable to change to runas gidunable to change to runas uidunable to change to sudoers gidunable to commit audit recordunable to connect to authentication serverunable to contact the SecurID serverunable to create %sunable to dup stdin: %munable to execute %sunable to execute %s: %munable to find symbol "%s" in %sunable to find symbol "group_plugin" in %sunable to forkunable to fork: %munable to format timestampunable to get GMT timeunable to get login class for user %sunable to initialize BSD authenticationunable to initialize LDAP: %sunable to initialize PAMunable to initialize SIA sessionunable to initialize SSL cert and key db: %sunable to initialize SSS source. Is SSSD installed on your machine?unable to load %s: %sunable to lock log file: %s: %sunable to mix ldap and ldaps URIsunable to mkdir %sunable to open %sunable to open audit systemunable to open log file: %s: %sunable to open pipe: %munable to parse groups for %sunable to re-open temporary file (%s), %s unchanged.unable to read %sunable to read fwtk configunable to remove %s, will reset to the Unix epochunable to reset %s to the Unix epochunable to resolve host %sunable to run %sunable to send audit messageunable to set (uid, gid) of %s to (%u, %u)unable to set runas group vectorunable to set tty to raw modeunable to stat %sunable to stat editor (%s)unable to stat temporary file (%s), %s unchangedunable to write to %sunabled to parse temporary file (%s), unknown errorunknown SecurID errorunknown defaults entry `%s'unknown group: %sunknown login class: %sunknown search term "%s"unknown search type %dunknown uid: %uunknown user: %sunmatched '(' in expressionunmatched ')' in expressionunsupported LDAP uri type: %sunsupported digest type %d for %susage: %s [-h] [-d dir] -l [search expression] usage: %s [-h] [-d dir] [-m num] [-s num] ID user NOT authorized on hostuser NOT in sudoersvalidation failurevalue `%s' is invalid for option `%s'values for `%s' must start with a '/'write erroryou are not permitted to use the -C optionyou do not exist in the %s databaseyou must set TLS_CERT in %s to use SSLzero length temporary file (%s), %s unchangedProject-Id-Version: sudoers 1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-17 10:47-0700 PO-Revision-Date: 2013-12-27 16:01+0100 Last-Translator: Jochen Hein Language-Team: German Language: German MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); Host stimmt nicht überein Kommando erlaubt Kommando verweigert Befehl nicht erkannt LDAP-Rolle: %s LDAP-Rolle: UNBEKANNT Optionen: -c, --check nur den Prüf-Modus verwenden -f, --file=datei gibt den Namen der sudoers Datei an -h, --help diese Hilfe anzeigen und beenden -q, --quiet weniger ausführliche Syntaxfehler-Meldungen -s, --strict strikte Syntax-Prüfung -V, --version Versionsinformation anzeigen und beenden -x, --export exportiere sudoers im JSON-Format Optionen: -d, --directory=Verzeichnis Geben Sie ein Verzeichnis für die Sitzungsprotokolle an -f, --filter=Filter Geben Sie an, welcher E/A-Typ angezeigt werden soll -h, --help Hilfetext anzeigen und beenden -l, --list Verfügbare Sitzungs-IDs anzeigen, die mit dem Ausdruck übereinstimmen -m, --max-wait=Zahl Maximale Wartezeit zwischen Ereignissen in Sekunden -s, --speed=Zahl Ausgabe beschleunigen oder verlangsamen -V, --version Versionsinformationen anzeigen und beenden Sudoers Eintrag: Sudoers Pfad: %s Wir gehen davon aus, dass der lokale Systemadministrator Ihnen die Regeln erklärt hat. Normalerweise läuft es auf drei Regeln hinaus: #1) Resprektieren Sie die Privatsphäre anderer. #2) Denken Sie nach bevor Sie tippen. #3) Mit großer Macht kommt große Verantwortung. Kommandos: Optionen: Reihenfolge: %s RunAsGroups: RunAsUsers: %8s : %s%8s : (Kommando fortgesetzt) %s%s – sudo-Sitzungsprotokolle abspielen %s – Die sudoers-Datei sicher bearbeiten %s und %s befinden sich nicht im gleichen Dateisystem, werden mit mv umbenannt%s ist in Verwendung, versuchen Sie es später erneut%s existiert, aber ist kein Verzeichnis (0%o)%s existiert, ist aber keine reguläre Datei (0%o)%s-Grammatik Version %d %s ist keine reguläre Datei%s darf sudo für %s nicht verwenden. Dieser Vorfall wird gemeldet. %s ist nicht in der sudoers-Datei. Dieser Vorfall wird gemeldet. %s gehört gid %u, sollte allerdings %u gehören%s gehört UID %u, sollte UID %u gehören%s ist für alle beschreibbar (world writable)%s muss der uid %d gehören%s darf nur für den Eigentümer der Datei schreibbar sein%s gehört UID %u, sollte UID %u gehören%s erfordert ein Argument%s unverändert%s Version %s %s durch nicht-Besitzer schreibbar (0%o), sollte Modus 0600 haben%s durch nicht-Besitzer schreibbar (0%o), sollte Modus 0700 haben%s/%.2s/%.2s/%.2s/Zeit: %s%s/%s/Zeit: %s%s: %s%s: %s: %s: %s%s: kann das TGT nicht verifizieren! Möglicher Angriff!: %s%s: Falsche Zugriffsrechte, sollten Modus 0%o sein %s: Kommando nicht gefunden%s: Die Major-Version %d des Group-Plugins ist inkompatibel, erwartet wird %d%s: ungültige Log-Datei%s: Analyse OK %s: Fehler beim Lesen%s: Das Feld für die »runas«-Gruppe fehlt%s: Das Feld für den »runas«-Benutzer fehlt%s: Zeitstempel %s: %s%s: Das Feld für den Zeitstempel fehlt%s: kann die Optionen nicht allozieren: %s%s: kann den Principal nicht in eine Zeichenkette konvertieren (»%s«): %s%s: kann die Credentials nicht bekommen: %s%s: kann das Rechner-Principal nicht bekommen: %s%s: kann den Credential-Cache nicht initialisieren: %s%s: kann »%s« nicht parsen: %s%s: kann den Credential-Cache nicht auflösen: %s%s: kann die Credentials nicht im Credential-Cache speichern: %s%s: Unbenutzter %s_Alias %s%s: Das Benutzerfeld fehlt%s: Falsche Besitzer-(uid, gid) sollte (%u, %u) sein %u Fehlversuch bei der Passwort-Eingabe%u Fehlversuche bei der Passwort-Eingabe*** Sicherheits-Information für %h ***Der Zugang ist abgelaufen oder in der PAM-Konfiguration fehlt der »account«-Abschnitt für sudo. Bitte wenden Sie sich an den SystemadministratorZugang oder Password ist abgelaufen, bitte Passwort zurücksetzen und nochmal probierenFüge einen Eintrag in die utmp/utmpx-Datei ein, wenn ein Pseudo-TTY erzeugt wirdMail-Adresse des Absenders: %sMail-Adresse des Empfängers: %sAlias »%s« ist bereits definiertErlaube Informationssammlung für nützliche FehlermeldungenErlaube sudo nach einem Passwort zu fragen, auch wenn das Passwort sichtbar wirdErlaube Benutzern beliebige Umgebungsvariablen zu setzenStarte Kommandos immer in einem Pseudo-TTYSende immer eine Mail wenn sudo gestartet wirdImmer die Variable $HOME auf das Home-Verzeichnis des Ziel-Benutzers setzenStandards auf die Anmeldeklasse des Zielbenutzers anwenden, falls diese vorhanden istVersuche die PAM-Credentials für den Ziel-Benutzer zu bekommenAuthentisierungsmethoden:Zeitlimit für den Authentifizierungszeitstempel: %.1f MinutenKomprimiere Ein-/Ausgabe-Logs mittels libKann den Audit-Zustand nicht bestimmenErzeuge eine neue PAM-Sitzung, um das Kommando auszuführenStandard Passwort-Prompt: %sStandardbenutzer, unter dem die Befehle ausgeführt werden: %sVerzeichnis zur Speicherung der Ein-/Ausgabe-Logs: %sDie sekundären Gruppen nicht auf die Gruppen des Ziel-Benutzers setzenPrüfe folgende Umgebungsvariablen:Erhalte folgende Umgebungsvariablen:Lösche folgende Umgebungsvariablen:Fehler: %s_Alias »%s« wird verwendet, ist aber nicht definiertFehler: zyklischer Verweis in %s_Alias »%s«Datei mit der sudo-Belehrung: %sDatei-Deskriptoren >= %d werden geschlossen, bevor ein Kommando ausgeführt wirdDatei zur Speicherung der Ein-/Ausgabe-Logs: %sParameter für das Mail-Programm: %sWenn das LDAP-Verzeichnis erreichbar ist, wird die lokale sudoers-Datei ignoriert?Überschreibt in allen Fällen bei der Passwortabfrage die Systemabfrage, falls gesetzt.Benutzer können den Wert für »closeform« mit der der Option -C überschreiben, wenn diese Option gesetzt ist.Starte eine Shell, wenn sudo ohne Parameter aufgerufen wirdIgnoriere ».« in $PATHMeldung bei Eingabe eines falschen Passwortes: %s»Beschimpfung« bei Eingabe eines falschen PasswortesUngültige Authentifizierungsmethoden sind in sudo einkompiliert! Standalone und nicht-standalone Authentifizierung können nicht zusammen verwendet werden.Belehre den Benutzer beim ersten Aufruf von sudoZeilenlänge des Logdatei für Zeilenumbruch (0 für keinen Zeilenumbruch): %uLokale IP-Adresse und Netzmaske: Beim Parsen der sudoers-Datei wird diese Locale verwendet: %sProtokollgeometrie ist %d x %d, die Geometrie Ihres Terminals ist %d x %d.Protokolliere den Hostname in der (nicht-syslog) Log-DateiDie Ausgabe des ausgeführten Befehls protokollierenProtokolliere das Jahr in der (nicht-syslog) Log-DateiBenutzereingaben für den ausgeführten Befehl protokollierenPassende Defaults-Einträge für %s auf %s: Maximale Ein-/Ausgabe-Log Sequenznummer: %uKein Benutzer oder Rechner angegebenAnzahl Versuche zur Eingabe des Passwortes: %uDer Benutzer darf sudo nur aufrufen wenn ein tty vorhanden istSetze nur die effektive UID auf den Ziel-Benutzer, nicht die reale UIDOptionen sind: sudoers-Datei (e)rneut bearbeiten Beenden, ohne die Änderungen an der sudoers-Datei zu speichern (mit x) Beenden und Änderungen an der sudoers-Datei speichern (mit Q, VORSICHT!) Besitzer des Authentifizierungszeitstempelverzeichnisses: %sFehler bei der PAM-Authentisierung: %sVerwende den PAM Service-NameVerwende den PAM Service-Name für Login-ShellsDass Passwort ist abgelaufen, bitte wenden Sie sich an den SystemadministratorZeitlimit bei der Eingabe des Passwortes: %.1f MinutenPasswort:Pfad zum Authentifizierungszeitstempel-Verzeichnis: %sPfad zur Log-Datei: %sPfad zum Mail-Programm: %sPfad zum Editor, den visudo verwendenden soll: %sPfad zur sudo-spezifischen »environment«-Datei: %sPluginh für nicht-Unix Gruppen-Unterstützung: %sDie Dummy-exec-Funktion aus der Bibliothek sudo_noexec vorladenFrage nach dem root-Passwort, nicht dem Passwort des BenutzersFrage nach dem Passwort des Benutzers »runas_default«, nicht dem Passwort des aufrufenden BenutzersFrage nach dem Passwort des Ziel-Benutzers, nicht dem Passwort des aufrufenden BenutzersSichtbare Rückmeldung bei der Passworteingabeaufforderung, wenn der Benutzer etwas eingibtSchreibe den OTP (One-Time-Passwords) Prompt in eine eigene ZeileSudo-Sitzung wird abgespielt: %s Sind voll qualifizierte Hostnamen in der sudoers-Datei notwendigStandardmäßig muss der Benutzer sich authentifizierenSetze die Umgebung auf eine Standard-Menge an Variablen zurückRoot darf sudo verwendenStarte Kommandos mit einem Pseudo-TTY im HintergrundRunas und Kommando-spezifische Standardwerte für %s: Im neuen Security-Kontext von SELinux wird diese Rolle verwendet: %sIm neuen Security-Kontext von SELinux wird dieser Typ verwendet: %sSecurID Kommunikation fehlgeschlagenSende eine Mail wenn der Benutzer nicht berechtigt ist ein Kommando auszuführenSende eine Mail wenn der Benutzer nicht in der sudoers Datei stehtSende eine Mail wenn der Benutzer nicht in der sudoers Datei für diesen Rechner stehtSende eine Mail wenn die Authentifizierung des Benutzers fehlschlägtSetze die Umgebungsvariable $HOME beim Starten einer Shell mit »-s«Menge der eingeschränkten PrivilegienMenge der erlaubten PriviliegienSetze die Umgebungsvariablen »LOGNAME« und »USER«Verwende für den Eintrag in der utmp-Datei den runas-Benutzer, nicht den aufrufenden BenutzerDas hat nicht funktioniert, bitte nochmal probieren.Tut mir leid, der Benutzer %s darf '%s%s%s' als %s%s%s auf %s nicht ausführen. Tut mir leid, der Benutzer %s darf sudo für %s nicht verwenden. Subject:-Zeile für Mails: %sSudoers-Datei Grammatik-Version %d Sudoers Policy-Plugin Version %s Syslog Facility wenn syslog für Protokollierung verwendet wird: %sSyslog Priorität wenn der Benutzer sich erfolgreich authentifiziert: %sSyslog Priorität wenn der Benutzer sich nicht erfolgreich authentifiziert: %sDie umask in sudoers überschreibt die umask des Benutzers, selbst wenn diese mehr Berechtigungen zulässtEs sind keine Authentifizierungsmethoden in sudo einkompiliert! Wenn Sie Authentifizierung wirklich abschalten wollen, verwenden Sie bitte die configure-Option »--disable-athentication«.Zu verwendende Umask oder 0777, um die Umask des Benutzers zu verwenden: 0%oVerwende getrennte Zeitstempel für jede Benutzer/tty KombinationSchnelleren Musterabgleich verwenden, der zwar ungenauer ist, aber nicht auf das Dateisystem zugreiftDer Benutzer %s darf sudo auf dem Rechner %s nicht ausführen. Der Benutzer %s darf die folgenden Kommandos auf %s ausführen: Benutzer-ID ist für SecurID-Authentisierung gesperrtBenutzer in dieser Gruppe sind von Passwort- und PATH-Anforderungen ausgenommen: %sWert, mit dem der $PATH des Benutzers überschrieben werden soll: %sVisudo beachtet die Umgebungsvariable »EDITOR«Warnung: %s_Alias »%s« wird verwendet, ist aber nicht definiertWarnung: zyklischer Verweis in %s_Alias »%s«Warnung: Ihr Terminal ist zu klein, um das Protokoll korrekt wiederzugeben. Was jetzt? Wann soll ein Passwort für den Pseudobefehl »list« erforderlich sein: %sWann soll ein Passwort für den Pseudobefehl »verify« erforderlich sein: %sEin Passwort ist notwendigFehler bei der Validierung des Zugangs, ist der Zugang gesperrt?Mehrdeutiger Ausdruck »%s«Fehler bei der AuthentisierungFehler des Authentisierungsservers: %sKommando gescheitert: »%s %s %s«, %s unverändertKommando ist im aktuellen VerzeichnisDas Kommando ist nicht erlaubtDatum »%s« konnte nicht analysiert werdenDigest für %s (%s) ist nicht in der %s FormEditor-Aufruf (%s) ist gescheitert, %s ist unverändertFehler beim Umbennenen von %s, %s unverändertDie ACE API Bibliothen konnte nicht initialisiert werdenAnalyse der Datei %s gescheitert, unbekannter Fehlerfill_args: Pufferüberlaufignoriere `%s' im aktuellen Verzeichnis ».« Verwende »sudo ./%s«, wenn dies das gewünschte Kommando »%s« ist.Ungültiges nachgestelltes »!«Ungültiges nachgestelltes »or«interner Fehler, %s ÜberlaufInterner Fehler, %s in der Liste nicht gefunden!interner Fehler: unzureichender Platz für die Protokoll-Zeileungültiges Authentication Handle für SecurIDungültige Authentisierungsmethodenungültiger AuthentisierungstypUngültige Filteroption: %sUngültige maximale Wartezeit: %sungültige Passcode Länge für SecurIDungültiger regulärer Ausdruck: %sUngültiger Geschwindigkeitsfaktor: %sungültiges »sudoOrder« Attribut: %sUngültige Zeitdateizeile: %sungültige Länge des Benutzernamens für SecurIDldap.conf Pfad: %s ldap.secret Pfad: %s Verbindung zum Authentisierungsserver verlorenkeine AuthentisierungsmethodenKein Editor gefunden (Pfad zum Editor = %s)Kein ttyKeine gültige sudoers-Quelle gefunden, ProgrammendeKein Wert für »%s« angegebennsswitch Pfad: %s Nur root kann »-c %s« verwendenDie Option »%s« wird ohne Wert verwendetSyntax-Fehler in %sAnalysefehler in %s Syntax-Fehler in %s bei der Zeile %dAnalysefehler in %s nahe Zeile %d Stack-Überlauf der PermissionsStack-Bereichsunterschreitung der PermissionsDrücken Sie die Eingabetaste, um %s zu bearbeiten: Problem mit den Standard-EinträgenUh, Sie dürfen das Environment nicht erhaltenTut mir leid, die folgenden Umgebungsvariablen dürfen nicht gesetzt werden: %sUh, Sie müssen ein TTY haben, um sudo zu verwendenDer angegebene Editor (%s) ist nicht vorhandenstart_tls ist angegeben, aber die LDAP-Bibliotheken unterstützen ldap_start_tls_s() und ldap_start_tls_s_np() nichtstarttls wird für ldaps nicht unterstütztsudo_ldap_build_pass1 ungültige Zuordnungsudo_ldap_conf_add_ports: kein Platz zum Erweitern von hostbufsudo_ldap_conf_add_ports: Port ist zu großsudo_ldap_parse_uri: kein Platz zum Erzeugen von hostbufsudo_putenv: envp ist korrupt, die Längen passen nichtsudoers gibt an, dass root sudo nicht verwenden darfZeitstempelbesitzer (%s): Benutzer existiert nichtZeitstempelpfad zu lang: %sZeitstempel ist zu weit in der Zukunft: %20.20sZu viele geschachtelte include EinträgeZu viele ProzesseKann die BSD-Authentisierung nicht beginnenKann den Filter beim Kompilieren nicht erstellenKann die gid %u nicht in den Cache aufnehmen, sie existiert bereitsKann die Gruppe %s nicht in den Cache aufnehmen, sie existiert bereitsKann die Gruppen-Liste für %s nicht in den Cache aufnehmen, sie existiert bereitskann die uid %u nicht cachen, sie existiert bereitsKann den Benutzer %s nicht in den Cache aufnehmen, er existiert bereitskann das abgelaufene Passwort nicht ändern: %s«Ändern des Modus von %s auf 0%o gescheitertKann nicht zur root GID wechselnKann nicht zur runas UID wechselnKann nicht zur runas GID wechselnKann nicht zur sudoers GID wechselnAudit-Satz kann nicht auf Platte geschrieben werdenKann nicht zum Authentisierungsserver verbindenKann den SecurID-Server nicht erreichenkann die Datei »%s« nicht erstellenKann stdin nicht duplizierenkann %s nicht ausführenKann %s nicht ausführen: %mKann das Symbol »%s« nicht in %s findenkann das Symbol "group_plugin" in %s nicht findenFehler bei fork()Fehler bei fork(): %mkann den Zeitstempel nicht formatierenkann die GMT-Zeit nicht bekommenKann die Login-Klasse des Benutzers »%s« nicht lesenKann die BSD-Authentisierung nicht beginnenKann LDAP nicht initialisieren: %sKann PAM nicht initialisierenkann die SIA Sitzung nicht initialisierenkann die Zertifikat- und Schlüsseldatenbank für SSL nicht initialisieren: %sKann die SSS_Quelle nicht initialisieren. Ist SSSD auf dem Rechner installiert?laden für %s fehlgeschlagen: %sKann die Log-Datei nicht sperren: %s: %sldap und ldaps URIs können nicht zusammen verwendet werdenkann das Verzeichnis »%s« nicht erstellenkann die Datei »%s« nicht öffnenKann das Audit-System nicht öffnenKann die Log-Datei nicht öffnen: %s: %sKann die Pipe nicht öffnen: %mKann die Gruppen für %s nicht parsenErneutes Öffnen der temporären Datei (%s) gescheitert, %s ist unverändert.kann die Datei »%s« nicht lesenKann die fwtk-Konfiguration nicht lesen%s konnte nicht entfernt werden, der Zeitraum wird auf Unix-Epoch zurückgesetztKann %s nicht auf die Unix-Epoch zurücksetzenHostname %s kann nicht aufgelöst werden%s konnte nicht ausgeführt werdenKann die Audit-Nachricht nicht sendenFestlegen von (uid, gid) von %s auf (%u, %u) gescheitertKann die runas Gruppen nicht setzenTTY konnte nicht in den Raw-Mode versetzt werdenstat konnte nicht auf %s angewandt werdenAnwenden von stat auf den Editor ist gescheitert (%s)Anwenden von stat auf die temporäre Datei (%s) gescheitert, %s ist unverändertkann die Datei »%s« nicht schreibenAnalyse der temporären Datei (%s) gescheitert, unbekannter Fehlerunbekannter SecurID Fehlerunbekannter defaults-Eintrag »%s«unbekannte Gruppe: %sunbekannte Login-Klasse: %sUnbekannter Suchbegriff »%s«Unbekannter Suchtyp %dunbekannte uid: %uunbekannter Benutzer: %s»(« ohne schließende Klammer im Ausdruck»)« ohne öffnende Klammer im AusdruckLDAP uri Typ ist nicht unterstützt: %sLDAP uri Typ %d ist nicht unterstützt für %sAufruf: %s [-h] [-d Verzeichnis] -l [search Ausdruck] Aufruf: %s [-h] [-d Verzeichnis] [-m Max_Wartezeit] [-s Geschwindigkeitsfaktor] ID Der Benutzer ist NICHT auf dem Rechner authorisiertDer Benutzer ist NICHT in der sudoersFehler bei der ValidierungDer Wert »%s« ist für die Option »%s« ungültigWerte für »%s« müssen mit einem »/« beginnenSchreibfehlerSie dürfen die -C Option nicht verwendenDer Benutzer existiert nicht in der %s DatenbankIn der Datei »%s« muss »TLS_CERT« angegeben sein um SSL zu nutzenLeere temporäre Datei (%s), %s ist unverändertsudo-1.8.9p5/plugins/sudoers/po/de.po010064400175440000012000001576261226304126600171020ustar00millertstaff# Portable object template file for the sudoers plugin # This file is put in the public domain. # Todd C. Miller , 2011-2013 # Hendrik Knackstedt , 2013 # Jochen Hein , 2001-2013. msgid "" msgstr "" "Project-Id-Version: sudoers 1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-17 10:47-0700\n" "PO-Revision-Date: 2013-12-27 16:01+0100\n" "Last-Translator: Jochen Hein \n" "Language-Team: German \n" "Language: German\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: confstr.sh:2 msgid "Password:" msgstr "Passwort:" #: confstr.sh:3 msgid "*** SECURITY information for %h ***" msgstr "*** Sicherheits-Information für %h ***" # XXX #: confstr.sh:4 msgid "Sorry, try again." msgstr "Das hat nicht funktioniert, bitte nochmal probieren." #: plugins/sudoers/alias.c:136 #, c-format msgid "Alias `%s' already defined" msgstr "Alias »%s« ist bereits definiert" #: plugins/sudoers/auth/bsdauth.c:75 #, c-format msgid "unable to get login class for user %s" msgstr "Kann die Login-Klasse des Benutzers »%s« nicht lesen" #: plugins/sudoers/auth/bsdauth.c:81 msgid "unable to begin bsd authentication" msgstr "Kann die BSD-Authentisierung nicht beginnen" #: plugins/sudoers/auth/bsdauth.c:89 msgid "invalid authentication type" msgstr "ungültiger Authentisierungstyp" #: plugins/sudoers/auth/bsdauth.c:98 msgid "unable to initialize BSD authentication" msgstr "Kann die BSD-Authentisierung nicht beginnen" #: plugins/sudoers/auth/fwtk.c:59 msgid "unable to read fwtk config" msgstr "Kann die fwtk-Konfiguration nicht lesen" #: plugins/sudoers/auth/fwtk.c:64 msgid "unable to connect to authentication server" msgstr "Kann nicht zum Authentisierungsserver verbinden" #: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 #: plugins/sudoers/auth/fwtk.c:127 msgid "lost connection to authentication server" msgstr "Verbindung zum Authentisierungsserver verloren" #: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" "Fehler des Authentisierungsservers:\n" "%s" #: plugins/sudoers/auth/kerb5.c:116 #, c-format msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s: kann den Principal nicht in eine Zeichenkette konvertieren (»%s«): %s" #: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: kann »%s« nicht parsen: %s" # XXX check source? #: plugins/sudoers/auth/kerb5.c:169 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: kann den Credential-Cache nicht auflösen: %s" #: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: kann die Optionen nicht allozieren: %s" #: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: kann die Credentials nicht bekommen: %s" #: plugins/sudoers/auth/kerb5.c:246 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: kann den Credential-Cache nicht initialisieren: %s" #: plugins/sudoers/auth/kerb5.c:250 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: kann die Credentials nicht im Credential-Cache speichern: %s" #: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: kann das Rechner-Principal nicht bekommen: %s" #: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: kann das TGT nicht verifizieren! Möglicher Angriff!: %s" #: plugins/sudoers/auth/pam.c:98 msgid "unable to initialize PAM" msgstr "Kann PAM nicht initialisieren" # XXX wie account übersetzen? #: plugins/sudoers/auth/pam.c:149 msgid "account validation failure, is your account locked?" msgstr "Fehler bei der Validierung des Zugangs, ist der Zugang gesperrt?" #: plugins/sudoers/auth/pam.c:153 msgid "Account or password is expired, reset your password and try again" msgstr "Zugang oder Password ist abgelaufen, bitte Passwort zurücksetzen und nochmal probieren" #: plugins/sudoers/auth/pam.c:161 #, c-format msgid "unable to change expired password: %s" msgstr "kann das abgelaufene Passwort nicht ändern: %s«" #: plugins/sudoers/auth/pam.c:166 msgid "Password expired, contact your system administrator" msgstr "Dass Passwort ist abgelaufen, bitte wenden Sie sich an den Systemadministrator" #: plugins/sudoers/auth/pam.c:170 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Der Zugang ist abgelaufen oder in der PAM-Konfiguration fehlt der »account«-Abschnitt für sudo. Bitte wenden Sie sich an den Systemadministrator" #: plugins/sudoers/auth/pam.c:187 #, c-format msgid "PAM authentication error: %s" msgstr "Fehler bei der PAM-Authentisierung: %s" # XXX Karl fragen #: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:222 #, c-format msgid "you do not exist in the %s database" msgstr "Der Benutzer existiert nicht in der %s Datenbank" #: plugins/sudoers/auth/securid5.c:80 msgid "failed to initialise the ACE API library" msgstr "Die ACE API Bibliothen konnte nicht initialisiert werden" #: plugins/sudoers/auth/securid5.c:106 msgid "unable to contact the SecurID server" msgstr "Kann den SecurID-Server nicht erreichen" #: plugins/sudoers/auth/securid5.c:115 msgid "User ID locked for SecurID Authentication" msgstr "Benutzer-ID ist für SecurID-Authentisierung gesperrt" #: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 msgid "invalid username length for SecurID" msgstr "ungültige Länge des Benutzernamens für SecurID" #: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 msgid "invalid Authentication Handle for SecurID" msgstr "ungültiges Authentication Handle für SecurID" #: plugins/sudoers/auth/securid5.c:127 msgid "SecurID communication failed" msgstr "SecurID Kommunikation fehlgeschlagen" #: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 msgid "unknown SecurID error" msgstr "unbekannter SecurID Fehler" #: plugins/sudoers/auth/securid5.c:165 msgid "invalid passcode length for SecurID" msgstr "ungültige Passcode Länge für SecurID" #: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "kann die SIA Sitzung nicht initialisieren" #: plugins/sudoers/auth/sudo_auth.c:119 msgid "invalid authentication methods" msgstr "ungültige Authentisierungsmethoden" #: plugins/sudoers/auth/sudo_auth.c:120 msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." msgstr "Ungültige Authentifizierungsmethoden sind in sudo einkompiliert! Standalone und nicht-standalone Authentifizierung können nicht zusammen verwendet werden." #: plugins/sudoers/auth/sudo_auth.c:203 msgid "no authentication methods" msgstr "keine Authentisierungsmethoden" #: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "Es sind keine Authentifizierungsmethoden in sudo einkompiliert! Wenn Sie Authentifizierung wirklich abschalten wollen, verwenden Sie bitte die configure-Option »--disable-athentication«." #: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "Authentisierungsmethoden:" # XXX unklar #: plugins/sudoers/bsm_audit.c:91 plugins/sudoers/bsm_audit.c:158 msgid "Could not determine audit condition" msgstr "Kann den Audit-Zustand nicht bestimmen" # XXX error at close #: plugins/sudoers/bsm_audit.c:134 plugins/sudoers/bsm_audit.c:199 msgid "unable to commit audit record" msgstr "Audit-Satz kann nicht auf Platte geschrieben werden" #: plugins/sudoers/check.c:189 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" "Administrator. It usually boils down to these three things:\n" "\n" " #1) Respect the privacy of others.\n" " #2) Think before you type.\n" " #3) With great power comes great responsibility.\n" "\n" msgstr "" "\n" "Wir gehen davon aus, dass der lokale Systemadministrator Ihnen die\n" "Regeln erklärt hat. Normalerweise läuft es auf drei Regeln hinaus:\n" "\n" " #1) Resprektieren Sie die Privatsphäre anderer.\n" " #2) Denken Sie nach bevor Sie tippen.\n" " #3) Mit großer Macht kommt große Verantwortung.\n" "\n" #: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 #: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:588 #, c-format msgid "unknown uid: %u" msgstr "unbekannte uid: %u" #: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:657 #: plugins/sudoers/sudoers.c:850 plugins/sudoers/testsudoers.c:211 #: plugins/sudoers/testsudoers.c:363 #, c-format msgid "unknown user: %s" msgstr "unbekannter Benutzer: %s" #: plugins/sudoers/def_data.c:27 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "Syslog Facility wenn syslog für Protokollierung verwendet wird: %s" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "Syslog Priorität wenn der Benutzer sich erfolgreich authentifiziert: %s" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "Syslog Priorität wenn der Benutzer sich nicht erfolgreich authentifiziert: %s" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" msgstr "Schreibe den OTP (One-Time-Passwords) Prompt in eine eigene Zeile" #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" msgstr "Ignoriere ».« in $PATH" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" msgstr "Sende immer eine Mail wenn sudo gestartet wird" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" msgstr "Sende eine Mail wenn die Authentifizierung des Benutzers fehlschlägt" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" msgstr "Sende eine Mail wenn der Benutzer nicht in der sudoers Datei steht" #: plugins/sudoers/def_data.c:59 msgid "Send mail if the user is not in sudoers for this host" msgstr "Sende eine Mail wenn der Benutzer nicht in der sudoers Datei für diesen Rechner steht" #: plugins/sudoers/def_data.c:63 msgid "Send mail if the user is not allowed to run a command" msgstr "Sende eine Mail wenn der Benutzer nicht berechtigt ist ein Kommando auszuführen" #: plugins/sudoers/def_data.c:67 msgid "Use a separate timestamp for each user/tty combo" msgstr "Verwende getrennte Zeitstempel für jede Benutzer/tty Kombination" #: plugins/sudoers/def_data.c:71 msgid "Lecture user the first time they run sudo" msgstr "Belehre den Benutzer beim ersten Aufruf von sudo" #: plugins/sudoers/def_data.c:75 #, c-format msgid "File containing the sudo lecture: %s" msgstr "Datei mit der sudo-Belehrung: %s" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" msgstr "Standardmäßig muss der Benutzer sich authentifizieren" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" msgstr "Root darf sudo verwenden" #: plugins/sudoers/def_data.c:87 msgid "Log the hostname in the (non-syslog) log file" msgstr "Protokolliere den Hostname in der (nicht-syslog) Log-Datei" #: plugins/sudoers/def_data.c:91 msgid "Log the year in the (non-syslog) log file" msgstr "Protokolliere das Jahr in der (nicht-syslog) Log-Datei" #: plugins/sudoers/def_data.c:95 msgid "If sudo is invoked with no arguments, start a shell" msgstr "Starte eine Shell, wenn sudo ohne Parameter aufgerufen wird" #: plugins/sudoers/def_data.c:99 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "Setze die Umgebungsvariable $HOME beim Starten einer Shell mit »-s«" #: plugins/sudoers/def_data.c:103 msgid "Always set $HOME to the target user's home directory" msgstr "Immer die Variable $HOME auf das Home-Verzeichnis des Ziel-Benutzers setzen" #: plugins/sudoers/def_data.c:107 msgid "Allow some information gathering to give useful error messages" msgstr "Erlaube Informationssammlung für nützliche Fehlermeldungen" #: plugins/sudoers/def_data.c:111 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "Sind voll qualifizierte Hostnamen in der sudoers-Datei notwendig" #: plugins/sudoers/def_data.c:115 msgid "Insult the user when they enter an incorrect password" msgstr "»Beschimpfung« bei Eingabe eines falschen Passwortes" #: plugins/sudoers/def_data.c:119 msgid "Only allow the user to run sudo if they have a tty" msgstr "Der Benutzer darf sudo nur aufrufen wenn ein tty vorhanden ist" #: plugins/sudoers/def_data.c:123 msgid "Visudo will honor the EDITOR environment variable" msgstr "Visudo beachtet die Umgebungsvariable »EDITOR«" #: plugins/sudoers/def_data.c:127 msgid "Prompt for root's password, not the users's" msgstr "Frage nach dem root-Passwort, nicht dem Passwort des Benutzers" #: plugins/sudoers/def_data.c:131 msgid "Prompt for the runas_default user's password, not the users's" msgstr "Frage nach dem Passwort des Benutzers »runas_default«, nicht dem Passwort des aufrufenden Benutzers" #: plugins/sudoers/def_data.c:135 msgid "Prompt for the target user's password, not the users's" msgstr "Frage nach dem Passwort des Ziel-Benutzers, nicht dem Passwort des aufrufenden Benutzers" #: plugins/sudoers/def_data.c:139 msgid "Apply defaults in the target user's login class if there is one" msgstr "Standards auf die Anmeldeklasse des Zielbenutzers anwenden, falls diese vorhanden ist" #: plugins/sudoers/def_data.c:143 msgid "Set the LOGNAME and USER environment variables" msgstr "Setze die Umgebungsvariablen »LOGNAME« und »USER«" #: plugins/sudoers/def_data.c:147 msgid "Only set the effective uid to the target user, not the real uid" msgstr "Setze nur die effektive UID auf den Ziel-Benutzer, nicht die reale UID" # XXX Keep the group list of the logged in user? #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" msgstr "Die sekundären Gruppen nicht auf die Gruppen des Ziel-Benutzers setzen" #: plugins/sudoers/def_data.c:155 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %u" msgstr "Zeilenlänge des Logdatei für Zeilenumbruch (0 für keinen Zeilenumbruch): %u" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "Zeitlimit für den Authentifizierungszeitstempel: %.1f Minuten" #: plugins/sudoers/def_data.c:163 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "Zeitlimit bei der Eingabe des Passwortes: %.1f Minuten" #: plugins/sudoers/def_data.c:167 #, c-format msgid "Number of tries to enter a password: %u" msgstr "Anzahl Versuche zur Eingabe des Passwortes: %u" #: plugins/sudoers/def_data.c:171 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "Zu verwendende Umask oder 0777, um die Umask des Benutzers zu verwenden: 0%o" #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" msgstr "Pfad zur Log-Datei: %s" #: plugins/sudoers/def_data.c:179 #, c-format msgid "Path to mail program: %s" msgstr "Pfad zum Mail-Programm: %s" #: plugins/sudoers/def_data.c:183 #, c-format msgid "Flags for mail program: %s" msgstr "Parameter für das Mail-Programm: %s" #: plugins/sudoers/def_data.c:187 #, c-format msgid "Address to send mail to: %s" msgstr "Mail-Adresse des Empfängers: %s" #: plugins/sudoers/def_data.c:191 #, c-format msgid "Address to send mail from: %s" msgstr "Mail-Adresse des Absenders: %s" #: plugins/sudoers/def_data.c:195 #, c-format msgid "Subject line for mail messages: %s" msgstr "Subject:-Zeile für Mails: %s" #: plugins/sudoers/def_data.c:199 #, c-format msgid "Incorrect password message: %s" msgstr "Meldung bei Eingabe eines falschen Passwortes: %s" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "Pfad zum Authentifizierungszeitstempel-Verzeichnis: %s" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "Besitzer des Authentifizierungszeitstempelverzeichnisses: %s" #: plugins/sudoers/def_data.c:211 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "Benutzer in dieser Gruppe sind von Passwort- und PATH-Anforderungen ausgenommen: %s" #: plugins/sudoers/def_data.c:215 #, c-format msgid "Default password prompt: %s" msgstr "Standard Passwort-Prompt: %s" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." msgstr "Überschreibt in allen Fällen bei der Passwortabfrage die Systemabfrage, falls gesetzt." #: plugins/sudoers/def_data.c:223 #, c-format msgid "Default user to run commands as: %s" msgstr "Standardbenutzer, unter dem die Befehle ausgeführt werden: %s" #: plugins/sudoers/def_data.c:227 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "Wert, mit dem der $PATH des Benutzers überschrieben werden soll: %s" #: plugins/sudoers/def_data.c:231 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "Pfad zum Editor, den visudo verwendenden soll: %s" #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "Wann soll ein Passwort für den Pseudobefehl »list« erforderlich sein: %s" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "Wann soll ein Passwort für den Pseudobefehl »verify« erforderlich sein: %s" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in the sudo_noexec library" msgstr "Die Dummy-exec-Funktion aus der Bibliothek sudo_noexec vorladen" #: plugins/sudoers/def_data.c:247 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "Wenn das LDAP-Verzeichnis erreichbar ist, wird die lokale sudoers-Datei ignoriert?" #: plugins/sudoers/def_data.c:251 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "Datei-Deskriptoren >= %d werden geschlossen, bevor ein Kommando ausgeführt wird" #: plugins/sudoers/def_data.c:255 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "Benutzer können den Wert für »closeform« mit der der Option -C überschreiben, wenn diese Option gesetzt ist." #: plugins/sudoers/def_data.c:259 msgid "Allow users to set arbitrary environment variables" msgstr "Erlaube Benutzern beliebige Umgebungsvariablen zu setzen" #: plugins/sudoers/def_data.c:263 msgid "Reset the environment to a default set of variables" msgstr "Setze die Umgebung auf eine Standard-Menge an Variablen zurück" #: plugins/sudoers/def_data.c:267 msgid "Environment variables to check for sanity:" msgstr "Prüfe folgende Umgebungsvariablen:" #: plugins/sudoers/def_data.c:271 msgid "Environment variables to remove:" msgstr "Lösche folgende Umgebungsvariablen:" #: plugins/sudoers/def_data.c:275 msgid "Environment variables to preserve:" msgstr "Erhalte folgende Umgebungsvariablen:" #: plugins/sudoers/def_data.c:279 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "Im neuen Security-Kontext von SELinux wird diese Rolle verwendet: %s" #: plugins/sudoers/def_data.c:283 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "Im neuen Security-Kontext von SELinux wird dieser Typ verwendet: %s" #: plugins/sudoers/def_data.c:287 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "Pfad zur sudo-spezifischen »environment«-Datei: %s" #: plugins/sudoers/def_data.c:291 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "Beim Parsen der sudoers-Datei wird diese Locale verwendet: %s" #: plugins/sudoers/def_data.c:295 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "Erlaube sudo nach einem Passwort zu fragen, auch wenn das Passwort sichtbar wird" #: plugins/sudoers/def_data.c:299 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "Sichtbare Rückmeldung bei der Passworteingabeaufforderung, wenn der Benutzer etwas eingibt" #: plugins/sudoers/def_data.c:303 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "Schnelleren Musterabgleich verwenden, der zwar ungenauer ist, aber nicht auf das Dateisystem zugreift" #: plugins/sudoers/def_data.c:307 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "Die umask in sudoers überschreibt die umask des Benutzers, selbst wenn diese mehr Berechtigungen zulässt" #: plugins/sudoers/def_data.c:311 msgid "Log user's input for the command being run" msgstr "Benutzereingaben für den ausgeführten Befehl protokollieren" #: plugins/sudoers/def_data.c:315 msgid "Log the output of the command being run" msgstr "Die Ausgabe des ausgeführten Befehls protokollieren" # XXX use input/output logs #: plugins/sudoers/def_data.c:319 msgid "Compress I/O logs using zlib" msgstr "Komprimiere Ein-/Ausgabe-Logs mittels lib" #: plugins/sudoers/def_data.c:323 msgid "Always run commands in a pseudo-tty" msgstr "Starte Kommandos immer in einem Pseudo-TTY" #: plugins/sudoers/def_data.c:327 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "Pluginh für nicht-Unix Gruppen-Unterstützung: %s" #: plugins/sudoers/def_data.c:331 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "Verzeichnis zur Speicherung der Ein-/Ausgabe-Logs: %s" #: plugins/sudoers/def_data.c:335 #, c-format msgid "File in which to store the input/output log: %s" msgstr "Datei zur Speicherung der Ein-/Ausgabe-Logs: %s" # XXX pty -> pseudo TTY? #: plugins/sudoers/def_data.c:339 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "Füge einen Eintrag in die utmp/utmpx-Datei ein, wenn ein Pseudo-TTY erzeugt wird" #: plugins/sudoers/def_data.c:343 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "Verwende für den Eintrag in der utmp-Datei den runas-Benutzer, nicht den aufrufenden Benutzer" #: plugins/sudoers/def_data.c:347 msgid "Set of permitted privileges" msgstr "Menge der erlaubten Priviliegien" # XXX ? #: plugins/sudoers/def_data.c:351 msgid "Set of limit privileges" msgstr "Menge der eingeschränkten Privilegien" #: plugins/sudoers/def_data.c:355 msgid "Run commands on a pty in the background" msgstr "Starte Kommandos mit einem Pseudo-TTY im Hintergrund" #: plugins/sudoers/def_data.c:359 msgid "PAM service name to use" msgstr "Verwende den PAM Service-Name" #: plugins/sudoers/def_data.c:363 msgid "PAM service name to use for login shells" msgstr "Verwende den PAM Service-Name für Login-Shells" #: plugins/sudoers/def_data.c:367 msgid "Attempt to establish PAM credentials for the target user" msgstr "Versuche die PAM-Credentials für den Ziel-Benutzer zu bekommen" #: plugins/sudoers/def_data.c:371 msgid "Create a new PAM session for the command to run in" msgstr "Erzeuge eine neue PAM-Sitzung, um das Kommando auszuführen" #: plugins/sudoers/def_data.c:375 #, c-format msgid "Maximum I/O log sequence number: %u" msgstr "Maximale Ein-/Ausgabe-Log Sequenznummer: %u" #: plugins/sudoers/defaults.c:210 plugins/sudoers/defaults.c:596 #: plugins/sudoers/visudo_json.c:611 plugins/sudoers/visudo_json.c:647 #, c-format msgid "unknown defaults entry `%s'" msgstr "unbekannter defaults-Eintrag »%s«" #: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 #: plugins/sudoers/defaults.c:248 plugins/sudoers/defaults.c:261 #: plugins/sudoers/defaults.c:274 plugins/sudoers/defaults.c:287 #: plugins/sudoers/defaults.c:300 plugins/sudoers/defaults.c:320 #: plugins/sudoers/defaults.c:330 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "Der Wert »%s« ist für die Option »%s« ungültig" #: plugins/sudoers/defaults.c:221 plugins/sudoers/defaults.c:231 #: plugins/sudoers/defaults.c:239 plugins/sudoers/defaults.c:256 #: plugins/sudoers/defaults.c:269 plugins/sudoers/defaults.c:282 #: plugins/sudoers/defaults.c:295 plugins/sudoers/defaults.c:315 #: plugins/sudoers/defaults.c:326 #, c-format msgid "no value specified for `%s'" msgstr "Kein Wert für »%s« angegeben" #: plugins/sudoers/defaults.c:244 #, c-format msgid "values for `%s' must start with a '/'" msgstr "Werte für »%s« müssen mit einem »/« beginnen" #: plugins/sudoers/defaults.c:306 #, c-format msgid "option `%s' does not take a value" msgstr "Die Option »%s« wird ohne Wert verwendet" #: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 #: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 #: plugins/sudoers/policy.c:442 plugins/sudoers/policy.c:449 #: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:656 #: plugins/sudoers/testsudoers.c:241 #, c-format msgid "internal error, %s overflow" msgstr "interner Fehler, %s Überlauf" #: plugins/sudoers/env.c:367 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: envp ist korrupt, die Längen passen nicht" #: plugins/sudoers/env.c:1014 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "Tut mir leid, die folgenden Umgebungsvariablen dürfen nicht gesetzt werden: %s" #: plugins/sudoers/group_plugin.c:94 #, c-format msgid "%s must be owned by uid %d" msgstr "%s muss der uid %d gehören" #: plugins/sudoers/group_plugin.c:98 #, c-format msgid "%s must only be writable by owner" msgstr "%s darf nur für den Eigentümer der Datei schreibbar sein" #: plugins/sudoers/group_plugin.c:105 plugins/sudoers/sssd.c:251 #, c-format msgid "unable to load %s: %s" msgstr "laden für %s fehlgeschlagen: %s" #: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "kann das Symbol \"group_plugin\" in %s nicht finden" #: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: Die Major-Version %d des Group-Plugins ist inkompatibel, erwartet wird %d" #: plugins/sudoers/interfaces.c:118 msgid "Local IP address and netmask pairs:\n" msgstr "Lokale IP-Adresse und Netzmaske:\n" #: plugins/sudoers/iolog.c:99 plugins/sudoers/iolog.c:112 #: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s existiert, aber ist kein Verzeichnis (0%o)" #: plugins/sudoers/iolog.c:109 plugins/sudoers/iolog.c:123 #: plugins/sudoers/iolog.c:127 plugins/sudoers/timestamp.c:165 #: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 #, c-format msgid "unable to mkdir %s" msgstr "kann das Verzeichnis »%s« nicht erstellen" #: plugins/sudoers/iolog.c:190 plugins/sudoers/sudoers.c:710 #: plugins/sudoers/sudoreplay.c:340 plugins/sudoers/sudoreplay.c:811 #: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/timestamp.c:155 #: plugins/sudoers/visudo.c:824 plugins/sudoers/visudo_json.c:995 #: plugins/sudoers/visudo_json.c:1003 #, c-format msgid "unable to open %s" msgstr "kann die Datei »%s« nicht öffnen" #: plugins/sudoers/iolog.c:223 plugins/sudoers/sudoers.c:713 #: plugins/sudoers/sudoreplay.c:1112 #, c-format msgid "unable to read %s" msgstr "kann die Datei »%s« nicht lesen" #: plugins/sudoers/iolog.c:247 plugins/sudoers/sudoreplay.c:580 #: plugins/sudoers/timestamp.c:159 #, c-format msgid "unable to write to %s" msgstr "kann die Datei »%s« nicht schreiben" #: plugins/sudoers/iolog.c:307 plugins/sudoers/iolog.c:500 #, c-format msgid "unable to create %s" msgstr "kann die Datei »%s« nicht erstellen" #: plugins/sudoers/ldap.c:403 msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: Port ist zu groß" # XXX ? #: plugins/sudoers/ldap.c:426 msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: kein Platz zum Erweitern von hostbuf" #: plugins/sudoers/ldap.c:458 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "LDAP uri Typ ist nicht unterstützt: %s" #: plugins/sudoers/ldap.c:489 msgid "unable to mix ldap and ldaps URIs" msgstr "ldap und ldaps URIs können nicht zusammen verwendet werden" #: plugins/sudoers/ldap.c:493 plugins/sudoers/ldap.c:525 msgid "starttls not supported when using ldaps" msgstr "starttls wird für ldaps nicht unterstützt" #: plugins/sudoers/ldap.c:511 msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: kein Platz zum Erzeugen von hostbuf" #: plugins/sudoers/ldap.c:592 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "kann die Zertifikat- und Schlüsseldatenbank für SSL nicht initialisieren: %s" #: plugins/sudoers/ldap.c:595 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "In der Datei »%s« muss »TLS_CERT« angegeben sein um SSL zu nutzen" #: plugins/sudoers/ldap.c:1086 msgid "unable to get GMT time" msgstr "kann die GMT-Zeit nicht bekommen" #: plugins/sudoers/ldap.c:1092 msgid "unable to format timestamp" msgstr "kann den Zeitstempel nicht formatieren" # XXX ? #: plugins/sudoers/ldap.c:1100 msgid "unable to build time filter" msgstr "Kann den Filter beim Kompilieren nicht erstellen" #: plugins/sudoers/ldap.c:1319 msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "sudo_ldap_build_pass1 ungültige Zuordnung" #: plugins/sudoers/ldap.c:1424 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" #: plugins/sudoers/ldap.c:1899 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" "\n" "LDAP-Rolle: %s\n" #: plugins/sudoers/ldap.c:1901 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" "\n" "LDAP-Rolle: UNBEKANNT\n" #: plugins/sudoers/ldap.c:1948 #, c-format msgid " Order: %s\n" msgstr " Reihenfolge: %s\n" #: plugins/sudoers/ldap.c:1956 plugins/sudoers/parse.c:504 #: plugins/sudoers/sssd.c:1295 #, c-format msgid " Commands:\n" msgstr " Kommandos:\n" #: plugins/sudoers/ldap.c:2499 #, c-format msgid "unable to initialize LDAP: %s" msgstr "Kann LDAP nicht initialisieren: %s" #: plugins/sudoers/ldap.c:2541 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls ist angegeben, aber die LDAP-Bibliotheken unterstützen ldap_start_tls_s() und ldap_start_tls_s_np() nicht" #: plugins/sudoers/ldap.c:2774 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "ungültiges »sudoOrder« Attribut: %s" #: plugins/sudoers/linux_audit.c:57 msgid "unable to open audit system" msgstr "Kann das Audit-System nicht öffnen" #: plugins/sudoers/linux_audit.c:93 msgid "unable to send audit message" msgstr "Kann die Audit-Nachricht nicht senden" #: plugins/sudoers/logging.c:136 #, c-format msgid "%8s : %s" msgstr "%8s : %s" #: plugins/sudoers/logging.c:164 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (Kommando fortgesetzt) %s" #: plugins/sudoers/logging.c:190 #, c-format msgid "unable to open log file: %s: %s" msgstr "Kann die Log-Datei nicht öffnen: %s: %s" #: plugins/sudoers/logging.c:193 #, c-format msgid "unable to lock log file: %s: %s" msgstr "Kann die Log-Datei nicht sperren: %s: %s" #: plugins/sudoers/logging.c:245 msgid "No user or host" msgstr "Kein Benutzer oder Rechner angegeben" #: plugins/sudoers/logging.c:247 msgid "validation failure" msgstr "Fehler bei der Validierung" #: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "Der Benutzer ist NICHT in der sudoers" #: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "Der Benutzer ist NICHT auf dem Rechner authorisiert" #: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "Das Kommando ist nicht erlaubt" #: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s ist nicht in der sudoers-Datei. Dieser Vorfall wird gemeldet.\n" #: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s darf sudo für %s nicht verwenden. Dieser Vorfall wird gemeldet.\n" #: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Tut mir leid, der Benutzer %s darf sudo für %s nicht verwenden.\n" #: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Tut mir leid, der Benutzer %s darf '%s%s%s' als %s%s%s auf %s nicht ausführen.\n" #: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:382 #: plugins/sudoers/sudoers.c:383 plugins/sudoers/sudoers.c:385 #: plugins/sudoers/sudoers.c:386 plugins/sudoers/sudoers.c:1017 #: plugins/sudoers/sudoers.c:1018 #, c-format msgid "%s: command not found" msgstr "%s: Kommando nicht gefunden" #: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:378 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" "ignoriere `%s' im aktuellen Verzeichnis ».«\n" "Verwende »sudo ./%s«, wenn dies das gewünschte Kommando »%s« ist." #: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "Fehler bei der Authentisierung" #: plugins/sudoers/logging.c:379 msgid "a password is required" msgstr "Ein Passwort ist notwendig" #: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:497 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u Fehlversuch bei der Passwort-Eingabe" msgstr[1] "%u Fehlversuche bei der Passwort-Eingabe" #: plugins/sudoers/logging.c:582 msgid "unable to fork" msgstr "Fehler bei fork()" #: plugins/sudoers/logging.c:589 plugins/sudoers/logging.c:645 #, c-format msgid "unable to fork: %m" msgstr "Fehler bei fork(): %m" #: plugins/sudoers/logging.c:635 #, c-format msgid "unable to open pipe: %m" msgstr "Kann die Pipe nicht öffnen: %m" # XXX ? #: plugins/sudoers/logging.c:660 #, c-format msgid "unable to dup stdin: %m" msgstr "Kann stdin nicht duplizieren" #: plugins/sudoers/logging.c:695 #, c-format msgid "unable to execute %s: %m" msgstr "Kann %s nicht ausführen: %m" #: plugins/sudoers/logging.c:914 msgid "internal error: insufficient space for log line" msgstr "interner Fehler: unzureichender Platz für die Protokoll-Zeile" #: plugins/sudoers/match.c:617 #, c-format msgid "unsupported digest type %d for %s" msgstr "LDAP uri Typ %d ist nicht unterstützt für %s" #: plugins/sudoers/match.c:647 #, c-format msgid "%s: read error" msgstr "%s: Fehler beim Lesen" #: plugins/sudoers/match.c:661 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "Digest für %s (%s) ist nicht in der %s Form" #: plugins/sudoers/parse.c:115 #, c-format msgid "parse error in %s near line %d" msgstr "Syntax-Fehler in %s bei der Zeile %d" #: plugins/sudoers/parse.c:118 #, c-format msgid "parse error in %s" msgstr "Syntax-Fehler in %s" #: plugins/sudoers/parse.c:451 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" "\n" "Sudoers Eintrag:\n" #: plugins/sudoers/parse.c:452 #, c-format msgid " RunAsUsers: " msgstr " RunAsUsers: " #: plugins/sudoers/parse.c:466 #, c-format msgid " RunAsGroups: " msgstr " RunAsGroups: " #: plugins/sudoers/parse.c:475 #, c-format msgid " Options: " msgstr " Optionen: " #: plugins/sudoers/policy.c:109 plugins/sudoers/policy.c:116 #: plugins/sudoers/policy.c:123 plugins/sudoers/policy.c:145 #: plugins/sudoers/policy.c:259 plugins/sudoers/policy.c:277 #: plugins/sudoers/policy.c:284 plugins/sudoers/policy.c:312 #: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:327 #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 #, c-format msgid "%s: %s" msgstr "%s: %s" #: plugins/sudoers/policy.c:539 plugins/sudoers/visudo.c:765 #, c-format msgid "unable to execute %s" msgstr "kann %s nicht ausführen" #: plugins/sudoers/policy.c:681 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Sudoers Policy-Plugin Version %s\n" #: plugins/sudoers/policy.c:683 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Sudoers-Datei Grammatik-Version %d\n" #: plugins/sudoers/policy.c:687 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" "\n" "Sudoers Pfad: %s\n" #: plugins/sudoers/policy.c:690 #, c-format msgid "nsswitch path: %s\n" msgstr "nsswitch Pfad: %s\n" #: plugins/sudoers/policy.c:692 #, c-format msgid "ldap.conf path: %s\n" msgstr "ldap.conf Pfad: %s\n" #: plugins/sudoers/policy.c:693 #, c-format msgid "ldap.secret path: %s\n" msgstr "ldap.secret Pfad: %s\n" #: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "kann die uid %u nicht cachen, sie existiert bereits" #: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "Kann den Benutzer %s nicht in den Cache aufnehmen, er existiert bereits" #: plugins/sudoers/pwutil.c:393 #, c-format msgid "unable to cache gid %u, already exists" msgstr "Kann die gid %u nicht in den Cache aufnehmen, sie existiert bereits" #: plugins/sudoers/pwutil.c:429 #, c-format msgid "unable to cache group %s, already exists" msgstr "Kann die Gruppe %s nicht in den Cache aufnehmen, sie existiert bereits" #: plugins/sudoers/pwutil.c:592 plugins/sudoers/pwutil.c:614 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "Kann die Gruppen-Liste für %s nicht in den Cache aufnehmen, sie existiert bereits" #: plugins/sudoers/pwutil.c:612 #, c-format msgid "unable to parse groups for %s" msgstr "Kann die Gruppen für %s nicht parsen" # XXX ? #: plugins/sudoers/set_perms.c:124 plugins/sudoers/set_perms.c:449 #: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1149 #: plugins/sudoers/set_perms.c:1441 msgid "perm stack overflow" msgstr "Stack-Überlauf der Permissions" #: plugins/sudoers/set_perms.c:132 plugins/sudoers/set_perms.c:457 #: plugins/sudoers/set_perms.c:860 plugins/sudoers/set_perms.c:1157 #: plugins/sudoers/set_perms.c:1449 msgid "perm stack underflow" msgstr "Stack-Bereichsunterschreitung der Permissions" # XXX ? #: plugins/sudoers/set_perms.c:191 plugins/sudoers/set_perms.c:504 #: plugins/sudoers/set_perms.c:1208 plugins/sudoers/set_perms.c:1481 msgid "unable to change to root gid" msgstr "Kann nicht zur root GID wechseln" # XXX ? #: plugins/sudoers/set_perms.c:280 plugins/sudoers/set_perms.c:601 #: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1285 msgid "unable to change to runas gid" msgstr "Kann nicht zur runas UID wechseln" # XXX ? #: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:613 #: plugins/sudoers/set_perms.c:999 plugins/sudoers/set_perms.c:1295 msgid "unable to change to runas uid" msgstr "Kann nicht zur runas GID wechseln" # XXX ? #: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:631 #: plugins/sudoers/set_perms.c:1015 plugins/sudoers/set_perms.c:1311 msgid "unable to change to sudoers gid" msgstr "Kann nicht zur sudoers GID wechseln" #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 msgid "too many processes" msgstr "Zu viele Prozesse" # XXX vector? #: plugins/sudoers/set_perms.c:1595 msgid "unable to set runas group vector" msgstr "Kann die runas Gruppen nicht setzen" #: plugins/sudoers/sssd.c:252 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "Kann die SSS_Quelle nicht initialisieren. Ist SSSD auf dem Rechner installiert?" #: plugins/sudoers/sssd.c:259 plugins/sudoers/sssd.c:267 #: plugins/sudoers/sssd.c:275 plugins/sudoers/sssd.c:283 #: plugins/sudoers/sssd.c:291 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "Kann das Symbol »%s« nicht in %s finden" #: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Passende Defaults-Einträge für %s auf %s:\n" #: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Runas und Kommando-spezifische Standardwerte für %s:\n" #: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "Der Benutzer %s darf die folgenden Kommandos auf %s ausführen:\n" #: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Der Benutzer %s darf sudo auf dem Rechner %s nicht ausführen.\n" #: plugins/sudoers/sudoers.c:154 plugins/sudoers/sudoers.c:188 #: plugins/sudoers/sudoers.c:675 msgid "problem with defaults entries" msgstr "Problem mit den Standard-Einträgen" #: plugins/sudoers/sudoers.c:160 msgid "no valid sudoers sources found, quitting" msgstr "Keine gültige sudoers-Quelle gefunden, Programmende" #: plugins/sudoers/sudoers.c:222 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers gibt an, dass root sudo nicht verwenden darf" #: plugins/sudoers/sudoers.c:261 msgid "you are not permitted to use the -C option" msgstr "Sie dürfen die -C Option nicht verwenden" #: plugins/sudoers/sudoers.c:314 #, c-format msgid "timestamp owner (%s): No such user" msgstr "Zeitstempelbesitzer (%s): Benutzer existiert nicht" #: plugins/sudoers/sudoers.c:328 msgid "no tty" msgstr "Kein tty" #: plugins/sudoers/sudoers.c:329 msgid "sorry, you must have a tty to run sudo" msgstr "Uh, Sie müssen ein TTY haben, um sudo zu verwenden" # XXX ? #: plugins/sudoers/sudoers.c:377 msgid "command in current directory" msgstr "Kommando ist im aktuellen Verzeichnis" #: plugins/sudoers/sudoers.c:394 msgid "sorry, you are not allowed to preserve the environment" msgstr "Uh, Sie dürfen das Environment nicht erhalten" #: plugins/sudoers/sudoers.c:725 plugins/sudoers/timestamp.c:216 #: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:326 #: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:591 #, c-format msgid "unable to stat %s" msgstr "stat konnte nicht auf %s angewandt werden" #: plugins/sudoers/sudoers.c:728 #, c-format msgid "%s is not a regular file" msgstr "%s ist keine reguläre Datei" #: plugins/sudoers/sudoers.c:731 toke.l:920 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s gehört UID %u, sollte UID %u gehören" #: plugins/sudoers/sudoers.c:735 toke.l:927 #, c-format msgid "%s is world writable" msgstr "%s ist für alle beschreibbar (world writable)" #: plugins/sudoers/sudoers.c:738 toke.l:932 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s gehört gid %u, sollte allerdings %u gehören" #: plugins/sudoers/sudoers.c:764 #, c-format msgid "only root can use `-c %s'" msgstr "Nur root kann »-c %s« verwenden" #: plugins/sudoers/sudoers.c:781 plugins/sudoers/sudoers.c:783 #, c-format msgid "unknown login class: %s" msgstr "unbekannte Login-Klasse: %s" # XXX #: plugins/sudoers/sudoers.c:815 #, c-format msgid "unable to resolve host %s" msgstr "Hostname %s kann nicht aufgelöst werden" #: plugins/sudoers/sudoers.c:878 plugins/sudoers/testsudoers.c:387 #, c-format msgid "unknown group: %s" msgstr "unbekannte Gruppe: %s" #: plugins/sudoers/sudoreplay.c:272 #, c-format msgid "invalid filter option: %s" msgstr "Ungültige Filteroption: %s" #: plugins/sudoers/sudoreplay.c:285 #, c-format msgid "invalid max wait: %s" msgstr "Ungültige maximale Wartezeit: %s" #: plugins/sudoers/sudoreplay.c:291 #, c-format msgid "invalid speed factor: %s" msgstr "Ungültiger Geschwindigkeitsfaktor: %s" #: plugins/sudoers/sudoreplay.c:294 plugins/sudoers/visudo.c:184 #, c-format msgid "%s version %s\n" msgstr "%s Version %s\n" #: plugins/sudoers/sudoreplay.c:326 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/Zeit: %s" #: plugins/sudoers/sudoreplay.c:332 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/Zeit: %s" #: plugins/sudoers/sudoreplay.c:348 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Sudo-Sitzung wird abgespielt: %s\n" #: plugins/sudoers/sudoreplay.c:354 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "" "Warnung: Ihr Terminal ist zu klein, um das Protokoll korrekt\n" "wiederzugeben.\n" #: plugins/sudoers/sudoreplay.c:355 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Protokollgeometrie ist %d x %d, die Geometrie Ihres Terminals ist %d x %d." #: plugins/sudoers/sudoreplay.c:410 msgid "unable to set tty to raw mode" msgstr "TTY konnte nicht in den Raw-Mode versetzt werden" # XXX #: plugins/sudoers/sudoreplay.c:441 #, c-format msgid "invalid timing file line: %s" msgstr "Ungültige Zeitdateizeile: %s" #: plugins/sudoers/sudoreplay.c:647 plugins/sudoers/sudoreplay.c:672 #, c-format msgid "ambiguous expression \"%s\"" msgstr "Mehrdeutiger Ausdruck »%s«" #: plugins/sudoers/sudoreplay.c:694 msgid "unmatched ')' in expression" msgstr "»)« ohne öffnende Klammer im Ausdruck" #: plugins/sudoers/sudoreplay.c:698 #, c-format msgid "unknown search term \"%s\"" msgstr "Unbekannter Suchbegriff »%s«" #: plugins/sudoers/sudoreplay.c:712 #, c-format msgid "%s requires an argument" msgstr "%s erfordert ein Argument" #: plugins/sudoers/sudoreplay.c:716 plugins/sudoers/sudoreplay.c:1085 #, c-format msgid "invalid regular expression: %s" msgstr "ungültiger regulärer Ausdruck: %s" #: plugins/sudoers/sudoreplay.c:722 #, c-format msgid "could not parse date \"%s\"" msgstr "Datum »%s« konnte nicht analysiert werden" #: plugins/sudoers/sudoreplay.c:731 msgid "unmatched '(' in expression" msgstr "»(« ohne schließende Klammer im Ausdruck" #: plugins/sudoers/sudoreplay.c:733 msgid "illegal trailing \"or\"" msgstr "Ungültiges nachgestelltes »or«" #: plugins/sudoers/sudoreplay.c:735 msgid "illegal trailing \"!\"" msgstr "Ungültiges nachgestelltes »!«" #: plugins/sudoers/sudoreplay.c:788 #, c-format msgid "unknown search type %d" msgstr "Unbekannter Suchtyp %d" #: plugins/sudoers/sudoreplay.c:825 #, c-format msgid "%s: invalid log file" msgstr "%s: ungültige Log-Datei" #: plugins/sudoers/sudoreplay.c:843 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: Das Feld für den Zeitstempel fehlt" #: plugins/sudoers/sudoreplay.c:850 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: Zeitstempel %s: %s" #: plugins/sudoers/sudoreplay.c:857 #, c-format msgid "%s: user field is missing" msgstr "%s: Das Benutzerfeld fehlt" #: plugins/sudoers/sudoreplay.c:865 #, c-format msgid "%s: runas user field is missing" msgstr "%s: Das Feld für den »runas«-Benutzer fehlt" #: plugins/sudoers/sudoreplay.c:873 #, c-format msgid "%s: runas group field is missing" msgstr "%s: Das Feld für die »runas«-Gruppe fehlt" # XXX #: plugins/sudoers/sudoreplay.c:1225 #, c-format msgid "usage: %s [-h] [-d dir] [-m num] [-s num] ID\n" msgstr "Aufruf: %s [-h] [-d Verzeichnis] [-m Max_Wartezeit] [-s Geschwindigkeitsfaktor] ID\n" #: plugins/sudoers/sudoreplay.c:1228 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "Aufruf: %s [-h] [-d Verzeichnis] -l [search Ausdruck]\n" #: plugins/sudoers/sudoreplay.c:1237 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" "%s – sudo-Sitzungsprotokolle abspielen\n" "\n" #: plugins/sudoers/sudoreplay.c:1239 msgid "" "\n" "Options:\n" " -d, --directory=dir specify directory for session logs\n" " -f, --filter=filter specify which I/O type(s) to display\n" " -h, --help display help message and exit\n" " -l, --list list available session IDs, with optional expression\n" " -m, --max-wait=num max number of seconds to wait between events\n" " -s, --speed=num speed up or slow down output\n" " -V, --version display version information and exit" msgstr "" "\n" "Optionen:\n" " -d, --directory=Verzeichnis Geben Sie ein Verzeichnis für die Sitzungsprotokolle an\n" " -f, --filter=Filter Geben Sie an, welcher E/A-Typ angezeigt werden soll\n" " -h, --help Hilfetext anzeigen und beenden\n" " -l, --list Verfügbare Sitzungs-IDs anzeigen, die mit dem Ausdruck übereinstimmen\n" " -m, --max-wait=Zahl Maximale Wartezeit zwischen Ereignissen in Sekunden\n" " -s, --speed=Zahl Ausgabe beschleunigen oder verlangsamen\n" " -V, --version Versionsinformationen anzeigen und beenden" #: plugins/sudoers/testsudoers.c:326 msgid "\thost unmatched" msgstr "\tHost stimmt nicht überein" #: plugins/sudoers/testsudoers.c:329 msgid "" "\n" "Command allowed" msgstr "" "\n" "Kommando erlaubt" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command denied" msgstr "" "\n" "Kommando verweigert" # XXX #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command unmatched" msgstr "" "\n" "Befehl nicht erkannt" #: plugins/sudoers/timestamp.c:133 #, c-format msgid "timestamp path too long: %s" msgstr "Zeitstempelpfad zu lang: %s" #: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 #: plugins/sudoers/timestamp.c:290 #, c-format msgid "%s owned by uid %u, should be uid %u" msgstr "%s gehört UID %u, sollte UID %u gehören" #: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0700" msgstr "%s durch nicht-Besitzer schreibbar (0%o), sollte Modus 0700 haben" #: plugins/sudoers/timestamp.c:284 #, c-format msgid "%s exists but is not a regular file (0%o)" msgstr "%s existiert, ist aber keine reguläre Datei (0%o)" #: plugins/sudoers/timestamp.c:296 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0600" msgstr "%s durch nicht-Besitzer schreibbar (0%o), sollte Modus 0600 haben" #: plugins/sudoers/timestamp.c:351 #, c-format msgid "timestamp too far in the future: %20.20s" msgstr "Zeitstempel ist zu weit in der Zukunft: %20.20s" #: plugins/sudoers/timestamp.c:405 #, c-format msgid "unable to remove %s, will reset to the Unix epoch" msgstr "%s konnte nicht entfernt werden, der Zeitraum wird auf Unix-Epoch zurückgesetzt" # XXX #: plugins/sudoers/timestamp.c:413 #, c-format msgid "unable to reset %s to the Unix epoch" msgstr "Kann %s nicht auf die Unix-Epoch zurücksetzen" #: plugins/sudoers/toke_util.c:176 msgid "fill_args: buffer overflow" msgstr "fill_args: Pufferüberlauf" #: plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" msgstr "%s-Grammatik Version %d\n" #: plugins/sudoers/visudo.c:257 plugins/sudoers/visudo.c:544 #, c-format msgid "press return to edit %s: " msgstr "Drücken Sie die Eingabetaste, um %s zu bearbeiten: " #: plugins/sudoers/visudo.c:342 plugins/sudoers/visudo.c:348 msgid "write error" msgstr "Schreibfehler" #: plugins/sudoers/visudo.c:430 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "Anwenden von stat auf die temporäre Datei (%s) gescheitert, %s ist unverändert" #: plugins/sudoers/visudo.c:435 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "Leere temporäre Datei (%s), %s ist unverändert" #: plugins/sudoers/visudo.c:441 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "Editor-Aufruf (%s) ist gescheitert, %s ist unverändert" #: plugins/sudoers/visudo.c:464 #, c-format msgid "%s unchanged" msgstr "%s unverändert" #: plugins/sudoers/visudo.c:489 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "Erneutes Öffnen der temporären Datei (%s) gescheitert, %s ist unverändert." #: plugins/sudoers/visudo.c:499 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "Analyse der temporären Datei (%s) gescheitert, unbekannter Fehler" #: plugins/sudoers/visudo.c:535 #, c-format msgid "internal error, unable to find %s in list!" msgstr "Interner Fehler, %s in der Liste nicht gefunden!" #: plugins/sudoers/visudo.c:593 plugins/sudoers/visudo.c:602 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "Festlegen von (uid, gid) von %s auf (%u, %u) gescheitert" #: plugins/sudoers/visudo.c:597 plugins/sudoers/visudo.c:607 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "Ändern des Modus von %s auf 0%o gescheitert" #: plugins/sudoers/visudo.c:624 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s und %s befinden sich nicht im gleichen Dateisystem, werden mit mv umbenannt" #: plugins/sudoers/visudo.c:638 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "Kommando gescheitert: »%s %s %s«, %s unverändert" #: plugins/sudoers/visudo.c:648 #, c-format msgid "error renaming %s, %s unchanged" msgstr "Fehler beim Umbennenen von %s, %s unverändert" #: plugins/sudoers/visudo.c:710 msgid "What now? " msgstr "Was jetzt? " #: plugins/sudoers/visudo.c:724 msgid "" "Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" "Optionen sind:\n" " sudoers-Datei (e)rneut bearbeiten\n" " Beenden, ohne die Änderungen an der sudoers-Datei zu speichern (mit x)\n" " Beenden und Änderungen an der sudoers-Datei speichern (mit Q, VORSICHT!)\n" #: plugins/sudoers/visudo.c:772 #, c-format msgid "unable to run %s" msgstr "%s konnte nicht ausgeführt werden" #: plugins/sudoers/visudo.c:798 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: Falsche Besitzer-(uid, gid) sollte (%u, %u) sein\n" #: plugins/sudoers/visudo.c:805 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: Falsche Zugriffsrechte, sollten Modus 0%o sein\n" #: plugins/sudoers/visudo.c:830 plugins/sudoers/visudo_json.c:1009 #, c-format msgid "failed to parse %s file, unknown error" msgstr "Analyse der Datei %s gescheitert, unbekannter Fehler" #: plugins/sudoers/visudo.c:846 plugins/sudoers/visudo_json.c:1018 #, c-format msgid "parse error in %s near line %d\n" msgstr "Analysefehler in %s nahe Zeile %d\n" #: plugins/sudoers/visudo.c:849 plugins/sudoers/visudo_json.c:1021 #, c-format msgid "parse error in %s\n" msgstr "Analysefehler in %s\n" #: plugins/sudoers/visudo.c:857 plugins/sudoers/visudo.c:864 #, c-format msgid "%s: parsed OK\n" msgstr "%s: Analyse OK\n" #: plugins/sudoers/visudo.c:910 #, c-format msgid "%s busy, try again later" msgstr "%s ist in Verwendung, versuchen Sie es später erneut" #: plugins/sudoers/visudo.c:954 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "Der angegebene Editor (%s) ist nicht vorhanden" #: plugins/sudoers/visudo.c:977 #, c-format msgid "unable to stat editor (%s)" msgstr "Anwenden von stat auf den Editor ist gescheitert (%s)" #: plugins/sudoers/visudo.c:1025 #, c-format msgid "no editor found (editor path = %s)" msgstr "Kein Editor gefunden (Pfad zum Editor = %s)" #: plugins/sudoers/visudo.c:1118 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "Fehler: zyklischer Verweis in %s_Alias »%s«" #: plugins/sudoers/visudo.c:1119 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "Warnung: zyklischer Verweis in %s_Alias »%s«" #: plugins/sudoers/visudo.c:1125 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "Fehler: %s_Alias »%s« wird verwendet, ist aber nicht definiert" #: plugins/sudoers/visudo.c:1126 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "Warnung: %s_Alias »%s« wird verwendet, ist aber nicht definiert" #: plugins/sudoers/visudo.c:1268 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s: Unbenutzter %s_Alias %s" #: plugins/sudoers/visudo.c:1330 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" "%s – Die sudoers-Datei sicher bearbeiten\n" "\n" #: plugins/sudoers/visudo.c:1332 msgid "" "\n" "Options:\n" " -c, --check check-only mode\n" " -f, --file=file specify sudoers file location\n" " -h, --help display help message and exit\n" " -q, --quiet less verbose (quiet) syntax error messages\n" " -s, --strict strict syntax checking\n" " -V, --version display version information and exit\n" " -x, --export=file export sudoers in JSON format" msgstr "" "\n" "Optionen:\n" " -c, --check nur den Prüf-Modus verwenden\n" " -f, --file=datei gibt den Namen der sudoers Datei an\n" " -h, --help diese Hilfe anzeigen und beenden\n" " -q, --quiet weniger ausführliche Syntaxfehler-Meldungen\n" " -s, --strict strikte Syntax-Prüfung\n" " -V, --version Versionsinformation anzeigen und beenden\n" " -x, --export exportiere sudoers im JSON-Format" #: toke.l:892 msgid "too many levels of includes" msgstr "Zu viele geschachtelte include Einträge" sudo-1.8.9p5/plugins/sudoers/po/eo.mo010064400175440000012000001065201226304146200170730ustar00millertstaffÞ•R¬ É<`arƒ“¦¶fË´2çøý  ! !&!5!G!X!a!~!#ž!9Â!ü!&")<"f"}"F–"@Ý"###B#f#{#!–#$¸#Ý# õ#$3$3E$y$–$§$®$+½$(é$%;(%d%y%ˆ% —%¸%Ø%î%"&41&!f&$ˆ&-­&Û&*ø&+#'O'f'.€'<¯'#ì'd(Au(9·(ñ()+)>F)?…)2Å)#ø)!*4>*?s*8³*ì*.+3+#P+2t+§+#Ã+1ç+<,*V,", ¤,/Å,õ,$-@8-/y-©-8Ä-<ý-F:.3.µ.É.5è.q/)/:º/$õ/'0=B0-€0'®0)Ö0*1(+1#T1x1'ˆ12°1?ã1#2-±2ß2ü2(33=3%q3 —3(¡3Ê3ß3(ø3.!4%P4Ev4+¼4=è46&5G]5¥5Ä55à5(63?6s6'…6,­63Ú637B75_7'•75½7&ó7:8U8m8.‰8=¸8ö8C9'L9"t9 —9!¸97Ú9?:AR:V”:“ë:';0§;LØ;*%<.P<)<F©<'ð<1=1J=|=@œ= Ý=7è=9 >Z>3q>¥>¿>Ö>(ö>?CZCmC!‡C©C»CÎCíC D!D6DPD6nDI¥D&ïD#E\:E'—E)¿E8éE("F2KF,~F2«F"ÞFG(GFGbG"uG˜G&´G(ÛG1H&6H']H%…H"«HÎHëH I'IGI*eI$IµIÉIáIöI J*0J[JjJ}J˜J%¯J'ÕJýJK 4K,UKC‚KÆKÜK!üKL1LCL_LL—L4µLêLüL1M$IMnMˆM™M*¶M áMN N2N0MN~N3”NÈNÞNúN O$O=OTOdOuO‘O­O!ËO/íO-PKPgP{P%ŽP%´P ÚP*æP#Q&5Q-\QÆŠQQSbSuS‡SšSªS‚ÀSöCU:WLWÕbW8X GX TXbXtX…XX'ªX)ÒXBüX?Y"_Y.‚Y±YÉYHåY<.Z)kZ)•Z¿ZÛZ$ûZ- [N[d[ s[7[7¹[&ñ[\3\:\*I\+t\ \>·\ö\],];]Z]z]‘] ®]/Ï]!ÿ]*!^,L^y^ ˜^1¹^ë^_3_:Q_!Œ_c®_F`6Y``­`É`?ä`8$a5]a(“a-¼aJêaM5b2ƒb¶b<Íb% c%0c4Vc‹c,§c1Ôc4d$;d`dxd.’dÁd#ßdAe0EeveB•eBØeQf:mf¨fÀf8Þfng6†gF½g#h2(hC[h4Ÿh7Ôh. i>;i(zi6£iÚi)öi; jD\j©¡j5Kk!k£k*¹k2äk+l Cl1Mll•l.­l)Ül2mN9m5ˆm3¾m6òmB)n'ln”nB°n,ón/ o!Po%ro5˜o6Îo6p#€;i€*¥€5Ѐ0$+U!#£Çç"÷‚):‚)d‚4Ž‚)Â*í‚)ƒ&Bƒiƒ%ˆƒ%®ƒ+Ôƒ#„+$„(P„y„‹„¥„¼„"Ù„,ü„)…8…K…i…-„…"²…Õ…ð…†9†CX†œ†"·†:Ú†‡*‡#@‡$d‡‰‡¥‡=‡ˆˆ=,ˆ4jˆŸˆ½ˆ Ôˆ-õˆ/#‰(S‰|‰%‰8¶‰ï‰9Š?ŠVŠtЇУлŠÑŠâŠ!öŠ!‹#:‹^‹-}‹A«‹!틌*Œ->Œ)lŒ –Œ!£Œ!ÅŒ7çŒ0+í4ÁGFý6RKƒLŒ¼¶” ¡zÇO«E[Àê|B%ø†i5mM¬@Ã)ÒV^’ž %Kã‡ØQB(“¾¸ÊOU(Ä#x;° Ùe &!.²®8¨4·Í#è½ßJ;:Nôü­>Aˆ¯sovd,j•I´8 "ánÏÌI><N„=@rб€¢©/Üt{5ï<›œa '+â1Ûfé)û£"—lðþ÷y˜JG‚ÝŪÿP0Š -‘H»¥Ÿ9àcºëæµE2LQ=g¦…]Rú$õ–HÔWDóÂSkä:Þ`XY* F32ZùìòTC¿.7!ÖP¤×wh§9b' Ñuñ~p_ šÈ 7&ÓÉ\$ç?‹MËŽ0Æö*å/3D,C61 }ÕAÚ -?¹Îq³ host unmatched Command allowed Command denied Command unmatched LDAP Role: %s LDAP Role: UNKNOWN Options: -c, --check check-only mode -f, --file=file specify sudoers file location -h, --help display help message and exit -q, --quiet less verbose (quiet) syntax error messages -s, --strict strict syntax checking -V, --version display version information and exit -x, --export=file export sudoers in JSON format Options: -d, --directory=dir specify directory for session logs -f, --filter=filter specify which I/O type(s) to display -h, --help display help message and exit -l, --list list available session IDs, with optional expression -m, --max-wait=num max number of seconds to wait between events -s, --speed=num speed up or slow down output -V, --version display version information and exit Sudoers entry: Sudoers path: %s We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Commands: Options: Order: %s RunAsGroups: RunAsUsers: %8s : %s%8s : (command continued) %s%s - replay sudo session logs %s - safely edit the sudoers file %s and %s not on the same file system, using mv to rename%s busy, try again later%s exists but is not a directory (0%o)%s exists but is not a regular file (0%o)%s grammar version %d %s is not a regular file%s is not allowed to run sudo on %s. This incident will be reported. %s is not in the sudoers file. This incident will be reported. %s is owned by gid %u, should be %u%s is owned by uid %u, should be %u%s is world writable%s must be owned by uid %d%s must only be writable by owner%s owned by uid %u, should be uid %u%s requires an argument%s unchanged%s version %s %s writable by non-owner (0%o), should be mode 0600%s writable by non-owner (0%o), should be mode 0700%s/%.2s/%.2s/%.2s/timing: %s%s/%s/timing: %s%s: %s%s: %s: %s: %s%s: Cannot verify TGT! Possible attack!: %s%s: bad permissions, should be mode 0%o %s: command not found%s: incompatible group plugin major version %d, expected %d%s: invalid log file%s: parsed OK %s: read error%s: runas group field is missing%s: runas user field is missing%s: time stamp %s: %s%s: time stamp field is missing%s: unable to allocate options: %s%s: unable to convert principal to string ('%s'): %s%s: unable to get credentials: %s%s: unable to get host principal: %s%s: unable to initialize credential cache: %s%s: unable to parse '%s': %s%s: unable to resolve credential cache: %s%s: unable to store credential in cache: %s%s: unused %s_Alias %s%s: user field is missing%s: wrong owner (uid, gid) should be (%u, %u) %u incorrect password attempt%u incorrect password attempts*** SECURITY information for %h ***Account expired or PAM config lacks an "account" section for sudo, contact your system administratorAccount or password is expired, reset your password and try againAdd an entry to the utmp/utmpx file when allocating a ptyAddress to send mail from: %sAddress to send mail to: %sAlias `%s' already definedAllow some information gathering to give useful error messagesAllow sudo to prompt for a password even if it would be visibleAllow users to set arbitrary environment variablesAlways run commands in a pseudo-ttyAlways send mail when sudo is runAlways set $HOME to the target user's home directoryApply defaults in the target user's login class if there is oneAttempt to establish PAM credentials for the target userAuthentication methods:Authentication timestamp timeout: %.1f minutesCompress I/O logs using zlibCould not determine audit conditionCreate a new PAM session for the command to run inDefault password prompt: %sDefault user to run commands as: %sDirectory in which to store input/output logs: %sDon't initialize the group vector to that of the target userEnvironment variables to check for sanity:Environment variables to preserve:Environment variables to remove:Error: %s_Alias `%s' referenced but not definedError: cycle in %s_Alias `%s'File containing the sudo lecture: %sFile descriptors >= %d will be closed before executing a commandFile in which to store the input/output log: %sFlags for mail program: %sIf LDAP directory is up, do we ignore local sudoers fileIf set, passprompt will override system prompt in all cases.If set, users may override the value of `closefrom' with the -C optionIf sudo is invoked with no arguments, start a shellIgnore '.' in $PATHIncorrect password message: %sInsult the user when they enter an incorrect passwordInvalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication.Lecture user the first time they run sudoLength at which to wrap log file lines (0 for no wrap): %uLocal IP address and netmask pairs: Locale to use while parsing sudoers: %sLog geometry is %d x %d, your terminal's geometry is %d x %d.Log the hostname in the (non-syslog) log fileLog the output of the command being runLog the year in the (non-syslog) log fileLog user's input for the command being runMatching Defaults entries for %s on %s: Maximum I/O log sequence number: %uNo user or hostNumber of tries to enter a password: %uOnly allow the user to run sudo if they have a ttyOnly set the effective uid to the target user, not the real uidOptions are: (e)dit sudoers file again e(x)it without saving changes to sudoers file (Q)uit and save changes to sudoers file (DANGER!) Owner of the authentication timestamp dir: %sPAM authentication error: %sPAM service name to usePAM service name to use for login shellsPassword expired, contact your system administratorPassword prompt timeout: %.1f minutesPassword:Path to authentication timestamp dir: %sPath to log file: %sPath to mail program: %sPath to the editor for use by visudo: %sPath to the sudo-specific environment file: %sPlugin for non-Unix group support: %sPreload the dummy exec functions contained in the sudo_noexec libraryPrompt for root's password, not the users'sPrompt for the runas_default user's password, not the users'sPrompt for the target user's password, not the users'sProvide visual feedback at the password prompt when there is user inputPut OTP prompt on its own lineReplaying sudo session: %s Require fully-qualified hostnames in the sudoers fileRequire users to authenticate by defaultReset the environment to a default set of variablesRoot may run sudoRun commands on a pty in the backgroundRunas and Command-specific defaults for %s: SELinux role to use in the new security context: %sSELinux type to use in the new security context: %sSecurID communication failedSend mail if the user is not allowed to run a commandSend mail if the user is not in sudoersSend mail if the user is not in sudoers for this hostSend mail if user authentication failsSet $HOME to the target user when starting a shell with -sSet of limit privilegesSet of permitted privilegesSet the LOGNAME and USER environment variablesSet the user in utmp to the runas user, not the invoking userSorry, try again.Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s. Sorry, user %s may not run sudo on %s. Subject line for mail messages: %sSudoers file grammar version %d Sudoers policy plugin version %s Syslog facility if syslog is being used for logging: %sSyslog priority to use when user authenticates successfully: %sSyslog priority to use when user authenticates unsuccessfully: %sThe umask specified in sudoers will override the user's, even if it is more permissiveThere are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option.Umask to use or 0777 to use user's: 0%oUse a separate timestamp for each user/tty comboUse faster globbing that is less accurate but does not access the filesystemUser %s is not allowed to run sudo on %s. User %s may run the following commands on %s: User ID locked for SecurID AuthenticationUsers in this group are exempt from password and PATH requirements: %sValue to override user's $PATH with: %sVisudo will honor the EDITOR environment variableWarning: %s_Alias `%s' referenced but not definedWarning: cycle in %s_Alias `%s'Warning: your terminal is too small to properly replay the log. What now? When to require a password for 'list' pseudocommand: %sWhen to require a password for 'verify' pseudocommand: %sa password is requiredaccount validation failure, is your account locked?ambiguous expression "%s"authentication failureauthentication server error: %scommand failed: '%s %s %s', %s unchangedcommand in current directorycommand not allowedcould not parse date "%s"digest for %s (%s) is not in %s formeditor (%s) failed, %s unchangederror renaming %s, %s unchangedfailed to initialise the ACE API libraryfailed to parse %s file, unknown errorfill_args: buffer overflowignoring `%s' found in '.' Use `sudo ./%s' if this is the `%s' you wish to run.illegal trailing "!"illegal trailing "or"internal error, %s overflowinternal error, unable to find %s in list!internal error: insufficient space for log lineinvalid Authentication Handle for SecurIDinvalid authentication methodsinvalid authentication typeinvalid filter option: %sinvalid max wait: %sinvalid passcode length for SecurIDinvalid regular expression: %sinvalid speed factor: %sinvalid sudoOrder attribute: %sinvalid timing file line: %sinvalid username length for SecurIDldap.conf path: %s ldap.secret path: %s lost connection to authentication serverno authentication methodsno editor found (editor path = %s)no ttyno valid sudoers sources found, quittingno value specified for `%s'nsswitch path: %s only root can use `-c %s'option `%s' does not take a valueparse error in %sparse error in %s parse error in %s near line %dparse error in %s near line %d perm stack overflowperm stack underflowpress return to edit %s: problem with defaults entriessorry, you are not allowed to preserve the environmentsorry, you are not allowed to set the following environment variables: %ssorry, you must have a tty to run sudospecified editor (%s) doesn't existstart_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()starttls not supported when using ldapssudo_ldap_build_pass1 allocation mismatchsudo_ldap_conf_add_ports: out of space expanding hostbufsudo_ldap_conf_add_ports: port too largesudo_ldap_parse_uri: out of space building hostbufsudo_putenv: corrupted envp, length mismatchsudoers specifies that root is not allowed to sudotimestamp owner (%s): No such usertimestamp path too long: %stimestamp too far in the future: %20.20stoo many levels of includestoo many processesunable to begin bsd authenticationunable to build time filterunable to cache gid %u, already existsunable to cache group %s, already existsunable to cache group list for %s, already existsunable to cache uid %u, already existsunable to cache user %s, already existsunable to change expired password: %sunable to change mode of %s to 0%ounable to change to root gidunable to change to runas gidunable to change to runas uidunable to change to sudoers gidunable to commit audit recordunable to connect to authentication serverunable to contact the SecurID serverunable to create %sunable to dup stdin: %munable to execute %sunable to execute %s: %munable to find symbol "%s" in %sunable to find symbol "group_plugin" in %sunable to forkunable to fork: %munable to format timestampunable to get GMT timeunable to get login class for user %sunable to initialize BSD authenticationunable to initialize LDAP: %sunable to initialize PAMunable to initialize SIA sessionunable to initialize SSL cert and key db: %sunable to initialize SSS source. Is SSSD installed on your machine?unable to load %s: %sunable to lock log file: %s: %sunable to mix ldap and ldaps URIsunable to mkdir %sunable to open %sunable to open audit systemunable to open log file: %s: %sunable to open pipe: %munable to parse groups for %sunable to re-open temporary file (%s), %s unchanged.unable to read %sunable to read fwtk configunable to remove %s, will reset to the Unix epochunable to reset %s to the Unix epochunable to resolve host %sunable to run %sunable to send audit messageunable to set (uid, gid) of %s to (%u, %u)unable to set runas group vectorunable to set tty to raw modeunable to stat %sunable to stat editor (%s)unable to stat temporary file (%s), %s unchangedunable to write to %sunabled to parse temporary file (%s), unknown errorunknown SecurID errorunknown defaults entry `%s'unknown group: %sunknown login class: %sunknown search term "%s"unknown search type %dunknown uid: %uunknown user: %sunmatched '(' in expressionunmatched ')' in expressionunsupported LDAP uri type: %sunsupported digest type %d for %susage: %s [-h] [-d dir] -l [search expression] usage: %s [-h] [-d dir] [-m num] [-s num] ID user NOT authorized on hostuser NOT in sudoersvalidation failurevalue `%s' is invalid for option `%s'values for `%s' must start with a '/'write erroryou are not permitted to use the -C optionyou do not exist in the %s databaseyou must set TLS_CERT in %s to use SSLzero length temporary file (%s), %s unchangedProject-Id-Version: sudoers 1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-17 10:47-0700 PO-Revision-Date: 2013-12-30 09:38-0300 Last-Translator: Felipe Castro Language-Team: Esperanto Language: eo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); X-Generator: Poedit 1.5.4 host sen egalo Komando permesata Komando rifuzata Komando sen egalo LDAP-rolo: %s LDAP-rolo: NEKONATA Modifiloj: -c, --check nur kontroli -f, --file=dosiero indiki lokon de la dosiero sudoers -h, --help montri helpan mesaÄon kaj eliri -q, --quit pli silenta pri sintaksaj eraroj -s, --strict severa kontrolado de sintakso -V, --version montri eldonon kaj eliri -x, --export=dosiero eksporti la dosieron sudoers laÅ­ JSON-formo Parametroj: -d ,--directory=dosierujo specifi dosierujon por seancaj protokoloj -f, --filter=filtrilo specifi kiajn eneligajn tipojn por montri -h, --help montri helpan mesaÄon kaj eliri -l, --list listigi haveblajn seancajn identigilojn, kiuj kongruas kun esprimo -m, --max-wait=nombro maksimuma nombro da sekundoj por atendi inter okazoj -s, --speed=nombro rapidigi aÅ­ malrapidigi eligon -V, --version eligi eldonan informon kaj eliri Ero en sudoers: Pado de sudoers: %s Ni fidas, ke vi ricevis la kutiman prelegon fare de la sistemestro. Resume memoru la jenajn: #1) Estimu la privatecon de aliaj. #2) Pensu antaÅ­ ol tajpi. #3) Granda povo devigas grandan responson. Komandoj: Elektoj: Ordo: %s RunAsGroups: RunAsUsers: %8s: %s%8s: (komando ne trovita) %s%s - refari sudo-seancajn protokolojn %s - sekure redakti la dosieron sudoers %s kaj %s ne estas la sama dosiersistemo, uzanta mv-on por alinomi%s okupata, reprovu pli malfrue%s ekzistas sed ne dosierujo (0%o)%s ekzistas sed ne estas normala dosiero (0%o)%s gramatika eldono %d %s ne estas normala dosiero%s ne estas permesata plenumigi sudo-on en %s. Ĉi tio estos raportita. %s ne estas en la dosiero sudoers. Ĉi tiu estos raportita. %s estas estrita de gid %u, devas esti %u%s estas estrita de uid %u, devas esti %u%s estas skribebla de ĉiuj%s devas esti estrata de uid %d%s devas esti skribebla nur de estro%s estas estrita de uid %u, devas esti uid %u%s bezonas parametron%s neÅanÄita%s eldono %s %s skribebla de ne-estro (0%o), devas esti reÄimo 0600%s skribebla de ne-estro (0%o), devas esti reÄimo 0700%s/%.2s/%.2s/%.2s tempo-registrado: %s%s/%s/tempo-registrado: %s%s: %s%s: %s: %s: %s%s: Ne eblas kontroli TGT! Ebla atako!: %s%s: misaj permesoj, devas esti reÄimo 0%o %s: komando ne trovita%s: nekongrua grupa kromprogramo: ĉefa eldono %d, atendita %d%s: nevalida protokol-dosiero%s: analizita senerare %s: lega eraro%s: mankas kampo de runa grupo%s: mankas kampo de runa uzanto%s: temp-indiko %s: %s%s: mankas temp-indika kampo%s: ne eblas generi elektojn: %s%s ne eblas konverti ĉefon al ĉeno ('%s'): %s%s: ne eblas akiri atestilojn: %s%s: ne eblas atingi gastiganton ĉefan: %s%s: ne eblas ekigi atestilan kaÅmemoron: %s%s: ne eblas analizi: '%s': %s%s: ne eblas trovi ccache-on: %s%s: ne eblas konservi atestilon en kaÅmemoro: %s%s neuzata %s_Alias %s%s: mankas kampo de uzanto%s: malÄusta estro (uid, gid) devas esti (%u, %u) %u malÄusta pasvorta provo%u malÄustaj pasvortaj provoj*** SEKURECO: informoj por %h ***Konto eksvalidiÄis aÅ­ PAM-agordon malhavas sekcion "account" por sudo, kontaktu vian sistemestronKonto aÅ­ pasvorto eksvalidiÄis, restarigu vian pasvorton kaj reprovuAldoni eron al la utmp/utmpx-dosiero dum generi pty-onRetpoÅtadreso adresanta: %sRetpoÅtadreso adresata: %sKromnomo '%s' jam ekzistasPermesi, ke iu informokolektado por doni utilajn eraromesaÄojnPermesi, ke sudo peti pasvorton eĉ se Äi estus videblaPermesi, ke uzantoj valorizu arbitrajn medivariablojnĈiam protokoli komandojn en pseÅ­da ttyĈiam sendi retmesaÄon kiam sudo plenumiÄasĈiam valorizi medivariablon $HOME al la hejma dosierujo de la cela uzantoApliki aÅ­tomataĵojn en la ensaluta klaso de la cela uzanto, se Äi ekzistasne eblas establi PAM-atestilojn por la cela uzantoAÅ­tentikigaj metodoj:EksvalidiÄo de la aÅ­tentikiga tempo-indikilo: %.1f minutojKunpremi eneligaj protokoloj per zlibNe eblis determini revizian kondiĉonKrei novan PAM-seancon en kiu la komando plenumiÄosDefaÅ­lta pasvorta peto: %sDefaÅ­lta uzanto por plenumigi komandojn: %sDosierujo en kiu konservi eneligaj protokoloj: %sNe ekigi la grupon vektoron al tio de la cela uzantoMedivariabloj por kontroli por sano:Medivariabloj konservi:Medivariabloj por forigi:Eraro: %s_Alias '%s' referinta sed ne difinitaEraro: ciklo en %s_Alias '%s'Dosiero havanta la sudo-averton: %sDosiero-priskribiloj >= %d fermiÄos antaÅ­ ol plenumigi komandonDosiero en kiu konservi la eneliga protokolo: %sParametroj por retpoÅtilo: %sSe LDAP-dosierujo estas aktiva, ni ignoru la lokan suders-dosieronSe aktivigita, passprompt superregas sistemajn invitojn ĉiuokaze.Se aktiva, uzantoj rajtas superregi la voloron de 'closefrom' per la parametro -CSe sudo estas vokata kun neniuj parametroj, komencu ÅelonIgnoro punkton en $PATHNeÄusta pasvorta mesaÄo: %sInsulti la uzanton, kiam si enmetas malÄustan pasvortonNevalidaj aÅ­tentikigaj metodoj kompilitaj en sudo! Vi ne rajtas miksi dependan kaj sendependan aÅ­tentikigon.Averti uzanton dum la unua fojo Äi plenumigas je sudoLongo je kiu linfaldi la protokol-dosieraj linioj (0 por senfalda): %uLoka IP-adresa kaj retmaska paroj: Lokaĵaro por uzi dum analizi dosieron sudoers: %sProtokola grando estas %dx%d, sed via terminala grando estas %dx%d.Protokoli la gastignomon en la (ne syslog) protokoloProtokoli la eligon de la komando, kiu estas plenumiÄiProtokoli la jaron en la (ne syslog) protokoloProtokoli enmeton de uzanto por la komando, kiun si plenumigasKongruantaj eroj de Defaults: %s en %s: Maksimuma sinsekva numero de la en/eliga protokolo: %uNeniu uzanto aÅ­ gastigantoNombro da provoj por enmeti pasvorton: %uNur permesi, ke uzanto plenumigu sudo-on se si havas tty-onNur valorizi la efikan uid-on al la cela uzanto, ne la realan uid-onElektoj estas: r(e)dakti refoje sudoers-dosieron x) eliri sen konservi ÅanÄojn al sudoers-dosiero q) Eliri kaj konservi ÅanÄojn al sudoers-dosiero (DANÄœERA!) Estro de la dosierujo de aÅ­tentikiga tempostampo: %seraro de aÅ­tentikiga servilo: %sPAM-servonomo por uziPAM-servonomo por uzi por ensalutaj ÅelojPasvorto eksvalidiÄis, kontaktu vian sistemestronEksvalidiÄo de la pasvortilo: %.1f minutojPasvorto:Pado al dosierujo de aÅ­tentikiga tempostampo: %sPado al protokolo: %sPado al retpoÅtilo: %sPado al la tekstoredaktilo uzota de visudo: %sPado al media dosiero specifa al sudo: %sKromprogramo por kompreno de ne-uniksaj grupoj: %sAnstaÅ­Åargi la falsan exec-funkciojn enhavatajn en la biblioteko sudo_noexecPeti la ĉefuzantan pasvorton, ne la uzanto-pasvortonPeti la pasvorton de runas_default, ne de la uzantoPeti la pasvorton de la cela uzanto, ne la nuna uzantoDoni vidajn indikojn je la pasvorta enmetanta kiam ekzistas enmetoMeti OTP-demandilon en sia propra linioRefaranta sudo-seancon: %s Postuli tute kvalifikitajn gastiganto-nomojn en la dosiero sudoersPostulas, ke uzantoj aÅ­tentikiÄu aÅ­tomateRestarigi la medion al apriora aro da variablojĈefuzanto rajtas plenumigi: sudoPlenumigi komandojn en pty en la fonoPlenumigkiela komando-specifaj aÅ­tomataĵoj por %s: SELinux-rolo por uzi en la nova sekureca kunteksto: %sSELinux-tipo por uzi en la nova sekureca kunteksto: %sKomunikiÄo kun SecurID malsukcesisSendi retmesaÄon se la uzanto ne estas permesata plenumigi komandonSendi retmesaÄon se la uzanto ne estas en sudoersSendi retmesaÄon se la uzanto ne estas en sudors por la gastigantoSendi retmesaÄon se uzanto-aÅ­tentikiÄo malsukcesasValorizi medivariablon $HOME al la cela uzanto dum komenci Åelon kun -sAro da limigaj privilegiojAro da permesitaj privilegiojValorizi la medivariablojn LOGNAME kaj USERValorizi uzanton en utmp al la plenumigkiela uzanto, ne la vokanta uzantoMalÄuste. Reprovu.BedaÅ­re uzanto %s ne rajtas plenumigi '%s%s%s'-on kiel %s%s%s en %s. BedaÅ­re uzanto %s ne rajtas plenumigi sudo-on en %s. Subjekta linio por ĉiuj mesaÄoj: %sEldono %d de la gramatikilo de sudoers Eldono %s de la konduta kromprogramo Syslog-trajto se syslog estas uzata por protokoli: %sSyslog-prioritato por uzi, kiam uzanto sukcese aÅ­tentikiÄas: %sSyslog-prioritato por uzi kiam uzanto malsukcese aÅ­tentikigas: %sLa umask specifa en sudors superregos tio de la uzanto, eĉ se Äi estas pli permesemaEkzistas neniaj aÅ­tentikigaj metodoj kompilitaj en sudo! Se vi volas malÅalti aÅ­tentikigon, uzu la agordan parametron --disable-authentication.Umask uzi aÅ­ 07777 por uzi uzanton: 0%oUzi apartan tempo-indikilon por ĉiu uzanto/tty-kombinoUzi pli rapida kunigo, kiu estas malpli Äusta sed ne atingas la dosiersistemonUzanto %s ne rajtas plenumigi sudo-on en %s. Uzanto %s rajtas plenumigi la jenajn komandojn en %s: Uzanto-identigilo Ålosita pro AÅ­tentikigo SecurIDUzantoj en la grupo en devas plenumi la postulojn de posvorto kaj PATH: %sValoro per kiu superregi la PATH-on de uzanto: %sVisudo honoru la medivariablon EDITORAverto: %s_Alias '%s' referinta sed ne difinitaAverto: ciklo en %s_Alias '%s'Averto: via terminalo estas tro malgranda por konvene reskribi la protokolon. Kion nun? Kiam postuli pasvorton por la pseÅ­dokomando 'list': %sKiam postuli pasvorton por la pseÅ­dokamando 'verify': %spasvorto estas bezonatamalsukceso ĉe konta validigo, ĉu via konto estas Ålosita?ambigua esprimo "%s"aÅ­tentiga malsukcesoeraro de aÅ­tentikiga servilo: %skomando malsukcesis: '%s %s %s', %s neÅanÄitakomando en nuna dosierujokomando ne permesatane eblis analizi daton "%s"resumo por %s (%s) ne estas laÅ­ la formo %sredaktilo (%s) malsukcesis, %s neÅanÄitaeraro dum alinomi %s-on; %s neÅanÄitamalsukcesis ekigi la bibliotekon de la API ACEmalsukcesis analizi dosieron %s, nekonata erarofill_args: bufra superfluoIgnoranta '%s'-on trovita en '.' Uzu 'sudo ./%s'-on se tio estas la '%s', kiun vi volas plenumigi.nevalida posta "!"nevalida posta "or"interna eraro, superfluo en %sinterna eraro, ne eblas trovi '%s'-on en listo!interna eraro: nesufiĉa spaco por protokola linionevalida AÅ­tentikiga Traktilo por SecurIDnevalidaj aÅ­tentikigaj metodojnevalida aÅ­tentikiga tiponevalida filtrila elekto: %snevalida maksimuma atendo: %snevalida paskoda longo por SecurIDnevalida regulesprimo: %snevalida rapida faktoro: %snevalida atributo de sudoOrdo: %snevalida linio en la tempo-registran dosieron: %snevalida salutnoma longo por SecurIDpado de ldap.conf: %s pado de ldap.secret: %s konekto al aÅ­tentikiga servilo perditaneniu aÅ­tentikiga metodoneniu tekstoredaktilo trovita (pado = %s)neniu ttyne validaj fontotekstoj de sudoers trovita, ĉesigantaneniu valoro specifita por '%s'pado de nsswitch: %s nur ĉefuzanto rajtas uzi '-c %s'parametro '%s' ne povas havi valoronanaliza eraro en %sanaliza eraro en %s analiza eraro en %s proksime al linio %danaliza eraro en %s proksime al linio %d permeso-staka superfluopermeso-staka subfluopremu enen-klavon por redakti %s-on: problemoj kun aÅ­tomataj erojbedaÅ­re vi ne rajtas konservi la medionbedaÅ­re vi ne estas permesata valorizi la jenajn medivariablojn: %sbedaÅ­re vi devas havi tty-on por plenumigi sudo-onspecifita tekstoredaktilo (%s) ne ekzistasstart_tls specifita sed LDAP-bibliotekoj ne havas la funkciojn ldap_start_tls_s() kaj ldap_start_tls_s_np()starttls ne estas regata dum uzo de ldapssudo_ldap_build_pass1: genra malkongruaĵosudo_ldap_conf_add_ports: eluzis spacon etendanta la bufronsudo_ldap_conf_add_ports: pordo tro grandasudo_ldap_parse_uri: eluzis spacon muntanta la bufronsudo_putenv: medio tro grandasudoers specifas, ke ĉefuzanto ne rajtas sudo-itempindika posedanto (%s): neniu tia uzantotempo-indikila pado tro longa: %stempo-indikilo tro estonte: %20.20stro da niveloj de inkluzivaĵojtro da procezojne eblas komenci bsd-aÅ­tentikigonne eblas munti tempan filtrilonne eblas konservi gid-on %u, jam ekzistasne eblas konservi grupon %s, jam ekzistasne eblas konservi grupan liston por %s, jam ekzistasne eblas konservi uid-on %u, jam ekzistasne eblas konservi uzanton %s, jam ekzistasne eblas ÅanÄi eksvalidan pasvorton: %sne eblas ÅanÄi reÄimon de %s al 0%one eblas ÅanÄi al radika gidne eblas ÅanÄi al plenumigkiela gidne eblas ÅanÄi al plenumigkiela uidne eblas ÅanÄi al gid de sudo-redaktantojne eblis konservi revizian rikordonne eblas konektiÄi al aÅ­tentikiga servilone eblas kontakti la servilon de SecurIDne eblas krei: %sne eblas kopii enigon: %mne eblas plenumigi: %sne eblas plenumigi %s-on: %mne eblas trovi simbolon "%s" en %sne eblas trovi simbolon "group_plugin" en %sne eblas forkine eblas forki: %mne eblas aranÄi tempostamponne eblas atingi GMT-temponne eblas akiri ensalutan klason por uzanto %sne eblas komenci BSD-aÅ­tentikigonne eblas ekigi LDAP-on: %sne eblas ekigi PAMne eblas ekigi SIA-seasconne eblas ekigi SSL-asertilon kaj Ålosilan datumbazon: %sne eblas ekigi SSS-fonton. Ĉu SSSD estas instalita en via maÅino?ne eblas ÅarÄi je %s: %sne eblas Ålosi protokolon: %s: %sne eblas miksi sekurajn kaj nesekurajn retadresojn de LDAPne eblas mkdir-i: %sne eblas malfermi: %sne eblas malfermi revizian sistemonne eblas malfermi protokolon: %s: %sne eblas malfermi tubon: %mne eblas trakti grupon en %sne eblas remalfermi provizoran dosieron (%s), %s neÅanÄita.ne eblas legi %sne eblas legi fwtk-agordonne eblas forigi la dosieron %s, restarigos al la uniksa epokone eblas restarigi la dosieron %s al la uniksa epokone eblas trovi gastiganton %sne eblas plenumigi: %sne eblas sendi revizian mesaÄonne eblas ÅanÄi (uid, gid) de %s al (%u, %u)ne eblas elekti vektoron de plenumigkiela grupone eblas elekti tty-on en nudan reÄimonne eblas stat-i: %sne eblas stat-i tekstoredaktilon (%s)ne eblas stat-i provizoron dosieron (%s), %s neÅanÄitane eblas skribi al %sne eblas analizi provizoran dosieron (%s), nekonata eraronekonata SecurID-eraronekonata ero '%s' en defaultsnekonata grupo: %snekonata ensaluta klaso: %snekonata serĉaĵo "%s"nekonata serĉtipo %dnekonata uid: %unekonata uzanto: %sesprimo kun '(' sen samnivela ')'esprimo kun ')' sen samnivela '('nekonata retadresa tipo de LDAP: %snekonata resuma tipo %d por %suzado: %s [-h] [-d dosierujo] -l [serĉaĵo] uzado: %s [-h] [-d dosierujo] [-m nombro] [-s nombro] identigilo uzanto NE permesata en gastigantouzanto NE estas en sudoersvalidiga malsukcesovaloro '%s' estas nevalida por parametro '%s'Valoroj por '%s' devas komenciÄi per '/'skriba erarovi ne rajtas uzi la parametron -Cvi ne ekzistas en la datumbazo %sTLS_CERT devas havi valoron en %s antaÅ­ ol SSL uzeblosnul-longa provizora dosiero (%s), %s neÅanÄitasudo-1.8.9p5/plugins/sudoers/po/eo.po010064400175440000012000001523371226304126200171030ustar00millertstaff# Esperanto translations for sudo package. # This file is put in the public domain. # Felipe Castro , 2013. # msgid "" msgstr "" "Project-Id-Version: sudoers 1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-17 10:47-0700\n" "PO-Revision-Date: 2013-12-30 09:38-0300\n" "Last-Translator: Felipe Castro \n" "Language-Team: Esperanto \n" "Language: eo\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Poedit 1.5.4\n" #: confstr.sh:2 msgid "Password:" msgstr "Pasvorto:" #: confstr.sh:3 msgid "*** SECURITY information for %h ***" msgstr "*** SEKURECO: informoj por %h ***" #: confstr.sh:4 msgid "Sorry, try again." msgstr "MalÄuste. Reprovu." #: plugins/sudoers/alias.c:136 #, c-format msgid "Alias `%s' already defined" msgstr "Kromnomo '%s' jam ekzistas" #: plugins/sudoers/auth/bsdauth.c:75 #, c-format msgid "unable to get login class for user %s" msgstr "ne eblas akiri ensalutan klason por uzanto %s" #: plugins/sudoers/auth/bsdauth.c:81 msgid "unable to begin bsd authentication" msgstr "ne eblas komenci bsd-aÅ­tentikigon" #: plugins/sudoers/auth/bsdauth.c:89 msgid "invalid authentication type" msgstr "nevalida aÅ­tentikiga tipo" #: plugins/sudoers/auth/bsdauth.c:98 msgid "unable to initialize BSD authentication" msgstr "ne eblas komenci BSD-aÅ­tentikigon" #: plugins/sudoers/auth/fwtk.c:59 msgid "unable to read fwtk config" msgstr "ne eblas legi fwtk-agordon" #: plugins/sudoers/auth/fwtk.c:64 msgid "unable to connect to authentication server" msgstr "ne eblas konektiÄi al aÅ­tentikiga servilo" #: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 #: plugins/sudoers/auth/fwtk.c:127 msgid "lost connection to authentication server" msgstr "konekto al aÅ­tentikiga servilo perdita" #: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" "eraro de aÅ­tentikiga servilo:\n" "%s" #: plugins/sudoers/auth/kerb5.c:116 #, c-format msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s ne eblas konverti ĉefon al ĉeno ('%s'): %s" #: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: ne eblas analizi: '%s': %s" #: plugins/sudoers/auth/kerb5.c:169 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: ne eblas trovi ccache-on: %s" #: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: ne eblas generi elektojn: %s" #: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: ne eblas akiri atestilojn: %s" #: plugins/sudoers/auth/kerb5.c:246 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: ne eblas ekigi atestilan kaÅmemoron: %s" #: plugins/sudoers/auth/kerb5.c:250 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: ne eblas konservi atestilon en kaÅmemoro: %s" #: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: ne eblas atingi gastiganton ĉefan: %s" #: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: Ne eblas kontroli TGT! Ebla atako!: %s" #: plugins/sudoers/auth/pam.c:98 msgid "unable to initialize PAM" msgstr "ne eblas ekigi PAM" #: plugins/sudoers/auth/pam.c:149 msgid "account validation failure, is your account locked?" msgstr "malsukceso ĉe konta validigo, ĉu via konto estas Ålosita?" #: plugins/sudoers/auth/pam.c:153 msgid "Account or password is expired, reset your password and try again" msgstr "Konto aÅ­ pasvorto eksvalidiÄis, restarigu vian pasvorton kaj reprovu" #: plugins/sudoers/auth/pam.c:161 #, c-format msgid "unable to change expired password: %s" msgstr "ne eblas ÅanÄi eksvalidan pasvorton: %s" #: plugins/sudoers/auth/pam.c:166 msgid "Password expired, contact your system administrator" msgstr "Pasvorto eksvalidiÄis, kontaktu vian sistemestron" #: plugins/sudoers/auth/pam.c:170 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Konto eksvalidiÄis aÅ­ PAM-agordon malhavas sekcion \"account\" por sudo, kontaktu vian sistemestron" #: plugins/sudoers/auth/pam.c:187 #, c-format msgid "PAM authentication error: %s" msgstr "eraro de aÅ­tentikiga servilo: %s" #: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:222 #, c-format msgid "you do not exist in the %s database" msgstr "vi ne ekzistas en la datumbazo %s" #: plugins/sudoers/auth/securid5.c:80 msgid "failed to initialise the ACE API library" msgstr "malsukcesis ekigi la bibliotekon de la API ACE" #: plugins/sudoers/auth/securid5.c:106 msgid "unable to contact the SecurID server" msgstr "ne eblas kontakti la servilon de SecurID" #: plugins/sudoers/auth/securid5.c:115 msgid "User ID locked for SecurID Authentication" msgstr "Uzanto-identigilo Ålosita pro AÅ­tentikigo SecurID" #: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 msgid "invalid username length for SecurID" msgstr "nevalida salutnoma longo por SecurID" #: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 msgid "invalid Authentication Handle for SecurID" msgstr "nevalida AÅ­tentikiga Traktilo por SecurID" #: plugins/sudoers/auth/securid5.c:127 msgid "SecurID communication failed" msgstr "KomunikiÄo kun SecurID malsukcesis" #: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 msgid "unknown SecurID error" msgstr "nekonata SecurID-eraro" #: plugins/sudoers/auth/securid5.c:165 msgid "invalid passcode length for SecurID" msgstr "nevalida paskoda longo por SecurID" #: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "ne eblas ekigi SIA-seascon" #: plugins/sudoers/auth/sudo_auth.c:119 msgid "invalid authentication methods" msgstr "nevalidaj aÅ­tentikigaj metodoj" #: plugins/sudoers/auth/sudo_auth.c:120 msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." msgstr "Nevalidaj aÅ­tentikigaj metodoj kompilitaj en sudo! Vi ne rajtas miksi dependan kaj sendependan aÅ­tentikigon." #: plugins/sudoers/auth/sudo_auth.c:203 msgid "no authentication methods" msgstr "neniu aÅ­tentikiga metodo" #: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "Ekzistas neniaj aÅ­tentikigaj metodoj kompilitaj en sudo! Se vi volas malÅalti aÅ­tentikigon, uzu la agordan parametron --disable-authentication." #: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "AÅ­tentikigaj metodoj:" #: plugins/sudoers/bsm_audit.c:91 plugins/sudoers/bsm_audit.c:158 msgid "Could not determine audit condition" msgstr "Ne eblis determini revizian kondiĉon" #: plugins/sudoers/bsm_audit.c:134 plugins/sudoers/bsm_audit.c:199 msgid "unable to commit audit record" msgstr "ne eblis konservi revizian rikordon" #: plugins/sudoers/check.c:189 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" "Administrator. It usually boils down to these three things:\n" "\n" " #1) Respect the privacy of others.\n" " #2) Think before you type.\n" " #3) With great power comes great responsibility.\n" "\n" msgstr "" "\n" "Ni fidas, ke vi ricevis la kutiman prelegon fare de la sistemestro.\n" "Resume memoru la jenajn:\n" "\n" " #1) Estimu la privatecon de aliaj.\n" " #2) Pensu antaÅ­ ol tajpi.\n" " #3) Granda povo devigas grandan responson.\n" "\n" #: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 #: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:588 #, c-format msgid "unknown uid: %u" msgstr "nekonata uid: %u" #: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:657 #: plugins/sudoers/sudoers.c:850 plugins/sudoers/testsudoers.c:211 #: plugins/sudoers/testsudoers.c:363 #, c-format msgid "unknown user: %s" msgstr "nekonata uzanto: %s" #: plugins/sudoers/def_data.c:27 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "Syslog-trajto se syslog estas uzata por protokoli: %s" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "Syslog-prioritato por uzi, kiam uzanto sukcese aÅ­tentikiÄas: %s" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "Syslog-prioritato por uzi kiam uzanto malsukcese aÅ­tentikigas: %s" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" msgstr "Meti OTP-demandilon en sia propra linio" #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" msgstr "Ignoro punkton en $PATH" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" msgstr "Ĉiam sendi retmesaÄon kiam sudo plenumiÄas" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" msgstr "Sendi retmesaÄon se uzanto-aÅ­tentikiÄo malsukcesas" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" msgstr "Sendi retmesaÄon se la uzanto ne estas en sudoers" #: plugins/sudoers/def_data.c:59 msgid "Send mail if the user is not in sudoers for this host" msgstr "Sendi retmesaÄon se la uzanto ne estas en sudors por la gastiganto" #: plugins/sudoers/def_data.c:63 msgid "Send mail if the user is not allowed to run a command" msgstr "Sendi retmesaÄon se la uzanto ne estas permesata plenumigi komandon" #: plugins/sudoers/def_data.c:67 msgid "Use a separate timestamp for each user/tty combo" msgstr "Uzi apartan tempo-indikilon por ĉiu uzanto/tty-kombino" #: plugins/sudoers/def_data.c:71 msgid "Lecture user the first time they run sudo" msgstr "Averti uzanton dum la unua fojo Äi plenumigas je sudo" #: plugins/sudoers/def_data.c:75 #, c-format msgid "File containing the sudo lecture: %s" msgstr "Dosiero havanta la sudo-averton: %s" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" msgstr "Postulas, ke uzantoj aÅ­tentikiÄu aÅ­tomate" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" msgstr "Ĉefuzanto rajtas plenumigi: sudo" #: plugins/sudoers/def_data.c:87 msgid "Log the hostname in the (non-syslog) log file" msgstr "Protokoli la gastignomon en la (ne syslog) protokolo" #: plugins/sudoers/def_data.c:91 msgid "Log the year in the (non-syslog) log file" msgstr "Protokoli la jaron en la (ne syslog) protokolo" #: plugins/sudoers/def_data.c:95 msgid "If sudo is invoked with no arguments, start a shell" msgstr "Se sudo estas vokata kun neniuj parametroj, komencu Åelon" #: plugins/sudoers/def_data.c:99 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "Valorizi medivariablon $HOME al la cela uzanto dum komenci Åelon kun -s" #: plugins/sudoers/def_data.c:103 msgid "Always set $HOME to the target user's home directory" msgstr "Ĉiam valorizi medivariablon $HOME al la hejma dosierujo de la cela uzanto" #: plugins/sudoers/def_data.c:107 msgid "Allow some information gathering to give useful error messages" msgstr "Permesi, ke iu informokolektado por doni utilajn eraromesaÄojn" #: plugins/sudoers/def_data.c:111 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "Postuli tute kvalifikitajn gastiganto-nomojn en la dosiero sudoers" #: plugins/sudoers/def_data.c:115 msgid "Insult the user when they enter an incorrect password" msgstr "Insulti la uzanton, kiam si enmetas malÄustan pasvorton" #: plugins/sudoers/def_data.c:119 msgid "Only allow the user to run sudo if they have a tty" msgstr "Nur permesi, ke uzanto plenumigu sudo-on se si havas tty-on" #: plugins/sudoers/def_data.c:123 msgid "Visudo will honor the EDITOR environment variable" msgstr "Visudo honoru la medivariablon EDITOR" #: plugins/sudoers/def_data.c:127 msgid "Prompt for root's password, not the users's" msgstr "Peti la ĉefuzantan pasvorton, ne la uzanto-pasvorton" #: plugins/sudoers/def_data.c:131 msgid "Prompt for the runas_default user's password, not the users's" msgstr "Peti la pasvorton de runas_default, ne de la uzanto" #: plugins/sudoers/def_data.c:135 msgid "Prompt for the target user's password, not the users's" msgstr "Peti la pasvorton de la cela uzanto, ne la nuna uzanto" #: plugins/sudoers/def_data.c:139 msgid "Apply defaults in the target user's login class if there is one" msgstr "Apliki aÅ­tomataĵojn en la ensaluta klaso de la cela uzanto, se Äi ekzistas" #: plugins/sudoers/def_data.c:143 msgid "Set the LOGNAME and USER environment variables" msgstr "Valorizi la medivariablojn LOGNAME kaj USER" #: plugins/sudoers/def_data.c:147 msgid "Only set the effective uid to the target user, not the real uid" msgstr "Nur valorizi la efikan uid-on al la cela uzanto, ne la realan uid-on" #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" msgstr "Ne ekigi la grupon vektoron al tio de la cela uzanto" #: plugins/sudoers/def_data.c:155 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %u" msgstr "Longo je kiu linfaldi la protokol-dosieraj linioj (0 por senfalda): %u" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "EksvalidiÄo de la aÅ­tentikiga tempo-indikilo: %.1f minutoj" #: plugins/sudoers/def_data.c:163 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "EksvalidiÄo de la pasvortilo: %.1f minutoj" #: plugins/sudoers/def_data.c:167 #, c-format msgid "Number of tries to enter a password: %u" msgstr "Nombro da provoj por enmeti pasvorton: %u" #: plugins/sudoers/def_data.c:171 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "Umask uzi aÅ­ 07777 por uzi uzanton: 0%o" #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" msgstr "Pado al protokolo: %s" #: plugins/sudoers/def_data.c:179 #, c-format msgid "Path to mail program: %s" msgstr "Pado al retpoÅtilo: %s" #: plugins/sudoers/def_data.c:183 #, c-format msgid "Flags for mail program: %s" msgstr "Parametroj por retpoÅtilo: %s" #: plugins/sudoers/def_data.c:187 #, c-format msgid "Address to send mail to: %s" msgstr "RetpoÅtadreso adresata: %s" #: plugins/sudoers/def_data.c:191 #, c-format msgid "Address to send mail from: %s" msgstr "RetpoÅtadreso adresanta: %s" #: plugins/sudoers/def_data.c:195 #, c-format msgid "Subject line for mail messages: %s" msgstr "Subjekta linio por ĉiuj mesaÄoj: %s" #: plugins/sudoers/def_data.c:199 #, c-format msgid "Incorrect password message: %s" msgstr "NeÄusta pasvorta mesaÄo: %s" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "Pado al dosierujo de aÅ­tentikiga tempostampo: %s" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "Estro de la dosierujo de aÅ­tentikiga tempostampo: %s" #: plugins/sudoers/def_data.c:211 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "Uzantoj en la grupo en devas plenumi la postulojn de posvorto kaj PATH: %s" #: plugins/sudoers/def_data.c:215 #, c-format msgid "Default password prompt: %s" msgstr "DefaÅ­lta pasvorta peto: %s" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." msgstr "Se aktivigita, passprompt superregas sistemajn invitojn ĉiuokaze." #: plugins/sudoers/def_data.c:223 #, c-format msgid "Default user to run commands as: %s" msgstr "DefaÅ­lta uzanto por plenumigi komandojn: %s" #: plugins/sudoers/def_data.c:227 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "Valoro per kiu superregi la PATH-on de uzanto: %s" #: plugins/sudoers/def_data.c:231 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "Pado al la tekstoredaktilo uzota de visudo: %s" #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "Kiam postuli pasvorton por la pseÅ­dokomando 'list': %s" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "Kiam postuli pasvorton por la pseÅ­dokamando 'verify': %s" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in the sudo_noexec library" msgstr "AnstaÅ­Åargi la falsan exec-funkciojn enhavatajn en la biblioteko sudo_noexec" #: plugins/sudoers/def_data.c:247 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "Se LDAP-dosierujo estas aktiva, ni ignoru la lokan suders-dosieron" #: plugins/sudoers/def_data.c:251 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "Dosiero-priskribiloj >= %d fermiÄos antaÅ­ ol plenumigi komandon" #: plugins/sudoers/def_data.c:255 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "Se aktiva, uzantoj rajtas superregi la voloron de 'closefrom' per la parametro -C" #: plugins/sudoers/def_data.c:259 msgid "Allow users to set arbitrary environment variables" msgstr "Permesi, ke uzantoj valorizu arbitrajn medivariablojn" #: plugins/sudoers/def_data.c:263 msgid "Reset the environment to a default set of variables" msgstr "Restarigi la medion al apriora aro da variabloj" #: plugins/sudoers/def_data.c:267 msgid "Environment variables to check for sanity:" msgstr "Medivariabloj por kontroli por sano:" #: plugins/sudoers/def_data.c:271 msgid "Environment variables to remove:" msgstr "Medivariabloj por forigi:" #: plugins/sudoers/def_data.c:275 msgid "Environment variables to preserve:" msgstr "Medivariabloj konservi:" #: plugins/sudoers/def_data.c:279 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "SELinux-rolo por uzi en la nova sekureca kunteksto: %s" #: plugins/sudoers/def_data.c:283 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "SELinux-tipo por uzi en la nova sekureca kunteksto: %s" #: plugins/sudoers/def_data.c:287 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "Pado al media dosiero specifa al sudo: %s" #: plugins/sudoers/def_data.c:291 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "Lokaĵaro por uzi dum analizi dosieron sudoers: %s" #: plugins/sudoers/def_data.c:295 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "Permesi, ke sudo peti pasvorton eĉ se Äi estus videbla" #: plugins/sudoers/def_data.c:299 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "Doni vidajn indikojn je la pasvorta enmetanta kiam ekzistas enmeto" #: plugins/sudoers/def_data.c:303 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "Uzi pli rapida kunigo, kiu estas malpli Äusta sed ne atingas la dosiersistemon" #: plugins/sudoers/def_data.c:307 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "La umask specifa en sudors superregos tio de la uzanto, eĉ se Äi estas pli permesema" #: plugins/sudoers/def_data.c:311 msgid "Log user's input for the command being run" msgstr "Protokoli enmeton de uzanto por la komando, kiun si plenumigas" #: plugins/sudoers/def_data.c:315 msgid "Log the output of the command being run" msgstr "Protokoli la eligon de la komando, kiu estas plenumiÄi" #: plugins/sudoers/def_data.c:319 msgid "Compress I/O logs using zlib" msgstr "Kunpremi eneligaj protokoloj per zlib" #: plugins/sudoers/def_data.c:323 msgid "Always run commands in a pseudo-tty" msgstr "Ĉiam protokoli komandojn en pseÅ­da tty" #: plugins/sudoers/def_data.c:327 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "Kromprogramo por kompreno de ne-uniksaj grupoj: %s" #: plugins/sudoers/def_data.c:331 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "Dosierujo en kiu konservi eneligaj protokoloj: %s" #: plugins/sudoers/def_data.c:335 #, c-format msgid "File in which to store the input/output log: %s" msgstr "Dosiero en kiu konservi la eneliga protokolo: %s" #: plugins/sudoers/def_data.c:339 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "Aldoni eron al la utmp/utmpx-dosiero dum generi pty-on" #: plugins/sudoers/def_data.c:343 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "Valorizi uzanton en utmp al la plenumigkiela uzanto, ne la vokanta uzanto" #: plugins/sudoers/def_data.c:347 msgid "Set of permitted privileges" msgstr "Aro da permesitaj privilegioj" #: plugins/sudoers/def_data.c:351 msgid "Set of limit privileges" msgstr "Aro da limigaj privilegioj" #: plugins/sudoers/def_data.c:355 msgid "Run commands on a pty in the background" msgstr "Plenumigi komandojn en pty en la fono" #: plugins/sudoers/def_data.c:359 msgid "PAM service name to use" msgstr "PAM-servonomo por uzi" #: plugins/sudoers/def_data.c:363 msgid "PAM service name to use for login shells" msgstr "PAM-servonomo por uzi por ensalutaj Åeloj" #: plugins/sudoers/def_data.c:367 msgid "Attempt to establish PAM credentials for the target user" msgstr "ne eblas establi PAM-atestilojn por la cela uzanto" #: plugins/sudoers/def_data.c:371 msgid "Create a new PAM session for the command to run in" msgstr "Krei novan PAM-seancon en kiu la komando plenumiÄos" #: plugins/sudoers/def_data.c:375 #, c-format msgid "Maximum I/O log sequence number: %u" msgstr "Maksimuma sinsekva numero de la en/eliga protokolo: %u" #: plugins/sudoers/defaults.c:210 plugins/sudoers/defaults.c:596 #: plugins/sudoers/visudo_json.c:611 plugins/sudoers/visudo_json.c:647 #, c-format msgid "unknown defaults entry `%s'" msgstr "nekonata ero '%s' en defaults" #: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 #: plugins/sudoers/defaults.c:248 plugins/sudoers/defaults.c:261 #: plugins/sudoers/defaults.c:274 plugins/sudoers/defaults.c:287 #: plugins/sudoers/defaults.c:300 plugins/sudoers/defaults.c:320 #: plugins/sudoers/defaults.c:330 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "valoro '%s' estas nevalida por parametro '%s'" #: plugins/sudoers/defaults.c:221 plugins/sudoers/defaults.c:231 #: plugins/sudoers/defaults.c:239 plugins/sudoers/defaults.c:256 #: plugins/sudoers/defaults.c:269 plugins/sudoers/defaults.c:282 #: plugins/sudoers/defaults.c:295 plugins/sudoers/defaults.c:315 #: plugins/sudoers/defaults.c:326 #, c-format msgid "no value specified for `%s'" msgstr "neniu valoro specifita por '%s'" #: plugins/sudoers/defaults.c:244 #, c-format msgid "values for `%s' must start with a '/'" msgstr "Valoroj por '%s' devas komenciÄi per '/'" #: plugins/sudoers/defaults.c:306 #, c-format msgid "option `%s' does not take a value" msgstr "parametro '%s' ne povas havi valoron" #: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 #: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 #: plugins/sudoers/policy.c:442 plugins/sudoers/policy.c:449 #: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:656 #: plugins/sudoers/testsudoers.c:241 #, c-format msgid "internal error, %s overflow" msgstr "interna eraro, superfluo en %s" #: plugins/sudoers/env.c:367 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: medio tro granda" #: plugins/sudoers/env.c:1014 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "bedaÅ­re vi ne estas permesata valorizi la jenajn medivariablojn: %s" #: plugins/sudoers/group_plugin.c:94 #, c-format msgid "%s must be owned by uid %d" msgstr "%s devas esti estrata de uid %d" #: plugins/sudoers/group_plugin.c:98 #, c-format msgid "%s must only be writable by owner" msgstr "%s devas esti skribebla nur de estro" #: plugins/sudoers/group_plugin.c:105 plugins/sudoers/sssd.c:251 #, c-format msgid "unable to load %s: %s" msgstr "ne eblas ÅarÄi je %s: %s" #: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "ne eblas trovi simbolon \"group_plugin\" en %s" #: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: nekongrua grupa kromprogramo: ĉefa eldono %d, atendita %d" #: plugins/sudoers/interfaces.c:118 msgid "Local IP address and netmask pairs:\n" msgstr "Loka IP-adresa kaj retmaska paroj:\n" #: plugins/sudoers/iolog.c:99 plugins/sudoers/iolog.c:112 #: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s ekzistas sed ne dosierujo (0%o)" #: plugins/sudoers/iolog.c:109 plugins/sudoers/iolog.c:123 #: plugins/sudoers/iolog.c:127 plugins/sudoers/timestamp.c:165 #: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 #, c-format msgid "unable to mkdir %s" msgstr "ne eblas mkdir-i: %s" #: plugins/sudoers/iolog.c:190 plugins/sudoers/sudoers.c:710 #: plugins/sudoers/sudoreplay.c:340 plugins/sudoers/sudoreplay.c:811 #: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/timestamp.c:155 #: plugins/sudoers/visudo.c:824 plugins/sudoers/visudo_json.c:995 #: plugins/sudoers/visudo_json.c:1003 #, c-format msgid "unable to open %s" msgstr "ne eblas malfermi: %s" #: plugins/sudoers/iolog.c:223 plugins/sudoers/sudoers.c:713 #: plugins/sudoers/sudoreplay.c:1112 #, c-format msgid "unable to read %s" msgstr "ne eblas legi %s" #: plugins/sudoers/iolog.c:247 plugins/sudoers/sudoreplay.c:580 #: plugins/sudoers/timestamp.c:159 #, c-format msgid "unable to write to %s" msgstr "ne eblas skribi al %s" #: plugins/sudoers/iolog.c:307 plugins/sudoers/iolog.c:500 #, c-format msgid "unable to create %s" msgstr "ne eblas krei: %s" #: plugins/sudoers/ldap.c:403 msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: pordo tro granda" #: plugins/sudoers/ldap.c:426 msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: eluzis spacon etendanta la bufron" #: plugins/sudoers/ldap.c:458 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "nekonata retadresa tipo de LDAP: %s" #: plugins/sudoers/ldap.c:489 msgid "unable to mix ldap and ldaps URIs" msgstr "ne eblas miksi sekurajn kaj nesekurajn retadresojn de LDAP" #: plugins/sudoers/ldap.c:493 plugins/sudoers/ldap.c:525 msgid "starttls not supported when using ldaps" msgstr "starttls ne estas regata dum uzo de ldaps" #: plugins/sudoers/ldap.c:511 msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: eluzis spacon muntanta la bufron" #: plugins/sudoers/ldap.c:592 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "ne eblas ekigi SSL-asertilon kaj Ålosilan datumbazon: %s" #: plugins/sudoers/ldap.c:595 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "TLS_CERT devas havi valoron en %s antaÅ­ ol SSL uzeblos" #: plugins/sudoers/ldap.c:1086 msgid "unable to get GMT time" msgstr "ne eblas atingi GMT-tempon" #: plugins/sudoers/ldap.c:1092 msgid "unable to format timestamp" msgstr "ne eblas aranÄi tempostampon" #: plugins/sudoers/ldap.c:1100 msgid "unable to build time filter" msgstr "ne eblas munti tempan filtrilon" #: plugins/sudoers/ldap.c:1319 msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "sudo_ldap_build_pass1: genra malkongruaĵo" #: plugins/sudoers/ldap.c:1424 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" #: plugins/sudoers/ldap.c:1899 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" "\n" "LDAP-rolo: %s\n" #: plugins/sudoers/ldap.c:1901 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" "\n" "LDAP-rolo: NEKONATA\n" #: plugins/sudoers/ldap.c:1948 #, c-format msgid " Order: %s\n" msgstr " Ordo: %s\n" #: plugins/sudoers/ldap.c:1956 plugins/sudoers/parse.c:504 #: plugins/sudoers/sssd.c:1295 #, c-format msgid " Commands:\n" msgstr " Komandoj:\n" #: plugins/sudoers/ldap.c:2499 #, c-format msgid "unable to initialize LDAP: %s" msgstr "ne eblas ekigi LDAP-on: %s" #: plugins/sudoers/ldap.c:2541 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls specifita sed LDAP-bibliotekoj ne havas la funkciojn ldap_start_tls_s() kaj ldap_start_tls_s_np()" #: plugins/sudoers/ldap.c:2774 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "nevalida atributo de sudoOrdo: %s" #: plugins/sudoers/linux_audit.c:57 msgid "unable to open audit system" msgstr "ne eblas malfermi revizian sistemon" #: plugins/sudoers/linux_audit.c:93 msgid "unable to send audit message" msgstr "ne eblas sendi revizian mesaÄon" #: plugins/sudoers/logging.c:136 #, c-format msgid "%8s : %s" msgstr "%8s: %s" #: plugins/sudoers/logging.c:164 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s: (komando ne trovita) %s" #: plugins/sudoers/logging.c:190 #, c-format msgid "unable to open log file: %s: %s" msgstr "ne eblas malfermi protokolon: %s: %s" #: plugins/sudoers/logging.c:193 #, c-format msgid "unable to lock log file: %s: %s" msgstr "ne eblas Ålosi protokolon: %s: %s" #: plugins/sudoers/logging.c:245 msgid "No user or host" msgstr "Neniu uzanto aÅ­ gastiganto" #: plugins/sudoers/logging.c:247 msgid "validation failure" msgstr "validiga malsukceso" #: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "uzanto NE estas en sudoers" #: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "uzanto NE permesata en gastiganto" #: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "komando ne permesata" #: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s ne estas en la dosiero sudoers. Ĉi tiu estos raportita.\n" #: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s ne estas permesata plenumigi sudo-on en %s. Ĉi tio estos raportita.\n" #: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "BedaÅ­re uzanto %s ne rajtas plenumigi sudo-on en %s.\n" #: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "BedaÅ­re uzanto %s ne rajtas plenumigi '%s%s%s'-on kiel %s%s%s en %s.\n" #: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:382 #: plugins/sudoers/sudoers.c:383 plugins/sudoers/sudoers.c:385 #: plugins/sudoers/sudoers.c:386 plugins/sudoers/sudoers.c:1017 #: plugins/sudoers/sudoers.c:1018 #, c-format msgid "%s: command not found" msgstr "%s: komando ne trovita" #: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:378 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" "Ignoranta '%s'-on trovita en '.'\n" "Uzu 'sudo ./%s'-on se tio estas la '%s', kiun vi volas plenumigi." #: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "aÅ­tentiga malsukceso" #: plugins/sudoers/logging.c:379 msgid "a password is required" msgstr "pasvorto estas bezonata" #: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:497 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u malÄusta pasvorta provo" msgstr[1] "%u malÄustaj pasvortaj provoj" #: plugins/sudoers/logging.c:582 msgid "unable to fork" msgstr "ne eblas forki" #: plugins/sudoers/logging.c:589 plugins/sudoers/logging.c:645 #, c-format msgid "unable to fork: %m" msgstr "ne eblas forki: %m" #: plugins/sudoers/logging.c:635 #, c-format msgid "unable to open pipe: %m" msgstr "ne eblas malfermi tubon: %m" #: plugins/sudoers/logging.c:660 #, c-format msgid "unable to dup stdin: %m" msgstr "ne eblas kopii enigon: %m" #: plugins/sudoers/logging.c:695 #, c-format msgid "unable to execute %s: %m" msgstr "ne eblas plenumigi %s-on: %m" #: plugins/sudoers/logging.c:914 msgid "internal error: insufficient space for log line" msgstr "interna eraro: nesufiĉa spaco por protokola linio" #: plugins/sudoers/match.c:617 #, c-format msgid "unsupported digest type %d for %s" msgstr "nekonata resuma tipo %d por %s" #: plugins/sudoers/match.c:647 #, c-format msgid "%s: read error" msgstr "%s: lega eraro" #: plugins/sudoers/match.c:661 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "resumo por %s (%s) ne estas laÅ­ la formo %s" #: plugins/sudoers/parse.c:115 #, c-format msgid "parse error in %s near line %d" msgstr "analiza eraro en %s proksime al linio %d" #: plugins/sudoers/parse.c:118 #, c-format msgid "parse error in %s" msgstr "analiza eraro en %s" #: plugins/sudoers/parse.c:451 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" "\n" "Ero en sudoers:\n" #: plugins/sudoers/parse.c:452 #, c-format msgid " RunAsUsers: " msgstr " RunAsUsers: " #: plugins/sudoers/parse.c:466 #, c-format msgid " RunAsGroups: " msgstr " RunAsGroups: " #: plugins/sudoers/parse.c:475 #, c-format msgid " Options: " msgstr " Elektoj: " #: plugins/sudoers/policy.c:109 plugins/sudoers/policy.c:116 #: plugins/sudoers/policy.c:123 plugins/sudoers/policy.c:145 #: plugins/sudoers/policy.c:259 plugins/sudoers/policy.c:277 #: plugins/sudoers/policy.c:284 plugins/sudoers/policy.c:312 #: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:327 #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 #, c-format msgid "%s: %s" msgstr "%s: %s" #: plugins/sudoers/policy.c:539 plugins/sudoers/visudo.c:765 #, c-format msgid "unable to execute %s" msgstr "ne eblas plenumigi: %s" #: plugins/sudoers/policy.c:681 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Eldono %s de la konduta kromprogramo\n" #: plugins/sudoers/policy.c:683 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Eldono %d de la gramatikilo de sudoers\n" #: plugins/sudoers/policy.c:687 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" "\n" "Pado de sudoers: %s\n" #: plugins/sudoers/policy.c:690 #, c-format msgid "nsswitch path: %s\n" msgstr "pado de nsswitch: %s\n" #: plugins/sudoers/policy.c:692 #, c-format msgid "ldap.conf path: %s\n" msgstr "pado de ldap.conf: %s\n" #: plugins/sudoers/policy.c:693 #, c-format msgid "ldap.secret path: %s\n" msgstr "pado de ldap.secret: %s\n" #: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "ne eblas konservi uid-on %u, jam ekzistas" #: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "ne eblas konservi uzanton %s, jam ekzistas" #: plugins/sudoers/pwutil.c:393 #, c-format msgid "unable to cache gid %u, already exists" msgstr "ne eblas konservi gid-on %u, jam ekzistas" #: plugins/sudoers/pwutil.c:429 #, c-format msgid "unable to cache group %s, already exists" msgstr "ne eblas konservi grupon %s, jam ekzistas" #: plugins/sudoers/pwutil.c:592 plugins/sudoers/pwutil.c:614 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "ne eblas konservi grupan liston por %s, jam ekzistas" #: plugins/sudoers/pwutil.c:612 #, c-format msgid "unable to parse groups for %s" msgstr "ne eblas trakti grupon en %s" #: plugins/sudoers/set_perms.c:124 plugins/sudoers/set_perms.c:449 #: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1149 #: plugins/sudoers/set_perms.c:1441 msgid "perm stack overflow" msgstr "permeso-staka superfluo" #: plugins/sudoers/set_perms.c:132 plugins/sudoers/set_perms.c:457 #: plugins/sudoers/set_perms.c:860 plugins/sudoers/set_perms.c:1157 #: plugins/sudoers/set_perms.c:1449 msgid "perm stack underflow" msgstr "permeso-staka subfluo" #: plugins/sudoers/set_perms.c:191 plugins/sudoers/set_perms.c:504 #: plugins/sudoers/set_perms.c:1208 plugins/sudoers/set_perms.c:1481 msgid "unable to change to root gid" msgstr "ne eblas ÅanÄi al radika gid" #: plugins/sudoers/set_perms.c:280 plugins/sudoers/set_perms.c:601 #: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1285 msgid "unable to change to runas gid" msgstr "ne eblas ÅanÄi al plenumigkiela gid" #: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:613 #: plugins/sudoers/set_perms.c:999 plugins/sudoers/set_perms.c:1295 msgid "unable to change to runas uid" msgstr "ne eblas ÅanÄi al plenumigkiela uid" #: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:631 #: plugins/sudoers/set_perms.c:1015 plugins/sudoers/set_perms.c:1311 msgid "unable to change to sudoers gid" msgstr "ne eblas ÅanÄi al gid de sudo-redaktantoj" #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 msgid "too many processes" msgstr "tro da procezoj" #: plugins/sudoers/set_perms.c:1595 msgid "unable to set runas group vector" msgstr "ne eblas elekti vektoron de plenumigkiela grupo" #: plugins/sudoers/sssd.c:252 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "ne eblas ekigi SSS-fonton. Ĉu SSSD estas instalita en via maÅino?" #: plugins/sudoers/sssd.c:259 plugins/sudoers/sssd.c:267 #: plugins/sudoers/sssd.c:275 plugins/sudoers/sssd.c:283 #: plugins/sudoers/sssd.c:291 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "ne eblas trovi simbolon \"%s\" en %s" #: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Kongruantaj eroj de Defaults: %s en %s:\n" #: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Plenumigkiela komando-specifaj aÅ­tomataĵoj por %s:\n" #: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "Uzanto %s rajtas plenumigi la jenajn komandojn en %s:\n" #: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Uzanto %s ne rajtas plenumigi sudo-on en %s.\n" #: plugins/sudoers/sudoers.c:154 plugins/sudoers/sudoers.c:188 #: plugins/sudoers/sudoers.c:675 msgid "problem with defaults entries" msgstr "problemoj kun aÅ­tomataj eroj" #: plugins/sudoers/sudoers.c:160 msgid "no valid sudoers sources found, quitting" msgstr "ne validaj fontotekstoj de sudoers trovita, ĉesiganta" #: plugins/sudoers/sudoers.c:222 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers specifas, ke ĉefuzanto ne rajtas sudo-i" #: plugins/sudoers/sudoers.c:261 msgid "you are not permitted to use the -C option" msgstr "vi ne rajtas uzi la parametron -C" #: plugins/sudoers/sudoers.c:314 #, c-format msgid "timestamp owner (%s): No such user" msgstr "tempindika posedanto (%s): neniu tia uzanto" #: plugins/sudoers/sudoers.c:328 msgid "no tty" msgstr "neniu tty" #: plugins/sudoers/sudoers.c:329 msgid "sorry, you must have a tty to run sudo" msgstr "bedaÅ­re vi devas havi tty-on por plenumigi sudo-on" #: plugins/sudoers/sudoers.c:377 msgid "command in current directory" msgstr "komando en nuna dosierujo" #: plugins/sudoers/sudoers.c:394 msgid "sorry, you are not allowed to preserve the environment" msgstr "bedaÅ­re vi ne rajtas konservi la medion" #: plugins/sudoers/sudoers.c:725 plugins/sudoers/timestamp.c:216 #: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:326 #: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:591 #, c-format msgid "unable to stat %s" msgstr "ne eblas stat-i: %s" #: plugins/sudoers/sudoers.c:728 #, c-format msgid "%s is not a regular file" msgstr "%s ne estas normala dosiero" #: plugins/sudoers/sudoers.c:731 toke.l:920 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s estas estrita de uid %u, devas esti %u" #: plugins/sudoers/sudoers.c:735 toke.l:927 #, c-format msgid "%s is world writable" msgstr "%s estas skribebla de ĉiuj" #: plugins/sudoers/sudoers.c:738 toke.l:932 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s estas estrita de gid %u, devas esti %u" #: plugins/sudoers/sudoers.c:764 #, c-format msgid "only root can use `-c %s'" msgstr "nur ĉefuzanto rajtas uzi '-c %s'" #: plugins/sudoers/sudoers.c:781 plugins/sudoers/sudoers.c:783 #, c-format msgid "unknown login class: %s" msgstr "nekonata ensaluta klaso: %s" #: plugins/sudoers/sudoers.c:815 #, c-format msgid "unable to resolve host %s" msgstr "ne eblas trovi gastiganton %s" #: plugins/sudoers/sudoers.c:878 plugins/sudoers/testsudoers.c:387 #, c-format msgid "unknown group: %s" msgstr "nekonata grupo: %s" #: plugins/sudoers/sudoreplay.c:272 #, c-format msgid "invalid filter option: %s" msgstr "nevalida filtrila elekto: %s" #: plugins/sudoers/sudoreplay.c:285 #, c-format msgid "invalid max wait: %s" msgstr "nevalida maksimuma atendo: %s" #: plugins/sudoers/sudoreplay.c:291 #, c-format msgid "invalid speed factor: %s" msgstr "nevalida rapida faktoro: %s" #: plugins/sudoers/sudoreplay.c:294 plugins/sudoers/visudo.c:184 #, c-format msgid "%s version %s\n" msgstr "%s eldono %s\n" #: plugins/sudoers/sudoreplay.c:326 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s tempo-registrado: %s" #: plugins/sudoers/sudoreplay.c:332 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/tempo-registrado: %s" #: plugins/sudoers/sudoreplay.c:348 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Refaranta sudo-seancon: %s\n" #: plugins/sudoers/sudoreplay.c:354 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Averto: via terminalo estas tro malgranda por konvene reskribi la protokolon.\n" #: plugins/sudoers/sudoreplay.c:355 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Protokola grando estas %dx%d, sed via terminala grando estas %dx%d." #: plugins/sudoers/sudoreplay.c:410 msgid "unable to set tty to raw mode" msgstr "ne eblas elekti tty-on en nudan reÄimon" #: plugins/sudoers/sudoreplay.c:441 #, c-format msgid "invalid timing file line: %s" msgstr "nevalida linio en la tempo-registran dosieron: %s" #: plugins/sudoers/sudoreplay.c:647 plugins/sudoers/sudoreplay.c:672 #, c-format msgid "ambiguous expression \"%s\"" msgstr "ambigua esprimo \"%s\"" #: plugins/sudoers/sudoreplay.c:694 msgid "unmatched ')' in expression" msgstr "esprimo kun ')' sen samnivela '('" #: plugins/sudoers/sudoreplay.c:698 #, c-format msgid "unknown search term \"%s\"" msgstr "nekonata serĉaĵo \"%s\"" #: plugins/sudoers/sudoreplay.c:712 #, c-format msgid "%s requires an argument" msgstr "%s bezonas parametron" #: plugins/sudoers/sudoreplay.c:716 plugins/sudoers/sudoreplay.c:1085 #, c-format msgid "invalid regular expression: %s" msgstr "nevalida regulesprimo: %s" #: plugins/sudoers/sudoreplay.c:722 #, c-format msgid "could not parse date \"%s\"" msgstr "ne eblis analizi daton \"%s\"" #: plugins/sudoers/sudoreplay.c:731 msgid "unmatched '(' in expression" msgstr "esprimo kun '(' sen samnivela ')'" #: plugins/sudoers/sudoreplay.c:733 msgid "illegal trailing \"or\"" msgstr "nevalida posta \"or\"" #: plugins/sudoers/sudoreplay.c:735 msgid "illegal trailing \"!\"" msgstr "nevalida posta \"!\"" #: plugins/sudoers/sudoreplay.c:788 #, c-format msgid "unknown search type %d" msgstr "nekonata serĉtipo %d" #: plugins/sudoers/sudoreplay.c:825 #, c-format msgid "%s: invalid log file" msgstr "%s: nevalida protokol-dosiero" #: plugins/sudoers/sudoreplay.c:843 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: mankas temp-indika kampo" #: plugins/sudoers/sudoreplay.c:850 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: temp-indiko %s: %s" #: plugins/sudoers/sudoreplay.c:857 #, c-format msgid "%s: user field is missing" msgstr "%s: mankas kampo de uzanto" #: plugins/sudoers/sudoreplay.c:865 #, c-format msgid "%s: runas user field is missing" msgstr "%s: mankas kampo de runa uzanto" #: plugins/sudoers/sudoreplay.c:873 #, c-format msgid "%s: runas group field is missing" msgstr "%s: mankas kampo de runa grupo" #: plugins/sudoers/sudoreplay.c:1225 #, c-format msgid "usage: %s [-h] [-d dir] [-m num] [-s num] ID\n" msgstr "uzado: %s [-h] [-d dosierujo] [-m nombro] [-s nombro] identigilo\n" #: plugins/sudoers/sudoreplay.c:1228 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "uzado: %s [-h] [-d dosierujo] -l [serĉaĵo]\n" #: plugins/sudoers/sudoreplay.c:1237 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" "%s - refari sudo-seancajn protokolojn\n" "\n" #: plugins/sudoers/sudoreplay.c:1239 msgid "" "\n" "Options:\n" " -d, --directory=dir specify directory for session logs\n" " -f, --filter=filter specify which I/O type(s) to display\n" " -h, --help display help message and exit\n" " -l, --list list available session IDs, with optional expression\n" " -m, --max-wait=num max number of seconds to wait between events\n" " -s, --speed=num speed up or slow down output\n" " -V, --version display version information and exit" msgstr "" "\n" "Parametroj:\n" " -d ,--directory=dosierujo specifi dosierujon por seancaj protokoloj\n" " -f, --filter=filtrilo specifi kiajn eneligajn tipojn por montri\n" " -h, --help montri helpan mesaÄon kaj eliri\n" " -l, --list listigi haveblajn seancajn identigilojn, kiuj kongruas kun esprimo\n" " -m, --max-wait=nombro maksimuma nombro da sekundoj por atendi inter okazoj\n" " -s, --speed=nombro rapidigi aÅ­ malrapidigi eligon\n" " -V, --version eligi eldonan informon kaj eliri" #: plugins/sudoers/testsudoers.c:326 msgid "\thost unmatched" msgstr "\thost sen egalo" #: plugins/sudoers/testsudoers.c:329 msgid "" "\n" "Command allowed" msgstr "" "\n" "Komando permesata" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command denied" msgstr "" "\n" "Komando rifuzata" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command unmatched" msgstr "" "\n" "Komando sen egalo" #: plugins/sudoers/timestamp.c:133 #, c-format msgid "timestamp path too long: %s" msgstr "tempo-indikila pado tro longa: %s" #: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 #: plugins/sudoers/timestamp.c:290 #, c-format msgid "%s owned by uid %u, should be uid %u" msgstr "%s estas estrita de uid %u, devas esti uid %u" #: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0700" msgstr "%s skribebla de ne-estro (0%o), devas esti reÄimo 0700" #: plugins/sudoers/timestamp.c:284 #, c-format msgid "%s exists but is not a regular file (0%o)" msgstr "%s ekzistas sed ne estas normala dosiero (0%o)" #: plugins/sudoers/timestamp.c:296 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0600" msgstr "%s skribebla de ne-estro (0%o), devas esti reÄimo 0600" #: plugins/sudoers/timestamp.c:351 #, c-format msgid "timestamp too far in the future: %20.20s" msgstr "tempo-indikilo tro estonte: %20.20s" #: plugins/sudoers/timestamp.c:405 #, c-format msgid "unable to remove %s, will reset to the Unix epoch" msgstr "ne eblas forigi la dosieron %s, restarigos al la uniksa epoko" #: plugins/sudoers/timestamp.c:413 #, c-format msgid "unable to reset %s to the Unix epoch" msgstr "ne eblas restarigi la dosieron %s al la uniksa epoko" #: plugins/sudoers/toke_util.c:176 msgid "fill_args: buffer overflow" msgstr "fill_args: bufra superfluo" #: plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" msgstr "%s gramatika eldono %d\n" #: plugins/sudoers/visudo.c:257 plugins/sudoers/visudo.c:544 #, c-format msgid "press return to edit %s: " msgstr "premu enen-klavon por redakti %s-on: " #: plugins/sudoers/visudo.c:342 plugins/sudoers/visudo.c:348 msgid "write error" msgstr "skriba eraro" #: plugins/sudoers/visudo.c:430 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "ne eblas stat-i provizoron dosieron (%s), %s neÅanÄita" #: plugins/sudoers/visudo.c:435 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "nul-longa provizora dosiero (%s), %s neÅanÄita" #: plugins/sudoers/visudo.c:441 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "redaktilo (%s) malsukcesis, %s neÅanÄita" #: plugins/sudoers/visudo.c:464 #, c-format msgid "%s unchanged" msgstr "%s neÅanÄita" #: plugins/sudoers/visudo.c:489 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "ne eblas remalfermi provizoran dosieron (%s), %s neÅanÄita." #: plugins/sudoers/visudo.c:499 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "ne eblas analizi provizoran dosieron (%s), nekonata eraro" #: plugins/sudoers/visudo.c:535 #, c-format msgid "internal error, unable to find %s in list!" msgstr "interna eraro, ne eblas trovi '%s'-on en listo!" #: plugins/sudoers/visudo.c:593 plugins/sudoers/visudo.c:602 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "ne eblas ÅanÄi (uid, gid) de %s al (%u, %u)" #: plugins/sudoers/visudo.c:597 plugins/sudoers/visudo.c:607 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "ne eblas ÅanÄi reÄimon de %s al 0%o" #: plugins/sudoers/visudo.c:624 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s kaj %s ne estas la sama dosiersistemo, uzanta mv-on por alinomi" #: plugins/sudoers/visudo.c:638 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "komando malsukcesis: '%s %s %s', %s neÅanÄita" #: plugins/sudoers/visudo.c:648 #, c-format msgid "error renaming %s, %s unchanged" msgstr "eraro dum alinomi %s-on; %s neÅanÄita" #: plugins/sudoers/visudo.c:710 msgid "What now? " msgstr "Kion nun? " #: plugins/sudoers/visudo.c:724 msgid "" "Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" "Elektoj estas:\n" " r(e)dakti refoje sudoers-dosieron\n" " x) eliri sen konservi ÅanÄojn al sudoers-dosiero\n" " q) Eliri kaj konservi ÅanÄojn al sudoers-dosiero (DANÄœERA!)\n" #: plugins/sudoers/visudo.c:772 #, c-format msgid "unable to run %s" msgstr "ne eblas plenumigi: %s" #: plugins/sudoers/visudo.c:798 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: malÄusta estro (uid, gid) devas esti (%u, %u)\n" #: plugins/sudoers/visudo.c:805 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: misaj permesoj, devas esti reÄimo 0%o\n" #: plugins/sudoers/visudo.c:830 plugins/sudoers/visudo_json.c:1009 #, c-format msgid "failed to parse %s file, unknown error" msgstr "malsukcesis analizi dosieron %s, nekonata eraro" #: plugins/sudoers/visudo.c:846 plugins/sudoers/visudo_json.c:1018 #, c-format msgid "parse error in %s near line %d\n" msgstr "analiza eraro en %s proksime al linio %d\n" #: plugins/sudoers/visudo.c:849 plugins/sudoers/visudo_json.c:1021 #, c-format msgid "parse error in %s\n" msgstr "analiza eraro en %s\n" #: plugins/sudoers/visudo.c:857 plugins/sudoers/visudo.c:864 #, c-format msgid "%s: parsed OK\n" msgstr "%s: analizita senerare\n" #: plugins/sudoers/visudo.c:910 #, c-format msgid "%s busy, try again later" msgstr "%s okupata, reprovu pli malfrue" #: plugins/sudoers/visudo.c:954 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "specifita tekstoredaktilo (%s) ne ekzistas" #: plugins/sudoers/visudo.c:977 #, c-format msgid "unable to stat editor (%s)" msgstr "ne eblas stat-i tekstoredaktilon (%s)" #: plugins/sudoers/visudo.c:1025 #, c-format msgid "no editor found (editor path = %s)" msgstr "neniu tekstoredaktilo trovita (pado = %s)" #: plugins/sudoers/visudo.c:1118 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "Eraro: ciklo en %s_Alias '%s'" #: plugins/sudoers/visudo.c:1119 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "Averto: ciklo en %s_Alias '%s'" #: plugins/sudoers/visudo.c:1125 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "Eraro: %s_Alias '%s' referinta sed ne difinita" #: plugins/sudoers/visudo.c:1126 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "Averto: %s_Alias '%s' referinta sed ne difinita" #: plugins/sudoers/visudo.c:1268 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s neuzata %s_Alias %s" #: plugins/sudoers/visudo.c:1330 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" "%s - sekure redakti la dosieron sudoers\n" "\n" #: plugins/sudoers/visudo.c:1332 msgid "" "\n" "Options:\n" " -c, --check check-only mode\n" " -f, --file=file specify sudoers file location\n" " -h, --help display help message and exit\n" " -q, --quiet less verbose (quiet) syntax error messages\n" " -s, --strict strict syntax checking\n" " -V, --version display version information and exit\n" " -x, --export=file export sudoers in JSON format" msgstr "" "\n" "Modifiloj:\n" " -c, --check nur kontroli\n" " -f, --file=dosiero indiki lokon de la dosiero sudoers\n" " -h, --help montri helpan mesaÄon kaj eliri\n" " -q, --quit pli silenta pri sintaksaj eraroj\n" " -s, --strict severa kontrolado de sintakso\n" " -V, --version montri eldonon kaj eliri\n" " -x, --export=dosiero eksporti la dosieron sudoers laÅ­ JSON-formo" #: toke.l:892 msgid "too many levels of includes" msgstr "tro da niveloj de inkluzivaĵoj" #~ msgid "value out of range" #~ msgstr "valoro ne en permesata skalo" #~ msgid "invalid uri: %s" #~ msgstr "nevalida retadreso: %s" #~ msgid "unable to mix ldaps and starttls" #~ msgstr "ne eblas miksi protokolojn ldaps kaj starttls" #~ msgid "writing to standard output" #~ msgstr "skribanta al eligo" #~ msgid "too many parenthesized expressions, max %d" #~ msgstr "tro da esprimoj en krampoj; maksimumo estas %d" #~ msgid "unable to setup authentication" #~ msgstr "ne eblas starigi aÅ­tentikigon" sudo-1.8.9p5/plugins/sudoers/po/eu.mo010064400175440000012000000143551226304146200171050ustar00millertstaffÞ•NŒkü¨©<¼ù&F9@€$Á æó $:=Xp#± Á ËÖCè', 1T † ‘ ¡ ¹ Ð æ ù  ( 9 H (X  • § · Ë á è   1 F X 'r &š 8Á (ú "# F b u “ § ¼ Õ î   % 6 H ^ p € ‘ ­ Á %Ô ú #¸*ãAú&<1cN•?ä1$Vfv ‰˜³(¶ß$ö*$F k v‚WŸC÷.; ju‹©Æâû2Ia'wŸ½Õë$&K%bˆ¯-Ë,ù8&(_=ˆÆÜ!ì4McyŠž²Ðèü-) Wx-» Ì 8 <I)?(C!M N5@"=J+ .$#2-0L:;GK'7*1>& F46A3%H,B/DE9 Sudoers path: %s %d incorrect password attempt%d incorrect password attempts%s busy, try again later%s exists but is not a directory (0%o)%s is not allowed to run sudo on %s. This incident will be reported. %s is not in the sudoers file. This incident will be reported. %s owned by uid %u, should be uid %u%s unchanged%s version %s %s%s: %s%s: %.*s %s: %s%s: %s %s: command not found: Alias `%s' already definedAuthentication methods:Compress I/O logs using zlibCould not determine audit conditionNo user or hostPassword:Password: Root may run sudoSorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s. Sorry, user %s may not run sudo on %s. Visudo will honor the EDITOR environment variableWhat now? au_open: failedau_to_exec_args: failedau_to_return32: failedau_to_subject: failedau_to_text: failedcommand not allowedfill_args: buffer overflowgetaudit: failedgetauid failedgetauid: failedinternal error, expand_prompt() overflowinvalid log file %sinvalid regex: %sinvalid uri: %sldap.conf path: %s ldap.secret path: %s no ttyno value specified for `%s'nsswitch path: %s only root can use `-c %s'pam_authenticate: %spam_chauthtok: %spress return to edit %s: sorry, a password is required to run %ssorry, you must have a tty to run sudosudo_ldap_conf_add_ports: out of space expanding hostbufsudo_ldap_conf_add_ports: port too largetimestamp owner (%s): No such usertoo many levels of includestoo many processesunable to commit audit recordunable to create %sunable to execute %sunable to execute %s: %sunable to initialize PAMunable to mkdir %sunable to open %sunable to read %sunable to run %sunable to stat %sunable to write to %sunknown group: %sunknown uid: %uunknown user: %suser NOT authorized on hostuser NOT in sudoersvalidation failurevalue `%s' is invalid for option `%s'write erroryou do not exist in the %s databaseProject-Id-Version: sudoers-1.8.2-rc2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2011-06-04 18:27-0400 PO-Revision-Date: 2011-06-06 19:15+0100 Last-Translator: Mikel Olasagasti Uranga Language-Team: Basque Language: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); Sudoers-en bidea: %s pasahitz sartze saiakera oker %d%d pasahitz sartze saiakera oker%s okupatuta, saiatu berriz beranduago%s existitzen da baina ez da direktorio bat (0%o)%s ez dago baimenduta sudo abiarazteko %s-(e)n. Gertaeraren berri emango da. %s ez dago sudoers fitxatzegian. Gertaeraren berri emango da. %s-(r)en jabea %u uid-a da, %u uid-a beharko luke%s aldatu gabea%s bertsioa %s %s%s: %s%s: %.*s %s: %s%s: %s %s: komandoa ez da aurkitu: `%s' alias-a lehendik ere definitua dagoAutentikazio metodoak:Trinkotu S/E gertaerak zlib erabilizEzin izan da auditoretza baldintza finkatuEz dago erabiltzaile edo ostalaririkPasahitza:Pasahitza: root-ek sudo abiarizi lezakeBarkatu, %s erabiltzaileak ez du '%s%s%s' %s%s%s bezala exekutatzeko baimenik %s-(e)n. Barkatu, %s erabiltzaileak ez luke sudo abiariazi beharko %s-(e)n. Visudo-k EDITOR ingurune aldagaia erabiliko duEta orain?au_open: huts egin duau_to_exec_args: huts egin duau_to_return32: huts egin duau_to_subject: huts egin duau_to_text: huts egin dukomandua ez dago baimendutafill_args: buffer overflowgetaudit: huts egin dugetauid-ek huts egin dugetauid: huts egin dubarne errorea, expand_prompt() overflowbaliogabeko %s log fitxategiabaliogabeko regex-a: %sbaliogabeko uri-a: %sldap.conf-en bidea: %s ldap.secret-en bidea: %s tty gabeez da baliorik ezarri `%s'-(r)entzatnsswitch-en bidea: %s soilik root-ek erabili dezake `-c %s'pam_authenticate: %spam_chauthtok: %ssakatu intro %s editatzeko:barkatu, pasahitz bat behar da %s abiaraztekobarkatu, tty bat behar duzu sudo abiaraztekosudo_ldap_conf_add_ports: out of space expanding hostbufsudo_ldap_conf_add_ports: port too largedata-zigiluaren jabea (%s): ez dago horrelako erabiltzailerikinclude maila gehiegiprozesu gehiegiezin da auditoretza sarrera gordeezin da %s sortuezin da %s exekutatuezin da %s exekutatu: %sezin da PAM hasieratuezin da mkdir %s eginezin da %s irekiezin da %s irakurriezin da %s abiaraziezin da stat egin %s-(r)enganezin da %s-(e)ra idatzitalde ezezaguna: %suid ezezaguna: %uerabiltzaile ezezaguna: %serabiltzailea ez dago baimendutako ostalarianerabiltzailea ez dago sudoers-enbalidazio hutsegitea`%s' balorea baliogabea da `%s' aukerarentzatidazketa erroreaez zara %s datubasean existitzensudo-1.8.9p5/plugins/sudoers/po/eu.po010064400175440000012000001160351226304126200171040ustar00millertstaff# Basque translation of sudoers. # Copyright (C) 2011 Free Software Foundation, Inc. # This file is distributed under the same license as the sudo package. # Mikel Olasagasti Uranga , 2011. # msgid "" msgstr "" "Project-Id-Version: sudoers-1.8.2-rc2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2011-06-04 18:27-0400\n" "PO-Revision-Date: 2011-06-06 19:15+0100\n" "Last-Translator: Mikel Olasagasti Uranga \n" "Language-Team: Basque \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: plugins/sudoers/alias.c:122 #, c-format msgid "Alias `%s' already defined" msgstr "`%s' alias-a lehendik ere definitua dago" #: plugins/sudoers/bsm_audit.c:58 plugins/sudoers/bsm_audit.c:61 #: plugins/sudoers/bsm_audit.c:109 plugins/sudoers/bsm_audit.c:113 #: plugins/sudoers/bsm_audit.c:163 plugins/sudoers/bsm_audit.c:167 msgid "getaudit: failed" msgstr "getaudit: huts egin du" #: plugins/sudoers/bsm_audit.c:87 plugins/sudoers/bsm_audit.c:148 msgid "Could not determine audit condition" msgstr "Ezin izan da auditoretza baldintza finkatu" #: plugins/sudoers/bsm_audit.c:98 msgid "getauid failed" msgstr "getauid-ek huts egin du" #: plugins/sudoers/bsm_audit.c:100 plugins/sudoers/bsm_audit.c:157 msgid "au_open: failed" msgstr "au_open: huts egin du" #: plugins/sudoers/bsm_audit.c:115 plugins/sudoers/bsm_audit.c:169 msgid "au_to_subject: failed" msgstr "au_to_subject: huts egin du" #: plugins/sudoers/bsm_audit.c:119 plugins/sudoers/bsm_audit.c:173 msgid "au_to_exec_args: failed" msgstr "au_to_exec_args: huts egin du" #: plugins/sudoers/bsm_audit.c:123 plugins/sudoers/bsm_audit.c:182 msgid "au_to_return32: failed" msgstr "au_to_return32: huts egin du" #: plugins/sudoers/bsm_audit.c:126 plugins/sudoers/bsm_audit.c:185 msgid "unable to commit audit record" msgstr "ezin da auditoretza sarrera gorde" #: plugins/sudoers/bsm_audit.c:155 msgid "getauid: failed" msgstr "getauid: huts egin du" #: plugins/sudoers/bsm_audit.c:178 msgid "au_to_text: failed" msgstr "au_to_text: huts egin du" #: plugins/sudoers/check.c:141 #, c-format msgid "sorry, a password is required to run %s" msgstr "barkatu, pasahitz bat behar da %s abiarazteko" #: plugins/sudoers/check.c:225 plugins/sudoers/iolog.c:169 #: plugins/sudoers/sudoers.c:939 plugins/sudoers/sudoreplay.c:325 #: plugins/sudoers/sudoreplay.c:334 plugins/sudoers/sudoreplay.c:675 #: plugins/sudoers/sudoreplay.c:767 plugins/sudoers/visudo.c:700 #, c-format msgid "unable to open %s" msgstr "ezin da %s ireki" #: plugins/sudoers/check.c:229 plugins/sudoers/iolog.c:199 #, c-format msgid "unable to write to %s" msgstr "ezin da %s-(e)ra idatzi" #: plugins/sudoers/check.c:237 plugins/sudoers/check.c:475 #: plugins/sudoers/check.c:525 plugins/sudoers/iolog.c:122 #: plugins/sudoers/iolog.c:153 #, c-format msgid "unable to mkdir %s" msgstr "ezin da mkdir %s egin" #: plugins/sudoers/check.c:370 #, c-format msgid "internal error, expand_prompt() overflow" msgstr "barne errorea, expand_prompt() overflow" #: plugins/sudoers/check.c:426 #, c-format msgid "timestamp path too long: %s" msgstr "" #: plugins/sudoers/check.c:454 plugins/sudoers/check.c:498 #: plugins/sudoers/iolog.c:155 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s existitzen da baina ez da direktorio bat (0%o)" #: plugins/sudoers/check.c:457 plugins/sudoers/check.c:501 #: plugins/sudoers/check.c:546 #, c-format msgid "%s owned by uid %u, should be uid %u" msgstr "%s-(r)en jabea %u uid-a da, %u uid-a beharko luke" #: plugins/sudoers/check.c:462 plugins/sudoers/check.c:506 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0700" msgstr "" #: plugins/sudoers/check.c:470 plugins/sudoers/check.c:514 #: plugins/sudoers/check.c:582 plugins/sudoers/sudoers.c:925 #: plugins/sudoers/visudo.c:284 plugins/sudoers/visudo.c:500 #, c-format msgid "unable to stat %s" msgstr "ezin da stat egin %s-(r)engan" #: plugins/sudoers/check.c:540 #, c-format msgid "%s exists but is not a regular file (0%o)" msgstr "" #: plugins/sudoers/check.c:552 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0600" msgstr "" #: plugins/sudoers/check.c:606 #, c-format msgid "timestamp too far in the future: %20.20s" msgstr "" #: plugins/sudoers/check.c:652 #, c-format msgid "unable to remove %s (%s), will reset to the epoch" msgstr "" #: plugins/sudoers/check.c:659 #, c-format msgid "unable to reset %s to the epoch" msgstr "" #: plugins/sudoers/check.c:713 plugins/sudoers/check.c:719 #, c-format msgid "unknown uid: %u" msgstr "uid ezezaguna: %u" #: plugins/sudoers/check.c:716 plugins/sudoers/sudoers.c:736 #: plugins/sudoers/sudoers.c:802 plugins/sudoers/sudoers.c:803 #: plugins/sudoers/sudoers.c:1056 plugins/sudoers/sudoers.c:1057 #: plugins/sudoers/testsudoers.c:200 plugins/sudoers/testsudoers.c:330 #, c-format msgid "unknown user: %s" msgstr "erabiltzaile ezezaguna: %s" #: plugins/sudoers/def_data.c:27 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" msgstr "" #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" msgstr "" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" msgstr "" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" msgstr "" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" msgstr "" #: plugins/sudoers/def_data.c:59 msgid "Send mail if the user is not in sudoers for this host" msgstr "" #: plugins/sudoers/def_data.c:63 msgid "Send mail if the user is not allowed to run a command" msgstr "" #: plugins/sudoers/def_data.c:67 msgid "Use a separate timestamp for each user/tty combo" msgstr "" #: plugins/sudoers/def_data.c:71 msgid "Lecture user the first time they run sudo" msgstr "" #: plugins/sudoers/def_data.c:75 #, c-format msgid "File containing the sudo lecture: %s" msgstr "" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" msgstr "" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" msgstr "root-ek sudo abiarizi lezake" #: plugins/sudoers/def_data.c:87 msgid "Log the hostname in the (non-syslog) log file" msgstr "" #: plugins/sudoers/def_data.c:91 msgid "Log the year in the (non-syslog) log file" msgstr "" #: plugins/sudoers/def_data.c:95 msgid "If sudo is invoked with no arguments, start a shell" msgstr "" #: plugins/sudoers/def_data.c:99 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "" #: plugins/sudoers/def_data.c:103 msgid "Always set $HOME to the target user's home directory" msgstr "" #: plugins/sudoers/def_data.c:107 msgid "Allow some information gathering to give useful error messages" msgstr "" #: plugins/sudoers/def_data.c:111 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "" #: plugins/sudoers/def_data.c:115 msgid "Insult the user when they enter an incorrect password" msgstr "" #: plugins/sudoers/def_data.c:119 msgid "Only allow the user to run sudo if they have a tty" msgstr "" #: plugins/sudoers/def_data.c:123 msgid "Visudo will honor the EDITOR environment variable" msgstr "Visudo-k EDITOR ingurune aldagaia erabiliko du" #: plugins/sudoers/def_data.c:127 msgid "Prompt for root's password, not the users's" msgstr "" #: plugins/sudoers/def_data.c:131 msgid "Prompt for the runas_default user's password, not the users's" msgstr "" #: plugins/sudoers/def_data.c:135 msgid "Prompt for the target user's password, not the users's" msgstr "" #: plugins/sudoers/def_data.c:139 msgid "Apply defaults in the target user's login class if there is one" msgstr "" #: plugins/sudoers/def_data.c:143 msgid "Set the LOGNAME and USER environment variables" msgstr "" #: plugins/sudoers/def_data.c:147 msgid "Only set the effective uid to the target user, not the real uid" msgstr "" #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" msgstr "" #: plugins/sudoers/def_data.c:155 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %d" msgstr "" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "" #: plugins/sudoers/def_data.c:163 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "" #: plugins/sudoers/def_data.c:167 #, c-format msgid "Number of tries to enter a password: %d" msgstr "" #: plugins/sudoers/def_data.c:171 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "" #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" msgstr "" #: plugins/sudoers/def_data.c:179 #, c-format msgid "Path to mail program: %s" msgstr "" #: plugins/sudoers/def_data.c:183 #, c-format msgid "Flags for mail program: %s" msgstr "" #: plugins/sudoers/def_data.c:187 #, c-format msgid "Address to send mail to: %s" msgstr "" #: plugins/sudoers/def_data.c:191 #, c-format msgid "Address to send mail from: %s" msgstr "" #: plugins/sudoers/def_data.c:195 #, c-format msgid "Subject line for mail messages: %s" msgstr "" #: plugins/sudoers/def_data.c:199 #, c-format msgid "Incorrect password message: %s" msgstr "" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "" #: plugins/sudoers/def_data.c:211 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "" #: plugins/sudoers/def_data.c:215 #, c-format msgid "Default password prompt: %s" msgstr "" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." msgstr "" #: plugins/sudoers/def_data.c:223 #, c-format msgid "Default user to run commands as: %s" msgstr "" #: plugins/sudoers/def_data.c:227 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "" #: plugins/sudoers/def_data.c:231 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "" #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in 'noexec_file'" msgstr "" #: plugins/sudoers/def_data.c:247 #, c-format msgid "File containing dummy exec functions: %s" msgstr "" #: plugins/sudoers/def_data.c:251 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "" #: plugins/sudoers/def_data.c:255 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "" #: plugins/sudoers/def_data.c:259 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "" #: plugins/sudoers/def_data.c:263 msgid "Allow users to set arbitrary environment variables" msgstr "" #: plugins/sudoers/def_data.c:267 msgid "Reset the environment to a default set of variables" msgstr "" #: plugins/sudoers/def_data.c:271 msgid "Environment variables to check for sanity:" msgstr "" #: plugins/sudoers/def_data.c:275 msgid "Environment variables to remove:" msgstr "" #: plugins/sudoers/def_data.c:279 msgid "Environment variables to preserve:" msgstr "" #: plugins/sudoers/def_data.c:283 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "" #: plugins/sudoers/def_data.c:287 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "" #: plugins/sudoers/def_data.c:291 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "" #: plugins/sudoers/def_data.c:295 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "" #: plugins/sudoers/def_data.c:299 msgid "Allow sudo to prompt for a password even if it would be visisble" msgstr "" #: plugins/sudoers/def_data.c:303 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "" #: plugins/sudoers/def_data.c:307 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "" #: plugins/sudoers/def_data.c:311 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "" #: plugins/sudoers/def_data.c:315 msgid "Log user's input for the command being run" msgstr "" #: plugins/sudoers/def_data.c:319 msgid "Log the output of the command being run" msgstr "" #: plugins/sudoers/def_data.c:323 msgid "Compress I/O logs using zlib" msgstr "Trinkotu S/E gertaerak zlib erabiliz" #: plugins/sudoers/def_data.c:327 msgid "Always run commands in a pseudo-tty" msgstr "" #: plugins/sudoers/def_data.c:331 msgid "Plugin for non-Unix group support" msgstr "" #: plugins/sudoers/def_data.c:335 msgid "Directory in which to store input/output logs" msgstr "" #: plugins/sudoers/def_data.c:339 msgid "File in which to store the input/output log" msgstr "" #: plugins/sudoers/def_data.c:343 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "" #: plugins/sudoers/def_data.c:347 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "" #: plugins/sudoers/defaults.c:197 msgid "" "Available options in a sudoers ``Defaults'' line:\n" "\n" msgstr "" #: plugins/sudoers/defaults.c:204 plugins/sudoers/defaults.c:215 #, c-format msgid "%s: %s\n" msgstr "%s: %s\n" #: plugins/sudoers/defaults.c:211 #, c-format msgid "%s: %.*s\n" msgstr "%s: %.*s\n" #: plugins/sudoers/defaults.c:241 #, c-format msgid "unknown defaults entry `%s'" msgstr "" #: plugins/sudoers/defaults.c:249 plugins/sudoers/defaults.c:259 #: plugins/sudoers/defaults.c:279 plugins/sudoers/defaults.c:292 #: plugins/sudoers/defaults.c:305 plugins/sudoers/defaults.c:318 #: plugins/sudoers/defaults.c:331 plugins/sudoers/defaults.c:351 #: plugins/sudoers/defaults.c:361 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "`%s' balorea baliogabea da `%s' aukerarentzat" #: plugins/sudoers/defaults.c:252 plugins/sudoers/defaults.c:262 #: plugins/sudoers/defaults.c:270 plugins/sudoers/defaults.c:287 #: plugins/sudoers/defaults.c:300 plugins/sudoers/defaults.c:313 #: plugins/sudoers/defaults.c:326 plugins/sudoers/defaults.c:346 #: plugins/sudoers/defaults.c:357 #, c-format msgid "no value specified for `%s'" msgstr "ez da baliorik ezarri `%s'-(r)entzat" #: plugins/sudoers/defaults.c:275 #, c-format msgid "values for `%s' must start with a '/'" msgstr "" #: plugins/sudoers/defaults.c:337 #, c-format msgid "option `%s' does not take a value" msgstr "" #: plugins/sudoers/env.c:259 #, c-format msgid "internal error, sudo_setenv() overflow" msgstr "" #: plugins/sudoers/env.c:289 #, c-format msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "" #: plugins/sudoers/env.c:694 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "" #: plugins/sudoers/find_path.c:68 plugins/sudoers/find_path.c:107 #: plugins/sudoers/find_path.c:122 plugins/sudoers/iolog.c:124 #: plugins/sudoers/sudoers.c:868 toke.l:663 toke.l:814 #, c-format msgid "%s: %s" msgstr "%s: %s" #: gram.y:103 #, c-format msgid ">>> %s: %s near line %d <<<" msgstr "" #: plugins/sudoers/group_plugin.c:91 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: plugins/sudoers/group_plugin.c:103 #, c-format msgid "%s must be owned by uid %d" msgstr "" #: plugins/sudoers/group_plugin.c:107 #, c-format msgid "%s must only be writable by owner" msgstr "" #: plugins/sudoers/group_plugin.c:114 #, c-format msgid "unable to dlopen %s: %s" msgstr "" #: plugins/sudoers/group_plugin.c:119 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "" #: plugins/sudoers/group_plugin.c:124 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "" #: plugins/sudoers/interfaces.c:109 msgid "Local IP address and netmask pairs:\n" msgstr "" #: plugins/sudoers/iolog.c:176 plugins/sudoers/sudoers.c:946 #, c-format msgid "unable to read %s" msgstr "ezin da %s irakurri" #: plugins/sudoers/iolog.c:179 #, c-format msgid "invalid sequence number %s" msgstr "" #: plugins/sudoers/iolog.c:225 plugins/sudoers/iolog.c:228 #: plugins/sudoers/iolog.c:478 plugins/sudoers/iolog.c:483 #: plugins/sudoers/iolog.c:489 plugins/sudoers/iolog.c:497 #: plugins/sudoers/iolog.c:505 plugins/sudoers/iolog.c:513 #: plugins/sudoers/iolog.c:521 #, c-format msgid "unable to create %s" msgstr "ezin da %s sortu" #: plugins/sudoers/iolog_path.c:245 plugins/sudoers/sudoers.c:361 #, c-format msgid "unable to set locale to \"%s\", using \"C\"" msgstr "" #: plugins/sudoers/ldap.c:363 #, c-format msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: port too large" #: plugins/sudoers/ldap.c:386 #, c-format msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: out of space expanding hostbuf" #: plugins/sudoers/ldap.c:415 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "" #: plugins/sudoers/ldap.c:444 #, c-format msgid "invalid uri: %s" msgstr "baliogabeko uri-a: %s" #: plugins/sudoers/ldap.c:450 #, c-format msgid "unable to mix ldap and ldaps URIs" msgstr "" #: plugins/sudoers/ldap.c:454 #, c-format msgid "unable to mix ldaps and starttls" msgstr "" #: plugins/sudoers/ldap.c:473 #, c-format msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "" #: plugins/sudoers/ldap.c:536 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "" #: plugins/sudoers/ldap.c:932 #, c-format msgid "unable to get GMT time" msgstr "" #: plugins/sudoers/ldap.c:938 #, c-format msgid "unable to format timestamp" msgstr "" #: plugins/sudoers/ldap.c:946 #, c-format msgid "unable to build time filter" msgstr "" #: plugins/sudoers/ldap.c:1044 #, c-format msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "" #: plugins/sudoers/ldap.c:1539 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" #: plugins/sudoers/ldap.c:1541 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" #: plugins/sudoers/ldap.c:1588 #, c-format msgid " Order: %s\n" msgstr "" #: plugins/sudoers/ldap.c:1596 #, c-format msgid " Commands:\n" msgstr "" #: plugins/sudoers/ldap.c:1983 #, c-format msgid "unable to initialize LDAP: %s" msgstr "" #: plugins/sudoers/ldap.c:2014 #, c-format msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "" #: plugins/sudoers/ldap.c:2245 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "" #: plugins/sudoers/linux_audit.c:55 #, c-format msgid "unable to open audit system" msgstr "" #: plugins/sudoers/linux_audit.c:79 #, c-format msgid "internal error, linux_audit_command() overflow" msgstr "" #: plugins/sudoers/linux_audit.c:88 #, c-format msgid "unable to send audit message" msgstr "" #: plugins/sudoers/logging.c:193 #, c-format msgid "unable to open log file: %s: %s" msgstr "" #: plugins/sudoers/logging.c:196 #, c-format msgid "unable to lock log file: %s: %s" msgstr "" #: plugins/sudoers/logging.c:295 msgid "user NOT in sudoers" msgstr "erabiltzailea ez dago sudoers-en" #: plugins/sudoers/logging.c:297 msgid "user NOT authorized on host" msgstr "erabiltzailea ez dago baimendutako ostalarian" #: plugins/sudoers/logging.c:299 msgid "command not allowed" msgstr "komandua ez dago baimenduta" #: plugins/sudoers/logging.c:309 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s ez dago sudoers fitxatzegian. Gertaeraren berri emango da.\n" #: plugins/sudoers/logging.c:312 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s ez dago baimenduta sudo abiarazteko %s-(e)n. Gertaeraren berri emango da.\n" #: plugins/sudoers/logging.c:316 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Barkatu, %s erabiltzaileak ez luke sudo abiariazi beharko %s-(e)n.\n" #: plugins/sudoers/logging.c:319 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Barkatu, %s erabiltzaileak ez du '%s%s%s' %s%s%s bezala exekutatzeko baimenik %s-(e)n.\n" #: plugins/sudoers/logging.c:454 #, c-format msgid "unable to fork" msgstr "" #: plugins/sudoers/logging.c:461 plugins/sudoers/logging.c:518 #, c-format msgid "unable to fork: %m" msgstr "" #: plugins/sudoers/logging.c:511 #, c-format msgid "unable to open pipe: %m" msgstr "" #: plugins/sudoers/logging.c:530 #, c-format msgid "unable to dup stdin: %m" msgstr "" #: plugins/sudoers/logging.c:564 #, c-format msgid "unable to execute %s: %m" msgstr "" #: plugins/sudoers/logging.c:774 #, c-format msgid "internal error: insufficient space for log line" msgstr "" #: plugins/sudoers/parse.c:115 #, c-format msgid "parse error in %s near line %d" msgstr "" #: plugins/sudoers/parse.c:369 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" #: plugins/sudoers/parse.c:371 #, c-format msgid " RunAsUsers: " msgstr "" #: plugins/sudoers/parse.c:386 #, c-format msgid " RunAsGroups: " msgstr "" #: plugins/sudoers/parse.c:395 #, c-format msgid "" " Commands:\n" "\t" msgstr "" #: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105 msgid ": " msgstr ": " #: plugins/sudoers/pwutil.c:244 #, c-format msgid "unable to cache uid %u (%s), already exists" msgstr "" #: plugins/sudoers/pwutil.c:252 #, c-format msgid "unable to cache uid %u, already exists" msgstr "" #: plugins/sudoers/pwutil.c:288 plugins/sudoers/pwutil.c:297 #, c-format msgid "unable to cache user %s, already exists" msgstr "" #: plugins/sudoers/pwutil.c:511 #, c-format msgid "unable to cache gid %u (%s), already exists" msgstr "" #: plugins/sudoers/pwutil.c:519 #, c-format msgid "unable to cache gid %u, already exists" msgstr "" #: plugins/sudoers/pwutil.c:548 plugins/sudoers/pwutil.c:557 #, c-format msgid "unable to cache group %s, already exists" msgstr "" #: plugins/sudoers/set_perms.c:249 plugins/sudoers/set_perms.c:476 #: plugins/sudoers/set_perms.c:710 #, c-format msgid "unable to change to sudoers gid" msgstr "" #: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:514 #: plugins/sudoers/set_perms.c:748 plugins/sudoers/set_perms.c:882 msgid "too many processes" msgstr "prozesu gehiegi" #: plugins/sudoers/set_perms.c:943 plugins/sudoers/set_perms.c:959 msgid "unable to set runas group vector" msgstr "" #: plugins/sudoers/set_perms.c:952 msgid "unable to get runas group vector" msgstr "" #: plugins/sudoers/sudo_nss.c:217 msgid "unable to reset group vector" msgstr "" #: plugins/sudoers/sudo_nss.c:223 msgid "unable to get group vector" msgstr "" #: plugins/sudoers/sudo_nss.c:266 #, c-format msgid "Matching Defaults entries for %s on this host:\n" msgstr "" #: plugins/sudoers/sudo_nss.c:279 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "" #: plugins/sudoers/sudo_nss.c:292 #, c-format msgid "User %s may run the following commands on this host:\n" msgstr "" #: plugins/sudoers/sudo_nss.c:302 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "" #: plugins/sudoers/sudoers.c:206 plugins/sudoers/sudoers.c:241 #: plugins/sudoers/sudoers.c:876 msgid "problem with defaults entries" msgstr "" #: plugins/sudoers/sudoers.c:210 #, c-format msgid "no valid sudoers sources found, quitting" msgstr "" #: plugins/sudoers/sudoers.c:264 #, c-format msgid "unable to execute %s: %s" msgstr "ezin da %s exekutatu: %s" #: plugins/sudoers/sudoers.c:311 #, c-format msgid "sudoers specifies that root is not allowed to sudo" msgstr "" #: plugins/sudoers/sudoers.c:318 #, c-format msgid "you are not permitted to use the -C option" msgstr "" #: plugins/sudoers/sudoers.c:407 #, c-format msgid "timestamp owner (%s): No such user" msgstr "data-zigiluaren jabea (%s): ez dago horrelako erabiltzailerik" #: plugins/sudoers/sudoers.c:423 msgid "no tty" msgstr "tty gabe" #: plugins/sudoers/sudoers.c:424 #, c-format msgid "sorry, you must have a tty to run sudo" msgstr "barkatu, tty bat behar duzu sudo abiarazteko" #: plugins/sudoers/sudoers.c:470 msgid "No user or host" msgstr "Ez dago erabiltzaile edo ostalaririk" #: plugins/sudoers/sudoers.c:484 plugins/sudoers/sudoers.c:505 #: plugins/sudoers/sudoers.c:506 plugins/sudoers/sudoers.c:1413 #: plugins/sudoers/sudoers.c:1414 #, c-format msgid "%s: command not found" msgstr "%s: komandoa ez da aurkitu" #: plugins/sudoers/sudoers.c:486 plugins/sudoers/sudoers.c:502 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" #: plugins/sudoers/sudoers.c:491 msgid "validation failure" msgstr "balidazio hutsegitea" #: plugins/sudoers/sudoers.c:501 msgid "command in current directory" msgstr "" #: plugins/sudoers/sudoers.c:513 #, c-format msgid "sorry, you are not allowed to preserve the environment" msgstr "" #: plugins/sudoers/sudoers.c:860 #, c-format msgid "internal error, set_cmnd() overflow" msgstr "" #: plugins/sudoers/sudoers.c:904 #, c-format msgid "fixed mode on %s" msgstr "" #: plugins/sudoers/sudoers.c:908 #, c-format msgid "set group on %s" msgstr "" #: plugins/sudoers/sudoers.c:911 #, c-format msgid "unable to set group on %s" msgstr "" #: plugins/sudoers/sudoers.c:914 #, c-format msgid "unable to fix mode on %s" msgstr "" #: plugins/sudoers/sudoers.c:927 #, c-format msgid "%s is not a regular file" msgstr "" #: plugins/sudoers/sudoers.c:929 #, c-format msgid "%s is mode 0%o, should be 0%o" msgstr "" #: plugins/sudoers/sudoers.c:933 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "" #: plugins/sudoers/sudoers.c:936 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "" #: plugins/sudoers/sudoers.c:980 #, c-format msgid "only root can use `-c %s'" msgstr "soilik root-ek erabili dezake `-c %s'" #: plugins/sudoers/sudoers.c:990 #, c-format msgid "unknown login class: %s" msgstr "" #: plugins/sudoers/sudoers.c:1024 #, c-format msgid "unable to resolve host %s" msgstr "" #: plugins/sudoers/sudoers.c:1076 plugins/sudoers/testsudoers.c:342 #, c-format msgid "unknown group: %s" msgstr "talde ezezaguna: %s" #: plugins/sudoers/sudoers.c:1108 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "" #: plugins/sudoers/sudoers.c:1110 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "" #: plugins/sudoers/sudoers.c:1114 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" "\n" "Sudoers-en bidea: %s\n" #: plugins/sudoers/sudoers.c:1117 #, c-format msgid "nsswitch path: %s\n" msgstr "nsswitch-en bidea: %s\n" #: plugins/sudoers/sudoers.c:1119 #, c-format msgid "ldap.conf path: %s\n" msgstr "ldap.conf-en bidea: %s\n" #: plugins/sudoers/sudoers.c:1120 #, c-format msgid "ldap.secret path: %s\n" msgstr "ldap.secret-en bidea: %s\n" #: plugins/sudoers/sudoreplay.c:265 #, c-format msgid "invalid filter option: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:278 #, c-format msgid "invalid max wait: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:284 #, c-format msgid "invalid speed factor: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:287 plugins/sudoers/visudo.c:174 #, c-format msgid "%s version %s\n" msgstr "%s bertsioa %s\n" #: plugins/sudoers/sudoreplay.c:310 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:316 #, c-format msgid "%s/%s/timing: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:341 #, c-format msgid "invalid log file %s" msgstr "baliogabeko %s log fitxategia" #: plugins/sudoers/sudoreplay.c:343 #, c-format msgid "Replaying sudo session: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:369 #, c-format msgid "unable to set tty to raw mode" msgstr "" #: plugins/sudoers/sudoreplay.c:383 #, c-format msgid "invalid timing file line: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:425 #, c-format msgid "writing to standard output" msgstr "" #: plugins/sudoers/sudoreplay.c:455 #, c-format msgid "nanosleep: tv_sec %ld, tv_nsec %ld" msgstr "" #: plugins/sudoers/sudoreplay.c:503 plugins/sudoers/sudoreplay.c:528 #, c-format msgid "ambiguous expression \"%s\"" msgstr "" #: plugins/sudoers/sudoreplay.c:545 #, c-format msgid "too many parenthesized expressions, max %d" msgstr "" #: plugins/sudoers/sudoreplay.c:556 #, c-format msgid "unmatched ')' in expression" msgstr "" #: plugins/sudoers/sudoreplay.c:562 #, c-format msgid "unknown search term \"%s\"" msgstr "" #: plugins/sudoers/sudoreplay.c:576 #, c-format msgid "%s requires an argument" msgstr "" #: plugins/sudoers/sudoreplay.c:580 #, c-format msgid "invalid regular expression: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:586 #, c-format msgid "could not parse date \"%s\"" msgstr "" #: plugins/sudoers/sudoreplay.c:599 #, c-format msgid "unmatched '(' in expression" msgstr "" #: plugins/sudoers/sudoreplay.c:601 #, c-format msgid "illegal trailing \"or\"" msgstr "" #: plugins/sudoers/sudoreplay.c:603 #, c-format msgid "illegal trailing \"!\"" msgstr "" #: plugins/sudoers/sudoreplay.c:819 #, c-format msgid "invalid regex: %s" msgstr "baliogabeko regex-a: %s" #: plugins/sudoers/sudoreplay.c:941 #, c-format msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" msgstr "" #: plugins/sudoers/sudoreplay.c:944 #, c-format msgid "usage: %s [-h] [-d directory] -l [search expression]\n" msgstr "" #: plugins/sudoers/sudoreplay.c:953 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" #: plugins/sudoers/sudoreplay.c:955 msgid "" "\n" "Options:\n" " -d directory specify directory for session logs\n" " -f filter specify which I/O type to display\n" " -h display help message and exit\n" " -l [expression] list available session IDs that match expression\n" " -m max_wait max number of seconds to wait between events\n" " -s speed_factor speed up or slow down output\n" " -V display version information and exit" msgstr "" #: plugins/sudoers/testsudoers.c:228 #, c-format msgid "internal error, init_vars() overflow" msgstr "" #: plugins/sudoers/testsudoers.c:304 msgid "\thost unmatched" msgstr "" #: plugins/sudoers/testsudoers.c:307 msgid "" "\n" "Command allowed" msgstr "" #: plugins/sudoers/testsudoers.c:308 msgid "" "\n" "Command denied" msgstr "" #: plugins/sudoers/testsudoers.c:308 msgid "" "\n" "Command unmatched" msgstr "" #: toke.l:667 toke.l:793 toke.l:818 toke.l:904 plugins/sudoers/toke_util.c:111 #: plugins/sudoers/toke_util.c:163 plugins/sudoers/toke_util.c:202 msgid "unable to allocate memory" msgstr "" #: toke.l:786 msgid "too many levels of includes" msgstr "include maila gehiegi" #: plugins/sudoers/toke_util.c:213 msgid "fill_args: buffer overflow" msgstr "fill_args: buffer overflow" #: plugins/sudoers/visudo.c:175 #, c-format msgid "%s grammar version %d\n" msgstr "" #: plugins/sudoers/visudo.c:208 plugins/sudoers/auth/rfc1938.c:103 #, c-format msgid "you do not exist in the %s database" msgstr "ez zara %s datubasean existitzen" #: plugins/sudoers/visudo.c:238 plugins/sudoers/visudo.c:470 #, c-format msgid "press return to edit %s: " msgstr "sakatu intro %s editatzeko:" #: plugins/sudoers/visudo.c:300 plugins/sudoers/visudo.c:306 #, c-format msgid "write error" msgstr "idazketa errorea" #: plugins/sudoers/visudo.c:360 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:365 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:371 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:394 #, c-format msgid "%s unchanged" msgstr "%s aldatu gabea" #: plugins/sudoers/visudo.c:418 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "" #: plugins/sudoers/visudo.c:428 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "" #: plugins/sudoers/visudo.c:463 #, c-format msgid "internal error, unable to find %s in list!" msgstr "" #: plugins/sudoers/visudo.c:502 plugins/sudoers/visudo.c:511 #, c-format msgid "unable to set (uid, gid) of %s to (%d, %d)" msgstr "" #: plugins/sudoers/visudo.c:506 plugins/sudoers/visudo.c:516 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "" #: plugins/sudoers/visudo.c:533 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "" #: plugins/sudoers/visudo.c:547 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:557 #, c-format msgid "error renaming %s, %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:617 msgid "What now? " msgstr "Eta orain?" #: plugins/sudoers/visudo.c:631 msgid "" "Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" #: plugins/sudoers/visudo.c:668 #, c-format msgid "unable to execute %s" msgstr "ezin da %s exekutatu" #: plugins/sudoers/visudo.c:675 #, c-format msgid "unable to run %s" msgstr "ezin da %s abiarazi" #: plugins/sudoers/visudo.c:706 #, c-format msgid "failed to parse %s file, unknown error" msgstr "" #: plugins/sudoers/visudo.c:718 #, c-format msgid "parse error in %s near line %d\n" msgstr "" #: plugins/sudoers/visudo.c:721 #, c-format msgid "parse error in %s\n" msgstr "" #: plugins/sudoers/visudo.c:723 #, c-format msgid "%s: parsed OK\n" msgstr "" #: plugins/sudoers/visudo.c:737 #, c-format msgid "%s: wrong owner (uid, gid) should be (%d, %d)\n" msgstr "" #: plugins/sudoers/visudo.c:744 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "" #: plugins/sudoers/visudo.c:783 #, c-format msgid "%s busy, try again later" msgstr "%s okupatuta, saiatu berriz beranduago" #: plugins/sudoers/visudo.c:826 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "" #: plugins/sudoers/visudo.c:849 #, c-format msgid "unable to stat editor (%s)" msgstr "" #: plugins/sudoers/visudo.c:897 #, c-format msgid "no editor found (editor path = %s)" msgstr "" #: plugins/sudoers/visudo.c:986 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "" #: plugins/sudoers/visudo.c:987 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "" #: plugins/sudoers/visudo.c:990 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "" #: plugins/sudoers/visudo.c:991 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "" #: plugins/sudoers/visudo.c:1128 #, c-format msgid "%s: unused %s_Alias %s" msgstr "" #: plugins/sudoers/visudo.c:1185 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" #: plugins/sudoers/visudo.c:1187 msgid "" "\n" "Options:\n" " -c check-only mode\n" " -f sudoers specify sudoers file location\n" " -h display help message and exit\n" " -q less verbose (quiet) syntax error messages\n" " -s strict syntax checking\n" " -V display version information and exit" msgstr "" #: plugins/sudoers/auth/bsdauth.c:64 msgid "unable to begin bsd authentication" msgstr "" #: plugins/sudoers/auth/bsdauth.c:71 msgid "invalid authentication type" msgstr "" #: plugins/sudoers/auth/bsdauth.c:79 msgid "unable to setup authentication" msgstr "" #: plugins/sudoers/auth/fwtk.c:59 #, c-format msgid "unable to read fwtk config" msgstr "" #: plugins/sudoers/auth/fwtk.c:64 #, c-format msgid "unable to connect to authentication server" msgstr "" #: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:93 #: plugins/sudoers/auth/fwtk.c:126 #, c-format msgid "lost connection to authentication server" msgstr "" #: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" #: plugins/sudoers/auth/kerb5.c:114 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:127 #, c-format msgid "%s: unable to unparse princ ('%s'): %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:144 #, c-format msgid "%s: unable to resolve ccache: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:188 #, c-format msgid "%s: unable to allocate options: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:204 #, c-format msgid "%s: unable to get credentials: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to initialize ccache: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:221 #, c-format msgid "%s: unable to store cred in ccache: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:284 #, c-format msgid "%s: unable to get host principal: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:299 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "" #: plugins/sudoers/auth/pam.c:99 msgid "unable to initialize PAM" msgstr "ezin da PAM hasieratu" #: plugins/sudoers/auth/pam.c:142 msgid "account validation failure, is your account locked?" msgstr "" #: plugins/sudoers/auth/pam.c:146 msgid "Account or password is expired, reset your password and try again" msgstr "" #: plugins/sudoers/auth/pam.c:153 #, c-format msgid "pam_chauthtok: %s" msgstr "pam_chauthtok: %s" #: plugins/sudoers/auth/pam.c:157 msgid "Password expired, contact your system administrator" msgstr "" #: plugins/sudoers/auth/pam.c:161 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "" #: plugins/sudoers/auth/pam.c:176 #, c-format msgid "pam_authenticate: %s" msgstr "pam_authenticate: %s" #: plugins/sudoers/auth/pam.c:296 msgid "Password: " msgstr "Pasahitza: " #: plugins/sudoers/auth/pam.c:297 msgid "Password:" msgstr "Pasahitza:" #: plugins/sudoers/auth/securid.c:82 plugins/sudoers/auth/securid5.c:106 #, c-format msgid "unable to contact the SecurID server" msgstr "" #: plugins/sudoers/auth/securid5.c:81 #, c-format msgid "failed to initialise the ACE API library" msgstr "" #: plugins/sudoers/auth/securid5.c:115 #, c-format msgid "User ID locked for SecurID Authentication" msgstr "" #: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:169 #, c-format msgid "invalid username length for SecurID" msgstr "" #: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:174 #, c-format msgid "invalid Authentication Handle for SecurID" msgstr "" #: plugins/sudoers/auth/securid5.c:127 #, c-format msgid "SecurID communication failed" msgstr "" #: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:213 #, c-format msgid "unknown SecurID error" msgstr "" #: plugins/sudoers/auth/securid5.c:164 #, c-format msgid "invalid passcode length for SecurID" msgstr "" #: plugins/sudoers/auth/sia.c:106 msgid "unable to initialize SIA session" msgstr "" #: plugins/sudoers/auth/sudo_auth.c:124 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "" #: plugins/sudoers/auth/sudo_auth.c:134 msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication." msgstr "" #: plugins/sudoers/auth/sudo_auth.c:243 #, c-format msgid "%d incorrect password attempt" msgid_plural "%d incorrect password attempts" msgstr[0] "pasahitz sartze saiakera oker %d" msgstr[1] "%d pasahitz sartze saiakera oker" #: plugins/sudoers/auth/sudo_auth.c:335 msgid "Authentication methods:" msgstr "Autentikazio metodoak:" sudo-1.8.9p5/plugins/sudoers/po/fi.mo010064400175440000012000001135451226304146200170730ustar00millertstaffÞ•R¬ É<`arƒ“¦¶fË´2çøý  ! !&!5!G!X!a!~!#ž!9Â!ü!&")<"f"}"F–"@Ý"###B#f#{#!–#$¸#Ý# õ#$3$3E$y$–$§$®$+½$(é$%;(%d%y%ˆ% —%¸%Ø%î%"&41&!f&$ˆ&-­&Û&*ø&+#'O'f'.€'<¯'#ì'd(Au(9·(ñ()+)>F)?…)2Å)#ø)!*4>*?s*8³*ì*.+3+#P+2t+§+#Ã+1ç+<,*V,", ¤,/Å,õ,$-@8-/y-©-8Ä-<ý-F:.3.µ.É.5è.q/)/:º/$õ/'0=B0-€0'®0)Ö0*1(+1#T1x1'ˆ12°1?ã1#2-±2ß2ü2(33=3%q3 —3(¡3Ê3ß3(ø3.!4%P4Ev4+¼4=è46&5G]5¥5Ä55à5(63?6s6'…6,­63Ú637B75_7'•75½7&ó7:8U8m8.‰8=¸8ö8C9'L9"t9 —9!¸97Ú9?:AR:V”:“ë:';0§;LØ;*%<.P<)<F©<'ð<1=1J=|=@œ= Ý=7è=9 >Z>3q>¥>¿>Ö>(ö>?CZCmC!‡C©C»CÎCíC D!D6DPD6nDI¥D&ïD#E\:E'—E)¿E8éE("F2KF,~F2«F"ÞFG(GFGbG"uG˜G&´G(ÛG1H&6H']H%…H"«HÎHëH I'IGI*eI$IµIÉIáIöI J*0J[JjJ}J˜J%¯J'ÕJýJK 4K,UKC‚KÆKÜK!üKL1LCL_LL—L4µLêLüL1M$IMnMˆM™M*¶M áMN N2N0MN~N3”NÈNÞNúN O$O=OTOdOuO‘O­O!ËO/íO-PKPgP{P%ŽP%´P ÚP*æP#Q&5Q-\Q±ŠQˆa)ÇañaHqb5ºb,ðb,c!JcLlcC¹c>ýc)Ÿk?Þk.l,Ml&zl<¡l8Þl'm?m"^mAm`Ãm±$n(Önÿno95oCoo.³o âo&ìop,p%Lp/rp!¢pFÄp0 q9sÀsFàsG't]ot>Íth uuu”u+±uSÝu1vZLv@§v!èv# w'.wGVwPžwMïwU=x““xb'yHŠyiÓy@=z>~z1½zQïz3A{,u{D¢{+ç{M| a|:l|<§|ä|+÷|%#}I}\}2x} «}Ì}5ä}-~'H~.p~+Ÿ~:Ë~Œ!%®&ÔûB€7[€6“€Ê€ç€!$%2J(}¦&Å$ì4‚F‚[‚)r‚œ‚)´‚ Þ‚7é‚.!ƒPƒ;dƒ ƒ ¿ƒ!àƒ4„57„m„ˆ„(¡„Ê„&Ý„6…+;…)g…t‘…(†0/†4`†/•†/ņ2õ†@(‡.i‡"˜‡0»‡ì‡ˆ*ˆ)GˆKqˆG½ˆc‰Ui‰Q¿‰3Š,EŠ/rŠ0¢Š0ÓŠ1‹<6‹1s‹3¥‹'Ù‹:Œ%<Œ)bŒ6ŒŒ@ÃŒ%)*%Tz9™)Ó)ý'Ž%GŽ?mŽK­Ž&ùŽ/ BP+“!¿+á, !:2\J!Ú-ü5*‘/`‘)‘%º‘)à‘@ ’-K’*y’(¤’1Í’Rÿ’)R“H|“œޓý“ ”4”R”&k”’”%­”%Ó”/ù”()•2R•E…•,Ë•&ø•–31–8e–ž–$­– Ò–;ó–5/—+í4ÁGFý6RKƒLŒ¼¶” ¡zÇO«E[Àê|B%ø†i5mM¬@Ã)ÒV^’ž %Kã‡ØQB(“¾¸ÊOU(Ä#x;° Ùe &!.²®8¨4·Í#è½ßJ;:Nôü­>Aˆ¯sovd,j•I´8 "ánÏÌI><N„=@rб€¢©/Üt{5ï<›œa '+â1Ûfé)û£"—lðþ÷y˜JG‚ÝŪÿP0Š -‘H»¥Ÿ9àcºëæµE2LQ=g¦…]Rú$õ–HÔWDóÂSkä:Þ`XY* F32ZùìòTC¿.7!ÖP¤×wh§9b' Ñuñ~p_ šÈ 7&ÓÉ\$ç?‹MËŽ0Æö*å/3D,C61 }ÕAÚ -?¹Îq³ host unmatched Command allowed Command denied Command unmatched LDAP Role: %s LDAP Role: UNKNOWN Options: -c, --check check-only mode -f, --file=file specify sudoers file location -h, --help display help message and exit -q, --quiet less verbose (quiet) syntax error messages -s, --strict strict syntax checking -V, --version display version information and exit -x, --export=file export sudoers in JSON format Options: -d, --directory=dir specify directory for session logs -f, --filter=filter specify which I/O type(s) to display -h, --help display help message and exit -l, --list list available session IDs, with optional expression -m, --max-wait=num max number of seconds to wait between events -s, --speed=num speed up or slow down output -V, --version display version information and exit Sudoers entry: Sudoers path: %s We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Commands: Options: Order: %s RunAsGroups: RunAsUsers: %8s : %s%8s : (command continued) %s%s - replay sudo session logs %s - safely edit the sudoers file %s and %s not on the same file system, using mv to rename%s busy, try again later%s exists but is not a directory (0%o)%s exists but is not a regular file (0%o)%s grammar version %d %s is not a regular file%s is not allowed to run sudo on %s. This incident will be reported. %s is not in the sudoers file. This incident will be reported. %s is owned by gid %u, should be %u%s is owned by uid %u, should be %u%s is world writable%s must be owned by uid %d%s must only be writable by owner%s owned by uid %u, should be uid %u%s requires an argument%s unchanged%s version %s %s writable by non-owner (0%o), should be mode 0600%s writable by non-owner (0%o), should be mode 0700%s/%.2s/%.2s/%.2s/timing: %s%s/%s/timing: %s%s: %s%s: %s: %s: %s%s: Cannot verify TGT! Possible attack!: %s%s: bad permissions, should be mode 0%o %s: command not found%s: incompatible group plugin major version %d, expected %d%s: invalid log file%s: parsed OK %s: read error%s: runas group field is missing%s: runas user field is missing%s: time stamp %s: %s%s: time stamp field is missing%s: unable to allocate options: %s%s: unable to convert principal to string ('%s'): %s%s: unable to get credentials: %s%s: unable to get host principal: %s%s: unable to initialize credential cache: %s%s: unable to parse '%s': %s%s: unable to resolve credential cache: %s%s: unable to store credential in cache: %s%s: unused %s_Alias %s%s: user field is missing%s: wrong owner (uid, gid) should be (%u, %u) %u incorrect password attempt%u incorrect password attempts*** SECURITY information for %h ***Account expired or PAM config lacks an "account" section for sudo, contact your system administratorAccount or password is expired, reset your password and try againAdd an entry to the utmp/utmpx file when allocating a ptyAddress to send mail from: %sAddress to send mail to: %sAlias `%s' already definedAllow some information gathering to give useful error messagesAllow sudo to prompt for a password even if it would be visibleAllow users to set arbitrary environment variablesAlways run commands in a pseudo-ttyAlways send mail when sudo is runAlways set $HOME to the target user's home directoryApply defaults in the target user's login class if there is oneAttempt to establish PAM credentials for the target userAuthentication methods:Authentication timestamp timeout: %.1f minutesCompress I/O logs using zlibCould not determine audit conditionCreate a new PAM session for the command to run inDefault password prompt: %sDefault user to run commands as: %sDirectory in which to store input/output logs: %sDon't initialize the group vector to that of the target userEnvironment variables to check for sanity:Environment variables to preserve:Environment variables to remove:Error: %s_Alias `%s' referenced but not definedError: cycle in %s_Alias `%s'File containing the sudo lecture: %sFile descriptors >= %d will be closed before executing a commandFile in which to store the input/output log: %sFlags for mail program: %sIf LDAP directory is up, do we ignore local sudoers fileIf set, passprompt will override system prompt in all cases.If set, users may override the value of `closefrom' with the -C optionIf sudo is invoked with no arguments, start a shellIgnore '.' in $PATHIncorrect password message: %sInsult the user when they enter an incorrect passwordInvalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication.Lecture user the first time they run sudoLength at which to wrap log file lines (0 for no wrap): %uLocal IP address and netmask pairs: Locale to use while parsing sudoers: %sLog geometry is %d x %d, your terminal's geometry is %d x %d.Log the hostname in the (non-syslog) log fileLog the output of the command being runLog the year in the (non-syslog) log fileLog user's input for the command being runMatching Defaults entries for %s on %s: Maximum I/O log sequence number: %uNo user or hostNumber of tries to enter a password: %uOnly allow the user to run sudo if they have a ttyOnly set the effective uid to the target user, not the real uidOptions are: (e)dit sudoers file again e(x)it without saving changes to sudoers file (Q)uit and save changes to sudoers file (DANGER!) Owner of the authentication timestamp dir: %sPAM authentication error: %sPAM service name to usePAM service name to use for login shellsPassword expired, contact your system administratorPassword prompt timeout: %.1f minutesPassword:Path to authentication timestamp dir: %sPath to log file: %sPath to mail program: %sPath to the editor for use by visudo: %sPath to the sudo-specific environment file: %sPlugin for non-Unix group support: %sPreload the dummy exec functions contained in the sudo_noexec libraryPrompt for root's password, not the users'sPrompt for the runas_default user's password, not the users'sPrompt for the target user's password, not the users'sProvide visual feedback at the password prompt when there is user inputPut OTP prompt on its own lineReplaying sudo session: %s Require fully-qualified hostnames in the sudoers fileRequire users to authenticate by defaultReset the environment to a default set of variablesRoot may run sudoRun commands on a pty in the backgroundRunas and Command-specific defaults for %s: SELinux role to use in the new security context: %sSELinux type to use in the new security context: %sSecurID communication failedSend mail if the user is not allowed to run a commandSend mail if the user is not in sudoersSend mail if the user is not in sudoers for this hostSend mail if user authentication failsSet $HOME to the target user when starting a shell with -sSet of limit privilegesSet of permitted privilegesSet the LOGNAME and USER environment variablesSet the user in utmp to the runas user, not the invoking userSorry, try again.Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s. Sorry, user %s may not run sudo on %s. Subject line for mail messages: %sSudoers file grammar version %d Sudoers policy plugin version %s Syslog facility if syslog is being used for logging: %sSyslog priority to use when user authenticates successfully: %sSyslog priority to use when user authenticates unsuccessfully: %sThe umask specified in sudoers will override the user's, even if it is more permissiveThere are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option.Umask to use or 0777 to use user's: 0%oUse a separate timestamp for each user/tty comboUse faster globbing that is less accurate but does not access the filesystemUser %s is not allowed to run sudo on %s. User %s may run the following commands on %s: User ID locked for SecurID AuthenticationUsers in this group are exempt from password and PATH requirements: %sValue to override user's $PATH with: %sVisudo will honor the EDITOR environment variableWarning: %s_Alias `%s' referenced but not definedWarning: cycle in %s_Alias `%s'Warning: your terminal is too small to properly replay the log. What now? When to require a password for 'list' pseudocommand: %sWhen to require a password for 'verify' pseudocommand: %sa password is requiredaccount validation failure, is your account locked?ambiguous expression "%s"authentication failureauthentication server error: %scommand failed: '%s %s %s', %s unchangedcommand in current directorycommand not allowedcould not parse date "%s"digest for %s (%s) is not in %s formeditor (%s) failed, %s unchangederror renaming %s, %s unchangedfailed to initialise the ACE API libraryfailed to parse %s file, unknown errorfill_args: buffer overflowignoring `%s' found in '.' Use `sudo ./%s' if this is the `%s' you wish to run.illegal trailing "!"illegal trailing "or"internal error, %s overflowinternal error, unable to find %s in list!internal error: insufficient space for log lineinvalid Authentication Handle for SecurIDinvalid authentication methodsinvalid authentication typeinvalid filter option: %sinvalid max wait: %sinvalid passcode length for SecurIDinvalid regular expression: %sinvalid speed factor: %sinvalid sudoOrder attribute: %sinvalid timing file line: %sinvalid username length for SecurIDldap.conf path: %s ldap.secret path: %s lost connection to authentication serverno authentication methodsno editor found (editor path = %s)no ttyno valid sudoers sources found, quittingno value specified for `%s'nsswitch path: %s only root can use `-c %s'option `%s' does not take a valueparse error in %sparse error in %s parse error in %s near line %dparse error in %s near line %d perm stack overflowperm stack underflowpress return to edit %s: problem with defaults entriessorry, you are not allowed to preserve the environmentsorry, you are not allowed to set the following environment variables: %ssorry, you must have a tty to run sudospecified editor (%s) doesn't existstart_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()starttls not supported when using ldapssudo_ldap_build_pass1 allocation mismatchsudo_ldap_conf_add_ports: out of space expanding hostbufsudo_ldap_conf_add_ports: port too largesudo_ldap_parse_uri: out of space building hostbufsudo_putenv: corrupted envp, length mismatchsudoers specifies that root is not allowed to sudotimestamp owner (%s): No such usertimestamp path too long: %stimestamp too far in the future: %20.20stoo many levels of includestoo many processesunable to begin bsd authenticationunable to build time filterunable to cache gid %u, already existsunable to cache group %s, already existsunable to cache group list for %s, already existsunable to cache uid %u, already existsunable to cache user %s, already existsunable to change expired password: %sunable to change mode of %s to 0%ounable to change to root gidunable to change to runas gidunable to change to runas uidunable to change to sudoers gidunable to commit audit recordunable to connect to authentication serverunable to contact the SecurID serverunable to create %sunable to dup stdin: %munable to execute %sunable to execute %s: %munable to find symbol "%s" in %sunable to find symbol "group_plugin" in %sunable to forkunable to fork: %munable to format timestampunable to get GMT timeunable to get login class for user %sunable to initialize BSD authenticationunable to initialize LDAP: %sunable to initialize PAMunable to initialize SIA sessionunable to initialize SSL cert and key db: %sunable to initialize SSS source. Is SSSD installed on your machine?unable to load %s: %sunable to lock log file: %s: %sunable to mix ldap and ldaps URIsunable to mkdir %sunable to open %sunable to open audit systemunable to open log file: %s: %sunable to open pipe: %munable to parse groups for %sunable to re-open temporary file (%s), %s unchanged.unable to read %sunable to read fwtk configunable to remove %s, will reset to the Unix epochunable to reset %s to the Unix epochunable to resolve host %sunable to run %sunable to send audit messageunable to set (uid, gid) of %s to (%u, %u)unable to set runas group vectorunable to set tty to raw modeunable to stat %sunable to stat editor (%s)unable to stat temporary file (%s), %s unchangedunable to write to %sunabled to parse temporary file (%s), unknown errorunknown SecurID errorunknown defaults entry `%s'unknown group: %sunknown login class: %sunknown search term "%s"unknown search type %dunknown uid: %uunknown user: %sunmatched '(' in expressionunmatched ')' in expressionunsupported LDAP uri type: %sunsupported digest type %d for %susage: %s [-h] [-d dir] -l [search expression] usage: %s [-h] [-d dir] [-m num] [-s num] ID user NOT authorized on hostuser NOT in sudoersvalidation failurevalue `%s' is invalid for option `%s'values for `%s' must start with a '/'write erroryou are not permitted to use the -C optionyou do not exist in the %s databaseyou must set TLS_CERT in %s to use SSLzero length temporary file (%s), %s unchangedProject-Id-Version: sudoers 1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-17 10:47-0700 PO-Revision-Date: 2013-12-31 07:30+0200 Last-Translator: Jorma Karvonen Language-Team: Finnish Language: fi MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=n != 1; tietokone täsmäämätön Komento sallittu Komento kielletty Täsmäämätön komento LDAP-rooli: %s LDAP-rooli: TUNTEMATON Valitsimet: -c, --check vain tarkistus -tila -f, --file=tiedosto määrittele sudoers-tiedoston sijainti -h, --help näytä opasteteksti ja poistu -q, --quiet vähemmän laveat (hiljaiset) syntaksivirheviestit -s, --strict tiukka syntaksitarkistus -V, --version näytä versiotiedot ja poistu -x, --export=tiedosto vie sudoers-tiedosto JSON-muodossa Valitsimet: -d, --directory=hakemisto määrittele istuntolokien hakemisto -f, --filter=suodatin määrittele, mitä siirräntätyyppiä näytetään -h, --help näytä opasteviesti ja poistu -l, --list [lauseke] luettele käytettävissä oleva istuntotunnisteet, jotka täsmäävät lausekkeeseen -m, --max-wait=numero maksimisodotusaika tapahtumien välien enimmäisodotusaika sekunteina -s, --speed=numero nopeustekijä nopeuta tai hidasta tulostusta -V, --version näytä versiotiedot ja poistu Sudoers-rivi: Sudoers-polku: %s Luotamme siihen, että olet vastaanottanut tavallisen luennon paikalliselta Järjestelmä- hallinnoijalta. Se tavallisesti tiivistyy näihin kolmeen asiaan: #1) Kunnioita muiden yksityisyyttä. #2) Ajattele ennen kuin kirjoitat. #3) Suuren voiman mukana tulee suuri vastuu. Komennot: Valitsimet: Järjestys: %s SuoritaRyhmänä: SuoritaKäyttäjänä: %8s : %s%8s: (komento jatkui) %s%s - toista sudo-istuntolokit %s - muokkaa sudoers-tiedostoa turvallisesti %s ja %s eivät ole samassa tiedostojärjestelmässä, käytetään komentoa mv uudelleennimeämiseen%s varattu, yritä myöhemmin uudelleen%s on olemassa, mutta ei ole hakemisto (0%o)%s on olemassa, mutta ei ole tavallinen tiedosto (0%o)%s kielioppiversio %d %s ei ole tavallinen tiedostokäyttäjä %s ei saa suorittaa komentoa sudo tietokoneella %s. Tästä tapahtumasta ilmoitetaan. käyttäjä %s ei ole sudoers-tiedostossa. Tästä tapahtumasta ilmoitetaan. %s on gid %u -ryhmän omistama, pitäisi olla %u%s on uid %u -käyttäjän omistama, pitäisi olla %u%s on yleiskirjoitettava%s-omistajan on oltava uid %d%s on vain omistajan kirjoitettava%s on uid %u:n omistama, pitäisi olla uid %u:n omistama%s vaatii argumentin%s ennallaan%s versio %s %s on kirjoitettava ei-omistajalle (0%o), pitäisi olla tila 0600%s on kirjoitettava ei-omistajalle (0%o), pitäisi olla tila 0700%s/%.2s/%.2s/%.2s/ajoitus: %s%s/%s/ajoitus: %s%s: %s%s: %s: %s: %s%s: TGT-lipun todentaminen epäonnistui! Mahdollinen hyökkäys!: %s%s: väärät käyttöoikeudet, pitäisi olla tila 0%o %s: komentoa ei löytynyt%s: yhteensopimaton ryhmälisäosan major-versio %d, odotettiin %d%s: virheellinen lokitiedosto%s: jäsentäminen valmis %s: kirjoitusvirhe%s: suorita ryhmänä-kenttä puuttuu%s: suorita käyttäjänä-kenttä puuttuu%s: aikaleima %s: %s%s: aikaleimakenttä puuttuu%s: muistin varaaminen valitsimille epäonnistui: %s%s: valtuutetun (’%s’) muuntaminen merkkijonoksi epäonnistui: %s%s: valtuustietojen hakeminen epäonnistui: %s%s: tietokoneen valtuutetun hakeminen epäonnistui: %s%s: valtuustietovälimuistin alustaminen epäonnistui: %s%s: todentamisnimen ’%s’ jäsentäminen epäonnistui: %s%s: valtuustietovälimuistin ratkaiseminen epäonnistui: %s%s: valtuustietojen tallentaminen valtuustietovälimuistiin epäonnistui: %s%s: käyttämätön %s_Alias %s%s: käyttäjäkenttä puuttuu%s: väärä omistaja (uid, gid), pitäisi olla (%u, %u) %u väärä salasana yritetty%u väärää salasanaa yritetty*** TURVALLISUUS-tietoja kohteelle %h ***Tili vanhentunut tai PAM-asetuksista puuttuu â€accountâ€-lohko sudo-komennolle, ota yhteyttä järjestelmän ylläpitäjäänTili tai salasana on vanhentunut, nollaa salasanasi tai yritä uudelleenLisää rivi utmp-/utmpx-tiedostoon, kun varataan ptyOsoite, josta sähköposti lähetetään: %sOsoite, johon sähköposti lähetetään: %sAlias â€%s†on jo määriteltySalli jotain tietojenkeräystä hyödyllisten virheilmoitusten tarjoamiseksiSalli sudo-ohjelman kysyä salasana vieläpä jos se olisi näkyväSalli käyttäjien asettaa mielivaltaisia ympäristömuuttujiaSuorita aina komennot näennäis-tty:ssäLähetä aina sähkopostia, kun sudo suoritetaanAseta $HOME-muuttujaksi aina kohdekäyttäjän kotihakemistoKäytä oletuksia kohdekäyttäjän kirjautumisluokassa, jos siinä on yhtäänYritys perustaa PAM-valtuustiedot kohdekäyttäjälleTodennusmenetelmät:Todennusaikaleiman aikavalvonta: %.1f minuuttiaTiivistä siirräntälokit käyttäen zlib-ohjelmaaAudit-ehdon määrittely epäonnistuiLuo uusi PAM-istunto suoritettavalle komennolleOletussalasanakehote: %sOletuskäyttäjä suorittaa komennot käyttäjänä: %sHakemisto, johon tallennetaan syöte-/tulostelokit: %sÄlä alusta ryhmävektoria kohdekäyttäjän vastaavaan arvoonYmpäristömuuttujat, joille tehdään järkevyystarkistus:Säilytettävät ympäristömuuttujat:Poistettavat ympäristömuuttujat:Virhe: %s_Alias â€%s†uudelleenviitattu, mutta ei määriteltyVirhe: jakso kohteessa %s_Alias â€%sâ€Tiedosto, joka sisältää sudo-saarnan: %sTiedostokuvaajat >= %d suljetaan ennen komennon suoritustaTiedosto, johon tallennetaan syöte-/tulosteloki: %sSähköpostiohjelman liput: %sJos LDAP-hakemisto on ylhäällä, ohitammeko paikallisen sudoers-tiedostonJos asetettu, salasanakehote korvaa järjestelmäkehotteen kaikissa tapauksissa.Jos asetettu, käyttäjä voi korvata ’closefrom’-arvon valitsimella -CJos sudo-ohjelmaa kutsutaan ilman argumentteja, käynnistä käyttöjärjestelmäkuoriOhita ’.’ $PATH-asetuksessaVirheellinen salasanaviesti: %sSolvaa käyttäjiä, kun he kirjoittavat väärän salasananVirheellisiä todennusmenetelmiä käännetty sudo-ohjelmaan! Yksittäisiä ja ei-yksittäisiä todennuksia ei voi sekoittaa keskenään.Saarnaa ensimmäistä kertaa sudo-ohjelmaa käyttävällePituus, jossa pitkät lokitiedostorivit jaetaan seuraavalle riville (0 ei jaeta): %uPaikallinen ip-osoite ja verkkopeiteparit: Locale-asetus, jota käytetään sudoers-jäsentämisessä: %sLokigeometria on %d x %d, pääteikkunasi geometria on %d x %d.Kirjaa tietokonenimi (ei-syslog)lokitiedostoonKirjaa lokiin suoritettavan komennon tulosteKirjaa vuosi (ei-syslog)lokitiedostoonKirjaa lokiin käyttäjän syöte suoritettavalle komennolleTäsmäävät Defaults-rivit kohteelle %s kohteella %s: Suurin siirräntälokin sarjanumero: %uEi käyttäjä eikä tietokoneSalasanayritysten lukumäärä: %uSalli käyttäjien suorittaa sudo-ohjelma vain jos heillä on ttyAseta vain voimassa oleva uid-käyttäjätunniste kohdekäyttäjälle, ei oikeaa uid-tunnistettaValitsimia ovat: (e) muokkaa sudoers-tiedostoa uudelleen (x) poistu tallentamatta sudoers-tiedoston muutoksia (Q) poistu ja tallenna muutokset sudoers-tiedostoon (VAARA!) Todennusaikaleimahakemiston omistaja: %sPAM-todentamisvirhe: %sKäytettävä PAM-palvelunimiKirjautumiskomentotulkeille käytettävä PAM-palvelunimiSalasana vanhentunut, ota yhteyttä järjestelmän ylläpitäjäänSalasanakehotteen aikavalvonta: %.1f minuuttiaSalasana:Polku todennusaikaleimahakemistoon: %sPolku lokitiedostoon: %sPolku sähköpostiohjelmaan: %sVisudo-editorin käyttämä polku: %sPolku sudo-kohtaiseen ympäristötiedostoon: %sLisäosa ei-Unix-ryhmätuelle: %sEsilataa vale-exec-funktiot, jotka sisältyvät sudo_noexec-kirjastoonKysy root-käyttäjän salasana, ei käyttäjänKysy runas_default-käyttäjän salasana, ei käyttäjänKysy kohdekäyttäjän salasana, ei käyttäjänTarjoa visuaalista palautetta salasanakehotteelta silloin kun on käyttäjäsyöteLaita OPT-kehote omalle rivilleenToistetaan sudo-istunto: %s Vaadi täysin rakennettu tietokonenimi suoders-tiedostossaVaadi käyttäjien todennus oletuksenaNollaa ympäristö muuttujien oletusjoukoksiRoot voi suorittaa sudo-ohjelmanSuorita komentoja pty:llä taustallaRunas- ja Command-kohtaiset oletukset kohteelle %s: Uudessa turva-asiayhteydessä käytettävä SELinux-rooli: %sUudessa turva-asiayhteydessä käytettävä SELinux-tyyppi: %sSecurID-viestintä epäonnistuiLähetä sähköpostia, jos käyttäjän ei sallita suorittaa komentoaLähetä sähköpostia, jos käyttäjä ei ole sudoers-määrittelyssäLähetä sähköpostia, jos käyttäjä ei ole tällä tietokoneella sudoers-määrittelyssäLähetä sähköpostia, jos käyttäjän todennus epäonnistuuAseta $HOME-muuttujaksi kohdekäyttäjä kun käyttöjärjestelmäkuori käynnistetään valitsimella -sRajoitettuja käyttöoikeuksiaSallittuja käyttöoikeuksiaAseta LOGNAME- ja USER-ympäristömuuttujatAseta käyttäjäksi utmp-tiedostoon suorittava käyttäjä, ei kutsuva käyttäjäValitan, yritä uudelleen.Käyttäjän %s ei sallita suorittaa ’%s%s%s’ käyttäjänä %s%s%s tietokoneella %s. Käyttäjä %s ei voi suorittaa komentoa sudo tietokoneella %s. Sähköpostiviestin Aihe-rivi: %sSudoers-tiedostokielioppiversio %d Sudoers-menettelytapalisäosaversio %s Syslog-apuneuvo, jos syslog-lokia käytetään kirjautumista varten: %sKäytettävä syslog-prioriteetti, kun käyttäjä todennetaan onnistuneesti: %sKäytettävä syslog-prioriteetti, kun käyttäjän todennus epäonnistui: %sSudoers umask korvaa käyttäjän umask-määrittelyn, vieläpä jos se on sallivampiSudo-ohjelmaan ei ole käännetty todentamismenelmiä! Jos haluat kääntää pois todentamisen, käytä asetusvalitsinta --disable-authentication.Käytettävä umask-määrittely tai 0777 käytettäväksi käyttäjän umask-määrittelyksi: 0%oKäytä erillistä aikaleimaa jokaiselle käyttäjä/tty -yhdistelmälleKäyttää nopeampaa jokerimerkkien korvausta, joka on epätarkempi, mutta ei lue tiedostojärjestelmääKäyttäjä %s ei saa suorittaa komentoa sudo tietokoneella %s. Käyttäjä %s voi suorittaa seuraavat komennot kohteella %s: Käyttäjätunniste lukittu SecurID-todennukselleKäyttäjät tässä ryhmässä on vapautettu salasana- ja PATH-vaatimuksista: %sArvo, jolla korvataan käyttäjän $PATH-asetus: %sVisudo noudattaa EDITOR-ympäristömuuttujaaVaroitus: %s_Alias â€%s†uudelleenviitattu, mutta ei määriteltyVaroitus: jakso kohteessa %s_Alias â€%sâ€Varoitus: pääteikkunasi on liian pieni tämän lokin toistamiseksi oikein. Mitä nyt?Kun vaaditaan salasana ’list’-näennäiskomennolle: %sKun vaaditaan salasana ’verify’-näennäiskomennolle: %svaaditaan salasanatilikelpuutushäiriö, onko tilisi lukittu?monimerkityksellinen lauseke â€%sâ€todentamishäiriötodentamispalvelinvirhe: %skomento epäonnistui: ’%s %s %s’, %s ennallaankomento nykyisessä hakemistossakomento ei ole sallittupäivämäärän â€%s†jäsentäminen epäonnistuitiiviste kohteelle %s (%s) ei ole %s-muodossaeditori (%s) epäonnistui, %s ennallaanvirhe nimettäessä %s uudelleen, %s ennallaanACE API -kirjaston alustaminen epäonnistuitiedoston %s jäsentäminen epäonnistui, tuntematon virhefill_args: puskuriylivuotoohitetaan komento â€%sâ€, joka löytyi kohteesta ’.’ Käytä â€sudo ./%sâ€, jos tämä on â€%sâ€-komento, joka halutaan suorittaa.virheellinen jäljessä oleva â€!â€virheellinen jäljessä oleva â€orâ€sisäinen virhe, %s-ylivuotosisäinen virhe, kohteen %s löytäminen luettelosta epäonnistui!sisäinen virhe: riittämättömästi tilaa lokirivillevirheellinen todentamiskäsittelijä kohteelle SecurIDvirheelliset todennusmetoditvirheellinen todennustyyppivirheellinen suodatinvalitsin: %svirheellinen enimmäisodotusaika: %svirheellinen salasanakoodipituus kohteelle SecurIDvirheellinen säännöllinen lauseke: %svirheellinen nopeustekijä: %svirheellinen sudoOrder-attribuutti: %svirheellinen ajoitustiedostorivi: %svirheellinen käyttäjänimipituus kohteelle SecurIDldap.conf-polku: %s ldap.secret-polku: %s kadotettiin yhteys todentamispalvelimelleei todennusmenetelmiä:editoria ei löytynyt (editoripolku = %s)ei tty:täei löytynyt kelvollisia sudoers-lähteitä, poistutaanarvoa ei ole määritelty muuttujalle â€%sâ€nsswitch-polku: %s vain root-käyttäjä voi käyttää valitsinta â€-c %sâ€valitsin â€%s†ei ota arvoajäsentämisvirhe tiedostossa %sjäsentämisvirhe tiedostossa %s jäsentämisvirhe tiedostossa %s lähellä riviä %djäsentämisvirhe tiedostossa %s lähellä riviä %d käyttöoikeuspinoylivuotokäyttöoikeuspinovajausmuokkaa %s painamalla enter-painiketta: oletusrivien pulmaympäristöä ei ole lupa säilyttääseuraavia ympäristömuuttujia ei ole lupa asettaa: %ssudo-komennon suorittamiseksi on oltava ttymääritelty editori (%s) ei ole olemassastart_tls määritelty, mutta LDAP-kirjastot ei tue funktiota ldap_start_tls_s() tai funktiota ldap_start_tls_s_np()starttls ei ole tuettu ldaps-käytössäsudo_ldap_build_pass1-varaustäsmäämättömyyssudo_ldap_conf_add_ports: hostbuf-puskuritila loppuisudo_ldap_conf_add_ports: portti on liian suurisudo_ldap_parse_uri: hostbuf-puskuritila loppuisudo_putenv: rikkoutunut envp, pituus ei täsmääsudoers määrittelee, että root ei saa suorittaa sudo-komentoaaikaleimaomistaja (%s): Tuntematon käyttäjäaikaleimapolku on liian pitkä: %saikaleima liian kaukana tulevaisuudessa: %20.20sliian monta include-tasoaliian monta prosessiabsd-todentamisen aloittaminen epäonnistuiaikasuodattimen rakentaminen epäonnistuiryhmän gid %u laittaminen välimuistiin epäonnistui, ryhmä on jo sielläryhmän %s laittaminen välimuistiin epäonnistui, ryhmä on jo sielläryhmäluettelon laittaminen välimuistiin tiedostossa %s epäonnistui, ryhmäluettelo on jo sielläkäyttäjän uid %u laittaminen välimuistiin epäonnistui, käyttäjä on jo sielläkäyttäjän %s laittaminen välimuistiin epäonnistui, käyttäjä on jo siellävanhentuneen salasanan vaihtaminen epäonnistui: %stilan %s vaihtaminen arvoon 0%o epäonnistuivaihtaminen root gid -tunnisteeksi epäonnistuivaihtaminen runas gid -tunnisteeksi epäonnistuivaihtaminen runas uid -tunnisteeksi epäonnistuivaihtaminen sudoers gid-tunnisteeksi epäonnistuicommit-toiminnon suorittaminen audit-tietueelle epäonnistuitodentamispalvelimelle yhdistäminen epäonnistuiyhteyden ottaminen SecurID-palvelimeen epäonnistuihakemistopolun %s luominen epäonnistuifunktion dup kutsuminen vakiosyötteellä epäonnistui: %mkohteen %s suorittaminen epäonnistuikäskyn %s suorittaminen epäonnistui: %msymbolin â€%s†löytäminen polusta %s epäonnistuisymbolin â€group_plugin†löytäminen polusta %s epäonnistuifork-funktion kutsuminen epäonnistuifork-funktion kutsuminen epäonnistui: %maikaleiman muotoileminen epäonnistuiGMT-ajan saaminen epäonnistuikirjautumisluokan saaminen käyttäjälle %s epäonnistuiBSD-todentamisen alustaminen epäonnistuikohteen LDAP alustaminen epäonnistui: %sPAM:in alustaminen epäonnistuiSIA-istunnon alustaminen epäonnistuiSSL-varmenne- ja -avaintietokannan alustaminen epäonnistui: %slähteen SSS alustaminen epäonnistui. Onko SSSD asennettu tietokoneeseesi?kohteen %s lataaminen epäonnistui: %slokitiedoston lukitseminen epäonnistui: %s: %sldap:n ja ldap-verkkoresurssitunnuksien sekoittaminen epäonnistuikäskyn mkdir %s suorittaminen epäonnistuikohteen %s avaaminen epäonnistuiaudit-järjestelmän avaaminen epäonnistuilokitiedoston avaaminen epäonnistui: %s: %sputken avaaminen epäonnistui: %mryhmien jäsentäminen tiedostossa %s epäonnistuitilapäisen tiedoston (%s) avaaminen uudelleen epäonnistui, %s ennallaan.kohteen %s lukeminen epäonnistuifwtk config -asetuksen lukeminen epäonnistuikohteen %s poistaminen epäonnistui, nollaa Unix-ajankohteen %s nollaaminen Unix-ajaksi epäonnistuitietokoneen %s ratkaiseminen epäonnistuikohteen %s suorittaminen epäonnistuiaudit-viestin lähettäminen epäonnistuikohteen %s (uid, gid) asettaminen arvoihin (%u, %u) epäonnistuirunas-ryhmävektorin asettaminen epäonnistuitty:n asettaminen raakatilaan epäonnistuifunktion stat %s kutsuminen epäonnistuifunktion stat editor (%s) kutsuminen epäonnistuifunktion stat kutsuminen tilapäiselle tiedostolle (%s) epäonnistui, %s ennallaankohteeseen %s kirjoittaminen epäonnistuitilapäisen tiedoston (%s) jäsentäminen epäonnistui, tuntematon virhetuntematon SecurID-virhetuntematon oletusrivi â€%sâ€tuntematon ryhmä: %stuntematon kirjautumisluokka: %stuntematon hakutermi â€%sâ€tuntematon hakutyyppi %dtuntematon uid-käyttäjätunniste: %utuntematon käyttäjä: %stäsmäämätön ’(’ lausekkeessatäsmäämätön ’)’ lausekkeessatukematon LDAP-verkkoresurssin tunnustyyppi: %stukematon tiivistetyyppi %d kohteelle %skäyttö: %s [-h] [-d hakemisto] -l [hakulauseke] käyttö: %s [-h] [-d hakemisto] [-m numero] [-s numero] ID-tunniste käyttäjä ei ole varmennettu tietokoneellakäyttäjä EI ole sudoers-tiedostossakelpuutushäiriöarvo â€%s†on virheellinen valitsimelle â€%sâ€muuttujan â€%s†arvojen on alettava merkillä ’/’kirjoitusvirheei käyttöoikeuksia valitsimelle -Cei ole olemassa %s-tietokannassakohteessa %s TLS_CERT on asetettava käyttämään SSL:äänollapituinen tilapäinen tiedosto (%s), %s ennallaansudo-1.8.9p5/plugins/sudoers/po/fi.po010064400175440000012000001717651226304126200171040ustar00millertstaff# Finnish messages for sudoers. # This file is put in the public domain. # This file is distributed under the same license as the sudo package. # Jorma Karvonen , 2011-2013. # msgid "" msgstr "" "Project-Id-Version: sudoers 1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-17 10:47-0700\n" "PO-Revision-Date: 2013-12-31 07:30+0200\n" "Last-Translator: Jorma Karvonen \n" "Language-Team: Finnish \n" "Language: fi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" #: confstr.sh:2 msgid "Password:" msgstr "Salasana:" #: confstr.sh:3 msgid "*** SECURITY information for %h ***" msgstr "*** TURVALLISUUS-tietoja kohteelle %h ***" #: confstr.sh:4 msgid "Sorry, try again." msgstr "Valitan, yritä uudelleen." #: plugins/sudoers/alias.c:136 #, c-format msgid "Alias `%s' already defined" msgstr "Alias â€%s†on jo määritelty" #: plugins/sudoers/auth/bsdauth.c:75 #, c-format msgid "unable to get login class for user %s" msgstr "kirjautumisluokan saaminen käyttäjälle %s epäonnistui" #: plugins/sudoers/auth/bsdauth.c:81 msgid "unable to begin bsd authentication" msgstr "bsd-todentamisen aloittaminen epäonnistui" #: plugins/sudoers/auth/bsdauth.c:89 msgid "invalid authentication type" msgstr "virheellinen todennustyyppi" #: plugins/sudoers/auth/bsdauth.c:98 msgid "unable to initialize BSD authentication" msgstr "BSD-todentamisen alustaminen epäonnistui" #: plugins/sudoers/auth/fwtk.c:59 msgid "unable to read fwtk config" msgstr "fwtk config -asetuksen lukeminen epäonnistui" #: plugins/sudoers/auth/fwtk.c:64 msgid "unable to connect to authentication server" msgstr "todentamispalvelimelle yhdistäminen epäonnistui" #: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 #: plugins/sudoers/auth/fwtk.c:127 msgid "lost connection to authentication server" msgstr "kadotettiin yhteys todentamispalvelimelle" #: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" "todentamispalvelinvirhe:\n" "%s" #: plugins/sudoers/auth/kerb5.c:116 #, c-format msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s: valtuutetun (’%s’) muuntaminen merkkijonoksi epäonnistui: %s" # Ensimmäinen parametri on auth name #: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: todentamisnimen ’%s’ jäsentäminen epäonnistui: %s" #: plugins/sudoers/auth/kerb5.c:169 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: valtuustietovälimuistin ratkaiseminen epäonnistui: %s" #: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: muistin varaaminen valitsimille epäonnistui: %s" #: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: valtuustietojen hakeminen epäonnistui: %s" #: plugins/sudoers/auth/kerb5.c:246 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: valtuustietovälimuistin alustaminen epäonnistui: %s" #: plugins/sudoers/auth/kerb5.c:250 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: valtuustietojen tallentaminen valtuustietovälimuistiin epäonnistui: %s" #: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: tietokoneen valtuutetun hakeminen epäonnistui: %s" #: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: TGT-lipun todentaminen epäonnistui! Mahdollinen hyökkäys!: %s" #: plugins/sudoers/auth/pam.c:98 msgid "unable to initialize PAM" msgstr "PAM:in alustaminen epäonnistui" #: plugins/sudoers/auth/pam.c:149 msgid "account validation failure, is your account locked?" msgstr "tilikelpuutushäiriö, onko tilisi lukittu?" #: plugins/sudoers/auth/pam.c:153 msgid "Account or password is expired, reset your password and try again" msgstr "Tili tai salasana on vanhentunut, nollaa salasanasi tai yritä uudelleen" #: plugins/sudoers/auth/pam.c:161 #, c-format msgid "unable to change expired password: %s" msgstr "vanhentuneen salasanan vaihtaminen epäonnistui: %s" #: plugins/sudoers/auth/pam.c:166 msgid "Password expired, contact your system administrator" msgstr "Salasana vanhentunut, ota yhteyttä järjestelmän ylläpitäjään" #: plugins/sudoers/auth/pam.c:170 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Tili vanhentunut tai PAM-asetuksista puuttuu â€accountâ€-lohko sudo-komennolle, ota yhteyttä järjestelmän ylläpitäjään" #: plugins/sudoers/auth/pam.c:187 #, c-format msgid "PAM authentication error: %s" msgstr "PAM-todentamisvirhe: %s" #: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:222 #, c-format msgid "you do not exist in the %s database" msgstr "ei ole olemassa %s-tietokannassa" #: plugins/sudoers/auth/securid5.c:80 msgid "failed to initialise the ACE API library" msgstr "ACE API -kirjaston alustaminen epäonnistui" #: plugins/sudoers/auth/securid5.c:106 msgid "unable to contact the SecurID server" msgstr "yhteyden ottaminen SecurID-palvelimeen epäonnistui" #: plugins/sudoers/auth/securid5.c:115 msgid "User ID locked for SecurID Authentication" msgstr "Käyttäjätunniste lukittu SecurID-todennukselle" #: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 msgid "invalid username length for SecurID" msgstr "virheellinen käyttäjänimipituus kohteelle SecurID" #: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 msgid "invalid Authentication Handle for SecurID" msgstr "virheellinen todentamiskäsittelijä kohteelle SecurID" #: plugins/sudoers/auth/securid5.c:127 msgid "SecurID communication failed" msgstr "SecurID-viestintä epäonnistui" #: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 msgid "unknown SecurID error" msgstr "tuntematon SecurID-virhe" #: plugins/sudoers/auth/securid5.c:165 msgid "invalid passcode length for SecurID" msgstr "virheellinen salasanakoodipituus kohteelle SecurID" #: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "SIA-istunnon alustaminen epäonnistui" #: plugins/sudoers/auth/sudo_auth.c:119 msgid "invalid authentication methods" msgstr "virheelliset todennusmetodit" #: plugins/sudoers/auth/sudo_auth.c:120 msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." msgstr "Virheellisiä todennusmenetelmiä käännetty sudo-ohjelmaan! Yksittäisiä ja ei-yksittäisiä todennuksia ei voi sekoittaa keskenään." #: plugins/sudoers/auth/sudo_auth.c:203 msgid "no authentication methods" msgstr "ei todennusmenetelmiä:" #: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "Sudo-ohjelmaan ei ole käännetty todentamismenelmiä! Jos haluat kääntää pois todentamisen, käytä asetusvalitsinta --disable-authentication." #: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "Todennusmenetelmät:" #: plugins/sudoers/bsm_audit.c:91 plugins/sudoers/bsm_audit.c:158 msgid "Could not determine audit condition" msgstr "Audit-ehdon määrittely epäonnistui" #: plugins/sudoers/bsm_audit.c:134 plugins/sudoers/bsm_audit.c:199 msgid "unable to commit audit record" msgstr "commit-toiminnon suorittaminen audit-tietueelle epäonnistui" #: plugins/sudoers/check.c:189 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" "Administrator. It usually boils down to these three things:\n" "\n" " #1) Respect the privacy of others.\n" " #2) Think before you type.\n" " #3) With great power comes great responsibility.\n" "\n" msgstr "" "\n" "Luotamme siihen, että olet vastaanottanut tavallisen luennon paikalliselta Järjestelmä-\n" "hallinnoijalta. Se tavallisesti tiivistyy näihin kolmeen asiaan:\n" "\n" " #1) Kunnioita muiden yksityisyyttä.\n" " #2) Ajattele ennen kuin kirjoitat.\n" " #3) Suuren voiman mukana tulee suuri vastuu.\n" "\n" #: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 #: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:588 #, c-format msgid "unknown uid: %u" msgstr "tuntematon uid-käyttäjätunniste: %u" #: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:657 #: plugins/sudoers/sudoers.c:850 plugins/sudoers/testsudoers.c:211 #: plugins/sudoers/testsudoers.c:363 #, c-format msgid "unknown user: %s" msgstr "tuntematon käyttäjä: %s" #: plugins/sudoers/def_data.c:27 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "Syslog-apuneuvo, jos syslog-lokia käytetään kirjautumista varten: %s" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "Käytettävä syslog-prioriteetti, kun käyttäjä todennetaan onnistuneesti: %s" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "Käytettävä syslog-prioriteetti, kun käyttäjän todennus epäonnistui: %s" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" msgstr "Laita OPT-kehote omalle rivilleen" #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" msgstr "Ohita ’.’ $PATH-asetuksessa" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" msgstr "Lähetä aina sähkopostia, kun sudo suoritetaan" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" msgstr "Lähetä sähköpostia, jos käyttäjän todennus epäonnistuu" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" msgstr "Lähetä sähköpostia, jos käyttäjä ei ole sudoers-määrittelyssä" #: plugins/sudoers/def_data.c:59 msgid "Send mail if the user is not in sudoers for this host" msgstr "Lähetä sähköpostia, jos käyttäjä ei ole tällä tietokoneella sudoers-määrittelyssä" #: plugins/sudoers/def_data.c:63 msgid "Send mail if the user is not allowed to run a command" msgstr "Lähetä sähköpostia, jos käyttäjän ei sallita suorittaa komentoa" #: plugins/sudoers/def_data.c:67 msgid "Use a separate timestamp for each user/tty combo" msgstr "Käytä erillistä aikaleimaa jokaiselle käyttäjä/tty -yhdistelmälle" #: plugins/sudoers/def_data.c:71 msgid "Lecture user the first time they run sudo" msgstr "Saarnaa ensimmäistä kertaa sudo-ohjelmaa käyttävälle" #: plugins/sudoers/def_data.c:75 #, c-format msgid "File containing the sudo lecture: %s" msgstr "Tiedosto, joka sisältää sudo-saarnan: %s" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" msgstr "Vaadi käyttäjien todennus oletuksena" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" msgstr "Root voi suorittaa sudo-ohjelman" #: plugins/sudoers/def_data.c:87 msgid "Log the hostname in the (non-syslog) log file" msgstr "Kirjaa tietokonenimi (ei-syslog)lokitiedostoon" #: plugins/sudoers/def_data.c:91 msgid "Log the year in the (non-syslog) log file" msgstr "Kirjaa vuosi (ei-syslog)lokitiedostoon" #: plugins/sudoers/def_data.c:95 msgid "If sudo is invoked with no arguments, start a shell" msgstr "Jos sudo-ohjelmaa kutsutaan ilman argumentteja, käynnistä käyttöjärjestelmäkuori" #: plugins/sudoers/def_data.c:99 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "Aseta $HOME-muuttujaksi kohdekäyttäjä kun käyttöjärjestelmäkuori käynnistetään valitsimella -s" #: plugins/sudoers/def_data.c:103 msgid "Always set $HOME to the target user's home directory" msgstr "Aseta $HOME-muuttujaksi aina kohdekäyttäjän kotihakemisto" #: plugins/sudoers/def_data.c:107 msgid "Allow some information gathering to give useful error messages" msgstr "Salli jotain tietojenkeräystä hyödyllisten virheilmoitusten tarjoamiseksi" #: plugins/sudoers/def_data.c:111 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "Vaadi täysin rakennettu tietokonenimi suoders-tiedostossa" #: plugins/sudoers/def_data.c:115 msgid "Insult the user when they enter an incorrect password" msgstr "Solvaa käyttäjiä, kun he kirjoittavat väärän salasanan" #: plugins/sudoers/def_data.c:119 msgid "Only allow the user to run sudo if they have a tty" msgstr "Salli käyttäjien suorittaa sudo-ohjelma vain jos heillä on tty" #: plugins/sudoers/def_data.c:123 msgid "Visudo will honor the EDITOR environment variable" msgstr "Visudo noudattaa EDITOR-ympäristömuuttujaa" #: plugins/sudoers/def_data.c:127 msgid "Prompt for root's password, not the users's" msgstr "Kysy root-käyttäjän salasana, ei käyttäjän" #: plugins/sudoers/def_data.c:131 msgid "Prompt for the runas_default user's password, not the users's" msgstr "Kysy runas_default-käyttäjän salasana, ei käyttäjän" #: plugins/sudoers/def_data.c:135 msgid "Prompt for the target user's password, not the users's" msgstr "Kysy kohdekäyttäjän salasana, ei käyttäjän" #: plugins/sudoers/def_data.c:139 msgid "Apply defaults in the target user's login class if there is one" msgstr "Käytä oletuksia kohdekäyttäjän kirjautumisluokassa, jos siinä on yhtään" #: plugins/sudoers/def_data.c:143 msgid "Set the LOGNAME and USER environment variables" msgstr "Aseta LOGNAME- ja USER-ympäristömuuttujat" #: plugins/sudoers/def_data.c:147 msgid "Only set the effective uid to the target user, not the real uid" msgstr "Aseta vain voimassa oleva uid-käyttäjätunniste kohdekäyttäjälle, ei oikeaa uid-tunnistetta" #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" msgstr "Älä alusta ryhmävektoria kohdekäyttäjän vastaavaan arvoon" #: plugins/sudoers/def_data.c:155 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %u" msgstr "Pituus, jossa pitkät lokitiedostorivit jaetaan seuraavalle riville (0 ei jaeta): %u" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "Todennusaikaleiman aikavalvonta: %.1f minuuttia" #: plugins/sudoers/def_data.c:163 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "Salasanakehotteen aikavalvonta: %.1f minuuttia" #: plugins/sudoers/def_data.c:167 #, c-format msgid "Number of tries to enter a password: %u" msgstr "Salasanayritysten lukumäärä: %u" #: plugins/sudoers/def_data.c:171 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "Käytettävä umask-määrittely tai 0777 käytettäväksi käyttäjän umask-määrittelyksi: 0%o" #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" msgstr "Polku lokitiedostoon: %s" #: plugins/sudoers/def_data.c:179 #, c-format msgid "Path to mail program: %s" msgstr "Polku sähköpostiohjelmaan: %s" #: plugins/sudoers/def_data.c:183 #, c-format msgid "Flags for mail program: %s" msgstr "Sähköpostiohjelman liput: %s" #: plugins/sudoers/def_data.c:187 #, c-format msgid "Address to send mail to: %s" msgstr "Osoite, johon sähköposti lähetetään: %s" #: plugins/sudoers/def_data.c:191 #, c-format msgid "Address to send mail from: %s" msgstr "Osoite, josta sähköposti lähetetään: %s" #: plugins/sudoers/def_data.c:195 #, c-format msgid "Subject line for mail messages: %s" msgstr "Sähköpostiviestin Aihe-rivi: %s" #: plugins/sudoers/def_data.c:199 #, c-format msgid "Incorrect password message: %s" msgstr "Virheellinen salasanaviesti: %s" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "Polku todennusaikaleimahakemistoon: %s" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "Todennusaikaleimahakemiston omistaja: %s" #: plugins/sudoers/def_data.c:211 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "Käyttäjät tässä ryhmässä on vapautettu salasana- ja PATH-vaatimuksista: %s" #: plugins/sudoers/def_data.c:215 #, c-format msgid "Default password prompt: %s" msgstr "Oletussalasanakehote: %s" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." msgstr "Jos asetettu, salasanakehote korvaa järjestelmäkehotteen kaikissa tapauksissa." # Tämä on tekemisessä runas_default -määrittelyn kanssa #: plugins/sudoers/def_data.c:223 #, c-format msgid "Default user to run commands as: %s" msgstr "Oletuskäyttäjä suorittaa komennot käyttäjänä: %s" #: plugins/sudoers/def_data.c:227 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "Arvo, jolla korvataan käyttäjän $PATH-asetus: %s" #: plugins/sudoers/def_data.c:231 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "Visudo-editorin käyttämä polku: %s" #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "Kun vaaditaan salasana ’list’-näennäiskomennolle: %s" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "Kun vaaditaan salasana ’verify’-näennäiskomennolle: %s" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in the sudo_noexec library" msgstr "Esilataa vale-exec-funktiot, jotka sisältyvät sudo_noexec-kirjastoon" #: plugins/sudoers/def_data.c:247 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "Jos LDAP-hakemisto on ylhäällä, ohitammeko paikallisen sudoers-tiedoston" #: plugins/sudoers/def_data.c:251 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "Tiedostokuvaajat >= %d suljetaan ennen komennon suoritusta" #: plugins/sudoers/def_data.c:255 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "Jos asetettu, käyttäjä voi korvata ’closefrom’-arvon valitsimella -C" #: plugins/sudoers/def_data.c:259 msgid "Allow users to set arbitrary environment variables" msgstr "Salli käyttäjien asettaa mielivaltaisia ympäristömuuttujia" #: plugins/sudoers/def_data.c:263 msgid "Reset the environment to a default set of variables" msgstr "Nollaa ympäristö muuttujien oletusjoukoksi" #: plugins/sudoers/def_data.c:267 msgid "Environment variables to check for sanity:" msgstr "Ympäristömuuttujat, joille tehdään järkevyystarkistus:" #: plugins/sudoers/def_data.c:271 msgid "Environment variables to remove:" msgstr "Poistettavat ympäristömuuttujat:" #: plugins/sudoers/def_data.c:275 msgid "Environment variables to preserve:" msgstr "Säilytettävät ympäristömuuttujat:" #: plugins/sudoers/def_data.c:279 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "Uudessa turva-asiayhteydessä käytettävä SELinux-rooli: %s" #: plugins/sudoers/def_data.c:283 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "Uudessa turva-asiayhteydessä käytettävä SELinux-tyyppi: %s" #: plugins/sudoers/def_data.c:287 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "Polku sudo-kohtaiseen ympäristötiedostoon: %s" #: plugins/sudoers/def_data.c:291 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "Locale-asetus, jota käytetään sudoers-jäsentämisessä: %s" #: plugins/sudoers/def_data.c:295 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "Salli sudo-ohjelman kysyä salasana vieläpä jos se olisi näkyvä" #: plugins/sudoers/def_data.c:299 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "Tarjoa visuaalista palautetta salasanakehotteelta silloin kun on käyttäjäsyöte" #: plugins/sudoers/def_data.c:303 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "Käyttää nopeampaa jokerimerkkien korvausta, joka on epätarkempi, mutta ei lue tiedostojärjestelmää" #: plugins/sudoers/def_data.c:307 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "Sudoers umask korvaa käyttäjän umask-määrittelyn, vieläpä jos se on sallivampi" #: plugins/sudoers/def_data.c:311 msgid "Log user's input for the command being run" msgstr "Kirjaa lokiin käyttäjän syöte suoritettavalle komennolle" #: plugins/sudoers/def_data.c:315 msgid "Log the output of the command being run" msgstr "Kirjaa lokiin suoritettavan komennon tuloste" #: plugins/sudoers/def_data.c:319 msgid "Compress I/O logs using zlib" msgstr "Tiivistä siirräntälokit käyttäen zlib-ohjelmaa" #: plugins/sudoers/def_data.c:323 msgid "Always run commands in a pseudo-tty" msgstr "Suorita aina komennot näennäis-tty:ssä" #: plugins/sudoers/def_data.c:327 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "Lisäosa ei-Unix-ryhmätuelle: %s" #: plugins/sudoers/def_data.c:331 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "Hakemisto, johon tallennetaan syöte-/tulostelokit: %s" #: plugins/sudoers/def_data.c:335 #, c-format msgid "File in which to store the input/output log: %s" msgstr "Tiedosto, johon tallennetaan syöte-/tulosteloki: %s" #: plugins/sudoers/def_data.c:339 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "Lisää rivi utmp-/utmpx-tiedostoon, kun varataan pty" #: plugins/sudoers/def_data.c:343 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "Aseta käyttäjäksi utmp-tiedostoon suorittava käyttäjä, ei kutsuva käyttäjä" #: plugins/sudoers/def_data.c:347 msgid "Set of permitted privileges" msgstr "Sallittuja käyttöoikeuksia" #: plugins/sudoers/def_data.c:351 msgid "Set of limit privileges" msgstr "Rajoitettuja käyttöoikeuksia" #: plugins/sudoers/def_data.c:355 msgid "Run commands on a pty in the background" msgstr "Suorita komentoja pty:llä taustalla" #: plugins/sudoers/def_data.c:359 msgid "PAM service name to use" msgstr "Käytettävä PAM-palvelunimi" #: plugins/sudoers/def_data.c:363 msgid "PAM service name to use for login shells" msgstr "Kirjautumiskomentotulkeille käytettävä PAM-palvelunimi" #: plugins/sudoers/def_data.c:367 msgid "Attempt to establish PAM credentials for the target user" msgstr "Yritys perustaa PAM-valtuustiedot kohdekäyttäjälle" #: plugins/sudoers/def_data.c:371 msgid "Create a new PAM session for the command to run in" msgstr "Luo uusi PAM-istunto suoritettavalle komennolle" #: plugins/sudoers/def_data.c:375 #, c-format msgid "Maximum I/O log sequence number: %u" msgstr "Suurin siirräntälokin sarjanumero: %u" #: plugins/sudoers/defaults.c:210 plugins/sudoers/defaults.c:596 #: plugins/sudoers/visudo_json.c:611 plugins/sudoers/visudo_json.c:647 #, c-format msgid "unknown defaults entry `%s'" msgstr "tuntematon oletusrivi â€%sâ€" #: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 #: plugins/sudoers/defaults.c:248 plugins/sudoers/defaults.c:261 #: plugins/sudoers/defaults.c:274 plugins/sudoers/defaults.c:287 #: plugins/sudoers/defaults.c:300 plugins/sudoers/defaults.c:320 #: plugins/sudoers/defaults.c:330 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "arvo â€%s†on virheellinen valitsimelle â€%sâ€" # parametrinä on variable #: plugins/sudoers/defaults.c:221 plugins/sudoers/defaults.c:231 #: plugins/sudoers/defaults.c:239 plugins/sudoers/defaults.c:256 #: plugins/sudoers/defaults.c:269 plugins/sudoers/defaults.c:282 #: plugins/sudoers/defaults.c:295 plugins/sudoers/defaults.c:315 #: plugins/sudoers/defaults.c:326 #, c-format msgid "no value specified for `%s'" msgstr "arvoa ei ole määritelty muuttujalle â€%sâ€" # Parametri on muuttuja #: plugins/sudoers/defaults.c:244 #, c-format msgid "values for `%s' must start with a '/'" msgstr "muuttujan â€%s†arvojen on alettava merkillä ’/’" #: plugins/sudoers/defaults.c:306 #, c-format msgid "option `%s' does not take a value" msgstr "valitsin â€%s†ei ota arvoa" #: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 #: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 #: plugins/sudoers/policy.c:442 plugins/sudoers/policy.c:449 #: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:656 #: plugins/sudoers/testsudoers.c:241 #, c-format msgid "internal error, %s overflow" msgstr "sisäinen virhe, %s-ylivuoto" #: plugins/sudoers/env.c:367 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: rikkoutunut envp, pituus ei täsmää" #: plugins/sudoers/env.c:1014 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "seuraavia ympäristömuuttujia ei ole lupa asettaa: %s" #: plugins/sudoers/group_plugin.c:94 #, c-format msgid "%s must be owned by uid %d" msgstr "%s-omistajan on oltava uid %d" #: plugins/sudoers/group_plugin.c:98 #, c-format msgid "%s must only be writable by owner" msgstr "%s on vain omistajan kirjoitettava" #: plugins/sudoers/group_plugin.c:105 plugins/sudoers/sssd.c:251 #, c-format msgid "unable to load %s: %s" msgstr "kohteen %s lataaminen epäonnistui: %s" # parametrina on path #: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "symbolin â€group_plugin†löytäminen polusta %s epäonnistui" #: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: yhteensopimaton ryhmälisäosan major-versio %d, odotettiin %d" #: plugins/sudoers/interfaces.c:118 msgid "Local IP address and netmask pairs:\n" msgstr "Paikallinen ip-osoite ja verkkopeiteparit:\n" #: plugins/sudoers/iolog.c:99 plugins/sudoers/iolog.c:112 #: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s on olemassa, mutta ei ole hakemisto (0%o)" #: plugins/sudoers/iolog.c:109 plugins/sudoers/iolog.c:123 #: plugins/sudoers/iolog.c:127 plugins/sudoers/timestamp.c:165 #: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 #, c-format msgid "unable to mkdir %s" msgstr "käskyn mkdir %s suorittaminen epäonnistui" # Avaamisen kohde voi olla timestamp file, sudoers file tai pathbuf #: plugins/sudoers/iolog.c:190 plugins/sudoers/sudoers.c:710 #: plugins/sudoers/sudoreplay.c:340 plugins/sudoers/sudoreplay.c:811 #: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/timestamp.c:155 #: plugins/sudoers/visudo.c:824 plugins/sudoers/visudo_json.c:995 #: plugins/sudoers/visudo_json.c:1003 #, c-format msgid "unable to open %s" msgstr "kohteen %s avaaminen epäonnistui" # Parametrinä on sudoers-tiedosto tai pathbuf #: plugins/sudoers/iolog.c:223 plugins/sudoers/sudoers.c:713 #: plugins/sudoers/sudoreplay.c:1112 #, c-format msgid "unable to read %s" msgstr "kohteen %s lukeminen epäonnistui" # Kirjoittamisen kohde voi olla timestamp file tai pathbuf #: plugins/sudoers/iolog.c:247 plugins/sudoers/sudoreplay.c:580 #: plugins/sudoers/timestamp.c:159 #, c-format msgid "unable to write to %s" msgstr "kohteeseen %s kirjoittaminen epäonnistui" # Parametrina on pathbuf #: plugins/sudoers/iolog.c:307 plugins/sudoers/iolog.c:500 #, c-format msgid "unable to create %s" msgstr "hakemistopolun %s luominen epäonnistui" #: plugins/sudoers/ldap.c:403 msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: portti on liian suuri" #: plugins/sudoers/ldap.c:426 msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: hostbuf-puskuritila loppui" # URL on verkko-osoite, loogisesti URI on verkkoresurssi(osoite) #: plugins/sudoers/ldap.c:458 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "tukematon LDAP-verkkoresurssin tunnustyyppi: %s" #: plugins/sudoers/ldap.c:489 msgid "unable to mix ldap and ldaps URIs" msgstr "ldap:n ja ldap-verkkoresurssitunnuksien sekoittaminen epäonnistui" #: plugins/sudoers/ldap.c:493 plugins/sudoers/ldap.c:525 msgid "starttls not supported when using ldaps" msgstr "starttls ei ole tuettu ldaps-käytössä" #: plugins/sudoers/ldap.c:511 msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: hostbuf-puskuritila loppui" #: plugins/sudoers/ldap.c:592 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "SSL-varmenne- ja -avaintietokannan alustaminen epäonnistui: %s" #: plugins/sudoers/ldap.c:595 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "kohteessa %s TLS_CERT on asetettava käyttämään SSL:ää" #: plugins/sudoers/ldap.c:1086 msgid "unable to get GMT time" msgstr "GMT-ajan saaminen epäonnistui" #: plugins/sudoers/ldap.c:1092 msgid "unable to format timestamp" msgstr "aikaleiman muotoileminen epäonnistui" #: plugins/sudoers/ldap.c:1100 msgid "unable to build time filter" msgstr "aikasuodattimen rakentaminen epäonnistui" #: plugins/sudoers/ldap.c:1319 msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "sudo_ldap_build_pass1-varaustäsmäämättömyys" #: plugins/sudoers/ldap.c:1424 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" #: plugins/sudoers/ldap.c:1899 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" "\n" "LDAP-rooli: %s\n" #: plugins/sudoers/ldap.c:1901 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" "\n" "LDAP-rooli: TUNTEMATON\n" #: plugins/sudoers/ldap.c:1948 #, c-format msgid " Order: %s\n" msgstr " Järjestys: %s\n" #: plugins/sudoers/ldap.c:1956 plugins/sudoers/parse.c:504 #: plugins/sudoers/sssd.c:1295 #, c-format msgid " Commands:\n" msgstr " Komennot:\n" #: plugins/sudoers/ldap.c:2499 #, c-format msgid "unable to initialize LDAP: %s" msgstr "kohteen LDAP alustaminen epäonnistui: %s" #: plugins/sudoers/ldap.c:2541 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls määritelty, mutta LDAP-kirjastot ei tue funktiota ldap_start_tls_s() tai funktiota ldap_start_tls_s_np()" #: plugins/sudoers/ldap.c:2774 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "virheellinen sudoOrder-attribuutti: %s" #: plugins/sudoers/linux_audit.c:57 msgid "unable to open audit system" msgstr "audit-järjestelmän avaaminen epäonnistui" #: plugins/sudoers/linux_audit.c:93 msgid "unable to send audit message" msgstr "audit-viestin lähettäminen epäonnistui" #: plugins/sudoers/logging.c:136 #, c-format msgid "%8s : %s" msgstr "%8s : %s" #: plugins/sudoers/logging.c:164 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s: (komento jatkui) %s" #: plugins/sudoers/logging.c:190 #, c-format msgid "unable to open log file: %s: %s" msgstr "lokitiedoston avaaminen epäonnistui: %s: %s" #: plugins/sudoers/logging.c:193 #, c-format msgid "unable to lock log file: %s: %s" msgstr "lokitiedoston lukitseminen epäonnistui: %s: %s" #: plugins/sudoers/logging.c:245 msgid "No user or host" msgstr "Ei käyttäjä eikä tietokone" #: plugins/sudoers/logging.c:247 msgid "validation failure" msgstr "kelpuutushäiriö" #: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "käyttäjä EI ole sudoers-tiedostossa" #: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "käyttäjä ei ole varmennettu tietokoneella" #: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "komento ei ole sallittu" #: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "käyttäjä %s ei ole sudoers-tiedostossa. Tästä tapahtumasta ilmoitetaan.\n" #: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "käyttäjä %s ei saa suorittaa komentoa sudo tietokoneella %s. Tästä tapahtumasta ilmoitetaan.\n" #: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Käyttäjä %s ei voi suorittaa komentoa sudo tietokoneella %s.\n" #: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Käyttäjän %s ei sallita suorittaa ’%s%s%s’ käyttäjänä %s%s%s tietokoneella %s.\n" #: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:382 #: plugins/sudoers/sudoers.c:383 plugins/sudoers/sudoers.c:385 #: plugins/sudoers/sudoers.c:386 plugins/sudoers/sudoers.c:1017 #: plugins/sudoers/sudoers.c:1018 #, c-format msgid "%s: command not found" msgstr "%s: komentoa ei löytynyt" #: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:378 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" "ohitetaan komento â€%sâ€, joka löytyi kohteesta ’.’\n" "Käytä â€sudo ./%sâ€, jos tämä on â€%sâ€-komento, joka halutaan suorittaa." #: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "todentamishäiriö" #: plugins/sudoers/logging.c:379 msgid "a password is required" msgstr "vaaditaan salasana" #: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:497 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u väärä salasana yritetty" msgstr[1] "%u väärää salasanaa yritetty" #: plugins/sudoers/logging.c:582 msgid "unable to fork" msgstr "fork-funktion kutsuminen epäonnistui" #: plugins/sudoers/logging.c:589 plugins/sudoers/logging.c:645 #, c-format msgid "unable to fork: %m" msgstr "fork-funktion kutsuminen epäonnistui: %m" #: plugins/sudoers/logging.c:635 #, c-format msgid "unable to open pipe: %m" msgstr "putken avaaminen epäonnistui: %m" #: plugins/sudoers/logging.c:660 #, c-format msgid "unable to dup stdin: %m" msgstr "funktion dup kutsuminen vakiosyötteellä epäonnistui: %m" #: plugins/sudoers/logging.c:695 #, c-format msgid "unable to execute %s: %m" msgstr "käskyn %s suorittaminen epäonnistui: %m" #: plugins/sudoers/logging.c:914 msgid "internal error: insufficient space for log line" msgstr "sisäinen virhe: riittämättömästi tilaa lokiriville" #: plugins/sudoers/match.c:617 #, c-format msgid "unsupported digest type %d for %s" msgstr "tukematon tiivistetyyppi %d kohteelle %s" #: plugins/sudoers/match.c:647 #, c-format msgid "%s: read error" msgstr "%s: kirjoitusvirhe" #: plugins/sudoers/match.c:661 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "tiiviste kohteelle %s (%s) ei ole %s-muodossa" #: plugins/sudoers/parse.c:115 #, c-format msgid "parse error in %s near line %d" msgstr "jäsentämisvirhe tiedostossa %s lähellä riviä %d" #: plugins/sudoers/parse.c:118 #, c-format msgid "parse error in %s" msgstr "jäsentämisvirhe tiedostossa %s" #: plugins/sudoers/parse.c:451 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" "\n" "Sudoers-rivi:\n" #: plugins/sudoers/parse.c:452 #, c-format msgid " RunAsUsers: " msgstr " SuoritaKäyttäjänä: " #: plugins/sudoers/parse.c:466 #, c-format msgid " RunAsGroups: " msgstr " SuoritaRyhmänä: " #: plugins/sudoers/parse.c:475 #, c-format msgid " Options: " msgstr " Valitsimet: " #: plugins/sudoers/policy.c:109 plugins/sudoers/policy.c:116 #: plugins/sudoers/policy.c:123 plugins/sudoers/policy.c:145 #: plugins/sudoers/policy.c:259 plugins/sudoers/policy.c:277 #: plugins/sudoers/policy.c:284 plugins/sudoers/policy.c:312 #: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:327 #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 #, c-format msgid "%s: %s" msgstr "%s: %s" # Parametri on path, mutta saattaa sisältää suoritettavan ohjelman #: plugins/sudoers/policy.c:539 plugins/sudoers/visudo.c:765 #, c-format msgid "unable to execute %s" msgstr "kohteen %s suorittaminen epäonnistui" #: plugins/sudoers/policy.c:681 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Sudoers-menettelytapalisäosaversio %s\n" #: plugins/sudoers/policy.c:683 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Sudoers-tiedostokielioppiversio %d\n" #: plugins/sudoers/policy.c:687 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" "\n" "Sudoers-polku: %s\n" #: plugins/sudoers/policy.c:690 #, c-format msgid "nsswitch path: %s\n" msgstr "nsswitch-polku: %s\n" #: plugins/sudoers/policy.c:692 #, c-format msgid "ldap.conf path: %s\n" msgstr "ldap.conf-polku: %s\n" #: plugins/sudoers/policy.c:693 #, c-format msgid "ldap.secret path: %s\n" msgstr "ldap.secret-polku: %s\n" #: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "käyttäjän uid %u laittaminen välimuistiin epäonnistui, käyttäjä on jo siellä" #: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "käyttäjän %s laittaminen välimuistiin epäonnistui, käyttäjä on jo siellä" #: plugins/sudoers/pwutil.c:393 #, c-format msgid "unable to cache gid %u, already exists" msgstr "ryhmän gid %u laittaminen välimuistiin epäonnistui, ryhmä on jo siellä" #: plugins/sudoers/pwutil.c:429 #, c-format msgid "unable to cache group %s, already exists" msgstr "ryhmän %s laittaminen välimuistiin epäonnistui, ryhmä on jo siellä" #: plugins/sudoers/pwutil.c:592 plugins/sudoers/pwutil.c:614 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "ryhmäluettelon laittaminen välimuistiin tiedostossa %s epäonnistui, ryhmäluettelo on jo siellä" # Parametri on sudoers file #: plugins/sudoers/pwutil.c:612 #, c-format msgid "unable to parse groups for %s" msgstr "ryhmien jäsentäminen tiedostossa %s epäonnistui" #: plugins/sudoers/set_perms.c:124 plugins/sudoers/set_perms.c:449 #: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1149 #: plugins/sudoers/set_perms.c:1441 msgid "perm stack overflow" msgstr "käyttöoikeuspinoylivuoto" #: plugins/sudoers/set_perms.c:132 plugins/sudoers/set_perms.c:457 #: plugins/sudoers/set_perms.c:860 plugins/sudoers/set_perms.c:1157 #: plugins/sudoers/set_perms.c:1449 msgid "perm stack underflow" msgstr "käyttöoikeuspinovajaus" #: plugins/sudoers/set_perms.c:191 plugins/sudoers/set_perms.c:504 #: plugins/sudoers/set_perms.c:1208 plugins/sudoers/set_perms.c:1481 msgid "unable to change to root gid" msgstr "vaihtaminen root gid -tunnisteeksi epäonnistui" #: plugins/sudoers/set_perms.c:280 plugins/sudoers/set_perms.c:601 #: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1285 msgid "unable to change to runas gid" msgstr "vaihtaminen runas gid -tunnisteeksi epäonnistui" #: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:613 #: plugins/sudoers/set_perms.c:999 plugins/sudoers/set_perms.c:1295 msgid "unable to change to runas uid" msgstr "vaihtaminen runas uid -tunnisteeksi epäonnistui" #: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:631 #: plugins/sudoers/set_perms.c:1015 plugins/sudoers/set_perms.c:1311 msgid "unable to change to sudoers gid" msgstr "vaihtaminen sudoers gid-tunnisteeksi epäonnistui" #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 msgid "too many processes" msgstr "liian monta prosessia" #: plugins/sudoers/set_perms.c:1595 msgid "unable to set runas group vector" msgstr "runas-ryhmävektorin asettaminen epäonnistui" #: plugins/sudoers/sssd.c:252 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "lähteen SSS alustaminen epäonnistui. Onko SSSD asennettu tietokoneeseesi?" # parametrina on path #: plugins/sudoers/sssd.c:259 plugins/sudoers/sssd.c:267 #: plugins/sudoers/sssd.c:275 plugins/sudoers/sssd.c:283 #: plugins/sudoers/sssd.c:291 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "symbolin â€%s†löytäminen polusta %s epäonnistui" #: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Täsmäävät Defaults-rivit kohteelle %s kohteella %s:\n" #: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Runas- ja Command-kohtaiset oletukset kohteelle %s:\n" #: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "Käyttäjä %s voi suorittaa seuraavat komennot kohteella %s:\n" #: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Käyttäjä %s ei saa suorittaa komentoa sudo tietokoneella %s.\n" #: plugins/sudoers/sudoers.c:154 plugins/sudoers/sudoers.c:188 #: plugins/sudoers/sudoers.c:675 msgid "problem with defaults entries" msgstr "oletusrivien pulma" #: plugins/sudoers/sudoers.c:160 msgid "no valid sudoers sources found, quitting" msgstr "ei löytynyt kelvollisia sudoers-lähteitä, poistutaan" #: plugins/sudoers/sudoers.c:222 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers määrittelee, että root ei saa suorittaa sudo-komentoa" #: plugins/sudoers/sudoers.c:261 msgid "you are not permitted to use the -C option" msgstr "ei käyttöoikeuksia valitsimelle -C" #: plugins/sudoers/sudoers.c:314 #, c-format msgid "timestamp owner (%s): No such user" msgstr "aikaleimaomistaja (%s): Tuntematon käyttäjä" #: plugins/sudoers/sudoers.c:328 msgid "no tty" msgstr "ei tty:tä" #: plugins/sudoers/sudoers.c:329 msgid "sorry, you must have a tty to run sudo" msgstr "sudo-komennon suorittamiseksi on oltava tty" #: plugins/sudoers/sudoers.c:377 msgid "command in current directory" msgstr "komento nykyisessä hakemistossa" #: plugins/sudoers/sudoers.c:394 msgid "sorry, you are not allowed to preserve the environment" msgstr "ympäristöä ei ole lupa säilyttää" #: plugins/sudoers/sudoers.c:725 plugins/sudoers/timestamp.c:216 #: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:326 #: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:591 #, c-format msgid "unable to stat %s" msgstr "funktion stat %s kutsuminen epäonnistui" #: plugins/sudoers/sudoers.c:728 #, c-format msgid "%s is not a regular file" msgstr "%s ei ole tavallinen tiedosto" #: plugins/sudoers/sudoers.c:731 toke.l:920 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s on uid %u -käyttäjän omistama, pitäisi olla %u" #: plugins/sudoers/sudoers.c:735 toke.l:927 #, c-format msgid "%s is world writable" msgstr "%s on yleiskirjoitettava" #: plugins/sudoers/sudoers.c:738 toke.l:932 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s on gid %u -ryhmän omistama, pitäisi olla %u" #: plugins/sudoers/sudoers.c:764 #, c-format msgid "only root can use `-c %s'" msgstr "vain root-käyttäjä voi käyttää valitsinta â€-c %sâ€" #: plugins/sudoers/sudoers.c:781 plugins/sudoers/sudoers.c:783 #, c-format msgid "unknown login class: %s" msgstr "tuntematon kirjautumisluokka: %s" #: plugins/sudoers/sudoers.c:815 #, c-format msgid "unable to resolve host %s" msgstr "tietokoneen %s ratkaiseminen epäonnistui" #: plugins/sudoers/sudoers.c:878 plugins/sudoers/testsudoers.c:387 #, c-format msgid "unknown group: %s" msgstr "tuntematon ryhmä: %s" #: plugins/sudoers/sudoreplay.c:272 #, c-format msgid "invalid filter option: %s" msgstr "virheellinen suodatinvalitsin: %s" #: plugins/sudoers/sudoreplay.c:285 #, c-format msgid "invalid max wait: %s" msgstr "virheellinen enimmäisodotusaika: %s" #: plugins/sudoers/sudoreplay.c:291 #, c-format msgid "invalid speed factor: %s" msgstr "virheellinen nopeustekijä: %s" #: plugins/sudoers/sudoreplay.c:294 plugins/sudoers/visudo.c:184 #, c-format msgid "%s version %s\n" msgstr "%s versio %s\n" #: plugins/sudoers/sudoreplay.c:326 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/ajoitus: %s" #: plugins/sudoers/sudoreplay.c:332 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/ajoitus: %s" #: plugins/sudoers/sudoreplay.c:348 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Toistetaan sudo-istunto: %s\n" #: plugins/sudoers/sudoreplay.c:354 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Varoitus: pääteikkunasi on liian pieni tämän lokin toistamiseksi oikein.\n" #: plugins/sudoers/sudoreplay.c:355 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Lokigeometria on %d x %d, pääteikkunasi geometria on %d x %d." #: plugins/sudoers/sudoreplay.c:410 msgid "unable to set tty to raw mode" msgstr "tty:n asettaminen raakatilaan epäonnistui" #: plugins/sudoers/sudoreplay.c:441 #, c-format msgid "invalid timing file line: %s" msgstr "virheellinen ajoitustiedostorivi: %s" #: plugins/sudoers/sudoreplay.c:647 plugins/sudoers/sudoreplay.c:672 #, c-format msgid "ambiguous expression \"%s\"" msgstr "monimerkityksellinen lauseke â€%sâ€" #: plugins/sudoers/sudoreplay.c:694 msgid "unmatched ')' in expression" msgstr "täsmäämätön ’)’ lausekkeessa" #: plugins/sudoers/sudoreplay.c:698 #, c-format msgid "unknown search term \"%s\"" msgstr "tuntematon hakutermi â€%sâ€" #: plugins/sudoers/sudoreplay.c:712 #, c-format msgid "%s requires an argument" msgstr "%s vaatii argumentin" #: plugins/sudoers/sudoreplay.c:716 plugins/sudoers/sudoreplay.c:1085 #, c-format msgid "invalid regular expression: %s" msgstr "virheellinen säännöllinen lauseke: %s" #: plugins/sudoers/sudoreplay.c:722 #, c-format msgid "could not parse date \"%s\"" msgstr "päivämäärän â€%s†jäsentäminen epäonnistui" #: plugins/sudoers/sudoreplay.c:731 msgid "unmatched '(' in expression" msgstr "täsmäämätön ’(’ lausekkeessa" #: plugins/sudoers/sudoreplay.c:733 msgid "illegal trailing \"or\"" msgstr "virheellinen jäljessä oleva â€orâ€" #: plugins/sudoers/sudoreplay.c:735 msgid "illegal trailing \"!\"" msgstr "virheellinen jäljessä oleva â€!â€" #: plugins/sudoers/sudoreplay.c:788 #, c-format msgid "unknown search type %d" msgstr "tuntematon hakutyyppi %d" #: plugins/sudoers/sudoreplay.c:825 #, c-format msgid "%s: invalid log file" msgstr "%s: virheellinen lokitiedosto" #: plugins/sudoers/sudoreplay.c:843 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: aikaleimakenttä puuttuu" #: plugins/sudoers/sudoreplay.c:850 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: aikaleima %s: %s" #: plugins/sudoers/sudoreplay.c:857 #, c-format msgid "%s: user field is missing" msgstr "%s: käyttäjäkenttä puuttuu" #: plugins/sudoers/sudoreplay.c:865 #, c-format msgid "%s: runas user field is missing" msgstr "%s: suorita käyttäjänä-kenttä puuttuu" #: plugins/sudoers/sudoreplay.c:873 #, c-format msgid "%s: runas group field is missing" msgstr "%s: suorita ryhmänä-kenttä puuttuu" #: plugins/sudoers/sudoreplay.c:1225 #, c-format msgid "usage: %s [-h] [-d dir] [-m num] [-s num] ID\n" msgstr "käyttö: %s [-h] [-d hakemisto] [-m numero] [-s numero] ID-tunniste\n" #: plugins/sudoers/sudoreplay.c:1228 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "käyttö: %s [-h] [-d hakemisto] -l [hakulauseke]\n" #: plugins/sudoers/sudoreplay.c:1237 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" "%s - toista sudo-istuntolokit\n" "\n" #: plugins/sudoers/sudoreplay.c:1239 msgid "" "\n" "Options:\n" " -d, --directory=dir specify directory for session logs\n" " -f, --filter=filter specify which I/O type(s) to display\n" " -h, --help display help message and exit\n" " -l, --list list available session IDs, with optional expression\n" " -m, --max-wait=num max number of seconds to wait between events\n" " -s, --speed=num speed up or slow down output\n" " -V, --version display version information and exit" msgstr "" "\n" "Valitsimet:\n" " -d, --directory=hakemisto määrittele istuntolokien hakemisto\n" " -f, --filter=suodatin määrittele, mitä siirräntätyyppiä näytetään\n" " -h, --help näytä opasteviesti ja poistu\n" " -l, --list [lauseke] luettele käytettävissä oleva istuntotunnisteet, jotka täsmäävät lausekkeeseen\n" " -m, --max-wait=numero maksimisodotusaika tapahtumien välien enimmäisodotusaika sekunteina\n" " -s, --speed=numero nopeustekijä nopeuta tai hidasta tulostusta\n" " -V, --version näytä versiotiedot ja poistu" #: plugins/sudoers/testsudoers.c:326 msgid "\thost unmatched" msgstr "\ttietokone täsmäämätön" #: plugins/sudoers/testsudoers.c:329 msgid "" "\n" "Command allowed" msgstr "" "\n" "Komento sallittu" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command denied" msgstr "" "\n" "Komento kielletty" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command unmatched" msgstr "" "\n" "Täsmäämätön komento" #: plugins/sudoers/timestamp.c:133 #, c-format msgid "timestamp path too long: %s" msgstr "aikaleimapolku on liian pitkä: %s" #: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 #: plugins/sudoers/timestamp.c:290 #, c-format msgid "%s owned by uid %u, should be uid %u" msgstr "%s on uid %u:n omistama, pitäisi olla uid %u:n omistama" #: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0700" msgstr "%s on kirjoitettava ei-omistajalle (0%o), pitäisi olla tila 0700" #: plugins/sudoers/timestamp.c:284 #, c-format msgid "%s exists but is not a regular file (0%o)" msgstr "%s on olemassa, mutta ei ole tavallinen tiedosto (0%o)" #: plugins/sudoers/timestamp.c:296 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0600" msgstr "%s on kirjoitettava ei-omistajalle (0%o), pitäisi olla tila 0600" #: plugins/sudoers/timestamp.c:351 #, c-format msgid "timestamp too far in the future: %20.20s" msgstr "aikaleima liian kaukana tulevaisuudessa: %20.20s" #: plugins/sudoers/timestamp.c:405 #, c-format msgid "unable to remove %s, will reset to the Unix epoch" msgstr "kohteen %s poistaminen epäonnistui, nollaa Unix-ajan" #: plugins/sudoers/timestamp.c:413 #, c-format msgid "unable to reset %s to the Unix epoch" msgstr "kohteen %s nollaaminen Unix-ajaksi epäonnistui" #: plugins/sudoers/toke_util.c:176 msgid "fill_args: buffer overflow" msgstr "fill_args: puskuriylivuoto" #: plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" msgstr "%s kielioppiversio %d\n" #: plugins/sudoers/visudo.c:257 plugins/sudoers/visudo.c:544 #, c-format msgid "press return to edit %s: " msgstr "muokkaa %s painamalla enter-painiketta: " #: plugins/sudoers/visudo.c:342 plugins/sudoers/visudo.c:348 msgid "write error" msgstr "kirjoitusvirhe" #: plugins/sudoers/visudo.c:430 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "funktion stat kutsuminen tilapäiselle tiedostolle (%s) epäonnistui, %s ennallaan" #: plugins/sudoers/visudo.c:435 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "nollapituinen tilapäinen tiedosto (%s), %s ennallaan" #: plugins/sudoers/visudo.c:441 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "editori (%s) epäonnistui, %s ennallaan" #: plugins/sudoers/visudo.c:464 #, c-format msgid "%s unchanged" msgstr "%s ennallaan" #: plugins/sudoers/visudo.c:489 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "tilapäisen tiedoston (%s) avaaminen uudelleen epäonnistui, %s ennallaan." #: plugins/sudoers/visudo.c:499 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "tilapäisen tiedoston (%s) jäsentäminen epäonnistui, tuntematon virhe" #: plugins/sudoers/visudo.c:535 #, c-format msgid "internal error, unable to find %s in list!" msgstr "sisäinen virhe, kohteen %s löytäminen luettelosta epäonnistui!" #: plugins/sudoers/visudo.c:593 plugins/sudoers/visudo.c:602 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "kohteen %s (uid, gid) asettaminen arvoihin (%u, %u) epäonnistui" #: plugins/sudoers/visudo.c:597 plugins/sudoers/visudo.c:607 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "tilan %s vaihtaminen arvoon 0%o epäonnistui" #: plugins/sudoers/visudo.c:624 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s ja %s eivät ole samassa tiedostojärjestelmässä, käytetään komentoa mv uudelleennimeämiseen" #: plugins/sudoers/visudo.c:638 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "komento epäonnistui: ’%s %s %s’, %s ennallaan" #: plugins/sudoers/visudo.c:648 #, c-format msgid "error renaming %s, %s unchanged" msgstr "virhe nimettäessä %s uudelleen, %s ennallaan" #: plugins/sudoers/visudo.c:710 msgid "What now? " msgstr "Mitä nyt?" #: plugins/sudoers/visudo.c:724 msgid "" "Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" "Valitsimia ovat:\n" " (e) muokkaa sudoers-tiedostoa uudelleen\n" " (x) poistu tallentamatta sudoers-tiedoston muutoksia\n" " (Q) poistu ja tallenna muutokset sudoers-tiedostoon (VAARA!)\n" # Parametri on path, mutta saattaa sisältää suoritettavan ohjelman #: plugins/sudoers/visudo.c:772 #, c-format msgid "unable to run %s" msgstr "kohteen %s suorittaminen epäonnistui" #: plugins/sudoers/visudo.c:798 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: väärä omistaja (uid, gid), pitäisi olla (%u, %u)\n" #: plugins/sudoers/visudo.c:805 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: väärät käyttöoikeudet, pitäisi olla tila 0%o\n" #: plugins/sudoers/visudo.c:830 plugins/sudoers/visudo_json.c:1009 #, c-format msgid "failed to parse %s file, unknown error" msgstr "tiedoston %s jäsentäminen epäonnistui, tuntematon virhe" #: plugins/sudoers/visudo.c:846 plugins/sudoers/visudo_json.c:1018 #, c-format msgid "parse error in %s near line %d\n" msgstr "jäsentämisvirhe tiedostossa %s lähellä riviä %d\n" #: plugins/sudoers/visudo.c:849 plugins/sudoers/visudo_json.c:1021 #, c-format msgid "parse error in %s\n" msgstr "jäsentämisvirhe tiedostossa %s\n" #: plugins/sudoers/visudo.c:857 plugins/sudoers/visudo.c:864 #, c-format msgid "%s: parsed OK\n" msgstr "%s: jäsentäminen valmis\n" #: plugins/sudoers/visudo.c:910 #, c-format msgid "%s busy, try again later" msgstr "%s varattu, yritä myöhemmin uudelleen" #: plugins/sudoers/visudo.c:954 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "määritelty editori (%s) ei ole olemassa" #: plugins/sudoers/visudo.c:977 #, c-format msgid "unable to stat editor (%s)" msgstr "funktion stat editor (%s) kutsuminen epäonnistui" #: plugins/sudoers/visudo.c:1025 #, c-format msgid "no editor found (editor path = %s)" msgstr "editoria ei löytynyt (editoripolku = %s)" #: plugins/sudoers/visudo.c:1118 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "Virhe: jakso kohteessa %s_Alias â€%sâ€" #: plugins/sudoers/visudo.c:1119 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "Varoitus: jakso kohteessa %s_Alias â€%sâ€" #: plugins/sudoers/visudo.c:1125 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "Virhe: %s_Alias â€%s†uudelleenviitattu, mutta ei määritelty" #: plugins/sudoers/visudo.c:1126 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "Varoitus: %s_Alias â€%s†uudelleenviitattu, mutta ei määritelty" #: plugins/sudoers/visudo.c:1268 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s: käyttämätön %s_Alias %s" #: plugins/sudoers/visudo.c:1330 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" "%s - muokkaa sudoers-tiedostoa turvallisesti\n" "\n" #: plugins/sudoers/visudo.c:1332 msgid "" "\n" "Options:\n" " -c, --check check-only mode\n" " -f, --file=file specify sudoers file location\n" " -h, --help display help message and exit\n" " -q, --quiet less verbose (quiet) syntax error messages\n" " -s, --strict strict syntax checking\n" " -V, --version display version information and exit\n" " -x, --export=file export sudoers in JSON format" msgstr "" "\n" "Valitsimet:\n" " -c, --check vain tarkistus -tila\n" " -f, --file=tiedosto määrittele sudoers-tiedoston sijainti\n" " -h, --help näytä opasteteksti ja poistu\n" " -q, --quiet vähemmän laveat (hiljaiset) syntaksivirheviestit\n" " -s, --strict tiukka syntaksitarkistus\n" " -V, --version näytä versiotiedot ja poistu\n" " -x, --export=tiedosto vie sudoers-tiedosto JSON-muodossa" #: toke.l:892 msgid "too many levels of includes" msgstr "liian monta include-tasoa" #~ msgid "invalid value" #~ msgstr "virheellinen arvo" #~ msgid "value out of range" #~ msgstr "arvo lukualueen ulkopuolella" #~ msgid "" #~ "\n" #~ "Options:\n" #~ " -c, --check check-only mode\n" #~ " -f, --file=file specify sudoers file location\n" #~ " -h, --help display help message and exit\n" #~ " -q, --quiet less verbose (quiet) syntax error messages\n" #~ " -s, --strict strict syntax checking\n" #~ " -V, --version display version information and exit -x, --export export sudoers in JSON format" #~ msgstr "" #~ "\n" #~ "Valitsimet:\n" #~ " -c, --check vain tarkistus -tila\n" #~ " -f, --file=tiedosto määrittele sudoers-tiedoston sijainti\n" #~ " -h, --help näytä opasteteksti ja poistu\n" #~ " -q, --quiet vähemmän laveat (hiljaiset) syntaksivirheviestit\n" #~ " -s, --strict tiukka syntaksitarkistus\n" #~ " -V, --version näytä versiotiedot ja poistu -x, --export vie sudoers-tiedosto JSON-muodossa" #~ msgid "invalid uri: %s" #~ msgstr "virheellinen verkkoresurssin tunnus: %s" #~ msgid "unable to mix ldaps and starttls" #~ msgstr "ldap- ja starttl-kohteiden sekoittaminen epäonnistui" #~ msgid "writing to standard output" #~ msgstr "kirjoitetaan vakiotulosteeseen" #~ msgid "too many parenthesized expressions, max %d" #~ msgstr "liian monta sulkumerkillistä lauseketta, enintään %d" #~ msgid "unable to setup authentication" #~ msgstr "asetustodentaminen epäonnistui" #~ msgid "getaudit: failed" #~ msgstr "getaudit: epäonnistui" #~ msgid "getauid: failed" #~ msgstr "getauid: epäonnistui" #~ msgid "au_open: failed" #~ msgstr "au_open: epäonnistui" #~ msgid "au_to_subject: failed" #~ msgstr "au_to_subject: epäonnistui" #~ msgid "au_to_exec_args: failed" #~ msgstr "au_to_exec_args: epäonnistui" #~ msgid "au_to_return32: failed" #~ msgstr "au_to_return32: epäonnistui" #~ msgid "au_to_text: failed" #~ msgstr "au_to_text: epäonnistui" #~ msgid "nanosleep: tv_sec %ld, tv_nsec %ld" #~ msgstr "nanosleep: tv_sec %ld, tv_nsec %ld" #~ msgid "pam_chauthtok: %s" #~ msgstr "pam_chauthtok: %s" #~ msgid "pam_authenticate: %s" #~ msgstr "pam_authenticate: %s" #~ msgid "Password: " #~ msgstr "Salasana: " #~ msgid "getauid failed" #~ msgstr "getauid epäonnistui" #~ msgid "Unable to dlopen %s: %s" #~ msgstr "Funktion dlopen %s kutsuminen epäonnistui: %s" #~ msgid "invalid regex: %s" #~ msgstr "virheellinen säännöllinen lauseke: %s" #~ msgid ">>> %s: %s near line %d <<<" #~ msgstr ">>> %s: %s lähellä riviä %d <<<" #~ msgid "unable to allocate memory" #~ msgstr "muistin varaaminen epäonnistui" #~ msgid "unable to set locale to \"%s\", using \"C\"" #~ msgstr "locale-asetuksen â€%s†asettaminen epäonnistui, käytetään â€Câ€" #~ msgid "" #~ " Commands:\n" #~ "\t" #~ msgstr "" #~ " Komennot:\n" #~ "\t" #~ msgid ": " #~ msgstr ": " #~ msgid "unable to cache uid %u (%s), already exists" #~ msgstr "käyttäjän uid %u (%s) laittaminen välimuistiin epäonnistui, käyttäjä on jo siellä" #~ msgid "unable to cache gid %u (%s), already exists" #~ msgstr "ryhmän gid %u (%s) laittaminen välimuistiin epäonnistui, ryhmä on jo siellä" #~ msgid "unable to execute %s: %s" #~ msgstr "komennon %s suorittaminen epäonnistui: %s" #~ msgid "internal error, expand_prompt() overflow" #~ msgstr "sisäinen virhe, expand_prompt()-ylivuoto" #~ msgid "internal error, sudo_setenv2() overflow" #~ msgstr "sisäinen virhe, sudo_setenv2()-ylivuoto" #~ msgid "internal error, sudo_setenv() overflow" #~ msgstr "sisäinen virhe, sudo_setenv()-ylivuoto" #~ msgid "internal error, linux_audit_command() overflow" #~ msgstr "sisäinen virhe, linux_audit_command()-ylivuoto" #~ msgid "internal error, runas_groups overflow" #~ msgstr "sisäinen virhe, runas_groups-ylivuoto" #~ msgid "internal error, init_vars() overflow" #~ msgstr "sisäinen virhe, init_vars()-ylivuoto" # Parametri on sudoers file #~ msgid "fixed mode on %s" #~ msgstr "korjattu tila tiedostossa %s" # Parametri on suoders file #~ msgid "set group on %s" #~ msgstr "aseta ryhmä tiedostossa %s" #~ msgid "unable to fix mode on %s" #~ msgstr "tilan korjaaminen tiedostossa %s epäonnistui" #~ msgid "%s is mode 0%o, should be 0%o" #~ msgstr "%s on tila 0%o, pitäisi olla 0%o" #~ msgid "File containing dummy exec functions: %s" #~ msgstr "Tiedosto, joka sisältää vale-exec-funktioita: %s" #~ msgid "" #~ "Available options in a sudoers ``Defaults'' line:\n" #~ "\n" #~ msgstr "" #~ "Käytettävissä olevat valitsimet sudoers ’’Defaults’’ -rivillä:\n" #~ "\n" #~ msgid "%s: %.*s\n" #~ msgstr "%s: %.*s\n" #~ msgid "unable to get runas group vector" #~ msgstr "runas-ryhmävektorin hakeminen epäonnistui" #~ msgid "unable to reset group vector" #~ msgstr "ryhmävektorin nollaaminen epäonnistui" #~ msgid "unable to get group vector" #~ msgstr "ryhmävektorin hakeminen epäonnistui" #~ msgid "%s: %s_Alias `%s' references self" #~ msgstr "%s: %s_Alias â€%s†viittaa itseensä" #~ msgid "unable to parse temporary file (%s), unknown error" #~ msgstr "tilapäisen tiedoston (%s) jäsentäminen epäonnistui, tuntematon virhe" sudo-1.8.9p5/plugins/sudoers/po/hr.mo010064400175440000012000001073311226304146200171020ustar00millertstaffÞ•R¬ É<`arƒ“¦¶Ë‘Üný’ Ÿ ­ ¼ Î ß è <!B!#b!9†!À!&Ù!)"*"A"FZ"@¡"#â"##*#?#!Z#$|#¡# ¹#Æ#3Õ#3 $=$Z$+k$(—$À$;Ö$%"!%!D%$f%#‹%¯% Ì%&í%&&;&.R&#&d¥&A '9L'†'¤'À'>Û'?(2Z(#(!±(4Ó(?)H).`))#¬)2Ð)*#*1C*<u**²*"Ý* +/!+Q+$o+@”+/Õ+,8 ,<Y,F–,3Ý,-%-5D-mz-)è-:.$M.'r.=š.-Ø.'/)./*X//ƒ/³/Ó/'ã/2 0?>0~0- 13:1%n1 ”1 ž1(©1Ò1ç1(2.)2%X2E~2+Ä2=ð26.3Ge3­3Ì35è3(43G4{4'4,µ43â435J55g5'55Å5&û5:"6]6u6.‘6=À6þ6C7'T7"|7 Ÿ7!À77â7?8AZ8Vœ8“ó8'‡9¯9CÇ90 :L<:*‰:5´:)ê:F;'[;1ƒ;1µ;ç;@< H<7S<9‹<Å<3Ü<=*=:=R=i==’=©=(É=ò=>#> =>^>(~>&§>Î>é>ú> ?O?i?~?”?*°?/Û?) @5@T@p@Š@#Ÿ@Ã@Õ@ô@ A-AJA#ZA~A’A(¨A"ÑAôA"B1B(8BaB}BB!ªBÌBáBóBCC7CWCkC€CšC6¸CIïC&9D#`D\„D)áD8 E(DE2mE, E2ÍE"F#F(?FhF*„F¯F"ÂFåF&G((G1QG&ƒG'ªG"ÒGõGH0HNHnH*ŒH$·HÜHðHI I5I NI*oIšI©I¼I×I%îIJ2J KJ,lJ™J!¹J ÛJüJK!K=K]KuK4“KÈKÚK,õK"LBL\LmL*ŠL µLÖLôLM%M0@MqM3‡M»MÑMíMÿMN0N@NQNmN‰N5§NAÝNO;OOO%bO%ˆO ®OºO*ÕO#P&$P-KP yP†R¡RµRÉRâRóR3 S¼?TüUVû$V W .W:WNWdW~W‡Wk¦W&X+9XGeX'­X%ÕX+ûX'YAYVZY?±Y#ñY#Z(9ZbZ.~Z'­ZÕZëZüZC [CP[”[²[-Ä[+ò[\G:\‚\ –\#·\,Û\&]$/]T].t]7£]Û]5ø]$.^qS^JÅ^@_"Q_#t_ ˜_H¹_;`?>`(~`*§`AÒ`Maba,sa( aÉa:éa!$b)Fb4pb<¥b5âbc 8c>Yc#˜c&¼cCãc2'dZdIzdIÄdPe1_e‘eªe.Èee÷e2]fAf,Òf+ÿfD+g7pg¨g0Èg-ùg;'h ch„h ¡h2ÂhOõh¢Ei1èi8j$Sjxj j4‹j"Àjãj4k87k,pkOk1ík:l8ZlY“l!ílm?-m%mm.“mÂm-ÜmE n>Pn>n!În?ðn+0o=\o3šoVÎo%p?p(XpJpÌpRëp7>qvq'q'¸qAàqF"rHirM²r‡s1ˆsºsJÚsG%tYmt3ÇtAût-=uJku1¶u.èuAv&YvI€v Êv5Öv7 wDwAXwšw¶wÊwæwxx2x%Hx6nx¥xÅx"Ýx,y*-y.Xy6‡y!¾yàyõyznz‹z©zÈz/äz9{'N{v{‘{«{ È{%é{|.|M|!j|.Œ|»|0Î|ÿ|}+/}"[}~}4“}È}0×}$~-~%C~'i~‘~¦~¸~Í~!ã~"(>%T'z/¢KÒ4€#S€ew€/Ý€X *fQ‘0ã.‚4C‚(x‚1¡‚Ó‚(ñ‚ƒ+ƒ Jƒ/kƒ1›ƒ:̓/„58„#n„*’„+½„+é„!…7….V…1……·…Ì…ì… †!†%:†/`††£†#º†Þ†*ü† '‡H‡$d‡D‰‡/·%þ‡"$ˆGˆgˆ {ˆ+œˆȈæˆC‰G‰"Z‰1}‰$¯‰Ô‰ò‰Š.'Š1VŠ*ˆŠ³ŠΊ(èŠA‹S‹?g‹§‹-Á‹ï‹Œ Œ@ŒQŒgŒ‚Œ!Œ5¿ŒIõŒ$?d|4’-ÇõŽ'#Ž!KŽ3mŽ7¡Ž¸ï¼=Xþ7ÕJvC€²¬ˆ •pÁOŸ<4»rB6&ùz_5cL º¾*ÏLTN†6 %B¨{9ÖHP:)‡´®ÄFK8¿$n<¦×[”&¤-Ú£¢œ4­Ê"/êÞA32Fÿ öý¡A ¥ieðúÇZ,`‰ª1 èí„ÌÉ@*8Ex59hͧᖩ.jqlñ=ƒ!(Ûdâ1Ù\ë)ü#‹Ãò’·ø|ŒI>uÜÀžß70~ -…±™“¹tYÆ—}°æ.«E0KQ>@]šy¶ãSM%éŠ?ÑM;õ½Iaä;ÝVNmO+ (2‘PîôJ?µG "ÓG˜Ô›^³:Q$ ÎkófU ŽÂàb'ÐR#çDÅ‚/ ÷RåWH3DoCìû'sÒÈØ!,¯+Ëgw host unmatched Command allowed Command denied Command unmatched LDAP Role: %s LDAP Role: UNKNOWN Options: -c check-only mode -f sudoers specify sudoers file location -h display help message and exit -q less verbose (quiet) syntax error messages -s strict syntax checking -V display version information and exit Options: -d directory specify directory for session logs -f filter specify which I/O type to display -h display help message and exit -l [expression] list available session IDs that match expression -m max_wait max number of seconds to wait between events -s speed_factor speed up or slow down output -V display version information and exit Sudoers entry: Sudoers path: %s We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Commands: Options: Order: %s RunAsGroups: RunAsUsers: %8s : %s%8s : (command continued) %s%d incorrect password attempt%d incorrect password attempts%s - replay sudo session logs %s - safely edit the sudoers file %s and %s not on the same file system, using mv to rename%s busy, try again later%s exists but is not a directory (0%o)%s exists but is not a regular file (0%o)%s grammar version %d %s is not a regular file%s is not allowed to run sudo on %s. This incident will be reported. %s is not in the sudoers file. This incident will be reported. %s is owned by gid %u, should be %u%s is owned by uid %u, should be %u%s is world writable%s must be owned by uid %d%s must only be writable by owner%s owned by uid %u, should be uid %u%s requires an argument%s unchanged%s version %s %s writable by non-owner (0%o), should be mode 0600%s writable by non-owner (0%o), should be mode 0700%s/%.2s/%.2s/%.2s/timing: %s%s/%s/timing: %s%s: Cannot verify TGT! Possible attack!: %s%s: bad permissions, should be mode 0%o %s: command not found%s: incompatible group plugin major version %d, expected %d%s: parsed OK %s: unable to allocate options: %s%s: unable to get credentials: %s%s: unable to get host principal: %s%s: unable to initialize ccache: %s%s: unable to parse '%s': %s%s: unable to resolve ccache: %s%s: unable to store cred in ccache: %s%s: unable to unparse princ ('%s'): %s%s: unused %s_Alias %s%s: wrong owner (uid, gid) should be (%u, %u) *** SECURITY information for %h ***Account expired or PAM config lacks an "account" section for sudo, contact your system administratorAccount or password is expired, reset your password and try againAdd an entry to the utmp/utmpx file when allocating a ptyAddress to send mail from: %sAddress to send mail to: %sAlias `%s' already definedAllow some information gathering to give useful error messagesAllow sudo to prompt for a password even if it would be visibleAllow users to set arbitrary environment variablesAlways run commands in a pseudo-ttyAlways send mail when sudo is runAlways set $HOME to the target user's home directoryApply defaults in the target user's login class if there is oneAuthentication methods:Authentication timestamp timeout: %.1f minutesCompress I/O logs using zlibCould not determine audit conditionCreate a new PAM session for the command to run inDefault password prompt: %sDefault user to run commands as: %sDirectory in which to store input/output logs: %sDon't initialize the group vector to that of the target userEnvironment variables to check for sanity:Environment variables to preserve:Environment variables to remove:Error: %s_Alias `%s' referenced but not definedError: cycle in %s_Alias `%s'File containing the sudo lecture: %sFile descriptors >= %d will be closed before executing a commandFile in which to store the input/output log: %sFlags for mail program: %sIf LDAP directory is up, do we ignore local sudoers fileIf set, passprompt will override system prompt in all cases.If set, users may override the value of `closefrom' with the -C optionIf sudo is invoked with no arguments, start a shellIgnore '.' in $PATHIncorrect password message: %sInsult the user when they enter an incorrect passwordInvalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication.Lecture user the first time they run sudoLength at which to wrap log file lines (0 for no wrap): %dLocal IP address and netmask pairs: Locale to use while parsing sudoers: %sLog geometry is %d x %d, your terminal's geometry is %d x %d.Log the hostname in the (non-syslog) log fileLog the output of the command being runLog the year in the (non-syslog) log fileLog user's input for the command being runMatching Defaults entries for %s on this host: Maximum I/O log sequence numberNo user or hostNumber of tries to enter a password: %dOnly allow the user to run sudo if they have a ttyOnly set the effective uid to the target user, not the real uidOptions are: (e)dit sudoers file again e(x)it without saving changes to sudoers file (Q)uit and save changes to sudoers file (DANGER!) Owner of the authentication timestamp dir: %sPassword expired, contact your system administratorPassword prompt timeout: %.1f minutesPassword:Password: Path to authentication timestamp dir: %sPath to log file: %sPath to mail program: %sPath to the editor for use by visudo: %sPath to the sudo-specific environment file: %sPlugin for non-Unix group support: %sPreload the dummy exec functions contained in the sudo_noexec libraryPrompt for root's password, not the users'sPrompt for the runas_default user's password, not the users'sPrompt for the target user's password, not the users'sProvide visual feedback at the password prompt when there is user inputPut OTP prompt on its own lineReplaying sudo session: %s Require fully-qualified hostnames in the sudoers fileRequire users to authenticate by defaultReset the environment to a default set of variablesRoot may run sudoRun commands on a pty in the backgroundRunas and Command-specific defaults for %s: SELinux role to use in the new security context: %sSELinux type to use in the new security context: %sSecurID communication failedSend mail if the user is not allowed to run a commandSend mail if the user is not in sudoersSend mail if the user is not in sudoers for this hostSend mail if user authentication failsSet $HOME to the target user when starting a shell with -sSet of limit privilegesSet of permitted privilegesSet the LOGNAME and USER environment variablesSet the user in utmp to the runas user, not the invoking userSorry, try again.Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s. Sorry, user %s may not run sudo on %s. Subject line for mail messages: %sSudoers file grammar version %d Sudoers policy plugin version %s Syslog facility if syslog is being used for logging: %sSyslog priority to use when user authenticates successfully: %sSyslog priority to use when user authenticates unsuccessfully: %sThe umask specified in sudoers will override the user's, even if it is more permissiveThere are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option.Umask to use or 0777 to use user's: 0%oUnable to dlopen %s: %sUnable to initialize SSS source. Is SSSD installed on your machine?Use a separate timestamp for each user/tty comboUse faster globbing that is less accurate but does not access the filesystemUser %s is not allowed to run sudo on %s. User %s may run the following commands on this host: User ID locked for SecurID AuthenticationUsers in this group are exempt from password and PATH requirements: %sValue to override user's $PATH with: %sVisudo will honor the EDITOR environment variableWarning: %s_Alias `%s' referenced but not definedWarning: cycle in %s_Alias `%s'Warning: your terminal is too small to properly replay the log. What now? When to require a password for 'list' pseudocommand: %sWhen to require a password for 'verify' pseudocommand: %sa password is requiredaccount validation failure, is your account locked?ambiguous expression "%s"au_open: failedau_to_exec_args: failedau_to_return32: failedau_to_subject: failedau_to_text: failedauthentication failureauthentication server error: %scommand failed: '%s %s %s', %s unchangedcommand in current directorycommand not allowedcould not parse date "%s"editor (%s) failed, %s unchangederror renaming %s, %s unchangedfailed to initialise the ACE API libraryfailed to parse %s file, unknown errorfill_args: buffer overflowgetaudit: failedgetauid failedgetauid: failedignoring `%s' found in '.' Use `sudo ./%s' if this is the `%s' you wish to run.illegal trailing "!"illegal trailing "or"internal error, %s overflowinternal error, unable to find %s in list!internal error: insufficient space for log lineinvalid Authentication Handle for SecurIDinvalid authentication methodsinvalid authentication typeinvalid filter option: %sinvalid max wait: %sinvalid passcode length for SecurIDinvalid regex: %sinvalid regular expression: %sinvalid speed factor: %sinvalid sudoOrder attribute: %sinvalid timing file line: %sinvalid uri: %sinvalid username length for SecurIDldap.conf path: %s ldap.secret path: %s lost connection to authentication servernanosleep: tv_sec %ld, tv_nsec %ldno authentication methodsno editor found (editor path = %s)no ttyno valid sudoers sources found, quittingno value specified for `%s'nsswitch path: %s only root can use `-c %s'option `%s' does not take a valuepam_authenticate: %spam_chauthtok: %sparse error in %sparse error in %s parse error in %s near line %dparse error in %s near line %d perm stack overflowperm stack underflowpress return to edit %s: problem with defaults entriessorry, you are not allowed to preserve the environmentsorry, you are not allowed to set the following environment variables: %ssorry, you must have a tty to run sudospecified editor (%s) doesn't existstart_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()sudo_ldap_build_pass1 allocation mismatchsudo_ldap_conf_add_ports: out of space expanding hostbufsudo_ldap_conf_add_ports: port too largesudo_ldap_parse_uri: out of space building hostbufsudo_putenv: corrupted envp, length mismatchsudoers specifies that root is not allowed to sudotimestamp owner (%s): No such usertimestamp path too long: %stimestamp too far in the future: %20.20stoo many levels of includestoo many parenthesized expressions, max %dtoo many processesunable to begin bsd authenticationunable to build time filterunable to cache gid %u, already existsunable to cache group %s, already existsunable to cache group list for %s, already existsunable to cache uid %u, already existsunable to cache user %s, already existsunable to change mode of %s to 0%ounable to change to root gidunable to change to runas gidunable to change to runas uidunable to change to sudoers gidunable to commit audit recordunable to connect to authentication serverunable to contact the SecurID serverunable to create %sunable to dlopen %s: %sunable to dup stdin: %munable to execute %sunable to execute %s: %munable to find symbol "%s" in %sunable to find symbol "group_plugin" in %sunable to forkunable to fork: %munable to format timestampunable to get GMT timeunable to get login class for user %sunable to initialize LDAP: %sunable to initialize PAMunable to initialize SIA sessionunable to initialize SSL cert and key db: %sunable to lock log file: %s: %sunable to mix ldap and ldaps URIsunable to mix ldaps and starttlsunable to mkdir %sunable to open %sunable to open audit systemunable to open log file: %s: %sunable to open pipe: %munable to parse groups for %sunable to re-open temporary file (%s), %s unchanged.unable to read %sunable to read fwtk configunable to remove %s, will reset to the epochunable to reset %s to the epochunable to resolve host %sunable to run %sunable to send audit messageunable to set (uid, gid) of %s to (%u, %u)unable to set runas group vectorunable to set tty to raw modeunable to setup authenticationunable to stat %sunable to stat editor (%s)unable to stat temporary file (%s), %s unchangedunable to write to %sunabled to parse temporary file (%s), unknown errorunknown SecurID errorunknown defaults entry `%s'unknown group: %sunknown login class: %sunknown search term "%s"unknown uid: %uunknown user: %sunmatched '(' in expressionunmatched ')' in expressionunsupported LDAP uri type: %susage: %s [-h] [-d directory] -l [search expression] usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID user NOT authorized on hostuser NOT in sudoersvalidation failurevalue `%s' is invalid for option `%s'values for `%s' must start with a '/'write errorwriting to standard outputyou are not permitted to use the -C optionyou do not exist in the %s databaseyou must set TLS_CERT in %s to use SSLzero length temporary file (%s), %s unchangedProject-Id-Version: sudoers 1.8.7b1 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-04-02 10:40-0400 PO-Revision-Date: 2013-04-18 15:32+0200 Last-Translator: Tomislav Krznar Language-Team: Croatian Language: hr MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2); X-Generator: Gtranslator 2.91.6 raÄunalo nije pronaÄ‘eno Naredba dozvoljena Naredba zabranjena Naredba nije pronaÄ‘ena LDAP uloga: %s LDAP uloga: NEPOZNATA Opcije: -c naÄin samo za provjeravanje -f sudoers navedi položaj datoteke sudoers -h prikaži poruku pomoći i izaÄ‘i -q manje opÅ¡irne (tihe) poruke sintaksnih greÅ¡aka -s strogo provjeravanje sintakse -V prikaži informacije o inaÄici i izaÄ‘i Opcije: -d direktorij navedi direktorij za dnevnike sjednica -f filtar navedi U/I vrste za prikaz -h prikaži poruku pomoći i izaÄ‘i -l [izraz] prikaži dostupne identifikatore sjednica koje odgovaraju izrazu -m max_Äekanje najveći broj sekundi za Äekanje izmeÄ‘u dogaÄ‘aja -s faktor_brzine ubrzaj ili uspori ispis -V prikaži informacije o inaÄici i izaÄ‘i Sudoers stavka: Sudoers putanja: %s Vjerujemo da vam je administrator lokalnog sustava održao uobiÄajeno predavanje. To se obiÄno svodi na sljedeće tri stvari: #1) PoÅ¡tujte tuÄ‘u privatnost. #2) Mislite prije pisanja. #3) S velikim moćima dolazi velika odgovornost. Naredbe: Opcije: Redoslijed: %s PokreniKaoGrupe: PokreniKaoKorisnici: %8s : %s%8s : (naredba nastavljena) %s%d netoÄan pokuÅ¡aj unosa lozinke%d netoÄna pokuÅ¡aja unosa lozinke%d netoÄnih pokuÅ¡aja unosa lozinke%s - prikaži dnevnike sudo sjednica %s - sigurno ureÄ‘ivanje datoteke sudoers %s i %s nisu na istom datoteÄnom sustavu, koristim mv za preimenovanje%s je zauzet, pokuÅ¡ajte ponovo kasnije%s postoji, ali nije direktorij (0%o)%s postoji, ali nije obiÄna datoteka (0%o)%s inaÄica gramatike %d %s nije obiÄna datotekaKorisniku %s nije dozvoljeno pokrenuti sudo na %s. Ovaj će incident biti prijavljen. %s nije u datoteci sudoers. Ovaj će incident biti prijavljen. vlasnik %s je gid %u, treba biti %uvlasnik %s je uid %u, treba biti %u%s ima dozvole za pisanje svih korisnikavlasnik %s mora biti uid %dsamo vlasnik smije imati dozvole za pisanje %svlasnik %s je uid %u, treba biti uid %u%s zahtijeva argument%s nepromijenjen%s inaÄica %s nevlasnici imaju dozvolu za pisanje u %s (0%o), treba biti mod 0600nevlasnici imaju dozvolu za pisanje u %s (0%o), treba biti mod 0700%s/%.2s/%.2s/%.2s/vrijeme: %s%s/%s/vrijeme: %s%s: Ne mogu provjeriti TGT! Moguć napad!: %s%s: neispravne dozvole, treba biti mod 0%o %s: naredba nije pronaÄ‘ena%s: nekompatibilna glavna inaÄica grupnog prikljuÄka %d, oÄekujem %d%s: analiza u redu %s: ne mogu alocirati opcije: %s%s: ne mogu dobiti vjerodajnice: %s%s: ne mogu dobiti upravitelja raÄunala: %s%s: ne mogu inicijalizirati ccache: %s%s: ne mogu analizirati „%sâ€: %s%s: ne mogu pronaći ccache: %s%s: ne mogu spremiti vjerodajnicu u ccache: %s%s: ne mogu ukloniti analizu upravitelja („%sâ€): %s%s: nekoriÅ¡teni %s_Alias %s%s: krivi vlasniÄki (uid, gid), treba biti (%u, %u) *** SIGURNOSNE informacije za %h ***RaÄun je istekao ili PAM konfiguracija nema odjeljak „account†za sudo, javite vaÅ¡em administratoru sustavaRaÄun ili lozinka su istekli, vratite izvornu lozinku i pokuÅ¡ajte ponovoDodaj stavku u utmp/utmpx datoteku pri alokaciji pseudoterminalaAdresa s koje se Å¡alje poÅ¡ta: %sAdresa na koju se Å¡alje poÅ¡ta: %sAlias „%s†je već definiranDozvoli prikupljanje nekih informacija za ispis korisnih poruka greÅ¡akaDozvoli da sudo traži lozinku Äak i ako će biti vidljivaDozvoli korisnicima postavljanje proizvoljnih varijabli okolineUvijek pokreni naredbe u pseudoterminaluUvijek poÅ¡alji poÅ¡tu kad se pokrene sudoUvijek postavi $HOME na poÄetni direktorij odrediÅ¡nog korisnikaPrimijeni zadane postavke u razredu prijave odrediÅ¡nog korisnika ako postojeMetode provjere:Istek vremenske oznake provjere: %.1f minutaKomprimiraj U/I zapise koriÅ¡tenjem zlibNe mogu odrediti uvjet revizijeNapravi novu PAM sjednicu u kojoj će se pokrenuti naredbaUobiÄajeno traženje lozinke: %sZadani korisnik za pokretanje naredbi: %sDirektorij za spremanje ulazno/izlaznih dnevnika: %sNe inicijaliziraj grupni vektor u onaj odrediÅ¡nog korisnikaVarijable okoline Äija će se ispravnost provjeriti:Varijable okoline za oÄuvanje:Varijable okoline za uklanjanje:GreÅ¡ka: %s_Alias „%s†je referenciran, ali nije definiranGreÅ¡ka: petlja u %s_Alias „%sâ€Datoteka koja sadrži sudo lekciju: %sOpisnici datoteka >= %d će se zatvoriti prije izvrÅ¡avanja naredbeDatoteka za spremanje ulazno/izlaznog dnevnika: %sZastavice za program poÅ¡te: %sAko je LDAP direktorij aktivan, zanemaruje li se lokalna datoteka sudoersAko je postavljen, passprompt će zaobići sustavski u svim sluÄajevima.Ako je postavljen, korisnici mogu zaobići vrijednost „closeform†opcijom -CAko se sudo pozove bez argumenata, pokreni ljuskuZanemari „.†u $PATHNeispravna poruka lozinke: %sUvrijedi korisnika kad upiÅ¡e netoÄnu lozinkuNeispravne metode provjere kompajlirane u sudo! Možete mijeÅ¡ati samostalne i nesamostalne provjere.Održi lekciju korisniku kad prvi put pokrene sudoDuljina prelamanja redaka dnevniÄke datoteke (0 iskljuÄuje): %dParovi lokalnih IP adresa i mrežnih maski: Lokal za koriÅ¡tenje pri obradi sudoers: %sVeliÄina dnevnika je %d x %d, a veliÄina vaÅ¡eg terminala %d x %d.ZapiÅ¡i ime raÄunala u (ne-syslog) dnevniÄku datotekuZapiÅ¡i izlaz pokrenute naredbeZapiÅ¡i godinu u (ne-syslog) dnevniÄku datotekuZapiÅ¡i korisniÄki unos za pokrenute naredbeSpajam stavke zadanih vrijednosti za %s na ovom raÄunalu: Najveći redni broj U/I dnevnikaNema korisnika ili raÄunalaBroj pokuÅ¡aja unosa lozinke: %dDozvoli korisniku pokretanje sudo samo ako ima ttyPostavi samo efektivni uid na onaj odrediÅ¡nog korisnika umjesto stvarnog uid-aOpcije su: (e) ponovo uredi datoteku sudoers (x) izaÄ‘i bez spremanja promjena u datoteku sudoers (Q) izaÄ‘i i spremi promjene u datoteku sudoers (OPASNO!) Vlasnik direktorija vremenske oznake provjere: %sLozinka je istekla, javite vaÅ¡em administratoru sustavaIstek traženja lozinke: %.1f minutaLozinka:Lozinka: Putanja do direktorija vremenske oznake provjere: %sPutanja do dnevniÄke datoteke: %sPutanja do programa poÅ¡te: %sPutanja do ureÄ‘ivaÄa koji će koristiti visudo: %sPutanja do datoteke okoline karakteristiÄne za sudo: %sPrikljuÄak za podrÅ¡ku za ne-Unix grupe: %sPrethodno uÄitaj prividne izvrÅ¡ne funkcije sadržane u biblioteci sudo_noexecZatraži lozinku administratora umjesto korisnikaZatraži lozinku runas_default korisnika umjesto trenutnogZatraži lozinku odrediÅ¡nog korisnika umjesto trenutnogPrikaži vizualne povratne informacije pri traženju lozinke kad postoji korisniÄki unosPostavi OTP upit u vlastiti redakPrikazujem sudo sjednicu: %s Traži potpuno kvalificirana imena raÄunala u datoteci sudoersUobiÄajeno traži provjeru korisnikaVrati okolinu u poÄetni zadani skup varijabliRoot može pokrenuti sudoPokreni naredbe na pseudoterminalu u pozadiniZadane vrijednosti „pokreni kao†i specifiÄne za naredbe za %s: SELinux uloga za koriÅ¡tenje u novom sigurnosnom kontekstu: %sSELinux vrsta za koriÅ¡tenje u novom sigurnosnom kontekstu: %sSecurID komunikacija nije uspjelaPoÅ¡alji poÅ¡tu ako korisnik nema dozvolu za pokretanje naredbePoÅ¡alji poÅ¡tu ako korisnik nije u sudoersPoÅ¡alji poÅ¡tu ako korisnik nije u sudoers na ovom raÄunaluPoÅ¡alji poÅ¡tu ako provjera korisnika nije uspjelaPostavi $HOME na poÄetni direktorij odrediÅ¡nog korisnika pri pokretanju ljuske sa -sSkup ograniÄenih ovlastiSkup dozvoljenih ovlastiPostavi varijable okoline LOGNAME i USERPostavi korisnika u utmp u „pokreni kao†korisnika umjesto pozivateljaŽao mi je, pokuÅ¡ajte ponovo.Žao mi je, korisniku %s nije dozvoljeno izvrÅ¡iti „%s%s%s†kao %s%s%s na %s. Žao mi je, korisnik %s ne može pokrenuti sudo na %s. Predmet poruka poÅ¡te: %sInaÄica sudoers gramatike datoteke %d InaÄica sudoers prikljuÄka police %s Syslog jedinica ako se koristi syslog za zapisivanje dnevnika: %sSyslog prioritet koji se koristi pri uspjeÅ¡noj provjeri korisnika: %sSyslog prioritet koji se koristi pri neuspjeÅ¡noj provjeri korisnika: %sUmask naveden u sudoers će zaobići korisniÄki, Äak i ako dozvoljava viÅ¡eNema metoda provjere kompajliranih u sudo! Ako želite iskljuÄiti provjeru, koristite konfiguracijsku opciju --disable-authentication.Umask za koriÅ¡tenje ili 0777 za korisniÄku: 0%oNe mogu izvrÅ¡iti dlopen %s: %sNe mogu inicijalizirati SSS izvor. Je li SSSD instaliran na vaÅ¡em stroju?Koristi posebnu vremensku oznaku za svaku kombinaciju korisnik/terminalKoristi bržu usporedbu uzoraka koja je nepreciznija, ali ne pristupa datoteÄnom sustavuKorisniku %s nije dozvoljeno pokrenuti sudo na %s. Korisnik %s može pokrenuti sljedeće naredbe na ovom raÄunalu: KorisniÄki ID zakljuÄan za SecurID provjeruKorisnici u ovoj grupi su izuzeti od traženja lozinke i PATH zahtjeva: %sVrijednost za zaobilaženje korisniÄke $PATH: %sVisudo će poÅ¡tivati varijablu okoline EDITORUpozorenje: %s_Alias „%s†je referenciran, ali nije definiranUpozorenje: petlja u %s_Alias „%sâ€Upozorenje: vaÅ¡ terminal je premalen za ispravno prikazivanje dnevnika. Å to sada? Kada tražiti lozinku za pseudonaredbu „listâ€: %sKada tražiti lozinku za pseudonaredbu „verifyâ€: %spotrebna je lozinkapotvrÄ‘ivanje raÄuna nije uspjelo, je li vaÅ¡ raÄun zakljuÄan?viÅ¡eznaÄni izraz „%sâ€au_open: nije uspioau_to_exec_args: nije uspioau_to_return32: nije uspioau_to_subject: nije uspioau_to_text: nije uspioprovjera nije uspjelagreÅ¡ka poslužitelja za provjeru: %snaredba nije uspjela: „%s %s %sâ€, %s nepromijenjennaredba u trenutnom direktorijunaredba nije dozvoljenane mogu analizirati datum „%sâ€ureÄ‘ivaÄ (%s) nije uspio, %s nepromijenjengreÅ¡ka preimenovanja %s, %s nepromijenjennisam uspio inicijalizirati ACE API bibliotekunisam uspio analizirati %s datoteku, nepoznata greÅ¡kafill_args: preljev meÄ‘uspremnikagetaudit: nije uspiogetauid nije uspiogetauid: nije uspiozanemarujem „%s†pronaÄ‘en u „.†Koristite „sudo ./%s†ako je ovo „%s†koji želite pokrenuti.nedozvoljeni „!†na krajunedozvoljeni „or†na krajuinterna greÅ¡ka, %s preljevinterna greÅ¡ka, ne mogu pronaći %s na popisu!interna greÅ¡ka: nema dovoljno prostora za redak dnevnikaneispravni postupak provjere za SecurIDneispravne metode provjereneispravna vrsta provjereneispravna opcija filtra: %sneispravno najveće Äekanje: %sneispravna duljina lozinke za SecurIDneispravni regularni izraz: %sneispravan regularni izraz: %sneispravni faktor brzine: %sneispravno sudoOrder svojstvo: %sneispravan redak datoteke mjerenja vremena: %sneispravan uri: %sneispravna duljina korisniÄkog imena za SecurIDldap.conf putanja: %s ldap.secret putanja: %s izgubljena veza na poslužitelj za provjerunanosleep: tv_sec %ld, tv_nsec %ldnema metoda provjerenije pronaÄ‘en ureÄ‘ivaÄ (putanja ureÄ‘ivaÄa = %s)nema terminalanisu pronaÄ‘eni ispravni sudoers izvori, izlazimnije navedena vrijednost za „%sâ€nsswitch putanja: %s samo root smije koristiti „-c %sâ€opcija „%s†ne prihvaća vrijednostpam_authenticate: %spam_chauthtok: %sgreÅ¡ka analize u %sgreÅ¡ka analize u %s greÅ¡ka analize u %s kod retka %dgreÅ¡ka analize u %s kod retka %d preljev trajnog stogapodljev trajnog stogapritisnite return za ureÄ‘ivanje %s: problem sa stavkama zadanih vrijednostižao mi je, nemate dozvolu za oÄuvanje okolinežao mi je, nemate dozvolu za postavljanje sljedećih varijabli okoline: %sžao mi je, morate imati terminal za pokretanje sudonavedeni ureÄ‘ivaÄ (%s) ne postojinaveden je start_tls, ali LDAP biblioteke ne podržavaju ldap_start_tls_s() ili ldap_start_tls_s_np()neodgovarajuća sudo_ldap_build_pass1 alokacijasudo_ldap_conf_add_ports: nema dovoljno prostora za proÅ¡irenje meÄ‘uspremnika raÄunalasudo_ldap_conf_add_ports: port je preveliksudo_ldap_parse_uri: nema dovoljno prostora za izgradnju meÄ‘uspremnika raÄunalasudo_putenv: oÅ¡tećen envp, duljina ne odgovarasudoers navodi da root ne može koristiti sudovlasnik vremenske oznake (%s): Nema takvog korisnikaputanja vremenske oznake predugaÄka: %svremenska oznaka predaleko u budućnosti: %20.20spreviÅ¡e razina ukljuÄivanjapreviÅ¡e izraza u zagradama, najviÅ¡e %dpreviÅ¡e procesane mogu zapoÄeti bsd provjerune mogu izgraditi filtar vremenane mogu staviti gid %u u spremnik, već postojine mogu staviti grupu %s u spremnik, već postojine mogu staviti popis grupa u spremnik za %s, već postojine mogu staviti uid %u u spremnik, već postojine mogu staviti korisnika %s u spremnik, već postojine mogu promijeniti mod od %s u 0%one mogu promijeniti u administratorski gidne mogu promijeniti u „pokreni kao†gidne mogu promijeniti u „pokreni kao†uidne mogu promijeniti u sudoers gidne mogu poslati zapis revizijene mogu se spojiti na poslužitelj za provjerune mogu uspostaviti vezu s SecurID poslužiteljemne mogu napraviti %sne mogu izvrÅ¡iti dlopen %s: %sne mogu izvrÅ¡iti dup stdin: %mne mogu izvrÅ¡iti %sne mogu izvrÅ¡iti %s: %mne mogu pronaći simbol „%s†u %sne mogu pronaći simbol „group_plugin†u %sne mogu razdvojitine mogu razdvojiti: %mne mogu oblikovati vremensku oznakune mogu dohvatiti GMT vrijemene mogu dobiti razred prijave korisnika %sne mogu inicijalizirati LDAP: %sne mogu inicijalizirati PAMne mogu inicijalizirati SIA sjednicune mogu inicijalizirati SSL certifikat i bazu podataka kljuÄeva: %sne mogu zakljuÄati dnevniÄku datoteku: %s: %sne mogu mijeÅ¡ati ldap i ldaps URI-jene mogu mijeÅ¡ati ldaps i starttlsne mogu napraviti direktorij %sne mogu otvoriti %sne mogu otvoriti sustav revizijene mogu otvoriti dneviÄku datoteku: %s: %sne mogu otvoriti cjevovod: %mne mogu obraditi grupe za %sne mogu ponovo otvoriti privremenu datoteku (%s), %s nepromijenjen.ne mogu Äitati %sne mogu Äitati fwtk konfiguracijune mogu ukloniti %s, vratit ću na poÄetnu epohune mogu vratiti %s na poÄetnu epohune mogu pronaći raÄunalo %sne mogu pokrenuti %sne mogu poslati poruku revizijena mogu postaviti (uid, gid) od %s na (%u, %u)ne mogu postaviti „pokreni kao†grupni vektorne mogu postaviti terminal u sirovi naÄinne mogu postaviti provjerune mogu izvrÅ¡iti stat %sne mogu odrediti stanje ureÄ‘ivaÄa (%s)na mogu izvrÅ¡iti stat privremene datoteke (%s), %s nepromijenjenne mogu pisati u %sne mogu analizirati privremenu datoteku (%s), nepoznata greÅ¡kanepoznata SecurID greÅ¡kanepoznata stavka zadanih vrijednosti „%sâ€nepoznata grupa: %snepoznat razred prijave: %snepoznat pojam pretrage „%sâ€nepoznat uid: %unepoznat korisnik: %snesparena „(†u izrazunesparena „)†u izrazunepodržana vrsta LDAP uri-ja: %suporaba: %s [-h] [-d direktorij] -l [izraz pretrage] uporaba: %s [-h] [-d direktorij] [-m max_Äekanje] [-s faktor_brzine] ID korisnik NIJE ovlaÅ¡ten na raÄunalukorisnik NIJE u sudoersprovjera nije uspjelavrijednost „%s†nije ispravna za opciju „%sâ€vrijednost za „%s†mora poÄeti s „/â€greÅ¡ka pisanjaispisujem na standardni izlaznemate dozvolu za koriÅ¡tenje opcije -Cniste navedeni u %s bazi podatakamorate postaviti TLS_CERT u %s za koriÅ¡tenje SSL-aprivremena datoteka duljine nula (%s), %s nepromijenjensudo-1.8.9p5/plugins/sudoers/po/hr.po010064400175440000012000001546461226304126200171160ustar00millertstaff# Translation of sudoers to Croatian. # This file is put in the public domain. # Tomislav Krznar , 2012, 2013. # msgid "" msgstr "" "Project-Id-Version: sudoers 1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-04-02 10:40-0400\n" "PO-Revision-Date: 2013-04-18 15:32+0200\n" "Last-Translator: Tomislav Krznar \n" "Language-Team: Croatian \n" "Language: hr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" "X-Generator: Gtranslator 2.91.6\n" #: confstr.sh:2 plugins/sudoers/auth/pam.c:340 msgid "Password:" msgstr "Lozinka:" #: confstr.sh:3 msgid "*** SECURITY information for %h ***" msgstr "*** SIGURNOSNE informacije za %h ***" #: confstr.sh:4 msgid "Sorry, try again." msgstr "Žao mi je, pokuÅ¡ajte ponovo." #: plugins/sudoers/alias.c:124 #, c-format msgid "Alias `%s' already defined" msgstr "Alias „%s†je već definiran" #: plugins/sudoers/auth/bsdauth.c:77 #, c-format msgid "unable to get login class for user %s" msgstr "ne mogu dobiti razred prijave korisnika %s" #: plugins/sudoers/auth/bsdauth.c:83 msgid "unable to begin bsd authentication" msgstr "ne mogu zapoÄeti bsd provjeru" #: plugins/sudoers/auth/bsdauth.c:91 msgid "invalid authentication type" msgstr "neispravna vrsta provjere" #: plugins/sudoers/auth/bsdauth.c:100 msgid "unable to setup authentication" msgstr "ne mogu postaviti provjeru" #: plugins/sudoers/auth/fwtk.c:59 #, c-format msgid "unable to read fwtk config" msgstr "ne mogu Äitati fwtk konfiguraciju" #: plugins/sudoers/auth/fwtk.c:64 #, c-format msgid "unable to connect to authentication server" msgstr "ne mogu se spojiti na poslužitelj za provjeru" #: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 #: plugins/sudoers/auth/fwtk.c:127 #, c-format msgid "lost connection to authentication server" msgstr "izgubljena veza na poslužitelj za provjeru" #: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" "greÅ¡ka poslužitelja za provjeru:\n" "%s" #: plugins/sudoers/auth/kerb5.c:116 #, c-format msgid "%s: unable to unparse princ ('%s'): %s" msgstr "%s: ne mogu ukloniti analizu upravitelja („%sâ€): %s" #: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: ne mogu analizirati „%sâ€: %s" #: plugins/sudoers/auth/kerb5.c:169 #, c-format msgid "%s: unable to resolve ccache: %s" msgstr "%s: ne mogu pronaći ccache: %s" #: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: ne mogu alocirati opcije: %s" #: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: ne mogu dobiti vjerodajnice: %s" #: plugins/sudoers/auth/kerb5.c:246 #, c-format msgid "%s: unable to initialize ccache: %s" msgstr "%s: ne mogu inicijalizirati ccache: %s" #: plugins/sudoers/auth/kerb5.c:250 #, c-format msgid "%s: unable to store cred in ccache: %s" msgstr "%s: ne mogu spremiti vjerodajnicu u ccache: %s" #: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: ne mogu dobiti upravitelja raÄunala: %s" #: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: Ne mogu provjeriti TGT! Moguć napad!: %s" #: plugins/sudoers/auth/pam.c:100 msgid "unable to initialize PAM" msgstr "ne mogu inicijalizirati PAM" #: plugins/sudoers/auth/pam.c:145 msgid "account validation failure, is your account locked?" msgstr "potvrÄ‘ivanje raÄuna nije uspjelo, je li vaÅ¡ raÄun zakljuÄan?" #: plugins/sudoers/auth/pam.c:149 msgid "Account or password is expired, reset your password and try again" msgstr "RaÄun ili lozinka su istekli, vratite izvornu lozinku i pokuÅ¡ajte ponovo" #: plugins/sudoers/auth/pam.c:156 #, c-format msgid "pam_chauthtok: %s" msgstr "pam_chauthtok: %s" #: plugins/sudoers/auth/pam.c:160 msgid "Password expired, contact your system administrator" msgstr "Lozinka je istekla, javite vaÅ¡em administratoru sustava" #: plugins/sudoers/auth/pam.c:164 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "RaÄun je istekao ili PAM konfiguracija nema odjeljak „account†za sudo, javite vaÅ¡em administratoru sustava" #: plugins/sudoers/auth/pam.c:181 #, c-format msgid "pam_authenticate: %s" msgstr "pam_authenticate: %s" #: plugins/sudoers/auth/pam.c:339 msgid "Password: " msgstr "Lozinka: " #: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212 #, c-format msgid "you do not exist in the %s database" msgstr "niste navedeni u %s bazi podataka" #: plugins/sudoers/auth/securid5.c:80 #, c-format msgid "failed to initialise the ACE API library" msgstr "nisam uspio inicijalizirati ACE API biblioteku" #: plugins/sudoers/auth/securid5.c:106 #, c-format msgid "unable to contact the SecurID server" msgstr "ne mogu uspostaviti vezu s SecurID poslužiteljem" #: plugins/sudoers/auth/securid5.c:115 #, c-format msgid "User ID locked for SecurID Authentication" msgstr "KorisniÄki ID zakljuÄan za SecurID provjeru" #: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 #, c-format msgid "invalid username length for SecurID" msgstr "neispravna duljina korisniÄkog imena za SecurID" #: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 #, c-format msgid "invalid Authentication Handle for SecurID" msgstr "neispravni postupak provjere za SecurID" #: plugins/sudoers/auth/securid5.c:127 #, c-format msgid "SecurID communication failed" msgstr "SecurID komunikacija nije uspjela" #: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 #, c-format msgid "unknown SecurID error" msgstr "nepoznata SecurID greÅ¡ka" #: plugins/sudoers/auth/securid5.c:165 #, c-format msgid "invalid passcode length for SecurID" msgstr "neispravna duljina lozinke za SecurID" #: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "ne mogu inicijalizirati SIA sjednicu" #: plugins/sudoers/auth/sudo_auth.c:119 msgid "invalid authentication methods" msgstr "neispravne metode provjere" #: plugins/sudoers/auth/sudo_auth.c:120 msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication." msgstr "Neispravne metode provjere kompajlirane u sudo! Možete mijeÅ¡ati samostalne i nesamostalne provjere." #: plugins/sudoers/auth/sudo_auth.c:203 msgid "no authentication methods" msgstr "nema metoda provjere" #: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "Nema metoda provjere kompajliranih u sudo! Ako želite iskljuÄiti provjeru, koristite konfiguracijsku opciju --disable-authentication." #: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "Metode provjere:" #: plugins/sudoers/bsm_audit.c:60 plugins/sudoers/bsm_audit.c:63 #: plugins/sudoers/bsm_audit.c:112 plugins/sudoers/bsm_audit.c:116 #: plugins/sudoers/bsm_audit.c:168 plugins/sudoers/bsm_audit.c:172 #, c-format msgid "getaudit: failed" msgstr "getaudit: nije uspio" #: plugins/sudoers/bsm_audit.c:90 plugins/sudoers/bsm_audit.c:153 #, c-format msgid "Could not determine audit condition" msgstr "Ne mogu odrediti uvjet revizije" #: plugins/sudoers/bsm_audit.c:101 #, c-format msgid "getauid failed" msgstr "getauid nije uspio" #: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162 #, c-format msgid "au_open: failed" msgstr "au_open: nije uspio" #: plugins/sudoers/bsm_audit.c:118 plugins/sudoers/bsm_audit.c:174 #, c-format msgid "au_to_subject: failed" msgstr "au_to_subject: nije uspio" #: plugins/sudoers/bsm_audit.c:122 plugins/sudoers/bsm_audit.c:178 #, c-format msgid "au_to_exec_args: failed" msgstr "au_to_exec_args: nije uspio" #: plugins/sudoers/bsm_audit.c:126 plugins/sudoers/bsm_audit.c:187 #, c-format msgid "au_to_return32: failed" msgstr "au_to_return32: nije uspio" #: plugins/sudoers/bsm_audit.c:129 plugins/sudoers/bsm_audit.c:190 #, c-format msgid "unable to commit audit record" msgstr "ne mogu poslati zapis revizije" #: plugins/sudoers/bsm_audit.c:160 #, c-format msgid "getauid: failed" msgstr "getauid: nije uspio" #: plugins/sudoers/bsm_audit.c:183 #, c-format msgid "au_to_text: failed" msgstr "au_to_text: nije uspio" #: plugins/sudoers/check.c:174 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" "Administrator. It usually boils down to these three things:\n" "\n" " #1) Respect the privacy of others.\n" " #2) Think before you type.\n" " #3) With great power comes great responsibility.\n" "\n" msgstr "" "\n" "Vjerujemo da vam je administrator lokalnog sustava održao uobiÄajeno\n" "predavanje. To se obiÄno svodi na sljedeće tri stvari:\n" "\n" " #1) PoÅ¡tujte tuÄ‘u privatnost.\n" " #2) Mislite prije pisanja.\n" " #3) S velikim moćima dolazi velika odgovornost.\n" "\n" #: plugins/sudoers/check.c:212 plugins/sudoers/check.c:218 #: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566 #, c-format msgid "unknown uid: %u" msgstr "nepoznat uid: %u" #: plugins/sudoers/check.c:215 plugins/sudoers/policy.c:635 #: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215 #: plugins/sudoers/testsudoers.c:359 #, c-format msgid "unknown user: %s" msgstr "nepoznat korisnik: %s" #: plugins/sudoers/def_data.c:27 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "Syslog jedinica ako se koristi syslog za zapisivanje dnevnika: %s" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "Syslog prioritet koji se koristi pri uspjeÅ¡noj provjeri korisnika: %s" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "Syslog prioritet koji se koristi pri neuspjeÅ¡noj provjeri korisnika: %s" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" msgstr "Postavi OTP upit u vlastiti redak" #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" msgstr "Zanemari „.†u $PATH" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" msgstr "Uvijek poÅ¡alji poÅ¡tu kad se pokrene sudo" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" msgstr "PoÅ¡alji poÅ¡tu ako provjera korisnika nije uspjela" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" msgstr "PoÅ¡alji poÅ¡tu ako korisnik nije u sudoers" #: plugins/sudoers/def_data.c:59 msgid "Send mail if the user is not in sudoers for this host" msgstr "PoÅ¡alji poÅ¡tu ako korisnik nije u sudoers na ovom raÄunalu" #: plugins/sudoers/def_data.c:63 msgid "Send mail if the user is not allowed to run a command" msgstr "PoÅ¡alji poÅ¡tu ako korisnik nema dozvolu za pokretanje naredbe" #: plugins/sudoers/def_data.c:67 msgid "Use a separate timestamp for each user/tty combo" msgstr "Koristi posebnu vremensku oznaku za svaku kombinaciju korisnik/terminal" #: plugins/sudoers/def_data.c:71 msgid "Lecture user the first time they run sudo" msgstr "Održi lekciju korisniku kad prvi put pokrene sudo" #: plugins/sudoers/def_data.c:75 #, c-format msgid "File containing the sudo lecture: %s" msgstr "Datoteka koja sadrži sudo lekciju: %s" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" msgstr "UobiÄajeno traži provjeru korisnika" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" msgstr "Root može pokrenuti sudo" #: plugins/sudoers/def_data.c:87 msgid "Log the hostname in the (non-syslog) log file" msgstr "ZapiÅ¡i ime raÄunala u (ne-syslog) dnevniÄku datoteku" #: plugins/sudoers/def_data.c:91 msgid "Log the year in the (non-syslog) log file" msgstr "ZapiÅ¡i godinu u (ne-syslog) dnevniÄku datoteku" #: plugins/sudoers/def_data.c:95 msgid "If sudo is invoked with no arguments, start a shell" msgstr "Ako se sudo pozove bez argumenata, pokreni ljusku" #: plugins/sudoers/def_data.c:99 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "Postavi $HOME na poÄetni direktorij odrediÅ¡nog korisnika pri pokretanju ljuske sa -s" #: plugins/sudoers/def_data.c:103 msgid "Always set $HOME to the target user's home directory" msgstr "Uvijek postavi $HOME na poÄetni direktorij odrediÅ¡nog korisnika" #: plugins/sudoers/def_data.c:107 msgid "Allow some information gathering to give useful error messages" msgstr "Dozvoli prikupljanje nekih informacija za ispis korisnih poruka greÅ¡aka" #: plugins/sudoers/def_data.c:111 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "Traži potpuno kvalificirana imena raÄunala u datoteci sudoers" #: plugins/sudoers/def_data.c:115 msgid "Insult the user when they enter an incorrect password" msgstr "Uvrijedi korisnika kad upiÅ¡e netoÄnu lozinku" #: plugins/sudoers/def_data.c:119 msgid "Only allow the user to run sudo if they have a tty" msgstr "Dozvoli korisniku pokretanje sudo samo ako ima tty" #: plugins/sudoers/def_data.c:123 msgid "Visudo will honor the EDITOR environment variable" msgstr "Visudo će poÅ¡tivati varijablu okoline EDITOR" #: plugins/sudoers/def_data.c:127 msgid "Prompt for root's password, not the users's" msgstr "Zatraži lozinku administratora umjesto korisnika" #: plugins/sudoers/def_data.c:131 msgid "Prompt for the runas_default user's password, not the users's" msgstr "Zatraži lozinku runas_default korisnika umjesto trenutnog" #: plugins/sudoers/def_data.c:135 msgid "Prompt for the target user's password, not the users's" msgstr "Zatraži lozinku odrediÅ¡nog korisnika umjesto trenutnog" #: plugins/sudoers/def_data.c:139 msgid "Apply defaults in the target user's login class if there is one" msgstr "Primijeni zadane postavke u razredu prijave odrediÅ¡nog korisnika ako postoje" #: plugins/sudoers/def_data.c:143 msgid "Set the LOGNAME and USER environment variables" msgstr "Postavi varijable okoline LOGNAME i USER" #: plugins/sudoers/def_data.c:147 msgid "Only set the effective uid to the target user, not the real uid" msgstr "Postavi samo efektivni uid na onaj odrediÅ¡nog korisnika umjesto stvarnog uid-a" #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" msgstr "Ne inicijaliziraj grupni vektor u onaj odrediÅ¡nog korisnika" #: plugins/sudoers/def_data.c:155 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %d" msgstr "Duljina prelamanja redaka dnevniÄke datoteke (0 iskljuÄuje): %d" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "Istek vremenske oznake provjere: %.1f minuta" #: plugins/sudoers/def_data.c:163 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "Istek traženja lozinke: %.1f minuta" #: plugins/sudoers/def_data.c:167 #, c-format msgid "Number of tries to enter a password: %d" msgstr "Broj pokuÅ¡aja unosa lozinke: %d" #: plugins/sudoers/def_data.c:171 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "Umask za koriÅ¡tenje ili 0777 za korisniÄku: 0%o" #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" msgstr "Putanja do dnevniÄke datoteke: %s" #: plugins/sudoers/def_data.c:179 #, c-format msgid "Path to mail program: %s" msgstr "Putanja do programa poÅ¡te: %s" #: plugins/sudoers/def_data.c:183 #, c-format msgid "Flags for mail program: %s" msgstr "Zastavice za program poÅ¡te: %s" #: plugins/sudoers/def_data.c:187 #, c-format msgid "Address to send mail to: %s" msgstr "Adresa na koju se Å¡alje poÅ¡ta: %s" #: plugins/sudoers/def_data.c:191 #, c-format msgid "Address to send mail from: %s" msgstr "Adresa s koje se Å¡alje poÅ¡ta: %s" #: plugins/sudoers/def_data.c:195 #, c-format msgid "Subject line for mail messages: %s" msgstr "Predmet poruka poÅ¡te: %s" #: plugins/sudoers/def_data.c:199 #, c-format msgid "Incorrect password message: %s" msgstr "Neispravna poruka lozinke: %s" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "Putanja do direktorija vremenske oznake provjere: %s" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "Vlasnik direktorija vremenske oznake provjere: %s" #: plugins/sudoers/def_data.c:211 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "Korisnici u ovoj grupi su izuzeti od traženja lozinke i PATH zahtjeva: %s" #: plugins/sudoers/def_data.c:215 #, c-format msgid "Default password prompt: %s" msgstr "UobiÄajeno traženje lozinke: %s" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." msgstr "Ako je postavljen, passprompt će zaobići sustavski u svim sluÄajevima." #: plugins/sudoers/def_data.c:223 #, c-format msgid "Default user to run commands as: %s" msgstr "Zadani korisnik za pokretanje naredbi: %s" #: plugins/sudoers/def_data.c:227 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "Vrijednost za zaobilaženje korisniÄke $PATH: %s" #: plugins/sudoers/def_data.c:231 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "Putanja do ureÄ‘ivaÄa koji će koristiti visudo: %s" #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "Kada tražiti lozinku za pseudonaredbu „listâ€: %s" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "Kada tražiti lozinku za pseudonaredbu „verifyâ€: %s" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in the sudo_noexec library" msgstr "Prethodno uÄitaj prividne izvrÅ¡ne funkcije sadržane u biblioteci sudo_noexec" #: plugins/sudoers/def_data.c:247 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "Ako je LDAP direktorij aktivan, zanemaruje li se lokalna datoteka sudoers" #: plugins/sudoers/def_data.c:251 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "Opisnici datoteka >= %d će se zatvoriti prije izvrÅ¡avanja naredbe" #: plugins/sudoers/def_data.c:255 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "Ako je postavljen, korisnici mogu zaobići vrijednost „closeform†opcijom -C" #: plugins/sudoers/def_data.c:259 msgid "Allow users to set arbitrary environment variables" msgstr "Dozvoli korisnicima postavljanje proizvoljnih varijabli okoline" #: plugins/sudoers/def_data.c:263 msgid "Reset the environment to a default set of variables" msgstr "Vrati okolinu u poÄetni zadani skup varijabli" #: plugins/sudoers/def_data.c:267 msgid "Environment variables to check for sanity:" msgstr "Varijable okoline Äija će se ispravnost provjeriti:" #: plugins/sudoers/def_data.c:271 msgid "Environment variables to remove:" msgstr "Varijable okoline za uklanjanje:" #: plugins/sudoers/def_data.c:275 msgid "Environment variables to preserve:" msgstr "Varijable okoline za oÄuvanje:" #: plugins/sudoers/def_data.c:279 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "SELinux uloga za koriÅ¡tenje u novom sigurnosnom kontekstu: %s" #: plugins/sudoers/def_data.c:283 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "SELinux vrsta za koriÅ¡tenje u novom sigurnosnom kontekstu: %s" #: plugins/sudoers/def_data.c:287 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "Putanja do datoteke okoline karakteristiÄne za sudo: %s" #: plugins/sudoers/def_data.c:291 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "Lokal za koriÅ¡tenje pri obradi sudoers: %s" #: plugins/sudoers/def_data.c:295 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "Dozvoli da sudo traži lozinku Äak i ako će biti vidljiva" #: plugins/sudoers/def_data.c:299 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "Prikaži vizualne povratne informacije pri traženju lozinke kad postoji korisniÄki unos" #: plugins/sudoers/def_data.c:303 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "Koristi bržu usporedbu uzoraka koja je nepreciznija, ali ne pristupa datoteÄnom sustavu" #: plugins/sudoers/def_data.c:307 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "Umask naveden u sudoers će zaobići korisniÄki, Äak i ako dozvoljava viÅ¡e" #: plugins/sudoers/def_data.c:311 msgid "Log user's input for the command being run" msgstr "ZapiÅ¡i korisniÄki unos za pokrenute naredbe" #: plugins/sudoers/def_data.c:315 msgid "Log the output of the command being run" msgstr "ZapiÅ¡i izlaz pokrenute naredbe" #: plugins/sudoers/def_data.c:319 msgid "Compress I/O logs using zlib" msgstr "Komprimiraj U/I zapise koriÅ¡tenjem zlib" #: plugins/sudoers/def_data.c:323 msgid "Always run commands in a pseudo-tty" msgstr "Uvijek pokreni naredbe u pseudoterminalu" #: plugins/sudoers/def_data.c:327 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "PrikljuÄak za podrÅ¡ku za ne-Unix grupe: %s" #: plugins/sudoers/def_data.c:331 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "Direktorij za spremanje ulazno/izlaznih dnevnika: %s" #: plugins/sudoers/def_data.c:335 #, c-format msgid "File in which to store the input/output log: %s" msgstr "Datoteka za spremanje ulazno/izlaznog dnevnika: %s" #: plugins/sudoers/def_data.c:339 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "Dodaj stavku u utmp/utmpx datoteku pri alokaciji pseudoterminala" #: plugins/sudoers/def_data.c:343 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "Postavi korisnika u utmp u „pokreni kao†korisnika umjesto pozivatelja" #: plugins/sudoers/def_data.c:347 msgid "Set of permitted privileges" msgstr "Skup dozvoljenih ovlasti" #: plugins/sudoers/def_data.c:351 msgid "Set of limit privileges" msgstr "Skup ograniÄenih ovlasti" #: plugins/sudoers/def_data.c:355 msgid "Run commands on a pty in the background" msgstr "Pokreni naredbe na pseudoterminalu u pozadini" #: plugins/sudoers/def_data.c:359 msgid "Create a new PAM session for the command to run in" msgstr "Napravi novu PAM sjednicu u kojoj će se pokrenuti naredba" #: plugins/sudoers/def_data.c:363 msgid "Maximum I/O log sequence number" msgstr "Najveći redni broj U/I dnevnika" #: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587 #, c-format msgid "unknown defaults entry `%s'" msgstr "nepoznata stavka zadanih vrijednosti „%sâ€" #: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225 #: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258 #: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284 #: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317 #: plugins/sudoers/defaults.c:327 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "vrijednost „%s†nije ispravna za opciju „%sâ€" #: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 #: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253 #: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279 #: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312 #: plugins/sudoers/defaults.c:323 #, c-format msgid "no value specified for `%s'" msgstr "nije navedena vrijednost za „%sâ€" #: plugins/sudoers/defaults.c:241 #, c-format msgid "values for `%s' must start with a '/'" msgstr "vrijednost za „%s†mora poÄeti s „/â€" #: plugins/sudoers/defaults.c:303 #, c-format msgid "option `%s' does not take a value" msgstr "opcija „%s†ne prihvaća vrijednost" #: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 #: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 #: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427 #: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654 #: plugins/sudoers/testsudoers.c:243 #, c-format msgid "internal error, %s overflow" msgstr "interna greÅ¡ka, %s preljev" #: plugins/sudoers/env.c:367 #, c-format msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: oÅ¡tećen envp, duljina ne odgovara" #: plugins/sudoers/env.c:1012 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "žao mi je, nemate dozvolu za postavljanje sljedećih varijabli okoline: %s" #: plugins/sudoers/group_plugin.c:102 #, c-format msgid "%s must be owned by uid %d" msgstr "vlasnik %s mora biti uid %d" #: plugins/sudoers/group_plugin.c:106 #, c-format msgid "%s must only be writable by owner" msgstr "samo vlasnik smije imati dozvole za pisanje %s" #: plugins/sudoers/group_plugin.c:113 #, c-format msgid "unable to dlopen %s: %s" msgstr "ne mogu izvrÅ¡iti dlopen %s: %s" #: plugins/sudoers/group_plugin.c:118 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "ne mogu pronaći simbol „group_plugin†u %s" #: plugins/sudoers/group_plugin.c:123 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: nekompatibilna glavna inaÄica grupnog prikljuÄka %d, oÄekujem %d" #: plugins/sudoers/interfaces.c:119 msgid "Local IP address and netmask pairs:\n" msgstr "Parovi lokalnih IP adresa i mrežnih maski:\n" #: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144 #: plugins/sudoers/timestamp.c:199 plugins/sudoers/timestamp.c:243 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s postoji, ali nije direktorij (0%o)" #: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155 #: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:164 #: plugins/sudoers/timestamp.c:220 plugins/sudoers/timestamp.c:270 #, c-format msgid "unable to mkdir %s" msgstr "ne mogu napraviti direktorij %s" #: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708 #: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815 #: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:154 #: plugins/sudoers/visudo.c:809 #, c-format msgid "unable to open %s" msgstr "ne mogu otvoriti %s" #: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711 #, c-format msgid "unable to read %s" msgstr "ne mogu Äitati %s" #: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:158 #, c-format msgid "unable to write to %s" msgstr "ne mogu pisati u %s" #: plugins/sudoers/iolog.c:334 #, c-format msgid "unable to create %s" msgstr "ne mogu napraviti %s" #: plugins/sudoers/ldap.c:385 #, c-format msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: port je prevelik" #: plugins/sudoers/ldap.c:408 #, c-format msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: nema dovoljno prostora za proÅ¡irenje meÄ‘uspremnika raÄunala" #: plugins/sudoers/ldap.c:438 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "nepodržana vrsta LDAP uri-ja: %s" #: plugins/sudoers/ldap.c:467 #, c-format msgid "invalid uri: %s" msgstr "neispravan uri: %s" #: plugins/sudoers/ldap.c:473 #, c-format msgid "unable to mix ldap and ldaps URIs" msgstr "ne mogu mijeÅ¡ati ldap i ldaps URI-je" #: plugins/sudoers/ldap.c:477 #, c-format msgid "unable to mix ldaps and starttls" msgstr "ne mogu mijeÅ¡ati ldaps i starttls" #: plugins/sudoers/ldap.c:496 #, c-format msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: nema dovoljno prostora za izgradnju meÄ‘uspremnika raÄunala" #: plugins/sudoers/ldap.c:570 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "ne mogu inicijalizirati SSL certifikat i bazu podataka kljuÄeva: %s" #: plugins/sudoers/ldap.c:573 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "morate postaviti TLS_CERT u %s za koriÅ¡tenje SSL-a" #: plugins/sudoers/ldap.c:996 #, c-format msgid "unable to get GMT time" msgstr "ne mogu dohvatiti GMT vrijeme" #: plugins/sudoers/ldap.c:1002 #, c-format msgid "unable to format timestamp" msgstr "ne mogu oblikovati vremensku oznaku" #: plugins/sudoers/ldap.c:1010 #, c-format msgid "unable to build time filter" msgstr "ne mogu izgraditi filtar vremena" #: plugins/sudoers/ldap.c:1229 #, c-format msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "neodgovarajuća sudo_ldap_build_pass1 alokacija" #: plugins/sudoers/ldap.c:1776 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" "\n" "LDAP uloga: %s\n" #: plugins/sudoers/ldap.c:1778 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" "\n" "LDAP uloga: NEPOZNATA\n" #: plugins/sudoers/ldap.c:1825 #, c-format msgid " Order: %s\n" msgstr " Redoslijed: %s\n" #: plugins/sudoers/ldap.c:1833 plugins/sudoers/parse.c:515 #: plugins/sudoers/sssd.c:1173 #, c-format msgid " Commands:\n" msgstr " Naredbe:\n" #: plugins/sudoers/ldap.c:2255 #, c-format msgid "unable to initialize LDAP: %s" msgstr "ne mogu inicijalizirati LDAP: %s" #: plugins/sudoers/ldap.c:2289 #, c-format msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "naveden je start_tls, ali LDAP biblioteke ne podržavaju ldap_start_tls_s() ili ldap_start_tls_s_np()" #: plugins/sudoers/ldap.c:2525 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "neispravno sudoOrder svojstvo: %s" #: plugins/sudoers/linux_audit.c:57 #, c-format msgid "unable to open audit system" msgstr "ne mogu otvoriti sustav revizije" #: plugins/sudoers/linux_audit.c:93 #, c-format msgid "unable to send audit message" msgstr "ne mogu poslati poruku revizije" #: plugins/sudoers/logging.c:140 #, c-format msgid "%8s : %s" msgstr "%8s : %s" #: plugins/sudoers/logging.c:168 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (naredba nastavljena) %s" #: plugins/sudoers/logging.c:194 #, c-format msgid "unable to open log file: %s: %s" msgstr "ne mogu otvoriti dneviÄku datoteku: %s: %s" #: plugins/sudoers/logging.c:197 #, c-format msgid "unable to lock log file: %s: %s" msgstr "ne mogu zakljuÄati dnevniÄku datoteku: %s: %s" #: plugins/sudoers/logging.c:245 msgid "No user or host" msgstr "Nema korisnika ili raÄunala" #: plugins/sudoers/logging.c:247 msgid "validation failure" msgstr "provjera nije uspjela" #: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "korisnik NIJE u sudoers" #: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "korisnik NIJE ovlaÅ¡ten na raÄunalu" #: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "naredba nije dozvoljena" #: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s nije u datoteci sudoers. Ovaj će incident biti prijavljen.\n" #: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "Korisniku %s nije dozvoljeno pokrenuti sudo na %s. Ovaj će incident biti prijavljen.\n" #: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Žao mi je, korisnik %s ne može pokrenuti sudo na %s.\n" #: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Žao mi je, korisniku %s nije dozvoljeno izvrÅ¡iti „%s%s%s†kao %s%s%s na %s.\n" #: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383 #: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386 #: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001 #: plugins/sudoers/sudoers.c:1002 #, c-format msgid "%s: command not found" msgstr "%s: naredba nije pronaÄ‘ena" #: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" "zanemarujem „%s†pronaÄ‘en u „.â€\n" "Koristite „sudo ./%s†ako je ovo „%s†koji želite pokrenuti." #: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "provjera nije uspjela" #: plugins/sudoers/logging.c:379 msgid "a password is required" msgstr "potrebna je lozinka" #: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487 #, c-format msgid "%d incorrect password attempt" msgid_plural "%d incorrect password attempts" msgstr[0] "%d netoÄan pokuÅ¡aj unosa lozinke" msgstr[1] "%d netoÄna pokuÅ¡aja unosa lozinke" msgstr[2] "%d netoÄnih pokuÅ¡aja unosa lozinke" #: plugins/sudoers/logging.c:566 #, c-format msgid "unable to fork" msgstr "ne mogu razdvojiti" #: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629 #, c-format msgid "unable to fork: %m" msgstr "ne mogu razdvojiti: %m" #: plugins/sudoers/logging.c:619 #, c-format msgid "unable to open pipe: %m" msgstr "ne mogu otvoriti cjevovod: %m" #: plugins/sudoers/logging.c:644 #, c-format msgid "unable to dup stdin: %m" msgstr "ne mogu izvrÅ¡iti dup stdin: %m" #: plugins/sudoers/logging.c:680 #, c-format msgid "unable to execute %s: %m" msgstr "ne mogu izvrÅ¡iti %s: %m" #: plugins/sudoers/logging.c:899 #, c-format msgid "internal error: insufficient space for log line" msgstr "interna greÅ¡ka: nema dovoljno prostora za redak dnevnika" #: plugins/sudoers/parse.c:124 #, c-format msgid "parse error in %s near line %d" msgstr "greÅ¡ka analize u %s kod retka %d" #: plugins/sudoers/parse.c:127 #, c-format msgid "parse error in %s" msgstr "greÅ¡ka analize u %s" #: plugins/sudoers/parse.c:462 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" "\n" "Sudoers stavka:\n" #: plugins/sudoers/parse.c:463 #, c-format msgid " RunAsUsers: " msgstr " PokreniKaoKorisnici: " #: plugins/sudoers/parse.c:477 #, c-format msgid " RunAsGroups: " msgstr " PokreniKaoGrupe: " #: plugins/sudoers/parse.c:486 #, c-format msgid " Options: " msgstr " Opcije:" #: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750 #, c-format msgid "unable to execute %s" msgstr "ne mogu izvrÅ¡iti %s" #: plugins/sudoers/policy.c:659 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "InaÄica sudoers prikljuÄka police %s\n" #: plugins/sudoers/policy.c:661 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "InaÄica sudoers gramatike datoteke %d\n" #: plugins/sudoers/policy.c:665 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" "\n" "Sudoers putanja: %s\n" #: plugins/sudoers/policy.c:668 #, c-format msgid "nsswitch path: %s\n" msgstr "nsswitch putanja: %s\n" #: plugins/sudoers/policy.c:670 #, c-format msgid "ldap.conf path: %s\n" msgstr "ldap.conf putanja: %s\n" #: plugins/sudoers/policy.c:671 #, c-format msgid "ldap.secret path: %s\n" msgstr "ldap.secret putanja: %s\n" #: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "ne mogu staviti uid %u u spremnik, već postoji" #: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "ne mogu staviti korisnika %s u spremnik, već postoji" #: plugins/sudoers/pwutil.c:374 #, c-format msgid "unable to cache gid %u, already exists" msgstr "ne mogu staviti gid %u u spremnik, već postoji" #: plugins/sudoers/pwutil.c:410 #, c-format msgid "unable to cache group %s, already exists" msgstr "ne mogu staviti grupu %s u spremnik, već postoji" #: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "ne mogu staviti popis grupa u spremnik za %s, već postoji" #: plugins/sudoers/pwutil.c:584 #, c-format msgid "unable to parse groups for %s" msgstr "ne mogu obraditi grupe za %s" #: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445 #: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141 #: plugins/sudoers/set_perms.c:1431 msgid "perm stack overflow" msgstr "preljev trajnog stoga" #: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453 #: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149 #: plugins/sudoers/set_perms.c:1439 msgid "perm stack underflow" msgstr "podljev trajnog stoga" #: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500 #: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471 msgid "unable to change to root gid" msgstr "ne mogu promijeniti u administratorski gid" #: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597 #: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277 msgid "unable to change to runas gid" msgstr "ne mogu promijeniti u „pokreni kao†gid" #: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609 #: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287 msgid "unable to change to runas uid" msgstr "ne mogu promijeniti u „pokreni kao†uid" #: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627 #: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303 msgid "unable to change to sudoers gid" msgstr "ne mogu promijeniti u sudoers gid" #: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698 #: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349 #: plugins/sudoers/set_perms.c:1515 msgid "too many processes" msgstr "previÅ¡e procesa" #: plugins/sudoers/set_perms.c:1583 msgid "unable to set runas group vector" msgstr "ne mogu postaviti „pokreni kao†grupni vektor" #: plugins/sudoers/sssd.c:256 #, c-format msgid "Unable to dlopen %s: %s" msgstr "Ne mogu izvrÅ¡iti dlopen %s: %s" #: plugins/sudoers/sssd.c:257 #, c-format msgid "Unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "Ne mogu inicijalizirati SSS izvor. Je li SSSD instaliran na vaÅ¡em stroju?" #: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271 #: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285 #: plugins/sudoers/sssd.c:292 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "ne mogu pronaći simbol „%s†u %s" #: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on this host:\n" msgstr "Spajam stavke zadanih vrijednosti za %s na ovom raÄunalu:\n" #: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Zadane vrijednosti „pokreni kao†i specifiÄne za naredbe za %s:\n" #: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on this host:\n" msgstr "Korisnik %s može pokrenuti sljedeće naredbe na ovom raÄunalu:\n" #: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Korisniku %s nije dozvoljeno pokrenuti sudo na %s.\n" #: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193 #: plugins/sudoers/sudoers.c:673 msgid "problem with defaults entries" msgstr "problem sa stavkama zadanih vrijednosti" #: plugins/sudoers/sudoers.c:165 #, c-format msgid "no valid sudoers sources found, quitting" msgstr "nisu pronaÄ‘eni ispravni sudoers izvori, izlazim" #: plugins/sudoers/sudoers.c:227 #, c-format msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers navodi da root ne može koristiti sudo" #: plugins/sudoers/sudoers.c:234 #, c-format msgid "you are not permitted to use the -C option" msgstr "nemate dozvolu za koriÅ¡tenje opcije -C" #: plugins/sudoers/sudoers.c:315 #, c-format msgid "timestamp owner (%s): No such user" msgstr "vlasnik vremenske oznake (%s): Nema takvog korisnika" #: plugins/sudoers/sudoers.c:329 msgid "no tty" msgstr "nema terminala" #: plugins/sudoers/sudoers.c:330 #, c-format msgid "sorry, you must have a tty to run sudo" msgstr "žao mi je, morate imati terminal za pokretanje sudo" #: plugins/sudoers/sudoers.c:378 msgid "command in current directory" msgstr "naredba u trenutnom direktoriju" #: plugins/sudoers/sudoers.c:395 #, c-format msgid "sorry, you are not allowed to preserve the environment" msgstr "žao mi je, nemate dozvolu za oÄuvanje okoline" #: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:215 #: plugins/sudoers/timestamp.c:259 plugins/sudoers/timestamp.c:327 #: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576 #, c-format msgid "unable to stat %s" msgstr "ne mogu izvrÅ¡iti stat %s" #: plugins/sudoers/sudoers.c:726 #, c-format msgid "%s is not a regular file" msgstr "%s nije obiÄna datoteka" #: plugins/sudoers/sudoers.c:729 toke.l:842 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "vlasnik %s je uid %u, treba biti %u" #: plugins/sudoers/sudoers.c:733 toke.l:849 #, c-format msgid "%s is world writable" msgstr "%s ima dozvole za pisanje svih korisnika" #: plugins/sudoers/sudoers.c:736 toke.l:854 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "vlasnik %s je gid %u, treba biti %u" #: plugins/sudoers/sudoers.c:763 #, c-format msgid "only root can use `-c %s'" msgstr "samo root smije koristiti „-c %sâ€" #: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782 #, c-format msgid "unknown login class: %s" msgstr "nepoznat razred prijave: %s" #: plugins/sudoers/sudoers.c:814 #, c-format msgid "unable to resolve host %s" msgstr "ne mogu pronaći raÄunalo %s" #: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377 #, c-format msgid "unknown group: %s" msgstr "nepoznata grupa: %s" #: plugins/sudoers/sudoreplay.c:292 #, c-format msgid "invalid filter option: %s" msgstr "neispravna opcija filtra: %s" #: plugins/sudoers/sudoreplay.c:305 #, c-format msgid "invalid max wait: %s" msgstr "neispravno najveće Äekanje: %s" #: plugins/sudoers/sudoreplay.c:311 #, c-format msgid "invalid speed factor: %s" msgstr "neispravni faktor brzine: %s" #: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179 #, c-format msgid "%s version %s\n" msgstr "%s inaÄica %s\n" #: plugins/sudoers/sudoreplay.c:339 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/vrijeme: %s" #: plugins/sudoers/sudoreplay.c:345 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/vrijeme: %s" #: plugins/sudoers/sudoreplay.c:363 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Prikazujem sudo sjednicu: %s\n" #: plugins/sudoers/sudoreplay.c:369 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Upozorenje: vaÅ¡ terminal je premalen za ispravno prikazivanje dnevnika.\n" #: plugins/sudoers/sudoreplay.c:370 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "VeliÄina dnevnika je %d x %d, a veliÄina vaÅ¡eg terminala %d x %d." #: plugins/sudoers/sudoreplay.c:400 #, c-format msgid "unable to set tty to raw mode" msgstr "ne mogu postaviti terminal u sirovi naÄin" #: plugins/sudoers/sudoreplay.c:416 #, c-format msgid "invalid timing file line: %s" msgstr "neispravan redak datoteke mjerenja vremena: %s" #: plugins/sudoers/sudoreplay.c:499 #, c-format msgid "writing to standard output" msgstr "ispisujem na standardni izlaz" #: plugins/sudoers/sudoreplay.c:528 #, c-format msgid "nanosleep: tv_sec %ld, tv_nsec %ld" msgstr "nanosleep: tv_sec %ld, tv_nsec %ld" #: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666 #, c-format msgid "ambiguous expression \"%s\"" msgstr "viÅ¡eznaÄni izraz „%sâ€" #: plugins/sudoers/sudoreplay.c:683 #, c-format msgid "too many parenthesized expressions, max %d" msgstr "previÅ¡e izraza u zagradama, najviÅ¡e %d" #: plugins/sudoers/sudoreplay.c:694 #, c-format msgid "unmatched ')' in expression" msgstr "nesparena „)†u izrazu" #: plugins/sudoers/sudoreplay.c:700 #, c-format msgid "unknown search term \"%s\"" msgstr "nepoznat pojam pretrage „%sâ€" #: plugins/sudoers/sudoreplay.c:714 #, c-format msgid "%s requires an argument" msgstr "%s zahtijeva argument" #: plugins/sudoers/sudoreplay.c:718 #, c-format msgid "invalid regular expression: %s" msgstr "neispravan regularni izraz: %s" #: plugins/sudoers/sudoreplay.c:724 #, c-format msgid "could not parse date \"%s\"" msgstr "ne mogu analizirati datum „%sâ€" #: plugins/sudoers/sudoreplay.c:737 #, c-format msgid "unmatched '(' in expression" msgstr "nesparena „(†u izrazu" #: plugins/sudoers/sudoreplay.c:739 #, c-format msgid "illegal trailing \"or\"" msgstr "nedozvoljeni „or†na kraju" #: plugins/sudoers/sudoreplay.c:741 #, c-format msgid "illegal trailing \"!\"" msgstr "nedozvoljeni „!†na kraju" #: plugins/sudoers/sudoreplay.c:1058 #, c-format msgid "invalid regex: %s" msgstr "neispravni regularni izraz: %s" #: plugins/sudoers/sudoreplay.c:1182 #, c-format msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" msgstr "uporaba: %s [-h] [-d direktorij] [-m max_Äekanje] [-s faktor_brzine] ID\n" #: plugins/sudoers/sudoreplay.c:1185 #, c-format msgid "usage: %s [-h] [-d directory] -l [search expression]\n" msgstr "uporaba: %s [-h] [-d direktorij] -l [izraz pretrage]\n" #: plugins/sudoers/sudoreplay.c:1194 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" "%s - prikaži dnevnike sudo sjednica\n" "\n" #: plugins/sudoers/sudoreplay.c:1196 msgid "" "\n" "Options:\n" " -d directory specify directory for session logs\n" " -f filter specify which I/O type to display\n" " -h display help message and exit\n" " -l [expression] list available session IDs that match expression\n" " -m max_wait max number of seconds to wait between events\n" " -s speed_factor speed up or slow down output\n" " -V display version information and exit" msgstr "" "\n" "Opcije:\n" " -d direktorij navedi direktorij za dnevnike sjednica\n" " -f filtar navedi U/I vrste za prikaz\n" " -h prikaži poruku pomoći i izaÄ‘i\n" " -l [izraz] prikaži dostupne identifikatore sjednica koje\n" " odgovaraju izrazu\n" " -m max_Äekanje najveći broj sekundi za Äekanje izmeÄ‘u dogaÄ‘aja\n" " -s faktor_brzine ubrzaj ili uspori ispis\n" " -V prikaži informacije o inaÄici i izaÄ‘i" #: plugins/sudoers/testsudoers.c:328 msgid "\thost unmatched" msgstr "\traÄunalo nije pronaÄ‘eno" #: plugins/sudoers/testsudoers.c:331 msgid "" "\n" "Command allowed" msgstr "" "\n" "Naredba dozvoljena" #: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command denied" msgstr "" "\n" "Naredba zabranjena" #: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command unmatched" msgstr "" "\n" "Naredba nije pronaÄ‘ena" #: plugins/sudoers/timestamp.c:128 #, c-format msgid "timestamp path too long: %s" msgstr "putanja vremenske oznake predugaÄka: %s" #: plugins/sudoers/timestamp.c:202 plugins/sudoers/timestamp.c:246 #: plugins/sudoers/timestamp.c:291 #, c-format msgid "%s owned by uid %u, should be uid %u" msgstr "vlasnik %s je uid %u, treba biti uid %u" #: plugins/sudoers/timestamp.c:207 plugins/sudoers/timestamp.c:251 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0700" msgstr "nevlasnici imaju dozvolu za pisanje u %s (0%o), treba biti mod 0700" #: plugins/sudoers/timestamp.c:285 #, c-format msgid "%s exists but is not a regular file (0%o)" msgstr "%s postoji, ali nije obiÄna datoteka (0%o)" #: plugins/sudoers/timestamp.c:297 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0600" msgstr "nevlasnici imaju dozvolu za pisanje u %s (0%o), treba biti mod 0600" #: plugins/sudoers/timestamp.c:352 #, c-format msgid "timestamp too far in the future: %20.20s" msgstr "vremenska oznaka predaleko u budućnosti: %20.20s" #: plugins/sudoers/timestamp.c:406 #, c-format msgid "unable to remove %s, will reset to the epoch" msgstr "ne mogu ukloniti %s, vratit ću na poÄetnu epohu" #: plugins/sudoers/timestamp.c:413 #, c-format msgid "unable to reset %s to the epoch" msgstr "ne mogu vratiti %s na poÄetnu epohu" #: plugins/sudoers/toke_util.c:221 #, c-format msgid "fill_args: buffer overflow" msgstr "fill_args: preljev meÄ‘uspremnika" #: plugins/sudoers/visudo.c:180 #, c-format msgid "%s grammar version %d\n" msgstr "%s inaÄica gramatike %d\n" #: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533 #, c-format msgid "press return to edit %s: " msgstr "pritisnite return za ureÄ‘ivanje %s: " #: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332 #, c-format msgid "write error" msgstr "greÅ¡ka pisanja" #: plugins/sudoers/visudo.c:414 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "na mogu izvrÅ¡iti stat privremene datoteke (%s), %s nepromijenjen" #: plugins/sudoers/visudo.c:419 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "privremena datoteka duljine nula (%s), %s nepromijenjen" #: plugins/sudoers/visudo.c:425 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "ureÄ‘ivaÄ (%s) nije uspio, %s nepromijenjen" #: plugins/sudoers/visudo.c:448 #, c-format msgid "%s unchanged" msgstr "%s nepromijenjen" #: plugins/sudoers/visudo.c:477 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "ne mogu ponovo otvoriti privremenu datoteku (%s), %s nepromijenjen." #: plugins/sudoers/visudo.c:487 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "ne mogu analizirati privremenu datoteku (%s), nepoznata greÅ¡ka" #: plugins/sudoers/visudo.c:526 #, c-format msgid "internal error, unable to find %s in list!" msgstr "interna greÅ¡ka, ne mogu pronaći %s na popisu!" #: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "na mogu postaviti (uid, gid) od %s na (%u, %u)" #: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "ne mogu promijeniti mod od %s u 0%o" #: plugins/sudoers/visudo.c:609 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s i %s nisu na istom datoteÄnom sustavu, koristim mv za preimenovanje" #: plugins/sudoers/visudo.c:623 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "naredba nije uspjela: „%s %s %sâ€, %s nepromijenjen" #: plugins/sudoers/visudo.c:633 #, c-format msgid "error renaming %s, %s unchanged" msgstr "greÅ¡ka preimenovanja %s, %s nepromijenjen" #: plugins/sudoers/visudo.c:695 msgid "What now? " msgstr "Å to sada? " #: plugins/sudoers/visudo.c:709 msgid "" "Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" "Opcije su:\n" " (e) ponovo uredi datoteku sudoers\n" " (x) izaÄ‘i bez spremanja promjena u datoteku sudoers\n" " (Q) izaÄ‘i i spremi promjene u datoteku sudoers (OPASNO!)\n" #: plugins/sudoers/visudo.c:757 #, c-format msgid "unable to run %s" msgstr "ne mogu pokrenuti %s" #: plugins/sudoers/visudo.c:783 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: krivi vlasniÄki (uid, gid), treba biti (%u, %u)\n" #: plugins/sudoers/visudo.c:790 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: neispravne dozvole, treba biti mod 0%o\n" #: plugins/sudoers/visudo.c:815 #, c-format msgid "failed to parse %s file, unknown error" msgstr "nisam uspio analizirati %s datoteku, nepoznata greÅ¡ka" #: plugins/sudoers/visudo.c:831 #, c-format msgid "parse error in %s near line %d\n" msgstr "greÅ¡ka analize u %s kod retka %d\n" #: plugins/sudoers/visudo.c:834 #, c-format msgid "parse error in %s\n" msgstr "greÅ¡ka analize u %s\n" #: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846 #, c-format msgid "%s: parsed OK\n" msgstr "%s: analiza u redu\n" #: plugins/sudoers/visudo.c:893 #, c-format msgid "%s busy, try again later" msgstr "%s je zauzet, pokuÅ¡ajte ponovo kasnije" #: plugins/sudoers/visudo.c:937 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "navedeni ureÄ‘ivaÄ (%s) ne postoji" #: plugins/sudoers/visudo.c:960 #, c-format msgid "unable to stat editor (%s)" msgstr "ne mogu odrediti stanje ureÄ‘ivaÄa (%s)" #: plugins/sudoers/visudo.c:1008 #, c-format msgid "no editor found (editor path = %s)" msgstr "nije pronaÄ‘en ureÄ‘ivaÄ (putanja ureÄ‘ivaÄa = %s)" #: plugins/sudoers/visudo.c:1100 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "GreÅ¡ka: petlja u %s_Alias „%sâ€" #: plugins/sudoers/visudo.c:1101 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "Upozorenje: petlja u %s_Alias „%sâ€" #: plugins/sudoers/visudo.c:1104 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "GreÅ¡ka: %s_Alias „%s†je referenciran, ali nije definiran" #: plugins/sudoers/visudo.c:1105 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "Upozorenje: %s_Alias „%s†je referenciran, ali nije definiran" #: plugins/sudoers/visudo.c:1240 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s: nekoriÅ¡teni %s_Alias %s" #: plugins/sudoers/visudo.c:1302 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" "%s - sigurno ureÄ‘ivanje datoteke sudoers\n" "\n" #: plugins/sudoers/visudo.c:1304 msgid "" "\n" "Options:\n" " -c check-only mode\n" " -f sudoers specify sudoers file location\n" " -h display help message and exit\n" " -q less verbose (quiet) syntax error messages\n" " -s strict syntax checking\n" " -V display version information and exit" msgstr "" "\n" "Opcije:\n" " -c naÄin samo za provjeravanje\n" " -f sudoers navedi položaj datoteke sudoers\n" " -h prikaži poruku pomoći i izaÄ‘i\n" " -q manje opÅ¡irne (tihe) poruke sintaksnih greÅ¡aka\n" " -s strogo provjeravanje sintakse\n" " -V prikaži informacije o inaÄici i izaÄ‘i" #: toke.l:815 msgid "too many levels of includes" msgstr "previÅ¡e razina ukljuÄivanja" #~ msgid ">>> %s: %s near line %d <<<" #~ msgstr ">>> %s: %s kod retka %d <<<" #~ msgid "unable to allocate memory" #~ msgstr "ne mogu alocirati memoriju" #~ msgid "%s%s: %s" #~ msgstr "%s%s: %s" #~ msgid "unable to set locale to \"%s\", using \"C\"" #~ msgstr "ne mogu postaviti lokal u „%sâ€, koristim „Câ€" #~ msgid "" #~ " Commands:\n" #~ "\t" #~ msgstr "" #~ " Naredbe:\n" #~ "\t" #~ msgid ": " #~ msgstr ": " #~ msgid "unable to cache uid %u (%s), already exists" #~ msgstr "ne mogu staviti uid %u (%s) u spremnik, već postoji" #~ msgid "unable to cache gid %u (%s), already exists" #~ msgstr "ne mogu staviti gid %u (%s) u spremnik, već postoji" #~ msgid "unable to execute %s: %s" #~ msgstr "ne mogu izvrÅ¡iti %s: %s" #~ msgid "internal error, expand_prompt() overflow" #~ msgstr "interna greÅ¡ka, expand_prompt() preljev" #~ msgid "internal error, sudo_setenv2() overflow" #~ msgstr "interna greÅ¡ka, sudo_setenv2() preljev" #~ msgid "internal error, sudo_setenv() overflow" #~ msgstr "interna greÅ¡ka, sudo_setenv() preljev" #~ msgid "internal error, linux_audit_command() overflow" #~ msgstr "interna greÅ¡ka, linux_audit_command() preljev" #~ msgid "internal error, runas_groups overflow" #~ msgstr "interna greÅ¡ka, runas_groups preljev" #~ msgid "internal error, init_vars() overflow" #~ msgstr "interna greÅ¡ka, init_vars() preljev" sudo-1.8.9p5/plugins/sudoers/po/it.mo010064400175440000012000001115171226304146200171060ustar00millertstaffÞ•R¬ É<`arƒ“¦¶fË´2çøý  ! !&!5!G!X!a!~!#ž!9Â!ü!&")<"f"}"F–"@Ý"###B#f#{#!–#$¸#Ý# õ#$3$3E$y$–$§$®$+½$(é$%;(%d%y%ˆ% —%¸%Ø%î%"&41&!f&$ˆ&-­&Û&*ø&+#'O'f'.€'<¯'#ì'd(Au(9·(ñ()+)>F)?…)2Å)#ø)!*4>*?s*8³*ì*.+3+#P+2t+§+#Ã+1ç+<,*V,", ¤,/Å,õ,$-@8-/y-©-8Ä-<ý-F:.3.µ.É.5è.q/)/:º/$õ/'0=B0-€0'®0)Ö0*1(+1#T1x1'ˆ12°1?ã1#2-±2ß2ü2(33=3%q3 —3(¡3Ê3ß3(ø3.!4%P4Ev4+¼4=è46&5G]5¥5Ä55à5(63?6s6'…6,­63Ú637B75_7'•75½7&ó7:8U8m8.‰8=¸8ö8C9'L9"t9 —9!¸97Ú9?:AR:V”:“ë:';0§;LØ;*%<.P<)<F©<'ð<1=1J=|=@œ= Ý=7è=9 >Z>3q>¥>¿>Ö>(ö>?CZCmC!‡C©C»CÎCíC D!D6DPD6nDI¥D&ïD#E\:E'—E)¿E8éE("F2KF,~F2«F"ÞFG(GFGbG"uG˜G&´G(ÛG1H&6H']H%…H"«HÎHëH I'IGI*eI$IµIÉIáIöI J*0J[JjJ}J˜J%¯J'ÕJýJK 4K,UKC‚KÆKÜK!üKL1LCL_LL—L4µLêLüL1M$IMnMˆM™M*¶M áMN N2N0MN~N3”NÈNÞNúN O$O=OTOdOuO‘O­O!ËO/íO-PKPgP{P%ŽP%´P ÚP*æP#Q&5Q-\Q±ŠQ¼\2û\.]HF]]%¯]Õ]"ë]"^1^,P^'}^=¥^+ã^3_<C_#€_8¤_:Ý_'`@`=Z`a˜`(ú`v#aHšaAãa$%b#JbnbM‡b>Õb6c)Kc1uc=§cJåc=0dnd:ˆd$Ãd.èd6e&Ne1ue.§eDÖe!f#=f"af8„f½f&ÜfOg'Sg{g=›gBÙgXh=uh³hÇh7åhi.«iPÚi/+j>[jBšj7Ýj+k1Ak9sk+­k.Ùkl8l=Vl>”l®ÓlG‚mÊmèm4n8s@os5°sGæs.tEt.XtA‡t ÉtEÔt*uEu.\u.‹uIºu>vBCvU†v¢ÜvAwDÁwAx;Hx4„x/¹xCéx?-y<my<ªy"çyU z `z?nzA®zðz9 {E{^{'z{3¢{ Ö{÷{#|+2|+^|4Š|4¿|4ô|)}PD}#•}¹}Ô}3ó}<'~0d~#•~!¹~ Û~ü~)#D#h"Œ&¯0Ö€€-9€g€1‡€ ¹€2Ä€"÷€1$Ns‹+¤,Ðý‚ 2‚S‚'q‚K™‚2å‚$ƒc=ƒ5¡ƒ2׃D „-O„A}„:¿„6ú„91…-k…4™…Î…ë…)û…&%†7L†:„†C¿†7‡9;‡.u‡/¤‡Ô‡ ô‡"ˆ"8ˆ&[ˆ3‚ˆ(¶ˆ߈(õˆ‰6‰+R‰3~‰²‰̉-ꉊ77Š)oŠ"™Š¼Š)ÚŠK‹DP‹•‹<±‹/î‹"ŒAŒ&WŒ.~Œ­Œ&ÍŒ?ôŒ4*K8v'¯×÷)Ž18Ž4jŽ3ŸŽÓŽ*óŽEdBÂàÿ#6Zy.¤.Ó(‘'+‘2S‘+†‘ ²‘Ó‘ì‘/’65’l’,€’+­’4Ù’@“+í4ÁGFý6RKƒLŒ¼¶” ¡zÇO«E[Àê|B%ø†i5mM¬@Ã)ÒV^’ž %Kã‡ØQB(“¾¸ÊOU(Ä#x;° Ùe &!.²®8¨4·Í#è½ßJ;:Nôü­>Aˆ¯sovd,j•I´8 "ánÏÌI><N„=@rб€¢©/Üt{5ï<›œa '+â1Ûfé)û£"—lðþ÷y˜JG‚ÝŪÿP0Š -‘H»¥Ÿ9àcºëæµE2LQ=g¦…]Rú$õ–HÔWDóÂSkä:Þ`XY* F32ZùìòTC¿.7!ÖP¤×wh§9b' Ñuñ~p_ šÈ 7&ÓÉ\$ç?‹MËŽ0Æö*å/3D,C61 }ÕAÚ -?¹Îq³ host unmatched Command allowed Command denied Command unmatched LDAP Role: %s LDAP Role: UNKNOWN Options: -c, --check check-only mode -f, --file=file specify sudoers file location -h, --help display help message and exit -q, --quiet less verbose (quiet) syntax error messages -s, --strict strict syntax checking -V, --version display version information and exit -x, --export=file export sudoers in JSON format Options: -d, --directory=dir specify directory for session logs -f, --filter=filter specify which I/O type(s) to display -h, --help display help message and exit -l, --list list available session IDs, with optional expression -m, --max-wait=num max number of seconds to wait between events -s, --speed=num speed up or slow down output -V, --version display version information and exit Sudoers entry: Sudoers path: %s We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Commands: Options: Order: %s RunAsGroups: RunAsUsers: %8s : %s%8s : (command continued) %s%s - replay sudo session logs %s - safely edit the sudoers file %s and %s not on the same file system, using mv to rename%s busy, try again later%s exists but is not a directory (0%o)%s exists but is not a regular file (0%o)%s grammar version %d %s is not a regular file%s is not allowed to run sudo on %s. This incident will be reported. %s is not in the sudoers file. This incident will be reported. %s is owned by gid %u, should be %u%s is owned by uid %u, should be %u%s is world writable%s must be owned by uid %d%s must only be writable by owner%s owned by uid %u, should be uid %u%s requires an argument%s unchanged%s version %s %s writable by non-owner (0%o), should be mode 0600%s writable by non-owner (0%o), should be mode 0700%s/%.2s/%.2s/%.2s/timing: %s%s/%s/timing: %s%s: %s%s: %s: %s: %s%s: Cannot verify TGT! Possible attack!: %s%s: bad permissions, should be mode 0%o %s: command not found%s: incompatible group plugin major version %d, expected %d%s: invalid log file%s: parsed OK %s: read error%s: runas group field is missing%s: runas user field is missing%s: time stamp %s: %s%s: time stamp field is missing%s: unable to allocate options: %s%s: unable to convert principal to string ('%s'): %s%s: unable to get credentials: %s%s: unable to get host principal: %s%s: unable to initialize credential cache: %s%s: unable to parse '%s': %s%s: unable to resolve credential cache: %s%s: unable to store credential in cache: %s%s: unused %s_Alias %s%s: user field is missing%s: wrong owner (uid, gid) should be (%u, %u) %u incorrect password attempt%u incorrect password attempts*** SECURITY information for %h ***Account expired or PAM config lacks an "account" section for sudo, contact your system administratorAccount or password is expired, reset your password and try againAdd an entry to the utmp/utmpx file when allocating a ptyAddress to send mail from: %sAddress to send mail to: %sAlias `%s' already definedAllow some information gathering to give useful error messagesAllow sudo to prompt for a password even if it would be visibleAllow users to set arbitrary environment variablesAlways run commands in a pseudo-ttyAlways send mail when sudo is runAlways set $HOME to the target user's home directoryApply defaults in the target user's login class if there is oneAttempt to establish PAM credentials for the target userAuthentication methods:Authentication timestamp timeout: %.1f minutesCompress I/O logs using zlibCould not determine audit conditionCreate a new PAM session for the command to run inDefault password prompt: %sDefault user to run commands as: %sDirectory in which to store input/output logs: %sDon't initialize the group vector to that of the target userEnvironment variables to check for sanity:Environment variables to preserve:Environment variables to remove:Error: %s_Alias `%s' referenced but not definedError: cycle in %s_Alias `%s'File containing the sudo lecture: %sFile descriptors >= %d will be closed before executing a commandFile in which to store the input/output log: %sFlags for mail program: %sIf LDAP directory is up, do we ignore local sudoers fileIf set, passprompt will override system prompt in all cases.If set, users may override the value of `closefrom' with the -C optionIf sudo is invoked with no arguments, start a shellIgnore '.' in $PATHIncorrect password message: %sInsult the user when they enter an incorrect passwordInvalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication.Lecture user the first time they run sudoLength at which to wrap log file lines (0 for no wrap): %uLocal IP address and netmask pairs: Locale to use while parsing sudoers: %sLog geometry is %d x %d, your terminal's geometry is %d x %d.Log the hostname in the (non-syslog) log fileLog the output of the command being runLog the year in the (non-syslog) log fileLog user's input for the command being runMatching Defaults entries for %s on %s: Maximum I/O log sequence number: %uNo user or hostNumber of tries to enter a password: %uOnly allow the user to run sudo if they have a ttyOnly set the effective uid to the target user, not the real uidOptions are: (e)dit sudoers file again e(x)it without saving changes to sudoers file (Q)uit and save changes to sudoers file (DANGER!) Owner of the authentication timestamp dir: %sPAM authentication error: %sPAM service name to usePAM service name to use for login shellsPassword expired, contact your system administratorPassword prompt timeout: %.1f minutesPassword:Path to authentication timestamp dir: %sPath to log file: %sPath to mail program: %sPath to the editor for use by visudo: %sPath to the sudo-specific environment file: %sPlugin for non-Unix group support: %sPreload the dummy exec functions contained in the sudo_noexec libraryPrompt for root's password, not the users'sPrompt for the runas_default user's password, not the users'sPrompt for the target user's password, not the users'sProvide visual feedback at the password prompt when there is user inputPut OTP prompt on its own lineReplaying sudo session: %s Require fully-qualified hostnames in the sudoers fileRequire users to authenticate by defaultReset the environment to a default set of variablesRoot may run sudoRun commands on a pty in the backgroundRunas and Command-specific defaults for %s: SELinux role to use in the new security context: %sSELinux type to use in the new security context: %sSecurID communication failedSend mail if the user is not allowed to run a commandSend mail if the user is not in sudoersSend mail if the user is not in sudoers for this hostSend mail if user authentication failsSet $HOME to the target user when starting a shell with -sSet of limit privilegesSet of permitted privilegesSet the LOGNAME and USER environment variablesSet the user in utmp to the runas user, not the invoking userSorry, try again.Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s. Sorry, user %s may not run sudo on %s. Subject line for mail messages: %sSudoers file grammar version %d Sudoers policy plugin version %s Syslog facility if syslog is being used for logging: %sSyslog priority to use when user authenticates successfully: %sSyslog priority to use when user authenticates unsuccessfully: %sThe umask specified in sudoers will override the user's, even if it is more permissiveThere are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option.Umask to use or 0777 to use user's: 0%oUse a separate timestamp for each user/tty comboUse faster globbing that is less accurate but does not access the filesystemUser %s is not allowed to run sudo on %s. User %s may run the following commands on %s: User ID locked for SecurID AuthenticationUsers in this group are exempt from password and PATH requirements: %sValue to override user's $PATH with: %sVisudo will honor the EDITOR environment variableWarning: %s_Alias `%s' referenced but not definedWarning: cycle in %s_Alias `%s'Warning: your terminal is too small to properly replay the log. What now? When to require a password for 'list' pseudocommand: %sWhen to require a password for 'verify' pseudocommand: %sa password is requiredaccount validation failure, is your account locked?ambiguous expression "%s"authentication failureauthentication server error: %scommand failed: '%s %s %s', %s unchangedcommand in current directorycommand not allowedcould not parse date "%s"digest for %s (%s) is not in %s formeditor (%s) failed, %s unchangederror renaming %s, %s unchangedfailed to initialise the ACE API libraryfailed to parse %s file, unknown errorfill_args: buffer overflowignoring `%s' found in '.' Use `sudo ./%s' if this is the `%s' you wish to run.illegal trailing "!"illegal trailing "or"internal error, %s overflowinternal error, unable to find %s in list!internal error: insufficient space for log lineinvalid Authentication Handle for SecurIDinvalid authentication methodsinvalid authentication typeinvalid filter option: %sinvalid max wait: %sinvalid passcode length for SecurIDinvalid regular expression: %sinvalid speed factor: %sinvalid sudoOrder attribute: %sinvalid timing file line: %sinvalid username length for SecurIDldap.conf path: %s ldap.secret path: %s lost connection to authentication serverno authentication methodsno editor found (editor path = %s)no ttyno valid sudoers sources found, quittingno value specified for `%s'nsswitch path: %s only root can use `-c %s'option `%s' does not take a valueparse error in %sparse error in %s parse error in %s near line %dparse error in %s near line %d perm stack overflowperm stack underflowpress return to edit %s: problem with defaults entriessorry, you are not allowed to preserve the environmentsorry, you are not allowed to set the following environment variables: %ssorry, you must have a tty to run sudospecified editor (%s) doesn't existstart_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()starttls not supported when using ldapssudo_ldap_build_pass1 allocation mismatchsudo_ldap_conf_add_ports: out of space expanding hostbufsudo_ldap_conf_add_ports: port too largesudo_ldap_parse_uri: out of space building hostbufsudo_putenv: corrupted envp, length mismatchsudoers specifies that root is not allowed to sudotimestamp owner (%s): No such usertimestamp path too long: %stimestamp too far in the future: %20.20stoo many levels of includestoo many processesunable to begin bsd authenticationunable to build time filterunable to cache gid %u, already existsunable to cache group %s, already existsunable to cache group list for %s, already existsunable to cache uid %u, already existsunable to cache user %s, already existsunable to change expired password: %sunable to change mode of %s to 0%ounable to change to root gidunable to change to runas gidunable to change to runas uidunable to change to sudoers gidunable to commit audit recordunable to connect to authentication serverunable to contact the SecurID serverunable to create %sunable to dup stdin: %munable to execute %sunable to execute %s: %munable to find symbol "%s" in %sunable to find symbol "group_plugin" in %sunable to forkunable to fork: %munable to format timestampunable to get GMT timeunable to get login class for user %sunable to initialize BSD authenticationunable to initialize LDAP: %sunable to initialize PAMunable to initialize SIA sessionunable to initialize SSL cert and key db: %sunable to initialize SSS source. Is SSSD installed on your machine?unable to load %s: %sunable to lock log file: %s: %sunable to mix ldap and ldaps URIsunable to mkdir %sunable to open %sunable to open audit systemunable to open log file: %s: %sunable to open pipe: %munable to parse groups for %sunable to re-open temporary file (%s), %s unchanged.unable to read %sunable to read fwtk configunable to remove %s, will reset to the Unix epochunable to reset %s to the Unix epochunable to resolve host %sunable to run %sunable to send audit messageunable to set (uid, gid) of %s to (%u, %u)unable to set runas group vectorunable to set tty to raw modeunable to stat %sunable to stat editor (%s)unable to stat temporary file (%s), %s unchangedunable to write to %sunabled to parse temporary file (%s), unknown errorunknown SecurID errorunknown defaults entry `%s'unknown group: %sunknown login class: %sunknown search term "%s"unknown search type %dunknown uid: %uunknown user: %sunmatched '(' in expressionunmatched ')' in expressionunsupported LDAP uri type: %sunsupported digest type %d for %susage: %s [-h] [-d dir] -l [search expression] usage: %s [-h] [-d dir] [-m num] [-s num] ID user NOT authorized on hostuser NOT in sudoersvalidation failurevalue `%s' is invalid for option `%s'values for `%s' must start with a '/'write erroryou are not permitted to use the -C optionyou do not exist in the %s databaseyou must set TLS_CERT in %s to use SSLzero length temporary file (%s), %s unchangedProject-Id-Version: sudoers-1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-17 10:47-0700 PO-Revision-Date: 2013-12-26 22:16+0100 Last-Translator: Milo Casagrande Language-Team: Italian Language: it MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8-bit Plural-Forms: nplurals=2; plural=(n!=1); X-Generator: Gtranslator 2.91.6 host non corrispondente Comando consentito Comando negato Comando non corrispondente Ruolo LDAP: %s Ruolo LDAP: sconosciuto Opzioni: -c, --check Modalità solo verifica -f, --file=FILE Specifica la posizione del file sudoers -h, --help Visualizza il messaggio di aiuto ed esce -q, --quiet Messaggi di errore meno prolissi -s, --strict Verifica precisa della sintassi -V, --version Visualizza la versione ed esce -x, --export=FILE Esporta il file sudoers in formato JSON Opzioni: -d, --directory=DIR Specifica la directory per i registri di sessione -f, --filter=FILTRO Specifica il tipo di I/O da mostrare -h, --help Visualizza il messaggio di aiuto ed esce -l, --list Elenca gli ID di sessione disponibili corrispondenti -m, --max-wait=NUME Secondi da attendere tra gli eventi -s, --speed=NUME Velocizza o rallenta l'output -V, --version Visualizza la versione ed esce Voce sudoers: Percorso sudoers: %s Questa lezione dovrebbe essere stata impartita dall'amministratore di sistema locale. Solitamente equivale a: #1) Rispettare la privacy degli altri #2) Pensare prima di digitare #3) Da grandi poteri derivano grandi responsabilità Comandi: Opzioni: Ordine: %s RunAsGroups: RunAsUsers: %8s : %s%8s : (comando continuato) %s%s - Riproduce i registri di sessione di sudo %s - Modifica in sicurezza il file sudoers %s e %s non sono sullo stesso file system, viene usato "mv" per rinominare%s occupato, riprovare%s esiste, ma non è una directory (0%o)%s esiste, ma non è un file regolare (0%o)%s versione grammaticale %d %s non è un file regolareA %s non è consentito eseguire sudo su %s. Questo evento verrà segnalato. %s non è nel file sudoers. Questo evento verrà segnalato. %s è di proprietà del gid %u, dovrebbe essere %u%s è di proprietà dello uid %u, dovrebbe essere %u%s è scrivibile da tutti%s deve essere di proprietà dello uid %d%s deve essere scrivibile solo dal proprietario%s è di proprietà dell'uid %u, dovrebbe essere dell'uid %u%s richiede un argomento%s non modificato%s versione %s %s è accessibile in scrittura dal non-proprietario (0%o), dovrebbe avere modalità 0600%s è accessibile in scrittura dal non-proprietario (0%o), dovrebbe avere modalità 0700%s/%.2s/%.2s/%.2s/timing: %s%s/%s/timing: %s%s: %s%s: %s: %s: %s%s: impossibile verificare TGT. Possibile attacco in corso: %s%s: permessi errati, dovrebbe avere modalità 0%o %s: comando non trovato%s: major version %d del plugin per il gruppo non compatibile, atteso %d%s: file di registro non valido%s: analisi effettuata correttamente %s: errore di lettura%s: manca il campo gruppo di runas%s: manca il campo utente di runas%s: marcatura temporale %s: %s%s: manca il campo della marcatura temporale%s: impossibile allocare le opzioni: %s%s: impossibile convertire il principal in stringa ("%s"): %s%s: impossibile ottenere le credenziali: %s%s: impossibile ottenere il principal dell'host: %s%s: impossibile inizializzare la cache delle credenziali: %s%s: impossibile analizzare "%s": %s%s: impossibile risolvere la cache delle credenziali: %s%s: impossibile memorizzare le credenziali nella cache: %s%1$s: %3$s di %2$s_Alias non utilizzato%s: manca il campo utente%s: proprietario errato (uid, gid), dovrebbe essere (%u, %u) %u tentativo di immissione password non corretto%u tentativi di immissione password non corretti*** Informazioni di SICUREZZA per %h ***Account scaduto o alla configurazione PAM manca una sezione "account" per sudo: contattare l'amministratore di sistemaAccount o password scaduto: reimpostare la password e provare nuovamenteAggiunge una voce al file utmp/utmpx quando viene allocato un ptyIndirizzo da cui mandare l'email: %sIndirizzo a cui mandare l'email: %sAlias "%s" già definitoConsente la raccolta di alcune informazioni per dare messaggi di errore utiliAbilita sudo a chiedere una password anche se sarebbe visibileConsente agli utenti di impostare variabili d'ambienteEsegue sempre i comandi in uno pseudo-ttyInvia sempre una email quando viene eseguito sudoImposta sempre $HOME alla directory home dell'utente definitoApplica i Defaults nella classe di login dell'utente definito, se presenteTentativo di stabilire le credenziali PAM per l'utente finaleMetodi di autenticazione:Timeout marcatura temporale di autenticazione: %.1f minutiComprime i registri utilizzando zlibImpossibile determinare la condizione di auditCrea una nuova sessione PAM in cui eseguire il comandoPrompt predefinito per la password: %sUtente predefinito con cui eseguire i comandi: %sDirectory in cui salvare i registri di I/O: %sNon inizializza il vettore di gruppo con quello dell'utente definitoVariabile d'ambienti da validare:Variabili d'ambiente da preservare:Variabili d'ambiente da rimuovere:Errore: riferimento a "%2$s" %1$s_Alias, ma non definitoErrore: ciclo in %s_Alias "%s"File contenente la lezione su sudo: %sI descrittori di file >= %d verranno chiusi prima dell'esecuzione di un comandoFile in cui salvare il registro I/O: %sFlag per il programma email: %sSe LDAP è funzionante, viene ignorato il file sudoers localeSe impostato, passprompt scavalcherà sempre il prompt di sistema.Se impostata, gli utenti possono sovrascrivere il valore di "closefrom" con l'opzione -CSe sudo viene lanciato senza alcun argomento, avvia una shellIgnora "." in $PATHMessaggio password errata: %sApostrofa l'utente quando inserisce una password errataMetodi di autenticazione non validi compilati all'interno di sudo. Non è possibile usare assieme autenticazione standalone e non-standalone.Aiuta gli utenti alla prima esecuzione di sudoLunghezza a cui andare a capo nei file di registro (0 per non andare a capo): %uCoppia indirizzo IP locale e maschera di rete: Localizzazione da usare durante l'analisi del file sudoers: %sLa geometria del registro è %dx%d, quella del terminale è %dx%d.Registra il nome host nel file di registro (non-syslog)Registra l'output del comando in esecuzioneRegistra l'anno nel file di registro (non-syslog)Registra l'input dell'utente per il comando in esecuzioneCorrispondenza voci Defaults per %s su %s: Numero massimo di sequenze I/O di registro: %uNessun utente o hostNumero di tentativi per l'inserimento della password: %uConsente all'utente di seguire sudo solo se dispone di un ttyImposta lo uid effettivo all'utente definito, non lo uid realeLe opzioni sono: (e) Modifica nuovamente il file sudoers (x) Esce senza salvare le modifiche al file sudoers (Q) Esce e salva le modifiche al file sudoers (pericoloso) Proprietario directory con la marcatura temporale di autenticazione: %serrore autenticazione PAM: %sNome del servizio PAM da usareNome del servizio PAM da usare per le shell di loginPassword scaduta, contattare l'amministratore di sistemaTimeout per inserimento password: %.1f minutiPassword:Percorso directory con la marcatura temporale di autenticazione: %sPercorso al file di registro: %sPercorso al programma email: %sPercorso all'editor per visudo: %sPercorso al file d'ambiente specifico di sudo: %sPlugin per supporto ai gruppi non-Unix: %sPre-carica le funzioni exec dummy contenute nella libreria sudo_noexecChiede la password di root, non quella dell'utenteChiede la password dell'utente runas_default, non quella dell'utenteChiede la password dell'utente definito, non quella dell'invocanteFornisce riscontro visibile al prompt della password nel caso di input utenteMette il prompt OTP su una riga a parteRiproduzione della sessione sudo: %s Richiede nomi host completi nel file sudoersRichiede in modo predefinito l'autenticazione degli utentiReimposta l'ambiente con le variabili predefiniteRoot può eseguire sudoEsegue i comandi in un pty in backgroundValori predefiniti per Runas e Command per %s: Ruolo SELinux da usare nel nuovo contesto di sicurezza: %sTipologia di SELinux da usare nel nuovo contesto di sicurezza: %sComunicazione SecurID non riuscitaInvia una email se l'utente non è abilitato a eseguire un comandoInvia una email se l'utente non è tra i sudoersInvia una email se l'utente non è tra i sudoers per questo hostInvia una email se l'autenticazione utente non riesceImposta $HOME all'utente definito quando viene avviata una shell con -sPrivilegi non concessiPrivilegi concessiImposta le variabili d'ambiente LOGNAME e USERImposta l'utente in utmp all'utente runas, non l'utente invocanteRiprovare.All'utente %s non è consentito eseguire "%s%s%s" come %s%s%s su %s. L'utente %s non può eseguire sudo su %s. Oggetto dell'email: %sVersione %d della grammatica del file sudoers Versione %s del plugin della politica sudoers Infrastruttura syslog se syslog viene utilizzato per le registrazioni: %sPriorità di syslog se l'utente si identifica con successo: %sPriorità di syslog se l'utente non si identifica con successo: %sLa umask definita in sudoers scavalca quella dell'utente, anche se è più permissivaNon ci sono metodi di autenticazione compilati all'interno di sudo. Per disabilitare l'autenticazione, usare l'opzione di configurazione --disable-authentication.umask da utilizzare o 0777 per utilizzare quella dell'utente: 0%oUsa una marcatura temporale diversa per ogni combinazione utente/ttyUsa glob più veloce e meno preciso, ma non accede al file systemL'utente %s non è abilitato all'esecuzione di sudo su %s. L'utente %s può eseguire i seguenti comandi su %s: ID utente bloccato per l'autenticazione SecurIDAgli utenti di questo gruppo non sono richiesti password e PATH: %sValore con cui sovrascrivere la variabile $PATH dell'utente: %svisudo utilizzerà il valore definito nella variabile EDITORAttenzione: riferimento a "%2$s" %1$s_Alias, ma non definitoAttenzione: ciclo in %s_Alias "%s"Attenzione: il terminale è troppo piccolo per riprodurre correttamente il registro. Che fare ora?Quando richiedere una password per il pseudo-comando "list": %sQuando richiedere una password per il pseudo-comando "verify": %sè necessaria una passwordvalidazione dell'account non riuscita: forse è bloccato?espressione "%s" ambiguaautenticazione non riuscitaerrore del server di autenticazione: %scomando non riuscito: "%s %s %s", %s non modificatocomando nella directory correntecomando non consentitoimpossibile analizzare la data "%s"il digest per %s (%s) non è nella forma %seditor (%s) non riuscito, %s non modificatoerrore nel rinominare %s, %s non è stato modificatoinizializzazione della libreria API ACE non riuscitaanalisi del file %s non riuscita, errore sconosciutofill_args: buffer overflowviene ignorato "%s" trovato in "." Usare "sudo ./%s" se si voleva eseguire "%s".carattere "!" finale non consentito"or" finale non consentitoerrore interno, overflow di %serrore interno, impossibile trovare %s nell'elenco.errore interno: spazio insufficiente per la riga di registrogestore di autenticazione per SecurID non validometodi di autenticazione non validitipo di autenticazione non validaopzione di filtro non valida: %sattesa massima non valida: %slunghezza del passcode per SecurID errataespressione regolare non valida: %sfattore di velocità non valido: %sattributo sudoOrder non valido: %sriga di timing del file non valida: %slunghezza del nome utente per SecurID non validapercorso ldap.conf: %s percorso ldap.secret: %s connessione al server di autenticazione persanessun metodo di autenticazionenessun editor trovato (percorso dell'editor = %s)nessun ttynessuna sorgente valida di sudoers trovata, uscitanessun valore specificato per "%s"percorso nsswitch: %s solo root può usare "-c %s"l'opzione "%s" non accetta un valoreerrore di analisi in %serrore di analisi in %s errore di analisi in %s vicino alla riga %derrore di analisi in %s vicino alla riga %d overflow dello stack permunderflow dello stack permpremere Invio per modificare %s:problema con le voci Defaultsnon è consentito preservare l'ambientepermessi non sufficienti per impostare le seguenti variabili d'ambiente: %sè necessario disporre di un tty per eseguire sudol'editor specificato (%s) non esistespecificato start_tls ma le librerie LDAP non supportano ldap_start_tls_s() o ldap_start_tls_s_np()starttls non supportato quando viene utilizzato ldapsdiscordanza nell'allocazione sudo_ldap_build_pass1sudo_ldap_conf_add_ports: spazio esaurito nell'espansione di hostbufsudo_ldap_conf_add_ports: porta troppo grandesudo_ldap_parse_uri: spazio esaurito nella generazione di hostbufsudo_putenv: envp danneggiato, discordanza nella lunghezzasudoers indica che a root non è consentito usare sudoproprietario marcatura temporale (%s): utente inesistentepercorso marcatura temporale troppo lungo: %smarcatura temporale troppo avanti nel tempo: %20.20stroppi livelli di inclusionitroppi processiimpossibile iniziare l'autenticazione bsdimpossibile creare il filtro temporaleimpossibile memorizzare in cache il gid %u, esiste giàimpossibile memorizzare in cache il gruppo %s, esiste giàimpossibile memorizzare in cache l'elenco di gruppo %s, esiste giàimpossibile memorizzare in cache lo uid %u, esiste giàimpossibile memorizzare in cache l'utente %s, esiste giàimpossibile modificare la password scaduta: %simpossibile modificare la modalità di %s a 0%oimpossibile passare al gid rootimpossibile passare al gid runasimpossibile passare allo uid runasimpossibile passare al gid sudoersimpossibile inviare il record di auditimpossibile connettersi al server di autenticazioneimpossibile contattare il server SecurIDimpossibile creare %simpossibile eseguire dup sullo stdin: %mimpossibile eseguire %simpossibile eseguire %s: %mimpossibile trovare il simbolo "%s" in "%s"impossibile trovare il simbolo "group_plugin" in %simpossibile eseguire forkimpossibile eseguire fork: %mimpossibile formattare la marcatura temporaleimpossibile ottenere l'ora GMTimpossibile ottenere la classe di login per l'utente %simpossibile iniziare l'autenticazione BSDimpossibile inizializzare LDAP: %simpossibile inizializzare PAMimpossibile inizializzare la sessione SIAimpossibile inizializzare il certificato SSL e il database delle chiavi: %simpossibile inizializzare la sorgente SSS. È stato installato SSSD?impossibile caricare %s: %simpossibile impostare il blocco sul file di registro: %s: %simpossibile utilizzare URI ldap e ldaps assiemeimpossibile creare la directory %simpossibile aprire %simpossibile aprire il sistema di auditimpossibile aprire il file di registro: %s: %simpossibile aprire una pipe: %mimpossibile analizzare i gruppi per %simpossibile riaprire il file temporaneo (%s), %s non modificatoimpossibile leggere %simpossibile leggere la configurazione fwtkimpossibile rimuovere %s, viene reimpostato a Unix epochimpossibile reimpostare %s a Unix epochimpossibile risolvere l'host %simpossibile avviare %simpossibile inviare il messaggio di auditimpossibile impostare (uid, gid) di %s a (%u, %u)impossibile impostare il vettore di gruppo per runasimpossibile impostare il terminale in modalità rawimpossibile eseguire stat su %simpossibile eseguire stat sull'editor (%s)impossibile eseguire stat sul file temporaneo (%s), %s non modificatoimpossibile scrivere su %simpossibile analizzare il file temporaneo (%s), errore sconosciutoerrore sconosciuto di SecurIDvoce Defaults "%s" sconosciutagruppo sconosciuto: %sclasse di login sconosciuta: %stermine di ricerca "%s" sconosciutotipo di ricerca %d sconosciutouid sconosciuto: %uutente sconosciuto: %scarattere "(" nell'espressione non corrispostocarattere ")" nell'espressione non corrispostotipologia di uri LDAP non supportata: %stipo di digest %d non supportato per %suso: %s [-h] [-d DIR] -l [ESPRESSIONE DI RICERCA] uso: %s [-h] [-d DIR] [-m NUM] [-s NUM] ID utente non autorizzato sull'hostutente non tra i sudoersvalidazione non riuscitail valore "%s" non è valido per l'opzione "%s"i valori per "%s" devono iniziare con un carattere "/"errore di scritturautente non abilitato all'uso dell'opzione -Cl'utente attuale non esiste nel database %sè necessario impostare TLS_CERT in %s per usare SSLfile temporaneo di lunghezza pari a zero (%s), %s non modificatosudo-1.8.9p5/plugins/sudoers/po/it.po010064400175440000012000001544411226304126200171120ustar00millertstaff# Italian translations for sudoers package # This file is put in the public domain. # Milo Casagrande , 2011, 2012, 2013. # msgid "" msgstr "" "Project-Id-Version: sudoers-1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-17 10:47-0700\n" "PO-Revision-Date: 2013-12-26 22:16+0100\n" "Last-Translator: Milo Casagrande \n" "Language-Team: Italian \n" "Language: it\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8-bit\n" "Plural-Forms: nplurals=2; plural=(n!=1);\n" "X-Generator: Gtranslator 2.91.6\n" #: confstr.sh:2 msgid "Password:" msgstr "Password:" #: confstr.sh:3 msgid "*** SECURITY information for %h ***" msgstr "*** Informazioni di SICUREZZA per %h ***" #: confstr.sh:4 msgid "Sorry, try again." msgstr "Riprovare." #: plugins/sudoers/alias.c:136 #, c-format msgid "Alias `%s' already defined" msgstr "Alias \"%s\" già definito" #: plugins/sudoers/auth/bsdauth.c:75 #, c-format msgid "unable to get login class for user %s" msgstr "impossibile ottenere la classe di login per l'utente %s" #: plugins/sudoers/auth/bsdauth.c:81 msgid "unable to begin bsd authentication" msgstr "impossibile iniziare l'autenticazione bsd" #: plugins/sudoers/auth/bsdauth.c:89 msgid "invalid authentication type" msgstr "tipo di autenticazione non valida" #: plugins/sudoers/auth/bsdauth.c:98 msgid "unable to initialize BSD authentication" msgstr "impossibile iniziare l'autenticazione BSD" #: plugins/sudoers/auth/fwtk.c:59 msgid "unable to read fwtk config" msgstr "impossibile leggere la configurazione fwtk" #: plugins/sudoers/auth/fwtk.c:64 msgid "unable to connect to authentication server" msgstr "impossibile connettersi al server di autenticazione" #: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 #: plugins/sudoers/auth/fwtk.c:127 msgid "lost connection to authentication server" msgstr "connessione al server di autenticazione persa" #: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" "errore del server di autenticazione:\n" "%s" #: plugins/sudoers/auth/kerb5.c:116 #, c-format msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s: impossibile convertire il principal in stringa (\"%s\"): %s" #: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: impossibile analizzare \"%s\": %s" #: plugins/sudoers/auth/kerb5.c:169 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: impossibile risolvere la cache delle credenziali: %s" #: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: impossibile allocare le opzioni: %s" #: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: impossibile ottenere le credenziali: %s" #: plugins/sudoers/auth/kerb5.c:246 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: impossibile inizializzare la cache delle credenziali: %s" #: plugins/sudoers/auth/kerb5.c:250 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: impossibile memorizzare le credenziali nella cache: %s" #: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: impossibile ottenere il principal dell'host: %s" #: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: impossibile verificare TGT. Possibile attacco in corso: %s" #: plugins/sudoers/auth/pam.c:98 msgid "unable to initialize PAM" msgstr "impossibile inizializzare PAM" #: plugins/sudoers/auth/pam.c:149 msgid "account validation failure, is your account locked?" msgstr "validazione dell'account non riuscita: forse è bloccato?" #: plugins/sudoers/auth/pam.c:153 msgid "Account or password is expired, reset your password and try again" msgstr "Account o password scaduto: reimpostare la password e provare nuovamente" #: plugins/sudoers/auth/pam.c:161 #, c-format msgid "unable to change expired password: %s" msgstr "impossibile modificare la password scaduta: %s" #: plugins/sudoers/auth/pam.c:166 msgid "Password expired, contact your system administrator" msgstr "Password scaduta, contattare l'amministratore di sistema" #: plugins/sudoers/auth/pam.c:170 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Account scaduto o alla configurazione PAM manca una sezione \"account\" per sudo: contattare l'amministratore di sistema" #: plugins/sudoers/auth/pam.c:187 #, c-format msgid "PAM authentication error: %s" msgstr "errore autenticazione PAM: %s" #: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:222 #, c-format msgid "you do not exist in the %s database" msgstr "l'utente attuale non esiste nel database %s" #: plugins/sudoers/auth/securid5.c:80 msgid "failed to initialise the ACE API library" msgstr "inizializzazione della libreria API ACE non riuscita" #: plugins/sudoers/auth/securid5.c:106 msgid "unable to contact the SecurID server" msgstr "impossibile contattare il server SecurID" #: plugins/sudoers/auth/securid5.c:115 msgid "User ID locked for SecurID Authentication" msgstr "ID utente bloccato per l'autenticazione SecurID" #: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 msgid "invalid username length for SecurID" msgstr "lunghezza del nome utente per SecurID non valida" #: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 msgid "invalid Authentication Handle for SecurID" msgstr "gestore di autenticazione per SecurID non valido" #: plugins/sudoers/auth/securid5.c:127 msgid "SecurID communication failed" msgstr "Comunicazione SecurID non riuscita" #: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 msgid "unknown SecurID error" msgstr "errore sconosciuto di SecurID" #: plugins/sudoers/auth/securid5.c:165 msgid "invalid passcode length for SecurID" msgstr "lunghezza del passcode per SecurID errata" #: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "impossibile inizializzare la sessione SIA" #: plugins/sudoers/auth/sudo_auth.c:119 msgid "invalid authentication methods" msgstr "metodi di autenticazione non validi" #: plugins/sudoers/auth/sudo_auth.c:120 msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." msgstr "Metodi di autenticazione non validi compilati all'interno di sudo. Non è possibile usare assieme autenticazione standalone e non-standalone." #: plugins/sudoers/auth/sudo_auth.c:203 msgid "no authentication methods" msgstr "nessun metodo di autenticazione" #: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "Non ci sono metodi di autenticazione compilati all'interno di sudo. Per disabilitare l'autenticazione, usare l'opzione di configurazione --disable-authentication." #: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "Metodi di autenticazione:" #: plugins/sudoers/bsm_audit.c:91 plugins/sudoers/bsm_audit.c:158 msgid "Could not determine audit condition" msgstr "Impossibile determinare la condizione di audit" #: plugins/sudoers/bsm_audit.c:134 plugins/sudoers/bsm_audit.c:199 msgid "unable to commit audit record" msgstr "impossibile inviare il record di audit" #: plugins/sudoers/check.c:189 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" "Administrator. It usually boils down to these three things:\n" "\n" " #1) Respect the privacy of others.\n" " #2) Think before you type.\n" " #3) With great power comes great responsibility.\n" "\n" msgstr "" "\n" "Questa lezione dovrebbe essere stata impartita dall'amministratore\n" "di sistema locale. Solitamente equivale a:\n" "\n" " #1) Rispettare la privacy degli altri\n" " #2) Pensare prima di digitare\n" " #3) Da grandi poteri derivano grandi responsabilità\n" "\n" #: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 #: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:588 #, c-format msgid "unknown uid: %u" msgstr "uid sconosciuto: %u" #: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:657 #: plugins/sudoers/sudoers.c:850 plugins/sudoers/testsudoers.c:211 #: plugins/sudoers/testsudoers.c:363 #, c-format msgid "unknown user: %s" msgstr "utente sconosciuto: %s" #: plugins/sudoers/def_data.c:27 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "Infrastruttura syslog se syslog viene utilizzato per le registrazioni: %s" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "Priorità di syslog se l'utente si identifica con successo: %s" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "Priorità di syslog se l'utente non si identifica con successo: %s" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" msgstr "Mette il prompt OTP su una riga a parte" #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" msgstr "Ignora \".\" in $PATH" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" msgstr "Invia sempre una email quando viene eseguito sudo" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" msgstr "Invia una email se l'autenticazione utente non riesce" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" msgstr "Invia una email se l'utente non è tra i sudoers" #: plugins/sudoers/def_data.c:59 msgid "Send mail if the user is not in sudoers for this host" msgstr "Invia una email se l'utente non è tra i sudoers per questo host" #: plugins/sudoers/def_data.c:63 msgid "Send mail if the user is not allowed to run a command" msgstr "Invia una email se l'utente non è abilitato a eseguire un comando" #: plugins/sudoers/def_data.c:67 msgid "Use a separate timestamp for each user/tty combo" msgstr "Usa una marcatura temporale diversa per ogni combinazione utente/tty" #: plugins/sudoers/def_data.c:71 msgid "Lecture user the first time they run sudo" msgstr "Aiuta gli utenti alla prima esecuzione di sudo" #: plugins/sudoers/def_data.c:75 #, c-format msgid "File containing the sudo lecture: %s" msgstr "File contenente la lezione su sudo: %s" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" msgstr "Richiede in modo predefinito l'autenticazione degli utenti" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" msgstr "Root può eseguire sudo" #: plugins/sudoers/def_data.c:87 msgid "Log the hostname in the (non-syslog) log file" msgstr "Registra il nome host nel file di registro (non-syslog)" #: plugins/sudoers/def_data.c:91 msgid "Log the year in the (non-syslog) log file" msgstr "Registra l'anno nel file di registro (non-syslog)" #: plugins/sudoers/def_data.c:95 msgid "If sudo is invoked with no arguments, start a shell" msgstr "Se sudo viene lanciato senza alcun argomento, avvia una shell" #: plugins/sudoers/def_data.c:99 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "Imposta $HOME all'utente definito quando viene avviata una shell con -s" #: plugins/sudoers/def_data.c:103 msgid "Always set $HOME to the target user's home directory" msgstr "Imposta sempre $HOME alla directory home dell'utente definito" #: plugins/sudoers/def_data.c:107 msgid "Allow some information gathering to give useful error messages" msgstr "Consente la raccolta di alcune informazioni per dare messaggi di errore utili" #: plugins/sudoers/def_data.c:111 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "Richiede nomi host completi nel file sudoers" #: plugins/sudoers/def_data.c:115 msgid "Insult the user when they enter an incorrect password" msgstr "Apostrofa l'utente quando inserisce una password errata" #: plugins/sudoers/def_data.c:119 msgid "Only allow the user to run sudo if they have a tty" msgstr "Consente all'utente di seguire sudo solo se dispone di un tty" #: plugins/sudoers/def_data.c:123 msgid "Visudo will honor the EDITOR environment variable" msgstr "visudo utilizzerà il valore definito nella variabile EDITOR" #: plugins/sudoers/def_data.c:127 msgid "Prompt for root's password, not the users's" msgstr "Chiede la password di root, non quella dell'utente" #: plugins/sudoers/def_data.c:131 msgid "Prompt for the runas_default user's password, not the users's" msgstr "Chiede la password dell'utente runas_default, non quella dell'utente" #: plugins/sudoers/def_data.c:135 msgid "Prompt for the target user's password, not the users's" msgstr "Chiede la password dell'utente definito, non quella dell'invocante" #: plugins/sudoers/def_data.c:139 msgid "Apply defaults in the target user's login class if there is one" msgstr "Applica i Defaults nella classe di login dell'utente definito, se presente" #: plugins/sudoers/def_data.c:143 msgid "Set the LOGNAME and USER environment variables" msgstr "Imposta le variabili d'ambiente LOGNAME e USER" #: plugins/sudoers/def_data.c:147 msgid "Only set the effective uid to the target user, not the real uid" msgstr "Imposta lo uid effettivo all'utente definito, non lo uid reale" #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" msgstr "Non inizializza il vettore di gruppo con quello dell'utente definito" #: plugins/sudoers/def_data.c:155 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %u" msgstr "Lunghezza a cui andare a capo nei file di registro (0 per non andare a capo): %u" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "Timeout marcatura temporale di autenticazione: %.1f minuti" #: plugins/sudoers/def_data.c:163 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "Timeout per inserimento password: %.1f minuti" #: plugins/sudoers/def_data.c:167 #, c-format msgid "Number of tries to enter a password: %u" msgstr "Numero di tentativi per l'inserimento della password: %u" #: plugins/sudoers/def_data.c:171 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "umask da utilizzare o 0777 per utilizzare quella dell'utente: 0%o" #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" msgstr "Percorso al file di registro: %s" #: plugins/sudoers/def_data.c:179 #, c-format msgid "Path to mail program: %s" msgstr "Percorso al programma email: %s" #: plugins/sudoers/def_data.c:183 #, c-format msgid "Flags for mail program: %s" msgstr "Flag per il programma email: %s" #: plugins/sudoers/def_data.c:187 #, c-format msgid "Address to send mail to: %s" msgstr "Indirizzo a cui mandare l'email: %s" #: plugins/sudoers/def_data.c:191 #, c-format msgid "Address to send mail from: %s" msgstr "Indirizzo da cui mandare l'email: %s" #: plugins/sudoers/def_data.c:195 #, c-format msgid "Subject line for mail messages: %s" msgstr "Oggetto dell'email: %s" #: plugins/sudoers/def_data.c:199 #, c-format msgid "Incorrect password message: %s" msgstr "Messaggio password errata: %s" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "Percorso directory con la marcatura temporale di autenticazione: %s" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "Proprietario directory con la marcatura temporale di autenticazione: %s" #: plugins/sudoers/def_data.c:211 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "Agli utenti di questo gruppo non sono richiesti password e PATH: %s" #: plugins/sudoers/def_data.c:215 #, c-format msgid "Default password prompt: %s" msgstr "Prompt predefinito per la password: %s" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." msgstr "Se impostato, passprompt scavalcherà sempre il prompt di sistema." #: plugins/sudoers/def_data.c:223 #, c-format msgid "Default user to run commands as: %s" msgstr "Utente predefinito con cui eseguire i comandi: %s" #: plugins/sudoers/def_data.c:227 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "Valore con cui sovrascrivere la variabile $PATH dell'utente: %s" #: plugins/sudoers/def_data.c:231 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "Percorso all'editor per visudo: %s" #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "Quando richiedere una password per il pseudo-comando \"list\": %s" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "Quando richiedere una password per il pseudo-comando \"verify\": %s" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in the sudo_noexec library" msgstr "Pre-carica le funzioni exec dummy contenute nella libreria sudo_noexec" #: plugins/sudoers/def_data.c:247 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "Se LDAP è funzionante, viene ignorato il file sudoers locale" #: plugins/sudoers/def_data.c:251 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "I descrittori di file >= %d verranno chiusi prima dell'esecuzione di un comando" #: plugins/sudoers/def_data.c:255 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "Se impostata, gli utenti possono sovrascrivere il valore di \"closefrom\" con l'opzione -C" #: plugins/sudoers/def_data.c:259 msgid "Allow users to set arbitrary environment variables" msgstr "Consente agli utenti di impostare variabili d'ambiente" #: plugins/sudoers/def_data.c:263 msgid "Reset the environment to a default set of variables" msgstr "Reimposta l'ambiente con le variabili predefinite" #: plugins/sudoers/def_data.c:267 msgid "Environment variables to check for sanity:" msgstr "Variabile d'ambienti da validare:" #: plugins/sudoers/def_data.c:271 msgid "Environment variables to remove:" msgstr "Variabili d'ambiente da rimuovere:" #: plugins/sudoers/def_data.c:275 msgid "Environment variables to preserve:" msgstr "Variabili d'ambiente da preservare:" #: plugins/sudoers/def_data.c:279 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "Ruolo SELinux da usare nel nuovo contesto di sicurezza: %s" #: plugins/sudoers/def_data.c:283 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "Tipologia di SELinux da usare nel nuovo contesto di sicurezza: %s" #: plugins/sudoers/def_data.c:287 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "Percorso al file d'ambiente specifico di sudo: %s" #: plugins/sudoers/def_data.c:291 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "Localizzazione da usare durante l'analisi del file sudoers: %s" #: plugins/sudoers/def_data.c:295 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "Abilita sudo a chiedere una password anche se sarebbe visibile" #: plugins/sudoers/def_data.c:299 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "Fornisce riscontro visibile al prompt della password nel caso di input utente" #: plugins/sudoers/def_data.c:303 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "Usa glob più veloce e meno preciso, ma non accede al file system" #: plugins/sudoers/def_data.c:307 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "La umask definita in sudoers scavalca quella dell'utente, anche se è più permissiva" #: plugins/sudoers/def_data.c:311 msgid "Log user's input for the command being run" msgstr "Registra l'input dell'utente per il comando in esecuzione" #: plugins/sudoers/def_data.c:315 msgid "Log the output of the command being run" msgstr "Registra l'output del comando in esecuzione" #: plugins/sudoers/def_data.c:319 msgid "Compress I/O logs using zlib" msgstr "Comprime i registri utilizzando zlib" #: plugins/sudoers/def_data.c:323 msgid "Always run commands in a pseudo-tty" msgstr "Esegue sempre i comandi in uno pseudo-tty" #: plugins/sudoers/def_data.c:327 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "Plugin per supporto ai gruppi non-Unix: %s" #: plugins/sudoers/def_data.c:331 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "Directory in cui salvare i registri di I/O: %s" #: plugins/sudoers/def_data.c:335 #, c-format msgid "File in which to store the input/output log: %s" msgstr "File in cui salvare il registro I/O: %s" #: plugins/sudoers/def_data.c:339 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "Aggiunge una voce al file utmp/utmpx quando viene allocato un pty" #: plugins/sudoers/def_data.c:343 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "Imposta l'utente in utmp all'utente runas, non l'utente invocante" #: plugins/sudoers/def_data.c:347 msgid "Set of permitted privileges" msgstr "Privilegi concessi" #: plugins/sudoers/def_data.c:351 msgid "Set of limit privileges" msgstr "Privilegi non concessi" #: plugins/sudoers/def_data.c:355 msgid "Run commands on a pty in the background" msgstr "Esegue i comandi in un pty in background" #: plugins/sudoers/def_data.c:359 msgid "PAM service name to use" msgstr "Nome del servizio PAM da usare" #: plugins/sudoers/def_data.c:363 msgid "PAM service name to use for login shells" msgstr "Nome del servizio PAM da usare per le shell di login" #: plugins/sudoers/def_data.c:367 msgid "Attempt to establish PAM credentials for the target user" msgstr "Tentativo di stabilire le credenziali PAM per l'utente finale" #: plugins/sudoers/def_data.c:371 msgid "Create a new PAM session for the command to run in" msgstr "Crea una nuova sessione PAM in cui eseguire il comando" #: plugins/sudoers/def_data.c:375 #, c-format msgid "Maximum I/O log sequence number: %u" msgstr "Numero massimo di sequenze I/O di registro: %u" #: plugins/sudoers/defaults.c:210 plugins/sudoers/defaults.c:596 #: plugins/sudoers/visudo_json.c:611 plugins/sudoers/visudo_json.c:647 #, c-format msgid "unknown defaults entry `%s'" msgstr "voce Defaults \"%s\" sconosciuta" #: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 #: plugins/sudoers/defaults.c:248 plugins/sudoers/defaults.c:261 #: plugins/sudoers/defaults.c:274 plugins/sudoers/defaults.c:287 #: plugins/sudoers/defaults.c:300 plugins/sudoers/defaults.c:320 #: plugins/sudoers/defaults.c:330 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "il valore \"%s\" non è valido per l'opzione \"%s\"" #: plugins/sudoers/defaults.c:221 plugins/sudoers/defaults.c:231 #: plugins/sudoers/defaults.c:239 plugins/sudoers/defaults.c:256 #: plugins/sudoers/defaults.c:269 plugins/sudoers/defaults.c:282 #: plugins/sudoers/defaults.c:295 plugins/sudoers/defaults.c:315 #: plugins/sudoers/defaults.c:326 #, c-format msgid "no value specified for `%s'" msgstr "nessun valore specificato per \"%s\"" #: plugins/sudoers/defaults.c:244 #, c-format msgid "values for `%s' must start with a '/'" msgstr "i valori per \"%s\" devono iniziare con un carattere \"/\"" #: plugins/sudoers/defaults.c:306 #, c-format msgid "option `%s' does not take a value" msgstr "l'opzione \"%s\" non accetta un valore" #: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 #: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 #: plugins/sudoers/policy.c:442 plugins/sudoers/policy.c:449 #: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:656 #: plugins/sudoers/testsudoers.c:241 #, c-format msgid "internal error, %s overflow" msgstr "errore interno, overflow di %s" #: plugins/sudoers/env.c:367 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: envp danneggiato, discordanza nella lunghezza" #: plugins/sudoers/env.c:1014 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "permessi non sufficienti per impostare le seguenti variabili d'ambiente: %s" #: plugins/sudoers/group_plugin.c:94 #, c-format msgid "%s must be owned by uid %d" msgstr "%s deve essere di proprietà dello uid %d" #: plugins/sudoers/group_plugin.c:98 #, c-format msgid "%s must only be writable by owner" msgstr "%s deve essere scrivibile solo dal proprietario" #: plugins/sudoers/group_plugin.c:105 plugins/sudoers/sssd.c:251 #, c-format msgid "unable to load %s: %s" msgstr "impossibile caricare %s: %s" #: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "impossibile trovare il simbolo \"group_plugin\" in %s" #: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: major version %d del plugin per il gruppo non compatibile, atteso %d" #: plugins/sudoers/interfaces.c:118 msgid "Local IP address and netmask pairs:\n" msgstr "Coppia indirizzo IP locale e maschera di rete:\n" #: plugins/sudoers/iolog.c:99 plugins/sudoers/iolog.c:112 #: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s esiste, ma non è una directory (0%o)" #: plugins/sudoers/iolog.c:109 plugins/sudoers/iolog.c:123 #: plugins/sudoers/iolog.c:127 plugins/sudoers/timestamp.c:165 #: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 #, c-format msgid "unable to mkdir %s" msgstr "impossibile creare la directory %s" #: plugins/sudoers/iolog.c:190 plugins/sudoers/sudoers.c:710 #: plugins/sudoers/sudoreplay.c:340 plugins/sudoers/sudoreplay.c:811 #: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/timestamp.c:155 #: plugins/sudoers/visudo.c:824 plugins/sudoers/visudo_json.c:995 #: plugins/sudoers/visudo_json.c:1003 #, c-format msgid "unable to open %s" msgstr "impossibile aprire %s" #: plugins/sudoers/iolog.c:223 plugins/sudoers/sudoers.c:713 #: plugins/sudoers/sudoreplay.c:1112 #, c-format msgid "unable to read %s" msgstr "impossibile leggere %s" #: plugins/sudoers/iolog.c:247 plugins/sudoers/sudoreplay.c:580 #: plugins/sudoers/timestamp.c:159 #, c-format msgid "unable to write to %s" msgstr "impossibile scrivere su %s" #: plugins/sudoers/iolog.c:307 plugins/sudoers/iolog.c:500 #, c-format msgid "unable to create %s" msgstr "impossibile creare %s" #: plugins/sudoers/ldap.c:403 msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: porta troppo grande" #: plugins/sudoers/ldap.c:426 msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: spazio esaurito nell'espansione di hostbuf" #: plugins/sudoers/ldap.c:458 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "tipologia di uri LDAP non supportata: %s" #: plugins/sudoers/ldap.c:489 msgid "unable to mix ldap and ldaps URIs" msgstr "impossibile utilizzare URI ldap e ldaps assieme" #: plugins/sudoers/ldap.c:493 plugins/sudoers/ldap.c:525 msgid "starttls not supported when using ldaps" msgstr "starttls non supportato quando viene utilizzato ldaps" #: plugins/sudoers/ldap.c:511 msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: spazio esaurito nella generazione di hostbuf" #: plugins/sudoers/ldap.c:592 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "impossibile inizializzare il certificato SSL e il database delle chiavi: %s" #: plugins/sudoers/ldap.c:595 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "è necessario impostare TLS_CERT in %s per usare SSL" #: plugins/sudoers/ldap.c:1086 msgid "unable to get GMT time" msgstr "impossibile ottenere l'ora GMT" #: plugins/sudoers/ldap.c:1092 msgid "unable to format timestamp" msgstr "impossibile formattare la marcatura temporale" #: plugins/sudoers/ldap.c:1100 msgid "unable to build time filter" msgstr "impossibile creare il filtro temporale" #: plugins/sudoers/ldap.c:1319 msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "discordanza nell'allocazione sudo_ldap_build_pass1" #: plugins/sudoers/ldap.c:1424 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" #: plugins/sudoers/ldap.c:1899 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" "\n" "Ruolo LDAP: %s\n" #: plugins/sudoers/ldap.c:1901 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" "\n" "Ruolo LDAP: sconosciuto\n" #: plugins/sudoers/ldap.c:1948 #, c-format msgid " Order: %s\n" msgstr " Ordine: %s\n" #: plugins/sudoers/ldap.c:1956 plugins/sudoers/parse.c:504 #: plugins/sudoers/sssd.c:1295 #, c-format msgid " Commands:\n" msgstr " Comandi:\n" #: plugins/sudoers/ldap.c:2499 #, c-format msgid "unable to initialize LDAP: %s" msgstr "impossibile inizializzare LDAP: %s" #: plugins/sudoers/ldap.c:2541 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "specificato start_tls ma le librerie LDAP non supportano ldap_start_tls_s() o ldap_start_tls_s_np()" #: plugins/sudoers/ldap.c:2774 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "attributo sudoOrder non valido: %s" #: plugins/sudoers/linux_audit.c:57 msgid "unable to open audit system" msgstr "impossibile aprire il sistema di audit" #: plugins/sudoers/linux_audit.c:93 msgid "unable to send audit message" msgstr "impossibile inviare il messaggio di audit" #: plugins/sudoers/logging.c:136 #, c-format msgid "%8s : %s" msgstr "%8s : %s" #: plugins/sudoers/logging.c:164 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (comando continuato) %s" #: plugins/sudoers/logging.c:190 #, c-format msgid "unable to open log file: %s: %s" msgstr "impossibile aprire il file di registro: %s: %s" #: plugins/sudoers/logging.c:193 #, c-format msgid "unable to lock log file: %s: %s" msgstr "impossibile impostare il blocco sul file di registro: %s: %s" #: plugins/sudoers/logging.c:245 msgid "No user or host" msgstr "Nessun utente o host" #: plugins/sudoers/logging.c:247 msgid "validation failure" msgstr "validazione non riuscita" #: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "utente non tra i sudoers" #: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "utente non autorizzato sull'host" #: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "comando non consentito" #: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s non è nel file sudoers. Questo evento verrà segnalato.\n" #: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "A %s non è consentito eseguire sudo su %s. Questo evento verrà segnalato.\n" #: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "L'utente %s non può eseguire sudo su %s.\n" #: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "All'utente %s non è consentito eseguire \"%s%s%s\" come %s%s%s su %s.\n" #: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:382 #: plugins/sudoers/sudoers.c:383 plugins/sudoers/sudoers.c:385 #: plugins/sudoers/sudoers.c:386 plugins/sudoers/sudoers.c:1017 #: plugins/sudoers/sudoers.c:1018 #, c-format msgid "%s: command not found" msgstr "%s: comando non trovato" #: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:378 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" "viene ignorato \"%s\" trovato in \".\"\n" "Usare \"sudo ./%s\" se si voleva eseguire \"%s\"." #: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "autenticazione non riuscita" #: plugins/sudoers/logging.c:379 msgid "a password is required" msgstr "è necessaria una password" #: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:497 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u tentativo di immissione password non corretto" msgstr[1] "%u tentativi di immissione password non corretti" #: plugins/sudoers/logging.c:582 msgid "unable to fork" msgstr "impossibile eseguire fork" #: plugins/sudoers/logging.c:589 plugins/sudoers/logging.c:645 #, c-format msgid "unable to fork: %m" msgstr "impossibile eseguire fork: %m" #: plugins/sudoers/logging.c:635 #, c-format msgid "unable to open pipe: %m" msgstr "impossibile aprire una pipe: %m" #: plugins/sudoers/logging.c:660 #, c-format msgid "unable to dup stdin: %m" msgstr "impossibile eseguire dup sullo stdin: %m" #: plugins/sudoers/logging.c:695 #, c-format msgid "unable to execute %s: %m" msgstr "impossibile eseguire %s: %m" #: plugins/sudoers/logging.c:914 msgid "internal error: insufficient space for log line" msgstr "errore interno: spazio insufficiente per la riga di registro" #: plugins/sudoers/match.c:617 #, c-format msgid "unsupported digest type %d for %s" msgstr "tipo di digest %d non supportato per %s" #: plugins/sudoers/match.c:647 #, c-format msgid "%s: read error" msgstr "%s: errore di lettura" #: plugins/sudoers/match.c:661 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "il digest per %s (%s) non è nella forma %s" #: plugins/sudoers/parse.c:115 #, c-format msgid "parse error in %s near line %d" msgstr "errore di analisi in %s vicino alla riga %d" #: plugins/sudoers/parse.c:118 #, c-format msgid "parse error in %s" msgstr "errore di analisi in %s" #: plugins/sudoers/parse.c:451 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" "\n" "Voce sudoers:\n" #: plugins/sudoers/parse.c:452 #, c-format msgid " RunAsUsers: " msgstr " RunAsUsers: " #: plugins/sudoers/parse.c:466 #, c-format msgid " RunAsGroups: " msgstr " RunAsGroups: " #: plugins/sudoers/parse.c:475 #, c-format msgid " Options: " msgstr " Opzioni: " #: plugins/sudoers/policy.c:109 plugins/sudoers/policy.c:116 #: plugins/sudoers/policy.c:123 plugins/sudoers/policy.c:145 #: plugins/sudoers/policy.c:259 plugins/sudoers/policy.c:277 #: plugins/sudoers/policy.c:284 plugins/sudoers/policy.c:312 #: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:327 #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 #, c-format msgid "%s: %s" msgstr "%s: %s" #: plugins/sudoers/policy.c:539 plugins/sudoers/visudo.c:765 #, c-format msgid "unable to execute %s" msgstr "impossibile eseguire %s" #: plugins/sudoers/policy.c:681 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Versione %s del plugin della politica sudoers\n" #: plugins/sudoers/policy.c:683 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Versione %d della grammatica del file sudoers\n" #: plugins/sudoers/policy.c:687 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" "\n" "Percorso sudoers: %s\n" #: plugins/sudoers/policy.c:690 #, c-format msgid "nsswitch path: %s\n" msgstr "percorso nsswitch: %s\n" #: plugins/sudoers/policy.c:692 #, c-format msgid "ldap.conf path: %s\n" msgstr "percorso ldap.conf: %s\n" #: plugins/sudoers/policy.c:693 #, c-format msgid "ldap.secret path: %s\n" msgstr "percorso ldap.secret: %s\n" #: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "impossibile memorizzare in cache lo uid %u, esiste già" #: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "impossibile memorizzare in cache l'utente %s, esiste già" #: plugins/sudoers/pwutil.c:393 #, c-format msgid "unable to cache gid %u, already exists" msgstr "impossibile memorizzare in cache il gid %u, esiste già" #: plugins/sudoers/pwutil.c:429 #, c-format msgid "unable to cache group %s, already exists" msgstr "impossibile memorizzare in cache il gruppo %s, esiste già" #: plugins/sudoers/pwutil.c:592 plugins/sudoers/pwutil.c:614 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "impossibile memorizzare in cache l'elenco di gruppo %s, esiste già" #: plugins/sudoers/pwutil.c:612 #, c-format msgid "unable to parse groups for %s" msgstr "impossibile analizzare i gruppi per %s" #: plugins/sudoers/set_perms.c:124 plugins/sudoers/set_perms.c:449 #: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1149 #: plugins/sudoers/set_perms.c:1441 msgid "perm stack overflow" msgstr "overflow dello stack perm" #: plugins/sudoers/set_perms.c:132 plugins/sudoers/set_perms.c:457 #: plugins/sudoers/set_perms.c:860 plugins/sudoers/set_perms.c:1157 #: plugins/sudoers/set_perms.c:1449 msgid "perm stack underflow" msgstr "underflow dello stack perm" #: plugins/sudoers/set_perms.c:191 plugins/sudoers/set_perms.c:504 #: plugins/sudoers/set_perms.c:1208 plugins/sudoers/set_perms.c:1481 msgid "unable to change to root gid" msgstr "impossibile passare al gid root" #: plugins/sudoers/set_perms.c:280 plugins/sudoers/set_perms.c:601 #: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1285 msgid "unable to change to runas gid" msgstr "impossibile passare al gid runas" #: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:613 #: plugins/sudoers/set_perms.c:999 plugins/sudoers/set_perms.c:1295 msgid "unable to change to runas uid" msgstr "impossibile passare allo uid runas" #: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:631 #: plugins/sudoers/set_perms.c:1015 plugins/sudoers/set_perms.c:1311 msgid "unable to change to sudoers gid" msgstr "impossibile passare al gid sudoers" #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 msgid "too many processes" msgstr "troppi processi" #: plugins/sudoers/set_perms.c:1595 msgid "unable to set runas group vector" msgstr "impossibile impostare il vettore di gruppo per runas" #: plugins/sudoers/sssd.c:252 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "impossibile inizializzare la sorgente SSS. È stato installato SSSD?" #: plugins/sudoers/sssd.c:259 plugins/sudoers/sssd.c:267 #: plugins/sudoers/sssd.c:275 plugins/sudoers/sssd.c:283 #: plugins/sudoers/sssd.c:291 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "impossibile trovare il simbolo \"%s\" in \"%s\"" #: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Corrispondenza voci Defaults per %s su %s:\n" #: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Valori predefiniti per Runas e Command per %s:\n" #: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "L'utente %s può eseguire i seguenti comandi su %s:\n" #: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "L'utente %s non è abilitato all'esecuzione di sudo su %s.\n" #: plugins/sudoers/sudoers.c:154 plugins/sudoers/sudoers.c:188 #: plugins/sudoers/sudoers.c:675 msgid "problem with defaults entries" msgstr "problema con le voci Defaults" #: plugins/sudoers/sudoers.c:160 msgid "no valid sudoers sources found, quitting" msgstr "nessuna sorgente valida di sudoers trovata, uscita" #: plugins/sudoers/sudoers.c:222 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers indica che a root non è consentito usare sudo" #: plugins/sudoers/sudoers.c:261 msgid "you are not permitted to use the -C option" msgstr "utente non abilitato all'uso dell'opzione -C" #: plugins/sudoers/sudoers.c:314 #, c-format msgid "timestamp owner (%s): No such user" msgstr "proprietario marcatura temporale (%s): utente inesistente" #: plugins/sudoers/sudoers.c:328 msgid "no tty" msgstr "nessun tty" #: plugins/sudoers/sudoers.c:329 msgid "sorry, you must have a tty to run sudo" msgstr "è necessario disporre di un tty per eseguire sudo" #: plugins/sudoers/sudoers.c:377 msgid "command in current directory" msgstr "comando nella directory corrente" #: plugins/sudoers/sudoers.c:394 msgid "sorry, you are not allowed to preserve the environment" msgstr "non è consentito preservare l'ambiente" #: plugins/sudoers/sudoers.c:725 plugins/sudoers/timestamp.c:216 #: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:326 #: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:591 #, c-format msgid "unable to stat %s" msgstr "impossibile eseguire stat su %s" #: plugins/sudoers/sudoers.c:728 #, c-format msgid "%s is not a regular file" msgstr "%s non è un file regolare" #: plugins/sudoers/sudoers.c:731 toke.l:920 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s è di proprietà dello uid %u, dovrebbe essere %u" #: plugins/sudoers/sudoers.c:735 toke.l:927 #, c-format msgid "%s is world writable" msgstr "%s è scrivibile da tutti" #: plugins/sudoers/sudoers.c:738 toke.l:932 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s è di proprietà del gid %u, dovrebbe essere %u" #: plugins/sudoers/sudoers.c:764 #, c-format msgid "only root can use `-c %s'" msgstr "solo root può usare \"-c %s\"" #: plugins/sudoers/sudoers.c:781 plugins/sudoers/sudoers.c:783 #, c-format msgid "unknown login class: %s" msgstr "classe di login sconosciuta: %s" #: plugins/sudoers/sudoers.c:815 #, c-format msgid "unable to resolve host %s" msgstr "impossibile risolvere l'host %s" #: plugins/sudoers/sudoers.c:878 plugins/sudoers/testsudoers.c:387 #, c-format msgid "unknown group: %s" msgstr "gruppo sconosciuto: %s" #: plugins/sudoers/sudoreplay.c:272 #, c-format msgid "invalid filter option: %s" msgstr "opzione di filtro non valida: %s" #: plugins/sudoers/sudoreplay.c:285 #, c-format msgid "invalid max wait: %s" msgstr "attesa massima non valida: %s" #: plugins/sudoers/sudoreplay.c:291 #, c-format msgid "invalid speed factor: %s" msgstr "fattore di velocità non valido: %s" #: plugins/sudoers/sudoreplay.c:294 plugins/sudoers/visudo.c:184 #, c-format msgid "%s version %s\n" msgstr "%s versione %s\n" #: plugins/sudoers/sudoreplay.c:326 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/timing: %s" #: plugins/sudoers/sudoreplay.c:332 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/timing: %s" #: plugins/sudoers/sudoreplay.c:348 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Riproduzione della sessione sudo: %s\n" #: plugins/sudoers/sudoreplay.c:354 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Attenzione: il terminale è troppo piccolo per riprodurre correttamente il registro.\n" #: plugins/sudoers/sudoreplay.c:355 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "La geometria del registro è %dx%d, quella del terminale è %dx%d." #: plugins/sudoers/sudoreplay.c:410 msgid "unable to set tty to raw mode" msgstr "impossibile impostare il terminale in modalità raw" #: plugins/sudoers/sudoreplay.c:441 #, c-format msgid "invalid timing file line: %s" msgstr "riga di timing del file non valida: %s" #: plugins/sudoers/sudoreplay.c:647 plugins/sudoers/sudoreplay.c:672 #, c-format msgid "ambiguous expression \"%s\"" msgstr "espressione \"%s\" ambigua" #: plugins/sudoers/sudoreplay.c:694 msgid "unmatched ')' in expression" msgstr "carattere \")\" nell'espressione non corrisposto" #: plugins/sudoers/sudoreplay.c:698 #, c-format msgid "unknown search term \"%s\"" msgstr "termine di ricerca \"%s\" sconosciuto" #: plugins/sudoers/sudoreplay.c:712 #, c-format msgid "%s requires an argument" msgstr "%s richiede un argomento" #: plugins/sudoers/sudoreplay.c:716 plugins/sudoers/sudoreplay.c:1085 #, c-format msgid "invalid regular expression: %s" msgstr "espressione regolare non valida: %s" #: plugins/sudoers/sudoreplay.c:722 #, c-format msgid "could not parse date \"%s\"" msgstr "impossibile analizzare la data \"%s\"" #: plugins/sudoers/sudoreplay.c:731 msgid "unmatched '(' in expression" msgstr "carattere \"(\" nell'espressione non corrisposto" #: plugins/sudoers/sudoreplay.c:733 msgid "illegal trailing \"or\"" msgstr "\"or\" finale non consentito" #: plugins/sudoers/sudoreplay.c:735 msgid "illegal trailing \"!\"" msgstr "carattere \"!\" finale non consentito" #: plugins/sudoers/sudoreplay.c:788 #, c-format msgid "unknown search type %d" msgstr "tipo di ricerca %d sconosciuto" #: plugins/sudoers/sudoreplay.c:825 #, c-format msgid "%s: invalid log file" msgstr "%s: file di registro non valido" #: plugins/sudoers/sudoreplay.c:843 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: manca il campo della marcatura temporale" #: plugins/sudoers/sudoreplay.c:850 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: marcatura temporale %s: %s" #: plugins/sudoers/sudoreplay.c:857 #, c-format msgid "%s: user field is missing" msgstr "%s: manca il campo utente" #: plugins/sudoers/sudoreplay.c:865 #, c-format msgid "%s: runas user field is missing" msgstr "%s: manca il campo utente di runas" #: plugins/sudoers/sudoreplay.c:873 #, c-format msgid "%s: runas group field is missing" msgstr "%s: manca il campo gruppo di runas" #: plugins/sudoers/sudoreplay.c:1225 #, c-format msgid "usage: %s [-h] [-d dir] [-m num] [-s num] ID\n" msgstr "uso: %s [-h] [-d DIR] [-m NUM] [-s NUM] ID\n" #: plugins/sudoers/sudoreplay.c:1228 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "uso: %s [-h] [-d DIR] -l [ESPRESSIONE DI RICERCA]\n" #: plugins/sudoers/sudoreplay.c:1237 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" "%s - Riproduce i registri di sessione di sudo\n" "\n" #: plugins/sudoers/sudoreplay.c:1239 msgid "" "\n" "Options:\n" " -d, --directory=dir specify directory for session logs\n" " -f, --filter=filter specify which I/O type(s) to display\n" " -h, --help display help message and exit\n" " -l, --list list available session IDs, with optional expression\n" " -m, --max-wait=num max number of seconds to wait between events\n" " -s, --speed=num speed up or slow down output\n" " -V, --version display version information and exit" msgstr "" "\n" "Opzioni:\n" " -d, --directory=DIR Specifica la directory per i registri di sessione\n" " -f, --filter=FILTRO Specifica il tipo di I/O da mostrare\n" " -h, --help Visualizza il messaggio di aiuto ed esce\n" " -l, --list Elenca gli ID di sessione disponibili corrispondenti\n" " -m, --max-wait=NUME Secondi da attendere tra gli eventi\n" " -s, --speed=NUME Velocizza o rallenta l'output\n" " -V, --version Visualizza la versione ed esce" #: plugins/sudoers/testsudoers.c:326 msgid "\thost unmatched" msgstr "\thost non corrispondente" #: plugins/sudoers/testsudoers.c:329 msgid "" "\n" "Command allowed" msgstr "" "\n" "Comando consentito" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command denied" msgstr "" "\n" "Comando negato" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command unmatched" msgstr "" "\n" "Comando non corrispondente" #: plugins/sudoers/timestamp.c:133 #, c-format msgid "timestamp path too long: %s" msgstr "percorso marcatura temporale troppo lungo: %s" #: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 #: plugins/sudoers/timestamp.c:290 #, c-format msgid "%s owned by uid %u, should be uid %u" msgstr "%s è di proprietà dell'uid %u, dovrebbe essere dell'uid %u" #: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0700" msgstr "%s è accessibile in scrittura dal non-proprietario (0%o), dovrebbe avere modalità 0700" #: plugins/sudoers/timestamp.c:284 #, c-format msgid "%s exists but is not a regular file (0%o)" msgstr "%s esiste, ma non è un file regolare (0%o)" #: plugins/sudoers/timestamp.c:296 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0600" msgstr "%s è accessibile in scrittura dal non-proprietario (0%o), dovrebbe avere modalità 0600" #: plugins/sudoers/timestamp.c:351 #, c-format msgid "timestamp too far in the future: %20.20s" msgstr "marcatura temporale troppo avanti nel tempo: %20.20s" #: plugins/sudoers/timestamp.c:405 #, c-format msgid "unable to remove %s, will reset to the Unix epoch" msgstr "impossibile rimuovere %s, viene reimpostato a Unix epoch" #: plugins/sudoers/timestamp.c:413 #, c-format msgid "unable to reset %s to the Unix epoch" msgstr "impossibile reimpostare %s a Unix epoch" #: plugins/sudoers/toke_util.c:176 msgid "fill_args: buffer overflow" msgstr "fill_args: buffer overflow" #: plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" msgstr "%s versione grammaticale %d\n" #: plugins/sudoers/visudo.c:257 plugins/sudoers/visudo.c:544 #, c-format msgid "press return to edit %s: " msgstr "premere Invio per modificare %s:" #: plugins/sudoers/visudo.c:342 plugins/sudoers/visudo.c:348 msgid "write error" msgstr "errore di scrittura" #: plugins/sudoers/visudo.c:430 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "impossibile eseguire stat sul file temporaneo (%s), %s non modificato" #: plugins/sudoers/visudo.c:435 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "file temporaneo di lunghezza pari a zero (%s), %s non modificato" #: plugins/sudoers/visudo.c:441 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "editor (%s) non riuscito, %s non modificato" #: plugins/sudoers/visudo.c:464 #, c-format msgid "%s unchanged" msgstr "%s non modificato" #: plugins/sudoers/visudo.c:489 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "impossibile riaprire il file temporaneo (%s), %s non modificato" #: plugins/sudoers/visudo.c:499 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "impossibile analizzare il file temporaneo (%s), errore sconosciuto" #: plugins/sudoers/visudo.c:535 #, c-format msgid "internal error, unable to find %s in list!" msgstr "errore interno, impossibile trovare %s nell'elenco." #: plugins/sudoers/visudo.c:593 plugins/sudoers/visudo.c:602 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "impossibile impostare (uid, gid) di %s a (%u, %u)" #: plugins/sudoers/visudo.c:597 plugins/sudoers/visudo.c:607 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "impossibile modificare la modalità di %s a 0%o" #: plugins/sudoers/visudo.c:624 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s e %s non sono sullo stesso file system, viene usato \"mv\" per rinominare" #: plugins/sudoers/visudo.c:638 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "comando non riuscito: \"%s %s %s\", %s non modificato" #: plugins/sudoers/visudo.c:648 #, c-format msgid "error renaming %s, %s unchanged" msgstr "errore nel rinominare %s, %s non è stato modificato" #: plugins/sudoers/visudo.c:710 msgid "What now? " msgstr "Che fare ora?" #: plugins/sudoers/visudo.c:724 msgid "" "Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" "Le opzioni sono:\n" " (e) Modifica nuovamente il file sudoers\n" " (x) Esce senza salvare le modifiche al file sudoers\n" " (Q) Esce e salva le modifiche al file sudoers (pericoloso)\n" #: plugins/sudoers/visudo.c:772 #, c-format msgid "unable to run %s" msgstr "impossibile avviare %s" #: plugins/sudoers/visudo.c:798 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: proprietario errato (uid, gid), dovrebbe essere (%u, %u)\n" #: plugins/sudoers/visudo.c:805 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: permessi errati, dovrebbe avere modalità 0%o\n" #: plugins/sudoers/visudo.c:830 plugins/sudoers/visudo_json.c:1009 #, c-format msgid "failed to parse %s file, unknown error" msgstr "analisi del file %s non riuscita, errore sconosciuto" #: plugins/sudoers/visudo.c:846 plugins/sudoers/visudo_json.c:1018 #, c-format msgid "parse error in %s near line %d\n" msgstr "errore di analisi in %s vicino alla riga %d\n" #: plugins/sudoers/visudo.c:849 plugins/sudoers/visudo_json.c:1021 #, c-format msgid "parse error in %s\n" msgstr "errore di analisi in %s\n" #: plugins/sudoers/visudo.c:857 plugins/sudoers/visudo.c:864 #, c-format msgid "%s: parsed OK\n" msgstr "%s: analisi effettuata correttamente\n" #: plugins/sudoers/visudo.c:910 #, c-format msgid "%s busy, try again later" msgstr "%s occupato, riprovare" #: plugins/sudoers/visudo.c:954 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "l'editor specificato (%s) non esiste" #: plugins/sudoers/visudo.c:977 #, c-format msgid "unable to stat editor (%s)" msgstr "impossibile eseguire stat sull'editor (%s)" #: plugins/sudoers/visudo.c:1025 #, c-format msgid "no editor found (editor path = %s)" msgstr "nessun editor trovato (percorso dell'editor = %s)" #: plugins/sudoers/visudo.c:1118 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "Errore: ciclo in %s_Alias \"%s\"" #: plugins/sudoers/visudo.c:1119 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "Attenzione: ciclo in %s_Alias \"%s\"" #: plugins/sudoers/visudo.c:1125 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "Errore: riferimento a \"%2$s\" %1$s_Alias, ma non definito" #: plugins/sudoers/visudo.c:1126 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "Attenzione: riferimento a \"%2$s\" %1$s_Alias, ma non definito" #: plugins/sudoers/visudo.c:1268 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%1$s: %3$s di %2$s_Alias non utilizzato" #: plugins/sudoers/visudo.c:1330 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "%s - Modifica in sicurezza il file sudoers\n" #: plugins/sudoers/visudo.c:1332 msgid "" "\n" "Options:\n" " -c, --check check-only mode\n" " -f, --file=file specify sudoers file location\n" " -h, --help display help message and exit\n" " -q, --quiet less verbose (quiet) syntax error messages\n" " -s, --strict strict syntax checking\n" " -V, --version display version information and exit\n" " -x, --export=file export sudoers in JSON format" msgstr "" "\n" "Opzioni:\n" " -c, --check Modalità solo verifica\n" " -f, --file=FILE Specifica la posizione del file sudoers\n" " -h, --help Visualizza il messaggio di aiuto ed esce\n" " -q, --quiet Messaggi di errore meno prolissi\n" " -s, --strict Verifica precisa della sintassi\n" " -V, --version Visualizza la versione ed esce\n" " -x, --export=FILE Esporta il file sudoers in formato JSON" #: toke.l:892 msgid "too many levels of includes" msgstr "troppi livelli di inclusioni" sudo-1.8.9p5/plugins/sudoers/po/ja.mo010064400175440000012000001216101226304146200170570ustar00millertstaffÞ•O” Á "3CVf{‘Œ/BQap‚<“Ð#ð9 N &g )Ž ¸ Ï Fè @/!#p!#”!¸!Í!!è!$ "/" G"T"3c"3—"Ë"Ô"ñ"#+ #(5#^#;t#°#"¿#!â#$$#)$M$ j$&‹$&²$Ù$.ð$%"%d>%A£%9å%&=&Y&>t&?³&2ó&#&'!J'4l'?¡'á'.ù'((#E(i(#…(1©(<Û(*)"C) f)/‡)·)$Õ)@ú)/;*k*8†*<¿*Fü*3C+w+‹+5ª+mà+)N,:x,$³,'Ø,=-->-'l-)”-*¾-/é-.').2Q.?„.Ä.-R/3€/%´/ Ú/ ä/(ï/0-0(F0.o0%ž0EÄ0+ 1=616t1G«1ó125.2(d232Á2,Ó233343h35…3'»35ã3&4:@4{4“4.¯4=Þ4C5'`5"ˆ5 «5!Ì57î5?&6Af6V¨6“ÿ6'“7»7CÓ708LH8*•85À8)ö8F 9'g9191Á9ó9@: T:7_:9—:Ñ:3è:;6;F;^;u;‹;ž;µ;(Õ;þ;</< I<j<(Š<&³<Ú<õ<==O%=u=Š= =*¼=/ç=)>A>]>w>#Œ>°>Â>á>ü>?5?R?#b?†?š?(°?"Ù?"ü?@(&@O@k@~@!˜@º@Ï@á@ó@A%AEAYAnAˆA6¦AIÝA&'B#NB\rB)ÏB8ùB(2C2[C,ŽC2»C"îCD(-DVD*rDD°D"ÊDíD+ E&5E(\E+…E&±E'ØE"F#FAF_FF*F$ÈFíFGG1GFG_G xG*™GÄGÓGæGH%H>H\H uH,–HÃH!ãH I&I9IKIgI‡I4ŸIÔIæI1J3JSJmJ~J*›J'ÆJ îJK-KLK^K0yKªK3ÀKôK L&L8LPLiLyLŠL¦LÂL5àLAMXMtMˆM%›M%ÁM çMóM*N#9N&]N-„Në²NžP%¾P%äP+ Q6QHQp^Q5ÏRUU/UBUVUeUwU0ˆU9¹U3óU}'V?¥VEåVF+WrW-Wz½Wa8XUšXaðX'RY8zYE³YuùYoZ‹Z§Zy¾Zy8[²[%»[á[û[?\XB\(›\xÄ\)=]/g],—];Ä]H^+I^Eu^W»^0_.D_ls_à_ã_£`~¤`L#a%pa%–a0¼axía„fbKëb57c>mcW¬c{d €d=Žd1Ìd-þd=,eFje@±eKòe(>fgffR›f4îf3#gTWg:¬g.çgehx|htõhGji)²i7ÜiNjºcjBkKak9­k?çkK'lTslBÈlP mN\mK«m0÷m((n:QniŒnæön=ÝoWp=sp±pÂp:Ôpq%/q5Uq-‹qP¹q` r_kruËrxAs{ºsQ6t,ˆtIµtQÿt9Qu2‹uL¾uU vXav#ºvrÞvQQwf£wE xwPxÈxçx5yq°‡Aï‡/1ˆaˆ1€ˆ%²ˆ/؈‰(‰H‰'h‰$‰4µ‰ê‰5Š9ŠRŠ3mŠ"¡ŠGÄŠ ‹H#‹)l‹–‹)®‹-Ø‹ŒŒ3-Œ4aŒ@–ŒA׌55OA…3Ç]ûjYŽOÄŽ6—K1ãU8kP¤EõY;‘U•‘4ë‘H ’0i’Iš’ä’0“"4“-W“S…“NÙ“L(”Su”NÉ”L•De•;ª•;æ•1"–0T–*…–,°–Ý–/ù–()—R—n—Ž—.®—7Ý—˜*˜3C˜"w˜Hš˜$㘙.(™DW™5œ™8Ò™4 š.@šoš3…š,¹šæš`›g›#ƒ›G§›0ï›. œOœ6kœM¢œGðœN8-‡*µ,à> ž_Lž*¬žTמ!,Ÿ*NŸyŸ(™ŸŸ(០  *  K 8l 9¥ Eß 9%¡-_¡¡4©¡:Þ¡¢'5¢E]¢:£¢ZÞ¢N9£JÌ~_ÓÆáéHMyUlO=šØ # åò• Cý:";@SžùE9’:5±%êɬ>2|­A2ÔW(#4§ÃH«”uœŽèí'ÕY ´„+©ÅóZbI†-9 ‹3)=¸¤ tæ,Úð¾.à˜!³kn¦¶8<LQGïÁÄë)ÂѰþ0…ÒÜDNCD&3KÝ8ñ“[d> û²ËöKìç 6FwÊŠã7÷+/׌'âo¨a$*ô€r;&F0G ‘]1¯6LÞ!,$?õÎRX¡x1qÙ<üB.¼Mª·ßÖVÀ`¿È»Nj*O¥—µ fÛøƒ^I‡‰¹®£4(5E{T›\‚iÏîg"pú B@¢%½Ÿ™-/ºcsäÍ7ÐP?–Jˆ} ÇmehzA ÿv host unmatched Command allowed Command denied Command unmatched LDAP Role: %s LDAP Role: UNKNOWN Options: -c check-only mode -f sudoers specify sudoers file location -h display help message and exit -q less verbose (quiet) syntax error messages -s strict syntax checking -V display version information and exit Options: -d directory specify directory for session logs -f filter specify which I/O type to display -h display help message and exit -l [expression] list available session IDs that match expression -m max_wait max number of seconds to wait between events -s speed_factor speed up or slow down output -V display version information and exit Sudoers entry: Sudoers path: %s Commands: Commands: Order: %s RunAsGroups: RunAsUsers: %d incorrect password attempt%d incorrect password attempts%s - replay sudo session logs %s - safely edit the sudoers file %s and %s not on the same file system, using mv to rename%s busy, try again later%s exists but is not a directory (0%o)%s exists but is not a regular file (0%o)%s grammar version %d %s is not a regular file%s is not allowed to run sudo on %s. This incident will be reported. %s is not in the sudoers file. This incident will be reported. %s is owned by gid %u, should be %u%s is owned by uid %u, should be %u%s is world writable%s must be owned by uid %d%s must only be writable by owner%s owned by uid %u, should be uid %u%s requires an argument%s unchanged%s version %s %s writable by non-owner (0%o), should be mode 0600%s writable by non-owner (0%o), should be mode 0700%s%s: %s%s/%.2s/%.2s/%.2s/timing: %s%s/%s/timing: %s%s: %s%s: Cannot verify TGT! Possible attack!: %s%s: bad permissions, should be mode 0%o %s: command not found%s: incompatible group plugin major version %d, expected %d%s: parsed OK %s: unable to allocate options: %s%s: unable to get credentials: %s%s: unable to get host principal: %s%s: unable to initialize ccache: %s%s: unable to parse '%s': %s%s: unable to resolve ccache: %s%s: unable to store cred in ccache: %s%s: unable to unparse princ ('%s'): %s%s: unused %s_Alias %s%s: wrong owner (uid, gid) should be (%u, %u) : >>> %s: %s near line %d <<<Account expired or PAM config lacks an "account" section for sudo, contact your system administratorAccount or password is expired, reset your password and try againAdd an entry to the utmp/utmpx file when allocating a ptyAddress to send mail from: %sAddress to send mail to: %sAlias `%s' already definedAllow some information gathering to give useful error messagesAllow sudo to prompt for a password even if it would be visibleAllow users to set arbitrary environment variablesAlways run commands in a pseudo-ttyAlways send mail when sudo is runAlways set $HOME to the target user's home directoryApply defaults in the target user's login class if there is oneAuthentication methods:Authentication timestamp timeout: %.1f minutesCompress I/O logs using zlibCould not determine audit conditionDefault password prompt: %sDefault user to run commands as: %sDirectory in which to store input/output logs: %sDon't initialize the group vector to that of the target userEnvironment variables to check for sanity:Environment variables to preserve:Environment variables to remove:Error: %s_Alias `%s' referenced but not definedError: cycle in %s_Alias `%s'File containing the sudo lecture: %sFile descriptors >= %d will be closed before executing a commandFile in which to store the input/output log: %sFlags for mail program: %sIf LDAP directory is up, do we ignore local sudoers fileIf set, passprompt will override system prompt in all cases.If set, users may override the value of `closefrom' with the -C optionIf sudo is invoked with no arguments, start a shellIgnore '.' in $PATHIncorrect password message: %sInsult the user when they enter an incorrect passwordInvalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication.Lecture user the first time they run sudoLength at which to wrap log file lines (0 for no wrap): %dLocal IP address and netmask pairs: Locale to use while parsing sudoers: %sLog geometry is %d x %d, your terminal's geometry is %d x %d.Log the hostname in the (non-syslog) log fileLog the output of the command being runLog the year in the (non-syslog) log fileLog user's input for the command being runMatching Defaults entries for %s on this host: No user or hostNumber of tries to enter a password: %dOnly allow the user to run sudo if they have a ttyOnly set the effective uid to the target user, not the real uidOptions are: (e)dit sudoers file again e(x)it without saving changes to sudoers file (Q)uit and save changes to sudoers file (DANGER!) Owner of the authentication timestamp dir: %sPassword expired, contact your system administratorPassword prompt timeout: %.1f minutesPassword:Password: Path to authentication timestamp dir: %sPath to log file: %sPath to mail program: %sPath to the editor for use by visudo: %sPath to the sudo-specific environment file: %sPlugin for non-Unix group support: %sPreload the dummy exec functions contained in the sudo_noexec libraryPrompt for root's password, not the users'sPrompt for the runas_default user's password, not the users'sPrompt for the target user's password, not the users'sProvide visual feedback at the password prompt when there is user inputPut OTP prompt on its own lineReplaying sudo session: %s Require fully-qualified hostnames in the sudoers fileRequire users to authenticate by defaultReset the environment to a default set of variablesRoot may run sudoRunas and Command-specific defaults for %s: SELinux role to use in the new security context: %sSELinux type to use in the new security context: %sSecurID communication failedSend mail if the user is not allowed to run a commandSend mail if the user is not in sudoersSend mail if the user is not in sudoers for this hostSend mail if user authentication failsSet $HOME to the target user when starting a shell with -sSet of limit privilegesSet of permitted privilegesSet the LOGNAME and USER environment variablesSet the user in utmp to the runas user, not the invoking userSorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s. Sorry, user %s may not run sudo on %s. Subject line for mail messages: %sSudoers file grammar version %d Sudoers policy plugin version %s Syslog facility if syslog is being used for logging: %sSyslog priority to use when user authenticates successfully: %sSyslog priority to use when user authenticates unsuccessfully: %sThe umask specified in sudoers will override the user's, even if it is more permissiveThere are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option.Umask to use or 0777 to use user's: 0%oUnable to dlopen %s: %sUnable to initialize SSS source. Is SSSD installed on your machine?Use a separate timestamp for each user/tty comboUse faster globbing that is less accurate but does not access the filesystemUser %s is not allowed to run sudo on %s. User %s may run the following commands on this host: User ID locked for SecurID AuthenticationUsers in this group are exempt from password and PATH requirements: %sValue to override user's $PATH with: %sVisudo will honor the EDITOR environment variableWarning: %s_Alias `%s' referenced but not definedWarning: cycle in %s_Alias `%s'Warning: your terminal is too small to properly replay the log. What now? When to require a password for 'list' pseudocommand: %sWhen to require a password for 'verify' pseudocommand: %sa password is requiredaccount validation failure, is your account locked?ambiguous expression "%s"au_open: failedau_to_exec_args: failedau_to_return32: failedau_to_subject: failedau_to_text: failedauthentication failureauthentication server error: %scommand failed: '%s %s %s', %s unchangedcommand in current directorycommand not allowedcould not parse date "%s"editor (%s) failed, %s unchangederror renaming %s, %s unchangedfailed to initialise the ACE API libraryfailed to parse %s file, unknown errorfill_args: buffer overflowgetaudit: failedgetauid failedgetauid: failedignoring `%s' found in '.' Use `sudo ./%s' if this is the `%s' you wish to run.illegal trailing "!"illegal trailing "or"internal error, %s overflowinternal error, unable to find %s in list!internal error: insufficient space for log lineinvalid Authentication Handle for SecurIDinvalid authentication typeinvalid filter option: %sinvalid max wait: %sinvalid passcode length for SecurIDinvalid regex: %sinvalid regular expression: %sinvalid sequence number %sinvalid speed factor: %sinvalid sudoOrder attribute: %sinvalid timing file line: %sinvalid uri: %sinvalid username length for SecurIDldap.conf path: %s ldap.secret path: %s lost connection to authentication servernanosleep: tv_sec %ld, tv_nsec %ldno editor found (editor path = %s)no ttyno valid sudoers sources found, quittingno value specified for `%s'nsswitch path: %s only root can use `-c %s'option `%s' does not take a valuepam_authenticate: %spam_chauthtok: %sparse error in %sparse error in %s parse error in %s near line %dparse error in %s near line %d perm stack overflowperm stack underflowpress return to edit %s: problem with defaults entriessorry, you are not allowed to preserve the environmentsorry, you are not allowed to set the following environment variables: %ssorry, you must have a tty to run sudospecified editor (%s) doesn't existstart_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()sudo_ldap_build_pass1 allocation mismatchsudo_ldap_conf_add_ports: out of space expanding hostbufsudo_ldap_conf_add_ports: port too largesudo_ldap_parse_uri: out of space building hostbufsudo_putenv: corrupted envp, length mismatchsudoers specifies that root is not allowed to sudotimestamp owner (%s): No such usertimestamp path too long: %stimestamp too far in the future: %20.20stoo many levels of includestoo many parenthesized expressions, max %dtoo many processesunable to allocate memoryunable to begin bsd authenticationunable to build time filterunable to cache gid %u (%s), already existsunable to cache gid %u, already existsunable to cache group %s, already existsunable to cache uid %u (%s), already existsunable to cache uid %u, already existsunable to cache user %s, already existsunable to change mode of %s to 0%ounable to change to runas gidunable to change to runas uidunable to change to sudoers gidunable to commit audit recordunable to connect to authentication serverunable to contact the SecurID serverunable to create %sunable to dlopen %s: %sunable to dup stdin: %munable to execute %sunable to execute %s: %munable to execute %s: %sunable to find symbol "%s" in %sunable to find symbol "group_plugin" in %sunable to forkunable to fork: %munable to format timestampunable to get GMT timeunable to get login class for user %sunable to initialize LDAP: %sunable to initialize PAMunable to initialize SIA sessionunable to initialize SSL cert and key db: %sunable to lock log file: %s: %sunable to mix ldap and ldaps URIsunable to mix ldaps and starttlsunable to mkdir %sunable to open %sunable to open audit systemunable to open log file: %s: %sunable to open pipe: %munable to re-open temporary file (%s), %s unchanged.unable to read %sunable to read fwtk configunable to remove %s (%s), will reset to the epochunable to reset %s to the epochunable to resolve host %sunable to run %sunable to send audit messageunable to set (uid, gid) of %s to (%u, %u)unable to set locale to "%s", using "C"unable to set runas group vectorunable to set tty to raw modeunable to setup authenticationunable to stat %sunable to stat editor (%s)unable to stat temporary file (%s), %s unchangedunable to write to %sunabled to parse temporary file (%s), unknown errorunknown SecurID errorunknown defaults entry `%s'unknown group: %sunknown login class: %sunknown search term "%s"unknown uid: %uunknown user: %sunmatched '(' in expressionunmatched ')' in expressionunsupported LDAP uri type: %susage: %s [-h] [-d directory] -l [search expression] usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID user NOT authorized on hostuser NOT in sudoersvalidation failurevalue `%s' is invalid for option `%s'values for `%s' must start with a '/'write errorwriting to standard outputyou are not permitted to use the -C optionyou do not exist in the %s databaseyou must set TLS_CERT in %s to use SSLzero length temporary file (%s), %s unchangedProject-Id-Version: sudoers 1.8.6b4 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2012-08-10 13:08-0400 PO-Revision-Date: 2012-08-18 19:27+0900 Last-Translator: Takeshi Hamasaki Language-Team: Japanese Language: ja MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=1; plural=0; X-Poedit-Basepath: /factory/ja-po/sudoers/sudo-1.8.5rc3 ホストãŒä¸€è‡´ã—ã¾ã›ã‚“ コマンドãŒè¨±å¯ã•れã¾ã—ãŸ ã‚³ãƒžãƒ³ãƒ‰ãŒæ‹’å¦ã•れã¾ã—㟠コマンドãŒä¸€è‡´ã—ã¾ã›ã‚“ã§ã—㟠LDAP 役割: %s LDAP 役割: 䏿˜Ž オプション: -c 検査ã®ã¿ã‚’行ㆠ-f sudoers sudoers ファイルã®ä½ç½®ã‚’指定ã™ã‚‹ -h ヘルプメッセージを表示ã—ã¦çµ‚了ã™ã‚‹ -q 文法エラーメッセージをより少ãªã (é™ã‹ã«) ã™ã‚‹ -s åŽ³å¯†ãªæ–‡æ³•検査を行ㆠ-V ãƒãƒ¼ã‚¸ãƒ§ãƒ³æƒ…報を表示ã—ã¦çµ‚了ã™ã‚‹ オプション: -d directory セッションログã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’指定ã™ã‚‹ -f filter 表示ã™ã‚‹ I/O タイプを指定ã™ã‚‹ -h ヘルプメッセージを表示ã—ã¦çµ‚了ã™ã‚‹ -l [expression] expression ã«ä¸€è‡´ã™ã‚‹ä½¿ç”¨å¯èƒ½ãªã‚»ãƒƒã‚·ãƒ§ãƒ³ID を一覧表示ã™ã‚‹ -m max_wait イベント間ã®å¾…ã¡æ™‚é–“ã®æœ€å¤§ç§’数を指定ã™ã‚‹ -s speed_factor 出力速度を速ãã™ã‚‹ã€ã¾ãŸã¯é…ãã™ã‚‹ -V ãƒãƒ¼ã‚¸ãƒ§ãƒ³æƒ…報を表示ã—ã¦çµ‚了ã™ã‚‹ sudoers é …ç›®: sudoers ã®ãƒ‘ス: %s コマンド: コマンド: Order: %s RunAsGroups: RunAsUsers: %d 回パスワード試行を間é•ãˆã¾ã—ãŸ%s - sudo セッションログをリプレイã—ã¾ã™ %s - sudoers ファイルを安全ã«ç·¨é›†ã™ã‚‹ %s 㨠%s ã¯åŒã˜ãƒ•ァイルシステム上ã«ã‚りã¾ã›ã‚“。åå‰ã‚’変更ã™ã‚‹ãŸã‚ã« mv を使用ã—ã¦ã„ã¾ã™%s ãŒãƒ“ジー状態ã§ã™ã€‚後ã§å†è©¦è¡Œã—ã¦ãã ã•ã„%s ãŒå­˜åœ¨ã—ã¾ã™ãŒãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã§ã¯ã‚りã¾ã›ã‚“ (0%o)%s ãŒå­˜åœ¨ã—ã¾ã™ãŒé€šå¸¸ãƒ•ァイル (0%o) ã§ã¯ã‚りã¾ã›ã‚“%s 文法ãƒãƒ¼ã‚¸ãƒ§ãƒ³ %d %s ã¯é€šå¸¸ãƒ•ァイルã§ã¯ã‚りã¾ã›ã‚“%s 㯠%s 上㧠sudo を実行ã™ã‚‹ã“ã¨ã‚’許å¯ã•れã¦ã„ã¾ã›ã‚“。ã“ã®äº‹è±¡ã¯è¨˜éŒ²ãƒ»å ±å‘Šã•れã¾ã™ã€‚ %s 㯠sudoers ファイル内ã«ã‚りã¾ã›ã‚“。ã“ã®äº‹è±¡ã¯è¨˜éŒ²ãƒ»å ±å‘Šã•れã¾ã™ã€‚ %s ã®ã‚°ãƒ«ãƒ¼ãƒ—ID㯠%u ã«ãªã£ã¦ã„ã¾ã™ã€‚ã“れ㯠%u ã§ã‚ã‚‹ã¹ãã§ã™%s ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ID %u ã«ã‚ˆã£ã¦æ‰€æœ‰ã•れã¦ã„ã¾ã™ã€‚ã“れ㯠%u ã§ã‚ã‚‹ã¹ãã§ã™%s ã¯èª°ã§ã‚‚書ãè¾¼ã¿å¯èƒ½ã§ã™%s ã®æ‰€æœ‰è€…㯠uid %d ã§ãªã‘れã°ã„ã‘ã¾ã›ã‚“%s ã¯æ‰€æœ‰è€…ã®ã¿æ›¸ãè¾¼ã¿å¯èƒ½ã§ãªã‘れã°ã„ã‘ã¾ã›ã‚“%s ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ID (uid) %u ã«ã‚ˆã£ã¦æ‰€æœ‰ã•れã¦ã„ã¾ã™ã€‚ã“れã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ID %u ã§ã‚ã‚‹ã¹ãã§ã™%s ã¯å¼•æ•°ãŒå¿…è¦ã§ã™%s ã¯å¤‰æ›´ã•れã¾ã›ã‚“%s ãƒãƒ¼ã‚¸ãƒ§ãƒ³ %s %s ã¯æ‰€æœ‰è€…以外ã§ã‚‚書ãè¾¼ã¿å¯èƒ½ (0%o) ã§ã™ã€‚アクセス権é™ã®ãƒ¢ãƒ¼ãƒ‰ã¯ 0600 ã§ã‚ã‚‹ã¹ãã§ã™%s ã¯æ‰€æœ‰è€…以外ã§ã‚‚書ãè¾¼ã¿å¯èƒ½ (0%o) ã§ã™ã€‚アクセス権é™ã®ãƒ¢ãƒ¼ãƒ‰ã¯ 0700 ã§ã‚ã‚‹ã¹ãã§ã™%s%s: %s%s/%.2s/%.2s/%.2s/タイミング: %s%s/%s/タイミング: %s%s: %s%s: TGT を検証ã§ãã¾ã›ã‚“! ãŠãã‚‰ãæ”»æ’ƒã§ã™!: %s%s: アクセス権é™ã«èª¤ã‚ŠãŒã‚りã¾ã™ã€‚モード㯠0%o ã§ã‚ã‚‹ã¹ãã§ã™ %s: コマンドãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“%s: äº’æ›æ€§ã®ãªã„グループプラグインメジャーãƒãƒ¼ã‚¸ãƒ§ãƒ³ %d ã§ã™ã€‚予期ã•れるã®ã¯ %d ã§ã™%s: æ­£ã—ãæ§‹æ–‡è§£æžã•れã¾ã—㟠%s: オプションを設定ã§ãã¾ã›ã‚“: %s%s: 資格情報をå–å¾—ã§ãã¾ã›ã‚“: %s%s: ホストプリンシパルをå–å¾—ã§ãã¾ã›ã‚“: %s%s: 資格情報キャッシュ (ccache) ã‚’åˆæœŸåŒ–ã§ãã¾ã›ã‚“: %s%s: '%s' を構文解æžã§ãã¾ã›ã‚“: %s%s: 資格情報キャッシュ (ccache) を解決ã§ãã¾ã›ã‚“: %s%s: 資格情報を資格情報キャッシュ (ccache) 内ã«ä¿å­˜ã§ãã¾ã›ã‚“: %s%s: princ ('%s') を符å·åŒ–ã§ãã¾ã›ã‚“: %s%s: %s_Alias %s ã¯ä½¿ç”¨ã•れã¦ã„ã¾ã›ã‚“%s: 所有権ã«èª¤ã‚ŠãŒã‚りã¾ã™ã€‚(ユーザーID, グループID) 㯠(%u, %u) ã§ã‚ã‚‹ã¹ãã§ã™ : >>> %s: %s (%d行付近) <<<ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®æœŸé™åˆ‡ã‚Œã€ã¾ãŸã¯ sudo 用㮠PAM 設定㫠"account" セクションãŒã‚りã¾ã›ã‚“。システム管ç†è€…ã«é€£çµ¡ã—ã¦ãã ã•ã„アカウントã¾ãŸã¯ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãŒæœŸé™åˆ‡ã‚Œã§ã™ã€‚パスワードをリセットã—ã¦å†è©¦è¡Œã—ã¦ãã ã•ã„pty を割り当ã¦ãŸæ™‚ã« utmp/utmpx ファイルã«è¨˜éŒ²ã‚’加ãˆã¾ã™ãƒ¡ãƒ¼ãƒ«ã®é€ä¿¡å…ƒã‚¢ãƒ‰ãƒ¬ã‚¹: %sメールã®é€ä¿¡å…ˆã‚¢ãƒ‰ãƒ¬ã‚¹: %s別å `%s' ã¯ã™ã§ã«å®šç¾©ã•れã¦ã„ã¾ã™å½¹ã«ç«‹ã¤ã‚¨ãƒ©ãƒ¼ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’表示ã™ã‚‹ãŸã‚ã«ã„ãã¤ã‹ã®æƒ…報をåŽé›†ã™ã‚‹ã“ã¨ã‚’許å¯ã—ã¾ã™ãƒ‘スワードãŒè¡¨ç¤ºã•れã¦ã—ã¾ã†çŠ¶æ…‹ã§ã‚ã£ã¦ã‚‚ sudo ãŒãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰å…¥åŠ›ã‚’è¦æ±‚ã™ã‚‹ã“ã¨ã‚’許å¯ã—ã¾ã™ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒä»»æ„ã®ç’°å¢ƒå¤‰æ•°ã‚’設定ã™ã‚‹ã“ã¨ã‚’許å¯ã—ã¾ã™å¸¸ã«ç–‘ä¼¼ tty 内ã§ã‚³ãƒžãƒ³ãƒ‰ã‚’実行ã—ã¾ã™sudo を実行ã—ãŸæ™‚ã«ã€å¸¸ã«ãƒ¡ãƒ¼ãƒ«ã‚’é€ä¿¡ã—ã¾ã™$HOME を常ã«å¤‰æ›´å¾Œã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ›ãƒ¼ãƒ ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«è¨­å®šã—ã¾ã™å¤‰æ›´å…ˆãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ­ã‚°ã‚¤ãƒ³ã‚¯ãƒ©ã‚¹ã®ãƒ‡ãƒ•ォルトãŒå­˜åœ¨ã™ã‚‹å ´åˆã¯ã€ãƒ‡ãƒ•ォルトをé©ç”¨ã—ã¾ã™èªè¨¼æ–¹æ³•:èªè¨¼ã‚¿ã‚¤ãƒ ã‚¹ã‚¿ãƒ³ãƒ—ã®ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆå€¤: %.1f 分I/O ログを zlib を使用ã—ã¦åœ§ç¸®ã—ã¾ã™ç›£æŸ»æ¡ä»¶ã‚’決定ã§ãã¾ã›ã‚“ã§ã—ãŸãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰å…¥åŠ›è¦æ±‚時ã«è¡¨ç¤ºã•れる文字列: %sコマンドを実行ã™ã‚‹ãƒ‡ãƒ•ォルトã®å¤‰æ›´å…ˆãƒ¦ãƒ¼ã‚¶ãƒ¼: %s入出力 (I/O) ログをä¿å­˜ã™ã‚‹ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã§ã™:%sグループベクトルを変更先ユーザーã®å€¤ã§åˆæœŸåŒ–ã—ãªã„正当性ã®ç¢ºèªã‚’行ã†ç’°å¢ƒå¤‰æ•°:ä¿è­·ã™ã‚‹ç’°å¢ƒå¤‰æ•°:削除ã™ã‚‹ç’°å¢ƒå¤‰æ•°:エラー: %s_Alias `%s' ã¯å‚ç…§ã•れã¦ã„ã¾ã™ãŒå®šç¾©ã•れã¦ã„ã¾ã›ã‚“エラー: %s_Alias `%s' 内ã«å¾ªç’°ãŒã‚りã¾ã™sudo ã®è¬›ç¾©ãŒå«ã¾ã‚Œã¦ã„るファイル: %s%d 以上ã®å€¤ã‚’ã‚‚ã¤ãƒ•ァイル記述å­ã‚’コマンド実行å‰ã«é–‰ã˜ã¾ã™å…¥å‡ºåŠ› (I/O) ログをä¿å­˜ã™ã‚‹ãƒ•ァイルã§ã™:%sメールプログラムã®å¼•数フラグ: %sLDAP ディレクトリãŒå®Ÿè¡Œä¸­ã®å ´åˆã€ãƒ­ãƒ¼ã‚«ãƒ«ã® sudoers ファイルを無視ã—ã¾ã™è¨­å®šã—ãŸå ´åˆã€ã™ã¹ã¦ã®å ´åˆã«ãŠã„㦠passprompt ãŒã‚·ã‚¹ãƒ†ãƒ ã®å…¥åŠ›è¦æ±‚表示を上書ãã—ã¾ã™è¨­å®šã—ãŸå ´åˆã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒ `closefrom' ã®å€¤ã‚’ -C オプションã§ä¸Šæ›¸ãã™ã‚‹ã‹ã‚‚ã—れã¾ã›ã‚“sudo を引数無ã—ã§èµ·å‹•ã—ãŸå ´åˆã€ã‚·ã‚§ãƒ«ã‚’é–‹å§‹ã—ã¾ã™$PATH 内ã«ã‚ã‚‹ '.' を無視ã—ã¾ã™ãƒ‘スワードを間é•ã£ãŸæ™‚ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸: %sé–“é•ã£ãŸãƒ‘スワードを入力ã—ãŸæ™‚ã«ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚’侮辱ã—ã¾ã™ç„¡åйãªèªè¨¼æ–¹æ³•㌠sudo ã®ã‚³ãƒ³ãƒ‘イル時ã«çµ„ã¿è¾¼ã¾ã‚Œã¦ã„ã¾ã™! スタンドアローンã¨éžã‚¹ã‚¿ãƒ³ãƒ‰ã‚¢ãƒ­ãƒ¼ãƒ³èªè¨¼ã‚’組ã¿åˆã‚ã›ã¦ã„るよã†ã§ã™ã€‚ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒæœ€åˆã« sudo を実行ã—ãŸæ™‚ã«è¬›ç¾©ã‚’行ã†ãƒ­ã‚°ãƒ•ã‚¡ã‚¤ãƒ«ã®æ”¹è¡Œã™ã‚‹é•·ã• (0 ã®å ´åˆã¯æ”¹è¡Œã—ãªã„): %dローカル IP アドレスã¨ãƒãƒƒãƒˆãƒžã‚¹ã‚¯ã®çµ„: sudoers を構文解æžã™ã‚‹æ™‚ã«ä½¿ç”¨ã™ã‚‹ãƒ­ã‚±ãƒ¼ãƒ«: %sログã®å¤§ãã•㯠%d x %d ã§ã€ç«¯æœ«ã®å¤§ãã•㯠%d x %d ã§ã™ã€‚ ログファイル (syslog 以外) ã«è¨˜éŒ²ã™ã‚‹æ™‚ã«ãƒ›ã‚¹ãƒˆåã‚’å«ã‚ã¾ã™ã‚³ãƒžãƒ³ãƒ‰ã‚’実行ã—ãŸæ™‚ã®å‡ºåŠ›ã‚’ãƒ­ã‚°ã«è¨˜éŒ²ã—ã¾ã™ãƒ­ã‚°ãƒ•ァイル (syslog 以外) ã«è¨˜éŒ²ã™ã‚‹æ™‚ã«å¹´æƒ…報をå«ã‚ã¾ã™ã‚³ãƒžãƒ³ãƒ‰ã‚’実行ã—ãŸæ™‚ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼å…¥åŠ›ã‚’ãƒ­ã‚°ã«è¨˜éŒ²ã—ã¾ã™ã“ã®ãƒ›ã‚¹ãƒˆä¸Šã§ãƒ¦ãƒ¼ã‚¶ãƒ¼ %s ã«ä¸€è‡´ã—ãŸãƒ‡ãƒ•ォルト項目: ユーザーã¾ãŸã¯ãƒ›ã‚¹ãƒˆãŒã‚りã¾ã›ã‚“パスワード入力ã®è©¦è¡Œå›žæ•°: %dtty ãŒã‚ã‚‹å ´åˆã®ã¿ sudo ã®å®Ÿè¡Œã‚’許å¯ã—ã¾ã™å®ŸåŠ¹ãƒ¦ãƒ¼ã‚¶ãƒ¼IDã®ã¿å¤‰æ›´å…ˆãƒ¦ãƒ¼ã‚¶ãƒ¼ã® UID ã«è¨­å®šã—ã€å®Ÿãƒ¦ãƒ¼ã‚¶ãƒ¼IDã¯å¤‰æ›´ã—ãªã„オプション: e -- sudoers ファイルをå†åº¦ç·¨é›†ã—ã¾ã™ x -- sudoers ファイルã¸ã®å¤‰æ›´ã‚’ä¿å­˜ã›ãšã«çµ‚了ã—ã¾ã™ Q -- sudoers ファイルã¸ã®å¤‰æ›´ã‚’ä¿å­˜ã—ã¦çµ‚了ã—ã¾ã™ (*å±é™ºã§ã™!*) èªè¨¼ã‚¿ã‚¤ãƒ ã‚¹ã‚¿ãƒ³ãƒ—ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã®æ‰€æœ‰è€…: %sãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãŒæœŸé™åˆ‡ã‚Œã§ã™ã€‚システム管ç†è€…ã«é€£çµ¡ã—ã¦ãã ã•ã„ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰å…¥åŠ›è¦æ±‚ã®ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆå€¤: %.1f 分パスワード:パスワード: èªè¨¼ã‚¿ã‚¤ãƒ ã‚¹ã‚¿ãƒ³ãƒ—ディレクトリã®ãƒ‘ス: %sログファイルã®ãƒ‘ス: %sメールプログラムã®ãƒ‘ス: %svisudo ã§ä½¿ç”¨ã•れるエディターã®ãƒ‘ス: %ssudo 固有ã®ç’°å¢ƒãƒ•ァイルã®ãƒ‘ス: %sUNIX 以外ã®ã‚°ãƒ«ãƒ¼ãƒ—をサãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã®ãƒ—ラグインã§ã™:%ssudo_noexec ライブラリã«å«ã¾ã‚Œã‚‹ãƒ€ãƒŸãƒ¼ã® exec 関数群を事å‰ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ‘スワードã§ã¯ãªãã€root ã®ãƒ‘スワードã®å…¥åŠ›ã‚’è¦æ±‚ã—ã¾ã™ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ‘スワードã§ã¯ãªã〠runas_default ユーザーã®ãƒ‘スワードã®å…¥åŠ›ã‚’è¦æ±‚ã—ã¾ã™ç¾åœ¨ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ‘スワードã§ã¯ãªãã€å¤‰æ›´å…ˆãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ‘スワードã®å…¥åŠ›ã‚’è¦æ±‚ã—ã¾ã™ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰å…¥åŠ›è¦æ±‚ã§ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®å…¥åŠ›ãŒã‚ã£ãŸæ™‚ã«ã€è¦–覚的ãªãƒ•ィードãƒãƒƒã‚¯ã‚’æä¾›ã—ã¾ã™ãƒ¯ãƒ³ã‚¿ã‚¤ãƒ ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰å…¥åŠ›è¦æ±‚ã‚’ãれã®ã¿ã®è¡Œã«è¡¨ç¤ºã—ã¾ã™ãƒªãƒ—レイã™ã‚‹ sudo セッション: %s sudoers ファイルã«å®Œå…¨ä¿®é£¾ãƒ›ã‚¹ãƒˆå (FQDN) ã‚’è¦æ±‚ã—ã¾ã™ãƒ‡ãƒ•ォルトã§ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒèªè¨¼ã•れã¦ã„ã‚‹ã“ã¨ã‚’å¿…è¦ã¨ã—ã¾ã™ç’°å¢ƒå¤‰æ•°ã®é›†åˆã‚’デフォルトã«è¨­å®šã—ã¾ã™root ㌠sudo を実行ã™ã‚‹ã‹ã‚‚ã—れã¾ã›ã‚“ユーザー %s 用㮠Runas ãŠã‚ˆã³ã‚³ãƒžãƒ³ãƒ‰ç‰¹æœ‰ã®ãƒ‡ãƒ•ォルト: æ–°ã—ã„セキュリティコンテキスト内ã§ä½¿ç”¨ã™ã‚‹ SELinux ã®å½¹å‰²: %sæ–°ã—ã„セキュリティコンテキスト内ã§ä½¿ç”¨ã™ã‚‹ SELinux ã®ã‚¿ã‚¤ãƒ—: %sSecurID 通信ã«å¤±æ•—ã—ã¾ã—ãŸãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒè¨±å¯ã•れã¦ã„ãªã„コマンドを実行ã—よã†ã¨ã—ãŸå ´åˆã«ãƒ¡ãƒ¼ãƒ«ã‚’é€ä¿¡ã—ã¾ã™ãƒ¦ãƒ¼ã‚¶ãƒ¼ä»– sudoers 内ã«å­˜åœ¨ã—ãªã„å ´åˆã«ãƒ¡ãƒ¼ãƒ«ã‚’é€ä¿¡ã—ã¾ã™ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒã“ã®ãƒ›ã‚¹ãƒˆç”¨ã® sudoers 内ã«å­˜åœ¨ã—ãªã„å ´åˆã«ãƒ¡ãƒ¼ãƒ«ã‚’é€ä¿¡ã—ã¾ã™ãƒ¦ãƒ¼ã‚¶ãƒ¼èªè¨¼ã«å¤±æ•—ã—ãŸå ´åˆã«ãƒ¡ãƒ¼ãƒ«ã‚’é€ä¿¡ã—ã¾ã™ã‚·ã‚§ãƒ«ã‚’ -s ã§é–‹å§‹ã—ãŸæ™‚ã« $HOME を変更後ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ›ãƒ¼ãƒ ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«è¨­å®šã—ã¾ã™åˆ¶é™ã•れる権é™ã®é›†åˆè¨±å®¹ã•れる権é™ã®é›†åˆLOGNAME ãŠã‚ˆã³ USER 環境変数を設定ã—ã¾ã™utmp ã«è¨˜éŒ²ã™ã‚‹ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚’ã€å®Ÿè¡Œã—ãŸãƒ¦ãƒ¼ã‚¶ãƒ¼ã§ã¯ãªãã€å¤‰æ›´å¾Œã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã«ã—ã¾ã™ãƒ¦ãƒ¼ã‚¶ãƒ¼ %s ã¯'%s%s%s' ã‚’ %s%s%s ã¨ã—㦠%s 上ã§å®Ÿè¡Œã™ã‚‹ã“ã¨ã¯è¨±å¯ã•れã¦ã„ã¾ã›ã‚“。ã™ã¿ã¾ã›ã‚“。 ユーザー %s 㯠%s 上㧠sudo を実行ã§ãã¾ã›ã‚“。ã™ã¿ã¾ã›ã‚“。 メールã®ä»¶å (Subject) 行: %ssudoers ファイル文法ãƒãƒ¼ã‚¸ãƒ§ãƒ³ %d sudoers ãƒãƒªã‚·ãƒ¼ãƒ—ラグイン ãƒãƒ¼ã‚¸ãƒ§ãƒ³ %s ログ記録時㫠syslog を使用ã™ã‚‹å ´åˆã® syslog facility: %sログ記録時㫠syslog を使用ã™ã‚‹å ´åˆã® syslog priority: %sユーザーèªè¨¼ã«å¤±æ•—ã—ãŸã¨æ™‚ã«ä½¿ç”¨ã•れる syslog priority: %ssudoers ã§æŒ‡å®šã—㟠umask 値ã§ãƒ¦ãƒ¼ã‚¶ãƒ¼ã® umask 値を上書ãã—ã¾ã™ (ユーザー㮠umask 値より緩ã„å ´åˆã§ã‚‚)èªè¨¼æ–¹æ³•㌠sudo ã®ã‚³ãƒ³ãƒ‘イル時ã«çµ„ã¿è¾¼ã¾ã‚Œã¦ã„ã¾ã›ã‚“! èªè¨¼ã‚’無効ã«ã™ã‚‹å ´åˆã«ã¯ã€configure オプション㧠--disable-authentication を指定ã—ã¦ãã ã•ã„。使用ã™ã‚‹ umask 値 (0777 ã®å ´åˆã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®è¨­å®šå€¤ã‚’使用ã—ã¾ã™): 0%odlopen %s を行ã†ã“ã¨ãŒã§ãã¾ã›ã‚“: %sSSS ã®ã‚½ãƒ¼ã‚¹ã‚’åˆæœŸåŒ–ã§ãã¾ã›ã‚“。SSSD ã¯ã‚ãªãŸã®ãƒžã‚·ãƒ³ã«ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã•れã¦ã„ã¾ã™ã‹ï¼Ÿãƒ¦ãƒ¼ã‚¶ãƒ¼/tty ã®çµ„ã¿åˆã‚ã›ã”ã¨ã«åˆ†é›¢ã—ãŸã‚¿ã‚¤ãƒ ã‚¹ã‚¿ãƒ³ãƒ—を使用ã—ã¾ã™ãƒ•ァイルシステムã«ã‚¢ã‚¯ã‚»ã‚¹ã—ãªã„ãŒã‚ˆã‚Šæ­£ç¢ºã§ã¯ç„¡ã„ã€ç´ æ—©ã„一致確èªå‡¦ç†ã‚’行ã„ã¾ã™ãƒ¦ãƒ¼ã‚¶ãƒ¼ %s 㯠%s 上㧠sudo を実行ã™ã‚‹ã“ã¨ã‚’許å¯ã•れã¦ã„ã¾ã›ã‚“。 ユーザー %s ã¯æ¬¡ã®ã‚³ãƒžãƒ³ãƒ‰ã‚’ã“ã®ãƒ›ã‚¹ãƒˆä¸Šã§å®Ÿè¡Œã§ãã¾ã™: SecurID èªè¨¼ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼IDãŒãƒ­ãƒƒã‚¯ã•れã¦ã„ã¾ã™ãƒ‘スワード入力㨠PATH ã®è¦æ±‚ãŒå…除ã•れるグループã«å±žã™ã‚‹ãƒ¦ãƒ¼ã‚¶ãƒ¼: %sユーザー㮠$PATH を上書ãã™ã‚‹æ™‚ã®å€¤: %svisudo ㌠EDITOR 環境変数を尊é‡ã—ã¦ä½¿ç”¨ã—ã¾ã™è­¦å‘Š: %s_Alias `%s' ã¯å‚ç…§ã•れã¦ã„ã¾ã™ãŒå®šç¾©ã•れã¦ã„ã¾ã›ã‚“警告: %s_Alias `%s' 内ã«å¾ªç’°ãŒã‚りã¾ã™è­¦å‘Š: ログをãã¡ã‚“ã¨ãƒªãƒ—レイã™ã‚‹ã«ã¯ç«¯æœ«ãŒå°ã•ã™ãŽã¾ã™ã€‚ 次ã¯ä½•ã§ã—ょã†ã‹? 'list' 疑似コマンド使用ã™ã‚‹ãŸã‚ã«ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’è¦æ±‚ã•れる時: %s'verify' 疑似コマンドを使用ã™ã‚‹ãŸã‚ã«ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’è¦æ±‚ã•れる時: %sパスワードãŒå¿…è¦ã§ã™ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®æœ‰åŠ¹æ€§æ¤œè¨¼ã«å¤±æ•—ã—ã¾ã—ãŸã€‚ã‚ãªãŸã®ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã¯ãƒ­ãƒƒã‚¯ã•れã¦ã„ã¾ã›ã‚“ã‹?曖昧ãªå¼ "%s ã§ã™"au_open: 失敗ã—ã¾ã—ãŸau_to_exec_args: 失敗ã—ã¾ã—ãŸau_to_return32: 失敗ã—ã¾ã—ãŸau_to_subject: 失敗ã—ã¾ã—ãŸau_to_text: 失敗ã—ã¾ã—ãŸèªè¨¼å¤±æ•—èªè¨¼ã‚µãƒ¼ãƒãƒ¼ã‚¨ãƒ©ãƒ¼ã§ã™: %sコマンドã®å¤±æ•—ã§ã™: '%s %s %s'。%s ã¯å¤‰æ›´ã•れã¾ã›ã‚“コマンドãŒã‚«ãƒ¬ãƒ³ãƒˆãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«ã‚りã¾ã™ã‚³ãƒžãƒ³ãƒ‰ãŒè¨±å¯ã•れã¦ã„ã¾ã›ã‚“日付 "%s" を構文解æžã§ãã¾ã›ã‚“ã§ã—ãŸã‚¨ãƒ‡ã‚£ã‚¿ãƒ¼ (%s) ãŒç•°å¸¸çµ‚了ã—ã¾ã—ãŸã€‚%s ã¯å¤‰æ›´ã•れã¾ã›ã‚“%s ã®åå‰å¤‰æ›´ã«å¤±æ•—ã—ã¾ã—ãŸã€‚%s ã¯å¤‰æ›´ã•れã¾ã›ã‚“ACE API ライブラリã®åˆæœŸåŒ–ã«å¤±æ•—ã—ã¾ã—ãŸ%s ãƒ•ã‚¡ã‚¤ãƒ«ã®æ§‹æ–‡è§£æžã«å¤±æ•—ã—ã¾ã—ãŸã€‚䏿˜Žãªã‚¨ãƒ©ãƒ¼ã§ã™fill_args: ãƒãƒƒãƒ•ァオーãƒãƒ¼ãƒ•ローãŒç™ºç”Ÿã—ã¾ã—ãŸgetaudit: 失敗ã—ã¾ã—ãŸgetauid ã«å¤±æ•—ã—ã¾ã—ãŸgetauid: 失敗ã—ã¾ã—ãŸ'.' 内ã§è¦‹ã¤ã‹ã£ãŸ `%1$s' を無視ã—ã¾ã™ ã“ã® `%3$s' を実行ã—ãŸã„å ´åˆã¯ `sudo ./%2$s' を使用ã—ã¦ãã ã•ã„。末尾㫠"!" ã‚’é…ç½®ã§ãã¾ã›ã‚“末尾㫠"or" ã‚’é…ç½®ã§ãã¾ã›ã‚“内部エラーã€%s ãŒã‚ªãƒ¼ãƒãƒ¼ãƒ•ローã—ã¾ã—ãŸå†…部エラーã€ãƒªã‚¹ãƒˆå†…ã« %s ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“!内部エラー: ログã®è¡Œã«å分ãªç©ºé–“ãŒã‚りã¾ã›ã‚“SecurID 用ã®èªè¨¼ãƒãƒ³ãƒ‰ãƒ«ãŒç„¡åйã§ã™ç„¡åйãªèªè¨¼ã‚¿ã‚¤ãƒ—ã§ã™ç„¡åйãªãƒ•ィルターオプションã§ã™: %sç„¡åŠ¹ãªæœ€å¤§å¾…機時間ã§ã™: %sSecurID 用ã®ãƒ‘スコード長ãŒç„¡åйã§ã™ç„¡åŠ¹ãªæ­£è¦è¡¨ç¾ã§ã™: %sç„¡åŠ¹ãªæ­£è¦è¡¨ç¾ã§ã™: %s無効ãªé †åºç•ªå·ã§ã™: %s無効㪠speed_factor ã®å€¤ã§ã™: %s無効㪠sudoOrder 属性ã§ã™: %s無効ãªã‚¿ã‚¤ãƒŸãƒ³ã‚°ãƒ•ァイルã®è¡Œã§ã™: %s無効㪠URI ã§ã™: %sSecurID 用ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼åã®é•·ã•ãŒç„¡åйã§ã™ldap.conf ã®ãƒ‘ス: %s ldap.secret ã®ãƒ‘ス: %s èªè¨¼ã‚µãƒ¼ãƒãƒ¼ã¸ã®æŽ¥ç¶šãŒå¤±ã‚れã¾ã—ãŸnanosleep: tv_sec %ld, tv_nsec %ldエディターãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ (エディターã®ãƒ‘ス = %s)tty ãŒã‚りã¾ã›ã‚“有効㪠sudoers ã®ã‚½ãƒ¼ã‚¹ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“。終了ã—ã¾ã™`%s' ã«å€¤ãŒæŒ‡å®šã•れã¦ã„ã¾ã›ã‚“nsswitch ã®ãƒ‘ス: %s root ã®ã¿ `-c %s' を使用ã§ãã¾ã™ã‚ªãƒ—ション `%s' ã¯å€¤ã‚’ã¨ã‚Šã¾ã›ã‚“pam_authenticate: %spam_chauthtok: %s%s å†…ã§æ§‹æ–‡è§£æžã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸ%s å†…ã§æ§‹æ–‡è§£æžã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—㟠%s 内 %d è¡Œä»˜è¿‘ã§æ§‹æ–‡è§£æžã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸ%s 内 %d è¡Œä»˜è¿‘ã§æ§‹æ–‡è§£æžã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—㟠perm スタックãŒã‚ªãƒ¼ãƒãƒ¼ãƒ•ローã—ã¾ã—ãŸperm スタックãŒã‚¢ãƒ³ãƒ€ãƒ¼ãƒ•ローã—ã¾ã—ãŸ%s を編集ã™ã‚‹ãŸã‚ã«ãƒªã‚¿ãƒ¼ãƒ³ã‚’押ã—ã¦ãã ã•ã„: デフォルト項目ã§å•題ãŒç™ºç”Ÿã—ã¾ã—ãŸã‚ãªãŸã¯ç’°å¢ƒå¤‰æ•°ã‚’ä¿è­·ã™ã‚‹ã“ã¨ã‚’許å¯ã•れã¦ã„ã¾ã›ã‚“。ã™ã¿ã¾ã›ã‚“ã™ã¿ã¾ã›ã‚“ãŒã€ã‚ãªãŸã¯æ¬¡ã®ç’°å¢ƒå¤‰æ•°ã‚’設定ã™ã‚‹ã“ã¨ã‚’許å¯ã•れã¦ã„ã¾ã›ã‚“: %ssudo を実行ã™ã‚‹ã«ã¯ tty ãŒãªã‘れã°ã„ã‘ã¾ã›ã‚“。ã™ã¿ã¾ã›ã‚“指定ã—ãŸã‚¨ãƒ‡ã‚£ã‚¿ãƒ¼ (%s) ãŒå­˜åœ¨ã—ã¾ã›ã‚“start_tls ãŒæŒ‡å®šã•れã¦ã„ã¾ã™ãŒã€LDAP ライブラリ㌠ldap_start_tls_s() ã¾ãŸã¯ ldap_start_tls_s_np() をサãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“sudo_ldap_build_pass1 é…ç½®ãŒä¸€è‡´ã—ã¾ã›ã‚“sudo_ldap_conf_add_ports: hostbuf を拡張中ã«ãƒ¡ãƒ¢ãƒªç©ºé–“ãŒä¸è¶³ã—ã¾ã—ãŸsudo_ldap_conf_add_ports: ãƒãƒ¼ãƒˆãŒå¤§ãã™ãŽã¾ã™sudo_ldap_parse_uri: hostbuf を構築中ã«ãƒ¡ãƒ¢ãƒªç©ºé–“ãŒä¸è¶³ã—ã¾ã—ãŸsudo_putenv: envp ãŒç ´æã—ã¦ã„ã¾ã™ã€‚é•·ã•ãŒåˆã„ã¾ã›ã‚“sudoers ã®æŒ‡å®šã«ã‚ˆã‚Š root ㌠sudo を使用ã™ã‚‹ã“ã¨ã¯ç¦æ­¢ã•れã¦ã„ã¾ã™ã‚¿ã‚¤ãƒ ã‚¹ã‚¿ãƒ³ãƒ—ã®æ‰€æœ‰è€… (%s): ãã®ã‚ˆã†ãªãƒ¦ãƒ¼ã‚¶ãƒ¼ã¯ã‚りã¾ã›ã‚“タイムスタンプ用パスãŒé•·ã™ãŽã¾ã™: %sタイムスタンプãŒé ã™ãŽã‚‹å°†æ¥ã«ãªã£ã¦ã„ã¾ã™: %20.20sインクルードã®éšŽå±¤ãŒå¤§ãã™ãŽã¾ã™å¼å†…ã®å°æ‹¬å¼§ã®ããりãŒå¤šã™ãŽã¾ã™ã€‚最大㯠%d ã§ã™ã€‚プロセスãŒå¤šã™ãŽã¾ã™ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚’行ãˆã¾ã›ã‚“ã§ã—ãŸBSD èªè¨¼ã‚’é–‹å§‹ã§ãã¾ã›ã‚“時刻フィルターを構築ã§ãã¾ã›ã‚“グループID %u (%s) をキャッシュã§ãã¾ã›ã‚“。ã™ã§ã«å­˜åœ¨ã—ã¾ã™ã‚°ãƒ«ãƒ¼ãƒ—ID %u をキャッシュã§ãã¾ã›ã‚“。ã™ã§ã«å­˜åœ¨ã—ã¾ã™ã‚°ãƒ«ãƒ¼ãƒ— %s をキャッシュã§ãã¾ã›ã‚“。ã™ã§ã«å­˜åœ¨ã—ã¾ã™ãƒ¦ãƒ¼ã‚¶ãƒ¼ID %u (%s) をキャッシュã§ãã¾ã›ã‚“。ã™ã§ã«å­˜åœ¨ã—ã¾ã™ãƒ¦ãƒ¼ã‚¶ãƒ¼ID %u をキャッシュã§ãã¾ã›ã‚“。ã™ã§ã«å­˜åœ¨ã—ã¾ã™ãƒ¦ãƒ¼ã‚¶ãƒ¼ %s をキャッシュã§ãã¾ã›ã‚“。ã™ã§ã«å­˜åœ¨ã—ã¾ã™%s ã®ã‚¢ã‚¯ã‚»ã‚¹æ¨©é™ã®ãƒ¢ãƒ¼ãƒ‰ã‚’ 0%o ã«å¤‰æ›´ã§ãã¾ã›ã‚“実行ã™ã‚‹ãŸã‚ã®ã‚°ãƒ«ãƒ¼ãƒ—IDã«å¤‰æ›´ã§ãã¾ã›ã‚“実行ã™ã‚‹ãŸã‚ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼IDã«å¤‰æ›´ã§ãã¾ã›ã‚“sudoers ã®ã‚°ãƒ«ãƒ¼ãƒ—IDã¸å¤‰æ›´ã§ãã¾ã›ã‚“監査レコードをコミットã§ãã¾ã›ã‚“èªè¨¼ã‚µãƒ¼ãƒãƒ¼ã«æŽ¥ç¶šã§ãã¾ã›ã‚“SecurID サーãƒãƒ¼ã«æŽ¥ç¶šã§ãã¾ã›ã‚“%s を作æˆã§ãã¾ã›ã‚“dlopen %s を行ã†ã“ã¨ãŒã§ãã¾ã›ã‚“: %s標準入力を複製ã§ãã¾ã›ã‚“: %m%s を実行ã§ãã¾ã›ã‚“%s を実行ã§ãã¾ã›ã‚“: %m%s を実行ã§ãã¾ã›ã‚“: %sシンボル "%s" ㌠%s 内ã«ã‚りã¾ã›ã‚“%s 内ã«ã‚·ãƒ³ãƒœãƒ« "group_plugin" ãŒã‚りã¾ã›ã‚“fork ã§ãã¾ã›ã‚“fork ã§ãã¾ã›ã‚“: %mã‚¿ã‚¤ãƒ ã‚¹ã‚¿ãƒ³ãƒ—ã‚’æ›¸å¼æ•´å½¢ã§ãã¾ã›ã‚“GMT 時刻をå–å¾—ã§ãã¾ã›ã‚“ユーザー%s ã®ãƒ­ã‚°ã‚¤ãƒ³ã‚¯ãƒ©ã‚¹ã‚’å¾—ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“LDAP ã‚’åˆæœŸåŒ–ã§ãã¾ã›ã‚“: %sPAM ã‚’åˆæœŸåŒ–ã§ãã¾ã›ã‚“SIA ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’åˆæœŸåŒ–ã§ãã¾ã›ã‚“SSL 証明書ã¨éµãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã‚’åˆæœŸåŒ–ã§ãã¾ã›ã‚“: %sログファイルをロックã§ãã¾ã›ã‚“: %s: %sldap 㨠ldaps ã® URI ã‚’æ··ãœã¦ä½¿ç”¨ã§ãã¾ã›ã‚“ldaps 㨠starttls ã‚’æ··ãœã¦ä½¿ç”¨ã§ãã¾ã›ã‚“ディレクトリ %s を作æˆã§ãã¾ã›ã‚“%s ã‚’é–‹ã‘ã¾ã›ã‚“監査システムを開ãã“ã¨ãŒã§ãã¾ã›ã‚“ログファイルを開ã‘ã¾ã›ã‚“: %s: %sパイプを開ã‘ã¾ã›ã‚“: %m一時ファイル (%s) ã‚’å†åº¦é–‹ãã“ã¨ãŒã§ãã¾ã›ã‚“。%s ã¯å¤‰æ›´ã•れã¾ã›ã‚“。%s を読ã¿è¾¼ã‚ã¾ã›ã‚“fwtk 設定を読ã¿è¾¼ã‚ã¾ã›ã‚“%s (%s) を削除ã§ãã¾ã›ã‚“。エãƒãƒƒã‚¯ã«ãƒªã‚»ãƒƒãƒˆã—ã¾ã™%s をエãƒãƒƒã‚¯ã«ãƒªã‚»ãƒƒãƒˆã§ãã¾ã›ã‚“ホスト %s ã®åå‰è§£æ±ºãŒã§ãã¾ã›ã‚“%s を実行ã§ãã¾ã›ã‚“監査メッセージをé€ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“%s ã® (ユーザーID, グループID) ã‚’ (%u, %u) ã«è¨­å®šã§ãã¾ã›ã‚“ロケールを "%s" ã«è¨­å®šã§ãã¾ã›ã‚“。 "C" を使用ã—ã¾ã™ã‚°ãƒ«ãƒ¼ãƒ—ベクトルを実行ã™ã‚‹ãŸã‚ã®ã‚‚ã®ã«å¤‰æ›´ã§ãã¾ã›ã‚“tty ã‚’ raw モードã«è¨­å®šã§ãã¾ã›ã‚“èªè¨¼ã‚’セットアップã§ãã¾ã›ã‚“%s ã®çŠ¶æ…‹å–å¾— (stat) ãŒã§ãã¾ã›ã‚“エディター (%s) ã®çŠ¶æ…‹å–å¾— (stat) ãŒã§ãã¾ã›ã‚“一時ファイル (%s) ã®çŠ¶æ…‹å–å¾— (stat) ãŒã§ãã¾ã›ã‚“。%s ã¯å¤‰æ›´ã•れã¾ã›ã‚“%s ã¸æ›¸ã込むã“ã¨ãŒã§ãã¾ã›ã‚“一時ファイル (%s) ã®æ§‹æ–‡è§£æžãŒã§ãã¾ã›ã‚“ã€‚ä¸æ˜Žãªã‚¨ãƒ©ãƒ¼ã§ã™ä¸æ˜Žãª SecurID エラーã§ã™ä¸æ˜Žãªãƒ‡ãƒ•ォルト項目 `%s' ã§ã™ä¸æ˜Žãªã‚°ãƒ«ãƒ¼ãƒ—ã§ã™: %s䏿˜Žãªãƒ­ã‚°ã‚¤ãƒ³ã‚¯ãƒ©ã‚¹ã§ã™: %s䏿˜Žãªæ¤œç´¢èªž "%s" ã§ã™ä¸æ˜Žãªãƒ¦ãƒ¼ã‚¶ãƒ¼ID (uid) ã§ã™: %u䏿˜Žãªãƒ¦ãƒ¼ã‚¶ãƒ¼ã§ã™: %så¼å†…ã§ '(' ãŒä¸ä¸€è‡´ã§ã™å¼å†…ã§ ')' ãŒä¸ä¸€è‡´ã§ã™ã‚µãƒãƒ¼ãƒˆã•れã¦ãªã„ LDAP URI タイプã§ã™: %s使用法: %s [-h] [-d directory] -l [search expression] 使用法: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID ホスト上ã§ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒèªè¨¼ã•れã¦ã„ã¾ã›ã‚“ユーザー㌠sudoers 内ã«ã‚りã¾ã›ã‚“検証ã«å¤±æ•—ã—ã¾ã—ãŸã‚ªãƒ—ション `%2$s' ã®å€¤ `%1$s' ã¯ç„¡åйã§ã™`%s' ã®å€¤ã¯ '/' ã§é–‹å§‹ã—ãªã‘れã°ã„ã‘ã¾ã›ã‚“書ãè¾¼ã¿ã‚¨ãƒ©ãƒ¼ã§ã™æ¨™æº–å‡ºåŠ›ã«æ›¸ã込んã§ã„ã¾ã™-C オプションを使用ã™ã‚‹ã“ã¨ã¯è¨±å¯ã•れã¦ã„ã¾ã›ã‚“ã‚ãªãŸã¯ %s データベース内ã«å­˜åœ¨ã—ã¾ã›ã‚“SSL を使用ã™ã‚‹ãŸã‚ã«ã¯ %s ã®ä¸­ã® TLS_CERT を設定ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ä¸€æ™‚ファイル (%s) ã®å¤§ãã•㌠0 ã§ã™ã€‚%s ã¯å¤‰æ›´ã•れã¾ã›ã‚“sudo-1.8.9p5/plugins/sudoers/po/ja.po010064400175440000012000001677661226304126200171060ustar00millertstaff# Japanese messages for sudoers # This file is put in the public domain. # Yasuaki Taniguchi , 2011. # Takeshi Hamasaki , 2012. msgid "" msgstr "" "Project-Id-Version: sudoers 1.8.6b4\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2012-08-10 13:08-0400\n" "PO-Revision-Date: 2012-08-18 19:27+0900\n" "Last-Translator: Takeshi Hamasaki \n" "Language-Team: Japanese \n" "Language: ja\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Poedit-Basepath: /factory/ja-po/sudoers/sudo-1.8.5rc3\n" #: gram.y:112 #, c-format msgid ">>> %s: %s near line %d <<<" msgstr ">>> %s: %s (%d行付近) <<<" #: plugins/sudoers/alias.c:125 #, c-format msgid "Alias `%s' already defined" msgstr "別å `%s' ã¯ã™ã§ã«å®šç¾©ã•れã¦ã„ã¾ã™" #: plugins/sudoers/auth/bsdauth.c:78 #, c-format msgid "unable to get login class for user %s" msgstr "ユーザー%s ã®ãƒ­ã‚°ã‚¤ãƒ³ã‚¯ãƒ©ã‚¹ã‚’å¾—ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“" #: plugins/sudoers/auth/bsdauth.c:84 msgid "unable to begin bsd authentication" msgstr "BSD èªè¨¼ã‚’é–‹å§‹ã§ãã¾ã›ã‚“" #: plugins/sudoers/auth/bsdauth.c:92 msgid "invalid authentication type" msgstr "無効ãªèªè¨¼ã‚¿ã‚¤ãƒ—ã§ã™" #: plugins/sudoers/auth/bsdauth.c:101 msgid "unable to setup authentication" msgstr "èªè¨¼ã‚’セットアップã§ãã¾ã›ã‚“" #: plugins/sudoers/auth/fwtk.c:60 #, c-format msgid "unable to read fwtk config" msgstr "fwtk 設定を読ã¿è¾¼ã‚ã¾ã›ã‚“" #: plugins/sudoers/auth/fwtk.c:65 #, c-format msgid "unable to connect to authentication server" msgstr "èªè¨¼ã‚µãƒ¼ãƒãƒ¼ã«æŽ¥ç¶šã§ãã¾ã›ã‚“" #: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95 #: plugins/sudoers/auth/fwtk.c:128 #, c-format msgid "lost connection to authentication server" msgstr "èªè¨¼ã‚µãƒ¼ãƒãƒ¼ã¸ã®æŽ¥ç¶šãŒå¤±ã‚れã¾ã—ãŸ" #: plugins/sudoers/auth/fwtk.c:75 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" "èªè¨¼ã‚µãƒ¼ãƒãƒ¼ã‚¨ãƒ©ãƒ¼ã§ã™:\n" "%s" #: plugins/sudoers/auth/kerb5.c:117 #, c-format msgid "%s: unable to unparse princ ('%s'): %s" msgstr "%s: princ ('%s') を符å·åŒ–ã§ãã¾ã›ã‚“: %s" #: plugins/sudoers/auth/kerb5.c:160 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: '%s' を構文解æžã§ãã¾ã›ã‚“: %s" #: plugins/sudoers/auth/kerb5.c:170 #, c-format msgid "%s: unable to resolve ccache: %s" msgstr "%s: 資格情報キャッシュ (ccache) を解決ã§ãã¾ã›ã‚“: %s" #: plugins/sudoers/auth/kerb5.c:218 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: オプションを設定ã§ãã¾ã›ã‚“: %s" #: plugins/sudoers/auth/kerb5.c:234 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: 資格情報をå–å¾—ã§ãã¾ã›ã‚“: %s" #: plugins/sudoers/auth/kerb5.c:247 #, c-format msgid "%s: unable to initialize ccache: %s" msgstr "%s: 資格情報キャッシュ (ccache) ã‚’åˆæœŸåŒ–ã§ãã¾ã›ã‚“: %s" #: plugins/sudoers/auth/kerb5.c:251 #, c-format msgid "%s: unable to store cred in ccache: %s" msgstr "%s: 資格情報を資格情報キャッシュ (ccache) 内ã«ä¿å­˜ã§ãã¾ã›ã‚“: %s" #: plugins/sudoers/auth/kerb5.c:316 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: ホストプリンシパルをå–å¾—ã§ãã¾ã›ã‚“: %s" #: plugins/sudoers/auth/kerb5.c:331 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: TGT を検証ã§ãã¾ã›ã‚“! ãŠãã‚‰ãæ”»æ’ƒã§ã™!: %s" #: plugins/sudoers/auth/pam.c:100 msgid "unable to initialize PAM" msgstr "PAM ã‚’åˆæœŸåŒ–ã§ãã¾ã›ã‚“" #: plugins/sudoers/auth/pam.c:144 msgid "account validation failure, is your account locked?" msgstr "ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®æœ‰åŠ¹æ€§æ¤œè¨¼ã«å¤±æ•—ã—ã¾ã—ãŸã€‚ã‚ãªãŸã®ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã¯ãƒ­ãƒƒã‚¯ã•れã¦ã„ã¾ã›ã‚“ã‹?" #: plugins/sudoers/auth/pam.c:148 msgid "Account or password is expired, reset your password and try again" msgstr "アカウントã¾ãŸã¯ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãŒæœŸé™åˆ‡ã‚Œã§ã™ã€‚パスワードをリセットã—ã¦å†è©¦è¡Œã—ã¦ãã ã•ã„" #: plugins/sudoers/auth/pam.c:155 #, c-format msgid "pam_chauthtok: %s" msgstr "pam_chauthtok: %s" #: plugins/sudoers/auth/pam.c:159 msgid "Password expired, contact your system administrator" msgstr "ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãŒæœŸé™åˆ‡ã‚Œã§ã™ã€‚システム管ç†è€…ã«é€£çµ¡ã—ã¦ãã ã•ã„" #: plugins/sudoers/auth/pam.c:163 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®æœŸé™åˆ‡ã‚Œã€ã¾ãŸã¯ sudo 用㮠PAM 設定㫠\"account\" セクションãŒã‚りã¾ã›ã‚“。システム管ç†è€…ã«é€£çµ¡ã—ã¦ãã ã•ã„" #: plugins/sudoers/auth/pam.c:180 #, c-format msgid "pam_authenticate: %s" msgstr "pam_authenticate: %s" #: plugins/sudoers/auth/pam.c:332 msgid "Password: " msgstr "パスワード: " #: plugins/sudoers/auth/pam.c:333 msgid "Password:" msgstr "パスワード:" #: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220 #, c-format msgid "you do not exist in the %s database" msgstr "ã‚ãªãŸã¯ %s データベース内ã«å­˜åœ¨ã—ã¾ã›ã‚“" #: plugins/sudoers/auth/securid5.c:81 #, c-format msgid "failed to initialise the ACE API library" msgstr "ACE API ライブラリã®åˆæœŸåŒ–ã«å¤±æ•—ã—ã¾ã—ãŸ" #: plugins/sudoers/auth/securid5.c:107 #, c-format msgid "unable to contact the SecurID server" msgstr "SecurID サーãƒãƒ¼ã«æŽ¥ç¶šã§ãã¾ã›ã‚“" #: plugins/sudoers/auth/securid5.c:116 #, c-format msgid "User ID locked for SecurID Authentication" msgstr "SecurID èªè¨¼ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼IDãŒãƒ­ãƒƒã‚¯ã•れã¦ã„ã¾ã™" #: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171 #, c-format msgid "invalid username length for SecurID" msgstr "SecurID 用ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼åã®é•·ã•ãŒç„¡åйã§ã™" #: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176 #, c-format msgid "invalid Authentication Handle for SecurID" msgstr "SecurID 用ã®èªè¨¼ãƒãƒ³ãƒ‰ãƒ«ãŒç„¡åйã§ã™" #: plugins/sudoers/auth/securid5.c:128 #, c-format msgid "SecurID communication failed" msgstr "SecurID 通信ã«å¤±æ•—ã—ã¾ã—ãŸ" #: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215 #, c-format msgid "unknown SecurID error" msgstr "䏿˜Žãª SecurID エラーã§ã™" #: plugins/sudoers/auth/securid5.c:166 #, c-format msgid "invalid passcode length for SecurID" msgstr "SecurID 用ã®ãƒ‘スコード長ãŒç„¡åйã§ã™" #: plugins/sudoers/auth/sia.c:109 msgid "unable to initialize SIA session" msgstr "SIA ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’åˆæœŸåŒ–ã§ãã¾ã›ã‚“" #: plugins/sudoers/auth/sudo_auth.c:121 msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication." msgstr "無効ãªèªè¨¼æ–¹æ³•㌠sudo ã®ã‚³ãƒ³ãƒ‘イル時ã«çµ„ã¿è¾¼ã¾ã‚Œã¦ã„ã¾ã™! スタンドアローンã¨éžã‚¹ã‚¿ãƒ³ãƒ‰ã‚¢ãƒ­ãƒ¼ãƒ³èªè¨¼ã‚’組ã¿åˆã‚ã›ã¦ã„るよã†ã§ã™ã€‚" #: plugins/sudoers/auth/sudo_auth.c:206 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "èªè¨¼æ–¹æ³•㌠sudo ã®ã‚³ãƒ³ãƒ‘イル時ã«çµ„ã¿è¾¼ã¾ã‚Œã¦ã„ã¾ã›ã‚“! èªè¨¼ã‚’無効ã«ã™ã‚‹å ´åˆã«ã¯ã€configure オプション㧠--disable-authentication を指定ã—ã¦ãã ã•ã„。" #: plugins/sudoers/auth/sudo_auth.c:374 msgid "Authentication methods:" msgstr "èªè¨¼æ–¹æ³•:" #: plugins/sudoers/bsm_audit.c:60 plugins/sudoers/bsm_audit.c:63 #: plugins/sudoers/bsm_audit.c:112 plugins/sudoers/bsm_audit.c:116 #: plugins/sudoers/bsm_audit.c:168 plugins/sudoers/bsm_audit.c:172 #, c-format msgid "getaudit: failed" msgstr "getaudit: 失敗ã—ã¾ã—ãŸ" #: plugins/sudoers/bsm_audit.c:90 plugins/sudoers/bsm_audit.c:153 #, c-format msgid "Could not determine audit condition" msgstr "監査æ¡ä»¶ã‚’決定ã§ãã¾ã›ã‚“ã§ã—ãŸ" #: plugins/sudoers/bsm_audit.c:101 #, c-format msgid "getauid failed" msgstr "getauid ã«å¤±æ•—ã—ã¾ã—ãŸ" #: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162 #, c-format msgid "au_open: failed" msgstr "au_open: 失敗ã—ã¾ã—ãŸ" #: plugins/sudoers/bsm_audit.c:118 plugins/sudoers/bsm_audit.c:174 #, c-format msgid "au_to_subject: failed" msgstr "au_to_subject: 失敗ã—ã¾ã—ãŸ" #: plugins/sudoers/bsm_audit.c:122 plugins/sudoers/bsm_audit.c:178 #, c-format msgid "au_to_exec_args: failed" msgstr "au_to_exec_args: 失敗ã—ã¾ã—ãŸ" #: plugins/sudoers/bsm_audit.c:126 plugins/sudoers/bsm_audit.c:187 #, c-format msgid "au_to_return32: failed" msgstr "au_to_return32: 失敗ã—ã¾ã—ãŸ" #: plugins/sudoers/bsm_audit.c:129 plugins/sudoers/bsm_audit.c:190 #, c-format msgid "unable to commit audit record" msgstr "監査レコードをコミットã§ãã¾ã›ã‚“" #: plugins/sudoers/bsm_audit.c:160 #, c-format msgid "getauid: failed" msgstr "getauid: 失敗ã—ã¾ã—ãŸ" #: plugins/sudoers/bsm_audit.c:183 #, c-format msgid "au_to_text: failed" msgstr "au_to_text: 失敗ã—ã¾ã—ãŸ" #: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172 #: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355 #: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974 #: plugins/sudoers/visudo.c:818 #, c-format msgid "unable to open %s" msgstr "%s ã‚’é–‹ã‘ã¾ã›ã‚“" #: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229 #, c-format msgid "unable to write to %s" msgstr "%s ã¸æ›¸ã込むã“ã¨ãŒã§ãã¾ã›ã‚“" #: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512 #: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123 #: plugins/sudoers/iolog.c:156 #, c-format msgid "unable to mkdir %s" msgstr "ディレクトリ %s を作æˆã§ãã¾ã›ã‚“" #: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289 #: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395 #: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82 #: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677 #: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253 #, c-format msgid "internal error, %s overflow" msgstr "内部エラーã€%s ãŒã‚ªãƒ¼ãƒãƒ¼ãƒ•ローã—ã¾ã—ãŸ" #: plugins/sudoers/check.c:460 #, c-format msgid "timestamp path too long: %s" msgstr "タイムスタンプ用パスãŒé•·ã™ãŽã¾ã™: %s" #: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535 #: plugins/sudoers/iolog.c:158 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s ãŒå­˜åœ¨ã—ã¾ã™ãŒãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã§ã¯ã‚りã¾ã›ã‚“ (0%o)" #: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538 #: plugins/sudoers/check.c:583 #, c-format msgid "%s owned by uid %u, should be uid %u" msgstr "%s ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ID (uid) %u ã«ã‚ˆã£ã¦æ‰€æœ‰ã•れã¦ã„ã¾ã™ã€‚ã“れã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ID %u ã§ã‚ã‚‹ã¹ãã§ã™" #: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0700" msgstr "%s ã¯æ‰€æœ‰è€…以外ã§ã‚‚書ãè¾¼ã¿å¯èƒ½ (0%o) ã§ã™ã€‚アクセス権é™ã®ãƒ¢ãƒ¼ãƒ‰ã¯ 0700 ã§ã‚ã‚‹ã¹ãã§ã™" #: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551 #: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003 #: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584 #, c-format msgid "unable to stat %s" msgstr "%s ã®çŠ¶æ…‹å–å¾— (stat) ãŒã§ãã¾ã›ã‚“" #: plugins/sudoers/check.c:577 #, c-format msgid "%s exists but is not a regular file (0%o)" msgstr "%s ãŒå­˜åœ¨ã—ã¾ã™ãŒé€šå¸¸ãƒ•ァイル (0%o) ã§ã¯ã‚りã¾ã›ã‚“" #: plugins/sudoers/check.c:589 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0600" msgstr "%s ã¯æ‰€æœ‰è€…以外ã§ã‚‚書ãè¾¼ã¿å¯èƒ½ (0%o) ã§ã™ã€‚アクセス権é™ã®ãƒ¢ãƒ¼ãƒ‰ã¯ 0600 ã§ã‚ã‚‹ã¹ãã§ã™" #: plugins/sudoers/check.c:643 #, c-format msgid "timestamp too far in the future: %20.20s" msgstr "タイムスタンプãŒé ã™ãŽã‚‹å°†æ¥ã«ãªã£ã¦ã„ã¾ã™: %20.20s" #: plugins/sudoers/check.c:690 #, c-format msgid "unable to remove %s (%s), will reset to the epoch" msgstr "%s (%s) を削除ã§ãã¾ã›ã‚“。エãƒãƒƒã‚¯ã«ãƒªã‚»ãƒƒãƒˆã—ã¾ã™" #: plugins/sudoers/check.c:698 #, c-format msgid "unable to reset %s to the epoch" msgstr "%s をエãƒãƒƒã‚¯ã«ãƒªã‚»ãƒƒãƒˆã§ãã¾ã›ã‚“" #: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764 #: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855 #, c-format msgid "unknown uid: %u" msgstr "䏿˜Žãªãƒ¦ãƒ¼ã‚¶ãƒ¼ID (uid) ã§ã™: %u" #: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792 #: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225 #: plugins/sudoers/testsudoers.c:369 #, c-format msgid "unknown user: %s" msgstr "䏿˜Žãªãƒ¦ãƒ¼ã‚¶ãƒ¼ã§ã™: %s" #: plugins/sudoers/def_data.c:27 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "ログ記録時㫠syslog を使用ã™ã‚‹å ´åˆã® syslog facility: %s" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "ログ記録時㫠syslog を使用ã™ã‚‹å ´åˆã® syslog priority: %s" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "ユーザーèªè¨¼ã«å¤±æ•—ã—ãŸã¨æ™‚ã«ä½¿ç”¨ã•れる syslog priority: %s" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" msgstr "ãƒ¯ãƒ³ã‚¿ã‚¤ãƒ ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰å…¥åŠ›è¦æ±‚ã‚’ãれã®ã¿ã®è¡Œã«è¡¨ç¤ºã—ã¾ã™" #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" msgstr "$PATH 内ã«ã‚ã‚‹ '.' を無視ã—ã¾ã™" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" msgstr "sudo を実行ã—ãŸæ™‚ã«ã€å¸¸ã«ãƒ¡ãƒ¼ãƒ«ã‚’é€ä¿¡ã—ã¾ã™" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" msgstr "ユーザーèªè¨¼ã«å¤±æ•—ã—ãŸå ´åˆã«ãƒ¡ãƒ¼ãƒ«ã‚’é€ä¿¡ã—ã¾ã™" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" msgstr "ユーザー他 sudoers 内ã«å­˜åœ¨ã—ãªã„å ´åˆã«ãƒ¡ãƒ¼ãƒ«ã‚’é€ä¿¡ã—ã¾ã™" #: plugins/sudoers/def_data.c:59 msgid "Send mail if the user is not in sudoers for this host" msgstr "ユーザーãŒã“ã®ãƒ›ã‚¹ãƒˆç”¨ã® sudoers 内ã«å­˜åœ¨ã—ãªã„å ´åˆã«ãƒ¡ãƒ¼ãƒ«ã‚’é€ä¿¡ã—ã¾ã™" #: plugins/sudoers/def_data.c:63 msgid "Send mail if the user is not allowed to run a command" msgstr "ユーザーãŒè¨±å¯ã•れã¦ã„ãªã„コマンドを実行ã—よã†ã¨ã—ãŸå ´åˆã«ãƒ¡ãƒ¼ãƒ«ã‚’é€ä¿¡ã—ã¾ã™" #: plugins/sudoers/def_data.c:67 msgid "Use a separate timestamp for each user/tty combo" msgstr "ユーザー/tty ã®çµ„ã¿åˆã‚ã›ã”ã¨ã«åˆ†é›¢ã—ãŸã‚¿ã‚¤ãƒ ã‚¹ã‚¿ãƒ³ãƒ—を使用ã—ã¾ã™" #: plugins/sudoers/def_data.c:71 msgid "Lecture user the first time they run sudo" msgstr "ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒæœ€åˆã« sudo を実行ã—ãŸæ™‚ã«è¬›ç¾©ã‚’行ã†" #: plugins/sudoers/def_data.c:75 #, c-format msgid "File containing the sudo lecture: %s" msgstr "sudo ã®è¬›ç¾©ãŒå«ã¾ã‚Œã¦ã„るファイル: %s" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" msgstr "デフォルトã§ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒèªè¨¼ã•れã¦ã„ã‚‹ã“ã¨ã‚’å¿…è¦ã¨ã—ã¾ã™" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" msgstr "root ㌠sudo を実行ã™ã‚‹ã‹ã‚‚ã—れã¾ã›ã‚“" #: plugins/sudoers/def_data.c:87 msgid "Log the hostname in the (non-syslog) log file" msgstr " ログファイル (syslog 以外) ã«è¨˜éŒ²ã™ã‚‹æ™‚ã«ãƒ›ã‚¹ãƒˆåã‚’å«ã‚ã¾ã™" #: plugins/sudoers/def_data.c:91 msgid "Log the year in the (non-syslog) log file" msgstr "ログファイル (syslog 以外) ã«è¨˜éŒ²ã™ã‚‹æ™‚ã«å¹´æƒ…報をå«ã‚ã¾ã™" #: plugins/sudoers/def_data.c:95 msgid "If sudo is invoked with no arguments, start a shell" msgstr "sudo を引数無ã—ã§èµ·å‹•ã—ãŸå ´åˆã€ã‚·ã‚§ãƒ«ã‚’é–‹å§‹ã—ã¾ã™" #: plugins/sudoers/def_data.c:99 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "シェルを -s ã§é–‹å§‹ã—ãŸæ™‚ã« $HOME を変更後ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ›ãƒ¼ãƒ ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«è¨­å®šã—ã¾ã™" #: plugins/sudoers/def_data.c:103 msgid "Always set $HOME to the target user's home directory" msgstr "$HOME を常ã«å¤‰æ›´å¾Œã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ›ãƒ¼ãƒ ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«è¨­å®šã—ã¾ã™" #: plugins/sudoers/def_data.c:107 msgid "Allow some information gathering to give useful error messages" msgstr "å½¹ã«ç«‹ã¤ã‚¨ãƒ©ãƒ¼ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’表示ã™ã‚‹ãŸã‚ã«ã„ãã¤ã‹ã®æƒ…報をåŽé›†ã™ã‚‹ã“ã¨ã‚’許å¯ã—ã¾ã™" #: plugins/sudoers/def_data.c:111 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "sudoers ファイルã«å®Œå…¨ä¿®é£¾ãƒ›ã‚¹ãƒˆå (FQDN) ã‚’è¦æ±‚ã—ã¾ã™" #: plugins/sudoers/def_data.c:115 msgid "Insult the user when they enter an incorrect password" msgstr "é–“é•ã£ãŸãƒ‘スワードを入力ã—ãŸæ™‚ã«ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚’侮辱ã—ã¾ã™" #: plugins/sudoers/def_data.c:119 msgid "Only allow the user to run sudo if they have a tty" msgstr "tty ãŒã‚ã‚‹å ´åˆã®ã¿ sudo ã®å®Ÿè¡Œã‚’許å¯ã—ã¾ã™" #: plugins/sudoers/def_data.c:123 msgid "Visudo will honor the EDITOR environment variable" msgstr "visudo ㌠EDITOR 環境変数を尊é‡ã—ã¦ä½¿ç”¨ã—ã¾ã™" #: plugins/sudoers/def_data.c:127 msgid "Prompt for root's password, not the users's" msgstr "ユーザーã®ãƒ‘スワードã§ã¯ãªãã€root ã®ãƒ‘スワードã®å…¥åŠ›ã‚’è¦æ±‚ã—ã¾ã™" #: plugins/sudoers/def_data.c:131 msgid "Prompt for the runas_default user's password, not the users's" msgstr "ユーザーã®ãƒ‘スワードã§ã¯ãªã〠runas_default ユーザーã®ãƒ‘スワードã®å…¥åŠ›ã‚’è¦æ±‚ã—ã¾ã™" #: plugins/sudoers/def_data.c:135 msgid "Prompt for the target user's password, not the users's" msgstr "ç¾åœ¨ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ‘スワードã§ã¯ãªãã€å¤‰æ›´å…ˆãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ‘スワードã®å…¥åŠ›ã‚’è¦æ±‚ã—ã¾ã™" #: plugins/sudoers/def_data.c:139 msgid "Apply defaults in the target user's login class if there is one" msgstr "変更先ユーザーã®ãƒ­ã‚°ã‚¤ãƒ³ã‚¯ãƒ©ã‚¹ã®ãƒ‡ãƒ•ォルトãŒå­˜åœ¨ã™ã‚‹å ´åˆã¯ã€ãƒ‡ãƒ•ォルトをé©ç”¨ã—ã¾ã™" #: plugins/sudoers/def_data.c:143 msgid "Set the LOGNAME and USER environment variables" msgstr "LOGNAME ãŠã‚ˆã³ USER 環境変数を設定ã—ã¾ã™" #: plugins/sudoers/def_data.c:147 msgid "Only set the effective uid to the target user, not the real uid" msgstr "実効ユーザーIDã®ã¿å¤‰æ›´å…ˆãƒ¦ãƒ¼ã‚¶ãƒ¼ã® UID ã«è¨­å®šã—ã€å®Ÿãƒ¦ãƒ¼ã‚¶ãƒ¼IDã¯å¤‰æ›´ã—ãªã„" #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" msgstr "グループベクトルを変更先ユーザーã®å€¤ã§åˆæœŸåŒ–ã—ãªã„" #: plugins/sudoers/def_data.c:155 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %d" msgstr "ãƒ­ã‚°ãƒ•ã‚¡ã‚¤ãƒ«ã®æ”¹è¡Œã™ã‚‹é•·ã• (0 ã®å ´åˆã¯æ”¹è¡Œã—ãªã„): %d" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "èªè¨¼ã‚¿ã‚¤ãƒ ã‚¹ã‚¿ãƒ³ãƒ—ã®ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆå€¤: %.1f 分" #: plugins/sudoers/def_data.c:163 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰å…¥åŠ›è¦æ±‚ã®ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆå€¤: %.1f 分" #: plugins/sudoers/def_data.c:167 #, c-format msgid "Number of tries to enter a password: %d" msgstr "パスワード入力ã®è©¦è¡Œå›žæ•°: %d" #: plugins/sudoers/def_data.c:171 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "使用ã™ã‚‹ umask 値 (0777 ã®å ´åˆã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®è¨­å®šå€¤ã‚’使用ã—ã¾ã™): 0%o" #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" msgstr "ログファイルã®ãƒ‘ス: %s" #: plugins/sudoers/def_data.c:179 #, c-format msgid "Path to mail program: %s" msgstr "メールプログラムã®ãƒ‘ス: %s" #: plugins/sudoers/def_data.c:183 #, c-format msgid "Flags for mail program: %s" msgstr "メールプログラムã®å¼•数フラグ: %s" #: plugins/sudoers/def_data.c:187 #, c-format msgid "Address to send mail to: %s" msgstr "メールã®é€ä¿¡å…ˆã‚¢ãƒ‰ãƒ¬ã‚¹: %s" #: plugins/sudoers/def_data.c:191 #, c-format msgid "Address to send mail from: %s" msgstr "メールã®é€ä¿¡å…ƒã‚¢ãƒ‰ãƒ¬ã‚¹: %s" #: plugins/sudoers/def_data.c:195 #, c-format msgid "Subject line for mail messages: %s" msgstr "メールã®ä»¶å (Subject) 行: %s" #: plugins/sudoers/def_data.c:199 #, c-format msgid "Incorrect password message: %s" msgstr "パスワードを間é•ã£ãŸæ™‚ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸: %s" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "èªè¨¼ã‚¿ã‚¤ãƒ ã‚¹ã‚¿ãƒ³ãƒ—ディレクトリã®ãƒ‘ス: %s" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "èªè¨¼ã‚¿ã‚¤ãƒ ã‚¹ã‚¿ãƒ³ãƒ—ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã®æ‰€æœ‰è€…: %s" #: plugins/sudoers/def_data.c:211 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "パスワード入力㨠PATH ã®è¦æ±‚ãŒå…除ã•れるグループã«å±žã™ã‚‹ãƒ¦ãƒ¼ã‚¶ãƒ¼: %s" #: plugins/sudoers/def_data.c:215 #, c-format msgid "Default password prompt: %s" msgstr "ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰å…¥åŠ›è¦æ±‚時ã«è¡¨ç¤ºã•れる文字列: %s" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." msgstr "設定ã—ãŸå ´åˆã€ã™ã¹ã¦ã®å ´åˆã«ãŠã„㦠passprompt ãŒã‚·ã‚¹ãƒ†ãƒ ã®å…¥åŠ›è¦æ±‚表示を上書ãã—ã¾ã™" #: plugins/sudoers/def_data.c:223 #, c-format msgid "Default user to run commands as: %s" msgstr "コマンドを実行ã™ã‚‹ãƒ‡ãƒ•ォルトã®å¤‰æ›´å…ˆãƒ¦ãƒ¼ã‚¶ãƒ¼: %s" #: plugins/sudoers/def_data.c:227 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "ユーザー㮠$PATH を上書ãã™ã‚‹æ™‚ã®å€¤: %s" #: plugins/sudoers/def_data.c:231 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "visudo ã§ä½¿ç”¨ã•れるエディターã®ãƒ‘ス: %s" #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "'list' 疑似コマンド使用ã™ã‚‹ãŸã‚ã«ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’è¦æ±‚ã•れる時: %s" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "'verify' 疑似コマンドを使用ã™ã‚‹ãŸã‚ã«ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’è¦æ±‚ã•れる時: %s" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in the sudo_noexec library" msgstr "sudo_noexec ライブラリã«å«ã¾ã‚Œã‚‹ãƒ€ãƒŸãƒ¼ã® exec 関数群を事å‰ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™" # do ã¯ãŸã¶ã‚“強調㮠do #: plugins/sudoers/def_data.c:247 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "LDAP ディレクトリãŒå®Ÿè¡Œä¸­ã®å ´åˆã€ãƒ­ãƒ¼ã‚«ãƒ«ã® sudoers ファイルを無視ã—ã¾ã™" #: plugins/sudoers/def_data.c:251 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "%d 以上ã®å€¤ã‚’ã‚‚ã¤ãƒ•ァイル記述å­ã‚’コマンド実行å‰ã«é–‰ã˜ã¾ã™" #: plugins/sudoers/def_data.c:255 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "設定ã—ãŸå ´åˆã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒ `closefrom' ã®å€¤ã‚’ -C オプションã§ä¸Šæ›¸ãã™ã‚‹ã‹ã‚‚ã—れã¾ã›ã‚“" #: plugins/sudoers/def_data.c:259 msgid "Allow users to set arbitrary environment variables" msgstr "ユーザーãŒä»»æ„ã®ç’°å¢ƒå¤‰æ•°ã‚’設定ã™ã‚‹ã“ã¨ã‚’許å¯ã—ã¾ã™" #: plugins/sudoers/def_data.c:263 msgid "Reset the environment to a default set of variables" msgstr "環境変数ã®é›†åˆã‚’デフォルトã«è¨­å®šã—ã¾ã™" #: plugins/sudoers/def_data.c:267 msgid "Environment variables to check for sanity:" msgstr "正当性ã®ç¢ºèªã‚’行ã†ç’°å¢ƒå¤‰æ•°:" #: plugins/sudoers/def_data.c:271 msgid "Environment variables to remove:" msgstr "削除ã™ã‚‹ç’°å¢ƒå¤‰æ•°:" #: plugins/sudoers/def_data.c:275 msgid "Environment variables to preserve:" msgstr "ä¿è­·ã™ã‚‹ç’°å¢ƒå¤‰æ•°:" #: plugins/sudoers/def_data.c:279 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "æ–°ã—ã„セキュリティコンテキスト内ã§ä½¿ç”¨ã™ã‚‹ SELinux ã®å½¹å‰²: %s" #: plugins/sudoers/def_data.c:283 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "æ–°ã—ã„セキュリティコンテキスト内ã§ä½¿ç”¨ã™ã‚‹ SELinux ã®ã‚¿ã‚¤ãƒ—: %s" #: plugins/sudoers/def_data.c:287 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "sudo 固有ã®ç’°å¢ƒãƒ•ァイルã®ãƒ‘ス: %s" #: plugins/sudoers/def_data.c:291 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "sudoers を構文解æžã™ã‚‹æ™‚ã«ä½¿ç”¨ã™ã‚‹ãƒ­ã‚±ãƒ¼ãƒ«: %s" #: plugins/sudoers/def_data.c:295 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "パスワードãŒè¡¨ç¤ºã•れã¦ã—ã¾ã†çŠ¶æ…‹ã§ã‚ã£ã¦ã‚‚ sudo ãŒãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰å…¥åŠ›ã‚’è¦æ±‚ã™ã‚‹ã“ã¨ã‚’許å¯ã—ã¾ã™" #: plugins/sudoers/def_data.c:299 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰å…¥åŠ›è¦æ±‚ã§ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®å…¥åŠ›ãŒã‚ã£ãŸæ™‚ã«ã€è¦–覚的ãªãƒ•ィードãƒãƒƒã‚¯ã‚’æä¾›ã—ã¾ã™" #: plugins/sudoers/def_data.c:303 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "ファイルシステムã«ã‚¢ã‚¯ã‚»ã‚¹ã—ãªã„ãŒã‚ˆã‚Šæ­£ç¢ºã§ã¯ç„¡ã„ã€ç´ æ—©ã„一致確èªå‡¦ç†ã‚’行ã„ã¾ã™" #: plugins/sudoers/def_data.c:307 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "sudoers ã§æŒ‡å®šã—㟠umask 値ã§ãƒ¦ãƒ¼ã‚¶ãƒ¼ã® umask 値を上書ãã—ã¾ã™ (ユーザー㮠umask 値より緩ã„å ´åˆã§ã‚‚)" #: plugins/sudoers/def_data.c:311 msgid "Log user's input for the command being run" msgstr "コマンドを実行ã—ãŸæ™‚ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼å…¥åŠ›ã‚’ãƒ­ã‚°ã«è¨˜éŒ²ã—ã¾ã™" #: plugins/sudoers/def_data.c:315 msgid "Log the output of the command being run" msgstr "コマンドを実行ã—ãŸæ™‚ã®å‡ºåŠ›ã‚’ãƒ­ã‚°ã«è¨˜éŒ²ã—ã¾ã™" #: plugins/sudoers/def_data.c:319 msgid "Compress I/O logs using zlib" msgstr "I/O ログを zlib を使用ã—ã¦åœ§ç¸®ã—ã¾ã™" #: plugins/sudoers/def_data.c:323 msgid "Always run commands in a pseudo-tty" msgstr "常ã«ç–‘ä¼¼ tty 内ã§ã‚³ãƒžãƒ³ãƒ‰ã‚’実行ã—ã¾ã™" #: plugins/sudoers/def_data.c:327 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "UNIX 以外ã®ã‚°ãƒ«ãƒ¼ãƒ—をサãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã®ãƒ—ラグインã§ã™:%s" #: plugins/sudoers/def_data.c:331 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "入出力 (I/O) ログをä¿å­˜ã™ã‚‹ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã§ã™:%s" #: plugins/sudoers/def_data.c:335 #, c-format msgid "File in which to store the input/output log: %s" msgstr "入出力 (I/O) ログをä¿å­˜ã™ã‚‹ãƒ•ァイルã§ã™:%s" #: plugins/sudoers/def_data.c:339 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "pty を割り当ã¦ãŸæ™‚ã« utmp/utmpx ファイルã«è¨˜éŒ²ã‚’加ãˆã¾ã™" #: plugins/sudoers/def_data.c:343 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "utmp ã«è¨˜éŒ²ã™ã‚‹ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚’ã€å®Ÿè¡Œã—ãŸãƒ¦ãƒ¼ã‚¶ãƒ¼ã§ã¯ãªãã€å¤‰æ›´å¾Œã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã«ã—ã¾ã™" #: plugins/sudoers/def_data.c:347 msgid "Set of permitted privileges" msgstr "許容ã•れる権é™ã®é›†åˆ" #: plugins/sudoers/def_data.c:351 msgid "Set of limit privileges" msgstr "制é™ã•れる権é™ã®é›†åˆ" #: plugins/sudoers/defaults.c:208 #, c-format msgid "unknown defaults entry `%s'" msgstr "䏿˜Žãªãƒ‡ãƒ•ォルト項目 `%s' ã§ã™" #: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226 #: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259 #: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285 #: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318 #: plugins/sudoers/defaults.c:328 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "オプション `%2$s' ã®å€¤ `%1$s' ã¯ç„¡åйã§ã™" #: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229 #: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254 #: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280 #: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313 #: plugins/sudoers/defaults.c:324 #, c-format msgid "no value specified for `%s'" msgstr "`%s' ã«å€¤ãŒæŒ‡å®šã•れã¦ã„ã¾ã›ã‚“" #: plugins/sudoers/defaults.c:242 #, c-format msgid "values for `%s' must start with a '/'" msgstr "`%s' ã®å€¤ã¯ '/' ã§é–‹å§‹ã—ãªã‘れã°ã„ã‘ã¾ã›ã‚“" #: plugins/sudoers/defaults.c:304 #, c-format msgid "option `%s' does not take a value" msgstr "オプション `%s' ã¯å€¤ã‚’ã¨ã‚Šã¾ã›ã‚“" #: plugins/sudoers/env.c:367 #, c-format msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: envp ãŒç ´æã—ã¦ã„ã¾ã™ã€‚é•·ã•ãŒåˆã„ã¾ã›ã‚“" #: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448 #: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167 #: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983 #, c-format msgid "unable to allocate memory" msgstr "メモリ割り当ã¦ã‚’行ãˆã¾ã›ã‚“ã§ã—ãŸ" #: plugins/sudoers/env.c:992 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "ã™ã¿ã¾ã›ã‚“ãŒã€ã‚ãªãŸã¯æ¬¡ã®ç’°å¢ƒå¤‰æ•°ã‚’設定ã™ã‚‹ã“ã¨ã‚’許å¯ã•れã¦ã„ã¾ã›ã‚“: %s" #: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108 #: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125 #: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883 #, c-format msgid "%s: %s" msgstr "%s: %s" #: plugins/sudoers/group_plugin.c:91 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: plugins/sudoers/group_plugin.c:103 #, c-format msgid "%s must be owned by uid %d" msgstr "%s ã®æ‰€æœ‰è€…㯠uid %d ã§ãªã‘れã°ã„ã‘ã¾ã›ã‚“" #: plugins/sudoers/group_plugin.c:107 #, c-format msgid "%s must only be writable by owner" msgstr "%s ã¯æ‰€æœ‰è€…ã®ã¿æ›¸ãè¾¼ã¿å¯èƒ½ã§ãªã‘れã°ã„ã‘ã¾ã›ã‚“" #: plugins/sudoers/group_plugin.c:114 #, c-format msgid "unable to dlopen %s: %s" msgstr "dlopen %s を行ã†ã“ã¨ãŒã§ãã¾ã›ã‚“: %s" #: plugins/sudoers/group_plugin.c:119 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "%s 内ã«ã‚·ãƒ³ãƒœãƒ« \"group_plugin\" ãŒã‚りã¾ã›ã‚“" #: plugins/sudoers/group_plugin.c:124 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: äº’æ›æ€§ã®ãªã„グループプラグインメジャーãƒãƒ¼ã‚¸ãƒ§ãƒ³ %d ã§ã™ã€‚予期ã•れるã®ã¯ %d ã§ã™" #: plugins/sudoers/interfaces.c:112 msgid "Local IP address and netmask pairs:\n" msgstr "ローカル IP アドレスã¨ãƒãƒƒãƒˆãƒžã‚¹ã‚¯ã®çµ„:\n" #: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991 #, c-format msgid "unable to read %s" msgstr "%s を読ã¿è¾¼ã‚ã¾ã›ã‚“" #: plugins/sudoers/iolog.c:208 #, c-format msgid "invalid sequence number %s" msgstr "無効ãªé †åºç•ªå·ã§ã™: %s" #: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261 #: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531 #: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545 #: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561 #: plugins/sudoers/iolog.c:569 #, c-format msgid "unable to create %s" msgstr "%s を作æˆã§ãã¾ã›ã‚“" #: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382 #, c-format msgid "unable to set locale to \"%s\", using \"C\"" msgstr "ロケールを \"%s\" ã«è¨­å®šã§ãã¾ã›ã‚“。 \"C\" を使用ã—ã¾ã™" #: plugins/sudoers/ldap.c:387 #, c-format msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: ãƒãƒ¼ãƒˆãŒå¤§ãã™ãŽã¾ã™" #: plugins/sudoers/ldap.c:410 #, c-format msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: hostbuf を拡張中ã«ãƒ¡ãƒ¢ãƒªç©ºé–“ãŒä¸è¶³ã—ã¾ã—ãŸ" #: plugins/sudoers/ldap.c:440 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "サãƒãƒ¼ãƒˆã•れã¦ãªã„ LDAP URI タイプã§ã™: %s" #: plugins/sudoers/ldap.c:469 #, c-format msgid "invalid uri: %s" msgstr "無効㪠URI ã§ã™: %s" #: plugins/sudoers/ldap.c:475 #, c-format msgid "unable to mix ldap and ldaps URIs" msgstr "ldap 㨠ldaps ã® URI ã‚’æ··ãœã¦ä½¿ç”¨ã§ãã¾ã›ã‚“" #: plugins/sudoers/ldap.c:479 #, c-format msgid "unable to mix ldaps and starttls" msgstr "ldaps 㨠starttls ã‚’æ··ãœã¦ä½¿ç”¨ã§ãã¾ã›ã‚“" #: plugins/sudoers/ldap.c:498 #, c-format msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: hostbuf を構築中ã«ãƒ¡ãƒ¢ãƒªç©ºé–“ãŒä¸è¶³ã—ã¾ã—ãŸ" #: plugins/sudoers/ldap.c:572 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "SSL 証明書ã¨éµãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã‚’åˆæœŸåŒ–ã§ãã¾ã›ã‚“: %s" #: plugins/sudoers/ldap.c:575 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "SSL を使用ã™ã‚‹ãŸã‚ã«ã¯ %s ã®ä¸­ã® TLS_CERT を設定ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™" #: plugins/sudoers/ldap.c:992 #, c-format msgid "unable to get GMT time" msgstr "GMT 時刻をå–å¾—ã§ãã¾ã›ã‚“" #: plugins/sudoers/ldap.c:998 #, c-format msgid "unable to format timestamp" msgstr "ã‚¿ã‚¤ãƒ ã‚¹ã‚¿ãƒ³ãƒ—ã‚’æ›¸å¼æ•´å½¢ã§ãã¾ã›ã‚“" #: plugins/sudoers/ldap.c:1006 #, c-format msgid "unable to build time filter" msgstr "時刻フィルターを構築ã§ãã¾ã›ã‚“" #: plugins/sudoers/ldap.c:1225 #, c-format msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "sudo_ldap_build_pass1 é…ç½®ãŒä¸€è‡´ã—ã¾ã›ã‚“" #: plugins/sudoers/ldap.c:1761 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" "\n" "LDAP 役割: %s\n" #: plugins/sudoers/ldap.c:1763 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" "\n" "LDAP 役割: 䏿˜Ž\n" #: plugins/sudoers/ldap.c:1810 #, c-format msgid " Order: %s\n" msgstr " Order: %s\n" #: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168 #, c-format msgid " Commands:\n" msgstr " コマンド:\n" #: plugins/sudoers/ldap.c:2240 #, c-format msgid "unable to initialize LDAP: %s" msgstr "LDAP ã‚’åˆæœŸåŒ–ã§ãã¾ã›ã‚“: %s" #: plugins/sudoers/ldap.c:2274 #, c-format msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls ãŒæŒ‡å®šã•れã¦ã„ã¾ã™ãŒã€LDAP ライブラリ㌠ldap_start_tls_s() ã¾ãŸã¯ ldap_start_tls_s_np() をサãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“" #: plugins/sudoers/ldap.c:2510 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "無効㪠sudoOrder 属性ã§ã™: %s" #: plugins/sudoers/linux_audit.c:57 #, c-format msgid "unable to open audit system" msgstr "監査システムを開ãã“ã¨ãŒã§ãã¾ã›ã‚“" #: plugins/sudoers/linux_audit.c:93 #, c-format msgid "unable to send audit message" msgstr "監査メッセージをé€ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“" #: plugins/sudoers/logging.c:202 #, c-format msgid "unable to open log file: %s: %s" msgstr "ログファイルを開ã‘ã¾ã›ã‚“: %s: %s" #: plugins/sudoers/logging.c:205 #, c-format msgid "unable to lock log file: %s: %s" msgstr "ログファイルをロックã§ãã¾ã›ã‚“: %s: %s" #: plugins/sudoers/logging.c:260 msgid "user NOT in sudoers" msgstr "ユーザー㌠sudoers 内ã«ã‚りã¾ã›ã‚“" #: plugins/sudoers/logging.c:262 msgid "user NOT authorized on host" msgstr "ホスト上ã§ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒèªè¨¼ã•れã¦ã„ã¾ã›ã‚“" #: plugins/sudoers/logging.c:264 msgid "command not allowed" msgstr "コマンドãŒè¨±å¯ã•れã¦ã„ã¾ã›ã‚“" #: plugins/sudoers/logging.c:274 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s 㯠sudoers ファイル内ã«ã‚りã¾ã›ã‚“。ã“ã®äº‹è±¡ã¯è¨˜éŒ²ãƒ»å ±å‘Šã•れã¾ã™ã€‚\n" #: plugins/sudoers/logging.c:277 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s 㯠%s 上㧠sudo を実行ã™ã‚‹ã“ã¨ã‚’許å¯ã•れã¦ã„ã¾ã›ã‚“。ã“ã®äº‹è±¡ã¯è¨˜éŒ²ãƒ»å ±å‘Šã•れã¾ã™ã€‚\n" #: plugins/sudoers/logging.c:281 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "ユーザー %s 㯠%s 上㧠sudo を実行ã§ãã¾ã›ã‚“。ã™ã¿ã¾ã›ã‚“。\n" #: plugins/sudoers/logging.c:284 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "ユーザー %s ã¯'%s%s%s' ã‚’ %s%s%s ã¨ã—㦠%s 上ã§å®Ÿè¡Œã™ã‚‹ã“ã¨ã¯è¨±å¯ã•れã¦ã„ã¾ã›ã‚“。ã™ã¿ã¾ã›ã‚“。\n" #: plugins/sudoers/logging.c:317 msgid "No user or host" msgstr "ユーザーã¾ãŸã¯ãƒ›ã‚¹ãƒˆãŒã‚りã¾ã›ã‚“" #: plugins/sudoers/logging.c:319 msgid "validation failure" msgstr "検証ã«å¤±æ•—ã—ã¾ã—ãŸ" #: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502 #: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539 #: plugins/sudoers/sudoers.c:1540 #, c-format msgid "%s: command not found" msgstr "%s: コマンドãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“" #: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" "'.' 内ã§è¦‹ã¤ã‹ã£ãŸ `%1$s' を無視ã—ã¾ã™\n" "ã“ã® `%3$s' を実行ã—ãŸã„å ´åˆã¯ `sudo ./%2$s' を使用ã—ã¦ãã ã•ã„。" #: plugins/sudoers/logging.c:352 msgid "authentication failure" msgstr "èªè¨¼å¤±æ•—" #: plugins/sudoers/logging.c:376 #, c-format msgid "%d incorrect password attempt" msgid_plural "%d incorrect password attempts" msgstr[0] "%d 回パスワード試行を間é•ãˆã¾ã—ãŸ" #: plugins/sudoers/logging.c:379 msgid "a password is required" msgstr "パスワードãŒå¿…è¦ã§ã™" #: plugins/sudoers/logging.c:530 #, c-format msgid "unable to fork" msgstr "fork ã§ãã¾ã›ã‚“" #: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599 #, c-format msgid "unable to fork: %m" msgstr "fork ã§ãã¾ã›ã‚“: %m" #: plugins/sudoers/logging.c:589 #, c-format msgid "unable to open pipe: %m" msgstr "パイプを開ã‘ã¾ã›ã‚“: %m" #: plugins/sudoers/logging.c:614 #, c-format msgid "unable to dup stdin: %m" msgstr "標準入力を複製ã§ãã¾ã›ã‚“: %m" #: plugins/sudoers/logging.c:650 #, c-format msgid "unable to execute %s: %m" msgstr "%s を実行ã§ãã¾ã›ã‚“: %m" #: plugins/sudoers/logging.c:865 #, c-format msgid "internal error: insufficient space for log line" msgstr "内部エラー: ログã®è¡Œã«å分ãªç©ºé–“ãŒã‚りã¾ã›ã‚“" #: plugins/sudoers/parse.c:123 #, c-format msgid "parse error in %s near line %d" msgstr "%s 内 %d è¡Œä»˜è¿‘ã§æ§‹æ–‡è§£æžã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸ" #: plugins/sudoers/parse.c:126 #, c-format msgid "parse error in %s" msgstr "%s å†…ã§æ§‹æ–‡è§£æžã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸ" #: plugins/sudoers/parse.c:414 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" "\n" "sudoers é …ç›®:\n" #: plugins/sudoers/parse.c:416 #, c-format msgid " RunAsUsers: " msgstr " RunAsUsers: " #: plugins/sudoers/parse.c:431 #, c-format msgid " RunAsGroups: " msgstr " RunAsGroups: " #: plugins/sudoers/parse.c:440 #, c-format msgid "" " Commands:\n" "\t" msgstr "" " コマンド:\n" "\t" #: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105 msgid ": " msgstr ": " #: plugins/sudoers/pwutil.c:278 #, c-format msgid "unable to cache uid %u (%s), already exists" msgstr "ユーザーID %u (%s) をキャッシュã§ãã¾ã›ã‚“。ã™ã§ã«å­˜åœ¨ã—ã¾ã™" #: plugins/sudoers/pwutil.c:286 #, c-format msgid "unable to cache uid %u, already exists" msgstr "ユーザーID %u をキャッシュã§ãã¾ã›ã‚“。ã™ã§ã«å­˜åœ¨ã—ã¾ã™" #: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331 #, c-format msgid "unable to cache user %s, already exists" msgstr "ユーザー %s をキャッシュã§ãã¾ã›ã‚“。ã™ã§ã«å­˜åœ¨ã—ã¾ã™" #: plugins/sudoers/pwutil.c:668 #, c-format msgid "unable to cache gid %u (%s), already exists" msgstr "グループID %u (%s) をキャッシュã§ãã¾ã›ã‚“。ã™ã§ã«å­˜åœ¨ã—ã¾ã™" #: plugins/sudoers/pwutil.c:676 #, c-format msgid "unable to cache gid %u, already exists" msgstr "グループID %u をキャッシュã§ãã¾ã›ã‚“。ã™ã§ã«å­˜åœ¨ã—ã¾ã™" #: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715 #, c-format msgid "unable to cache group %s, already exists" msgstr "グループ %s をキャッシュã§ãã¾ã›ã‚“。ã™ã§ã«å­˜åœ¨ã—ã¾ã™" #: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436 #: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114 #: plugins/sudoers/set_perms.c:1396 msgid "perm stack overflow" msgstr "perm スタックãŒã‚ªãƒ¼ãƒãƒ¼ãƒ•ローã—ã¾ã—ãŸ" #: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444 #: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122 #: plugins/sudoers/set_perms.c:1404 msgid "perm stack underflow" msgstr "perm スタックãŒã‚¢ãƒ³ãƒ€ãƒ¼ãƒ•ローã—ã¾ã—ãŸ" #: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580 #: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243 msgid "unable to change to runas gid" msgstr "実行ã™ã‚‹ãŸã‚ã®ã‚°ãƒ«ãƒ¼ãƒ—IDã«å¤‰æ›´ã§ãã¾ã›ã‚“" #: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592 #: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253 msgid "unable to change to runas uid" msgstr "実行ã™ã‚‹ãŸã‚ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼IDã«å¤‰æ›´ã§ãã¾ã›ã‚“" #: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610 #: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269 msgid "unable to change to sudoers gid" msgstr "sudoers ã®ã‚°ãƒ«ãƒ¼ãƒ—IDã¸å¤‰æ›´ã§ãã¾ã›ã‚“" #: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681 #: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315 #: plugins/sudoers/set_perms.c:1474 msgid "too many processes" msgstr "プロセスãŒå¤šã™ãŽã¾ã™" #: plugins/sudoers/set_perms.c:1542 msgid "unable to set runas group vector" msgstr "グループベクトルを実行ã™ã‚‹ãŸã‚ã®ã‚‚ã®ã«å¤‰æ›´ã§ãã¾ã›ã‚“" #: plugins/sudoers/sssd.c:251 #, c-format msgid "Unable to dlopen %s: %s" msgstr "dlopen %s を行ã†ã“ã¨ãŒã§ãã¾ã›ã‚“: %s" #: plugins/sudoers/sssd.c:252 #, c-format msgid "Unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "SSS ã®ã‚½ãƒ¼ã‚¹ã‚’åˆæœŸåŒ–ã§ãã¾ã›ã‚“。SSSD ã¯ã‚ãªãŸã®ãƒžã‚·ãƒ³ã«ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã•れã¦ã„ã¾ã™ã‹ï¼Ÿ" #: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266 #: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280 #: plugins/sudoers/sssd.c:287 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "シンボル \"%s\" ㌠%s 内ã«ã‚りã¾ã›ã‚“" #: plugins/sudoers/sudo_nss.c:267 #, c-format msgid "Matching Defaults entries for %s on this host:\n" msgstr "ã“ã®ãƒ›ã‚¹ãƒˆä¸Šã§ãƒ¦ãƒ¼ã‚¶ãƒ¼ %s ã«ä¸€è‡´ã—ãŸãƒ‡ãƒ•ォルト項目:\n" #: plugins/sudoers/sudo_nss.c:280 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "ユーザー %s 用㮠Runas ãŠã‚ˆã³ã‚³ãƒžãƒ³ãƒ‰ç‰¹æœ‰ã®ãƒ‡ãƒ•ォルト:\n" #: plugins/sudoers/sudo_nss.c:293 #, c-format msgid "User %s may run the following commands on this host:\n" msgstr "ユーザー %s ã¯æ¬¡ã®ã‚³ãƒžãƒ³ãƒ‰ã‚’ã“ã®ãƒ›ã‚¹ãƒˆä¸Šã§å®Ÿè¡Œã§ãã¾ã™:\n" #: plugins/sudoers/sudo_nss.c:302 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "ユーザー %s 㯠%s 上㧠sudo を実行ã™ã‚‹ã“ã¨ã‚’許å¯ã•れã¦ã„ã¾ã›ã‚“。\n" #: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243 #: plugins/sudoers/sudoers.c:953 msgid "problem with defaults entries" msgstr "デフォルト項目ã§å•題ãŒç™ºç”Ÿã—ã¾ã—ãŸ" #: plugins/sudoers/sudoers.c:216 #, c-format msgid "no valid sudoers sources found, quitting" msgstr "有効㪠sudoers ã®ã‚½ãƒ¼ã‚¹ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“。終了ã—ã¾ã™" #: plugins/sudoers/sudoers.c:268 #, c-format msgid "unable to execute %s: %s" msgstr "%s を実行ã§ãã¾ã›ã‚“: %s" #: plugins/sudoers/sudoers.c:335 #, c-format msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers ã®æŒ‡å®šã«ã‚ˆã‚Š root ㌠sudo を使用ã™ã‚‹ã“ã¨ã¯ç¦æ­¢ã•れã¦ã„ã¾ã™" #: plugins/sudoers/sudoers.c:342 #, c-format msgid "you are not permitted to use the -C option" msgstr "-C オプションを使用ã™ã‚‹ã“ã¨ã¯è¨±å¯ã•れã¦ã„ã¾ã›ã‚“" #: plugins/sudoers/sudoers.c:431 #, c-format msgid "timestamp owner (%s): No such user" msgstr "ã‚¿ã‚¤ãƒ ã‚¹ã‚¿ãƒ³ãƒ—ã®æ‰€æœ‰è€… (%s): ãã®ã‚ˆã†ãªãƒ¦ãƒ¼ã‚¶ãƒ¼ã¯ã‚りã¾ã›ã‚“" #: plugins/sudoers/sudoers.c:447 msgid "no tty" msgstr "tty ãŒã‚りã¾ã›ã‚“" #: plugins/sudoers/sudoers.c:448 #, c-format msgid "sorry, you must have a tty to run sudo" msgstr "sudo を実行ã™ã‚‹ã«ã¯ tty ãŒãªã‘れã°ã„ã‘ã¾ã›ã‚“。ã™ã¿ã¾ã›ã‚“" #: plugins/sudoers/sudoers.c:498 msgid "command in current directory" msgstr "コマンドãŒã‚«ãƒ¬ãƒ³ãƒˆãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«ã‚りã¾ã™" #: plugins/sudoers/sudoers.c:510 #, c-format msgid "sorry, you are not allowed to preserve the environment" msgstr "ã‚ãªãŸã¯ç’°å¢ƒå¤‰æ•°ã‚’ä¿è­·ã™ã‚‹ã“ã¨ã‚’許å¯ã•れã¦ã„ã¾ã›ã‚“。ã™ã¿ã¾ã›ã‚“" #: plugins/sudoers/sudoers.c:1006 #, c-format msgid "%s is not a regular file" msgstr "%s ã¯é€šå¸¸ãƒ•ァイルã§ã¯ã‚りã¾ã›ã‚“" #: plugins/sudoers/sudoers.c:1009 toke.l:846 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ID %u ã«ã‚ˆã£ã¦æ‰€æœ‰ã•れã¦ã„ã¾ã™ã€‚ã“れ㯠%u ã§ã‚ã‚‹ã¹ãã§ã™" #: plugins/sudoers/sudoers.c:1013 toke.l:853 #, c-format msgid "%s is world writable" msgstr "%s ã¯èª°ã§ã‚‚書ãè¾¼ã¿å¯èƒ½ã§ã™" #: plugins/sudoers/sudoers.c:1016 toke.l:858 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s ã®ã‚°ãƒ«ãƒ¼ãƒ—ID㯠%u ã«ãªã£ã¦ã„ã¾ã™ã€‚ã“れ㯠%u ã§ã‚ã‚‹ã¹ãã§ã™" #: plugins/sudoers/sudoers.c:1043 #, c-format msgid "only root can use `-c %s'" msgstr "root ã®ã¿ `-c %s' を使用ã§ãã¾ã™" #: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062 #, c-format msgid "unknown login class: %s" msgstr "䏿˜Žãªãƒ­ã‚°ã‚¤ãƒ³ã‚¯ãƒ©ã‚¹ã§ã™: %s" #: plugins/sudoers/sudoers.c:1089 #, c-format msgid "unable to resolve host %s" msgstr "ホスト %s ã®åå‰è§£æ±ºãŒã§ãã¾ã›ã‚“" #: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387 #, c-format msgid "unknown group: %s" msgstr "䏿˜Žãªã‚°ãƒ«ãƒ¼ãƒ—ã§ã™: %s" #: plugins/sudoers/sudoers.c:1190 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "sudoers ãƒãƒªã‚·ãƒ¼ãƒ—ラグイン ãƒãƒ¼ã‚¸ãƒ§ãƒ³ %s\n" #: plugins/sudoers/sudoers.c:1192 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "sudoers ファイル文法ãƒãƒ¼ã‚¸ãƒ§ãƒ³ %d\n" #: plugins/sudoers/sudoers.c:1196 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" "\n" "sudoers ã®ãƒ‘ス: %s\n" #: plugins/sudoers/sudoers.c:1199 #, c-format msgid "nsswitch path: %s\n" msgstr "nsswitch ã®ãƒ‘ス: %s\n" #: plugins/sudoers/sudoers.c:1201 #, c-format msgid "ldap.conf path: %s\n" msgstr "ldap.conf ã®ãƒ‘ス: %s\n" #: plugins/sudoers/sudoers.c:1202 #, c-format msgid "ldap.secret path: %s\n" msgstr "ldap.secret ã®ãƒ‘ス: %s\n" #: plugins/sudoers/sudoreplay.c:293 #, c-format msgid "invalid filter option: %s" msgstr "無効ãªãƒ•ィルターオプションã§ã™: %s" #: plugins/sudoers/sudoreplay.c:306 #, c-format msgid "invalid max wait: %s" msgstr "ç„¡åŠ¹ãªæœ€å¤§å¾…機時間ã§ã™: %s" #: plugins/sudoers/sudoreplay.c:312 #, c-format msgid "invalid speed factor: %s" msgstr "無効㪠speed_factor ã®å€¤ã§ã™: %s" #: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187 #, c-format msgid "%s version %s\n" msgstr "%s ãƒãƒ¼ã‚¸ãƒ§ãƒ³ %s\n" #: plugins/sudoers/sudoreplay.c:340 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/タイミング: %s" #: plugins/sudoers/sudoreplay.c:346 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/タイミング: %s" #: plugins/sudoers/sudoreplay.c:364 #, c-format msgid "Replaying sudo session: %s\n" msgstr "リプレイã™ã‚‹ sudo セッション: %s\n" #: plugins/sudoers/sudoreplay.c:370 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "警告: ログをãã¡ã‚“ã¨ãƒªãƒ—レイã™ã‚‹ã«ã¯ç«¯æœ«ãŒå°ã•ã™ãŽã¾ã™ã€‚\n" #: plugins/sudoers/sudoreplay.c:371 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "ログã®å¤§ãã•㯠%d x %d ã§ã€ç«¯æœ«ã®å¤§ãã•㯠%d x %d ã§ã™ã€‚" #: plugins/sudoers/sudoreplay.c:401 #, c-format msgid "unable to set tty to raw mode" msgstr "tty ã‚’ raw モードã«è¨­å®šã§ãã¾ã›ã‚“" #: plugins/sudoers/sudoreplay.c:418 #, c-format msgid "invalid timing file line: %s" msgstr "無効ãªã‚¿ã‚¤ãƒŸãƒ³ã‚°ãƒ•ァイルã®è¡Œã§ã™: %s" #: plugins/sudoers/sudoreplay.c:501 #, c-format msgid "writing to standard output" msgstr "æ¨™æº–å‡ºåŠ›ã«æ›¸ã込んã§ã„ã¾ã™" #: plugins/sudoers/sudoreplay.c:530 #, c-format msgid "nanosleep: tv_sec %ld, tv_nsec %ld" msgstr "nanosleep: tv_sec %ld, tv_nsec %ld" #: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668 #, c-format msgid "ambiguous expression \"%s\"" msgstr "曖昧ãªå¼ \"%s ã§ã™\"" #: plugins/sudoers/sudoreplay.c:685 #, c-format msgid "too many parenthesized expressions, max %d" msgstr "å¼å†…ã®å°æ‹¬å¼§ã®ããりãŒå¤šã™ãŽã¾ã™ã€‚最大㯠%d ã§ã™ã€‚" #: plugins/sudoers/sudoreplay.c:696 #, c-format msgid "unmatched ')' in expression" msgstr "å¼å†…ã§ ')' ãŒä¸ä¸€è‡´ã§ã™" #: plugins/sudoers/sudoreplay.c:702 #, c-format msgid "unknown search term \"%s\"" msgstr "䏿˜Žãªæ¤œç´¢èªž \"%s\" ã§ã™" #: plugins/sudoers/sudoreplay.c:716 #, c-format msgid "%s requires an argument" msgstr "%s ã¯å¼•æ•°ãŒå¿…è¦ã§ã™" #: plugins/sudoers/sudoreplay.c:720 #, c-format msgid "invalid regular expression: %s" msgstr "ç„¡åŠ¹ãªæ­£è¦è¡¨ç¾ã§ã™: %s" #: plugins/sudoers/sudoreplay.c:726 #, c-format msgid "could not parse date \"%s\"" msgstr "日付 \"%s\" を構文解æžã§ãã¾ã›ã‚“ã§ã—ãŸ" #: plugins/sudoers/sudoreplay.c:739 #, c-format msgid "unmatched '(' in expression" msgstr "å¼å†…ã§ '(' ãŒä¸ä¸€è‡´ã§ã™" #: plugins/sudoers/sudoreplay.c:741 #, c-format msgid "illegal trailing \"or\"" msgstr "末尾㫠\"or\" ã‚’é…ç½®ã§ãã¾ã›ã‚“" #: plugins/sudoers/sudoreplay.c:743 #, c-format msgid "illegal trailing \"!\"" msgstr "末尾㫠\"!\" ã‚’é…ç½®ã§ãã¾ã›ã‚“" #: plugins/sudoers/sudoreplay.c:1050 #, c-format msgid "invalid regex: %s" msgstr "ç„¡åŠ¹ãªæ­£è¦è¡¨ç¾ã§ã™: %s" #: plugins/sudoers/sudoreplay.c:1174 #, c-format msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" msgstr "使用法: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" #: plugins/sudoers/sudoreplay.c:1177 #, c-format msgid "usage: %s [-h] [-d directory] -l [search expression]\n" msgstr "使用法: %s [-h] [-d directory] -l [search expression]\n" #: plugins/sudoers/sudoreplay.c:1186 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" "%s - sudo セッションログをリプレイã—ã¾ã™\n" "\n" #: plugins/sudoers/sudoreplay.c:1188 msgid "" "\n" "Options:\n" " -d directory specify directory for session logs\n" " -f filter specify which I/O type to display\n" " -h display help message and exit\n" " -l [expression] list available session IDs that match expression\n" " -m max_wait max number of seconds to wait between events\n" " -s speed_factor speed up or slow down output\n" " -V display version information and exit" msgstr "" "\n" "オプション:\n" " -d directory セッションログã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’指定ã™ã‚‹\n" " -f filter 表示ã™ã‚‹ I/O タイプを指定ã™ã‚‹\n" " -h ヘルプメッセージを表示ã—ã¦çµ‚了ã™ã‚‹\n" " -l [expression] expression ã«ä¸€è‡´ã™ã‚‹ä½¿ç”¨å¯èƒ½ãªã‚»ãƒƒã‚·ãƒ§ãƒ³ID\n" " を一覧表示ã™ã‚‹\n" " -m max_wait イベント間ã®å¾…ã¡æ™‚é–“ã®æœ€å¤§ç§’数を指定ã™ã‚‹\n" " -s speed_factor 出力速度を速ãã™ã‚‹ã€ã¾ãŸã¯é…ãã™ã‚‹\n" " -V ãƒãƒ¼ã‚¸ãƒ§ãƒ³æƒ…報を表示ã—ã¦çµ‚了ã™ã‚‹" #: plugins/sudoers/testsudoers.c:338 msgid "\thost unmatched" msgstr "\tホストãŒä¸€è‡´ã—ã¾ã›ã‚“" #: plugins/sudoers/testsudoers.c:341 msgid "" "\n" "Command allowed" msgstr "" "\n" "コマンドãŒè¨±å¯ã•れã¾ã—ãŸ" #: plugins/sudoers/testsudoers.c:342 msgid "" "\n" "Command denied" msgstr "" "\n" "ã‚³ãƒžãƒ³ãƒ‰ãŒæ‹’å¦ã•れã¾ã—ãŸ" #: plugins/sudoers/testsudoers.c:342 msgid "" "\n" "Command unmatched" msgstr "" "\n" "コマンドãŒä¸€è‡´ã—ã¾ã›ã‚“ã§ã—ãŸ" #: plugins/sudoers/toke_util.c:218 msgid "fill_args: buffer overflow" msgstr "fill_args: ãƒãƒƒãƒ•ァオーãƒãƒ¼ãƒ•ローãŒç™ºç”Ÿã—ã¾ã—ãŸ" #: plugins/sudoers/visudo.c:188 #, c-format msgid "%s grammar version %d\n" msgstr "%s 文法ãƒãƒ¼ã‚¸ãƒ§ãƒ³ %d\n" #: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541 #, c-format msgid "press return to edit %s: " msgstr "%s を編集ã™ã‚‹ãŸã‚ã«ãƒªã‚¿ãƒ¼ãƒ³ã‚’押ã—ã¦ãã ã•ã„: " #: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341 #, c-format msgid "write error" msgstr "書ãè¾¼ã¿ã‚¨ãƒ©ãƒ¼ã§ã™" #: plugins/sudoers/visudo.c:423 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "一時ファイル (%s) ã®çŠ¶æ…‹å–å¾— (stat) ãŒã§ãã¾ã›ã‚“。%s ã¯å¤‰æ›´ã•れã¾ã›ã‚“" #: plugins/sudoers/visudo.c:428 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "一時ファイル (%s) ã®å¤§ãã•㌠0 ã§ã™ã€‚%s ã¯å¤‰æ›´ã•れã¾ã›ã‚“" #: plugins/sudoers/visudo.c:434 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "エディター (%s) ãŒç•°å¸¸çµ‚了ã—ã¾ã—ãŸã€‚%s ã¯å¤‰æ›´ã•れã¾ã›ã‚“" #: plugins/sudoers/visudo.c:457 #, c-format msgid "%s unchanged" msgstr "%s ã¯å¤‰æ›´ã•れã¾ã›ã‚“" #: plugins/sudoers/visudo.c:486 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "一時ファイル (%s) ã‚’å†åº¦é–‹ãã“ã¨ãŒã§ãã¾ã›ã‚“。%s ã¯å¤‰æ›´ã•れã¾ã›ã‚“。" #: plugins/sudoers/visudo.c:496 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "一時ファイル (%s) ã®æ§‹æ–‡è§£æžãŒã§ãã¾ã›ã‚“ã€‚ä¸æ˜Žãªã‚¨ãƒ©ãƒ¼ã§ã™" #: plugins/sudoers/visudo.c:534 #, c-format msgid "internal error, unable to find %s in list!" msgstr "内部エラーã€ãƒªã‚¹ãƒˆå†…ã« %s ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“!" #: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "%s ã® (ユーザーID, グループID) ã‚’ (%u, %u) ã«è¨­å®šã§ãã¾ã›ã‚“" #: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "%s ã®ã‚¢ã‚¯ã‚»ã‚¹æ¨©é™ã®ãƒ¢ãƒ¼ãƒ‰ã‚’ 0%o ã«å¤‰æ›´ã§ãã¾ã›ã‚“" #: plugins/sudoers/visudo.c:617 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s 㨠%s ã¯åŒã˜ãƒ•ァイルシステム上ã«ã‚りã¾ã›ã‚“。åå‰ã‚’変更ã™ã‚‹ãŸã‚ã« mv を使用ã—ã¦ã„ã¾ã™" #: plugins/sudoers/visudo.c:631 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "コマンドã®å¤±æ•—ã§ã™: '%s %s %s'。%s ã¯å¤‰æ›´ã•れã¾ã›ã‚“" #: plugins/sudoers/visudo.c:641 #, c-format msgid "error renaming %s, %s unchanged" msgstr "%s ã®åå‰å¤‰æ›´ã«å¤±æ•—ã—ã¾ã—ãŸã€‚%s ã¯å¤‰æ›´ã•れã¾ã›ã‚“" #: plugins/sudoers/visudo.c:704 msgid "What now? " msgstr "次ã¯ä½•ã§ã—ょã†ã‹? " #: plugins/sudoers/visudo.c:718 msgid "" "Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" "オプション:\n" " e -- sudoers ファイルをå†åº¦ç·¨é›†ã—ã¾ã™\n" " x -- sudoers ファイルã¸ã®å¤‰æ›´ã‚’ä¿å­˜ã›ãšã«çµ‚了ã—ã¾ã™\n" " Q -- sudoers ファイルã¸ã®å¤‰æ›´ã‚’ä¿å­˜ã—ã¦çµ‚了ã—ã¾ã™ (*å±é™ºã§ã™!*)\n" #: plugins/sudoers/visudo.c:759 #, c-format msgid "unable to execute %s" msgstr "%s を実行ã§ãã¾ã›ã‚“" #: plugins/sudoers/visudo.c:766 #, c-format msgid "unable to run %s" msgstr "%s を実行ã§ãã¾ã›ã‚“" #: plugins/sudoers/visudo.c:792 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: 所有権ã«èª¤ã‚ŠãŒã‚りã¾ã™ã€‚(ユーザーID, グループID) 㯠(%u, %u) ã§ã‚ã‚‹ã¹ãã§ã™\n" #: plugins/sudoers/visudo.c:799 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: アクセス権é™ã«èª¤ã‚ŠãŒã‚りã¾ã™ã€‚モード㯠0%o ã§ã‚ã‚‹ã¹ãã§ã™\n" #: plugins/sudoers/visudo.c:824 #, c-format msgid "failed to parse %s file, unknown error" msgstr "%s ãƒ•ã‚¡ã‚¤ãƒ«ã®æ§‹æ–‡è§£æžã«å¤±æ•—ã—ã¾ã—ãŸã€‚䏿˜Žãªã‚¨ãƒ©ãƒ¼ã§ã™" #: plugins/sudoers/visudo.c:837 #, c-format msgid "parse error in %s near line %d\n" msgstr "%s 内 %d è¡Œä»˜è¿‘ã§æ§‹æ–‡è§£æžã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸ\n" #: plugins/sudoers/visudo.c:840 #, c-format msgid "parse error in %s\n" msgstr "%s å†…ã§æ§‹æ–‡è§£æžã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸ\n" #: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852 #, c-format msgid "%s: parsed OK\n" msgstr "%s: æ­£ã—ãæ§‹æ–‡è§£æžã•れã¾ã—ãŸ\n" #: plugins/sudoers/visudo.c:899 #, c-format msgid "%s busy, try again later" msgstr "%s ãŒãƒ“ジー状態ã§ã™ã€‚後ã§å†è©¦è¡Œã—ã¦ãã ã•ã„" #: plugins/sudoers/visudo.c:943 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "指定ã—ãŸã‚¨ãƒ‡ã‚£ã‚¿ãƒ¼ (%s) ãŒå­˜åœ¨ã—ã¾ã›ã‚“" #: plugins/sudoers/visudo.c:966 #, c-format msgid "unable to stat editor (%s)" msgstr "エディター (%s) ã®çŠ¶æ…‹å–å¾— (stat) ãŒã§ãã¾ã›ã‚“" #: plugins/sudoers/visudo.c:1014 #, c-format msgid "no editor found (editor path = %s)" msgstr "エディターãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ (エディターã®ãƒ‘ス = %s)" #: plugins/sudoers/visudo.c:1108 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "エラー: %s_Alias `%s' 内ã«å¾ªç’°ãŒã‚りã¾ã™" #: plugins/sudoers/visudo.c:1109 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "警告: %s_Alias `%s' 内ã«å¾ªç’°ãŒã‚りã¾ã™" #: plugins/sudoers/visudo.c:1112 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "エラー: %s_Alias `%s' ã¯å‚ç…§ã•れã¦ã„ã¾ã™ãŒå®šç¾©ã•れã¦ã„ã¾ã›ã‚“" #: plugins/sudoers/visudo.c:1113 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "警告: %s_Alias `%s' ã¯å‚ç…§ã•れã¦ã„ã¾ã™ãŒå®šç¾©ã•れã¦ã„ã¾ã›ã‚“" #: plugins/sudoers/visudo.c:1248 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s: %s_Alias %s ã¯ä½¿ç”¨ã•れã¦ã„ã¾ã›ã‚“" #: plugins/sudoers/visudo.c:1304 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" "%s - sudoers ファイルを安全ã«ç·¨é›†ã™ã‚‹\n" "\n" #: plugins/sudoers/visudo.c:1306 msgid "" "\n" "Options:\n" " -c check-only mode\n" " -f sudoers specify sudoers file location\n" " -h display help message and exit\n" " -q less verbose (quiet) syntax error messages\n" " -s strict syntax checking\n" " -V display version information and exit" msgstr "" "\n" "オプション:\n" " -c 検査ã®ã¿ã‚’行ã†\n" " -f sudoers sudoers ファイルã®ä½ç½®ã‚’指定ã™ã‚‹\n" " -h ヘルプメッセージを表示ã—ã¦çµ‚了ã™ã‚‹\n" " -q 文法エラーメッセージをより少ãªã (é™ã‹ã«) ã™ã‚‹\n" " -s åŽ³å¯†ãªæ–‡æ³•検査を行ã†\n" " -V ãƒãƒ¼ã‚¸ãƒ§ãƒ³æƒ…報を表示ã—ã¦çµ‚了ã™ã‚‹" #: toke.l:820 msgid "too many levels of includes" msgstr "インクルードã®éšŽå±¤ãŒå¤§ãã™ãŽã¾ã™" #~ msgid "internal error, expand_prompt() overflow" #~ msgstr "内部エラーã€expand_prompt() ãŒã‚ªãƒ¼ãƒãƒ¼ãƒ•ローã—ã¾ã—ãŸ" #~ msgid "internal error, sudo_setenv2() overflow" #~ msgstr "内部エラー〠sudo_setenv2() ãŒã‚ªãƒ¼ãƒãƒ¼ãƒ•ローã—ã¾ã—ãŸ" #~ msgid "internal error, sudo_setenv() overflow" #~ msgstr "内部エラー〠sudo_setenv() ãŒã‚ªãƒ¼ãƒãƒ¼ãƒ•ローã—ã¾ã—ãŸ" #~ msgid "internal error, linux_audit_command() overflow" #~ msgstr "内部エラーã€linux_audit_command() ãŒã‚ªãƒ¼ãƒãƒ¼ãƒ•ローã—ã¾ã—ãŸ" #~ msgid "internal error, runas_groups overflow" #~ msgstr "内部エラーã€runas_groups ãŒã‚ªãƒ¼ãƒãƒ¼ãƒ•ローã—ã¾ã—ãŸ" #~ msgid "internal error, init_vars() overflow" #~ msgstr "内部エラーã€init_vars() ãŒã‚ªãƒ¼ãƒãƒ¼ãƒ•ローã—ã¾ã—ãŸ" #~ msgid "invalid log file %s" #~ msgstr "ログファイル %s ã¯ç„¡åйã§ã™" #~ msgid "fixed mode on %s" #~ msgstr "%s ã®ã‚¢ã‚¯ã‚»ã‚¹æ¨©é™ã®ãƒ¢ãƒ¼ãƒ‰ã‚’修正ã—ã¾ã—ãŸ" #~ msgid "set group on %s" #~ msgstr "%s ã®ã‚°ãƒ«ãƒ¼ãƒ—を設定ã—ã¾ã—ãŸ" #~ msgid "unable to set group on %s" #~ msgstr "%s ã®ã‚°ãƒ«ãƒ¼ãƒ—を設定ã§ãã¾ã›ã‚“" #~ msgid "unable to fix mode on %s" #~ msgstr "%s ã®ã‚¢ã‚¯ã‚»ã‚¹æ¨©é™ã®ãƒ¢ãƒ¼ãƒ‰ã‚’修正ã§ãã¾ã›ã‚“" #~ msgid "%s is mode 0%o, should be 0%o" #~ msgstr "%s ã®ã‚¢ã‚¯ã‚»ã‚¹æ¨©é™ã®ãƒ¢ãƒ¼ãƒ‰ã¯ 0%o ã§ã™ã€‚ã“れ㯠0%o ã§ã‚ã‚‹ã¹ãã§ã™" #~ msgid "File containing dummy exec functions: %s" #~ msgstr "å½ã® exec 関数ãŒå«ã¾ã‚Œã‚‹ãƒ•ァイル: %s" sudo-1.8.9p5/plugins/sudoers/po/lt.mo010064400175440000012000000036631226304146200171130ustar00millertstaffÞ•œxFy@À##%I!d†– ™ £C®'ò*Eõ_VU@¬%í%9'T|…Œ S¬??@2€    %s is not allowed to run sudo on %s. This incident will be reported. %s is not in the sudoers file. This incident will be reported. %s is owned by gid %u, should be %u%s is owned by uid %u, should be %u%s must be owned by uid %d%s must only be writable by owner%s%s: %s%s: %s: Password:Password: Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s. Sorry, user %s may not run sudo on %s. User %s is not allowed to run sudo on %s. only root can use `-c %s'Project-Id-Version: sudoers 1.8.4rc1 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2012-02-06 15:48-0500 PO-Revision-Date: 2012-02-25 11:56+0200 Last-Translator: Algimantas MargeviÄius Language-Team: Lithuanian Language: lt MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n%100<10 || n%100>=20) ? 1 : 2) %s neleidžiama vykdyti „sudo“ kompiuteryje %s. Apie šį įvykį bus praneÅ¡ta. %s nÄ—ra „sudoers“ faile. Apie šį įvykį bus praneÅ¡ta. %s priklauso gid %u, nors turÄ—tų %u%s priklauso uid %u, nors turÄ—tų %u%s turi priklausyti uid %d%s turi bÅ«ti įraÅ¡omas tik savininkui%s%s: %s%s: %s: Slaptažodis:Slaptažodis: Deja, naudotojui %s neleidžiama vykdyti „%s%s%s“ kaip %s%s%s kompiuteryje %s. Deja, naudotojas %s negali vykdyti „sudo“ kompiuteryje %s. Naudotojui %s neleidžiama vykdyti „sudo“ kompiuteryje %s. „-c %s“ gali naudoti tik „root“ naudotojassudo-1.8.9p5/plugins/sudoers/po/lt.po010064400175440000012000001133601226304126200171100ustar00millertstaff# SOME DESCRIPTIVE TITLE. # This file is put in the public domain. # FIRST AUTHOR , YEAR. # Algimantas MargeviÄius , 2012. # msgid "" msgstr "" "Project-Id-Version: sudoers 1.8.4rc1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2012-02-06 15:48-0500\n" "PO-Revision-Date: 2012-02-25 11:56+0200\n" "Last-Translator: Algimantas MargeviÄius \n" "Language-Team: Lithuanian \n" "Language: lt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n%100<10 || n%100>=20) ? 1 : 2)\n" #: plugins/sudoers/alias.c:125 #, c-format msgid "Alias `%s' already defined" msgstr "" #: plugins/sudoers/bsm_audit.c:61 plugins/sudoers/bsm_audit.c:64 #: plugins/sudoers/bsm_audit.c:113 plugins/sudoers/bsm_audit.c:117 #: plugins/sudoers/bsm_audit.c:169 plugins/sudoers/bsm_audit.c:173 msgid "getaudit: failed" msgstr "" #: plugins/sudoers/bsm_audit.c:91 plugins/sudoers/bsm_audit.c:154 msgid "Could not determine audit condition" msgstr "" #: plugins/sudoers/bsm_audit.c:102 msgid "getauid failed" msgstr "" #: plugins/sudoers/bsm_audit.c:104 plugins/sudoers/bsm_audit.c:163 msgid "au_open: failed" msgstr "" #: plugins/sudoers/bsm_audit.c:119 plugins/sudoers/bsm_audit.c:175 msgid "au_to_subject: failed" msgstr "" #: plugins/sudoers/bsm_audit.c:123 plugins/sudoers/bsm_audit.c:179 msgid "au_to_exec_args: failed" msgstr "" #: plugins/sudoers/bsm_audit.c:127 plugins/sudoers/bsm_audit.c:188 msgid "au_to_return32: failed" msgstr "" #: plugins/sudoers/bsm_audit.c:130 plugins/sudoers/bsm_audit.c:191 msgid "unable to commit audit record" msgstr "" #: plugins/sudoers/bsm_audit.c:161 msgid "getauid: failed" msgstr "" #: plugins/sudoers/bsm_audit.c:184 msgid "au_to_text: failed" msgstr "" #: plugins/sudoers/check.c:158 #, c-format msgid "sorry, a password is required to run %s" msgstr "" #: plugins/sudoers/check.c:249 plugins/sudoers/iolog.c:172 #: plugins/sudoers/sudoers.c:992 plugins/sudoers/sudoreplay.c:348 #: plugins/sudoers/sudoreplay.c:357 plugins/sudoers/sudoreplay.c:703 #: plugins/sudoers/sudoreplay.c:797 plugins/sudoers/visudo.c:790 #, c-format msgid "unable to open %s" msgstr "" #: plugins/sudoers/check.c:253 plugins/sudoers/iolog.c:202 #, c-format msgid "unable to write to %s" msgstr "" #: plugins/sudoers/check.c:261 plugins/sudoers/check.c:506 #: plugins/sudoers/check.c:556 plugins/sudoers/iolog.c:123 #: plugins/sudoers/iolog.c:156 #, c-format msgid "unable to mkdir %s" msgstr "" #: plugins/sudoers/check.c:396 #, c-format msgid "internal error, expand_prompt() overflow" msgstr "" #: plugins/sudoers/check.c:456 #, c-format msgid "timestamp path too long: %s" msgstr "" #: plugins/sudoers/check.c:485 plugins/sudoers/check.c:529 #: plugins/sudoers/iolog.c:158 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "" #: plugins/sudoers/check.c:488 plugins/sudoers/check.c:532 #: plugins/sudoers/check.c:577 #, c-format msgid "%s owned by uid %u, should be uid %u" msgstr "" #: plugins/sudoers/check.c:493 plugins/sudoers/check.c:537 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0700" msgstr "" #: plugins/sudoers/check.c:501 plugins/sudoers/check.c:545 #: plugins/sudoers/check.c:613 plugins/sudoers/sudoers.c:978 #: plugins/sudoers/visudo.c:320 plugins/sudoers/visudo.c:582 #, c-format msgid "unable to stat %s" msgstr "" #: plugins/sudoers/check.c:571 #, c-format msgid "%s exists but is not a regular file (0%o)" msgstr "" #: plugins/sudoers/check.c:583 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0600" msgstr "" #: plugins/sudoers/check.c:637 #, c-format msgid "timestamp too far in the future: %20.20s" msgstr "" #: plugins/sudoers/check.c:684 #, c-format msgid "unable to remove %s (%s), will reset to the epoch" msgstr "" #: plugins/sudoers/check.c:692 #, c-format msgid "unable to reset %s to the epoch" msgstr "" #: plugins/sudoers/check.c:752 plugins/sudoers/check.c:758 #: plugins/sudoers/sudoers.c:829 plugins/sudoers/sudoers.c:833 #, c-format msgid "unknown uid: %u" msgstr "" #: plugins/sudoers/check.c:755 plugins/sudoers/sudoers.c:770 #: plugins/sudoers/sudoers.c:1108 plugins/sudoers/testsudoers.c:218 #: plugins/sudoers/testsudoers.c:362 #, c-format msgid "unknown user: %s" msgstr "" #: plugins/sudoers/def_data.c:27 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" msgstr "" #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" msgstr "" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" msgstr "" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" msgstr "" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" msgstr "" #: plugins/sudoers/def_data.c:59 msgid "Send mail if the user is not in sudoers for this host" msgstr "" #: plugins/sudoers/def_data.c:63 msgid "Send mail if the user is not allowed to run a command" msgstr "" #: plugins/sudoers/def_data.c:67 msgid "Use a separate timestamp for each user/tty combo" msgstr "" #: plugins/sudoers/def_data.c:71 msgid "Lecture user the first time they run sudo" msgstr "" #: plugins/sudoers/def_data.c:75 #, c-format msgid "File containing the sudo lecture: %s" msgstr "" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" msgstr "" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" msgstr "" #: plugins/sudoers/def_data.c:87 msgid "Log the hostname in the (non-syslog) log file" msgstr "" #: plugins/sudoers/def_data.c:91 msgid "Log the year in the (non-syslog) log file" msgstr "" #: plugins/sudoers/def_data.c:95 msgid "If sudo is invoked with no arguments, start a shell" msgstr "" #: plugins/sudoers/def_data.c:99 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "" #: plugins/sudoers/def_data.c:103 msgid "Always set $HOME to the target user's home directory" msgstr "" #: plugins/sudoers/def_data.c:107 msgid "Allow some information gathering to give useful error messages" msgstr "" #: plugins/sudoers/def_data.c:111 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "" #: plugins/sudoers/def_data.c:115 msgid "Insult the user when they enter an incorrect password" msgstr "" #: plugins/sudoers/def_data.c:119 msgid "Only allow the user to run sudo if they have a tty" msgstr "" #: plugins/sudoers/def_data.c:123 msgid "Visudo will honor the EDITOR environment variable" msgstr "" #: plugins/sudoers/def_data.c:127 msgid "Prompt for root's password, not the users's" msgstr "" #: plugins/sudoers/def_data.c:131 msgid "Prompt for the runas_default user's password, not the users's" msgstr "" #: plugins/sudoers/def_data.c:135 msgid "Prompt for the target user's password, not the users's" msgstr "" #: plugins/sudoers/def_data.c:139 msgid "Apply defaults in the target user's login class if there is one" msgstr "" #: plugins/sudoers/def_data.c:143 msgid "Set the LOGNAME and USER environment variables" msgstr "" #: plugins/sudoers/def_data.c:147 msgid "Only set the effective uid to the target user, not the real uid" msgstr "" #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" msgstr "" #: plugins/sudoers/def_data.c:155 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %d" msgstr "" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "" #: plugins/sudoers/def_data.c:163 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "" #: plugins/sudoers/def_data.c:167 #, c-format msgid "Number of tries to enter a password: %d" msgstr "" #: plugins/sudoers/def_data.c:171 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "" #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" msgstr "" #: plugins/sudoers/def_data.c:179 #, c-format msgid "Path to mail program: %s" msgstr "" #: plugins/sudoers/def_data.c:183 #, c-format msgid "Flags for mail program: %s" msgstr "" #: plugins/sudoers/def_data.c:187 #, c-format msgid "Address to send mail to: %s" msgstr "" #: plugins/sudoers/def_data.c:191 #, c-format msgid "Address to send mail from: %s" msgstr "" #: plugins/sudoers/def_data.c:195 #, c-format msgid "Subject line for mail messages: %s" msgstr "" #: plugins/sudoers/def_data.c:199 #, c-format msgid "Incorrect password message: %s" msgstr "" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "" #: plugins/sudoers/def_data.c:211 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "" #: plugins/sudoers/def_data.c:215 #, c-format msgid "Default password prompt: %s" msgstr "" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." msgstr "" #: plugins/sudoers/def_data.c:223 #, c-format msgid "Default user to run commands as: %s" msgstr "" #: plugins/sudoers/def_data.c:227 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "" #: plugins/sudoers/def_data.c:231 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "" #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in \"_PATH_SUDO_NOEXEC" msgstr "" #: plugins/sudoers/def_data.c:247 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "" #: plugins/sudoers/def_data.c:251 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "" #: plugins/sudoers/def_data.c:255 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "" #: plugins/sudoers/def_data.c:259 msgid "Allow users to set arbitrary environment variables" msgstr "" #: plugins/sudoers/def_data.c:263 msgid "Reset the environment to a default set of variables" msgstr "" #: plugins/sudoers/def_data.c:267 msgid "Environment variables to check for sanity:" msgstr "" #: plugins/sudoers/def_data.c:271 msgid "Environment variables to remove:" msgstr "" #: plugins/sudoers/def_data.c:275 msgid "Environment variables to preserve:" msgstr "" #: plugins/sudoers/def_data.c:279 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "" #: plugins/sudoers/def_data.c:283 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "" #: plugins/sudoers/def_data.c:287 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "" #: plugins/sudoers/def_data.c:291 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "" #: plugins/sudoers/def_data.c:295 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "" #: plugins/sudoers/def_data.c:299 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "" #: plugins/sudoers/def_data.c:303 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "" #: plugins/sudoers/def_data.c:307 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "" #: plugins/sudoers/def_data.c:311 msgid "Log user's input for the command being run" msgstr "" #: plugins/sudoers/def_data.c:315 msgid "Log the output of the command being run" msgstr "" #: plugins/sudoers/def_data.c:319 msgid "Compress I/O logs using zlib" msgstr "" #: plugins/sudoers/def_data.c:323 msgid "Always run commands in a pseudo-tty" msgstr "" #: plugins/sudoers/def_data.c:327 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "" #: plugins/sudoers/def_data.c:331 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "" #: plugins/sudoers/def_data.c:335 #, c-format msgid "File in which to store the input/output log: %s" msgstr "" #: plugins/sudoers/def_data.c:339 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "" #: plugins/sudoers/def_data.c:343 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "" #: plugins/sudoers/defaults.c:208 #, c-format msgid "unknown defaults entry `%s'" msgstr "" #: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226 #: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259 #: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285 #: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318 #: plugins/sudoers/defaults.c:328 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "" #: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229 #: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254 #: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280 #: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313 #: plugins/sudoers/defaults.c:324 #, c-format msgid "no value specified for `%s'" msgstr "" #: plugins/sudoers/defaults.c:242 #, c-format msgid "values for `%s' must start with a '/'" msgstr "" #: plugins/sudoers/defaults.c:304 #, c-format msgid "option `%s' does not take a value" msgstr "" #: plugins/sudoers/env.c:258 #, c-format msgid "internal error, sudo_setenv() overflow" msgstr "" #: plugins/sudoers/env.c:291 #, c-format msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "" #: plugins/sudoers/env.c:710 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "" #: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108 #: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125 #: plugins/sudoers/sudoers.c:923 toke.l:668 toke.l:823 #, c-format msgid "%s: %s" msgstr "%s: %s" #: gram.y:110 #, c-format msgid ">>> %s: %s near line %d <<<" msgstr "" #: plugins/sudoers/group_plugin.c:91 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: plugins/sudoers/group_plugin.c:103 #, c-format msgid "%s must be owned by uid %d" msgstr "%s turi priklausyti uid %d" #: plugins/sudoers/group_plugin.c:107 #, c-format msgid "%s must only be writable by owner" msgstr "%s turi bÅ«ti įraÅ¡omas tik savininkui" #: plugins/sudoers/group_plugin.c:114 #, c-format msgid "unable to dlopen %s: %s" msgstr "" #: plugins/sudoers/group_plugin.c:119 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "" #: plugins/sudoers/group_plugin.c:124 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "" #: plugins/sudoers/interfaces.c:112 msgid "Local IP address and netmask pairs:\n" msgstr "" #: plugins/sudoers/iolog.c:179 plugins/sudoers/sudoers.c:999 #, c-format msgid "unable to read %s" msgstr "" #: plugins/sudoers/iolog.c:182 #, c-format msgid "invalid sequence number %s" msgstr "" #: plugins/sudoers/iolog.c:231 plugins/sudoers/iolog.c:234 #: plugins/sudoers/iolog.c:499 plugins/sudoers/iolog.c:504 #: plugins/sudoers/iolog.c:510 plugins/sudoers/iolog.c:518 #: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:534 #: plugins/sudoers/iolog.c:542 #, c-format msgid "unable to create %s" msgstr "" #: plugins/sudoers/iolog_path.c:256 plugins/sudoers/sudoers.c:362 #, c-format msgid "unable to set locale to \"%s\", using \"C\"" msgstr "" #: plugins/sudoers/ldap.c:374 #, c-format msgid "sudo_ldap_conf_add_ports: port too large" msgstr "" #: plugins/sudoers/ldap.c:397 #, c-format msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "" #: plugins/sudoers/ldap.c:427 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "" #: plugins/sudoers/ldap.c:456 #, c-format msgid "invalid uri: %s" msgstr "" #: plugins/sudoers/ldap.c:462 #, c-format msgid "unable to mix ldap and ldaps URIs" msgstr "" #: plugins/sudoers/ldap.c:466 #, c-format msgid "unable to mix ldaps and starttls" msgstr "" #: plugins/sudoers/ldap.c:485 #, c-format msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "" #: plugins/sudoers/ldap.c:550 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "" #: plugins/sudoers/ldap.c:958 #, c-format msgid "unable to get GMT time" msgstr "" #: plugins/sudoers/ldap.c:964 #, c-format msgid "unable to format timestamp" msgstr "" #: plugins/sudoers/ldap.c:972 #, c-format msgid "unable to build time filter" msgstr "" #: plugins/sudoers/ldap.c:1185 #, c-format msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "" #: plugins/sudoers/ldap.c:1705 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" #: plugins/sudoers/ldap.c:1707 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" #: plugins/sudoers/ldap.c:1754 #, c-format msgid " Order: %s\n" msgstr "" #: plugins/sudoers/ldap.c:1762 #, c-format msgid " Commands:\n" msgstr "" #: plugins/sudoers/ldap.c:2161 #, c-format msgid "unable to initialize LDAP: %s" msgstr "" #: plugins/sudoers/ldap.c:2192 #, c-format msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "" #: plugins/sudoers/ldap.c:2428 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "" #: plugins/sudoers/linux_audit.c:57 #, c-format msgid "unable to open audit system" msgstr "" #: plugins/sudoers/linux_audit.c:82 #, c-format msgid "internal error, linux_audit_command() overflow" msgstr "" #: plugins/sudoers/linux_audit.c:91 #, c-format msgid "unable to send audit message" msgstr "" #: plugins/sudoers/logging.c:198 #, c-format msgid "unable to open log file: %s: %s" msgstr "" #: plugins/sudoers/logging.c:201 #, c-format msgid "unable to lock log file: %s: %s" msgstr "" #: plugins/sudoers/logging.c:256 msgid "user NOT in sudoers" msgstr "" #: plugins/sudoers/logging.c:258 msgid "user NOT authorized on host" msgstr "" #: plugins/sudoers/logging.c:260 msgid "command not allowed" msgstr "" #: plugins/sudoers/logging.c:270 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s nÄ—ra „sudoers“ faile. Apie šį įvykį bus praneÅ¡ta.\n" #: plugins/sudoers/logging.c:273 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s neleidžiama vykdyti „sudo“ kompiuteryje %s. Apie šį įvykį bus praneÅ¡ta.\n" #: plugins/sudoers/logging.c:277 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Deja, naudotojas %s negali vykdyti „sudo“ kompiuteryje %s.\n" #: plugins/sudoers/logging.c:280 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Deja, naudotojui %s neleidžiama vykdyti „%s%s%s“ kaip %s%s%s kompiuteryje %s.\n" #: plugins/sudoers/logging.c:420 #, c-format msgid "unable to fork" msgstr "" #: plugins/sudoers/logging.c:427 plugins/sudoers/logging.c:489 #, c-format msgid "unable to fork: %m" msgstr "" #: plugins/sudoers/logging.c:479 #, c-format msgid "unable to open pipe: %m" msgstr "" #: plugins/sudoers/logging.c:504 #, c-format msgid "unable to dup stdin: %m" msgstr "" #: plugins/sudoers/logging.c:540 #, c-format msgid "unable to execute %s: %m" msgstr "" #: plugins/sudoers/logging.c:755 #, c-format msgid "internal error: insufficient space for log line" msgstr "" #: plugins/sudoers/parse.c:123 #, c-format msgid "parse error in %s near line %d" msgstr "" #: plugins/sudoers/parse.c:126 #, c-format msgid "parse error in %s" msgstr "" #: plugins/sudoers/parse.c:389 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" #: plugins/sudoers/parse.c:391 #, c-format msgid " RunAsUsers: " msgstr "" #: plugins/sudoers/parse.c:406 #, c-format msgid " RunAsGroups: " msgstr "" #: plugins/sudoers/parse.c:415 #, c-format msgid "" " Commands:\n" "\t" msgstr "" #: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105 msgid ": " msgstr ": " #: plugins/sudoers/pwutil.c:260 #, c-format msgid "unable to cache uid %u (%s), already exists" msgstr "" #: plugins/sudoers/pwutil.c:268 #, c-format msgid "unable to cache uid %u, already exists" msgstr "" #: plugins/sudoers/pwutil.c:305 plugins/sudoers/pwutil.c:314 #, c-format msgid "unable to cache user %s, already exists" msgstr "" #: plugins/sudoers/pwutil.c:655 #, c-format msgid "unable to cache gid %u (%s), already exists" msgstr "" #: plugins/sudoers/pwutil.c:663 #, c-format msgid "unable to cache gid %u, already exists" msgstr "" #: plugins/sudoers/pwutil.c:693 plugins/sudoers/pwutil.c:702 #, c-format msgid "unable to cache group %s, already exists" msgstr "" #: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:365 #: plugins/sudoers/set_perms.c:601 plugins/sudoers/set_perms.c:837 msgid "perm stack overflow" msgstr "" #: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:373 #: plugins/sudoers/set_perms.c:609 plugins/sudoers/set_perms.c:845 msgid "perm stack underflow" msgstr "" #: plugins/sudoers/set_perms.c:228 plugins/sudoers/set_perms.c:466 #: plugins/sudoers/set_perms.c:706 msgid "unable to change to runas gid" msgstr "" #: plugins/sudoers/set_perms.c:236 plugins/sudoers/set_perms.c:473 #: plugins/sudoers/set_perms.c:713 msgid "unable to change to runas uid" msgstr "" #: plugins/sudoers/set_perms.c:250 plugins/sudoers/set_perms.c:486 #: plugins/sudoers/set_perms.c:726 #, c-format msgid "unable to change to sudoers gid" msgstr "" #: plugins/sudoers/set_perms.c:291 plugins/sudoers/set_perms.c:524 #: plugins/sudoers/set_perms.c:764 plugins/sudoers/set_perms.c:906 msgid "too many processes" msgstr "" #: plugins/sudoers/set_perms.c:970 msgid "unable to set runas group vector" msgstr "" #: plugins/sudoers/sudo_nss.c:243 #, c-format msgid "Matching Defaults entries for %s on this host:\n" msgstr "" #: plugins/sudoers/sudo_nss.c:256 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "" #: plugins/sudoers/sudo_nss.c:269 #, c-format msgid "User %s may run the following commands on this host:\n" msgstr "" #: plugins/sudoers/sudo_nss.c:279 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Naudotojui %s neleidžiama vykdyti „sudo“ kompiuteryje %s.\n" #: plugins/sudoers/sudoers.c:201 plugins/sudoers/sudoers.c:232 #: plugins/sudoers/sudoers.c:931 msgid "problem with defaults entries" msgstr "" #: plugins/sudoers/sudoers.c:205 #, c-format msgid "no valid sudoers sources found, quitting" msgstr "" #: plugins/sudoers/sudoers.c:257 #, c-format msgid "unable to execute %s: %s" msgstr "" #: plugins/sudoers/sudoers.c:311 #, c-format msgid "sudoers specifies that root is not allowed to sudo" msgstr "" #: plugins/sudoers/sudoers.c:318 #, c-format msgid "you are not permitted to use the -C option" msgstr "" #: plugins/sudoers/sudoers.c:408 #, c-format msgid "timestamp owner (%s): No such user" msgstr "" #: plugins/sudoers/sudoers.c:424 msgid "no tty" msgstr "" #: plugins/sudoers/sudoers.c:425 #, c-format msgid "sorry, you must have a tty to run sudo" msgstr "" #: plugins/sudoers/sudoers.c:464 msgid "No user or host" msgstr "" #: plugins/sudoers/sudoers.c:478 plugins/sudoers/sudoers.c:499 #: plugins/sudoers/sudoers.c:500 plugins/sudoers/sudoers.c:1509 #: plugins/sudoers/sudoers.c:1510 #, c-format msgid "%s: command not found" msgstr "" #: plugins/sudoers/sudoers.c:480 plugins/sudoers/sudoers.c:496 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" #: plugins/sudoers/sudoers.c:485 msgid "validation failure" msgstr "" #: plugins/sudoers/sudoers.c:495 msgid "command in current directory" msgstr "" #: plugins/sudoers/sudoers.c:507 #, c-format msgid "sorry, you are not allowed to preserve the environment" msgstr "" #: plugins/sudoers/sudoers.c:657 plugins/sudoers/sudoers.c:664 #, c-format msgid "internal error, runas_groups overflow" msgstr "" #: plugins/sudoers/sudoers.c:914 #, c-format msgid "internal error, set_cmnd() overflow" msgstr "" #: plugins/sudoers/sudoers.c:957 #, c-format msgid "fixed mode on %s" msgstr "" #: plugins/sudoers/sudoers.c:961 #, c-format msgid "set group on %s" msgstr "" #: plugins/sudoers/sudoers.c:964 #, c-format msgid "unable to set group on %s" msgstr "" #: plugins/sudoers/sudoers.c:967 #, c-format msgid "unable to fix mode on %s" msgstr "" #: plugins/sudoers/sudoers.c:980 #, c-format msgid "%s is not a regular file" msgstr "" #: plugins/sudoers/sudoers.c:982 #, c-format msgid "%s is mode 0%o, should be 0%o" msgstr "" #: plugins/sudoers/sudoers.c:986 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s priklauso uid %u, nors turÄ—tų %u" #: plugins/sudoers/sudoers.c:989 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s priklauso gid %u, nors turÄ—tų %u" #: plugins/sudoers/sudoers.c:1038 #, c-format msgid "only root can use `-c %s'" msgstr "„-c %s“ gali naudoti tik „root“ naudotojas" #: plugins/sudoers/sudoers.c:1049 #, c-format msgid "unknown login class: %s" msgstr "" #: plugins/sudoers/sudoers.c:1077 #, c-format msgid "unable to resolve host %s" msgstr "" #: plugins/sudoers/sudoers.c:1129 plugins/sudoers/testsudoers.c:380 #, c-format msgid "unknown group: %s" msgstr "" #: plugins/sudoers/sudoers.c:1178 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "" #: plugins/sudoers/sudoers.c:1180 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "" #: plugins/sudoers/sudoers.c:1184 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" #: plugins/sudoers/sudoers.c:1187 #, c-format msgid "nsswitch path: %s\n" msgstr "" #: plugins/sudoers/sudoers.c:1189 #, c-format msgid "ldap.conf path: %s\n" msgstr "" #: plugins/sudoers/sudoers.c:1190 #, c-format msgid "ldap.secret path: %s\n" msgstr "" #: plugins/sudoers/sudoreplay.c:286 #, c-format msgid "invalid filter option: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:299 #, c-format msgid "invalid max wait: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:305 #, c-format msgid "invalid speed factor: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:308 plugins/sudoers/visudo.c:187 #, c-format msgid "%s version %s\n" msgstr "" #: plugins/sudoers/sudoreplay.c:333 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:339 #, c-format msgid "%s/%s/timing: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:364 #, c-format msgid "invalid log file %s" msgstr "" #: plugins/sudoers/sudoreplay.c:366 #, c-format msgid "Replaying sudo session: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:392 #, c-format msgid "unable to set tty to raw mode" msgstr "" #: plugins/sudoers/sudoreplay.c:406 #, c-format msgid "invalid timing file line: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:448 #, c-format msgid "writing to standard output" msgstr "" #: plugins/sudoers/sudoreplay.c:480 #, c-format msgid "nanosleep: tv_sec %ld, tv_nsec %ld" msgstr "" #: plugins/sudoers/sudoreplay.c:529 plugins/sudoers/sudoreplay.c:554 #, c-format msgid "ambiguous expression \"%s\"" msgstr "" #: plugins/sudoers/sudoreplay.c:571 #, c-format msgid "too many parenthesized expressions, max %d" msgstr "" #: plugins/sudoers/sudoreplay.c:582 #, c-format msgid "unmatched ')' in expression" msgstr "" #: plugins/sudoers/sudoreplay.c:588 #, c-format msgid "unknown search term \"%s\"" msgstr "" #: plugins/sudoers/sudoreplay.c:602 #, c-format msgid "%s requires an argument" msgstr "" #: plugins/sudoers/sudoreplay.c:606 #, c-format msgid "invalid regular expression: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:612 #, c-format msgid "could not parse date \"%s\"" msgstr "" #: plugins/sudoers/sudoreplay.c:625 #, c-format msgid "unmatched '(' in expression" msgstr "" #: plugins/sudoers/sudoreplay.c:627 #, c-format msgid "illegal trailing \"or\"" msgstr "" #: plugins/sudoers/sudoreplay.c:629 #, c-format msgid "illegal trailing \"!\"" msgstr "" #: plugins/sudoers/sudoreplay.c:851 #, c-format msgid "invalid regex: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:976 #, c-format msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" msgstr "" #: plugins/sudoers/sudoreplay.c:979 #, c-format msgid "usage: %s [-h] [-d directory] -l [search expression]\n" msgstr "" #: plugins/sudoers/sudoreplay.c:988 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" #: plugins/sudoers/sudoreplay.c:990 msgid "" "\n" "Options:\n" " -d directory specify directory for session logs\n" " -f filter specify which I/O type to display\n" " -h display help message and exit\n" " -l [expression] list available session IDs that match expression\n" " -m max_wait max number of seconds to wait between events\n" " -s speed_factor speed up or slow down output\n" " -V display version information and exit" msgstr "" #: plugins/sudoers/testsudoers.c:246 #, c-format msgid "internal error, init_vars() overflow" msgstr "" #: plugins/sudoers/testsudoers.c:331 msgid "\thost unmatched" msgstr "" #: plugins/sudoers/testsudoers.c:334 msgid "" "\n" "Command allowed" msgstr "" #: plugins/sudoers/testsudoers.c:335 msgid "" "\n" "Command denied" msgstr "" #: plugins/sudoers/testsudoers.c:335 msgid "" "\n" "Command unmatched" msgstr "" #: toke.l:672 toke.l:802 toke.l:827 toke.l:923 plugins/sudoers/toke_util.c:113 #: plugins/sudoers/toke_util.c:167 plugins/sudoers/toke_util.c:207 msgid "unable to allocate memory" msgstr "" #: toke.l:795 msgid "too many levels of includes" msgstr "" #: plugins/sudoers/toke_util.c:218 msgid "fill_args: buffer overflow" msgstr "" #: plugins/sudoers/visudo.c:188 #, c-format msgid "%s grammar version %d\n" msgstr "" #: plugins/sudoers/visudo.c:221 plugins/sudoers/auth/rfc1938.c:104 #, c-format msgid "you do not exist in the %s database" msgstr "" #: plugins/sudoers/visudo.c:253 plugins/sudoers/visudo.c:539 #, c-format msgid "press return to edit %s: " msgstr "" #: plugins/sudoers/visudo.c:336 plugins/sudoers/visudo.c:342 #, c-format msgid "write error" msgstr "" #: plugins/sudoers/visudo.c:424 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:429 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:435 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:458 #, c-format msgid "%s unchanged" msgstr "" #: plugins/sudoers/visudo.c:484 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "" #: plugins/sudoers/visudo.c:494 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "" #: plugins/sudoers/visudo.c:532 #, c-format msgid "internal error, unable to find %s in list!" msgstr "" #: plugins/sudoers/visudo.c:584 plugins/sudoers/visudo.c:593 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "" #: plugins/sudoers/visudo.c:588 plugins/sudoers/visudo.c:598 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "" #: plugins/sudoers/visudo.c:615 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "" #: plugins/sudoers/visudo.c:629 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:639 #, c-format msgid "error renaming %s, %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:702 msgid "What now? " msgstr "" #: plugins/sudoers/visudo.c:716 msgid "" "Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" #: plugins/sudoers/visudo.c:757 #, c-format msgid "unable to execute %s" msgstr "" #: plugins/sudoers/visudo.c:764 #, c-format msgid "unable to run %s" msgstr "" #: plugins/sudoers/visudo.c:796 #, c-format msgid "failed to parse %s file, unknown error" msgstr "" #: plugins/sudoers/visudo.c:808 #, c-format msgid "parse error in %s near line %d\n" msgstr "" #: plugins/sudoers/visudo.c:811 #, c-format msgid "parse error in %s\n" msgstr "" #: plugins/sudoers/visudo.c:814 plugins/sudoers/visudo.c:816 #, c-format msgid "%s: parsed OK\n" msgstr "" #: plugins/sudoers/visudo.c:826 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "" #: plugins/sudoers/visudo.c:833 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "" #: plugins/sudoers/visudo.c:880 #, c-format msgid "%s busy, try again later" msgstr "" #: plugins/sudoers/visudo.c:924 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "" #: plugins/sudoers/visudo.c:947 #, c-format msgid "unable to stat editor (%s)" msgstr "" #: plugins/sudoers/visudo.c:995 #, c-format msgid "no editor found (editor path = %s)" msgstr "" #: plugins/sudoers/visudo.c:1089 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "" #: plugins/sudoers/visudo.c:1090 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "" #: plugins/sudoers/visudo.c:1093 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "" #: plugins/sudoers/visudo.c:1094 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "" #: plugins/sudoers/visudo.c:1229 #, c-format msgid "%s: unused %s_Alias %s" msgstr "" #: plugins/sudoers/visudo.c:1286 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" #: plugins/sudoers/visudo.c:1288 msgid "" "\n" "Options:\n" " -c check-only mode\n" " -f sudoers specify sudoers file location\n" " -h display help message and exit\n" " -q less verbose (quiet) syntax error messages\n" " -s strict syntax checking\n" " -V display version information and exit" msgstr "" #: plugins/sudoers/auth/bsdauth.c:78 #, c-format msgid "unable to get login class for user %s" msgstr "" #: plugins/sudoers/auth/bsdauth.c:84 msgid "unable to begin bsd authentication" msgstr "" #: plugins/sudoers/auth/bsdauth.c:92 msgid "invalid authentication type" msgstr "" #: plugins/sudoers/auth/bsdauth.c:101 msgid "unable to setup authentication" msgstr "" #: plugins/sudoers/auth/fwtk.c:60 #, c-format msgid "unable to read fwtk config" msgstr "" #: plugins/sudoers/auth/fwtk.c:65 #, c-format msgid "unable to connect to authentication server" msgstr "" #: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95 #: plugins/sudoers/auth/fwtk.c:128 #, c-format msgid "lost connection to authentication server" msgstr "" #: plugins/sudoers/auth/fwtk.c:75 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" #: plugins/sudoers/auth/kerb5.c:117 #, c-format msgid "%s: unable to unparse princ ('%s'): %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:160 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:170 #, c-format msgid "%s: unable to resolve ccache: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:218 #, c-format msgid "%s: unable to allocate options: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:234 #, c-format msgid "%s: unable to get credentials: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:247 #, c-format msgid "%s: unable to initialize ccache: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:251 #, c-format msgid "%s: unable to store cred in ccache: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:316 #, c-format msgid "%s: unable to get host principal: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:331 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "" #: plugins/sudoers/auth/pam.c:100 msgid "unable to initialize PAM" msgstr "" #: plugins/sudoers/auth/pam.c:144 msgid "account validation failure, is your account locked?" msgstr "" #: plugins/sudoers/auth/pam.c:148 msgid "Account or password is expired, reset your password and try again" msgstr "" #: plugins/sudoers/auth/pam.c:155 #, c-format msgid "pam_chauthtok: %s" msgstr "" #: plugins/sudoers/auth/pam.c:159 msgid "Password expired, contact your system administrator" msgstr "" #: plugins/sudoers/auth/pam.c:163 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "" #: plugins/sudoers/auth/pam.c:178 #, c-format msgid "pam_authenticate: %s" msgstr "" #: plugins/sudoers/auth/pam.c:306 msgid "Password: " msgstr "Slaptažodis: " #: plugins/sudoers/auth/pam.c:307 msgid "Password:" msgstr "Slaptažodis:" #: plugins/sudoers/auth/securid5.c:81 #, c-format msgid "failed to initialise the ACE API library" msgstr "" #: plugins/sudoers/auth/securid5.c:107 #, c-format msgid "unable to contact the SecurID server" msgstr "" #: plugins/sudoers/auth/securid5.c:116 #, c-format msgid "User ID locked for SecurID Authentication" msgstr "" #: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171 #, c-format msgid "invalid username length for SecurID" msgstr "" #: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176 #, c-format msgid "invalid Authentication Handle for SecurID" msgstr "" #: plugins/sudoers/auth/securid5.c:128 #, c-format msgid "SecurID communication failed" msgstr "" #: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215 #, c-format msgid "unknown SecurID error" msgstr "" #: plugins/sudoers/auth/securid5.c:166 #, c-format msgid "invalid passcode length for SecurID" msgstr "" #: plugins/sudoers/auth/sia.c:109 msgid "unable to initialize SIA session" msgstr "" #: plugins/sudoers/auth/sudo_auth.c:117 msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication." msgstr "" #: plugins/sudoers/auth/sudo_auth.c:199 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "" #: plugins/sudoers/auth/sudo_auth.c:271 #, c-format msgid "%d incorrect password attempt" msgid_plural "%d incorrect password attempts" msgstr[0] "" msgstr[1] "" #: plugins/sudoers/auth/sudo_auth.c:374 msgid "Authentication methods:" msgstr "" sudo-1.8.9p5/plugins/sudoers/po/nl.mo010064400175440000012000001073731226304146200171100ustar00millertstaffÞ•M„ Áìðñ#6F.[´Š?Pýca p ~  Ÿ ° ¹ <Ö !#3!9W!‘!&ª!)Ñ!û!"F+"@r"#³"#×"û"#!+#$M#r# Š#—#3¦#3Ú#$+$<$+C$(o$˜$;®$ê$ù$"%!+%$M%-r% %*½%+è%&.+&#Z&d~&Aã&9%'_'}'™'>´'?ó'23(#f(!Š(4¬(?á(!).9)h)#…)2©)Ü)#ø)1*<N**‹*"¶* Ù*/ú**+$H+@m+/®+Þ+8ù+<2,Fo,3¶,ê,þ,5-qS-)Å-:ï-$*.'O.=w.-µ.'ã.) /*5/(`/‰/©/'¹/2á/?0T0-â01-1(E13n1%¢1 È1(Ò1û12()2.R2%2E§2+í2=36W3GŽ3Ö3õ354(G43p4¤4'¶4,Þ43 53?5s555'Æ55î5&$6:K6†6ž6.º6=é6'7C97'}7"¥7 È7!é77 8?C8Aƒ8VÅ8“9'°90Ø9L :*V:.:)°:FÚ:'!;1I;1{;­;@Í; <7<9Q<‹<3¢<Ö<ð<=('=P=m==$›= À=á=(>&*>Q>Ol>¼>Ñ>ç>*?/.?)^?ˆ?§?Ã?Ý?#ò?@5@N@n@‹@#›@ ¿@Í@á@(÷@ A":A]A(dAA©A¼A!ÖAøA BBC#eC\‰C)æC8D(ID2rD,¥D2ÒD"E(E(DEmE*‰E´E"ÇEêE&F(-F1VF&ˆF'¯F%×F"ýF G=G[GyG™G*·G$âGHH3HKH`H yH*šHÅHÔHçHI%I?I]I vI,—ICÄIJ!(J JJkJ~JJ¬JÌJäJ4K7KIK,dK‘K±KËKÜK*ùK $LELcL‚L”L0¯LàL3öL*M@M\MnM†MŸM¯MÀMÜMøM!N/8N-hN–N²NÆN%ÙNÿN%O 8ODO*_O#ŠO&®O-ÕO˜PœQ¸QÍQçQRR_(RˆS U°UÂUÝV ïVüVW!W2W;W?ZWšW,ºWEçW-X%MX-sX¡X¹XWÕXJ-Y0xY4©Y&ÞY-Z+3ZB_Z¢Z¾Z ÍZSÛZT/[„[¡[²[=¹[.÷[&\?A\\ ˜\"¥\/È\,ø\=%]c]8‚]4»]ð]L ^%Y^u^Sõ^]I_)§_!Ñ_ó_F`OX`A¨`1ê`.aBKaWŽaæa!üa#b*Bb;mb©b3Èb7üb04c/ec&•c)¼cBæc)d#HdOld;¼dødJeKaeS­e<f>f&Rf@yfºf9Hg=‚g6Àg3÷gC+h3oh(£h,Ìh1ùh-+i"Yi|i2—iKÊiaj—xj k1k$Lk6qk<¨k&åk ll5lMl-hl+–l2ÂlDõl5:mMpmC¾mXn[n{nK™n/ån2oHo<`o1o@Ïo@pQp?np5®pHäp6-qIdq®qÌq.êqTrnrE…r6Ërs)s Es<fs?£sDãsr(t¢›tA>uF€usÇu9;v9uv2¯vHâv-+w5YwJw&ÚwExGxDPxF•xÜx:øx3y Py\y,vy£y»yÔy8ñy#*z%Nz0tz+¥zÑz[ëzG{a{|{-–{.Ä{;ó{/|M|g||*ž|!É|ë| }"(}K}+]}‰}š}­})Â}ì}%~ +~09~j~Š~!œ~$¾~ã~õ~&.UoŠª)ÆBð93€"m€h€(ù€D"(g?0Ð2‚*4‚_‚&y‚  ‚&Á‚ è‚"ö‚ƒ07ƒ)hƒ4’ƒ4ǃ-üƒ)*„'T„'|„'¤„+Ì„+ø„#$…(H….q… …µ…Ì…æ…ü…"†,9†f†z†’†®†4ˆ‡ ‡!;‡-]‡E‹‡(ч1ú‡0,ˆ]ˆxˆ‹ˆ"«ˆΈ!çˆ7 ‰A‰ S‰=t‰(²‰"Û‰þ‰$Š@9Š"zŠ+ŠÉŠèŠ*‹F.‹u‹9‹‹Å‹Ü‹ø‹ Œ&Œ>Œ\ŒtŒ’Œ"°Œ.ÓŒ.A1$s˜²'Âê-ÿ -Ž9Ž YŽ zŽ3›Ž+ÏŽF˃?ÿaÐÄLåEK~WoMŒv¡ÖãòðœáDù6%û<ØU¥õF;˜1¶@!æÇ± 5wB.ÑY%&7¬ÎI°›$£”ä©éÒ[#‰-®ÃïL\dJ‹•¼/5 ‘/&>¸ô zâ.½  ¿+ÞŸ>q«:=MSHëˆç+îϵs3ŠÚP2E" Û4í™]":8šf?ì÷IÉ6èÂG|È!ó(1Ô’àr­9 ,†…x7)0CDß —_´‡JÜý<)'@ñÍTZ¦}4t×8øC0uO¯ü·ÝÓXÁb„ÀÆ»$lHQªž hnÕ `G¹mþ³¨#'*iB€V9¢^Nk– ê“cö 2A§²(¾¤A *ʺeyÌ3,R;ÙKŽ‚-Åpgj=ú{ host unmatched Command allowed Command denied Command unmatched LDAP Role: %s LDAP Role: UNKNOWN Options: -c, --check check-only mode -f, --file=file specify sudoers file location -h, --help display help message and exit -q, --quiet less verbose (quiet) syntax error messages -s, --strict strict syntax checking -V, --version display version information and exit Options: -d, --directory=dir specify directory for session logs -f, --filter=filter specify which I/O type(s) to display -h, --help display help message and exit -l, --list list available session IDs, with optional expression -m, --max-wait=num max number of seconds to wait between events -s, --speed=num speed up or slow down output -V, --version display version information and exit Sudoers entry: Sudoers path: %s We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Commands: Options: Order: %s RunAsGroups: RunAsUsers: %8s : %s%8s : (command continued) %s%d incorrect password attempt%d incorrect password attempts%s - replay sudo session logs %s - safely edit the sudoers file %s and %s not on the same file system, using mv to rename%s busy, try again later%s exists but is not a directory (0%o)%s exists but is not a regular file (0%o)%s grammar version %d %s is not a regular file%s is not allowed to run sudo on %s. This incident will be reported. %s is not in the sudoers file. This incident will be reported. %s is owned by gid %u, should be %u%s is owned by uid %u, should be %u%s is world writable%s must be owned by uid %d%s must only be writable by owner%s owned by uid %u, should be uid %u%s requires an argument%s unchanged%s version %s %s writable by non-owner (0%o), should be mode 0600%s writable by non-owner (0%o), should be mode 0700%s/%.2s/%.2s/%.2s/timing: %s%s/%s/timing: %s%s: %s%s: Cannot verify TGT! Possible attack!: %s%s: bad permissions, should be mode 0%o %s: command not found%s: incompatible group plugin major version %d, expected %d%s: parsed OK %s: read error%s: unable to allocate options: %s%s: unable to get credentials: %s%s: unable to get host principal: %s%s: unable to initialize credential cache: %s%s: unable to parse '%s': %s%s: unable to resolve credential cache: %s%s: unable to store credential in cache: %s%s: unused %s_Alias %s%s: wrong owner (uid, gid) should be (%u, %u) *** SECURITY information for %h ***Account expired or PAM config lacks an "account" section for sudo, contact your system administratorAccount or password is expired, reset your password and try againAdd an entry to the utmp/utmpx file when allocating a ptyAddress to send mail from: %sAddress to send mail to: %sAlias `%s' already definedAllow some information gathering to give useful error messagesAllow sudo to prompt for a password even if it would be visibleAllow users to set arbitrary environment variablesAlways run commands in a pseudo-ttyAlways send mail when sudo is runAlways set $HOME to the target user's home directoryApply defaults in the target user's login class if there is oneAuthentication methods:Authentication timestamp timeout: %.1f minutesCompress I/O logs using zlibCould not determine audit conditionCreate a new PAM session for the command to run inDefault password prompt: %sDefault user to run commands as: %sDirectory in which to store input/output logs: %sDon't initialize the group vector to that of the target userEnvironment variables to check for sanity:Environment variables to preserve:Environment variables to remove:Error: %s_Alias `%s' referenced but not definedError: cycle in %s_Alias `%s'File containing the sudo lecture: %sFile descriptors >= %d will be closed before executing a commandFile in which to store the input/output log: %sFlags for mail program: %sIf LDAP directory is up, do we ignore local sudoers fileIf set, passprompt will override system prompt in all cases.If set, users may override the value of `closefrom' with the -C optionIf sudo is invoked with no arguments, start a shellIgnore '.' in $PATHIncorrect password message: %sInsult the user when they enter an incorrect passwordInvalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication.Lecture user the first time they run sudoLength at which to wrap log file lines (0 for no wrap): %dLocal IP address and netmask pairs: Locale to use while parsing sudoers: %sLog geometry is %d x %d, your terminal's geometry is %d x %d.Log the hostname in the (non-syslog) log fileLog the output of the command being runLog the year in the (non-syslog) log fileLog user's input for the command being runMatching Defaults entries for %s on %s: Maximum I/O log sequence numberNo user or hostNumber of tries to enter a password: %dOnly allow the user to run sudo if they have a ttyOnly set the effective uid to the target user, not the real uidOptions are: (e)dit sudoers file again e(x)it without saving changes to sudoers file (Q)uit and save changes to sudoers file (DANGER!) Owner of the authentication timestamp dir: %sPAM authentication error: %sPAM service name to usePAM service name to use for login shellsPassword expired, contact your system administratorPassword prompt timeout: %.1f minutesPassword:Path to authentication timestamp dir: %sPath to log file: %sPath to mail program: %sPath to the editor for use by visudo: %sPath to the sudo-specific environment file: %sPlugin for non-Unix group support: %sPreload the dummy exec functions contained in the sudo_noexec libraryPrompt for root's password, not the users'sPrompt for the runas_default user's password, not the users'sPrompt for the target user's password, not the users'sProvide visual feedback at the password prompt when there is user inputPut OTP prompt on its own lineReplaying sudo session: %s Require fully-qualified hostnames in the sudoers fileRequire users to authenticate by defaultReset the environment to a default set of variablesRoot may run sudoRun commands on a pty in the backgroundRunas and Command-specific defaults for %s: SELinux role to use in the new security context: %sSELinux type to use in the new security context: %sSecurID communication failedSend mail if the user is not allowed to run a commandSend mail if the user is not in sudoersSend mail if the user is not in sudoers for this hostSend mail if user authentication failsSet $HOME to the target user when starting a shell with -sSet of limit privilegesSet of permitted privilegesSet the LOGNAME and USER environment variablesSet the user in utmp to the runas user, not the invoking userSorry, try again.Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s. Sorry, user %s may not run sudo on %s. Subject line for mail messages: %sSudoers file grammar version %d Sudoers policy plugin version %s Syslog facility if syslog is being used for logging: %sSyslog priority to use when user authenticates successfully: %sSyslog priority to use when user authenticates unsuccessfully: %sThe umask specified in sudoers will override the user's, even if it is more permissiveThere are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option.Umask to use or 0777 to use user's: 0%oUse a separate timestamp for each user/tty comboUse faster globbing that is less accurate but does not access the filesystemUser %s is not allowed to run sudo on %s. User %s may run the following commands on %s: User ID locked for SecurID AuthenticationUsers in this group are exempt from password and PATH requirements: %sValue to override user's $PATH with: %sVisudo will honor the EDITOR environment variableWarning: %s_Alias `%s' referenced but not definedWarning: cycle in %s_Alias `%s'Warning: your terminal is too small to properly replay the log. What now? When to require a password for 'list' pseudocommand: %sWhen to require a password for 'verify' pseudocommand: %sa password is requiredaccount validation failure, is your account locked?ambiguous expression "%s"authentication failureauthentication server error: %scommand failed: '%s %s %s', %s unchangedcommand in current directorycommand not allowedcould not parse date "%s"digest for %s (%s) is not in %s formeditor (%s) failed, %s unchangederror renaming %s, %s unchangedfailed to initialise the ACE API libraryfailed to parse %s file, unknown errorfill_args: buffer overflowignoring `%s' found in '.' Use `sudo ./%s' if this is the `%s' you wish to run.illegal trailing "!"illegal trailing "or"internal error, %s overflowinternal error, unable to find %s in list!internal error: insufficient space for log lineinvalid Authentication Handle for SecurIDinvalid authentication methodsinvalid authentication typeinvalid filter option: %sinvalid max wait: %sinvalid passcode length for SecurIDinvalid regular expression: %sinvalid speed factor: %sinvalid sudoOrder attribute: %sinvalid timing file line: %sinvalid uri: %sinvalid username length for SecurIDinvalid valueldap.conf path: %s ldap.secret path: %s lost connection to authentication serverno authentication methodsno editor found (editor path = %s)no ttyno valid sudoers sources found, quittingno value specified for `%s'nsswitch path: %s only root can use `-c %s'option `%s' does not take a valueparse error in %sparse error in %s parse error in %s near line %dparse error in %s near line %d perm stack overflowperm stack underflowpress return to edit %s: problem with defaults entriessorry, you are not allowed to preserve the environmentsorry, you are not allowed to set the following environment variables: %ssorry, you must have a tty to run sudospecified editor (%s) doesn't existstart_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()sudo_ldap_build_pass1 allocation mismatchsudo_ldap_conf_add_ports: out of space expanding hostbufsudo_ldap_conf_add_ports: port too largesudo_ldap_parse_uri: out of space building hostbufsudo_putenv: corrupted envp, length mismatchsudoers specifies that root is not allowed to sudotimestamp owner (%s): No such usertimestamp path too long: %stimestamp too far in the future: %20.20stoo many levels of includestoo many parenthesized expressions, max %dtoo many processesunable to begin bsd authenticationunable to build time filterunable to cache gid %u, already existsunable to cache group %s, already existsunable to cache group list for %s, already existsunable to cache uid %u, already existsunable to cache user %s, already existsunable to change expired password: %sunable to change mode of %s to 0%ounable to change to root gidunable to change to runas gidunable to change to runas uidunable to change to sudoers gidunable to commit audit recordunable to connect to authentication serverunable to contact the SecurID serverunable to create %sunable to dlopen %s: %sunable to dup stdin: %munable to execute %sunable to execute %s: %munable to find symbol "%s" in %sunable to find symbol "group_plugin" in %sunable to forkunable to fork: %munable to format timestampunable to get GMT timeunable to get login class for user %sunable to initialize LDAP: %sunable to initialize PAMunable to initialize SIA sessionunable to initialize SSL cert and key db: %sunable to initialize SSS source. Is SSSD installed on your machine?unable to lock log file: %s: %sunable to mix ldap and ldaps URIsunable to mix ldaps and starttlsunable to mkdir %sunable to open %sunable to open audit systemunable to open log file: %s: %sunable to open pipe: %munable to parse groups for %sunable to re-open temporary file (%s), %s unchanged.unable to read %sunable to read fwtk configunable to remove %s, will reset to the epochunable to reset %s to the epochunable to resolve host %sunable to run %sunable to send audit messageunable to set (uid, gid) of %s to (%u, %u)unable to set runas group vectorunable to set tty to raw modeunable to setup authenticationunable to stat %sunable to stat editor (%s)unable to stat temporary file (%s), %s unchangedunable to write to %sunabled to parse temporary file (%s), unknown errorunknown SecurID errorunknown defaults entry `%s'unknown group: %sunknown login class: %sunknown search term "%s"unknown uid: %uunknown user: %sunmatched '(' in expressionunmatched ')' in expressionunsupported LDAP uri type: %sunsupported digest type %d for %susage: %s [-h] [-d dir] -l [search expression] usage: %s [-h] [-d dir] [-m num] [-s num] ID user NOT authorized on hostuser NOT in sudoersvalidation failurevalue `%s' is invalid for option `%s'value out of rangevalues for `%s' must start with a '/'write errorwriting to standard outputyou are not permitted to use the -C optionyou do not exist in the %s databaseyou must set TLS_CERT in %s to use SSLzero length temporary file (%s), %s unchangedProject-Id-Version: sudoers 1.8.8b1 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-08-16 10:18-0600 PO-Revision-Date: 2013-09-03 14:41+0200 Last-Translator: P. Hamming Language-Team: Dutch Language: nl MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=n != 1 computer komt niet overeen Opdracht toegestaan Opdracht niet toegestaan Opdracht komt niet overeen LDAP Role: %s LDAP Role: UNKNOWN Opties: -c, --check alleen lezen modus -f, --file=bestand geef lokatie van sudoersbestand op -h, --help geef help weer (dit bericht) en sluit af -q, --quiet minder uitgebreide syntactische fout berichten -s, --strict stricte controle van syntaxis -V, --verion geef versieinformatie weer en sluit af Opties: -d, --directory=map map voor sessielogs opgeven -f, --filter=filter opgeven welk type in-/uitvoer moet worden weergegeven -h, --help geef help weer (dit bericht) en sluit af -l, --list [expressie] som beschikbare sessienummers die overeenkomen met de expressie op -m, --max-wait=num wacht tussen gebeurtenissen maximaal m seconden -s, --speed=num snelheid van uitvoer verhogen of verlagen -V, --version geef versieinformatie weer en sluit af Sudoers item: Sudoers pad: %s Als het goed is hebt u de gebruikelijke informatie ontvangen van uw systeembeheerder. Gewoonlijk komt het neer op de volgende drie punten: 1. Respecteer de privacy van anderen. 2. Denk na voordat u iets doet. 3. Veel mogelijkheden betekend veel verantwoordelijkheid. Opdrachten: Opties: Volgorde: %s RunAsGroups: RunAsUsers: %8s : %s%8s : (opdracht voortgezet) %s%d ongeldige wachtwoord poging%d ongeldige wachtwoord pogingen%s - sudo sessielogs bekijken %s - bewerk het sudoersbestand voorzichtig %s en %s niet op hetzelfde bestandssyteem, gebuikt mv om te hernoemen%s bezig, probeer later opnieuw%s bestaat al, maar is geen map (0%o)%s bestaat maar is geen normaal bestand (0%o)%s grammaticaversie %d %s in geen regulier bestand%s is niet toegestaan sudo te gebruiken op %s. Dit incident zal worden gerapporteerd. %s in niet in het sudoersbestand. Dit incident zal worden gerapporteerd. %s is eigendom van groupsnummer %u, moet zijn %u%s is eigendom van gebruikersnummer %u, moet zijn %u%s kan door iedereen worden geschreven%s moet eigendom zijn van gebruikersnummer %d%s mag enkel schrijfbaar zijn voor eigenaar%s is van gebruikersnummer %u, zou gebruikersnummer %u moeten zijn%s heeft een argument nodig%s ongewijzigd%s versie %s %s kan geschreven worden bij niet-eigenaar (0%o), zou ingesteld moeten zijn op 0600%s kan geschreven worden door niet-eigenaar (0%o), zou ingesteld moeten zijn op 0700%s/%.2s/%.2s/%.2s/timing: %s%s/%s/timing: %s%s: %s%s: Kan TGT niet verifieren! U bent mogelijk aangevallen!: %s%s: verkeerde permissies, mout zijn modus 0%o %s: opdracht niet gevonden%s: incompatibele groepplugin hoofdversie %d, verwacht wordt %d%s: ontleden geslaagd %s: leesfout%s: kan opties: %s niet reserveren%s: kan aanmeldingsgegevens: %s niet verkrijgen%s: kan belangrijkste server niet vinden: %s%s: kan cache voor aanmeldingsgegevens: %s niet initialiseren%s: kan '%s': %s niet ontleden%s: kan cache voor aanmeldingsgegevens: %s niet oplossen%s: kan aanmeldingsgegeven niet opslaan in cache: %s%s: ongebruikte %s_Alias %s%s: verkeerde eigenaar (gebruikers-, groepsnummer) zou moeten zijn (%u, %u) *** VEILIGHEIDSinformatie voor %h ***Account verlopen of PAM configuratie heeft geen "account"-gedeelte voor sudo, neem contact op met uw systeembeheerderAccount of wachtwoord is verlopen, stel uw wachtwoord opnieuw in en probeer opnieuwVoeg een item toe aan het utmp/utmpx-bestand wanneer een virtuele terminal wordt gereserveerdAdres waarvan de mail wordt verzonden: %sAdres om mails naar te sturen: %sAlias `%s' reeds gedefinieerdSta verzamelen van informatie toe om bruikbare fout-berichten te gevenSta sudo toe ook te vragen naar een wachtwoord wanneer dit zichtbaar zou wordenSta gebruikers toe willekeurige omgevingsvariabelen in te stellenVoer opdrachten altijd uit in een pseudo-terminalStuur altijd een mail wanneer sudo is gebruikt$HOME altijd instellen op de persoonlijke map van de doelgebruikerPas de standaardinstellingen van de doelgebruikers inlogklasse toe wanneer deze bestaatVerificatie-methoden:Aanmeldtijd timeout: %.1f minutenComprimeer in-/uitvoerlogs met zlibKan voorwaarden voor controle niet bepalenMaak een nieuwe PAM-sessie om de opdracht in uit te voeren.Standaard wachtwoordprompt: %sStandaard gebruiker om opdrachten uit te voeren: %sMap waarin in-/uitvoerlogs moeten worden opgeslagen: %sInitialiseer niet de doelgebruikers groepsvectorOmgevingsvariablen om juistheid te controleren:Behoud de volgende omgevingsvariablen:Verwijder de volgende omgevingsvariablen:Fout: %s_Alias `%s' wordt naar verwezen, maar is niet gedefinieerdFout: cyclus van %s_Alias `%s'Bestand met de sudo-instructies: %sBestandsindicators >= %d zullen worden gesloten voor uitvoeren van een opdrachtBestand waarin in-/uitvoerlogs moeten worden opgeslagen: %sOpties voor mailprogramma: %sAls de LDAP-map beschikbaar is, wordt het lokale sudoersbestand genegeerd?Wanneer ingesteld zal de wachtwoordprompt altijd de systeempromt vervangen.Als ingesteld, gebruikers mogen de waarde van `closefrom' vervangen met de optie -CStart een shell als sudo wordt aangeroepen zonder argumentenNegeer '.' in $PATHBoodschap voor verkeerd wachtwoord: %sBeledig de gebruiker wanneer ze een verkeerd wachtwoord invoerenOngeldige verificatiemethoden in sudo gecompileerd! U kunt geen zelfstandige en niet-zelfstandige verificatiemethoden door elkaar gebruiken.Instrueer gebruikers de eerste keer dat ze sudo gebruikenBreek regels in logbestanden af op (0 voor niet afbreken): %dCombinaties van lokale IP-adressen en netwerkmaskers: Te gebruiken taaldefinitie bij ontleden sudoers: %sLogverhouding is %d x %d, de verhouding van uw terminal is %d x %d.Log de computernaam in het (niet-syslog) logbestandLog uitvoer voor de uitgevoerde opdrachtLog het jaar in het (niet-syslog) logbestandLog gebruikersinvoer voor de uitgevoerde opdrachtOvereenkomende standaarditems voor %s op %s: Maximaal in-/uitvoerlog volgnummerGeen gebruiker of computerAantal pogingen om een wachtwoord in te voeren: %dGebruiker alleen toestaan sudo te gebruiken wanneer deze een terminal heeftStel het effectieve gebruikersnummer van de doelgebuiker in, niet het werkelijke gebruikersnummerOpties zijn: (e)dit sudoers bestand opnieuw e(x)it zonder de wijzigingen op te slaan (Q)uit en sla wijziging op in het sudoers bestand (GEVAAR!) Eigenaar van aanmeld-tijdmap: %sfout in PAM-aanmelding: %snaam van PAM-service om te gebruikennaam van PAM-service om te gebruiken voor inlog-shellsWachtwoord verlopen, neem contact op met uw systeembeheerderWachtwoordprompt timeout: %.1f minutenWachtwoord:Pad naar aanmeld-tijdmap: %sPad naar logbestand: %sPad naar mailprogramma: %sPad naar de editor bij gebruik van visudo: %sPad naar het omgevingsbestand voor sudo: %sPlugin voor ondersteuning van niet-Unixgroepen: %sLaadt vooraf de dummy uitvoerfuncties uit de sudo_noexec-bibliotheekVraag naar wachtwoord van root, niet van de gebruikerVraag naar wachtwoord van runas_default gebruiker, niet van huidige gebruikerVraag naar wachtwoord van doelgebruiker, niet van huidige gebruikerZorg voor zichtbare terugkoppeling op de wachtwoordprompt wanneer er gebruikersinvoer isGeef OTP prompt een eigen regelBekijken van sudo sessie: %s Vereis volledig-gekwalificeerde computernamen (fqdn) in het sudoers-bestandStandaard is verificatie van gebruikers vereistStel de omgevingsvariablen in op een standaard setRoot mag sudo gebruikenDraai opdrachten op een virtuele terminal op de achtergrond.Runas en opdrachtspecifieke standaarden voor %s: SELinux role om in de nieuwe beveiliginscontext te gebruiken: %sSELinux type om in de nieuwe beveiliginscontext te gebruiken: %sSecurID communicatie misluktStuur een mail als de gebruiker een opdracht niet mag gebruikenStuur een mail als de gebruiker niet in sudoers staatStuur een mail als de gebruiker niet voor deze computer in sudoers staatStuur een mail wanneer aanmelden van gebruiker misluktStel $HOME in op de doel-gebruiker wanneer een shell wordt gestart met -sSet van beperkende privilegesSet van toegestane privilegesStel de LOGNAME en USER omgevingsvariabelen inStel de gebruiker in utmp in als de doelgebruiker, niet als de aanroepende gebruikerSorry, probeer opnieuwExcuseer, gebruiker %s man '%s%s%s' niet uitvoeren als %s%s%s op %s. Excuseer, gebruiker %s mag sudo niet gebruiken op %s. Onderwerp voor mails: %sVersie van sudoers bestandsgrammatica %d Sudoers beleidsplugin versie %s Syslog-voorziening als syslog wordt gebruikt voor loggen: %sSyslog-prioriteit wanneer aanmelden van gebruiker gelukt is: %sSyslog-prioriteit wanneer aanmelden van gebruiker niet gelukt is: %sDe umask die is opgegeven in het sudoersbestand zal die van de gebruiker vervangen, ook wanneer deze meer toestaatEr zijn geen verificatie-methoden in sudo gecompileerd! Als u verificatie wilt uitschakelen, dient u de --disable-authentication configuratie-optie te gebruiken.Te gebruiken umask of 0777 om die van gebruiker te gebruiken: 0%oGebruik een verschillende tijd voor elke gebruiker/terminal combinatieGebruik snellere expansie van jokertekens. Dit is minder nauwkeurig, maar maakt geen gebruik van het bestandsysteemGebruiker %s in niet toegestaan sudo te gebruiken op %s. Gebruiker %s mag de volgende opdrachten uitvoeren op %s: Gebruikers ID geblokkeerd voor SecurID verificatieGebruikers in deze groep hoeven geen wachtwoord en PATH in te voeren: %sWaarde om $PATH van gebruiker te vervangen %sVisudo zal de EDITOR omgevingsvariabele in acht nemenWaarschuwing: %s_Alias `%s' wordt naar verwezen, maar is niet gedefinieerdWaarschuwing: cyclus van %s_Alias `%s'Waarschuwing: uw terminal is te klein om de log goed af te bekijken. Wat nu? Wanneer een wachtwoord noodzakelijk is voor 'list' pseudopdracht: %sWanneer een wachtwoord noodzakelijk is voor 'verify' pseudopdracht: %seen wachtwoord is verplichtfout bij valideren van account, is uw account geblokkeerd?dubbelzinnige expressie "%s"aanmeldfoutaanmeldingsserverfout: %sopdracht mislukt: '%s %s %s', %s ongewijzigdopdracht in huidige mapopdracht niet toegestaankan datum niet ontleden "%s"controlegetal voor %s (%s) is niet in de juiste vorm: %seditor (%s) mislukt, %s ongewijzigdfout bij hernoemen %s, %s ongewijzigdinitialiseren van de ACE API bibliotheek misluktkon %sbestand niet ontleden, onbekende foutfill_args: stapeloverloop`%s' gevonden in '.' wordt genegeerd. Gebruik `sudo ./%s' als `%s' is wat u wilt gebruiken.ongeldige afsluitende "!"ongeldige afsluitende "or"interne fout, %s overflowinterne fout, kan %s niet in de lijst vinden!interne fout: onvoldoende ruimte voor logregelkan verificatie voor SecurID op deze manier niet afhandelenongeldige verificatiemethodenongeldig type verificatieongeldige filteroptie: %songeldige maximale wacht: %songeldige lengte van passcode voor SecurIDongeldige reguliere expressie: %songeldige snelheidsfactor: %songeldig sudoOrder kenmerk: %songeldige timing bestandsregel: %songeldige uri: %songeldige gebruikersnaamlengte voor SecurIDongeldige waardeldap.conf pad: %s ldap.secret pad: %s verbinding met aanmeldingsserver verlorengeen verificatiemethodengeen editor gevonden (editorpad = %s)geen terminalgeen geldige sudoers-bronnen gevonden, afsluitengeen waarde opgegeven voor `%s'nsswitch pad: %s alleen root kan `-c %s' gebruikenoptie `%s' kan geen waarde verwerkenontleedfout in %sfout bij ontleden van %s ontleedfout in %s bij regel %dfout bij ontleden van %s bij regel %d permanente stapeloverlooppermanente stapelonderlooptoets enter om te bewerken %s: probleem met standaarditemsexcuseer, u mag de omgeving niet behoudenexcuseer, u mag de volgende omgevingsvariabelen niet instellen: %sexcuseer, u moet een terminal hebben om sudo te gebruikenopgegeven editor (%s) bestaat nietstart_tls opgegeven maar LDAP bibliotheken ondersteunen geen ldap_start_tls_s() of ldap_start_tls_s_np()sudo_ldap_build_pass1 reserveren misluktsudo_ldap_conf_add_ports: ruimte ontoereikend bij uitbreiden hostbufsudo_ldap_conf_add_ports: poort te grootsudo_ldap_parse_uri: ruimte ontoereikend bij bouwen van hostbufsudo_putenv: envp bevat fouten, verkeerde lengtesudoers geeft aan dat root sudo niet mag gebruikentijd-eigenaar (%s): Gebruiker bestaat niettijd voor pad te lang: %stijd is te ver in de toekomst: %20.20ste veel niveaus van insluitingente veel geneste expressies, maximum %dte veel takenkan de bsd aanmelding niet startenkan tijd-filter niet opbouwenkan groepsnummer %u niet bufferen, bestaat reedskan groep %s niet bufferen, bestaat reedskan groepslijst voor %s niet bufferen, bestaat reedskan gebruikersnummer %u niet bufferen, bestaat reedskan gebruiker %s niet bufferen, bestaat reedskan verlopen wachtwoord niet wijzigen: %skan modus van %s niet wijzigen naar 0%okan niet wijzigen naar rootgroupsnummerkan niet wijzigen naar doelgroupsnummerkan niet wijzigen naar doelgebruikersnummerkan niet wijzigen naar sudoers groupsnummerkan controlestructuur niet opbouwenkan niet verbinden met aanmeldingsserverkan geen contact krijgen met de SecurID serverkan %s niet aanmakenkan niet dlopen %s: %skan stdin niet klonen: %mkan %s niet uitvoerenkan %s niet uitvoeren: %mkan symbool "%s" niet vinden in %skan symbool "group_plugin" niet vinden in %skan niet afsplitsenkan niet afsplitsen: %mkan tijd niet juist opmakenkan GMT-tijd niet verkrijgenkan de loginklasse voor gebruiker %s niet verkrijgenkan LDAP niet initialiseren: %skan PAM niet initialiserenkan SIA-sessie niet initialiserenkan SSL cert en key db niet initialiseren: %sKan SSS-bron niet initialiseren. Is SSSD op uw machine geinstalleerd?kan logbestand niet vergrendelen: %s: %skan ldap en ldaps URIs niet door elkaar gebruikenkan ldaps en starttls niet door elkaar gebruikenmkdir %s: aanmaken misluktkan %s niet openenkan controlesysteem niet openenkan logbestand niet openen: %s: %skan pipe niet openen: %mkan groepen voor %s niet ontledenkan tijdelijk bestand (%s) niet openen, %s ongewijzigd.kan %s niet lezenkan fwtk configuratie niet lezenkan %s niet verwijderen, wordt geherinitialiseerd op de epochkan %s niet herinitialiseren op de epochkan computernaam %s niet herleidenkan %s niet gebruikenkan controleboodschap niet verzendenkan %s niet wijzigen (gebruikers- of groupsnummer) naar (%u, %u)kan doelgroepvector niet instellenkan terminal niet instellen voor ruwe moduskan verificatie niet instellenkan stat %s niet uitvoerenkan status van editor (%s) niet verkrijgenkan status van tijdelijk bestand (%s) niet vaststellen, %s ongewijzigdkan %s niet schrijvenkan tijdelijke bestand (%s) niet ontleden, onbekende foutonbekende SecurID foutonbekend standaarditem `%s'onbekende groep: %sonbekende loginklasse: %sonbekende zoekterm "%s"onbekend gebruikersnummer: %uonbekende gebruiker: %sonvergezelde '(' in expressieonvergezelde ')' in expressieniet-ondersteund LDAP uri type: %sniet-ondersteund type controlegetal %d voor %sgebruik: %s [-h] [-d map] -l [zoek expressie] gebruik: %s [-h] [-d map] [-m max_wacht] [-s snelheidsfactor] ID gebruiker NIET aangemeld op computergebruiker NIET in sudoersgeldigheidsfoutwaarde `%s' is ongeldig voor optie `%s'waarde buiten bereikwaarden voor `%s' moeten beginnen met een '/'schrijffoutnaar standaarduitvoer schrijvenu mag de optie -C niet gebruikenu bestaat niet in de %s databaseu moet TLS_CERT in %s instellen om SSL te gebruikentijdelijk bestand (%s) leeg, %s ongewijzigdsudo-1.8.9p5/plugins/sudoers/po/nl.po010064400175440000012000001564521226304126200171130ustar00millertstaff# Dutch translation for sudoers. # Copyright (C) 2013 P. Hamming # This file is distributed under the same license as the sudo package. # P. Hamming , 2013 msgid "" msgstr "" "Project-Id-Version: sudoers 1.8.8b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-08-16 10:18-0600\n" "PO-Revision-Date: 2013-09-03 14:41+0200\n" "Last-Translator: P. Hamming \n" "Language-Team: Dutch \n" "Language: nl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1\n" #: confstr.sh:2 msgid "Password:" msgstr "Wachtwoord:" #: confstr.sh:3 msgid "*** SECURITY information for %h ***" msgstr "*** VEILIGHEIDSinformatie voor %h ***" #: confstr.sh:4 msgid "Sorry, try again." msgstr "Sorry, probeer opnieuw" #: plugins/sudoers/alias.c:136 #, c-format msgid "Alias `%s' already defined" msgstr "Alias `%s' reeds gedefinieerd" #: plugins/sudoers/auth/bsdauth.c:77 #, c-format msgid "unable to get login class for user %s" msgstr "kan de loginklasse voor gebruiker %s niet verkrijgen" #: plugins/sudoers/auth/bsdauth.c:83 msgid "unable to begin bsd authentication" msgstr "kan de bsd aanmelding niet starten" #: plugins/sudoers/auth/bsdauth.c:91 msgid "invalid authentication type" msgstr "ongeldig type verificatie" #: plugins/sudoers/auth/bsdauth.c:100 msgid "unable to setup authentication" msgstr "kan verificatie niet instellen" #: plugins/sudoers/auth/fwtk.c:59 #, c-format msgid "unable to read fwtk config" msgstr "kan fwtk configuratie niet lezen" #: plugins/sudoers/auth/fwtk.c:64 #, c-format msgid "unable to connect to authentication server" msgstr "kan niet verbinden met aanmeldingsserver" #: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 #: plugins/sudoers/auth/fwtk.c:127 #, c-format msgid "lost connection to authentication server" msgstr "verbinding met aanmeldingsserver verloren" #: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" "aanmeldingsserverfout:\n" "%s" #: plugins/sudoers/auth/kerb5.c:116 #, fuzzy, c-format msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s: kan opdrachtgever niet converteren naar een string ('%s'): %s" #: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: kan '%s': %s niet ontleden" #: plugins/sudoers/auth/kerb5.c:169 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: kan cache voor aanmeldingsgegevens: %s niet oplossen" #: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: kan opties: %s niet reserveren" #: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: kan aanmeldingsgegevens: %s niet verkrijgen" #: plugins/sudoers/auth/kerb5.c:246 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: kan cache voor aanmeldingsgegevens: %s niet initialiseren" #: plugins/sudoers/auth/kerb5.c:250 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: kan aanmeldingsgegeven niet opslaan in cache: %s" #: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: kan belangrijkste server niet vinden: %s" #: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: Kan TGT niet verifieren! U bent mogelijk aangevallen!: %s" #: plugins/sudoers/auth/pam.c:98 msgid "unable to initialize PAM" msgstr "kan PAM niet initialiseren" #: plugins/sudoers/auth/pam.c:149 msgid "account validation failure, is your account locked?" msgstr "fout bij valideren van account, is uw account geblokkeerd?" #: plugins/sudoers/auth/pam.c:153 msgid "Account or password is expired, reset your password and try again" msgstr "Account of wachtwoord is verlopen, stel uw wachtwoord opnieuw in en probeer opnieuw" #: plugins/sudoers/auth/pam.c:161 #, c-format msgid "unable to change expired password: %s" msgstr "kan verlopen wachtwoord niet wijzigen: %s" #: plugins/sudoers/auth/pam.c:166 msgid "Password expired, contact your system administrator" msgstr "Wachtwoord verlopen, neem contact op met uw systeembeheerder" #: plugins/sudoers/auth/pam.c:170 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Account verlopen of PAM configuratie heeft geen \"account\"-gedeelte voor sudo, neem contact op met uw systeembeheerder" #: plugins/sudoers/auth/pam.c:187 #, c-format msgid "PAM authentication error: %s" msgstr "fout in PAM-aanmelding: %s" #: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:226 #, c-format msgid "you do not exist in the %s database" msgstr "u bestaat niet in de %s database" #: plugins/sudoers/auth/securid5.c:80 #, c-format msgid "failed to initialise the ACE API library" msgstr "initialiseren van de ACE API bibliotheek mislukt" #: plugins/sudoers/auth/securid5.c:106 #, c-format msgid "unable to contact the SecurID server" msgstr "kan geen contact krijgen met de SecurID server" #: plugins/sudoers/auth/securid5.c:115 #, c-format msgid "User ID locked for SecurID Authentication" msgstr "Gebruikers ID geblokkeerd voor SecurID verificatie" #: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 #, c-format msgid "invalid username length for SecurID" msgstr "ongeldige gebruikersnaamlengte voor SecurID" #: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 #, c-format msgid "invalid Authentication Handle for SecurID" msgstr "kan verificatie voor SecurID op deze manier niet afhandelen" #: plugins/sudoers/auth/securid5.c:127 #, c-format msgid "SecurID communication failed" msgstr "SecurID communicatie mislukt" #: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 #, c-format msgid "unknown SecurID error" msgstr "onbekende SecurID fout" #: plugins/sudoers/auth/securid5.c:165 #, c-format msgid "invalid passcode length for SecurID" msgstr "ongeldige lengte van passcode voor SecurID" #: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "kan SIA-sessie niet initialiseren" #: plugins/sudoers/auth/sudo_auth.c:119 msgid "invalid authentication methods" msgstr "ongeldige verificatiemethoden" #: plugins/sudoers/auth/sudo_auth.c:120 msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." msgstr "Ongeldige verificatiemethoden in sudo gecompileerd! U kunt geen zelfstandige en niet-zelfstandige verificatiemethoden door elkaar gebruiken." #: plugins/sudoers/auth/sudo_auth.c:203 msgid "no authentication methods" msgstr "geen verificatiemethoden" #: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "Er zijn geen verificatie-methoden in sudo gecompileerd! Als u verificatie wilt uitschakelen, dient u de --disable-authentication configuratie-optie te gebruiken." #: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "Verificatie-methoden:" #: plugins/sudoers/bsm_audit.c:91 plugins/sudoers/bsm_audit.c:158 #, c-format msgid "Could not determine audit condition" msgstr "Kan voorwaarden voor controle niet bepalen" #: plugins/sudoers/bsm_audit.c:134 plugins/sudoers/bsm_audit.c:199 #, c-format msgid "unable to commit audit record" msgstr "kan controlestructuur niet opbouwen" #: plugins/sudoers/check.c:189 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" "Administrator. It usually boils down to these three things:\n" "\n" " #1) Respect the privacy of others.\n" " #2) Think before you type.\n" " #3) With great power comes great responsibility.\n" "\n" msgstr "" "\n" "Als het goed is hebt u de gebruikelijke informatie ontvangen van uw\n" "systeembeheerder. Gewoonlijk komt het neer op de volgende drie punten:\n" "\n" " 1. Respecteer de privacy van anderen.\n" " 2. Denk na voordat u iets doet.\n" " 3. Veel mogelijkheden betekend veel verantwoordelijkheid.\n" "\n" #: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 #: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:588 #, c-format msgid "unknown uid: %u" msgstr "onbekend gebruikersnummer: %u" #: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:682 #: plugins/sudoers/sudoers.c:847 plugins/sudoers/testsudoers.c:215 #: plugins/sudoers/testsudoers.c:361 #, c-format msgid "unknown user: %s" msgstr "onbekende gebruiker: %s" #: plugins/sudoers/def_data.c:27 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "Syslog-voorziening als syslog wordt gebruikt voor loggen: %s" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "Syslog-prioriteit wanneer aanmelden van gebruiker gelukt is: %s" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "Syslog-prioriteit wanneer aanmelden van gebruiker niet gelukt is: %s" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" msgstr "Geef OTP prompt een eigen regel" #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" msgstr "Negeer '.' in $PATH" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" msgstr "Stuur altijd een mail wanneer sudo is gebruikt" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" msgstr "Stuur een mail wanneer aanmelden van gebruiker mislukt" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" msgstr "Stuur een mail als de gebruiker niet in sudoers staat" #: plugins/sudoers/def_data.c:59 msgid "Send mail if the user is not in sudoers for this host" msgstr "Stuur een mail als de gebruiker niet voor deze computer in sudoers staat" #: plugins/sudoers/def_data.c:63 msgid "Send mail if the user is not allowed to run a command" msgstr "Stuur een mail als de gebruiker een opdracht niet mag gebruiken" #: plugins/sudoers/def_data.c:67 msgid "Use a separate timestamp for each user/tty combo" msgstr "Gebruik een verschillende tijd voor elke gebruiker/terminal combinatie" #: plugins/sudoers/def_data.c:71 msgid "Lecture user the first time they run sudo" msgstr "Instrueer gebruikers de eerste keer dat ze sudo gebruiken" #: plugins/sudoers/def_data.c:75 #, c-format msgid "File containing the sudo lecture: %s" msgstr "Bestand met de sudo-instructies: %s" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" msgstr "Standaard is verificatie van gebruikers vereist" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" msgstr "Root mag sudo gebruiken" #: plugins/sudoers/def_data.c:87 msgid "Log the hostname in the (non-syslog) log file" msgstr "Log de computernaam in het (niet-syslog) logbestand" #: plugins/sudoers/def_data.c:91 msgid "Log the year in the (non-syslog) log file" msgstr "Log het jaar in het (niet-syslog) logbestand" #: plugins/sudoers/def_data.c:95 msgid "If sudo is invoked with no arguments, start a shell" msgstr "Start een shell als sudo wordt aangeroepen zonder argumenten" #: plugins/sudoers/def_data.c:99 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "Stel $HOME in op de doel-gebruiker wanneer een shell wordt gestart met -s" #: plugins/sudoers/def_data.c:103 msgid "Always set $HOME to the target user's home directory" msgstr "$HOME altijd instellen op de persoonlijke map van de doelgebruiker" #: plugins/sudoers/def_data.c:107 msgid "Allow some information gathering to give useful error messages" msgstr "Sta verzamelen van informatie toe om bruikbare fout-berichten te geven" #: plugins/sudoers/def_data.c:111 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "Vereis volledig-gekwalificeerde computernamen (fqdn) in het sudoers-bestand" #: plugins/sudoers/def_data.c:115 msgid "Insult the user when they enter an incorrect password" msgstr "Beledig de gebruiker wanneer ze een verkeerd wachtwoord invoeren" #: plugins/sudoers/def_data.c:119 msgid "Only allow the user to run sudo if they have a tty" msgstr "Gebruiker alleen toestaan sudo te gebruiken wanneer deze een terminal heeft" #: plugins/sudoers/def_data.c:123 msgid "Visudo will honor the EDITOR environment variable" msgstr "Visudo zal de EDITOR omgevingsvariabele in acht nemen" #: plugins/sudoers/def_data.c:127 msgid "Prompt for root's password, not the users's" msgstr "Vraag naar wachtwoord van root, niet van de gebruiker" #: plugins/sudoers/def_data.c:131 msgid "Prompt for the runas_default user's password, not the users's" msgstr "Vraag naar wachtwoord van runas_default gebruiker, niet van huidige gebruiker" #: plugins/sudoers/def_data.c:135 msgid "Prompt for the target user's password, not the users's" msgstr "Vraag naar wachtwoord van doelgebruiker, niet van huidige gebruiker" #: plugins/sudoers/def_data.c:139 msgid "Apply defaults in the target user's login class if there is one" msgstr "Pas de standaardinstellingen van de doelgebruikers inlogklasse toe wanneer deze bestaat" #: plugins/sudoers/def_data.c:143 msgid "Set the LOGNAME and USER environment variables" msgstr "Stel de LOGNAME en USER omgevingsvariabelen in" #: plugins/sudoers/def_data.c:147 msgid "Only set the effective uid to the target user, not the real uid" msgstr "Stel het effectieve gebruikersnummer van de doelgebuiker in, niet het werkelijke gebruikersnummer" #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" msgstr "Initialiseer niet de doelgebruikers groepsvector" #: plugins/sudoers/def_data.c:155 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %d" msgstr "Breek regels in logbestanden af op (0 voor niet afbreken): %d" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "Aanmeldtijd timeout: %.1f minuten" #: plugins/sudoers/def_data.c:163 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "Wachtwoordprompt timeout: %.1f minuten" #: plugins/sudoers/def_data.c:167 #, c-format msgid "Number of tries to enter a password: %d" msgstr "Aantal pogingen om een wachtwoord in te voeren: %d" #: plugins/sudoers/def_data.c:171 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "Te gebruiken umask of 0777 om die van gebruiker te gebruiken: 0%o" #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" msgstr "Pad naar logbestand: %s" #: plugins/sudoers/def_data.c:179 #, c-format msgid "Path to mail program: %s" msgstr "Pad naar mailprogramma: %s" #: plugins/sudoers/def_data.c:183 #, c-format msgid "Flags for mail program: %s" msgstr "Opties voor mailprogramma: %s" #: plugins/sudoers/def_data.c:187 #, c-format msgid "Address to send mail to: %s" msgstr "Adres om mails naar te sturen: %s" #: plugins/sudoers/def_data.c:191 #, c-format msgid "Address to send mail from: %s" msgstr "Adres waarvan de mail wordt verzonden: %s" #: plugins/sudoers/def_data.c:195 #, c-format msgid "Subject line for mail messages: %s" msgstr "Onderwerp voor mails: %s" #: plugins/sudoers/def_data.c:199 #, c-format msgid "Incorrect password message: %s" msgstr "Boodschap voor verkeerd wachtwoord: %s" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "Pad naar aanmeld-tijdmap: %s" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "Eigenaar van aanmeld-tijdmap: %s" #: plugins/sudoers/def_data.c:211 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "Gebruikers in deze groep hoeven geen wachtwoord en PATH in te voeren: %s" #: plugins/sudoers/def_data.c:215 #, c-format msgid "Default password prompt: %s" msgstr "Standaard wachtwoordprompt: %s" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." msgstr "Wanneer ingesteld zal de wachtwoordprompt altijd de systeempromt vervangen." #: plugins/sudoers/def_data.c:223 #, c-format msgid "Default user to run commands as: %s" msgstr "Standaard gebruiker om opdrachten uit te voeren: %s" #: plugins/sudoers/def_data.c:227 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "Waarde om $PATH van gebruiker te vervangen %s" #: plugins/sudoers/def_data.c:231 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "Pad naar de editor bij gebruik van visudo: %s" #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "Wanneer een wachtwoord noodzakelijk is voor 'list' pseudopdracht: %s" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "Wanneer een wachtwoord noodzakelijk is voor 'verify' pseudopdracht: %s" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in the sudo_noexec library" msgstr "Laadt vooraf de dummy uitvoerfuncties uit de sudo_noexec-bibliotheek" #: plugins/sudoers/def_data.c:247 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "Als de LDAP-map beschikbaar is, wordt het lokale sudoersbestand genegeerd?" #: plugins/sudoers/def_data.c:251 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "Bestandsindicators >= %d zullen worden gesloten voor uitvoeren van een opdracht" #: plugins/sudoers/def_data.c:255 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "Als ingesteld, gebruikers mogen de waarde van `closefrom' vervangen met de optie -C" #: plugins/sudoers/def_data.c:259 msgid "Allow users to set arbitrary environment variables" msgstr "Sta gebruikers toe willekeurige omgevingsvariabelen in te stellen" #: plugins/sudoers/def_data.c:263 msgid "Reset the environment to a default set of variables" msgstr "Stel de omgevingsvariablen in op een standaard set" #: plugins/sudoers/def_data.c:267 msgid "Environment variables to check for sanity:" msgstr "Omgevingsvariablen om juistheid te controleren:" #: plugins/sudoers/def_data.c:271 msgid "Environment variables to remove:" msgstr "Verwijder de volgende omgevingsvariablen:" #: plugins/sudoers/def_data.c:275 msgid "Environment variables to preserve:" msgstr "Behoud de volgende omgevingsvariablen:" #: plugins/sudoers/def_data.c:279 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "SELinux role om in de nieuwe beveiliginscontext te gebruiken: %s" #: plugins/sudoers/def_data.c:283 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "SELinux type om in de nieuwe beveiliginscontext te gebruiken: %s" #: plugins/sudoers/def_data.c:287 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "Pad naar het omgevingsbestand voor sudo: %s" #: plugins/sudoers/def_data.c:291 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "Te gebruiken taaldefinitie bij ontleden sudoers: %s" #: plugins/sudoers/def_data.c:295 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "Sta sudo toe ook te vragen naar een wachtwoord wanneer dit zichtbaar zou worden" #: plugins/sudoers/def_data.c:299 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "Zorg voor zichtbare terugkoppeling op de wachtwoordprompt wanneer er gebruikersinvoer is" #: plugins/sudoers/def_data.c:303 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "Gebruik snellere expansie van jokertekens. Dit is minder nauwkeurig, maar maakt geen gebruik van het bestandsysteem" #: plugins/sudoers/def_data.c:307 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "De umask die is opgegeven in het sudoersbestand zal die van de gebruiker vervangen, ook wanneer deze meer toestaat" #: plugins/sudoers/def_data.c:311 msgid "Log user's input for the command being run" msgstr "Log gebruikersinvoer voor de uitgevoerde opdracht" #: plugins/sudoers/def_data.c:315 msgid "Log the output of the command being run" msgstr "Log uitvoer voor de uitgevoerde opdracht" #: plugins/sudoers/def_data.c:319 msgid "Compress I/O logs using zlib" msgstr "Comprimeer in-/uitvoerlogs met zlib" #: plugins/sudoers/def_data.c:323 msgid "Always run commands in a pseudo-tty" msgstr "Voer opdrachten altijd uit in een pseudo-terminal" #: plugins/sudoers/def_data.c:327 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "Plugin voor ondersteuning van niet-Unixgroepen: %s" #: plugins/sudoers/def_data.c:331 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "Map waarin in-/uitvoerlogs moeten worden opgeslagen: %s" #: plugins/sudoers/def_data.c:335 #, c-format msgid "File in which to store the input/output log: %s" msgstr "Bestand waarin in-/uitvoerlogs moeten worden opgeslagen: %s" #: plugins/sudoers/def_data.c:339 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "Voeg een item toe aan het utmp/utmpx-bestand wanneer een virtuele terminal wordt gereserveerd" #: plugins/sudoers/def_data.c:343 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "Stel de gebruiker in utmp in als de doelgebruiker, niet als de aanroepende gebruiker" #: plugins/sudoers/def_data.c:347 msgid "Set of permitted privileges" msgstr "Set van toegestane privileges" #: plugins/sudoers/def_data.c:351 msgid "Set of limit privileges" msgstr "Set van beperkende privileges" #: plugins/sudoers/def_data.c:355 msgid "Run commands on a pty in the background" msgstr "Draai opdrachten op een virtuele terminal op de achtergrond." #: plugins/sudoers/def_data.c:359 msgid "PAM service name to use" msgstr "naam van PAM-service om te gebruiken" #: plugins/sudoers/def_data.c:363 msgid "PAM service name to use for login shells" msgstr "naam van PAM-service om te gebruiken voor inlog-shells" #: plugins/sudoers/def_data.c:367 #, fuzzy msgid "Attempt to establish PAM credentials for the target user" msgstr "Probeert PAM-aanmeldgegevens voor doelgebruiker vast te stellen" #: plugins/sudoers/def_data.c:371 msgid "Create a new PAM session for the command to run in" msgstr "Maak een nieuwe PAM-sessie om de opdracht in uit te voeren." #: plugins/sudoers/def_data.c:375 msgid "Maximum I/O log sequence number" msgstr "Maximaal in-/uitvoerlog volgnummer" #: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:593 #, c-format msgid "unknown defaults entry `%s'" msgstr "onbekend standaarditem `%s'" #: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225 #: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258 #: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284 #: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317 #: plugins/sudoers/defaults.c:327 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "waarde `%s' is ongeldig voor optie `%s'" #: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 #: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253 #: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279 #: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312 #: plugins/sudoers/defaults.c:323 #, c-format msgid "no value specified for `%s'" msgstr "geen waarde opgegeven voor `%s'" #: plugins/sudoers/defaults.c:241 #, c-format msgid "values for `%s' must start with a '/'" msgstr "waarden voor `%s' moeten beginnen met een '/'" #: plugins/sudoers/defaults.c:303 #, c-format msgid "option `%s' does not take a value" msgstr "optie `%s' kan geen waarde verwerken" #: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 #: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 #: plugins/sudoers/policy.c:467 plugins/sudoers/policy.c:474 #: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:656 #: plugins/sudoers/testsudoers.c:245 #, c-format msgid "internal error, %s overflow" msgstr "interne fout, %s overflow" #: plugins/sudoers/env.c:367 #, c-format msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: envp bevat fouten, verkeerde lengte" #: plugins/sudoers/env.c:1012 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "excuseer, u mag de volgende omgevingsvariabelen niet instellen: %s" #: plugins/sudoers/group_plugin.c:102 #, c-format msgid "%s must be owned by uid %d" msgstr "%s moet eigendom zijn van gebruikersnummer %d" #: plugins/sudoers/group_plugin.c:106 #, c-format msgid "%s must only be writable by owner" msgstr "%s mag enkel schrijfbaar zijn voor eigenaar" #: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256 #, c-format msgid "unable to dlopen %s: %s" msgstr "kan niet dlopen %s: %s" #: plugins/sudoers/group_plugin.c:118 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "kan symbool \"group_plugin\" niet vinden in %s" #: plugins/sudoers/group_plugin.c:123 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: incompatibele groepplugin hoofdversie %d, verwacht wordt %d" #: plugins/sudoers/interfaces.c:119 msgid "Local IP address and netmask pairs:\n" msgstr "Combinaties van lokale IP-adressen en netwerkmaskers:\n" #: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144 #: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s bestaat al, maar is geen map (0%o)" #: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155 #: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165 #: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 #, c-format msgid "unable to mkdir %s" msgstr "mkdir %s: aanmaken mislukt" #: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:710 #: plugins/sudoers/sudoreplay.c:367 plugins/sudoers/sudoreplay.c:828 #: plugins/sudoers/sudoreplay.c:991 plugins/sudoers/timestamp.c:155 #: plugins/sudoers/visudo.c:824 #, c-format msgid "unable to open %s" msgstr "kan %s niet openen" #: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:713 #, c-format msgid "unable to read %s" msgstr "kan %s niet lezen" #: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159 #, c-format msgid "unable to write to %s" msgstr "kan %s niet schrijven" #: plugins/sudoers/iolog.c:334 #, c-format msgid "unable to create %s" msgstr "kan %s niet aanmaken" #: plugins/sudoers/ldap.c:403 #, c-format msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: poort te groot" #: plugins/sudoers/ldap.c:426 #, c-format msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: ruimte ontoereikend bij uitbreiden hostbuf" #: plugins/sudoers/ldap.c:456 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "niet-ondersteund LDAP uri type: %s" #: plugins/sudoers/ldap.c:485 #, c-format msgid "invalid uri: %s" msgstr "ongeldige uri: %s" #: plugins/sudoers/ldap.c:491 #, c-format msgid "unable to mix ldap and ldaps URIs" msgstr "kan ldap en ldaps URIs niet door elkaar gebruiken" #: plugins/sudoers/ldap.c:495 #, c-format msgid "unable to mix ldaps and starttls" msgstr "kan ldaps en starttls niet door elkaar gebruiken" #: plugins/sudoers/ldap.c:514 #, c-format msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: ruimte ontoereikend bij bouwen van hostbuf" #: plugins/sudoers/ldap.c:588 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "kan SSL cert en key db niet initialiseren: %s" #: plugins/sudoers/ldap.c:591 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "u moet TLS_CERT in %s instellen om SSL te gebruiken" #: plugins/sudoers/ldap.c:1077 #, c-format msgid "unable to get GMT time" msgstr "kan GMT-tijd niet verkrijgen" #: plugins/sudoers/ldap.c:1083 #, c-format msgid "unable to format timestamp" msgstr "kan tijd niet juist opmaken" #: plugins/sudoers/ldap.c:1091 #, c-format msgid "unable to build time filter" msgstr "kan tijd-filter niet opbouwen" #: plugins/sudoers/ldap.c:1310 #, c-format msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "sudo_ldap_build_pass1 reserveren mislukt" #: plugins/sudoers/ldap.c:1883 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" "\n" "LDAP Role: %s\n" #: plugins/sudoers/ldap.c:1885 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" "\n" "LDAP Role: UNKNOWN\n" #: plugins/sudoers/ldap.c:1932 #, c-format msgid " Order: %s\n" msgstr " Volgorde: %s\n" #: plugins/sudoers/ldap.c:1940 plugins/sudoers/parse.c:515 #: plugins/sudoers/sssd.c:1242 #, c-format msgid " Commands:\n" msgstr " Opdrachten:\n" #: plugins/sudoers/ldap.c:2477 #, c-format msgid "unable to initialize LDAP: %s" msgstr "kan LDAP niet initialiseren: %s" #: plugins/sudoers/ldap.c:2511 #, c-format msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls opgegeven maar LDAP bibliotheken ondersteunen geen ldap_start_tls_s() of ldap_start_tls_s_np()" #: plugins/sudoers/ldap.c:2747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "ongeldig sudoOrder kenmerk: %s" #: plugins/sudoers/linux_audit.c:57 #, c-format msgid "unable to open audit system" msgstr "kan controlesysteem niet openen" #: plugins/sudoers/linux_audit.c:93 #, c-format msgid "unable to send audit message" msgstr "kan controleboodschap niet verzenden" #: plugins/sudoers/logging.c:140 #, c-format msgid "%8s : %s" msgstr "%8s : %s" #: plugins/sudoers/logging.c:168 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (opdracht voortgezet) %s" #: plugins/sudoers/logging.c:194 #, c-format msgid "unable to open log file: %s: %s" msgstr "kan logbestand niet openen: %s: %s" #: plugins/sudoers/logging.c:197 #, c-format msgid "unable to lock log file: %s: %s" msgstr "kan logbestand niet vergrendelen: %s: %s" #: plugins/sudoers/logging.c:249 msgid "No user or host" msgstr "Geen gebruiker of computer" #: plugins/sudoers/logging.c:251 msgid "validation failure" msgstr "geldigheidsfout" #: plugins/sudoers/logging.c:258 msgid "user NOT in sudoers" msgstr "gebruiker NIET in sudoers" #: plugins/sudoers/logging.c:260 msgid "user NOT authorized on host" msgstr "gebruiker NIET aangemeld op computer" #: plugins/sudoers/logging.c:262 msgid "command not allowed" msgstr "opdracht niet toegestaan" #: plugins/sudoers/logging.c:292 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s in niet in het sudoersbestand. Dit incident zal worden gerapporteerd.\n" #: plugins/sudoers/logging.c:295 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s is niet toegestaan sudo te gebruiken op %s. Dit incident zal worden gerapporteerd.\n" #: plugins/sudoers/logging.c:299 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Excuseer, gebruiker %s mag sudo niet gebruiken op %s.\n" #: plugins/sudoers/logging.c:302 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Excuseer, gebruiker %s man '%s%s%s' niet uitvoeren als %s%s%s op %s.\n" #: plugins/sudoers/logging.c:339 plugins/sudoers/sudoers.c:382 #: plugins/sudoers/sudoers.c:383 plugins/sudoers/sudoers.c:385 #: plugins/sudoers/sudoers.c:386 plugins/sudoers/sudoers.c:1003 #: plugins/sudoers/sudoers.c:1004 #, c-format msgid "%s: command not found" msgstr "%s: opdracht niet gevonden" #: plugins/sudoers/logging.c:341 plugins/sudoers/sudoers.c:378 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" "`%s' gevonden in '.' wordt genegeerd.\n" "Gebruik `sudo ./%s' als `%s' is wat u wilt gebruiken." #: plugins/sudoers/logging.c:357 msgid "authentication failure" msgstr "aanmeldfout" #: plugins/sudoers/logging.c:383 msgid "a password is required" msgstr "een wachtwoord is verplicht" #: plugins/sudoers/logging.c:447 plugins/sudoers/logging.c:491 #, c-format msgid "%d incorrect password attempt" msgid_plural "%d incorrect password attempts" msgstr[0] "%d ongeldige wachtwoord poging" msgstr[1] "%d ongeldige wachtwoord pogingen" #: plugins/sudoers/logging.c:575 #, c-format msgid "unable to fork" msgstr "kan niet afsplitsen" #: plugins/sudoers/logging.c:582 plugins/sudoers/logging.c:638 #, c-format msgid "unable to fork: %m" msgstr "kan niet afsplitsen: %m" #: plugins/sudoers/logging.c:628 #, c-format msgid "unable to open pipe: %m" msgstr "kan pipe niet openen: %m" #: plugins/sudoers/logging.c:653 #, c-format msgid "unable to dup stdin: %m" msgstr "kan stdin niet klonen: %m" #: plugins/sudoers/logging.c:688 #, c-format msgid "unable to execute %s: %m" msgstr "kan %s niet uitvoeren: %m" #: plugins/sudoers/logging.c:907 #, c-format msgid "internal error: insufficient space for log line" msgstr "interne fout: onvoldoende ruimte voor logregel" #: plugins/sudoers/match.c:604 #, c-format msgid "unsupported digest type %d for %s" msgstr "niet-ondersteund type controlegetal %d voor %s" #: plugins/sudoers/match.c:634 #, c-format msgid "%s: read error" msgstr "%s: leesfout" #: plugins/sudoers/match.c:643 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "controlegetal voor %s (%s) is niet in de juiste vorm: %s" #: plugins/sudoers/parse.c:124 #, c-format msgid "parse error in %s near line %d" msgstr "ontleedfout in %s bij regel %d" #: plugins/sudoers/parse.c:127 #, c-format msgid "parse error in %s" msgstr "ontleedfout in %s" #: plugins/sudoers/parse.c:462 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" "\n" "Sudoers item:\n" #: plugins/sudoers/parse.c:463 #, c-format msgid " RunAsUsers: " msgstr " RunAsUsers: " #: plugins/sudoers/parse.c:477 #, c-format msgid " RunAsGroups: " msgstr " RunAsGroups: " #: plugins/sudoers/parse.c:486 #, c-format msgid " Options: " msgstr " Opties: " #: plugins/sudoers/policy.c:111 plugins/sudoers/policy.c:118 #: plugins/sudoers/policy.c:126 plugins/sudoers/policy.c:129 #: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:155 #: plugins/sudoers/policy.c:272 plugins/sudoers/policy.c:275 #: plugins/sudoers/policy.c:294 plugins/sudoers/policy.c:301 #: plugins/sudoers/policy.c:329 plugins/sudoers/policy.c:332 #: plugins/sudoers/policy.c:341 plugins/sudoers/policy.c:344 #: plugins/sudoers/policy.c:352 #, c-format msgid "%s: %s" msgstr "%s: %s" #: plugins/sudoers/policy.c:126 plugins/sudoers/policy.c:152 #: plugins/sudoers/policy.c:272 plugins/sudoers/policy.c:329 #: plugins/sudoers/policy.c:341 msgid "invalid value" msgstr "ongeldige waarde" #: plugins/sudoers/policy.c:129 plugins/sudoers/policy.c:155 #: plugins/sudoers/policy.c:275 plugins/sudoers/policy.c:332 #: plugins/sudoers/policy.c:344 msgid "value out of range" msgstr "waarde buiten bereik" #: plugins/sudoers/policy.c:564 plugins/sudoers/visudo.c:765 #, c-format msgid "unable to execute %s" msgstr "kan %s niet uitvoeren" #: plugins/sudoers/policy.c:706 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Sudoers beleidsplugin versie %s\n" #: plugins/sudoers/policy.c:708 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Versie van sudoers bestandsgrammatica %d\n" #: plugins/sudoers/policy.c:712 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" "\n" "Sudoers pad: %s\n" #: plugins/sudoers/policy.c:715 #, c-format msgid "nsswitch path: %s\n" msgstr "nsswitch pad: %s\n" #: plugins/sudoers/policy.c:717 #, c-format msgid "ldap.conf path: %s\n" msgstr "ldap.conf pad: %s\n" #: plugins/sudoers/policy.c:718 #, c-format msgid "ldap.secret path: %s\n" msgstr "ldap.secret pad: %s\n" #: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "kan gebruikersnummer %u niet bufferen, bestaat reeds" #: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "kan gebruiker %s niet bufferen, bestaat reeds" #: plugins/sudoers/pwutil.c:386 #, c-format msgid "unable to cache gid %u, already exists" msgstr "kan groepsnummer %u niet bufferen, bestaat reeds" #: plugins/sudoers/pwutil.c:422 #, c-format msgid "unable to cache group %s, already exists" msgstr "kan groep %s niet bufferen, bestaat reeds" #: plugins/sudoers/pwutil.c:578 plugins/sudoers/pwutil.c:600 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "kan groepslijst voor %s niet bufferen, bestaat reeds" #: plugins/sudoers/pwutil.c:598 #, c-format msgid "unable to parse groups for %s" msgstr "kan groepen voor %s niet ontleden" #: plugins/sudoers/set_perms.c:124 plugins/sudoers/set_perms.c:447 #: plugins/sudoers/set_perms.c:848 plugins/sudoers/set_perms.c:1143 #: plugins/sudoers/set_perms.c:1433 msgid "perm stack overflow" msgstr "permanente stapeloverloop" #: plugins/sudoers/set_perms.c:132 plugins/sudoers/set_perms.c:455 #: plugins/sudoers/set_perms.c:856 plugins/sudoers/set_perms.c:1151 #: plugins/sudoers/set_perms.c:1441 msgid "perm stack underflow" msgstr "permanente stapelonderloop" #: plugins/sudoers/set_perms.c:191 plugins/sudoers/set_perms.c:502 #: plugins/sudoers/set_perms.c:1202 plugins/sudoers/set_perms.c:1473 msgid "unable to change to root gid" msgstr "kan niet wijzigen naar rootgroupsnummer" #: plugins/sudoers/set_perms.c:280 plugins/sudoers/set_perms.c:599 #: plugins/sudoers/set_perms.c:985 plugins/sudoers/set_perms.c:1279 msgid "unable to change to runas gid" msgstr "kan niet wijzigen naar doelgroupsnummer" #: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:611 #: plugins/sudoers/set_perms.c:995 plugins/sudoers/set_perms.c:1289 msgid "unable to change to runas uid" msgstr "kan niet wijzigen naar doelgebruikersnummer" #: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:629 #: plugins/sudoers/set_perms.c:1011 plugins/sudoers/set_perms.c:1305 msgid "unable to change to sudoers gid" msgstr "kan niet wijzigen naar sudoers groupsnummer" #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:700 #: plugins/sudoers/set_perms.c:1057 plugins/sudoers/set_perms.c:1351 #: plugins/sudoers/set_perms.c:1517 msgid "too many processes" msgstr "te veel taken" #: plugins/sudoers/set_perms.c:1585 msgid "unable to set runas group vector" msgstr "kan doelgroepvector niet instellen" #: plugins/sudoers/sssd.c:257 #, c-format msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "Kan SSS-bron niet initialiseren. Is SSSD op uw machine geinstalleerd?" #: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271 #: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285 #: plugins/sudoers/sssd.c:292 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "kan symbool \"%s\" niet vinden in %s" #: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Overeenkomende standaarditems voor %s op %s:\n" #: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Runas en opdrachtspecifieke standaarden voor %s:\n" #: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "Gebruiker %s mag de volgende opdrachten uitvoeren op %s:\n" #: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Gebruiker %s in niet toegestaan sudo te gebruiken op %s.\n" #: plugins/sudoers/sudoers.c:158 plugins/sudoers/sudoers.c:192 #: plugins/sudoers/sudoers.c:675 msgid "problem with defaults entries" msgstr "probleem met standaarditems" #: plugins/sudoers/sudoers.c:164 #, c-format msgid "no valid sudoers sources found, quitting" msgstr "geen geldige sudoers-bronnen gevonden, afsluiten" #: plugins/sudoers/sudoers.c:226 #, c-format msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers geeft aan dat root sudo niet mag gebruiken" #: plugins/sudoers/sudoers.c:265 #, c-format msgid "you are not permitted to use the -C option" msgstr "u mag de optie -C niet gebruiken" #: plugins/sudoers/sudoers.c:314 #, c-format msgid "timestamp owner (%s): No such user" msgstr "tijd-eigenaar (%s): Gebruiker bestaat niet" #: plugins/sudoers/sudoers.c:328 msgid "no tty" msgstr "geen terminal" #: plugins/sudoers/sudoers.c:329 #, c-format msgid "sorry, you must have a tty to run sudo" msgstr "excuseer, u moet een terminal hebben om sudo te gebruiken" #: plugins/sudoers/sudoers.c:377 msgid "command in current directory" msgstr "opdracht in huidige map" #: plugins/sudoers/sudoers.c:394 #, c-format msgid "sorry, you are not allowed to preserve the environment" msgstr "excuseer, u mag de omgeving niet behouden" #: plugins/sudoers/sudoers.c:725 plugins/sudoers/timestamp.c:216 #: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:326 #: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:591 #, c-format msgid "unable to stat %s" msgstr "kan stat %s niet uitvoeren" #: plugins/sudoers/sudoers.c:728 #, c-format msgid "%s is not a regular file" msgstr "%s in geen regulier bestand" #: plugins/sudoers/sudoers.c:731 toke.l:913 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s is eigendom van gebruikersnummer %u, moet zijn %u" #: plugins/sudoers/sudoers.c:735 toke.l:920 #, c-format msgid "%s is world writable" msgstr "%s kan door iedereen worden geschreven" #: plugins/sudoers/sudoers.c:738 toke.l:925 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s is eigendom van groupsnummer %u, moet zijn %u" #: plugins/sudoers/sudoers.c:765 #, c-format msgid "only root can use `-c %s'" msgstr "alleen root kan `-c %s' gebruiken" #: plugins/sudoers/sudoers.c:782 plugins/sudoers/sudoers.c:784 #, c-format msgid "unknown login class: %s" msgstr "onbekende loginklasse: %s" #: plugins/sudoers/sudoers.c:816 #, c-format msgid "unable to resolve host %s" msgstr "kan computernaam %s niet herleiden" #: plugins/sudoers/sudoers.c:868 plugins/sudoers/testsudoers.c:379 #, c-format msgid "unknown group: %s" msgstr "onbekende groep: %s" #: plugins/sudoers/sudoreplay.c:305 #, c-format msgid "invalid filter option: %s" msgstr "ongeldige filteroptie: %s" #: plugins/sudoers/sudoreplay.c:318 #, c-format msgid "invalid max wait: %s" msgstr "ongeldige maximale wacht: %s" #: plugins/sudoers/sudoreplay.c:324 #, c-format msgid "invalid speed factor: %s" msgstr "ongeldige snelheidsfactor: %s" #: plugins/sudoers/sudoreplay.c:327 plugins/sudoers/visudo.c:191 #, c-format msgid "%s version %s\n" msgstr "%s versie %s\n" #: plugins/sudoers/sudoreplay.c:352 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/timing: %s" #: plugins/sudoers/sudoreplay.c:358 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/timing: %s" #: plugins/sudoers/sudoreplay.c:376 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Bekijken van sudo sessie: %s\n" #: plugins/sudoers/sudoreplay.c:382 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Waarschuwing: uw terminal is te klein om de log goed af te bekijken.\n" #: plugins/sudoers/sudoreplay.c:383 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Logverhouding is %d x %d, de verhouding van uw terminal is %d x %d." #: plugins/sudoers/sudoreplay.c:413 #, c-format msgid "unable to set tty to raw mode" msgstr "kan terminal niet instellen voor ruwe modus" #: plugins/sudoers/sudoreplay.c:429 #, c-format msgid "invalid timing file line: %s" msgstr "ongeldige timing bestandsregel: %s" #: plugins/sudoers/sudoreplay.c:512 #, c-format msgid "writing to standard output" msgstr "naar standaarduitvoer schrijven" #: plugins/sudoers/sudoreplay.c:654 plugins/sudoers/sudoreplay.c:679 #, c-format msgid "ambiguous expression \"%s\"" msgstr "dubbelzinnige expressie \"%s\"" #: plugins/sudoers/sudoreplay.c:696 #, c-format msgid "too many parenthesized expressions, max %d" msgstr "te veel geneste expressies, maximum %d" #: plugins/sudoers/sudoreplay.c:707 #, c-format msgid "unmatched ')' in expression" msgstr "onvergezelde ')' in expressie" #: plugins/sudoers/sudoreplay.c:713 #, c-format msgid "unknown search term \"%s\"" msgstr "onbekende zoekterm \"%s\"" #: plugins/sudoers/sudoreplay.c:727 #, c-format msgid "%s requires an argument" msgstr "%s heeft een argument nodig" #: plugins/sudoers/sudoreplay.c:731 plugins/sudoers/sudoreplay.c:1071 #, c-format msgid "invalid regular expression: %s" msgstr "ongeldige reguliere expressie: %s" #: plugins/sudoers/sudoreplay.c:737 #, c-format msgid "could not parse date \"%s\"" msgstr "kan datum niet ontleden \"%s\"" #: plugins/sudoers/sudoreplay.c:750 #, c-format msgid "unmatched '(' in expression" msgstr "onvergezelde '(' in expressie" #: plugins/sudoers/sudoreplay.c:752 #, c-format msgid "illegal trailing \"or\"" msgstr "ongeldige afsluitende \"or\"" #: plugins/sudoers/sudoreplay.c:754 #, c-format msgid "illegal trailing \"!\"" msgstr "ongeldige afsluitende \"!\"" #: plugins/sudoers/sudoreplay.c:1195 #, c-format msgid "usage: %s [-h] [-d dir] [-m num] [-s num] ID\n" msgstr "gebruik: %s [-h] [-d map] [-m max_wacht] [-s snelheidsfactor] ID\n" #: plugins/sudoers/sudoreplay.c:1198 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "gebruik: %s [-h] [-d map] -l [zoek expressie]\n" #: plugins/sudoers/sudoreplay.c:1207 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" "%s - sudo sessielogs bekijken\n" "\n" #: plugins/sudoers/sudoreplay.c:1209 msgid "" "\n" "Options:\n" " -d, --directory=dir specify directory for session logs\n" " -f, --filter=filter specify which I/O type(s) to display\n" " -h, --help display help message and exit\n" " -l, --list list available session IDs, with optional expression\n" " -m, --max-wait=num max number of seconds to wait between events\n" " -s, --speed=num speed up or slow down output\n" " -V, --version display version information and exit" msgstr "" "\n" "Opties:\n" " -d, --directory=map map voor sessielogs opgeven\n" " -f, --filter=filter opgeven welk type in-/uitvoer moet worden weergegeven\n" " -h, --help geef help weer (dit bericht) en sluit af\n" " -l, --list [expressie] som beschikbare sessienummers\n" " die overeenkomen met de expressie op\n" " -m, --max-wait=num wacht tussen gebeurtenissen maximaal m seconden\n" " -s, --speed=num snelheid van uitvoer verhogen of verlagen\n" " -V, --version geef versieinformatie weer en sluit af" #: plugins/sudoers/testsudoers.c:330 msgid "\thost unmatched" msgstr "\tcomputer komt niet overeen" #: plugins/sudoers/testsudoers.c:333 msgid "" "\n" "Command allowed" msgstr "" "\n" "Opdracht toegestaan" #: plugins/sudoers/testsudoers.c:334 msgid "" "\n" "Command denied" msgstr "" "\n" "Opdracht niet toegestaan" #: plugins/sudoers/testsudoers.c:334 msgid "" "\n" "Command unmatched" msgstr "" "\n" "Opdracht komt niet overeen" #: plugins/sudoers/timestamp.c:133 #, c-format msgid "timestamp path too long: %s" msgstr "tijd voor pad te lang: %s" #: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 #: plugins/sudoers/timestamp.c:290 #, c-format msgid "%s owned by uid %u, should be uid %u" msgstr "%s is van gebruikersnummer %u, zou gebruikersnummer %u moeten zijn" #: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0700" msgstr "%s kan geschreven worden door niet-eigenaar (0%o), zou ingesteld moeten zijn op 0700" #: plugins/sudoers/timestamp.c:284 #, c-format msgid "%s exists but is not a regular file (0%o)" msgstr "%s bestaat maar is geen normaal bestand (0%o)" #: plugins/sudoers/timestamp.c:296 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0600" msgstr "%s kan geschreven worden bij niet-eigenaar (0%o), zou ingesteld moeten zijn op 0600" #: plugins/sudoers/timestamp.c:351 #, c-format msgid "timestamp too far in the future: %20.20s" msgstr "tijd is te ver in de toekomst: %20.20s" #: plugins/sudoers/timestamp.c:405 #, c-format msgid "unable to remove %s, will reset to the epoch" msgstr "kan %s niet verwijderen, wordt geherinitialiseerd op de epoch" #: plugins/sudoers/timestamp.c:412 #, c-format msgid "unable to reset %s to the epoch" msgstr "kan %s niet herinitialiseren op de epoch" #: plugins/sudoers/toke_util.c:176 #, c-format msgid "fill_args: buffer overflow" msgstr "fill_args: stapeloverloop" #: plugins/sudoers/visudo.c:193 #, c-format msgid "%s grammar version %d\n" msgstr "%s grammaticaversie %d\n" #: plugins/sudoers/visudo.c:257 plugins/sudoers/visudo.c:544 #, c-format msgid "press return to edit %s: " msgstr "toets enter om te bewerken %s: " #: plugins/sudoers/visudo.c:342 plugins/sudoers/visudo.c:348 #, c-format msgid "write error" msgstr "schrijffout" #: plugins/sudoers/visudo.c:430 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "kan status van tijdelijk bestand (%s) niet vaststellen, %s ongewijzigd" #: plugins/sudoers/visudo.c:435 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "tijdelijk bestand (%s) leeg, %s ongewijzigd" #: plugins/sudoers/visudo.c:441 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "editor (%s) mislukt, %s ongewijzigd" #: plugins/sudoers/visudo.c:464 #, c-format msgid "%s unchanged" msgstr "%s ongewijzigd" #: plugins/sudoers/visudo.c:489 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "kan tijdelijk bestand (%s) niet openen, %s ongewijzigd." #: plugins/sudoers/visudo.c:499 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "kan tijdelijke bestand (%s) niet ontleden, onbekende fout" #: plugins/sudoers/visudo.c:535 #, c-format msgid "internal error, unable to find %s in list!" msgstr "interne fout, kan %s niet in de lijst vinden!" #: plugins/sudoers/visudo.c:593 plugins/sudoers/visudo.c:602 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "kan %s niet wijzigen (gebruikers- of groupsnummer) naar (%u, %u)" #: plugins/sudoers/visudo.c:597 plugins/sudoers/visudo.c:607 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "kan modus van %s niet wijzigen naar 0%o" #: plugins/sudoers/visudo.c:624 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s en %s niet op hetzelfde bestandssyteem, gebuikt mv om te hernoemen" #: plugins/sudoers/visudo.c:638 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "opdracht mislukt: '%s %s %s', %s ongewijzigd" #: plugins/sudoers/visudo.c:648 #, c-format msgid "error renaming %s, %s unchanged" msgstr "fout bij hernoemen %s, %s ongewijzigd" #: plugins/sudoers/visudo.c:710 msgid "What now? " msgstr "Wat nu? " #: plugins/sudoers/visudo.c:724 msgid "" "Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" "Opties zijn:\n" " (e)dit sudoers bestand opnieuw\n" " e(x)it zonder de wijzigingen op te slaan\n" " (Q)uit en sla wijziging op in het sudoers bestand (GEVAAR!)\n" #: plugins/sudoers/visudo.c:772 #, c-format msgid "unable to run %s" msgstr "kan %s niet gebruiken" #: plugins/sudoers/visudo.c:798 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: verkeerde eigenaar (gebruikers-, groepsnummer) zou moeten zijn (%u, %u)\n" #: plugins/sudoers/visudo.c:805 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: verkeerde permissies, mout zijn modus 0%o\n" #: plugins/sudoers/visudo.c:830 #, c-format msgid "failed to parse %s file, unknown error" msgstr "kon %sbestand niet ontleden, onbekende fout" #: plugins/sudoers/visudo.c:846 #, c-format msgid "parse error in %s near line %d\n" msgstr "fout bij ontleden van %s bij regel %d\n" #: plugins/sudoers/visudo.c:849 #, c-format msgid "parse error in %s\n" msgstr "fout bij ontleden van %s\n" #: plugins/sudoers/visudo.c:856 plugins/sudoers/visudo.c:861 #, c-format msgid "%s: parsed OK\n" msgstr "%s: ontleden geslaagd\n" #: plugins/sudoers/visudo.c:908 #, c-format msgid "%s busy, try again later" msgstr "%s bezig, probeer later opnieuw" #: plugins/sudoers/visudo.c:952 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "opgegeven editor (%s) bestaat niet" #: plugins/sudoers/visudo.c:975 #, c-format msgid "unable to stat editor (%s)" msgstr "kan status van editor (%s) niet verkrijgen" #: plugins/sudoers/visudo.c:1023 #, c-format msgid "no editor found (editor path = %s)" msgstr "geen editor gevonden (editorpad = %s)" #: plugins/sudoers/visudo.c:1117 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "Fout: cyclus van %s_Alias `%s'" #: plugins/sudoers/visudo.c:1118 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "Waarschuwing: cyclus van %s_Alias `%s'" #: plugins/sudoers/visudo.c:1121 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "Fout: %s_Alias `%s' wordt naar verwezen, maar is niet gedefinieerd" #: plugins/sudoers/visudo.c:1122 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "Waarschuwing: %s_Alias `%s' wordt naar verwezen, maar is niet gedefinieerd" #: plugins/sudoers/visudo.c:1248 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s: ongebruikte %s_Alias %s" #: plugins/sudoers/visudo.c:1310 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" "%s - bewerk het sudoersbestand voorzichtig\n" "\n" #: plugins/sudoers/visudo.c:1312 msgid "" "\n" "Options:\n" " -c, --check check-only mode\n" " -f, --file=file specify sudoers file location\n" " -h, --help display help message and exit\n" " -q, --quiet less verbose (quiet) syntax error messages\n" " -s, --strict strict syntax checking\n" " -V, --version display version information and exit" msgstr "" "\n" "Opties:\n" " -c, --check alleen lezen modus\n" " -f, --file=bestand geef lokatie van sudoersbestand op\n" " -h, --help geef help weer (dit bericht) en sluit af\n" " -q, --quiet minder uitgebreide syntactische fout berichten\n" " -s, --strict stricte controle van syntaxis\n" " -V, --verion geef versieinformatie weer en sluit af" #: toke.l:886 msgid "too many levels of includes" msgstr "te veel niveaus van insluitingen" #~ msgid ">>> %s: %s near line %d <<<" #~ msgstr ">>> %s: %s bij regel %d <<<" #~ msgid "pam_chauthtok: %s" #~ msgstr "pam_chauthtok: %s" #~ msgid "pam_authenticate: %s" #~ msgstr "pam_authenticate: %s" #~ msgid "Password: " #~ msgstr "Wachtwoord: " #~ msgid "getaudit: failed" #~ msgstr "getaudit: mislukt" #~ msgid "getauid failed" #~ msgstr "getauid mislukt" #~ msgid "au_open: failed" #~ msgstr "au_open: mislukt" #~ msgid "au_to_subject: failed" #~ msgstr "au_to_subject: mislukt" #~ msgid "au_to_exec_args: failed" #~ msgstr "au_to_exec_args: mislukt" #~ msgid "au_to_return32: failed" #~ msgstr "au_to_return32: mislukt" #~ msgid "getauid: failed" #~ msgstr "getauid: failed" #~ msgid "au_to_text: failed" #~ msgstr "au_to_text: failed" #~ msgid "unable to allocate memory" #~ msgstr "kan geen geheugen reserveren" #~ msgid "%s%s: %s" #~ msgstr "%s%s: %s" #~ msgid "unable to set locale to \"%s\", using \"C\"" #~ msgstr "kan taaldefinitie niet instellen op \"%s\", gebruikt wordt \"C\"" #~ msgid "" #~ " Commands:\n" #~ "\t" #~ msgstr "" #~ " Opdrachten:\n" #~ "\t" #~ msgid ": " #~ msgstr ": " #~ msgid "unable to cache uid %u (%s), already exists" #~ msgstr "kan gebruikersnummer %u niet bufferen (%s), bestaat reeds" #~ msgid "unable to cache gid %u (%s), already exists" #~ msgstr "kan groepsnummer %u niet bufferen (%s), bestaat reeds" #~ msgid "Unable to dlopen %s: %s" #~ msgstr "Kan niet dlopen %s: %s" #~ msgid "unable to execute %s: %s" #~ msgstr "kan %s niet uitvoeren: %s" #~ msgid "nanosleep: tv_sec %ld, tv_nsec %ld" #~ msgstr "nanosleep: tv_sec %ld, tv_nsec %ld" #~ msgid "invalid regex: %s" #~ msgstr "ongeldige reguliere expressie: %s" sudo-1.8.9p5/plugins/sudoers/po/pl.mo010064400175440000012000001125621226304146200171060ustar00millertstaffÞ•R¬ É<`arƒ“¦¶fË´2çøý  ! !&!5!G!X!a!~!#ž!9Â!ü!&")<"f"}"F–"@Ý"###B#f#{#!–#$¸#Ý# õ#$3$3E$y$–$§$®$+½$(é$%;(%d%y%ˆ% —%¸%Ø%î%"&41&!f&$ˆ&-­&Û&*ø&+#'O'f'.€'<¯'#ì'd(Au(9·(ñ()+)>F)?…)2Å)#ø)!*4>*?s*8³*ì*.+3+#P+2t+§+#Ã+1ç+<,*V,", ¤,/Å,õ,$-@8-/y-©-8Ä-<ý-F:.3.µ.É.5è.q/)/:º/$õ/'0=B0-€0'®0)Ö0*1(+1#T1x1'ˆ12°1?ã1#2-±2ß2ü2(33=3%q3 —3(¡3Ê3ß3(ø3.!4%P4Ev4+¼4=è46&5G]5¥5Ä55à5(63?6s6'…6,­63Ú637B75_7'•75½7&ó7:8U8m8.‰8=¸8ö8C9'L9"t9 —9!¸97Ú9?:AR:V”:“ë:';0§;LØ;*%<.P<)<F©<'ð<1=1J=|=@œ= Ý=7è=9 >Z>3q>¥>¿>Ö>(ö>?CZCmC!‡C©C»CÎCíC D!D6DPD6nDI¥D&ïD#E\:E'—E)¿E8éE("F2KF,~F2«F"ÞFG(GFGbG"uG˜G&´G(ÛG1H&6H']H%…H"«HÎHëH I'IGI*eI$IµIÉIáIöI J*0J[JjJ}J˜J%¯J'ÕJýJK 4K,UKC‚KÆKÜK!üKL1LCL_LL—L4µLêLüL1M$IMnMˆM™M*¶M áMN N2N0MN~N3”NÈNÞNúN O$O=OTOdOuO‘O­O!ËO/íO-PKPgP{P%ŽP%´P ÚP*æP#Q&5Q-\QæŠQqS†S›S³SÍSÝS¨óSÝœUzWŠW¥W·X ÇXÓXæX÷XY Y$9Y&^YI…Y)ÏY*ùY0$ZUZnZS‹ZEßZ/%[/U[…["¥[1È[3ú[.\B\ S\Oa\O±\]]+]2]4A]+v]¢]<¿]ü]^+^>^$[^€^š^*¸^Lã^;0_9l_U¦_,ü_T)`S~`Ò`í`@ auMa4ÃazøaUsb:Éb0c/5c!ecT‡cDÜcJ!d/ld.œdAËdT eObe²e9Ëe)f-/f6]f”f2³f.æfEg2[g$Žg$³g2Øg h)(hGRh)šhÄhAàhW"i@zi:»iöi j1/j†aj<èj@%k$fkA‹k:Ík2l+;l+gl:“l'Îl)öl m 4p9sp*­pAØp2qDMqA’qHÔq+rIr/er9•r9Ïr* s.4s2csC–sBÚstJ8t6ƒtEºt0uS1u…u¥u3ÃuB÷u':vVbv:¹vôv"w#5w:YwE”wHÚwf#x™Šx@$yAeyb§y= z@Hz8‰zKÂz3{7B{1z{¬{CÈ{ |<|>T|“|7¨|à|}'}:@}{}›})²}(Ü}%~0+~/\~9Œ~ Æ~fç~Nj%‡1­3ß,€ @€ a€‚€(œ€&Å€!ì€&5T2s¦Â4à‚'1‚Y‚9b‚œ‚º‚!Õ‚"÷‚ƒ/ƒ'Eƒ(mƒ–ƒ ¶ƒ,׃„2"„TU„0ª„Û„cû„0_…1…CÂ…)†?0†6p†*§†>Ò†)‡3;‡o‡Ї0Ÿ‡&Ї4÷‡4,ˆ=aˆ4Ÿˆ;Ôˆ2‰-C‰%q‰(—‰(À‰'é‰/Š:AŠ.|Š«Š)ÈŠòŠ ‹,0‹6]‹”‹!²‹,Ô‹!Œ<#Œ1`Œ%’Œ ¸Œ&ÙŒ@XA"š.½$ì!Ž3Ž,PŽ,}Ž$ªŽ+ÏŽMûŽI+fE’2Ø* 6.T2ƒ0¶-ç#‘.9‘Ih‘²‘HÑ‘’2’O’b’"’¢’¿’Ð’é’“#%“%I“=o“C­“,ñ“$”C”&`”+‡” ³”%Á” ç”/•98•+í4ÁGFý6RKƒLŒ¼¶” ¡zÇO«E[Àê|B%ø†i5mM¬@Ã)ÒV^’ž %Kã‡ØQB(“¾¸ÊOU(Ä#x;° Ùe &!.²®8¨4·Í#è½ßJ;:Nôü­>Aˆ¯sovd,j•I´8 "ánÏÌI><N„=@rб€¢©/Üt{5ï<›œa '+â1Ûfé)û£"—lðþ÷y˜JG‚ÝŪÿP0Š -‘H»¥Ÿ9àcºëæµE2LQ=g¦…]Rú$õ–HÔWDóÂSkä:Þ`XY* F32ZùìòTC¿.7!ÖP¤×wh§9b' Ñuñ~p_ šÈ 7&ÓÉ\$ç?‹MËŽ0Æö*å/3D,C61 }ÕAÚ -?¹Îq³ host unmatched Command allowed Command denied Command unmatched LDAP Role: %s LDAP Role: UNKNOWN Options: -c, --check check-only mode -f, --file=file specify sudoers file location -h, --help display help message and exit -q, --quiet less verbose (quiet) syntax error messages -s, --strict strict syntax checking -V, --version display version information and exit -x, --export=file export sudoers in JSON format Options: -d, --directory=dir specify directory for session logs -f, --filter=filter specify which I/O type(s) to display -h, --help display help message and exit -l, --list list available session IDs, with optional expression -m, --max-wait=num max number of seconds to wait between events -s, --speed=num speed up or slow down output -V, --version display version information and exit Sudoers entry: Sudoers path: %s We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Commands: Options: Order: %s RunAsGroups: RunAsUsers: %8s : %s%8s : (command continued) %s%s - replay sudo session logs %s - safely edit the sudoers file %s and %s not on the same file system, using mv to rename%s busy, try again later%s exists but is not a directory (0%o)%s exists but is not a regular file (0%o)%s grammar version %d %s is not a regular file%s is not allowed to run sudo on %s. This incident will be reported. %s is not in the sudoers file. This incident will be reported. %s is owned by gid %u, should be %u%s is owned by uid %u, should be %u%s is world writable%s must be owned by uid %d%s must only be writable by owner%s owned by uid %u, should be uid %u%s requires an argument%s unchanged%s version %s %s writable by non-owner (0%o), should be mode 0600%s writable by non-owner (0%o), should be mode 0700%s/%.2s/%.2s/%.2s/timing: %s%s/%s/timing: %s%s: %s%s: %s: %s: %s%s: Cannot verify TGT! Possible attack!: %s%s: bad permissions, should be mode 0%o %s: command not found%s: incompatible group plugin major version %d, expected %d%s: invalid log file%s: parsed OK %s: read error%s: runas group field is missing%s: runas user field is missing%s: time stamp %s: %s%s: time stamp field is missing%s: unable to allocate options: %s%s: unable to convert principal to string ('%s'): %s%s: unable to get credentials: %s%s: unable to get host principal: %s%s: unable to initialize credential cache: %s%s: unable to parse '%s': %s%s: unable to resolve credential cache: %s%s: unable to store credential in cache: %s%s: unused %s_Alias %s%s: user field is missing%s: wrong owner (uid, gid) should be (%u, %u) %u incorrect password attempt%u incorrect password attempts*** SECURITY information for %h ***Account expired or PAM config lacks an "account" section for sudo, contact your system administratorAccount or password is expired, reset your password and try againAdd an entry to the utmp/utmpx file when allocating a ptyAddress to send mail from: %sAddress to send mail to: %sAlias `%s' already definedAllow some information gathering to give useful error messagesAllow sudo to prompt for a password even if it would be visibleAllow users to set arbitrary environment variablesAlways run commands in a pseudo-ttyAlways send mail when sudo is runAlways set $HOME to the target user's home directoryApply defaults in the target user's login class if there is oneAttempt to establish PAM credentials for the target userAuthentication methods:Authentication timestamp timeout: %.1f minutesCompress I/O logs using zlibCould not determine audit conditionCreate a new PAM session for the command to run inDefault password prompt: %sDefault user to run commands as: %sDirectory in which to store input/output logs: %sDon't initialize the group vector to that of the target userEnvironment variables to check for sanity:Environment variables to preserve:Environment variables to remove:Error: %s_Alias `%s' referenced but not definedError: cycle in %s_Alias `%s'File containing the sudo lecture: %sFile descriptors >= %d will be closed before executing a commandFile in which to store the input/output log: %sFlags for mail program: %sIf LDAP directory is up, do we ignore local sudoers fileIf set, passprompt will override system prompt in all cases.If set, users may override the value of `closefrom' with the -C optionIf sudo is invoked with no arguments, start a shellIgnore '.' in $PATHIncorrect password message: %sInsult the user when they enter an incorrect passwordInvalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication.Lecture user the first time they run sudoLength at which to wrap log file lines (0 for no wrap): %uLocal IP address and netmask pairs: Locale to use while parsing sudoers: %sLog geometry is %d x %d, your terminal's geometry is %d x %d.Log the hostname in the (non-syslog) log fileLog the output of the command being runLog the year in the (non-syslog) log fileLog user's input for the command being runMatching Defaults entries for %s on %s: Maximum I/O log sequence number: %uNo user or hostNumber of tries to enter a password: %uOnly allow the user to run sudo if they have a ttyOnly set the effective uid to the target user, not the real uidOptions are: (e)dit sudoers file again e(x)it without saving changes to sudoers file (Q)uit and save changes to sudoers file (DANGER!) Owner of the authentication timestamp dir: %sPAM authentication error: %sPAM service name to usePAM service name to use for login shellsPassword expired, contact your system administratorPassword prompt timeout: %.1f minutesPassword:Path to authentication timestamp dir: %sPath to log file: %sPath to mail program: %sPath to the editor for use by visudo: %sPath to the sudo-specific environment file: %sPlugin for non-Unix group support: %sPreload the dummy exec functions contained in the sudo_noexec libraryPrompt for root's password, not the users'sPrompt for the runas_default user's password, not the users'sPrompt for the target user's password, not the users'sProvide visual feedback at the password prompt when there is user inputPut OTP prompt on its own lineReplaying sudo session: %s Require fully-qualified hostnames in the sudoers fileRequire users to authenticate by defaultReset the environment to a default set of variablesRoot may run sudoRun commands on a pty in the backgroundRunas and Command-specific defaults for %s: SELinux role to use in the new security context: %sSELinux type to use in the new security context: %sSecurID communication failedSend mail if the user is not allowed to run a commandSend mail if the user is not in sudoersSend mail if the user is not in sudoers for this hostSend mail if user authentication failsSet $HOME to the target user when starting a shell with -sSet of limit privilegesSet of permitted privilegesSet the LOGNAME and USER environment variablesSet the user in utmp to the runas user, not the invoking userSorry, try again.Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s. Sorry, user %s may not run sudo on %s. Subject line for mail messages: %sSudoers file grammar version %d Sudoers policy plugin version %s Syslog facility if syslog is being used for logging: %sSyslog priority to use when user authenticates successfully: %sSyslog priority to use when user authenticates unsuccessfully: %sThe umask specified in sudoers will override the user's, even if it is more permissiveThere are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option.Umask to use or 0777 to use user's: 0%oUse a separate timestamp for each user/tty comboUse faster globbing that is less accurate but does not access the filesystemUser %s is not allowed to run sudo on %s. User %s may run the following commands on %s: User ID locked for SecurID AuthenticationUsers in this group are exempt from password and PATH requirements: %sValue to override user's $PATH with: %sVisudo will honor the EDITOR environment variableWarning: %s_Alias `%s' referenced but not definedWarning: cycle in %s_Alias `%s'Warning: your terminal is too small to properly replay the log. What now? When to require a password for 'list' pseudocommand: %sWhen to require a password for 'verify' pseudocommand: %sa password is requiredaccount validation failure, is your account locked?ambiguous expression "%s"authentication failureauthentication server error: %scommand failed: '%s %s %s', %s unchangedcommand in current directorycommand not allowedcould not parse date "%s"digest for %s (%s) is not in %s formeditor (%s) failed, %s unchangederror renaming %s, %s unchangedfailed to initialise the ACE API libraryfailed to parse %s file, unknown errorfill_args: buffer overflowignoring `%s' found in '.' Use `sudo ./%s' if this is the `%s' you wish to run.illegal trailing "!"illegal trailing "or"internal error, %s overflowinternal error, unable to find %s in list!internal error: insufficient space for log lineinvalid Authentication Handle for SecurIDinvalid authentication methodsinvalid authentication typeinvalid filter option: %sinvalid max wait: %sinvalid passcode length for SecurIDinvalid regular expression: %sinvalid speed factor: %sinvalid sudoOrder attribute: %sinvalid timing file line: %sinvalid username length for SecurIDldap.conf path: %s ldap.secret path: %s lost connection to authentication serverno authentication methodsno editor found (editor path = %s)no ttyno valid sudoers sources found, quittingno value specified for `%s'nsswitch path: %s only root can use `-c %s'option `%s' does not take a valueparse error in %sparse error in %s parse error in %s near line %dparse error in %s near line %d perm stack overflowperm stack underflowpress return to edit %s: problem with defaults entriessorry, you are not allowed to preserve the environmentsorry, you are not allowed to set the following environment variables: %ssorry, you must have a tty to run sudospecified editor (%s) doesn't existstart_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()starttls not supported when using ldapssudo_ldap_build_pass1 allocation mismatchsudo_ldap_conf_add_ports: out of space expanding hostbufsudo_ldap_conf_add_ports: port too largesudo_ldap_parse_uri: out of space building hostbufsudo_putenv: corrupted envp, length mismatchsudoers specifies that root is not allowed to sudotimestamp owner (%s): No such usertimestamp path too long: %stimestamp too far in the future: %20.20stoo many levels of includestoo many processesunable to begin bsd authenticationunable to build time filterunable to cache gid %u, already existsunable to cache group %s, already existsunable to cache group list for %s, already existsunable to cache uid %u, already existsunable to cache user %s, already existsunable to change expired password: %sunable to change mode of %s to 0%ounable to change to root gidunable to change to runas gidunable to change to runas uidunable to change to sudoers gidunable to commit audit recordunable to connect to authentication serverunable to contact the SecurID serverunable to create %sunable to dup stdin: %munable to execute %sunable to execute %s: %munable to find symbol "%s" in %sunable to find symbol "group_plugin" in %sunable to forkunable to fork: %munable to format timestampunable to get GMT timeunable to get login class for user %sunable to initialize BSD authenticationunable to initialize LDAP: %sunable to initialize PAMunable to initialize SIA sessionunable to initialize SSL cert and key db: %sunable to initialize SSS source. Is SSSD installed on your machine?unable to load %s: %sunable to lock log file: %s: %sunable to mix ldap and ldaps URIsunable to mkdir %sunable to open %sunable to open audit systemunable to open log file: %s: %sunable to open pipe: %munable to parse groups for %sunable to re-open temporary file (%s), %s unchanged.unable to read %sunable to read fwtk configunable to remove %s, will reset to the Unix epochunable to reset %s to the Unix epochunable to resolve host %sunable to run %sunable to send audit messageunable to set (uid, gid) of %s to (%u, %u)unable to set runas group vectorunable to set tty to raw modeunable to stat %sunable to stat editor (%s)unable to stat temporary file (%s), %s unchangedunable to write to %sunabled to parse temporary file (%s), unknown errorunknown SecurID errorunknown defaults entry `%s'unknown group: %sunknown login class: %sunknown search term "%s"unknown search type %dunknown uid: %uunknown user: %sunmatched '(' in expressionunmatched ')' in expressionunsupported LDAP uri type: %sunsupported digest type %d for %susage: %s [-h] [-d dir] -l [search expression] usage: %s [-h] [-d dir] [-m num] [-s num] ID user NOT authorized on hostuser NOT in sudoersvalidation failurevalue `%s' is invalid for option `%s'values for `%s' must start with a '/'write erroryou are not permitted to use the -C optionyou do not exist in the %s databaseyou must set TLS_CERT in %s to use SSLzero length temporary file (%s), %s unchangedProject-Id-Version: sudoers 1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-17 10:47-0700 PO-Revision-Date: 2013-12-26 21:16+0100 Last-Translator: Jakub Bogusz Language-Team: Polish Language: pl MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2); host nie znaleziony Polecenie dozwolone Polecenie niedozwolone Polecenie nie znalezione Rola LDAP: %s Rola LDAP: NIEZNANA Opcje: -c, --check tryb wyłącznie sprawdzajÄ…cy -f, --file=plik podanie poÅ‚ożenia pliku sudoers -h, --help wyÅ›wietlenie opisu i zakoÅ„czenie -q, --quiet mniej obszerne ("cichsze") komunikaty o błędach skÅ‚adni -s, --strict Å›cisÅ‚e sprawdzanie skÅ‚adni -V, --version wyÅ›wietlenie informacji o wersji i zakoÅ„czenie -x, --export=plik eksport danych sudoers w formacie JSON Opcje: -d, --directory=kat podanie katalogu na logi sesji -f, --filter=filtr okreÅ›lenie rodzaju we/wy do wyÅ›wietlania -h, --help wyÅ›wietlenie opisu i zakoÅ„czenie -l, --list lista dostÄ™pnych ID sesji pasujÄ…cych do wyrażenia -m, --max-wait=ile maksymalna liczba sekund oczekiwania miÄ™dzy zdarzeniami -s, --speed=ile przyspieszenie lub spowolnienie wyjÅ›cia -V, --version wyÅ›wietlenie informacji o wersji i zakoÅ„czenie Wpis sudoers: Åšcieżka do sudoers: %s Ufamy, że lokalny administrator udzieliÅ‚ odpowiedniego szkolenia. Zwykle sprowadza siÄ™ ono do tych trzech rzeczy: 1) należy respektować prywatność innych, 2) należy myÅ›leć przed pisaniem, 3) z dużą wÅ‚adzÄ… wiąże siÄ™ duża odpowiedzialność. Polecenia: Opcje: PorzÄ…dek: %s Jako grupy: Jako użytkownicy: %8s : %s%8s : (kontynuacja polecenia) %s%s - odtwarzanie logów sesji sudo %s - bezpieczna edycja pliku sudoers %s i %s nie sÄ… na tym samym systemie plików, użycie mv do zmiany nazwy%s zajÄ™ty, proszÄ™ spróbować później%s istnieje, ale nie jest katalogiem (0%o)%s istnieje, ale nie jest zwykÅ‚ym plikiem (0%o)%s, wersja gramatyki %d %s nie jest zwykÅ‚ym plikiem%s nie ma uprawnieÅ„ do uruchamiania sudo na %s. Ten incydent zostanie zgÅ‚oszony. %s nie wystÄ™puje w pliku sudoers. Ten incydent zostanie zgÅ‚oszony. wÅ‚aÅ›cicielem %s jest gid %u, powinien być %uwÅ‚aÅ›cicielem %s jest uid %u, powinien być %u%s jest zapisywalny dla Å›wiatawÅ‚aÅ›cicielem %s musi być uid %dprawo zapisu do %s może mieć tylko wÅ‚aÅ›cicielwÅ‚aÅ›cicielem %s jest uid %u, powinien być uid %u%s wymaga argumentu%s nie zmieniony%s wersja %s %s zapisywalny nie tylko dla wÅ‚aÅ›ciciela (uprawnienia 0%o, powinny być 0600)%s zapisywalny nie tylko dla wÅ‚aÅ›ciciela (uprawnienia 0%o, powinny być 0700)%s/%.2s/%.2s/%.2s/czas: %s%s/%s/czas: %s%s: %s%s: %s: %s: %s%s: Nie można zweryfikować TGT! Możliwy atak!: %s%s: błędne uprawnienia, powinny być 0%o %s: nie znaleziono polecenia%s: niezgodna główna wersja wtyczki grup %d, oczekiwano %d%s: błędny plik logu%s: skÅ‚adnia poprawna %s: błąd odczytu%s: brak pola z grupÄ… runas%s: brak pola z użytkownikiem runas%s: znacznik czasu %s: %s%s: brak pola znacznika czasu%s: nie udaÅ‚o siÄ™ przydzielić opcji: %s%s: nie udaÅ‚o siÄ™ przeksztaÅ‚cić nazwy principal do Å‚aÅ„cucha ('%s'): %s%s: nie udaÅ‚o siÄ™ pobrać danych uwierzytelniajÄ…cych: %s%s: nie udaÅ‚o siÄ™ pobrać nazwy principal dla hosta: %s%s: nie udaÅ‚o siÄ™ zainicjować pamiÄ™ci podrÄ™cznej danych uwierzytelniajÄ…cych: %s%s: nie udaÅ‚o siÄ™ przeanalizować '%s': %s%s: nie udaÅ‚o siÄ™ rozwiÄ…zać pamiÄ™ci podrÄ™cznej danych uwierzytelniajÄ…cych: %s%s: nie udaÅ‚o siÄ™ zapisać danych uwierzytelniajÄ…cych w pamiÄ™ci podrÄ™cznej: %s%s: nie użyty %s_Alias %s%s: brak pola z użytkownikiem%s: błędny wÅ‚aÅ›ciciel, (uid, gid) powinny wynosić (%u, %u) %u błędna próba wprowadzenia hasÅ‚a%u błędne próby wprowadzenia hasÅ‚a%u błędnych prób wprowadzenia hasÅ‚a*** informacje dotyczÄ…ce BEZPIECZEŃSTWA dla %h ***Konto wygasÅ‚o lub w konfiguracji PAM brak sekcji "account" dla sudo, proszÄ™ skontaktować siÄ™ z administratorem systemuKonto lub hasÅ‚o wygasÅ‚o, należy ustawić ponownie hasÅ‚o i spróbować jeszcze razDodawanie wpisu do pliku utmp/utmpx przy przydzielaniu ptyAdres, z którego majÄ… być wysyÅ‚ane listy: %sAdres, na który majÄ… być wysyÅ‚ane listy: %sAlias `%s' jest już zdefiniowanyZezwolenie na zbieranie niektórych informacji do przydatnych komunikatów błędówZezwolenie sudo na pytanie o hasÅ‚o nawet gdyby miaÅ‚o być widoczneZezwolenie użytkownikom na ustawianie dowolnych zmiennych Å›rodowiskowychUruchamianie poleceÅ„ zawsze na pseudoterminaluWysyÅ‚anie listu zawsze przy uruchomieniu sudoUstawianie $HOME zawsze na katalog domowy użytkownika docelowegoUżycie ustawieÅ„ domyÅ›lnych z klasy logowania użytkownika docelowego (jeÅ›li sÄ…)Próba ustanowienia danych uwierzytelniajÄ…cych PAM dla użytkownika docelowegoMetody uwierzytelniania:Limit czasu znacznika uwierzytelniania (w minutach): %.1fKompresja logów we/wy przy użyciu zlibaNie udaÅ‚o siÄ™ okreÅ›lić warunku audytowegoUtworzenie nowej sesji PAM dla uruchamianego poleceniaDomyÅ›lne pytanie o hasÅ‚o: %sDomyÅ›lny użytkownik do uruchamiania poleceÅ„: %sKatalog do zapisu logów wejÅ›cia/wyjÅ›cia: %sPomijanie inicjalizacji wektora grup na grupy użytkownika docelowegoZmienne Å›rodowiskowe do sprawdzania poprawnoÅ›ci:Zmienne Å›rodowiskowe do zachowania:Zmienne Å›rodowiskowe do usuniÄ™cia:Błąd: %s_Alias `%s' użyty, ale nie zdefiniowanyBłąd: cykl w %s_Alias `%s'Plik zawierajÄ…cy instrukcjÄ™ do sudo: %sDeskryptory plików >= %d bÄ™dÄ… zamykane przed uruchomieniem poleceniaPlik do zapisu logu wejÅ›cia/wyjÅ›cia: %sFlagi dla programu mail: %sJeÅ›li istnieje katalog LDAP, czy ignorować lokalny plik sudoersCzy passprompt ma być używane zamiast systemowego zapytania we wszystkich przypadkachCzy użytkownicy mogÄ… zmieniać wartość `closefrom' opcjÄ… -CUruchomienie powÅ‚oki przy wywoÅ‚aniu sudo bez argumentówIgnorowanie '.' w $PATHKomunikat o błędnym haÅ›le: %sLżenie użytkownika po podaniu błędnego hasÅ‚aW sudo wkompilowano błędne metody uwierzytelniania! Nie można mieszać samodzielnych i niesamodzielnych sposobów uwierzytelniania.Poinstruowanie użytkownika przy pierwszym uruchomieniu sudoDÅ‚ugość, na której zawijać linie logu (0 bez zawijania): %uPary lokalnych adresów IP i masek: Lokalizacja, jak ma być używana przy analizie pliku sudoers: %sGeometria logu to %d x %d, geometria terminala to %d x %d.Logowanie nazwy hosta w pliku logu (niesyslogowym)Logowanie wyjÅ›cia z uruchamianych poleceÅ„Logowanie roku w pliku logu (niesyslogowym)Logowanie wejÅ›cia użytkownika dla uruchamianych poleceÅ„PasujÄ…ce wpisy Defaults dla %s na %s: Maksymalny numer sekwencji logu we/wy: %uBrak użytkownika lub hostaLiczba prób wpisania hasÅ‚a: %uMożliwość uruchamiania sudo tylko z poziomu terminalaUstawianie na użytkownika docelowego tylko efektywnego uid-a, nie rzeczywistego uid-aMożliwe opcje: (e) ponowna edycja pliku sudoers (x) wyjÅ›cie bez zapisu zmian do pliku sudoers (Q) wyjÅ›cie i zapisanie zmian w pliku sudoers (NIEBEZPIECZNE!) WÅ‚aÅ›ciciel katalogu znaczników czasu uwierzytelniania: %sBłąd uwierzytelniania PAM: %sNazwa usÅ‚ugi PAM do użyciaNazwa usÅ‚ugi PAM do użycia dla powÅ‚ok logowaniaHasÅ‚o wygasÅ‚o, proszÄ™ skontaktować siÄ™ z administratorem systemuLimit czasu pytania o hasÅ‚o (w minutach): %.1fHasÅ‚o:Åšcieżka katalogu znaczników czasu uwierzytelniania: %sÅšcieżka do pliku logu: %sÅšcieżka do programu mail: %sÅšcieżka do edytora, który ma być używany przez visudo: %sÅšcieżka do pliku Å›rodowiska specyficznego dla sudo: %sWtyczka do obsÅ‚ugi grup nieuniksowych: %sWczytanie pustych funkcji exec zawartych w bibliotece sudo_noexecPytanie o hasÅ‚o roota zamiast hasÅ‚a użytkownikaPytanie o hasÅ‚o użytkownika runas_default zamiast uruchamiajÄ…cegoPytanie o hasÅ‚o użytkownika docelowego zamiast uruchamiajÄ…cegoUwidocznienie wprowadzania hasÅ‚a przez użytkownika w miarÄ™ wpisywaniaUmieszczenie zachÄ™ty OTP we wÅ‚asnej liniiOdtwarzanie sesji sudo: %s Wymaganie peÅ‚nych nazw hostów w pliku sudoersDomyÅ›lne wymaganie uwierzytelnienia przez użytkownikówWyczyszczenie Å›rodowiska do domyÅ›lnego zbioru zmiennychMożliwość uruchamiania sudo przez rootaUruchomienie poleceÅ„ na pseudoterminalu w tleWartoÅ›ci specyficzne dla Runas i Command dla %s: Rola SELinuksa do używania w nowym kontekÅ›cie bezpieczeÅ„stwa: %sTyp SELinuksa do używania w nowym kontekÅ›cie bezpieczeÅ„stwa: %sbłąd komunikacji SecurIDWysyÅ‚anie listu jeÅ›li użytkownik nie ma prawa do uruchomienia poleceniaWysyÅ‚anie listu jeÅ›li użytkownik nie jest w sudoersWysyÅ‚anie listu jeÅ›li użytkownik nie jest w sudoers dla tego hostaWysyÅ‚anie listu przy błędnym uwierzytelnieniuUstawianie $HOME na katalog użytkownika docelowego przy uruchamianiu powÅ‚oki z -sZbiór ograniczonych uprawnieÅ„Zbiór dozwolonych uprawnieÅ„Ustawianie zmiennych Å›rodowiskowych LOGNAME i USERUstawianie użytkownika w utmp jako docelowego, nie wywoÅ‚ujÄ…cegoNiestety, proszÄ™ spróbować ponownie.Niestety użytkownik %s nie ma uprawnieÅ„ do uruchamiania '%s%s%s' jako %s%s%s na %s. Niestety użytkownik %s nie może uruchamiać sudo na %s. Temat wysyÅ‚anych listów: %sWersja gramatyki pliku sudoers %d Wersja wtyczki polityki sudoers %s Rodzaj komunikatu sysloga, jeÅ›li syslog jest używany: %sPriorytet komunikatu sysloga w przypadku udanego uwierzytelnienia: %sPriorytet komunikatu sysloga w przypadku nieudanego uwierzytelnienia: %sWartość umask podana w sudoers ma zastÄ…pić wartość użytkownika, nawet jeÅ›li pozwala na wiÄ™cejW sudo nie wkompilowano żadnych metod uwierzytelniania! Aby wyłączyć uwierzytelnianie, proszÄ™ użyć opcji konfiguracyjnej --disable-authentication.Wartość umask lub 0777, aby użyć wartoÅ›ci użytkownika: 0%oUżycie osobnego znacznika czasu dla każdej pary użytkownik/ttyUżycie szybszych masek (glob) - mniej dokÅ‚adnych, ale nie odwoÅ‚ujÄ…cych siÄ™ do systemu plikówUżytkownik %s nie ma uprawnieÅ„ do uruchamiania sudo na %s. Użytkownik %s może uruchamiać na %s nastÄ™pujÄ…ce polecenia: ID użytkownika zablokowany dla uwierzytelnienia SecurIDGrupa, której użytkownicy sÄ… zwolnieni z wymagaÅ„ dot. haseÅ‚ i PATH: %sWartość do podstawienia za $PATH użytkownika: %sHonorowanie zmiennej Å›rodowiskowej EDITOR przez visudoUwaga: %s_Alias `%s' użyty, ale nie zdefiniowanyUwaga: cykl w %s_Alias `%s'Uwaga: ten terminal jest za maÅ‚y, aby wÅ‚aÅ›ciwie odtworzyć log. Co teraz? Kiedy ma być wymagane hasÅ‚o dla pseudopolecenia 'list': %sKiedy ma być wymagane hasÅ‚o dla pseudopolecenia 'verify': %swymagane jest hasÅ‚obłąd kontroli poprawnoÅ›ci konta - konto zablokowane?niejednoznaczne wyrażenie "%s"błąd uwierzytelnianiabłąd serwera uwierzytelniajÄ…cego: %spolecenie nie powiodÅ‚o siÄ™: '%s %s %s', %s nie zmienionypolecenie w bieżącym katalogupolecenie niedozwolonenie udaÅ‚o siÄ™ przeanalizować daty "%s"skrót dla %s (%s) nie jest w postaci %sbłąd edytora (%s), %s nie zmienionybłąd podczas zmiany nazwy %s, %s nie zmienionynie udaÅ‚o siÄ™ zainicjować biblioteki ACE APInie udaÅ‚o siÄ™ przeanalizować pliku %s, nieznany błądfill_args: przepeÅ‚nienie buforazignorowano plik `%s' znaleziony w '.' ProszÄ™ użyć `sudo ./%s', jeÅ›li to `%s' ma być uruchomiony.niedozwolony koÅ„czÄ…cy "!"niedozwolone koÅ„czÄ…ce "or"błąd wewnÄ™trzny, przepeÅ‚nienie %sbłąd wewnÄ™trzny, nie znaleziono %s na liÅ›cie!błąd wewnÄ™trzny: za maÅ‚o miejsca na liniÄ™ logubłędny uchwyt uwierzytelnienia dla SecurIDbłędne metody uwierzytelnianiabłędny rodzaj uwierzytelnieniabłędna opcja filtra: %sbłędny maksymalny czas oczekiwania: %sbłędna dÅ‚ugość hasÅ‚a dla SecurIDbłędne wyrażenie regularne: %sbłędny współczynnik szybkoÅ›ci: %sbłędny atrybut sudoOrder: %sbłędna linia pliku czasu: %sbłędna dÅ‚ugość nazwy użytkownika dla SecurIDÅ›cieżka do ldap.conf: %s Å›cieżka do ldap.secret: %s utracono połączenie z serwerem uwierzytelniajÄ…cymbrak metod uwierzytelnianianie znaleziono edytora (Å›cieżka = %s)brak ttynie znaleziono poprawnych źródeÅ‚ sudoers, zakoÅ„czenienie podano wartoÅ›ci dla `%s'Å›cieżka do nsswitch: %s tylko root może używać `-c %s'opcja `%s' nie przyjmuje wartoÅ›cibłąd skÅ‚adni w %sbłąd skÅ‚adni w %s błąd skÅ‚adni w %s w okolicy linii %dbłąd skÅ‚adni w %s w okolicy linii %d przepeÅ‚nienie stosu uprawnieÅ„niedopeÅ‚nienie stosu uprawnieÅ„wciÅ›niÄ™cie return przejdzie do edycji %s: problem z wpisami domyÅ›lnyminiestety brak uprawnieÅ„ do zachowania Å›rodowiskaniestety nie jest dozwolone ustawianie nastÄ™pujÄ…cych zmiennych Å›rodowiskowych: %sniestety do uruchomienia sudo konieczny jest ttypodany edytor (%s) nie istniejewybrano start_tls, ale biblioteki LDAP nie obsÅ‚ugujÄ… ldap_start_tls_s() ani ldap_start_tls_s_np()brak obsÅ‚ugi starttls w przypadku użycia ldapsniezgodność przydzielenia sudo_ldap_build_pass1sudo_ldap_conf_add_ports: brak miejsca podczas rozszerzania hostbufsudo_ldap_conf_add_ports: port zbyt dużysudo_ldap_parse_uri: brak miejsca podczas konstruowania hostbufsudo_putenv: uszkodzone envp, niezgodność dÅ‚ugoÅ›ciwg sudoers root nie ma prawa używać sudowÅ‚aÅ›ciciel znacznika czasu (%s): nie ma takiego użytkownikaÅ›cieżka znacznika czasu zbyt dÅ‚uga: %sznacznik czasu zbyt daleko w przyszÅ‚oÅ›ci: %20.20sza dużo poziomów includezbyt dużo procesównie udaÅ‚o siÄ™ rozpocząć uwierzytelnienia BSDnie udaÅ‚o siÄ™ stworzyć filtra czasunie udaÅ‚o siÄ™ zapamiÄ™tać gid-a %u, już istniejenie udaÅ‚o siÄ™ zapamiÄ™tać grupy %s, już istniejenie udaÅ‚o siÄ™ zapamiÄ™tać listy grup dla %s, już istniejenie udaÅ‚o siÄ™ zapamiÄ™tać uid-a %u, już istniejenie udaÅ‚o siÄ™ zapamiÄ™tać użytkownika %s, już istniejenie udaÅ‚o siÄ™ zmienić przedawnionego hasÅ‚a: %snie udaÅ‚o siÄ™ zmienić uprawnieÅ„ %s na 0%onie udaÅ‚o siÄ™ zmienić na gid rootanie udaÅ‚o siÄ™ zmienić na docelowy gidnie udaÅ‚o siÄ™ zmienić na docelowy uidnie udaÅ‚o siÄ™ zmienić na gid sudoersnie udaÅ‚o siÄ™ zatwierdzić rekordu audytowegonie udaÅ‚o siÄ™ połączyć z serwerem uwierzytelniajÄ…cymnie udaÅ‚o siÄ™ połączyć z serwerem SecurIDnie udaÅ‚o siÄ™ utworzyć %snie udaÅ‚o siÄ™ wykonać dup na stdin: %mnie udaÅ‚o siÄ™ wywoÅ‚ać %snie udaÅ‚o siÄ™ wywoÅ‚ać %s: %mnie udaÅ‚o siÄ™ odnaleźć symbolu "%s" w %snie udaÅ‚o siÄ™ odnaleźć symbolu "group_plugin" w %snie udaÅ‚o siÄ™ wykonać forknie udaÅ‚o siÄ™ wykonać fork: %mnie udaÅ‚o siÄ™ sformatować znacznika czasunie udaÅ‚o siÄ™ pobrać czasu GMTnie udaÅ‚o siÄ™ uzyskać klasy logowania dla użytkownika %snie udaÅ‚o siÄ™ zainicjować uwierzytelnienia BSDnie udaÅ‚o siÄ™ zainicjować LDAP: %snie udaÅ‚o siÄ™ zainicjować PAMnie udaÅ‚o siÄ™ zainicjować sesji SIAnie udaÅ‚o siÄ™ zainicjować bazy certyfikatów i kluczy SSL: %snie udaÅ‚o siÄ™ zainicjować źródÅ‚a SSS. Czy SSSD jest zainstalowany na tej maszynie?nie udaÅ‚o siÄ™ zaÅ‚adować %s: %snie udaÅ‚o siÄ™ zablokować pliku logu: %s: %snie można mieszać URI ldap i ldapsnie udaÅ‚o siÄ™ wykonać mkdir %snie udaÅ‚o siÄ™ otworzyć %snie udaÅ‚o siÄ™ otworzyć systemu audytowegonie udaÅ‚o siÄ™ otworzyć pliku logu: %s: %snie udaÅ‚o siÄ™ otworzyć potoku: %mnie udaÅ‚o siÄ™ przeanalizować grup dla %snie udaÅ‚o siÄ™ ponownie otworzyć pliku tymczasowego (%s), %s nie zmieniony.nie udaÅ‚o siÄ™ odczytać %snie udaÅ‚o siÄ™ odczytać konfiguracji fwtknie udaÅ‚o siÄ™ usunąć %s, zostanie zresetowany do uniksowego epochnie udaÅ‚o siÄ™ zresetować %s do uniksowego epochnie udaÅ‚o siÄ™ rozwiÄ…zać nazwy hosta %snie udaÅ‚o siÄ™ uruchomić %snie udaÅ‚o siÄ™ wysÅ‚ać komunikatu audytowegonie udaÅ‚o siÄ™ ustawić (uid, gid) %s na (%u, %u)nie udaÅ‚o siÄ™ ustawić wektora grup docelowychnie udaÅ‚o siÄ™ przestawić tty w tryb surowynie udaÅ‚o siÄ™ wykonać stat na %snie udaÅ‚o siÄ™ wykonać stat na edytorze (%s)nie udaÅ‚o siÄ™ wykonać stat na pliku tymczasowym (%s), %s nie zmienionynie udaÅ‚o siÄ™ zapisać do %snie udaÅ‚o siÄ™ przeanalizować pliku tymczasowego (%s), nieznany błądnieznany błąd SecurIDnieznany wpis domyÅ›lny `%s'nieznana grupa: %snieznana klasa logowania: %snieznany warunek wyszukiwania "%s"nieznany typ wyszukiwania %dnieznany uid: %unieznany użytkownik: %sniesparowany '(' w wyrażeniuniesparowany ')' w wyrażeniunieobsÅ‚ugiwany rodzaj URI LDAP: %snieobsÅ‚ugiwany typ skrótu %d dla %sSkÅ‚adnia: %s [-h] [-d katalog] -l [wyrażenie wyszukiwania] SkÅ‚adnia: %s [-h] [-d katalog] [-m liczba] [-s wsp_szybkoÅ›ci] ID użytkownik NIE jest autoryzowany na hoÅ›cieużytkownik NIE wystÄ™puje w sudoersbłąd kontroli poprawnoÅ›cibłędna wartość `%s' dla opcji `%s'wartoÅ›ci `%s' muszÄ… zaczynać siÄ™ od '/'błąd zapisubrak uprawnieÅ„ do używania opcji -Cnie istniejesz w bazie danych %saby używać SSL, trzeba ustawić TLS_CERT w %splik tymczasowy (%s) zerowej dÅ‚ugoÅ›ci, %s nie zmienionysudo-1.8.9p5/plugins/sudoers/po/pl.po010064400175440000012000001554231226304126300171130ustar00millertstaff# Polish translation for sudo/sudoers. # This file is put in the public domain. # Jakub Bogusz , 2011-2013. # msgid "" msgstr "" "Project-Id-Version: sudoers 1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-17 10:47-0700\n" "PO-Revision-Date: 2013-12-26 21:16+0100\n" "Last-Translator: Jakub Bogusz \n" "Language-Team: Polish \n" "Language: pl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" #: confstr.sh:2 msgid "Password:" msgstr "HasÅ‚o:" #: confstr.sh:3 msgid "*** SECURITY information for %h ***" msgstr "*** informacje dotyczÄ…ce BEZPIECZEŃSTWA dla %h ***" #: confstr.sh:4 msgid "Sorry, try again." msgstr "Niestety, proszÄ™ spróbować ponownie." #: plugins/sudoers/alias.c:136 #, c-format msgid "Alias `%s' already defined" msgstr "Alias `%s' jest już zdefiniowany" #: plugins/sudoers/auth/bsdauth.c:75 #, c-format msgid "unable to get login class for user %s" msgstr "nie udaÅ‚o siÄ™ uzyskać klasy logowania dla użytkownika %s" #: plugins/sudoers/auth/bsdauth.c:81 msgid "unable to begin bsd authentication" msgstr "nie udaÅ‚o siÄ™ rozpocząć uwierzytelnienia BSD" #: plugins/sudoers/auth/bsdauth.c:89 msgid "invalid authentication type" msgstr "błędny rodzaj uwierzytelnienia" #: plugins/sudoers/auth/bsdauth.c:98 msgid "unable to initialize BSD authentication" msgstr "nie udaÅ‚o siÄ™ zainicjować uwierzytelnienia BSD" #: plugins/sudoers/auth/fwtk.c:59 msgid "unable to read fwtk config" msgstr "nie udaÅ‚o siÄ™ odczytać konfiguracji fwtk" #: plugins/sudoers/auth/fwtk.c:64 msgid "unable to connect to authentication server" msgstr "nie udaÅ‚o siÄ™ połączyć z serwerem uwierzytelniajÄ…cym" #: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 #: plugins/sudoers/auth/fwtk.c:127 msgid "lost connection to authentication server" msgstr "utracono połączenie z serwerem uwierzytelniajÄ…cym" #: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" "błąd serwera uwierzytelniajÄ…cego:\n" "%s" #: plugins/sudoers/auth/kerb5.c:116 #, c-format msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s: nie udaÅ‚o siÄ™ przeksztaÅ‚cić nazwy principal do Å‚aÅ„cucha ('%s'): %s" #: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: nie udaÅ‚o siÄ™ przeanalizować '%s': %s" #: plugins/sudoers/auth/kerb5.c:169 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: nie udaÅ‚o siÄ™ rozwiÄ…zać pamiÄ™ci podrÄ™cznej danych uwierzytelniajÄ…cych: %s" #: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: nie udaÅ‚o siÄ™ przydzielić opcji: %s" #: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: nie udaÅ‚o siÄ™ pobrać danych uwierzytelniajÄ…cych: %s" #: plugins/sudoers/auth/kerb5.c:246 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: nie udaÅ‚o siÄ™ zainicjować pamiÄ™ci podrÄ™cznej danych uwierzytelniajÄ…cych: %s" #: plugins/sudoers/auth/kerb5.c:250 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: nie udaÅ‚o siÄ™ zapisać danych uwierzytelniajÄ…cych w pamiÄ™ci podrÄ™cznej: %s" #: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: nie udaÅ‚o siÄ™ pobrać nazwy principal dla hosta: %s" #: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: Nie można zweryfikować TGT! Możliwy atak!: %s" #: plugins/sudoers/auth/pam.c:98 msgid "unable to initialize PAM" msgstr "nie udaÅ‚o siÄ™ zainicjować PAM" #: plugins/sudoers/auth/pam.c:149 msgid "account validation failure, is your account locked?" msgstr "błąd kontroli poprawnoÅ›ci konta - konto zablokowane?" #: plugins/sudoers/auth/pam.c:153 msgid "Account or password is expired, reset your password and try again" msgstr "Konto lub hasÅ‚o wygasÅ‚o, należy ustawić ponownie hasÅ‚o i spróbować jeszcze raz" #: plugins/sudoers/auth/pam.c:161 #, c-format msgid "unable to change expired password: %s" msgstr "nie udaÅ‚o siÄ™ zmienić przedawnionego hasÅ‚a: %s" #: plugins/sudoers/auth/pam.c:166 msgid "Password expired, contact your system administrator" msgstr "HasÅ‚o wygasÅ‚o, proszÄ™ skontaktować siÄ™ z administratorem systemu" #: plugins/sudoers/auth/pam.c:170 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Konto wygasÅ‚o lub w konfiguracji PAM brak sekcji \"account\" dla sudo, proszÄ™ skontaktować siÄ™ z administratorem systemu" #: plugins/sudoers/auth/pam.c:187 #, c-format msgid "PAM authentication error: %s" msgstr "Błąd uwierzytelniania PAM: %s" #: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:222 #, c-format msgid "you do not exist in the %s database" msgstr "nie istniejesz w bazie danych %s" #: plugins/sudoers/auth/securid5.c:80 msgid "failed to initialise the ACE API library" msgstr "nie udaÅ‚o siÄ™ zainicjować biblioteki ACE API" #: plugins/sudoers/auth/securid5.c:106 msgid "unable to contact the SecurID server" msgstr "nie udaÅ‚o siÄ™ połączyć z serwerem SecurID" #: plugins/sudoers/auth/securid5.c:115 msgid "User ID locked for SecurID Authentication" msgstr "ID użytkownika zablokowany dla uwierzytelnienia SecurID" #: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 msgid "invalid username length for SecurID" msgstr "błędna dÅ‚ugość nazwy użytkownika dla SecurID" #: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 msgid "invalid Authentication Handle for SecurID" msgstr "błędny uchwyt uwierzytelnienia dla SecurID" #: plugins/sudoers/auth/securid5.c:127 msgid "SecurID communication failed" msgstr "błąd komunikacji SecurID" #: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 msgid "unknown SecurID error" msgstr "nieznany błąd SecurID" #: plugins/sudoers/auth/securid5.c:165 msgid "invalid passcode length for SecurID" msgstr "błędna dÅ‚ugość hasÅ‚a dla SecurID" #: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "nie udaÅ‚o siÄ™ zainicjować sesji SIA" #: plugins/sudoers/auth/sudo_auth.c:119 msgid "invalid authentication methods" msgstr "błędne metody uwierzytelniania" #: plugins/sudoers/auth/sudo_auth.c:120 msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." msgstr "W sudo wkompilowano błędne metody uwierzytelniania! Nie można mieszać samodzielnych i niesamodzielnych sposobów uwierzytelniania." #: plugins/sudoers/auth/sudo_auth.c:203 msgid "no authentication methods" msgstr "brak metod uwierzytelniania" #: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "W sudo nie wkompilowano żadnych metod uwierzytelniania! Aby wyłączyć uwierzytelnianie, proszÄ™ użyć opcji konfiguracyjnej --disable-authentication." #: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "Metody uwierzytelniania:" #: plugins/sudoers/bsm_audit.c:91 plugins/sudoers/bsm_audit.c:158 msgid "Could not determine audit condition" msgstr "Nie udaÅ‚o siÄ™ okreÅ›lić warunku audytowego" #: plugins/sudoers/bsm_audit.c:134 plugins/sudoers/bsm_audit.c:199 msgid "unable to commit audit record" msgstr "nie udaÅ‚o siÄ™ zatwierdzić rekordu audytowego" #: plugins/sudoers/check.c:189 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" "Administrator. It usually boils down to these three things:\n" "\n" " #1) Respect the privacy of others.\n" " #2) Think before you type.\n" " #3) With great power comes great responsibility.\n" "\n" msgstr "" "\n" "Ufamy, że lokalny administrator udzieliÅ‚ odpowiedniego szkolenia.\n" "Zwykle sprowadza siÄ™ ono do tych trzech rzeczy:\n" "\n" " 1) należy respektować prywatność innych,\n" " 2) należy myÅ›leć przed pisaniem,\n" " 3) z dużą wÅ‚adzÄ… wiąże siÄ™ duża odpowiedzialność.\n" "\n" #: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 #: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:588 #, c-format msgid "unknown uid: %u" msgstr "nieznany uid: %u" #: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:657 #: plugins/sudoers/sudoers.c:850 plugins/sudoers/testsudoers.c:211 #: plugins/sudoers/testsudoers.c:363 #, c-format msgid "unknown user: %s" msgstr "nieznany użytkownik: %s" #: plugins/sudoers/def_data.c:27 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "Rodzaj komunikatu sysloga, jeÅ›li syslog jest używany: %s" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "Priorytet komunikatu sysloga w przypadku udanego uwierzytelnienia: %s" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "Priorytet komunikatu sysloga w przypadku nieudanego uwierzytelnienia: %s" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" msgstr "Umieszczenie zachÄ™ty OTP we wÅ‚asnej linii" #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" msgstr "Ignorowanie '.' w $PATH" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" msgstr "WysyÅ‚anie listu zawsze przy uruchomieniu sudo" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" msgstr "WysyÅ‚anie listu przy błędnym uwierzytelnieniu" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" msgstr "WysyÅ‚anie listu jeÅ›li użytkownik nie jest w sudoers" #: plugins/sudoers/def_data.c:59 msgid "Send mail if the user is not in sudoers for this host" msgstr "WysyÅ‚anie listu jeÅ›li użytkownik nie jest w sudoers dla tego hosta" #: plugins/sudoers/def_data.c:63 msgid "Send mail if the user is not allowed to run a command" msgstr "WysyÅ‚anie listu jeÅ›li użytkownik nie ma prawa do uruchomienia polecenia" #: plugins/sudoers/def_data.c:67 msgid "Use a separate timestamp for each user/tty combo" msgstr "Użycie osobnego znacznika czasu dla każdej pary użytkownik/tty" #: plugins/sudoers/def_data.c:71 msgid "Lecture user the first time they run sudo" msgstr "Poinstruowanie użytkownika przy pierwszym uruchomieniu sudo" #: plugins/sudoers/def_data.c:75 #, c-format msgid "File containing the sudo lecture: %s" msgstr "Plik zawierajÄ…cy instrukcjÄ™ do sudo: %s" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" msgstr "DomyÅ›lne wymaganie uwierzytelnienia przez użytkowników" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" msgstr "Możliwość uruchamiania sudo przez roota" #: plugins/sudoers/def_data.c:87 msgid "Log the hostname in the (non-syslog) log file" msgstr "Logowanie nazwy hosta w pliku logu (niesyslogowym)" #: plugins/sudoers/def_data.c:91 msgid "Log the year in the (non-syslog) log file" msgstr "Logowanie roku w pliku logu (niesyslogowym)" #: plugins/sudoers/def_data.c:95 msgid "If sudo is invoked with no arguments, start a shell" msgstr "Uruchomienie powÅ‚oki przy wywoÅ‚aniu sudo bez argumentów" #: plugins/sudoers/def_data.c:99 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "Ustawianie $HOME na katalog użytkownika docelowego przy uruchamianiu powÅ‚oki z -s" #: plugins/sudoers/def_data.c:103 msgid "Always set $HOME to the target user's home directory" msgstr "Ustawianie $HOME zawsze na katalog domowy użytkownika docelowego" #: plugins/sudoers/def_data.c:107 msgid "Allow some information gathering to give useful error messages" msgstr "Zezwolenie na zbieranie niektórych informacji do przydatnych komunikatów błędów" #: plugins/sudoers/def_data.c:111 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "Wymaganie peÅ‚nych nazw hostów w pliku sudoers" #: plugins/sudoers/def_data.c:115 msgid "Insult the user when they enter an incorrect password" msgstr "Lżenie użytkownika po podaniu błędnego hasÅ‚a" #: plugins/sudoers/def_data.c:119 msgid "Only allow the user to run sudo if they have a tty" msgstr "Możliwość uruchamiania sudo tylko z poziomu terminala" #: plugins/sudoers/def_data.c:123 msgid "Visudo will honor the EDITOR environment variable" msgstr "Honorowanie zmiennej Å›rodowiskowej EDITOR przez visudo" #: plugins/sudoers/def_data.c:127 msgid "Prompt for root's password, not the users's" msgstr "Pytanie o hasÅ‚o roota zamiast hasÅ‚a użytkownika" #: plugins/sudoers/def_data.c:131 msgid "Prompt for the runas_default user's password, not the users's" msgstr "Pytanie o hasÅ‚o użytkownika runas_default zamiast uruchamiajÄ…cego" #: plugins/sudoers/def_data.c:135 msgid "Prompt for the target user's password, not the users's" msgstr "Pytanie o hasÅ‚o użytkownika docelowego zamiast uruchamiajÄ…cego" #: plugins/sudoers/def_data.c:139 msgid "Apply defaults in the target user's login class if there is one" msgstr "Użycie ustawieÅ„ domyÅ›lnych z klasy logowania użytkownika docelowego (jeÅ›li sÄ…)" #: plugins/sudoers/def_data.c:143 msgid "Set the LOGNAME and USER environment variables" msgstr "Ustawianie zmiennych Å›rodowiskowych LOGNAME i USER" #: plugins/sudoers/def_data.c:147 msgid "Only set the effective uid to the target user, not the real uid" msgstr "Ustawianie na użytkownika docelowego tylko efektywnego uid-a, nie rzeczywistego uid-a" #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" msgstr "Pomijanie inicjalizacji wektora grup na grupy użytkownika docelowego" #: plugins/sudoers/def_data.c:155 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %u" msgstr "DÅ‚ugość, na której zawijać linie logu (0 bez zawijania): %u" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "Limit czasu znacznika uwierzytelniania (w minutach): %.1f" #: plugins/sudoers/def_data.c:163 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "Limit czasu pytania o hasÅ‚o (w minutach): %.1f" #: plugins/sudoers/def_data.c:167 #, c-format msgid "Number of tries to enter a password: %u" msgstr "Liczba prób wpisania hasÅ‚a: %u" #: plugins/sudoers/def_data.c:171 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "Wartość umask lub 0777, aby użyć wartoÅ›ci użytkownika: 0%o" #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" msgstr "Åšcieżka do pliku logu: %s" #: plugins/sudoers/def_data.c:179 #, c-format msgid "Path to mail program: %s" msgstr "Åšcieżka do programu mail: %s" #: plugins/sudoers/def_data.c:183 #, c-format msgid "Flags for mail program: %s" msgstr "Flagi dla programu mail: %s" #: plugins/sudoers/def_data.c:187 #, c-format msgid "Address to send mail to: %s" msgstr "Adres, na który majÄ… być wysyÅ‚ane listy: %s" #: plugins/sudoers/def_data.c:191 #, c-format msgid "Address to send mail from: %s" msgstr "Adres, z którego majÄ… być wysyÅ‚ane listy: %s" #: plugins/sudoers/def_data.c:195 #, c-format msgid "Subject line for mail messages: %s" msgstr "Temat wysyÅ‚anych listów: %s" #: plugins/sudoers/def_data.c:199 #, c-format msgid "Incorrect password message: %s" msgstr "Komunikat o błędnym haÅ›le: %s" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "Åšcieżka katalogu znaczników czasu uwierzytelniania: %s" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "WÅ‚aÅ›ciciel katalogu znaczników czasu uwierzytelniania: %s" #: plugins/sudoers/def_data.c:211 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "Grupa, której użytkownicy sÄ… zwolnieni z wymagaÅ„ dot. haseÅ‚ i PATH: %s" #: plugins/sudoers/def_data.c:215 #, c-format msgid "Default password prompt: %s" msgstr "DomyÅ›lne pytanie o hasÅ‚o: %s" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." msgstr "Czy passprompt ma być używane zamiast systemowego zapytania we wszystkich przypadkach" #: plugins/sudoers/def_data.c:223 #, c-format msgid "Default user to run commands as: %s" msgstr "DomyÅ›lny użytkownik do uruchamiania poleceÅ„: %s" #: plugins/sudoers/def_data.c:227 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "Wartość do podstawienia za $PATH użytkownika: %s" #: plugins/sudoers/def_data.c:231 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "Åšcieżka do edytora, który ma być używany przez visudo: %s" #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "Kiedy ma być wymagane hasÅ‚o dla pseudopolecenia 'list': %s" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "Kiedy ma być wymagane hasÅ‚o dla pseudopolecenia 'verify': %s" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in the sudo_noexec library" msgstr "Wczytanie pustych funkcji exec zawartych w bibliotece sudo_noexec" #: plugins/sudoers/def_data.c:247 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "JeÅ›li istnieje katalog LDAP, czy ignorować lokalny plik sudoers" #: plugins/sudoers/def_data.c:251 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "Deskryptory plików >= %d bÄ™dÄ… zamykane przed uruchomieniem polecenia" #: plugins/sudoers/def_data.c:255 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "Czy użytkownicy mogÄ… zmieniać wartość `closefrom' opcjÄ… -C" #: plugins/sudoers/def_data.c:259 msgid "Allow users to set arbitrary environment variables" msgstr "Zezwolenie użytkownikom na ustawianie dowolnych zmiennych Å›rodowiskowych" #: plugins/sudoers/def_data.c:263 msgid "Reset the environment to a default set of variables" msgstr "Wyczyszczenie Å›rodowiska do domyÅ›lnego zbioru zmiennych" #: plugins/sudoers/def_data.c:267 msgid "Environment variables to check for sanity:" msgstr "Zmienne Å›rodowiskowe do sprawdzania poprawnoÅ›ci:" #: plugins/sudoers/def_data.c:271 msgid "Environment variables to remove:" msgstr "Zmienne Å›rodowiskowe do usuniÄ™cia:" #: plugins/sudoers/def_data.c:275 msgid "Environment variables to preserve:" msgstr "Zmienne Å›rodowiskowe do zachowania:" #: plugins/sudoers/def_data.c:279 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "Rola SELinuksa do używania w nowym kontekÅ›cie bezpieczeÅ„stwa: %s" #: plugins/sudoers/def_data.c:283 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "Typ SELinuksa do używania w nowym kontekÅ›cie bezpieczeÅ„stwa: %s" #: plugins/sudoers/def_data.c:287 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "Åšcieżka do pliku Å›rodowiska specyficznego dla sudo: %s" #: plugins/sudoers/def_data.c:291 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "Lokalizacja, jak ma być używana przy analizie pliku sudoers: %s" #: plugins/sudoers/def_data.c:295 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "Zezwolenie sudo na pytanie o hasÅ‚o nawet gdyby miaÅ‚o być widoczne" #: plugins/sudoers/def_data.c:299 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "Uwidocznienie wprowadzania hasÅ‚a przez użytkownika w miarÄ™ wpisywania" #: plugins/sudoers/def_data.c:303 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "Użycie szybszych masek (glob) - mniej dokÅ‚adnych, ale nie odwoÅ‚ujÄ…cych siÄ™ do systemu plików" #: plugins/sudoers/def_data.c:307 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "Wartość umask podana w sudoers ma zastÄ…pić wartość użytkownika, nawet jeÅ›li pozwala na wiÄ™cej" #: plugins/sudoers/def_data.c:311 msgid "Log user's input for the command being run" msgstr "Logowanie wejÅ›cia użytkownika dla uruchamianych poleceÅ„" #: plugins/sudoers/def_data.c:315 msgid "Log the output of the command being run" msgstr "Logowanie wyjÅ›cia z uruchamianych poleceÅ„" #: plugins/sudoers/def_data.c:319 msgid "Compress I/O logs using zlib" msgstr "Kompresja logów we/wy przy użyciu zliba" #: plugins/sudoers/def_data.c:323 msgid "Always run commands in a pseudo-tty" msgstr "Uruchamianie poleceÅ„ zawsze na pseudoterminalu" #: plugins/sudoers/def_data.c:327 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "Wtyczka do obsÅ‚ugi grup nieuniksowych: %s" #: plugins/sudoers/def_data.c:331 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "Katalog do zapisu logów wejÅ›cia/wyjÅ›cia: %s" #: plugins/sudoers/def_data.c:335 #, c-format msgid "File in which to store the input/output log: %s" msgstr "Plik do zapisu logu wejÅ›cia/wyjÅ›cia: %s" #: plugins/sudoers/def_data.c:339 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "Dodawanie wpisu do pliku utmp/utmpx przy przydzielaniu pty" #: plugins/sudoers/def_data.c:343 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "Ustawianie użytkownika w utmp jako docelowego, nie wywoÅ‚ujÄ…cego" #: plugins/sudoers/def_data.c:347 msgid "Set of permitted privileges" msgstr "Zbiór dozwolonych uprawnieÅ„" #: plugins/sudoers/def_data.c:351 msgid "Set of limit privileges" msgstr "Zbiór ograniczonych uprawnieÅ„" #: plugins/sudoers/def_data.c:355 msgid "Run commands on a pty in the background" msgstr "Uruchomienie poleceÅ„ na pseudoterminalu w tle" #: plugins/sudoers/def_data.c:359 msgid "PAM service name to use" msgstr "Nazwa usÅ‚ugi PAM do użycia" #: plugins/sudoers/def_data.c:363 msgid "PAM service name to use for login shells" msgstr "Nazwa usÅ‚ugi PAM do użycia dla powÅ‚ok logowania" #: plugins/sudoers/def_data.c:367 msgid "Attempt to establish PAM credentials for the target user" msgstr "Próba ustanowienia danych uwierzytelniajÄ…cych PAM dla użytkownika docelowego" #: plugins/sudoers/def_data.c:371 msgid "Create a new PAM session for the command to run in" msgstr "Utworzenie nowej sesji PAM dla uruchamianego polecenia" #: plugins/sudoers/def_data.c:375 #, c-format msgid "Maximum I/O log sequence number: %u" msgstr "Maksymalny numer sekwencji logu we/wy: %u" #: plugins/sudoers/defaults.c:210 plugins/sudoers/defaults.c:596 #: plugins/sudoers/visudo_json.c:611 plugins/sudoers/visudo_json.c:647 #, c-format msgid "unknown defaults entry `%s'" msgstr "nieznany wpis domyÅ›lny `%s'" #: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 #: plugins/sudoers/defaults.c:248 plugins/sudoers/defaults.c:261 #: plugins/sudoers/defaults.c:274 plugins/sudoers/defaults.c:287 #: plugins/sudoers/defaults.c:300 plugins/sudoers/defaults.c:320 #: plugins/sudoers/defaults.c:330 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "błędna wartość `%s' dla opcji `%s'" #: plugins/sudoers/defaults.c:221 plugins/sudoers/defaults.c:231 #: plugins/sudoers/defaults.c:239 plugins/sudoers/defaults.c:256 #: plugins/sudoers/defaults.c:269 plugins/sudoers/defaults.c:282 #: plugins/sudoers/defaults.c:295 plugins/sudoers/defaults.c:315 #: plugins/sudoers/defaults.c:326 #, c-format msgid "no value specified for `%s'" msgstr "nie podano wartoÅ›ci dla `%s'" #: plugins/sudoers/defaults.c:244 #, c-format msgid "values for `%s' must start with a '/'" msgstr "wartoÅ›ci `%s' muszÄ… zaczynać siÄ™ od '/'" #: plugins/sudoers/defaults.c:306 #, c-format msgid "option `%s' does not take a value" msgstr "opcja `%s' nie przyjmuje wartoÅ›ci" #: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 #: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 #: plugins/sudoers/policy.c:442 plugins/sudoers/policy.c:449 #: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:656 #: plugins/sudoers/testsudoers.c:241 #, c-format msgid "internal error, %s overflow" msgstr "błąd wewnÄ™trzny, przepeÅ‚nienie %s" #: plugins/sudoers/env.c:367 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: uszkodzone envp, niezgodność dÅ‚ugoÅ›ci" #: plugins/sudoers/env.c:1014 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "niestety nie jest dozwolone ustawianie nastÄ™pujÄ…cych zmiennych Å›rodowiskowych: %s" #: plugins/sudoers/group_plugin.c:94 #, c-format msgid "%s must be owned by uid %d" msgstr "wÅ‚aÅ›cicielem %s musi być uid %d" #: plugins/sudoers/group_plugin.c:98 #, c-format msgid "%s must only be writable by owner" msgstr "prawo zapisu do %s może mieć tylko wÅ‚aÅ›ciciel" #: plugins/sudoers/group_plugin.c:105 plugins/sudoers/sssd.c:251 #, c-format msgid "unable to load %s: %s" msgstr "nie udaÅ‚o siÄ™ zaÅ‚adować %s: %s" #: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "nie udaÅ‚o siÄ™ odnaleźć symbolu \"group_plugin\" w %s" #: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: niezgodna główna wersja wtyczki grup %d, oczekiwano %d" #: plugins/sudoers/interfaces.c:118 msgid "Local IP address and netmask pairs:\n" msgstr "Pary lokalnych adresów IP i masek:\n" #: plugins/sudoers/iolog.c:99 plugins/sudoers/iolog.c:112 #: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s istnieje, ale nie jest katalogiem (0%o)" #: plugins/sudoers/iolog.c:109 plugins/sudoers/iolog.c:123 #: plugins/sudoers/iolog.c:127 plugins/sudoers/timestamp.c:165 #: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 #, c-format msgid "unable to mkdir %s" msgstr "nie udaÅ‚o siÄ™ wykonać mkdir %s" #: plugins/sudoers/iolog.c:190 plugins/sudoers/sudoers.c:710 #: plugins/sudoers/sudoreplay.c:340 plugins/sudoers/sudoreplay.c:811 #: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/timestamp.c:155 #: plugins/sudoers/visudo.c:824 plugins/sudoers/visudo_json.c:995 #: plugins/sudoers/visudo_json.c:1003 #, c-format msgid "unable to open %s" msgstr "nie udaÅ‚o siÄ™ otworzyć %s" #: plugins/sudoers/iolog.c:223 plugins/sudoers/sudoers.c:713 #: plugins/sudoers/sudoreplay.c:1112 #, c-format msgid "unable to read %s" msgstr "nie udaÅ‚o siÄ™ odczytać %s" #: plugins/sudoers/iolog.c:247 plugins/sudoers/sudoreplay.c:580 #: plugins/sudoers/timestamp.c:159 #, c-format msgid "unable to write to %s" msgstr "nie udaÅ‚o siÄ™ zapisać do %s" #: plugins/sudoers/iolog.c:307 plugins/sudoers/iolog.c:500 #, c-format msgid "unable to create %s" msgstr "nie udaÅ‚o siÄ™ utworzyć %s" #: plugins/sudoers/ldap.c:403 msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: port zbyt duży" #: plugins/sudoers/ldap.c:426 msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: brak miejsca podczas rozszerzania hostbuf" #: plugins/sudoers/ldap.c:458 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "nieobsÅ‚ugiwany rodzaj URI LDAP: %s" #: plugins/sudoers/ldap.c:489 msgid "unable to mix ldap and ldaps URIs" msgstr "nie można mieszać URI ldap i ldaps" #: plugins/sudoers/ldap.c:493 plugins/sudoers/ldap.c:525 msgid "starttls not supported when using ldaps" msgstr "brak obsÅ‚ugi starttls w przypadku użycia ldaps" #: plugins/sudoers/ldap.c:511 msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: brak miejsca podczas konstruowania hostbuf" #: plugins/sudoers/ldap.c:592 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "nie udaÅ‚o siÄ™ zainicjować bazy certyfikatów i kluczy SSL: %s" #: plugins/sudoers/ldap.c:595 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "aby używać SSL, trzeba ustawić TLS_CERT w %s" #: plugins/sudoers/ldap.c:1086 msgid "unable to get GMT time" msgstr "nie udaÅ‚o siÄ™ pobrać czasu GMT" #: plugins/sudoers/ldap.c:1092 msgid "unable to format timestamp" msgstr "nie udaÅ‚o siÄ™ sformatować znacznika czasu" #: plugins/sudoers/ldap.c:1100 msgid "unable to build time filter" msgstr "nie udaÅ‚o siÄ™ stworzyć filtra czasu" #: plugins/sudoers/ldap.c:1319 msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "niezgodność przydzielenia sudo_ldap_build_pass1" #: plugins/sudoers/ldap.c:1424 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" #: plugins/sudoers/ldap.c:1899 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" "\n" "Rola LDAP: %s\n" #: plugins/sudoers/ldap.c:1901 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" "\n" "Rola LDAP: NIEZNANA\n" #: plugins/sudoers/ldap.c:1948 #, c-format msgid " Order: %s\n" msgstr " PorzÄ…dek: %s\n" #: plugins/sudoers/ldap.c:1956 plugins/sudoers/parse.c:504 #: plugins/sudoers/sssd.c:1295 #, c-format msgid " Commands:\n" msgstr " Polecenia:\n" #: plugins/sudoers/ldap.c:2499 #, c-format msgid "unable to initialize LDAP: %s" msgstr "nie udaÅ‚o siÄ™ zainicjować LDAP: %s" #: plugins/sudoers/ldap.c:2541 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "wybrano start_tls, ale biblioteki LDAP nie obsÅ‚ugujÄ… ldap_start_tls_s() ani ldap_start_tls_s_np()" #: plugins/sudoers/ldap.c:2774 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "błędny atrybut sudoOrder: %s" #: plugins/sudoers/linux_audit.c:57 msgid "unable to open audit system" msgstr "nie udaÅ‚o siÄ™ otworzyć systemu audytowego" #: plugins/sudoers/linux_audit.c:93 msgid "unable to send audit message" msgstr "nie udaÅ‚o siÄ™ wysÅ‚ać komunikatu audytowego" #: plugins/sudoers/logging.c:136 #, c-format msgid "%8s : %s" msgstr "%8s : %s" #: plugins/sudoers/logging.c:164 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (kontynuacja polecenia) %s" #: plugins/sudoers/logging.c:190 #, c-format msgid "unable to open log file: %s: %s" msgstr "nie udaÅ‚o siÄ™ otworzyć pliku logu: %s: %s" #: plugins/sudoers/logging.c:193 #, c-format msgid "unable to lock log file: %s: %s" msgstr "nie udaÅ‚o siÄ™ zablokować pliku logu: %s: %s" #: plugins/sudoers/logging.c:245 msgid "No user or host" msgstr "Brak użytkownika lub hosta" #: plugins/sudoers/logging.c:247 msgid "validation failure" msgstr "błąd kontroli poprawnoÅ›ci" #: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "użytkownik NIE wystÄ™puje w sudoers" #: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "użytkownik NIE jest autoryzowany na hoÅ›cie" #: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "polecenie niedozwolone" #: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s nie wystÄ™puje w pliku sudoers. Ten incydent zostanie zgÅ‚oszony.\n" #: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s nie ma uprawnieÅ„ do uruchamiania sudo na %s. Ten incydent zostanie zgÅ‚oszony.\n" #: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Niestety użytkownik %s nie może uruchamiać sudo na %s.\n" #: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Niestety użytkownik %s nie ma uprawnieÅ„ do uruchamiania '%s%s%s' jako %s%s%s na %s.\n" #: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:382 #: plugins/sudoers/sudoers.c:383 plugins/sudoers/sudoers.c:385 #: plugins/sudoers/sudoers.c:386 plugins/sudoers/sudoers.c:1017 #: plugins/sudoers/sudoers.c:1018 #, c-format msgid "%s: command not found" msgstr "%s: nie znaleziono polecenia" #: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:378 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" "zignorowano plik `%s' znaleziony w '.'\n" "ProszÄ™ użyć `sudo ./%s', jeÅ›li to `%s' ma być uruchomiony." #: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "błąd uwierzytelniania" #: plugins/sudoers/logging.c:379 msgid "a password is required" msgstr "wymagane jest hasÅ‚o" #: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:497 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u błędna próba wprowadzenia hasÅ‚a" msgstr[1] "%u błędne próby wprowadzenia hasÅ‚a" msgstr[2] "%u błędnych prób wprowadzenia hasÅ‚a" #: plugins/sudoers/logging.c:582 msgid "unable to fork" msgstr "nie udaÅ‚o siÄ™ wykonać fork" #: plugins/sudoers/logging.c:589 plugins/sudoers/logging.c:645 #, c-format msgid "unable to fork: %m" msgstr "nie udaÅ‚o siÄ™ wykonać fork: %m" #: plugins/sudoers/logging.c:635 #, c-format msgid "unable to open pipe: %m" msgstr "nie udaÅ‚o siÄ™ otworzyć potoku: %m" #: plugins/sudoers/logging.c:660 #, c-format msgid "unable to dup stdin: %m" msgstr "nie udaÅ‚o siÄ™ wykonać dup na stdin: %m" #: plugins/sudoers/logging.c:695 #, c-format msgid "unable to execute %s: %m" msgstr "nie udaÅ‚o siÄ™ wywoÅ‚ać %s: %m" #: plugins/sudoers/logging.c:914 msgid "internal error: insufficient space for log line" msgstr "błąd wewnÄ™trzny: za maÅ‚o miejsca na liniÄ™ logu" #: plugins/sudoers/match.c:617 #, c-format msgid "unsupported digest type %d for %s" msgstr "nieobsÅ‚ugiwany typ skrótu %d dla %s" #: plugins/sudoers/match.c:647 #, c-format msgid "%s: read error" msgstr "%s: błąd odczytu" #: plugins/sudoers/match.c:661 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "skrót dla %s (%s) nie jest w postaci %s" #: plugins/sudoers/parse.c:115 #, c-format msgid "parse error in %s near line %d" msgstr "błąd skÅ‚adni w %s w okolicy linii %d" #: plugins/sudoers/parse.c:118 #, c-format msgid "parse error in %s" msgstr "błąd skÅ‚adni w %s" #: plugins/sudoers/parse.c:451 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" "\n" "Wpis sudoers:\n" #: plugins/sudoers/parse.c:452 #, c-format msgid " RunAsUsers: " msgstr " Jako użytkownicy: " #: plugins/sudoers/parse.c:466 #, c-format msgid " RunAsGroups: " msgstr " Jako grupy: " #: plugins/sudoers/parse.c:475 #, c-format msgid " Options: " msgstr " Opcje: " #: plugins/sudoers/policy.c:109 plugins/sudoers/policy.c:116 #: plugins/sudoers/policy.c:123 plugins/sudoers/policy.c:145 #: plugins/sudoers/policy.c:259 plugins/sudoers/policy.c:277 #: plugins/sudoers/policy.c:284 plugins/sudoers/policy.c:312 #: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:327 #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 #, c-format msgid "%s: %s" msgstr "%s: %s" #: plugins/sudoers/policy.c:539 plugins/sudoers/visudo.c:765 #, c-format msgid "unable to execute %s" msgstr "nie udaÅ‚o siÄ™ wywoÅ‚ać %s" #: plugins/sudoers/policy.c:681 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Wersja wtyczki polityki sudoers %s\n" #: plugins/sudoers/policy.c:683 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Wersja gramatyki pliku sudoers %d\n" #: plugins/sudoers/policy.c:687 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" "\n" "Åšcieżka do sudoers: %s\n" #: plugins/sudoers/policy.c:690 #, c-format msgid "nsswitch path: %s\n" msgstr "Å›cieżka do nsswitch: %s\n" #: plugins/sudoers/policy.c:692 #, c-format msgid "ldap.conf path: %s\n" msgstr "Å›cieżka do ldap.conf: %s\n" #: plugins/sudoers/policy.c:693 #, c-format msgid "ldap.secret path: %s\n" msgstr "Å›cieżka do ldap.secret: %s\n" #: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "nie udaÅ‚o siÄ™ zapamiÄ™tać uid-a %u, już istnieje" #: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "nie udaÅ‚o siÄ™ zapamiÄ™tać użytkownika %s, już istnieje" #: plugins/sudoers/pwutil.c:393 #, c-format msgid "unable to cache gid %u, already exists" msgstr "nie udaÅ‚o siÄ™ zapamiÄ™tać gid-a %u, już istnieje" #: plugins/sudoers/pwutil.c:429 #, c-format msgid "unable to cache group %s, already exists" msgstr "nie udaÅ‚o siÄ™ zapamiÄ™tać grupy %s, już istnieje" #: plugins/sudoers/pwutil.c:592 plugins/sudoers/pwutil.c:614 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "nie udaÅ‚o siÄ™ zapamiÄ™tać listy grup dla %s, już istnieje" #: plugins/sudoers/pwutil.c:612 #, c-format msgid "unable to parse groups for %s" msgstr "nie udaÅ‚o siÄ™ przeanalizować grup dla %s" #: plugins/sudoers/set_perms.c:124 plugins/sudoers/set_perms.c:449 #: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1149 #: plugins/sudoers/set_perms.c:1441 msgid "perm stack overflow" msgstr "przepeÅ‚nienie stosu uprawnieÅ„" #: plugins/sudoers/set_perms.c:132 plugins/sudoers/set_perms.c:457 #: plugins/sudoers/set_perms.c:860 plugins/sudoers/set_perms.c:1157 #: plugins/sudoers/set_perms.c:1449 msgid "perm stack underflow" msgstr "niedopeÅ‚nienie stosu uprawnieÅ„" #: plugins/sudoers/set_perms.c:191 plugins/sudoers/set_perms.c:504 #: plugins/sudoers/set_perms.c:1208 plugins/sudoers/set_perms.c:1481 msgid "unable to change to root gid" msgstr "nie udaÅ‚o siÄ™ zmienić na gid roota" #: plugins/sudoers/set_perms.c:280 plugins/sudoers/set_perms.c:601 #: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1285 msgid "unable to change to runas gid" msgstr "nie udaÅ‚o siÄ™ zmienić na docelowy gid" #: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:613 #: plugins/sudoers/set_perms.c:999 plugins/sudoers/set_perms.c:1295 msgid "unable to change to runas uid" msgstr "nie udaÅ‚o siÄ™ zmienić na docelowy uid" #: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:631 #: plugins/sudoers/set_perms.c:1015 plugins/sudoers/set_perms.c:1311 msgid "unable to change to sudoers gid" msgstr "nie udaÅ‚o siÄ™ zmienić na gid sudoers" #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 msgid "too many processes" msgstr "zbyt dużo procesów" #: plugins/sudoers/set_perms.c:1595 msgid "unable to set runas group vector" msgstr "nie udaÅ‚o siÄ™ ustawić wektora grup docelowych" #: plugins/sudoers/sssd.c:252 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "nie udaÅ‚o siÄ™ zainicjować źródÅ‚a SSS. Czy SSSD jest zainstalowany na tej maszynie?" #: plugins/sudoers/sssd.c:259 plugins/sudoers/sssd.c:267 #: plugins/sudoers/sssd.c:275 plugins/sudoers/sssd.c:283 #: plugins/sudoers/sssd.c:291 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "nie udaÅ‚o siÄ™ odnaleźć symbolu \"%s\" w %s" #: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "PasujÄ…ce wpisy Defaults dla %s na %s:\n" #: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "WartoÅ›ci specyficzne dla Runas i Command dla %s:\n" #: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "Użytkownik %s może uruchamiać na %s nastÄ™pujÄ…ce polecenia:\n" #: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Użytkownik %s nie ma uprawnieÅ„ do uruchamiania sudo na %s.\n" #: plugins/sudoers/sudoers.c:154 plugins/sudoers/sudoers.c:188 #: plugins/sudoers/sudoers.c:675 msgid "problem with defaults entries" msgstr "problem z wpisami domyÅ›lnymi" #: plugins/sudoers/sudoers.c:160 msgid "no valid sudoers sources found, quitting" msgstr "nie znaleziono poprawnych źródeÅ‚ sudoers, zakoÅ„czenie" #: plugins/sudoers/sudoers.c:222 msgid "sudoers specifies that root is not allowed to sudo" msgstr "wg sudoers root nie ma prawa używać sudo" #: plugins/sudoers/sudoers.c:261 msgid "you are not permitted to use the -C option" msgstr "brak uprawnieÅ„ do używania opcji -C" #: plugins/sudoers/sudoers.c:314 #, c-format msgid "timestamp owner (%s): No such user" msgstr "wÅ‚aÅ›ciciel znacznika czasu (%s): nie ma takiego użytkownika" #: plugins/sudoers/sudoers.c:328 msgid "no tty" msgstr "brak tty" #: plugins/sudoers/sudoers.c:329 msgid "sorry, you must have a tty to run sudo" msgstr "niestety do uruchomienia sudo konieczny jest tty" #: plugins/sudoers/sudoers.c:377 msgid "command in current directory" msgstr "polecenie w bieżącym katalogu" #: plugins/sudoers/sudoers.c:394 msgid "sorry, you are not allowed to preserve the environment" msgstr "niestety brak uprawnieÅ„ do zachowania Å›rodowiska" #: plugins/sudoers/sudoers.c:725 plugins/sudoers/timestamp.c:216 #: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:326 #: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:591 #, c-format msgid "unable to stat %s" msgstr "nie udaÅ‚o siÄ™ wykonać stat na %s" #: plugins/sudoers/sudoers.c:728 #, c-format msgid "%s is not a regular file" msgstr "%s nie jest zwykÅ‚ym plikiem" #: plugins/sudoers/sudoers.c:731 toke.l:920 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "wÅ‚aÅ›cicielem %s jest uid %u, powinien być %u" #: plugins/sudoers/sudoers.c:735 toke.l:927 #, c-format msgid "%s is world writable" msgstr "%s jest zapisywalny dla Å›wiata" #: plugins/sudoers/sudoers.c:738 toke.l:932 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "wÅ‚aÅ›cicielem %s jest gid %u, powinien być %u" #: plugins/sudoers/sudoers.c:764 #, c-format msgid "only root can use `-c %s'" msgstr "tylko root może używać `-c %s'" #: plugins/sudoers/sudoers.c:781 plugins/sudoers/sudoers.c:783 #, c-format msgid "unknown login class: %s" msgstr "nieznana klasa logowania: %s" #: plugins/sudoers/sudoers.c:815 #, c-format msgid "unable to resolve host %s" msgstr "nie udaÅ‚o siÄ™ rozwiÄ…zać nazwy hosta %s" #: plugins/sudoers/sudoers.c:878 plugins/sudoers/testsudoers.c:387 #, c-format msgid "unknown group: %s" msgstr "nieznana grupa: %s" #: plugins/sudoers/sudoreplay.c:272 #, c-format msgid "invalid filter option: %s" msgstr "błędna opcja filtra: %s" #: plugins/sudoers/sudoreplay.c:285 #, c-format msgid "invalid max wait: %s" msgstr "błędny maksymalny czas oczekiwania: %s" #: plugins/sudoers/sudoreplay.c:291 #, c-format msgid "invalid speed factor: %s" msgstr "błędny współczynnik szybkoÅ›ci: %s" #: plugins/sudoers/sudoreplay.c:294 plugins/sudoers/visudo.c:184 #, c-format msgid "%s version %s\n" msgstr "%s wersja %s\n" #: plugins/sudoers/sudoreplay.c:326 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/czas: %s" #: plugins/sudoers/sudoreplay.c:332 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/czas: %s" #: plugins/sudoers/sudoreplay.c:348 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Odtwarzanie sesji sudo: %s\n" #: plugins/sudoers/sudoreplay.c:354 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Uwaga: ten terminal jest za maÅ‚y, aby wÅ‚aÅ›ciwie odtworzyć log.\n" #: plugins/sudoers/sudoreplay.c:355 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Geometria logu to %d x %d, geometria terminala to %d x %d." #: plugins/sudoers/sudoreplay.c:410 msgid "unable to set tty to raw mode" msgstr "nie udaÅ‚o siÄ™ przestawić tty w tryb surowy" #: plugins/sudoers/sudoreplay.c:441 #, c-format msgid "invalid timing file line: %s" msgstr "błędna linia pliku czasu: %s" #: plugins/sudoers/sudoreplay.c:647 plugins/sudoers/sudoreplay.c:672 #, c-format msgid "ambiguous expression \"%s\"" msgstr "niejednoznaczne wyrażenie \"%s\"" #: plugins/sudoers/sudoreplay.c:694 msgid "unmatched ')' in expression" msgstr "niesparowany ')' w wyrażeniu" #: plugins/sudoers/sudoreplay.c:698 #, c-format msgid "unknown search term \"%s\"" msgstr "nieznany warunek wyszukiwania \"%s\"" #: plugins/sudoers/sudoreplay.c:712 #, c-format msgid "%s requires an argument" msgstr "%s wymaga argumentu" #: plugins/sudoers/sudoreplay.c:716 plugins/sudoers/sudoreplay.c:1085 #, c-format msgid "invalid regular expression: %s" msgstr "błędne wyrażenie regularne: %s" #: plugins/sudoers/sudoreplay.c:722 #, c-format msgid "could not parse date \"%s\"" msgstr "nie udaÅ‚o siÄ™ przeanalizować daty \"%s\"" #: plugins/sudoers/sudoreplay.c:731 msgid "unmatched '(' in expression" msgstr "niesparowany '(' w wyrażeniu" #: plugins/sudoers/sudoreplay.c:733 msgid "illegal trailing \"or\"" msgstr "niedozwolone koÅ„czÄ…ce \"or\"" #: plugins/sudoers/sudoreplay.c:735 msgid "illegal trailing \"!\"" msgstr "niedozwolony koÅ„czÄ…cy \"!\"" #: plugins/sudoers/sudoreplay.c:788 #, c-format msgid "unknown search type %d" msgstr "nieznany typ wyszukiwania %d" #: plugins/sudoers/sudoreplay.c:825 #, c-format msgid "%s: invalid log file" msgstr "%s: błędny plik logu" #: plugins/sudoers/sudoreplay.c:843 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: brak pola znacznika czasu" #: plugins/sudoers/sudoreplay.c:850 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: znacznik czasu %s: %s" #: plugins/sudoers/sudoreplay.c:857 #, c-format msgid "%s: user field is missing" msgstr "%s: brak pola z użytkownikiem" #: plugins/sudoers/sudoreplay.c:865 #, c-format msgid "%s: runas user field is missing" msgstr "%s: brak pola z użytkownikiem runas" #: plugins/sudoers/sudoreplay.c:873 #, c-format msgid "%s: runas group field is missing" msgstr "%s: brak pola z grupÄ… runas" #: plugins/sudoers/sudoreplay.c:1225 #, c-format msgid "usage: %s [-h] [-d dir] [-m num] [-s num] ID\n" msgstr "SkÅ‚adnia: %s [-h] [-d katalog] [-m liczba] [-s wsp_szybkoÅ›ci] ID\n" #: plugins/sudoers/sudoreplay.c:1228 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "SkÅ‚adnia: %s [-h] [-d katalog] -l [wyrażenie wyszukiwania]\n" #: plugins/sudoers/sudoreplay.c:1237 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" "%s - odtwarzanie logów sesji sudo\n" "\n" #: plugins/sudoers/sudoreplay.c:1239 msgid "" "\n" "Options:\n" " -d, --directory=dir specify directory for session logs\n" " -f, --filter=filter specify which I/O type(s) to display\n" " -h, --help display help message and exit\n" " -l, --list list available session IDs, with optional expression\n" " -m, --max-wait=num max number of seconds to wait between events\n" " -s, --speed=num speed up or slow down output\n" " -V, --version display version information and exit" msgstr "" "\n" "Opcje:\n" " -d, --directory=kat podanie katalogu na logi sesji\n" " -f, --filter=filtr okreÅ›lenie rodzaju we/wy do wyÅ›wietlania\n" " -h, --help wyÅ›wietlenie opisu i zakoÅ„czenie\n" " -l, --list lista dostÄ™pnych ID sesji pasujÄ…cych do wyrażenia\n" " -m, --max-wait=ile maksymalna liczba sekund oczekiwania miÄ™dzy zdarzeniami\n" " -s, --speed=ile przyspieszenie lub spowolnienie wyjÅ›cia\n" " -V, --version wyÅ›wietlenie informacji o wersji i zakoÅ„czenie" #: plugins/sudoers/testsudoers.c:326 msgid "\thost unmatched" msgstr "\thost nie znaleziony" #: plugins/sudoers/testsudoers.c:329 msgid "" "\n" "Command allowed" msgstr "" "\n" "Polecenie dozwolone" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command denied" msgstr "" "\n" "Polecenie niedozwolone" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command unmatched" msgstr "" "\n" "Polecenie nie znalezione" #: plugins/sudoers/timestamp.c:133 #, c-format msgid "timestamp path too long: %s" msgstr "Å›cieżka znacznika czasu zbyt dÅ‚uga: %s" #: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 #: plugins/sudoers/timestamp.c:290 #, c-format msgid "%s owned by uid %u, should be uid %u" msgstr "wÅ‚aÅ›cicielem %s jest uid %u, powinien być uid %u" #: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0700" msgstr "%s zapisywalny nie tylko dla wÅ‚aÅ›ciciela (uprawnienia 0%o, powinny być 0700)" #: plugins/sudoers/timestamp.c:284 #, c-format msgid "%s exists but is not a regular file (0%o)" msgstr "%s istnieje, ale nie jest zwykÅ‚ym plikiem (0%o)" #: plugins/sudoers/timestamp.c:296 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0600" msgstr "%s zapisywalny nie tylko dla wÅ‚aÅ›ciciela (uprawnienia 0%o, powinny być 0600)" #: plugins/sudoers/timestamp.c:351 #, c-format msgid "timestamp too far in the future: %20.20s" msgstr "znacznik czasu zbyt daleko w przyszÅ‚oÅ›ci: %20.20s" #: plugins/sudoers/timestamp.c:405 #, c-format msgid "unable to remove %s, will reset to the Unix epoch" msgstr "nie udaÅ‚o siÄ™ usunąć %s, zostanie zresetowany do uniksowego epoch" #: plugins/sudoers/timestamp.c:413 #, c-format msgid "unable to reset %s to the Unix epoch" msgstr "nie udaÅ‚o siÄ™ zresetować %s do uniksowego epoch" #: plugins/sudoers/toke_util.c:176 msgid "fill_args: buffer overflow" msgstr "fill_args: przepeÅ‚nienie bufora" #: plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" msgstr "%s, wersja gramatyki %d\n" #: plugins/sudoers/visudo.c:257 plugins/sudoers/visudo.c:544 #, c-format msgid "press return to edit %s: " msgstr "wciÅ›niÄ™cie return przejdzie do edycji %s: " #: plugins/sudoers/visudo.c:342 plugins/sudoers/visudo.c:348 msgid "write error" msgstr "błąd zapisu" #: plugins/sudoers/visudo.c:430 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "nie udaÅ‚o siÄ™ wykonać stat na pliku tymczasowym (%s), %s nie zmieniony" #: plugins/sudoers/visudo.c:435 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "plik tymczasowy (%s) zerowej dÅ‚ugoÅ›ci, %s nie zmieniony" #: plugins/sudoers/visudo.c:441 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "błąd edytora (%s), %s nie zmieniony" #: plugins/sudoers/visudo.c:464 #, c-format msgid "%s unchanged" msgstr "%s nie zmieniony" #: plugins/sudoers/visudo.c:489 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "nie udaÅ‚o siÄ™ ponownie otworzyć pliku tymczasowego (%s), %s nie zmieniony." #: plugins/sudoers/visudo.c:499 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "nie udaÅ‚o siÄ™ przeanalizować pliku tymczasowego (%s), nieznany błąd" #: plugins/sudoers/visudo.c:535 #, c-format msgid "internal error, unable to find %s in list!" msgstr "błąd wewnÄ™trzny, nie znaleziono %s na liÅ›cie!" #: plugins/sudoers/visudo.c:593 plugins/sudoers/visudo.c:602 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "nie udaÅ‚o siÄ™ ustawić (uid, gid) %s na (%u, %u)" #: plugins/sudoers/visudo.c:597 plugins/sudoers/visudo.c:607 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "nie udaÅ‚o siÄ™ zmienić uprawnieÅ„ %s na 0%o" #: plugins/sudoers/visudo.c:624 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s i %s nie sÄ… na tym samym systemie plików, użycie mv do zmiany nazwy" #: plugins/sudoers/visudo.c:638 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "polecenie nie powiodÅ‚o siÄ™: '%s %s %s', %s nie zmieniony" #: plugins/sudoers/visudo.c:648 #, c-format msgid "error renaming %s, %s unchanged" msgstr "błąd podczas zmiany nazwy %s, %s nie zmieniony" #: plugins/sudoers/visudo.c:710 msgid "What now? " msgstr "Co teraz? " #: plugins/sudoers/visudo.c:724 msgid "" "Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" "Możliwe opcje:\n" " (e) ponowna edycja pliku sudoers\n" " (x) wyjÅ›cie bez zapisu zmian do pliku sudoers\n" " (Q) wyjÅ›cie i zapisanie zmian w pliku sudoers (NIEBEZPIECZNE!)\n" #: plugins/sudoers/visudo.c:772 #, c-format msgid "unable to run %s" msgstr "nie udaÅ‚o siÄ™ uruchomić %s" #: plugins/sudoers/visudo.c:798 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: błędny wÅ‚aÅ›ciciel, (uid, gid) powinny wynosić (%u, %u)\n" #: plugins/sudoers/visudo.c:805 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: błędne uprawnienia, powinny być 0%o\n" #: plugins/sudoers/visudo.c:830 plugins/sudoers/visudo_json.c:1009 #, c-format msgid "failed to parse %s file, unknown error" msgstr "nie udaÅ‚o siÄ™ przeanalizować pliku %s, nieznany błąd" #: plugins/sudoers/visudo.c:846 plugins/sudoers/visudo_json.c:1018 #, c-format msgid "parse error in %s near line %d\n" msgstr "błąd skÅ‚adni w %s w okolicy linii %d\n" #: plugins/sudoers/visudo.c:849 plugins/sudoers/visudo_json.c:1021 #, c-format msgid "parse error in %s\n" msgstr "błąd skÅ‚adni w %s\n" #: plugins/sudoers/visudo.c:857 plugins/sudoers/visudo.c:864 #, c-format msgid "%s: parsed OK\n" msgstr "%s: skÅ‚adnia poprawna\n" #: plugins/sudoers/visudo.c:910 #, c-format msgid "%s busy, try again later" msgstr "%s zajÄ™ty, proszÄ™ spróbować później" #: plugins/sudoers/visudo.c:954 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "podany edytor (%s) nie istnieje" #: plugins/sudoers/visudo.c:977 #, c-format msgid "unable to stat editor (%s)" msgstr "nie udaÅ‚o siÄ™ wykonać stat na edytorze (%s)" #: plugins/sudoers/visudo.c:1025 #, c-format msgid "no editor found (editor path = %s)" msgstr "nie znaleziono edytora (Å›cieżka = %s)" #: plugins/sudoers/visudo.c:1118 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "Błąd: cykl w %s_Alias `%s'" #: plugins/sudoers/visudo.c:1119 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "Uwaga: cykl w %s_Alias `%s'" #: plugins/sudoers/visudo.c:1125 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "Błąd: %s_Alias `%s' użyty, ale nie zdefiniowany" #: plugins/sudoers/visudo.c:1126 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "Uwaga: %s_Alias `%s' użyty, ale nie zdefiniowany" #: plugins/sudoers/visudo.c:1268 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s: nie użyty %s_Alias %s" #: plugins/sudoers/visudo.c:1330 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" "%s - bezpieczna edycja pliku sudoers\n" "\n" #: plugins/sudoers/visudo.c:1332 msgid "" "\n" "Options:\n" " -c, --check check-only mode\n" " -f, --file=file specify sudoers file location\n" " -h, --help display help message and exit\n" " -q, --quiet less verbose (quiet) syntax error messages\n" " -s, --strict strict syntax checking\n" " -V, --version display version information and exit\n" " -x, --export=file export sudoers in JSON format" msgstr "" "\n" "Opcje:\n" " -c, --check tryb wyłącznie sprawdzajÄ…cy\n" " -f, --file=plik podanie poÅ‚ożenia pliku sudoers\n" " -h, --help wyÅ›wietlenie opisu i zakoÅ„czenie\n" " -q, --quiet mniej obszerne (\"cichsze\") komunikaty o błędach skÅ‚adni\n" " -s, --strict Å›cisÅ‚e sprawdzanie skÅ‚adni\n" " -V, --version wyÅ›wietlenie informacji o wersji i zakoÅ„czenie\n" " -x, --export=plik eksport danych sudoers w formacie JSON" #: toke.l:892 msgid "too many levels of includes" msgstr "za dużo poziomów include" sudo-1.8.9p5/plugins/sudoers/po/pt_BR.mo010064400175440000012000001127261226304146200175030ustar00millertstaffÞ•R¬ É<`arƒ“¦¶fË´2çøý  ! !&!5!G!X!a!~!#ž!9Â!ü!&")<"f"}"F–"@Ý"###B#f#{#!–#$¸#Ý# õ#$3$3E$y$–$§$®$+½$(é$%;(%d%y%ˆ% —%¸%Ø%î%"&41&!f&$ˆ&-­&Û&*ø&+#'O'f'.€'<¯'#ì'd(Au(9·(ñ()+)>F)?…)2Å)#ø)!*4>*?s*8³*ì*.+3+#P+2t+§+#Ã+1ç+<,*V,", ¤,/Å,õ,$-@8-/y-©-8Ä-<ý-F:.3.µ.É.5è.q/)/:º/$õ/'0=B0-€0'®0)Ö0*1(+1#T1x1'ˆ12°1?ã1#2-±2ß2ü2(33=3%q3 —3(¡3Ê3ß3(ø3.!4%P4Ev4+¼4=è46&5G]5¥5Ä55à5(63?6s6'…6,­63Ú637B75_7'•75½7&ó7:8U8m8.‰8=¸8ö8C9'L9"t9 —9!¸97Ú9?:AR:V”:“ë:';0§;LØ;*%<.P<)<F©<'ð<1=1J=|=@œ= Ý=7è=9 >Z>3q>¥>¿>Ö>(ö>?CZCmC!‡C©C»CÎCíC D!D6DPD6nDI¥D&ïD#E\:E'—E)¿E8éE("F2KF,~F2«F"ÞFG(GFGbG"uG˜G&´G(ÛG1H&6H']H%…H"«HÎHëH I'IGI*eI$IµIÉIáIöI J*0J[JjJ}J˜J%¯J'ÕJýJK 4K,UKC‚KÆKÜK!üKL1LCL_LL—L4µLêLüL1M$IMnMˆM™M*¶M áMN N2N0MN~N3”NÈNÞNúN O$O=OTOdOuO‘O­O!ËO/íO-PKPgP{P%ŽP%´P ÚP*æP#Q&5Q-\QØŠQcS€S“S£S¿SÐS¾ëSªUÅWÜWõWYY%Y4YFY[YdY'‚Y-ªYIØY"Z*>Z-iZ—Z´ZPÐZA![)c[)[·[Ó[&ò[-\G\^\q\<€\<½\ú\](]/]B>]6]¸]CÔ]^5^F^8Z^;“^Ï^*é^*_A?_,_6®_;å_(!`8J`9ƒ`½`$Ø`4ý`@2a*sa|ža<b;Xb$”b&¹bàbKøbADcA†c(Èc.ñc9 dFZd9¡dÛd8÷d0e7Ne;†eÂe.ÞeF f;Tf<f&Íf$ôf3gMg,jgL—g?äg'$hQLhOžhQîh3@iti‰i9©i~ãi8bjH›j/äj1kBFk;‰k3Åk.ùkD(l.ml/œlÌl,èl>mCTm»˜m:Tnn®n3ÍnBo'Dolo=so!±o&Óo-úo6(p*_pMŠp*Øp<q3@qStq(Èq!ñq;r2Or:‚r½r,Õr3s:6s9qs!«sJÍs3tBLt7t;Çt"u#&u/Ju]zuØuWöu8Nv1‡v/¹v.évKwLdwZ±w` xœmx4 y<?y\|y:Ùy7z2LzGz/Çz0÷z4({]{J{{ Æ{8Ô{: |H|9a|›|´|&Ì|-ó|!}=}'T}(|}&¥}'Ì})ô}1~P~]m~Ë~ç~$7)4a6–%Í ó€4€+Q€ }€!ž€ À€%á€6>X1t ¦1Ç ù3‚#8‚\‚u‚•‚µ‚Ì‚+æ‚)ƒ<ƒ$\ƒ ƒ¢ƒ@ƒ[„5_„$•„oº„$*…0O…?€…,À…;í…4)†@^†1Ÿ†)ц0û†,‡I‡-Z‡+ˆ‡4´‡6é‡C ˆ4dˆ9™ˆ/Óˆ.‰&2‰.Y‰.ˆ‰.·‰1æ‰9Š1RŠ„Š3 ŠÔŠ"óŠ0‹:G‹‚‹! ‹)‹'ì‹;Œ1PŒ'‚Œ"ªŒ,ÍŒNúŒQI"›2¾-ñ!ŽAŽ/]Ž1Ž7¿Ž(÷ŽH i-ƒC±8õ'.V/u9¥4ß.‘'C‘.k‘Oš‘ê‘G ’R’!o’‘’ §’#È’ ì’ “"“$<“"a“ „“%¥“9Ë“:”*@”k”Š”+Ÿ”*Ë”ö”0•)7•/a•D‘•+í4ÁGFý6RKƒLŒ¼¶” ¡zÇO«E[Àê|B%ø†i5mM¬@Ã)ÒV^’ž %Kã‡ØQB(“¾¸ÊOU(Ä#x;° Ùe &!.²®8¨4·Í#è½ßJ;:Nôü­>Aˆ¯sovd,j•I´8 "ánÏÌI><N„=@rб€¢©/Üt{5ï<›œa '+â1Ûfé)û£"—lðþ÷y˜JG‚ÝŪÿP0Š -‘H»¥Ÿ9àcºëæµE2LQ=g¦…]Rú$õ–HÔWDóÂSkä:Þ`XY* F32ZùìòTC¿.7!ÖP¤×wh§9b' Ñuñ~p_ šÈ 7&ÓÉ\$ç?‹MËŽ0Æö*å/3D,C61 }ÕAÚ -?¹Îq³ host unmatched Command allowed Command denied Command unmatched LDAP Role: %s LDAP Role: UNKNOWN Options: -c, --check check-only mode -f, --file=file specify sudoers file location -h, --help display help message and exit -q, --quiet less verbose (quiet) syntax error messages -s, --strict strict syntax checking -V, --version display version information and exit -x, --export=file export sudoers in JSON format Options: -d, --directory=dir specify directory for session logs -f, --filter=filter specify which I/O type(s) to display -h, --help display help message and exit -l, --list list available session IDs, with optional expression -m, --max-wait=num max number of seconds to wait between events -s, --speed=num speed up or slow down output -V, --version display version information and exit Sudoers entry: Sudoers path: %s We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Commands: Options: Order: %s RunAsGroups: RunAsUsers: %8s : %s%8s : (command continued) %s%s - replay sudo session logs %s - safely edit the sudoers file %s and %s not on the same file system, using mv to rename%s busy, try again later%s exists but is not a directory (0%o)%s exists but is not a regular file (0%o)%s grammar version %d %s is not a regular file%s is not allowed to run sudo on %s. This incident will be reported. %s is not in the sudoers file. This incident will be reported. %s is owned by gid %u, should be %u%s is owned by uid %u, should be %u%s is world writable%s must be owned by uid %d%s must only be writable by owner%s owned by uid %u, should be uid %u%s requires an argument%s unchanged%s version %s %s writable by non-owner (0%o), should be mode 0600%s writable by non-owner (0%o), should be mode 0700%s/%.2s/%.2s/%.2s/timing: %s%s/%s/timing: %s%s: %s%s: %s: %s: %s%s: Cannot verify TGT! Possible attack!: %s%s: bad permissions, should be mode 0%o %s: command not found%s: incompatible group plugin major version %d, expected %d%s: invalid log file%s: parsed OK %s: read error%s: runas group field is missing%s: runas user field is missing%s: time stamp %s: %s%s: time stamp field is missing%s: unable to allocate options: %s%s: unable to convert principal to string ('%s'): %s%s: unable to get credentials: %s%s: unable to get host principal: %s%s: unable to initialize credential cache: %s%s: unable to parse '%s': %s%s: unable to resolve credential cache: %s%s: unable to store credential in cache: %s%s: unused %s_Alias %s%s: user field is missing%s: wrong owner (uid, gid) should be (%u, %u) %u incorrect password attempt%u incorrect password attempts*** SECURITY information for %h ***Account expired or PAM config lacks an "account" section for sudo, contact your system administratorAccount or password is expired, reset your password and try againAdd an entry to the utmp/utmpx file when allocating a ptyAddress to send mail from: %sAddress to send mail to: %sAlias `%s' already definedAllow some information gathering to give useful error messagesAllow sudo to prompt for a password even if it would be visibleAllow users to set arbitrary environment variablesAlways run commands in a pseudo-ttyAlways send mail when sudo is runAlways set $HOME to the target user's home directoryApply defaults in the target user's login class if there is oneAttempt to establish PAM credentials for the target userAuthentication methods:Authentication timestamp timeout: %.1f minutesCompress I/O logs using zlibCould not determine audit conditionCreate a new PAM session for the command to run inDefault password prompt: %sDefault user to run commands as: %sDirectory in which to store input/output logs: %sDon't initialize the group vector to that of the target userEnvironment variables to check for sanity:Environment variables to preserve:Environment variables to remove:Error: %s_Alias `%s' referenced but not definedError: cycle in %s_Alias `%s'File containing the sudo lecture: %sFile descriptors >= %d will be closed before executing a commandFile in which to store the input/output log: %sFlags for mail program: %sIf LDAP directory is up, do we ignore local sudoers fileIf set, passprompt will override system prompt in all cases.If set, users may override the value of `closefrom' with the -C optionIf sudo is invoked with no arguments, start a shellIgnore '.' in $PATHIncorrect password message: %sInsult the user when they enter an incorrect passwordInvalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication.Lecture user the first time they run sudoLength at which to wrap log file lines (0 for no wrap): %uLocal IP address and netmask pairs: Locale to use while parsing sudoers: %sLog geometry is %d x %d, your terminal's geometry is %d x %d.Log the hostname in the (non-syslog) log fileLog the output of the command being runLog the year in the (non-syslog) log fileLog user's input for the command being runMatching Defaults entries for %s on %s: Maximum I/O log sequence number: %uNo user or hostNumber of tries to enter a password: %uOnly allow the user to run sudo if they have a ttyOnly set the effective uid to the target user, not the real uidOptions are: (e)dit sudoers file again e(x)it without saving changes to sudoers file (Q)uit and save changes to sudoers file (DANGER!) Owner of the authentication timestamp dir: %sPAM authentication error: %sPAM service name to usePAM service name to use for login shellsPassword expired, contact your system administratorPassword prompt timeout: %.1f minutesPassword:Path to authentication timestamp dir: %sPath to log file: %sPath to mail program: %sPath to the editor for use by visudo: %sPath to the sudo-specific environment file: %sPlugin for non-Unix group support: %sPreload the dummy exec functions contained in the sudo_noexec libraryPrompt for root's password, not the users'sPrompt for the runas_default user's password, not the users'sPrompt for the target user's password, not the users'sProvide visual feedback at the password prompt when there is user inputPut OTP prompt on its own lineReplaying sudo session: %s Require fully-qualified hostnames in the sudoers fileRequire users to authenticate by defaultReset the environment to a default set of variablesRoot may run sudoRun commands on a pty in the backgroundRunas and Command-specific defaults for %s: SELinux role to use in the new security context: %sSELinux type to use in the new security context: %sSecurID communication failedSend mail if the user is not allowed to run a commandSend mail if the user is not in sudoersSend mail if the user is not in sudoers for this hostSend mail if user authentication failsSet $HOME to the target user when starting a shell with -sSet of limit privilegesSet of permitted privilegesSet the LOGNAME and USER environment variablesSet the user in utmp to the runas user, not the invoking userSorry, try again.Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s. Sorry, user %s may not run sudo on %s. Subject line for mail messages: %sSudoers file grammar version %d Sudoers policy plugin version %s Syslog facility if syslog is being used for logging: %sSyslog priority to use when user authenticates successfully: %sSyslog priority to use when user authenticates unsuccessfully: %sThe umask specified in sudoers will override the user's, even if it is more permissiveThere are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option.Umask to use or 0777 to use user's: 0%oUse a separate timestamp for each user/tty comboUse faster globbing that is less accurate but does not access the filesystemUser %s is not allowed to run sudo on %s. User %s may run the following commands on %s: User ID locked for SecurID AuthenticationUsers in this group are exempt from password and PATH requirements: %sValue to override user's $PATH with: %sVisudo will honor the EDITOR environment variableWarning: %s_Alias `%s' referenced but not definedWarning: cycle in %s_Alias `%s'Warning: your terminal is too small to properly replay the log. What now? When to require a password for 'list' pseudocommand: %sWhen to require a password for 'verify' pseudocommand: %sa password is requiredaccount validation failure, is your account locked?ambiguous expression "%s"authentication failureauthentication server error: %scommand failed: '%s %s %s', %s unchangedcommand in current directorycommand not allowedcould not parse date "%s"digest for %s (%s) is not in %s formeditor (%s) failed, %s unchangederror renaming %s, %s unchangedfailed to initialise the ACE API libraryfailed to parse %s file, unknown errorfill_args: buffer overflowignoring `%s' found in '.' Use `sudo ./%s' if this is the `%s' you wish to run.illegal trailing "!"illegal trailing "or"internal error, %s overflowinternal error, unable to find %s in list!internal error: insufficient space for log lineinvalid Authentication Handle for SecurIDinvalid authentication methodsinvalid authentication typeinvalid filter option: %sinvalid max wait: %sinvalid passcode length for SecurIDinvalid regular expression: %sinvalid speed factor: %sinvalid sudoOrder attribute: %sinvalid timing file line: %sinvalid username length for SecurIDldap.conf path: %s ldap.secret path: %s lost connection to authentication serverno authentication methodsno editor found (editor path = %s)no ttyno valid sudoers sources found, quittingno value specified for `%s'nsswitch path: %s only root can use `-c %s'option `%s' does not take a valueparse error in %sparse error in %s parse error in %s near line %dparse error in %s near line %d perm stack overflowperm stack underflowpress return to edit %s: problem with defaults entriessorry, you are not allowed to preserve the environmentsorry, you are not allowed to set the following environment variables: %ssorry, you must have a tty to run sudospecified editor (%s) doesn't existstart_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()starttls not supported when using ldapssudo_ldap_build_pass1 allocation mismatchsudo_ldap_conf_add_ports: out of space expanding hostbufsudo_ldap_conf_add_ports: port too largesudo_ldap_parse_uri: out of space building hostbufsudo_putenv: corrupted envp, length mismatchsudoers specifies that root is not allowed to sudotimestamp owner (%s): No such usertimestamp path too long: %stimestamp too far in the future: %20.20stoo many levels of includestoo many processesunable to begin bsd authenticationunable to build time filterunable to cache gid %u, already existsunable to cache group %s, already existsunable to cache group list for %s, already existsunable to cache uid %u, already existsunable to cache user %s, already existsunable to change expired password: %sunable to change mode of %s to 0%ounable to change to root gidunable to change to runas gidunable to change to runas uidunable to change to sudoers gidunable to commit audit recordunable to connect to authentication serverunable to contact the SecurID serverunable to create %sunable to dup stdin: %munable to execute %sunable to execute %s: %munable to find symbol "%s" in %sunable to find symbol "group_plugin" in %sunable to forkunable to fork: %munable to format timestampunable to get GMT timeunable to get login class for user %sunable to initialize BSD authenticationunable to initialize LDAP: %sunable to initialize PAMunable to initialize SIA sessionunable to initialize SSL cert and key db: %sunable to initialize SSS source. Is SSSD installed on your machine?unable to load %s: %sunable to lock log file: %s: %sunable to mix ldap and ldaps URIsunable to mkdir %sunable to open %sunable to open audit systemunable to open log file: %s: %sunable to open pipe: %munable to parse groups for %sunable to re-open temporary file (%s), %s unchanged.unable to read %sunable to read fwtk configunable to remove %s, will reset to the Unix epochunable to reset %s to the Unix epochunable to resolve host %sunable to run %sunable to send audit messageunable to set (uid, gid) of %s to (%u, %u)unable to set runas group vectorunable to set tty to raw modeunable to stat %sunable to stat editor (%s)unable to stat temporary file (%s), %s unchangedunable to write to %sunabled to parse temporary file (%s), unknown errorunknown SecurID errorunknown defaults entry `%s'unknown group: %sunknown login class: %sunknown search term "%s"unknown search type %dunknown uid: %uunknown user: %sunmatched '(' in expressionunmatched ')' in expressionunsupported LDAP uri type: %sunsupported digest type %d for %susage: %s [-h] [-d dir] -l [search expression] usage: %s [-h] [-d dir] [-m num] [-s num] ID user NOT authorized on hostuser NOT in sudoersvalidation failurevalue `%s' is invalid for option `%s'values for `%s' must start with a '/'write erroryou are not permitted to use the -C optionyou do not exist in the %s databaseyou must set TLS_CERT in %s to use SSLzero length temporary file (%s), %s unchangedProject-Id-Version: sudoers 1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-17 10:47-0700 PO-Revision-Date: 2013-12-26 18:18-0300 Last-Translator: Rafael Ferreira Language-Team: Brazilian Portuguese Language: pt_BR MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Generator: Poedit 1.5.4 Plural-Forms: nplurals=2; plural=(n > 1); máquina sem correspondente Comando permitido Comando negado Comando sem correspondente Papel LDAP: %s Papel LDAP: DESCONHECIDO Opções: -c, --check modo de verificação, apenas -f, --file=arquivo especifica localização do arquivo sudoers -h, --help exibe uma mensagem de ajuda e sai -q, --quiet mensagens de erro menos detalhistas (quieto) -s, --strict verificação rigorosa de sintaxe -V, --version exibe a informação da versão e sai -x, --export=arquivo exporta o sudoers no formato JSON Opções: -d, --directory=diretório especifica o diretório dos logs de sessão -f, --filter=filtro especifica qual o tipo de E/S para exibir -h, --help exibe mensagem de ajuda e sai -l, --list lista IDs de sessão disponíveis correspondentes à expressão -m, --max-wait=número número máximo, em segundos, de espera entre eventos -s, --speed=número aumenta ou diminui a velocidade da saída -V, --version exibe a informação da versão e sai Entradas no sudoers: Caminho do sudoers: %s Presumimos que você recebeu as instruções de sempre do administrador de sistema local. Basicamente, resume-se a estas três coisas: #1) Respeite a privacidade dos outros. #2) Pense antes de digitar. #3) Com grandes poderes vêm grandes responsabilidades. Comandos: Opções: Ordem: %s GruposRunAs: UsuáriosRunAs: %8s : %s%8s : (comando continuado) %s%s - reproduz logs de sessão do sudo %s - edita o arquivo sudoers com segurança %s e %s não estão no mesmo sistema de arquivos, usando mv para renomear%s ocupado, tente novamente%s existe, mas não é um diretório (0%o)%s existe, mas não é um arquivo comum (0%o)gramática de %s versão %d %s não é um arquivo comum%s não tem permissão para executar sudo em %s. Este incidente será relatado. %s não está no arquivo sudoers. Este incidente será relatado. %s tem como dono o gid %u, deveria ser %u%s tem como dono o uid %u, deveria ser %u%s é gravável globalmente%s deve ter como dono o uid %d%s deve ser gravável apenas pelo dono%s tem como dono o uid %u, deveria ser uid %u%s requer um argumento%s sem alteração%s versão %s %s gravável por não-dono (0%o); deveria estar no modo 0600%s gravável por não-dono (0%o); deveria estar no modo 0700%s/%.2s/%.2s/%.2s/timing: %s%s/%s/timing: %s%s: %s%s: %s: %s: %s%s: Não foi possível verificar TGT! Possivelmente um ataque!: %s%s: permissões incorretas; deveria estar no modo 0%o %s: comando não encontrado%s: versão maior do plug-in de grupo %d incompatível, esperava %d%s: arquivo de log inválido%s: análise OK %s: erro de leitura%s: campo de grupo, a ser executado como, está faltando%s: campo de usuário, a ser executado como, está faltando%s: marca de tempo %s: %s%s: campo de marca de tempo está faltando%s: não foi possível alocar opções: %s%s: não foi possível converter principal para string ("%s"): %s%s: não foi possível obter credenciais: %s%s: não foi possível obter principal da máquina: %s%s: não foi possível inicializar cache de credenciais: %s%s: não foi possível analisar "%s": %s%s: não foi possível resolver cache de credenciais: %s%s: não foi possível armazenar credenciais no cache: %s%s: %s_Alias %s não usado%s: campo de usuário está faltando%s: dono (uid, gid) incorreto; deveria ser (%u, %u) %u tentativa de senha incorreta%u tentativas de senha incorreta*** informação de SEGURANÇA para %h ***Conta expirou ou a configuração do PAM não possui uma seção "account" para sudo; contate o administrador do seu sistemaConta ou senha expirou; redefina sua senha e tente novamenteAdiciona uma entrada ao arquivo utmp/utmpx ao alocar um ptyEndereço de onde enviar correio: %sEndereço para onde enviar correio: %sAlias "%s" já definidoPermite juntar algumas informações para fornecer mensagens de erro úteisPermite ao sudo solicitar uma senha mesmo se ele estiver visívelPermite que usuários definam variáveis de ambiente arbitráriasSempre executa comandos em um pseudo-ttySempre envia correio quando sudo for executadoSempre define $HOME para a pasta pessoal do usuário alvoAplica o padrão na classe de login do usuário alvo, se houver algumaTenta estabelecer as credenciais PAM para o usuário alvoMétodos de autenticação:Marca de tempo de autenticação expira em: %.1f minutosComprime logs I/O usando zlibNão foi possível determinar a condição de auditoriaCria uma nova sessão PAM para o comando ser executado nelaPedido de senha padrão: %sUsuário padrão para se executar comandos: %sDiretório no qual devem ser armazenados os logs de entrada/saída: %sNão inicializa o vetor de grupos para aquele usuário alvoVariáveis de ambiente nas quais deve-se verificar sanidade:Variáveis de ambiente para preservar:Variáveis de ambiente para remover:Erro: %s_Alias "%s" referenciado, mas não definidoErro: ciclo em %s_Alias "%s"Arquivo contendo as instruções do sudo: %sDescritores, de arquivos, >= %d serão fechados antes de executar um comandoArquivo no qual deve ser armazenado o log de entrada/saída: %sOpções para o programa de correio: %sEstando o diretório LDAP disponível, se devemos ignorar o arquivo sudoers localSe definido, o pedido de senha vai sobrescrever o do sistema em todos os casos.Se definido, usuários podem sobrescrever o valor de "closefrom" com a opção -CSe sudo for chamado sem argumentos, inicia um shellIgnorar "." no $PATHMensagem de senha incorreta: %sInsulta o usuário quando ele digitar uma senha incorretaMétodos de autenticação inválidos compilado no sudo! Você não pode misturar autenticação autônoma com não-autônoma.Instrui o usuário na primeira vez que ele executar sudoComprimento da quebra de linha do arquivo de log (0 para sem quebra): %uPar de endereço IP e máscara de rede locais: Localização para usar ao analisar o sudoers: %sGeometria do log é %d x %d; geometria do seu terminal é %d x %d.Registra o nome da máquina no arquivo de log (não-syslog)Registra no log a saída do comando sendo executadoRegistra o ano no arquivo de log (não-syslog)Registra no log a entrada do usuário para o comando sendo executadoEntradas padrões correspondentes a %s em %s: Número máximo de sequência de log de E/S: %unenhum usuário ou máquinaNúmero de tentativas para digitar senha: %uPermite que o usuário execute sudo apenas se ele tiver um ttyDefine o uid efetivo apenas para o usuário alvo, e não o uid realOpções são: (e)dit - editar arquivos sudoers novamente e(x)it - sair sem salvar alterações no arquivo sudoers (Q)uit - sair e salvar alterações no arquivo sudoers (PERIGO!) Dono do diretório de marca de tempo de autenticação: %serro de autenticação PAM: %sNome do serviço PAM para usarNome do serviço PAM para usar para shells de loginSenha expirou; entre em contato com o administrador do seu sistemaPedido de senha expira em: %.1f minutosSenha:Caminho do diretório de marca de tempo de autenticação: %sCaminho para o arquivo de log: %sCaminho para o programa de correio: %sCaminho do editor a ser usado pelo visudo: %sCaminho do arquivo de ambiente específico do sudo: %sPlug-in para suporte a grupo não-Unix: %sPré-carrega as funções de exec de teste contidas na biblioteca sudo_noexecPede a senha do root, e não a do usuárioPede a senha do usuário runas_default, e não a do usuárioPede a senha do usuário alvo, e não a do usuáriofornece feedback visual na solicitação de senha quando houver entrada do usuárioColocar prompt OTP na sua própria linhaReproduzindo sessão de sudo: %s Exige nomes de máquina completos (FQDN) no arquivo sudoersExige que os usuários se autentiquem, por padrãoRedefine o ambiente para um conjunto padrão de variáveisRoot pode executar sudoExecuta comandos em um pty em plano de fundoPadrões específicos de comandos e "runas" de %s: Papel SELinux para usar no novo contexto de segurança: %sTipo SELinux para usar no novo contexto de segurança: %sfalha de comunicação de SecurIDEnvia correio se o usuário não tiver permissão para executar um comandoEnvia correio se o usuário não estiver no sudoersEnvia correio se o usuário não estiver no sudoers desta máquinaEnvia correio se a autenticação de um usuário falharDefine $HOME com o usuário alvo ao iniciar um shell com -sConjunto de privilégios limitadosConjunto de privilégios permitidosDefine as variáveis de ambiente LOGNAME e USERDefine o usuário em utmp como usuário a ser executado como, e não o usuário a ser chamadoSinto muito, tente novamente.Sinto muito, usuário %s não tem permissão para executar "%s%s%s" como %s%s%s em %s. Sinto muito, usuário %s não pode executar sudo em %s. Linha do assunto para as mensagens de correio: %sVersão de gramática de arquivo do sudoers %d Versão de plug-in de política do sudoers %s Facilidade do syslog, se syslog estiver sendo usado para registrar logs: %sPrioridade do syslog para usar quando um usuário autenticar com sucesso: %sPrioridade do syslog para usar quando um usuário não usuário autenticar com sucesso: %sO umask especificado no sudoers vai sobrescrever o do usuário, mesmo se ele foi mais permissivoNão há métodos de autenticação compilados no sudo! Se você quiser desligar a autenticação, use a opção de configuração --disable-authentication.Umask a ser usada ou 0777 para usar do usuário: 0%oUsa uma marca de tempo separada para cada combo usuário/ttyUsa um englobamento mais rápido que é menos preciso, mas não acessa o sistema de arquivosUsuário %s não tem permissão para executar sudo em %s. Usuário %s pode executar os seguintes comandos em %s: ID de usuário travado pela autenticação SecurIDUsuários neste grupo estão eximidos da exigência de senha e PATH: %sValor para sobrescrever o $PATH do usuário: %sVisudo vai honrar a variável de ambiente EDITORAviso: %s_Alias "%s" referenciado, mas não definidoAviso: ciclo em %s_Alias "%s"Aviso: seu terminal é muito pequeno para reproduzir adequadamente o log. Agora o que? Quando exigir uma senha para o pseudo-comando "list": %sQuando exigir uma senha para o pseudo-comando "verify": %suma senha é necessáriafalha de verificação da conta; sua conta está travada?expressão ambígua "%s"falha de autenticaçãoerro no servidor de autenticação: %scomando "%s %s %s" falhou, %s sem alteraçãocomando no diretório atualcomando não permitidonão foi possível analisar a data "%s"digest de %s (%s) não está na forma %seditor (%s) falhou, %s sem alteraçãoerro ao renomear %s, %s sem alteraçãofalha ao inicializar a biblioteca API ACEfalha em analisar o arquivo %s, erro desconhecidofill_args: estouro de bufferignorando "%s" encontrado em "." Use "sudo ./%s" se isto é o "%s" que você deseja executar.fim de linha ilegal com "!"fim de linha ilegal com "or"erro interno, estouro de pilha de %serro interno, não foi possível localizar %s na lista!erro interno: espaço insuficiente para linha de logmanipulação inválida de autenticação para SecurIDmétodos de autenticação inválidostipo de autenticação inválidaopção de filtro inválida: %sespera máxima inválida: %scomprimento de senha inválida para SecurIDexpressão regular inválida: %sfator de velocidade inválido: %satributo sudoOrder inválido: %slinha inválida no arquivo timing: %scomprimento de nome de usuário inválido para SecurIDcaminho do ldap.conf: %s caminho do ldap.secret: %s conexão perdida com o servidor de autenticaçãonenhum método de autenticaçãonenhum editor encontrado (caminho do editor = %s)nenhum ttynenhuma fonte de sudoers válida encontrada; saindonenhum valor especificado para "%s"caminho do nsswitch: %s apenas o root pode usar "-c %s"opção "%s" não leva um valorerro de análise em %serro de análise em "%s" erro de análise em %s próximo à linha %derro de análise em %s perto da linha %d estouro da pilha de permissõesesvaziamento da pilha de permissõespressione enter para editar %s: problema com o entradas padrãosinto muito, você não tem permissão para preservar o ambientesinto muito, você não tem permissão para definir as seguintes variáveis de ambiente: %ssinto muito, você deve ter um tty para executar sudoeditor especificado (%s) não existestart_tls especificado, mas bibliotecas LDAP não possuem suporte a ldap_start_tls_s() ou ldap_start_tls_s_np()Sem suporte a starttls ao usar ldapsalocação de sudo_ldap_build_pass1 não conferesudo_ldap_conf_add_ports: sem espaço para expansão de hostbufsudo_ldap_conf_add_ports: porta muito grandesudo_ldap_parse_uri: sem espaço na construção de hostbufsudo_putenv: envp corrupto, cumprimento não conferesudoers especifica que o root não tem permissão para usar sudodono da marca de tempo (%s): usuário inexistentecaminho de marca de tempo muito longo: %smarca de tempo muito a frente no futuro: %20.20sníveis de inclusões demaisprocessos demaisnão foi possível iniciar autenticação BSDnão foi possível compilar filtro de temponão foi possível fazer cache de gid %u, já existenão foi possível fazer cache de grupo %s, já existenão foi possível fazer cache da lista de grupos de %s, já existenão foi possível fazer cache de uid %u, já existenão foi possível fazer cache de usuário %s, já existenão foi possível alterar a senha expirada: %snão foi possível alterar modo de %s para 0%onão foi possível alterar gid de rootnão foi possível alterar para gid de "runas"não foi possível alterar para uid de "runas"não foi possível alterar para gid de sudoersnão foi possível enviar o registro de auditorianão foi possível conectar ao servidor de autenticaçãonão foi possível contatar o servidor de SecurIDnão foi possível criar %snão foi possível fazer dup da entrada padrão: %mnão foi possível executar %snão foi possível executar %s: %mnão foi possível localizar símbolo "%s" em %snão foi possível localizar um símbolo "group_plugin" %snão foi possível fazer forknão foi possível fazer fork: %mnão é possível formatar marca de temponão foi possível obter o horário GMTnão foi possível obter classe de login para o usuário %snão foi possível inicializar autenticação BSDnão foi possível inicializar LDAP: %snão foi possível inicializar PAMnão foi possível inicializar a sessão SIAnão foi possível inicializar bando de dados de chaves e certificados SSL: %snão foi possível inicializar a fonte SSS. SSSD está instalado em sua máquina?não foi possível carregar %s: %snão foi possível travar o arquivo de log: %s: %snão foi possível misturar ldap e ldaps URIsnão foi possível fazer mkdir %snão foi possível abrir %snão foi possível abrir o sistema de auditorianão foi possível abrir o arquivo de log: %s: %snão foi possível abrir um redirecionamento (pipe): %mNão foi possível analisar grupos de %snão foi possível reabrir arquivo temporário (%s), %s sem alteração.não foi possível ler %snão foi possível ler configuração de fwtknão foi possível remover %s, redefinindo para como estava no Unixnão foi possível redefinir %s para como estava no Unixnão foi possível resolver máquina %snão foi possível executar %snão foi possível enviar mensagem de auditorianão foi possível definir (uid, gid) de %s para (%u, %u)não foi possível definir vetor de grupo de "runas"não foi possível definir o tty para modo rawnão foi possível obter o estado de %snão foi possível obter estado do editor (%s)não foi possível obter estado de arquivo temporário (%s), %s sem alteraçãonão foi possível gravar em %snão foi possível analisar arquivo temporário (%s), erro desconhecidoerro de SecurID desconhecidoentrada padrão "%s" desconhecidogrupo desconhecido %sclasse de login desconhecida: %stermo de pesquisa desconhecido "%s"tipo de pesquisa desconhecido %duid desconhecido: %uusuário desconhecido: %s"(" sem correspondente na expressão")" não coincidente na expressãotipo de uri LDAP sem suporte: %stipo de digest %d sem suporte para %suso: %s [-h] [-d diretório] -l [expressão de pesquisa] uso: %s [-h] [-d diretório] [-m número] [-s número] ID usuário NÃO ESTà autorizado na máquinausuário NÃO ESTà no sudoersfalha de validaçãovalor "%s" é inválido para a opção "%s"valores para "%s" devem iniciar com um "/"erro de escritavocê não tem permissão para usar a opção -Cvocê não existe no banco de dados de %svocê deve definir TLS_CERT em %s para usar SSLarquivo de temporário (%s) com comprimento zero, %s sem alteraçãosudo-1.8.9p5/plugins/sudoers/po/pt_BR.po010064400175440000012000001617771226304126300175170ustar00millertstaff# Brazilian Portuguese translation of sudoers. # This file is distributed under the same license as the sudo package. # Copyright (C) 2013 Free Software Foundation, Inc. # Rafael Ferreira , 2013. # msgid "" msgstr "" "Project-Id-Version: sudoers 1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-17 10:47-0700\n" "PO-Revision-Date: 2013-12-26 18:18-0300\n" "Last-Translator: Rafael Ferreira \n" "Language-Team: Brazilian Portuguese \n" "Language: pt_BR\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Poedit 1.5.4\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" #: confstr.sh:2 msgid "Password:" msgstr "Senha:" #: confstr.sh:3 msgid "*** SECURITY information for %h ***" msgstr "*** informação de SEGURANÇA para %h ***" #: confstr.sh:4 msgid "Sorry, try again." msgstr "Sinto muito, tente novamente." #: plugins/sudoers/alias.c:136 #, c-format msgid "Alias `%s' already defined" msgstr "Alias \"%s\" já definido" #: plugins/sudoers/auth/bsdauth.c:75 #, c-format msgid "unable to get login class for user %s" msgstr "não foi possível obter classe de login para o usuário %s" #: plugins/sudoers/auth/bsdauth.c:81 msgid "unable to begin bsd authentication" msgstr "não foi possível iniciar autenticação BSD" #: plugins/sudoers/auth/bsdauth.c:89 msgid "invalid authentication type" msgstr "tipo de autenticação inválida" #: plugins/sudoers/auth/bsdauth.c:98 msgid "unable to initialize BSD authentication" msgstr "não foi possível inicializar autenticação BSD" #: plugins/sudoers/auth/fwtk.c:59 msgid "unable to read fwtk config" msgstr "não foi possível ler configuração de fwtk" #: plugins/sudoers/auth/fwtk.c:64 msgid "unable to connect to authentication server" msgstr "não foi possível conectar ao servidor de autenticação" #: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 #: plugins/sudoers/auth/fwtk.c:127 msgid "lost connection to authentication server" msgstr "conexão perdida com o servidor de autenticação" #: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" "erro no servidor de autenticação:\n" "%s" #: plugins/sudoers/auth/kerb5.c:116 #, c-format msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s: não foi possível converter principal para string (\"%s\"): %s" #: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: não foi possível analisar \"%s\": %s" #: plugins/sudoers/auth/kerb5.c:169 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: não foi possível resolver cache de credenciais: %s" #: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: não foi possível alocar opções: %s" #: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: não foi possível obter credenciais: %s" #: plugins/sudoers/auth/kerb5.c:246 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: não foi possível inicializar cache de credenciais: %s" #: plugins/sudoers/auth/kerb5.c:250 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: não foi possível armazenar credenciais no cache: %s" #: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: não foi possível obter principal da máquina: %s" #: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: Não foi possível verificar TGT! Possivelmente um ataque!: %s" #: plugins/sudoers/auth/pam.c:98 msgid "unable to initialize PAM" msgstr "não foi possível inicializar PAM" #: plugins/sudoers/auth/pam.c:149 msgid "account validation failure, is your account locked?" msgstr "falha de verificação da conta; sua conta está travada?" #: plugins/sudoers/auth/pam.c:153 msgid "Account or password is expired, reset your password and try again" msgstr "Conta ou senha expirou; redefina sua senha e tente novamente" #: plugins/sudoers/auth/pam.c:161 #, c-format msgid "unable to change expired password: %s" msgstr "não foi possível alterar a senha expirada: %s" #: plugins/sudoers/auth/pam.c:166 msgid "Password expired, contact your system administrator" msgstr "Senha expirou; entre em contato com o administrador do seu sistema" #: plugins/sudoers/auth/pam.c:170 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Conta expirou ou a configuração do PAM não possui uma seção \"account\" para sudo; contate o administrador do seu sistema" #: plugins/sudoers/auth/pam.c:187 #, c-format msgid "PAM authentication error: %s" msgstr "erro de autenticação PAM: %s" #: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:222 #, c-format msgid "you do not exist in the %s database" msgstr "você não existe no banco de dados de %s" #: plugins/sudoers/auth/securid5.c:80 msgid "failed to initialise the ACE API library" msgstr "falha ao inicializar a biblioteca API ACE" #: plugins/sudoers/auth/securid5.c:106 msgid "unable to contact the SecurID server" msgstr "não foi possível contatar o servidor de SecurID" #: plugins/sudoers/auth/securid5.c:115 msgid "User ID locked for SecurID Authentication" msgstr "ID de usuário travado pela autenticação SecurID" #: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 msgid "invalid username length for SecurID" msgstr "comprimento de nome de usuário inválido para SecurID" #: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 msgid "invalid Authentication Handle for SecurID" msgstr "manipulação inválida de autenticação para SecurID" #: plugins/sudoers/auth/securid5.c:127 msgid "SecurID communication failed" msgstr "falha de comunicação de SecurID" #: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 msgid "unknown SecurID error" msgstr "erro de SecurID desconhecido" #: plugins/sudoers/auth/securid5.c:165 msgid "invalid passcode length for SecurID" msgstr "comprimento de senha inválida para SecurID" #: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "não foi possível inicializar a sessão SIA" #: plugins/sudoers/auth/sudo_auth.c:119 msgid "invalid authentication methods" msgstr "métodos de autenticação inválidos" #: plugins/sudoers/auth/sudo_auth.c:120 msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." msgstr "Métodos de autenticação inválidos compilado no sudo! Você não pode misturar autenticação autônoma com não-autônoma." #: plugins/sudoers/auth/sudo_auth.c:203 msgid "no authentication methods" msgstr "nenhum método de autenticação" #: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "Não há métodos de autenticação compilados no sudo! Se você quiser desligar a autenticação, use a opção de configuração --disable-authentication." #: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "Métodos de autenticação:" #: plugins/sudoers/bsm_audit.c:91 plugins/sudoers/bsm_audit.c:158 msgid "Could not determine audit condition" msgstr "Não foi possível determinar a condição de auditoria" #: plugins/sudoers/bsm_audit.c:134 plugins/sudoers/bsm_audit.c:199 msgid "unable to commit audit record" msgstr "não foi possível enviar o registro de auditoria" #: plugins/sudoers/check.c:189 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" "Administrator. It usually boils down to these three things:\n" "\n" " #1) Respect the privacy of others.\n" " #2) Think before you type.\n" " #3) With great power comes great responsibility.\n" "\n" msgstr "" "\n" "Presumimos que você recebeu as instruções de sempre do administrador\n" "de sistema local. Basicamente, resume-se a estas três coisas:\n" "\n" " #1) Respeite a privacidade dos outros.\n" " #2) Pense antes de digitar.\n" " #3) Com grandes poderes vêm grandes responsabilidades.\n" "\n" #: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 #: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:588 #, c-format msgid "unknown uid: %u" msgstr "uid desconhecido: %u" #: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:657 #: plugins/sudoers/sudoers.c:850 plugins/sudoers/testsudoers.c:211 #: plugins/sudoers/testsudoers.c:363 #, c-format msgid "unknown user: %s" msgstr "usuário desconhecido: %s" #: plugins/sudoers/def_data.c:27 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "Facilidade do syslog, se syslog estiver sendo usado para registrar logs: %s" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "Prioridade do syslog para usar quando um usuário autenticar com sucesso: %s" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "Prioridade do syslog para usar quando um usuário não usuário autenticar com sucesso: %s" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" msgstr "Colocar prompt OTP na sua própria linha" #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" msgstr "Ignorar \".\" no $PATH" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" msgstr "Sempre envia correio quando sudo for executado" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" msgstr "Envia correio se a autenticação de um usuário falhar" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" msgstr "Envia correio se o usuário não estiver no sudoers" #: plugins/sudoers/def_data.c:59 msgid "Send mail if the user is not in sudoers for this host" msgstr "Envia correio se o usuário não estiver no sudoers desta máquina" #: plugins/sudoers/def_data.c:63 msgid "Send mail if the user is not allowed to run a command" msgstr "Envia correio se o usuário não tiver permissão para executar um comando" #: plugins/sudoers/def_data.c:67 msgid "Use a separate timestamp for each user/tty combo" msgstr "Usa uma marca de tempo separada para cada combo usuário/tty" #: plugins/sudoers/def_data.c:71 msgid "Lecture user the first time they run sudo" msgstr "Instrui o usuário na primeira vez que ele executar sudo" #: plugins/sudoers/def_data.c:75 #, c-format msgid "File containing the sudo lecture: %s" msgstr "Arquivo contendo as instruções do sudo: %s" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" msgstr "Exige que os usuários se autentiquem, por padrão" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" msgstr "Root pode executar sudo" #: plugins/sudoers/def_data.c:87 msgid "Log the hostname in the (non-syslog) log file" msgstr "Registra o nome da máquina no arquivo de log (não-syslog)" #: plugins/sudoers/def_data.c:91 msgid "Log the year in the (non-syslog) log file" msgstr "Registra o ano no arquivo de log (não-syslog)" #: plugins/sudoers/def_data.c:95 msgid "If sudo is invoked with no arguments, start a shell" msgstr "Se sudo for chamado sem argumentos, inicia um shell" #: plugins/sudoers/def_data.c:99 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "Define $HOME com o usuário alvo ao iniciar um shell com -s" #: plugins/sudoers/def_data.c:103 msgid "Always set $HOME to the target user's home directory" msgstr "Sempre define $HOME para a pasta pessoal do usuário alvo" #: plugins/sudoers/def_data.c:107 msgid "Allow some information gathering to give useful error messages" msgstr "Permite juntar algumas informações para fornecer mensagens de erro úteis" #: plugins/sudoers/def_data.c:111 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "Exige nomes de máquina completos (FQDN) no arquivo sudoers" #: plugins/sudoers/def_data.c:115 msgid "Insult the user when they enter an incorrect password" msgstr "Insulta o usuário quando ele digitar uma senha incorreta" #: plugins/sudoers/def_data.c:119 msgid "Only allow the user to run sudo if they have a tty" msgstr "Permite que o usuário execute sudo apenas se ele tiver um tty" #: plugins/sudoers/def_data.c:123 msgid "Visudo will honor the EDITOR environment variable" msgstr "Visudo vai honrar a variável de ambiente EDITOR" #: plugins/sudoers/def_data.c:127 msgid "Prompt for root's password, not the users's" msgstr "Pede a senha do root, e não a do usuário" #: plugins/sudoers/def_data.c:131 msgid "Prompt for the runas_default user's password, not the users's" msgstr "Pede a senha do usuário runas_default, e não a do usuário" #: plugins/sudoers/def_data.c:135 msgid "Prompt for the target user's password, not the users's" msgstr "Pede a senha do usuário alvo, e não a do usuário" #: plugins/sudoers/def_data.c:139 msgid "Apply defaults in the target user's login class if there is one" msgstr "Aplica o padrão na classe de login do usuário alvo, se houver alguma" #: plugins/sudoers/def_data.c:143 msgid "Set the LOGNAME and USER environment variables" msgstr "Define as variáveis de ambiente LOGNAME e USER" #: plugins/sudoers/def_data.c:147 msgid "Only set the effective uid to the target user, not the real uid" msgstr "Define o uid efetivo apenas para o usuário alvo, e não o uid real" #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" msgstr "Não inicializa o vetor de grupos para aquele usuário alvo" #: plugins/sudoers/def_data.c:155 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %u" msgstr "Comprimento da quebra de linha do arquivo de log (0 para sem quebra): %u" # "Limite de tempo da marca de tempo de autenticação" ficaria estranho, então utilizei "... expira em" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "Marca de tempo de autenticação expira em: %.1f minutos" #: plugins/sudoers/def_data.c:163 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "Pedido de senha expira em: %.1f minutos" #: plugins/sudoers/def_data.c:167 #, c-format msgid "Number of tries to enter a password: %u" msgstr "Número de tentativas para digitar senha: %u" #: plugins/sudoers/def_data.c:171 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "Umask a ser usada ou 0777 para usar do usuário: 0%o" #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" msgstr "Caminho para o arquivo de log: %s" #: plugins/sudoers/def_data.c:179 #, c-format msgid "Path to mail program: %s" msgstr "Caminho para o programa de correio: %s" #: plugins/sudoers/def_data.c:183 #, c-format msgid "Flags for mail program: %s" msgstr "Opções para o programa de correio: %s" #: plugins/sudoers/def_data.c:187 #, c-format msgid "Address to send mail to: %s" msgstr "Endereço para onde enviar correio: %s" #: plugins/sudoers/def_data.c:191 #, c-format msgid "Address to send mail from: %s" msgstr "Endereço de onde enviar correio: %s" #: plugins/sudoers/def_data.c:195 #, c-format msgid "Subject line for mail messages: %s" msgstr "Linha do assunto para as mensagens de correio: %s" #: plugins/sudoers/def_data.c:199 #, c-format msgid "Incorrect password message: %s" msgstr "Mensagem de senha incorreta: %s" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "Caminho do diretório de marca de tempo de autenticação: %s" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "Dono do diretório de marca de tempo de autenticação: %s" #: plugins/sudoers/def_data.c:211 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "Usuários neste grupo estão eximidos da exigência de senha e PATH: %s" #: plugins/sudoers/def_data.c:215 #, c-format msgid "Default password prompt: %s" msgstr "Pedido de senha padrão: %s" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." msgstr "Se definido, o pedido de senha vai sobrescrever o do sistema em todos os casos." #: plugins/sudoers/def_data.c:223 #, c-format msgid "Default user to run commands as: %s" msgstr "Usuário padrão para se executar comandos: %s" #: plugins/sudoers/def_data.c:227 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "Valor para sobrescrever o $PATH do usuário: %s" #: plugins/sudoers/def_data.c:231 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "Caminho do editor a ser usado pelo visudo: %s" #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "Quando exigir uma senha para o pseudo-comando \"list\": %s" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "Quando exigir uma senha para o pseudo-comando \"verify\": %s" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in the sudo_noexec library" msgstr "Pré-carrega as funções de exec de teste contidas na biblioteca sudo_noexec" # ideia da frase original: se acontecer algo, se deve ou não ignorar. Traduzi reorganizando a frase com a finalidade de manter a ideia original. -- Rafael #: plugins/sudoers/def_data.c:247 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "Estando o diretório LDAP disponível, se devemos ignorar o arquivo sudoers local" #: plugins/sudoers/def_data.c:251 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "Descritores, de arquivos, >= %d serão fechados antes de executar um comando" #: plugins/sudoers/def_data.c:255 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "Se definido, usuários podem sobrescrever o valor de \"closefrom\" com a opção -C" #: plugins/sudoers/def_data.c:259 msgid "Allow users to set arbitrary environment variables" msgstr "Permite que usuários definam variáveis de ambiente arbitrárias" #: plugins/sudoers/def_data.c:263 msgid "Reset the environment to a default set of variables" msgstr "Redefine o ambiente para um conjunto padrão de variáveis" #: plugins/sudoers/def_data.c:267 msgid "Environment variables to check for sanity:" msgstr "Variáveis de ambiente nas quais deve-se verificar sanidade:" #: plugins/sudoers/def_data.c:271 msgid "Environment variables to remove:" msgstr "Variáveis de ambiente para remover:" #: plugins/sudoers/def_data.c:275 msgid "Environment variables to preserve:" msgstr "Variáveis de ambiente para preservar:" #: plugins/sudoers/def_data.c:279 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "Papel SELinux para usar no novo contexto de segurança: %s" #: plugins/sudoers/def_data.c:283 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "Tipo SELinux para usar no novo contexto de segurança: %s" #: plugins/sudoers/def_data.c:287 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "Caminho do arquivo de ambiente específico do sudo: %s" #: plugins/sudoers/def_data.c:291 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "Localização para usar ao analisar o sudoers: %s" #: plugins/sudoers/def_data.c:295 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "Permite ao sudo solicitar uma senha mesmo se ele estiver visível" #: plugins/sudoers/def_data.c:299 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "fornece feedback visual na solicitação de senha quando houver entrada do usuário" #: plugins/sudoers/def_data.c:303 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "Usa um englobamento mais rápido que é menos preciso, mas não acessa o sistema de arquivos" #: plugins/sudoers/def_data.c:307 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "O umask especificado no sudoers vai sobrescrever o do usuário, mesmo se ele foi mais permissivo" #: plugins/sudoers/def_data.c:311 msgid "Log user's input for the command being run" msgstr "Registra no log a entrada do usuário para o comando sendo executado" #: plugins/sudoers/def_data.c:315 msgid "Log the output of the command being run" msgstr "Registra no log a saída do comando sendo executado" #: plugins/sudoers/def_data.c:319 msgid "Compress I/O logs using zlib" msgstr "Comprime logs I/O usando zlib" #: plugins/sudoers/def_data.c:323 msgid "Always run commands in a pseudo-tty" msgstr "Sempre executa comandos em um pseudo-tty" #: plugins/sudoers/def_data.c:327 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "Plug-in para suporte a grupo não-Unix: %s" #: plugins/sudoers/def_data.c:331 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "Diretório no qual devem ser armazenados os logs de entrada/saída: %s" #: plugins/sudoers/def_data.c:335 #, c-format msgid "File in which to store the input/output log: %s" msgstr "Arquivo no qual deve ser armazenado o log de entrada/saída: %s" #: plugins/sudoers/def_data.c:339 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "Adiciona uma entrada ao arquivo utmp/utmpx ao alocar um pty" #: plugins/sudoers/def_data.c:343 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "Define o usuário em utmp como usuário a ser executado como, e não o usuário a ser chamado" #: plugins/sudoers/def_data.c:347 msgid "Set of permitted privileges" msgstr "Conjunto de privilégios permitidos" #: plugins/sudoers/def_data.c:351 msgid "Set of limit privileges" msgstr "Conjunto de privilégios limitados" #: plugins/sudoers/def_data.c:355 msgid "Run commands on a pty in the background" msgstr "Executa comandos em um pty em plano de fundo" #: plugins/sudoers/def_data.c:359 msgid "PAM service name to use" msgstr "Nome do serviço PAM para usar" #: plugins/sudoers/def_data.c:363 msgid "PAM service name to use for login shells" msgstr "Nome do serviço PAM para usar para shells de login" #: plugins/sudoers/def_data.c:367 msgid "Attempt to establish PAM credentials for the target user" msgstr "Tenta estabelecer as credenciais PAM para o usuário alvo" #: plugins/sudoers/def_data.c:371 msgid "Create a new PAM session for the command to run in" msgstr "Cria uma nova sessão PAM para o comando ser executado nela" #: plugins/sudoers/def_data.c:375 #, c-format msgid "Maximum I/O log sequence number: %u" msgstr "Número máximo de sequência de log de E/S: %u" #: plugins/sudoers/defaults.c:210 plugins/sudoers/defaults.c:596 #: plugins/sudoers/visudo_json.c:611 plugins/sudoers/visudo_json.c:647 #, c-format msgid "unknown defaults entry `%s'" msgstr "entrada padrão \"%s\" desconhecido" #: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 #: plugins/sudoers/defaults.c:248 plugins/sudoers/defaults.c:261 #: plugins/sudoers/defaults.c:274 plugins/sudoers/defaults.c:287 #: plugins/sudoers/defaults.c:300 plugins/sudoers/defaults.c:320 #: plugins/sudoers/defaults.c:330 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "valor \"%s\" é inválido para a opção \"%s\"" #: plugins/sudoers/defaults.c:221 plugins/sudoers/defaults.c:231 #: plugins/sudoers/defaults.c:239 plugins/sudoers/defaults.c:256 #: plugins/sudoers/defaults.c:269 plugins/sudoers/defaults.c:282 #: plugins/sudoers/defaults.c:295 plugins/sudoers/defaults.c:315 #: plugins/sudoers/defaults.c:326 #, c-format msgid "no value specified for `%s'" msgstr "nenhum valor especificado para \"%s\"" #: plugins/sudoers/defaults.c:244 #, c-format msgid "values for `%s' must start with a '/'" msgstr "valores para \"%s\" devem iniciar com um \"/\"" #: plugins/sudoers/defaults.c:306 #, c-format msgid "option `%s' does not take a value" msgstr "opção \"%s\" não leva um valor" #: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 #: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 #: plugins/sudoers/policy.c:442 plugins/sudoers/policy.c:449 #: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:656 #: plugins/sudoers/testsudoers.c:241 #, c-format msgid "internal error, %s overflow" msgstr "erro interno, estouro de pilha de %s" #: plugins/sudoers/env.c:367 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: envp corrupto, cumprimento não confere" #: plugins/sudoers/env.c:1014 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "sinto muito, você não tem permissão para definir as seguintes variáveis de ambiente: %s" #: plugins/sudoers/group_plugin.c:94 #, c-format msgid "%s must be owned by uid %d" msgstr "%s deve ter como dono o uid %d" #: plugins/sudoers/group_plugin.c:98 #, c-format msgid "%s must only be writable by owner" msgstr "%s deve ser gravável apenas pelo dono" #: plugins/sudoers/group_plugin.c:105 plugins/sudoers/sssd.c:251 #, c-format msgid "unable to load %s: %s" msgstr "não foi possível carregar %s: %s" #: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "não foi possível localizar um símbolo \"group_plugin\" %s" #: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: versão maior do plug-in de grupo %d incompatível, esperava %d" #: plugins/sudoers/interfaces.c:118 msgid "Local IP address and netmask pairs:\n" msgstr "Par de endereço IP e máscara de rede locais:\n" #: plugins/sudoers/iolog.c:99 plugins/sudoers/iolog.c:112 #: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s existe, mas não é um diretório (0%o)" #: plugins/sudoers/iolog.c:109 plugins/sudoers/iolog.c:123 #: plugins/sudoers/iolog.c:127 plugins/sudoers/timestamp.c:165 #: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 #, c-format msgid "unable to mkdir %s" msgstr "não foi possível fazer mkdir %s" #: plugins/sudoers/iolog.c:190 plugins/sudoers/sudoers.c:710 #: plugins/sudoers/sudoreplay.c:340 plugins/sudoers/sudoreplay.c:811 #: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/timestamp.c:155 #: plugins/sudoers/visudo.c:824 plugins/sudoers/visudo_json.c:995 #: plugins/sudoers/visudo_json.c:1003 #, c-format msgid "unable to open %s" msgstr "não foi possível abrir %s" #: plugins/sudoers/iolog.c:223 plugins/sudoers/sudoers.c:713 #: plugins/sudoers/sudoreplay.c:1112 #, c-format msgid "unable to read %s" msgstr "não foi possível ler %s" #: plugins/sudoers/iolog.c:247 plugins/sudoers/sudoreplay.c:580 #: plugins/sudoers/timestamp.c:159 #, c-format msgid "unable to write to %s" msgstr "não foi possível gravar em %s" #: plugins/sudoers/iolog.c:307 plugins/sudoers/iolog.c:500 #, c-format msgid "unable to create %s" msgstr "não foi possível criar %s" #: plugins/sudoers/ldap.c:403 msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: porta muito grande" # Mantive, pois hostbuf é uma variável do plugins/sudoers/ldap.c #: plugins/sudoers/ldap.c:426 msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: sem espaço para expansão de hostbuf" #: plugins/sudoers/ldap.c:458 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "tipo de uri LDAP sem suporte: %s" #: plugins/sudoers/ldap.c:489 msgid "unable to mix ldap and ldaps URIs" msgstr "não foi possível misturar ldap e ldaps URIs" #: plugins/sudoers/ldap.c:493 plugins/sudoers/ldap.c:525 msgid "starttls not supported when using ldaps" msgstr "Sem suporte a starttls ao usar ldaps" # Mantive, pois hostbuf é uma variável do plugins/sudoers/ldap.c #: plugins/sudoers/ldap.c:511 msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: sem espaço na construção de hostbuf" #: plugins/sudoers/ldap.c:592 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "não foi possível inicializar bando de dados de chaves e certificados SSL: %s" #: plugins/sudoers/ldap.c:595 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "você deve definir TLS_CERT em %s para usar SSL" #: plugins/sudoers/ldap.c:1086 msgid "unable to get GMT time" msgstr "não foi possível obter o horário GMT" #: plugins/sudoers/ldap.c:1092 msgid "unable to format timestamp" msgstr "não é possível formatar marca de tempo" #: plugins/sudoers/ldap.c:1100 msgid "unable to build time filter" msgstr "não foi possível compilar filtro de tempo" #: plugins/sudoers/ldap.c:1319 msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "alocação de sudo_ldap_build_pass1 não confere" #: plugins/sudoers/ldap.c:1424 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" #: plugins/sudoers/ldap.c:1899 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" "\n" "Papel LDAP: %s\n" #: plugins/sudoers/ldap.c:1901 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" "\n" "Papel LDAP: DESCONHECIDO\n" #: plugins/sudoers/ldap.c:1948 #, c-format msgid " Order: %s\n" msgstr " Ordem: %s\n" #: plugins/sudoers/ldap.c:1956 plugins/sudoers/parse.c:504 #: plugins/sudoers/sssd.c:1295 #, c-format msgid " Commands:\n" msgstr " Comandos:\n" #: plugins/sudoers/ldap.c:2499 #, c-format msgid "unable to initialize LDAP: %s" msgstr "não foi possível inicializar LDAP: %s" #: plugins/sudoers/ldap.c:2541 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls especificado, mas bibliotecas LDAP não possuem suporte a ldap_start_tls_s() ou ldap_start_tls_s_np()" #: plugins/sudoers/ldap.c:2774 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "atributo sudoOrder inválido: %s" #: plugins/sudoers/linux_audit.c:57 msgid "unable to open audit system" msgstr "não foi possível abrir o sistema de auditoria" #: plugins/sudoers/linux_audit.c:93 msgid "unable to send audit message" msgstr "não foi possível enviar mensagem de auditoria" #: plugins/sudoers/logging.c:136 #, c-format msgid "%8s : %s" msgstr "%8s : %s" #: plugins/sudoers/logging.c:164 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (comando continuado) %s" #: plugins/sudoers/logging.c:190 #, c-format msgid "unable to open log file: %s: %s" msgstr "não foi possível abrir o arquivo de log: %s: %s" #: plugins/sudoers/logging.c:193 #, c-format msgid "unable to lock log file: %s: %s" msgstr "não foi possível travar o arquivo de log: %s: %s" #: plugins/sudoers/logging.c:245 msgid "No user or host" msgstr "nenhum usuário ou máquina" #: plugins/sudoers/logging.c:247 msgid "validation failure" msgstr "falha de validação" #: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "usuário NÃO ESTà no sudoers" #: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "usuário NÃO ESTà autorizado na máquina" #: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "comando não permitido" #: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s não está no arquivo sudoers. Este incidente será relatado.\n" #: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s não tem permissão para executar sudo em %s. Este incidente será relatado.\n" #: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Sinto muito, usuário %s não pode executar sudo em %s.\n" #: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Sinto muito, usuário %s não tem permissão para executar \"%s%s%s\" como %s%s%s em %s.\n" #: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:382 #: plugins/sudoers/sudoers.c:383 plugins/sudoers/sudoers.c:385 #: plugins/sudoers/sudoers.c:386 plugins/sudoers/sudoers.c:1017 #: plugins/sudoers/sudoers.c:1018 #, c-format msgid "%s: command not found" msgstr "%s: comando não encontrado" #: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:378 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" "ignorando \"%s\" encontrado em \".\"\n" "Use \"sudo ./%s\" se isto é o \"%s\" que você deseja executar." #: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "falha de autenticação" #: plugins/sudoers/logging.c:379 msgid "a password is required" msgstr "uma senha é necessária" #: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:497 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u tentativa de senha incorreta" msgstr[1] "%u tentativas de senha incorreta" #: plugins/sudoers/logging.c:582 msgid "unable to fork" msgstr "não foi possível fazer fork" #: plugins/sudoers/logging.c:589 plugins/sudoers/logging.c:645 #, c-format msgid "unable to fork: %m" msgstr "não foi possível fazer fork: %m" #: plugins/sudoers/logging.c:635 #, c-format msgid "unable to open pipe: %m" msgstr "não foi possível abrir um redirecionamento (pipe): %m" #: plugins/sudoers/logging.c:660 #, c-format msgid "unable to dup stdin: %m" msgstr "não foi possível fazer dup da entrada padrão: %m" #: plugins/sudoers/logging.c:695 #, c-format msgid "unable to execute %s: %m" msgstr "não foi possível executar %s: %m" #: plugins/sudoers/logging.c:914 msgid "internal error: insufficient space for log line" msgstr "erro interno: espaço insuficiente para linha de log" #: plugins/sudoers/match.c:617 #, c-format msgid "unsupported digest type %d for %s" msgstr "tipo de digest %d sem suporte para %s" #: plugins/sudoers/match.c:647 #, c-format msgid "%s: read error" msgstr "%s: erro de leitura" #: plugins/sudoers/match.c:661 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "digest de %s (%s) não está na forma %s" #: plugins/sudoers/parse.c:115 #, c-format msgid "parse error in %s near line %d" msgstr "erro de análise em %s próximo à linha %d" #: plugins/sudoers/parse.c:118 #, c-format msgid "parse error in %s" msgstr "erro de análise em %s" #: plugins/sudoers/parse.c:451 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" "\n" "Entradas no sudoers:\n" #: plugins/sudoers/parse.c:452 #, c-format msgid " RunAsUsers: " msgstr " UsuáriosRunAs: " #: plugins/sudoers/parse.c:466 #, c-format msgid " RunAsGroups: " msgstr " GruposRunAs: " #: plugins/sudoers/parse.c:475 #, c-format msgid " Options: " msgstr " Opções: " #: plugins/sudoers/policy.c:109 plugins/sudoers/policy.c:116 #: plugins/sudoers/policy.c:123 plugins/sudoers/policy.c:145 #: plugins/sudoers/policy.c:259 plugins/sudoers/policy.c:277 #: plugins/sudoers/policy.c:284 plugins/sudoers/policy.c:312 #: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:327 #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 #, c-format msgid "%s: %s" msgstr "%s: %s" #: plugins/sudoers/policy.c:539 plugins/sudoers/visudo.c:765 #, c-format msgid "unable to execute %s" msgstr "não foi possível executar %s" #: plugins/sudoers/policy.c:681 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Versão de plug-in de política do sudoers %s\n" #: plugins/sudoers/policy.c:683 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Versão de gramática de arquivo do sudoers %d\n" #: plugins/sudoers/policy.c:687 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" "\n" "Caminho do sudoers: %s\n" #: plugins/sudoers/policy.c:690 #, c-format msgid "nsswitch path: %s\n" msgstr "caminho do nsswitch: %s\n" #: plugins/sudoers/policy.c:692 #, c-format msgid "ldap.conf path: %s\n" msgstr "caminho do ldap.conf: %s\n" #: plugins/sudoers/policy.c:693 #, c-format msgid "ldap.secret path: %s\n" msgstr "caminho do ldap.secret: %s\n" #: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "não foi possível fazer cache de uid %u, já existe" #: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "não foi possível fazer cache de usuário %s, já existe" #: plugins/sudoers/pwutil.c:393 #, c-format msgid "unable to cache gid %u, already exists" msgstr "não foi possível fazer cache de gid %u, já existe" #: plugins/sudoers/pwutil.c:429 #, c-format msgid "unable to cache group %s, already exists" msgstr "não foi possível fazer cache de grupo %s, já existe" #: plugins/sudoers/pwutil.c:592 plugins/sudoers/pwutil.c:614 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "não foi possível fazer cache da lista de grupos de %s, já existe" #: plugins/sudoers/pwutil.c:612 #, c-format msgid "unable to parse groups for %s" msgstr "Não foi possível analisar grupos de %s" #: plugins/sudoers/set_perms.c:124 plugins/sudoers/set_perms.c:449 #: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1149 #: plugins/sudoers/set_perms.c:1441 msgid "perm stack overflow" msgstr "estouro da pilha de permissões" #: plugins/sudoers/set_perms.c:132 plugins/sudoers/set_perms.c:457 #: plugins/sudoers/set_perms.c:860 plugins/sudoers/set_perms.c:1157 #: plugins/sudoers/set_perms.c:1449 msgid "perm stack underflow" msgstr "esvaziamento da pilha de permissões" #: plugins/sudoers/set_perms.c:191 plugins/sudoers/set_perms.c:504 #: plugins/sudoers/set_perms.c:1208 plugins/sudoers/set_perms.c:1481 msgid "unable to change to root gid" msgstr "não foi possível alterar gid de root" #: plugins/sudoers/set_perms.c:280 plugins/sudoers/set_perms.c:601 #: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1285 msgid "unable to change to runas gid" msgstr "não foi possível alterar para gid de \"runas\"" #: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:613 #: plugins/sudoers/set_perms.c:999 plugins/sudoers/set_perms.c:1295 msgid "unable to change to runas uid" msgstr "não foi possível alterar para uid de \"runas\"" #: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:631 #: plugins/sudoers/set_perms.c:1015 plugins/sudoers/set_perms.c:1311 msgid "unable to change to sudoers gid" msgstr "não foi possível alterar para gid de sudoers" #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 msgid "too many processes" msgstr "processos demais" #: plugins/sudoers/set_perms.c:1595 msgid "unable to set runas group vector" msgstr "não foi possível definir vetor de grupo de \"runas\"" #: plugins/sudoers/sssd.c:252 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "não foi possível inicializar a fonte SSS. SSSD está instalado em sua máquina?" #: plugins/sudoers/sssd.c:259 plugins/sudoers/sssd.c:267 #: plugins/sudoers/sssd.c:275 plugins/sudoers/sssd.c:283 #: plugins/sudoers/sssd.c:291 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "não foi possível localizar símbolo \"%s\" em %s" #: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Entradas padrões correspondentes a %s em %s:\n" #: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Padrões específicos de comandos e \"runas\" de %s:\n" #: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "Usuário %s pode executar os seguintes comandos em %s:\n" #: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Usuário %s não tem permissão para executar sudo em %s.\n" #: plugins/sudoers/sudoers.c:154 plugins/sudoers/sudoers.c:188 #: plugins/sudoers/sudoers.c:675 msgid "problem with defaults entries" msgstr "problema com o entradas padrão" #: plugins/sudoers/sudoers.c:160 msgid "no valid sudoers sources found, quitting" msgstr "nenhuma fonte de sudoers válida encontrada; saindo" #: plugins/sudoers/sudoers.c:222 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers especifica que o root não tem permissão para usar sudo" #: plugins/sudoers/sudoers.c:261 msgid "you are not permitted to use the -C option" msgstr "você não tem permissão para usar a opção -C" #: plugins/sudoers/sudoers.c:314 #, c-format msgid "timestamp owner (%s): No such user" msgstr "dono da marca de tempo (%s): usuário inexistente" #: plugins/sudoers/sudoers.c:328 msgid "no tty" msgstr "nenhum tty" #: plugins/sudoers/sudoers.c:329 msgid "sorry, you must have a tty to run sudo" msgstr "sinto muito, você deve ter um tty para executar sudo" #: plugins/sudoers/sudoers.c:377 msgid "command in current directory" msgstr "comando no diretório atual" #: plugins/sudoers/sudoers.c:394 msgid "sorry, you are not allowed to preserve the environment" msgstr "sinto muito, você não tem permissão para preservar o ambiente" #: plugins/sudoers/sudoers.c:725 plugins/sudoers/timestamp.c:216 #: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:326 #: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:591 #, c-format msgid "unable to stat %s" msgstr "não foi possível obter o estado de %s" #: plugins/sudoers/sudoers.c:728 #, c-format msgid "%s is not a regular file" msgstr "%s não é um arquivo comum" #: plugins/sudoers/sudoers.c:731 toke.l:920 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s tem como dono o uid %u, deveria ser %u" #: plugins/sudoers/sudoers.c:735 toke.l:927 #, c-format msgid "%s is world writable" msgstr "%s é gravável globalmente" #: plugins/sudoers/sudoers.c:738 toke.l:932 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s tem como dono o gid %u, deveria ser %u" #: plugins/sudoers/sudoers.c:764 #, c-format msgid "only root can use `-c %s'" msgstr "apenas o root pode usar \"-c %s\"" #: plugins/sudoers/sudoers.c:781 plugins/sudoers/sudoers.c:783 #, c-format msgid "unknown login class: %s" msgstr "classe de login desconhecida: %s" #: plugins/sudoers/sudoers.c:815 #, c-format msgid "unable to resolve host %s" msgstr "não foi possível resolver máquina %s" #: plugins/sudoers/sudoers.c:878 plugins/sudoers/testsudoers.c:387 #, c-format msgid "unknown group: %s" msgstr "grupo desconhecido %s" #: plugins/sudoers/sudoreplay.c:272 #, c-format msgid "invalid filter option: %s" msgstr "opção de filtro inválida: %s" #: plugins/sudoers/sudoreplay.c:285 #, c-format msgid "invalid max wait: %s" msgstr "espera máxima inválida: %s" #: plugins/sudoers/sudoreplay.c:291 #, c-format msgid "invalid speed factor: %s" msgstr "fator de velocidade inválido: %s" #: plugins/sudoers/sudoreplay.c:294 plugins/sudoers/visudo.c:184 #, c-format msgid "%s version %s\n" msgstr "%s versão %s\n" # timing é o nome do arquivo gerado pelo sudo; não traduzir. #: plugins/sudoers/sudoreplay.c:326 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/timing: %s" # timing é o nome do arquivo gerado pelo sudo; não traduzir. #: plugins/sudoers/sudoreplay.c:332 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/timing: %s" #: plugins/sudoers/sudoreplay.c:348 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Reproduzindo sessão de sudo: %s\n" #: plugins/sudoers/sudoreplay.c:354 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Aviso: seu terminal é muito pequeno para reproduzir adequadamente o log.\n" #: plugins/sudoers/sudoreplay.c:355 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Geometria do log é %d x %d; geometria do seu terminal é %d x %d." #: plugins/sudoers/sudoreplay.c:410 msgid "unable to set tty to raw mode" msgstr "não foi possível definir o tty para modo raw" # timing é o nome do arquivo gerado pelo sudo; não traduzir. #: plugins/sudoers/sudoreplay.c:441 #, c-format msgid "invalid timing file line: %s" msgstr "linha inválida no arquivo timing: %s" #: plugins/sudoers/sudoreplay.c:647 plugins/sudoers/sudoreplay.c:672 #, c-format msgid "ambiguous expression \"%s\"" msgstr "expressão ambígua \"%s\"" #: plugins/sudoers/sudoreplay.c:694 msgid "unmatched ')' in expression" msgstr "\")\" não coincidente na expressão" #: plugins/sudoers/sudoreplay.c:698 #, c-format msgid "unknown search term \"%s\"" msgstr "termo de pesquisa desconhecido \"%s\"" #: plugins/sudoers/sudoreplay.c:712 #, c-format msgid "%s requires an argument" msgstr "%s requer um argumento" #: plugins/sudoers/sudoreplay.c:716 plugins/sudoers/sudoreplay.c:1085 #, c-format msgid "invalid regular expression: %s" msgstr "expressão regular inválida: %s" #: plugins/sudoers/sudoreplay.c:722 #, c-format msgid "could not parse date \"%s\"" msgstr "não foi possível analisar a data \"%s\"" #: plugins/sudoers/sudoreplay.c:731 msgid "unmatched '(' in expression" msgstr "\"(\" sem correspondente na expressão" #: plugins/sudoers/sudoreplay.c:733 msgid "illegal trailing \"or\"" msgstr "fim de linha ilegal com \"or\"" #: plugins/sudoers/sudoreplay.c:735 msgid "illegal trailing \"!\"" msgstr "fim de linha ilegal com \"!\"" #: plugins/sudoers/sudoreplay.c:788 #, c-format msgid "unknown search type %d" msgstr "tipo de pesquisa desconhecido %d" #: plugins/sudoers/sudoreplay.c:825 #, c-format msgid "%s: invalid log file" msgstr "%s: arquivo de log inválido" #: plugins/sudoers/sudoreplay.c:843 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: campo de marca de tempo está faltando" #: plugins/sudoers/sudoreplay.c:850 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: marca de tempo %s: %s" #: plugins/sudoers/sudoreplay.c:857 #, c-format msgid "%s: user field is missing" msgstr "%s: campo de usuário está faltando" #: plugins/sudoers/sudoreplay.c:865 #, c-format msgid "%s: runas user field is missing" msgstr "%s: campo de usuário, a ser executado como, está faltando" #: plugins/sudoers/sudoreplay.c:873 #, c-format msgid "%s: runas group field is missing" msgstr "%s: campo de grupo, a ser executado como, está faltando" #: plugins/sudoers/sudoreplay.c:1225 #, c-format msgid "usage: %s [-h] [-d dir] [-m num] [-s num] ID\n" msgstr "uso: %s [-h] [-d diretório] [-m número] [-s número] ID\n" #: plugins/sudoers/sudoreplay.c:1228 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "uso: %s [-h] [-d diretório] -l [expressão de pesquisa]\n" #: plugins/sudoers/sudoreplay.c:1237 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" "%s - reproduz logs de sessão do sudo\n" "\n" #: plugins/sudoers/sudoreplay.c:1239 msgid "" "\n" "Options:\n" " -d, --directory=dir specify directory for session logs\n" " -f, --filter=filter specify which I/O type(s) to display\n" " -h, --help display help message and exit\n" " -l, --list list available session IDs, with optional expression\n" " -m, --max-wait=num max number of seconds to wait between events\n" " -s, --speed=num speed up or slow down output\n" " -V, --version display version information and exit" msgstr "" "\n" "Opções:\n" " -d, --directory=diretório especifica o diretório dos logs de sessão\n" " -f, --filter=filtro especifica qual o tipo de E/S para exibir\n" " -h, --help exibe mensagem de ajuda e sai\n" " -l, --list lista IDs de sessão disponíveis correspondentes à expressão\n" " -m, --max-wait=número número máximo, em segundos, de espera entre eventos\n" " -s, --speed=número aumenta ou diminui a velocidade da saída\n" " -V, --version exibe a informação da versão e sai" #: plugins/sudoers/testsudoers.c:326 msgid "\thost unmatched" msgstr "\tmáquina sem correspondente" #: plugins/sudoers/testsudoers.c:329 msgid "" "\n" "Command allowed" msgstr "" "\n" "Comando permitido" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command denied" msgstr "" "\n" "Comando negado" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command unmatched" msgstr "" "\n" "Comando sem correspondente" #: plugins/sudoers/timestamp.c:133 #, c-format msgid "timestamp path too long: %s" msgstr "caminho de marca de tempo muito longo: %s" #: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 #: plugins/sudoers/timestamp.c:290 #, c-format msgid "%s owned by uid %u, should be uid %u" msgstr "%s tem como dono o uid %u, deveria ser uid %u" #: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0700" msgstr "%s gravável por não-dono (0%o); deveria estar no modo 0700" #: plugins/sudoers/timestamp.c:284 #, c-format msgid "%s exists but is not a regular file (0%o)" msgstr "%s existe, mas não é um arquivo comum (0%o)" #: plugins/sudoers/timestamp.c:296 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0600" msgstr "%s gravável por não-dono (0%o); deveria estar no modo 0600" #: plugins/sudoers/timestamp.c:351 #, c-format msgid "timestamp too far in the future: %20.20s" msgstr "marca de tempo muito a frente no futuro: %20.20s" #: plugins/sudoers/timestamp.c:405 #, c-format msgid "unable to remove %s, will reset to the Unix epoch" msgstr "não foi possível remover %s, redefinindo para como estava no Unix" #: plugins/sudoers/timestamp.c:413 #, c-format msgid "unable to reset %s to the Unix epoch" msgstr "não foi possível redefinir %s para como estava no Unix" #: plugins/sudoers/toke_util.c:176 msgid "fill_args: buffer overflow" msgstr "fill_args: estouro de buffer" #: plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" msgstr "gramática de %s versão %d\n" #: plugins/sudoers/visudo.c:257 plugins/sudoers/visudo.c:544 #, c-format msgid "press return to edit %s: " msgstr "pressione enter para editar %s: " #: plugins/sudoers/visudo.c:342 plugins/sudoers/visudo.c:348 msgid "write error" msgstr "erro de escrita" #: plugins/sudoers/visudo.c:430 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "não foi possível obter estado de arquivo temporário (%s), %s sem alteração" #: plugins/sudoers/visudo.c:435 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "arquivo de temporário (%s) com comprimento zero, %s sem alteração" #: plugins/sudoers/visudo.c:441 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "editor (%s) falhou, %s sem alteração" #: plugins/sudoers/visudo.c:464 #, c-format msgid "%s unchanged" msgstr "%s sem alteração" #: plugins/sudoers/visudo.c:489 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "não foi possível reabrir arquivo temporário (%s), %s sem alteração." #: plugins/sudoers/visudo.c:499 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "não foi possível analisar arquivo temporário (%s), erro desconhecido" #: plugins/sudoers/visudo.c:535 #, c-format msgid "internal error, unable to find %s in list!" msgstr "erro interno, não foi possível localizar %s na lista!" #: plugins/sudoers/visudo.c:593 plugins/sudoers/visudo.c:602 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "não foi possível definir (uid, gid) de %s para (%u, %u)" #: plugins/sudoers/visudo.c:597 plugins/sudoers/visudo.c:607 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "não foi possível alterar modo de %s para 0%o" #: plugins/sudoers/visudo.c:624 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s e %s não estão no mesmo sistema de arquivos, usando mv para renomear" #: plugins/sudoers/visudo.c:638 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "comando \"%s %s %s\" falhou, %s sem alteração" #: plugins/sudoers/visudo.c:648 #, c-format msgid "error renaming %s, %s unchanged" msgstr "erro ao renomear %s, %s sem alteração" #: plugins/sudoers/visudo.c:710 msgid "What now? " msgstr "Agora o que? " #: plugins/sudoers/visudo.c:724 msgid "" "Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" "Opções são:\n" " (e)dit - editar arquivos sudoers novamente\n" " e(x)it - sair sem salvar alterações no arquivo sudoers\n" " (Q)uit - sair e salvar alterações no arquivo sudoers (PERIGO!)\n" #: plugins/sudoers/visudo.c:772 #, c-format msgid "unable to run %s" msgstr "não foi possível executar %s" #: plugins/sudoers/visudo.c:798 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: dono (uid, gid) incorreto; deveria ser (%u, %u)\n" #: plugins/sudoers/visudo.c:805 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: permissões incorretas; deveria estar no modo 0%o\n" #: plugins/sudoers/visudo.c:830 plugins/sudoers/visudo_json.c:1009 #, c-format msgid "failed to parse %s file, unknown error" msgstr "falha em analisar o arquivo %s, erro desconhecido" #: plugins/sudoers/visudo.c:846 plugins/sudoers/visudo_json.c:1018 #, c-format msgid "parse error in %s near line %d\n" msgstr "erro de análise em %s perto da linha %d\n" #: plugins/sudoers/visudo.c:849 plugins/sudoers/visudo_json.c:1021 #, c-format msgid "parse error in %s\n" msgstr "erro de análise em \"%s\"\n" #: plugins/sudoers/visudo.c:857 plugins/sudoers/visudo.c:864 #, c-format msgid "%s: parsed OK\n" msgstr "%s: análise OK\n" #: plugins/sudoers/visudo.c:910 #, c-format msgid "%s busy, try again later" msgstr "%s ocupado, tente novamente" #: plugins/sudoers/visudo.c:954 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "editor especificado (%s) não existe" #: plugins/sudoers/visudo.c:977 #, c-format msgid "unable to stat editor (%s)" msgstr "não foi possível obter estado do editor (%s)" #: plugins/sudoers/visudo.c:1025 #, c-format msgid "no editor found (editor path = %s)" msgstr "nenhum editor encontrado (caminho do editor = %s)" #: plugins/sudoers/visudo.c:1118 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "Erro: ciclo em %s_Alias \"%s\"" #: plugins/sudoers/visudo.c:1119 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "Aviso: ciclo em %s_Alias \"%s\"" #: plugins/sudoers/visudo.c:1125 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "Erro: %s_Alias \"%s\" referenciado, mas não definido" #: plugins/sudoers/visudo.c:1126 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "Aviso: %s_Alias \"%s\" referenciado, mas não definido" #: plugins/sudoers/visudo.c:1268 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s: %s_Alias %s não usado" #: plugins/sudoers/visudo.c:1330 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" "%s - edita o arquivo sudoers com segurança\n" "\n" #: plugins/sudoers/visudo.c:1332 msgid "" "\n" "Options:\n" " -c, --check check-only mode\n" " -f, --file=file specify sudoers file location\n" " -h, --help display help message and exit\n" " -q, --quiet less verbose (quiet) syntax error messages\n" " -s, --strict strict syntax checking\n" " -V, --version display version information and exit\n" " -x, --export=file export sudoers in JSON format" msgstr "" "\n" "Opções:\n" " -c, --check modo de verificação, apenas\n" " -f, --file=arquivo\n" " especifica localização do arquivo sudoers\n" " -h, --help exibe uma mensagem de ajuda e sai\n" " -q, --quiet mensagens de erro menos detalhistas (quieto)\n" " -s, --strict verificação rigorosa de sintaxe\n" " -V, --version exibe a informação da versão e sai\n" " -x, --export=arquivo\n" " exporta o sudoers no formato JSON" #: toke.l:892 msgid "too many levels of includes" msgstr "níveis de inclusões demais" #~ msgid "value out of range" #~ msgstr "valor fora da faixa" #~ msgid "invalid uri: %s" #~ msgstr "uri inválida: %s" #~ msgid "unable to mix ldaps and starttls" #~ msgstr "não foi possível misturar ldaps e starttls" #~ msgid "writing to standard output" #~ msgstr "escrevendo para saída padrão" #~ msgid "too many parenthesized expressions, max %d" #~ msgstr "parênteses de expressões demais, máximo %d" #~ msgid "unable to setup authentication" #~ msgstr "não foi possível configurar autenticação" #~ msgid "getaudit: failed" #~ msgstr "getaudit: falhou" #~ msgid "getauid: failed" #~ msgstr "getauid: falhou" #~ msgid "au_open: failed" #~ msgstr "au_open: falhou" #~ msgid "au_to_subject: failed" #~ msgstr "au_to_subject: falhou" #~ msgid "au_to_exec_args: failed" #~ msgstr "au_to_exec_args: falhou" #~ msgid "au_to_return32: failed" #~ msgstr "au_to_return32: falhou" #~ msgid "au_to_text: failed" #~ msgstr "au_to_text: falhou" #~ msgid "nanosleep: tv_sec %ld, tv_nsec %ld" #~ msgstr "nanosleep: tv_sec %ld, tv_nsec %ld" #~ msgid "pam_chauthtok: %s" #~ msgstr "pam_chauthtok: %s" #~ msgid "pam_authenticate: %s" #~ msgstr "pam_authenticate: %s" #~ msgid "Password: " #~ msgstr "Senha: " #~ msgid "getauid failed" #~ msgstr "getauid falhou" #, fuzzy #~ msgid "Unable to dlopen %s: %s" #~ msgstr "não foi possível fazer dlopen %s: %s" #~ msgid "invalid regex: %s" #~ msgstr "expressão regular inválida: %s" sudo-1.8.9p5/plugins/sudoers/po/sl.mo010064400175440000012000001070461226304146200171120ustar00millertstaffÞ•R¬ É<`arƒ“¦¶Ë‘Üný’ Ÿ ­ ¼ Î ß è <!B!#b!9†!À!&Ù!)"*"A"FZ"@¡"#â"##*#?#!Z#$|#¡# ¹#Æ#3Õ#3 $=$Z$+k$(—$À$;Ö$%"!%!D%$f%#‹%¯% Ì%&í%&&;&.R&#&d¥&A '9L'†'¤'À'>Û'?(2Z(#(!±(4Ó(?)H).`))#¬)2Ð)*#*1C*<u**²*"Ý* +/!+Q+$o+@”+/Õ+,8 ,<Y,F–,3Ý,-%-5D-mz-)è-:.$M.'r.=š.-Ø.'/)./*X//ƒ/³/Ó/'ã/2 0?>0~0- 13:1%n1 ”1 ž1(©1Ò1ç1(2.)2%X2E~2+Ä2=ð26.3Ge3­3Ì35è3(43G4{4'4,µ43â435J55g5'55Å5&û5:"6]6u6.‘6=À6þ6C7'T7"|7 Ÿ7!À77â7?8AZ8Vœ8“ó8'‡9¯9CÇ90 :L<:*‰:5´:)ê:F;'[;1ƒ;1µ;ç;@< H<7S<9‹<Å<3Ü<=*=:=R=i==’=©=(É=ò=>#> =>^>(~>&§>Î>é>ú> ?O?i?~?”?*°?/Û?) @5@T@p@Š@#Ÿ@Ã@Õ@ô@ A-AJA#ZA~A’A(¨A"ÑAôA"B1B(8BaB}BB!ªBÌBáBóBCC7CWCkC€CšC6¸CIïC&9D#`D\„D)áD8 E(DE2mE, E2ÍE"F#F(?FhF*„F¯F"ÂFåF&G((G1QG&ƒG'ªG"ÒGõGH0HNHnH*ŒH$·HÜHðHI I5I NI*oIšI©I¼I×I%îIJ2J KJ,lJ™J!¹J ÛJüJK!K=K]KuK4“KÈKÚK,õK"LBL\LmL*ŠL µLÖLôLM%M0@MqM3‡M»MÑMíMÿMN0N@NQNmN‰N5§NAÝNO;OOO%bO%ˆO ®OºO*ÕO#P&$P-KPýyPwRŽR R¶RÈRÙR ïR†ýS„U”Uì¦U “VŸV¯VÃVÛVöVÿVˆW*˜W#ÃWIçW%1X"WX,zX§XÂXEÛX4!Y1VY3ˆY-¼Y(êY'ZA;Z}Z‘Z¢Z@´Z?õZ)5[_[/}[/­[Ý[Fý[D\%_\"…\2¨\!Û\#ý\$!])F]-p]ž]I»]^p%^G–^7Þ^_6_S_<p_F­_=ô_ 2`+S`4`V´` a4a#Sa1wa1©aÛa-ôa9"b1\b7Žb"Æb$éb1c!@c#bc7†c9¾cøcAdKZdT¦d3ûd/eBe,beje*úeZ%f.€f;¯fJëfC6g!zg.œg-Ëg>ùg*8hch!‚h<¤hMáh®/i*ÞiI j#Sjwj~j)†j°jÏj+êj)k2@kCsk'·kEßk:%l7`l!˜l#ºl?Þl/m.Nm}m"˜m4»m4ðm4%n$Zn9n*¹n=än0"o>So’o©o,ÃoEðo6p7Pp)ˆp(²p(Ûp)q=.q3lq6 qS×q‰+rKµr"s=$s?bsi¢s/ t>uÜÀžß70~ -…±™“¹tYÆ—}°æ.«E0KQ>@]šy¶ãSM%éŠ?ÑM;õ½Iaä;ÝVNmO+ (2‘PîôJ?µG "ÓG˜Ô›^³:Q$ ÎkófU ŽÂàb'ÐR#çDÅ‚/ ÷RåWH3DoCìû'sÒÈØ!,¯+Ëgw host unmatched Command allowed Command denied Command unmatched LDAP Role: %s LDAP Role: UNKNOWN Options: -c check-only mode -f sudoers specify sudoers file location -h display help message and exit -q less verbose (quiet) syntax error messages -s strict syntax checking -V display version information and exit Options: -d directory specify directory for session logs -f filter specify which I/O type to display -h display help message and exit -l [expression] list available session IDs that match expression -m max_wait max number of seconds to wait between events -s speed_factor speed up or slow down output -V display version information and exit Sudoers entry: Sudoers path: %s We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Commands: Options: Order: %s RunAsGroups: RunAsUsers: %8s : %s%8s : (command continued) %s%d incorrect password attempt%d incorrect password attempts%s - replay sudo session logs %s - safely edit the sudoers file %s and %s not on the same file system, using mv to rename%s busy, try again later%s exists but is not a directory (0%o)%s exists but is not a regular file (0%o)%s grammar version %d %s is not a regular file%s is not allowed to run sudo on %s. This incident will be reported. %s is not in the sudoers file. This incident will be reported. %s is owned by gid %u, should be %u%s is owned by uid %u, should be %u%s is world writable%s must be owned by uid %d%s must only be writable by owner%s owned by uid %u, should be uid %u%s requires an argument%s unchanged%s version %s %s writable by non-owner (0%o), should be mode 0600%s writable by non-owner (0%o), should be mode 0700%s/%.2s/%.2s/%.2s/timing: %s%s/%s/timing: %s%s: Cannot verify TGT! Possible attack!: %s%s: bad permissions, should be mode 0%o %s: command not found%s: incompatible group plugin major version %d, expected %d%s: parsed OK %s: unable to allocate options: %s%s: unable to get credentials: %s%s: unable to get host principal: %s%s: unable to initialize ccache: %s%s: unable to parse '%s': %s%s: unable to resolve ccache: %s%s: unable to store cred in ccache: %s%s: unable to unparse princ ('%s'): %s%s: unused %s_Alias %s%s: wrong owner (uid, gid) should be (%u, %u) *** SECURITY information for %h ***Account expired or PAM config lacks an "account" section for sudo, contact your system administratorAccount or password is expired, reset your password and try againAdd an entry to the utmp/utmpx file when allocating a ptyAddress to send mail from: %sAddress to send mail to: %sAlias `%s' already definedAllow some information gathering to give useful error messagesAllow sudo to prompt for a password even if it would be visibleAllow users to set arbitrary environment variablesAlways run commands in a pseudo-ttyAlways send mail when sudo is runAlways set $HOME to the target user's home directoryApply defaults in the target user's login class if there is oneAuthentication methods:Authentication timestamp timeout: %.1f minutesCompress I/O logs using zlibCould not determine audit conditionCreate a new PAM session for the command to run inDefault password prompt: %sDefault user to run commands as: %sDirectory in which to store input/output logs: %sDon't initialize the group vector to that of the target userEnvironment variables to check for sanity:Environment variables to preserve:Environment variables to remove:Error: %s_Alias `%s' referenced but not definedError: cycle in %s_Alias `%s'File containing the sudo lecture: %sFile descriptors >= %d will be closed before executing a commandFile in which to store the input/output log: %sFlags for mail program: %sIf LDAP directory is up, do we ignore local sudoers fileIf set, passprompt will override system prompt in all cases.If set, users may override the value of `closefrom' with the -C optionIf sudo is invoked with no arguments, start a shellIgnore '.' in $PATHIncorrect password message: %sInsult the user when they enter an incorrect passwordInvalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication.Lecture user the first time they run sudoLength at which to wrap log file lines (0 for no wrap): %dLocal IP address and netmask pairs: Locale to use while parsing sudoers: %sLog geometry is %d x %d, your terminal's geometry is %d x %d.Log the hostname in the (non-syslog) log fileLog the output of the command being runLog the year in the (non-syslog) log fileLog user's input for the command being runMatching Defaults entries for %s on this host: Maximum I/O log sequence numberNo user or hostNumber of tries to enter a password: %dOnly allow the user to run sudo if they have a ttyOnly set the effective uid to the target user, not the real uidOptions are: (e)dit sudoers file again e(x)it without saving changes to sudoers file (Q)uit and save changes to sudoers file (DANGER!) Owner of the authentication timestamp dir: %sPassword expired, contact your system administratorPassword prompt timeout: %.1f minutesPassword:Password: Path to authentication timestamp dir: %sPath to log file: %sPath to mail program: %sPath to the editor for use by visudo: %sPath to the sudo-specific environment file: %sPlugin for non-Unix group support: %sPreload the dummy exec functions contained in the sudo_noexec libraryPrompt for root's password, not the users'sPrompt for the runas_default user's password, not the users'sPrompt for the target user's password, not the users'sProvide visual feedback at the password prompt when there is user inputPut OTP prompt on its own lineReplaying sudo session: %s Require fully-qualified hostnames in the sudoers fileRequire users to authenticate by defaultReset the environment to a default set of variablesRoot may run sudoRun commands on a pty in the backgroundRunas and Command-specific defaults for %s: SELinux role to use in the new security context: %sSELinux type to use in the new security context: %sSecurID communication failedSend mail if the user is not allowed to run a commandSend mail if the user is not in sudoersSend mail if the user is not in sudoers for this hostSend mail if user authentication failsSet $HOME to the target user when starting a shell with -sSet of limit privilegesSet of permitted privilegesSet the LOGNAME and USER environment variablesSet the user in utmp to the runas user, not the invoking userSorry, try again.Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s. Sorry, user %s may not run sudo on %s. Subject line for mail messages: %sSudoers file grammar version %d Sudoers policy plugin version %s Syslog facility if syslog is being used for logging: %sSyslog priority to use when user authenticates successfully: %sSyslog priority to use when user authenticates unsuccessfully: %sThe umask specified in sudoers will override the user's, even if it is more permissiveThere are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option.Umask to use or 0777 to use user's: 0%oUnable to dlopen %s: %sUnable to initialize SSS source. Is SSSD installed on your machine?Use a separate timestamp for each user/tty comboUse faster globbing that is less accurate but does not access the filesystemUser %s is not allowed to run sudo on %s. User %s may run the following commands on this host: User ID locked for SecurID AuthenticationUsers in this group are exempt from password and PATH requirements: %sValue to override user's $PATH with: %sVisudo will honor the EDITOR environment variableWarning: %s_Alias `%s' referenced but not definedWarning: cycle in %s_Alias `%s'Warning: your terminal is too small to properly replay the log. What now? When to require a password for 'list' pseudocommand: %sWhen to require a password for 'verify' pseudocommand: %sa password is requiredaccount validation failure, is your account locked?ambiguous expression "%s"au_open: failedau_to_exec_args: failedau_to_return32: failedau_to_subject: failedau_to_text: failedauthentication failureauthentication server error: %scommand failed: '%s %s %s', %s unchangedcommand in current directorycommand not allowedcould not parse date "%s"editor (%s) failed, %s unchangederror renaming %s, %s unchangedfailed to initialise the ACE API libraryfailed to parse %s file, unknown errorfill_args: buffer overflowgetaudit: failedgetauid failedgetauid: failedignoring `%s' found in '.' Use `sudo ./%s' if this is the `%s' you wish to run.illegal trailing "!"illegal trailing "or"internal error, %s overflowinternal error, unable to find %s in list!internal error: insufficient space for log lineinvalid Authentication Handle for SecurIDinvalid authentication methodsinvalid authentication typeinvalid filter option: %sinvalid max wait: %sinvalid passcode length for SecurIDinvalid regex: %sinvalid regular expression: %sinvalid speed factor: %sinvalid sudoOrder attribute: %sinvalid timing file line: %sinvalid uri: %sinvalid username length for SecurIDldap.conf path: %s ldap.secret path: %s lost connection to authentication servernanosleep: tv_sec %ld, tv_nsec %ldno authentication methodsno editor found (editor path = %s)no ttyno valid sudoers sources found, quittingno value specified for `%s'nsswitch path: %s only root can use `-c %s'option `%s' does not take a valuepam_authenticate: %spam_chauthtok: %sparse error in %sparse error in %s parse error in %s near line %dparse error in %s near line %d perm stack overflowperm stack underflowpress return to edit %s: problem with defaults entriessorry, you are not allowed to preserve the environmentsorry, you are not allowed to set the following environment variables: %ssorry, you must have a tty to run sudospecified editor (%s) doesn't existstart_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()sudo_ldap_build_pass1 allocation mismatchsudo_ldap_conf_add_ports: out of space expanding hostbufsudo_ldap_conf_add_ports: port too largesudo_ldap_parse_uri: out of space building hostbufsudo_putenv: corrupted envp, length mismatchsudoers specifies that root is not allowed to sudotimestamp owner (%s): No such usertimestamp path too long: %stimestamp too far in the future: %20.20stoo many levels of includestoo many parenthesized expressions, max %dtoo many processesunable to begin bsd authenticationunable to build time filterunable to cache gid %u, already existsunable to cache group %s, already existsunable to cache group list for %s, already existsunable to cache uid %u, already existsunable to cache user %s, already existsunable to change mode of %s to 0%ounable to change to root gidunable to change to runas gidunable to change to runas uidunable to change to sudoers gidunable to commit audit recordunable to connect to authentication serverunable to contact the SecurID serverunable to create %sunable to dlopen %s: %sunable to dup stdin: %munable to execute %sunable to execute %s: %munable to find symbol "%s" in %sunable to find symbol "group_plugin" in %sunable to forkunable to fork: %munable to format timestampunable to get GMT timeunable to get login class for user %sunable to initialize LDAP: %sunable to initialize PAMunable to initialize SIA sessionunable to initialize SSL cert and key db: %sunable to lock log file: %s: %sunable to mix ldap and ldaps URIsunable to mix ldaps and starttlsunable to mkdir %sunable to open %sunable to open audit systemunable to open log file: %s: %sunable to open pipe: %munable to parse groups for %sunable to re-open temporary file (%s), %s unchanged.unable to read %sunable to read fwtk configunable to remove %s, will reset to the epochunable to reset %s to the epochunable to resolve host %sunable to run %sunable to send audit messageunable to set (uid, gid) of %s to (%u, %u)unable to set runas group vectorunable to set tty to raw modeunable to setup authenticationunable to stat %sunable to stat editor (%s)unable to stat temporary file (%s), %s unchangedunable to write to %sunabled to parse temporary file (%s), unknown errorunknown SecurID errorunknown defaults entry `%s'unknown group: %sunknown login class: %sunknown search term "%s"unknown uid: %uunknown user: %sunmatched '(' in expressionunmatched ')' in expressionunsupported LDAP uri type: %susage: %s [-h] [-d directory] -l [search expression] usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID user NOT authorized on hostuser NOT in sudoersvalidation failurevalue `%s' is invalid for option `%s'values for `%s' must start with a '/'write errorwriting to standard outputyou are not permitted to use the -C optionyou do not exist in the %s databaseyou must set TLS_CERT in %s to use SSLzero length temporary file (%s), %s unchangedProject-Id-Version: sudoers 1.8.7b1 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-04-02 10:40-0400 PO-Revision-Date: 2013-04-06 09:44+0100 Last-Translator: Klemen KoÅ¡ir Language-Team: Slovenian Language: sl MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=4; plural=(n%100==1 ? 1 : n%100==2 ? 2 : n%100==3 || n%100==4 ? 3 : 0); X-Generator: Poedit 1.5.5 gostitelj se ne ujema Ukaz je dovoljen Ukaz je bil zavrnjen Ukaz se ne ujema Vloga LDAP: %s Vloga LDAP: NEZNANA Možnosti: -c naÄin samo preverjanja -f sudoers doloÄi mesto datoteke sudoers -h prikaži sporoÄilo pomoÄi in konÄaj -q manj podroben izpis (tih) sporoÄil skladenjskih napak -s strogo preverjanje skladnje -V prikaži podrobnosti razliÄice in konÄaj Možnosti: -d mapa doloÄi mapo za dnevnike sej -f filter navedi, katera vrsta I/O se naj prikaže -h prikaži sporoÄilo pomoÄi in konÄaj -l [izraz] navedi razpoložljive ID-je sej, ki se ujemajo z izrazom -m zg_meja_Äakanja najveÄje Å¡tevilo sekund za Äakanje med dogodki -s faktor_hitrosti pospeÅ¡i ali upoÄasni izhod -V prikaži podrobnosti o razliÄici in konÄaj Vnos sudoers: Pot sudoers: %s Verjetno vam je skrbnik sistemov že pridigal o varnosti, vendar si vseeno zapomnite naslednja pravila: #1) SpoÅ¡tujte zasebnost drugih. #2) Premislite, preden izvedete ukaze. #3) Velika moÄ prinaÅ¡a veliko odgovornost. Ukazi: Možnosti: Vrstni red: %s ZaženiKotSkupine: ZaženiKotUporabniki: %8s : %s%8s : (ukaz) %s%d nepravilnih poskusov vnosa gesla%d nepravilen poskus vnosa gesla%d nepravilna poskusa vnosa gesla%d nepravilni poskusi vnosa gesla%s - ponovno predvajaj dnevnike sej sudo %s - varno uredi datoteko sudoers %s in %s nista na enakem datoteÄnem sistemu, uporaba mv za preimenovanje%s zaseden, poskusite ponovno pozneje%s že obstaja, toda ni mapa (0%o)%s obstaja, toda ni obiÄajna datoteka (0%o)%s razliÄica slovnice %d %s ni obiÄajna datoteka%s nima dovoljenj za izvajanje sudo na %s. Ta dogodek bo zabeležen. %s ni v datoteki sudoers. Ta dogodek bo zabeležen. %s je v lasti ID-ja skupine %u, moral bi biti %u%s je v lasti ID-ja uporabnika %u, moral bi biti %uv datoteko %s lahko zapisujejo vsi uporabniki%s mora biti v lasti ID-ja uporabnika %d%s mora biti zapisljiv samo za lastnika%s je v lasti ID-ja uporabnika %u, moral bi biti ID uporabnika %u%s zahteva argument%s nespremenjeno%s razliÄica %s %s je zapisljiv za ne-lastnika (0%o), moral bi biti naÄin 0600%s je zapisljiv za ne-lastnika (0%o), moral bi biti naÄin 0700%s/%.2s/%.2s/%.2s/Äasovna uskladitev: %s%s/%s/Äasovna uskladitev: %s%s: ni mogoÄe preveriti TGT! Možen napad!: %s%s: slaba dovoljenja, moral bi biti naÄin 0%o %s: ukaza ni bilo mogoÄe najti%s: nezdružljiva veÄja razliÄica vstavka skupin %d, priÄakovana %d%s: uspeÅ¡no razÄlenjeno %s: ni mogoÄe dodeliti možnosti: %s%s: ni mogoÄe dobiti poverila: %s%s: ni mogoÄe pridobiti predstojnika gostitve: %s%s: ni mogoÄe zaÄeti ccache: %s%s: ni mogoÄe razÄleniti '%s': %s%s: ni mogoÄe razreÅ¡iti ccache: %s%s: ni mogoÄe shraniti cred v ccache: %s%s: ni mogoÄe odrazÄleniti princ ('%s'): %s%s: neuporabljen %s_Alias %s%s: napaÄen lastnik (ID uporabnika, ID skupine) moralo bi biti (%u, %u) *** Varnostni podatki za %h ***RaÄun je potekel ali pa nastavitvam PAM primanjkuje odsek "account" za sudo, obrnite se na sistemskega skrbnikaGeslo ali raÄun je potekel, ponastavite svoje geslo in poskusite znovaDodaj vstop datoteki utmp/utmpx, kadar se dodeljuje ptyNaslov poÅ¡iljatelja poÅ¡te: %sNaslov prejemnika poÅ¡te: %sVzdevek `%s' je že doloÄenDovoli zbrati nekaj podrobnosti za uporabna sporoÄila napakDovoli programu sudo, da vpraÅ¡a za geslo, Äeprav bi bilo le-to vidnoDovoli uporabnikom nastavljanje poljubnih spremenljivk okoljaVedno zaženi ukaze v psevdo-ttyVedno poÅ¡lji poÅ¡to, kadar se zažene sudoVedno postavi $HOME domaÄi mapi ciljnega uporabnikaUveljavi privzete vrednosti v ciljnem uporabniÅ¡kem razredu prijave, Äe le ta obstajaNaÄini overjanja:ÄŒasovni potek overitve Äasovnega žiga: %.1f minutStisni dnevnike I/O s pomoÄjo zlibPogoja presoje varnosti ni bilo mogoÄe doloÄitiUstvari sejo PAM, v kateri se bodo ukazi izvajaliPrivzeti poziv gesla: %sPrivzet uporabnik za izvajanje ukazov kot: %sMapa, v kateri bodo shranjeni dnevniki vnosov/izpisov: %sNe zaÄenjaj vektorja skupine ciljnega uporabnikaSpremenljivke okolja, ki bodo preverjene za smiselnost:Spremenljivke okolja za ohranitev:Spremenljivke okolja za odstranitev:Napaka: %s_Alias `%s' sklicevan, toda ne doloÄenNapaka: kroženje v %s_Alias `%s'Datoteka, ki vsebuje poduk sudo: %sOpisniki datotek >= %d bodo konÄani pred izvedbo ukazaDatoteka, v kateri bo shranjen dnevnik vnosov/izpisov: %sZastavice za program poÅ¡te: %sÄŒe je mapa LDAP na voljo, bodo krajevne datoteke sudoers prezrteÄŒe je poziv gesla nastavljen, bo prepisal sistemski poziv v vseh primerih.ÄŒe je nastavljeno, lahko uporabniki prepiÅ¡ejo vrednost `closefrom' z možnostjo -CÄŒe je sudo poklican brez argumentov, zaÄni lupinoPrezri '.' v $PATHNepravilno sporoÄilo gesla: %sUžali uporabnika, ko vnese nepravilno gesloNeveljavni naÄini overitve so kodno prevedeni v sudo! MeÅ¡ate lahko samostojno in nesamostojno overjanje.PoduÄi uporabnika, ko prviÄ zažene sudoDolžina, pri kateri se naj prelomijo vrstice datotek beleženja (0 za brez lomljenja):% dPari krajevnih naslovov IP in omrežnih mask: Jezikovna oznaka za uporabo pri razÄlenjevanju sudoers: %sGeometrija dnevnika je %d x %d, medtem ko je geometrija terminala %d x %d.Beleži ime gostitelja v datoteko dnevnika (ne v sistemski dnevnik)Beleži izpis ukaza, ki se izvajaBeleži leto v (ne-syslog) dnevniÅ¡ko datotekoBeleži vnos uporabnika za ukaz, ki se izvajaUjemajoÄi vpisi privzetih vrednosti za %s na tem gostitelju: NajveÄja zaporedna Å¡tevilka dnevnika I/OBrez uporabnika ali gostiteljaÅ tevilo poskusov vnosa gesla: %dDovoli uporabniku zagnati sudo samo v primeru, Äe imajo ttyNastavi samo dejanski ID uporabnika ciljnemu uporabniku, ne resniÄnega ID-jaMožnosti so: (e)ponovno uredi datoteko sudoers (x)konÄaj brez shranjevanja sprememb v datoteko sudoers (Q)konÄaj in shrani spremembe v datoteko sudoers (NEVARNOST!) Lastnik mape Äasovnega žiga overitve: %sVeljavnost gesla je potekla. Stopite v stik s svojim sistemskim skrbnikomZakasnitev poziva gesla: %.1f minutGeslo:Geslo: Pot do mape Äasovnega žiga overitve: %sPot do datoteke beleženja: %sPot do programa poÅ¡te: %sPot do urejevalnika za uporabo z visudo: %sPot do doloÄene sudo datoteke okolja: %sVstavek za podporo skupinam, ki niso del Unixa: %sPrednaloži preizkusne funkcije, shranjene v knjižnici sudo_noexecPozovi za geslo skrbnika, ne uporabnikaPozovi za geslo uporabnika runas_default namesto uporabnikovega geslaPozovi za geslo ciljnega uporabnika namesto uporabnikovegaZagotovi viden odziv ob vnosu gesla ob vnosu uporabnikapostavi poziv OTP v svojo vrsticoIzpisovanje dnevnika seje sudo: %s Zahtevaj povsem uvrÅ¡Äena imena gostiteljev v datoteki sudoersPrivzeto zahtevaj od uporabnikov, da se overijoPonastavi okolje na privzet nabor spremenljivkSkrbnik lahko zažene sudoZaženi ukaze v terminalu v ozadjuRunas in ukazno doloÄene privzete vrednosti za %s: Vloga SELinux za uporabo v novi vsebini varnosti: %sVrsta SELinux za uporabo v novi vsebini varnosti: %ssporazumevanje SecurID je spodleteloPoÅ¡lji poÅ¡to, Äe uporabniku ni dovoljeno zagnati ukazaPoÅ¡lji poÅ¡to, Äe uporabnik ni v sudoersPoÅ¡lji poÅ¡to, Äe uporabnik ni v sudoers za tega gostiteljaPoÅ¡lji poÅ¡to, Äe overitev uporabnika spodletiPostavi $HOME ciljnemu uporabniku, kadar se zaÄne lupina s -sNiz omejenih dovoljenjNiz omogoÄenih dovoljenjNastavi spremenljivke okolja LOGNAME in USERNastavi uporabnika v utmp uporabniku runas, ne poklicanemu uporabnikuProsimo, poskusite znova.Uporabnik %s ne sme zagnati '%s%s%s' kot %s%s%s na %s. Uporabnik %s ne sme izvajati sudo na %s. Vrstica zadeve za poÅ¡tna sporoÄila: %sDatoteka slovnice sudoers razliÄica %d Vstavek pravilnika sudoers razliÄica %s PripomoÄek syslog, Äe se syslog uporablja za beleženje: %sPrednost syslog, ko se uporabnik uspeÅ¡no overi: %sPrednost syslog, ko se uporabnik ne overi uspeÅ¡no: %sUporabniÅ¡ka maska v sudoers bo prepisala uporabnikovo tudi, Äe je bolj premisivnaNi naÄinov overitve, kodno prevedenih v sudo! ÄŒe želite izklopiti overjanje, uporabite nastavitveno možnost --disable-authentication.UporabniÅ¡ka maska, ki bo uporabljena ali 0777 za uporabo uporabnikove: 0%oni mogoÄe uporabiti dlopen %s: %sVira SSS ni mogoÄe zagnati. Ali je SSSD pravilno nameÅ¡Äen?Uporabi loÄen Äasovni žig za vsako kombinacijo uporabnik/ttyUporabi hitrejÅ¡e razÅ¡irjanje imen poti, ki je manj natanÄno, vendar ne dostopa do datoteÄnega sistemaUporabniku %s ni dovoljeno zagnati sudo na %s. Na tem gostitelju lahko uporabnik %s zažene naslednje ukaze: ID uporabnika je zaklenjen zaradi overitve SecurIDUporabnikov v tej skupini zahteve gesla in PATH ne omejujejo: %sVrednost, s katerim se bo prepisal $PATH uporabnika: %sVisudo bo spoÅ¡toval spremenljivko okolja UREJEVALNIKAWarning: %s_Alias `%s' sklicevan, toda ne doloÄenOpozorilo: kroženje v %s_Alias `%s'Opozorilo: terminal je premajhen za pravilno izpisovanje dnevnika. Kaj pa zdaj? Kdaj naj bo zahtevano geslo za psevdoukaz 'list': %sKdaj naj bo zahtevano geslo za psevdoukaz 'verify': %szahtevano je geslopotrditev veljavnosti raÄuna je spodletela, je vaÅ¡ raÄun zaklenjen?dvoumen izraz "%s"au_open: spodleteloau_to_exec_args: spodleteloau_to_return32: spodleteloau_to_subject: spodleteloau_to_text: spodletelonapaka overitvenapaka strežnika overitve: %sukaz je spodletel: '%s %s %s', %s nespremenjenukaz v trenutni mapiukaz ni dovoljenni mogoÄe razÄleniti datuma "%s"urejevalnik (%s) je spodletel, %s nespremenjennapaka med preimenovanjem %s, %s nespremenjenzaÄenjanje knjižnice ACE API je spodletelorazÄlenjevanje datoteke %s je spodletelo, neznana napakafill_args: prekoraÄitev medpomnilnikagetaudit: spodletelogetauid je spodletelgetauid: spodleteloprezrtje `%s', najdenega v '.' Uporabite `sudo ./%s', Äe je to `%s', ki ga želite zagnati.neveljaven zakljuÄni "!"neveljaven zakljuÄni "or"notranja napaka, prekoraÄitev funkcije %snotranja napaka, na seznamu ni mogoÄe najti %s!notranja napaka: premalo prostora za vrstico dnevnikaneveljavna roÄica overitve za SecurIDneveljavni naÄini overitveneveljavna vrsta overitveneveljavna možnost filtra: %sneveljavna zgornja meja Äakanja: %sneveljavna dolžina gesla za SecurIDneveljavni logiÄni izraz: %sneveljaven logiÄni izraz: %sneveljaven dejavnik hitrosti: %sneveljaven atribut sudoOrder: %sneveljavna vrstica datoteke Äasovne uskladitve: %sneveljaven uri: %sneveljavna dolžina imena uporabnika za SecurIDpot ldap.conf: %s pot ldap.secret: %s povezava s strežnikom overitve je bila izgubljenananosleep: tv_sec %ld, tv_nsec %ldni naÄinov overjanjanajdenega ni nobenega urejevalnika (pot urejevalnika = %s)brez ttynajdenih niso bili nobeni veljavni viri sudoers, konÄanjeza `%s' ni doloÄena nobena vrednostpot nsswitch: %s samo skrbnik lahko uporabi `-c %s'možnost `%s' ne sprejme vrednostipam_authenticate: %spam_chauthtok: %snapaka med razÄlenjevanjem datoteke %snapaka razÄlenjevanja v %s napaka razÄlenjevanja v %s blizu vrstice %dnapaka razÄlenjevanja v %s blizu vrstice %d prekoraÄitev trajnega skladaprekoraÄitev spodnje meje trajnega skladaza urejanje %s pritisnite return: težave z vnosi privzetih vrednostinimate dovoljenj za ohranjanje okoljanimate dovoljenj nastavljati naslednjih spremenljivk okolja: %sza izvajanje sudo morate imeti ttydoloÄen urejevalnik (%s) se ne konÄastart_tls je doloÄen, toda knjižnice LDAP ne podpirajo ldap_start_tls_s() ali ldap_start_tls_s_np()sudo_ldap_build_pass1 neujemanje dodelitvesudo_ldap_conf_add_ports: med razÅ¡irjanjem hostbuf je zmanjkalo prostorasudo_ldap_conf_add_ports: vrednost vrat je prevelikasudo_ldap_parse_uri: med izgradnjo hostbuf je zmanjkalo prostorasudo_putenv: pokvarjen envp, neujemanje dolžinesudoers doloÄa, da skrbniku ni dovoljeno uporabiti sudolastnik Äasovnega žiga (%s): ni takÅ¡nega uporabnikapot Äasovnega žiga je predolga : %sÄasovni žig je predaleÄ v prihodnosti: %20.20spreveÄ stopenj vkljuÄitevpreveÄ izrazov z oklepaji, najveÄje Å¡tevilo %dpreveÄ opravilni mogoÄe zaÄeti overitve bsdni mogoÄe izgraditi Äasovnega filtrani mogoÄe predpomniti ID-ja skupine %u, že obstajani mogoÄe predpomniti skupine %s, že obstajaseznama skupina za %s ni mogoÄe predpomniti, saj že obstajani mogoÄe predpomniti ID-ja uporabnika %u, že obstajani mogoÄe predpomniti uporabnika %s, že obstajani mogoÄe spremeniti naÄina iz %s na 0%oÅ¡tevilke skupine skrbnika ni mogoÄe spremenitini mogoÄe spremeniti v ID-ja skupine runasni mogoÄe spremeniti v ID-ja uporabnika runasni mogoÄe spremeniti ID-ja skupine sudoersni bilo mogoÄe uveljaviti zapisa presoje varnostini se mogoÄe povezati s strežnikom overitveni mogoÄe navezati stika s strežnikom SecurIDni mogoÄe ustvariti %sni mogoÄe uporabiti dlopen %s: %sni mogoÄe podvojiti stdin: %mni mogoÄe izvrÅ¡iti %sni mogoÄe izvesti %s: %msimbola "%s" ni mogoÄe najti v %sni mogoÄe najti simbola "group_plugin" v %sni mogoÄe razvejitini mogoÄe razvejiti: %mni mogoÄe oblikovati Äasovnega žigani mogoÄe dobiti Äasa GMTprijavnega razreda uporabnika %s ni mogoÄe pridobitini mogoÄe zaÄeti LDAP: %sni mogoÄe zaÄeti PAMni mogoÄe zaÄeti seje SIAni mogoÄe zaÄenjati potrdila SSL in kljuÄa db: %sni mogoÄe zakleniti datoteke dnevnika: %s: %sni mogoÄe meÅ¡ati URI-jev ldap in ldapsni mogoÄe meÅ¡ati ldaps in starttlsustvarjenje mape %s z mkdir ni mogoÄeni mogoÄe odpreti %sni mogoÄe odpreti nadzornega sistemani mogoÄe odpreti datoteke dnevnika: %s: %sni mogoÄe odpreti cevi: %mskupin za %s ni mogoÄe razÄlenitini mogoÄe ponovno odpreti zaÄasne datoteke (%s), %s je nespremenjen.ni mogoÄe brati %sni mogoÄe brati nastavitev fwtk%s ni mogoÄe odstraniti%s ni mogoÄe ponastaviti na epohoni mogoÄe razreÅ¡iti gostitelja %sni mogoÄe zagnati %sni mogoÄe poslati nadzornega sporoÄilani mogoÄe nastaviti (ID uporabnika, ID skupine) od %s do (%u, %u)ni mogoÄe nastaviti vektorja skupine runasni mogoÄe nastaviti tty na surov naÄinni mogoÄe nastaviti overitvestanja %s ni mogoÄe dobitini mogoÄe zaÄeti urejevalnika (%s)ni mogoÄe zaÄeti zaÄasne datoteke (%s), %s nepsremenjenoni mogoÄe pisati v %sni mogoÄe razÄleniti zaÄasne datoteke (%s), neznana napakaneznana napaka SecurIDneznan privzet vnos `%s'neznana skupina: %sneznan razred prijave: %snaznan iskalni izraz "%s"neznan ID uporabnika: %uneznan uporabnik: %sv izrazu je neujemajoÄ '('v izrazu je neujemajoÄ ')'nepodprta vrsta uri-ja LDAP: %suporaba: %s [-h] [-d mapa] -l [iskalni izraz] uporaba: %s [-h] [-d mapa] [-m zg_meja_Äakanja] [-s faktor_hitrosti] ID uporabnik NI pooblaÅ¡Äen na gostiteljuuporabnika NI v sudoerspotrjevanje veljavnosti ni uspelovrednost `%s' je neveljavna za možnost `%s'vrednosti za `%s' se morajo zaÄeti s '/'napaka med pisanjempisanje na standardni izhodni vam dovoljeno uporabiti možnosti -Cne obstajate v podatkovni zbirki %sza uporabo SSL-ja morate nastaviti TSL_CERT v datoteki %szaÄasna datoteka brez dolžine (%s), %s nespremenjenasudo-1.8.9p5/plugins/sudoers/po/sl.po010064400175440000012000001520341226304126300171110ustar00millertstaff# Slovenian translation of sudo. # This file is put in the public domain. # This file is distributed under the same license as the sudo package. # # Damir JerovÅ¡ek , 2012. # Klemen KoÅ¡ir , 2012 - 2013. # msgid "" msgstr "" "Project-Id-Version: sudoers 1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-04-02 10:40-0400\n" "PO-Revision-Date: 2013-04-06 09:44+0100\n" "Last-Translator: Klemen KoÅ¡ir \n" "Language-Team: Slovenian \n" "Language: sl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=4; plural=(n%100==1 ? 1 : n%100==2 ? 2 : n%100==3 || n%100==4 ? 3 : 0);\n" "X-Generator: Poedit 1.5.5\n" #: confstr.sh:2 plugins/sudoers/auth/pam.c:340 msgid "Password:" msgstr "Geslo:" #: confstr.sh:3 msgid "*** SECURITY information for %h ***" msgstr "*** Varnostni podatki za %h ***" #: confstr.sh:4 msgid "Sorry, try again." msgstr "Prosimo, poskusite znova." #: plugins/sudoers/alias.c:124 #, c-format msgid "Alias `%s' already defined" msgstr "Vzdevek `%s' je že doloÄen" #: plugins/sudoers/auth/bsdauth.c:77 #, c-format msgid "unable to get login class for user %s" msgstr "prijavnega razreda uporabnika %s ni mogoÄe pridobiti" #: plugins/sudoers/auth/bsdauth.c:83 msgid "unable to begin bsd authentication" msgstr "ni mogoÄe zaÄeti overitve bsd" #: plugins/sudoers/auth/bsdauth.c:91 msgid "invalid authentication type" msgstr "neveljavna vrsta overitve" #: plugins/sudoers/auth/bsdauth.c:100 msgid "unable to setup authentication" msgstr "ni mogoÄe nastaviti overitve" #: plugins/sudoers/auth/fwtk.c:59 #, c-format msgid "unable to read fwtk config" msgstr "ni mogoÄe brati nastavitev fwtk" #: plugins/sudoers/auth/fwtk.c:64 #, c-format msgid "unable to connect to authentication server" msgstr "ni se mogoÄe povezati s strežnikom overitve" #: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 #: plugins/sudoers/auth/fwtk.c:127 #, c-format msgid "lost connection to authentication server" msgstr "povezava s strežnikom overitve je bila izgubljena" #: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" "napaka strežnika overitve:\n" "%s" #: plugins/sudoers/auth/kerb5.c:116 #, c-format msgid "%s: unable to unparse princ ('%s'): %s" msgstr "%s: ni mogoÄe odrazÄleniti princ ('%s'): %s" #: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: ni mogoÄe razÄleniti '%s': %s" #: plugins/sudoers/auth/kerb5.c:169 #, c-format msgid "%s: unable to resolve ccache: %s" msgstr "%s: ni mogoÄe razreÅ¡iti ccache: %s" #: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: ni mogoÄe dodeliti možnosti: %s" #: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: ni mogoÄe dobiti poverila: %s" #: plugins/sudoers/auth/kerb5.c:246 #, c-format msgid "%s: unable to initialize ccache: %s" msgstr "%s: ni mogoÄe zaÄeti ccache: %s" #: plugins/sudoers/auth/kerb5.c:250 #, c-format msgid "%s: unable to store cred in ccache: %s" msgstr "%s: ni mogoÄe shraniti cred v ccache: %s" #: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: ni mogoÄe pridobiti predstojnika gostitve: %s" #: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: ni mogoÄe preveriti TGT! Možen napad!: %s" #: plugins/sudoers/auth/pam.c:100 msgid "unable to initialize PAM" msgstr "ni mogoÄe zaÄeti PAM" #: plugins/sudoers/auth/pam.c:145 msgid "account validation failure, is your account locked?" msgstr "potrditev veljavnosti raÄuna je spodletela, je vaÅ¡ raÄun zaklenjen?" #: plugins/sudoers/auth/pam.c:149 msgid "Account or password is expired, reset your password and try again" msgstr "Geslo ali raÄun je potekel, ponastavite svoje geslo in poskusite znova" #: plugins/sudoers/auth/pam.c:156 #, c-format msgid "pam_chauthtok: %s" msgstr "pam_chauthtok: %s" #: plugins/sudoers/auth/pam.c:160 msgid "Password expired, contact your system administrator" msgstr "Veljavnost gesla je potekla. Stopite v stik s svojim sistemskim skrbnikom" #: plugins/sudoers/auth/pam.c:164 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "RaÄun je potekel ali pa nastavitvam PAM primanjkuje odsek \"account\" za sudo, obrnite se na sistemskega skrbnika" #: plugins/sudoers/auth/pam.c:181 #, c-format msgid "pam_authenticate: %s" msgstr "pam_authenticate: %s" #: plugins/sudoers/auth/pam.c:339 msgid "Password: " msgstr "Geslo: " #: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212 #, c-format msgid "you do not exist in the %s database" msgstr "ne obstajate v podatkovni zbirki %s" #: plugins/sudoers/auth/securid5.c:80 #, c-format msgid "failed to initialise the ACE API library" msgstr "zaÄenjanje knjižnice ACE API je spodletelo" #: plugins/sudoers/auth/securid5.c:106 #, c-format msgid "unable to contact the SecurID server" msgstr "ni mogoÄe navezati stika s strežnikom SecurID" #: plugins/sudoers/auth/securid5.c:115 #, c-format msgid "User ID locked for SecurID Authentication" msgstr "ID uporabnika je zaklenjen zaradi overitve SecurID" #: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 #, c-format msgid "invalid username length for SecurID" msgstr "neveljavna dolžina imena uporabnika za SecurID" #: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 #, c-format msgid "invalid Authentication Handle for SecurID" msgstr "neveljavna roÄica overitve za SecurID" #: plugins/sudoers/auth/securid5.c:127 #, c-format msgid "SecurID communication failed" msgstr "sporazumevanje SecurID je spodletelo" #: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 #, c-format msgid "unknown SecurID error" msgstr "neznana napaka SecurID" #: plugins/sudoers/auth/securid5.c:165 #, c-format msgid "invalid passcode length for SecurID" msgstr "neveljavna dolžina gesla za SecurID" #: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "ni mogoÄe zaÄeti seje SIA" #: plugins/sudoers/auth/sudo_auth.c:119 msgid "invalid authentication methods" msgstr "neveljavni naÄini overitve" #: plugins/sudoers/auth/sudo_auth.c:120 msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication." msgstr "Neveljavni naÄini overitve so kodno prevedeni v sudo! MeÅ¡ate lahko samostojno in nesamostojno overjanje." #: plugins/sudoers/auth/sudo_auth.c:203 msgid "no authentication methods" msgstr "ni naÄinov overjanja" #: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "Ni naÄinov overitve, kodno prevedenih v sudo! ÄŒe želite izklopiti overjanje, uporabite nastavitveno možnost --disable-authentication." #: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "NaÄini overjanja:" #: plugins/sudoers/bsm_audit.c:60 plugins/sudoers/bsm_audit.c:63 #: plugins/sudoers/bsm_audit.c:112 plugins/sudoers/bsm_audit.c:116 #: plugins/sudoers/bsm_audit.c:168 plugins/sudoers/bsm_audit.c:172 #, c-format msgid "getaudit: failed" msgstr "getaudit: spodletelo" #: plugins/sudoers/bsm_audit.c:90 plugins/sudoers/bsm_audit.c:153 #, c-format msgid "Could not determine audit condition" msgstr "Pogoja presoje varnosti ni bilo mogoÄe doloÄiti" #: plugins/sudoers/bsm_audit.c:101 #, c-format msgid "getauid failed" msgstr "getauid je spodletel" #: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162 #, c-format msgid "au_open: failed" msgstr "au_open: spodletelo" #: plugins/sudoers/bsm_audit.c:118 plugins/sudoers/bsm_audit.c:174 #, c-format msgid "au_to_subject: failed" msgstr "au_to_subject: spodletelo" #: plugins/sudoers/bsm_audit.c:122 plugins/sudoers/bsm_audit.c:178 #, c-format msgid "au_to_exec_args: failed" msgstr "au_to_exec_args: spodletelo" #: plugins/sudoers/bsm_audit.c:126 plugins/sudoers/bsm_audit.c:187 #, c-format msgid "au_to_return32: failed" msgstr "au_to_return32: spodletelo" #: plugins/sudoers/bsm_audit.c:129 plugins/sudoers/bsm_audit.c:190 #, c-format msgid "unable to commit audit record" msgstr "ni bilo mogoÄe uveljaviti zapisa presoje varnosti" #: plugins/sudoers/bsm_audit.c:160 #, c-format msgid "getauid: failed" msgstr "getauid: spodletelo" #: plugins/sudoers/bsm_audit.c:183 #, c-format msgid "au_to_text: failed" msgstr "au_to_text: spodletelo" #: plugins/sudoers/check.c:174 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" "Administrator. It usually boils down to these three things:\n" "\n" " #1) Respect the privacy of others.\n" " #2) Think before you type.\n" " #3) With great power comes great responsibility.\n" "\n" msgstr "" "\n" "Verjetno vam je skrbnik sistemov že pridigal o varnosti,\n" "vendar si vseeno zapomnite naslednja pravila:\n" "\n" " #1) SpoÅ¡tujte zasebnost drugih.\n" " #2) Premislite, preden izvedete ukaze.\n" " #3) Velika moÄ prinaÅ¡a veliko odgovornost.\n" "\n" #: plugins/sudoers/check.c:212 plugins/sudoers/check.c:218 #: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566 #, c-format msgid "unknown uid: %u" msgstr "neznan ID uporabnika: %u" #: plugins/sudoers/check.c:215 plugins/sudoers/policy.c:635 #: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215 #: plugins/sudoers/testsudoers.c:359 #, c-format msgid "unknown user: %s" msgstr "neznan uporabnik: %s" #: plugins/sudoers/def_data.c:27 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "PripomoÄek syslog, Äe se syslog uporablja za beleženje: %s" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "Prednost syslog, ko se uporabnik uspeÅ¡no overi: %s" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "Prednost syslog, ko se uporabnik ne overi uspeÅ¡no: %s" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" msgstr "postavi poziv OTP v svojo vrstico" #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" msgstr "Prezri '.' v $PATH" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" msgstr "Vedno poÅ¡lji poÅ¡to, kadar se zažene sudo" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" msgstr "PoÅ¡lji poÅ¡to, Äe overitev uporabnika spodleti" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" msgstr "PoÅ¡lji poÅ¡to, Äe uporabnik ni v sudoers" #: plugins/sudoers/def_data.c:59 msgid "Send mail if the user is not in sudoers for this host" msgstr "PoÅ¡lji poÅ¡to, Äe uporabnik ni v sudoers za tega gostitelja" #: plugins/sudoers/def_data.c:63 msgid "Send mail if the user is not allowed to run a command" msgstr "PoÅ¡lji poÅ¡to, Äe uporabniku ni dovoljeno zagnati ukaza" #: plugins/sudoers/def_data.c:67 msgid "Use a separate timestamp for each user/tty combo" msgstr "Uporabi loÄen Äasovni žig za vsako kombinacijo uporabnik/tty" #: plugins/sudoers/def_data.c:71 msgid "Lecture user the first time they run sudo" msgstr "PoduÄi uporabnika, ko prviÄ zažene sudo" #: plugins/sudoers/def_data.c:75 #, c-format msgid "File containing the sudo lecture: %s" msgstr "Datoteka, ki vsebuje poduk sudo: %s" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" msgstr "Privzeto zahtevaj od uporabnikov, da se overijo" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" msgstr "Skrbnik lahko zažene sudo" #: plugins/sudoers/def_data.c:87 msgid "Log the hostname in the (non-syslog) log file" msgstr "Beleži ime gostitelja v datoteko dnevnika (ne v sistemski dnevnik)" #: plugins/sudoers/def_data.c:91 msgid "Log the year in the (non-syslog) log file" msgstr "Beleži leto v (ne-syslog) dnevniÅ¡ko datoteko" #: plugins/sudoers/def_data.c:95 msgid "If sudo is invoked with no arguments, start a shell" msgstr "ÄŒe je sudo poklican brez argumentov, zaÄni lupino" #: plugins/sudoers/def_data.c:99 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "Postavi $HOME ciljnemu uporabniku, kadar se zaÄne lupina s -s" #: plugins/sudoers/def_data.c:103 msgid "Always set $HOME to the target user's home directory" msgstr "Vedno postavi $HOME domaÄi mapi ciljnega uporabnika" #: plugins/sudoers/def_data.c:107 msgid "Allow some information gathering to give useful error messages" msgstr "Dovoli zbrati nekaj podrobnosti za uporabna sporoÄila napak" #: plugins/sudoers/def_data.c:111 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "Zahtevaj povsem uvrÅ¡Äena imena gostiteljev v datoteki sudoers" #: plugins/sudoers/def_data.c:115 msgid "Insult the user when they enter an incorrect password" msgstr "Užali uporabnika, ko vnese nepravilno geslo" #: plugins/sudoers/def_data.c:119 msgid "Only allow the user to run sudo if they have a tty" msgstr "Dovoli uporabniku zagnati sudo samo v primeru, Äe imajo tty" #: plugins/sudoers/def_data.c:123 msgid "Visudo will honor the EDITOR environment variable" msgstr "Visudo bo spoÅ¡toval spremenljivko okolja UREJEVALNIKA" #: plugins/sudoers/def_data.c:127 msgid "Prompt for root's password, not the users's" msgstr "Pozovi za geslo skrbnika, ne uporabnika" #: plugins/sudoers/def_data.c:131 msgid "Prompt for the runas_default user's password, not the users's" msgstr "Pozovi za geslo uporabnika runas_default namesto uporabnikovega gesla" #: plugins/sudoers/def_data.c:135 msgid "Prompt for the target user's password, not the users's" msgstr "Pozovi za geslo ciljnega uporabnika namesto uporabnikovega" #: plugins/sudoers/def_data.c:139 msgid "Apply defaults in the target user's login class if there is one" msgstr "Uveljavi privzete vrednosti v ciljnem uporabniÅ¡kem razredu prijave, Äe le ta obstaja" #: plugins/sudoers/def_data.c:143 msgid "Set the LOGNAME and USER environment variables" msgstr "Nastavi spremenljivke okolja LOGNAME in USER" #: plugins/sudoers/def_data.c:147 msgid "Only set the effective uid to the target user, not the real uid" msgstr "Nastavi samo dejanski ID uporabnika ciljnemu uporabniku, ne resniÄnega ID-ja" #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" msgstr "Ne zaÄenjaj vektorja skupine ciljnega uporabnika" #: plugins/sudoers/def_data.c:155 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %d" msgstr "Dolžina, pri kateri se naj prelomijo vrstice datotek beleženja (0 za brez lomljenja):% d" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "ÄŒasovni potek overitve Äasovnega žiga: %.1f minut" #: plugins/sudoers/def_data.c:163 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "Zakasnitev poziva gesla: %.1f minut" #: plugins/sudoers/def_data.c:167 #, c-format msgid "Number of tries to enter a password: %d" msgstr "Å tevilo poskusov vnosa gesla: %d" #: plugins/sudoers/def_data.c:171 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "UporabniÅ¡ka maska, ki bo uporabljena ali 0777 za uporabo uporabnikove: 0%o" #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" msgstr "Pot do datoteke beleženja: %s" #: plugins/sudoers/def_data.c:179 #, c-format msgid "Path to mail program: %s" msgstr "Pot do programa poÅ¡te: %s" #: plugins/sudoers/def_data.c:183 #, c-format msgid "Flags for mail program: %s" msgstr "Zastavice za program poÅ¡te: %s" #: plugins/sudoers/def_data.c:187 #, c-format msgid "Address to send mail to: %s" msgstr "Naslov prejemnika poÅ¡te: %s" #: plugins/sudoers/def_data.c:191 #, c-format msgid "Address to send mail from: %s" msgstr "Naslov poÅ¡iljatelja poÅ¡te: %s" #: plugins/sudoers/def_data.c:195 #, c-format msgid "Subject line for mail messages: %s" msgstr "Vrstica zadeve za poÅ¡tna sporoÄila: %s" #: plugins/sudoers/def_data.c:199 #, c-format msgid "Incorrect password message: %s" msgstr "Nepravilno sporoÄilo gesla: %s" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "Pot do mape Äasovnega žiga overitve: %s" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "Lastnik mape Äasovnega žiga overitve: %s" #: plugins/sudoers/def_data.c:211 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "Uporabnikov v tej skupini zahteve gesla in PATH ne omejujejo: %s" #: plugins/sudoers/def_data.c:215 #, c-format msgid "Default password prompt: %s" msgstr "Privzeti poziv gesla: %s" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." msgstr "ÄŒe je poziv gesla nastavljen, bo prepisal sistemski poziv v vseh primerih." #: plugins/sudoers/def_data.c:223 #, c-format msgid "Default user to run commands as: %s" msgstr "Privzet uporabnik za izvajanje ukazov kot: %s" #: plugins/sudoers/def_data.c:227 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "Vrednost, s katerim se bo prepisal $PATH uporabnika: %s" #: plugins/sudoers/def_data.c:231 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "Pot do urejevalnika za uporabo z visudo: %s" #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "Kdaj naj bo zahtevano geslo za psevdoukaz 'list': %s" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "Kdaj naj bo zahtevano geslo za psevdoukaz 'verify': %s" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in the sudo_noexec library" msgstr "Prednaloži preizkusne funkcije, shranjene v knjižnici sudo_noexec" #: plugins/sudoers/def_data.c:247 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "ÄŒe je mapa LDAP na voljo, bodo krajevne datoteke sudoers prezrte" #: plugins/sudoers/def_data.c:251 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "Opisniki datotek >= %d bodo konÄani pred izvedbo ukaza" #: plugins/sudoers/def_data.c:255 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "ÄŒe je nastavljeno, lahko uporabniki prepiÅ¡ejo vrednost `closefrom' z možnostjo -C" #: plugins/sudoers/def_data.c:259 msgid "Allow users to set arbitrary environment variables" msgstr "Dovoli uporabnikom nastavljanje poljubnih spremenljivk okolja" #: plugins/sudoers/def_data.c:263 msgid "Reset the environment to a default set of variables" msgstr "Ponastavi okolje na privzet nabor spremenljivk" #: plugins/sudoers/def_data.c:267 msgid "Environment variables to check for sanity:" msgstr "Spremenljivke okolja, ki bodo preverjene za smiselnost:" #: plugins/sudoers/def_data.c:271 msgid "Environment variables to remove:" msgstr "Spremenljivke okolja za odstranitev:" #: plugins/sudoers/def_data.c:275 msgid "Environment variables to preserve:" msgstr "Spremenljivke okolja za ohranitev:" #: plugins/sudoers/def_data.c:279 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "Vloga SELinux za uporabo v novi vsebini varnosti: %s" #: plugins/sudoers/def_data.c:283 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "Vrsta SELinux za uporabo v novi vsebini varnosti: %s" #: plugins/sudoers/def_data.c:287 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "Pot do doloÄene sudo datoteke okolja: %s" #: plugins/sudoers/def_data.c:291 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "Jezikovna oznaka za uporabo pri razÄlenjevanju sudoers: %s" #: plugins/sudoers/def_data.c:295 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "Dovoli programu sudo, da vpraÅ¡a za geslo, Äeprav bi bilo le-to vidno" #: plugins/sudoers/def_data.c:299 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "Zagotovi viden odziv ob vnosu gesla ob vnosu uporabnika" #: plugins/sudoers/def_data.c:303 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "Uporabi hitrejÅ¡e razÅ¡irjanje imen poti, ki je manj natanÄno, vendar ne dostopa do datoteÄnega sistema" #: plugins/sudoers/def_data.c:307 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "UporabniÅ¡ka maska v sudoers bo prepisala uporabnikovo tudi, Äe je bolj premisivna" #: plugins/sudoers/def_data.c:311 msgid "Log user's input for the command being run" msgstr "Beleži vnos uporabnika za ukaz, ki se izvaja" #: plugins/sudoers/def_data.c:315 msgid "Log the output of the command being run" msgstr "Beleži izpis ukaza, ki se izvaja" #: plugins/sudoers/def_data.c:319 msgid "Compress I/O logs using zlib" msgstr "Stisni dnevnike I/O s pomoÄjo zlib" #: plugins/sudoers/def_data.c:323 msgid "Always run commands in a pseudo-tty" msgstr "Vedno zaženi ukaze v psevdo-tty" #: plugins/sudoers/def_data.c:327 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "Vstavek za podporo skupinam, ki niso del Unixa: %s" #: plugins/sudoers/def_data.c:331 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "Mapa, v kateri bodo shranjeni dnevniki vnosov/izpisov: %s" #: plugins/sudoers/def_data.c:335 #, c-format msgid "File in which to store the input/output log: %s" msgstr "Datoteka, v kateri bo shranjen dnevnik vnosov/izpisov: %s" #: plugins/sudoers/def_data.c:339 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "Dodaj vstop datoteki utmp/utmpx, kadar se dodeljuje pty" #: plugins/sudoers/def_data.c:343 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "Nastavi uporabnika v utmp uporabniku runas, ne poklicanemu uporabniku" #: plugins/sudoers/def_data.c:347 msgid "Set of permitted privileges" msgstr "Niz omogoÄenih dovoljenj" #: plugins/sudoers/def_data.c:351 msgid "Set of limit privileges" msgstr "Niz omejenih dovoljenj" #: plugins/sudoers/def_data.c:355 msgid "Run commands on a pty in the background" msgstr "Zaženi ukaze v terminalu v ozadju" #: plugins/sudoers/def_data.c:359 msgid "Create a new PAM session for the command to run in" msgstr "Ustvari sejo PAM, v kateri se bodo ukazi izvajali" #: plugins/sudoers/def_data.c:363 msgid "Maximum I/O log sequence number" msgstr "NajveÄja zaporedna Å¡tevilka dnevnika I/O" #: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587 #, c-format msgid "unknown defaults entry `%s'" msgstr "neznan privzet vnos `%s'" #: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225 #: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258 #: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284 #: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317 #: plugins/sudoers/defaults.c:327 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "vrednost `%s' je neveljavna za možnost `%s'" #: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 #: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253 #: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279 #: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312 #: plugins/sudoers/defaults.c:323 #, c-format msgid "no value specified for `%s'" msgstr "za `%s' ni doloÄena nobena vrednost" #: plugins/sudoers/defaults.c:241 #, c-format msgid "values for `%s' must start with a '/'" msgstr "vrednosti za `%s' se morajo zaÄeti s '/'" #: plugins/sudoers/defaults.c:303 #, c-format msgid "option `%s' does not take a value" msgstr "možnost `%s' ne sprejme vrednosti" #: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 #: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 #: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427 #: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654 #: plugins/sudoers/testsudoers.c:243 #, c-format msgid "internal error, %s overflow" msgstr "notranja napaka, prekoraÄitev funkcije %s" #: plugins/sudoers/env.c:367 #, c-format msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: pokvarjen envp, neujemanje dolžine" #: plugins/sudoers/env.c:1012 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "nimate dovoljenj nastavljati naslednjih spremenljivk okolja: %s" #: plugins/sudoers/group_plugin.c:102 #, c-format msgid "%s must be owned by uid %d" msgstr "%s mora biti v lasti ID-ja uporabnika %d" #: plugins/sudoers/group_plugin.c:106 #, c-format msgid "%s must only be writable by owner" msgstr "%s mora biti zapisljiv samo za lastnika" #: plugins/sudoers/group_plugin.c:113 #, c-format msgid "unable to dlopen %s: %s" msgstr "ni mogoÄe uporabiti dlopen %s: %s" #: plugins/sudoers/group_plugin.c:118 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "ni mogoÄe najti simbola \"group_plugin\" v %s" #: plugins/sudoers/group_plugin.c:123 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: nezdružljiva veÄja razliÄica vstavka skupin %d, priÄakovana %d" #: plugins/sudoers/interfaces.c:119 msgid "Local IP address and netmask pairs:\n" msgstr "Pari krajevnih naslovov IP in omrežnih mask:\n" #: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144 #: plugins/sudoers/timestamp.c:199 plugins/sudoers/timestamp.c:243 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s že obstaja, toda ni mapa (0%o)" #: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155 #: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:164 #: plugins/sudoers/timestamp.c:220 plugins/sudoers/timestamp.c:270 #, c-format msgid "unable to mkdir %s" msgstr "ustvarjenje mape %s z mkdir ni mogoÄe" #: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708 #: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815 #: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:154 #: plugins/sudoers/visudo.c:809 #, c-format msgid "unable to open %s" msgstr "ni mogoÄe odpreti %s" #: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711 #, c-format msgid "unable to read %s" msgstr "ni mogoÄe brati %s" #: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:158 #, c-format msgid "unable to write to %s" msgstr "ni mogoÄe pisati v %s" #: plugins/sudoers/iolog.c:334 #, c-format msgid "unable to create %s" msgstr "ni mogoÄe ustvariti %s" #: plugins/sudoers/ldap.c:385 #, c-format msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: vrednost vrat je prevelika" #: plugins/sudoers/ldap.c:408 #, c-format msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: med razÅ¡irjanjem hostbuf je zmanjkalo prostora" #: plugins/sudoers/ldap.c:438 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "nepodprta vrsta uri-ja LDAP: %s" #: plugins/sudoers/ldap.c:467 #, c-format msgid "invalid uri: %s" msgstr "neveljaven uri: %s" #: plugins/sudoers/ldap.c:473 #, c-format msgid "unable to mix ldap and ldaps URIs" msgstr "ni mogoÄe meÅ¡ati URI-jev ldap in ldaps" #: plugins/sudoers/ldap.c:477 #, c-format msgid "unable to mix ldaps and starttls" msgstr "ni mogoÄe meÅ¡ati ldaps in starttls" #: plugins/sudoers/ldap.c:496 #, c-format msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: med izgradnjo hostbuf je zmanjkalo prostora" #: plugins/sudoers/ldap.c:570 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "ni mogoÄe zaÄenjati potrdila SSL in kljuÄa db: %s" #: plugins/sudoers/ldap.c:573 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "za uporabo SSL-ja morate nastaviti TSL_CERT v datoteki %s" #: plugins/sudoers/ldap.c:996 #, c-format msgid "unable to get GMT time" msgstr "ni mogoÄe dobiti Äasa GMT" #: plugins/sudoers/ldap.c:1002 #, c-format msgid "unable to format timestamp" msgstr "ni mogoÄe oblikovati Äasovnega žiga" #: plugins/sudoers/ldap.c:1010 #, c-format msgid "unable to build time filter" msgstr "ni mogoÄe izgraditi Äasovnega filtra" #: plugins/sudoers/ldap.c:1229 #, c-format msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "sudo_ldap_build_pass1 neujemanje dodelitve" #: plugins/sudoers/ldap.c:1776 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" "\n" "Vloga LDAP: %s\n" #: plugins/sudoers/ldap.c:1778 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" "\n" "Vloga LDAP: NEZNANA\n" #: plugins/sudoers/ldap.c:1825 #, c-format msgid " Order: %s\n" msgstr " Vrstni red: %s\n" #: plugins/sudoers/ldap.c:1833 plugins/sudoers/parse.c:515 #: plugins/sudoers/sssd.c:1173 #, c-format msgid " Commands:\n" msgstr " Ukazi:\n" #: plugins/sudoers/ldap.c:2255 #, c-format msgid "unable to initialize LDAP: %s" msgstr "ni mogoÄe zaÄeti LDAP: %s" #: plugins/sudoers/ldap.c:2289 #, c-format msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls je doloÄen, toda knjižnice LDAP ne podpirajo ldap_start_tls_s() ali ldap_start_tls_s_np()" #: plugins/sudoers/ldap.c:2525 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "neveljaven atribut sudoOrder: %s" #: plugins/sudoers/linux_audit.c:57 #, c-format msgid "unable to open audit system" msgstr "ni mogoÄe odpreti nadzornega sistema" #: plugins/sudoers/linux_audit.c:93 #, c-format msgid "unable to send audit message" msgstr "ni mogoÄe poslati nadzornega sporoÄila" #: plugins/sudoers/logging.c:140 #, c-format msgid "%8s : %s" msgstr "%8s : %s" #: plugins/sudoers/logging.c:168 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (ukaz) %s" #: plugins/sudoers/logging.c:194 #, c-format msgid "unable to open log file: %s: %s" msgstr "ni mogoÄe odpreti datoteke dnevnika: %s: %s" #: plugins/sudoers/logging.c:197 #, c-format msgid "unable to lock log file: %s: %s" msgstr "ni mogoÄe zakleniti datoteke dnevnika: %s: %s" #: plugins/sudoers/logging.c:245 msgid "No user or host" msgstr "Brez uporabnika ali gostitelja" #: plugins/sudoers/logging.c:247 msgid "validation failure" msgstr "potrjevanje veljavnosti ni uspelo" #: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "uporabnika NI v sudoers" #: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "uporabnik NI pooblaÅ¡Äen na gostitelju" #: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "ukaz ni dovoljen" #: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s ni v datoteki sudoers. Ta dogodek bo zabeležen.\n" #: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s nima dovoljenj za izvajanje sudo na %s. Ta dogodek bo zabeležen.\n" #: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Uporabnik %s ne sme izvajati sudo na %s.\n" #: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Uporabnik %s ne sme zagnati '%s%s%s' kot %s%s%s na %s.\n" #: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383 #: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386 #: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001 #: plugins/sudoers/sudoers.c:1002 #, c-format msgid "%s: command not found" msgstr "%s: ukaza ni bilo mogoÄe najti" #: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" "prezrtje `%s', najdenega v '.'\n" "Uporabite `sudo ./%s', Äe je to `%s', ki ga želite zagnati." #: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "napaka overitve" #: plugins/sudoers/logging.c:379 msgid "a password is required" msgstr "zahtevano je geslo" #: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487 #, c-format msgid "%d incorrect password attempt" msgid_plural "%d incorrect password attempts" msgstr[0] "%d nepravilnih poskusov vnosa gesla" msgstr[1] "%d nepravilen poskus vnosa gesla" msgstr[2] "%d nepravilna poskusa vnosa gesla" msgstr[3] "%d nepravilni poskusi vnosa gesla" #: plugins/sudoers/logging.c:566 #, c-format msgid "unable to fork" msgstr "ni mogoÄe razvejiti" #: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629 #, c-format msgid "unable to fork: %m" msgstr "ni mogoÄe razvejiti: %m" #: plugins/sudoers/logging.c:619 #, c-format msgid "unable to open pipe: %m" msgstr "ni mogoÄe odpreti cevi: %m" #: plugins/sudoers/logging.c:644 #, c-format msgid "unable to dup stdin: %m" msgstr "ni mogoÄe podvojiti stdin: %m" #: plugins/sudoers/logging.c:680 #, c-format msgid "unable to execute %s: %m" msgstr "ni mogoÄe izvesti %s: %m" #: plugins/sudoers/logging.c:899 #, c-format msgid "internal error: insufficient space for log line" msgstr "notranja napaka: premalo prostora za vrstico dnevnika" #: plugins/sudoers/parse.c:124 #, c-format msgid "parse error in %s near line %d" msgstr "napaka razÄlenjevanja v %s blizu vrstice %d" #: plugins/sudoers/parse.c:127 #, c-format msgid "parse error in %s" msgstr "napaka med razÄlenjevanjem datoteke %s" #: plugins/sudoers/parse.c:462 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" "\n" "Vnos sudoers:\n" #: plugins/sudoers/parse.c:463 #, c-format msgid " RunAsUsers: " msgstr " ZaženiKotUporabniki: " #: plugins/sudoers/parse.c:477 #, c-format msgid " RunAsGroups: " msgstr " ZaženiKotSkupine: " #: plugins/sudoers/parse.c:486 #, c-format msgid " Options: " msgstr " Možnosti: " #: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750 #, c-format msgid "unable to execute %s" msgstr "ni mogoÄe izvrÅ¡iti %s" #: plugins/sudoers/policy.c:659 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Vstavek pravilnika sudoers razliÄica %s\n" #: plugins/sudoers/policy.c:661 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Datoteka slovnice sudoers razliÄica %d\n" #: plugins/sudoers/policy.c:665 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" "\n" "Pot sudoers: %s\n" #: plugins/sudoers/policy.c:668 #, c-format msgid "nsswitch path: %s\n" msgstr "pot nsswitch: %s\n" #: plugins/sudoers/policy.c:670 #, c-format msgid "ldap.conf path: %s\n" msgstr "pot ldap.conf: %s\n" #: plugins/sudoers/policy.c:671 #, c-format msgid "ldap.secret path: %s\n" msgstr "pot ldap.secret: %s\n" #: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "ni mogoÄe predpomniti ID-ja uporabnika %u, že obstaja" #: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "ni mogoÄe predpomniti uporabnika %s, že obstaja" #: plugins/sudoers/pwutil.c:374 #, c-format msgid "unable to cache gid %u, already exists" msgstr "ni mogoÄe predpomniti ID-ja skupine %u, že obstaja" #: plugins/sudoers/pwutil.c:410 #, c-format msgid "unable to cache group %s, already exists" msgstr "ni mogoÄe predpomniti skupine %s, že obstaja" #: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "seznama skupina za %s ni mogoÄe predpomniti, saj že obstaja" #: plugins/sudoers/pwutil.c:584 #, c-format msgid "unable to parse groups for %s" msgstr "skupin za %s ni mogoÄe razÄleniti" #: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445 #: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141 #: plugins/sudoers/set_perms.c:1431 msgid "perm stack overflow" msgstr "prekoraÄitev trajnega sklada" #: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453 #: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149 #: plugins/sudoers/set_perms.c:1439 msgid "perm stack underflow" msgstr "prekoraÄitev spodnje meje trajnega sklada" #: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500 #: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471 msgid "unable to change to root gid" msgstr "Å¡tevilke skupine skrbnika ni mogoÄe spremeniti" #: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597 #: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277 msgid "unable to change to runas gid" msgstr "ni mogoÄe spremeniti v ID-ja skupine runas" #: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609 #: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287 msgid "unable to change to runas uid" msgstr "ni mogoÄe spremeniti v ID-ja uporabnika runas" #: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627 #: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303 msgid "unable to change to sudoers gid" msgstr "ni mogoÄe spremeniti ID-ja skupine sudoers" #: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698 #: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349 #: plugins/sudoers/set_perms.c:1515 msgid "too many processes" msgstr "preveÄ opravil" #: plugins/sudoers/set_perms.c:1583 msgid "unable to set runas group vector" msgstr "ni mogoÄe nastaviti vektorja skupine runas" #: plugins/sudoers/sssd.c:256 #, c-format msgid "Unable to dlopen %s: %s" msgstr "ni mogoÄe uporabiti dlopen %s: %s" #: plugins/sudoers/sssd.c:257 #, c-format msgid "Unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "Vira SSS ni mogoÄe zagnati. Ali je SSSD pravilno nameÅ¡Äen?" #: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271 #: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285 #: plugins/sudoers/sssd.c:292 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "simbola \"%s\" ni mogoÄe najti v %s" #: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on this host:\n" msgstr "UjemajoÄi vpisi privzetih vrednosti za %s na tem gostitelju:\n" #: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Runas in ukazno doloÄene privzete vrednosti za %s:\n" #: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on this host:\n" msgstr "Na tem gostitelju lahko uporabnik %s zažene naslednje ukaze:\n" #: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Uporabniku %s ni dovoljeno zagnati sudo na %s.\n" #: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193 #: plugins/sudoers/sudoers.c:673 msgid "problem with defaults entries" msgstr "težave z vnosi privzetih vrednosti" #: plugins/sudoers/sudoers.c:165 #, c-format msgid "no valid sudoers sources found, quitting" msgstr "najdenih niso bili nobeni veljavni viri sudoers, konÄanje" #: plugins/sudoers/sudoers.c:227 #, c-format msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers doloÄa, da skrbniku ni dovoljeno uporabiti sudo" #: plugins/sudoers/sudoers.c:234 #, c-format msgid "you are not permitted to use the -C option" msgstr "ni vam dovoljeno uporabiti možnosti -C" #: plugins/sudoers/sudoers.c:315 #, c-format msgid "timestamp owner (%s): No such user" msgstr "lastnik Äasovnega žiga (%s): ni takÅ¡nega uporabnika" #: plugins/sudoers/sudoers.c:329 msgid "no tty" msgstr "brez tty" #: plugins/sudoers/sudoers.c:330 #, c-format msgid "sorry, you must have a tty to run sudo" msgstr "za izvajanje sudo morate imeti tty" #: plugins/sudoers/sudoers.c:378 msgid "command in current directory" msgstr "ukaz v trenutni mapi" #: plugins/sudoers/sudoers.c:395 #, c-format msgid "sorry, you are not allowed to preserve the environment" msgstr "nimate dovoljenj za ohranjanje okolja" #: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:215 #: plugins/sudoers/timestamp.c:259 plugins/sudoers/timestamp.c:327 #: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576 #, c-format msgid "unable to stat %s" msgstr "stanja %s ni mogoÄe dobiti" #: plugins/sudoers/sudoers.c:726 #, c-format msgid "%s is not a regular file" msgstr "%s ni obiÄajna datoteka" #: plugins/sudoers/sudoers.c:729 toke.l:842 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s je v lasti ID-ja uporabnika %u, moral bi biti %u" #: plugins/sudoers/sudoers.c:733 toke.l:849 #, c-format msgid "%s is world writable" msgstr "v datoteko %s lahko zapisujejo vsi uporabniki" #: plugins/sudoers/sudoers.c:736 toke.l:854 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s je v lasti ID-ja skupine %u, moral bi biti %u" #: plugins/sudoers/sudoers.c:763 #, c-format msgid "only root can use `-c %s'" msgstr "samo skrbnik lahko uporabi `-c %s'" #: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782 #, c-format msgid "unknown login class: %s" msgstr "neznan razred prijave: %s" #: plugins/sudoers/sudoers.c:814 #, c-format msgid "unable to resolve host %s" msgstr "ni mogoÄe razreÅ¡iti gostitelja %s" #: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377 #, c-format msgid "unknown group: %s" msgstr "neznana skupina: %s" #: plugins/sudoers/sudoreplay.c:292 #, c-format msgid "invalid filter option: %s" msgstr "neveljavna možnost filtra: %s" #: plugins/sudoers/sudoreplay.c:305 #, c-format msgid "invalid max wait: %s" msgstr "neveljavna zgornja meja Äakanja: %s" #: plugins/sudoers/sudoreplay.c:311 #, c-format msgid "invalid speed factor: %s" msgstr "neveljaven dejavnik hitrosti: %s" #: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179 #, c-format msgid "%s version %s\n" msgstr "%s razliÄica %s\n" #: plugins/sudoers/sudoreplay.c:339 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/Äasovna uskladitev: %s" #: plugins/sudoers/sudoreplay.c:345 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/Äasovna uskladitev: %s" #: plugins/sudoers/sudoreplay.c:363 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Izpisovanje dnevnika seje sudo: %s\n" #: plugins/sudoers/sudoreplay.c:369 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Opozorilo: terminal je premajhen za pravilno izpisovanje dnevnika.\n" #: plugins/sudoers/sudoreplay.c:370 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Geometrija dnevnika je %d x %d, medtem ko je geometrija terminala %d x %d." #: plugins/sudoers/sudoreplay.c:400 #, c-format msgid "unable to set tty to raw mode" msgstr "ni mogoÄe nastaviti tty na surov naÄin" #: plugins/sudoers/sudoreplay.c:416 #, c-format msgid "invalid timing file line: %s" msgstr "neveljavna vrstica datoteke Äasovne uskladitve: %s" #: plugins/sudoers/sudoreplay.c:499 #, c-format msgid "writing to standard output" msgstr "pisanje na standardni izhod" #: plugins/sudoers/sudoreplay.c:528 #, c-format msgid "nanosleep: tv_sec %ld, tv_nsec %ld" msgstr "nanosleep: tv_sec %ld, tv_nsec %ld" #: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666 #, c-format msgid "ambiguous expression \"%s\"" msgstr "dvoumen izraz \"%s\"" #: plugins/sudoers/sudoreplay.c:683 #, c-format msgid "too many parenthesized expressions, max %d" msgstr "preveÄ izrazov z oklepaji, najveÄje Å¡tevilo %d" #: plugins/sudoers/sudoreplay.c:694 #, c-format msgid "unmatched ')' in expression" msgstr "v izrazu je neujemajoÄ ')'" #: plugins/sudoers/sudoreplay.c:700 #, c-format msgid "unknown search term \"%s\"" msgstr "naznan iskalni izraz \"%s\"" #: plugins/sudoers/sudoreplay.c:714 #, c-format msgid "%s requires an argument" msgstr "%s zahteva argument" #: plugins/sudoers/sudoreplay.c:718 #, c-format msgid "invalid regular expression: %s" msgstr "neveljaven logiÄni izraz: %s" #: plugins/sudoers/sudoreplay.c:724 #, c-format msgid "could not parse date \"%s\"" msgstr "ni mogoÄe razÄleniti datuma \"%s\"" #: plugins/sudoers/sudoreplay.c:737 #, c-format msgid "unmatched '(' in expression" msgstr "v izrazu je neujemajoÄ '('" #: plugins/sudoers/sudoreplay.c:739 #, c-format msgid "illegal trailing \"or\"" msgstr "neveljaven zakljuÄni \"or\"" #: plugins/sudoers/sudoreplay.c:741 #, c-format msgid "illegal trailing \"!\"" msgstr "neveljaven zakljuÄni \"!\"" #: plugins/sudoers/sudoreplay.c:1058 #, c-format msgid "invalid regex: %s" msgstr "neveljavni logiÄni izraz: %s" #: plugins/sudoers/sudoreplay.c:1182 #, c-format msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" msgstr "uporaba: %s [-h] [-d mapa] [-m zg_meja_Äakanja] [-s faktor_hitrosti] ID\n" #: plugins/sudoers/sudoreplay.c:1185 #, c-format msgid "usage: %s [-h] [-d directory] -l [search expression]\n" msgstr "uporaba: %s [-h] [-d mapa] -l [iskalni izraz]\n" #: plugins/sudoers/sudoreplay.c:1194 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" "%s - ponovno predvajaj dnevnike sej sudo\n" "\n" #: plugins/sudoers/sudoreplay.c:1196 msgid "" "\n" "Options:\n" " -d directory specify directory for session logs\n" " -f filter specify which I/O type to display\n" " -h display help message and exit\n" " -l [expression] list available session IDs that match expression\n" " -m max_wait max number of seconds to wait between events\n" " -s speed_factor speed up or slow down output\n" " -V display version information and exit" msgstr "" "\n" "Možnosti:\n" " -d mapa doloÄi mapo za dnevnike sej\n" " -f filter navedi, katera vrsta I/O se naj prikaže \n" " -h prikaži sporoÄilo pomoÄi in konÄaj\n" " -l [izraz] navedi razpoložljive ID-je sej, ki se ujemajo z izrazom\n" " -m zg_meja_Äakanja najveÄje Å¡tevilo sekund za Äakanje med dogodki\n" " -s faktor_hitrosti pospeÅ¡i ali upoÄasni izhod\n" " -V prikaži podrobnosti o razliÄici in konÄaj" #: plugins/sudoers/testsudoers.c:328 msgid "\thost unmatched" msgstr "\tgostitelj se ne ujema" #: plugins/sudoers/testsudoers.c:331 msgid "" "\n" "Command allowed" msgstr "" "\n" "Ukaz je dovoljen" #: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command denied" msgstr "" "\n" "Ukaz je bil zavrnjen" #: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command unmatched" msgstr "" "\n" "Ukaz se ne ujema" #: plugins/sudoers/timestamp.c:128 #, c-format msgid "timestamp path too long: %s" msgstr "pot Äasovnega žiga je predolga : %s" #: plugins/sudoers/timestamp.c:202 plugins/sudoers/timestamp.c:246 #: plugins/sudoers/timestamp.c:291 #, c-format msgid "%s owned by uid %u, should be uid %u" msgstr "%s je v lasti ID-ja uporabnika %u, moral bi biti ID uporabnika %u" #: plugins/sudoers/timestamp.c:207 plugins/sudoers/timestamp.c:251 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0700" msgstr "%s je zapisljiv za ne-lastnika (0%o), moral bi biti naÄin 0700" #: plugins/sudoers/timestamp.c:285 #, c-format msgid "%s exists but is not a regular file (0%o)" msgstr "%s obstaja, toda ni obiÄajna datoteka (0%o)" #: plugins/sudoers/timestamp.c:297 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0600" msgstr "%s je zapisljiv za ne-lastnika (0%o), moral bi biti naÄin 0600" #: plugins/sudoers/timestamp.c:352 #, c-format msgid "timestamp too far in the future: %20.20s" msgstr "Äasovni žig je predaleÄ v prihodnosti: %20.20s" #: plugins/sudoers/timestamp.c:406 #, c-format msgid "unable to remove %s, will reset to the epoch" msgstr "%s ni mogoÄe odstraniti" #: plugins/sudoers/timestamp.c:413 #, c-format msgid "unable to reset %s to the epoch" msgstr "%s ni mogoÄe ponastaviti na epoho" #: plugins/sudoers/toke_util.c:221 #, c-format msgid "fill_args: buffer overflow" msgstr "fill_args: prekoraÄitev medpomnilnika" #: plugins/sudoers/visudo.c:180 #, c-format msgid "%s grammar version %d\n" msgstr "%s razliÄica slovnice %d\n" #: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533 #, c-format msgid "press return to edit %s: " msgstr "za urejanje %s pritisnite return: " #: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332 #, c-format msgid "write error" msgstr "napaka med pisanjem" #: plugins/sudoers/visudo.c:414 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "ni mogoÄe zaÄeti zaÄasne datoteke (%s), %s nepsremenjeno" #: plugins/sudoers/visudo.c:419 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "zaÄasna datoteka brez dolžine (%s), %s nespremenjena" #: plugins/sudoers/visudo.c:425 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "urejevalnik (%s) je spodletel, %s nespremenjen" #: plugins/sudoers/visudo.c:448 #, c-format msgid "%s unchanged" msgstr "%s nespremenjeno" #: plugins/sudoers/visudo.c:477 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "ni mogoÄe ponovno odpreti zaÄasne datoteke (%s), %s je nespremenjen." #: plugins/sudoers/visudo.c:487 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "ni mogoÄe razÄleniti zaÄasne datoteke (%s), neznana napaka" #: plugins/sudoers/visudo.c:526 #, c-format msgid "internal error, unable to find %s in list!" msgstr "notranja napaka, na seznamu ni mogoÄe najti %s!" #: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "ni mogoÄe nastaviti (ID uporabnika, ID skupine) od %s do (%u, %u)" #: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "ni mogoÄe spremeniti naÄina iz %s na 0%o" #: plugins/sudoers/visudo.c:609 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s in %s nista na enakem datoteÄnem sistemu, uporaba mv za preimenovanje" #: plugins/sudoers/visudo.c:623 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "ukaz je spodletel: '%s %s %s', %s nespremenjen" #: plugins/sudoers/visudo.c:633 #, c-format msgid "error renaming %s, %s unchanged" msgstr "napaka med preimenovanjem %s, %s nespremenjen" #: plugins/sudoers/visudo.c:695 msgid "What now? " msgstr "Kaj pa zdaj? " #: plugins/sudoers/visudo.c:709 msgid "" "Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" "Možnosti so:\n" " (e)ponovno uredi datoteko sudoers\n" " (x)konÄaj brez shranjevanja sprememb v datoteko sudoers\n" " (Q)konÄaj in shrani spremembe v datoteko sudoers (NEVARNOST!)\n" #: plugins/sudoers/visudo.c:757 #, c-format msgid "unable to run %s" msgstr "ni mogoÄe zagnati %s" #: plugins/sudoers/visudo.c:783 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: napaÄen lastnik (ID uporabnika, ID skupine) moralo bi biti (%u, %u)\n" #: plugins/sudoers/visudo.c:790 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: slaba dovoljenja, moral bi biti naÄin 0%o\n" #: plugins/sudoers/visudo.c:815 #, c-format msgid "failed to parse %s file, unknown error" msgstr "razÄlenjevanje datoteke %s je spodletelo, neznana napaka" #: plugins/sudoers/visudo.c:831 #, c-format msgid "parse error in %s near line %d\n" msgstr "napaka razÄlenjevanja v %s blizu vrstice %d\n" #: plugins/sudoers/visudo.c:834 #, c-format msgid "parse error in %s\n" msgstr "napaka razÄlenjevanja v %s\n" #: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846 #, c-format msgid "%s: parsed OK\n" msgstr "%s: uspeÅ¡no razÄlenjeno\n" #: plugins/sudoers/visudo.c:893 #, c-format msgid "%s busy, try again later" msgstr "%s zaseden, poskusite ponovno pozneje" #: plugins/sudoers/visudo.c:937 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "doloÄen urejevalnik (%s) se ne konÄa" #: plugins/sudoers/visudo.c:960 #, c-format msgid "unable to stat editor (%s)" msgstr "ni mogoÄe zaÄeti urejevalnika (%s)" #: plugins/sudoers/visudo.c:1008 #, c-format msgid "no editor found (editor path = %s)" msgstr "najdenega ni nobenega urejevalnika (pot urejevalnika = %s)" #: plugins/sudoers/visudo.c:1100 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "Napaka: kroženje v %s_Alias `%s'" #: plugins/sudoers/visudo.c:1101 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "Opozorilo: kroženje v %s_Alias `%s'" #: plugins/sudoers/visudo.c:1104 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "Napaka: %s_Alias `%s' sklicevan, toda ne doloÄen" #: plugins/sudoers/visudo.c:1105 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "Warning: %s_Alias `%s' sklicevan, toda ne doloÄen" #: plugins/sudoers/visudo.c:1240 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s: neuporabljen %s_Alias %s" #: plugins/sudoers/visudo.c:1302 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" "%s - varno uredi datoteko sudoers\n" "\n" #: plugins/sudoers/visudo.c:1304 msgid "" "\n" "Options:\n" " -c check-only mode\n" " -f sudoers specify sudoers file location\n" " -h display help message and exit\n" " -q less verbose (quiet) syntax error messages\n" " -s strict syntax checking\n" " -V display version information and exit" msgstr "" "\n" "Možnosti:\n" " -c naÄin samo preverjanja\n" " -f sudoers doloÄi mesto datoteke sudoers\n" " -h prikaži sporoÄilo pomoÄi in konÄaj\n" " -q manj podroben izpis (tih) sporoÄil skladenjskih napak\n" " -s strogo preverjanje skladnje\n" " -V prikaži podrobnosti razliÄice in konÄaj" #: toke.l:815 msgid "too many levels of includes" msgstr "preveÄ stopenj vkljuÄitev" sudo-1.8.9p5/plugins/sudoers/po/sudoers.pot010064400175440000012000001145071226304127700203530ustar00millertstaff# Portable object template file for the sudoers plugin # This file is put in the public domain. # Todd C. Miller , 2011-2013 # #, fuzzy msgid "" msgstr "" "Project-Id-Version: sudo 1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-17 10:47-0700\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n" #: confstr.sh:2 msgid "Password:" msgstr "" #: confstr.sh:3 msgid "*** SECURITY information for %h ***" msgstr "" #: confstr.sh:4 msgid "Sorry, try again." msgstr "" #: plugins/sudoers/alias.c:136 #, c-format msgid "Alias `%s' already defined" msgstr "" #: plugins/sudoers/auth/bsdauth.c:75 #, c-format msgid "unable to get login class for user %s" msgstr "" #: plugins/sudoers/auth/bsdauth.c:81 msgid "unable to begin bsd authentication" msgstr "" #: plugins/sudoers/auth/bsdauth.c:89 msgid "invalid authentication type" msgstr "" #: plugins/sudoers/auth/bsdauth.c:98 msgid "unable to initialize BSD authentication" msgstr "" #: plugins/sudoers/auth/fwtk.c:59 msgid "unable to read fwtk config" msgstr "" #: plugins/sudoers/auth/fwtk.c:64 msgid "unable to connect to authentication server" msgstr "" #: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 #: plugins/sudoers/auth/fwtk.c:127 msgid "lost connection to authentication server" msgstr "" #: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" #: plugins/sudoers/auth/kerb5.c:116 #, c-format msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:169 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:246 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:250 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "" #: plugins/sudoers/auth/pam.c:98 msgid "unable to initialize PAM" msgstr "" #: plugins/sudoers/auth/pam.c:149 msgid "account validation failure, is your account locked?" msgstr "" #: plugins/sudoers/auth/pam.c:153 msgid "Account or password is expired, reset your password and try again" msgstr "" #: plugins/sudoers/auth/pam.c:161 #, c-format msgid "unable to change expired password: %s" msgstr "" #: plugins/sudoers/auth/pam.c:166 msgid "Password expired, contact your system administrator" msgstr "" #: plugins/sudoers/auth/pam.c:170 msgid "" "Account expired or PAM config lacks an \"account\" section for sudo, contact " "your system administrator" msgstr "" #: plugins/sudoers/auth/pam.c:187 #, c-format msgid "PAM authentication error: %s" msgstr "" #: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:222 #, c-format msgid "you do not exist in the %s database" msgstr "" #: plugins/sudoers/auth/securid5.c:80 msgid "failed to initialise the ACE API library" msgstr "" #: plugins/sudoers/auth/securid5.c:106 msgid "unable to contact the SecurID server" msgstr "" #: plugins/sudoers/auth/securid5.c:115 msgid "User ID locked for SecurID Authentication" msgstr "" #: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 msgid "invalid username length for SecurID" msgstr "" #: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 msgid "invalid Authentication Handle for SecurID" msgstr "" #: plugins/sudoers/auth/securid5.c:127 msgid "SecurID communication failed" msgstr "" #: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 msgid "unknown SecurID error" msgstr "" #: plugins/sudoers/auth/securid5.c:165 msgid "invalid passcode length for SecurID" msgstr "" #: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "" #: plugins/sudoers/auth/sudo_auth.c:119 msgid "invalid authentication methods" msgstr "" #: plugins/sudoers/auth/sudo_auth.c:120 msgid "" "Invalid authentication methods compiled into sudo! You may not mix " "standalone and non-standalone authentication." msgstr "" #: plugins/sudoers/auth/sudo_auth.c:203 msgid "no authentication methods" msgstr "" #: plugins/sudoers/auth/sudo_auth.c:205 msgid "" "There are no authentication methods compiled into sudo! If you want to turn " "off authentication, use the --disable-authentication configure option." msgstr "" #: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "" #: plugins/sudoers/bsm_audit.c:91 plugins/sudoers/bsm_audit.c:158 msgid "Could not determine audit condition" msgstr "" #: plugins/sudoers/bsm_audit.c:134 plugins/sudoers/bsm_audit.c:199 msgid "unable to commit audit record" msgstr "" #: plugins/sudoers/check.c:189 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" "Administrator. It usually boils down to these three things:\n" "\n" " #1) Respect the privacy of others.\n" " #2) Think before you type.\n" " #3) With great power comes great responsibility.\n" "\n" msgstr "" #: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 #: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:588 #, c-format msgid "unknown uid: %u" msgstr "" #: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:657 #: plugins/sudoers/sudoers.c:850 plugins/sudoers/testsudoers.c:211 #: plugins/sudoers/testsudoers.c:363 #, c-format msgid "unknown user: %s" msgstr "" #: plugins/sudoers/def_data.c:27 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" msgstr "" #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" msgstr "" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" msgstr "" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" msgstr "" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" msgstr "" #: plugins/sudoers/def_data.c:59 msgid "Send mail if the user is not in sudoers for this host" msgstr "" #: plugins/sudoers/def_data.c:63 msgid "Send mail if the user is not allowed to run a command" msgstr "" #: plugins/sudoers/def_data.c:67 msgid "Use a separate timestamp for each user/tty combo" msgstr "" #: plugins/sudoers/def_data.c:71 msgid "Lecture user the first time they run sudo" msgstr "" #: plugins/sudoers/def_data.c:75 #, c-format msgid "File containing the sudo lecture: %s" msgstr "" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" msgstr "" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" msgstr "" #: plugins/sudoers/def_data.c:87 msgid "Log the hostname in the (non-syslog) log file" msgstr "" #: plugins/sudoers/def_data.c:91 msgid "Log the year in the (non-syslog) log file" msgstr "" #: plugins/sudoers/def_data.c:95 msgid "If sudo is invoked with no arguments, start a shell" msgstr "" #: plugins/sudoers/def_data.c:99 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "" #: plugins/sudoers/def_data.c:103 msgid "Always set $HOME to the target user's home directory" msgstr "" #: plugins/sudoers/def_data.c:107 msgid "Allow some information gathering to give useful error messages" msgstr "" #: plugins/sudoers/def_data.c:111 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "" #: plugins/sudoers/def_data.c:115 msgid "Insult the user when they enter an incorrect password" msgstr "" #: plugins/sudoers/def_data.c:119 msgid "Only allow the user to run sudo if they have a tty" msgstr "" #: plugins/sudoers/def_data.c:123 msgid "Visudo will honor the EDITOR environment variable" msgstr "" #: plugins/sudoers/def_data.c:127 msgid "Prompt for root's password, not the users's" msgstr "" #: plugins/sudoers/def_data.c:131 msgid "Prompt for the runas_default user's password, not the users's" msgstr "" #: plugins/sudoers/def_data.c:135 msgid "Prompt for the target user's password, not the users's" msgstr "" #: plugins/sudoers/def_data.c:139 msgid "Apply defaults in the target user's login class if there is one" msgstr "" #: plugins/sudoers/def_data.c:143 msgid "Set the LOGNAME and USER environment variables" msgstr "" #: plugins/sudoers/def_data.c:147 msgid "Only set the effective uid to the target user, not the real uid" msgstr "" #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" msgstr "" #: plugins/sudoers/def_data.c:155 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %u" msgstr "" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "" #: plugins/sudoers/def_data.c:163 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "" #: plugins/sudoers/def_data.c:167 #, c-format msgid "Number of tries to enter a password: %u" msgstr "" #: plugins/sudoers/def_data.c:171 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "" #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" msgstr "" #: plugins/sudoers/def_data.c:179 #, c-format msgid "Path to mail program: %s" msgstr "" #: plugins/sudoers/def_data.c:183 #, c-format msgid "Flags for mail program: %s" msgstr "" #: plugins/sudoers/def_data.c:187 #, c-format msgid "Address to send mail to: %s" msgstr "" #: plugins/sudoers/def_data.c:191 #, c-format msgid "Address to send mail from: %s" msgstr "" #: plugins/sudoers/def_data.c:195 #, c-format msgid "Subject line for mail messages: %s" msgstr "" #: plugins/sudoers/def_data.c:199 #, c-format msgid "Incorrect password message: %s" msgstr "" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "" #: plugins/sudoers/def_data.c:211 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "" #: plugins/sudoers/def_data.c:215 #, c-format msgid "Default password prompt: %s" msgstr "" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." msgstr "" #: plugins/sudoers/def_data.c:223 #, c-format msgid "Default user to run commands as: %s" msgstr "" #: plugins/sudoers/def_data.c:227 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "" #: plugins/sudoers/def_data.c:231 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "" #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in the sudo_noexec library" msgstr "" #: plugins/sudoers/def_data.c:247 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "" #: plugins/sudoers/def_data.c:251 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "" #: plugins/sudoers/def_data.c:255 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "" #: plugins/sudoers/def_data.c:259 msgid "Allow users to set arbitrary environment variables" msgstr "" #: plugins/sudoers/def_data.c:263 msgid "Reset the environment to a default set of variables" msgstr "" #: plugins/sudoers/def_data.c:267 msgid "Environment variables to check for sanity:" msgstr "" #: plugins/sudoers/def_data.c:271 msgid "Environment variables to remove:" msgstr "" #: plugins/sudoers/def_data.c:275 msgid "Environment variables to preserve:" msgstr "" #: plugins/sudoers/def_data.c:279 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "" #: plugins/sudoers/def_data.c:283 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "" #: plugins/sudoers/def_data.c:287 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "" #: plugins/sudoers/def_data.c:291 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "" #: plugins/sudoers/def_data.c:295 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "" #: plugins/sudoers/def_data.c:299 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "" #: plugins/sudoers/def_data.c:303 msgid "" "Use faster globbing that is less accurate but does not access the filesystem" msgstr "" #: plugins/sudoers/def_data.c:307 msgid "" "The umask specified in sudoers will override the user's, even if it is more " "permissive" msgstr "" #: plugins/sudoers/def_data.c:311 msgid "Log user's input for the command being run" msgstr "" #: plugins/sudoers/def_data.c:315 msgid "Log the output of the command being run" msgstr "" #: plugins/sudoers/def_data.c:319 msgid "Compress I/O logs using zlib" msgstr "" #: plugins/sudoers/def_data.c:323 msgid "Always run commands in a pseudo-tty" msgstr "" #: plugins/sudoers/def_data.c:327 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "" #: plugins/sudoers/def_data.c:331 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "" #: plugins/sudoers/def_data.c:335 #, c-format msgid "File in which to store the input/output log: %s" msgstr "" #: plugins/sudoers/def_data.c:339 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "" #: plugins/sudoers/def_data.c:343 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "" #: plugins/sudoers/def_data.c:347 msgid "Set of permitted privileges" msgstr "" #: plugins/sudoers/def_data.c:351 msgid "Set of limit privileges" msgstr "" #: plugins/sudoers/def_data.c:355 msgid "Run commands on a pty in the background" msgstr "" #: plugins/sudoers/def_data.c:359 msgid "PAM service name to use" msgstr "" #: plugins/sudoers/def_data.c:363 msgid "PAM service name to use for login shells" msgstr "" #: plugins/sudoers/def_data.c:367 msgid "Attempt to establish PAM credentials for the target user" msgstr "" #: plugins/sudoers/def_data.c:371 msgid "Create a new PAM session for the command to run in" msgstr "" #: plugins/sudoers/def_data.c:375 #, c-format msgid "Maximum I/O log sequence number: %u" msgstr "" #: plugins/sudoers/defaults.c:210 plugins/sudoers/defaults.c:596 #: plugins/sudoers/visudo_json.c:611 plugins/sudoers/visudo_json.c:647 #, c-format msgid "unknown defaults entry `%s'" msgstr "" #: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 #: plugins/sudoers/defaults.c:248 plugins/sudoers/defaults.c:261 #: plugins/sudoers/defaults.c:274 plugins/sudoers/defaults.c:287 #: plugins/sudoers/defaults.c:300 plugins/sudoers/defaults.c:320 #: plugins/sudoers/defaults.c:330 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "" #: plugins/sudoers/defaults.c:221 plugins/sudoers/defaults.c:231 #: plugins/sudoers/defaults.c:239 plugins/sudoers/defaults.c:256 #: plugins/sudoers/defaults.c:269 plugins/sudoers/defaults.c:282 #: plugins/sudoers/defaults.c:295 plugins/sudoers/defaults.c:315 #: plugins/sudoers/defaults.c:326 #, c-format msgid "no value specified for `%s'" msgstr "" #: plugins/sudoers/defaults.c:244 #, c-format msgid "values for `%s' must start with a '/'" msgstr "" #: plugins/sudoers/defaults.c:306 #, c-format msgid "option `%s' does not take a value" msgstr "" #: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 #: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 #: plugins/sudoers/policy.c:442 plugins/sudoers/policy.c:449 #: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:656 #: plugins/sudoers/testsudoers.c:241 #, c-format msgid "internal error, %s overflow" msgstr "" #: plugins/sudoers/env.c:367 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "" #: plugins/sudoers/env.c:1014 #, c-format msgid "" "sorry, you are not allowed to set the following environment variables: %s" msgstr "" #: plugins/sudoers/group_plugin.c:94 #, c-format msgid "%s must be owned by uid %d" msgstr "" #: plugins/sudoers/group_plugin.c:98 #, c-format msgid "%s must only be writable by owner" msgstr "" #: plugins/sudoers/group_plugin.c:105 plugins/sudoers/sssd.c:251 #, c-format msgid "unable to load %s: %s" msgstr "" #: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "" #: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "" #: plugins/sudoers/interfaces.c:118 msgid "Local IP address and netmask pairs:\n" msgstr "" #: plugins/sudoers/iolog.c:99 plugins/sudoers/iolog.c:112 #: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "" #: plugins/sudoers/iolog.c:109 plugins/sudoers/iolog.c:123 #: plugins/sudoers/iolog.c:127 plugins/sudoers/timestamp.c:165 #: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 #, c-format msgid "unable to mkdir %s" msgstr "" #: plugins/sudoers/iolog.c:190 plugins/sudoers/sudoers.c:710 #: plugins/sudoers/sudoreplay.c:340 plugins/sudoers/sudoreplay.c:811 #: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/timestamp.c:155 #: plugins/sudoers/visudo.c:824 plugins/sudoers/visudo_json.c:995 #: plugins/sudoers/visudo_json.c:1003 #, c-format msgid "unable to open %s" msgstr "" #: plugins/sudoers/iolog.c:223 plugins/sudoers/sudoers.c:713 #: plugins/sudoers/sudoreplay.c:1112 #, c-format msgid "unable to read %s" msgstr "" #: plugins/sudoers/iolog.c:247 plugins/sudoers/sudoreplay.c:580 #: plugins/sudoers/timestamp.c:159 #, c-format msgid "unable to write to %s" msgstr "" #: plugins/sudoers/iolog.c:307 plugins/sudoers/iolog.c:500 #, c-format msgid "unable to create %s" msgstr "" #: plugins/sudoers/ldap.c:403 msgid "sudo_ldap_conf_add_ports: port too large" msgstr "" #: plugins/sudoers/ldap.c:426 msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "" #: plugins/sudoers/ldap.c:458 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "" #: plugins/sudoers/ldap.c:489 msgid "unable to mix ldap and ldaps URIs" msgstr "" #: plugins/sudoers/ldap.c:493 plugins/sudoers/ldap.c:525 msgid "starttls not supported when using ldaps" msgstr "" #: plugins/sudoers/ldap.c:511 msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "" #: plugins/sudoers/ldap.c:592 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "" #: plugins/sudoers/ldap.c:595 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "" #: plugins/sudoers/ldap.c:1086 msgid "unable to get GMT time" msgstr "" #: plugins/sudoers/ldap.c:1092 msgid "unable to format timestamp" msgstr "" #: plugins/sudoers/ldap.c:1100 msgid "unable to build time filter" msgstr "" #: plugins/sudoers/ldap.c:1319 msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "" #: plugins/sudoers/ldap.c:1424 #, c-format msgid "%s: %s: %s: %s" msgstr "" #: plugins/sudoers/ldap.c:1899 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" #: plugins/sudoers/ldap.c:1901 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" #: plugins/sudoers/ldap.c:1948 #, c-format msgid " Order: %s\n" msgstr "" #: plugins/sudoers/ldap.c:1956 plugins/sudoers/parse.c:504 #: plugins/sudoers/sssd.c:1295 #, c-format msgid " Commands:\n" msgstr "" #: plugins/sudoers/ldap.c:2499 #, c-format msgid "unable to initialize LDAP: %s" msgstr "" #: plugins/sudoers/ldap.c:2541 msgid "" "start_tls specified but LDAP libs do not support ldap_start_tls_s() or " "ldap_start_tls_s_np()" msgstr "" #: plugins/sudoers/ldap.c:2774 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "" #: plugins/sudoers/linux_audit.c:57 msgid "unable to open audit system" msgstr "" #: plugins/sudoers/linux_audit.c:93 msgid "unable to send audit message" msgstr "" #: plugins/sudoers/logging.c:136 #, c-format msgid "%8s : %s" msgstr "" #: plugins/sudoers/logging.c:164 #, c-format msgid "%8s : (command continued) %s" msgstr "" #: plugins/sudoers/logging.c:190 #, c-format msgid "unable to open log file: %s: %s" msgstr "" #: plugins/sudoers/logging.c:193 #, c-format msgid "unable to lock log file: %s: %s" msgstr "" #: plugins/sudoers/logging.c:245 msgid "No user or host" msgstr "" #: plugins/sudoers/logging.c:247 msgid "validation failure" msgstr "" #: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "" #: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "" #: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "" #: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "" #: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "" #: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "" #: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "" #: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:382 #: plugins/sudoers/sudoers.c:383 plugins/sudoers/sudoers.c:385 #: plugins/sudoers/sudoers.c:386 plugins/sudoers/sudoers.c:1017 #: plugins/sudoers/sudoers.c:1018 #, c-format msgid "%s: command not found" msgstr "" #: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:378 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" #: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "" #: plugins/sudoers/logging.c:379 msgid "a password is required" msgstr "" #: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:497 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "" msgstr[1] "" #: plugins/sudoers/logging.c:582 msgid "unable to fork" msgstr "" #: plugins/sudoers/logging.c:589 plugins/sudoers/logging.c:645 #, c-format msgid "unable to fork: %m" msgstr "" #: plugins/sudoers/logging.c:635 #, c-format msgid "unable to open pipe: %m" msgstr "" #: plugins/sudoers/logging.c:660 #, c-format msgid "unable to dup stdin: %m" msgstr "" #: plugins/sudoers/logging.c:695 #, c-format msgid "unable to execute %s: %m" msgstr "" #: plugins/sudoers/logging.c:914 msgid "internal error: insufficient space for log line" msgstr "" #: plugins/sudoers/match.c:617 #, c-format msgid "unsupported digest type %d for %s" msgstr "" #: plugins/sudoers/match.c:647 #, c-format msgid "%s: read error" msgstr "" #: plugins/sudoers/match.c:661 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "" #: plugins/sudoers/parse.c:115 #, c-format msgid "parse error in %s near line %d" msgstr "" #: plugins/sudoers/parse.c:118 #, c-format msgid "parse error in %s" msgstr "" #: plugins/sudoers/parse.c:451 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" #: plugins/sudoers/parse.c:452 #, c-format msgid " RunAsUsers: " msgstr "" #: plugins/sudoers/parse.c:466 #, c-format msgid " RunAsGroups: " msgstr "" #: plugins/sudoers/parse.c:475 #, c-format msgid " Options: " msgstr "" #: plugins/sudoers/policy.c:109 plugins/sudoers/policy.c:116 #: plugins/sudoers/policy.c:123 plugins/sudoers/policy.c:145 #: plugins/sudoers/policy.c:259 plugins/sudoers/policy.c:277 #: plugins/sudoers/policy.c:284 plugins/sudoers/policy.c:312 #: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:327 #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 #, c-format msgid "%s: %s" msgstr "" #: plugins/sudoers/policy.c:539 plugins/sudoers/visudo.c:765 #, c-format msgid "unable to execute %s" msgstr "" #: plugins/sudoers/policy.c:681 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "" #: plugins/sudoers/policy.c:683 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "" #: plugins/sudoers/policy.c:687 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" #: plugins/sudoers/policy.c:690 #, c-format msgid "nsswitch path: %s\n" msgstr "" #: plugins/sudoers/policy.c:692 #, c-format msgid "ldap.conf path: %s\n" msgstr "" #: plugins/sudoers/policy.c:693 #, c-format msgid "ldap.secret path: %s\n" msgstr "" #: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "" #: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "" #: plugins/sudoers/pwutil.c:393 #, c-format msgid "unable to cache gid %u, already exists" msgstr "" #: plugins/sudoers/pwutil.c:429 #, c-format msgid "unable to cache group %s, already exists" msgstr "" #: plugins/sudoers/pwutil.c:592 plugins/sudoers/pwutil.c:614 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "" #: plugins/sudoers/pwutil.c:612 #, c-format msgid "unable to parse groups for %s" msgstr "" #: plugins/sudoers/set_perms.c:124 plugins/sudoers/set_perms.c:449 #: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1149 #: plugins/sudoers/set_perms.c:1441 msgid "perm stack overflow" msgstr "" #: plugins/sudoers/set_perms.c:132 plugins/sudoers/set_perms.c:457 #: plugins/sudoers/set_perms.c:860 plugins/sudoers/set_perms.c:1157 #: plugins/sudoers/set_perms.c:1449 msgid "perm stack underflow" msgstr "" #: plugins/sudoers/set_perms.c:191 plugins/sudoers/set_perms.c:504 #: plugins/sudoers/set_perms.c:1208 plugins/sudoers/set_perms.c:1481 msgid "unable to change to root gid" msgstr "" #: plugins/sudoers/set_perms.c:280 plugins/sudoers/set_perms.c:601 #: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1285 msgid "unable to change to runas gid" msgstr "" #: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:613 #: plugins/sudoers/set_perms.c:999 plugins/sudoers/set_perms.c:1295 msgid "unable to change to runas uid" msgstr "" #: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:631 #: plugins/sudoers/set_perms.c:1015 plugins/sudoers/set_perms.c:1311 msgid "unable to change to sudoers gid" msgstr "" #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 msgid "too many processes" msgstr "" #: plugins/sudoers/set_perms.c:1595 msgid "unable to set runas group vector" msgstr "" #: plugins/sudoers/sssd.c:252 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "" #: plugins/sudoers/sssd.c:259 plugins/sudoers/sssd.c:267 #: plugins/sudoers/sssd.c:275 plugins/sudoers/sssd.c:283 #: plugins/sudoers/sssd.c:291 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "" #: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "" #: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "" #: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "" #: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "" #: plugins/sudoers/sudoers.c:154 plugins/sudoers/sudoers.c:188 #: plugins/sudoers/sudoers.c:675 msgid "problem with defaults entries" msgstr "" #: plugins/sudoers/sudoers.c:160 msgid "no valid sudoers sources found, quitting" msgstr "" #: plugins/sudoers/sudoers.c:222 msgid "sudoers specifies that root is not allowed to sudo" msgstr "" #: plugins/sudoers/sudoers.c:261 msgid "you are not permitted to use the -C option" msgstr "" #: plugins/sudoers/sudoers.c:314 #, c-format msgid "timestamp owner (%s): No such user" msgstr "" #: plugins/sudoers/sudoers.c:328 msgid "no tty" msgstr "" #: plugins/sudoers/sudoers.c:329 msgid "sorry, you must have a tty to run sudo" msgstr "" #: plugins/sudoers/sudoers.c:377 msgid "command in current directory" msgstr "" #: plugins/sudoers/sudoers.c:394 msgid "sorry, you are not allowed to preserve the environment" msgstr "" #: plugins/sudoers/sudoers.c:725 plugins/sudoers/timestamp.c:216 #: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:326 #: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:591 #, c-format msgid "unable to stat %s" msgstr "" #: plugins/sudoers/sudoers.c:728 #, c-format msgid "%s is not a regular file" msgstr "" #: plugins/sudoers/sudoers.c:731 toke.l:920 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "" #: plugins/sudoers/sudoers.c:735 toke.l:927 #, c-format msgid "%s is world writable" msgstr "" #: plugins/sudoers/sudoers.c:738 toke.l:932 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "" #: plugins/sudoers/sudoers.c:764 #, c-format msgid "only root can use `-c %s'" msgstr "" #: plugins/sudoers/sudoers.c:781 plugins/sudoers/sudoers.c:783 #, c-format msgid "unknown login class: %s" msgstr "" #: plugins/sudoers/sudoers.c:815 #, c-format msgid "unable to resolve host %s" msgstr "" #: plugins/sudoers/sudoers.c:878 plugins/sudoers/testsudoers.c:387 #, c-format msgid "unknown group: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:272 #, c-format msgid "invalid filter option: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:285 #, c-format msgid "invalid max wait: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:291 #, c-format msgid "invalid speed factor: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:294 plugins/sudoers/visudo.c:184 #, c-format msgid "%s version %s\n" msgstr "" #: plugins/sudoers/sudoreplay.c:326 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:332 #, c-format msgid "%s/%s/timing: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:348 #, c-format msgid "Replaying sudo session: %s\n" msgstr "" #: plugins/sudoers/sudoreplay.c:354 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "" #: plugins/sudoers/sudoreplay.c:355 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "" #: plugins/sudoers/sudoreplay.c:410 msgid "unable to set tty to raw mode" msgstr "" #: plugins/sudoers/sudoreplay.c:441 #, c-format msgid "invalid timing file line: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:647 plugins/sudoers/sudoreplay.c:672 #, c-format msgid "ambiguous expression \"%s\"" msgstr "" #: plugins/sudoers/sudoreplay.c:694 msgid "unmatched ')' in expression" msgstr "" #: plugins/sudoers/sudoreplay.c:698 #, c-format msgid "unknown search term \"%s\"" msgstr "" #: plugins/sudoers/sudoreplay.c:712 #, c-format msgid "%s requires an argument" msgstr "" #: plugins/sudoers/sudoreplay.c:716 plugins/sudoers/sudoreplay.c:1085 #, c-format msgid "invalid regular expression: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:722 #, c-format msgid "could not parse date \"%s\"" msgstr "" #: plugins/sudoers/sudoreplay.c:731 msgid "unmatched '(' in expression" msgstr "" #: plugins/sudoers/sudoreplay.c:733 msgid "illegal trailing \"or\"" msgstr "" #: plugins/sudoers/sudoreplay.c:735 msgid "illegal trailing \"!\"" msgstr "" #: plugins/sudoers/sudoreplay.c:788 #, c-format msgid "unknown search type %d" msgstr "" #: plugins/sudoers/sudoreplay.c:825 #, c-format msgid "%s: invalid log file" msgstr "" #: plugins/sudoers/sudoreplay.c:843 #, c-format msgid "%s: time stamp field is missing" msgstr "" #: plugins/sudoers/sudoreplay.c:850 #, c-format msgid "%s: time stamp %s: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:857 #, c-format msgid "%s: user field is missing" msgstr "" #: plugins/sudoers/sudoreplay.c:865 #, c-format msgid "%s: runas user field is missing" msgstr "" #: plugins/sudoers/sudoreplay.c:873 #, c-format msgid "%s: runas group field is missing" msgstr "" #: plugins/sudoers/sudoreplay.c:1225 #, c-format msgid "usage: %s [-h] [-d dir] [-m num] [-s num] ID\n" msgstr "" #: plugins/sudoers/sudoreplay.c:1228 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "" #: plugins/sudoers/sudoreplay.c:1237 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" #: plugins/sudoers/sudoreplay.c:1239 msgid "" "\n" "Options:\n" " -d, --directory=dir specify directory for session logs\n" " -f, --filter=filter specify which I/O type(s) to display\n" " -h, --help display help message and exit\n" " -l, --list list available session IDs, with optional expression\n" " -m, --max-wait=num max number of seconds to wait between events\n" " -s, --speed=num speed up or slow down output\n" " -V, --version display version information and exit" msgstr "" #: plugins/sudoers/testsudoers.c:326 msgid "\thost unmatched" msgstr "" #: plugins/sudoers/testsudoers.c:329 msgid "" "\n" "Command allowed" msgstr "" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command denied" msgstr "" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command unmatched" msgstr "" #: plugins/sudoers/timestamp.c:133 #, c-format msgid "timestamp path too long: %s" msgstr "" #: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 #: plugins/sudoers/timestamp.c:290 #, c-format msgid "%s owned by uid %u, should be uid %u" msgstr "" #: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0700" msgstr "" #: plugins/sudoers/timestamp.c:284 #, c-format msgid "%s exists but is not a regular file (0%o)" msgstr "" #: plugins/sudoers/timestamp.c:296 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0600" msgstr "" #: plugins/sudoers/timestamp.c:351 #, c-format msgid "timestamp too far in the future: %20.20s" msgstr "" #: plugins/sudoers/timestamp.c:405 #, c-format msgid "unable to remove %s, will reset to the Unix epoch" msgstr "" #: plugins/sudoers/timestamp.c:413 #, c-format msgid "unable to reset %s to the Unix epoch" msgstr "" #: plugins/sudoers/toke_util.c:176 msgid "fill_args: buffer overflow" msgstr "" #: plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" msgstr "" #: plugins/sudoers/visudo.c:257 plugins/sudoers/visudo.c:544 #, c-format msgid "press return to edit %s: " msgstr "" #: plugins/sudoers/visudo.c:342 plugins/sudoers/visudo.c:348 msgid "write error" msgstr "" #: plugins/sudoers/visudo.c:430 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:435 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:441 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:464 #, c-format msgid "%s unchanged" msgstr "" #: plugins/sudoers/visudo.c:489 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "" #: plugins/sudoers/visudo.c:499 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "" #: plugins/sudoers/visudo.c:535 #, c-format msgid "internal error, unable to find %s in list!" msgstr "" #: plugins/sudoers/visudo.c:593 plugins/sudoers/visudo.c:602 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "" #: plugins/sudoers/visudo.c:597 plugins/sudoers/visudo.c:607 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "" #: plugins/sudoers/visudo.c:624 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "" #: plugins/sudoers/visudo.c:638 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:648 #, c-format msgid "error renaming %s, %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:710 msgid "What now? " msgstr "" #: plugins/sudoers/visudo.c:724 msgid "" "Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" #: plugins/sudoers/visudo.c:772 #, c-format msgid "unable to run %s" msgstr "" #: plugins/sudoers/visudo.c:798 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "" #: plugins/sudoers/visudo.c:805 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "" #: plugins/sudoers/visudo.c:830 plugins/sudoers/visudo_json.c:1009 #, c-format msgid "failed to parse %s file, unknown error" msgstr "" #: plugins/sudoers/visudo.c:846 plugins/sudoers/visudo_json.c:1018 #, c-format msgid "parse error in %s near line %d\n" msgstr "" #: plugins/sudoers/visudo.c:849 plugins/sudoers/visudo_json.c:1021 #, c-format msgid "parse error in %s\n" msgstr "" #: plugins/sudoers/visudo.c:857 plugins/sudoers/visudo.c:864 #, c-format msgid "%s: parsed OK\n" msgstr "" #: plugins/sudoers/visudo.c:910 #, c-format msgid "%s busy, try again later" msgstr "" #: plugins/sudoers/visudo.c:954 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "" #: plugins/sudoers/visudo.c:977 #, c-format msgid "unable to stat editor (%s)" msgstr "" #: plugins/sudoers/visudo.c:1025 #, c-format msgid "no editor found (editor path = %s)" msgstr "" #: plugins/sudoers/visudo.c:1118 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "" #: plugins/sudoers/visudo.c:1119 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "" #: plugins/sudoers/visudo.c:1125 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "" #: plugins/sudoers/visudo.c:1126 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "" #: plugins/sudoers/visudo.c:1268 #, c-format msgid "%s: unused %s_Alias %s" msgstr "" #: plugins/sudoers/visudo.c:1330 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" #: plugins/sudoers/visudo.c:1332 msgid "" "\n" "Options:\n" " -c, --check check-only mode\n" " -f, --file=file specify sudoers file location\n" " -h, --help display help message and exit\n" " -q, --quiet less verbose (quiet) syntax error messages\n" " -s, --strict strict syntax checking\n" " -V, --version display version information and exit\n" " -x, --export=file export sudoers in JSON format" msgstr "" #: toke.l:892 msgid "too many levels of includes" msgstr "" sudo-1.8.9p5/plugins/sudoers/po/sv.mo010064400175440000012000000463341226304146200171260ustar00millertstaffޕѤ, ‘¢²Â×êù <U#u9™Ó&ì)=FV@#Þ#&;!V$x µÂÑÚá÷").FuxA”Öô!+4M‚"š ½$Þ25Q)‡'±Ù'é3Ÿ Ó Ýèý+=B6€(·àò5'E5m&£:Ê.C4'x" 7Ã?ûA;“}'*95d š3¥Ùó2H[({¤ÁÕ ï(0&Y€›¬»OË( $D .i %˜ #¾ &â ' !*1!/\!Œ!¨!Â!#Ö!ú! "+"F"#V"z"Ž"(¤"Í"(Ô"ý"#,#!F#h#}##¡#´#Ó#ó#' $65$&l$#“$(·$2à$"%(6%_%r%Œ%+¨%&Ô%(û%+$&&P&'w&Ÿ&½&Û&*û&$&'K'_'w'Œ'¥'*¾'é'ø' (&(%=(c(( š(»( Û(ü()!)A)4Y)Ž) )º)*Ë)'ö)*=*O*3e*™*¯*Á*Ù*ò*++/+5K+++±+%Ä+%ê+ ,,*7,#b,›†,".6.I.Y.m.‰.™.ª.?».*û.3&/IZ/%¤/&Ê/)ñ/0P50G†0Î0í0 1&1'@1"h1‹1£1³1Â1Ë1Ò1î1#ý1!21?2q2t2S2"ä2!3!)3$K37p3¨3¿3Ý3(ú3#4B4&W4=~41¼48î4!'5)I5¨s5;6 X6 c6o6‰60©6DÚ6:7.Z7‰7"ž7AÁ758K986…8A¼8,þ8L+95x9$®95Ó9K :OU:‘¥:A7;4y;D®;ó;3ü;0<G<]<{<˜<´<Í<7í<%=@=X=2v=-©=1×=/ >9>W>n>ƒ>^™>)ø>%"?/H?&x?$Ÿ?'Ä?(ì?*@0@@q@‹@¤@%·@Ý@ý@A7A)GAqAŽA.­A ÜA/æAB5B QB(rB›B°BÂBÔBçBC'&C/NC6~C0µC"æC, D66D:mD5¨DÞDôDE/*E*ZE.…E/´E*äE2F BF cF"„F-§F#ÕFùF G,G@GXG-pGžG·G!ÔGöG3 HAH^HvH –H$·HÜHúH!I1I@LII"¡IÄI6ØI>J&NJuJ‘J0«JÜJïJKK4KCKYKpK3‡K1»KíK L+L+HLtL}L(–L¿L}¯ GÆ”¦ÅŽ`ÑHE ¿yL[†aŸ…z&¨Ç‡/§k°³±X n3“l9ÐÄvYrÀFS»²œ•ª_p«—¡5=!Cs'µŠ¹-^j*e–€f£(„T¾"\‘‹º¬¶BDJÍ©At·8I®ƒq6›%w.o’{P7R1@Â>MšQ0O?ˆ ÉhÌg ¢Ã½ȤUuZ‰VÏ]¼#2¥N4m¸$KbŒd™iË~|x+)‚;:˜Î´ ,W<ÊcÁ ­ž Command allowed Command denied LDAP Role: %s LDAP Role: UNKNOWN Sudoers path: %s Commands: Commands: Order: %s %d incorrect password attempt%d incorrect password attempts%s - replay sudo session logs %s - safely edit the sudoers file %s and %s not on the same file system, using mv to rename%s busy, try again later%s exists but is not a directory (0%o)%s exists but is not a regular file (0%o)%s is not a regular file%s is not allowed to run sudo on %s. This incident will be reported. %s is not in the sudoers file. This incident will be reported. %s is owned by gid %u, should be %u%s is owned by uid %u, should be %u%s is world writable%s must be owned by uid %d%s must only be writable by owner%s owned by uid %u, should be uid %u%s requires an argument%s unchanged%s version %s %s%s: %s%s: %s%s: command not found%s: parsed OK %s: unable to allocate options: %s%s: unable to parse '%s': %s%s: wrong owner (uid, gid) should be (%u, %u) : >>> %s: %s near line %d <<<Account or password is expired, reset your password and try againAddress to send mail from: %sAddress to send mail to: %sAlias `%s' already definedAlways send mail when sudo is runAlways set $HOME to the target user's home directoryAuthentication methods:Environment variables to preserve:Environment variables to remove:File containing the sudo lecture: %sFlags for mail program: %sIgnore '.' in $PATHIncorrect password message: %sInsult the user when they enter an incorrect passwordLecture user the first time they run sudoLocale to use while parsing sudoers: %sNo user or hostNumber of tries to enter a password: %dOptions are: (e)dit sudoers file again e(x)it without saving changes to sudoers file (Q)uit and save changes to sudoers file (DANGER!) Password expired, contact your system administratorPassword:Password: Path to log file: %sPath to mail program: %sPrompt for root's password, not the users'sPrompt for the runas_default user's password, not the users'sPrompt for the target user's password, not the users'sRequire users to authenticate by defaultRoot may run sudoSecurID communication failedSend mail if the user is not allowed to run a commandSend mail if the user is not in sudoersSend mail if the user is not in sudoers for this hostSend mail if user authentication failsSet $HOME to the target user when starting a shell with -sSet the LOGNAME and USER environment variablesSorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s. Sorry, user %s may not run sudo on %s. Subject line for mail messages: %sSyslog facility if syslog is being used for logging: %sSyslog priority to use when user authenticates successfully: %sSyslog priority to use when user authenticates unsuccessfully: %sThere are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option.Umask to use or 0777 to use user's: 0%oUser %s is not allowed to run sudo on %s. User %s may run the following commands on this host: What now? account validation failure, is your account locked?ambiguous expression "%s"au_open: failedau_to_exec_args: failedau_to_return32: failedau_to_subject: failedau_to_text: failedauthentication server error: %scommand failed: '%s %s %s', %s unchangedcommand in current directorycommand not allowedcould not parse date "%s"editor (%s) failed, %s unchangederror renaming %s, %s unchangedfailed to initialise the ACE API libraryfailed to parse %s file, unknown errorfill_args: buffer overflowgetaudit: failedgetauid failedgetauid: failedignoring `%s' found in '.' Use `sudo ./%s' if this is the `%s' you wish to run.internal error, expand_prompt() overflowinternal error, init_vars() overflowinternal error, linux_audit_command() overflowinternal error, runas_groups overflowinternal error, set_cmnd() overflowinternal error, sudo_setenv() overflowinternal error, sudo_setenv2() overflowinternal error, unable to find %s in list!internal error: insufficient space for log lineinvalid authentication typeinvalid filter option: %sinvalid log file %sinvalid passcode length for SecurIDinvalid regex: %sinvalid regular expression: %sinvalid sequence number %sinvalid uri: %sinvalid username length for SecurIDldap.conf path: %s ldap.secret path: %s lost connection to authentication serverno ttyno valid sudoers sources found, quittingno value specified for `%s'nsswitch path: %s only root can use `-c %s'option `%s' does not take a valuepam_authenticate: %spam_chauthtok: %sparse error in %sparse error in %s parse error in %s near line %dparse error in %s near line %d press return to edit %s: sorry, a password is required to run %ssorry, you are not allowed to preserve the environmentsorry, you must have a tty to run sudospecified editor (%s) doesn't existsudo_ldap_conf_add_ports: port too largesudoers specifies that root is not allowed to sudotimestamp owner (%s): No such usertimestamp too far in the future: %20.20stoo many processesunable to allocate memoryunable to build time filterunable to cache gid %u (%s), already existsunable to cache gid %u, already existsunable to cache group %s, already existsunable to cache uid %u (%s), already existsunable to cache uid %u, already existsunable to cache user %s, already existsunable to change to runas gidunable to change to runas uidunable to change to sudoers gidunable to connect to authentication serverunable to contact the SecurID serverunable to create %sunable to dlopen %s: %sunable to execute %sunable to execute %s: %munable to execute %s: %sunable to find symbol "group_plugin" in %sunable to forkunable to fork: %munable to format timestampunable to get GMT timeunable to get login class for user %sunable to initialize LDAP: %sunable to initialize PAMunable to initialize SIA sessionunable to lock log file: %s: %sunable to mix ldaps and starttlsunable to mkdir %sunable to open %sunable to open log file: %s: %sunable to open pipe: %munable to re-open temporary file (%s), %s unchanged.unable to read %sunable to resolve host %sunable to run %sunable to set (uid, gid) of %s to (%u, %u)unable to set locale to "%s", using "C"unable to setup authenticationunable to stat %sunable to write to %sunabled to parse temporary file (%s), unknown errorunknown SecurID errorunknown group: %sunknown login class: %sunknown search term "%s"unknown uid: %uunknown user: %sunmatched '(' in expressionunmatched ')' in expressionusage: %s [-h] [-d directory] -l [search expression] user NOT authorized on hostuser NOT in sudoersvalidation failurevalue `%s' is invalid for option `%s'values for `%s' must start with a '/'write errorwriting to standard outputyou are not permitted to use the -C optionyou do not exist in the %s databaseProject-Id-Version: sudoers 1.8.5-b1 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2012-03-14 14:20-0400 PO-Revision-Date: 2012-03-24 12:18+0100 Last-Translator: Daniel Nylander Language-Team: Swedish Language: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); Kommandot tillÃ¥ts Kommandot nekades LDAP-roll: %s LDAP-roll: OKÄND Sökväg till sudoers: %s Kommandon: Kommandon: Ordning: %s %d felaktigt lösenordsförsök%d felaktiga lösenordsförsök%s - spela upp loggar frÃ¥n sudo-session %s - redigera sudoers-filen pÃ¥ ett säkert sätt %s och %s finns inte pÃ¥ samma filsystem, använder mv för att byta namn%s är upptagen, försök igen senare%s finns men är inte en katalog (0%o)%s finns men är inte en vanlig fil (0%o)%s är inte en vanlig fil%s tillÃ¥ts inte att köra sudo pÃ¥ %s. Denna incident kommer att rapporteras. %s finns inte i filen sudoers. Denna incident kommer att rapporteras. %s ägs av gid %u, ska vara %u%s ägs av uid %u, ska vara %u%s är skrivbar för alla%s mÃ¥ste ägas av uid %d%s fÃ¥r endast vara skrivbar av ägaren%s ägs av uid %u, ska vara uid %u%s kräver ett argument%s oförändrad%s version %s %s%s: %s%s: %s%s: kommandot hittades inte%s: tolkad OK %s: kunde inte allokera flaggor: %s%s: kunde inte tolka "%s": %s%s: felaktig ägare (uid, gid) ska vara (%u, %u) : >>> %s: %s nära rad %d <<<Kontot eller lösenordet har gÃ¥tt ut. Ã…terställ ditt lösenord och försök igenAdress att skicka e-post frÃ¥n: %sAdress att skicka e-post till: %sAliaset "%s" är redan definieradSkicka alltid e-post när sudo körsStäll alltid in $HOME till mÃ¥lanvändarens hemkatalogAutentiseringsmetoder:Miljövariabler att behÃ¥lla:Miljövariabler att ta bort:Fil som innehÃ¥ller sudo-upplärning: %sFlaggor för e-postprogram: %sIgnorera "." i $PATHMeddelande vid felaktigt lösenord: %sFörolämpa användaren när de anger ett felaktigt lösenordLär upp användaren första gÃ¥ngen de kör sudoLokalanpassning att använda vid tolkning av sudoers: %sIngen användare eller värddatorAntal försök att ange ett lösenord: %dAlternativen är: r(e)digera sudoers-filen igen avsluta (x) utan att spara ändringar i sudoers-filen Avsluta (Q) och spara ändringar i sudoers-filen (FARLIGT!) Lösenordet har gÃ¥tt ut. Kontakta din systemadministratörLösenord:Lösenord: Sökväg till loggfil: %sSökväg till e-postprogram: %sFrÃ¥ga efter root-lösenordet, inte användarensFrÃ¥ga efter runas_default-användarens lösenord, inte användarensFrÃ¥ga efter mÃ¥lanvändarens lösenord, inte användarensKräv att användare autentiseras som standardRoot fÃ¥r köra sudoSecurID-kommunikation misslyckadesSkicka e-post om användaren inte tillÃ¥ts att köra ett kommandoSkicka e-post om användaren inte finns med i sudoersSkicka e-post om användaren inte finns med i sudoers för denna värddatorSkicka e-post om användarens autentisering misslyckasStäll in $HOME till mÃ¥lanvändaren när ett skal startas med -sStäll in miljövariablerna LOGNAME och USERTyvärr, användaren %s tillÃ¥ts inte att köra "%s%s%s" som %s%s%s pÃ¥ %s. Tyvärr, användaren %s fÃ¥r inte köra sudo pÃ¥ %s. Ämnesrad för e-postmeddelanden: %sSyslog-facilitet om syslog används för loggning: %sSyslog-prioritet att använda när användaren lyckas med autentisering: %sSyslog-prioritet att använda när användaren misslyckas med autentisering: %sDet finns inga autentiseringsmetoder inbyggda i sudo! Om du vill aktivera autentisering, använd konfigurationsflaggan --disable-authentication.Umask att använda eller 0777 för att använda användarens: 0%oAnvändaren %s tillÃ¥ts inte att köra sudo pÃ¥ %s. Användaren %s fÃ¥r köra följande kommandon pÃ¥ denna värddator: Nu dÃ¥? kontovalidering misslyckades. Är ditt konto lÃ¥st?tvetydigt uttryck "%s"au_open: misslyckadesau_to_exec_args: misslyckadesau_to_return32: misslyckadesau_to_subject: misslyckadesau_to_text: misslyckadesfel i autentiseringsservern: %skommandot misslyckades: "%s %s %s", %s är oförändradkommando i aktuell katalogkommandot tillÃ¥ts intekunde inte tolka datumet "%s"redigeraren (%s) misslyckades, %s är oförändradfel vid namnbyte för %s, %s är oförändradmisslyckades med att initiera ACE API-biblioteketmisslyckades med att tolka %s-filen, okänt felfill_args: buffertöverflödegetaudit: misslyckadesgetauid misslyckadesgetauid: misslyckadesignorerar "%s" som hittades i "." Använd "sudo ./%s" om detta är den "%s" som du vill köra.internt fel, stackspill i expand_prompt()internt fel, stackspill i init_vars()internt fel, stackspill i linux_audit_command()internt fel, stackspill i runas_groupsinternt fel, stackspill i set_cmnd()internt fel, stackspill i sudo_setenv()internt fel, stackspill i sudo_setenv2()internt fel, kunde inte hitta %s i listan!internt fel: otillräckligt utrymme för loggradogiltig autentiseringstypogiltig filterflagga: %sogiltig loggfil %sogiltig lösenordslängd för SecurIDogiltigt reguljärt uttryck: %sogiltigt reguljärt uttryck: %sogiltigt sekvensnummer %sogiltig uri: %sogiltig användarnamnslängd för SecurIDSökväg till ldap.conf: %s Sökväg till ldap.secret: %s förlorade kontakten med autentiseringsserverningen ttyinga giltiga sudoers-källor hittades, avslutaringet värde angivet för "%s"Sökväg till nsswitch: %s endast root kan använda "-c %s"flaggan "%s" tar inte emot nÃ¥got värdepam_authenticate: %spam_chauthtok: %stolkningsfel i %stolkningsfel i %s tolkningsfel i %s nära rad %dtolkningsfel i %s nära rad %d tryck pÃ¥ return för att redigera %s: tyvärr, ett lösenord krävs för att köra %styvärr, du tillÃ¥ts inte att behÃ¥lla miljövariablertyvärr, du mÃ¥ste ha en tty för att köra sudoangiven redigerare (%s) finns intesudo_ldap_conf_add_ports: port är för storsudoers anger att root inte tillÃ¥ts att använda sudotidsstämpelägare (%s): Det finns ingen sÃ¥dan användaretidsstämpeln är för lÃ¥ngt in i framtiden: %20.20sför mÃ¥nga processerkunde inte allokera minnekunde inte bygga tidsfilterkunde inte mellanlagra gid %u (%s), finns redankunde inte mellanlagra gid %u, finns redankunde inte mellanlagra gruppen %s, finns redankunde inte mellanlagra uid %u (%s), finns redankunde inte mellanlagra uid %u, finns redankunde inte mellanlagra användaren %s, finns redankunde inte ändra till runas gidkunde inte ändra till runas uidkunde inte ändra till sudoers gidkunde inte ansluta till autentiseringsservernkunde inte kontakta SecurID-servernkunde inte skapa %skunde inte köra dlopen %s: %skunde inte köra %skunde inte köra %s: %mkunde inte köra %s: %skunde inte hitta symbolen "group_plugin" i %skunde inte grena processkunde inte grena process: %mkunde inte formatera tidsstämpelkunde inte fÃ¥ GMT-tidkunde inte fÃ¥ inloggningsklass för användaren %skunde inte initiera LDAP: %skunde inte initiera PAMkunde inte initiera SIA-sessionkunde inte lÃ¥sa loggfil: %s: %skunde inte blanda ldaps och starttlskunde inte skapa katalogen %skunde inte öppna %skunde inte öppna loggfil: %s: %skunde inte öppna rör: %mkunde inte Ã¥teröppna temporärfilen (%s), %s är oförändrad.kunde inte läsa %skunde inte slÃ¥ upp värddatorn %skunde inte köra %skunde inte ställa in (uid, gid) för %s till (%u, %u)kunde inte ställa in lokalanpassning till "%s", använder "C"kunde inte konfigurera autentiseringenkunde inte ta status pÃ¥ %skunde inte skriva till %skunde inte tolka temporärfilen (%s), okänt felokänt SecurID-felokänd grupp: %sokänd inloggningsklass: %sokänt sökvillkor "%s"okänt uid: %uokänd användare: %somatchat "(" i uttryckomatchat ")" i uttryckanvändning: %s [-h] [-d katalog] -l [sökuttryck] användaren är INTE auktoriserad pÃ¥ värddatornanvändare finns INTE i sudoersvalideringsfelvärdet "%s" är ogiltigt för flaggan "%s"värden för "%s" mÃ¥ste börja med ett "/"skrivfelskriver till standard utdu tillÃ¥ts inte att använda flaggan -Cdu finns inte i %s-databasensudo-1.8.9p5/plugins/sudoers/po/sv.po010064400175440000012000001314041226304126300171210ustar00millertstaff# Swedish translation for sudoers. # Copyright (C) 2012 Free Software Foundation, Inc. # This file is put in the public domain. # Daniel Nylander , 2012. # msgid "" msgstr "" "Project-Id-Version: sudoers 1.8.5-b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2012-03-14 14:20-0400\n" "PO-Revision-Date: 2012-03-24 12:18+0100\n" "Last-Translator: Daniel Nylander \n" "Language-Team: Swedish \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: plugins/sudoers/alias.c:125 #, c-format msgid "Alias `%s' already defined" msgstr "Aliaset \"%s\" är redan definierad" #: plugins/sudoers/bsm_audit.c:61 plugins/sudoers/bsm_audit.c:64 #: plugins/sudoers/bsm_audit.c:113 plugins/sudoers/bsm_audit.c:117 #: plugins/sudoers/bsm_audit.c:169 plugins/sudoers/bsm_audit.c:173 msgid "getaudit: failed" msgstr "getaudit: misslyckades" #: plugins/sudoers/bsm_audit.c:91 plugins/sudoers/bsm_audit.c:154 msgid "Could not determine audit condition" msgstr "" #: plugins/sudoers/bsm_audit.c:102 msgid "getauid failed" msgstr "getauid misslyckades" #: plugins/sudoers/bsm_audit.c:104 plugins/sudoers/bsm_audit.c:163 msgid "au_open: failed" msgstr "au_open: misslyckades" #: plugins/sudoers/bsm_audit.c:119 plugins/sudoers/bsm_audit.c:175 msgid "au_to_subject: failed" msgstr "au_to_subject: misslyckades" #: plugins/sudoers/bsm_audit.c:123 plugins/sudoers/bsm_audit.c:179 msgid "au_to_exec_args: failed" msgstr "au_to_exec_args: misslyckades" #: plugins/sudoers/bsm_audit.c:127 plugins/sudoers/bsm_audit.c:188 msgid "au_to_return32: failed" msgstr "au_to_return32: misslyckades" #: plugins/sudoers/bsm_audit.c:130 plugins/sudoers/bsm_audit.c:191 msgid "unable to commit audit record" msgstr "" #: plugins/sudoers/bsm_audit.c:161 msgid "getauid: failed" msgstr "getauid: misslyckades" #: plugins/sudoers/bsm_audit.c:184 msgid "au_to_text: failed" msgstr "au_to_text: misslyckades" #: plugins/sudoers/check.c:158 #, c-format msgid "sorry, a password is required to run %s" msgstr "tyvärr, ett lösenord krävs för att köra %s" #: plugins/sudoers/check.c:249 plugins/sudoers/iolog.c:172 #: plugins/sudoers/sudoers.c:970 plugins/sudoers/sudoreplay.c:348 #: plugins/sudoers/sudoreplay.c:357 plugins/sudoers/sudoreplay.c:703 #: plugins/sudoers/sudoreplay.c:797 plugins/sudoers/visudo.c:816 #, c-format msgid "unable to open %s" msgstr "kunde inte öppna %s" #: plugins/sudoers/check.c:253 plugins/sudoers/iolog.c:202 #, c-format msgid "unable to write to %s" msgstr "kunde inte skriva till %s" #: plugins/sudoers/check.c:261 plugins/sudoers/check.c:506 #: plugins/sudoers/check.c:556 plugins/sudoers/iolog.c:123 #: plugins/sudoers/iolog.c:156 #, c-format msgid "unable to mkdir %s" msgstr "kunde inte skapa katalogen %s" #: plugins/sudoers/check.c:396 #, c-format msgid "internal error, expand_prompt() overflow" msgstr "internt fel, stackspill i expand_prompt()" #: plugins/sudoers/check.c:456 #, c-format msgid "timestamp path too long: %s" msgstr "" #: plugins/sudoers/check.c:485 plugins/sudoers/check.c:529 #: plugins/sudoers/iolog.c:158 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s finns men är inte en katalog (0%o)" #: plugins/sudoers/check.c:488 plugins/sudoers/check.c:532 #: plugins/sudoers/check.c:577 #, c-format msgid "%s owned by uid %u, should be uid %u" msgstr "%s ägs av uid %u, ska vara uid %u" #: plugins/sudoers/check.c:493 plugins/sudoers/check.c:537 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0700" msgstr "" #: plugins/sudoers/check.c:501 plugins/sudoers/check.c:545 #: plugins/sudoers/check.c:613 plugins/sudoers/sudoers.c:989 #: plugins/sudoers/visudo.c:320 plugins/sudoers/visudo.c:582 #, c-format msgid "unable to stat %s" msgstr "kunde inte ta status pÃ¥ %s" #: plugins/sudoers/check.c:571 #, c-format msgid "%s exists but is not a regular file (0%o)" msgstr "%s finns men är inte en vanlig fil (0%o)" #: plugins/sudoers/check.c:583 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0600" msgstr "" #: plugins/sudoers/check.c:637 #, c-format msgid "timestamp too far in the future: %20.20s" msgstr "tidsstämpeln är för lÃ¥ngt in i framtiden: %20.20s" #: plugins/sudoers/check.c:684 #, c-format msgid "unable to remove %s (%s), will reset to the epoch" msgstr "" #: plugins/sudoers/check.c:692 #, c-format msgid "unable to reset %s to the epoch" msgstr "" #: plugins/sudoers/check.c:752 plugins/sudoers/check.c:758 #: plugins/sudoers/sudoers.c:847 plugins/sudoers/sudoers.c:851 #, c-format msgid "unknown uid: %u" msgstr "okänt uid: %u" #: plugins/sudoers/check.c:755 plugins/sudoers/sudoers.c:788 #: plugins/sudoers/sudoers.c:1109 plugins/sudoers/testsudoers.c:218 #: plugins/sudoers/testsudoers.c:362 #, c-format msgid "unknown user: %s" msgstr "okänd användare: %s" #: plugins/sudoers/def_data.c:27 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "Syslog-facilitet om syslog används för loggning: %s" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "Syslog-prioritet att använda när användaren lyckas med autentisering: %s" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "Syslog-prioritet att använda när användaren misslyckas med autentisering: %s" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" msgstr "" #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" msgstr "Ignorera \".\" i $PATH" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" msgstr "Skicka alltid e-post när sudo körs" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" msgstr "Skicka e-post om användarens autentisering misslyckas" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" msgstr "Skicka e-post om användaren inte finns med i sudoers" #: plugins/sudoers/def_data.c:59 msgid "Send mail if the user is not in sudoers for this host" msgstr "Skicka e-post om användaren inte finns med i sudoers för denna värddator" #: plugins/sudoers/def_data.c:63 msgid "Send mail if the user is not allowed to run a command" msgstr "Skicka e-post om användaren inte tillÃ¥ts att köra ett kommando" #: plugins/sudoers/def_data.c:67 msgid "Use a separate timestamp for each user/tty combo" msgstr "" #: plugins/sudoers/def_data.c:71 msgid "Lecture user the first time they run sudo" msgstr "Lär upp användaren första gÃ¥ngen de kör sudo" #: plugins/sudoers/def_data.c:75 #, c-format msgid "File containing the sudo lecture: %s" msgstr "Fil som innehÃ¥ller sudo-upplärning: %s" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" msgstr "Kräv att användare autentiseras som standard" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" msgstr "Root fÃ¥r köra sudo" #: plugins/sudoers/def_data.c:87 msgid "Log the hostname in the (non-syslog) log file" msgstr "" #: plugins/sudoers/def_data.c:91 msgid "Log the year in the (non-syslog) log file" msgstr "" #: plugins/sudoers/def_data.c:95 msgid "If sudo is invoked with no arguments, start a shell" msgstr "" #: plugins/sudoers/def_data.c:99 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "Ställ in $HOME till mÃ¥lanvändaren när ett skal startas med -s" #: plugins/sudoers/def_data.c:103 msgid "Always set $HOME to the target user's home directory" msgstr "Ställ alltid in $HOME till mÃ¥lanvändarens hemkatalog" #: plugins/sudoers/def_data.c:107 msgid "Allow some information gathering to give useful error messages" msgstr "" #: plugins/sudoers/def_data.c:111 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "" #: plugins/sudoers/def_data.c:115 msgid "Insult the user when they enter an incorrect password" msgstr "Förolämpa användaren när de anger ett felaktigt lösenord" #: plugins/sudoers/def_data.c:119 msgid "Only allow the user to run sudo if they have a tty" msgstr "" #: plugins/sudoers/def_data.c:123 msgid "Visudo will honor the EDITOR environment variable" msgstr "" #: plugins/sudoers/def_data.c:127 msgid "Prompt for root's password, not the users's" msgstr "FrÃ¥ga efter root-lösenordet, inte användarens" #: plugins/sudoers/def_data.c:131 msgid "Prompt for the runas_default user's password, not the users's" msgstr "FrÃ¥ga efter runas_default-användarens lösenord, inte användarens" #: plugins/sudoers/def_data.c:135 msgid "Prompt for the target user's password, not the users's" msgstr "FrÃ¥ga efter mÃ¥lanvändarens lösenord, inte användarens" #: plugins/sudoers/def_data.c:139 msgid "Apply defaults in the target user's login class if there is one" msgstr "" #: plugins/sudoers/def_data.c:143 msgid "Set the LOGNAME and USER environment variables" msgstr "Ställ in miljövariablerna LOGNAME och USER" #: plugins/sudoers/def_data.c:147 msgid "Only set the effective uid to the target user, not the real uid" msgstr "" #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" msgstr "" #: plugins/sudoers/def_data.c:155 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %d" msgstr "" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "" #: plugins/sudoers/def_data.c:163 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "" #: plugins/sudoers/def_data.c:167 #, c-format msgid "Number of tries to enter a password: %d" msgstr "Antal försök att ange ett lösenord: %d" #: plugins/sudoers/def_data.c:171 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "Umask att använda eller 0777 för att använda användarens: 0%o" #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" msgstr "Sökväg till loggfil: %s" #: plugins/sudoers/def_data.c:179 #, c-format msgid "Path to mail program: %s" msgstr "Sökväg till e-postprogram: %s" #: plugins/sudoers/def_data.c:183 #, c-format msgid "Flags for mail program: %s" msgstr "Flaggor för e-postprogram: %s" #: plugins/sudoers/def_data.c:187 #, c-format msgid "Address to send mail to: %s" msgstr "Adress att skicka e-post till: %s" #: plugins/sudoers/def_data.c:191 #, c-format msgid "Address to send mail from: %s" msgstr "Adress att skicka e-post frÃ¥n: %s" #: plugins/sudoers/def_data.c:195 #, c-format msgid "Subject line for mail messages: %s" msgstr "Ämnesrad för e-postmeddelanden: %s" #: plugins/sudoers/def_data.c:199 #, c-format msgid "Incorrect password message: %s" msgstr "Meddelande vid felaktigt lösenord: %s" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "" #: plugins/sudoers/def_data.c:211 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "" #: plugins/sudoers/def_data.c:215 #, c-format msgid "Default password prompt: %s" msgstr "" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." msgstr "" #: plugins/sudoers/def_data.c:223 #, c-format msgid "Default user to run commands as: %s" msgstr "" #: plugins/sudoers/def_data.c:227 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "" #: plugins/sudoers/def_data.c:231 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "" #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in the sudo_noexec library" msgstr "" #: plugins/sudoers/def_data.c:247 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "" #: plugins/sudoers/def_data.c:251 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "" #: plugins/sudoers/def_data.c:255 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "" #: plugins/sudoers/def_data.c:259 msgid "Allow users to set arbitrary environment variables" msgstr "" #: plugins/sudoers/def_data.c:263 msgid "Reset the environment to a default set of variables" msgstr "" #: plugins/sudoers/def_data.c:267 msgid "Environment variables to check for sanity:" msgstr "" #: plugins/sudoers/def_data.c:271 msgid "Environment variables to remove:" msgstr "Miljövariabler att ta bort:" #: plugins/sudoers/def_data.c:275 msgid "Environment variables to preserve:" msgstr "Miljövariabler att behÃ¥lla:" #: plugins/sudoers/def_data.c:279 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "" #: plugins/sudoers/def_data.c:283 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "" #: plugins/sudoers/def_data.c:287 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "" #: plugins/sudoers/def_data.c:291 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "Lokalanpassning att använda vid tolkning av sudoers: %s" #: plugins/sudoers/def_data.c:295 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "" #: plugins/sudoers/def_data.c:299 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "" #: plugins/sudoers/def_data.c:303 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "" #: plugins/sudoers/def_data.c:307 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "" #: plugins/sudoers/def_data.c:311 msgid "Log user's input for the command being run" msgstr "" #: plugins/sudoers/def_data.c:315 msgid "Log the output of the command being run" msgstr "" #: plugins/sudoers/def_data.c:319 msgid "Compress I/O logs using zlib" msgstr "" #: plugins/sudoers/def_data.c:323 msgid "Always run commands in a pseudo-tty" msgstr "" #: plugins/sudoers/def_data.c:327 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "" #: plugins/sudoers/def_data.c:331 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "" #: plugins/sudoers/def_data.c:335 #, c-format msgid "File in which to store the input/output log: %s" msgstr "" #: plugins/sudoers/def_data.c:339 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "" #: plugins/sudoers/def_data.c:343 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "" #: plugins/sudoers/defaults.c:208 #, c-format msgid "unknown defaults entry `%s'" msgstr "" #: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226 #: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259 #: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285 #: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318 #: plugins/sudoers/defaults.c:328 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "värdet \"%s\" är ogiltigt för flaggan \"%s\"" #: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229 #: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254 #: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280 #: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313 #: plugins/sudoers/defaults.c:324 #, c-format msgid "no value specified for `%s'" msgstr "inget värde angivet för \"%s\"" #: plugins/sudoers/defaults.c:242 #, c-format msgid "values for `%s' must start with a '/'" msgstr "värden för \"%s\" mÃ¥ste börja med ett \"/\"" #: plugins/sudoers/defaults.c:304 #, c-format msgid "option `%s' does not take a value" msgstr "flaggan \"%s\" tar inte emot nÃ¥got värde" #: plugins/sudoers/env.c:329 #, c-format msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "" #: plugins/sudoers/env.c:331 plugins/sudoers/env.c:401 toke.l:680 toke.l:810 #: toke.l:868 toke.l:964 plugins/sudoers/toke_util.c:113 #: plugins/sudoers/toke_util.c:167 plugins/sudoers/toke_util.c:207 #, c-format msgid "unable to allocate memory" msgstr "kunde inte allokera minne" #: plugins/sudoers/env.c:356 #, c-format msgid "internal error, sudo_setenv2() overflow" msgstr "internt fel, stackspill i sudo_setenv2()" #: plugins/sudoers/env.c:400 #, c-format msgid "internal error, sudo_setenv() overflow" msgstr "internt fel, stackspill i sudo_setenv()" #: plugins/sudoers/env.c:896 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "" #: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108 #: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125 toke.l:676 #: toke.l:864 plugins/sudoers/sudoers.c:941 #, c-format msgid "%s: %s" msgstr "%s: %s" #: gram.y:110 #, c-format msgid ">>> %s: %s near line %d <<<" msgstr ">>> %s: %s nära rad %d <<<" #: plugins/sudoers/group_plugin.c:91 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: plugins/sudoers/group_plugin.c:103 #, c-format msgid "%s must be owned by uid %d" msgstr "%s mÃ¥ste ägas av uid %d" #: plugins/sudoers/group_plugin.c:107 #, c-format msgid "%s must only be writable by owner" msgstr "%s fÃ¥r endast vara skrivbar av ägaren" #: plugins/sudoers/group_plugin.c:114 #, c-format msgid "unable to dlopen %s: %s" msgstr "kunde inte köra dlopen %s: %s" #: plugins/sudoers/group_plugin.c:119 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "kunde inte hitta symbolen \"group_plugin\" i %s" #: plugins/sudoers/group_plugin.c:124 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "" #: plugins/sudoers/interfaces.c:112 msgid "Local IP address and netmask pairs:\n" msgstr "" #: plugins/sudoers/iolog.c:179 plugins/sudoers/sudoers.c:977 #, c-format msgid "unable to read %s" msgstr "kunde inte läsa %s" #: plugins/sudoers/iolog.c:182 #, c-format msgid "invalid sequence number %s" msgstr "ogiltigt sekvensnummer %s" #: plugins/sudoers/iolog.c:231 plugins/sudoers/iolog.c:234 #: plugins/sudoers/iolog.c:499 plugins/sudoers/iolog.c:504 #: plugins/sudoers/iolog.c:510 plugins/sudoers/iolog.c:518 #: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:534 #: plugins/sudoers/iolog.c:542 #, c-format msgid "unable to create %s" msgstr "kunde inte skapa %s" #: plugins/sudoers/iolog_path.c:256 plugins/sudoers/sudoers.c:367 #, c-format msgid "unable to set locale to \"%s\", using \"C\"" msgstr "kunde inte ställa in lokalanpassning till \"%s\", använder \"C\"" #: plugins/sudoers/ldap.c:374 #, c-format msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: port är för stor" #: plugins/sudoers/ldap.c:397 #, c-format msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "" #: plugins/sudoers/ldap.c:427 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "" #: plugins/sudoers/ldap.c:456 #, c-format msgid "invalid uri: %s" msgstr "ogiltig uri: %s" #: plugins/sudoers/ldap.c:462 #, c-format msgid "unable to mix ldap and ldaps URIs" msgstr "" #: plugins/sudoers/ldap.c:466 #, c-format msgid "unable to mix ldaps and starttls" msgstr "kunde inte blanda ldaps och starttls" #: plugins/sudoers/ldap.c:485 #, c-format msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "" #: plugins/sudoers/ldap.c:550 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "" #: plugins/sudoers/ldap.c:958 #, c-format msgid "unable to get GMT time" msgstr "kunde inte fÃ¥ GMT-tid" #: plugins/sudoers/ldap.c:964 #, c-format msgid "unable to format timestamp" msgstr "kunde inte formatera tidsstämpel" #: plugins/sudoers/ldap.c:972 #, c-format msgid "unable to build time filter" msgstr "kunde inte bygga tidsfilter" #: plugins/sudoers/ldap.c:1187 #, c-format msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "" #: plugins/sudoers/ldap.c:1707 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" "\n" "LDAP-roll: %s\n" #: plugins/sudoers/ldap.c:1709 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" "\n" "LDAP-roll: OKÄND\n" #: plugins/sudoers/ldap.c:1756 #, c-format msgid " Order: %s\n" msgstr " Ordning: %s\n" #: plugins/sudoers/ldap.c:1764 #, c-format msgid " Commands:\n" msgstr " Kommandon:\n" #: plugins/sudoers/ldap.c:2163 #, c-format msgid "unable to initialize LDAP: %s" msgstr "kunde inte initiera LDAP: %s" #: plugins/sudoers/ldap.c:2194 #, c-format msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "" #: plugins/sudoers/ldap.c:2430 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "" #: toke.l:803 msgid "too many levels of includes" msgstr "" #: toke.l:827 plugins/sudoers/sudoers.c:995 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s ägs av uid %u, ska vara %u" #: toke.l:834 plugins/sudoers/sudoers.c:999 #, c-format msgid "%s is world writable" msgstr "%s är skrivbar för alla" #: toke.l:839 plugins/sudoers/sudoers.c:1002 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s ägs av gid %u, ska vara %u" #: plugins/sudoers/linux_audit.c:57 #, c-format msgid "unable to open audit system" msgstr "" #: plugins/sudoers/linux_audit.c:82 #, c-format msgid "internal error, linux_audit_command() overflow" msgstr "internt fel, stackspill i linux_audit_command()" #: plugins/sudoers/linux_audit.c:91 #, c-format msgid "unable to send audit message" msgstr "" #: plugins/sudoers/logging.c:198 #, c-format msgid "unable to open log file: %s: %s" msgstr "kunde inte öppna loggfil: %s: %s" #: plugins/sudoers/logging.c:201 #, c-format msgid "unable to lock log file: %s: %s" msgstr "kunde inte lÃ¥sa loggfil: %s: %s" #: plugins/sudoers/logging.c:256 msgid "user NOT in sudoers" msgstr "användare finns INTE i sudoers" #: plugins/sudoers/logging.c:258 msgid "user NOT authorized on host" msgstr "användaren är INTE auktoriserad pÃ¥ värddatorn" #: plugins/sudoers/logging.c:260 msgid "command not allowed" msgstr "kommandot tillÃ¥ts inte" #: plugins/sudoers/logging.c:270 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s finns inte i filen sudoers. Denna incident kommer att rapporteras.\n" #: plugins/sudoers/logging.c:273 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s tillÃ¥ts inte att köra sudo pÃ¥ %s. Denna incident kommer att rapporteras.\n" #: plugins/sudoers/logging.c:277 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Tyvärr, användaren %s fÃ¥r inte köra sudo pÃ¥ %s.\n" #: plugins/sudoers/logging.c:280 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Tyvärr, användaren %s tillÃ¥ts inte att köra \"%s%s%s\" som %s%s%s pÃ¥ %s.\n" #: plugins/sudoers/logging.c:420 #, c-format msgid "unable to fork" msgstr "kunde inte grena process" #: plugins/sudoers/logging.c:427 plugins/sudoers/logging.c:489 #, c-format msgid "unable to fork: %m" msgstr "kunde inte grena process: %m" #: plugins/sudoers/logging.c:479 #, c-format msgid "unable to open pipe: %m" msgstr "kunde inte öppna rör: %m" #: plugins/sudoers/logging.c:504 #, c-format msgid "unable to dup stdin: %m" msgstr "" #: plugins/sudoers/logging.c:540 #, c-format msgid "unable to execute %s: %m" msgstr "kunde inte köra %s: %m" #: plugins/sudoers/logging.c:755 #, c-format msgid "internal error: insufficient space for log line" msgstr "internt fel: otillräckligt utrymme för loggrad" #: plugins/sudoers/parse.c:123 #, c-format msgid "parse error in %s near line %d" msgstr "tolkningsfel i %s nära rad %d" #: plugins/sudoers/parse.c:126 #, c-format msgid "parse error in %s" msgstr "tolkningsfel i %s" #: plugins/sudoers/parse.c:389 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" #: plugins/sudoers/parse.c:391 #, c-format msgid " RunAsUsers: " msgstr "" #: plugins/sudoers/parse.c:406 #, c-format msgid " RunAsGroups: " msgstr "" #: plugins/sudoers/parse.c:415 #, c-format msgid "" " Commands:\n" "\t" msgstr "" " Kommandon:\n" "\t" #: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105 msgid ": " msgstr ": " #: plugins/sudoers/pwutil.c:260 #, c-format msgid "unable to cache uid %u (%s), already exists" msgstr "kunde inte mellanlagra uid %u (%s), finns redan" #: plugins/sudoers/pwutil.c:268 #, c-format msgid "unable to cache uid %u, already exists" msgstr "kunde inte mellanlagra uid %u, finns redan" #: plugins/sudoers/pwutil.c:305 plugins/sudoers/pwutil.c:314 #, c-format msgid "unable to cache user %s, already exists" msgstr "kunde inte mellanlagra användaren %s, finns redan" #: plugins/sudoers/pwutil.c:655 #, c-format msgid "unable to cache gid %u (%s), already exists" msgstr "kunde inte mellanlagra gid %u (%s), finns redan" #: plugins/sudoers/pwutil.c:663 #, c-format msgid "unable to cache gid %u, already exists" msgstr "kunde inte mellanlagra gid %u, finns redan" #: plugins/sudoers/pwutil.c:693 plugins/sudoers/pwutil.c:702 #, c-format msgid "unable to cache group %s, already exists" msgstr "kunde inte mellanlagra gruppen %s, finns redan" #: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:439 #: plugins/sudoers/set_perms.c:806 plugins/sudoers/set_perms.c:1095 #: plugins/sudoers/set_perms.c:1380 msgid "perm stack overflow" msgstr "" #: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:447 #: plugins/sudoers/set_perms.c:814 plugins/sudoers/set_perms.c:1103 #: plugins/sudoers/set_perms.c:1388 msgid "perm stack underflow" msgstr "" #: plugins/sudoers/set_perms.c:272 plugins/sudoers/set_perms.c:585 #: plugins/sudoers/set_perms.c:937 plugins/sudoers/set_perms.c:1226 msgid "unable to change to runas gid" msgstr "kunde inte ändra till runas gid" #: plugins/sudoers/set_perms.c:284 plugins/sudoers/set_perms.c:597 #: plugins/sudoers/set_perms.c:947 plugins/sudoers/set_perms.c:1236 msgid "unable to change to runas uid" msgstr "kunde inte ändra till runas uid" #: plugins/sudoers/set_perms.c:302 plugins/sudoers/set_perms.c:615 #: plugins/sudoers/set_perms.c:963 plugins/sudoers/set_perms.c:1252 msgid "unable to change to sudoers gid" msgstr "kunde inte ändra till sudoers gid" #: plugins/sudoers/set_perms.c:356 plugins/sudoers/set_perms.c:687 #: plugins/sudoers/set_perms.c:1010 plugins/sudoers/set_perms.c:1299 #: plugins/sudoers/set_perms.c:1461 msgid "too many processes" msgstr "för mÃ¥nga processer" #: plugins/sudoers/set_perms.c:1529 msgid "unable to set runas group vector" msgstr "" #: plugins/sudoers/sudo_nss.c:243 #, c-format msgid "Matching Defaults entries for %s on this host:\n" msgstr "" #: plugins/sudoers/sudo_nss.c:256 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "" #: plugins/sudoers/sudo_nss.c:269 #, c-format msgid "User %s may run the following commands on this host:\n" msgstr "Användaren %s fÃ¥r köra följande kommandon pÃ¥ denna värddator:\n" #: plugins/sudoers/sudo_nss.c:279 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Användaren %s tillÃ¥ts inte att köra sudo pÃ¥ %s.\n" #: plugins/sudoers/sudoers.c:206 plugins/sudoers/sudoers.c:237 #: plugins/sudoers/sudoers.c:949 msgid "problem with defaults entries" msgstr "" #: plugins/sudoers/sudoers.c:210 #, c-format msgid "no valid sudoers sources found, quitting" msgstr "inga giltiga sudoers-källor hittades, avslutar" #: plugins/sudoers/sudoers.c:262 #, c-format msgid "unable to execute %s: %s" msgstr "kunde inte köra %s: %s" #: plugins/sudoers/sudoers.c:316 #, c-format msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers anger att root inte tillÃ¥ts att använda sudo" #: plugins/sudoers/sudoers.c:323 #, c-format msgid "you are not permitted to use the -C option" msgstr "du tillÃ¥ts inte att använda flaggan -C" #: plugins/sudoers/sudoers.c:413 #, c-format msgid "timestamp owner (%s): No such user" msgstr "tidsstämpelägare (%s): Det finns ingen sÃ¥dan användare" #: plugins/sudoers/sudoers.c:429 msgid "no tty" msgstr "ingen tty" #: plugins/sudoers/sudoers.c:430 #, c-format msgid "sorry, you must have a tty to run sudo" msgstr "tyvärr, du mÃ¥ste ha en tty för att köra sudo" #: plugins/sudoers/sudoers.c:469 msgid "No user or host" msgstr "Ingen användare eller värddator" #: plugins/sudoers/sudoers.c:483 plugins/sudoers/sudoers.c:504 #: plugins/sudoers/sudoers.c:505 plugins/sudoers/sudoers.c:1516 #: plugins/sudoers/sudoers.c:1517 #, c-format msgid "%s: command not found" msgstr "%s: kommandot hittades inte" #: plugins/sudoers/sudoers.c:485 plugins/sudoers/sudoers.c:501 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" "ignorerar \"%s\" som hittades i \".\"\n" "Använd \"sudo ./%s\" om detta är den \"%s\" som du vill köra." #: plugins/sudoers/sudoers.c:490 msgid "validation failure" msgstr "valideringsfel" #: plugins/sudoers/sudoers.c:500 msgid "command in current directory" msgstr "kommando i aktuell katalog" #: plugins/sudoers/sudoers.c:512 #, c-format msgid "sorry, you are not allowed to preserve the environment" msgstr "tyvärr, du tillÃ¥ts inte att behÃ¥lla miljövariabler" #: plugins/sudoers/sudoers.c:672 plugins/sudoers/sudoers.c:679 #, c-format msgid "internal error, runas_groups overflow" msgstr "internt fel, stackspill i runas_groups" #: plugins/sudoers/sudoers.c:932 #, c-format msgid "internal error, set_cmnd() overflow" msgstr "internt fel, stackspill i set_cmnd()" #: plugins/sudoers/sudoers.c:992 #, c-format msgid "%s is not a regular file" msgstr "%s är inte en vanlig fil" #: plugins/sudoers/sudoers.c:1039 #, c-format msgid "only root can use `-c %s'" msgstr "endast root kan använda \"-c %s\"" #: plugins/sudoers/sudoers.c:1050 #, c-format msgid "unknown login class: %s" msgstr "okänd inloggningsklass: %s" #: plugins/sudoers/sudoers.c:1078 #, c-format msgid "unable to resolve host %s" msgstr "kunde inte slÃ¥ upp värddatorn %s" #: plugins/sudoers/sudoers.c:1130 plugins/sudoers/testsudoers.c:380 #, c-format msgid "unknown group: %s" msgstr "okänd grupp: %s" #: plugins/sudoers/sudoers.c:1179 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "" #: plugins/sudoers/sudoers.c:1181 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "" #: plugins/sudoers/sudoers.c:1185 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" "\n" "Sökväg till sudoers: %s\n" #: plugins/sudoers/sudoers.c:1188 #, c-format msgid "nsswitch path: %s\n" msgstr "Sökväg till nsswitch: %s\n" #: plugins/sudoers/sudoers.c:1190 #, c-format msgid "ldap.conf path: %s\n" msgstr "Sökväg till ldap.conf: %s\n" #: plugins/sudoers/sudoers.c:1191 #, c-format msgid "ldap.secret path: %s\n" msgstr "Sökväg till ldap.secret: %s\n" #: plugins/sudoers/sudoreplay.c:286 #, c-format msgid "invalid filter option: %s" msgstr "ogiltig filterflagga: %s" #: plugins/sudoers/sudoreplay.c:299 #, c-format msgid "invalid max wait: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:305 #, c-format msgid "invalid speed factor: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:308 plugins/sudoers/visudo.c:187 #, c-format msgid "%s version %s\n" msgstr "%s version %s\n" #: plugins/sudoers/sudoreplay.c:333 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:339 #, c-format msgid "%s/%s/timing: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:364 #, c-format msgid "invalid log file %s" msgstr "ogiltig loggfil %s" #: plugins/sudoers/sudoreplay.c:366 #, c-format msgid "Replaying sudo session: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:392 #, c-format msgid "unable to set tty to raw mode" msgstr "" #: plugins/sudoers/sudoreplay.c:406 #, c-format msgid "invalid timing file line: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:448 #, c-format msgid "writing to standard output" msgstr "skriver till standard ut" #: plugins/sudoers/sudoreplay.c:480 #, c-format msgid "nanosleep: tv_sec %ld, tv_nsec %ld" msgstr "" #: plugins/sudoers/sudoreplay.c:529 plugins/sudoers/sudoreplay.c:554 #, c-format msgid "ambiguous expression \"%s\"" msgstr "tvetydigt uttryck \"%s\"" #: plugins/sudoers/sudoreplay.c:571 #, c-format msgid "too many parenthesized expressions, max %d" msgstr "" #: plugins/sudoers/sudoreplay.c:582 #, c-format msgid "unmatched ')' in expression" msgstr "omatchat \")\" i uttryck" #: plugins/sudoers/sudoreplay.c:588 #, c-format msgid "unknown search term \"%s\"" msgstr "okänt sökvillkor \"%s\"" #: plugins/sudoers/sudoreplay.c:602 #, c-format msgid "%s requires an argument" msgstr "%s kräver ett argument" #: plugins/sudoers/sudoreplay.c:606 #, c-format msgid "invalid regular expression: %s" msgstr "ogiltigt reguljärt uttryck: %s" #: plugins/sudoers/sudoreplay.c:612 #, c-format msgid "could not parse date \"%s\"" msgstr "kunde inte tolka datumet \"%s\"" #: plugins/sudoers/sudoreplay.c:625 #, c-format msgid "unmatched '(' in expression" msgstr "omatchat \"(\" i uttryck" #: plugins/sudoers/sudoreplay.c:627 #, c-format msgid "illegal trailing \"or\"" msgstr "" #: plugins/sudoers/sudoreplay.c:629 #, c-format msgid "illegal trailing \"!\"" msgstr "" #: plugins/sudoers/sudoreplay.c:851 #, c-format msgid "invalid regex: %s" msgstr "ogiltigt reguljärt uttryck: %s" #: plugins/sudoers/sudoreplay.c:976 #, c-format msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" msgstr "" #: plugins/sudoers/sudoreplay.c:979 #, c-format msgid "usage: %s [-h] [-d directory] -l [search expression]\n" msgstr "användning: %s [-h] [-d katalog] -l [sökuttryck]\n" #: plugins/sudoers/sudoreplay.c:988 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" "%s - spela upp loggar frÃ¥n sudo-session\n" "\n" #: plugins/sudoers/sudoreplay.c:990 msgid "" "\n" "Options:\n" " -d directory specify directory for session logs\n" " -f filter specify which I/O type to display\n" " -h display help message and exit\n" " -l [expression] list available session IDs that match expression\n" " -m max_wait max number of seconds to wait between events\n" " -s speed_factor speed up or slow down output\n" " -V display version information and exit" msgstr "" #: plugins/sudoers/testsudoers.c:246 #, c-format msgid "internal error, init_vars() overflow" msgstr "internt fel, stackspill i init_vars()" #: plugins/sudoers/testsudoers.c:331 msgid "\thost unmatched" msgstr "" #: plugins/sudoers/testsudoers.c:334 msgid "" "\n" "Command allowed" msgstr "" "\n" "Kommandot tillÃ¥ts" #: plugins/sudoers/testsudoers.c:335 msgid "" "\n" "Command denied" msgstr "" "\n" "Kommandot nekades" #: plugins/sudoers/testsudoers.c:335 msgid "" "\n" "Command unmatched" msgstr "" #: plugins/sudoers/toke_util.c:218 msgid "fill_args: buffer overflow" msgstr "fill_args: buffertöverflöde" #: plugins/sudoers/visudo.c:188 #, c-format msgid "%s grammar version %d\n" msgstr "" #: plugins/sudoers/visudo.c:221 plugins/sudoers/auth/rfc1938.c:104 #, c-format msgid "you do not exist in the %s database" msgstr "du finns inte i %s-databasen" #: plugins/sudoers/visudo.c:253 plugins/sudoers/visudo.c:539 #, c-format msgid "press return to edit %s: " msgstr "tryck pÃ¥ return för att redigera %s: " #: plugins/sudoers/visudo.c:336 plugins/sudoers/visudo.c:342 #, c-format msgid "write error" msgstr "skrivfel" #: plugins/sudoers/visudo.c:424 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:429 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:435 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "redigeraren (%s) misslyckades, %s är oförändrad" #: plugins/sudoers/visudo.c:458 #, c-format msgid "%s unchanged" msgstr "%s oförändrad" #: plugins/sudoers/visudo.c:484 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "kunde inte Ã¥teröppna temporärfilen (%s), %s är oförändrad." #: plugins/sudoers/visudo.c:494 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "kunde inte tolka temporärfilen (%s), okänt fel" #: plugins/sudoers/visudo.c:532 #, c-format msgid "internal error, unable to find %s in list!" msgstr "internt fel, kunde inte hitta %s i listan!" #: plugins/sudoers/visudo.c:584 plugins/sudoers/visudo.c:593 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "kunde inte ställa in (uid, gid) för %s till (%u, %u)" #: plugins/sudoers/visudo.c:588 plugins/sudoers/visudo.c:598 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "" #: plugins/sudoers/visudo.c:615 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s och %s finns inte pÃ¥ samma filsystem, använder mv för att byta namn" #: plugins/sudoers/visudo.c:629 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "kommandot misslyckades: \"%s %s %s\", %s är oförändrad" #: plugins/sudoers/visudo.c:639 #, c-format msgid "error renaming %s, %s unchanged" msgstr "fel vid namnbyte för %s, %s är oförändrad" #: plugins/sudoers/visudo.c:702 msgid "What now? " msgstr "Nu dÃ¥? " #: plugins/sudoers/visudo.c:716 msgid "" "Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" "Alternativen är:\n" " r(e)digera sudoers-filen igen\n" " avsluta (x) utan att spara ändringar i sudoers-filen\n" " Avsluta (Q) och spara ändringar i sudoers-filen (FARLIGT!)\n" #: plugins/sudoers/visudo.c:757 #, c-format msgid "unable to execute %s" msgstr "kunde inte köra %s" #: plugins/sudoers/visudo.c:764 #, c-format msgid "unable to run %s" msgstr "kunde inte köra %s" #: plugins/sudoers/visudo.c:790 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: felaktig ägare (uid, gid) ska vara (%u, %u)\n" #: plugins/sudoers/visudo.c:797 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "" #: plugins/sudoers/visudo.c:822 #, c-format msgid "failed to parse %s file, unknown error" msgstr "misslyckades med att tolka %s-filen, okänt fel" #: plugins/sudoers/visudo.c:835 #, c-format msgid "parse error in %s near line %d\n" msgstr "tolkningsfel i %s nära rad %d\n" #: plugins/sudoers/visudo.c:838 #, c-format msgid "parse error in %s\n" msgstr "tolkningsfel i %s\n" #: plugins/sudoers/visudo.c:845 plugins/sudoers/visudo.c:850 #, c-format msgid "%s: parsed OK\n" msgstr "%s: tolkad OK\n" #: plugins/sudoers/visudo.c:897 #, c-format msgid "%s busy, try again later" msgstr "%s är upptagen, försök igen senare" #: plugins/sudoers/visudo.c:941 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "angiven redigerare (%s) finns inte" #: plugins/sudoers/visudo.c:964 #, c-format msgid "unable to stat editor (%s)" msgstr "" #: plugins/sudoers/visudo.c:1012 #, c-format msgid "no editor found (editor path = %s)" msgstr "" #: plugins/sudoers/visudo.c:1106 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "" #: plugins/sudoers/visudo.c:1107 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "" #: plugins/sudoers/visudo.c:1110 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "" #: plugins/sudoers/visudo.c:1111 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "" #: plugins/sudoers/visudo.c:1246 #, c-format msgid "%s: unused %s_Alias %s" msgstr "" #: plugins/sudoers/visudo.c:1303 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" "%s - redigera sudoers-filen pÃ¥ ett säkert sätt\n" "\n" #: plugins/sudoers/visudo.c:1305 msgid "" "\n" "Options:\n" " -c check-only mode\n" " -f sudoers specify sudoers file location\n" " -h display help message and exit\n" " -q less verbose (quiet) syntax error messages\n" " -s strict syntax checking\n" " -V display version information and exit" msgstr "" #: plugins/sudoers/auth/bsdauth.c:78 #, c-format msgid "unable to get login class for user %s" msgstr "kunde inte fÃ¥ inloggningsklass för användaren %s" #: plugins/sudoers/auth/bsdauth.c:84 msgid "unable to begin bsd authentication" msgstr "" #: plugins/sudoers/auth/bsdauth.c:92 msgid "invalid authentication type" msgstr "ogiltig autentiseringstyp" #: plugins/sudoers/auth/bsdauth.c:101 msgid "unable to setup authentication" msgstr "kunde inte konfigurera autentiseringen" #: plugins/sudoers/auth/fwtk.c:60 #, c-format msgid "unable to read fwtk config" msgstr "" #: plugins/sudoers/auth/fwtk.c:65 #, c-format msgid "unable to connect to authentication server" msgstr "kunde inte ansluta till autentiseringsservern" #: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95 #: plugins/sudoers/auth/fwtk.c:128 #, c-format msgid "lost connection to authentication server" msgstr "förlorade kontakten med autentiseringsservern" #: plugins/sudoers/auth/fwtk.c:75 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" "fel i autentiseringsservern:\n" "%s" #: plugins/sudoers/auth/kerb5.c:117 #, c-format msgid "%s: unable to unparse princ ('%s'): %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:160 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: kunde inte tolka \"%s\": %s" #: plugins/sudoers/auth/kerb5.c:170 #, c-format msgid "%s: unable to resolve ccache: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:218 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: kunde inte allokera flaggor: %s" #: plugins/sudoers/auth/kerb5.c:234 #, c-format msgid "%s: unable to get credentials: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:247 #, c-format msgid "%s: unable to initialize ccache: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:251 #, c-format msgid "%s: unable to store cred in ccache: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:316 #, c-format msgid "%s: unable to get host principal: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:331 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "" #: plugins/sudoers/auth/pam.c:100 msgid "unable to initialize PAM" msgstr "kunde inte initiera PAM" #: plugins/sudoers/auth/pam.c:144 msgid "account validation failure, is your account locked?" msgstr "kontovalidering misslyckades. Är ditt konto lÃ¥st?" #: plugins/sudoers/auth/pam.c:148 msgid "Account or password is expired, reset your password and try again" msgstr "Kontot eller lösenordet har gÃ¥tt ut. Ã…terställ ditt lösenord och försök igen" #: plugins/sudoers/auth/pam.c:155 #, c-format msgid "pam_chauthtok: %s" msgstr "pam_chauthtok: %s" #: plugins/sudoers/auth/pam.c:159 msgid "Password expired, contact your system administrator" msgstr "Lösenordet har gÃ¥tt ut. Kontakta din systemadministratör" #: plugins/sudoers/auth/pam.c:163 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "" #: plugins/sudoers/auth/pam.c:178 #, c-format msgid "pam_authenticate: %s" msgstr "pam_authenticate: %s" #: plugins/sudoers/auth/pam.c:306 msgid "Password: " msgstr "Lösenord: " #: plugins/sudoers/auth/pam.c:307 msgid "Password:" msgstr "Lösenord:" #: plugins/sudoers/auth/securid5.c:81 #, c-format msgid "failed to initialise the ACE API library" msgstr "misslyckades med att initiera ACE API-biblioteket" #: plugins/sudoers/auth/securid5.c:107 #, c-format msgid "unable to contact the SecurID server" msgstr "kunde inte kontakta SecurID-servern" #: plugins/sudoers/auth/securid5.c:116 #, c-format msgid "User ID locked for SecurID Authentication" msgstr "" #: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171 #, c-format msgid "invalid username length for SecurID" msgstr "ogiltig användarnamnslängd för SecurID" #: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176 #, c-format msgid "invalid Authentication Handle for SecurID" msgstr "" #: plugins/sudoers/auth/securid5.c:128 #, c-format msgid "SecurID communication failed" msgstr "SecurID-kommunikation misslyckades" #: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215 #, c-format msgid "unknown SecurID error" msgstr "okänt SecurID-fel" #: plugins/sudoers/auth/securid5.c:166 #, c-format msgid "invalid passcode length for SecurID" msgstr "ogiltig lösenordslängd för SecurID" #: plugins/sudoers/auth/sia.c:109 msgid "unable to initialize SIA session" msgstr "kunde inte initiera SIA-session" #: plugins/sudoers/auth/sudo_auth.c:117 msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication." msgstr "" #: plugins/sudoers/auth/sudo_auth.c:199 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "Det finns inga autentiseringsmetoder inbyggda i sudo! Om du vill aktivera autentisering, använd konfigurationsflaggan --disable-authentication." #: plugins/sudoers/auth/sudo_auth.c:271 #, c-format msgid "%d incorrect password attempt" msgid_plural "%d incorrect password attempts" msgstr[0] "%d felaktigt lösenordsförsök" msgstr[1] "%d felaktiga lösenordsförsök" #: plugins/sudoers/auth/sudo_auth.c:374 msgid "Authentication methods:" msgstr "Autentiseringsmetoder:" sudo-1.8.9p5/plugins/sudoers/po/tr.mo010064400175440000012000000332041226304146200171130ustar00millertstaffÞ•r¬<° ± ý À FÙ @ a +n š ° "¿ !â - 2 *O +z #¦ dÊ A/q>Œ!Ë4í?"bz#—$»à8û34h|5›qÑ)Cm'}2¥-Ø3# W(aŠŸ(¸Eá'5F(|¥·5Ô' 52&h:.ÊùC 'O"w“š0.)_1‰3»ïÿ.DWw(‹&´Ûì)ü&E#a#…(©Ò"ì"#B"f%‰¯*Í$ø#%Ag €¡Á4á1Ba|’¢³Ïã ö#Í&8ôE-%s V™ =ð .!0?!p!†! Ÿ!'À!2è!&"0B"/s"#£"‘Ç"eY#%¿#Rå#88$Jq$Y¼$%/5%e%"‚%%¥%UË%T!&#v&š&9µ&®ï&Qž'ð')(H:(5ƒ(!¹(IÛ(%)3-)a)~)6™)JÐ),*WH*H *1é*$+Q@+4’+BÇ+D ,OO,+Ÿ,Ë,oè,JX-)£-¡Í-Ko.I».K/<Q/Ž/$«/#Ð/"ô/0&70^09u0F¯0ö01611'h1"1(³12Ü1/2!?29a2!›2;½2 ù2038K3„3- 3*Î3%ù3:4Z4o4)Œ4(¶4:ß4!5<5'U5"}5 5»5Î50é5!6<6 T6!b6l@nKCEXP,31U \j F5mZ4p6 qkS 0r D!G;8M+9< *=(`72-JQ&To]H'R_cOb#%W^gL$eBA)Id:.f/iah[Y>"N?V Options: -c check-only mode -f sudoers specify sudoers file location -h display help message and exit -q less verbose (quiet) syntax error messages -s strict syntax checking -V display version information and exit We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. %s busy, try again later%s is not allowed to run sudo on %s. This incident will be reported. %s is not in the sudoers file. This incident will be reported. %s unchanged%s: Cannot verify TGT! Possible attack!: %s%s: command not found%s: parsed OK %s: unable to allocate options: %s%s: unable to get credentials: %s%s: unable to initialize credential cache: %s%s: unable to parse '%s': %s%s: unable to resolve credential cache: %s%s: unable to store credential in cache: %s*** SECURITY information for %h ***Account expired or PAM config lacks an "account" section for sudo, contact your system administratorAccount or password is expired, reset your password and try againAlias `%s' already definedAllow some information gathering to give useful error messagesAlways send mail when sudo is runAlways set $HOME to the target user's home directoryApply defaults in the target user's login class if there is oneAuthentication methods:Compress I/O logs using zlibCould not determine audit conditionFile containing the sudo lecture: %sFlags for mail program: %sIf LDAP directory is up, do we ignore local sudoers fileIf sudo is invoked with no arguments, start a shellIgnore '.' in $PATHIncorrect password message: %sInsult the user when they enter an incorrect passwordInvalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication.Lecture user the first time they run sudoNo user or hostNumber of tries to enter a password: %dOnly allow the user to run sudo if they have a ttyOwner of the authentication timestamp dir: %sPAM authentication error: %sPassword expired, contact your system administratorPassword:Path to authentication timestamp dir: %sPath to log file: %sPath to mail program: %sPath to the editor for use by visudo: %sPreload the dummy exec functions contained in the sudo_noexec libraryPut OTP prompt on its own lineRequire fully-qualified hostnames in the sudoers fileRequire users to authenticate by defaultRoot may run sudoSecurID communication failedSend mail if the user is not allowed to run a commandSend mail if the user is not in sudoersSend mail if the user is not in sudoers for this hostSend mail if user authentication failsSet $HOME to the target user when starting a shell with -sSet the LOGNAME and USER environment variablesSorry, try again.Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s. Sorry, user %s may not run sudo on %s. Subject line for mail messages: %sThere are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option.Use a separate timestamp for each user/tty comboUser ID locked for SecurID AuthenticationVisudo will honor the EDITOR environment variableaccount validation failure, is your account locked?au_open: failedau_to_exec_args: failedau_to_return32: failedau_to_subject: failedau_to_text: failedauthentication server error: %scommand not allowedfailed to initialise the ACE API libraryfailed to parse %s file, unknown errorgetaudit: failedgetauid: failedinvalid Authentication Handle for SecurIDinvalid authentication methodsinvalid authentication typeinvalid passcode length for SecurIDinvalid username length for SecurIDlost connection to authentication serverno authentication methodsno editor found (editor path = %s)parse error in %s parse error in %s near line %d specified editor (%s) doesn't existunable to begin bsd authenticationunable to change expired password: %sunable to commit audit recordunable to connect to authentication serverunable to contact the SecurID serverunable to establish credentials: %sunable to get login class for user %sunable to initialize PAMunable to initialize SIA sessionunable to lock log file: %s: %sunable to open log file: %s: %sunable to re-open temporary file (%s), %s unchanged.unable to read fwtk configunable to run %sunable to setup authenticationunable to stat editor (%s)unknown SecurID errorunknown uid: %uunknown user: %suser NOT authorized on hostuser NOT in sudoersvalidation failurewrite erroryou do not exist in the %s databaseProject-Id-Version: sudoers 1.8.7b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-04-17 15:52-0400 PO-Revision-Date: 2013-04-27 23:41+0200 Last-Translator: Özgür Sarıer Language-Team: Turkish Language: tr MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); X-Generator: Poedit 1.5.5 Seçenekler: -c sadece denetim kipi -f sudoers sudoers dosyasının konumu -h yardım iletisini görüntüle ve çık -q daha az ayrıntılı (sessiz=quiet) sözdizim hata iletileri -s sıkı sözdizim denetimi -V sürüm bilgisini görüntüle ve çık Yerel Sistem Yöneticisinden olaÄŸan öğütleri aldığınıza güveniyoruz. Bunları genellikle aÅŸağıdaki üç ÅŸeyle özetleyebiliriz: #1) DiÄŸer kiÅŸilerin özel hayatına saygı gösterin. #2) Bir yazmadan önce iki kere düşünün. #3) Büyük gücün büyük bir sorumluluk getirdiÄŸini unutmayın. %s meÅŸgul, daha sonra tekrar deneyin%s, %s üzerinde sudoyu çalıştırma iznine sahip deÄŸil. Bu olay rapor edilecek. %s sudoers dosyası içinde deÄŸil. Bu olay rapor edilecek. %s deÄŸiÅŸmemiÅŸ%s: TGT doÄŸrulanamadı! Muhtemel saldırı!: %s%s: komut bulunamadı%s: ayrıştırma TAMAM %s: seçenekler ayrılamadı: %s%s: kimlik bilgileri elde edilemedi: %s%s: kimlik bilgisi önbelleÄŸi hazırlanamadı: %s%s: ayrıştırılamayan öge '%s': %s%s: kimlik bilgisi önbelleÄŸi çözülemedi: %s%s: kimlik bilgisi önbellekte saklanamadı: %s*** %h için GÜVENLİK bilgisi ***Hesap geçerlilik süresi dolmuÅŸ veya sudo için PAM yapılandırması bir "account" bölümünden yoksun, sistem yöneticinizle temasa geçinizHesabın veya hesap parolasının süresi dolmuÅŸ, parolanızı sıfırlayınız ve yeniden deneyinizTakma ad `%s' önceden tanımlanmışYararlı hata iletilerinin verilmesi için bazı bilgilerin toplanmasına izin verSudonun çalıştırıldığı her zaman e-posta gönderHer zaman $HOME çevre deÄŸiÅŸkenini hedef kullanıcının ev dizinine ataEÄŸer bir tane varsa hedef kullanıcı oturum açma sınıfında öntanımlıları uygulaKimlik doÄŸrulama yöntemleri:I/O günlüklerini zlib kullanarak sıkıştırDenetim durumu belirlenemediDosya sudo öğüdü içeriyor: %sE-posta programı için bayraklar: %sLDAP dizini kullanılabilir durumda ise, yerel sudoers dosyalarını yok sayalım mıEÄŸer sudo herhangi bir bağımsız deÄŸiÅŸkenle uyandırılmazsa, bir kabuk baÅŸlat$PATH içindeki '.' ögesini yoksayHatalı parola iletisi: %sHatalı parola girdikleri zaman kullanıcıyı aÅŸağılaSudo içinde geçersiz kimlik doÄŸrulama yöntemleri derlenmiÅŸ! Bağımsız ve bağımsız olmayan kimlik doÄŸrulama yöntemlerini karma bir ÅŸekilde kullanamayabilirsiniz.Sudoyu ilk defa çalıştırdıkları zaman kullanıcıya gerekli öğütleri verKullanıcı veya ana makine yokBir parola giriÅŸinde deneme sayısı: %dAncak bir tty sahibi iseler kullanıcıya sudoyu çalıştırma izni verKimlik doÄŸrulama zaman damgası dizininin sahibi: %sPAM kimlik doÄŸrulama hatası: %sParola geçerlilik süresi dolmuÅŸ, sistem yöneticinizle temasa geçinizParola:Kimlik doÄŸrulama zaman damgası dizininin yolu: %sGünlük kütüğü yolu: %sE-posta programı yolu: %sVisudo tarafından kullanılacak düzenleyici yolu: %sSudo_noexec kütüphanesinin içerdiÄŸi taklit exec iÅŸlevlerini önyükleOTP güdüsünü kendi satırına yerleÅŸtirSudoers dosyası içerisinde tam nitelikli ana makine adlarının olması gerekmektedirÖntanımlı olarak kullanıcıların kimlik doÄŸrulaması gerekmektedirKök kullanıcı (root) sudoyu çalıştırabilirSecurID iletiÅŸimi baÅŸarısız olduKullanıcının bir komut çalıştırmasına izin verilmiyor ise e-posta gönderKullanıcı sudoers içinde deÄŸilse e-posta gönderKullanıcı bu makinedeki sudoers içinde deÄŸilse e-posta gönderKullanıcı kimlik doÄŸrulaması baÅŸarısız olursa e-posta gönderKabuÄŸu -s ile baÅŸlatırken $HOME çevre deÄŸiÅŸkenini hedef kullanıcıya ataLOGNAME ve USER çevre deÄŸiÅŸkenlerini ataÜzgünüm, yeniden deneyin.Üzgünüm, %s kullanıcısı '%s%s%s' komutunu %s%s%s olarak %s üzerinde çalıştırma iznine sahip deÄŸil. Üzgünüm, %s kullanıcısı %s üzerinde sudoyu çalıştıramayabilir. E-posta iletileri için konu satırı: %sSudo içinde herhangi bir kimlik doÄŸrulama yöntemi derlenmemiÅŸ! Kimlik doÄŸrulamayı kapatmak isterseniz, --disable-authentication seçeneÄŸini kullanınız.Her kullanıcı/tty birleÅŸik giriÅŸi için ayrı bir zaman damgası kullanKullanıcı KimliÄŸi(User ID), SecurID Kimlik DoÄŸrulaması için kilitliVisudo EDITOR çevre deÄŸiÅŸkeninin gereÄŸini ÅŸerefle yerine getirecektir.hesap geçerliliÄŸi teyit edilemedi, hesabınız kilitli mi?au_open: iÅŸlem baÅŸarısızau_to_exec_args: iÅŸlem baÅŸarısızau_to_return32: iÅŸlem baÅŸarısızau_to_subject: iÅŸlem baÅŸarısızau_to_text: iÅŸlem baÅŸarısızkimlik doÄŸrulama sunucusu hatası: %skomuta izin verilmiyorACE API kütüphanesinin hazırlanması baÅŸarısız oldu%s dosyasının ayrıştırılması baÅŸarısız oldu, bilinmeyen hatagetaudit: iÅŸlem baÅŸarısızgetauid: iÅŸlem baÅŸarısızSecurID için geçersiz Kimlik DoÄŸrulama İşleyicisigeçersiz kimlik doÄŸrulama yöntemlerigeçersiz kimlik doÄŸrulama türüSecurID için geçersiz ÅŸifre uzunluÄŸuSecurID için geçersiz kullanıcı adı uzunluÄŸukimlik doÄŸrulama sunucusunda baÄŸlantı kaybıkimlik doÄŸrulama yöntemleri yokhiçbir düzenleyici bulunamadı (düzenleyici yolu = %s)%s içinde ayrıştırma hatası %s içindeki %d satırı yakınında ayrıştırma hatası belirtilen düzenleyici (%s) yokbsd kimlik doÄŸrulama iÅŸlemine baÅŸlanılamadızaman aşımına uÄŸramış parola deÄŸiÅŸtirilemedi: %sdenetim kaydı iÅŸlenemiyorkimlik doÄŸrulama sunucusuna baÄŸlanılamadıSecurID sunucusuyla baÄŸlantı kurulamadıkimlik bilgileri oluÅŸturulamadı: %skullanıcı %s için oturum açma sınıfı elde edilemediPAM baÅŸlatılamadıSIA oturumu baÅŸlatılamadıgünlük kütüğü kilitlenemedi: %s: %sgünlük kütüğü açılamadı: %s: %sgeçici dosya (%s) yeniden açılamadı, %s deÄŸiÅŸmemiÅŸ.fwtk yapılandırması okunamadı%s çalıştırılamadıkimlik doÄŸrulama gerçekleÅŸtirilemedidüzenleyici (%s) baÅŸlatılamadıbilinmeyen SecurID hatasıbilinmeyen uid: %ubilinmeyen kullanıcı: %skullanıcı ana makine üzerinde yetkili DEĞİLkullancı sudoers içinde DEĞİLdoÄŸrulama baÅŸarısızyazma hatası%s veritabanında bulunmuyorsunuzsudo-1.8.9p5/plugins/sudoers/po/tr.po010064400175440000012000001305031226304126300171150ustar00millertstaff# Turkish translations for sudoers package # This file is put in the public domain. # Todd C. Miller , 2011-2013 # msgid "" msgstr "" "Project-Id-Version: sudoers 1.8.7b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-04-17 15:52-0400\n" "PO-Revision-Date: 2013-04-27 23:41+0200\n" "Last-Translator: Özgür Sarıer \n" "Language-Team: Turkish \n" "Language: tr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Poedit 1.5.5\n" #: confstr.sh:2 msgid "Password:" msgstr "Parola:" #: confstr.sh:3 msgid "*** SECURITY information for %h ***" msgstr "*** %h için GÜVENLİK bilgisi ***" #: confstr.sh:4 msgid "Sorry, try again." msgstr "Üzgünüm, yeniden deneyin." #: plugins/sudoers/alias.c:124 #, c-format msgid "Alias `%s' already defined" msgstr "Takma ad `%s' önceden tanımlanmış" #: plugins/sudoers/auth/bsdauth.c:77 #, c-format msgid "unable to get login class for user %s" msgstr "kullanıcı %s için oturum açma sınıfı elde edilemedi" #: plugins/sudoers/auth/bsdauth.c:83 msgid "unable to begin bsd authentication" msgstr "bsd kimlik doÄŸrulama iÅŸlemine baÅŸlanılamadı" #: plugins/sudoers/auth/bsdauth.c:91 msgid "invalid authentication type" msgstr "geçersiz kimlik doÄŸrulama türü" #: plugins/sudoers/auth/bsdauth.c:100 msgid "unable to setup authentication" msgstr "kimlik doÄŸrulama gerçekleÅŸtirilemedi" #: plugins/sudoers/auth/fwtk.c:59 #, c-format msgid "unable to read fwtk config" msgstr "fwtk yapılandırması okunamadı" #: plugins/sudoers/auth/fwtk.c:64 #, c-format msgid "unable to connect to authentication server" msgstr "kimlik doÄŸrulama sunucusuna baÄŸlanılamadı" #: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 #: plugins/sudoers/auth/fwtk.c:127 #, c-format msgid "lost connection to authentication server" msgstr "kimlik doÄŸrulama sunucusunda baÄŸlantı kaybı" #: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" "kimlik doÄŸrulama sunucusu hatası:\n" "%s" #: plugins/sudoers/auth/kerb5.c:116 #, c-format msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: ayrıştırılamayan öge '%s': %s" #: plugins/sudoers/auth/kerb5.c:169 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: kimlik bilgisi önbelleÄŸi çözülemedi: %s" #: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: seçenekler ayrılamadı: %s" #: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: kimlik bilgileri elde edilemedi: %s" #: plugins/sudoers/auth/kerb5.c:246 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: kimlik bilgisi önbelleÄŸi hazırlanamadı: %s" #: plugins/sudoers/auth/kerb5.c:250 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: kimlik bilgisi önbellekte saklanamadı: %s" #: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "" #: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: TGT doÄŸrulanamadı! Muhtemel saldırı!: %s" #: plugins/sudoers/auth/pam.c:105 msgid "unable to initialize PAM" msgstr "PAM baÅŸlatılamadı" #: plugins/sudoers/auth/pam.c:150 msgid "account validation failure, is your account locked?" msgstr "hesap geçerliliÄŸi teyit edilemedi, hesabınız kilitli mi?" #: plugins/sudoers/auth/pam.c:154 msgid "Account or password is expired, reset your password and try again" msgstr "Hesabın veya hesap parolasının süresi dolmuÅŸ, parolanızı sıfırlayınız ve yeniden deneyiniz" #: plugins/sudoers/auth/pam.c:162 #, c-format msgid "unable to change expired password: %s" msgstr "zaman aşımına uÄŸramış parola deÄŸiÅŸtirilemedi: %s" #: plugins/sudoers/auth/pam.c:167 msgid "Password expired, contact your system administrator" msgstr "Parola geçerlilik süresi dolmuÅŸ, sistem yöneticinizle temasa geçiniz" #: plugins/sudoers/auth/pam.c:171 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Hesap geçerlilik süresi dolmuÅŸ veya sudo için PAM yapılandırması bir \"account\" bölümünden yoksun, sistem yöneticinizle temasa geçiniz" #: plugins/sudoers/auth/pam.c:188 #, c-format msgid "PAM authentication error: %s" msgstr "PAM kimlik doÄŸrulama hatası: %s" #: plugins/sudoers/auth/pam.c:247 #, c-format msgid "unable to establish credentials: %s" msgstr "kimlik bilgileri oluÅŸturulamadı: %s" #: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212 #, c-format msgid "you do not exist in the %s database" msgstr "%s veritabanında bulunmuyorsunuz" #: plugins/sudoers/auth/securid5.c:80 #, c-format msgid "failed to initialise the ACE API library" msgstr "ACE API kütüphanesinin hazırlanması baÅŸarısız oldu" #: plugins/sudoers/auth/securid5.c:106 #, c-format msgid "unable to contact the SecurID server" msgstr "SecurID sunucusuyla baÄŸlantı kurulamadı" #: plugins/sudoers/auth/securid5.c:115 #, c-format msgid "User ID locked for SecurID Authentication" msgstr "Kullanıcı KimliÄŸi(User ID), SecurID Kimlik DoÄŸrulaması için kilitli" #: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 #, c-format msgid "invalid username length for SecurID" msgstr "SecurID için geçersiz kullanıcı adı uzunluÄŸu" #: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 #, c-format msgid "invalid Authentication Handle for SecurID" msgstr "SecurID için geçersiz Kimlik DoÄŸrulama İşleyicisi" #: plugins/sudoers/auth/securid5.c:127 #, c-format msgid "SecurID communication failed" msgstr "SecurID iletiÅŸimi baÅŸarısız oldu" #: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 #, c-format msgid "unknown SecurID error" msgstr "bilinmeyen SecurID hatası" #: plugins/sudoers/auth/securid5.c:165 #, c-format msgid "invalid passcode length for SecurID" msgstr "SecurID için geçersiz ÅŸifre uzunluÄŸu" #: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "SIA oturumu baÅŸlatılamadı" #: plugins/sudoers/auth/sudo_auth.c:119 msgid "invalid authentication methods" msgstr "geçersiz kimlik doÄŸrulama yöntemleri" #: plugins/sudoers/auth/sudo_auth.c:120 msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." msgstr "Sudo içinde geçersiz kimlik doÄŸrulama yöntemleri derlenmiÅŸ! Bağımsız ve bağımsız olmayan kimlik doÄŸrulama yöntemlerini karma bir ÅŸekilde kullanamayabilirsiniz." #: plugins/sudoers/auth/sudo_auth.c:203 msgid "no authentication methods" msgstr "kimlik doÄŸrulama yöntemleri yok" #: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "Sudo içinde herhangi bir kimlik doÄŸrulama yöntemi derlenmemiÅŸ! Kimlik doÄŸrulamayı kapatmak isterseniz, --disable-authentication seçeneÄŸini kullanınız." #: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "Kimlik doÄŸrulama yöntemleri:" #: plugins/sudoers/bsm_audit.c:60 plugins/sudoers/bsm_audit.c:63 #: plugins/sudoers/bsm_audit.c:112 plugins/sudoers/bsm_audit.c:116 #: plugins/sudoers/bsm_audit.c:168 plugins/sudoers/bsm_audit.c:172 #, c-format msgid "getaudit: failed" msgstr "getaudit: iÅŸlem baÅŸarısız" #: plugins/sudoers/bsm_audit.c:90 plugins/sudoers/bsm_audit.c:153 #, c-format msgid "Could not determine audit condition" msgstr "Denetim durumu belirlenemedi" #: plugins/sudoers/bsm_audit.c:101 plugins/sudoers/bsm_audit.c:160 #, c-format msgid "getauid: failed" msgstr "getauid: iÅŸlem baÅŸarısız" #: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162 #, c-format msgid "au_open: failed" msgstr "au_open: iÅŸlem baÅŸarısız" #: plugins/sudoers/bsm_audit.c:118 plugins/sudoers/bsm_audit.c:174 #, c-format msgid "au_to_subject: failed" msgstr "au_to_subject: iÅŸlem baÅŸarısız" #: plugins/sudoers/bsm_audit.c:122 plugins/sudoers/bsm_audit.c:178 #, c-format msgid "au_to_exec_args: failed" msgstr "au_to_exec_args: iÅŸlem baÅŸarısız" #: plugins/sudoers/bsm_audit.c:126 plugins/sudoers/bsm_audit.c:187 #, c-format msgid "au_to_return32: failed" msgstr "au_to_return32: iÅŸlem baÅŸarısız" #: plugins/sudoers/bsm_audit.c:129 plugins/sudoers/bsm_audit.c:190 #, c-format msgid "unable to commit audit record" msgstr "denetim kaydı iÅŸlenemiyor" #: plugins/sudoers/bsm_audit.c:183 #, c-format msgid "au_to_text: failed" msgstr "au_to_text: iÅŸlem baÅŸarısız" #: plugins/sudoers/check.c:189 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" "Administrator. It usually boils down to these three things:\n" "\n" " #1) Respect the privacy of others.\n" " #2) Think before you type.\n" " #3) With great power comes great responsibility.\n" "\n" msgstr "" "\n" "Yerel Sistem Yöneticisinden olaÄŸan öğütleri aldığınıza güveniyoruz.\n" "Bunları genellikle aÅŸağıdaki üç ÅŸeyle özetleyebiliriz:\n" "\n" " #1) DiÄŸer kiÅŸilerin özel hayatına saygı gösterin.\n" " #2) Bir yazmadan önce iki kere düşünün.\n" " #3) Büyük gücün büyük bir sorumluluk getirdiÄŸini unutmayın.\n" "\n" #: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 #: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566 #, c-format msgid "unknown uid: %u" msgstr "bilinmeyen uid: %u" #: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635 #: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215 #: plugins/sudoers/testsudoers.c:359 #, c-format msgid "unknown user: %s" msgstr "bilinmeyen kullanıcı: %s" #: plugins/sudoers/def_data.c:27 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" msgstr "OTP güdüsünü kendi satırına yerleÅŸtir" #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" msgstr "$PATH içindeki '.' ögesini yoksay" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" msgstr "Sudonun çalıştırıldığı her zaman e-posta gönder" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" msgstr "Kullanıcı kimlik doÄŸrulaması baÅŸarısız olursa e-posta gönder" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" msgstr "Kullanıcı sudoers içinde deÄŸilse e-posta gönder" #: plugins/sudoers/def_data.c:59 msgid "Send mail if the user is not in sudoers for this host" msgstr "Kullanıcı bu makinedeki sudoers içinde deÄŸilse e-posta gönder" #: plugins/sudoers/def_data.c:63 msgid "Send mail if the user is not allowed to run a command" msgstr "Kullanıcının bir komut çalıştırmasına izin verilmiyor ise e-posta gönder" #: plugins/sudoers/def_data.c:67 msgid "Use a separate timestamp for each user/tty combo" msgstr "Her kullanıcı/tty birleÅŸik giriÅŸi için ayrı bir zaman damgası kullan" #: plugins/sudoers/def_data.c:71 msgid "Lecture user the first time they run sudo" msgstr "Sudoyu ilk defa çalıştırdıkları zaman kullanıcıya gerekli öğütleri ver" #: plugins/sudoers/def_data.c:75 #, c-format msgid "File containing the sudo lecture: %s" msgstr "Dosya sudo öğüdü içeriyor: %s" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" msgstr "Öntanımlı olarak kullanıcıların kimlik doÄŸrulaması gerekmektedir" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" msgstr "Kök kullanıcı (root) sudoyu çalıştırabilir" #: plugins/sudoers/def_data.c:87 msgid "Log the hostname in the (non-syslog) log file" msgstr "" #: plugins/sudoers/def_data.c:91 msgid "Log the year in the (non-syslog) log file" msgstr "" #: plugins/sudoers/def_data.c:95 msgid "If sudo is invoked with no arguments, start a shell" msgstr "EÄŸer sudo herhangi bir bağımsız deÄŸiÅŸkenle uyandırılmazsa, bir kabuk baÅŸlat" #: plugins/sudoers/def_data.c:99 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "KabuÄŸu -s ile baÅŸlatırken $HOME çevre deÄŸiÅŸkenini hedef kullanıcıya ata" #: plugins/sudoers/def_data.c:103 msgid "Always set $HOME to the target user's home directory" msgstr "Her zaman $HOME çevre deÄŸiÅŸkenini hedef kullanıcının ev dizinine ata" #: plugins/sudoers/def_data.c:107 msgid "Allow some information gathering to give useful error messages" msgstr "Yararlı hata iletilerinin verilmesi için bazı bilgilerin toplanmasına izin ver" #: plugins/sudoers/def_data.c:111 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "Sudoers dosyası içerisinde tam nitelikli ana makine adlarının olması gerekmektedir" #: plugins/sudoers/def_data.c:115 msgid "Insult the user when they enter an incorrect password" msgstr "Hatalı parola girdikleri zaman kullanıcıyı aÅŸağıla" #: plugins/sudoers/def_data.c:119 msgid "Only allow the user to run sudo if they have a tty" msgstr "Ancak bir tty sahibi iseler kullanıcıya sudoyu çalıştırma izni ver" #: plugins/sudoers/def_data.c:123 msgid "Visudo will honor the EDITOR environment variable" msgstr "Visudo EDITOR çevre deÄŸiÅŸkeninin gereÄŸini ÅŸerefle yerine getirecektir." #: plugins/sudoers/def_data.c:127 msgid "Prompt for root's password, not the users's" msgstr "" #: plugins/sudoers/def_data.c:131 msgid "Prompt for the runas_default user's password, not the users's" msgstr "" #: plugins/sudoers/def_data.c:135 msgid "Prompt for the target user's password, not the users's" msgstr "" #: plugins/sudoers/def_data.c:139 msgid "Apply defaults in the target user's login class if there is one" msgstr "EÄŸer bir tane varsa hedef kullanıcı oturum açma sınıfında öntanımlıları uygula" #: plugins/sudoers/def_data.c:143 msgid "Set the LOGNAME and USER environment variables" msgstr "LOGNAME ve USER çevre deÄŸiÅŸkenlerini ata" #: plugins/sudoers/def_data.c:147 msgid "Only set the effective uid to the target user, not the real uid" msgstr "" #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" msgstr "" #: plugins/sudoers/def_data.c:155 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %d" msgstr "" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "" #: plugins/sudoers/def_data.c:163 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "" #: plugins/sudoers/def_data.c:167 #, c-format msgid "Number of tries to enter a password: %d" msgstr "Bir parola giriÅŸinde deneme sayısı: %d" #: plugins/sudoers/def_data.c:171 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "" #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" msgstr "Günlük kütüğü yolu: %s" #: plugins/sudoers/def_data.c:179 #, c-format msgid "Path to mail program: %s" msgstr "E-posta programı yolu: %s" #: plugins/sudoers/def_data.c:183 #, c-format msgid "Flags for mail program: %s" msgstr "E-posta programı için bayraklar: %s" #: plugins/sudoers/def_data.c:187 #, c-format msgid "Address to send mail to: %s" msgstr "" #: plugins/sudoers/def_data.c:191 #, c-format msgid "Address to send mail from: %s" msgstr "" #: plugins/sudoers/def_data.c:195 #, c-format msgid "Subject line for mail messages: %s" msgstr "E-posta iletileri için konu satırı: %s" #: plugins/sudoers/def_data.c:199 #, c-format msgid "Incorrect password message: %s" msgstr "Hatalı parola iletisi: %s" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "Kimlik doÄŸrulama zaman damgası dizininin yolu: %s" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "Kimlik doÄŸrulama zaman damgası dizininin sahibi: %s" #: plugins/sudoers/def_data.c:211 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "" #: plugins/sudoers/def_data.c:215 #, c-format msgid "Default password prompt: %s" msgstr "" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." msgstr "" #: plugins/sudoers/def_data.c:223 #, c-format msgid "Default user to run commands as: %s" msgstr "" #: plugins/sudoers/def_data.c:227 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "" #: plugins/sudoers/def_data.c:231 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "Visudo tarafından kullanılacak düzenleyici yolu: %s" #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in the sudo_noexec library" msgstr "Sudo_noexec kütüphanesinin içerdiÄŸi taklit exec iÅŸlevlerini önyükle" #: plugins/sudoers/def_data.c:247 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "LDAP dizini kullanılabilir durumda ise, yerel sudoers dosyalarını yok sayalım mı" #: plugins/sudoers/def_data.c:251 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "" #: plugins/sudoers/def_data.c:255 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "" #: plugins/sudoers/def_data.c:259 msgid "Allow users to set arbitrary environment variables" msgstr "" #: plugins/sudoers/def_data.c:263 msgid "Reset the environment to a default set of variables" msgstr "" #: plugins/sudoers/def_data.c:267 msgid "Environment variables to check for sanity:" msgstr "" #: plugins/sudoers/def_data.c:271 msgid "Environment variables to remove:" msgstr "" #: plugins/sudoers/def_data.c:275 msgid "Environment variables to preserve:" msgstr "" #: plugins/sudoers/def_data.c:279 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "" #: plugins/sudoers/def_data.c:283 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "" #: plugins/sudoers/def_data.c:287 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "" #: plugins/sudoers/def_data.c:291 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "" #: plugins/sudoers/def_data.c:295 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "" #: plugins/sudoers/def_data.c:299 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "" #: plugins/sudoers/def_data.c:303 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "" #: plugins/sudoers/def_data.c:307 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "" #: plugins/sudoers/def_data.c:311 msgid "Log user's input for the command being run" msgstr "" #: plugins/sudoers/def_data.c:315 msgid "Log the output of the command being run" msgstr "" #: plugins/sudoers/def_data.c:319 msgid "Compress I/O logs using zlib" msgstr "I/O günlüklerini zlib kullanarak sıkıştır" #: plugins/sudoers/def_data.c:323 msgid "Always run commands in a pseudo-tty" msgstr "" #: plugins/sudoers/def_data.c:327 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "" #: plugins/sudoers/def_data.c:331 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "" #: plugins/sudoers/def_data.c:335 #, c-format msgid "File in which to store the input/output log: %s" msgstr "" #: plugins/sudoers/def_data.c:339 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "" #: plugins/sudoers/def_data.c:343 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "" #: plugins/sudoers/def_data.c:347 msgid "Set of permitted privileges" msgstr "" #: plugins/sudoers/def_data.c:351 msgid "Set of limit privileges" msgstr "" #: plugins/sudoers/def_data.c:355 msgid "Run commands on a pty in the background" msgstr "" #: plugins/sudoers/def_data.c:359 msgid "Create a new PAM session for the command to run in" msgstr "" #: plugins/sudoers/def_data.c:363 msgid "Maximum I/O log sequence number" msgstr "" #: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587 #, c-format msgid "unknown defaults entry `%s'" msgstr "" #: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225 #: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258 #: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284 #: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317 #: plugins/sudoers/defaults.c:327 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "" #: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 #: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253 #: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279 #: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312 #: plugins/sudoers/defaults.c:323 #, c-format msgid "no value specified for `%s'" msgstr "" #: plugins/sudoers/defaults.c:241 #, c-format msgid "values for `%s' must start with a '/'" msgstr "" #: plugins/sudoers/defaults.c:303 #, c-format msgid "option `%s' does not take a value" msgstr "" #: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 #: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 #: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427 #: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654 #: plugins/sudoers/testsudoers.c:243 #, c-format msgid "internal error, %s overflow" msgstr "" #: plugins/sudoers/env.c:367 #, c-format msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "" #: plugins/sudoers/env.c:1012 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "" #: plugins/sudoers/group_plugin.c:102 #, c-format msgid "%s must be owned by uid %d" msgstr "" #: plugins/sudoers/group_plugin.c:106 #, c-format msgid "%s must only be writable by owner" msgstr "" #: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256 #, c-format msgid "unable to dlopen %s: %s" msgstr "" #: plugins/sudoers/group_plugin.c:118 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "" #: plugins/sudoers/group_plugin.c:123 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "" #: plugins/sudoers/interfaces.c:119 msgid "Local IP address and netmask pairs:\n" msgstr "" #: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144 #: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "" #: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155 #: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165 #: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 #, c-format msgid "unable to mkdir %s" msgstr "" #: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708 #: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815 #: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155 #: plugins/sudoers/visudo.c:809 #, c-format msgid "unable to open %s" msgstr "" #: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711 #, c-format msgid "unable to read %s" msgstr "" #: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159 #, c-format msgid "unable to write to %s" msgstr "" #: plugins/sudoers/iolog.c:334 #, c-format msgid "unable to create %s" msgstr "" #: plugins/sudoers/ldap.c:385 #, c-format msgid "sudo_ldap_conf_add_ports: port too large" msgstr "" #: plugins/sudoers/ldap.c:408 #, c-format msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "" #: plugins/sudoers/ldap.c:438 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "" #: plugins/sudoers/ldap.c:467 #, c-format msgid "invalid uri: %s" msgstr "" #: plugins/sudoers/ldap.c:473 #, c-format msgid "unable to mix ldap and ldaps URIs" msgstr "" #: plugins/sudoers/ldap.c:477 #, c-format msgid "unable to mix ldaps and starttls" msgstr "" #: plugins/sudoers/ldap.c:496 #, c-format msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "" #: plugins/sudoers/ldap.c:570 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "" #: plugins/sudoers/ldap.c:573 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "" #: plugins/sudoers/ldap.c:1062 #, c-format msgid "unable to get GMT time" msgstr "" #: plugins/sudoers/ldap.c:1068 #, c-format msgid "unable to format timestamp" msgstr "" #: plugins/sudoers/ldap.c:1076 #, c-format msgid "unable to build time filter" msgstr "" #: plugins/sudoers/ldap.c:1295 #, c-format msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "" #: plugins/sudoers/ldap.c:1842 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" #: plugins/sudoers/ldap.c:1844 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" #: plugins/sudoers/ldap.c:1891 #, c-format msgid " Order: %s\n" msgstr "" #: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515 #: plugins/sudoers/sssd.c:1242 #, c-format msgid " Commands:\n" msgstr "" #: plugins/sudoers/ldap.c:2321 #, c-format msgid "unable to initialize LDAP: %s" msgstr "" #: plugins/sudoers/ldap.c:2355 #, c-format msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "" #: plugins/sudoers/ldap.c:2591 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "" #: plugins/sudoers/linux_audit.c:57 #, c-format msgid "unable to open audit system" msgstr "" #: plugins/sudoers/linux_audit.c:93 #, c-format msgid "unable to send audit message" msgstr "" #: plugins/sudoers/logging.c:140 #, c-format msgid "%8s : %s" msgstr "" #: plugins/sudoers/logging.c:168 #, c-format msgid "%8s : (command continued) %s" msgstr "" #: plugins/sudoers/logging.c:194 #, c-format msgid "unable to open log file: %s: %s" msgstr "günlük kütüğü açılamadı: %s: %s" #: plugins/sudoers/logging.c:197 #, c-format msgid "unable to lock log file: %s: %s" msgstr "günlük kütüğü kilitlenemedi: %s: %s" #: plugins/sudoers/logging.c:245 msgid "No user or host" msgstr "Kullanıcı veya ana makine yok" #: plugins/sudoers/logging.c:247 msgid "validation failure" msgstr "doÄŸrulama baÅŸarısız" #: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "kullancı sudoers içinde DEĞİL" #: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "kullanıcı ana makine üzerinde yetkili DEĞİL" #: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "komuta izin verilmiyor" #: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s sudoers dosyası içinde deÄŸil. Bu olay rapor edilecek.\n" #: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s, %s üzerinde sudoyu çalıştırma iznine sahip deÄŸil. Bu olay rapor edilecek.\n" #: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Üzgünüm, %s kullanıcısı %s üzerinde sudoyu çalıştıramayabilir.\n" #: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Üzgünüm, %s kullanıcısı '%s%s%s' komutunu %s%s%s olarak %s üzerinde çalıştırma iznine sahip deÄŸil.\n" #: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383 #: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386 #: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001 #: plugins/sudoers/sudoers.c:1002 #, c-format msgid "%s: command not found" msgstr "%s: komut bulunamadı" #: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" #: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "" #: plugins/sudoers/logging.c:379 msgid "a password is required" msgstr "" #: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487 #, c-format msgid "%d incorrect password attempt" msgid_plural "%d incorrect password attempts" msgstr[0] "" msgstr[1] "" #: plugins/sudoers/logging.c:566 #, c-format msgid "unable to fork" msgstr "" #: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629 #, c-format msgid "unable to fork: %m" msgstr "" #: plugins/sudoers/logging.c:619 #, c-format msgid "unable to open pipe: %m" msgstr "" #: plugins/sudoers/logging.c:644 #, c-format msgid "unable to dup stdin: %m" msgstr "" #: plugins/sudoers/logging.c:680 #, c-format msgid "unable to execute %s: %m" msgstr "" #: plugins/sudoers/logging.c:899 #, c-format msgid "internal error: insufficient space for log line" msgstr "" #: plugins/sudoers/match.c:631 #, c-format msgid "unsupported digest type %d for %s" msgstr "" #: plugins/sudoers/match.c:661 #, c-format msgid "%s: read error" msgstr "" #: plugins/sudoers/match.c:670 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "" #: plugins/sudoers/parse.c:124 #, c-format msgid "parse error in %s near line %d" msgstr "" #: plugins/sudoers/parse.c:127 #, c-format msgid "parse error in %s" msgstr "" #: plugins/sudoers/parse.c:462 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" #: plugins/sudoers/parse.c:463 #, c-format msgid " RunAsUsers: " msgstr "" #: plugins/sudoers/parse.c:477 #, c-format msgid " RunAsGroups: " msgstr "" #: plugins/sudoers/parse.c:486 #, c-format msgid " Options: " msgstr "" #: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750 #, c-format msgid "unable to execute %s" msgstr "" #: plugins/sudoers/policy.c:659 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "" #: plugins/sudoers/policy.c:661 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "" #: plugins/sudoers/policy.c:665 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" #: plugins/sudoers/policy.c:668 #, c-format msgid "nsswitch path: %s\n" msgstr "" #: plugins/sudoers/policy.c:670 #, c-format msgid "ldap.conf path: %s\n" msgstr "" #: plugins/sudoers/policy.c:671 #, c-format msgid "ldap.secret path: %s\n" msgstr "" #: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "" #: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "" #: plugins/sudoers/pwutil.c:374 #, c-format msgid "unable to cache gid %u, already exists" msgstr "" #: plugins/sudoers/pwutil.c:410 #, c-format msgid "unable to cache group %s, already exists" msgstr "" #: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "" #: plugins/sudoers/pwutil.c:584 #, c-format msgid "unable to parse groups for %s" msgstr "" #: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445 #: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141 #: plugins/sudoers/set_perms.c:1431 msgid "perm stack overflow" msgstr "" #: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453 #: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149 #: plugins/sudoers/set_perms.c:1439 msgid "perm stack underflow" msgstr "" #: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500 #: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471 msgid "unable to change to root gid" msgstr "" #: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597 #: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277 msgid "unable to change to runas gid" msgstr "" #: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609 #: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287 msgid "unable to change to runas uid" msgstr "" #: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627 #: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303 msgid "unable to change to sudoers gid" msgstr "" #: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698 #: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349 #: plugins/sudoers/set_perms.c:1515 msgid "too many processes" msgstr "" #: plugins/sudoers/set_perms.c:1583 msgid "unable to set runas group vector" msgstr "" #: plugins/sudoers/sssd.c:257 #, c-format msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "" #: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271 #: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285 #: plugins/sudoers/sssd.c:292 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "" #: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on this host:\n" msgstr "" #: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "" #: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on this host:\n" msgstr "" #: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "" #: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193 #: plugins/sudoers/sudoers.c:673 msgid "problem with defaults entries" msgstr "" #: plugins/sudoers/sudoers.c:165 #, c-format msgid "no valid sudoers sources found, quitting" msgstr "" #: plugins/sudoers/sudoers.c:227 #, c-format msgid "sudoers specifies that root is not allowed to sudo" msgstr "" #: plugins/sudoers/sudoers.c:234 #, c-format msgid "you are not permitted to use the -C option" msgstr "" #: plugins/sudoers/sudoers.c:315 #, c-format msgid "timestamp owner (%s): No such user" msgstr "" #: plugins/sudoers/sudoers.c:329 msgid "no tty" msgstr "" #: plugins/sudoers/sudoers.c:330 #, c-format msgid "sorry, you must have a tty to run sudo" msgstr "" #: plugins/sudoers/sudoers.c:378 msgid "command in current directory" msgstr "" #: plugins/sudoers/sudoers.c:395 #, c-format msgid "sorry, you are not allowed to preserve the environment" msgstr "" #: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216 #: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328 #: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576 #, c-format msgid "unable to stat %s" msgstr "" #: plugins/sudoers/sudoers.c:726 #, c-format msgid "%s is not a regular file" msgstr "" #: plugins/sudoers/sudoers.c:729 toke.l:913 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "" #: plugins/sudoers/sudoers.c:733 toke.l:920 #, c-format msgid "%s is world writable" msgstr "" #: plugins/sudoers/sudoers.c:736 toke.l:925 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "" #: plugins/sudoers/sudoers.c:763 #, c-format msgid "only root can use `-c %s'" msgstr "" #: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782 #, c-format msgid "unknown login class: %s" msgstr "" #: plugins/sudoers/sudoers.c:814 #, c-format msgid "unable to resolve host %s" msgstr "" #: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377 #, c-format msgid "unknown group: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:292 #, c-format msgid "invalid filter option: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:305 #, c-format msgid "invalid max wait: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:311 #, c-format msgid "invalid speed factor: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179 #, c-format msgid "%s version %s\n" msgstr "" #: plugins/sudoers/sudoreplay.c:339 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:345 #, c-format msgid "%s/%s/timing: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:363 #, c-format msgid "Replaying sudo session: %s\n" msgstr "" #: plugins/sudoers/sudoreplay.c:369 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "" #: plugins/sudoers/sudoreplay.c:370 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "" #: plugins/sudoers/sudoreplay.c:400 #, c-format msgid "unable to set tty to raw mode" msgstr "" #: plugins/sudoers/sudoreplay.c:416 #, c-format msgid "invalid timing file line: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:499 #, c-format msgid "writing to standard output" msgstr "" #: plugins/sudoers/sudoreplay.c:528 #, c-format msgid "nanosleep: tv_sec %ld, tv_nsec %ld" msgstr "" #: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666 #, c-format msgid "ambiguous expression \"%s\"" msgstr "" #: plugins/sudoers/sudoreplay.c:683 #, c-format msgid "too many parenthesized expressions, max %d" msgstr "" #: plugins/sudoers/sudoreplay.c:694 #, c-format msgid "unmatched ')' in expression" msgstr "" #: plugins/sudoers/sudoreplay.c:700 #, c-format msgid "unknown search term \"%s\"" msgstr "" #: plugins/sudoers/sudoreplay.c:714 #, c-format msgid "%s requires an argument" msgstr "" #: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058 #, c-format msgid "invalid regular expression: %s" msgstr "" #: plugins/sudoers/sudoreplay.c:724 #, c-format msgid "could not parse date \"%s\"" msgstr "" #: plugins/sudoers/sudoreplay.c:737 #, c-format msgid "unmatched '(' in expression" msgstr "" #: plugins/sudoers/sudoreplay.c:739 #, c-format msgid "illegal trailing \"or\"" msgstr "" #: plugins/sudoers/sudoreplay.c:741 #, c-format msgid "illegal trailing \"!\"" msgstr "" #: plugins/sudoers/sudoreplay.c:1182 #, c-format msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" msgstr "" #: plugins/sudoers/sudoreplay.c:1185 #, c-format msgid "usage: %s [-h] [-d directory] -l [search expression]\n" msgstr "" #: plugins/sudoers/sudoreplay.c:1194 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" #: plugins/sudoers/sudoreplay.c:1196 msgid "" "\n" "Options:\n" " -d directory specify directory for session logs\n" " -f filter specify which I/O type to display\n" " -h display help message and exit\n" " -l [expression] list available session IDs that match expression\n" " -m max_wait max number of seconds to wait between events\n" " -s speed_factor speed up or slow down output\n" " -V display version information and exit" msgstr "" #: plugins/sudoers/testsudoers.c:328 msgid "\thost unmatched" msgstr "" #: plugins/sudoers/testsudoers.c:331 msgid "" "\n" "Command allowed" msgstr "" #: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command denied" msgstr "" #: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command unmatched" msgstr "" #: plugins/sudoers/timestamp.c:129 #, c-format msgid "timestamp path too long: %s" msgstr "" #: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 #: plugins/sudoers/timestamp.c:292 #, c-format msgid "%s owned by uid %u, should be uid %u" msgstr "" #: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0700" msgstr "" #: plugins/sudoers/timestamp.c:286 #, c-format msgid "%s exists but is not a regular file (0%o)" msgstr "" #: plugins/sudoers/timestamp.c:298 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0600" msgstr "" #: plugins/sudoers/timestamp.c:353 #, c-format msgid "timestamp too far in the future: %20.20s" msgstr "" #: plugins/sudoers/timestamp.c:407 #, c-format msgid "unable to remove %s, will reset to the epoch" msgstr "" #: plugins/sudoers/timestamp.c:414 #, c-format msgid "unable to reset %s to the epoch" msgstr "" #: plugins/sudoers/toke_util.c:176 #, c-format msgid "fill_args: buffer overflow" msgstr "" #: plugins/sudoers/visudo.c:180 #, c-format msgid "%s grammar version %d\n" msgstr "" #: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533 #, c-format msgid "press return to edit %s: " msgstr "" #: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332 #, c-format msgid "write error" msgstr "yazma hatası" #: plugins/sudoers/visudo.c:414 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:419 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:425 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:448 #, c-format msgid "%s unchanged" msgstr "%s deÄŸiÅŸmemiÅŸ" #: plugins/sudoers/visudo.c:477 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "geçici dosya (%s) yeniden açılamadı, %s deÄŸiÅŸmemiÅŸ." #: plugins/sudoers/visudo.c:487 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "" #: plugins/sudoers/visudo.c:526 #, c-format msgid "internal error, unable to find %s in list!" msgstr "" #: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "" #: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "" #: plugins/sudoers/visudo.c:609 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "" #: plugins/sudoers/visudo.c:623 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:633 #, c-format msgid "error renaming %s, %s unchanged" msgstr "" #: plugins/sudoers/visudo.c:695 msgid "What now? " msgstr "" #: plugins/sudoers/visudo.c:709 msgid "" "Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" #: plugins/sudoers/visudo.c:757 #, c-format msgid "unable to run %s" msgstr "%s çalıştırılamadı" #: plugins/sudoers/visudo.c:783 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "" #: plugins/sudoers/visudo.c:790 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "" #: plugins/sudoers/visudo.c:815 #, c-format msgid "failed to parse %s file, unknown error" msgstr "%s dosyasının ayrıştırılması baÅŸarısız oldu, bilinmeyen hata" #: plugins/sudoers/visudo.c:831 #, c-format msgid "parse error in %s near line %d\n" msgstr "%s içindeki %d satırı yakınında ayrıştırma hatası\n" #: plugins/sudoers/visudo.c:834 #, c-format msgid "parse error in %s\n" msgstr "%s içinde ayrıştırma hatası\n" #: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846 #, c-format msgid "%s: parsed OK\n" msgstr "%s: ayrıştırma TAMAM\n" #: plugins/sudoers/visudo.c:893 #, c-format msgid "%s busy, try again later" msgstr "%s meÅŸgul, daha sonra tekrar deneyin" #: plugins/sudoers/visudo.c:937 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "belirtilen düzenleyici (%s) yok" #: plugins/sudoers/visudo.c:960 #, c-format msgid "unable to stat editor (%s)" msgstr "düzenleyici (%s) baÅŸlatılamadı" #: plugins/sudoers/visudo.c:1008 #, c-format msgid "no editor found (editor path = %s)" msgstr "hiçbir düzenleyici bulunamadı (düzenleyici yolu = %s)" #: plugins/sudoers/visudo.c:1100 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "" #: plugins/sudoers/visudo.c:1101 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "" #: plugins/sudoers/visudo.c:1104 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "" #: plugins/sudoers/visudo.c:1105 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "" #: plugins/sudoers/visudo.c:1240 #, c-format msgid "%s: unused %s_Alias %s" msgstr "" #: plugins/sudoers/visudo.c:1302 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" #: plugins/sudoers/visudo.c:1304 msgid "" "\n" "Options:\n" " -c check-only mode\n" " -f sudoers specify sudoers file location\n" " -h display help message and exit\n" " -q less verbose (quiet) syntax error messages\n" " -s strict syntax checking\n" " -V display version information and exit" msgstr "" "\n" "Seçenekler:\n" " -c sadece denetim kipi\n" " -f sudoers sudoers dosyasının konumu\n" " -h yardım iletisini görüntüle ve çık\n" " -q daha az ayrıntılı (sessiz=quiet) sözdizim hata iletileri\n" " -s sıkı sözdizim denetimi\n" " -V sürüm bilgisini görüntüle ve çık" #: toke.l:886 msgid "too many levels of includes" msgstr "" sudo-1.8.9p5/plugins/sudoers/po/uk.mo010064400175440000012000001430311226304146300171060ustar00millertstaffÞ•R¬ É<`arƒ“¦¶fË´2çøý  ! !&!5!G!X!a!~!#ž!9Â!ü!&")<"f"}"F–"@Ý"###B#f#{#!–#$¸#Ý# õ#$3$3E$y$–$§$®$+½$(é$%;(%d%y%ˆ% —%¸%Ø%î%"&41&!f&$ˆ&-­&Û&*ø&+#'O'f'.€'<¯'#ì'd(Au(9·(ñ()+)>F)?…)2Å)#ø)!*4>*?s*8³*ì*.+3+#P+2t+§+#Ã+1ç+<,*V,", ¤,/Å,õ,$-@8-/y-©-8Ä-<ý-F:.3.µ.É.5è.q/)/:º/$õ/'0=B0-€0'®0)Ö0*1(+1#T1x1'ˆ12°1?ã1#2-±2ß2ü2(33=3%q3 —3(¡3Ê3ß3(ø3.!4%P4Ev4+¼4=è46&5G]5¥5Ä55à5(63?6s6'…6,­63Ú637B75_7'•75½7&ó7:8U8m8.‰8=¸8ö8C9'L9"t9 —9!¸97Ú9?:AR:V”:“ë:';0§;LØ;*%<.P<)<F©<'ð<1=1J=|=@œ= Ý=7è=9 >Z>3q>¥>¿>Ö>(ö>?CZCmC!‡C©C»CÎCíC D!D6DPD6nDI¥D&ïD#E\:E'—E)¿E8éE("F2KF,~F2«F"ÞFG(GFGbG"uG˜G&´G(ÛG1H&6H']H%…H"«HÎHëH I'IGI*eI$IµIÉIáIöI J*0J[JjJ}J˜J%¯J'ÕJýJK 4K,UKC‚KÆKÜK!üKL1LCL_LL—L4µLêLüL1M$IMnMˆM™M*¶M áMN N2N0MN~N3”NÈNÞNúN O$O=OTOdOuO‘O­O!ËO/íO-PKPgP{P%ŽP%´P ÚP*æP#Q&5Q-\QŠQ:¥S"àS$T>(TgT${T T‡"WªZÀZBÜZ]4]M]&e]2Œ]¿]4È]Dý]CB^—†^A_6`_C—_<Û_*`vC``º`6a6RaZ‰a?äaX$b7}b;µbñbc|c|šcd4dEdLdv[d`Òd(3ev\e2Óef!%f„Gf’Ìf(_gKˆgCÔgqhNŠh]Ùhe7i3i[ÑiZ-j,ˆjBµjMøjûFk+BlônlcmYnG[nG£n1ën“oޱoŽ@pBÏpLqŠ_q“êq³~r*2sj]s<Ès>tHDt*tJ¸tpu}tuaòuDTvD™vcÞv+Bw4nwp£wsx8ˆx{Áxu=y¬³yr`z#ÓzE÷zg={Þ¥{s„|Šø|Fƒ}]Ê}v(~WŸ~a÷~HYv¢F€x`€3Ù€? |M†ÊQ‚\Uƒ1²ƒGäƒ~,„¤«„SP… ¤…[²…+†3:†Xn†Vdž?‡†^‡Tå‡z:ˆ˜µˆ•N‰Qä‰-6ŠPdŠ9µŠPïŠ'@‹Kh‹a´‹nŒn…ŒOôŒ{D\ÀwŽz•Ž‘=¢7àY¢r0‘F‘bÈ‘+’KE’4‘’^Æ’Ž%“’´“ÓG”,•^H–j§–˜—R«—`þ—r_˜‚Ò˜EU™A›™mÝ™5Kš”š›S+›U›$Õ›œú›,—œDÄœ< CF5Š6À4÷O,ž>|žF»žzŸQ}Ÿ0ÏŸ³ /´ 0ä >¡WT¡e¬¡U¢>h¢8§¢Dà¢H%£Hn£:·£Bò£35¤:i¤T¤¤ù¤¥O5¥6…¥_¼¥¦k+¦2—¦ʦ?æ¦U&§#|§$ §@ŧA¨2H¨.{¨;ª¨5æ¨V©xs©kì©:Xªž“ªi2«Jœ«aç«MI¬t—¬b ­~o­zî­Ii®Z³®A¯!P¯Jr¯>½¯Iü¯PF°[—°Ió°\=±fš±^²S`²1´²1æ²3³>L³k‹³T÷³'L´2t´'§´+Ï´:û´D6µ={µA¹µ[ûµBW¶mš¶T·9]·4—·?Ì·u ¸ƒ‚¸1¹J8¹Uƒ¹6Ù¹'º@8ºDyº3¾º=òº|0»)­»D×»q¼A޼Aм'½L:½S‡½SÛ½Y/¾3‰¾H½¾o¿7v¿s®¿'"ÀHJÀ“À*³À/ÞÀ)Á)8Á+bÁ-ŽÁ-¼Á;êÁT&ÂZ{ÂqÖÂPHÃ9™Ã<ÓÃRÄCcħÄQÃÄ+ÅmAÅi¯Å+í4ÁGFý6RKƒLŒ¼¶” ¡zÇO«E[Àê|B%ø†i5mM¬@Ã)ÒV^’ž %Kã‡ØQB(“¾¸ÊOU(Ä#x;° Ùe &!.²®8¨4·Í#è½ßJ;:Nôü­>Aˆ¯sovd,j•I´8 "ánÏÌI><N„=@rб€¢©/Üt{5ï<›œa '+â1Ûfé)û£"—lðþ÷y˜JG‚ÝŪÿP0Š -‘H»¥Ÿ9àcºëæµE2LQ=g¦…]Rú$õ–HÔWDóÂSkä:Þ`XY* F32ZùìòTC¿.7!ÖP¤×wh§9b' Ñuñ~p_ šÈ 7&ÓÉ\$ç?‹MËŽ0Æö*å/3D,C61 }ÕAÚ -?¹Îq³ host unmatched Command allowed Command denied Command unmatched LDAP Role: %s LDAP Role: UNKNOWN Options: -c, --check check-only mode -f, --file=file specify sudoers file location -h, --help display help message and exit -q, --quiet less verbose (quiet) syntax error messages -s, --strict strict syntax checking -V, --version display version information and exit -x, --export=file export sudoers in JSON format Options: -d, --directory=dir specify directory for session logs -f, --filter=filter specify which I/O type(s) to display -h, --help display help message and exit -l, --list list available session IDs, with optional expression -m, --max-wait=num max number of seconds to wait between events -s, --speed=num speed up or slow down output -V, --version display version information and exit Sudoers entry: Sudoers path: %s We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Commands: Options: Order: %s RunAsGroups: RunAsUsers: %8s : %s%8s : (command continued) %s%s - replay sudo session logs %s - safely edit the sudoers file %s and %s not on the same file system, using mv to rename%s busy, try again later%s exists but is not a directory (0%o)%s exists but is not a regular file (0%o)%s grammar version %d %s is not a regular file%s is not allowed to run sudo on %s. This incident will be reported. %s is not in the sudoers file. This incident will be reported. %s is owned by gid %u, should be %u%s is owned by uid %u, should be %u%s is world writable%s must be owned by uid %d%s must only be writable by owner%s owned by uid %u, should be uid %u%s requires an argument%s unchanged%s version %s %s writable by non-owner (0%o), should be mode 0600%s writable by non-owner (0%o), should be mode 0700%s/%.2s/%.2s/%.2s/timing: %s%s/%s/timing: %s%s: %s%s: %s: %s: %s%s: Cannot verify TGT! Possible attack!: %s%s: bad permissions, should be mode 0%o %s: command not found%s: incompatible group plugin major version %d, expected %d%s: invalid log file%s: parsed OK %s: read error%s: runas group field is missing%s: runas user field is missing%s: time stamp %s: %s%s: time stamp field is missing%s: unable to allocate options: %s%s: unable to convert principal to string ('%s'): %s%s: unable to get credentials: %s%s: unable to get host principal: %s%s: unable to initialize credential cache: %s%s: unable to parse '%s': %s%s: unable to resolve credential cache: %s%s: unable to store credential in cache: %s%s: unused %s_Alias %s%s: user field is missing%s: wrong owner (uid, gid) should be (%u, %u) %u incorrect password attempt%u incorrect password attempts*** SECURITY information for %h ***Account expired or PAM config lacks an "account" section for sudo, contact your system administratorAccount or password is expired, reset your password and try againAdd an entry to the utmp/utmpx file when allocating a ptyAddress to send mail from: %sAddress to send mail to: %sAlias `%s' already definedAllow some information gathering to give useful error messagesAllow sudo to prompt for a password even if it would be visibleAllow users to set arbitrary environment variablesAlways run commands in a pseudo-ttyAlways send mail when sudo is runAlways set $HOME to the target user's home directoryApply defaults in the target user's login class if there is oneAttempt to establish PAM credentials for the target userAuthentication methods:Authentication timestamp timeout: %.1f minutesCompress I/O logs using zlibCould not determine audit conditionCreate a new PAM session for the command to run inDefault password prompt: %sDefault user to run commands as: %sDirectory in which to store input/output logs: %sDon't initialize the group vector to that of the target userEnvironment variables to check for sanity:Environment variables to preserve:Environment variables to remove:Error: %s_Alias `%s' referenced but not definedError: cycle in %s_Alias `%s'File containing the sudo lecture: %sFile descriptors >= %d will be closed before executing a commandFile in which to store the input/output log: %sFlags for mail program: %sIf LDAP directory is up, do we ignore local sudoers fileIf set, passprompt will override system prompt in all cases.If set, users may override the value of `closefrom' with the -C optionIf sudo is invoked with no arguments, start a shellIgnore '.' in $PATHIncorrect password message: %sInsult the user when they enter an incorrect passwordInvalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication.Lecture user the first time they run sudoLength at which to wrap log file lines (0 for no wrap): %uLocal IP address and netmask pairs: Locale to use while parsing sudoers: %sLog geometry is %d x %d, your terminal's geometry is %d x %d.Log the hostname in the (non-syslog) log fileLog the output of the command being runLog the year in the (non-syslog) log fileLog user's input for the command being runMatching Defaults entries for %s on %s: Maximum I/O log sequence number: %uNo user or hostNumber of tries to enter a password: %uOnly allow the user to run sudo if they have a ttyOnly set the effective uid to the target user, not the real uidOptions are: (e)dit sudoers file again e(x)it without saving changes to sudoers file (Q)uit and save changes to sudoers file (DANGER!) Owner of the authentication timestamp dir: %sPAM authentication error: %sPAM service name to usePAM service name to use for login shellsPassword expired, contact your system administratorPassword prompt timeout: %.1f minutesPassword:Path to authentication timestamp dir: %sPath to log file: %sPath to mail program: %sPath to the editor for use by visudo: %sPath to the sudo-specific environment file: %sPlugin for non-Unix group support: %sPreload the dummy exec functions contained in the sudo_noexec libraryPrompt for root's password, not the users'sPrompt for the runas_default user's password, not the users'sPrompt for the target user's password, not the users'sProvide visual feedback at the password prompt when there is user inputPut OTP prompt on its own lineReplaying sudo session: %s Require fully-qualified hostnames in the sudoers fileRequire users to authenticate by defaultReset the environment to a default set of variablesRoot may run sudoRun commands on a pty in the backgroundRunas and Command-specific defaults for %s: SELinux role to use in the new security context: %sSELinux type to use in the new security context: %sSecurID communication failedSend mail if the user is not allowed to run a commandSend mail if the user is not in sudoersSend mail if the user is not in sudoers for this hostSend mail if user authentication failsSet $HOME to the target user when starting a shell with -sSet of limit privilegesSet of permitted privilegesSet the LOGNAME and USER environment variablesSet the user in utmp to the runas user, not the invoking userSorry, try again.Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s. Sorry, user %s may not run sudo on %s. Subject line for mail messages: %sSudoers file grammar version %d Sudoers policy plugin version %s Syslog facility if syslog is being used for logging: %sSyslog priority to use when user authenticates successfully: %sSyslog priority to use when user authenticates unsuccessfully: %sThe umask specified in sudoers will override the user's, even if it is more permissiveThere are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option.Umask to use or 0777 to use user's: 0%oUse a separate timestamp for each user/tty comboUse faster globbing that is less accurate but does not access the filesystemUser %s is not allowed to run sudo on %s. User %s may run the following commands on %s: User ID locked for SecurID AuthenticationUsers in this group are exempt from password and PATH requirements: %sValue to override user's $PATH with: %sVisudo will honor the EDITOR environment variableWarning: %s_Alias `%s' referenced but not definedWarning: cycle in %s_Alias `%s'Warning: your terminal is too small to properly replay the log. What now? When to require a password for 'list' pseudocommand: %sWhen to require a password for 'verify' pseudocommand: %sa password is requiredaccount validation failure, is your account locked?ambiguous expression "%s"authentication failureauthentication server error: %scommand failed: '%s %s %s', %s unchangedcommand in current directorycommand not allowedcould not parse date "%s"digest for %s (%s) is not in %s formeditor (%s) failed, %s unchangederror renaming %s, %s unchangedfailed to initialise the ACE API libraryfailed to parse %s file, unknown errorfill_args: buffer overflowignoring `%s' found in '.' Use `sudo ./%s' if this is the `%s' you wish to run.illegal trailing "!"illegal trailing "or"internal error, %s overflowinternal error, unable to find %s in list!internal error: insufficient space for log lineinvalid Authentication Handle for SecurIDinvalid authentication methodsinvalid authentication typeinvalid filter option: %sinvalid max wait: %sinvalid passcode length for SecurIDinvalid regular expression: %sinvalid speed factor: %sinvalid sudoOrder attribute: %sinvalid timing file line: %sinvalid username length for SecurIDldap.conf path: %s ldap.secret path: %s lost connection to authentication serverno authentication methodsno editor found (editor path = %s)no ttyno valid sudoers sources found, quittingno value specified for `%s'nsswitch path: %s only root can use `-c %s'option `%s' does not take a valueparse error in %sparse error in %s parse error in %s near line %dparse error in %s near line %d perm stack overflowperm stack underflowpress return to edit %s: problem with defaults entriessorry, you are not allowed to preserve the environmentsorry, you are not allowed to set the following environment variables: %ssorry, you must have a tty to run sudospecified editor (%s) doesn't existstart_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()starttls not supported when using ldapssudo_ldap_build_pass1 allocation mismatchsudo_ldap_conf_add_ports: out of space expanding hostbufsudo_ldap_conf_add_ports: port too largesudo_ldap_parse_uri: out of space building hostbufsudo_putenv: corrupted envp, length mismatchsudoers specifies that root is not allowed to sudotimestamp owner (%s): No such usertimestamp path too long: %stimestamp too far in the future: %20.20stoo many levels of includestoo many processesunable to begin bsd authenticationunable to build time filterunable to cache gid %u, already existsunable to cache group %s, already existsunable to cache group list for %s, already existsunable to cache uid %u, already existsunable to cache user %s, already existsunable to change expired password: %sunable to change mode of %s to 0%ounable to change to root gidunable to change to runas gidunable to change to runas uidunable to change to sudoers gidunable to commit audit recordunable to connect to authentication serverunable to contact the SecurID serverunable to create %sunable to dup stdin: %munable to execute %sunable to execute %s: %munable to find symbol "%s" in %sunable to find symbol "group_plugin" in %sunable to forkunable to fork: %munable to format timestampunable to get GMT timeunable to get login class for user %sunable to initialize BSD authenticationunable to initialize LDAP: %sunable to initialize PAMunable to initialize SIA sessionunable to initialize SSL cert and key db: %sunable to initialize SSS source. Is SSSD installed on your machine?unable to load %s: %sunable to lock log file: %s: %sunable to mix ldap and ldaps URIsunable to mkdir %sunable to open %sunable to open audit systemunable to open log file: %s: %sunable to open pipe: %munable to parse groups for %sunable to re-open temporary file (%s), %s unchanged.unable to read %sunable to read fwtk configunable to remove %s, will reset to the Unix epochunable to reset %s to the Unix epochunable to resolve host %sunable to run %sunable to send audit messageunable to set (uid, gid) of %s to (%u, %u)unable to set runas group vectorunable to set tty to raw modeunable to stat %sunable to stat editor (%s)unable to stat temporary file (%s), %s unchangedunable to write to %sunabled to parse temporary file (%s), unknown errorunknown SecurID errorunknown defaults entry `%s'unknown group: %sunknown login class: %sunknown search term "%s"unknown search type %dunknown uid: %uunknown user: %sunmatched '(' in expressionunmatched ')' in expressionunsupported LDAP uri type: %sunsupported digest type %d for %susage: %s [-h] [-d dir] -l [search expression] usage: %s [-h] [-d dir] [-m num] [-s num] ID user NOT authorized on hostuser NOT in sudoersvalidation failurevalue `%s' is invalid for option `%s'values for `%s' must start with a '/'write erroryou are not permitted to use the -C optionyou do not exist in the %s databaseyou must set TLS_CERT in %s to use SSLzero length temporary file (%s), %s unchangedProject-Id-Version: sudoers 1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-17 10:47-0700 PO-Revision-Date: 2013-12-26 22:25+0200 Last-Translator: Yuri Chornoivan Language-Team: Ukrainian Language: uk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=4; plural=n==1 ? 3 : n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2; X-Generator: Lokalize 1.5 відповідника вузла не знайдено Команду дозволено Команду заборонено Ðе знайдено відповідника команди Роль LDAP: %s Роль у LDAP: ÐЕВІДОМРПараметри: -c, --check режим лише перевірки -f, --file=файл вказати Ñ€Ð¾Ð·Ñ‚Ð°ÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ñ„Ð°Ð¹Ð»Ð° sudoers -h, --help показати довідкове Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ñ– завершити роботу -q, --quiet ÑтиÑлі Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ñ‰Ð¾Ð´Ð¾ ÑинтакÑичних помилок -s, --strict Ñтрога перевірка ÑинтакÑиÑу -V, --version показати дані щодо верÑÑ–Ñ— Ñ– завершити роботу -x, --export=файл екÑпортувати sudoers у форматі JSON Параметри: -d, --directory=каталог вказати каталог Ð´Ð»Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»Ñ–Ð² ÑеанÑу -f, --filter=фільтр вказати, Ñкий тип вводу-виводу Ñлід показувати -h, --help показати довідкове Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ñ– завершити роботу -l, --list показати ÑпиÑок можливих ідентифікаторів ÑеанÑів, відповідних до виразу -m, --max-wait=макÑ_очік макÑимальний Ñ‡Ð°Ñ (у Ñекундах) Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¼Ñ–Ð¶ подіÑми -s, --speed=коеф_швидк коефіцієнт приÑÐºÐ¾Ñ€ÐµÐ½Ð½Ñ Ð°Ð±Ð¾ ÑÐ¿Ð¾Ð²Ñ–Ð»ÑŒÐ½ÐµÐ½Ð½Ñ Ð²Ð¸Ð²Ð¾Ð´Ñƒ даних -V, --version показати дані щодо верÑÑ–Ñ— Ñ– завершити роботу Ð—Ð°Ð¿Ð¸Ñ sudoers: ШлÑÑ… до sudoers: %s Ми ÑподіваємоÑÑ, що ви отримали належні наÑтанови від адмініÑтратора локальної ÑиÑтеми. Зазвичай, подібні наÑтанови зводÑтьÑÑ Ð´Ð¾ такого: #1) Поважайте конфіденційніÑть даних інших кориÑтувачів. #2) Обдумайте Ñвої дії, перш ніж виконувати Ñ—Ñ…. #3) КориÑÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ ÑˆÐ¸Ñ€Ð¾ÐºÐ¸Ð¼Ð¸ правами розширює Ñферу відповідальноÑті. Команди: Параметри: ПорÑдок: %s Групи Ð´Ð»Ñ Ð·Ð°Ð¿ÑƒÑку: КориÑтувачі Ð´Ð»Ñ Ð·Ð°Ð¿ÑƒÑку: %8s : %s%8s : (команда продовжуєтьÑÑ) %s%s — Ð²Ñ–Ð´Ñ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»Ñ–Ð² ÑеанÑів sudo %s — безпечне Ñ€ÐµÐ´Ð°Ð³ÑƒÐ²Ð°Ð½Ð½Ñ Ñ„Ð°Ð¹Ð»Ð° sudoers %s Ñ– %s не перебувають у одній файловій ÑиÑтемі, викориÑтовуємо mv Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ¹Ð¼ÐµÐ½ÑƒÐ²Ð°Ð½Ð½Ñ%s зайнÑто, повторіть Ñпробу пізніше%s Ñ–Ñнує, але не Ñ” каталогом (0%o)%s Ñ–Ñнує, але не Ñ” звичайним файлом (0%o)Граматична перевірка %s, верÑÑ–Ñ %d %s не Ñ” звичайним файлом%s заборонено виконувати sudo на %s. Ð—Ð°Ð¿Ð¸Ñ Ð¿Ñ€Ð¾ подію додано до звіту. %s немає у файлі sudoers. Ð—Ð°Ð¿Ð¸Ñ Ð¿Ñ€Ð¾ подію додано до звіту. %s належить gid %u, має належати %u%s належить uid %u, має належати %uÐ—Ð°Ð¿Ð¸Ñ Ð´Ð¾ «%s» можливий Ð´Ð»Ñ Ð´Ð¾Ð²Ñ–Ð»ÑŒÐ½Ð¾Ð³Ð¾ кориÑтувача%s має належати кориÑтувачеві з uid %d%s має бути доÑтупним до запиÑу лише Ð´Ð»Ñ Ð²Ð»Ð°ÑникавлаÑником %s Ñ” uid %u, має бути uid %u%s потребує Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð°Ñ€Ð³ÑƒÐ¼ÐµÐ½Ñ‚Ñƒ%s не змінено%s, верÑÑ–Ñ %s %s доÑтупний до запиÑу невлаÑником (0%o), має бути вÑтановлено режим 0600%s доÑтупний до запиÑу невлаÑником (0%o), має бути вÑтановлено режим 0700%s/%.2s/%.2s/%.2s/timing: %s%s/%s/timing: %s%s: %s%s: %s: %s: %s%s: Ñпроба перевірки TGT зазнала невдачі! Ймовірно, Ð²Ð°Ñ Ð°Ñ‚Ð°ÐºÐ¾Ð²Ð°Ð½Ð¾: %s%s: помилкові права доÑтупу, режим доÑтупу має бути 0%o %s: команду не знайдено%s: неÑуміÑна оÑновна верÑÑ–Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ° обробки груп %d, мало бути — %d%s: некоректний файл журналу%s: вдала обробка %s: помилка читаннÑ%s: не вказано даних щодо групи, від імені Ñкої відбуватиметьÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ%s: не вказано даних щодо кориÑтувача, від імені Ñкого відбуватиметьÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ%s: чаÑова позначка %s: %s%s: не вказано даних щодо чаÑової позначки%s: не вдалоÑÑ Ñ€Ð¾Ð·Ð¼Ñ–Ñтити параметри: %s%s: не вдалоÑÑ Ð¿ÐµÑ€ÐµÑ‚Ð²Ð¾Ñ€Ð¸Ñ‚Ð¸ реєÑтраційний Ð·Ð°Ð¿Ð¸Ñ Ð½Ð° Ñ€Ñдок («%s»): %s%s: не вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ реєÑтраційні дані: %s%s: не вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ реєÑтраційний Ð·Ð°Ð¿Ð¸Ñ Ð²ÑƒÐ·Ð»Ð°: %s%s: не вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ кеш реєÑтраційних даних: %s%s: не вдалоÑÑ Ð¾Ð±Ñ€Ð¾Ð±Ð¸Ñ‚Ð¸ «%s»: %s%s: не вдалоÑÑ Ð²Ð¸Ð·Ð½Ð°Ñ‡Ð¸Ñ‚Ð¸ кеш реєÑтраційних даних: %s%s: не вдалоÑÑ Ð·Ð±ÐµÑ€ÐµÐ³Ñ‚Ð¸ реєÑтраційні дані у кеші: %s%s: невикориÑтаний %s_Alias %s%s: не вказано даних щодо кориÑтувача%s: помилковий влаÑник (uid, gid), має бути (%u, %u) %u невдала Ñпроба Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ%u невдалих Ñпроби Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ%u невдалих Ñпроб Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñодна невдала Ñпроба Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ*** Дані щодо ЗÐХИСТУ %h ***Строк дії облікового запиÑу збіг або у файлі налаштувань PAM немає розділу "account" Ð´Ð»Ñ sudo. Повідомте про це адмініÑтратора вашої ÑиÑтеми.Строк дії облікового запиÑу або Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð·Ð±Ñ–Ð³, визначте новий пароль Ñ– повторіть ÑпробуДодати Ð·Ð°Ð¿Ð¸Ñ Ð´Ð¾ файла utmp/utmpx під Ñ‡Ð°Ñ Ñ€Ð¾Ð·Ð¼Ñ–Ñ‰ÐµÐ½Ð½Ñ ptyÐдреÑа, з Ñкої надÑилатимутьÑÑ Ð»Ð¸Ñти: %sÐдреÑа, на Ñку надÑилатимутьÑÑ Ð»Ð¸Ñти: %sЗамінник «%s» вже визначеноДозволити Ð·Ð±Ð¸Ñ€Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… з метою Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ñ€Ð¾Ð·ÑƒÐ¼Ñ–Ð»Ð¸Ñ… повідомлень про помилкиДозволити sudo надÑилати запит щодо паролÑ, навіть Ñкщо цей пароль буде видимимДозволити кориÑтувачам вÑтановлювати Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð¾Ð²Ñ–Ð»ÑŒÐ½Ð¸Ñ… змінних ÑередовищаЗавжди запуÑкати команди у пÑевдо-ttyЗавжди надÑилати лиÑта, коли викликано sudoЗавжди вÑтановлювати значеннÑм $HOME домашній каталог вказаного кориÑтувачаЗаÑтоÑовувати типові параметри у клаÑÑ– вказаного кориÑтувача, Ñкщо такий ÐºÐ»Ð°Ñ Ñ”Ð¡Ð¿Ñ€Ð¾Ð±ÑƒÐ²Ð°Ñ‚Ð¸ вÑтановити реєÑтраційні дані PAM Ð´Ð»Ñ ÐºÐ¾Ñ€Ð¸Ñтувача, від імені Ñкого виконуватимутьÑÑ Ð´Ñ–Ñ—Ð¡Ð¿Ð¾Ñоби розпізнаваннÑ:Ð§Ð°Ñ Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð° чаÑовий штамп розпізнаваннÑ: %.1f хвилинаСтиÑкати журнали за допомогою zlibÐе вдалоÑÑ Ð²Ð¸Ð·Ð½Ð°Ñ‡Ð¸Ñ‚Ð¸ умови аудитаСтворити ÑÐµÐ°Ð½Ñ PAM Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸Ð¢Ð¸Ð¿Ð¾Ð²Ð¸Ð¹ запит паролÑ: %sТиповий кориÑтувач Ð´Ð»Ñ Ð·Ð°Ð¿ÑƒÑку команд: %sКаталог, у Ñкому Ñлід зберігати журнали введеннÑ/виведеннÑ: %sÐе ініціалізувати вектор групи відповідно до вказаного кориÑтувачаЗмінні Ñередовища, коректніÑть Ñких Ñлід перевірÑти:Змінні Ñередовища, Ñкі Ñлід зберегти:Змінні Ñередовища, Ñкі Ñлід вилучити:Помилка: виÑвлено поÑÐ¸Ð»Ð°Ð½Ð½Ñ %s_Alias «%s», Ñке не визначеноПомилка: цикл у %s_Alias «%s»Файл з наÑтановами щодо sudo: %sДеÑкриптори файлів >= %d буде закрито перед виконаннÑм командиФайл, у Ñкому Ñлід зберігати журнал введеннÑ/Ð²Ð¸Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ…: %sПараметри програми ел. пошти: %sЧи Ñлід ігнорувати локальний файл sudoers, Ñкщо Ñ” доÑтуп до каталогу LDAPЯкщо вÑтановлено, запит щодо паролю замінюватиме запит ÑиÑтеми.Якщо вÑтановлено, кориÑтувачі можуть перевизначати Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Â«closefrom» за допомогою параметра -CЯкщо sudo викликано без параметрів, запуÑкати командну оболонкуІгнорувати «.» у $PATHÐŸÐ¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾ помилковий пароль: %sЗнущатиÑÑ Ð· кориÑтувача, Ñкщо введено помилковий парольsudo зібрано з підтримкою некоректних ÑпоÑобів розпізнаваннÑ! Ðе можна змішувати влаÑні Ñ– зовнішні ÑпоÑоби розпізнаваннÑ.Показувати наÑтанови кориÑтувачеві під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÑˆÐ¾Ð³Ð¾ запуÑку sudoПозиціÑ, на Ñкій Ñлід переноÑити Ñ€Ñдки файла журналу (0 — без перенеÑеннÑ): %uПари локальних IP-Ð°Ð´Ñ€ÐµÑ Ñ– маÑок мережі: Локаль, Ñку Ñлід викориÑтати під Ñ‡Ð°Ñ Ð¾Ð±Ñ€Ð¾Ð±ÐºÐ¸ sudoers: %sÐ’Ñтановлено формат журналу %d x %d, тоді Ñк формат термінала — %d x %d.ЗапиÑувати назву вузла до файла журналу (не syslog)ЗапиÑувати дані, виведені командою під Ñ‡Ð°Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½ÑЗапиÑувати рік до файла журналу (не syslog)ЗапиÑувати дані, вказані кориÑтувачем під Ñ‡Ð°Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸Ð’Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ñ–Ñть запиÑів Defaults Ð´Ð»Ñ %s на %s: МакÑимальний номер у поÑлідовноÑті журналу введеннÑ-виведеннÑ: %uÐемає кориÑтувача або вузлаКількіÑть Ñпроб Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ: %uДозволÑти кориÑтувачеві виконувати sudo, лише Ñкщо з ним пов’Ñзано ttyÐ’Ñтановлювати Ð´Ð»Ñ Ð¿Ð¾Ñ‚Ñ€Ñ–Ð±Ð½Ð¾Ð³Ð¾ кориÑтувача ефективний uid, а не Ñправжній uidПараметри: (e) — повторне Ñ€ÐµÐ´Ð°Ð³ÑƒÐ²Ð°Ð½Ð½Ñ Ñ„Ð°Ð¹Ð»Ð° sudoers (x) — вийти без внеÑÐµÐ½Ð½Ñ Ð·Ð¼Ñ–Ð½ до файла sudoers (Q) — вийти зі збереженнÑм файла sudoers (ÐЕБЕЗПЕЧÐО!) ВлаÑник каталогу чаÑових штампів розпізнаваннÑ: %sПомилка Ñ€Ð¾Ð·Ð¿Ñ–Ð·Ð½Ð°Ð²Ð°Ð½Ð½Ñ PAM: %sÐазва Ñлужби PAM, Ñкою Ñлід ÑкориÑтатиÑÑÐазва Ñлужби PAM, Ñкою Ñлід ÑкориÑтатиÑÑ Ð´Ð»Ñ Ð¾Ð±Ð¾Ð»Ð¾Ð½Ð¾Ðº входу до ÑиÑтемиСтрок дії Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð·Ð±Ñ–Ð³, звернітьÑÑ Ð´Ð¾ адмініÑтратора вашої ÑиÑтеми щодо Ð¿Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»ÑÐ§Ð°Ñ Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð° Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ: %.1f хвилинаПароль:ШлÑÑ… до каталогу чаÑових штампів розпізнаваннÑ: %sШлÑÑ… до файла журналу: %sШлÑÑ… до програми ел. пошти: %sШлÑÑ… до редактора, Ñкий викориÑтовуватиме visudo: %sШлÑÑ… до Ñпецифічного Ð´Ð»Ñ sudo файла Ñередовища: %sДодаток Ð´Ð»Ñ Ð¿Ñ–Ð´Ñ‚Ñ€Ð¸Ð¼ÐºÐ¸ не-Unix груп: %sПопередньо завантажувати фіктивні функції Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð· бібліотеки sudo_noexecÐадÑилати запит на пароль root, а не кориÑтувачаÐадÑилати запит щодо Ð¿Ð°Ñ€Ð¾Ð»Ñ runas_default, але Ð¿Ð°Ñ€Ð¾Ð»Ñ Ñамого кориÑтувачаÐадÑилати запит щодо Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð¿Ð¾Ñ‚Ñ€Ñ–Ð±Ð½Ð¾Ð³Ð¾ кориÑтувача, але Ð¿Ð°Ñ€Ð¾Ð»Ñ Ñамого кориÑтувачаСупроводжувати Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ ÐºÐ¾Ñ€Ð¸Ñтувачем Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð¿Ð¾ÐºÐ°Ð·Ð¾Ð¼ замінників Ñимволів паролÑРозташовувати запит щодо OTP у окремому Ñ€ÑÐ´ÐºÑƒÐ’Ñ–Ð´Ñ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÑеанÑу sudo: %s У файлі sudoers Ñлід вказати повні назви вузлівТипово, вимагати розпізнаваннÑВідновити типовий набір змінних ÑередовищаRoot може виконувати sudoВиконувати команди у pty у фоновому режиміТипові Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð»Ñ Ð·Ð°Ð¿ÑƒÑку від імені Ñ– команд Ð´Ð»Ñ %s: Роль SELinux, Ñку Ñлід викориÑтати у новому контекÑті захиÑту: %sТип SELinux, Ñкий Ñлід викориÑтати у новому контекÑті захиÑту: %sÑпроба обміну даними з SecurID зазнала невдачіÐадÑилати лиÑта, Ñкщо кориÑтувачеві заборонено виконувати командуÐадÑилати лиÑта, Ñкщо кориÑтувача немає Ñеред sudoersÐадÑилати лиÑта, Ñкщо кориÑтувача немає у ÑпиÑку sudoers цього вузлаÐадÑилати лиÑта, Ñкщо кориÑтувачу не вдалоÑÑ Ð¿Ñ€Ð¾Ð¹Ñ‚Ð¸ розпізнаваннÑÐ’Ñтановлювати $HOME відповідно до вказаного кориÑтувача Ð´Ð»Ñ Ð·Ð°Ð¿ÑƒÑку оболонки з -sÐабір обмежувальних прав доÑтупуÐабір дозвільних прав доÑтупуВÑтановити Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð¼Ñ–Ð½Ð½Ð¸Ñ… Ñередовища LOGNAME Ñ– USERÐ’Ñтановити кориÑтувача у utmp у Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ ÐºÐ¾Ñ€Ð¸Ñтувача, від імені Ñкого виконуєтьÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð°Ð’Ð¸Ð±Ð°Ñ‡Ñ‚Ðµ, повторіть Ñпробу.Вибачте, кориÑтувач %s не має права виконувати «%s%s%s» від імені %s%s%s на %s. Вибачте, кориÑтувач %s не має права виконувати sudo на %s. Тема лиÑтів: %sГраматична перевірка файла sudoers верÑÑ–Ñ— %d Додаток правил sudoers верÑÑ–Ñ— %s ІнÑтрумент Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»Ñƒ, Ñкщо викориÑтано syslog: %sПріоритетніÑть, Ñка викориÑтовуватиметьÑÑ Ñƒ syslog Ð´Ð»Ñ ÑƒÑпішних розпізнавань: %sПріоритетніÑть, Ñка викориÑтовуватиметьÑÑ Ñƒ syslog Ð´Ð»Ñ Ð½ÐµÑƒÑпішних розпізнавань: %sÐ—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ umask, вказане у sudoers, перевизначатиме Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ ÐºÐ¾Ñ€Ð¸Ñтувача, навіть Ñкщо це Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ð²Ð°Ñ” ширший доÑтупsudo зібрано без можливоÑтей з взаємодії з інÑтрументами розпізнаваннÑ! Якщо ви хочете вимкнути розпізнаваннÑ, ÑкориÑтайтеÑÑ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð¾Ð¼ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ --disable-authentication.Потрібне Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ umask або 0777 Ð´Ð»Ñ ÐºÐ¾Ñ€Ð¸Ñтувачевого: 0%oОкремий чаÑовий штамп Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ñ— комбінації кориÑтувач/ttyШвидше вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ð¾Ñті, менш точне, але без доÑтупу до файлової ÑиÑтемиКориÑтувач %s не має права виконувати sudo на %s. КориÑтувач %s має право виконувати на %s такі команди: Ідентифікатор кориÑтувача заблоковано Ð´Ð»Ñ Ñ€Ð¾Ð·Ð¿Ñ–Ð·Ð½Ð°Ð²Ð°Ð½Ð½Ñ SecurIDКориÑтувачів цієї групи звільнено від потреби у введенні Ð¿Ð°Ñ€Ð¾Ð»Ñ Ñ– PATH: %sÐ—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð»Ñ Ð·Ð°Ð¼Ñ–Ð½Ð¸ $PATH кориÑтувача: %sVisudo зважатимwill honor the EDITOR environment variableПопередженнÑ: виÑвлено поÑÐ¸Ð»Ð°Ð½Ð½Ñ %s_Alias «%s», Ñке не визначеноПопередженнÑ: цикл у %s_Alias «%s»ПопередженнÑ: розміри вашого термінала Ñ” замалими Ð´Ð»Ñ Ð½Ð°Ð»ÐµÐ¶Ð½Ð¾Ð³Ð¾ показу журналу. Рзараз що? Умови запиту Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð´Ð»Ñ Ð¿Ñевдокоманди «list»: %sУмови запиту Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð´Ð»Ñ Ð¿Ñевдокоманди «verify»: %sÑлід вказати парольпомилка під Ñ‡Ð°Ñ Ñпроби перевірки облікового запиÑу. Ваш обліковий Ð·Ð°Ð¿Ð¸Ñ Ð·Ð°Ð±Ð»Ð¾ÐºÐ¾Ð²Ð°Ð½Ð¾?неоднозначний вираз «%s»помилка під Ñ‡Ð°Ñ Ñпроби розпізнаваннÑпомилка Ñервера розпізнаваннÑ: %sпомилка команди: «%s %s %s», %s не зміненокоманда у поточному ÐºÐ°Ñ‚Ð°Ð»Ð¾Ð·Ñ–Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸ забороненоне вдалоÑÑ Ð¾Ð±Ñ€Ð¾Ð±Ð¸Ñ‚Ð¸ дату «%s»контрольну Ñуму Ð´Ð»Ñ %s (%s) подано не у формі %sпомилка редактора (%s), %s не зміненопомилка Ð¿ÐµÑ€ÐµÐ¹Ð¼ÐµÐ½ÑƒÐ²Ð°Ð½Ð½Ñ %s, %s не зміненоне вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ бібліотеку програмного інтерфейÑу до ACEне вдалоÑÑ Ð¾Ð±Ñ€Ð¾Ð±Ð¸Ñ‚Ð¸ файл %s, невідома помилкаfill_args: Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ Ð±ÑƒÑ„ÐµÑ€Ð°Ð¿Ñ€Ð¾Ð¿ÑƒÑ‰ÐµÐ½Ð¾ «%s» знайдений у «.» СкориÑтайтеÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¾ÑŽ «sudo ./%s», Ñкщо вам потрібно виконати Ñаме «%s».помилкове завершальне «!»помилкове завершальне «orÂ»Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ %sÐ²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, не вдалоÑÑ Ð·Ð½Ð°Ð¹Ñ‚Ð¸ %s у ÑпиÑку!Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°: недоÑтатньо міÑÑ†Ñ Ð´Ð»Ñ Ñ€Ñдка журналунекоректний деÑкриптор Ñ€Ð¾Ð·Ð¿Ñ–Ð·Ð½Ð°Ð²Ð°Ð½Ð½Ñ Ð´Ð»Ñ SecurIDнекоректні ÑпоÑоби розпізнаваннÑнекоректний тип розпізнаваннÑнекоректний параметр фільтруваннÑ: %sнекоректне Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¼Ð°ÐºÑ. очікуваннÑ: %sнекоректна довжина коду Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð´Ð»Ñ SecurIDнекоректний формальний вираз: %sнекоректний коефіцієнт швидкоÑті: %sнекоректний атрибут sudoOrder: %sнекоректний Ñ€Ñдок у файлі timing: %sнекоректна довжина імені кориÑтувача Ð´Ð»Ñ SecurIDШлÑÑ… до ldap.conf: %s ШлÑÑ… до ldap.secret: %s втрачено зв’Ñзок з Ñервером розпізнаваннÑнемає ÑпоÑобів розпізнаваннÑне знайдено жодного редактора (шлÑÑ… до редактора = %s)немає ttyне знайдено коректних джерел даних sudoers, Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñ€Ð¾Ð±Ð¾Ñ‚Ð¸Ð½Ðµ вказано Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð»Ñ Â«%s»ШлÑÑ… до nsswitch: %s викориÑтовувати «-c %s» може лише rootпараметру «%s» не потрібно передавати значеннÑпомилка обробки у %sпомилка обробки у %s помилка обробки у %s поблизу Ñ€Ñдка %dпомилка обробки у %s поблизу Ñ€Ñдка %d Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ Ñтека доÑÑ‚ÑƒÐ¿ÑƒÐ²Ð¸Ñ‡ÐµÑ€Ð¿Ð°Ð½Ð½Ñ Ñтека доÑтупунатиÑніть Enter Ð´Ð»Ñ Ñ€ÐµÐ´Ð°Ð³ÑƒÐ²Ð°Ð½Ð½Ñ %s: проблема з типовими запиÑамивибачте, вам не дозволено зберігати Ñередовищевибачте, вам не дозволено вÑтановлювати такі змінні Ñередовища: %sвибачте, Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ sudo вашому кориÑтувачеві потрібен ttyвказаного редактора (%s) не Ñ–Ñнуєstart_tls вказано, але у бібліотеках LDAP не передбачено підтримки ldap_start_tls_s() або ldap_start_tls_s_np()підтримки starttls, Ñкщо викориÑтовуєтьÑÑ ldaps, не передбаченоsudo_ldap_build_pass1: невідповідніÑть розміщеннÑsudo_ldap_conf_add_ports: вихід за межі розширеного буфера вузлаsudo_ldap_conf_add_ports: занадто великий номер портуsudo_ldap_parse_uri: вихід за межі пам’Ñті під Ñ‡Ð°Ñ Ð¿Ð¾Ð±ÑƒÐ´Ð¾Ð²Ð¸ буфера вузлаsudo_putenv: помилкове Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ envp, невідповідніÑть довжинsudoers вказує, що sudo не можна кориÑтуватиÑÑ Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´ від rootвлаÑник чаÑового штампа (%s): не знайдено кориÑтувача з таким іменемшлÑÑ… чаÑового штампа Ñ” занадто довгим: %sзанадто далекий чаÑовий штамп у майбутньому: %20.20sзанадто виÑокий рівень вкладеноÑтізабагато процеÑівне вдалоÑÑ Ñ€Ð¾Ð·Ð¿Ð¾Ñ‡Ð°Ñ‚Ð¸ Ñ€Ð¾Ð·Ð¿Ñ–Ð·Ð½Ð°Ð²Ð°Ð½Ð½Ñ Ð·Ð° BSDне вдалоÑÑ Ð¿Ð¾Ð±ÑƒÐ´ÑƒÐ²Ð°Ñ‚Ð¸ фільтр чаÑуне вдалоÑÑ ÐºÐµÑˆÑƒÐ²Ð°Ñ‚Ð¸ gid %u, Ð·Ð°Ð¿Ð¸Ñ Ð²Ð¶Ðµ Ñ–Ñнуєне вдалоÑÑ ÐºÐµÑˆÑƒÐ²Ð°Ñ‚Ð¸ групу %s, Ð·Ð°Ð¿Ð¸Ñ Ð²Ð¶Ðµ Ñ–Ñнуєне вдалоÑÑ ÐºÐµÑˆÑƒÐ²Ð°Ñ‚Ð¸ ÑпиÑок груп %s, Ð·Ð°Ð¿Ð¸Ñ Ð²Ð¶Ðµ Ñ–Ñнуєне вдалоÑÑ ÐºÐµÑˆÑƒÐ²Ð°Ñ‚Ð¸ uid %u, Ð·Ð°Ð¿Ð¸Ñ Ð²Ð¶Ðµ Ñ–Ñнуєне вдалоÑÑ ÐºÐµÑˆÑƒÐ²Ð°Ñ‚Ð¸ кориÑтувача %s, Ð·Ð°Ð¿Ð¸Ñ Ð²Ð¶Ðµ Ñ–Ñнуєне вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ пароль, Ñтрок дії Ñкого завершивÑÑ: %sне вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ режим доÑтупу до %s на Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ 0%oне вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ ідентифікатор групи (gid) rootне вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ gid на runasне вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ uid на runasне вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ gid на sudoersне вдалоÑÑ Ð½Ð°Ð´Ñ–Ñлати Ð·Ð°Ð¿Ð¸Ñ Ð°ÑƒÐ´Ð¸Ñ‚Ð°Ð½Ðµ вдалоÑÑ Ð²Ñтановити Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð· Ñервером розпізнаваннÑне вдалоÑÑ Ð²Ñтановити зв’Ñзок з Ñервером SecurIDне вдалоÑÑ Ñтворити %sне вдалоÑÑ Ð·Ð´ÑƒÐ±Ð»ÑŽÐ²Ð°Ñ‚Ð¸ stdin: %mне вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ %sне вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ %s: %mне вдалоÑÑ Ð·Ð½Ð°Ð¹Ñ‚Ð¸ Ñимвол «%s» у %sне вдалоÑÑ Ð·Ð½Ð°Ð¹Ñ‚Ð¸ Ñимвол «group_plugin» у %sне вдалоÑÑ Ñтворити відгалуженнÑне вдалоÑÑ Ñтворити відгалуженнÑ: %mне вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ Ñ„Ð¾Ñ€Ð¼Ð°Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‡Ð°Ñового штампане вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ гринвіцький чаÑне вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ ÐºÐ»Ð°Ñ Ð²Ñ…Ð¾Ð´Ñƒ до ÑиÑтеми Ð´Ð»Ñ ÐºÐ¾Ñ€Ð¸Ñтувача %sне вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ Ñ€Ð¾Ð·Ð¿Ñ–Ð·Ð½Ð°Ð²Ð°Ð½Ð½Ñ Ð·Ð° BSDне вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ LDAP: %sне вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ PAMне вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ ÑÐµÐ°Ð½Ñ SIAне вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ базу даних Ñертифікатів Ñ– ключів SSL: %sÐе вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ джерело SSS. Чи вÑтановлено у вашій ÑиÑтемі SSSD?не вдалоÑÑ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶Ð¸Ñ‚Ð¸ %s: %sне вдалоÑÑ Ð·Ð°Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ñ‚Ð¸ файл журналу: %s: %sне можна викориÑтовувати Ñуміш з Ð°Ð´Ñ€ÐµÑ ldap Ñ– ldapsне вдалоÑÑ Ñтворити каталог %sне вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ %sне вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ ÑиÑтему аудитане вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ файл журналу: %s: %sне вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ канал: %mне вдалоÑÑ Ð¾Ð±Ñ€Ð¾Ð±Ð¸Ñ‚Ð¸ запиÑи груп %sне вдалоÑÑ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾ відкрити файл тимчаÑових даних (%s), %s не змінено.не вдалоÑÑ Ð¿Ñ€Ð¾Ñ‡Ð¸Ñ‚Ð°Ñ‚Ð¸ %sне вдалоÑÑ Ð¿Ñ€Ð¾Ñ‡Ð¸Ñ‚Ð°Ñ‚Ð¸ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ fwtkна вдалоÑÑ Ð²Ð¸Ð»ÑƒÑ‡Ð¸Ñ‚Ð¸ %s, Ñ‡Ð°Ñ Ð±ÑƒÐ´Ðµ змінено відповідно до епохи UNIXне вдалоÑÑ Ñкинути Ñ‡Ð°Ñ %s до епохи UNIXне вдалоÑÑ Ð²Ð¸Ð·Ð½Ð°Ñ‡Ð¸Ñ‚Ð¸ адреÑу вузла %sне вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ %sне вдалоÑÑ Ð½Ð°Ð´Ñ–Ñлати Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð°ÑƒÐ´Ð¸Ñ‚Ð°Ð½Ðµ вдалоÑÑ Ð²Ñтановити (uid, gid) %s у Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ (%u, %u)не вдалоÑÑ Ð²Ñтановити вектор групи виконаннÑне вдалоÑÑ Ð¿ÐµÑ€ÐµÐ²ÐµÑти tty у режим без обробки данихне вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ stat Ð´Ð»Ñ %sне вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ stat Ð´Ð»Ñ Ñ€ÐµÐ´Ð°ÐºÑ‚Ð¾Ñ€Ð° (%s)не вдалоÑÑ Ð¾Ð±Ñ€Ð¾Ð±Ð¸Ñ‚Ð¸ stat файл тимчаÑових даних (%s), %s не зміненоне вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ Ð·Ð°Ð¿Ð¸Ñ Ð´Ð¾ %sне вдалоÑÑ Ð¾Ð±Ñ€Ð¾Ð±Ð¸Ñ‚Ð¸ файл тимчаÑових даних (%s), невідома помилканевідома помилка SecurIDневідомий Ð·Ð°Ð¿Ð¸Ñ Ñ‚Ð¸Ð¿Ð¾Ð²Ð¸Ñ… параметрів «%s»невідома група: %sневідомий ÐºÐ»Ð°Ñ Ð²Ñ…Ð¾Ð´Ñƒ: %sневідомий ключ пошуку «%s»невідомий тип пошуку %dневідоме Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ uid: %uневідомий кориÑтувач: %sзайва дужка, «(», у виразізайва дужка, «)», у виразінепідтримуваний тип адреÑи LDAP: %sнепідтримуваний тип контрольної Ñуми, %d, Ð´Ð»Ñ %sвикориÑтаннÑ: %s [-h] [-d каталог] -l [вираз Ð´Ð»Ñ Ð¿Ð¾ÑˆÑƒÐºÑƒ] кориÑтуваннÑ: %s [-h] [-d каталог] [-m чиÑло] [-s чиÑло] ідентифікатор кориÑтувача не уповноважено на дії на вузлікориÑтувача немає у ÑпиÑку sudoersпомилка під Ñ‡Ð°Ñ Ñпроби Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Â«%s» Ñ” некоректним Ð´Ð»Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð° «%sÂ»Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð»Ñ Â«%s» має починатиÑÑ Ð· «/»помилка запиÑувам не дозволено викориÑтовувати параметр -CÐ²Ð°Ñ Ð½ÐµÐ¼Ð°Ñ” у базі даних %sщоб ÑкориÑтатиÑÑ SSL, вам Ñлід вÑтановити Ð´Ð»Ñ TLS_CERT Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ %sфайл тимчаÑових даних має нульовий об’єм (%s), %s не зміненоsudo-1.8.9p5/plugins/sudoers/po/uk.po010064400175440000012000002173751226304126300171240ustar00millertstaff# Ukrainian translation for sudoers. # This file is put in the public domain. # # Yuri Chornoivan , 2011, 2012, 2013. msgid "" msgstr "" "Project-Id-Version: sudoers 1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-17 10:47-0700\n" "PO-Revision-Date: 2013-12-26 22:25+0200\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" "Language: uk\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=4; plural=n==1 ? 3 : n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" "X-Generator: Lokalize 1.5\n" #: confstr.sh:2 msgid "Password:" msgstr "Пароль:" #: confstr.sh:3 msgid "*** SECURITY information for %h ***" msgstr "*** Дані щодо ЗÐХИСТУ %h ***" #: confstr.sh:4 msgid "Sorry, try again." msgstr "Вибачте, повторіть Ñпробу." #: plugins/sudoers/alias.c:136 #, c-format msgid "Alias `%s' already defined" msgstr "Замінник «%s» вже визначено" #: plugins/sudoers/auth/bsdauth.c:75 #, c-format msgid "unable to get login class for user %s" msgstr "не вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ ÐºÐ»Ð°Ñ Ð²Ñ…Ð¾Ð´Ñƒ до ÑиÑтеми Ð´Ð»Ñ ÐºÐ¾Ñ€Ð¸Ñтувача %s" #: plugins/sudoers/auth/bsdauth.c:81 msgid "unable to begin bsd authentication" msgstr "не вдалоÑÑ Ñ€Ð¾Ð·Ð¿Ð¾Ñ‡Ð°Ñ‚Ð¸ Ñ€Ð¾Ð·Ð¿Ñ–Ð·Ð½Ð°Ð²Ð°Ð½Ð½Ñ Ð·Ð° BSD" #: plugins/sudoers/auth/bsdauth.c:89 msgid "invalid authentication type" msgstr "некоректний тип розпізнаваннÑ" #: plugins/sudoers/auth/bsdauth.c:98 msgid "unable to initialize BSD authentication" msgstr "не вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ Ñ€Ð¾Ð·Ð¿Ñ–Ð·Ð½Ð°Ð²Ð°Ð½Ð½Ñ Ð·Ð° BSD" #: plugins/sudoers/auth/fwtk.c:59 msgid "unable to read fwtk config" msgstr "не вдалоÑÑ Ð¿Ñ€Ð¾Ñ‡Ð¸Ñ‚Ð°Ñ‚Ð¸ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ fwtk" #: plugins/sudoers/auth/fwtk.c:64 msgid "unable to connect to authentication server" msgstr "не вдалоÑÑ Ð²Ñтановити Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð· Ñервером розпізнаваннÑ" #: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 #: plugins/sudoers/auth/fwtk.c:127 msgid "lost connection to authentication server" msgstr "втрачено зв’Ñзок з Ñервером розпізнаваннÑ" #: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" "помилка Ñервера розпізнаваннÑ:\n" "%s" #: plugins/sudoers/auth/kerb5.c:116 #, c-format msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s: не вдалоÑÑ Ð¿ÐµÑ€ÐµÑ‚Ð²Ð¾Ñ€Ð¸Ñ‚Ð¸ реєÑтраційний Ð·Ð°Ð¿Ð¸Ñ Ð½Ð° Ñ€Ñдок («%s»): %s" #: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: не вдалоÑÑ Ð¾Ð±Ñ€Ð¾Ð±Ð¸Ñ‚Ð¸ «%s»: %s" #: plugins/sudoers/auth/kerb5.c:169 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: не вдалоÑÑ Ð²Ð¸Ð·Ð½Ð°Ñ‡Ð¸Ñ‚Ð¸ кеш реєÑтраційних даних: %s" #: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: не вдалоÑÑ Ñ€Ð¾Ð·Ð¼Ñ–Ñтити параметри: %s" #: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: не вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ реєÑтраційні дані: %s" #: plugins/sudoers/auth/kerb5.c:246 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: не вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ кеш реєÑтраційних даних: %s" #: plugins/sudoers/auth/kerb5.c:250 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: не вдалоÑÑ Ð·Ð±ÐµÑ€ÐµÐ³Ñ‚Ð¸ реєÑтраційні дані у кеші: %s" #: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: не вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ реєÑтраційний Ð·Ð°Ð¿Ð¸Ñ Ð²ÑƒÐ·Ð»Ð°: %s" #: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: Ñпроба перевірки TGT зазнала невдачі! Ймовірно, Ð²Ð°Ñ Ð°Ñ‚Ð°ÐºÐ¾Ð²Ð°Ð½Ð¾: %s" #: plugins/sudoers/auth/pam.c:98 msgid "unable to initialize PAM" msgstr "не вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ PAM" #: plugins/sudoers/auth/pam.c:149 msgid "account validation failure, is your account locked?" msgstr "помилка під Ñ‡Ð°Ñ Ñпроби перевірки облікового запиÑу. Ваш обліковий Ð·Ð°Ð¿Ð¸Ñ Ð·Ð°Ð±Ð»Ð¾ÐºÐ¾Ð²Ð°Ð½Ð¾?" #: plugins/sudoers/auth/pam.c:153 msgid "Account or password is expired, reset your password and try again" msgstr "Строк дії облікового запиÑу або Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð·Ð±Ñ–Ð³, визначте новий пароль Ñ– повторіть Ñпробу" #: plugins/sudoers/auth/pam.c:161 #, c-format msgid "unable to change expired password: %s" msgstr "не вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ пароль, Ñтрок дії Ñкого завершивÑÑ: %s" #: plugins/sudoers/auth/pam.c:166 msgid "Password expired, contact your system administrator" msgstr "Строк дії Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð·Ð±Ñ–Ð³, звернітьÑÑ Ð´Ð¾ адмініÑтратора вашої ÑиÑтеми щодо Ð¿Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ" #: plugins/sudoers/auth/pam.c:170 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Строк дії облікового запиÑу збіг або у файлі налаштувань PAM немає розділу \"account\" Ð´Ð»Ñ sudo. Повідомте про це адмініÑтратора вашої ÑиÑтеми." #: plugins/sudoers/auth/pam.c:187 #, c-format msgid "PAM authentication error: %s" msgstr "Помилка Ñ€Ð¾Ð·Ð¿Ñ–Ð·Ð½Ð°Ð²Ð°Ð½Ð½Ñ PAM: %s" #: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:222 #, c-format msgid "you do not exist in the %s database" msgstr "Ð²Ð°Ñ Ð½ÐµÐ¼Ð°Ñ” у базі даних %s" #: plugins/sudoers/auth/securid5.c:80 msgid "failed to initialise the ACE API library" msgstr "не вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ бібліотеку програмного інтерфейÑу до ACE" #: plugins/sudoers/auth/securid5.c:106 msgid "unable to contact the SecurID server" msgstr "не вдалоÑÑ Ð²Ñтановити зв’Ñзок з Ñервером SecurID" #: plugins/sudoers/auth/securid5.c:115 msgid "User ID locked for SecurID Authentication" msgstr "Ідентифікатор кориÑтувача заблоковано Ð´Ð»Ñ Ñ€Ð¾Ð·Ð¿Ñ–Ð·Ð½Ð°Ð²Ð°Ð½Ð½Ñ SecurID" #: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 msgid "invalid username length for SecurID" msgstr "некоректна довжина імені кориÑтувача Ð´Ð»Ñ SecurID" #: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 msgid "invalid Authentication Handle for SecurID" msgstr "некоректний деÑкриптор Ñ€Ð¾Ð·Ð¿Ñ–Ð·Ð½Ð°Ð²Ð°Ð½Ð½Ñ Ð´Ð»Ñ SecurID" #: plugins/sudoers/auth/securid5.c:127 msgid "SecurID communication failed" msgstr "Ñпроба обміну даними з SecurID зазнала невдачі" #: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 msgid "unknown SecurID error" msgstr "невідома помилка SecurID" #: plugins/sudoers/auth/securid5.c:165 msgid "invalid passcode length for SecurID" msgstr "некоректна довжина коду Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð´Ð»Ñ SecurID" #: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "не вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ ÑÐµÐ°Ð½Ñ SIA" #: plugins/sudoers/auth/sudo_auth.c:119 msgid "invalid authentication methods" msgstr "некоректні ÑпоÑоби розпізнаваннÑ" #: plugins/sudoers/auth/sudo_auth.c:120 msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." msgstr "sudo зібрано з підтримкою некоректних ÑпоÑобів розпізнаваннÑ! Ðе можна змішувати влаÑні Ñ– зовнішні ÑпоÑоби розпізнаваннÑ." #: plugins/sudoers/auth/sudo_auth.c:203 msgid "no authentication methods" msgstr "немає ÑпоÑобів розпізнаваннÑ" #: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "sudo зібрано без можливоÑтей з взаємодії з інÑтрументами розпізнаваннÑ! Якщо ви хочете вимкнути розпізнаваннÑ, ÑкориÑтайтеÑÑ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð¾Ð¼ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ --disable-authentication." #: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "СпоÑоби розпізнаваннÑ:" #: plugins/sudoers/bsm_audit.c:91 plugins/sudoers/bsm_audit.c:158 msgid "Could not determine audit condition" msgstr "Ðе вдалоÑÑ Ð²Ð¸Ð·Ð½Ð°Ñ‡Ð¸Ñ‚Ð¸ умови аудита" #: plugins/sudoers/bsm_audit.c:134 plugins/sudoers/bsm_audit.c:199 msgid "unable to commit audit record" msgstr "не вдалоÑÑ Ð½Ð°Ð´Ñ–Ñлати Ð·Ð°Ð¿Ð¸Ñ Ð°ÑƒÐ´Ð¸Ñ‚Ð°" #: plugins/sudoers/check.c:189 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" "Administrator. It usually boils down to these three things:\n" "\n" " #1) Respect the privacy of others.\n" " #2) Think before you type.\n" " #3) With great power comes great responsibility.\n" "\n" msgstr "" "\n" "Ми ÑподіваємоÑÑ, що ви отримали належні наÑтанови від адмініÑтратора\n" "локальної ÑиÑтеми. Зазвичай, подібні наÑтанови зводÑтьÑÑ Ð´Ð¾ такого:\n" "\n" " #1) Поважайте конфіденційніÑть даних інших кориÑтувачів.\n" " #2) Обдумайте Ñвої дії, перш ніж виконувати Ñ—Ñ….\n" " #3) КориÑÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ ÑˆÐ¸Ñ€Ð¾ÐºÐ¸Ð¼Ð¸ правами розширює Ñферу відповідальноÑті.\n" "\n" #: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 #: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:588 #, c-format msgid "unknown uid: %u" msgstr "невідоме Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ uid: %u" #: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:657 #: plugins/sudoers/sudoers.c:850 plugins/sudoers/testsudoers.c:211 #: plugins/sudoers/testsudoers.c:363 #, c-format msgid "unknown user: %s" msgstr "невідомий кориÑтувач: %s" #: plugins/sudoers/def_data.c:27 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "ІнÑтрумент Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»Ñƒ, Ñкщо викориÑтано syslog: %s" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "ПріоритетніÑть, Ñка викориÑтовуватиметьÑÑ Ñƒ syslog Ð´Ð»Ñ ÑƒÑпішних розпізнавань: %s" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "ПріоритетніÑть, Ñка викориÑтовуватиметьÑÑ Ñƒ syslog Ð´Ð»Ñ Ð½ÐµÑƒÑпішних розпізнавань: %s" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" msgstr "Розташовувати запит щодо OTP у окремому Ñ€Ñдку" #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" msgstr "Ігнорувати «.» у $PATH" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" msgstr "Завжди надÑилати лиÑта, коли викликано sudo" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" msgstr "ÐадÑилати лиÑта, Ñкщо кориÑтувачу не вдалоÑÑ Ð¿Ñ€Ð¾Ð¹Ñ‚Ð¸ розпізнаваннÑ" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" msgstr "ÐадÑилати лиÑта, Ñкщо кориÑтувача немає Ñеред sudoers" #: plugins/sudoers/def_data.c:59 msgid "Send mail if the user is not in sudoers for this host" msgstr "ÐадÑилати лиÑта, Ñкщо кориÑтувача немає у ÑпиÑку sudoers цього вузла" #: plugins/sudoers/def_data.c:63 msgid "Send mail if the user is not allowed to run a command" msgstr "ÐадÑилати лиÑта, Ñкщо кориÑтувачеві заборонено виконувати команду" #: plugins/sudoers/def_data.c:67 msgid "Use a separate timestamp for each user/tty combo" msgstr "Окремий чаÑовий штамп Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ñ— комбінації кориÑтувач/tty" #: plugins/sudoers/def_data.c:71 msgid "Lecture user the first time they run sudo" msgstr "Показувати наÑтанови кориÑтувачеві під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÑˆÐ¾Ð³Ð¾ запуÑку sudo" #: plugins/sudoers/def_data.c:75 #, c-format msgid "File containing the sudo lecture: %s" msgstr "Файл з наÑтановами щодо sudo: %s" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" msgstr "Типово, вимагати розпізнаваннÑ" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" msgstr "Root може виконувати sudo" #: plugins/sudoers/def_data.c:87 msgid "Log the hostname in the (non-syslog) log file" msgstr "ЗапиÑувати назву вузла до файла журналу (не syslog)" #: plugins/sudoers/def_data.c:91 msgid "Log the year in the (non-syslog) log file" msgstr "ЗапиÑувати рік до файла журналу (не syslog)" #: plugins/sudoers/def_data.c:95 msgid "If sudo is invoked with no arguments, start a shell" msgstr "Якщо sudo викликано без параметрів, запуÑкати командну оболонку" #: plugins/sudoers/def_data.c:99 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "Ð’Ñтановлювати $HOME відповідно до вказаного кориÑтувача Ð´Ð»Ñ Ð·Ð°Ð¿ÑƒÑку оболонки з -s" #: plugins/sudoers/def_data.c:103 msgid "Always set $HOME to the target user's home directory" msgstr "Завжди вÑтановлювати значеннÑм $HOME домашній каталог вказаного кориÑтувача" #: plugins/sudoers/def_data.c:107 msgid "Allow some information gathering to give useful error messages" msgstr "Дозволити Ð·Ð±Ð¸Ñ€Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… з метою Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ñ€Ð¾Ð·ÑƒÐ¼Ñ–Ð»Ð¸Ñ… повідомлень про помилки" #: plugins/sudoers/def_data.c:111 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "У файлі sudoers Ñлід вказати повні назви вузлів" #: plugins/sudoers/def_data.c:115 msgid "Insult the user when they enter an incorrect password" msgstr "ЗнущатиÑÑ Ð· кориÑтувача, Ñкщо введено помилковий пароль" #: plugins/sudoers/def_data.c:119 msgid "Only allow the user to run sudo if they have a tty" msgstr "ДозволÑти кориÑтувачеві виконувати sudo, лише Ñкщо з ним пов’Ñзано tty" #: plugins/sudoers/def_data.c:123 msgid "Visudo will honor the EDITOR environment variable" msgstr "Visudo зважатимwill honor the EDITOR environment variable" #: plugins/sudoers/def_data.c:127 msgid "Prompt for root's password, not the users's" msgstr "ÐадÑилати запит на пароль root, а не кориÑтувача" #: plugins/sudoers/def_data.c:131 msgid "Prompt for the runas_default user's password, not the users's" msgstr "ÐадÑилати запит щодо Ð¿Ð°Ñ€Ð¾Ð»Ñ runas_default, але Ð¿Ð°Ñ€Ð¾Ð»Ñ Ñамого кориÑтувача" #: plugins/sudoers/def_data.c:135 msgid "Prompt for the target user's password, not the users's" msgstr "ÐадÑилати запит щодо Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð¿Ð¾Ñ‚Ñ€Ñ–Ð±Ð½Ð¾Ð³Ð¾ кориÑтувача, але Ð¿Ð°Ñ€Ð¾Ð»Ñ Ñамого кориÑтувача" #: plugins/sudoers/def_data.c:139 msgid "Apply defaults in the target user's login class if there is one" msgstr "ЗаÑтоÑовувати типові параметри у клаÑÑ– вказаного кориÑтувача, Ñкщо такий ÐºÐ»Ð°Ñ Ñ”" #: plugins/sudoers/def_data.c:143 msgid "Set the LOGNAME and USER environment variables" msgstr "Ð’Ñтановити Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð¼Ñ–Ð½Ð½Ð¸Ñ… Ñередовища LOGNAME Ñ– USER" #: plugins/sudoers/def_data.c:147 msgid "Only set the effective uid to the target user, not the real uid" msgstr "Ð’Ñтановлювати Ð´Ð»Ñ Ð¿Ð¾Ñ‚Ñ€Ñ–Ð±Ð½Ð¾Ð³Ð¾ кориÑтувача ефективний uid, а не Ñправжній uid" #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" msgstr "Ðе ініціалізувати вектор групи відповідно до вказаного кориÑтувача" #: plugins/sudoers/def_data.c:155 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %u" msgstr "ПозиціÑ, на Ñкій Ñлід переноÑити Ñ€Ñдки файла журналу (0 — без перенеÑеннÑ): %u" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "Ð§Ð°Ñ Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð° чаÑовий штамп розпізнаваннÑ: %.1f хвилина" #: plugins/sudoers/def_data.c:163 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "Ð§Ð°Ñ Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð° Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ: %.1f хвилина" #: plugins/sudoers/def_data.c:167 #, c-format msgid "Number of tries to enter a password: %u" msgstr "КількіÑть Ñпроб Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ: %u" #: plugins/sudoers/def_data.c:171 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "Потрібне Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ umask або 0777 Ð´Ð»Ñ ÐºÐ¾Ñ€Ð¸Ñтувачевого: 0%o" #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" msgstr "ШлÑÑ… до файла журналу: %s" #: plugins/sudoers/def_data.c:179 #, c-format msgid "Path to mail program: %s" msgstr "ШлÑÑ… до програми ел. пошти: %s" #: plugins/sudoers/def_data.c:183 #, c-format msgid "Flags for mail program: %s" msgstr "Параметри програми ел. пошти: %s" #: plugins/sudoers/def_data.c:187 #, c-format msgid "Address to send mail to: %s" msgstr "ÐдреÑа, на Ñку надÑилатимутьÑÑ Ð»Ð¸Ñти: %s" #: plugins/sudoers/def_data.c:191 #, c-format msgid "Address to send mail from: %s" msgstr "ÐдреÑа, з Ñкої надÑилатимутьÑÑ Ð»Ð¸Ñти: %s" #: plugins/sudoers/def_data.c:195 #, c-format msgid "Subject line for mail messages: %s" msgstr "Тема лиÑтів: %s" #: plugins/sudoers/def_data.c:199 #, c-format msgid "Incorrect password message: %s" msgstr "ÐŸÐ¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾ помилковий пароль: %s" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "ШлÑÑ… до каталогу чаÑових штампів розпізнаваннÑ: %s" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "ВлаÑник каталогу чаÑових штампів розпізнаваннÑ: %s" #: plugins/sudoers/def_data.c:211 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "КориÑтувачів цієї групи звільнено від потреби у введенні Ð¿Ð°Ñ€Ð¾Ð»Ñ Ñ– PATH: %s" #: plugins/sudoers/def_data.c:215 #, c-format msgid "Default password prompt: %s" msgstr "Типовий запит паролÑ: %s" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." msgstr "Якщо вÑтановлено, запит щодо паролю замінюватиме запит ÑиÑтеми." #: plugins/sudoers/def_data.c:223 #, c-format msgid "Default user to run commands as: %s" msgstr "Типовий кориÑтувач Ð´Ð»Ñ Ð·Ð°Ð¿ÑƒÑку команд: %s" #: plugins/sudoers/def_data.c:227 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð»Ñ Ð·Ð°Ð¼Ñ–Ð½Ð¸ $PATH кориÑтувача: %s" #: plugins/sudoers/def_data.c:231 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "ШлÑÑ… до редактора, Ñкий викориÑтовуватиме visudo: %s" #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "Умови запиту Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð´Ð»Ñ Ð¿Ñевдокоманди «list»: %s" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "Умови запиту Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð´Ð»Ñ Ð¿Ñевдокоманди «verify»: %s" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in the sudo_noexec library" msgstr "Попередньо завантажувати фіктивні функції Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð· бібліотеки sudo_noexec" #: plugins/sudoers/def_data.c:247 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "Чи Ñлід ігнорувати локальний файл sudoers, Ñкщо Ñ” доÑтуп до каталогу LDAP" #: plugins/sudoers/def_data.c:251 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "ДеÑкриптори файлів >= %d буде закрито перед виконаннÑм команди" #: plugins/sudoers/def_data.c:255 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "Якщо вÑтановлено, кориÑтувачі можуть перевизначати Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Â«closefrom» за допомогою параметра -C" #: plugins/sudoers/def_data.c:259 msgid "Allow users to set arbitrary environment variables" msgstr "Дозволити кориÑтувачам вÑтановлювати Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð¾Ð²Ñ–Ð»ÑŒÐ½Ð¸Ñ… змінних Ñередовища" #: plugins/sudoers/def_data.c:263 msgid "Reset the environment to a default set of variables" msgstr "Відновити типовий набір змінних Ñередовища" #: plugins/sudoers/def_data.c:267 msgid "Environment variables to check for sanity:" msgstr "Змінні Ñередовища, коректніÑть Ñких Ñлід перевірÑти:" #: plugins/sudoers/def_data.c:271 msgid "Environment variables to remove:" msgstr "Змінні Ñередовища, Ñкі Ñлід вилучити:" #: plugins/sudoers/def_data.c:275 msgid "Environment variables to preserve:" msgstr "Змінні Ñередовища, Ñкі Ñлід зберегти:" #: plugins/sudoers/def_data.c:279 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "Роль SELinux, Ñку Ñлід викориÑтати у новому контекÑті захиÑту: %s" #: plugins/sudoers/def_data.c:283 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "Тип SELinux, Ñкий Ñлід викориÑтати у новому контекÑті захиÑту: %s" #: plugins/sudoers/def_data.c:287 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "ШлÑÑ… до Ñпецифічного Ð´Ð»Ñ sudo файла Ñередовища: %s" #: plugins/sudoers/def_data.c:291 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "Локаль, Ñку Ñлід викориÑтати під Ñ‡Ð°Ñ Ð¾Ð±Ñ€Ð¾Ð±ÐºÐ¸ sudoers: %s" #: plugins/sudoers/def_data.c:295 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "Дозволити sudo надÑилати запит щодо паролÑ, навіть Ñкщо цей пароль буде видимим" #: plugins/sudoers/def_data.c:299 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "Супроводжувати Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ ÐºÐ¾Ñ€Ð¸Ñтувачем Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð¿Ð¾ÐºÐ°Ð·Ð¾Ð¼ замінників Ñимволів паролÑ" #: plugins/sudoers/def_data.c:303 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "Швидше вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ð¾Ñті, менш точне, але без доÑтупу до файлової ÑиÑтеми" #: plugins/sudoers/def_data.c:307 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ umask, вказане у sudoers, перевизначатиме Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ ÐºÐ¾Ñ€Ð¸Ñтувача, навіть Ñкщо це Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ð²Ð°Ñ” ширший доÑтуп" #: plugins/sudoers/def_data.c:311 msgid "Log user's input for the command being run" msgstr "ЗапиÑувати дані, вказані кориÑтувачем під Ñ‡Ð°Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸" #: plugins/sudoers/def_data.c:315 msgid "Log the output of the command being run" msgstr "ЗапиÑувати дані, виведені командою під Ñ‡Ð°Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ" #: plugins/sudoers/def_data.c:319 msgid "Compress I/O logs using zlib" msgstr "СтиÑкати журнали за допомогою zlib" #: plugins/sudoers/def_data.c:323 msgid "Always run commands in a pseudo-tty" msgstr "Завжди запуÑкати команди у пÑевдо-tty" #: plugins/sudoers/def_data.c:327 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "Додаток Ð´Ð»Ñ Ð¿Ñ–Ð´Ñ‚Ñ€Ð¸Ð¼ÐºÐ¸ не-Unix груп: %s" #: plugins/sudoers/def_data.c:331 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "Каталог, у Ñкому Ñлід зберігати журнали введеннÑ/виведеннÑ: %s" #: plugins/sudoers/def_data.c:335 #, c-format msgid "File in which to store the input/output log: %s" msgstr "Файл, у Ñкому Ñлід зберігати журнал введеннÑ/Ð²Ð¸Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ…: %s" #: plugins/sudoers/def_data.c:339 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "Додати Ð·Ð°Ð¿Ð¸Ñ Ð´Ð¾ файла utmp/utmpx під Ñ‡Ð°Ñ Ñ€Ð¾Ð·Ð¼Ñ–Ñ‰ÐµÐ½Ð½Ñ pty" #: plugins/sudoers/def_data.c:343 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "Ð’Ñтановити кориÑтувача у utmp у Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ ÐºÐ¾Ñ€Ð¸Ñтувача, від імені Ñкого виконуєтьÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð°" #: plugins/sudoers/def_data.c:347 msgid "Set of permitted privileges" msgstr "Ðабір дозвільних прав доÑтупу" #: plugins/sudoers/def_data.c:351 msgid "Set of limit privileges" msgstr "Ðабір обмежувальних прав доÑтупу" #: plugins/sudoers/def_data.c:355 msgid "Run commands on a pty in the background" msgstr "Виконувати команди у pty у фоновому режимі" #: plugins/sudoers/def_data.c:359 msgid "PAM service name to use" msgstr "Ðазва Ñлужби PAM, Ñкою Ñлід ÑкориÑтатиÑÑ" #: plugins/sudoers/def_data.c:363 msgid "PAM service name to use for login shells" msgstr "Ðазва Ñлужби PAM, Ñкою Ñлід ÑкориÑтатиÑÑ Ð´Ð»Ñ Ð¾Ð±Ð¾Ð»Ð¾Ð½Ð¾Ðº входу до ÑиÑтеми" #: plugins/sudoers/def_data.c:367 msgid "Attempt to establish PAM credentials for the target user" msgstr "Спробувати вÑтановити реєÑтраційні дані PAM Ð´Ð»Ñ ÐºÐ¾Ñ€Ð¸Ñтувача, від імені Ñкого виконуватимутьÑÑ Ð´Ñ–Ñ—" #: plugins/sudoers/def_data.c:371 msgid "Create a new PAM session for the command to run in" msgstr "Створити ÑÐµÐ°Ð½Ñ PAM Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸" #: plugins/sudoers/def_data.c:375 #, c-format msgid "Maximum I/O log sequence number: %u" msgstr "МакÑимальний номер у поÑлідовноÑті журналу введеннÑ-виведеннÑ: %u" #: plugins/sudoers/defaults.c:210 plugins/sudoers/defaults.c:596 #: plugins/sudoers/visudo_json.c:611 plugins/sudoers/visudo_json.c:647 #, c-format msgid "unknown defaults entry `%s'" msgstr "невідомий Ð·Ð°Ð¿Ð¸Ñ Ñ‚Ð¸Ð¿Ð¾Ð²Ð¸Ñ… параметрів «%s»" #: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 #: plugins/sudoers/defaults.c:248 plugins/sudoers/defaults.c:261 #: plugins/sudoers/defaults.c:274 plugins/sudoers/defaults.c:287 #: plugins/sudoers/defaults.c:300 plugins/sudoers/defaults.c:320 #: plugins/sudoers/defaults.c:330 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Â«%s» Ñ” некоректним Ð´Ð»Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð° «%s»" #: plugins/sudoers/defaults.c:221 plugins/sudoers/defaults.c:231 #: plugins/sudoers/defaults.c:239 plugins/sudoers/defaults.c:256 #: plugins/sudoers/defaults.c:269 plugins/sudoers/defaults.c:282 #: plugins/sudoers/defaults.c:295 plugins/sudoers/defaults.c:315 #: plugins/sudoers/defaults.c:326 #, c-format msgid "no value specified for `%s'" msgstr "не вказано Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð»Ñ Â«%s»" #: plugins/sudoers/defaults.c:244 #, c-format msgid "values for `%s' must start with a '/'" msgstr "Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð»Ñ Â«%s» має починатиÑÑ Ð· «/»" #: plugins/sudoers/defaults.c:306 #, c-format msgid "option `%s' does not take a value" msgstr "параметру «%s» не потрібно передавати значеннÑ" #: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 #: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 #: plugins/sudoers/policy.c:442 plugins/sudoers/policy.c:449 #: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:656 #: plugins/sudoers/testsudoers.c:241 #, c-format msgid "internal error, %s overflow" msgstr "Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ %s" #: plugins/sudoers/env.c:367 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: помилкове Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ envp, невідповідніÑть довжин" #: plugins/sudoers/env.c:1014 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "вибачте, вам не дозволено вÑтановлювати такі змінні Ñередовища: %s" #: plugins/sudoers/group_plugin.c:94 #, c-format msgid "%s must be owned by uid %d" msgstr "%s має належати кориÑтувачеві з uid %d" #: plugins/sudoers/group_plugin.c:98 #, c-format msgid "%s must only be writable by owner" msgstr "%s має бути доÑтупним до запиÑу лише Ð´Ð»Ñ Ð²Ð»Ð°Ñника" #: plugins/sudoers/group_plugin.c:105 plugins/sudoers/sssd.c:251 #, c-format msgid "unable to load %s: %s" msgstr "не вдалоÑÑ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶Ð¸Ñ‚Ð¸ %s: %s" #: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "не вдалоÑÑ Ð·Ð½Ð°Ð¹Ñ‚Ð¸ Ñимвол «group_plugin» у %s" #: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: неÑуміÑна оÑновна верÑÑ–Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ° обробки груп %d, мало бути — %d" #: plugins/sudoers/interfaces.c:118 msgid "Local IP address and netmask pairs:\n" msgstr "Пари локальних IP-Ð°Ð´Ñ€ÐµÑ Ñ– маÑок мережі:\n" #: plugins/sudoers/iolog.c:99 plugins/sudoers/iolog.c:112 #: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s Ñ–Ñнує, але не Ñ” каталогом (0%o)" #: plugins/sudoers/iolog.c:109 plugins/sudoers/iolog.c:123 #: plugins/sudoers/iolog.c:127 plugins/sudoers/timestamp.c:165 #: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 #, c-format msgid "unable to mkdir %s" msgstr "не вдалоÑÑ Ñтворити каталог %s" #: plugins/sudoers/iolog.c:190 plugins/sudoers/sudoers.c:710 #: plugins/sudoers/sudoreplay.c:340 plugins/sudoers/sudoreplay.c:811 #: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/timestamp.c:155 #: plugins/sudoers/visudo.c:824 plugins/sudoers/visudo_json.c:995 #: plugins/sudoers/visudo_json.c:1003 #, c-format msgid "unable to open %s" msgstr "не вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ %s" #: plugins/sudoers/iolog.c:223 plugins/sudoers/sudoers.c:713 #: plugins/sudoers/sudoreplay.c:1112 #, c-format msgid "unable to read %s" msgstr "не вдалоÑÑ Ð¿Ñ€Ð¾Ñ‡Ð¸Ñ‚Ð°Ñ‚Ð¸ %s" #: plugins/sudoers/iolog.c:247 plugins/sudoers/sudoreplay.c:580 #: plugins/sudoers/timestamp.c:159 #, c-format msgid "unable to write to %s" msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ Ð·Ð°Ð¿Ð¸Ñ Ð´Ð¾ %s" #: plugins/sudoers/iolog.c:307 plugins/sudoers/iolog.c:500 #, c-format msgid "unable to create %s" msgstr "не вдалоÑÑ Ñтворити %s" #: plugins/sudoers/ldap.c:403 msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: занадто великий номер порту" #: plugins/sudoers/ldap.c:426 msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: вихід за межі розширеного буфера вузла" #: plugins/sudoers/ldap.c:458 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "непідтримуваний тип адреÑи LDAP: %s" #: plugins/sudoers/ldap.c:489 msgid "unable to mix ldap and ldaps URIs" msgstr "не можна викориÑтовувати Ñуміш з Ð°Ð´Ñ€ÐµÑ ldap Ñ– ldaps" #: plugins/sudoers/ldap.c:493 plugins/sudoers/ldap.c:525 msgid "starttls not supported when using ldaps" msgstr "підтримки starttls, Ñкщо викориÑтовуєтьÑÑ ldaps, не передбачено" #: plugins/sudoers/ldap.c:511 msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: вихід за межі пам’Ñті під Ñ‡Ð°Ñ Ð¿Ð¾Ð±ÑƒÐ´Ð¾Ð²Ð¸ буфера вузла" #: plugins/sudoers/ldap.c:592 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "не вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ базу даних Ñертифікатів Ñ– ключів SSL: %s" #: plugins/sudoers/ldap.c:595 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "щоб ÑкориÑтатиÑÑ SSL, вам Ñлід вÑтановити Ð´Ð»Ñ TLS_CERT Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ %s" #: plugins/sudoers/ldap.c:1086 msgid "unable to get GMT time" msgstr "не вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ гринвіцький чаÑ" #: plugins/sudoers/ldap.c:1092 msgid "unable to format timestamp" msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ Ñ„Ð¾Ñ€Ð¼Ð°Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‡Ð°Ñового штампа" #: plugins/sudoers/ldap.c:1100 msgid "unable to build time filter" msgstr "не вдалоÑÑ Ð¿Ð¾Ð±ÑƒÐ´ÑƒÐ²Ð°Ñ‚Ð¸ фільтр чаÑу" #: plugins/sudoers/ldap.c:1319 msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "sudo_ldap_build_pass1: невідповідніÑть розміщеннÑ" #: plugins/sudoers/ldap.c:1424 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" #: plugins/sudoers/ldap.c:1899 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" "\n" "Роль LDAP: %s\n" #: plugins/sudoers/ldap.c:1901 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" "\n" "Роль у LDAP: ÐЕВІДОМÐ\n" #: plugins/sudoers/ldap.c:1948 #, c-format msgid " Order: %s\n" msgstr " ПорÑдок: %s\n" #: plugins/sudoers/ldap.c:1956 plugins/sudoers/parse.c:504 #: plugins/sudoers/sssd.c:1295 #, c-format msgid " Commands:\n" msgstr " Команди:\n" #: plugins/sudoers/ldap.c:2499 #, c-format msgid "unable to initialize LDAP: %s" msgstr "не вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ LDAP: %s" #: plugins/sudoers/ldap.c:2541 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls вказано, але у бібліотеках LDAP не передбачено підтримки ldap_start_tls_s() або ldap_start_tls_s_np()" #: plugins/sudoers/ldap.c:2774 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "некоректний атрибут sudoOrder: %s" #: plugins/sudoers/linux_audit.c:57 msgid "unable to open audit system" msgstr "не вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ ÑиÑтему аудита" #: plugins/sudoers/linux_audit.c:93 msgid "unable to send audit message" msgstr "не вдалоÑÑ Ð½Ð°Ð´Ñ–Ñлати Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð°ÑƒÐ´Ð¸Ñ‚Ð°" #: plugins/sudoers/logging.c:136 #, c-format msgid "%8s : %s" msgstr "%8s : %s" #: plugins/sudoers/logging.c:164 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (команда продовжуєтьÑÑ) %s" #: plugins/sudoers/logging.c:190 #, c-format msgid "unable to open log file: %s: %s" msgstr "не вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ файл журналу: %s: %s" #: plugins/sudoers/logging.c:193 #, c-format msgid "unable to lock log file: %s: %s" msgstr "не вдалоÑÑ Ð·Ð°Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ñ‚Ð¸ файл журналу: %s: %s" #: plugins/sudoers/logging.c:245 msgid "No user or host" msgstr "Ðемає кориÑтувача або вузла" #: plugins/sudoers/logging.c:247 msgid "validation failure" msgstr "помилка під Ñ‡Ð°Ñ Ñпроби перевірки" #: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "кориÑтувача немає у ÑпиÑку sudoers" #: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "кориÑтувача не уповноважено на дії на вузлі" #: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸ заборонено" #: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s немає у файлі sudoers. Ð—Ð°Ð¿Ð¸Ñ Ð¿Ñ€Ð¾ подію додано до звіту.\n" #: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s заборонено виконувати sudo на %s. Ð—Ð°Ð¿Ð¸Ñ Ð¿Ñ€Ð¾ подію додано до звіту.\n" #: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Вибачте, кориÑтувач %s не має права виконувати sudo на %s.\n" #: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Вибачте, кориÑтувач %s не має права виконувати «%s%s%s» від імені %s%s%s на %s.\n" #: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:382 #: plugins/sudoers/sudoers.c:383 plugins/sudoers/sudoers.c:385 #: plugins/sudoers/sudoers.c:386 plugins/sudoers/sudoers.c:1017 #: plugins/sudoers/sudoers.c:1018 #, c-format msgid "%s: command not found" msgstr "%s: команду не знайдено" #: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:378 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" "пропущено «%s» знайдений у «.»\n" "СкориÑтайтеÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¾ÑŽ «sudo ./%s», Ñкщо вам потрібно виконати Ñаме «%s»." #: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "помилка під Ñ‡Ð°Ñ Ñпроби розпізнаваннÑ" #: plugins/sudoers/logging.c:379 msgid "a password is required" msgstr "Ñлід вказати пароль" #: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:497 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u невдала Ñпроба Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ" msgstr[1] "%u невдалих Ñпроби Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ" msgstr[2] "%u невдалих Ñпроб Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ" msgstr[3] "одна невдала Ñпроба Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ" #: plugins/sudoers/logging.c:582 msgid "unable to fork" msgstr "не вдалоÑÑ Ñтворити відгалуженнÑ" #: plugins/sudoers/logging.c:589 plugins/sudoers/logging.c:645 #, c-format msgid "unable to fork: %m" msgstr "не вдалоÑÑ Ñтворити відгалуженнÑ: %m" #: plugins/sudoers/logging.c:635 #, c-format msgid "unable to open pipe: %m" msgstr "не вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ канал: %m" #: plugins/sudoers/logging.c:660 #, c-format msgid "unable to dup stdin: %m" msgstr "не вдалоÑÑ Ð·Ð´ÑƒÐ±Ð»ÑŽÐ²Ð°Ñ‚Ð¸ stdin: %m" #: plugins/sudoers/logging.c:695 #, c-format msgid "unable to execute %s: %m" msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ %s: %m" #: plugins/sudoers/logging.c:914 msgid "internal error: insufficient space for log line" msgstr "Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°: недоÑтатньо міÑÑ†Ñ Ð´Ð»Ñ Ñ€Ñдка журналу" #: plugins/sudoers/match.c:617 #, c-format msgid "unsupported digest type %d for %s" msgstr "непідтримуваний тип контрольної Ñуми, %d, Ð´Ð»Ñ %s" #: plugins/sudoers/match.c:647 #, c-format msgid "%s: read error" msgstr "%s: помилка читаннÑ" #: plugins/sudoers/match.c:661 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "контрольну Ñуму Ð´Ð»Ñ %s (%s) подано не у формі %s" #: plugins/sudoers/parse.c:115 #, c-format msgid "parse error in %s near line %d" msgstr "помилка обробки у %s поблизу Ñ€Ñдка %d" #: plugins/sudoers/parse.c:118 #, c-format msgid "parse error in %s" msgstr "помилка обробки у %s" #: plugins/sudoers/parse.c:451 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" "\n" "Ð—Ð°Ð¿Ð¸Ñ sudoers:\n" #: plugins/sudoers/parse.c:452 #, c-format msgid " RunAsUsers: " msgstr " КориÑтувачі Ð´Ð»Ñ Ð·Ð°Ð¿ÑƒÑку: " #: plugins/sudoers/parse.c:466 #, c-format msgid " RunAsGroups: " msgstr " Групи Ð´Ð»Ñ Ð·Ð°Ð¿ÑƒÑку: " #: plugins/sudoers/parse.c:475 #, c-format msgid " Options: " msgstr " Параметри: " #: plugins/sudoers/policy.c:109 plugins/sudoers/policy.c:116 #: plugins/sudoers/policy.c:123 plugins/sudoers/policy.c:145 #: plugins/sudoers/policy.c:259 plugins/sudoers/policy.c:277 #: plugins/sudoers/policy.c:284 plugins/sudoers/policy.c:312 #: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:327 #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 #, c-format msgid "%s: %s" msgstr "%s: %s" #: plugins/sudoers/policy.c:539 plugins/sudoers/visudo.c:765 #, c-format msgid "unable to execute %s" msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ %s" #: plugins/sudoers/policy.c:681 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Додаток правил sudoers верÑÑ–Ñ— %s\n" #: plugins/sudoers/policy.c:683 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Граматична перевірка файла sudoers верÑÑ–Ñ— %d\n" #: plugins/sudoers/policy.c:687 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" "\n" "ШлÑÑ… до sudoers: %s\n" #: plugins/sudoers/policy.c:690 #, c-format msgid "nsswitch path: %s\n" msgstr "ШлÑÑ… до nsswitch: %s\n" #: plugins/sudoers/policy.c:692 #, c-format msgid "ldap.conf path: %s\n" msgstr "ШлÑÑ… до ldap.conf: %s\n" #: plugins/sudoers/policy.c:693 #, c-format msgid "ldap.secret path: %s\n" msgstr "ШлÑÑ… до ldap.secret: %s\n" #: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "не вдалоÑÑ ÐºÐµÑˆÑƒÐ²Ð°Ñ‚Ð¸ uid %u, Ð·Ð°Ð¿Ð¸Ñ Ð²Ð¶Ðµ Ñ–Ñнує" #: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "не вдалоÑÑ ÐºÐµÑˆÑƒÐ²Ð°Ñ‚Ð¸ кориÑтувача %s, Ð·Ð°Ð¿Ð¸Ñ Ð²Ð¶Ðµ Ñ–Ñнує" #: plugins/sudoers/pwutil.c:393 #, c-format msgid "unable to cache gid %u, already exists" msgstr "не вдалоÑÑ ÐºÐµÑˆÑƒÐ²Ð°Ñ‚Ð¸ gid %u, Ð·Ð°Ð¿Ð¸Ñ Ð²Ð¶Ðµ Ñ–Ñнує" #: plugins/sudoers/pwutil.c:429 #, c-format msgid "unable to cache group %s, already exists" msgstr "не вдалоÑÑ ÐºÐµÑˆÑƒÐ²Ð°Ñ‚Ð¸ групу %s, Ð·Ð°Ð¿Ð¸Ñ Ð²Ð¶Ðµ Ñ–Ñнує" #: plugins/sudoers/pwutil.c:592 plugins/sudoers/pwutil.c:614 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "не вдалоÑÑ ÐºÐµÑˆÑƒÐ²Ð°Ñ‚Ð¸ ÑпиÑок груп %s, Ð·Ð°Ð¿Ð¸Ñ Ð²Ð¶Ðµ Ñ–Ñнує" #: plugins/sudoers/pwutil.c:612 #, c-format msgid "unable to parse groups for %s" msgstr "не вдалоÑÑ Ð¾Ð±Ñ€Ð¾Ð±Ð¸Ñ‚Ð¸ запиÑи груп %s" #: plugins/sudoers/set_perms.c:124 plugins/sudoers/set_perms.c:449 #: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1149 #: plugins/sudoers/set_perms.c:1441 msgid "perm stack overflow" msgstr "Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ Ñтека доÑтупу" #: plugins/sudoers/set_perms.c:132 plugins/sudoers/set_perms.c:457 #: plugins/sudoers/set_perms.c:860 plugins/sudoers/set_perms.c:1157 #: plugins/sudoers/set_perms.c:1449 msgid "perm stack underflow" msgstr "Ð²Ð¸Ñ‡ÐµÑ€Ð¿Ð°Ð½Ð½Ñ Ñтека доÑтупу" #: plugins/sudoers/set_perms.c:191 plugins/sudoers/set_perms.c:504 #: plugins/sudoers/set_perms.c:1208 plugins/sudoers/set_perms.c:1481 msgid "unable to change to root gid" msgstr "не вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ ідентифікатор групи (gid) root" #: plugins/sudoers/set_perms.c:280 plugins/sudoers/set_perms.c:601 #: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1285 msgid "unable to change to runas gid" msgstr "не вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ gid на runas" #: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:613 #: plugins/sudoers/set_perms.c:999 plugins/sudoers/set_perms.c:1295 msgid "unable to change to runas uid" msgstr "не вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ uid на runas" #: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:631 #: plugins/sudoers/set_perms.c:1015 plugins/sudoers/set_perms.c:1311 msgid "unable to change to sudoers gid" msgstr "не вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ gid на sudoers" #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 msgid "too many processes" msgstr "забагато процеÑів" #: plugins/sudoers/set_perms.c:1595 msgid "unable to set runas group vector" msgstr "не вдалоÑÑ Ð²Ñтановити вектор групи виконаннÑ" #: plugins/sudoers/sssd.c:252 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "Ðе вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ джерело SSS. Чи вÑтановлено у вашій ÑиÑтемі SSSD?" #: plugins/sudoers/sssd.c:259 plugins/sudoers/sssd.c:267 #: plugins/sudoers/sssd.c:275 plugins/sudoers/sssd.c:283 #: plugins/sudoers/sssd.c:291 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "не вдалоÑÑ Ð·Ð½Ð°Ð¹Ñ‚Ð¸ Ñимвол «%s» у %s" #: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "ВідповідніÑть запиÑів Defaults Ð´Ð»Ñ %s на %s:\n" #: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Типові Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð»Ñ Ð·Ð°Ð¿ÑƒÑку від імені Ñ– команд Ð´Ð»Ñ %s:\n" #: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "КориÑтувач %s має право виконувати на %s такі команди:\n" #: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "КориÑтувач %s не має права виконувати sudo на %s.\n" #: plugins/sudoers/sudoers.c:154 plugins/sudoers/sudoers.c:188 #: plugins/sudoers/sudoers.c:675 msgid "problem with defaults entries" msgstr "проблема з типовими запиÑами" #: plugins/sudoers/sudoers.c:160 msgid "no valid sudoers sources found, quitting" msgstr "не знайдено коректних джерел даних sudoers, Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñ€Ð¾Ð±Ð¾Ñ‚Ð¸" #: plugins/sudoers/sudoers.c:222 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers вказує, що sudo не можна кориÑтуватиÑÑ Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´ від root" #: plugins/sudoers/sudoers.c:261 msgid "you are not permitted to use the -C option" msgstr "вам не дозволено викориÑтовувати параметр -C" #: plugins/sudoers/sudoers.c:314 #, c-format msgid "timestamp owner (%s): No such user" msgstr "влаÑник чаÑового штампа (%s): не знайдено кориÑтувача з таким іменем" #: plugins/sudoers/sudoers.c:328 msgid "no tty" msgstr "немає tty" #: plugins/sudoers/sudoers.c:329 msgid "sorry, you must have a tty to run sudo" msgstr "вибачте, Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ sudo вашому кориÑтувачеві потрібен tty" #: plugins/sudoers/sudoers.c:377 msgid "command in current directory" msgstr "команда у поточному каталозі" #: plugins/sudoers/sudoers.c:394 msgid "sorry, you are not allowed to preserve the environment" msgstr "вибачте, вам не дозволено зберігати Ñередовище" #: plugins/sudoers/sudoers.c:725 plugins/sudoers/timestamp.c:216 #: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:326 #: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:591 #, c-format msgid "unable to stat %s" msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ stat Ð´Ð»Ñ %s" #: plugins/sudoers/sudoers.c:728 #, c-format msgid "%s is not a regular file" msgstr "%s не Ñ” звичайним файлом" #: plugins/sudoers/sudoers.c:731 toke.l:920 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s належить uid %u, має належати %u" #: plugins/sudoers/sudoers.c:735 toke.l:927 #, c-format msgid "%s is world writable" msgstr "Ð—Ð°Ð¿Ð¸Ñ Ð´Ð¾ «%s» можливий Ð´Ð»Ñ Ð´Ð¾Ð²Ñ–Ð»ÑŒÐ½Ð¾Ð³Ð¾ кориÑтувача" #: plugins/sudoers/sudoers.c:738 toke.l:932 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s належить gid %u, має належати %u" #: plugins/sudoers/sudoers.c:764 #, c-format msgid "only root can use `-c %s'" msgstr "викориÑтовувати «-c %s» може лише root" #: plugins/sudoers/sudoers.c:781 plugins/sudoers/sudoers.c:783 #, c-format msgid "unknown login class: %s" msgstr "невідомий ÐºÐ»Ð°Ñ Ð²Ñ…Ð¾Ð´Ñƒ: %s" #: plugins/sudoers/sudoers.c:815 #, c-format msgid "unable to resolve host %s" msgstr "не вдалоÑÑ Ð²Ð¸Ð·Ð½Ð°Ñ‡Ð¸Ñ‚Ð¸ адреÑу вузла %s" #: plugins/sudoers/sudoers.c:878 plugins/sudoers/testsudoers.c:387 #, c-format msgid "unknown group: %s" msgstr "невідома група: %s" #: plugins/sudoers/sudoreplay.c:272 #, c-format msgid "invalid filter option: %s" msgstr "некоректний параметр фільтруваннÑ: %s" #: plugins/sudoers/sudoreplay.c:285 #, c-format msgid "invalid max wait: %s" msgstr "некоректне Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¼Ð°ÐºÑ. очікуваннÑ: %s" #: plugins/sudoers/sudoreplay.c:291 #, c-format msgid "invalid speed factor: %s" msgstr "некоректний коефіцієнт швидкоÑті: %s" #: plugins/sudoers/sudoreplay.c:294 plugins/sudoers/visudo.c:184 #, c-format msgid "%s version %s\n" msgstr "%s, верÑÑ–Ñ %s\n" #: plugins/sudoers/sudoreplay.c:326 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/timing: %s" #: plugins/sudoers/sudoreplay.c:332 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/timing: %s" #: plugins/sudoers/sudoreplay.c:348 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Ð’Ñ–Ð´Ñ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÑеанÑу sudo: %s\n" #: plugins/sudoers/sudoreplay.c:354 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "ПопередженнÑ: розміри вашого термінала Ñ” замалими Ð´Ð»Ñ Ð½Ð°Ð»ÐµÐ¶Ð½Ð¾Ð³Ð¾ показу журналу.\n" #: plugins/sudoers/sudoreplay.c:355 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Ð’Ñтановлено формат журналу %d x %d, тоді Ñк формат термінала — %d x %d." #: plugins/sudoers/sudoreplay.c:410 msgid "unable to set tty to raw mode" msgstr "не вдалоÑÑ Ð¿ÐµÑ€ÐµÐ²ÐµÑти tty у режим без обробки даних" #: plugins/sudoers/sudoreplay.c:441 #, c-format msgid "invalid timing file line: %s" msgstr "некоректний Ñ€Ñдок у файлі timing: %s" #: plugins/sudoers/sudoreplay.c:647 plugins/sudoers/sudoreplay.c:672 #, c-format msgid "ambiguous expression \"%s\"" msgstr "неоднозначний вираз «%s»" #: plugins/sudoers/sudoreplay.c:694 msgid "unmatched ')' in expression" msgstr "зайва дужка, «)», у виразі" #: plugins/sudoers/sudoreplay.c:698 #, c-format msgid "unknown search term \"%s\"" msgstr "невідомий ключ пошуку «%s»" #: plugins/sudoers/sudoreplay.c:712 #, c-format msgid "%s requires an argument" msgstr "%s потребує Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð°Ñ€Ð³ÑƒÐ¼ÐµÐ½Ñ‚Ñƒ" #: plugins/sudoers/sudoreplay.c:716 plugins/sudoers/sudoreplay.c:1085 #, c-format msgid "invalid regular expression: %s" msgstr "некоректний формальний вираз: %s" #: plugins/sudoers/sudoreplay.c:722 #, c-format msgid "could not parse date \"%s\"" msgstr "не вдалоÑÑ Ð¾Ð±Ñ€Ð¾Ð±Ð¸Ñ‚Ð¸ дату «%s»" #: plugins/sudoers/sudoreplay.c:731 msgid "unmatched '(' in expression" msgstr "зайва дужка, «(», у виразі" #: plugins/sudoers/sudoreplay.c:733 msgid "illegal trailing \"or\"" msgstr "помилкове завершальне «or»" #: plugins/sudoers/sudoreplay.c:735 msgid "illegal trailing \"!\"" msgstr "помилкове завершальне «!»" #: plugins/sudoers/sudoreplay.c:788 #, c-format msgid "unknown search type %d" msgstr "невідомий тип пошуку %d" #: plugins/sudoers/sudoreplay.c:825 #, c-format msgid "%s: invalid log file" msgstr "%s: некоректний файл журналу" #: plugins/sudoers/sudoreplay.c:843 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: не вказано даних щодо чаÑової позначки" #: plugins/sudoers/sudoreplay.c:850 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: чаÑова позначка %s: %s" #: plugins/sudoers/sudoreplay.c:857 #, c-format msgid "%s: user field is missing" msgstr "%s: не вказано даних щодо кориÑтувача" #: plugins/sudoers/sudoreplay.c:865 #, c-format msgid "%s: runas user field is missing" msgstr "%s: не вказано даних щодо кориÑтувача, від імені Ñкого відбуватиметьÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ" #: plugins/sudoers/sudoreplay.c:873 #, c-format msgid "%s: runas group field is missing" msgstr "%s: не вказано даних щодо групи, від імені Ñкої відбуватиметьÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ" #: plugins/sudoers/sudoreplay.c:1225 #, c-format msgid "usage: %s [-h] [-d dir] [-m num] [-s num] ID\n" msgstr "кориÑтуваннÑ: %s [-h] [-d каталог] [-m чиÑло] [-s чиÑло] ідентифікатор\n" #: plugins/sudoers/sudoreplay.c:1228 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "викориÑтаннÑ: %s [-h] [-d каталог] -l [вираз Ð´Ð»Ñ Ð¿Ð¾ÑˆÑƒÐºÑƒ]\n" #: plugins/sudoers/sudoreplay.c:1237 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" "%s — Ð²Ñ–Ð´Ñ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»Ñ–Ð² ÑеанÑів sudo\n" "\n" #: plugins/sudoers/sudoreplay.c:1239 msgid "" "\n" "Options:\n" " -d, --directory=dir specify directory for session logs\n" " -f, --filter=filter specify which I/O type(s) to display\n" " -h, --help display help message and exit\n" " -l, --list list available session IDs, with optional expression\n" " -m, --max-wait=num max number of seconds to wait between events\n" " -s, --speed=num speed up or slow down output\n" " -V, --version display version information and exit" msgstr "" "\n" "Параметри:\n" " -d, --directory=каталог вказати каталог Ð´Ð»Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»Ñ–Ð² ÑеанÑу\n" " -f, --filter=фільтр вказати, Ñкий тип вводу-виводу Ñлід показувати\n" " -h, --help показати довідкове Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ñ– завершити роботу\n" " -l, --list показати ÑпиÑок можливих ідентифікаторів ÑеанÑів, відповідних до виразу\n" " -m, --max-wait=макÑ_очік макÑимальний Ñ‡Ð°Ñ (у Ñекундах) Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¼Ñ–Ð¶ подіÑми\n" " -s, --speed=коеф_швидк коефіцієнт приÑÐºÐ¾Ñ€ÐµÐ½Ð½Ñ Ð°Ð±Ð¾ ÑÐ¿Ð¾Ð²Ñ–Ð»ÑŒÐ½ÐµÐ½Ð½Ñ Ð²Ð¸Ð²Ð¾Ð´Ñƒ даних\n" " -V, --version показати дані щодо верÑÑ–Ñ— Ñ– завершити роботу" #: plugins/sudoers/testsudoers.c:326 msgid "\thost unmatched" msgstr "\tвідповідника вузла не знайдено" #: plugins/sudoers/testsudoers.c:329 msgid "" "\n" "Command allowed" msgstr "" "\n" "Команду дозволено" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command denied" msgstr "" "\n" "Команду заборонено" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command unmatched" msgstr "" "\n" "Ðе знайдено відповідника команди" #: plugins/sudoers/timestamp.c:133 #, c-format msgid "timestamp path too long: %s" msgstr "шлÑÑ… чаÑового штампа Ñ” занадто довгим: %s" #: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 #: plugins/sudoers/timestamp.c:290 #, c-format msgid "%s owned by uid %u, should be uid %u" msgstr "влаÑником %s Ñ” uid %u, має бути uid %u" #: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0700" msgstr "%s доÑтупний до запиÑу невлаÑником (0%o), має бути вÑтановлено режим 0700" #: plugins/sudoers/timestamp.c:284 #, c-format msgid "%s exists but is not a regular file (0%o)" msgstr "%s Ñ–Ñнує, але не Ñ” звичайним файлом (0%o)" #: plugins/sudoers/timestamp.c:296 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0600" msgstr "%s доÑтупний до запиÑу невлаÑником (0%o), має бути вÑтановлено режим 0600" #: plugins/sudoers/timestamp.c:351 #, c-format msgid "timestamp too far in the future: %20.20s" msgstr "занадто далекий чаÑовий штамп у майбутньому: %20.20s" #: plugins/sudoers/timestamp.c:405 #, c-format msgid "unable to remove %s, will reset to the Unix epoch" msgstr "на вдалоÑÑ Ð²Ð¸Ð»ÑƒÑ‡Ð¸Ñ‚Ð¸ %s, Ñ‡Ð°Ñ Ð±ÑƒÐ´Ðµ змінено відповідно до епохи UNIX" #: plugins/sudoers/timestamp.c:413 #, c-format msgid "unable to reset %s to the Unix epoch" msgstr "не вдалоÑÑ Ñкинути Ñ‡Ð°Ñ %s до епохи UNIX" #: plugins/sudoers/toke_util.c:176 msgid "fill_args: buffer overflow" msgstr "fill_args: Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ Ð±ÑƒÑ„ÐµÑ€Ð°" #: plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" msgstr "Граматична перевірка %s, верÑÑ–Ñ %d\n" #: plugins/sudoers/visudo.c:257 plugins/sudoers/visudo.c:544 #, c-format msgid "press return to edit %s: " msgstr "натиÑніть Enter Ð´Ð»Ñ Ñ€ÐµÐ´Ð°Ð³ÑƒÐ²Ð°Ð½Ð½Ñ %s: " #: plugins/sudoers/visudo.c:342 plugins/sudoers/visudo.c:348 msgid "write error" msgstr "помилка запиÑу" #: plugins/sudoers/visudo.c:430 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "не вдалоÑÑ Ð¾Ð±Ñ€Ð¾Ð±Ð¸Ñ‚Ð¸ stat файл тимчаÑових даних (%s), %s не змінено" #: plugins/sudoers/visudo.c:435 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "файл тимчаÑових даних має нульовий об’єм (%s), %s не змінено" #: plugins/sudoers/visudo.c:441 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "помилка редактора (%s), %s не змінено" #: plugins/sudoers/visudo.c:464 #, c-format msgid "%s unchanged" msgstr "%s не змінено" #: plugins/sudoers/visudo.c:489 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "не вдалоÑÑ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾ відкрити файл тимчаÑових даних (%s), %s не змінено." #: plugins/sudoers/visudo.c:499 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "не вдалоÑÑ Ð¾Ð±Ñ€Ð¾Ð±Ð¸Ñ‚Ð¸ файл тимчаÑових даних (%s), невідома помилка" #: plugins/sudoers/visudo.c:535 #, c-format msgid "internal error, unable to find %s in list!" msgstr "Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, не вдалоÑÑ Ð·Ð½Ð°Ð¹Ñ‚Ð¸ %s у ÑпиÑку!" #: plugins/sudoers/visudo.c:593 plugins/sudoers/visudo.c:602 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "не вдалоÑÑ Ð²Ñтановити (uid, gid) %s у Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ (%u, %u)" #: plugins/sudoers/visudo.c:597 plugins/sudoers/visudo.c:607 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "не вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ режим доÑтупу до %s на Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ 0%o" #: plugins/sudoers/visudo.c:624 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s Ñ– %s не перебувають у одній файловій ÑиÑтемі, викориÑтовуємо mv Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ¹Ð¼ÐµÐ½ÑƒÐ²Ð°Ð½Ð½Ñ" #: plugins/sudoers/visudo.c:638 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "помилка команди: «%s %s %s», %s не змінено" #: plugins/sudoers/visudo.c:648 #, c-format msgid "error renaming %s, %s unchanged" msgstr "помилка Ð¿ÐµÑ€ÐµÐ¹Ð¼ÐµÐ½ÑƒÐ²Ð°Ð½Ð½Ñ %s, %s не змінено" #: plugins/sudoers/visudo.c:710 msgid "What now? " msgstr "Рзараз що? " #: plugins/sudoers/visudo.c:724 msgid "" "Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" "Параметри:\n" " (e) — повторне Ñ€ÐµÐ´Ð°Ð³ÑƒÐ²Ð°Ð½Ð½Ñ Ñ„Ð°Ð¹Ð»Ð° sudoers\n" " (x) — вийти без внеÑÐµÐ½Ð½Ñ Ð·Ð¼Ñ–Ð½ до файла sudoers\n" " (Q) — вийти зі збереженнÑм файла sudoers (ÐЕБЕЗПЕЧÐО!)\n" #: plugins/sudoers/visudo.c:772 #, c-format msgid "unable to run %s" msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ %s" #: plugins/sudoers/visudo.c:798 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: помилковий влаÑник (uid, gid), має бути (%u, %u)\n" #: plugins/sudoers/visudo.c:805 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: помилкові права доÑтупу, режим доÑтупу має бути 0%o\n" #: plugins/sudoers/visudo.c:830 plugins/sudoers/visudo_json.c:1009 #, c-format msgid "failed to parse %s file, unknown error" msgstr "не вдалоÑÑ Ð¾Ð±Ñ€Ð¾Ð±Ð¸Ñ‚Ð¸ файл %s, невідома помилка" #: plugins/sudoers/visudo.c:846 plugins/sudoers/visudo_json.c:1018 #, c-format msgid "parse error in %s near line %d\n" msgstr "помилка обробки у %s поблизу Ñ€Ñдка %d\n" #: plugins/sudoers/visudo.c:849 plugins/sudoers/visudo_json.c:1021 #, c-format msgid "parse error in %s\n" msgstr "помилка обробки у %s\n" #: plugins/sudoers/visudo.c:857 plugins/sudoers/visudo.c:864 #, c-format msgid "%s: parsed OK\n" msgstr "%s: вдала обробка\n" #: plugins/sudoers/visudo.c:910 #, c-format msgid "%s busy, try again later" msgstr "%s зайнÑто, повторіть Ñпробу пізніше" #: plugins/sudoers/visudo.c:954 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "вказаного редактора (%s) не Ñ–Ñнує" #: plugins/sudoers/visudo.c:977 #, c-format msgid "unable to stat editor (%s)" msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ stat Ð´Ð»Ñ Ñ€ÐµÐ´Ð°ÐºÑ‚Ð¾Ñ€Ð° (%s)" #: plugins/sudoers/visudo.c:1025 #, c-format msgid "no editor found (editor path = %s)" msgstr "не знайдено жодного редактора (шлÑÑ… до редактора = %s)" #: plugins/sudoers/visudo.c:1118 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "Помилка: цикл у %s_Alias «%s»" #: plugins/sudoers/visudo.c:1119 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "ПопередженнÑ: цикл у %s_Alias «%s»" #: plugins/sudoers/visudo.c:1125 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "Помилка: виÑвлено поÑÐ¸Ð»Ð°Ð½Ð½Ñ %s_Alias «%s», Ñке не визначено" #: plugins/sudoers/visudo.c:1126 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "ПопередженнÑ: виÑвлено поÑÐ¸Ð»Ð°Ð½Ð½Ñ %s_Alias «%s», Ñке не визначено" #: plugins/sudoers/visudo.c:1268 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s: невикориÑтаний %s_Alias %s" #: plugins/sudoers/visudo.c:1330 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" "%s — безпечне Ñ€ÐµÐ´Ð°Ð³ÑƒÐ²Ð°Ð½Ð½Ñ Ñ„Ð°Ð¹Ð»Ð° sudoers\n" "\n" #: plugins/sudoers/visudo.c:1332 msgid "" "\n" "Options:\n" " -c, --check check-only mode\n" " -f, --file=file specify sudoers file location\n" " -h, --help display help message and exit\n" " -q, --quiet less verbose (quiet) syntax error messages\n" " -s, --strict strict syntax checking\n" " -V, --version display version information and exit\n" " -x, --export=file export sudoers in JSON format" msgstr "" "\n" "Параметри:\n" " -c, --check режим лише перевірки\n" " -f, --file=файл вказати Ñ€Ð¾Ð·Ñ‚Ð°ÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ñ„Ð°Ð¹Ð»Ð° sudoers\n" " -h, --help показати довідкове Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ñ– завершити роботу\n" " -q, --quiet ÑтиÑлі Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ñ‰Ð¾Ð´Ð¾ ÑинтакÑичних помилок\n" " -s, --strict Ñтрога перевірка ÑинтакÑиÑу\n" " -V, --version показати дані щодо верÑÑ–Ñ— Ñ– завершити роботу\n" " -x, --export=файл екÑпортувати sudoers у форматі JSON" #: toke.l:892 msgid "too many levels of includes" msgstr "занадто виÑокий рівень вкладеноÑті" #~ msgid "invalid value" #~ msgstr "некоректне значеннÑ" #~ msgid "value out of range" #~ msgstr "Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ð¾Ð·Ð° припуÑтимим діапазоном" #~ msgid "invalid uri: %s" #~ msgstr "некоректна адреÑа: %s" #~ msgid "unable to mix ldaps and starttls" #~ msgstr "не можна викориÑтовувати Ñуміш з ldaps Ñ– starttls" #~ msgid "writing to standard output" #~ msgstr "Ð·Ð°Ð¿Ð¸Ñ Ð´Ð¾ Ñтандартного виводу даних" #~ msgid "too many parenthesized expressions, max %d" #~ msgstr "забагато виразів у дужках, макÑимальна можлива кількіÑть — %d" #~ msgid "unable to setup authentication" #~ msgstr "не вдалоÑÑ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ñ‚Ð¸ розпізнаваннÑ" #~ msgid "getaudit: failed" #~ msgstr "getaudit: помилка" #~ msgid "getauid: failed" #~ msgstr "getauid: помилка" #~ msgid "au_open: failed" #~ msgstr "au_open: помилка" #~ msgid "au_to_subject: failed" #~ msgstr "au_to_subject: помилка" #~ msgid "au_to_exec_args: failed" #~ msgstr "au_to_exec_args: помилка" #~ msgid "au_to_return32: failed" #~ msgstr "au_to_return32: помилка" #~ msgid "au_to_text: failed" #~ msgstr "au_to_text: помилка" #~ msgid "nanosleep: tv_sec %ld, tv_nsec %ld" #~ msgstr "nanosleep: tv_sec %ld, tv_nsec %ld" #~ msgid "pam_chauthtok: %s" #~ msgstr "pam_chauthtok: %s" #~ msgid "pam_authenticate: %s" #~ msgstr "pam_authenticate: %s" #~ msgid "Password: " #~ msgstr "Пароль: " #~ msgid "getauid failed" #~ msgstr "помилка getauid" #~ msgid "Unable to dlopen %s: %s" #~ msgstr "Ðе вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ dlopen Ð´Ð»Ñ %s: %s" #~ msgid "invalid regex: %s" #~ msgstr "некоректний формальний вираз: %s" #~ msgid ">>> %s: %s near line %d <<<" #~ msgstr ">>> %s: %s поблизу Ñ€Ñдка %d <<<" #~ msgid "unable to allocate memory" #~ msgstr "не вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ потрібний об’єм пам’Ñті" #~ msgid "unable to set locale to \"%s\", using \"C\"" #~ msgstr "не вдалоÑÑ Ð²Ñтановити локаль у Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Â«%s», викориÑтовуємо локаль «C»" #~ msgid "" #~ " Commands:\n" #~ "\t" #~ msgstr "" #~ " Команди:\n" #~ "\t" #~ msgid ": " #~ msgstr ": " #~ msgid "unable to cache uid %u (%s), already exists" #~ msgstr "не вдалоÑÑ ÐºÐµÑˆÑƒÐ²Ð°Ñ‚Ð¸ uid %u (%s), Ð·Ð°Ð¿Ð¸Ñ Ð²Ð¶Ðµ Ñ–Ñнує" #~ msgid "unable to cache gid %u (%s), already exists" #~ msgstr "не вдалоÑÑ ÐºÐµÑˆÑƒÐ²Ð°Ñ‚Ð¸ gid %u (%s), Ð·Ð°Ð¿Ð¸Ñ Ð²Ð¶Ðµ Ñ–Ñнує" #~ msgid "unable to execute %s: %s" #~ msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ %s: %s" #~ msgid "internal error, expand_prompt() overflow" #~ msgstr "Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ expand_prompt()" #~ msgid "internal error, sudo_setenv2() overflow" #~ msgstr "Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ sudo_setenv2()" #~ msgid "internal error, sudo_setenv() overflow" #~ msgstr "Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ sudo_setenv()" #~ msgid "internal error, linux_audit_command() overflow" #~ msgstr "Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ linux_audit_command()" #~ msgid "internal error, runas_groups overflow" #~ msgstr "Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ runas_groups" #~ msgid "internal error, init_vars() overflow" #~ msgstr "Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ init_vars()" #~ msgid "fixed mode on %s" #~ msgstr "виправлено режим на %s" #~ msgid "set group on %s" #~ msgstr "вÑтановлено групу у %s" #~ msgid "unable to fix mode on %s" #~ msgstr "не вдалоÑÑ Ð²Ð¸Ð¿Ñ€Ð°Ð²Ð¸Ñ‚Ð¸ режим на %s" #~ msgid "%s is mode 0%o, should be 0%o" #~ msgstr "%s має режим доÑтупу 0%o, має бути 0%o" #~ msgid "File containing dummy exec functions: %s" #~ msgstr "Файл, що міÑтить фіктивні функції виконаннÑ: %s" #~ msgid "" #~ "Available options in a sudoers ``Defaults'' line:\n" #~ "\n" #~ msgstr "" #~ "Можливі параметри у Ñ€Ñдку «Defaults» sudoers:\n" #~ "\n" #~ msgid "%s: %.*s\n" #~ msgstr "%s: %.*s\n" #~ msgid "unable to get runas group vector" #~ msgstr "не вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ вектор групи виконаннÑ" #~ msgid "unable to reset group vector" #~ msgstr "не вдалоÑÑ Ð²Ñ–Ð´Ð½Ð¾Ð²Ð¸Ñ‚Ð¸ початкове Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð²ÐµÐºÑ‚Ð¾Ñ€Ð° групи" #~ msgid "unable to get group vector" #~ msgstr "не вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ вектор групи" #~ msgid "%s: %s_Alias `%s' references self" #~ msgstr "%s: %s_Alias «%s» рекурÑивно поÑилаєтьÑÑ Ð½Ð° Ñебе" sudo-1.8.9p5/plugins/sudoers/po/vi.mo010064400175440000012000001214011226304146300171020ustar00millertstaffÞ•R¬ É<`arƒ“¦¶fË´2çøý  ! !&!5!G!X!a!~!#ž!9Â!ü!&")<"f"}"F–"@Ý"###B#f#{#!–#$¸#Ý# õ#$3$3E$y$–$§$®$+½$(é$%;(%d%y%ˆ% —%¸%Ø%î%"&41&!f&$ˆ&-­&Û&*ø&+#'O'f'.€'<¯'#ì'd(Au(9·(ñ()+)>F)?…)2Å)#ø)!*4>*?s*8³*ì*.+3+#P+2t+§+#Ã+1ç+<,*V,", ¤,/Å,õ,$-@8-/y-©-8Ä-<ý-F:.3.µ.É.5è.q/)/:º/$õ/'0=B0-€0'®0)Ö0*1(+1#T1x1'ˆ12°1?ã1#2-±2ß2ü2(33=3%q3 —3(¡3Ê3ß3(ø3.!4%P4Ev4+¼4=è46&5G]5¥5Ä55à5(63?6s6'…6,­63Ú637B75_7'•75½7&ó7:8U8m8.‰8=¸8ö8C9'L9"t9 —9!¸97Ú9?:AR:V”:“ë:';0§;LØ;*%<.P<)<F©<'ð<1=1J=|=@œ= Ý=7è=9 >Z>3q>¥>¿>Ö>(ö>?CZCmC!‡C©C»CÎCíC D!D6DPD6nDI¥D&ïD#E\:E'—E)¿E8éE("F2KF,~F2«F"ÞFG(GFGbG"uG˜G&´G(ÛG1H&6H']H%…H"«HÎHëH I'IGI*eI$IµIÉIáIöI J*0J[JjJ}J˜J%¯J'ÕJýJK 4K,UKC‚KÆKÜK!üKL1LCL_LL—L4µLêLüL1M$IMnMˆM™M*¶M áMN N2N0MN~N3”NÈNÞNúN O$O=OTOdOuO‘O­O!ËO/íO-PKPgP{P%ŽP%´P ÚP*æP#Q&5Q-\QfŠQñS T"T;TQTeTÆ„T3KVXXf®X Z"Z3ZGZ&fZZ–Z*µZ3àZf[${[> [Pß[0\$P\au\N×\0&]0W]ˆ]*¡]FÌ]0^D^d^z^cŽ^cò^!V_x_Ž_•_S¤_2ø_+`[I`*¥`Ð`ð`OaQQa"£a-Æa0ôaR%b.xb1§bDÙb)cDHcHcÖc1öc7(d`d!dŠ¡dv,eD£e'èe(f49fjnfNÙf=(g!fg-ˆgI¶gbh>ch¢h>¿h3þh.2i:ai2œi5Ïi3j<9jKvj0Âj*ójVk3uk.©kTØk2-l9`l[šlvöltmmkâmNnkn?€nªÀnHkou´o1*pC\pb pNq;RqCŽqGÒq6r*Qr+|r"¨rDËr`s´qsE&tlt#†tDªtUït<Eu ‚u4u4Åu:úuQ5vC‡v5ËvVwWXw`°wPx`bxMÃx#yF5y;|yO¸y8z@Az3‚zD¶zBûz)>{Mh{8¶{Lï{7<|dt|*Ù|.}-3}aa}Ã}eã}LI~–~.¯~<Þ~QYm`Ç’(€¹»€Ou?Å…‚?‹‚EË‚?ƒZQƒC¬ƒ5ðƒ\&„8ƒ„i¼„&…JB…J…$Ø…jý…'h†'†'¸†Gà†$(‡M‡/j‡4š‡?χ5ˆ6EˆC|ˆ!Àˆ„âˆ%g‰‰¡‰AÁ‰CŠ-GŠ-uŠ£Š'ºŠ1âŠ%‹.:‹#i‹-‹-»‹.鋌 7Œ5XŒŽŒG­ŒõŒO&T{Y™-ó !ŽBŽ)\Ž(†Ž¯ŽÅŽ6ÝŽ,DAZ†>á9 uZ8Ð. ‘D8‘+}‘?©‘8é‘V"’My’'Ç’;ï’&+“R“1m“/Ÿ“:Ï“< ”KG”:“”CΔ:•<M•MŠ•)Ø•)–+,–*X–5ƒ–:¹–ô–(—9—T—5s—9©—$ã—(˜31˜*e˜:˜0˘"ü˜™$=™?b™i¢™ š/&š'Vš&~š¥š$½š.âš(›%:›H`›©›$À›[å›KAœ4œœ#Ùœ7ýœ(5;^(š7ÃOûKžJdž¯ž*Ëžöž"Ÿ/4Ÿ)dŸŽŸ ¤Ÿ#ÅŸ#éŸ+  59 Bo <² Cï %3¡ Y¡Bz¡@½¡ þ¡6¢6?¢;v¢N²¢+í4ÁGFý6RKƒLŒ¼¶” ¡zÇO«E[Àê|B%ø†i5mM¬@Ã)ÒV^’ž %Kã‡ØQB(“¾¸ÊOU(Ä#x;° Ùe &!.²®8¨4·Í#è½ßJ;:Nôü­>Aˆ¯sovd,j•I´8 "ánÏÌI><N„=@rб€¢©/Üt{5ï<›œa '+â1Ûfé)û£"—lðþ÷y˜JG‚ÝŪÿP0Š -‘H»¥Ÿ9àcºëæµE2LQ=g¦…]Rú$õ–HÔWDóÂSkä:Þ`XY* F32ZùìòTC¿.7!ÖP¤×wh§9b' Ñuñ~p_ šÈ 7&ÓÉ\$ç?‹MËŽ0Æö*å/3D,C61 }ÕAÚ -?¹Îq³ host unmatched Command allowed Command denied Command unmatched LDAP Role: %s LDAP Role: UNKNOWN Options: -c, --check check-only mode -f, --file=file specify sudoers file location -h, --help display help message and exit -q, --quiet less verbose (quiet) syntax error messages -s, --strict strict syntax checking -V, --version display version information and exit -x, --export=file export sudoers in JSON format Options: -d, --directory=dir specify directory for session logs -f, --filter=filter specify which I/O type(s) to display -h, --help display help message and exit -l, --list list available session IDs, with optional expression -m, --max-wait=num max number of seconds to wait between events -s, --speed=num speed up or slow down output -V, --version display version information and exit Sudoers entry: Sudoers path: %s We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Commands: Options: Order: %s RunAsGroups: RunAsUsers: %8s : %s%8s : (command continued) %s%s - replay sudo session logs %s - safely edit the sudoers file %s and %s not on the same file system, using mv to rename%s busy, try again later%s exists but is not a directory (0%o)%s exists but is not a regular file (0%o)%s grammar version %d %s is not a regular file%s is not allowed to run sudo on %s. This incident will be reported. %s is not in the sudoers file. This incident will be reported. %s is owned by gid %u, should be %u%s is owned by uid %u, should be %u%s is world writable%s must be owned by uid %d%s must only be writable by owner%s owned by uid %u, should be uid %u%s requires an argument%s unchanged%s version %s %s writable by non-owner (0%o), should be mode 0600%s writable by non-owner (0%o), should be mode 0700%s/%.2s/%.2s/%.2s/timing: %s%s/%s/timing: %s%s: %s%s: %s: %s: %s%s: Cannot verify TGT! Possible attack!: %s%s: bad permissions, should be mode 0%o %s: command not found%s: incompatible group plugin major version %d, expected %d%s: invalid log file%s: parsed OK %s: read error%s: runas group field is missing%s: runas user field is missing%s: time stamp %s: %s%s: time stamp field is missing%s: unable to allocate options: %s%s: unable to convert principal to string ('%s'): %s%s: unable to get credentials: %s%s: unable to get host principal: %s%s: unable to initialize credential cache: %s%s: unable to parse '%s': %s%s: unable to resolve credential cache: %s%s: unable to store credential in cache: %s%s: unused %s_Alias %s%s: user field is missing%s: wrong owner (uid, gid) should be (%u, %u) %u incorrect password attempt%u incorrect password attempts*** SECURITY information for %h ***Account expired or PAM config lacks an "account" section for sudo, contact your system administratorAccount or password is expired, reset your password and try againAdd an entry to the utmp/utmpx file when allocating a ptyAddress to send mail from: %sAddress to send mail to: %sAlias `%s' already definedAllow some information gathering to give useful error messagesAllow sudo to prompt for a password even if it would be visibleAllow users to set arbitrary environment variablesAlways run commands in a pseudo-ttyAlways send mail when sudo is runAlways set $HOME to the target user's home directoryApply defaults in the target user's login class if there is oneAttempt to establish PAM credentials for the target userAuthentication methods:Authentication timestamp timeout: %.1f minutesCompress I/O logs using zlibCould not determine audit conditionCreate a new PAM session for the command to run inDefault password prompt: %sDefault user to run commands as: %sDirectory in which to store input/output logs: %sDon't initialize the group vector to that of the target userEnvironment variables to check for sanity:Environment variables to preserve:Environment variables to remove:Error: %s_Alias `%s' referenced but not definedError: cycle in %s_Alias `%s'File containing the sudo lecture: %sFile descriptors >= %d will be closed before executing a commandFile in which to store the input/output log: %sFlags for mail program: %sIf LDAP directory is up, do we ignore local sudoers fileIf set, passprompt will override system prompt in all cases.If set, users may override the value of `closefrom' with the -C optionIf sudo is invoked with no arguments, start a shellIgnore '.' in $PATHIncorrect password message: %sInsult the user when they enter an incorrect passwordInvalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication.Lecture user the first time they run sudoLength at which to wrap log file lines (0 for no wrap): %uLocal IP address and netmask pairs: Locale to use while parsing sudoers: %sLog geometry is %d x %d, your terminal's geometry is %d x %d.Log the hostname in the (non-syslog) log fileLog the output of the command being runLog the year in the (non-syslog) log fileLog user's input for the command being runMatching Defaults entries for %s on %s: Maximum I/O log sequence number: %uNo user or hostNumber of tries to enter a password: %uOnly allow the user to run sudo if they have a ttyOnly set the effective uid to the target user, not the real uidOptions are: (e)dit sudoers file again e(x)it without saving changes to sudoers file (Q)uit and save changes to sudoers file (DANGER!) Owner of the authentication timestamp dir: %sPAM authentication error: %sPAM service name to usePAM service name to use for login shellsPassword expired, contact your system administratorPassword prompt timeout: %.1f minutesPassword:Path to authentication timestamp dir: %sPath to log file: %sPath to mail program: %sPath to the editor for use by visudo: %sPath to the sudo-specific environment file: %sPlugin for non-Unix group support: %sPreload the dummy exec functions contained in the sudo_noexec libraryPrompt for root's password, not the users'sPrompt for the runas_default user's password, not the users'sPrompt for the target user's password, not the users'sProvide visual feedback at the password prompt when there is user inputPut OTP prompt on its own lineReplaying sudo session: %s Require fully-qualified hostnames in the sudoers fileRequire users to authenticate by defaultReset the environment to a default set of variablesRoot may run sudoRun commands on a pty in the backgroundRunas and Command-specific defaults for %s: SELinux role to use in the new security context: %sSELinux type to use in the new security context: %sSecurID communication failedSend mail if the user is not allowed to run a commandSend mail if the user is not in sudoersSend mail if the user is not in sudoers for this hostSend mail if user authentication failsSet $HOME to the target user when starting a shell with -sSet of limit privilegesSet of permitted privilegesSet the LOGNAME and USER environment variablesSet the user in utmp to the runas user, not the invoking userSorry, try again.Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s. Sorry, user %s may not run sudo on %s. Subject line for mail messages: %sSudoers file grammar version %d Sudoers policy plugin version %s Syslog facility if syslog is being used for logging: %sSyslog priority to use when user authenticates successfully: %sSyslog priority to use when user authenticates unsuccessfully: %sThe umask specified in sudoers will override the user's, even if it is more permissiveThere are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option.Umask to use or 0777 to use user's: 0%oUse a separate timestamp for each user/tty comboUse faster globbing that is less accurate but does not access the filesystemUser %s is not allowed to run sudo on %s. User %s may run the following commands on %s: User ID locked for SecurID AuthenticationUsers in this group are exempt from password and PATH requirements: %sValue to override user's $PATH with: %sVisudo will honor the EDITOR environment variableWarning: %s_Alias `%s' referenced but not definedWarning: cycle in %s_Alias `%s'Warning: your terminal is too small to properly replay the log. What now? When to require a password for 'list' pseudocommand: %sWhen to require a password for 'verify' pseudocommand: %sa password is requiredaccount validation failure, is your account locked?ambiguous expression "%s"authentication failureauthentication server error: %scommand failed: '%s %s %s', %s unchangedcommand in current directorycommand not allowedcould not parse date "%s"digest for %s (%s) is not in %s formeditor (%s) failed, %s unchangederror renaming %s, %s unchangedfailed to initialise the ACE API libraryfailed to parse %s file, unknown errorfill_args: buffer overflowignoring `%s' found in '.' Use `sudo ./%s' if this is the `%s' you wish to run.illegal trailing "!"illegal trailing "or"internal error, %s overflowinternal error, unable to find %s in list!internal error: insufficient space for log lineinvalid Authentication Handle for SecurIDinvalid authentication methodsinvalid authentication typeinvalid filter option: %sinvalid max wait: %sinvalid passcode length for SecurIDinvalid regular expression: %sinvalid speed factor: %sinvalid sudoOrder attribute: %sinvalid timing file line: %sinvalid username length for SecurIDldap.conf path: %s ldap.secret path: %s lost connection to authentication serverno authentication methodsno editor found (editor path = %s)no ttyno valid sudoers sources found, quittingno value specified for `%s'nsswitch path: %s only root can use `-c %s'option `%s' does not take a valueparse error in %sparse error in %s parse error in %s near line %dparse error in %s near line %d perm stack overflowperm stack underflowpress return to edit %s: problem with defaults entriessorry, you are not allowed to preserve the environmentsorry, you are not allowed to set the following environment variables: %ssorry, you must have a tty to run sudospecified editor (%s) doesn't existstart_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()starttls not supported when using ldapssudo_ldap_build_pass1 allocation mismatchsudo_ldap_conf_add_ports: out of space expanding hostbufsudo_ldap_conf_add_ports: port too largesudo_ldap_parse_uri: out of space building hostbufsudo_putenv: corrupted envp, length mismatchsudoers specifies that root is not allowed to sudotimestamp owner (%s): No such usertimestamp path too long: %stimestamp too far in the future: %20.20stoo many levels of includestoo many processesunable to begin bsd authenticationunable to build time filterunable to cache gid %u, already existsunable to cache group %s, already existsunable to cache group list for %s, already existsunable to cache uid %u, already existsunable to cache user %s, already existsunable to change expired password: %sunable to change mode of %s to 0%ounable to change to root gidunable to change to runas gidunable to change to runas uidunable to change to sudoers gidunable to commit audit recordunable to connect to authentication serverunable to contact the SecurID serverunable to create %sunable to dup stdin: %munable to execute %sunable to execute %s: %munable to find symbol "%s" in %sunable to find symbol "group_plugin" in %sunable to forkunable to fork: %munable to format timestampunable to get GMT timeunable to get login class for user %sunable to initialize BSD authenticationunable to initialize LDAP: %sunable to initialize PAMunable to initialize SIA sessionunable to initialize SSL cert and key db: %sunable to initialize SSS source. Is SSSD installed on your machine?unable to load %s: %sunable to lock log file: %s: %sunable to mix ldap and ldaps URIsunable to mkdir %sunable to open %sunable to open audit systemunable to open log file: %s: %sunable to open pipe: %munable to parse groups for %sunable to re-open temporary file (%s), %s unchanged.unable to read %sunable to read fwtk configunable to remove %s, will reset to the Unix epochunable to reset %s to the Unix epochunable to resolve host %sunable to run %sunable to send audit messageunable to set (uid, gid) of %s to (%u, %u)unable to set runas group vectorunable to set tty to raw modeunable to stat %sunable to stat editor (%s)unable to stat temporary file (%s), %s unchangedunable to write to %sunabled to parse temporary file (%s), unknown errorunknown SecurID errorunknown defaults entry `%s'unknown group: %sunknown login class: %sunknown search term "%s"unknown search type %dunknown uid: %uunknown user: %sunmatched '(' in expressionunmatched ')' in expressionunsupported LDAP uri type: %sunsupported digest type %d for %susage: %s [-h] [-d dir] -l [search expression] usage: %s [-h] [-d dir] [-m num] [-s num] ID user NOT authorized on hostuser NOT in sudoersvalidation failurevalue `%s' is invalid for option `%s'values for `%s' must start with a '/'write erroryou are not permitted to use the -C optionyou do not exist in the %s databaseyou must set TLS_CERT in %s to use SSLzero length temporary file (%s), %s unchangedProject-Id-Version: sudoers-1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-17 10:47-0700 PO-Revision-Date: 2013-12-29 15:17+0700 Last-Translator: Trần Ngá»c Quân Language-Team: Vietnamese Language: vi MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=1; plural=0; X-Language-Team-Website: X-Poedit-SourceCharset: UTF-8 X-Generator: Poedit 1.5.5 X-Poedit-Language: Vietnamese X-Poedit-Country: VIET NAM máy chá»§ không khá»›p Lệnh được phép Lệnh bị từ chối Lệnh không khá»›p Vai trò LDAP: %s Vai trò LDAP: KHÔNG HIỂU Tùy chá»n: -c, --check chế độ chỉ kiểm tra -f, --file=tệp chỉ định vị trí tập tin sudoers -h, --help hiển thị thông tin trợ giúp rồi thoát -q, --quiet tối thiểu hóa các thông tin (quiet: im lặng) -s, --strict kiểm tra cú pháp ngặt nghèo -V, --version hiển thị thông tin vá» phiên bản rồi thoát -x, --export=tệp xuất sudoers theo định dạng JSON Tùy chá»n: -d, --directory=th.mục chỉ định thư mục cho nhật ký phiên -f, --filter=bá»™-lá»c chỉ định kiểu V/R để hiển thị -h, --help hiển thị thông tin trợ giúp rồi thoát -l, --list liệt kê ID phiên sẵn có, vá»›i biểu thức tùy chá»n -m, --max-wait=sô số giây tối Ä‘a sẽ chá» giữa hai sá»± kiện -s, --speed=số tăng hoặc giảm tốc độ kết xuất -V, --version hiển thị thông tin vá» phiên bản rồi thoát Mục Sudoers: ÄÆ°á»ng dẫn Sudoers: %s Chúng tôi tin rằng bạn đã nhận được bài giảng từ Quản trị Hệ thống ná»™i bá»™. Có thể tóm lược chúng lại thành má»™t số Ä‘iểm quan trá»ng sau: #1) Tôn trá»ng sá»± riêng tư cá»§a ngưá»i khác. #2) NghÄ© trước khi gõ má»™t lệnh. #3) Quyá»n lá»±c lá»›n Ä‘i kèm vá»›i trách nhiệm lá»›n. Lệnh: Tùy chá»n: Thứ tá»±: %s ChạyVá»›iTưCáchNhóm: ChạyVá»›iTưCáchNgưá»iDùng: %8s : %s%8s : (lệnh tiếp tục) %s%s - chạy lại nhật ký phiên sudo %s - sá»­a tập tin sudoers má»™t cách an toàn %s và %s không ở trên cùng má»™t hệ thống tập tin, sá»­ dụng lệnh mv để đổi tên%s Ä‘ang bận, hãy thá»­ lại sau%s tồn tại nhưng không phải là má»™t thư mục (0%o)%s đã sẵn có nhưng không phải là má»™t tập tin bình thưá»ng (0%o)Ngữ pháp %s phiên bản %d %s không phải tập tin thưá»ng%s không được phép chạy lệnh sudo trên %s. Sá»± việc này sẽ được báo cáo. %s không trong tập tin sudoers. Sá»± việc này sẽ được báo cáo. %s được sở hữu bởi gid %u, nên là %u%s được sở hữu bởi uid %u, nên là %u%s ai ghi cÅ©ng được%s phải được sở hữu bởi uid %d%s phải là những thứ chỉ có thể ghi bởi chá»§ sở hữu%s được sở hữu bởi uid %u, nên là %u%s yêu cầu má»™t đối số%s không thay đổi%s phiên bản %s %s có thể được ghi bởi ngưá»i không sở hữu nó (0%o), cần đặt chế độ 0600%s có thể được ghi bởi ngưá»i không sở hữu nó (0%o), cần đặt chế độ 0700%s/%.2s/%.2s/%.2s/thá»i-gian: %s%s/%s/thá»i-gian: %s%s: %s%s: %s: %s: %s%s: Không thể thẩm tra TGT! Gần như chắc chắn là bị tấn công!: %s%s: phân quyá»n sai, phải ở chế độ 0%o %s: không tìm thấy lệnh%s: phiên bản số lá»›n phần bổ xung nhóm không tương thích %d, mong đợi %d%s: tập tin nhật ký không hợp lệ%s: vượt qua kiểm duyệt %s: lá»—i Ä‘á»c%s: thiếu trưá»ng “runas group†(chạy dưới danh nghÄ©a nhóm này)%s: thiếu trưá»ng “runas user†(chạy vá»›i tư cách tài khoản này)%s: dấu thá»i gian “%sâ€: %s%s: thiếu trưá»ng dấu vết thá»i gian%s: không thể phân bổ các tùy chá»n: %s%s: không thể chuyển đổi ngưá»i á»§y nhiệm sang chuá»—i (“%sâ€): %s%s: không thể lấy giấy á»§y nhiệm: %s%s: không thể lấy tên máy chá»§ chính: %s%s: không thể khởi tạo bá»™ nhá»› đệm “credentialâ€: %s%s: không thể phân tích “%sâ€: %s%s: không thể phân giải bá»™ nhá»› đệm “credentialâ€: %s%s: không thể cất giữ “credential†trong bá»™ nhá»› tạm: %s%s: không dùng %s_Bí_danh %s%s: thiếu trưá»ng tài khoản ngưá»i dùng%s: sai sở hữu (uid, gid) đáng lẽ là (%u, %u) đã sai mật khẩu %u lần*** Thông tin AN NINH cho %h ***Tài khoản hết hạn hoặc cấu hình PAM không có phiên “tài khoản†cho sudo, hãy liên hệ vá»›i ngưá»i quản trịMật khẩu hay tài khoản đã hết hạn sá»­ dụng, hãy đặt lại mật khẩu cá»§a bạn và thá»­ lạiThêm má»™t mục vào tập tin utmp/utmpx khi phân bổ má»™t ptyÄịa chỉ dùng để gá»­i thư: %sÄịa chỉ để gá»­i thư đến: %sBí danh “%s†đã được định nghÄ©a rồiCho phép má»™t số thông tin được thu thập để đưa ra các thông tin vá» lá»—i hữu dụngCho phép sudo há»i mật khẩu thậm chí ngay cả khi nó đã rõ ràngCho phép ngưá»i dùng đặt biến môi trưá»ng tùy ýLuôn chạy lệnh ở tty-giảLuôn gá»­i thư má»—i khi chạy lệnh sudoLuôn đặt biến $HOME cho thư mục home cá»§a ngưá»i dùng đíchÃp dụng mặc định trong lá»›p đăng nhập ngưá»i dùng đích nếu ở đây có má»™tThá»­ thiết lập á»§y nhiệm PAM cho ngưá»i dùng đíchPhương thức xác thá»±c:Thá»i gian chá» timestamp xác thá»±c tối Ä‘a: %.1f phútNén nhật ký V/R sá»­ dụng định dạng zlibKhông thể xác định Ä‘iá»u kiện auditTạo má»™t phiên PAM má»›i để lệnh chạy vá»›i nóLá»i nhắc nhập mật khẩu mặc định: %sTài khoản mặc định chạy lệnh như là: %sThư mục mà nó sẽ lưu nhật ký vào/ra: %sKhông khởi tạo véc-tÆ¡ nhóm cho ngưá»i dùng đíchCác biến môi trưá»ng được kiểm tra xem có đúng má»±c không:Các biến môi trưá»ng được giữ lại:Các biến môi trưá»ng bị gỡ bá»:Lá»—i: %s_Bí_danh “%s†được tham chiếu nhưng chưa được định nghÄ©aLá»—i: bí danh bị quẩn trong %s_Alias “%sâ€TẬP-TIN chứa thuyết trình vá» sudo: %sCác bá»™ mô tả tập tin >= %d sẽ bị đóng trước khi chạy má»™t lệnhTập tin mà nó sẽ lưu nhật ký vào/ra: %sCác cá» dành cho chương trình gá»­i thư (mail): %sNếu thư mục LDAP đã bật, chúng tôi sẽ lá» Ä‘i tập tin sudoers phải khôngNếu được đặt, lá»i nhắc mật khẩu sẽ đè lên dấu nhắc hệ thống trong má»i trưá»ng hợp.Nếu được đặt, ngưá»i dùng có thể ghi đè lên giá trị cá»§a “closefrom†bằng tùy chá»n -CNếu lệnh sudo được triệu gá»i mà không đưa ra tham số thì khởi chạy shell (hệ vá»)Bá» qua “.†trong $PATHSai mật khẩu: %sLăng mạ ngưá»i dùng khi há» nhập vào mật khẩu saiPhương thức xác thá»±c không hợp lệ được biên dịch vào trong sudo! Bạn không thể pha trá»™n kiểu xác thá»±c giữa standalone và non-standaloneHướng dẫn ngưá»i dùng lần đầu tiên há» chạy lệnh sudoÄá»™ dài mà tại đó các dòng trong tập tin nhật ký được ngắt dòng (0 là không ngắt dòng): %uCặp địa chỉ IP và mặt nạ cục bá»™: Miá»n địa phương sẽ sá»­ dụng khi phân tích sudoers: %sÄịnh dạng cá»§a nhật ký là %d x %d, định dạng cá»§a thiết bị cuối là %d x %d.Ghi nhật ký tên-máy-chá»§ vào tập tin nhật ký (không dùng syslog)Ghi lại nhật ký kết xuất cá»§a lệnh Ä‘ang chạyGhi nhật ký năm vào tập tin nhật ký (không dùng syslog)Ghi nhật ký kết xuất từ ngưá»i dùng cho lệnh Ä‘ang chạyCác mục mặc định khá»›p cho %s trên máy %s: Số lượng nhật ký I/O tối Ä‘a: %uKhông có tài khoản hay tên máy chá»§Số lần nhập mật khẩu: %uChỉ cho phép ngưá»i dùng chạy lệnh sudo nếu há» có ttyChỉ đặt uid Ä‘ang có hiệu lá»±c cho ngưá»i dùng đích, không sá»­ dụng uid thậtCác tùy chá»n là: (e) sá»­a lại tập tin sudoers (x) thoát ra mà không ghi lại tập tin sudoerse (q) thoát ra và ghi lại tập tin sudoers (NGUY HIỂM!) Chá»§ sở hữu đưá»ng dẫn thư mục timestamp xác thá»±c: %slá»—i xác thá»±c PAM: %sTên dịch vụ PAM được dùngTên dịch vụ PAM được dùng cho các hệ vỠđăng nhậpMật khẩu đã hết hạn dùng, hãy liên lạc vá»›i quản trị hệ thốngThá»i gian chá» nhắc mật khẩu tối Ä‘a: %.1f phútMật khẩu:ÄÆ°á»ng dẫn thư mục timestamp xác thá»±c: %sÄÆ°á»ng dẫn tá»›i tập tin nhật ký: “%sâ€Äưá»ng dẫn tá»›i chương trình gá»­i thư (mail) %sÄÆ°á»ng dẫn tá»›i trình biên soạn để sá»­ dụng cho lệnh visudo: %sÄÆ°á»ng dẫn tá»›i tập tin môi trưá»ng đặc-tả-sudo: %sPhần bổ xung cho há»— trợ nhóm không-Unix: %sTải trước các hàm thi hành giả được chứa trong thư viện sudo_noexecHá»i mật khẩu cá»§a siêu ngưá»i dùng, chứ không phải cá»§a ngưá»i dùngNhắc mật khẩu cá»§a ngưá»i dùng runas_mặc_định, không phải cá»§a ngưá»i dùngNhắc mật khẩu cá»§a ngưá»i dùng đích, không phải cái hiện tạiCung cấp phản hồi ảo lúc nhắc mật khẩu khi đây là đầu nhập ngưá»i dùngÄặt nhắc OTP (mật khẩu dùng má»™t lần) tại dòng nó sở hữuÄang chạy lại phiên sudo: %s Yêu cầu tên máy chá»§ dạng đầy đủ trong tập tin sudoersYêu cầu ngưá»i dùng chứng thá»±c theo mặc địnhÄặt lại biến môi trưá»ng thành giá trị mặc định cá»§a chúngSiêu ngưá»i dùng (root) có thể chạy lệnh sudoChạy các câu lệnh trên má»™t pty trong ná»n hệ thốngRunas và Äặc-tả-lệnh mặc định cho %s: Vai trò SELinux được dùng trong ngữ cảnh an ninh má»›i: %sKiểu SELinux được dùng trong ngữ cảnh an ninh má»›i: %sTruyá»n thông vá»›i SecurID gặp lá»—iGá»­i thư nếu ngưá»i dùng không được phép chạy lệnh nào đóGá»­i thư nếu ngưá»i dùng không ở trong sudoersGá»­i thư nếu ngưá»i dùng không có trong sudoers cho máy chá»§ nàyGá»­i thư nếu xác thá»±c ngưá»i dùng gặp lá»—iÄặt biến $HOME cho ngưá»i dùng đích khi sá»­ dụng hệ vá» (shell) vá»›i tùy chá»n -sTập hợp các quyá»n bị giá»›i hạnTập hợp các đặc quyá»n được phépÄặt biến môi trưá»ng LOGNAME và USERÄặt ngưá»i dùng trong utmp thành ngưá»i dùng runasr, không phải ngưá»i dùng gá»iRất tiếc, hãy thá»­ lại.Rất tiếc, tài khoản %s không được phép thi hành “%s%s%s†như là %s%s%s trên %s. Rất tiếc, tài khoảnr %s không được chạy lệnh sudo trên %s. Chá»§ đỠcho thư: %sPhiên bản ngữ pháp tập tin Sudoers %d Phiên bản cá»§a phần bổ xung chính sách Sudoers %s Trang bị Syslog nếu syslog được sá»­ dụng cho việc ghi nhật ký: %sMức ưu tiên Syslog sẽ sá»­ dụng khi ngưá»i dùng đăng nhập thành công: %sMức ưu tiên Syslog sẽ sá»­ dụng khi ngưá»i dùng đăng nhập không thành công: %sGiá trị umask được chỉ định trong sudoers sẽ ghi đè lên giá trị này cá»§a ngưá»i dùng, thậm chí nó còn dá»… dãi hÆ¡nỞ đây không có phương thức xác thá»±c nào được dịch vào trong sudo! Nếu bạn muốn tắt xác thá»±c, sá»­ dụng tùy chá»n cấu hình --disable-authenticationUmask để sá»­ dụng hoặc 0777 để sá»­ dụng cá»§a ngưá»i dùng: 0%oSá»­ dụng timestamp riêng rẽ cho từng cặp tkhoản/ttySá»­ dụng globbing kiểu nhanh hÆ¡n mà nó thì kém chính xác hÆ¡n nhưng lại không cần truy cập hệ thống tập tinTài khoản %s không được phép thi hành sudo trên %s. Ngưá»i dùng %s có thể chạy những lệnh sau trên máy %s: ID ngưá»i dùng bị khóa vá»›i “SecurID Authenticationâ€Những tài khoản trong nhóm này được miá»…n mật khẩu và yêu cầu PATH: %sGiá trị dùng để ghi đè lên $PATH cá»§a ngưá»i dùng: %sVisudo sẽ tôn trá»ng biến môi trưá»ng EDITORCảnh báo: %s_Bí_danh “%s†được tham chiếu nhưng chưa được định nghÄ©aCảnh báo: cycle (vòng tròn) trong %s_Alias “%sâ€Cảnh báo: thiết bị cuối quá nhỠđể có thể chạy nhật ký má»™t cách đúng đắn. Vậy làm gì bây giá»? Khi được yêu cầu mật khẩu cho “liệt kê†lệnh-giả: %sKhi được yêu cầu mật khẩu cho “thẩm tra†lệnh-giả: %sbắt buá»™c phải có mật khẩuxác thá»±c tài khoản gặp lá»—i nghiêm trá»ng, có phải tài khoản cá»§a bạn đã bị khóa?biểu thức không rõ ràng “%sâ€xác thá»±c gặp lá»—i nghiêm trá»nglá»—i máy phục vụ xác thá»±c: %sthá»±c hiện lệnh gặp lá»—i: “%s %s %sâ€, %s không thay đổilệnh trong thư mục hiện hànhlệnh không được phépkhông thể phân tích ngày tháng “%sâ€tóm lược cho %s (%s) không ở dạng thức %strình biên soạn (%s) gặp lá»—i, %s không thay đổi gìgặp lá»—i khi đổi tên %s, %s không thay đổigặp lá»—i khi khởi tạo thư viện “ACE APIâ€gặp lá»—i khi phân tích tập tin %s, không rõ bị lá»—i gìfill_args: bá»™ đệm bị trànÄ‘ang bá» qua “%s†được tìm thấy trong “.†Sá»­ dụng “sudo ./%s†nếu đây là “%s†bạn muốn chạy.có “!†không hợp lệ Ä‘i sausai Ä‘uôi “orâ€lá»—i ná»™i bá»™, %s bị trànlá»—i hệ thống, không thể tìm thấy %s trong danh sách!lá»—i ná»™i bá»™: thiếu khoảng trống cho dòng ghi nhật kýsai Bá»™ Tiếp Hợp Xác Thá»±c cho SecurIDPhương thức xác thá»±c không hợp lệkiểu xác thá»±c saitùy chá»n lá»c không hợp lệ: %sthá»i gian chá» tối Ä‘a không hợp lệ: %ssai chiá»u dài passcode cho SecurIDbiểu thức chính quy không hợp lệ: %ssai hệ số nhân tốc độ: %sthuá»™c tính sudoOrder không hợp lệ: %ssai dòng ghi thá»i gian trong tập tin: %ssai chiá»u dài tên tài khoản cho SecurIDđưá»ng dẫn ldap.conf: %s đưá»ng dẫn ldap.secret: %s mất kết nối đến máy phục vụ xác thá»±cchưa có phương thức xáckhông tìm thấy trình biên soạn (đưá»ng dẫn cá»§a nó = %s)không có ttykhông có ngưá»i dùng hợp lệ nào được tìm thấy, Ä‘ang thoát rachưa chỉ ra giá trị cho “%sâ€Ä‘ưá»ng dẫn nsswitch: %s chỉ có siêu ngưá»i dùng (root) má»›i có thể sá»­ dụng tùy chá»n “-c %sâ€tùy chá»n “%s†không nhận giá trịgặp lá»—i phân tích trong %slá»—i cú pháp trong %s lá»—i phân tích trong %s gần dòng %dlá»—i cú pháp trong %s gần dòng %d stack perm bị trànperm stack tràn ngầmbấm phím để trở vá» chỉnh sá»­a %s:trục trặc vá»›i các mục mặc địnhrất tiếc, bạn không được phép giữ lại môi trưá»ngrất tiếc, bạn không được phép đặt các biến môi trưá»ng sau đây: %1srất tiếc, bạn phải có tty má»›i có thể chạy sudotrình biên soạn đã chỉ ra (%s) không tồn tạistart_tls được chỉ ra nhưng thư viện LDAP không há»— trợ ldap_start_tls_s() hoặc ldap_start_tls_s_np()starttls chỉ được há»— trợ khi dùng vá»›i ldapssudo_ldap_build_pass1 phân bổ không khá»›psudo_ldap_conf_add_ports: hết bá»™ nhá»› để mở rá»™ng hostbufsudo_ldap_conf_add_ports: cổng quá lá»›nsudo_ldap_parse_uri: hết bá»™ nhá»› để xây dá»±ng hostbufsudo_putenv: envp sai há»ng, chiá»u dài không khá»›psudoers đã ghi rõ là siêu ngưá»i dùng (root) không được phép chạy sudongưá»i sở hữu timestamp (%s): Không có ngưá»i dùng nào như vậyđưá»ng dẫn timestamp quá dài: %sdấu vết thá»i gian nằm ở thì tương lai: %20.20squá nhiá»u cấp bao gồm (include)quá nhiá»u tiến trìnhkhông thể khởi chạy xác thá»±c kiểu bsdkhông thể xây dá»±ng bá»™ lá»c thá»i giankhông thể lưu nhá»› tạm gid %u, đã có sẵn rồikhông thể lưu nhá»› tạm nhóm %s, đã có sẵn rồikhông thể lưu nhá»› tạm danh sách nhóm cho %s, đã có sẵn rồikhông thể lưu nhá»› tạm uid %u, đã có sẵn rồikhông thể lưu nhá»› tạm tài khoản %s, đã có sẵn rồikhông thể thay đổi mật khẩu đã hết hạn: %skhông thể chuyển đổi chế độ cá»§a %s thành 0%okhông thể thay đổi chỉ số nhóm gid cá»§a siêu ngưá»i dùng rootkhông thể thay đổi thành runas gidkhông thể thay đổi thành runas uidkhông thể thay đổi thành gid sudoerskhông thể chuyển giao bản ghi auditkhông thể kết nối tá»›i máy chá»§ xác thá»±ckhông thể liên lạc được vá»›i máy chá»§ SecurIDkhông thể tạo “%sâ€không thể dup (nhân bản) stdin: %mkhông thể thá»±c thi %skhông thể thá»±c thi %s: %mkhông thể tìm thấy ký hiệu “%s†trong %skhông tìm thấy ký hiệu “group_plugin†trong %skhông thể tạo tiến trình conkhông thể tạo tiến trình con: %mkhông thể định dạng dấu-vết-thá»i-giankhông thể lấy giá» quốc tế (GMT)không thể lấy lá»›p đăng nhập cho tài khoản %skhông thể khởi tạo xác thá»±c kiểu BSDkhông thể khởi tạo LDAP: %skhông thể khởi tạo PAMkhông thể khởi tạo phiên SIAkhông thể khởi tạo chứng nhận SSL và csdl khóa: %skhông thể khởi tạo nguồn SSS. SSSD đã được cài đặt trên máy cá»§a bạn chưa vậy?không thể tải %s: %skhông thể khóa tập tin nhật ký: %s: %skhông thể trá»™n ldap và ldaps URIskhông thể tạo thư mục “%sâ€không mở được %skhông thể mở hệ thống auditkhông thể mở tập tin nhật ký: %s: %skhông thể mở ống dẫn lệnh: %mkhông thể phân tích nhóm cho %skhông thể mở lại tập tin tạm (%s), %s không thay đổi gì.không thể Ä‘á»c %skhông thể Ä‘á»c cấu hình fwtkkhông thể gỡ bá» %s, sẽ đặt lại thành thá»i Ä‘iểm bắt đầu kiểu Unixkhông thể đặt lại %s thành thá»i Ä‘iểm bắt đầu kiểu Unixkhông thể phân giải địa chỉ cá»§a máy %skhông thể chạy %skhông thể gá»­i thông tin auditkhông thể đặt (uid, gid) cá»§a %s thành (%u, %u)không thể đặt véc-tÆ¡ nhóm runaskhông thể đặt thiết bị tty chế độ raw (thô)không thể lấy trạng thái vá» %skhông thể lấy thống kê trình biên soạn (%s)không thể lấy thống kê tập tin tạm (%s), %s không thay đổi gì.không thể ghi vào %skhông thể phân tích tập tin tạm (%s), lá»—i chưa được biếtkhông hiểu lá»—i SecurIDkhông hiểu mục mặc định “%sâ€không nhận ra nhóm: %skhông rõ lá»›p đăng nhập: %skhông hiểu giá»›i hạn tìm kiếm “%sâ€không hiểu kiểu tìm kiếm “%dâ€không biết UID: %ukhông hiểu ngưá»i dùng: %sthiếu “(†trong biểu thứcthiếu “)†trong biểu thứckhông há»— trợ kiểu “LDAP uriâ€: %skhông há»— trợ kiểu tóm lược %d dành cho %scách dùng: %s [-h] [-d th.mục] -l [biểu thức tìm kiếm] cách dùng: %s [-h] [-d thư-mục] [-m số] [-s số] ID tài khoản KHÔNG được cho phép sá»­ dụng trên máy chá»§tài khoản KHÔNG có trong sudoersviệc phê chuẩn thất bạigiá trị “%s†là không hợp lệ cho tùy chá»n “%sâ€giá trị cho “%s†phải bắt đầu bằng má»™t “/â€lá»—i ghibạn không được phép sá»­ dụng tùy chá»n -Cbạn không tồn tại trong cÆ¡ sở dữ liệu %sbạn phải đặt TLS_CERT trong %s để sá»­ dụng SSLtập tin tạm (%s) có chiá»u dài bằng không, %s không thay đổi gìsudo-1.8.9p5/plugins/sudoers/po/vi.po010064400175440000012000001706571226304126300171240ustar00millertstaff# Vietnamese translation for sudo. # Bản dịch tiếng Việt dành cho sudo. # This file is put in the public domain. # Trần Ngá»c Quân , 2012-2013. # msgid "" msgstr "" "Project-Id-Version: sudoers-1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-17 10:47-0700\n" "PO-Revision-Date: 2013-12-29 15:17+0700\n" "Last-Translator: Trần Ngá»c Quân \n" "Language-Team: Vietnamese \n" "Language: vi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Language-Team-Website: \n" "X-Poedit-SourceCharset: UTF-8\n" "X-Generator: Poedit 1.5.5\n" "X-Poedit-Language: Vietnamese\n" "X-Poedit-Country: VIET NAM\n" #: confstr.sh:2 msgid "Password:" msgstr "Mật khẩu:" #: confstr.sh:3 msgid "*** SECURITY information for %h ***" msgstr "*** Thông tin AN NINH cho %h ***" #: confstr.sh:4 msgid "Sorry, try again." msgstr "Rất tiếc, hãy thá»­ lại." #: plugins/sudoers/alias.c:136 #, c-format msgid "Alias `%s' already defined" msgstr "Bí danh “%s†đã được định nghÄ©a rồi" #: plugins/sudoers/auth/bsdauth.c:75 #, c-format msgid "unable to get login class for user %s" msgstr "không thể lấy lá»›p đăng nhập cho tài khoản %s" #: plugins/sudoers/auth/bsdauth.c:81 msgid "unable to begin bsd authentication" msgstr "không thể khởi chạy xác thá»±c kiểu bsd" #: plugins/sudoers/auth/bsdauth.c:89 msgid "invalid authentication type" msgstr "kiểu xác thá»±c sai" #: plugins/sudoers/auth/bsdauth.c:98 msgid "unable to initialize BSD authentication" msgstr "không thể khởi tạo xác thá»±c kiểu BSD" #: plugins/sudoers/auth/fwtk.c:59 msgid "unable to read fwtk config" msgstr "không thể Ä‘á»c cấu hình fwtk" #: plugins/sudoers/auth/fwtk.c:64 msgid "unable to connect to authentication server" msgstr "không thể kết nối tá»›i máy chá»§ xác thá»±c" #: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 #: plugins/sudoers/auth/fwtk.c:127 msgid "lost connection to authentication server" msgstr "mất kết nối đến máy phục vụ xác thá»±c" #: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" "lá»—i máy phục vụ xác thá»±c:\n" "%s" #: plugins/sudoers/auth/kerb5.c:116 #, c-format msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s: không thể chuyển đổi ngưá»i á»§y nhiệm sang chuá»—i (“%sâ€): %s" #: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: không thể phân tích “%sâ€: %s" #: plugins/sudoers/auth/kerb5.c:169 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: không thể phân giải bá»™ nhá»› đệm “credentialâ€: %s" #: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: không thể phân bổ các tùy chá»n: %s" #: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: không thể lấy giấy á»§y nhiệm: %s" #: plugins/sudoers/auth/kerb5.c:246 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: không thể khởi tạo bá»™ nhá»› đệm “credentialâ€: %s" #: plugins/sudoers/auth/kerb5.c:250 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: không thể cất giữ “credential†trong bá»™ nhá»› tạm: %s" #: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: không thể lấy tên máy chá»§ chính: %s" #: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: Không thể thẩm tra TGT! Gần như chắc chắn là bị tấn công!: %s" #: plugins/sudoers/auth/pam.c:98 msgid "unable to initialize PAM" msgstr "không thể khởi tạo PAM" #: plugins/sudoers/auth/pam.c:149 msgid "account validation failure, is your account locked?" msgstr "xác thá»±c tài khoản gặp lá»—i nghiêm trá»ng, có phải tài khoản cá»§a bạn đã bị khóa?" #: plugins/sudoers/auth/pam.c:153 msgid "Account or password is expired, reset your password and try again" msgstr "Mật khẩu hay tài khoản đã hết hạn sá»­ dụng, hãy đặt lại mật khẩu cá»§a bạn và thá»­ lại" #: plugins/sudoers/auth/pam.c:161 #, c-format msgid "unable to change expired password: %s" msgstr "không thể thay đổi mật khẩu đã hết hạn: %s" #: plugins/sudoers/auth/pam.c:166 msgid "Password expired, contact your system administrator" msgstr "Mật khẩu đã hết hạn dùng, hãy liên lạc vá»›i quản trị hệ thống" #: plugins/sudoers/auth/pam.c:170 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Tài khoản hết hạn hoặc cấu hình PAM không có phiên “tài khoản†cho sudo, hãy liên hệ vá»›i ngưá»i quản trị" #: plugins/sudoers/auth/pam.c:187 #, c-format msgid "PAM authentication error: %s" msgstr "lá»—i xác thá»±c PAM: %s" #: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:222 #, c-format msgid "you do not exist in the %s database" msgstr "bạn không tồn tại trong cÆ¡ sở dữ liệu %s" #: plugins/sudoers/auth/securid5.c:80 msgid "failed to initialise the ACE API library" msgstr "gặp lá»—i khi khởi tạo thư viện “ACE APIâ€" #: plugins/sudoers/auth/securid5.c:106 msgid "unable to contact the SecurID server" msgstr "không thể liên lạc được vá»›i máy chá»§ SecurID" #: plugins/sudoers/auth/securid5.c:115 msgid "User ID locked for SecurID Authentication" msgstr "ID ngưá»i dùng bị khóa vá»›i “SecurID Authenticationâ€" #: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 msgid "invalid username length for SecurID" msgstr "sai chiá»u dài tên tài khoản cho SecurID" #: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 msgid "invalid Authentication Handle for SecurID" msgstr "sai Bá»™ Tiếp Hợp Xác Thá»±c cho SecurID" #: plugins/sudoers/auth/securid5.c:127 msgid "SecurID communication failed" msgstr "Truyá»n thông vá»›i SecurID gặp lá»—i" #: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 msgid "unknown SecurID error" msgstr "không hiểu lá»—i SecurID" #: plugins/sudoers/auth/securid5.c:165 msgid "invalid passcode length for SecurID" msgstr "sai chiá»u dài passcode cho SecurID" #: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "không thể khởi tạo phiên SIA" #: plugins/sudoers/auth/sudo_auth.c:119 msgid "invalid authentication methods" msgstr "Phương thức xác thá»±c không hợp lệ" #: plugins/sudoers/auth/sudo_auth.c:120 msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." msgstr "Phương thức xác thá»±c không hợp lệ được biên dịch vào trong sudo! Bạn không thể pha trá»™n kiểu xác thá»±c giữa standalone và non-standalone" #: plugins/sudoers/auth/sudo_auth.c:203 msgid "no authentication methods" msgstr "chưa có phương thức xác" #: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "Ở đây không có phương thức xác thá»±c nào được dịch vào trong sudo! Nếu bạn muốn tắt xác thá»±c, sá»­ dụng tùy chá»n cấu hình --disable-authentication" #: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "Phương thức xác thá»±c:" #: plugins/sudoers/bsm_audit.c:91 plugins/sudoers/bsm_audit.c:158 msgid "Could not determine audit condition" msgstr "Không thể xác định Ä‘iá»u kiện audit" #: plugins/sudoers/bsm_audit.c:134 plugins/sudoers/bsm_audit.c:199 msgid "unable to commit audit record" msgstr "không thể chuyển giao bản ghi audit" #: plugins/sudoers/check.c:189 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" "Administrator. It usually boils down to these three things:\n" "\n" " #1) Respect the privacy of others.\n" " #2) Think before you type.\n" " #3) With great power comes great responsibility.\n" "\n" msgstr "" "\n" "Chúng tôi tin rằng bạn đã nhận được bài giảng từ Quản trị Hệ thống\n" "ná»™i bá»™. Có thể tóm lược chúng lại thành má»™t số Ä‘iểm quan trá»ng sau:\n" "\n" " #1) Tôn trá»ng sá»± riêng tư cá»§a ngưá»i khác.\n" " #2) NghÄ© trước khi gõ má»™t lệnh.\n" " #3) Quyá»n lá»±c lá»›n Ä‘i kèm vá»›i trách nhiệm lá»›n.\n" "\n" #: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 #: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:588 #, c-format msgid "unknown uid: %u" msgstr "không biết UID: %u" #: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:657 #: plugins/sudoers/sudoers.c:850 plugins/sudoers/testsudoers.c:211 #: plugins/sudoers/testsudoers.c:363 #, c-format msgid "unknown user: %s" msgstr "không hiểu ngưá»i dùng: %s" #: plugins/sudoers/def_data.c:27 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "Trang bị Syslog nếu syslog được sá»­ dụng cho việc ghi nhật ký: %s" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "Mức ưu tiên Syslog sẽ sá»­ dụng khi ngưá»i dùng đăng nhập thành công: %s" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "Mức ưu tiên Syslog sẽ sá»­ dụng khi ngưá»i dùng đăng nhập không thành công: %s" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" msgstr "Äặt nhắc OTP (mật khẩu dùng má»™t lần) tại dòng nó sở hữu" #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" msgstr "Bá» qua “.†trong $PATH" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" msgstr "Luôn gá»­i thư má»—i khi chạy lệnh sudo" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" msgstr "Gá»­i thư nếu xác thá»±c ngưá»i dùng gặp lá»—i" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" msgstr "Gá»­i thư nếu ngưá»i dùng không ở trong sudoers" #: plugins/sudoers/def_data.c:59 msgid "Send mail if the user is not in sudoers for this host" msgstr "Gá»­i thư nếu ngưá»i dùng không có trong sudoers cho máy chá»§ này" #: plugins/sudoers/def_data.c:63 msgid "Send mail if the user is not allowed to run a command" msgstr "Gá»­i thư nếu ngưá»i dùng không được phép chạy lệnh nào đó" #: plugins/sudoers/def_data.c:67 msgid "Use a separate timestamp for each user/tty combo" msgstr "Sá»­ dụng timestamp riêng rẽ cho từng cặp tkhoản/tty" #: plugins/sudoers/def_data.c:71 msgid "Lecture user the first time they run sudo" msgstr "Hướng dẫn ngưá»i dùng lần đầu tiên há» chạy lệnh sudo" #: plugins/sudoers/def_data.c:75 #, c-format msgid "File containing the sudo lecture: %s" msgstr "TẬP-TIN chứa thuyết trình vá» sudo: %s" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" msgstr "Yêu cầu ngưá»i dùng chứng thá»±c theo mặc định" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" msgstr "Siêu ngưá»i dùng (root) có thể chạy lệnh sudo" #: plugins/sudoers/def_data.c:87 msgid "Log the hostname in the (non-syslog) log file" msgstr "Ghi nhật ký tên-máy-chá»§ vào tập tin nhật ký (không dùng syslog)" #: plugins/sudoers/def_data.c:91 msgid "Log the year in the (non-syslog) log file" msgstr "Ghi nhật ký năm vào tập tin nhật ký (không dùng syslog)" #: plugins/sudoers/def_data.c:95 msgid "If sudo is invoked with no arguments, start a shell" msgstr "Nếu lệnh sudo được triệu gá»i mà không đưa ra tham số thì khởi chạy shell (hệ vá»)" #: plugins/sudoers/def_data.c:99 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "Äặt biến $HOME cho ngưá»i dùng đích khi sá»­ dụng hệ vá» (shell) vá»›i tùy chá»n -s" #: plugins/sudoers/def_data.c:103 msgid "Always set $HOME to the target user's home directory" msgstr "Luôn đặt biến $HOME cho thư mục home cá»§a ngưá»i dùng đích" #: plugins/sudoers/def_data.c:107 msgid "Allow some information gathering to give useful error messages" msgstr "Cho phép má»™t số thông tin được thu thập để đưa ra các thông tin vá» lá»—i hữu dụng" #: plugins/sudoers/def_data.c:111 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "Yêu cầu tên máy chá»§ dạng đầy đủ trong tập tin sudoers" #: plugins/sudoers/def_data.c:115 msgid "Insult the user when they enter an incorrect password" msgstr "Lăng mạ ngưá»i dùng khi há» nhập vào mật khẩu sai" #: plugins/sudoers/def_data.c:119 msgid "Only allow the user to run sudo if they have a tty" msgstr "Chỉ cho phép ngưá»i dùng chạy lệnh sudo nếu há» có tty" #: plugins/sudoers/def_data.c:123 msgid "Visudo will honor the EDITOR environment variable" msgstr "Visudo sẽ tôn trá»ng biến môi trưá»ng EDITOR" #: plugins/sudoers/def_data.c:127 msgid "Prompt for root's password, not the users's" msgstr "Há»i mật khẩu cá»§a siêu ngưá»i dùng, chứ không phải cá»§a ngưá»i dùng" #: plugins/sudoers/def_data.c:131 msgid "Prompt for the runas_default user's password, not the users's" msgstr "Nhắc mật khẩu cá»§a ngưá»i dùng runas_mặc_định, không phải cá»§a ngưá»i dùng" #: plugins/sudoers/def_data.c:135 msgid "Prompt for the target user's password, not the users's" msgstr "Nhắc mật khẩu cá»§a ngưá»i dùng đích, không phải cái hiện tại" #: plugins/sudoers/def_data.c:139 msgid "Apply defaults in the target user's login class if there is one" msgstr "Ãp dụng mặc định trong lá»›p đăng nhập ngưá»i dùng đích nếu ở đây có má»™t" #: plugins/sudoers/def_data.c:143 msgid "Set the LOGNAME and USER environment variables" msgstr "Äặt biến môi trưá»ng LOGNAME và USER" #: plugins/sudoers/def_data.c:147 msgid "Only set the effective uid to the target user, not the real uid" msgstr "Chỉ đặt uid Ä‘ang có hiệu lá»±c cho ngưá»i dùng đích, không sá»­ dụng uid thật" #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" msgstr "Không khởi tạo véc-tÆ¡ nhóm cho ngưá»i dùng đích" #: plugins/sudoers/def_data.c:155 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %u" msgstr "Äá»™ dài mà tại đó các dòng trong tập tin nhật ký được ngắt dòng (0 là không ngắt dòng): %u" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "Thá»i gian chá» timestamp xác thá»±c tối Ä‘a: %.1f phút" #: plugins/sudoers/def_data.c:163 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "Thá»i gian chá» nhắc mật khẩu tối Ä‘a: %.1f phút" #: plugins/sudoers/def_data.c:167 #, c-format msgid "Number of tries to enter a password: %u" msgstr "Số lần nhập mật khẩu: %u" #: plugins/sudoers/def_data.c:171 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "Umask để sá»­ dụng hoặc 0777 để sá»­ dụng cá»§a ngưá»i dùng: 0%o" #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" msgstr "ÄÆ°á»ng dẫn tá»›i tập tin nhật ký: “%sâ€" #: plugins/sudoers/def_data.c:179 #, c-format msgid "Path to mail program: %s" msgstr "ÄÆ°á»ng dẫn tá»›i chương trình gá»­i thư (mail) %s" #: plugins/sudoers/def_data.c:183 #, c-format msgid "Flags for mail program: %s" msgstr "Các cá» dành cho chương trình gá»­i thư (mail): %s" #: plugins/sudoers/def_data.c:187 #, c-format msgid "Address to send mail to: %s" msgstr "Äịa chỉ để gá»­i thư đến: %s" #: plugins/sudoers/def_data.c:191 #, c-format msgid "Address to send mail from: %s" msgstr "Äịa chỉ dùng để gá»­i thư: %s" #: plugins/sudoers/def_data.c:195 #, c-format msgid "Subject line for mail messages: %s" msgstr "Chá»§ đỠcho thư: %s" #: plugins/sudoers/def_data.c:199 #, c-format msgid "Incorrect password message: %s" msgstr "Sai mật khẩu: %s" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "ÄÆ°á»ng dẫn thư mục timestamp xác thá»±c: %s" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "Chá»§ sở hữu đưá»ng dẫn thư mục timestamp xác thá»±c: %s" #: plugins/sudoers/def_data.c:211 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "Những tài khoản trong nhóm này được miá»…n mật khẩu và yêu cầu PATH: %s" #: plugins/sudoers/def_data.c:215 #, c-format msgid "Default password prompt: %s" msgstr "Lá»i nhắc nhập mật khẩu mặc định: %s" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." msgstr "Nếu được đặt, lá»i nhắc mật khẩu sẽ đè lên dấu nhắc hệ thống trong má»i trưá»ng hợp." #: plugins/sudoers/def_data.c:223 #, c-format msgid "Default user to run commands as: %s" msgstr "Tài khoản mặc định chạy lệnh như là: %s" #: plugins/sudoers/def_data.c:227 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "Giá trị dùng để ghi đè lên $PATH cá»§a ngưá»i dùng: %s" #: plugins/sudoers/def_data.c:231 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "ÄÆ°á»ng dẫn tá»›i trình biên soạn để sá»­ dụng cho lệnh visudo: %s" #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "Khi được yêu cầu mật khẩu cho “liệt kê†lệnh-giả: %s" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "Khi được yêu cầu mật khẩu cho “thẩm tra†lệnh-giả: %s" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in the sudo_noexec library" msgstr "Tải trước các hàm thi hành giả được chứa trong thư viện sudo_noexec" #: plugins/sudoers/def_data.c:247 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "Nếu thư mục LDAP đã bật, chúng tôi sẽ lá» Ä‘i tập tin sudoers phải không" #: plugins/sudoers/def_data.c:251 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "Các bá»™ mô tả tập tin >= %d sẽ bị đóng trước khi chạy má»™t lệnh" #: plugins/sudoers/def_data.c:255 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "Nếu được đặt, ngưá»i dùng có thể ghi đè lên giá trị cá»§a “closefrom†bằng tùy chá»n -C" #: plugins/sudoers/def_data.c:259 msgid "Allow users to set arbitrary environment variables" msgstr "Cho phép ngưá»i dùng đặt biến môi trưá»ng tùy ý" #: plugins/sudoers/def_data.c:263 msgid "Reset the environment to a default set of variables" msgstr "Äặt lại biến môi trưá»ng thành giá trị mặc định cá»§a chúng" #: plugins/sudoers/def_data.c:267 msgid "Environment variables to check for sanity:" msgstr "Các biến môi trưá»ng được kiểm tra xem có đúng má»±c không:" #: plugins/sudoers/def_data.c:271 msgid "Environment variables to remove:" msgstr "Các biến môi trưá»ng bị gỡ bá»:" #: plugins/sudoers/def_data.c:275 msgid "Environment variables to preserve:" msgstr "Các biến môi trưá»ng được giữ lại:" #: plugins/sudoers/def_data.c:279 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "Vai trò SELinux được dùng trong ngữ cảnh an ninh má»›i: %s" #: plugins/sudoers/def_data.c:283 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "Kiểu SELinux được dùng trong ngữ cảnh an ninh má»›i: %s" #: plugins/sudoers/def_data.c:287 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "ÄÆ°á»ng dẫn tá»›i tập tin môi trưá»ng đặc-tả-sudo: %s" #: plugins/sudoers/def_data.c:291 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "Miá»n địa phương sẽ sá»­ dụng khi phân tích sudoers: %s" #: plugins/sudoers/def_data.c:295 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "Cho phép sudo há»i mật khẩu thậm chí ngay cả khi nó đã rõ ràng" #: plugins/sudoers/def_data.c:299 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "Cung cấp phản hồi ảo lúc nhắc mật khẩu khi đây là đầu nhập ngưá»i dùng" #: plugins/sudoers/def_data.c:303 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "Sá»­ dụng globbing kiểu nhanh hÆ¡n mà nó thì kém chính xác hÆ¡n nhưng lại không cần truy cập hệ thống tập tin" #: plugins/sudoers/def_data.c:307 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "Giá trị umask được chỉ định trong sudoers sẽ ghi đè lên giá trị này cá»§a ngưá»i dùng, thậm chí nó còn dá»… dãi hÆ¡n" #: plugins/sudoers/def_data.c:311 msgid "Log user's input for the command being run" msgstr "Ghi nhật ký kết xuất từ ngưá»i dùng cho lệnh Ä‘ang chạy" #: plugins/sudoers/def_data.c:315 msgid "Log the output of the command being run" msgstr "Ghi lại nhật ký kết xuất cá»§a lệnh Ä‘ang chạy" #: plugins/sudoers/def_data.c:319 msgid "Compress I/O logs using zlib" msgstr "Nén nhật ký V/R sá»­ dụng định dạng zlib" #: plugins/sudoers/def_data.c:323 msgid "Always run commands in a pseudo-tty" msgstr "Luôn chạy lệnh ở tty-giả" #: plugins/sudoers/def_data.c:327 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "Phần bổ xung cho há»— trợ nhóm không-Unix: %s" #: plugins/sudoers/def_data.c:331 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "Thư mục mà nó sẽ lưu nhật ký vào/ra: %s" #: plugins/sudoers/def_data.c:335 #, c-format msgid "File in which to store the input/output log: %s" msgstr "Tập tin mà nó sẽ lưu nhật ký vào/ra: %s" #: plugins/sudoers/def_data.c:339 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "Thêm má»™t mục vào tập tin utmp/utmpx khi phân bổ má»™t pty" #: plugins/sudoers/def_data.c:343 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "Äặt ngưá»i dùng trong utmp thành ngưá»i dùng runasr, không phải ngưá»i dùng gá»i" #: plugins/sudoers/def_data.c:347 msgid "Set of permitted privileges" msgstr "Tập hợp các đặc quyá»n được phép" #: plugins/sudoers/def_data.c:351 msgid "Set of limit privileges" msgstr "Tập hợp các quyá»n bị giá»›i hạn" #: plugins/sudoers/def_data.c:355 msgid "Run commands on a pty in the background" msgstr "Chạy các câu lệnh trên má»™t pty trong ná»n hệ thống" #: plugins/sudoers/def_data.c:359 msgid "PAM service name to use" msgstr "Tên dịch vụ PAM được dùng" #: plugins/sudoers/def_data.c:363 msgid "PAM service name to use for login shells" msgstr "Tên dịch vụ PAM được dùng cho các hệ vỠđăng nhập" #: plugins/sudoers/def_data.c:367 msgid "Attempt to establish PAM credentials for the target user" msgstr "Thá»­ thiết lập á»§y nhiệm PAM cho ngưá»i dùng đích" #: plugins/sudoers/def_data.c:371 msgid "Create a new PAM session for the command to run in" msgstr "Tạo má»™t phiên PAM má»›i để lệnh chạy vá»›i nó" #: plugins/sudoers/def_data.c:375 #, c-format msgid "Maximum I/O log sequence number: %u" msgstr "Số lượng nhật ký I/O tối Ä‘a: %u" #: plugins/sudoers/defaults.c:210 plugins/sudoers/defaults.c:596 #: plugins/sudoers/visudo_json.c:611 plugins/sudoers/visudo_json.c:647 #, c-format msgid "unknown defaults entry `%s'" msgstr "không hiểu mục mặc định “%sâ€" #: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 #: plugins/sudoers/defaults.c:248 plugins/sudoers/defaults.c:261 #: plugins/sudoers/defaults.c:274 plugins/sudoers/defaults.c:287 #: plugins/sudoers/defaults.c:300 plugins/sudoers/defaults.c:320 #: plugins/sudoers/defaults.c:330 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "giá trị “%s†là không hợp lệ cho tùy chá»n “%sâ€" #: plugins/sudoers/defaults.c:221 plugins/sudoers/defaults.c:231 #: plugins/sudoers/defaults.c:239 plugins/sudoers/defaults.c:256 #: plugins/sudoers/defaults.c:269 plugins/sudoers/defaults.c:282 #: plugins/sudoers/defaults.c:295 plugins/sudoers/defaults.c:315 #: plugins/sudoers/defaults.c:326 #, c-format msgid "no value specified for `%s'" msgstr "chưa chỉ ra giá trị cho “%sâ€" #: plugins/sudoers/defaults.c:244 #, c-format msgid "values for `%s' must start with a '/'" msgstr "giá trị cho “%s†phải bắt đầu bằng má»™t “/â€" #: plugins/sudoers/defaults.c:306 #, c-format msgid "option `%s' does not take a value" msgstr "tùy chá»n “%s†không nhận giá trị" #: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 #: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 #: plugins/sudoers/policy.c:442 plugins/sudoers/policy.c:449 #: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:656 #: plugins/sudoers/testsudoers.c:241 #, c-format msgid "internal error, %s overflow" msgstr "lá»—i ná»™i bá»™, %s bị tràn" #: plugins/sudoers/env.c:367 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: envp sai há»ng, chiá»u dài không khá»›p" #: plugins/sudoers/env.c:1014 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "rất tiếc, bạn không được phép đặt các biến môi trưá»ng sau đây: %1s" #: plugins/sudoers/group_plugin.c:94 #, c-format msgid "%s must be owned by uid %d" msgstr "%s phải được sở hữu bởi uid %d" #: plugins/sudoers/group_plugin.c:98 #, c-format msgid "%s must only be writable by owner" msgstr "%s phải là những thứ chỉ có thể ghi bởi chá»§ sở hữu" #: plugins/sudoers/group_plugin.c:105 plugins/sudoers/sssd.c:251 #, c-format msgid "unable to load %s: %s" msgstr "không thể tải %s: %s" #: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "không tìm thấy ký hiệu “group_plugin†trong %s" #: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: phiên bản số lá»›n phần bổ xung nhóm không tương thích %d, mong đợi %d" #: plugins/sudoers/interfaces.c:118 msgid "Local IP address and netmask pairs:\n" msgstr "Cặp địa chỉ IP và mặt nạ cục bá»™:\n" #: plugins/sudoers/iolog.c:99 plugins/sudoers/iolog.c:112 #: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s tồn tại nhưng không phải là má»™t thư mục (0%o)" #: plugins/sudoers/iolog.c:109 plugins/sudoers/iolog.c:123 #: plugins/sudoers/iolog.c:127 plugins/sudoers/timestamp.c:165 #: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 #, c-format msgid "unable to mkdir %s" msgstr "không thể tạo thư mục “%sâ€" #: plugins/sudoers/iolog.c:190 plugins/sudoers/sudoers.c:710 #: plugins/sudoers/sudoreplay.c:340 plugins/sudoers/sudoreplay.c:811 #: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/timestamp.c:155 #: plugins/sudoers/visudo.c:824 plugins/sudoers/visudo_json.c:995 #: plugins/sudoers/visudo_json.c:1003 #, c-format msgid "unable to open %s" msgstr "không mở được %s" #: plugins/sudoers/iolog.c:223 plugins/sudoers/sudoers.c:713 #: plugins/sudoers/sudoreplay.c:1112 #, c-format msgid "unable to read %s" msgstr "không thể Ä‘á»c %s" #: plugins/sudoers/iolog.c:247 plugins/sudoers/sudoreplay.c:580 #: plugins/sudoers/timestamp.c:159 #, c-format msgid "unable to write to %s" msgstr "không thể ghi vào %s" #: plugins/sudoers/iolog.c:307 plugins/sudoers/iolog.c:500 #, c-format msgid "unable to create %s" msgstr "không thể tạo “%sâ€" #: plugins/sudoers/ldap.c:403 msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: cổng quá lá»›n" #: plugins/sudoers/ldap.c:426 msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: hết bá»™ nhá»› để mở rá»™ng hostbuf" #: plugins/sudoers/ldap.c:458 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "không há»— trợ kiểu “LDAP uriâ€: %s" #: plugins/sudoers/ldap.c:489 msgid "unable to mix ldap and ldaps URIs" msgstr "không thể trá»™n ldap và ldaps URIs" #: plugins/sudoers/ldap.c:493 plugins/sudoers/ldap.c:525 msgid "starttls not supported when using ldaps" msgstr "starttls chỉ được há»— trợ khi dùng vá»›i ldaps" #: plugins/sudoers/ldap.c:511 msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: hết bá»™ nhá»› để xây dá»±ng hostbuf" #: plugins/sudoers/ldap.c:592 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "không thể khởi tạo chứng nhận SSL và csdl khóa: %s" #: plugins/sudoers/ldap.c:595 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "bạn phải đặt TLS_CERT trong %s để sá»­ dụng SSL" #: plugins/sudoers/ldap.c:1086 msgid "unable to get GMT time" msgstr "không thể lấy giá» quốc tế (GMT)" #: plugins/sudoers/ldap.c:1092 msgid "unable to format timestamp" msgstr "không thể định dạng dấu-vết-thá»i-gian" #: plugins/sudoers/ldap.c:1100 msgid "unable to build time filter" msgstr "không thể xây dá»±ng bá»™ lá»c thá»i gian" #: plugins/sudoers/ldap.c:1319 msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "sudo_ldap_build_pass1 phân bổ không khá»›p" #: plugins/sudoers/ldap.c:1424 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" #: plugins/sudoers/ldap.c:1899 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" "\n" "Vai trò LDAP: %s\n" #: plugins/sudoers/ldap.c:1901 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" "\n" "Vai trò LDAP: KHÔNG HIỂU\n" #: plugins/sudoers/ldap.c:1948 #, c-format msgid " Order: %s\n" msgstr " Thứ tá»±: %s\n" #: plugins/sudoers/ldap.c:1956 plugins/sudoers/parse.c:504 #: plugins/sudoers/sssd.c:1295 #, c-format msgid " Commands:\n" msgstr " Lệnh:\n" #: plugins/sudoers/ldap.c:2499 #, c-format msgid "unable to initialize LDAP: %s" msgstr "không thể khởi tạo LDAP: %s" #: plugins/sudoers/ldap.c:2541 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls được chỉ ra nhưng thư viện LDAP không há»— trợ ldap_start_tls_s() hoặc ldap_start_tls_s_np()" #: plugins/sudoers/ldap.c:2774 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "thuá»™c tính sudoOrder không hợp lệ: %s" #: plugins/sudoers/linux_audit.c:57 msgid "unable to open audit system" msgstr "không thể mở hệ thống audit" #: plugins/sudoers/linux_audit.c:93 msgid "unable to send audit message" msgstr "không thể gá»­i thông tin audit" #: plugins/sudoers/logging.c:136 #, c-format msgid "%8s : %s" msgstr "%8s : %s" #: plugins/sudoers/logging.c:164 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (lệnh tiếp tục) %s" #: plugins/sudoers/logging.c:190 #, c-format msgid "unable to open log file: %s: %s" msgstr "không thể mở tập tin nhật ký: %s: %s" #: plugins/sudoers/logging.c:193 #, c-format msgid "unable to lock log file: %s: %s" msgstr "không thể khóa tập tin nhật ký: %s: %s" #: plugins/sudoers/logging.c:245 msgid "No user or host" msgstr "Không có tài khoản hay tên máy chá»§" #: plugins/sudoers/logging.c:247 msgid "validation failure" msgstr "việc phê chuẩn thất bại" #: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "tài khoản KHÔNG có trong sudoers" #: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "tài khoản KHÔNG được cho phép sá»­ dụng trên máy chá»§" #: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "lệnh không được phép" #: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s không trong tập tin sudoers. Sá»± việc này sẽ được báo cáo.\n" #: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s không được phép chạy lệnh sudo trên %s. Sá»± việc này sẽ được báo cáo.\n" #: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Rất tiếc, tài khoảnr %s không được chạy lệnh sudo trên %s.\n" #: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Rất tiếc, tài khoản %s không được phép thi hành “%s%s%s†như là %s%s%s trên %s.\n" #: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:382 #: plugins/sudoers/sudoers.c:383 plugins/sudoers/sudoers.c:385 #: plugins/sudoers/sudoers.c:386 plugins/sudoers/sudoers.c:1017 #: plugins/sudoers/sudoers.c:1018 #, c-format msgid "%s: command not found" msgstr "%s: không tìm thấy lệnh" #: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:378 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" "Ä‘ang bá» qua “%s†được tìm thấy trong “.â€\n" "Sá»­ dụng “sudo ./%s†nếu đây là “%s†bạn muốn chạy." #: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "xác thá»±c gặp lá»—i nghiêm trá»ng" #: plugins/sudoers/logging.c:379 msgid "a password is required" msgstr "bắt buá»™c phải có mật khẩu" #: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:497 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "đã sai mật khẩu %u lần" #: plugins/sudoers/logging.c:582 msgid "unable to fork" msgstr "không thể tạo tiến trình con" #: plugins/sudoers/logging.c:589 plugins/sudoers/logging.c:645 #, c-format msgid "unable to fork: %m" msgstr "không thể tạo tiến trình con: %m" #: plugins/sudoers/logging.c:635 #, c-format msgid "unable to open pipe: %m" msgstr "không thể mở ống dẫn lệnh: %m" #: plugins/sudoers/logging.c:660 #, c-format msgid "unable to dup stdin: %m" msgstr "không thể dup (nhân bản) stdin: %m" #: plugins/sudoers/logging.c:695 #, c-format msgid "unable to execute %s: %m" msgstr "không thể thá»±c thi %s: %m" #: plugins/sudoers/logging.c:914 msgid "internal error: insufficient space for log line" msgstr "lá»—i ná»™i bá»™: thiếu khoảng trống cho dòng ghi nhật ký" #: plugins/sudoers/match.c:617 #, c-format msgid "unsupported digest type %d for %s" msgstr "không há»— trợ kiểu tóm lược %d dành cho %s" #: plugins/sudoers/match.c:647 #, c-format msgid "%s: read error" msgstr "%s: lá»—i Ä‘á»c" #: plugins/sudoers/match.c:661 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "tóm lược cho %s (%s) không ở dạng thức %s" #: plugins/sudoers/parse.c:115 #, c-format msgid "parse error in %s near line %d" msgstr "lá»—i phân tích trong %s gần dòng %d" #: plugins/sudoers/parse.c:118 #, c-format msgid "parse error in %s" msgstr "gặp lá»—i phân tích trong %s" #: plugins/sudoers/parse.c:451 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" "\n" "Mục Sudoers:\n" #: plugins/sudoers/parse.c:452 #, c-format msgid " RunAsUsers: " msgstr " ChạyVá»›iTưCáchNgưá»iDùng: " #: plugins/sudoers/parse.c:466 #, c-format msgid " RunAsGroups: " msgstr " ChạyVá»›iTưCáchNhóm: " #: plugins/sudoers/parse.c:475 #, c-format msgid " Options: " msgstr " Tùy chá»n:" #: plugins/sudoers/policy.c:109 plugins/sudoers/policy.c:116 #: plugins/sudoers/policy.c:123 plugins/sudoers/policy.c:145 #: plugins/sudoers/policy.c:259 plugins/sudoers/policy.c:277 #: plugins/sudoers/policy.c:284 plugins/sudoers/policy.c:312 #: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:327 #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 #, c-format msgid "%s: %s" msgstr "%s: %s" #: plugins/sudoers/policy.c:539 plugins/sudoers/visudo.c:765 #, c-format msgid "unable to execute %s" msgstr "không thể thá»±c thi %s" #: plugins/sudoers/policy.c:681 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Phiên bản cá»§a phần bổ xung chính sách Sudoers %s\n" #: plugins/sudoers/policy.c:683 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Phiên bản ngữ pháp tập tin Sudoers %d\n" #: plugins/sudoers/policy.c:687 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" "\n" "ÄÆ°á»ng dẫn Sudoers: %s\n" #: plugins/sudoers/policy.c:690 #, c-format msgid "nsswitch path: %s\n" msgstr "đưá»ng dẫn nsswitch: %s\n" #: plugins/sudoers/policy.c:692 #, c-format msgid "ldap.conf path: %s\n" msgstr "đưá»ng dẫn ldap.conf: %s\n" #: plugins/sudoers/policy.c:693 #, c-format msgid "ldap.secret path: %s\n" msgstr "đưá»ng dẫn ldap.secret: %s\n" #: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "không thể lưu nhá»› tạm uid %u, đã có sẵn rồi" #: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "không thể lưu nhá»› tạm tài khoản %s, đã có sẵn rồi" #: plugins/sudoers/pwutil.c:393 #, c-format msgid "unable to cache gid %u, already exists" msgstr "không thể lưu nhá»› tạm gid %u, đã có sẵn rồi" #: plugins/sudoers/pwutil.c:429 #, c-format msgid "unable to cache group %s, already exists" msgstr "không thể lưu nhá»› tạm nhóm %s, đã có sẵn rồi" #: plugins/sudoers/pwutil.c:592 plugins/sudoers/pwutil.c:614 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "không thể lưu nhá»› tạm danh sách nhóm cho %s, đã có sẵn rồi" #: plugins/sudoers/pwutil.c:612 #, c-format msgid "unable to parse groups for %s" msgstr "không thể phân tích nhóm cho %s" #: plugins/sudoers/set_perms.c:124 plugins/sudoers/set_perms.c:449 #: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1149 #: plugins/sudoers/set_perms.c:1441 msgid "perm stack overflow" msgstr "stack perm bị tràn" #: plugins/sudoers/set_perms.c:132 plugins/sudoers/set_perms.c:457 #: plugins/sudoers/set_perms.c:860 plugins/sudoers/set_perms.c:1157 #: plugins/sudoers/set_perms.c:1449 msgid "perm stack underflow" msgstr "perm stack tràn ngầm" #: plugins/sudoers/set_perms.c:191 plugins/sudoers/set_perms.c:504 #: plugins/sudoers/set_perms.c:1208 plugins/sudoers/set_perms.c:1481 msgid "unable to change to root gid" msgstr "không thể thay đổi chỉ số nhóm gid cá»§a siêu ngưá»i dùng root" #: plugins/sudoers/set_perms.c:280 plugins/sudoers/set_perms.c:601 #: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1285 msgid "unable to change to runas gid" msgstr "không thể thay đổi thành runas gid" #: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:613 #: plugins/sudoers/set_perms.c:999 plugins/sudoers/set_perms.c:1295 msgid "unable to change to runas uid" msgstr "không thể thay đổi thành runas uid" #: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:631 #: plugins/sudoers/set_perms.c:1015 plugins/sudoers/set_perms.c:1311 msgid "unable to change to sudoers gid" msgstr "không thể thay đổi thành gid sudoers" #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 msgid "too many processes" msgstr "quá nhiá»u tiến trình" #: plugins/sudoers/set_perms.c:1595 msgid "unable to set runas group vector" msgstr "không thể đặt véc-tÆ¡ nhóm runas" #: plugins/sudoers/sssd.c:252 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "không thể khởi tạo nguồn SSS. SSSD đã được cài đặt trên máy cá»§a bạn chưa vậy?" #: plugins/sudoers/sssd.c:259 plugins/sudoers/sssd.c:267 #: plugins/sudoers/sssd.c:275 plugins/sudoers/sssd.c:283 #: plugins/sudoers/sssd.c:291 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "không thể tìm thấy ký hiệu “%s†trong %s" #: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Các mục mặc định khá»›p cho %s trên máy %s:\n" #: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Runas và Äặc-tả-lệnh mặc định cho %s:\n" #: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "Ngưá»i dùng %s có thể chạy những lệnh sau trên máy %s:\n" #: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Tài khoản %s không được phép thi hành sudo trên %s.\n" #: plugins/sudoers/sudoers.c:154 plugins/sudoers/sudoers.c:188 #: plugins/sudoers/sudoers.c:675 msgid "problem with defaults entries" msgstr "trục trặc vá»›i các mục mặc định" #: plugins/sudoers/sudoers.c:160 msgid "no valid sudoers sources found, quitting" msgstr "không có ngưá»i dùng hợp lệ nào được tìm thấy, Ä‘ang thoát ra" #: plugins/sudoers/sudoers.c:222 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers đã ghi rõ là siêu ngưá»i dùng (root) không được phép chạy sudo" #: plugins/sudoers/sudoers.c:261 msgid "you are not permitted to use the -C option" msgstr "bạn không được phép sá»­ dụng tùy chá»n -C" #: plugins/sudoers/sudoers.c:314 #, c-format msgid "timestamp owner (%s): No such user" msgstr "ngưá»i sở hữu timestamp (%s): Không có ngưá»i dùng nào như vậy" #: plugins/sudoers/sudoers.c:328 msgid "no tty" msgstr "không có tty" #: plugins/sudoers/sudoers.c:329 msgid "sorry, you must have a tty to run sudo" msgstr "rất tiếc, bạn phải có tty má»›i có thể chạy sudo" #: plugins/sudoers/sudoers.c:377 msgid "command in current directory" msgstr "lệnh trong thư mục hiện hành" #: plugins/sudoers/sudoers.c:394 msgid "sorry, you are not allowed to preserve the environment" msgstr "rất tiếc, bạn không được phép giữ lại môi trưá»ng" #: plugins/sudoers/sudoers.c:725 plugins/sudoers/timestamp.c:216 #: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:326 #: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:591 #, c-format msgid "unable to stat %s" msgstr "không thể lấy trạng thái vá» %s" #: plugins/sudoers/sudoers.c:728 #, c-format msgid "%s is not a regular file" msgstr "%s không phải tập tin thưá»ng" #: plugins/sudoers/sudoers.c:731 toke.l:920 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s được sở hữu bởi uid %u, nên là %u" #: plugins/sudoers/sudoers.c:735 toke.l:927 #, c-format msgid "%s is world writable" msgstr "%s ai ghi cÅ©ng được" #: plugins/sudoers/sudoers.c:738 toke.l:932 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s được sở hữu bởi gid %u, nên là %u" #: plugins/sudoers/sudoers.c:764 #, c-format msgid "only root can use `-c %s'" msgstr "chỉ có siêu ngưá»i dùng (root) má»›i có thể sá»­ dụng tùy chá»n “-c %sâ€" #: plugins/sudoers/sudoers.c:781 plugins/sudoers/sudoers.c:783 #, c-format msgid "unknown login class: %s" msgstr "không rõ lá»›p đăng nhập: %s" #: plugins/sudoers/sudoers.c:815 #, c-format msgid "unable to resolve host %s" msgstr "không thể phân giải địa chỉ cá»§a máy %s" #: plugins/sudoers/sudoers.c:878 plugins/sudoers/testsudoers.c:387 #, c-format msgid "unknown group: %s" msgstr "không nhận ra nhóm: %s" #: plugins/sudoers/sudoreplay.c:272 #, c-format msgid "invalid filter option: %s" msgstr "tùy chá»n lá»c không hợp lệ: %s" #: plugins/sudoers/sudoreplay.c:285 #, c-format msgid "invalid max wait: %s" msgstr "thá»i gian chá» tối Ä‘a không hợp lệ: %s" #: plugins/sudoers/sudoreplay.c:291 #, c-format msgid "invalid speed factor: %s" msgstr "sai hệ số nhân tốc độ: %s" #: plugins/sudoers/sudoreplay.c:294 plugins/sudoers/visudo.c:184 #, c-format msgid "%s version %s\n" msgstr "%s phiên bản %s\n" #: plugins/sudoers/sudoreplay.c:326 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/thá»i-gian: %s" #: plugins/sudoers/sudoreplay.c:332 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/thá»i-gian: %s" #: plugins/sudoers/sudoreplay.c:348 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Äang chạy lại phiên sudo: %s\n" #: plugins/sudoers/sudoreplay.c:354 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Cảnh báo: thiết bị cuối quá nhỠđể có thể chạy nhật ký má»™t cách đúng đắn.\n" #: plugins/sudoers/sudoreplay.c:355 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Äịnh dạng cá»§a nhật ký là %d x %d, định dạng cá»§a thiết bị cuối là %d x %d." #: plugins/sudoers/sudoreplay.c:410 msgid "unable to set tty to raw mode" msgstr "không thể đặt thiết bị tty chế độ raw (thô)" #: plugins/sudoers/sudoreplay.c:441 #, c-format msgid "invalid timing file line: %s" msgstr "sai dòng ghi thá»i gian trong tập tin: %s" #: plugins/sudoers/sudoreplay.c:647 plugins/sudoers/sudoreplay.c:672 #, c-format msgid "ambiguous expression \"%s\"" msgstr "biểu thức không rõ ràng “%sâ€" #: plugins/sudoers/sudoreplay.c:694 msgid "unmatched ')' in expression" msgstr "thiếu “)†trong biểu thức" #: plugins/sudoers/sudoreplay.c:698 #, c-format msgid "unknown search term \"%s\"" msgstr "không hiểu giá»›i hạn tìm kiếm “%sâ€" #: plugins/sudoers/sudoreplay.c:712 #, c-format msgid "%s requires an argument" msgstr "%s yêu cầu má»™t đối số" #: plugins/sudoers/sudoreplay.c:716 plugins/sudoers/sudoreplay.c:1085 #, c-format msgid "invalid regular expression: %s" msgstr "biểu thức chính quy không hợp lệ: %s" #: plugins/sudoers/sudoreplay.c:722 #, c-format msgid "could not parse date \"%s\"" msgstr "không thể phân tích ngày tháng “%sâ€" #: plugins/sudoers/sudoreplay.c:731 msgid "unmatched '(' in expression" msgstr "thiếu “(†trong biểu thức" #: plugins/sudoers/sudoreplay.c:733 msgid "illegal trailing \"or\"" msgstr "sai Ä‘uôi “orâ€" #: plugins/sudoers/sudoreplay.c:735 msgid "illegal trailing \"!\"" msgstr "có “!†không hợp lệ Ä‘i sau" #: plugins/sudoers/sudoreplay.c:788 #, c-format msgid "unknown search type %d" msgstr "không hiểu kiểu tìm kiếm “%dâ€" #: plugins/sudoers/sudoreplay.c:825 #, c-format msgid "%s: invalid log file" msgstr "%s: tập tin nhật ký không hợp lệ" #: plugins/sudoers/sudoreplay.c:843 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: thiếu trưá»ng dấu vết thá»i gian" #: plugins/sudoers/sudoreplay.c:850 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: dấu thá»i gian “%sâ€: %s" #: plugins/sudoers/sudoreplay.c:857 #, c-format msgid "%s: user field is missing" msgstr "%s: thiếu trưá»ng tài khoản ngưá»i dùng" #: plugins/sudoers/sudoreplay.c:865 #, c-format msgid "%s: runas user field is missing" msgstr "%s: thiếu trưá»ng “runas user†(chạy vá»›i tư cách tài khoản này)" #: plugins/sudoers/sudoreplay.c:873 #, c-format msgid "%s: runas group field is missing" msgstr "%s: thiếu trưá»ng “runas group†(chạy dưới danh nghÄ©a nhóm này)" #: plugins/sudoers/sudoreplay.c:1225 #, c-format msgid "usage: %s [-h] [-d dir] [-m num] [-s num] ID\n" msgstr "cách dùng: %s [-h] [-d thư-mục] [-m số] [-s số] ID\n" #: plugins/sudoers/sudoreplay.c:1228 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "cách dùng: %s [-h] [-d th.mục] -l [biểu thức tìm kiếm]\n" #: plugins/sudoers/sudoreplay.c:1237 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" "%s - chạy lại nhật ký phiên sudo\n" "\n" #: plugins/sudoers/sudoreplay.c:1239 msgid "" "\n" "Options:\n" " -d, --directory=dir specify directory for session logs\n" " -f, --filter=filter specify which I/O type(s) to display\n" " -h, --help display help message and exit\n" " -l, --list list available session IDs, with optional expression\n" " -m, --max-wait=num max number of seconds to wait between events\n" " -s, --speed=num speed up or slow down output\n" " -V, --version display version information and exit" msgstr "" "\n" "Tùy chá»n:\n" " -d, --directory=th.mục chỉ định thư mục cho nhật ký phiên\n" " -f, --filter=bá»™-lá»c chỉ định kiểu V/R để hiển thị\n" " -h, --help hiển thị thông tin trợ giúp rồi thoát\n" " -l, --list liệt kê ID phiên sẵn có, vá»›i biểu thức tùy chá»n\n" " -m, --max-wait=sô số giây tối Ä‘a sẽ chá» giữa hai sá»± kiện\n" " -s, --speed=số tăng hoặc giảm tốc độ kết xuất\n" " -V, --version hiển thị thông tin vá» phiên bản rồi thoát" #: plugins/sudoers/testsudoers.c:326 msgid "\thost unmatched" msgstr "\tmáy chá»§ không khá»›p" #: plugins/sudoers/testsudoers.c:329 msgid "" "\n" "Command allowed" msgstr "" "\n" "Lệnh được phép" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command denied" msgstr "" "\n" "Lệnh bị từ chối" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command unmatched" msgstr "" "\n" "Lệnh không khá»›p" #: plugins/sudoers/timestamp.c:133 #, c-format msgid "timestamp path too long: %s" msgstr "đưá»ng dẫn timestamp quá dài: %s" #: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 #: plugins/sudoers/timestamp.c:290 #, c-format msgid "%s owned by uid %u, should be uid %u" msgstr "%s được sở hữu bởi uid %u, nên là %u" #: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0700" msgstr "%s có thể được ghi bởi ngưá»i không sở hữu nó (0%o), cần đặt chế độ 0700" #: plugins/sudoers/timestamp.c:284 #, c-format msgid "%s exists but is not a regular file (0%o)" msgstr "%s đã sẵn có nhưng không phải là má»™t tập tin bình thưá»ng (0%o)" #: plugins/sudoers/timestamp.c:296 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0600" msgstr "%s có thể được ghi bởi ngưá»i không sở hữu nó (0%o), cần đặt chế độ 0600" #: plugins/sudoers/timestamp.c:351 #, c-format msgid "timestamp too far in the future: %20.20s" msgstr "dấu vết thá»i gian nằm ở thì tương lai: %20.20s" #: plugins/sudoers/timestamp.c:405 #, c-format msgid "unable to remove %s, will reset to the Unix epoch" msgstr "không thể gỡ bá» %s, sẽ đặt lại thành thá»i Ä‘iểm bắt đầu kiểu Unix" #: plugins/sudoers/timestamp.c:413 #, c-format msgid "unable to reset %s to the Unix epoch" msgstr "không thể đặt lại %s thành thá»i Ä‘iểm bắt đầu kiểu Unix" #: plugins/sudoers/toke_util.c:176 msgid "fill_args: buffer overflow" msgstr "fill_args: bá»™ đệm bị tràn" #: plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" msgstr "Ngữ pháp %s phiên bản %d\n" #: plugins/sudoers/visudo.c:257 plugins/sudoers/visudo.c:544 #, c-format msgid "press return to edit %s: " msgstr "bấm phím để trở vá» chỉnh sá»­a %s:" #: plugins/sudoers/visudo.c:342 plugins/sudoers/visudo.c:348 msgid "write error" msgstr "lá»—i ghi" #: plugins/sudoers/visudo.c:430 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "không thể lấy thống kê tập tin tạm (%s), %s không thay đổi gì." #: plugins/sudoers/visudo.c:435 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "tập tin tạm (%s) có chiá»u dài bằng không, %s không thay đổi gì" #: plugins/sudoers/visudo.c:441 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "trình biên soạn (%s) gặp lá»—i, %s không thay đổi gì" #: plugins/sudoers/visudo.c:464 #, c-format msgid "%s unchanged" msgstr "%s không thay đổi" #: plugins/sudoers/visudo.c:489 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "không thể mở lại tập tin tạm (%s), %s không thay đổi gì." #: plugins/sudoers/visudo.c:499 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "không thể phân tích tập tin tạm (%s), lá»—i chưa được biết" #: plugins/sudoers/visudo.c:535 #, c-format msgid "internal error, unable to find %s in list!" msgstr "lá»—i hệ thống, không thể tìm thấy %s trong danh sách!" #: plugins/sudoers/visudo.c:593 plugins/sudoers/visudo.c:602 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "không thể đặt (uid, gid) cá»§a %s thành (%u, %u)" #: plugins/sudoers/visudo.c:597 plugins/sudoers/visudo.c:607 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "không thể chuyển đổi chế độ cá»§a %s thành 0%o" #: plugins/sudoers/visudo.c:624 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s và %s không ở trên cùng má»™t hệ thống tập tin, sá»­ dụng lệnh mv để đổi tên" #: plugins/sudoers/visudo.c:638 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "thá»±c hiện lệnh gặp lá»—i: “%s %s %sâ€, %s không thay đổi" #: plugins/sudoers/visudo.c:648 #, c-format msgid "error renaming %s, %s unchanged" msgstr "gặp lá»—i khi đổi tên %s, %s không thay đổi" #: plugins/sudoers/visudo.c:710 msgid "What now? " msgstr "Vậy làm gì bây giá»? " #: plugins/sudoers/visudo.c:724 msgid "" "Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" "Các tùy chá»n là:\n" " (e) sá»­a lại tập tin sudoers\n" " (x) thoát ra mà không ghi lại tập tin sudoerse\n" " (q) thoát ra và ghi lại tập tin sudoers (NGUY HIỂM!)\n" #: plugins/sudoers/visudo.c:772 #, c-format msgid "unable to run %s" msgstr "không thể chạy %s" #: plugins/sudoers/visudo.c:798 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: sai sở hữu (uid, gid) đáng lẽ là (%u, %u)\n" #: plugins/sudoers/visudo.c:805 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: phân quyá»n sai, phải ở chế độ 0%o\n" #: plugins/sudoers/visudo.c:830 plugins/sudoers/visudo_json.c:1009 #, c-format msgid "failed to parse %s file, unknown error" msgstr "gặp lá»—i khi phân tích tập tin %s, không rõ bị lá»—i gì" #: plugins/sudoers/visudo.c:846 plugins/sudoers/visudo_json.c:1018 #, c-format msgid "parse error in %s near line %d\n" msgstr "lá»—i cú pháp trong %s gần dòng %d\n" #: plugins/sudoers/visudo.c:849 plugins/sudoers/visudo_json.c:1021 #, c-format msgid "parse error in %s\n" msgstr "lá»—i cú pháp trong %s\n" #: plugins/sudoers/visudo.c:857 plugins/sudoers/visudo.c:864 #, c-format msgid "%s: parsed OK\n" msgstr "%s: vượt qua kiểm duyệt\n" #: plugins/sudoers/visudo.c:910 #, c-format msgid "%s busy, try again later" msgstr "%s Ä‘ang bận, hãy thá»­ lại sau" #: plugins/sudoers/visudo.c:954 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "trình biên soạn đã chỉ ra (%s) không tồn tại" #: plugins/sudoers/visudo.c:977 #, c-format msgid "unable to stat editor (%s)" msgstr "không thể lấy thống kê trình biên soạn (%s)" #: plugins/sudoers/visudo.c:1025 #, c-format msgid "no editor found (editor path = %s)" msgstr "không tìm thấy trình biên soạn (đưá»ng dẫn cá»§a nó = %s)" #: plugins/sudoers/visudo.c:1118 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "Lá»—i: bí danh bị quẩn trong %s_Alias “%sâ€" #: plugins/sudoers/visudo.c:1119 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "Cảnh báo: cycle (vòng tròn) trong %s_Alias “%sâ€" #: plugins/sudoers/visudo.c:1125 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "Lá»—i: %s_Bí_danh “%s†được tham chiếu nhưng chưa được định nghÄ©a" #: plugins/sudoers/visudo.c:1126 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "Cảnh báo: %s_Bí_danh “%s†được tham chiếu nhưng chưa được định nghÄ©a" #: plugins/sudoers/visudo.c:1268 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s: không dùng %s_Bí_danh %s" #: plugins/sudoers/visudo.c:1330 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" "%s - sá»­a tập tin sudoers má»™t cách an toàn\n" "\n" #: plugins/sudoers/visudo.c:1332 msgid "" "\n" "Options:\n" " -c, --check check-only mode\n" " -f, --file=file specify sudoers file location\n" " -h, --help display help message and exit\n" " -q, --quiet less verbose (quiet) syntax error messages\n" " -s, --strict strict syntax checking\n" " -V, --version display version information and exit\n" " -x, --export=file export sudoers in JSON format" msgstr "" "\n" "Tùy chá»n:\n" " -c, --check chế độ chỉ kiểm tra\n" " -f, --file=tệp chỉ định vị trí tập tin sudoers\n" " -h, --help hiển thị thông tin trợ giúp rồi thoát\n" " -q, --quiet tối thiểu hóa các thông tin (quiet: im lặng)\n" " -s, --strict kiểm tra cú pháp ngặt nghèo\n" " -V, --version hiển thị thông tin vá» phiên bản rồi thoát\n" " -x, --export=tệp xuất sudoers theo định dạng JSON" #: toke.l:892 msgid "too many levels of includes" msgstr "quá nhiá»u cấp bao gồm (include)" #~ msgid "value out of range" #~ msgstr "giá trị nằm ngoài phạm vi" #~ msgid "invalid uri: %s" #~ msgstr "URI không hợp lệ: %s" #~ msgid "unable to mix ldaps and starttls" #~ msgstr "không thể trá»™n ldaps và starttls" #~ msgid "writing to standard output" #~ msgstr "ghi vào đầu ra tiêu chuẩn" #~ msgid "too many parenthesized expressions, max %d" #~ msgstr "có quá nhiá»u biểu thức trong dấu ngoặc đơn, tối Ä‘a là %d" #~ msgid "unable to setup authentication" #~ msgstr "không thể cài đặt xác thá»±c" #~ msgid "getaudit: failed" #~ msgstr "getaudit: gặp lá»—i" #~ msgid "getauid: failed" #~ msgstr "getauid: gặp lá»—i" #~ msgid "au_open: failed" #~ msgstr "au_open: gặp lá»—i" #~ msgid "au_to_subject: failed" #~ msgstr "au_to_subject: gặp lá»—i" #~ msgid "au_to_exec_args: failed" #~ msgstr "au_to_exec_args: gặp lá»—i" #~ msgid "au_to_return32: failed" #~ msgstr "au_to_return32: gặp lá»—i" #~ msgid "au_to_text: failed" #~ msgstr "au_to_text: gặp lá»—i" #~ msgid "nanosleep: tv_sec %ld, tv_nsec %ld" #~ msgstr "nanosleep: tv_sec %ld, tv_nsec %ld" #~ msgid "pam_chauthtok: %s" #~ msgstr "pam_chauthtok: %s" #~ msgid "pam_authenticate: %s" #~ msgstr "pam_authenticate: %s" #~ msgid "Password: " #~ msgstr "Mật khẩu: " #~ msgid "getauid failed" #~ msgstr "getauid gặp lá»—i" #~ msgid "Unable to dlopen %s: %s" #~ msgstr "Không thể dlopen %s: %s" #~ msgid "invalid regex: %s" #~ msgstr "biểu thức chính quy không hợp lệ: %s" #~ msgid ">>> %s: %s near line %d <<<" #~ msgstr ">>> %s: %s gần dòng %d <<<" #~ msgid "unable to allocate memory" #~ msgstr "không thể cấp phát bá»™ nhá»›" #~ msgid "unable to set locale to \"%s\", using \"C\"" #~ msgstr "không thể đặt địa phương thành “%sâ€, sẽ dùng “Câ€" #~ msgid "" #~ " Commands:\n" #~ "\t" #~ msgstr "" #~ " Lệnh:\n" #~ "\t" #~ msgid ": " #~ msgstr ": " #~ msgid "unable to cache uid %u (%s), already exists" #~ msgstr "không thể lưu nhá»› tạm uid %u (%s), đã có sẵn rồi" #~ msgid "unable to cache gid %u (%s), already exists" #~ msgstr "không thể lưu nhá»› tạm gid %u (%s), đã có sẵn rồi" #~ msgid "unable to execute %s: %s" #~ msgstr "không thể thá»±c thi %s: %s" sudo-1.8.9p5/plugins/sudoers/po/zh_CN.mo010064400175440000012000001030561226304146300174730ustar00millertstaffÞ•R¬ É<`arƒ“¦¶fË´2çøý  ! !&!5!G!X!a!~!#ž!9Â!ü!&")<"f"}"F–"@Ý"###B#f#{#!–#$¸#Ý# õ#$3$3E$y$–$§$®$+½$(é$%;(%d%y%ˆ% —%¸%Ø%î%"&41&!f&$ˆ&-­&Û&*ø&+#'O'f'.€'<¯'#ì'd(Au(9·(ñ()+)>F)?…)2Å)#ø)!*4>*?s*8³*ì*.+3+#P+2t+§+#Ã+1ç+<,*V,", ¤,/Å,õ,$-@8-/y-©-8Ä-<ý-F:.3.µ.É.5è.q/)/:º/$õ/'0=B0-€0'®0)Ö0*1(+1#T1x1'ˆ12°1?ã1#2-±2ß2ü2(33=3%q3 —3(¡3Ê3ß3(ø3.!4%P4Ev4+¼4=è46&5G]5¥5Ä55à5(63?6s6'…6,­63Ú637B75_7'•75½7&ó7:8U8m8.‰8=¸8ö8C9'L9"t9 —9!¸97Ú9?:AR:V”:“ë:';0§;LØ;*%<.P<)<F©<'ð<1=1J=|=@œ= Ý=7è=9 >Z>3q>¥>¿>Ö>(ö>?CZCmC!‡C©C»CÎCíC D!D6DPD6nDI¥D&ïD#E\:E'—E)¿E8éE("F2KF,~F2«F"ÞFG(GFGbG"uG˜G&´G(ÛG1H&6H']H%…H"«HÎHëH I'IGI*eI$IµIÉIáIöI J*0J[JjJ}J˜J%¯J'ÕJýJK 4K,UKC‚KÆKÜK!üKL1LCL_LL—L4µLêLüL1M$IMnMˆM™M*¶M áMN N2N0MN~N3”NÈNÞNúN O$O=OTOdOuO‘O­O!ËO/íO-PKPgP{P%ŽP%´P ÚP*æP#Q&5Q-\Q¥ŠQ0S AS OS]SnSS`˜S†ùT€V”VëªV–W ¥W³WÄWÕWéWòWX%0XAVX˜X ±X&ÒXùX Y7#Y4[YY!¯YÑYçYZ*"ZMZ ]Z jZ4xZ4­ZâZ[[[7,[+d[[5¥[Û[ö[ \\5\U\l\‰\@¦\ç\-]%2]X]"w](š]Ã]á]4û]0^I^`a^3Â^?ö^6_Q_l_9„_-¾_'ì_!`$6`.[`KŠ`&Ö`ý`# a1aOa/ha˜a °a-Ña*ÿa$*bObkb3‡b'»b ãb6c-;cicBcEÄcF d2Qd„dŸdA·dQùd-Ke0ye&ªe,ÑeEþe3Dfxf0—f*Èf(ófgoo4®o7ãoNpyjp3äp4q?Mq)q0·q-èq+r'Br*jr3•r'ÉrCñr5s-Hs/vs ¦s6³sês tt,1t^twtŠt ¥t"Æt"ét u%(uNufguÎuëu v*"v3MvvŸvµvËvévw#wAw\w|w šw»wÒw$ëwx( x Ix-Sxxœx#²xÖxîxy%!y)Gyqy„y—y°yÆy2åy2zKzXkz"Äz%çz< {'J{7r{(ª{(Ó{%ü{"|=|Z| u|‚|š|!¶|Ø|$÷|$}!A} c}#„}¨}Ä}á}~ ~9~X~w~‡~~­~$Â~.ç~(?X2p£¾Øì1€D9€~€"“€¶€Ö€ì€ü€"8P1g™©+Â"î‚)‚9‚+R‚~‚!›‚½‚Ì‚+悃+"ƒNƒgƒ…ƒ”ƒ¯ƒʃãƒûƒ „-„!M„#o„2“„8Æ„$ÿ„$… =…"J…$m… ’…œ…¶…2Ï…+†+í4ÁGFý6RKƒLŒ¼¶” ¡zÇO«E[Àê|B%ø†i5mM¬@Ã)ÒV^’ž %Kã‡ØQB(“¾¸ÊOU(Ä#x;° Ùe &!.²®8¨4·Í#è½ßJ;:Nôü­>Aˆ¯sovd,j•I´8 "ánÏÌI><N„=@rб€¢©/Üt{5ï<›œa '+â1Ûfé)û£"—lðþ÷y˜JG‚ÝŪÿP0Š -‘H»¥Ÿ9àcºëæµE2LQ=g¦…]Rú$õ–HÔWDóÂSkä:Þ`XY* F32ZùìòTC¿.7!ÖP¤×wh§9b' Ñuñ~p_ šÈ 7&ÓÉ\$ç?‹MËŽ0Æö*å/3D,C61 }ÕAÚ -?¹Îq³ host unmatched Command allowed Command denied Command unmatched LDAP Role: %s LDAP Role: UNKNOWN Options: -c, --check check-only mode -f, --file=file specify sudoers file location -h, --help display help message and exit -q, --quiet less verbose (quiet) syntax error messages -s, --strict strict syntax checking -V, --version display version information and exit -x, --export=file export sudoers in JSON format Options: -d, --directory=dir specify directory for session logs -f, --filter=filter specify which I/O type(s) to display -h, --help display help message and exit -l, --list list available session IDs, with optional expression -m, --max-wait=num max number of seconds to wait between events -s, --speed=num speed up or slow down output -V, --version display version information and exit Sudoers entry: Sudoers path: %s We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Commands: Options: Order: %s RunAsGroups: RunAsUsers: %8s : %s%8s : (command continued) %s%s - replay sudo session logs %s - safely edit the sudoers file %s and %s not on the same file system, using mv to rename%s busy, try again later%s exists but is not a directory (0%o)%s exists but is not a regular file (0%o)%s grammar version %d %s is not a regular file%s is not allowed to run sudo on %s. This incident will be reported. %s is not in the sudoers file. This incident will be reported. %s is owned by gid %u, should be %u%s is owned by uid %u, should be %u%s is world writable%s must be owned by uid %d%s must only be writable by owner%s owned by uid %u, should be uid %u%s requires an argument%s unchanged%s version %s %s writable by non-owner (0%o), should be mode 0600%s writable by non-owner (0%o), should be mode 0700%s/%.2s/%.2s/%.2s/timing: %s%s/%s/timing: %s%s: %s%s: %s: %s: %s%s: Cannot verify TGT! Possible attack!: %s%s: bad permissions, should be mode 0%o %s: command not found%s: incompatible group plugin major version %d, expected %d%s: invalid log file%s: parsed OK %s: read error%s: runas group field is missing%s: runas user field is missing%s: time stamp %s: %s%s: time stamp field is missing%s: unable to allocate options: %s%s: unable to convert principal to string ('%s'): %s%s: unable to get credentials: %s%s: unable to get host principal: %s%s: unable to initialize credential cache: %s%s: unable to parse '%s': %s%s: unable to resolve credential cache: %s%s: unable to store credential in cache: %s%s: unused %s_Alias %s%s: user field is missing%s: wrong owner (uid, gid) should be (%u, %u) %u incorrect password attempt%u incorrect password attempts*** SECURITY information for %h ***Account expired or PAM config lacks an "account" section for sudo, contact your system administratorAccount or password is expired, reset your password and try againAdd an entry to the utmp/utmpx file when allocating a ptyAddress to send mail from: %sAddress to send mail to: %sAlias `%s' already definedAllow some information gathering to give useful error messagesAllow sudo to prompt for a password even if it would be visibleAllow users to set arbitrary environment variablesAlways run commands in a pseudo-ttyAlways send mail when sudo is runAlways set $HOME to the target user's home directoryApply defaults in the target user's login class if there is oneAttempt to establish PAM credentials for the target userAuthentication methods:Authentication timestamp timeout: %.1f minutesCompress I/O logs using zlibCould not determine audit conditionCreate a new PAM session for the command to run inDefault password prompt: %sDefault user to run commands as: %sDirectory in which to store input/output logs: %sDon't initialize the group vector to that of the target userEnvironment variables to check for sanity:Environment variables to preserve:Environment variables to remove:Error: %s_Alias `%s' referenced but not definedError: cycle in %s_Alias `%s'File containing the sudo lecture: %sFile descriptors >= %d will be closed before executing a commandFile in which to store the input/output log: %sFlags for mail program: %sIf LDAP directory is up, do we ignore local sudoers fileIf set, passprompt will override system prompt in all cases.If set, users may override the value of `closefrom' with the -C optionIf sudo is invoked with no arguments, start a shellIgnore '.' in $PATHIncorrect password message: %sInsult the user when they enter an incorrect passwordInvalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication.Lecture user the first time they run sudoLength at which to wrap log file lines (0 for no wrap): %uLocal IP address and netmask pairs: Locale to use while parsing sudoers: %sLog geometry is %d x %d, your terminal's geometry is %d x %d.Log the hostname in the (non-syslog) log fileLog the output of the command being runLog the year in the (non-syslog) log fileLog user's input for the command being runMatching Defaults entries for %s on %s: Maximum I/O log sequence number: %uNo user or hostNumber of tries to enter a password: %uOnly allow the user to run sudo if they have a ttyOnly set the effective uid to the target user, not the real uidOptions are: (e)dit sudoers file again e(x)it without saving changes to sudoers file (Q)uit and save changes to sudoers file (DANGER!) Owner of the authentication timestamp dir: %sPAM authentication error: %sPAM service name to usePAM service name to use for login shellsPassword expired, contact your system administratorPassword prompt timeout: %.1f minutesPassword:Path to authentication timestamp dir: %sPath to log file: %sPath to mail program: %sPath to the editor for use by visudo: %sPath to the sudo-specific environment file: %sPlugin for non-Unix group support: %sPreload the dummy exec functions contained in the sudo_noexec libraryPrompt for root's password, not the users'sPrompt for the runas_default user's password, not the users'sPrompt for the target user's password, not the users'sProvide visual feedback at the password prompt when there is user inputPut OTP prompt on its own lineReplaying sudo session: %s Require fully-qualified hostnames in the sudoers fileRequire users to authenticate by defaultReset the environment to a default set of variablesRoot may run sudoRun commands on a pty in the backgroundRunas and Command-specific defaults for %s: SELinux role to use in the new security context: %sSELinux type to use in the new security context: %sSecurID communication failedSend mail if the user is not allowed to run a commandSend mail if the user is not in sudoersSend mail if the user is not in sudoers for this hostSend mail if user authentication failsSet $HOME to the target user when starting a shell with -sSet of limit privilegesSet of permitted privilegesSet the LOGNAME and USER environment variablesSet the user in utmp to the runas user, not the invoking userSorry, try again.Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s. Sorry, user %s may not run sudo on %s. Subject line for mail messages: %sSudoers file grammar version %d Sudoers policy plugin version %s Syslog facility if syslog is being used for logging: %sSyslog priority to use when user authenticates successfully: %sSyslog priority to use when user authenticates unsuccessfully: %sThe umask specified in sudoers will override the user's, even if it is more permissiveThere are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option.Umask to use or 0777 to use user's: 0%oUse a separate timestamp for each user/tty comboUse faster globbing that is less accurate but does not access the filesystemUser %s is not allowed to run sudo on %s. User %s may run the following commands on %s: User ID locked for SecurID AuthenticationUsers in this group are exempt from password and PATH requirements: %sValue to override user's $PATH with: %sVisudo will honor the EDITOR environment variableWarning: %s_Alias `%s' referenced but not definedWarning: cycle in %s_Alias `%s'Warning: your terminal is too small to properly replay the log. What now? When to require a password for 'list' pseudocommand: %sWhen to require a password for 'verify' pseudocommand: %sa password is requiredaccount validation failure, is your account locked?ambiguous expression "%s"authentication failureauthentication server error: %scommand failed: '%s %s %s', %s unchangedcommand in current directorycommand not allowedcould not parse date "%s"digest for %s (%s) is not in %s formeditor (%s) failed, %s unchangederror renaming %s, %s unchangedfailed to initialise the ACE API libraryfailed to parse %s file, unknown errorfill_args: buffer overflowignoring `%s' found in '.' Use `sudo ./%s' if this is the `%s' you wish to run.illegal trailing "!"illegal trailing "or"internal error, %s overflowinternal error, unable to find %s in list!internal error: insufficient space for log lineinvalid Authentication Handle for SecurIDinvalid authentication methodsinvalid authentication typeinvalid filter option: %sinvalid max wait: %sinvalid passcode length for SecurIDinvalid regular expression: %sinvalid speed factor: %sinvalid sudoOrder attribute: %sinvalid timing file line: %sinvalid username length for SecurIDldap.conf path: %s ldap.secret path: %s lost connection to authentication serverno authentication methodsno editor found (editor path = %s)no ttyno valid sudoers sources found, quittingno value specified for `%s'nsswitch path: %s only root can use `-c %s'option `%s' does not take a valueparse error in %sparse error in %s parse error in %s near line %dparse error in %s near line %d perm stack overflowperm stack underflowpress return to edit %s: problem with defaults entriessorry, you are not allowed to preserve the environmentsorry, you are not allowed to set the following environment variables: %ssorry, you must have a tty to run sudospecified editor (%s) doesn't existstart_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()starttls not supported when using ldapssudo_ldap_build_pass1 allocation mismatchsudo_ldap_conf_add_ports: out of space expanding hostbufsudo_ldap_conf_add_ports: port too largesudo_ldap_parse_uri: out of space building hostbufsudo_putenv: corrupted envp, length mismatchsudoers specifies that root is not allowed to sudotimestamp owner (%s): No such usertimestamp path too long: %stimestamp too far in the future: %20.20stoo many levels of includestoo many processesunable to begin bsd authenticationunable to build time filterunable to cache gid %u, already existsunable to cache group %s, already existsunable to cache group list for %s, already existsunable to cache uid %u, already existsunable to cache user %s, already existsunable to change expired password: %sunable to change mode of %s to 0%ounable to change to root gidunable to change to runas gidunable to change to runas uidunable to change to sudoers gidunable to commit audit recordunable to connect to authentication serverunable to contact the SecurID serverunable to create %sunable to dup stdin: %munable to execute %sunable to execute %s: %munable to find symbol "%s" in %sunable to find symbol "group_plugin" in %sunable to forkunable to fork: %munable to format timestampunable to get GMT timeunable to get login class for user %sunable to initialize BSD authenticationunable to initialize LDAP: %sunable to initialize PAMunable to initialize SIA sessionunable to initialize SSL cert and key db: %sunable to initialize SSS source. Is SSSD installed on your machine?unable to load %s: %sunable to lock log file: %s: %sunable to mix ldap and ldaps URIsunable to mkdir %sunable to open %sunable to open audit systemunable to open log file: %s: %sunable to open pipe: %munable to parse groups for %sunable to re-open temporary file (%s), %s unchanged.unable to read %sunable to read fwtk configunable to remove %s, will reset to the Unix epochunable to reset %s to the Unix epochunable to resolve host %sunable to run %sunable to send audit messageunable to set (uid, gid) of %s to (%u, %u)unable to set runas group vectorunable to set tty to raw modeunable to stat %sunable to stat editor (%s)unable to stat temporary file (%s), %s unchangedunable to write to %sunabled to parse temporary file (%s), unknown errorunknown SecurID errorunknown defaults entry `%s'unknown group: %sunknown login class: %sunknown search term "%s"unknown search type %dunknown uid: %uunknown user: %sunmatched '(' in expressionunmatched ')' in expressionunsupported LDAP uri type: %sunsupported digest type %d for %susage: %s [-h] [-d dir] -l [search expression] usage: %s [-h] [-d dir] [-m num] [-s num] ID user NOT authorized on hostuser NOT in sudoersvalidation failurevalue `%s' is invalid for option `%s'values for `%s' must start with a '/'write erroryou are not permitted to use the -C optionyou do not exist in the %s databaseyou must set TLS_CERT in %s to use SSLzero length temporary file (%s), %s unchangedProject-Id-Version: sudoers 1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-17 10:47-0700 PO-Revision-Date: 2013-12-27 09:12+0800 Last-Translator: Wylmer Wang Language-Team: Chinese (simplified) Language: zh_CN MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=1; plural=0; 主机ä¸åŒ¹é… 命令å…许 命令被拒 命令ä¸åŒ¹é… LDAP 角色:%s LDAP 角色:未知 选项: -c, --check çº¯æ£€æŸ¥æ¨¡å¼ -f, --file=文件 指定 sudoers 文件的ä½ç½® -h, --help 显示帮助信æ¯å¹¶é€€å‡º -q, --quiet 较简略(安é™)çš„è¯­æ³•é”™è¯¯ä¿¡æ¯ -s, --strict 严格语法检查 -V, --version 显示版本信æ¯å¹¶é€€å‡º -x, --export=文件 以 JSON æ ¼å¼å¯¼å‡º sudoers 选项: -d, --directory=目录 æŒ‡å®šä¼šè¯æ—¥å¿—目录 -f, --filter=过滤器 æŒ‡å®šè¦æ˜¾ç¤ºçš„ I/O 类型 -h, --help 显示帮助信æ¯å¹¶é€€å‡º -l, --list 列出å¯ç”¨ä¼šè¯ ID,å¯åŠ è¡¨è¾¾å¼é™å®š -m, --max-wait=数值 事件间等待的最大秒数 -s, --speed=数值 åŠ é€Ÿæˆ–å‡æ…¢è¾“出 -V, --version 显示版本信æ¯å¹¶é€€å‡º Sudoers æ¡ç›®ï¼š Sudoers 路径:%s 我们信任您已ç»ä»Žç³»ç»Ÿç®¡ç†å‘˜é‚£é‡Œäº†è§£äº†æ—¥å¸¸æ³¨æ„事项。 æ€»ç»“èµ·æ¥æ— å¤–乎这三点: #1) å°Šé‡åˆ«äººçš„éšç§ã€‚ #2) 输入å‰è¦å…ˆè€ƒè™‘(åŽæžœå’Œé£Žé™©)。 #3) æƒåŠ›è¶Šå¤§ï¼Œè´£ä»»è¶Šå¤§ã€‚ 命令: 选项: 顺åºï¼š%s RunAs 组: RunAs 用户:%8s:%s%8s:(命令继续执行) %s%s - 回放 sudo 会è¯è®°å½• %s - 安全地编辑 sudoers 文件 %s å’Œ %s ä¸åœ¨åŒä¸€ä¸ªæ–‡ä»¶ç³»ç»Ÿï¼Œä½¿ç”¨ mv 进行é‡å‘½å%s 忙,请ç¨åŽé‡è¯•%s å­˜åœ¨ï¼Œä½†ä¸æ˜¯ç›®å½•(0%o)%s å­˜åœ¨ï¼Œä½†ä¸æ˜¯å¸¸è§„文件(0%o)%s 语法版本 %d %s 䏿˜¯å¸¸è§„文件%s æ— æƒåœ¨ %s 上è¿è¡Œ sudo。此事将被报告。 %s ä¸åœ¨ sudoers 文件中。此事将被报告。 %s 属于组 ID %u,应为 %u%s 属于用户 ID %u,应为 %u%s å¯è¢«ä»»ä½•人写%s 必须属于用户 ID %d%s å¿…é¡»åªå¯¹æ‰€æœ‰è€…å¯å†™%s 属于用户 ID %u,应为用户 ID %u%s 需è¦å‚æ•°%s 未更改%s 版本 %s %s å¯¹éžæ‰€æœ‰è€…å¯å†™(0%o),模å¼åº”该为 0600%s å¯¹éžæ‰€æœ‰è€…å¯å†™(0%o),模å¼åº”该为 0700%s/%.2s/%.2s/%.2s/æ—¶åºï¼š%s%s/%s/æ—¶åºï¼š%s%s:%s%s:%s:%s:%s%s:无法验è¯ç›®æ ‡ï¼å¯èƒ½é­åˆ°äº†æ”»å‡»ï¼ï¼š%s%s:æƒé™ä¸æ­£ç¡®ï¼Œæ¨¡å¼åº”该是 0%o %s:找ä¸åˆ°å‘½ä»¤%s:ä¸å…¼å®¹çš„组æ’ä»¶ä¸»ç‰ˆæœ¬å· %d,应为 %d%s:无效的日志文件%sï¼šè§£æžæ­£ç¡® %s:写错误%s:缺少 runas 组 字段%s:缺少 runas 用户 字段%s:时间戳 %s:%s%s:缺少 时间戳 字段%s:无法分é…选项:%s%s:无法将主体(principal)转æ¢ä¸ºå­—符串(“%sâ€):%s%s:无法获å–凭æ®ï¼š%s%s:无法获å–主机主体(principal):%s%s:无法åˆå§‹åŒ–凭æ®ç¼“存:%s%s:无法解æžâ€œ%sâ€ï¼š%s%s:无法解æžå‡­æ®ç¼“存:%s%s:无法在缓存中储存凭æ®ï¼š%s%s:未使用的 %s_Alias %s%s:缺少 用户 字段%s:错误的所有者(uid, gid),应为 (%u, %u) %u 次错误密ç å°è¯•*** %h å®‰å…¨ä¿¡æ¯ ***账户过期,或 PAM é…置缺少 sudo 使用的“accountâ€èŠ‚ï¼Œè”系您的系统管ç†å‘˜è´¦æˆ·æˆ–密ç è¿‡æœŸï¼Œé‡ç½®æ‚¨çš„密ç å¹¶é‡è¯•在分é…ä¼ªç»ˆç«¯æ—¶å‘ utmp/utmpx 文件中添加一æ¡è®°å½•接收邮件的地å€ï¼š%så‘é€é‚®ä»¶çš„地å€ï¼š%s别å“%sâ€å·²å®šä¹‰å…许收集一些信æ¯ï¼Œä»¥æä¾›æœ‰ç”¨çš„错误消æ¯å…许 sudo 询问密ç ï¼Œå³ä½¿å®ƒä¸å¯è§å…许用户设置任æ„的环境å˜é‡æ€»æ˜¯åœ¨ä¼ªç»ˆç«¯ä¸­è¿è¡Œå‘½ä»¤åœ¨è¿è¡Œ sudo 时总是å‘é€é‚®ä»¶æ€»æ˜¯å°† $HOME 设为目标用户的主目录应用目标用户登录类别中的默认设置,如果没有设置的è¯å°è¯•为目标用户建立 PAM 凭æ®è®¤è¯æ–¹æ³•ï¼šè®¤è¯æ—¶é—´æˆ³å»¶æ—¶ï¼š%.1f 分钟使用 zlib 压缩 I/O 日志无法确定审核æ¡ä»¶åˆ›å»ºä¸€ä¸ªæ–°çš„ PAM ä¼šè¯æ¥è¿è¡Œè¯¥å‘½ä»¤é»˜è®¤å¯†ç æç¤ºï¼š%sè¿è¡Œå‘½ä»¤çš„默认用户:%s用于ä¿å­˜è¾“å…¥/输出日志的目录:%sä¸å°†ç»„å‘é‡åˆå§‹åŒ–ä¸ºç›®æ ‡ç”¨æˆ·çš„è¦æ£€æŸ¥å®Œæ•´æ€§çš„环境å˜é‡ï¼šè¦ä¿ç•™çš„环境å˜é‡ï¼šè¦ç§»é™¤çš„环境å˜é‡ï¼šé”™è¯¯ï¼šå¼•用了 %s_Alias “%sâ€ä½†å°šæœªå®šä¹‰é”™è¯¯ï¼šåœ¨ %s_Alias “%sâ€ä¸­å¾ªçŽ¯åŒ…å« sudo 致辞的文件:%s>= %d 的文件æè¿°ç¬¦å°†ä¼šåœ¨æ‰§è¡Œå‘½ä»¤å‰å…³é—­ç”¨äºŽä¿å­˜è¾“å…¥/输出日志的文件:%sé‚®ä»¶ç¨‹åºæ ‡å¿—:%s如果 LDAP ç›®å½•æœ‰æ•ˆï¼Œæ˜¯ä¸æ˜¯å¿½ç•¥æœ¬åœ°çš„ sudoers æ–‡ä»¶å¦‚æžœè®¾ç½®ï¼Œå¯†ç æç¤ºå°†è¦†ç›–å„ç§æƒ…况下的系统æç¤ºã€‚如果设置,用户å¯ä»¥é€šè¿‡ -C 选项覆盖“closefromâ€çš„值如果ä¸å¸¦å‚数调用 sudo,å¯åŠ¨ä¸€ä¸ª shell忽略 $PATH 中的“.â€å¯†ç é”™è¯¯æ¶ˆæ¯ï¼š%såœ¨ç”¨æˆ·è¾“å…¥é”™è¯¯å¯†ç æ—¶å¯¹ä»–们进行(玩笑å¼çš„)嘲讽编译进 sudo çš„è®¤è¯æ–¹æ³•æ— æ•ˆï¼æ‚¨ä¸èƒ½æ··ç”¨ç‹¬ç«‹å’Œéžç‹¬ç«‹è®¤è¯ã€‚在用户第一次è¿è¡Œ sudo æ—¶å‘他致辞日志文件折行的长度(0 åˆ™ä¸æŠ˜è¡Œ):%u本地 IP 地å€å’Œç½‘络掩ç å¯¹ï¼š è§£æž sudoers 时使用的区域设置:%s日志的几何尺寸为 %dx%d,您终端的几何尺寸为 %dx%d。将主机å记录在(éž syslog)的日志文件中记录所执行命令的输出将年份记录在(éž syslog)çš„æ—¥å¿—æ–‡ä»¶ä¸­è®°å½•ç”¨æˆ·åœ¨æ‰€æ‰§è¡Œå‘½ä»¤ä¸­çš„è¾“å…¥åŒ¹é… %2$s 上 %1$s 的默认æ¡ç›®ï¼š 最大 I/O 日志åºåˆ—å·ï¼š%u无用户或主机输入密ç çš„å°è¯•次数:%uåªå…许拥有终端的用户执行 sudoåªå°†æœ‰æ•ˆç”¨æˆ· ID è®¾ä¸ºç›®æ ‡ç”¨æˆ·çš„ï¼Œè€Œä¸æ˜¯å®žé™…用户 ID选项有: 釿–°ç¼–辑 sudoers 文件(e) 退出,ä¸ä¿å­˜å¯¹ sudoers 文件的更改(x) 退出并将更改ä¿å­˜åˆ° sudoers 文件(å±é™©ï¼)(Q) è®¤è¯æ—¶é—´æˆ³çš„æ‰€æœ‰è€…:%sPAM 认è¯å‡ºé”™ï¼š%sè¦ä½¿ç”¨çš„ PAM æœåŠ¡å称用于登录 shell çš„ PAM æœåŠ¡å称密ç è¿‡æœŸï¼Œè”系您的系统管ç†å‘˜å¯†ç æç¤ºå»¶æ—¶ï¼š%.1f 分钟密ç ï¼šè®¤è¯æ—¶é—´æˆ³æ–‡ä»¶å¤¹çš„路径:%s日志文件路径:%s邮件程åºè·¯å¾„:%svisudo 所使用的编辑器的路径:%ssudo 特定环境文件的路径:%sç”¨äºŽéž Unix 组支æŒçš„æ’ä»¶ï¼š%s预加载“sudo_noexecâ€åº“中包å«çš„å“‘ exec 函数询问 root 用户的密ç è€Œéžç”¨æˆ·çš„密ç è¯¢é—® runas_default 用户的密ç ï¼Œè€Œéžç”¨æˆ·å¯†ç è¯¢é—®ç›®æ ‡ç”¨æˆ·çš„密ç ï¼Œè€Œéžç”¨æˆ·å¯†ç ç”¨æˆ·åœ¨è¯¢é—®å¯†ç çª—å£è¾“入时æä¾›è§†è§‰å馈将 OPT æç¤ºæ”¾åœ¨ç‹¬è‡ªçš„行中回放 sudo 会è¯ï¼š%s è¦æ±‚ sudoers 文件中包å«å®Œå…¨é™å®šçš„主机åé»˜è®¤è¦æ±‚用户认è¯å°†çŽ¯å¢ƒé‡è®¾ä¸ºé»˜è®¤çš„å˜é‡é›†root å¯ä»¥è¿è¡Œ sudo在åŽå°çš„伪终端上è¿è¡Œå‘½ä»¤%s Runas 和命令特定的默认值: 在新的安全环境中使用的 SELinux 角色:%s在新的安全环境中使用的 SELinux 类型:%sSecurID 通讯失败在用户ä¸å…许执行æŸä¸ªå‘½ä»¤æ—¶å‘é€é‚®ä»¶åœ¨ç”¨æˆ·ä¸åœ¨ sudoers 列表中时å‘é€é‚®ä»¶åœ¨ç”¨æˆ·ä¸åœ¨æ­¤ä¸»æœºçš„ sudoers 列表中时å‘é€é‚®ä»¶åœ¨ç”¨æˆ·è®¤è¯å¤±è´¥æ—¶å‘é€é‚®ä»¶è‹¥ä½¿ç”¨ -s 选项å¯åЍ shell,将 $HOME 设为目标用户的主目录é™åˆ¶æƒé™çš„集åˆå…许æƒé™çš„集åˆè®¾ç½® LOGNAME å’Œ USER 环境å˜é‡å°† utmp 中的用户设为 runas ç”¨æˆ·ï¼Œè€Œä¸æ˜¯è°ƒç”¨ç”¨æˆ·å¯¹ä¸èµ·ï¼Œè¯·é‡è¯•。对ä¸èµ·ï¼Œç”¨æˆ· %1$s æ— æƒä»¥ %5$s%6$s%7$s 的身份在 %8$s 上执行 %2$s%3$s%4$s。 对ä¸èµ·ï¼Œç”¨æˆ· %s ä¸èƒ½åœ¨ %s 上è¿è¡Œ sudo。 邮件消æ¯çš„主题行:%sSudoers 文件语法版本 %d Sudoers ç­–ç•¥æ’件版本 %s 若使用了 syslog,用于记录日志的 syslog 设施:%sç”¨æˆ·è®¤è¯æˆåŠŸæ—¶ä½¿ç”¨çš„ syslog 优先级:%s用户认è¯ä¸æˆåŠŸæ—¶ä½¿ç”¨çš„ syslog 优先级:%ssudoers 中指定的 umask 会覆盖用户的,å³ä½¿å®ƒå…许的æƒé™æ›´å¤šsudo ç¼–è¯‘æ—¶æ²¡æœ‰åŠ å…¥ä»»ä½•è®¤è¯æ–¹æ³•ï¼å¦‚果您想关闭认è¯ï¼Œä½¿ç”¨ --disable-authentication é…置选项。è¦ä½¿ç”¨çš„ umask,或 0777 使用用户的:0%o对æ¯ä¸ªç”¨æˆ·/终端组åˆä½¿ç”¨ç‹¬ç«‹çš„æ—¶é—´æˆ³ä½¿ç”¨ä¸å¤ªç²¾ç¡®ä½†ä¸è®¿é—®æ–‡ä»¶ç³»ç»Ÿçš„è¾ƒå¿«é€šé…æ–¹æ³•用户 %s æ— æƒåœ¨ %s 上è¿è¡Œ sudo。 用户 %s å¯ä»¥åœ¨ %s 上è¿è¡Œä»¥ä¸‹å‘½ä»¤ï¼š 为进行 SecurID 认è¯ï¼Œå·²é”定用户 ID此组的用户ä¸è¦æ±‚密ç å’Œ PATH:%s覆盖用户的 $PATH å˜é‡çš„值:%sVisudo 将优先考虑 EDITOR 环境å˜é‡è­¦å‘Šï¼šå¼•用了 %s_Alias “%sâ€ä½†å°šæœªå®šä¹‰è­¦å‘Šï¼šåœ¨ %s_Alias “%sâ€ä¸­å¾ªçŽ¯è­¦å‘Šï¼šæ‚¨çš„ç»ˆç«¯å°ºå¯¸å¤ªå°ï¼Œä¸èƒ½æ­£å¸¸åœ°å›žæ”¾æ—¥å¿—。 现在åšä»€ä¹ˆï¼Ÿä½•时为“listâ€ä¼ªå‘½ä»¤è¯·æ±‚密ç ï¼š%s何时为“verifyâ€ä¼ªå‘½ä»¤è¯·æ±‚密ç ï¼š%s需è¦å¯†ç è´¦æˆ·éªŒè¯å¤±è´¥ï¼Œæ‚¨çš„è´¦æˆ·æ˜¯ä¸æ˜¯ä¸Šé”了?有歧义的表达å¼â€œ%sâ€è®¤è¯å¤±è´¥è®¤è¯æœåŠ¡å™¨é”™è¯¯ï¼š %s命令失败:“%s %s %sâ€ï¼Œ%s 未更改当å‰ç›®å½•ä¸­çš„å‘½ä»¤å‘½ä»¤ç¦æ­¢ä½¿ç”¨æ— æ³•è§£æžæ—¥æœŸâ€œ%sâ€%s(%s) 的摘è¦ä¸æ˜¯ %s å½¢å¼ç¼–辑器(%s)失败,%s 未更改é‡å‘½å %s 出错,%s 未更改åˆå§‹åŒ– ACE API åº“å¤±è´¥è§£æž %s 文件失败,未知错误fill_args:缓存溢出忽略在“.â€ä¸­æ‰¾åˆ°çš„“%s†请使用“sudo ./%sâ€ï¼Œå¦‚果这是您想è¿è¡Œçš„“%sâ€ã€‚éžæ³•的结尾字符“!â€éžæ³•的结尾字符“orâ€å†…部错误,%s 溢出内部错误,在列表中找ä¸åˆ° %sï¼å†…部错误:没有足够的空间存放日志行SecurID 的认è¯å¥æŸ„æ— æ•ˆæ— æ•ˆçš„è®¤è¯æ–¹æ³•无效的认è¯ç±»åž‹æ— æ•ˆçš„过滤器选项:%s无效的最大等待:%s无效的 SecurID 密ç é•¿åº¦æ— æ•ˆçš„æ­£åˆ™è¡¨è¾¾å¼ï¼š%s无法的速度系数:%s无效的 sudoOrder 属性:%sæ— æ•ˆçš„æ—¶åºæ–‡ä»¶è¡Œï¼š%sSecurID 的用户å长度无效ldap.conf 路径:%s ldap.secret 路径:%s ä¸¢å¤±äº†åˆ°è®¤è¯æœåŠ¡å™¨çš„è¿žæŽ¥æ— è®¤è¯æ–¹æ³•未找到编辑器(编辑器路径 = %s)无终端没有找到有效的 sudoers 资æºï¼Œé€€å‡ºæ²¡æœ‰ç»™â€œ%sâ€æŒ‡å®šå€¼nsswitch 路径:%s åªæœ‰ root æ‰èƒ½ä½¿ç”¨â€œ-c %sâ€â€œ%sâ€é€‰é¡¹ä¸å¸¦å€¼%s 中出现解æžé”™è¯¯%s 中出现解æžé”™è¯¯ %s 中第 %d 行附近有解æžé”™è¯¯%s 中第 %d 行附近出现解æžé”™è¯¯ æƒé™å †æ ˆä¸Šæº¢æƒé™å †æ ˆä¸‹æº¢æŒ‰å›žè½¦é”®ç¼–辑 %s:默认æ¡ç›®æœ‰é—®é¢˜æŠ±æ­‰ï¼Œæ‚¨æ— æƒä¿ç•™çŽ¯å¢ƒå¯¹ä¸èµ·ï¼Œæ‚¨æ— æƒè®¾ç½®ä»¥ä¸‹çŽ¯å¢ƒå˜é‡ï¼š%sæŠ±æ­‰ï¼Œæ‚¨å¿…é¡»æ‹¥æœ‰ä¸€ä¸ªç»ˆç«¯æ¥æ‰§è¡Œ sudo指定的编辑器(%s)ä¸å­˜åœ¨æŒ‡å®šäº† start_tls,但 LDAP åº“ä¸æ”¯æŒ ldap_start_tls_s() 或 ldap_start_tls_s_np()使用 ldaps æ—¶ä¸æ”¯æŒ starttlssudo_ldap_build_pass1 分é…ä¸åŒ¹é…sudo_ldap_conf_add_ports:扩展主机缓存时空间ä¸è¶³sudo_ldap_conf_add_ports:端å£å¤ªå¤§sudo_ldap_parse_uri:构建主机缓存时空间ä¸è¶³sudo_putenv:envp æŸå,长度ä¸ç¬¦sudoers 指定 root ä¸å…许执行 sudo时间戳所有者(%s):无此用户时间戳路径过长:%s时间戳太超å‰ï¼š%20.20sinclude 嵌套层数过多进程过多无法开始 bsd è®¤è¯æ— æ³•构建时间过滤器无法缓存组 ID %u,已存在无法缓存组 %s,已存在无法缓存组列表 %s,已存在无法缓存用户 ID %u,已存在无法缓存用户 %s,已存在无法更改过期的密ç ï¼š%s无法将 %s çš„æ¨¡å¼æ›´æ”¹ä¸º 0%o无法切æ¢ä¸º root 组 ID无法切æ¢ä¸º runas 组 ID无法切æ¢ä¸º runas 用户 ID无法切æ¢ä¸º sudoers 组 ID无法æäº¤å®¡æ ¸è®°å½•æ— æ³•è¿žæŽ¥åˆ°è®¤è¯æœåŠ¡å™¨æ— æ³•è”络 SecurID æœåŠ¡å™¨æ— æ³•åˆ›å»º %s无法 dup stdin:%m无法执行 %s无法执行 %s:%m无法在 %s 中找到符å·â€œ%sâ€æ— æ³•在 %s 中找到符å·â€œgroup_pluginâ€æ— æ³•执行 fork无法执行 fork:%m无法格å¼åŒ–æ—¶é—´æˆ³æ— æ³•èŽ·å– GMT 时间无法获å–用户 %s 的登录类别(login class)无法åˆå§‹åŒ– bsd è®¤è¯æ— æ³•åˆå§‹åŒ– LDAP:%s无法åˆå§‹åŒ– PAM无法åˆå§‹åŒ– SIA ä¼šè¯æ— æ³•åˆå§‹åŒ– SSL è¯ä¹¦å’Œå¯†é’¥æ•°æ®åº“:%s无法åˆå§‹åŒ– SSS 资æºã€‚您的计算机上安装 SSSD 了å—?无法加载 %s:%s无法é”定日志文件:%s:%sæ— æ³•æ··åˆ ldap å’Œ ldaps URI无法创建目录 %s无法打开 %s无法打开审核系统无法打开日志文件:%s:%s无法打开管é“:%m无法对 %s è§£æžç»„æ— æ³•é‡æ–°æ‰“开临时文件(%s),%s æœªæ›´æ”¹æ— æ³•è¯»å– %sæ— æ³•è¯»å– fwtk é…置无法移除 %s ,将é‡è®¾ä¸º Unix 戳记无法将 %s é‡è®¾ä¸º Unix 戳记无法解æžä¸»æœºï¼š%s无法è¿è¡Œ %s无法å‘é€å®¡æ ¸æ¶ˆæ¯æ— æ³•å°† %s çš„ (uid, gid) 设为 (%u, %u)无法设置 runas 组å‘釿— æ³•å°†ç»ˆç«¯è®¾ä¸ºåŽŸå§‹æ¨¡å¼æ— æ³• stat %s无法 stat 编辑器(%s)无法 stat 临时文件(%s),%s 未更改无法写入 %s无法解æžä¸´æ—¶æ–‡ä»¶(%s),未知错误未知的 SecurID 错误未知的默认æ¡ç›®â€œ%sâ€æœªçŸ¥ç»„:%s未知的登录类别:%s未知的æœç´¢è¯â€œ%sâ€æœªçŸ¥çš„æœç´¢ç±»åž‹ %d未知的用户 ID:%u未知用户:%s表达å¼ä¸­çš„“(â€ä¸åŒ¹é…表达å¼ä¸­çš„“)â€ä¸åŒ¹é…䏿”¯æŒçš„ LDAP URI 类型:%s%2$s 的摘è¦ç±»åž‹ %1$d 䏿”¯æŒç”¨æ³•:%s [-h] [-d 目录] -l [æœç´¢è¡¨è¾¾å¼] 用法:%s [-h] [-d 目录] [-m 数值] [-s 数值] ID 用户未获得此主机上的授æƒç”¨æˆ·ä¸åœ¨ sudoers 中校验失败值“%sâ€å¯¹é€‰é¡¹â€œ%sâ€æ— æ•ˆâ€œ%sâ€çš„值必须以“/â€å¼€å¤´å†™é”™è¯¯æ‚¨æ— æƒä½¿ç”¨ -C 选项%s æ•°æ®åº“中没有您è¦ä½¿ç”¨ SSL,您必须在 %s 中设置 TLS_CERT零长度的临时文件(%s),%s 未更改sudo-1.8.9p5/plugins/sudoers/po/zh_CN.po010064400175440000012000001547371226304126300175100ustar00millertstaff# Chinese simplified translation for sudoers. # This file is put in the public domain. # Wylmer Wang , 2011, 2012, 2013. # msgid "" msgstr "" "Project-Id-Version: sudoers 1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-17 10:47-0700\n" "PO-Revision-Date: 2013-12-27 09:12+0800\n" "Last-Translator: Wylmer Wang \n" "Language-Team: Chinese (simplified) \n" "Language: zh_CN\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" #: confstr.sh:2 msgid "Password:" msgstr "密ç ï¼š" #: confstr.sh:3 msgid "*** SECURITY information for %h ***" msgstr "*** %h å®‰å…¨ä¿¡æ¯ ***" #: confstr.sh:4 msgid "Sorry, try again." msgstr "对ä¸èµ·ï¼Œè¯·é‡è¯•。" #: plugins/sudoers/alias.c:136 #, c-format msgid "Alias `%s' already defined" msgstr "别å“%sâ€å·²å®šä¹‰" #: plugins/sudoers/auth/bsdauth.c:75 #, c-format msgid "unable to get login class for user %s" msgstr "无法获å–用户 %s 的登录类别(login class)" #: plugins/sudoers/auth/bsdauth.c:81 msgid "unable to begin bsd authentication" msgstr "无法开始 bsd 认è¯" #: plugins/sudoers/auth/bsdauth.c:89 msgid "invalid authentication type" msgstr "无效的认è¯ç±»åž‹" #: plugins/sudoers/auth/bsdauth.c:98 msgid "unable to initialize BSD authentication" msgstr "无法åˆå§‹åŒ– bsd 认è¯" #: plugins/sudoers/auth/fwtk.c:59 msgid "unable to read fwtk config" msgstr "æ— æ³•è¯»å– fwtk é…ç½®" #: plugins/sudoers/auth/fwtk.c:64 msgid "unable to connect to authentication server" msgstr "æ— æ³•è¿žæŽ¥åˆ°è®¤è¯æœåС噍" #: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 #: plugins/sudoers/auth/fwtk.c:127 msgid "lost connection to authentication server" msgstr "ä¸¢å¤±äº†åˆ°è®¤è¯æœåŠ¡å™¨çš„è¿žæŽ¥" #: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" "è®¤è¯æœåŠ¡å™¨é”™è¯¯ï¼š\n" "%s" #: plugins/sudoers/auth/kerb5.c:116 #, c-format msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s:无法将主体(principal)转æ¢ä¸ºå­—符串(“%sâ€):%s" #: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s:无法解æžâ€œ%sâ€ï¼š%s" #: plugins/sudoers/auth/kerb5.c:169 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s:无法解æžå‡­æ®ç¼“存:%s" #: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s:无法分é…选项:%s" #: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s:无法获å–凭æ®ï¼š%s" #: plugins/sudoers/auth/kerb5.c:246 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s:无法åˆå§‹åŒ–凭æ®ç¼“存:%s" #: plugins/sudoers/auth/kerb5.c:250 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s:无法在缓存中储存凭æ®ï¼š%s" #: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s:无法获å–主机主体(principal):%s" #: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s:无法验è¯ç›®æ ‡ï¼å¯èƒ½é­åˆ°äº†æ”»å‡»ï¼ï¼š%s" #: plugins/sudoers/auth/pam.c:98 msgid "unable to initialize PAM" msgstr "无法åˆå§‹åŒ– PAM" #: plugins/sudoers/auth/pam.c:149 msgid "account validation failure, is your account locked?" msgstr "账户验è¯å¤±è´¥ï¼Œæ‚¨çš„è´¦æˆ·æ˜¯ä¸æ˜¯ä¸Šé”了?" #: plugins/sudoers/auth/pam.c:153 msgid "Account or password is expired, reset your password and try again" msgstr "账户或密ç è¿‡æœŸï¼Œé‡ç½®æ‚¨çš„密ç å¹¶é‡è¯•" #: plugins/sudoers/auth/pam.c:161 #, c-format msgid "unable to change expired password: %s" msgstr "无法更改过期的密ç ï¼š%s" #: plugins/sudoers/auth/pam.c:166 msgid "Password expired, contact your system administrator" msgstr "密ç è¿‡æœŸï¼Œè”系您的系统管ç†å‘˜" #: plugins/sudoers/auth/pam.c:170 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "账户过期,或 PAM é…置缺少 sudo 使用的“accountâ€èŠ‚ï¼Œè”系您的系统管ç†å‘˜" #: plugins/sudoers/auth/pam.c:187 #, c-format msgid "PAM authentication error: %s" msgstr "PAM 认è¯å‡ºé”™ï¼š%s" #: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:222 #, c-format msgid "you do not exist in the %s database" msgstr "%s æ•°æ®åº“中没有您" #: plugins/sudoers/auth/securid5.c:80 msgid "failed to initialise the ACE API library" msgstr "åˆå§‹åŒ– ACE API 库失败" #: plugins/sudoers/auth/securid5.c:106 msgid "unable to contact the SecurID server" msgstr "无法è”络 SecurID æœåС噍" #: plugins/sudoers/auth/securid5.c:115 msgid "User ID locked for SecurID Authentication" msgstr "为进行 SecurID 认è¯ï¼Œå·²é”定用户 ID" #: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 msgid "invalid username length for SecurID" msgstr "SecurID 的用户å长度无效" #: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 msgid "invalid Authentication Handle for SecurID" msgstr "SecurID 的认è¯å¥æŸ„无效" #: plugins/sudoers/auth/securid5.c:127 msgid "SecurID communication failed" msgstr "SecurID 通讯失败" #: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 msgid "unknown SecurID error" msgstr "未知的 SecurID 错误" #: plugins/sudoers/auth/securid5.c:165 msgid "invalid passcode length for SecurID" msgstr "无效的 SecurID 密ç é•¿åº¦" #: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "无法åˆå§‹åŒ– SIA 会è¯" #: plugins/sudoers/auth/sudo_auth.c:119 msgid "invalid authentication methods" msgstr "æ— æ•ˆçš„è®¤è¯æ–¹æ³•" #: plugins/sudoers/auth/sudo_auth.c:120 msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." msgstr "编译进 sudo çš„è®¤è¯æ–¹æ³•æ— æ•ˆï¼æ‚¨ä¸èƒ½æ··ç”¨ç‹¬ç«‹å’Œéžç‹¬ç«‹è®¤è¯ã€‚" #: plugins/sudoers/auth/sudo_auth.c:203 msgid "no authentication methods" msgstr "æ— è®¤è¯æ–¹æ³•" #: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "sudo ç¼–è¯‘æ—¶æ²¡æœ‰åŠ å…¥ä»»ä½•è®¤è¯æ–¹æ³•ï¼å¦‚果您想关闭认è¯ï¼Œä½¿ç”¨ --disable-authentication é…置选项。" #: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "è®¤è¯æ–¹æ³•:" #: plugins/sudoers/bsm_audit.c:91 plugins/sudoers/bsm_audit.c:158 msgid "Could not determine audit condition" msgstr "无法确定审核æ¡ä»¶" #: plugins/sudoers/bsm_audit.c:134 plugins/sudoers/bsm_audit.c:199 msgid "unable to commit audit record" msgstr "无法æäº¤å®¡æ ¸è®°å½•" #: plugins/sudoers/check.c:189 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" "Administrator. It usually boils down to these three things:\n" "\n" " #1) Respect the privacy of others.\n" " #2) Think before you type.\n" " #3) With great power comes great responsibility.\n" "\n" msgstr "" "\n" "我们信任您已ç»ä»Žç³»ç»Ÿç®¡ç†å‘˜é‚£é‡Œäº†è§£äº†æ—¥å¸¸æ³¨æ„事项。\n" "æ€»ç»“èµ·æ¥æ— å¤–乎这三点:\n" "\n" " #1) å°Šé‡åˆ«äººçš„éšç§ã€‚\n" " #2) 输入å‰è¦å…ˆè€ƒè™‘(åŽæžœå’Œé£Žé™©)。\n" " #3) æƒåŠ›è¶Šå¤§ï¼Œè´£ä»»è¶Šå¤§ã€‚\n" "\n" #: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 #: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:588 #, c-format msgid "unknown uid: %u" msgstr "未知的用户 ID:%u" #: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:657 #: plugins/sudoers/sudoers.c:850 plugins/sudoers/testsudoers.c:211 #: plugins/sudoers/testsudoers.c:363 #, c-format msgid "unknown user: %s" msgstr "未知用户:%s" #: plugins/sudoers/def_data.c:27 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "若使用了 syslog,用于记录日志的 syslog 设施:%s" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "ç”¨æˆ·è®¤è¯æˆåŠŸæ—¶ä½¿ç”¨çš„ syslog 优先级:%s" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "用户认è¯ä¸æˆåŠŸæ—¶ä½¿ç”¨çš„ syslog 优先级:%s" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" msgstr "å°† OPT æç¤ºæ”¾åœ¨ç‹¬è‡ªçš„行中" #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" msgstr "忽略 $PATH 中的“.â€" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" msgstr "在è¿è¡Œ sudo 时总是å‘é€é‚®ä»¶" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" msgstr "在用户认è¯å¤±è´¥æ—¶å‘é€é‚®ä»¶" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" msgstr "在用户ä¸åœ¨ sudoers 列表中时å‘é€é‚®ä»¶" #: plugins/sudoers/def_data.c:59 msgid "Send mail if the user is not in sudoers for this host" msgstr "在用户ä¸åœ¨æ­¤ä¸»æœºçš„ sudoers 列表中时å‘é€é‚®ä»¶" #: plugins/sudoers/def_data.c:63 msgid "Send mail if the user is not allowed to run a command" msgstr "在用户ä¸å…许执行æŸä¸ªå‘½ä»¤æ—¶å‘é€é‚®ä»¶" #: plugins/sudoers/def_data.c:67 msgid "Use a separate timestamp for each user/tty combo" msgstr "对æ¯ä¸ªç”¨æˆ·/终端组åˆä½¿ç”¨ç‹¬ç«‹çš„æ—¶é—´æˆ³" #: plugins/sudoers/def_data.c:71 msgid "Lecture user the first time they run sudo" msgstr "在用户第一次è¿è¡Œ sudo æ—¶å‘他致辞" #: plugins/sudoers/def_data.c:75 #, c-format msgid "File containing the sudo lecture: %s" msgstr "åŒ…å« sudo 致辞的文件:%s" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" msgstr "é»˜è®¤è¦æ±‚用户认è¯" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" msgstr "root å¯ä»¥è¿è¡Œ sudo" #: plugins/sudoers/def_data.c:87 msgid "Log the hostname in the (non-syslog) log file" msgstr "将主机å记录在(éž syslog)的日志文件中" #: plugins/sudoers/def_data.c:91 msgid "Log the year in the (non-syslog) log file" msgstr "将年份记录在(éž syslog)的日志文件中" #: plugins/sudoers/def_data.c:95 msgid "If sudo is invoked with no arguments, start a shell" msgstr "如果ä¸å¸¦å‚数调用 sudo,å¯åŠ¨ä¸€ä¸ª shell" #: plugins/sudoers/def_data.c:99 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "若使用 -s 选项å¯åЍ shell,将 $HOME 设为目标用户的主目录" #: plugins/sudoers/def_data.c:103 msgid "Always set $HOME to the target user's home directory" msgstr "总是将 $HOME 设为目标用户的主目录" #: plugins/sudoers/def_data.c:107 msgid "Allow some information gathering to give useful error messages" msgstr "å…许收集一些信æ¯ï¼Œä»¥æä¾›æœ‰ç”¨çš„错误消æ¯" #: plugins/sudoers/def_data.c:111 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "è¦æ±‚ sudoers 文件中包å«å®Œå…¨é™å®šçš„主机å" #: plugins/sudoers/def_data.c:115 msgid "Insult the user when they enter an incorrect password" msgstr "åœ¨ç”¨æˆ·è¾“å…¥é”™è¯¯å¯†ç æ—¶å¯¹ä»–们进行(玩笑å¼çš„)嘲讽" #: plugins/sudoers/def_data.c:119 msgid "Only allow the user to run sudo if they have a tty" msgstr "åªå…许拥有终端的用户执行 sudo" #: plugins/sudoers/def_data.c:123 msgid "Visudo will honor the EDITOR environment variable" msgstr "Visudo 将优先考虑 EDITOR 环境å˜é‡" #: plugins/sudoers/def_data.c:127 msgid "Prompt for root's password, not the users's" msgstr "询问 root 用户的密ç è€Œéžç”¨æˆ·çš„密ç " #: plugins/sudoers/def_data.c:131 msgid "Prompt for the runas_default user's password, not the users's" msgstr "询问 runas_default 用户的密ç ï¼Œè€Œéžç”¨æˆ·å¯†ç " #: plugins/sudoers/def_data.c:135 msgid "Prompt for the target user's password, not the users's" msgstr "询问目标用户的密ç ï¼Œè€Œéžç”¨æˆ·å¯†ç " #: plugins/sudoers/def_data.c:139 msgid "Apply defaults in the target user's login class if there is one" msgstr "应用目标用户登录类别中的默认设置,如果没有设置的è¯" #: plugins/sudoers/def_data.c:143 msgid "Set the LOGNAME and USER environment variables" msgstr "设置 LOGNAME å’Œ USER 环境å˜é‡" #: plugins/sudoers/def_data.c:147 msgid "Only set the effective uid to the target user, not the real uid" msgstr "åªå°†æœ‰æ•ˆç”¨æˆ· ID è®¾ä¸ºç›®æ ‡ç”¨æˆ·çš„ï¼Œè€Œä¸æ˜¯å®žé™…用户 ID" #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" msgstr "ä¸å°†ç»„å‘é‡åˆå§‹åŒ–为目标用户的" #: plugins/sudoers/def_data.c:155 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %u" msgstr "日志文件折行的长度(0 åˆ™ä¸æŠ˜è¡Œ):%u" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "è®¤è¯æ—¶é—´æˆ³å»¶æ—¶ï¼š%.1f 分钟" #: plugins/sudoers/def_data.c:163 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "å¯†ç æç¤ºå»¶æ—¶ï¼š%.1f 分钟" #: plugins/sudoers/def_data.c:167 #, c-format msgid "Number of tries to enter a password: %u" msgstr "输入密ç çš„å°è¯•次数:%u" #: plugins/sudoers/def_data.c:171 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "è¦ä½¿ç”¨çš„ umask,或 0777 使用用户的:0%o" #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" msgstr "日志文件路径:%s" #: plugins/sudoers/def_data.c:179 #, c-format msgid "Path to mail program: %s" msgstr "邮件程åºè·¯å¾„:%s" #: plugins/sudoers/def_data.c:183 #, c-format msgid "Flags for mail program: %s" msgstr "é‚®ä»¶ç¨‹åºæ ‡å¿—:%s" #: plugins/sudoers/def_data.c:187 #, c-format msgid "Address to send mail to: %s" msgstr "å‘é€é‚®ä»¶çš„地å€ï¼š%s" #: plugins/sudoers/def_data.c:191 #, c-format msgid "Address to send mail from: %s" msgstr "接收邮件的地å€ï¼š%s" #: plugins/sudoers/def_data.c:195 #, c-format msgid "Subject line for mail messages: %s" msgstr "邮件消æ¯çš„主题行:%s" #: plugins/sudoers/def_data.c:199 #, c-format msgid "Incorrect password message: %s" msgstr "密ç é”™è¯¯æ¶ˆæ¯ï¼š%s" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "è®¤è¯æ—¶é—´æˆ³æ–‡ä»¶å¤¹çš„路径:%s" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "è®¤è¯æ—¶é—´æˆ³çš„æ‰€æœ‰è€…:%s" #: plugins/sudoers/def_data.c:211 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "此组的用户ä¸è¦æ±‚密ç å’Œ PATH:%s" #: plugins/sudoers/def_data.c:215 #, c-format msgid "Default password prompt: %s" msgstr "é»˜è®¤å¯†ç æç¤ºï¼š%s" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." msgstr "å¦‚æžœè®¾ç½®ï¼Œå¯†ç æç¤ºå°†è¦†ç›–å„ç§æƒ…况下的系统æç¤ºã€‚" #: plugins/sudoers/def_data.c:223 #, c-format msgid "Default user to run commands as: %s" msgstr "è¿è¡Œå‘½ä»¤çš„默认用户:%s" #: plugins/sudoers/def_data.c:227 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "覆盖用户的 $PATH å˜é‡çš„值:%s" #: plugins/sudoers/def_data.c:231 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "visudo 所使用的编辑器的路径:%s" #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "何时为“listâ€ä¼ªå‘½ä»¤è¯·æ±‚密ç ï¼š%s" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "何时为“verifyâ€ä¼ªå‘½ä»¤è¯·æ±‚密ç ï¼š%s" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in the sudo_noexec library" msgstr "预加载“sudo_noexecâ€åº“中包å«çš„å“‘ exec 函数" #: plugins/sudoers/def_data.c:247 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "如果 LDAP ç›®å½•æœ‰æ•ˆï¼Œæ˜¯ä¸æ˜¯å¿½ç•¥æœ¬åœ°çš„ sudoers 文件" #: plugins/sudoers/def_data.c:251 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr ">= %d 的文件æè¿°ç¬¦å°†ä¼šåœ¨æ‰§è¡Œå‘½ä»¤å‰å…³é—­" #: plugins/sudoers/def_data.c:255 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "如果设置,用户å¯ä»¥é€šè¿‡ -C 选项覆盖“closefromâ€çš„值" #: plugins/sudoers/def_data.c:259 msgid "Allow users to set arbitrary environment variables" msgstr "å…许用户设置任æ„的环境å˜é‡" #: plugins/sudoers/def_data.c:263 msgid "Reset the environment to a default set of variables" msgstr "将环境é‡è®¾ä¸ºé»˜è®¤çš„å˜é‡é›†" #: plugins/sudoers/def_data.c:267 msgid "Environment variables to check for sanity:" msgstr "è¦æ£€æŸ¥å®Œæ•´æ€§çš„环境å˜é‡ï¼š" #: plugins/sudoers/def_data.c:271 msgid "Environment variables to remove:" msgstr "è¦ç§»é™¤çš„环境å˜é‡ï¼š" #: plugins/sudoers/def_data.c:275 msgid "Environment variables to preserve:" msgstr "è¦ä¿ç•™çš„环境å˜é‡ï¼š" #: plugins/sudoers/def_data.c:279 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "在新的安全环境中使用的 SELinux 角色:%s" #: plugins/sudoers/def_data.c:283 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "在新的安全环境中使用的 SELinux 类型:%s" #: plugins/sudoers/def_data.c:287 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "sudo 特定环境文件的路径:%s" #: plugins/sudoers/def_data.c:291 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "è§£æž sudoers 时使用的区域设置:%s" #: plugins/sudoers/def_data.c:295 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "å…许 sudo 询问密ç ï¼Œå³ä½¿å®ƒä¸å¯è§" #: plugins/sudoers/def_data.c:299 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "用户在询问密ç çª—å£è¾“入时æä¾›è§†è§‰å馈" #: plugins/sudoers/def_data.c:303 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "使用ä¸å¤ªç²¾ç¡®ä½†ä¸è®¿é—®æ–‡ä»¶ç³»ç»Ÿçš„è¾ƒå¿«é€šé…æ–¹æ³•" #: plugins/sudoers/def_data.c:307 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "sudoers 中指定的 umask 会覆盖用户的,å³ä½¿å®ƒå…许的æƒé™æ›´å¤š" #: plugins/sudoers/def_data.c:311 msgid "Log user's input for the command being run" msgstr "记录用户在所执行命令中的输入" #: plugins/sudoers/def_data.c:315 msgid "Log the output of the command being run" msgstr "记录所执行命令的输出" #: plugins/sudoers/def_data.c:319 msgid "Compress I/O logs using zlib" msgstr "使用 zlib 压缩 I/O 日志" #: plugins/sudoers/def_data.c:323 msgid "Always run commands in a pseudo-tty" msgstr "总是在伪终端中è¿è¡Œå‘½ä»¤" #: plugins/sudoers/def_data.c:327 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "ç”¨äºŽéž Unix 组支æŒçš„æ’ä»¶ï¼š%s" #: plugins/sudoers/def_data.c:331 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "用于ä¿å­˜è¾“å…¥/输出日志的目录:%s" #: plugins/sudoers/def_data.c:335 #, c-format msgid "File in which to store the input/output log: %s" msgstr "用于ä¿å­˜è¾“å…¥/输出日志的文件:%s" #: plugins/sudoers/def_data.c:339 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "在分é…ä¼ªç»ˆç«¯æ—¶å‘ utmp/utmpx 文件中添加一æ¡è®°å½•" #: plugins/sudoers/def_data.c:343 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "å°† utmp 中的用户设为 runas ç”¨æˆ·ï¼Œè€Œä¸æ˜¯è°ƒç”¨ç”¨æˆ·" #: plugins/sudoers/def_data.c:347 msgid "Set of permitted privileges" msgstr "å…许æƒé™çš„集åˆ" #: plugins/sudoers/def_data.c:351 msgid "Set of limit privileges" msgstr "é™åˆ¶æƒé™çš„集åˆ" #: plugins/sudoers/def_data.c:355 msgid "Run commands on a pty in the background" msgstr "在åŽå°çš„伪终端上è¿è¡Œå‘½ä»¤" #: plugins/sudoers/def_data.c:359 msgid "PAM service name to use" msgstr "è¦ä½¿ç”¨çš„ PAM æœåŠ¡åç§°" #: plugins/sudoers/def_data.c:363 msgid "PAM service name to use for login shells" msgstr "用于登录 shell çš„ PAM æœåŠ¡åç§°" #: plugins/sudoers/def_data.c:367 msgid "Attempt to establish PAM credentials for the target user" msgstr "å°è¯•为目标用户建立 PAM 凭æ®" #: plugins/sudoers/def_data.c:371 msgid "Create a new PAM session for the command to run in" msgstr "创建一个新的 PAM ä¼šè¯æ¥è¿è¡Œè¯¥å‘½ä»¤" #: plugins/sudoers/def_data.c:375 #, c-format msgid "Maximum I/O log sequence number: %u" msgstr "最大 I/O 日志åºåˆ—å·ï¼š%u" #: plugins/sudoers/defaults.c:210 plugins/sudoers/defaults.c:596 #: plugins/sudoers/visudo_json.c:611 plugins/sudoers/visudo_json.c:647 #, c-format msgid "unknown defaults entry `%s'" msgstr "未知的默认æ¡ç›®â€œ%sâ€" #: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 #: plugins/sudoers/defaults.c:248 plugins/sudoers/defaults.c:261 #: plugins/sudoers/defaults.c:274 plugins/sudoers/defaults.c:287 #: plugins/sudoers/defaults.c:300 plugins/sudoers/defaults.c:320 #: plugins/sudoers/defaults.c:330 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "值“%sâ€å¯¹é€‰é¡¹â€œ%sâ€æ— æ•ˆ" #: plugins/sudoers/defaults.c:221 plugins/sudoers/defaults.c:231 #: plugins/sudoers/defaults.c:239 plugins/sudoers/defaults.c:256 #: plugins/sudoers/defaults.c:269 plugins/sudoers/defaults.c:282 #: plugins/sudoers/defaults.c:295 plugins/sudoers/defaults.c:315 #: plugins/sudoers/defaults.c:326 #, c-format msgid "no value specified for `%s'" msgstr "没有给“%sâ€æŒ‡å®šå€¼" #: plugins/sudoers/defaults.c:244 #, c-format msgid "values for `%s' must start with a '/'" msgstr "“%sâ€çš„值必须以“/â€å¼€å¤´" #: plugins/sudoers/defaults.c:306 #, c-format msgid "option `%s' does not take a value" msgstr "“%sâ€é€‰é¡¹ä¸å¸¦å€¼" #: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 #: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 #: plugins/sudoers/policy.c:442 plugins/sudoers/policy.c:449 #: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:656 #: plugins/sudoers/testsudoers.c:241 #, c-format msgid "internal error, %s overflow" msgstr "内部错误,%s 溢出" #: plugins/sudoers/env.c:367 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv:envp æŸå,长度ä¸ç¬¦" #: plugins/sudoers/env.c:1014 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "对ä¸èµ·ï¼Œæ‚¨æ— æƒè®¾ç½®ä»¥ä¸‹çŽ¯å¢ƒå˜é‡ï¼š%s" #: plugins/sudoers/group_plugin.c:94 #, c-format msgid "%s must be owned by uid %d" msgstr "%s 必须属于用户 ID %d" #: plugins/sudoers/group_plugin.c:98 #, c-format msgid "%s must only be writable by owner" msgstr "%s å¿…é¡»åªå¯¹æ‰€æœ‰è€…å¯å†™" #: plugins/sudoers/group_plugin.c:105 plugins/sudoers/sssd.c:251 #, c-format msgid "unable to load %s: %s" msgstr "无法加载 %s:%s" #: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "无法在 %s 中找到符å·â€œgroup_pluginâ€" #: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s:ä¸å…¼å®¹çš„组æ’ä»¶ä¸»ç‰ˆæœ¬å· %d,应为 %d" #: plugins/sudoers/interfaces.c:118 msgid "Local IP address and netmask pairs:\n" msgstr "本地 IP 地å€å’Œç½‘络掩ç å¯¹ï¼š\n" #: plugins/sudoers/iolog.c:99 plugins/sudoers/iolog.c:112 #: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s å­˜åœ¨ï¼Œä½†ä¸æ˜¯ç›®å½•(0%o)" #: plugins/sudoers/iolog.c:109 plugins/sudoers/iolog.c:123 #: plugins/sudoers/iolog.c:127 plugins/sudoers/timestamp.c:165 #: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 #, c-format msgid "unable to mkdir %s" msgstr "无法创建目录 %s" #: plugins/sudoers/iolog.c:190 plugins/sudoers/sudoers.c:710 #: plugins/sudoers/sudoreplay.c:340 plugins/sudoers/sudoreplay.c:811 #: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/timestamp.c:155 #: plugins/sudoers/visudo.c:824 plugins/sudoers/visudo_json.c:995 #: plugins/sudoers/visudo_json.c:1003 #, c-format msgid "unable to open %s" msgstr "无法打开 %s" #: plugins/sudoers/iolog.c:223 plugins/sudoers/sudoers.c:713 #: plugins/sudoers/sudoreplay.c:1112 #, c-format msgid "unable to read %s" msgstr "æ— æ³•è¯»å– %s" #: plugins/sudoers/iolog.c:247 plugins/sudoers/sudoreplay.c:580 #: plugins/sudoers/timestamp.c:159 #, c-format msgid "unable to write to %s" msgstr "无法写入 %s" #: plugins/sudoers/iolog.c:307 plugins/sudoers/iolog.c:500 #, c-format msgid "unable to create %s" msgstr "无法创建 %s" #: plugins/sudoers/ldap.c:403 msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports:端å£å¤ªå¤§" #: plugins/sudoers/ldap.c:426 msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports:扩展主机缓存时空间ä¸è¶³" #: plugins/sudoers/ldap.c:458 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "䏿”¯æŒçš„ LDAP URI 类型:%s" #: plugins/sudoers/ldap.c:489 msgid "unable to mix ldap and ldaps URIs" msgstr "æ— æ³•æ··åˆ ldap å’Œ ldaps URI" #: plugins/sudoers/ldap.c:493 plugins/sudoers/ldap.c:525 msgid "starttls not supported when using ldaps" msgstr "使用 ldaps æ—¶ä¸æ”¯æŒ starttls" #: plugins/sudoers/ldap.c:511 msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri:构建主机缓存时空间ä¸è¶³" #: plugins/sudoers/ldap.c:592 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "无法åˆå§‹åŒ– SSL è¯ä¹¦å’Œå¯†é’¥æ•°æ®åº“:%s" #: plugins/sudoers/ldap.c:595 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "è¦ä½¿ç”¨ SSL,您必须在 %s 中设置 TLS_CERT" #: plugins/sudoers/ldap.c:1086 msgid "unable to get GMT time" msgstr "æ— æ³•èŽ·å– GMT æ—¶é—´" #: plugins/sudoers/ldap.c:1092 msgid "unable to format timestamp" msgstr "无法格å¼åŒ–时间戳" #: plugins/sudoers/ldap.c:1100 msgid "unable to build time filter" msgstr "无法构建时间过滤器" #: plugins/sudoers/ldap.c:1319 msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "sudo_ldap_build_pass1 分é…ä¸åŒ¹é…" #: plugins/sudoers/ldap.c:1424 #, c-format msgid "%s: %s: %s: %s" msgstr "%s:%s:%s:%s" #: plugins/sudoers/ldap.c:1899 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" "\n" "LDAP 角色:%s\n" #: plugins/sudoers/ldap.c:1901 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" "\n" "LDAP 角色:未知\n" #: plugins/sudoers/ldap.c:1948 #, c-format msgid " Order: %s\n" msgstr " 顺åºï¼š%s\n" #: plugins/sudoers/ldap.c:1956 plugins/sudoers/parse.c:504 #: plugins/sudoers/sssd.c:1295 #, c-format msgid " Commands:\n" msgstr " 命令:\n" #: plugins/sudoers/ldap.c:2499 #, c-format msgid "unable to initialize LDAP: %s" msgstr "无法åˆå§‹åŒ– LDAP:%s" #: plugins/sudoers/ldap.c:2541 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "指定了 start_tls,但 LDAP åº“ä¸æ”¯æŒ ldap_start_tls_s() 或 ldap_start_tls_s_np()" #: plugins/sudoers/ldap.c:2774 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "无效的 sudoOrder 属性:%s" #: plugins/sudoers/linux_audit.c:57 msgid "unable to open audit system" msgstr "无法打开审核系统" #: plugins/sudoers/linux_audit.c:93 msgid "unable to send audit message" msgstr "无法å‘é€å®¡æ ¸æ¶ˆæ¯" #: plugins/sudoers/logging.c:136 #, c-format msgid "%8s : %s" msgstr "%8s:%s" #: plugins/sudoers/logging.c:164 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s:(命令继续执行) %s" #: plugins/sudoers/logging.c:190 #, c-format msgid "unable to open log file: %s: %s" msgstr "无法打开日志文件:%s:%s" #: plugins/sudoers/logging.c:193 #, c-format msgid "unable to lock log file: %s: %s" msgstr "无法é”定日志文件:%s:%s" #: plugins/sudoers/logging.c:245 msgid "No user or host" msgstr "无用户或主机" #: plugins/sudoers/logging.c:247 msgid "validation failure" msgstr "校验失败" #: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "用户ä¸åœ¨ sudoers 中" #: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "用户未获得此主机上的授æƒ" #: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "å‘½ä»¤ç¦æ­¢ä½¿ç”¨" #: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s ä¸åœ¨ sudoers 文件中。此事将被报告。\n" #: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s æ— æƒåœ¨ %s 上è¿è¡Œ sudo。此事将被报告。\n" #: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "对ä¸èµ·ï¼Œç”¨æˆ· %s ä¸èƒ½åœ¨ %s 上è¿è¡Œ sudo。\n" #: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "对ä¸èµ·ï¼Œç”¨æˆ· %1$s æ— æƒä»¥ %5$s%6$s%7$s 的身份在 %8$s 上执行 %2$s%3$s%4$s。\n" #: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:382 #: plugins/sudoers/sudoers.c:383 plugins/sudoers/sudoers.c:385 #: plugins/sudoers/sudoers.c:386 plugins/sudoers/sudoers.c:1017 #: plugins/sudoers/sudoers.c:1018 #, c-format msgid "%s: command not found" msgstr "%s:找ä¸åˆ°å‘½ä»¤" #: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:378 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" "忽略在“.â€ä¸­æ‰¾åˆ°çš„“%sâ€\n" "请使用“sudo ./%sâ€ï¼Œå¦‚果这是您想è¿è¡Œçš„“%sâ€ã€‚" #: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "认è¯å¤±è´¥" #: plugins/sudoers/logging.c:379 msgid "a password is required" msgstr "需è¦å¯†ç " #: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:497 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u 次错误密ç å°è¯•" #: plugins/sudoers/logging.c:582 msgid "unable to fork" msgstr "无法执行 fork" #: plugins/sudoers/logging.c:589 plugins/sudoers/logging.c:645 #, c-format msgid "unable to fork: %m" msgstr "无法执行 fork:%m" #: plugins/sudoers/logging.c:635 #, c-format msgid "unable to open pipe: %m" msgstr "无法打开管é“:%m" #: plugins/sudoers/logging.c:660 #, c-format msgid "unable to dup stdin: %m" msgstr "无法 dup stdin:%m" #: plugins/sudoers/logging.c:695 #, c-format msgid "unable to execute %s: %m" msgstr "无法执行 %s:%m" #: plugins/sudoers/logging.c:914 msgid "internal error: insufficient space for log line" msgstr "内部错误:没有足够的空间存放日志行" #: plugins/sudoers/match.c:617 #, c-format msgid "unsupported digest type %d for %s" msgstr "%2$s 的摘è¦ç±»åž‹ %1$d 䏿”¯æŒ" #: plugins/sudoers/match.c:647 #, c-format msgid "%s: read error" msgstr "%s:写错误" #: plugins/sudoers/match.c:661 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "%s(%s) 的摘è¦ä¸æ˜¯ %s å½¢å¼" #: plugins/sudoers/parse.c:115 #, c-format msgid "parse error in %s near line %d" msgstr "%s 中第 %d 行附近有解æžé”™è¯¯" #: plugins/sudoers/parse.c:118 #, c-format msgid "parse error in %s" msgstr "%s 中出现解æžé”™è¯¯" #: plugins/sudoers/parse.c:451 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" "\n" "Sudoers æ¡ç›®ï¼š\n" #: plugins/sudoers/parse.c:452 #, c-format msgid " RunAsUsers: " msgstr " RunAs 用户:" #: plugins/sudoers/parse.c:466 #, c-format msgid " RunAsGroups: " msgstr " RunAs 组:" #: plugins/sudoers/parse.c:475 #, c-format msgid " Options: " msgstr " 选项:" #: plugins/sudoers/policy.c:109 plugins/sudoers/policy.c:116 #: plugins/sudoers/policy.c:123 plugins/sudoers/policy.c:145 #: plugins/sudoers/policy.c:259 plugins/sudoers/policy.c:277 #: plugins/sudoers/policy.c:284 plugins/sudoers/policy.c:312 #: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:327 #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 #, c-format msgid "%s: %s" msgstr "%s:%s" #: plugins/sudoers/policy.c:539 plugins/sudoers/visudo.c:765 #, c-format msgid "unable to execute %s" msgstr "无法执行 %s" #: plugins/sudoers/policy.c:681 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Sudoers ç­–ç•¥æ’件版本 %s\n" #: plugins/sudoers/policy.c:683 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Sudoers 文件语法版本 %d\n" #: plugins/sudoers/policy.c:687 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" "\n" "Sudoers 路径:%s\n" #: plugins/sudoers/policy.c:690 #, c-format msgid "nsswitch path: %s\n" msgstr "nsswitch 路径:%s\n" #: plugins/sudoers/policy.c:692 #, c-format msgid "ldap.conf path: %s\n" msgstr "ldap.conf 路径:%s\n" #: plugins/sudoers/policy.c:693 #, c-format msgid "ldap.secret path: %s\n" msgstr "ldap.secret 路径:%s\n" #: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "无法缓存用户 ID %u,已存在" #: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "无法缓存用户 %s,已存在" #: plugins/sudoers/pwutil.c:393 #, c-format msgid "unable to cache gid %u, already exists" msgstr "无法缓存组 ID %u,已存在" #: plugins/sudoers/pwutil.c:429 #, c-format msgid "unable to cache group %s, already exists" msgstr "无法缓存组 %s,已存在" #: plugins/sudoers/pwutil.c:592 plugins/sudoers/pwutil.c:614 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "无法缓存组列表 %s,已存在" #: plugins/sudoers/pwutil.c:612 #, c-format msgid "unable to parse groups for %s" msgstr "无法对 %s è§£æžç»„" #: plugins/sudoers/set_perms.c:124 plugins/sudoers/set_perms.c:449 #: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1149 #: plugins/sudoers/set_perms.c:1441 msgid "perm stack overflow" msgstr "æƒé™å †æ ˆä¸Šæº¢" #: plugins/sudoers/set_perms.c:132 plugins/sudoers/set_perms.c:457 #: plugins/sudoers/set_perms.c:860 plugins/sudoers/set_perms.c:1157 #: plugins/sudoers/set_perms.c:1449 msgid "perm stack underflow" msgstr "æƒé™å †æ ˆä¸‹æº¢" #: plugins/sudoers/set_perms.c:191 plugins/sudoers/set_perms.c:504 #: plugins/sudoers/set_perms.c:1208 plugins/sudoers/set_perms.c:1481 msgid "unable to change to root gid" msgstr "无法切æ¢ä¸º root 组 ID" #: plugins/sudoers/set_perms.c:280 plugins/sudoers/set_perms.c:601 #: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1285 msgid "unable to change to runas gid" msgstr "无法切æ¢ä¸º runas 组 ID" #: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:613 #: plugins/sudoers/set_perms.c:999 plugins/sudoers/set_perms.c:1295 msgid "unable to change to runas uid" msgstr "无法切æ¢ä¸º runas 用户 ID" #: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:631 #: plugins/sudoers/set_perms.c:1015 plugins/sudoers/set_perms.c:1311 msgid "unable to change to sudoers gid" msgstr "无法切æ¢ä¸º sudoers 组 ID" #: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:702 #: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1357 #: plugins/sudoers/set_perms.c:1525 msgid "too many processes" msgstr "进程过多" #: plugins/sudoers/set_perms.c:1595 msgid "unable to set runas group vector" msgstr "无法设置 runas 组å‘é‡" #: plugins/sudoers/sssd.c:252 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "无法åˆå§‹åŒ– SSS 资æºã€‚您的计算机上安装 SSSD 了å—?" #: plugins/sudoers/sssd.c:259 plugins/sudoers/sssd.c:267 #: plugins/sudoers/sssd.c:275 plugins/sudoers/sssd.c:283 #: plugins/sudoers/sssd.c:291 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "无法在 %s 中找到符å·â€œ%sâ€" #: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "åŒ¹é… %2$s 上 %1$s 的默认æ¡ç›®ï¼š\n" #: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "%s Runas 和命令特定的默认值:\n" #: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "用户 %s å¯ä»¥åœ¨ %s 上è¿è¡Œä»¥ä¸‹å‘½ä»¤ï¼š\n" #: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "用户 %s æ— æƒåœ¨ %s 上è¿è¡Œ sudo。\n" #: plugins/sudoers/sudoers.c:154 plugins/sudoers/sudoers.c:188 #: plugins/sudoers/sudoers.c:675 msgid "problem with defaults entries" msgstr "默认æ¡ç›®æœ‰é—®é¢˜" #: plugins/sudoers/sudoers.c:160 msgid "no valid sudoers sources found, quitting" msgstr "没有找到有效的 sudoers 资æºï¼Œé€€å‡º" #: plugins/sudoers/sudoers.c:222 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers 指定 root ä¸å…许执行 sudo" #: plugins/sudoers/sudoers.c:261 msgid "you are not permitted to use the -C option" msgstr "您无æƒä½¿ç”¨ -C 选项" #: plugins/sudoers/sudoers.c:314 #, c-format msgid "timestamp owner (%s): No such user" msgstr "时间戳所有者(%s):无此用户" #: plugins/sudoers/sudoers.c:328 msgid "no tty" msgstr "无终端" #: plugins/sudoers/sudoers.c:329 msgid "sorry, you must have a tty to run sudo" msgstr "æŠ±æ­‰ï¼Œæ‚¨å¿…é¡»æ‹¥æœ‰ä¸€ä¸ªç»ˆç«¯æ¥æ‰§è¡Œ sudo" #: plugins/sudoers/sudoers.c:377 msgid "command in current directory" msgstr "当å‰ç›®å½•中的命令" #: plugins/sudoers/sudoers.c:394 msgid "sorry, you are not allowed to preserve the environment" msgstr "抱歉,您无æƒä¿ç•™çŽ¯å¢ƒ" #: plugins/sudoers/sudoers.c:725 plugins/sudoers/timestamp.c:216 #: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:326 #: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:591 #, c-format msgid "unable to stat %s" msgstr "无法 stat %s" #: plugins/sudoers/sudoers.c:728 #, c-format msgid "%s is not a regular file" msgstr "%s 䏿˜¯å¸¸è§„文件" #: plugins/sudoers/sudoers.c:731 toke.l:920 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s 属于用户 ID %u,应为 %u" #: plugins/sudoers/sudoers.c:735 toke.l:927 #, c-format msgid "%s is world writable" msgstr "%s å¯è¢«ä»»ä½•人写" #: plugins/sudoers/sudoers.c:738 toke.l:932 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s 属于组 ID %u,应为 %u" #: plugins/sudoers/sudoers.c:764 #, c-format msgid "only root can use `-c %s'" msgstr "åªæœ‰ root æ‰èƒ½ä½¿ç”¨â€œ-c %sâ€" #: plugins/sudoers/sudoers.c:781 plugins/sudoers/sudoers.c:783 #, c-format msgid "unknown login class: %s" msgstr "未知的登录类别:%s" #: plugins/sudoers/sudoers.c:815 #, c-format msgid "unable to resolve host %s" msgstr "无法解æžä¸»æœºï¼š%s" #: plugins/sudoers/sudoers.c:878 plugins/sudoers/testsudoers.c:387 #, c-format msgid "unknown group: %s" msgstr "未知组:%s" #: plugins/sudoers/sudoreplay.c:272 #, c-format msgid "invalid filter option: %s" msgstr "无效的过滤器选项:%s" #: plugins/sudoers/sudoreplay.c:285 #, c-format msgid "invalid max wait: %s" msgstr "无效的最大等待:%s" #: plugins/sudoers/sudoreplay.c:291 #, c-format msgid "invalid speed factor: %s" msgstr "无法的速度系数:%s" #: plugins/sudoers/sudoreplay.c:294 plugins/sudoers/visudo.c:184 #, c-format msgid "%s version %s\n" msgstr "%s 版本 %s\n" #: plugins/sudoers/sudoreplay.c:326 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/æ—¶åºï¼š%s" #: plugins/sudoers/sudoreplay.c:332 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/æ—¶åºï¼š%s" #: plugins/sudoers/sudoreplay.c:348 #, c-format msgid "Replaying sudo session: %s\n" msgstr "回放 sudo 会è¯ï¼š%s\n" #: plugins/sudoers/sudoreplay.c:354 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "警告:您的终端尺寸太å°ï¼Œä¸èƒ½æ­£å¸¸åœ°å›žæ”¾æ—¥å¿—。\n" #: plugins/sudoers/sudoreplay.c:355 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "日志的几何尺寸为 %dx%d,您终端的几何尺寸为 %dx%d。" #: plugins/sudoers/sudoreplay.c:410 msgid "unable to set tty to raw mode" msgstr "无法将终端设为原始模å¼" #: plugins/sudoers/sudoreplay.c:441 #, c-format msgid "invalid timing file line: %s" msgstr "æ— æ•ˆçš„æ—¶åºæ–‡ä»¶è¡Œï¼š%s" #: plugins/sudoers/sudoreplay.c:647 plugins/sudoers/sudoreplay.c:672 #, c-format msgid "ambiguous expression \"%s\"" msgstr "有歧义的表达å¼â€œ%sâ€" #: plugins/sudoers/sudoreplay.c:694 msgid "unmatched ')' in expression" msgstr "表达å¼ä¸­çš„“)â€ä¸åŒ¹é…" #: plugins/sudoers/sudoreplay.c:698 #, c-format msgid "unknown search term \"%s\"" msgstr "未知的æœç´¢è¯â€œ%sâ€" #: plugins/sudoers/sudoreplay.c:712 #, c-format msgid "%s requires an argument" msgstr "%s 需è¦å‚æ•°" #: plugins/sudoers/sudoreplay.c:716 plugins/sudoers/sudoreplay.c:1085 #, c-format msgid "invalid regular expression: %s" msgstr "无效的正则表达å¼ï¼š%s" #: plugins/sudoers/sudoreplay.c:722 #, c-format msgid "could not parse date \"%s\"" msgstr "æ— æ³•è§£æžæ—¥æœŸâ€œ%sâ€" #: plugins/sudoers/sudoreplay.c:731 msgid "unmatched '(' in expression" msgstr "表达å¼ä¸­çš„“(â€ä¸åŒ¹é…" #: plugins/sudoers/sudoreplay.c:733 msgid "illegal trailing \"or\"" msgstr "éžæ³•的结尾字符“orâ€" #: plugins/sudoers/sudoreplay.c:735 msgid "illegal trailing \"!\"" msgstr "éžæ³•的结尾字符“!â€" #: plugins/sudoers/sudoreplay.c:788 #, c-format msgid "unknown search type %d" msgstr "未知的æœç´¢ç±»åž‹ %d" #: plugins/sudoers/sudoreplay.c:825 #, c-format msgid "%s: invalid log file" msgstr "%s:无效的日志文件" #: plugins/sudoers/sudoreplay.c:843 #, c-format msgid "%s: time stamp field is missing" msgstr "%s:缺少 时间戳 字段" #: plugins/sudoers/sudoreplay.c:850 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s:时间戳 %s:%s" #: plugins/sudoers/sudoreplay.c:857 #, c-format msgid "%s: user field is missing" msgstr "%s:缺少 用户 字段" #: plugins/sudoers/sudoreplay.c:865 #, c-format msgid "%s: runas user field is missing" msgstr "%s:缺少 runas 用户 字段" #: plugins/sudoers/sudoreplay.c:873 #, c-format msgid "%s: runas group field is missing" msgstr "%s:缺少 runas 组 字段" #: plugins/sudoers/sudoreplay.c:1225 #, c-format msgid "usage: %s [-h] [-d dir] [-m num] [-s num] ID\n" msgstr "用法:%s [-h] [-d 目录] [-m 数值] [-s 数值] ID\n" #: plugins/sudoers/sudoreplay.c:1228 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "用法:%s [-h] [-d 目录] -l [æœç´¢è¡¨è¾¾å¼]\n" #: plugins/sudoers/sudoreplay.c:1237 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" "%s - 回放 sudo 会è¯è®°å½•\n" "\n" #: plugins/sudoers/sudoreplay.c:1239 msgid "" "\n" "Options:\n" " -d, --directory=dir specify directory for session logs\n" " -f, --filter=filter specify which I/O type(s) to display\n" " -h, --help display help message and exit\n" " -l, --list list available session IDs, with optional expression\n" " -m, --max-wait=num max number of seconds to wait between events\n" " -s, --speed=num speed up or slow down output\n" " -V, --version display version information and exit" msgstr "" "\n" "选项:\n" " -d, --directory=目录 æŒ‡å®šä¼šè¯æ—¥å¿—目录\n" " -f, --filter=过滤器 æŒ‡å®šè¦æ˜¾ç¤ºçš„ I/O 类型\n" " -h, --help 显示帮助信æ¯å¹¶é€€å‡º\n" " -l, --list 列出å¯ç”¨ä¼šè¯ ID,å¯åŠ è¡¨è¾¾å¼é™å®š\n" " -m, --max-wait=数值 事件间等待的最大秒数\n" " -s, --speed=数值 åŠ é€Ÿæˆ–å‡æ…¢è¾“出\n" " -V, --version 显示版本信æ¯å¹¶é€€å‡º" #: plugins/sudoers/testsudoers.c:326 msgid "\thost unmatched" msgstr "\t主机ä¸åŒ¹é…" #: plugins/sudoers/testsudoers.c:329 msgid "" "\n" "Command allowed" msgstr "" "\n" "命令å…许" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command denied" msgstr "" "\n" "命令被拒" #: plugins/sudoers/testsudoers.c:330 msgid "" "\n" "Command unmatched" msgstr "" "\n" "命令ä¸åŒ¹é…" #: plugins/sudoers/timestamp.c:133 #, c-format msgid "timestamp path too long: %s" msgstr "时间戳路径过长:%s" #: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 #: plugins/sudoers/timestamp.c:290 #, c-format msgid "%s owned by uid %u, should be uid %u" msgstr "%s 属于用户 ID %u,应为用户 ID %u" #: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0700" msgstr "%s å¯¹éžæ‰€æœ‰è€…å¯å†™(0%o),模å¼åº”该为 0700" #: plugins/sudoers/timestamp.c:284 #, c-format msgid "%s exists but is not a regular file (0%o)" msgstr "%s å­˜åœ¨ï¼Œä½†ä¸æ˜¯å¸¸è§„文件(0%o)" #: plugins/sudoers/timestamp.c:296 #, c-format msgid "%s writable by non-owner (0%o), should be mode 0600" msgstr "%s å¯¹éžæ‰€æœ‰è€…å¯å†™(0%o),模å¼åº”该为 0600" #: plugins/sudoers/timestamp.c:351 #, c-format msgid "timestamp too far in the future: %20.20s" msgstr "时间戳太超å‰ï¼š%20.20s" #: plugins/sudoers/timestamp.c:405 #, c-format msgid "unable to remove %s, will reset to the Unix epoch" msgstr "无法移除 %s ,将é‡è®¾ä¸º Unix 戳记" #: plugins/sudoers/timestamp.c:413 #, c-format msgid "unable to reset %s to the Unix epoch" msgstr "无法将 %s é‡è®¾ä¸º Unix 戳记" #: plugins/sudoers/toke_util.c:176 msgid "fill_args: buffer overflow" msgstr "fill_args:缓存溢出" #: plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" msgstr "%s 语法版本 %d\n" #: plugins/sudoers/visudo.c:257 plugins/sudoers/visudo.c:544 #, c-format msgid "press return to edit %s: " msgstr "按回车键编辑 %s:" #: plugins/sudoers/visudo.c:342 plugins/sudoers/visudo.c:348 msgid "write error" msgstr "写错误" #: plugins/sudoers/visudo.c:430 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "无法 stat 临时文件(%s),%s 未更改" #: plugins/sudoers/visudo.c:435 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "零长度的临时文件(%s),%s 未更改" #: plugins/sudoers/visudo.c:441 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "编辑器(%s)失败,%s 未更改" #: plugins/sudoers/visudo.c:464 #, c-format msgid "%s unchanged" msgstr "%s 未更改" #: plugins/sudoers/visudo.c:489 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "æ— æ³•é‡æ–°æ‰“开临时文件(%s),%s 未更改" #: plugins/sudoers/visudo.c:499 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "无法解æžä¸´æ—¶æ–‡ä»¶(%s),未知错误" #: plugins/sudoers/visudo.c:535 #, c-format msgid "internal error, unable to find %s in list!" msgstr "内部错误,在列表中找ä¸åˆ° %sï¼" #: plugins/sudoers/visudo.c:593 plugins/sudoers/visudo.c:602 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "无法将 %s çš„ (uid, gid) 设为 (%u, %u)" #: plugins/sudoers/visudo.c:597 plugins/sudoers/visudo.c:607 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "无法将 %s çš„æ¨¡å¼æ›´æ”¹ä¸º 0%o" #: plugins/sudoers/visudo.c:624 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s å’Œ %s ä¸åœ¨åŒä¸€ä¸ªæ–‡ä»¶ç³»ç»Ÿï¼Œä½¿ç”¨ mv 进行é‡å‘½å" #: plugins/sudoers/visudo.c:638 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "命令失败:“%s %s %sâ€ï¼Œ%s 未更改" #: plugins/sudoers/visudo.c:648 #, c-format msgid "error renaming %s, %s unchanged" msgstr "é‡å‘½å %s 出错,%s 未更改" #: plugins/sudoers/visudo.c:710 msgid "What now? " msgstr "现在åšä»€ä¹ˆï¼Ÿ" #: plugins/sudoers/visudo.c:724 msgid "" "Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" "选项有:\n" " 釿–°ç¼–辑 sudoers 文件(e)\n" " 退出,ä¸ä¿å­˜å¯¹ sudoers 文件的更改(x)\n" " 退出并将更改ä¿å­˜åˆ° sudoers 文件(å±é™©ï¼)(Q)\n" #: plugins/sudoers/visudo.c:772 #, c-format msgid "unable to run %s" msgstr "无法è¿è¡Œ %s" #: plugins/sudoers/visudo.c:798 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s:错误的所有者(uid, gid),应为 (%u, %u)\n" #: plugins/sudoers/visudo.c:805 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s:æƒé™ä¸æ­£ç¡®ï¼Œæ¨¡å¼åº”该是 0%o\n" #: plugins/sudoers/visudo.c:830 plugins/sudoers/visudo_json.c:1009 #, c-format msgid "failed to parse %s file, unknown error" msgstr "è§£æž %s 文件失败,未知错误" #: plugins/sudoers/visudo.c:846 plugins/sudoers/visudo_json.c:1018 #, c-format msgid "parse error in %s near line %d\n" msgstr "%s 中第 %d 行附近出现解æžé”™è¯¯\n" #: plugins/sudoers/visudo.c:849 plugins/sudoers/visudo_json.c:1021 #, c-format msgid "parse error in %s\n" msgstr "%s 中出现解æžé”™è¯¯\n" #: plugins/sudoers/visudo.c:857 plugins/sudoers/visudo.c:864 #, c-format msgid "%s: parsed OK\n" msgstr "%sï¼šè§£æžæ­£ç¡®\n" #: plugins/sudoers/visudo.c:910 #, c-format msgid "%s busy, try again later" msgstr "%s 忙,请ç¨åŽé‡è¯•" #: plugins/sudoers/visudo.c:954 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "指定的编辑器(%s)ä¸å­˜åœ¨" #: plugins/sudoers/visudo.c:977 #, c-format msgid "unable to stat editor (%s)" msgstr "无法 stat 编辑器(%s)" #: plugins/sudoers/visudo.c:1025 #, c-format msgid "no editor found (editor path = %s)" msgstr "未找到编辑器(编辑器路径 = %s)" #: plugins/sudoers/visudo.c:1118 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "错误:在 %s_Alias “%sâ€ä¸­å¾ªçޝ" #: plugins/sudoers/visudo.c:1119 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "警告:在 %s_Alias “%sâ€ä¸­å¾ªçޝ" #: plugins/sudoers/visudo.c:1125 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "错误:引用了 %s_Alias “%sâ€ä½†å°šæœªå®šä¹‰" #: plugins/sudoers/visudo.c:1126 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "警告:引用了 %s_Alias “%sâ€ä½†å°šæœªå®šä¹‰" #: plugins/sudoers/visudo.c:1268 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s:未使用的 %s_Alias %s" #: plugins/sudoers/visudo.c:1330 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" "%s - 安全地编辑 sudoers 文件\n" "\n" #: plugins/sudoers/visudo.c:1332 msgid "" "\n" "Options:\n" " -c, --check check-only mode\n" " -f, --file=file specify sudoers file location\n" " -h, --help display help message and exit\n" " -q, --quiet less verbose (quiet) syntax error messages\n" " -s, --strict strict syntax checking\n" " -V, --version display version information and exit\n" " -x, --export=file export sudoers in JSON format" msgstr "" "\n" "选项:\n" " -c, --check 纯检查模å¼\n" " -f, --file=文件 指定 sudoers 文件的ä½ç½®\n" " -h, --help 显示帮助信æ¯å¹¶é€€å‡º\n" " -q, --quiet 较简略(安é™)的语法错误信æ¯\n" " -s, --strict 严格语法检查\n" " -V, --version 显示版本信æ¯å¹¶é€€å‡º\n" " -x, --export=文件 以 JSON æ ¼å¼å¯¼å‡º sudoers" #: toke.l:892 msgid "too many levels of includes" msgstr "include 嵌套层数过多" #~ msgid "invalid value" #~ msgstr "值无效" #~ msgid "value out of range" #~ msgstr "值超出范围" #~ msgid "invalid uri: %s" #~ msgstr "无效的 URI:%s" #~ msgid "unable to mix ldaps and starttls" #~ msgstr "æ— æ³•æ··åˆ ldaps å’Œ starttls" #~ msgid "writing to standard output" #~ msgstr "写入标准输出" #~ msgid "too many parenthesized expressions, max %d" #~ msgstr "括å·è¡¨è¾¾å¼è¿‡å¤šï¼Œæœ€å¤š %d" #~ msgid "unable to setup authentication" #~ msgstr "无法设置认è¯" #~ msgid "getaudit: failed" #~ msgstr "getaudit:失败" #~ msgid "getauid: failed" #~ msgstr "getauid:失败" #~ msgid "au_open: failed" #~ msgstr "au_open:失败" #~ msgid "au_to_subject: failed" #~ msgstr "au_to_subject:失败" #~ msgid "au_to_exec_args: failed" #~ msgstr "au_to_exec_args:失败" #~ msgid "au_to_return32: failed" #~ msgstr "au_to_return32:失败" #~ msgid "au_to_text: failed" #~ msgstr "au_to_text:失败" #~ msgid "nanosleep: tv_sec %ld, tv_nsec %ld" #~ msgstr "nanosleep:tv_sec %ld,tv_nsec %ld" #~ msgid "pam_chauthtok: %s" #~ msgstr "pam_chauthtok:%s" #~ msgid "pam_authenticate: %s" #~ msgstr "pam_authenticate:%s" #~ msgid "Password: " #~ msgstr "密ç ï¼š" #~ msgid "getauid failed" #~ msgstr "getauid 失败" #~ msgid "Unable to dlopen %s: %s" #~ msgstr "无法执行 dlopen %s:%s" #~ msgid "invalid regex: %s" #~ msgstr "无效的正则表达å¼ï¼š%s" #~ msgid ">>> %s: %s near line %d <<<" #~ msgstr ">>> %s:%s 在行 %d 附近<<<" #~ msgid "unable to allocate memory" #~ msgstr "无法分é…内存" #~ msgid "unable to set locale to \"%s\", using \"C\"" #~ msgstr "无法将区域设置为“%sâ€ï¼Œå°†ä½¿ç”¨â€œCâ€" #~ msgid "" #~ " Commands:\n" #~ "\t" #~ msgstr "" #~ " 命令:\n" #~ "\t" #~ msgid ": " #~ msgstr ":" #~ msgid "unable to cache uid %u (%s), already exists" #~ msgstr "无法缓存用户 ID %u(%s),已存在" #~ msgid "unable to cache gid %u (%s), already exists" #~ msgstr "无法缓存组 ID %u(%s),已存在" #~ msgid "unable to execute %s: %s" #~ msgstr "无法执行 %s:%s" #~ msgid "internal error, expand_prompt() overflow" #~ msgstr "内部错误,expand_prompt() 溢出" #~ msgid "internal error, sudo_setenv2() overflow" #~ msgstr "内部错误,sudo_setenv2() 溢出" #~ msgid "internal error, sudo_setenv() overflow" #~ msgstr "内部错误,sudo_setenv()溢出" #~ msgid "internal error, linux_audit_command() overflow" #~ msgstr "内部错误,linux_audit_command() 溢出" #~ msgid "internal error, runas_groups overflow" #~ msgstr "内部错误,runas_groups 溢出" #~ msgid "internal error, init_vars() overflow" #~ msgstr "内部错误,init_vars() 溢出" #, fuzzy #~ msgid "fixed mode on %s" #~ msgstr "对 %s 修正了模å¼" #~ msgid "set group on %s" #~ msgstr "对 %s 设置组" #~ msgid "unable to fix mode on %s" #~ msgstr "无法对 %s 修正模å¼" #~ msgid "%s is mode 0%o, should be 0%o" #~ msgstr "%s 的模å¼ä¸º 0%o,应为 0%o" #~ msgid "File containing dummy exec functions: %s" #~ msgstr "嫿œ‰å“‘ exec 函数的文件:%s" #~ msgid "" #~ "Available options in a sudoers ``Defaults'' line:\n" #~ "\n" #~ msgstr "" #~ "sudoers 中“Defaultsâ€è¡Œä¸­çš„å¯ç”¨é€‰é¡¹ï¼š\n" #~ "\n" #~ msgid "%s: %.*s\n" #~ msgstr "%s:%.*s\n" #~ msgid "unable to get runas group vector" #~ msgstr "æ— æ³•èŽ·å– runas 组å‘é‡" #~ msgid "unable to reset group vector" #~ msgstr "无法é‡è®¾ç»„å‘é‡" #~ msgid "unable to get group vector" #~ msgstr "无法获å–组å‘é‡" #~ msgid "%s: %s_Alias `%s' references self" #~ msgstr "%s:%s_Alias “%sâ€å¼•用了自己" sudo-1.8.9p5/plugins/sudoers/policy.c010064400175440000012000000527561226304126300171720ustar00millertstaff/* * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include "sudoers.h" #include "sudoers_version.h" #include "interfaces.h" /* * Info passed in from the sudo front-end. */ struct sudoers_policy_open_info { char * const *settings; char * const *user_info; char * const *plugin_args; }; /* * Command execution args to be filled in: argv, envp and command info. */ struct sudoers_exec_args { char ***argv; char ***envp; char ***info; }; static int sudo_version; static const char *interfaces_string; sudo_conv_t sudo_conv; const char *path_ldap_conf = _PATH_LDAP_CONF; const char *path_ldap_secret = _PATH_LDAP_SECRET; extern __dso_public struct policy_plugin sudoers_policy; #ifdef HAVE_BSD_AUTH_H extern char *login_style; #endif /* HAVE_BSD_AUTH_H */ /* * Deserialize args, settings and user_info arrays. * Fills in struct sudo_user and other common sudoers state. */ int sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group) { struct sudoers_policy_open_info *info = v; char * const *cur; const char *p, *errstr, *groups = NULL; const char *debug_flags = NULL; const char *remhost = NULL; int flags = 0; debug_decl(sudoers_policy_deserialize_info, SUDO_DEBUG_PLUGIN) #define MATCHES(s, v) (strncmp(s, v, sizeof(v) - 1) == 0) /* Parse sudo.conf plugin args. */ if (info->plugin_args != NULL) { for (cur = info->plugin_args; *cur != NULL; cur++) { if (MATCHES(*cur, "sudoers_file=")) { sudoers_file = *cur + sizeof("sudoers_file=") - 1; continue; } if (MATCHES(*cur, "sudoers_uid=")) { p = *cur + sizeof("sudoers_uid=") - 1; sudoers_uid = (uid_t) atoid(p, NULL, NULL, &errstr); if (errstr != NULL) fatalx(U_("%s: %s"), *cur, U_(errstr)); continue; } if (MATCHES(*cur, "sudoers_gid=")) { p = *cur + sizeof("sudoers_gid=") - 1; sudoers_gid = (gid_t) atoid(p, NULL, NULL, &errstr); if (errstr != NULL) fatalx(U_("%s: %s"), *cur, U_(errstr)); continue; } if (MATCHES(*cur, "sudoers_mode=")) { p = *cur + sizeof("sudoers_mode=") - 1; sudoers_mode = atomode(p, &errstr); if (errstr != NULL) fatalx(U_("%s: %s"), *cur, U_(errstr)); continue; } if (MATCHES(*cur, "ldap_conf=")) { path_ldap_conf = *cur + sizeof("ldap_conf=") - 1; continue; } if (MATCHES(*cur, "ldap_secret=")) { path_ldap_secret = *cur + sizeof("ldap_secret=") - 1; continue; } } } /* Parse command line settings. */ user_closefrom = -1; for (cur = info->settings; *cur != NULL; cur++) { if (MATCHES(*cur, "closefrom=")) { errno = 0; p = *cur + sizeof("closefrom=") - 1; user_closefrom = strtonum(p, 4, INT_MAX, &errstr); if (user_closefrom == 0) fatalx(U_("%s: %s"), *cur, U_(errstr)); continue; } if (MATCHES(*cur, "debug_flags=")) { debug_flags = *cur + sizeof("debug_flags=") - 1; continue; } if (MATCHES(*cur, "runas_user=")) { *runas_user = *cur + sizeof("runas_user=") - 1; sudo_user.flags |= RUNAS_USER_SPECIFIED; continue; } if (MATCHES(*cur, "runas_group=")) { *runas_group = *cur + sizeof("runas_group=") - 1; sudo_user.flags |= RUNAS_GROUP_SPECIFIED; continue; } if (MATCHES(*cur, "prompt=")) { user_prompt = *cur + sizeof("prompt=") - 1; def_passprompt_override = true; continue; } if (MATCHES(*cur, "set_home=")) { if (atobool(*cur + sizeof("set_home=") - 1) == true) SET(flags, MODE_RESET_HOME); continue; } if (MATCHES(*cur, "preserve_environment=")) { if (atobool(*cur + sizeof("preserve_environment=") - 1) == true) SET(flags, MODE_PRESERVE_ENV); continue; } if (MATCHES(*cur, "run_shell=")) { if (atobool(*cur + sizeof("run_shell=") - 1) == true) SET(flags, MODE_SHELL); continue; } if (MATCHES(*cur, "login_shell=")) { if (atobool(*cur + sizeof("login_shell=") - 1) == true) { SET(flags, MODE_LOGIN_SHELL); def_env_reset = true; } continue; } if (MATCHES(*cur, "implied_shell=")) { if (atobool(*cur + sizeof("implied_shell=") - 1) == true) SET(flags, MODE_IMPLIED_SHELL); continue; } if (MATCHES(*cur, "preserve_groups=")) { if (atobool(*cur + sizeof("preserve_groups=") - 1) == true) SET(flags, MODE_PRESERVE_GROUPS); continue; } if (MATCHES(*cur, "ignore_ticket=")) { if (atobool(*cur + sizeof("ignore_ticket=") - 1) == true) SET(flags, MODE_IGNORE_TICKET); continue; } if (MATCHES(*cur, "noninteractive=")) { if (atobool(*cur + sizeof("noninteractive=") - 1) == true) SET(flags, MODE_NONINTERACTIVE); continue; } if (MATCHES(*cur, "sudoedit=")) { if (atobool(*cur + sizeof("sudoedit=") - 1) == true) SET(flags, MODE_EDIT); continue; } if (MATCHES(*cur, "login_class=")) { login_class = *cur + sizeof("login_class=") - 1; def_use_loginclass = true; continue; } #ifdef HAVE_PRIV_SET if (MATCHES(*cur, "runas_privs=")) { def_privs = *cur + sizeof("runas_privs=") - 1; continue; } if (MATCHES(*cur, "runas_limitprivs=")) { def_limitprivs = *cur + sizeof("runas_limitprivs=") - 1; continue; } #endif /* HAVE_PRIV_SET */ #ifdef HAVE_SELINUX if (MATCHES(*cur, "selinux_role=")) { user_role = *cur + sizeof("selinux_role=") - 1; continue; } if (MATCHES(*cur, "selinux_type=")) { user_type = *cur + sizeof("selinux_type=") - 1; continue; } #endif /* HAVE_SELINUX */ #ifdef HAVE_BSD_AUTH_H if (MATCHES(*cur, "bsdauth_type=")) { login_style = *cur + sizeof("bsdauth_type=") - 1; continue; } #endif /* HAVE_BSD_AUTH_H */ if (MATCHES(*cur, "progname=")) { initprogname(*cur + sizeof("progname=") - 1); continue; } if (MATCHES(*cur, "network_addrs=")) { interfaces_string = *cur + sizeof("network_addrs=") - 1; set_interfaces(interfaces_string); continue; } if (MATCHES(*cur, "max_groups=")) { errno = 0; p = *cur + sizeof("max_groups=") - 1; sudo_user.max_groups = strtonum(p, 1, INT_MAX, &errstr); if (sudo_user.max_groups == 0) fatalx(U_("%s: %s"), *cur, U_(errstr)); continue; } if (MATCHES(*cur, "remote_host=")) { remhost = *cur + sizeof("remote_host=") - 1; continue; } } for (cur = info->user_info; *cur != NULL; cur++) { if (MATCHES(*cur, "user=")) { user_name = estrdup(*cur + sizeof("user=") - 1); continue; } if (MATCHES(*cur, "uid=")) { p = *cur + sizeof("uid=") - 1; user_uid = (uid_t) atoid(p, NULL, NULL, &errstr); if (errstr != NULL) fatalx(U_("%s: %s"), *cur, U_(errstr)); continue; } if (MATCHES(*cur, "gid=")) { p = *cur + sizeof("gid=") - 1; user_gid = (gid_t) atoid(p, NULL, NULL, &errstr); if (errstr != NULL) fatalx(U_("%s: %s"), *cur, U_(errstr)); continue; } if (MATCHES(*cur, "groups=")) { groups = *cur + sizeof("groups=") - 1; continue; } if (MATCHES(*cur, "cwd=")) { user_cwd = estrdup(*cur + sizeof("cwd=") - 1); continue; } if (MATCHES(*cur, "tty=")) { user_tty = user_ttypath = estrdup(*cur + sizeof("tty=") - 1); if (strncmp(user_tty, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) user_tty += sizeof(_PATH_DEV) - 1; continue; } if (MATCHES(*cur, "host=")) { user_host = user_shost = estrdup(*cur + sizeof("host=") - 1); if ((p = strchr(user_host, '.'))) user_shost = estrndup(user_host, (size_t)(p - user_host)); continue; } if (MATCHES(*cur, "lines=")) { errno = 0; p = *cur + sizeof("lines=") - 1; sudo_user.lines = strtonum(p, 1, INT_MAX, &errstr); if (sudo_user.lines == 0) fatalx(U_("%s: %s"), *cur, U_(errstr)); continue; } if (MATCHES(*cur, "cols=")) { errno = 0; p = *cur + sizeof("cols=") - 1; sudo_user.cols = strtonum(p, 1, INT_MAX, &errstr); if (sudo_user.lines == 0) fatalx(U_("%s: %s"), *cur, U_(errstr)); continue; } if (MATCHES(*cur, "sid=")) { p = *cur + sizeof("sid=") - 1; sudo_user.sid = (pid_t) atoid(p, NULL, NULL, &errstr); if (errstr != NULL) fatalx(U_("%s: %s"), *cur, U_(errstr)); continue; } } user_runhost = user_srunhost = estrdup(remhost ? remhost : user_host); if ((p = strchr(user_runhost, '.'))) user_srunhost = estrndup(user_runhost, (size_t)(p - user_runhost)); if (user_cwd == NULL) user_cwd = estrdup("unknown"); if (user_tty == NULL) user_tty = estrdup("unknown"); /* user_ttypath remains NULL */ if (groups != NULL && groups[0] != '\0') { /* parse_gid_list() will call fatalx() on error. */ user_ngids = parse_gid_list(groups, &user_gid, &user_gids); } /* Stash initial umask for later use. */ user_umask = umask(SUDO_UMASK); umask(user_umask); /* Setup debugging if indicated. */ if (debug_flags != NULL) { sudo_debug_init(NULL, debug_flags); for (cur = info->settings; *cur != NULL; cur++) sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s", *cur); for (cur = info->user_info; *cur != NULL; cur++) sudo_debug_printf(SUDO_DEBUG_INFO, "user_info: %s", *cur); } #undef MATCHES debug_return_int(flags); } /* * Setup the execution environment. * Builds up the command_info list and sets argv and envp. * Returns 1 on success and -1 on error. */ int sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, char *iolog_path, void *v) { struct sudoers_exec_args *exec_args = v; char **command_info; int info_len = 0; debug_decl(sudoers_policy_exec_setup, SUDO_DEBUG_PLUGIN) /* Increase the length of command_info as needed, it is *not* checked. */ command_info = ecalloc(32, sizeof(char **)); command_info[info_len++] = fmt_string("command", safe_cmnd); if (def_log_input || def_log_output) { if (iolog_path) command_info[info_len++] = iolog_path; if (def_log_input) { command_info[info_len++] = estrdup("iolog_stdin=true"); command_info[info_len++] = estrdup("iolog_ttyin=true"); } if (def_log_output) { command_info[info_len++] = estrdup("iolog_stdout=true"); command_info[info_len++] = estrdup("iolog_stderr=true"); command_info[info_len++] = estrdup("iolog_ttyout=true"); } if (def_compress_io) { command_info[info_len++] = estrdup("iolog_compress=true"); } if (def_maxseq) { easprintf(&command_info[info_len++], "maxseq=%u", def_maxseq); } } if (ISSET(sudo_mode, MODE_EDIT)) command_info[info_len++] = estrdup("sudoedit=true"); if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) { /* Set cwd to run user's homedir. */ command_info[info_len++] = fmt_string("cwd", runas_pw->pw_dir); } if (def_stay_setuid) { easprintf(&command_info[info_len++], "runas_uid=%u", (unsigned int)user_uid); easprintf(&command_info[info_len++], "runas_gid=%u", (unsigned int)user_gid); easprintf(&command_info[info_len++], "runas_euid=%u", (unsigned int)runas_pw->pw_uid); easprintf(&command_info[info_len++], "runas_egid=%u", runas_gr ? (unsigned int)runas_gr->gr_gid : (unsigned int)runas_pw->pw_gid); } else { easprintf(&command_info[info_len++], "runas_uid=%u", (unsigned int)runas_pw->pw_uid); easprintf(&command_info[info_len++], "runas_gid=%u", runas_gr ? (unsigned int)runas_gr->gr_gid : (unsigned int)runas_pw->pw_gid); } if (def_preserve_groups) { command_info[info_len++] = "preserve_groups=true"; } else { int i, len; gid_t egid; size_t glsize; char *cp, *gid_list; struct group_list *grlist = sudo_get_grlist(runas_pw); /* We reserve an extra spot in the list for the effective gid. */ glsize = sizeof("runas_groups=") - 1 + ((grlist->ngids + 1) * (MAX_UID_T_LEN + 1)); gid_list = emalloc(glsize); memcpy(gid_list, "runas_groups=", sizeof("runas_groups=") - 1); cp = gid_list + sizeof("runas_groups=") - 1; /* On BSD systems the effective gid is the first group in the list. */ egid = runas_gr ? (unsigned int)runas_gr->gr_gid : (unsigned int)runas_pw->pw_gid; len = snprintf(cp, glsize - (cp - gid_list), "%u", egid); if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) fatalx(U_("internal error, %s overflow"), "runas_groups"); cp += len; for (i = 0; i < grlist->ngids; i++) { if (grlist->gids[i] != egid) { len = snprintf(cp, glsize - (cp - gid_list), ",%u", (unsigned int) grlist->gids[i]); if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) fatalx(U_("internal error, %s overflow"), "runas_groups"); cp += len; } } command_info[info_len++] = gid_list; sudo_grlist_delref(grlist); } if (def_closefrom >= 0) easprintf(&command_info[info_len++], "closefrom=%d", def_closefrom); if (def_noexec) command_info[info_len++] = estrdup("noexec=true"); if (def_exec_background) command_info[info_len++] = estrdup("exec_background=true"); if (def_set_utmp) command_info[info_len++] = estrdup("set_utmp=true"); if (def_use_pty) command_info[info_len++] = estrdup("use_pty=true"); if (def_utmp_runas) command_info[info_len++] = fmt_string("utmp_user", runas_pw->pw_name); if (cmnd_umask != 0777) easprintf(&command_info[info_len++], "umask=0%o", (unsigned int)cmnd_umask); #ifdef HAVE_LOGIN_CAP_H if (def_use_loginclass) command_info[info_len++] = fmt_string("login_class", login_class); #endif /* HAVE_LOGIN_CAP_H */ #ifdef HAVE_SELINUX if (user_role != NULL) command_info[info_len++] = fmt_string("selinux_role", user_role); if (user_type != NULL) command_info[info_len++] = fmt_string("selinux_type", user_type); #endif /* HAVE_SELINUX */ #ifdef HAVE_PRIV_SET if (runas_privs != NULL) command_info[info_len++] = fmt_string("runas_privs", runas_privs); if (runas_limitprivs != NULL) command_info[info_len++] = fmt_string("runas_limitprivs", runas_limitprivs); #endif /* HAVE_SELINUX */ /* Fill in exec environment info */ *(exec_args->argv) = argv; *(exec_args->envp) = envp; *(exec_args->info) = command_info; debug_return_bool(true); } static int sudoers_policy_open(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], char * const user_info[], char * const envp[], char * const args[]) { struct sudoers_policy_open_info info; debug_decl(sudoers_policy_open, SUDO_DEBUG_PLUGIN) sudo_version = version; sudo_conv = conversation; sudo_printf = plugin_printf; /* Plugin args are only specified for API version 1.2 and higher. */ if (sudo_version < SUDO_API_MKVERSION(1, 2)) args = NULL; if (fatal_setjmp() != 0) { /* called via fatal(), fatalx() or log_fatal() */ rewind_perms(); fatal_disable_setjmp(); debug_return_bool(-1); } /* Call the sudoers init function. */ info.settings = settings; info.user_info = user_info; info.plugin_args = args; debug_return_bool(sudoers_policy_init(&info, envp)); } static void sudoers_policy_close(int exit_status, int error_code) { debug_decl(sudoers_policy_close, SUDO_DEBUG_PLUGIN) if (fatal_setjmp() != 0) { /* called via fatal(), fatalx() or log_fatal() */ fatal_disable_setjmp(); debug_return; } /* We do not currently log the exit status. */ if (error_code) { errno = error_code; warning(U_("unable to execute %s"), safe_cmnd); } /* Close the session we opened in sudoers_policy_init_session(). */ if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT)) (void)sudo_auth_end_session(runas_pw); /* Free remaining references to password and group entries. */ /* XXX - move cleanup to function in sudoers.c */ sudo_pw_delref(sudo_user.pw); sudo_user.pw = NULL; sudo_pw_delref(runas_pw); runas_pw = NULL; if (runas_gr != NULL) { sudo_gr_delref(runas_gr); runas_gr = NULL; } if (user_group_list != NULL) { sudo_grlist_delref(user_group_list); user_group_list = NULL; } efree(user_gids); user_gids = NULL; debug_return; } /* * The init_session function is called before executing the command * and before uid/gid changes occur. * Returns 1 on success, 0 on failure and -1 on error. */ static int sudoers_policy_init_session(struct passwd *pwd, char **user_env[]) { debug_decl(sudoers_policy_init_session, SUDO_DEBUG_PLUGIN) /* user_env is only specified for API version 1.2 and higher. */ if (sudo_version < SUDO_API_MKVERSION(1, 2)) user_env = NULL; if (fatal_setjmp() != 0) { /* called via fatal(), fatalx() or log_fatal() */ fatal_disable_setjmp(); debug_return_bool(-1); } debug_return_bool(sudo_auth_begin_session(pwd, user_env)); } static int sudoers_policy_check(int argc, char * const argv[], char *env_add[], char **command_infop[], char **argv_out[], char **user_env_out[]) { struct sudoers_exec_args exec_args; int rval; debug_decl(sudoers_policy_check, SUDO_DEBUG_PLUGIN) if (!ISSET(sudo_mode, MODE_EDIT)) SET(sudo_mode, MODE_RUN); exec_args.argv = argv_out; exec_args.envp = user_env_out; exec_args.info = command_infop; rval = sudoers_policy_main(argc, argv, 0, env_add, &exec_args); if (rval == true && sudo_version >= SUDO_API_MKVERSION(1, 3)) { /* Unset close function if we don't need it to avoid extra process. */ if (!def_log_input && !def_log_output && !def_use_pty && !sudo_auth_needs_end_session()) sudoers_policy.close = NULL; } debug_return_bool(rval); } static int sudoers_policy_validate(void) { debug_decl(sudoers_policy_validate, SUDO_DEBUG_PLUGIN) user_cmnd = "validate"; SET(sudo_mode, MODE_VALIDATE); debug_return_bool(sudoers_policy_main(0, NULL, I_VERIFYPW, NULL, NULL)); } static void sudoers_policy_invalidate(int remove) { debug_decl(sudoers_policy_invalidate, SUDO_DEBUG_PLUGIN) user_cmnd = "kill"; if (fatal_setjmp() == 0) { remove_timestamp(remove); sudoers_cleanup(); } fatal_disable_setjmp(); debug_return; } static int sudoers_policy_list(int argc, char * const argv[], int verbose, const char *list_user) { int rval; debug_decl(sudoers_policy_list, SUDO_DEBUG_PLUGIN) user_cmnd = "list"; if (argc) SET(sudo_mode, MODE_CHECK); else SET(sudo_mode, MODE_LIST); if (verbose) long_list = 1; if (list_user) { list_pw = sudo_getpwnam(list_user); if (list_pw == NULL) { warningx(U_("unknown user: %s"), list_user); debug_return_bool(-1); } } rval = sudoers_policy_main(argc, argv, I_LISTPW, NULL, NULL); if (list_user) { sudo_pw_delref(list_pw); list_pw = NULL; } debug_return_bool(rval); } static int sudoers_policy_version(int verbose) { debug_decl(sudoers_policy_version, SUDO_DEBUG_PLUGIN) if (fatal_setjmp() != 0) { /* error recovery via fatal(), fatalx() or log_fatal() */ fatal_disable_setjmp(); debug_return_bool(-1); } sudo_printf(SUDO_CONV_INFO_MSG, _("Sudoers policy plugin version %s\n"), PACKAGE_VERSION); sudo_printf(SUDO_CONV_INFO_MSG, _("Sudoers file grammar version %d\n"), SUDOERS_GRAMMAR_VERSION); if (verbose) { sudo_printf(SUDO_CONV_INFO_MSG, _("\nSudoers path: %s\n"), sudoers_file); #ifdef HAVE_LDAP # ifdef _PATH_NSSWITCH_CONF sudo_printf(SUDO_CONV_INFO_MSG, _("nsswitch path: %s\n"), _PATH_NSSWITCH_CONF); # endif sudo_printf(SUDO_CONV_INFO_MSG, _("ldap.conf path: %s\n"), path_ldap_conf); sudo_printf(SUDO_CONV_INFO_MSG, _("ldap.secret path: %s\n"), path_ldap_secret); #endif dump_auth_methods(); dump_defaults(); sudo_printf(SUDO_CONV_INFO_MSG, "\n"); if (interfaces_string != NULL) { dump_interfaces(interfaces_string); sudo_printf(SUDO_CONV_INFO_MSG, "\n"); } } debug_return_bool(true); } static void sudoers_policy_register_hooks(int version, int (*register_hook)(struct sudo_hook *hook)) { struct sudo_hook hook; memset(&hook, 0, sizeof(hook)); hook.hook_version = SUDO_HOOK_VERSION; hook.hook_type = SUDO_HOOK_SETENV; hook.hook_fn = sudoers_hook_setenv; register_hook(&hook); hook.hook_type = SUDO_HOOK_UNSETENV; hook.hook_fn = sudoers_hook_unsetenv; register_hook(&hook); hook.hook_type = SUDO_HOOK_GETENV; hook.hook_fn = sudoers_hook_getenv; register_hook(&hook); hook.hook_type = SUDO_HOOK_PUTENV; hook.hook_fn = sudoers_hook_putenv; register_hook(&hook); } __dso_public struct policy_plugin sudoers_policy = { SUDO_POLICY_PLUGIN, SUDO_API_VERSION, sudoers_policy_open, sudoers_policy_close, sudoers_policy_version, sudoers_policy_check, sudoers_policy_list, sudoers_policy_validate, sudoers_policy_invalidate, sudoers_policy_init_session, sudoers_policy_register_hooks }; sudo-1.8.9p5/plugins/sudoers/prompt.c010064400175440000012000000100551226304126300171760ustar00millertstaff/* * Copyright (c) 1993-1996,1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include #include #include "sudoers.h" /* * Expand %h and %u escapes in the prompt and pass back the dynamically * allocated result. Returns the same string if there are no escapes. */ char * expand_prompt(const char *old_prompt, const char *user, const char *host) { size_t len, n; int subst; const char *p; char *np, *new_prompt, *endp; debug_decl(expand_prompt, SUDO_DEBUG_AUTH) /* How much space do we need to malloc for the prompt? */ subst = 0; for (p = old_prompt, len = strlen(old_prompt); *p; p++) { if (p[0] =='%') { switch (p[1]) { case 'h': p++; len += strlen(user_shost) - 2; subst = 1; break; case 'H': p++; len += strlen(user_host) - 2; subst = 1; break; case 'p': p++; if (def_rootpw) len += 2; else if (def_targetpw || def_runaspw) len += strlen(runas_pw->pw_name) - 2; else len += strlen(user_name) - 2; subst = 1; break; case 'u': p++; len += strlen(user_name) - 2; subst = 1; break; case 'U': p++; len += strlen(runas_pw->pw_name) - 2; subst = 1; break; case '%': p++; len--; subst = 1; break; default: break; } } } if (subst) { new_prompt = emalloc(++len); endp = new_prompt + len; for (p = old_prompt, np = new_prompt; *p; p++) { if (p[0] =='%') { switch (p[1]) { case 'h': p++; n = strlcpy(np, user_shost, np - endp); if (n >= (size_t)(np - endp)) goto oflow; np += n; continue; case 'H': p++; n = strlcpy(np, user_host, np - endp); if (n >= (size_t)(np - endp)) goto oflow; np += n; continue; case 'p': p++; if (def_rootpw) n = strlcpy(np, "root", np - endp); else if (def_targetpw || def_runaspw) n = strlcpy(np, runas_pw->pw_name, np - endp); else n = strlcpy(np, user_name, np - endp); if (n >= (size_t)(np - endp)) goto oflow; np += n; continue; case 'u': p++; n = strlcpy(np, user_name, np - endp); if (n >= (size_t)(np - endp)) goto oflow; np += n; continue; case 'U': p++; n = strlcpy(np, runas_pw->pw_name, np - endp); if (n >= (size_t)(np - endp)) goto oflow; np += n; continue; case '%': /* convert %% -> % */ p++; break; default: /* no conversion */ break; } } *np++ = *p; if (np >= endp) goto oflow; } *np = '\0'; } else new_prompt = estrdup(old_prompt); debug_return_str(new_prompt); oflow: /* We pre-allocate enough space, so this should never happen. */ fatalx(U_("internal error, %s overflow"), "expand_prompt()"); } sudo-1.8.9p5/plugins/sudoers/pwutil.c010064400175440000012000000402101226304126300171750ustar00millertstaff/* * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef HAVE_SETAUTHDB # include #endif /* HAVE_SETAUTHDB */ #include #include #include "sudoers.h" #include "redblack.h" #include "pwutil.h" /* * The passwd and group caches. */ static struct rbtree *pwcache_byuid, *pwcache_byname; static struct rbtree *grcache_bygid, *grcache_byname; static struct rbtree *grlist_cache; static int cmp_pwuid(const void *, const void *); static int cmp_pwnam(const void *, const void *); static int cmp_grgid(const void *, const void *); #define cmp_grnam cmp_pwnam /* * Compare by uid. */ static int cmp_pwuid(const void *v1, const void *v2) { const struct cache_item *ci1 = (const struct cache_item *) v1; const struct cache_item *ci2 = (const struct cache_item *) v2; return ci1->k.uid - ci2->k.uid; } /* * Compare by user name. */ static int cmp_pwnam(const void *v1, const void *v2) { const struct cache_item *ci1 = (const struct cache_item *) v1; const struct cache_item *ci2 = (const struct cache_item *) v2; return strcmp(ci1->k.name, ci2->k.name); } void sudo_pw_addref(struct passwd *pw) { debug_decl(sudo_pw_addref, SUDO_DEBUG_NSS) ptr_to_item(pw)->refcnt++; debug_return; } static void sudo_pw_delref_item(void *v) { struct cache_item *item = v; debug_decl(sudo_pw_delref_item, SUDO_DEBUG_NSS) if (--item->refcnt == 0) efree(item); debug_return; } void sudo_pw_delref(struct passwd *pw) { debug_decl(sudo_pw_delref, SUDO_DEBUG_NSS) sudo_pw_delref_item(ptr_to_item(pw)); debug_return; } /* * Get a password entry by uid and allocate space for it. */ struct passwd * sudo_getpwuid(uid_t uid) { struct cache_item key, *item; struct rbnode *node; debug_decl(sudo_getpwuid, SUDO_DEBUG_NSS) key.k.uid = uid; if ((node = rbfind(pwcache_byuid, &key)) != NULL) { item = (struct cache_item *) node->data; goto done; } /* * Cache passwd db entry if it exists or a negative response if not. */ #ifdef HAVE_SETAUTHDB aix_setauthdb(IDtouser(uid)); #endif item = sudo_make_pwitem(uid, NULL); if (item == NULL) { item = ecalloc(1, sizeof(*item)); item->refcnt = 1; item->k.uid = uid; /* item->d.pw = NULL; */ } if (rbinsert(pwcache_byuid, item) != NULL) fatalx(U_("unable to cache uid %u, already exists"), (unsigned int) uid); #ifdef HAVE_SETAUTHDB aix_restoreauthdb(); #endif done: item->refcnt++; debug_return_ptr(item->d.pw); } /* * Get a password entry by name and allocate space for it. */ struct passwd * sudo_getpwnam(const char *name) { struct cache_item key, *item; struct rbnode *node; size_t len; debug_decl(sudo_getpwnam, SUDO_DEBUG_NSS) key.k.name = (char *) name; if ((node = rbfind(pwcache_byname, &key)) != NULL) { item = (struct cache_item *) node->data; goto done; } /* * Cache passwd db entry if it exists or a negative response if not. */ #ifdef HAVE_SETAUTHDB aix_setauthdb((char *) name); #endif item = sudo_make_pwitem((uid_t)-1, name); if (item == NULL) { len = strlen(name) + 1; item = ecalloc(1, sizeof(*item) + len); item->refcnt = 1; item->k.name = (char *) item + sizeof(*item); memcpy(item->k.name, name, len); /* item->d.pw = NULL; */ } if (rbinsert(pwcache_byname, item) != NULL) fatalx(U_("unable to cache user %s, already exists"), name); #ifdef HAVE_SETAUTHDB aix_restoreauthdb(); #endif done: item->refcnt++; debug_return_ptr(item->d.pw); } /* * Take a user, uid, gid, home and shell and return a faked up passwd struct. * If home or shell are NULL default values will be used. */ struct passwd * sudo_mkpwent(const char *user, uid_t uid, gid_t gid, const char *home, const char *shell) { struct cache_item_pw *pwitem; struct passwd *pw; struct rbnode *node; size_t len, name_len, home_len, shell_len; int i; debug_decl(sudo_mkpwent, SUDO_DEBUG_NSS) /* Optional arguments. */ if (home == NULL) home = "/"; if (shell == NULL) shell = _PATH_BSHELL; name_len = strlen(user); home_len = strlen(home); shell_len = strlen(shell); len = sizeof(*pwitem) + name_len + 1 /* pw_name */ + sizeof("*") /* pw_passwd */ + sizeof("") /* pw_gecos */ + home_len + 1 /* pw_dir */ + shell_len + 1 /* pw_shell */; for (i = 0; i < 2; i++) { pwitem = ecalloc(1, len); pw = &pwitem->pw; pw->pw_uid = uid; pw->pw_gid = gid; pw->pw_name = (char *)(pwitem + 1); memcpy(pw->pw_name, user, name_len + 1); pw->pw_passwd = pw->pw_name + name_len + 1; memcpy(pw->pw_passwd, "*", 2); pw->pw_gecos = pw->pw_passwd + 2; pw->pw_gecos[0] = '\0'; pw->pw_dir = pw->pw_gecos + 1; memcpy(pw->pw_dir, home, home_len + 1); pw->pw_shell = pw->pw_dir + home_len + 1; memcpy(pw->pw_shell, shell, shell_len + 1); pwitem->cache.refcnt = 1; pwitem->cache.d.pw = pw; if (i == 0) { /* Store by uid if it doesn't already exist. */ pwitem->cache.k.uid = pw->pw_uid; if ((node = rbinsert(pwcache_byuid, &pwitem->cache)) != NULL) { /* Already exists, free the item we created. */ efree(pwitem); pwitem = (struct cache_item_pw *) node->data; } } else { /* Store by name if it doesn't already exist. */ pwitem->cache.k.name = pw->pw_name; if ((node = rbinsert(pwcache_byname, &pwitem->cache)) != NULL) { /* Already exists, free the item we created. */ efree(pwitem); pwitem = (struct cache_item_pw *) node->data; } } } pwitem->cache.refcnt++; debug_return_ptr(&pwitem->pw); } /* * Take a uid in string form "#123" and return a faked up passwd struct. */ struct passwd * sudo_fakepwnam(const char *user, gid_t gid) { const char *errstr; uid_t uid; debug_decl(sudo_fakepwnam, SUDO_DEBUG_NSS) uid = (uid_t) atoid(user + 1, NULL, NULL, &errstr); if (errstr != NULL) { sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_DIAG, "uid %s %s", user, errstr); debug_return_ptr(NULL); } debug_return_ptr(sudo_mkpwent(user, uid, gid, NULL, NULL)); } void sudo_setpwent(void) { debug_decl(sudo_setpwent, SUDO_DEBUG_NSS) setpwent(); if (pwcache_byuid == NULL) pwcache_byuid = rbcreate(cmp_pwuid); if (pwcache_byname == NULL) pwcache_byname = rbcreate(cmp_pwnam); debug_return; } void sudo_freepwcache(void) { debug_decl(sudo_freepwcache, SUDO_DEBUG_NSS) if (pwcache_byuid != NULL) { rbdestroy(pwcache_byuid, sudo_pw_delref_item); pwcache_byuid = NULL; } if (pwcache_byname != NULL) { rbdestroy(pwcache_byname, sudo_pw_delref_item); pwcache_byname = NULL; } debug_return; } void sudo_endpwent(void) { debug_decl(sudo_endpwent, SUDO_DEBUG_NSS) endpwent(); sudo_freepwcache(); debug_return; } /* * Compare by gid. */ static int cmp_grgid(const void *v1, const void *v2) { const struct cache_item *ci1 = (const struct cache_item *) v1; const struct cache_item *ci2 = (const struct cache_item *) v2; return ci1->k.gid - ci2->k.gid; } void sudo_gr_addref(struct group *gr) { debug_decl(sudo_gr_addref, SUDO_DEBUG_NSS) ptr_to_item(gr)->refcnt++; debug_return; } static void sudo_gr_delref_item(void *v) { struct cache_item *item = v; debug_decl(sudo_gr_delref_item, SUDO_DEBUG_NSS) if (--item->refcnt == 0) efree(item); debug_return; } void sudo_gr_delref(struct group *gr) { debug_decl(sudo_gr_delref, SUDO_DEBUG_NSS) sudo_gr_delref_item(ptr_to_item(gr)); debug_return; } /* * Get a group entry by gid and allocate space for it. */ struct group * sudo_getgrgid(gid_t gid) { struct cache_item key, *item; struct rbnode *node; debug_decl(sudo_getgrgid, SUDO_DEBUG_NSS) key.k.gid = gid; if ((node = rbfind(grcache_bygid, &key)) != NULL) { item = (struct cache_item *) node->data; goto done; } /* * Cache group db entry if it exists or a negative response if not. */ item = sudo_make_gritem(gid, NULL); if (item == NULL) { item = ecalloc(1, sizeof(*item)); item->refcnt = 1; item->k.gid = gid; /* item->d.gr = NULL; */ } if (rbinsert(grcache_bygid, item) != NULL) fatalx(U_("unable to cache gid %u, already exists"), (unsigned int) gid); done: item->refcnt++; debug_return_ptr(item->d.gr); } /* * Get a group entry by name and allocate space for it. */ struct group * sudo_getgrnam(const char *name) { struct cache_item key, *item; struct rbnode *node; size_t len; debug_decl(sudo_getgrnam, SUDO_DEBUG_NSS) key.k.name = (char *) name; if ((node = rbfind(grcache_byname, &key)) != NULL) { item = (struct cache_item *) node->data; goto done; } /* * Cache group db entry if it exists or a negative response if not. */ item = sudo_make_gritem((gid_t)-1, name); if (item == NULL) { len = strlen(name) + 1; item = ecalloc(1, sizeof(*item) + len); item->refcnt = 1; item->k.name = (char *) item + sizeof(*item); memcpy(item->k.name, name, len); /* item->d.gr = NULL; */ } if (rbinsert(grcache_byname, item) != NULL) fatalx(U_("unable to cache group %s, already exists"), name); done: item->refcnt++; debug_return_ptr(item->d.gr); } /* * Take a gid in string form "#123" and return a faked up group struct. */ struct group * sudo_fakegrnam(const char *group) { struct cache_item_gr *gritem; const char *errstr; struct group *gr; struct rbnode *node; size_t len, name_len; int i; debug_decl(sudo_fakegrnam, SUDO_DEBUG_NSS) name_len = strlen(group); len = sizeof(*gritem) + name_len + 1; for (i = 0; i < 2; i++) { gritem = ecalloc(1, len); gr = &gritem->gr; gr->gr_gid = (gid_t) atoid(group + 1, NULL, NULL, &errstr); gr->gr_name = (char *)(gritem + 1); memcpy(gr->gr_name, group, name_len + 1); if (errstr != NULL) { sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_DIAG, "gid %s %s", group, errstr); efree(gritem); debug_return_ptr(NULL); } gritem->cache.refcnt = 1; gritem->cache.d.gr = gr; if (i == 0) { /* Store by gid if it doesn't already exist. */ gritem->cache.k.gid = gr->gr_gid; if ((node = rbinsert(grcache_bygid, &gritem->cache)) != NULL) { /* Already exists, free the item we created. */ efree(gritem); gritem = (struct cache_item_gr *) node->data; } } else { /* Store by name, overwriting cached version. */ gritem->cache.k.name = gr->gr_name; if ((node = rbinsert(grcache_byname, &gritem->cache)) != NULL) { /* Already exists, free the item we created. */ efree(gritem); gritem = (struct cache_item_gr *) node->data; } } } gritem->cache.refcnt++; debug_return_ptr(&gritem->gr); } void sudo_grlist_addref(struct group_list *grlist) { debug_decl(sudo_gr_addref, SUDO_DEBUG_NSS) ptr_to_item(grlist)->refcnt++; debug_return; } static void sudo_grlist_delref_item(void *v) { struct cache_item *item = v; debug_decl(sudo_gr_delref_item, SUDO_DEBUG_NSS) if (--item->refcnt == 0) efree(item); debug_return; } void sudo_grlist_delref(struct group_list *grlist) { debug_decl(sudo_gr_delref, SUDO_DEBUG_NSS) sudo_grlist_delref_item(ptr_to_item(grlist)); debug_return; } void sudo_setgrent(void) { debug_decl(sudo_setgrent, SUDO_DEBUG_NSS) setgrent(); if (grcache_bygid == NULL) grcache_bygid = rbcreate(cmp_grgid); if (grcache_byname == NULL) grcache_byname = rbcreate(cmp_grnam); if (grlist_cache == NULL) grlist_cache = rbcreate(cmp_grnam); debug_return; } void sudo_freegrcache(void) { debug_decl(sudo_freegrcache, SUDO_DEBUG_NSS) if (grcache_bygid != NULL) { rbdestroy(grcache_bygid, sudo_gr_delref_item); grcache_bygid = NULL; } if (grcache_byname != NULL) { rbdestroy(grcache_byname, sudo_gr_delref_item); grcache_byname = NULL; } if (grlist_cache != NULL) { rbdestroy(grlist_cache, sudo_grlist_delref_item); grlist_cache = NULL; } debug_return; } void sudo_endgrent(void) { debug_decl(sudo_endgrent, SUDO_DEBUG_NSS) endgrent(); sudo_freegrcache(); debug_return; } struct group_list * sudo_get_grlist(const struct passwd *pw) { struct cache_item key, *item; struct rbnode *node; size_t len; debug_decl(sudo_get_grlist, SUDO_DEBUG_NSS) key.k.name = pw->pw_name; if ((node = rbfind(grlist_cache, &key)) != NULL) { item = (struct cache_item *) node->data; goto done; } /* * Cache group db entry if it exists or a negative response if not. */ item = sudo_make_grlist_item(pw, NULL, NULL); if (item == NULL) { /* Should not happen. */ len = strlen(pw->pw_name) + 1; item = ecalloc(1, sizeof(*item) + len); item->refcnt = 1; item->k.name = (char *) item + sizeof(*item); memcpy(item->k.name, pw->pw_name, len); /* item->d.grlist = NULL; */ } if (rbinsert(grlist_cache, item) != NULL) fatalx(U_("unable to cache group list for %s, already exists"), pw->pw_name); done: item->refcnt++; debug_return_ptr(item->d.grlist); } void sudo_set_grlist(struct passwd *pw, char * const *groups, char * const *gids) { struct cache_item key, *item; struct rbnode *node; debug_decl(sudo_set_grlist, SUDO_DEBUG_NSS) /* * Cache group db entry if it doesn't already exist */ key.k.name = pw->pw_name; if ((node = rbfind(grlist_cache, &key)) == NULL) { if ((item = sudo_make_grlist_item(pw, groups, gids)) == NULL) fatalx(U_("unable to parse groups for %s"), pw->pw_name); if (rbinsert(grlist_cache, item) != NULL) fatalx(U_("unable to cache group list for %s, already exists"), pw->pw_name); } debug_return; } bool user_in_group(const struct passwd *pw, const char *group) { struct group_list *grlist; struct group *grp = NULL; const char *errstr; int i; bool matched = false; debug_decl(user_in_group, SUDO_DEBUG_NSS) if ((grlist = sudo_get_grlist(pw)) != NULL) { /* * If it could be a sudo-style group ID check gids first. */ if (group[0] == '#') { gid_t gid = (gid_t) atoid(group + 1, NULL, NULL, &errstr); if (errstr != NULL) { sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_DIAG, "gid %s %s", group, errstr); } else { if (gid == pw->pw_gid) { matched = true; goto done; } for (i = 0; i < grlist->ngids; i++) { if (gid == grlist->gids[i]) { matched = true; goto done; } } } } /* * Next check the supplementary group vector. * It usually includes the password db group too. */ for (i = 0; i < grlist->ngroups; i++) { if (strcasecmp(group, grlist->groups[i]) == 0) { matched = true; goto done; } } /* Finally check against user's primary (passwd file) group. */ if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) { if (strcasecmp(group, grp->gr_name) == 0) { matched = true; goto done; } } done: if (grp != NULL) sudo_gr_delref(grp); sudo_grlist_delref(grlist); } debug_return_bool(matched); } sudo-1.8.9p5/plugins/sudoers/pwutil.h010064400175440000012000000035541226304126300172140ustar00millertstaff/* * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDOERS_PWUTIL_H #define _SUDOERS_PWUTIL_H #define ptr_to_item(p) ((struct cache_item *)((char *)p - offsetof(struct cache_item_##p, p))) /* * Generic cache element. */ struct cache_item { unsigned int refcnt; /* key */ union { uid_t uid; gid_t gid; char *name; } k; /* datum */ union { struct passwd *pw; struct group *gr; struct group_list *grlist; } d; }; /* * Container structs to simpify size and offset calculations and guarantee * proper aligment of struct passwd, group and group_list. */ struct cache_item_pw { struct cache_item cache; struct passwd pw; }; struct cache_item_gr { struct cache_item cache; struct group gr; }; struct cache_item_grlist { struct cache_item cache; struct group_list grlist; /* actually bigger */ }; struct cache_item *sudo_make_gritem(gid_t gid, const char *group); struct cache_item *sudo_make_grlist_item(const struct passwd *pw, char * const *groups, char * const *gids); struct cache_item *sudo_make_pwitem(uid_t uid, const char *user); #endif /* _SUDOERS_PWUTIL_H */ sudo-1.8.9p5/plugins/sudoers/pwutil_impl.c010064400175440000012000000226431226304126300202300ustar00millertstaff/* * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include "sudoers.h" #include "pwutil.h" #ifndef LOGIN_NAME_MAX # ifdef _POSIX_LOGIN_NAME_MAX # define LOGIN_NAME_MAX _POSIX_LOGIN_NAME_MAX # else # define LOGIN_NAME_MAX 9 # endif #endif /* LOGIN_NAME_MAX */ #define FIELD_SIZE(src, name, size) \ do { \ if (src->name) { \ size = strlen(src->name) + 1; \ total += size; \ } \ } while (0) #define FIELD_COPY(src, dst, name, size) \ do { \ if (src->name) { \ memcpy(cp, src->name, size); \ dst->name = cp; \ cp += size; \ } \ } while (0) /* * Dynamically allocate space for a struct item plus the key and data * elements. If name is non-NULL it is used as the key, else the * uid is the key. Fills in datum from struct password. */ struct cache_item * sudo_make_pwitem(uid_t uid, const char *name) { char *cp; const char *pw_shell; size_t nsize, psize, csize, gsize, dsize, ssize, total; struct cache_item_pw *pwitem; struct passwd *pw, *newpw; debug_decl(sudo_make_pwitem, SUDO_DEBUG_NSS) /* Look up by name or uid. */ pw = name ? getpwnam(name) : getpwuid(uid); if (pw == NULL) debug_return_ptr(NULL); /* If shell field is empty, expand to _PATH_BSHELL. */ pw_shell = (pw->pw_shell == NULL || pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; /* Allocate in one big chunk for easy freeing. */ nsize = psize = csize = gsize = dsize = ssize = 0; total = sizeof(*pwitem); FIELD_SIZE(pw, pw_name, nsize); FIELD_SIZE(pw, pw_passwd, psize); #ifdef HAVE_LOGIN_CAP_H FIELD_SIZE(pw, pw_class, csize); #endif FIELD_SIZE(pw, pw_gecos, gsize); FIELD_SIZE(pw, pw_dir, dsize); /* Treat shell specially since we expand "" -> _PATH_BSHELL */ ssize = strlen(pw_shell) + 1; total += ssize; if (name != NULL) total += strlen(name) + 1; /* Allocate space for struct item, struct passwd and the strings. */ pwitem = ecalloc(1, total); newpw = &pwitem->pw; /* * Copy in passwd contents and make strings relative to space * at the end of the struct. */ memcpy(newpw, pw, sizeof(*pw)); cp = (char *)(pwitem + 1); FIELD_COPY(pw, newpw, pw_name, nsize); FIELD_COPY(pw, newpw, pw_passwd, psize); #ifdef HAVE_LOGIN_CAP_H FIELD_COPY(pw, newpw, pw_class, csize); #endif FIELD_COPY(pw, newpw, pw_gecos, gsize); FIELD_COPY(pw, newpw, pw_dir, dsize); /* Treat shell specially since we expand "" -> _PATH_BSHELL */ memcpy(cp, pw_shell, ssize); newpw->pw_shell = cp; cp += ssize; /* Set key and datum. */ if (name != NULL) { memcpy(cp, name, strlen(name) + 1); pwitem->cache.k.name = cp; } else { pwitem->cache.k.uid = pw->pw_uid; } pwitem->cache.d.pw = newpw; pwitem->cache.refcnt = 1; debug_return_ptr(&pwitem->cache); } /* * Dynamically allocate space for a struct item plus the key and data * elements. If name is non-NULL it is used as the key, else the * gid is the key. Fills in datum from struct group. */ struct cache_item * sudo_make_gritem(gid_t gid, const char *name) { char *cp; size_t nsize, psize, nmem, total, len; struct cache_item_gr *gritem; struct group *gr, *newgr; debug_decl(sudo_make_gritem, SUDO_DEBUG_NSS) /* Look up by name or gid. */ gr = name ? getgrnam(name) : getgrgid(gid); if (gr == NULL) debug_return_ptr(NULL); /* Allocate in one big chunk for easy freeing. */ nsize = psize = nmem = 0; total = sizeof(*gritem); FIELD_SIZE(gr, gr_name, nsize); FIELD_SIZE(gr, gr_passwd, psize); if (gr->gr_mem) { for (nmem = 0; gr->gr_mem[nmem] != NULL; nmem++) total += strlen(gr->gr_mem[nmem]) + 1; nmem++; total += sizeof(char *) * nmem; } if (name != NULL) total += strlen(name) + 1; gritem = ecalloc(1, total); /* * Copy in group contents and make strings relative to space * at the end of the buffer. Note that gr_mem must come * immediately after struct group to guarantee proper alignment. */ newgr = &gritem->gr; memcpy(newgr, gr, sizeof(*gr)); cp = (char *)(gritem + 1); if (gr->gr_mem) { newgr->gr_mem = (char **)cp; cp += sizeof(char *) * nmem; for (nmem = 0; gr->gr_mem[nmem] != NULL; nmem++) { len = strlen(gr->gr_mem[nmem]) + 1; memcpy(cp, gr->gr_mem[nmem], len); newgr->gr_mem[nmem] = cp; cp += len; } newgr->gr_mem[nmem] = NULL; } FIELD_COPY(gr, newgr, gr_passwd, psize); FIELD_COPY(gr, newgr, gr_name, nsize); /* Set key and datum. */ if (name != NULL) { memcpy(cp, name, strlen(name) + 1); gritem->cache.k.name = cp; } else { gritem->cache.k.gid = gr->gr_gid; } gritem->cache.d.gr = newgr; gritem->cache.refcnt = 1; debug_return_ptr(&gritem->cache); } /* * Dynamically allocate space for a struct item plus the key and data * elements. Fills in datum from user_gids or from getgrouplist(3). */ struct cache_item * sudo_make_grlist_item(const struct passwd *pw, char * const *unused1, char * const *unused2) { char *cp; size_t nsize, ngroups, total, len; struct cache_item_grlist *grlitem; struct group_list *grlist; GETGROUPS_T *gids; struct group *grp; int i, ngids, groupname_len; debug_decl(sudo_make_grlist_item, SUDO_DEBUG_NSS) if (pw == sudo_user.pw && sudo_user.gids != NULL) { gids = user_gids; ngids = user_ngids; user_gids = NULL; user_ngids = 0; } else { if (sudo_user.max_groups > 0) { ngids = sudo_user.max_groups; gids = emalloc2(ngids, sizeof(GETGROUPS_T)); (void)getgrouplist(pw->pw_name, pw->pw_gid, gids, &ngids); } else { #if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX) ngids = (int)sysconf(_SC_NGROUPS_MAX) * 2; if (ngids < 0) #endif ngids = NGROUPS_MAX * 2; gids = emalloc2(ngids, sizeof(GETGROUPS_T)); if (getgrouplist(pw->pw_name, pw->pw_gid, gids, &ngids) == -1) { efree(gids); gids = emalloc2(ngids, sizeof(GETGROUPS_T)); if (getgrouplist(pw->pw_name, pw->pw_gid, gids, &ngids) == -1) ngids = -1; } } } if (ngids <= 0) { efree(gids); debug_return_ptr(NULL); } #ifdef HAVE_SETAUTHDB aix_setauthdb((char *) pw->pw_name); #endif #if defined(HAVE_SYSCONF) && defined(_SC_LOGIN_NAME_MAX) groupname_len = MAX((int)sysconf(_SC_LOGIN_NAME_MAX), 32); #else groupname_len = MAX(LOGIN_NAME_MAX, 32); #endif /* Allocate in one big chunk for easy freeing. */ nsize = strlen(pw->pw_name) + 1; total = sizeof(*grlitem) + nsize; total += sizeof(char *) * ngids; total += sizeof(gid_t *) * ngids; total += groupname_len * ngids; again: grlitem = ecalloc(1, total); /* * Copy in group list and make pointers relative to space * at the end of the buffer. Note that the groups array must come * immediately after struct group to guarantee proper alignment. */ grlist = &grlitem->grlist; cp = (char *)(grlitem + 1); grlist->groups = (char **)cp; cp += sizeof(char *) * ngids; grlist->gids = (gid_t *)cp; cp += sizeof(gid_t) * ngids; /* Set key and datum. */ memcpy(cp, pw->pw_name, nsize); grlitem->cache.k.name = cp; grlitem->cache.d.grlist = grlist; grlitem->cache.refcnt = 1; cp += nsize; /* * Store group IDs. */ for (i = 0; i < ngids; i++) grlist->gids[i] = gids[i]; grlist->ngids = ngids; /* * Resolve and store group names by ID. */ ngroups = 0; for (i = 0; i < ngids; i++) { if ((grp = sudo_getgrgid(gids[i])) != NULL) { len = strlen(grp->gr_name) + 1; if (cp - (char *)grlitem + len > total) { total += len + groupname_len; efree(grlitem); sudo_gr_delref(grp); goto again; } memcpy(cp, grp->gr_name, len); grlist->groups[ngroups++] = cp; cp += len; sudo_gr_delref(grp); } } grlist->ngroups = ngroups; efree(gids); #ifdef HAVE_SETAUTHDB aix_restoreauthdb(); #endif debug_return_ptr(&grlitem->cache); } sudo-1.8.9p5/plugins/sudoers/redblack.c010064400175440000012000000335531226304127700174410ustar00millertstaff/* * Copyright (c) 2004-2005, 2007, 2009-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * Adapted from the following code written by Emin Martinian: * http://web.mit.edu/~emin/www/source_code/red_black_tree/index.html * * Copyright (c) 2001 Emin Martinian * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that neither the name of Emin * Martinian nor the names of any contributors are be used to endorse or * promote products derived from this software without specific prior * written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #include "missing.h" #include "alloc.h" #include "sudo_debug.h" #include "redblack.h" static void rbrepair(struct rbtree *, struct rbnode *); static void rotate_left(struct rbtree *, struct rbnode *); static void rotate_right(struct rbtree *, struct rbnode *); static void _rbdestroy(struct rbtree *, struct rbnode *, void (*)(void *)); /* * Red-Black tree, see http://en.wikipedia.org/wiki/Red-black_tree * * A red-black tree is a binary search tree where each node has a color * attribute, the value of which is either red or black. Essentially, it * is just a convenient way to express a 2-3-4 binary search tree where * the color indicates whether the node is part of a 3-node or a 4-node. * In addition to the ordinary requirements imposed on binary search * trees, we make the following additional requirements of any valid * red-black tree: * 1) Every node is either red or black. * 2) The root is black. * 3) All leaves are black. * 4) Both children of each red node are black. * 5) The paths from each leaf up to the root each contain the same * number of black nodes. */ /* * Create a red black tree struct using the specified compare routine. * Allocates and returns the initialized (empty) tree. */ struct rbtree * rbcreate(int (*compar)(const void *, const void*)) { struct rbtree *tree; debug_decl(rbcreate, SUDO_DEBUG_RBTREE) tree = (struct rbtree *) emalloc(sizeof(*tree)); tree->compar = compar; /* * We use a self-referencing sentinel node called nil to simplify the * code by avoiding the need to check for NULL pointers. */ tree->nil.left = tree->nil.right = tree->nil.parent = &tree->nil; tree->nil.color = black; tree->nil.data = NULL; /* * Similarly, the fake root node keeps us from having to worry * about splitting the root. */ tree->root.left = tree->root.right = tree->root.parent = &tree->nil; tree->root.color = black; tree->root.data = NULL; debug_return_ptr(tree); } /* * Perform a left rotation starting at node. */ static void rotate_left(struct rbtree *tree, struct rbnode *node) { struct rbnode *child; debug_decl(rotate_left, SUDO_DEBUG_RBTREE) child = node->right; node->right = child->left; if (child->left != rbnil(tree)) child->left->parent = node; child->parent = node->parent; if (node == node->parent->left) node->parent->left = child; else node->parent->right = child; child->left = node; node->parent = child; debug_return; } /* * Perform a right rotation starting at node. */ static void rotate_right(struct rbtree *tree, struct rbnode *node) { struct rbnode *child; debug_decl(rotate_right, SUDO_DEBUG_RBTREE) child = node->left; node->left = child->right; if (child->right != rbnil(tree)) child->right->parent = node; child->parent = node->parent; if (node == node->parent->left) node->parent->left = child; else node->parent->right = child; child->right = node; node->parent = child; debug_return; } /* * Insert data pointer into a redblack tree. * Returns a NULL pointer on success. If a node matching "data" * already exists, a pointer to the existant node is returned. */ struct rbnode * rbinsert(struct rbtree *tree, void *data) { struct rbnode *node = rbfirst(tree); struct rbnode *parent = rbroot(tree); int res; debug_decl(rbinsert, SUDO_DEBUG_RBTREE) /* Find correct insertion point. */ while (node != rbnil(tree)) { parent = node; if ((res = tree->compar(data, node->data)) == 0) debug_return_ptr(node); node = res < 0 ? node->left : node->right; } node = (struct rbnode *) emalloc(sizeof(*node)); node->data = data; node->left = node->right = rbnil(tree); node->parent = parent; if (parent == rbroot(tree) || tree->compar(data, parent->data) < 0) parent->left = node; else parent->right = node; node->color = red; /* * If the parent node is black we are all set, if it is red we have * the following possible cases to deal with. We iterate through * the rest of the tree to make sure none of the required properties * is violated. * * 1) The uncle is red. We repaint both the parent and uncle black * and repaint the grandparent node red. * * 2) The uncle is black and the new node is the right child of its * parent, and the parent in turn is the left child of its parent. * We do a left rotation to switch the roles of the parent and * child, relying on further iterations to fixup the old parent. * * 3) The uncle is black and the new node is the left child of its * parent, and the parent in turn is the left child of its parent. * We switch the colors of the parent and grandparent and perform * a right rotation around the grandparent. This makes the former * parent the parent of the new node and the former grandparent. * * Note that because we use a sentinel for the root node we never * need to worry about replacing the root. */ while (node->parent->color == red) { struct rbnode *uncle; if (node->parent == node->parent->parent->left) { uncle = node->parent->parent->right; if (uncle->color == red) { node->parent->color = black; uncle->color = black; node->parent->parent->color = red; node = node->parent->parent; } else /* if (uncle->color == black) */ { if (node == node->parent->right) { node = node->parent; rotate_left(tree, node); } node->parent->color = black; node->parent->parent->color = red; rotate_right(tree, node->parent->parent); } } else { /* if (node->parent == node->parent->parent->right) */ uncle = node->parent->parent->left; if (uncle->color == red) { node->parent->color = black; uncle->color = black; node->parent->parent->color = red; node = node->parent->parent; } else /* if (uncle->color == black) */ { if (node == node->parent->left) { node = node->parent; rotate_right(tree, node); } node->parent->color = black; node->parent->parent->color = red; rotate_left(tree, node->parent->parent); } } } rbfirst(tree)->color = black; /* first node is always black */ debug_return_ptr(NULL); } /* * Look for a node matching key in tree. * Returns a pointer to the node if found, else NULL. */ struct rbnode * rbfind(struct rbtree *tree, void *key) { struct rbnode *node = rbfirst(tree); int res; debug_decl(rbfind, SUDO_DEBUG_RBTREE) while (node != rbnil(tree)) { if ((res = tree->compar(key, node->data)) == 0) debug_return_ptr(node); node = res < 0 ? node->left : node->right; } debug_return_ptr(NULL); } /* * Call func() for each node, passing it the node data and a cookie; * If func() returns non-zero for a node, the traversal stops and the * error value is returned. Returns 0 on successful traversal. */ int rbapply_node(struct rbtree *tree, struct rbnode *node, int (*func)(void *, void *), void *cookie, enum rbtraversal order) { int error; debug_decl(rbapply_node, SUDO_DEBUG_RBTREE) if (node != rbnil(tree)) { if (order == preorder) if ((error = func(node->data, cookie)) != 0) debug_return_int(error); if ((error = rbapply_node(tree, node->left, func, cookie, order)) != 0) debug_return_int(error); if (order == inorder) if ((error = func(node->data, cookie)) != 0) debug_return_int(error); if ((error = rbapply_node(tree, node->right, func, cookie, order)) != 0) debug_return_int(error); if (order == postorder) if ((error = func(node->data, cookie)) != 0) debug_return_int(error); } debug_return_int(0); } /* * Returns the successor of node, or nil if there is none. */ static struct rbnode * rbsuccessor(struct rbtree *tree, struct rbnode *node) { struct rbnode *succ; debug_decl(rbsuccessor, SUDO_DEBUG_RBTREE) if ((succ = node->right) != rbnil(tree)) { while (succ->left != rbnil(tree)) succ = succ->left; } else { /* No right child, move up until we find it or hit the root */ for (succ = node->parent; node == succ->right; succ = succ->parent) node = succ; if (succ == rbroot(tree)) succ = rbnil(tree); } debug_return_ptr(succ); } /* * Recursive portion of rbdestroy(). */ static void _rbdestroy(struct rbtree *tree, struct rbnode *node, void (*destroy)(void *)) { debug_decl(_rbdestroy, SUDO_DEBUG_RBTREE) if (node != rbnil(tree)) { _rbdestroy(tree, node->left, destroy); _rbdestroy(tree, node->right, destroy); if (destroy != NULL) destroy(node->data); efree(node); } debug_return; } /* * Destroy the specified tree, calling the destructor destroy * for each node and then freeing the tree itself. */ void rbdestroy(struct rbtree *tree, void (*destroy)(void *)) { debug_decl(rbdestroy, SUDO_DEBUG_RBTREE) _rbdestroy(tree, rbfirst(tree), destroy); efree(tree); debug_return; } /* * Delete node 'z' from the tree and return its data pointer. */ void *rbdelete(struct rbtree *tree, struct rbnode *z) { struct rbnode *x, *y; void *data = z->data; debug_decl(rbdelete, SUDO_DEBUG_RBTREE) if (z->left == rbnil(tree) || z->right == rbnil(tree)) y = z; else y = rbsuccessor(tree, z); x = (y->left == rbnil(tree)) ? y->right : y->left; if ((x->parent = y->parent) == rbroot(tree)) { rbfirst(tree) = x; } else { if (y == y->parent->left) y->parent->left = x; else y->parent->right = x; } if (y->color == black) rbrepair(tree, x); if (y != z) { y->left = z->left; y->right = z->right; y->parent = z->parent; y->color = z->color; z->left->parent = z->right->parent = y; if (z == z->parent->left) z->parent->left = y; else z->parent->right = y; } free(z); debug_return_ptr(data); } /* * Repair the tree after a node has been deleted by rotating and repainting * colors to restore the 4 properties inherent in red-black trees. */ static void rbrepair(struct rbtree *tree, struct rbnode *node) { struct rbnode *sibling; debug_decl(rbrepair, SUDO_DEBUG_RBTREE) while (node->color == black && node != rbfirst(tree)) { if (node == node->parent->left) { sibling = node->parent->right; if (sibling->color == red) { sibling->color = black; node->parent->color = red; rotate_left(tree, node->parent); sibling = node->parent->right; } if (sibling->right->color == black && sibling->left->color == black) { sibling->color = red; node = node->parent; } else { if (sibling->right->color == black) { sibling->left->color = black; sibling->color = red; rotate_right(tree, sibling); sibling = node->parent->right; } sibling->color = node->parent->color; node->parent->color = black; sibling->right->color = black; rotate_left(tree, node->parent); node = rbfirst(tree); /* exit loop */ } } else { /* if (node == node->parent->right) */ sibling = node->parent->left; if (sibling->color == red) { sibling->color = black; node->parent->color = red; rotate_right(tree, node->parent); sibling = node->parent->left; } if (sibling->right->color == black && sibling->left->color == black) { sibling->color = red; node = node->parent; } else { if (sibling->left->color == black) { sibling->right->color = black; sibling->color = red; rotate_left(tree, sibling); sibling = node->parent->left; } sibling->color = node->parent->color; node->parent->color = black; sibling->left->color = black; rotate_right(tree, node->parent); node = rbfirst(tree); /* exit loop */ } } } node->color = black; debug_return; } sudo-1.8.9p5/plugins/sudoers/redblack.h010064400175440000012000000035021226304126300174300ustar00millertstaff/* * Copyright (c) 2004, 2007, 2010, 2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDOERS_REDBLACK_H #define _SUDOERS_REDBLACK_H enum rbcolor { red, black }; enum rbtraversal { preorder, inorder, postorder }; struct rbnode { struct rbnode *left, *right, *parent; void *data; enum rbcolor color; }; struct rbtree { int (*compar)(const void *, const void *); struct rbnode root; struct rbnode nil; }; #define rbapply(t, f, c, o) rbapply_node((t), (t)->root.left, (f), (c), (o)) #define rbisempty(t) ((t)->root.left == &(t)->nil && (t)->root.right == &(t)->nil) #define rbfirst(t) ((t)->root.left) #define rbroot(t) (&(t)->root) #define rbnil(t) (&(t)->nil) void *rbdelete(struct rbtree *, struct rbnode *); int rbapply_node(struct rbtree *, struct rbnode *, int (*)(void *, void *), void *, enum rbtraversal); struct rbnode *rbfind(struct rbtree *, void *); struct rbnode *rbinsert(struct rbtree *, void *); struct rbtree *rbcreate(int (*)(const void *, const void *)); void rbdestroy(struct rbtree *, void (*)(void *)); #endif /* _SUDOERS_REDBLACK_H */ sudo-1.8.9p5/plugins/sudoers/regress/check_symbols/check_symbols.c010064400175440000012000000056341226304126400250110ustar00millertstaff/* * Copyright (c) 2012-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include #include #include "missing.h" #include "sudo_dso.h" #include "sudo_util.h" #include "fatal.h" #ifndef LINE_MAX # define LINE_MAX 2048 #endif __dso_public int main(int argc, char *argv[]); static void usage(void) { fprintf(stderr, "usage: %s plugin.so symbols_file\n", getprogname()); exit(1); } int main(int argc, char *argv[]) { void *handle, *sym; const char *plugin_path; const char *symbols_file; char *cp, line[LINE_MAX]; FILE *fp; int ntests = 0, errors = 0; initprogname(argc > 0 ? argv[0] : "check_symbols"); if (argc != 3) usage(); plugin_path = argv[1]; symbols_file = argv[2]; handle = sudo_dso_load(plugin_path, SUDO_DSO_LAZY|SUDO_DSO_GLOBAL); if (handle == NULL) fatalx_nodebug("unable to load %s: %s", plugin_path, sudo_dso_strerror()); fp = fopen(symbols_file, "r"); if (fp == NULL) fatal_nodebug("unable to open %s", symbols_file); while (fgets(line, sizeof(line), fp) != NULL) { ntests++; if ((cp = strchr(line, '\n')) != NULL) *cp = '\0'; sym = sudo_dso_findsym(handle, line); if (sym == NULL) { printf("%s: test %d: unable to resolve symbol %s: %s\n", getprogname(), ntests, line, sudo_dso_strerror()); errors++; } } /* * Make sure unexported symbols are not available. */ ntests++; sym = sudo_dso_findsym(handle, "user_in_group"); if (sym != NULL) { printf("%s: test %d: able to resolve local symbol user_in_group\n", getprogname(), ntests); errors++; } sudo_dso_unload(handle); printf("%s: %d tests run, %d errors, %d%% success rate\n", getprogname(), ntests, errors, (ntests - errors) * 100 / ntests); exit(errors); } sudo-1.8.9p5/plugins/sudoers/regress/iolog_path/check_iolog_path.c010064400175440000012000000114141226304126400247370ustar00millertstaff/* * Copyright (c) 2011-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include #include #include #define SUDO_ERROR_WRAP 0 #define _SUDO_MAIN #include "sudoers.h" #include "def_data.c" struct sudo_user sudo_user; struct passwd *list_pw; static char sessid[7]; __dso_public int main(int argc, char *argv[]); static void usage(void) { fprintf(stderr, "usage: %s datafile\n", getprogname()); exit(1); } static int do_check(char *dir_in, char *file_in, char *tdir_out, char *tfile_out) { char *path, *slash; char dir_out[4096], file_out[4096]; struct tm *timeptr; time_t now; int error = 0; /* * Expand any strftime(3) escapes * XXX - want to pass timeptr to expand_iolog_path */ time(&now); timeptr = localtime(&now); strftime(dir_out, sizeof(dir_out), tdir_out, timeptr); strftime(file_out, sizeof(file_out), tfile_out, timeptr); path = expand_iolog_path(NULL, dir_in, file_in, &slash); *slash = '\0'; if (strcmp(path, dir_out) != 0) { warningx("%s: expected %s, got %s", dir_in, dir_out, path); error = 1; } if (strcmp(slash + 1, file_out) != 0) { warningx("%s: expected %s, got %s", file_in, file_out, slash + 1); error = 1; } return error; } #define MAX_STATE 12 int main(int argc, char *argv[]) { struct passwd pw, rpw; size_t len; FILE *fp; char line[2048]; char *file_in = NULL, *file_out = NULL; char *dir_in = NULL, *dir_out = NULL; const char *errstr; int state = 0; int errors = 0; int tests = 0; initprogname(argc > 0 ? argv[0] : "check_iolog_path"); if (argc != 2) usage(); fp = fopen(argv[1], "r"); if (fp == NULL) fatalx("unable to open %s", argv[1]); memset(&pw, 0, sizeof(pw)); memset(&rpw, 0, sizeof(rpw)); sudo_user.pw = &pw; sudo_user._runas_pw = &rpw; /* * Input consists of 12 lines: * sequence number * user name * user gid * runas user name * runas gid * hostname [short form] * command * dir [with escapes] * file [with escapes] * expanded dir * expanded file * empty line */ while (fgets(line, sizeof(line), fp) != NULL) { len = strcspn(line, "\n"); line[len] = '\0'; switch (state) { case 0: strlcpy(sessid, line, sizeof(sessid)); break; case 1: if (user_name != NULL) free(user_name); user_name = strdup(line); break; case 2: user_gid = (gid_t)atoid(line, NULL, NULL, &errstr); if (errstr != NULL) fatalx("group ID %s: %s", line, errstr); break; case 3: if (runas_pw->pw_name != NULL) free(runas_pw->pw_name); runas_pw->pw_name = strdup(line); break; case 4: runas_pw->pw_gid = (gid_t)atoid(line, NULL, NULL, &errstr); if (errstr != NULL) fatalx("group ID %s: %s", line, errstr); break; case 5: user_shost = strdup(line); break; case 6: user_base = strdup(line); break; case 7: dir_in = strdup(line); break; case 8: file_in = strdup(line); break; case 9: dir_out = strdup(line); break; case 10: file_out = strdup(line); break; case 11: errors += do_check(dir_in, file_in, dir_out, file_out); tests++; break; default: fatalx("internal error, invalid state %d", state); } state = (state + 1) % MAX_STATE; } if (tests != 0) { printf("iolog_path: %d test%s run, %d errors, %d%% success rate\n", tests, tests == 1 ? "" : "s", errors, (tests - errors) * 100 / tests); } exit(errors); } void io_nextid(char *iolog_dir, char *fallback, char id[7]) { memcpy(id, sessid, sizeof(sessid)); } sudo-1.8.9p5/plugins/sudoers/regress/iolog_path/data010064400175440000012000000015541226304126400221510ustar00millertstaff000001 nobody 1 root 0 somehost id /var/log/sudo-io %%{bogus} /var/log/sudo-io %%{bogus} 000001 nobody 1 root 0 somehost id /var/log/sudo-io %%{seq} /var/log/sudo-io %%{seq} 000001 nobody 1 root 0 somehost id /var/log/sudo-io %{seq} /var/log/sudo-io 00/00/01 000001 nobody 1 root 0 somehost id /var/log/sudo-io/%{user} %{seq} /var/log/sudo-io/nobody 00/00/01 000001 nobody 1 root 0 somehost su /var/log/sudo-io/%{user}/%{runas_user} %{command}_%Y%m%s_%H%M /var/log/sudo-io/nobody/root su_%Y%m%s_%H%M 000001 nobody 1 root 0 somehost su /var/log/sudo-io/ /%{user}/%{runas_user}/%{command}_%Y%m%s_%H%M /var/log/sudo-io nobody/root/su_%Y%m%s_%H%M 000001 nobody 1 root 0 somehost su /var/log/sudo-io/%d%m%Y %{user}/%{runas_user}/%{command} /var/log/sudo-io/%d%m%Y nobody/root/su 000001 nobody 1 root 0 somehost su //////// %{user}/%{runas_user}/%{command} / nobody/root/su sudo-1.8.9p5/plugins/sudoers/regress/logging/check_wrap.c010064400175440000012000000061271226304126400230710ustar00millertstaff/* * Copyright (c) 2011-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include #define SUDO_ERROR_WRAP 0 #include "missing.h" #include "fatal.h" #include "sudo_plugin.h" #include "sudo_util.h" extern void writeln_wrap(FILE *fp, char *line, size_t len, size_t maxlen); __dso_public int main(int argc, char *argv[]); static void usage(void) { fprintf(stderr, "usage: %s inputfile\n", getprogname()); exit(1); } int main(int argc, char *argv[]) { size_t len; FILE *fp; char *cp, *dash, *line, lines[2][2048]; int lineno = 0; int which = 0; initprogname(argc > 0 ? argv[0] : "check_wrap"); if (argc != 2) usage(); fp = fopen(argv[1], "r"); if (fp == NULL) fatalx("unable to open %s", argv[1]); /* * Each test record consists of a log entry on one line and a list of * line lengths to test it with on the next. E.g. * * Jun 30 14:49:51 : millert : TTY=ttypn ; PWD=/usr/src/local/millert/hg/sudo/trunk/plugins/sudoers ; USER=root ; TSID=0004LD ; COMMAND=/usr/local/sbin/visudo * 60-80,40 */ while ((line = fgets(lines[which], sizeof(lines[which]), fp)) != NULL) { len = strcspn(line, "\n"); line[len] = '\0'; /* If we read the 2nd line, parse list of line lengths and check. */ if (which) { lineno++; for (cp = strtok(lines[1], ","); cp != NULL; cp = strtok(NULL, ",")) { size_t maxlen; /* May be either a number or a range. */ dash = strchr(cp, '-'); if (dash != NULL) { *dash = '\0'; len = strtonum(cp, 1, INT_MAX, NULL); maxlen = strtonum(dash + 1, 1, INT_MAX, NULL); } else { len = maxlen = strtonum(cp, 1, INT_MAX, NULL); } if (len == 0 || maxlen == 0) fatalx("%s: invalid length on line %d\n", argv[1], lineno); while (len <= maxlen) { printf("# word wrap at %d characters\n", (int)len); writeln_wrap(stdout, lines[0], strlen(lines[0]), len); len++; } } } which = !which; } exit(0); } sudo-1.8.9p5/plugins/sudoers/regress/logging/check_wrap.in010064400175440000012000000004671226304126400232560ustar00millertstaffJul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users 60-80,120,140 Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile 60-80,120,140 sudo-1.8.9p5/plugins/sudoers/regress/logging/check_wrap.out.ok010064400175440000012000000177631226304126400240760ustar00millertstaff# word wrap at 60 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 61 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 62 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 63 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 64 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 65 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 66 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 67 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 68 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 69 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 70 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 71 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 72 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 73 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 74 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 75 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 76 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 77 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 78 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 79 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 80 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 120 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 140 characters Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users # word wrap at 60 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 61 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 62 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 63 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 64 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 65 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 66 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 67 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 68 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 69 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 70 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 71 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 72 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 73 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 74 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 75 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 76 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 77 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 78 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 79 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 80 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 120 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile # word wrap at 140 characters Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile sudo-1.8.9p5/plugins/sudoers/regress/parser/check_addr.c010064400175440000012000000072671226304126400227060ustar00millertstaff/* * Copyright (c) 2011-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #include #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include #include #include #include #include #include #define SUDO_ERROR_WRAP 0 #include "sudoers.h" #include "parse.h" #include "interfaces.h" __dso_public int main(int argc, char *argv[]); static int check_addr(char *input) { int expected, matched; const char *errstr; size_t len; char *cp; while (isspace((unsigned char)*input)) input++; /* input: "addr[/mask] 1/0" */ len = strcspn(input, " \t"); cp = input + len; while (isspace((unsigned char)*cp)) cp++; expected = strtonum(cp, 0, 1, &errstr); if (errstr != NULL) fatalx("expecting 0 or 1, got %s", cp); input[len] = '\0'; matched = addr_matches(input); if (matched != expected) { warningx("%s %smatched: FAIL", input, matched ? "" : "not "); return 1; } return 0; } static void usage(void) { fprintf(stderr, "usage: %s datafile\n", getprogname()); exit(1); } int main(int argc, char *argv[]) { int ntests = 0, errors = 0; char *cp, line[2048]; size_t len; FILE *fp; initprogname(argc > 0 ? argv[0] : "check_addr"); if (argc != 2) usage(); fp = fopen(argv[1], "r"); if (fp == NULL) fatalx("unable to open %s", argv[1]); /* * Input is in the following format. There are two types of * lines: interfaces, which sets the address and mask of the * locally connected ethernet interfaces for the lines that * follow and, address lines that include and address (with * optional netmask) to match, followed by expected match status * (1 or 0). E.g. * * interfaces: addr1/mask addr2/mask ... * address: addr[/mask] 1/0 * address: addr[/mask] 1/0 * interfaces: addr3/mask addr4/mask ... * address: addr[/mask] 1/0 */ while (fgets(line, sizeof(line), fp) != NULL) { len = strcspn(line, "\n"); line[len] = '\0'; /* Ignore comments */ if ((cp = strchr(line, '#')) != NULL) *cp = '\0'; /* Skip blank lines. */ if (line[0] == '\0') continue; if (strncmp(line, "interfaces:", sizeof("interfaces:") - 1) == 0) { set_interfaces(line + sizeof("interfaces:") - 1); } else if (strncmp(line, "address:", sizeof("address:") - 1) == 0) { errors += check_addr(line + sizeof("address:") - 1); ntests++; } else { warningx("unexpected data line: %s\n", line); continue; } } printf("check_addr: %d tests run, %d errors, %d%% success rate\n", ntests, errors, (ntests - errors) * 100 / ntests); exit(errors); } sudo-1.8.9p5/plugins/sudoers/regress/parser/check_addr.in010064400175440000012000000005251226304126400230600ustar00millertstaff# interfaces: 10.5.54.73/255.255.240.0 address: 10.5.48.0 1 address: 10.5.54.0/20 1 # interfaces: 128.138.243.151/255.255.255.0 128.138.241.53/255.255.255.0 address: 128.138.243.0 1 address: 128.138.243.0/24 1 address: 128.138.241.0 1 address: 128.138.241.0/24 1 address: 128.138.242.0/24 0 address: 128.138.0.0 0 address: 128.138.0.0/16 1 sudo-1.8.9p5/plugins/sudoers/regress/parser/check_base64.c010064400175440000012000000047411226304126400230520ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #if defined(HAVE_STDINT_H) # include #elif defined(HAVE_INTTYPES_H) # include #endif #define SUDO_ERROR_WRAP 0 #include "missing.h" extern size_t base64_decode(const char *str, unsigned char *dst, size_t dsize); __dso_public int main(int argc, char *argv[]); struct base64_test { const char *ascii; const char *encoded; } test_strings[] = { { "any carnal pleasure.", "YW55IGNhcm5hbCBwbGVhc3VyZS4=" }, { "any carnal pleasure", "YW55IGNhcm5hbCBwbGVhc3VyZQ==" }, { "any carnal pleasur", "YW55IGNhcm5hbCBwbGVhc3Vy" }, { "any carnal pleasu", "YW55IGNhcm5hbCBwbGVhc3U=" }, { "any carnal pleas", "YW55IGNhcm5hbCBwbGVhcw==" } }; int main(int argc, char *argv[]) { const int ntests = (sizeof(test_strings) / sizeof(test_strings[0])); int i, errors = 0; unsigned char buf[32]; size_t len; for (i = 0; i < ntests; i++) { len = base64_decode(test_strings[i].encoded, buf, sizeof(buf)); buf[len] = '\0'; if (strcmp(test_strings[i].ascii, (char *)buf) != 0) { fprintf(stderr, "check_base64: expected %s, got %s", test_strings[i].ascii, buf); errors++; } } printf("check_base64: %d tests run, %d errors, %d%% success rate\n", ntests, errors, (ntests - errors) * 100 / ntests); exit(errors); } sudo-1.8.9p5/plugins/sudoers/regress/parser/check_digest.c010064400175440000012000000066761226304126400232560ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #if defined(HAVE_STDINT_H) # include #elif defined(HAVE_INTTYPES_H) # include #endif #include "missing.h" #include "sha2.h" __dso_public int main(int argc, char *argv[]); static struct digest_function { const char *digest_name; const int digest_len; void (*init)(SHA2_CTX *); void (*update)(SHA2_CTX *, const unsigned char *, size_t); void (*final)(unsigned char *, SHA2_CTX *); } digest_functions[] = { { "SHA224", SHA224_DIGEST_LENGTH, SHA224Init, SHA224Update, SHA224Final }, { "SHA256", SHA256_DIGEST_LENGTH, SHA256Init, SHA256Update, SHA256Final }, { "SHA384", SHA384_DIGEST_LENGTH, SHA384Init, SHA384Update, SHA384Final }, { "SHA512", SHA512_DIGEST_LENGTH, SHA512Init, SHA512Update, SHA512Final }, { NULL } }; #define NUM_TESTS 8 static const char *test_strings[NUM_TESTS] = { "", "a", "abc", "message digest", "abcdefghijklmnopqrstuvwxyz", "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "12345678901234567890123456789012345678901234567890123456789" "012345678901234567890", }; int main(int argc, char *argv[]) { SHA2_CTX ctx; int i, j; struct digest_function *func; unsigned char digest[SHA512_DIGEST_LENGTH]; static const char hex[] = "0123456789abcdef"; unsigned char buf[1000]; for (func = digest_functions; func->digest_name != NULL; func++) { for (i = 0; i < NUM_TESTS; i++) { func->init(&ctx); func->update(&ctx, (unsigned char *)test_strings[i], strlen(test_strings[i])); func->final(digest, &ctx); printf("%s (\"%s\") = ", func->digest_name, test_strings[i]); for (j = 0; j < func->digest_len; j++) { putchar(hex[digest[j] >> 4]); putchar(hex[digest[j] & 0x0f]); } putchar('\n'); } /* Simulate a string of a million 'a' characters. */ memset(buf, 'a', sizeof(buf)); func->init(&ctx); for (i = 0; i < 1000; i++) { func->update(&ctx, buf, sizeof(buf)); } func->final(digest, &ctx); printf("%s (one million 'a' characters) = ", func->digest_name); for (j = 0; j < func->digest_len; j++) { putchar(hex[digest[j] >> 4]); putchar(hex[digest[j] & 0x0f]); } putchar('\n'); } exit(0); } sudo-1.8.9p5/plugins/sudoers/regress/parser/check_digest.out.ok010064400175440000012000000111341226304126400242340ustar00millertstaffSHA224 ("") = d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f SHA224 ("a") = abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5 SHA224 ("abc") = 23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7 SHA224 ("message digest") = 2cb21c83ae2f004de7e81c3c7019cbcb65b71ab656b22d6d0c39b8eb SHA224 ("abcdefghijklmnopqrstuvwxyz") = 45a5f72c39c5cff2522eb3429799e49e5f44b356ef926bcf390dccc2 SHA224 ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq") = 75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525 SHA224 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = bff72b4fcb7d75e5632900ac5f90d219e05e97a7bde72e740db393d9 SHA224 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = b50aecbe4e9bb0b57bc5f3ae760a8e01db24f203fb3cdcd13148046e SHA224 (one million 'a' characters) = 20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67 SHA256 ("") = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 SHA256 ("a") = ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb SHA256 ("abc") = ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad SHA256 ("message digest") = f7846f55cf23e14eebeab5b4e1550cad5b509e3348fbc4efa3a1413d393cb650 SHA256 ("abcdefghijklmnopqrstuvwxyz") = 71c480df93d6ae2f1efad1447c66c9525e316218cf51fc8d9ed832f2daf18b73 SHA256 ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq") = 248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1 SHA256 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = db4bfcbd4da0cd85a60c3c37d3fbd8805c77f15fc6b1fdfe614ee0a7c8fdb4c0 SHA256 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = f371bc4a311f2b009eef952dd83ca80e2b60026c8e935592d0f9c308453c813e SHA256 (one million 'a' characters) = cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0 SHA384 ("") = 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b SHA384 ("a") = 54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31 SHA384 ("abc") = cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7 SHA384 ("message digest") = 473ed35167ec1f5d8e550368a3db39be54639f828868e9454c239fc8b52e3c61dbd0d8b4de1390c256dcbb5d5fd99cd5 SHA384 ("abcdefghijklmnopqrstuvwxyz") = feb67349df3db6f5924815d6c3dc133f091809213731fe5c7b5f4999e463479ff2877f5f2936fa63bb43784b12f3ebb4 SHA384 ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq") = 3391fdddfc8dc7393707a65b1b4709397cf8b1d162af05abfe8f450de5f36bc6b0455a8520bc4e6f5fe95b1fe3c8452b SHA384 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = 1761336e3f7cbfe51deb137f026f89e01a448e3b1fafa64039c1464ee8732f11a5341a6f41e0c202294736ed64db1a84 SHA384 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = b12932b0627d1c060942f5447764155655bd4da0c9afa6dd9b9ef53129af1b8fb0195996d2de9ca0df9d821ffee67026 SHA384 (one million 'a' characters) = 9d0e1809716474cb086e834e310a4a1ced149e9c00f248527972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985 SHA512 ("") = cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e SHA512 ("a") = 1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75 SHA512 ("abc") = ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f SHA512 ("message digest") = 107dbf389d9e9f71a3a95f6c055b9251bc5268c2be16d6c13492ea45b0199f3309e16455ab1e96118e8a905d5597b72038ddb372a89826046de66687bb420e7c SHA512 ("abcdefghijklmnopqrstuvwxyz") = 4dbff86cc2ca1bae1e16468a05cb9881c97f1753bce3619034898faa1aabe429955a1bf8ec483d7421fe3c1646613a59ed5441fb0f321389f77f48a879c7b1f1 SHA512 ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq") = 204a8fc6dda82f0a0ced7beb8e08a41657c16ef468b228a8279be331a703c33596fd15c13b1b07f9aa1d3bea57789ca031ad85c7a71dd70354ec631238ca3445 SHA512 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = 1e07be23c26a86ea37ea810c8ec7809352515a970e9253c26f536cfc7a9996c45c8370583e0a78fa4a90041d71a4ceab7423f19c71b9d5a3e01249f0bebd5894 SHA512 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = 72ec1ef1124a45b047e8b7c75a932195135bb61de24ec0d1914042246e0aec3a2354e093d76f3048b456764346900cb130d2a4fd5dd16abb5e30bcb850dee843 SHA512 (one million 'a' characters) = e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973ebde0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b sudo-1.8.9p5/plugins/sudoers/regress/parser/check_fill.c010064400175440000012000000116451226304126400227150ustar00millertstaff/* * Copyright (c) 2011-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif /* HAVE_STDBOOL_H */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include #include #define SUDO_ERROR_WRAP 0 #include "missing.h" #include "queue.h" #include "parse.h" #include "toke.h" #include "sudo_plugin.h" #include __dso_public int main(int argc, char *argv[]); /* * TODO: test realloc */ YYSTYPE sudoerslval; struct fill_test { const char *input; const char *output; int len; int addspace; }; /* * In "normal" fill, anything can be escaped and hex chars are expanded. */ static struct fill_test txt_data[] = { { "Embedded\\x20Space", "Embedded Space", 0 }, { "\\x20Leading", " Leading", 0 }, { "Trailing\\x20", "Trailing ", 0 }, { "Multiple\\x20\\x20Spaces", "Multiple Spaces", 0 }, { "Hexparse\\x200Check", "Hexparse 0Check", 0 }, { "Escaped\\\\Escape", "Escaped\\Escape", 0 }, { "LongGroupName", "LongGrou", 8 } }; /* * The only escaped chars in a command should be [,:= \t#] * The rest are done by glob() or fnmatch(). */ static struct fill_test cmd_data[] = { { "foo\\,bar", "foo,bar", 0 }, { "this\\:that", "this:that", 0 }, { "foo\\=bar", "foo=bar", 0 }, { "tab\\\tstop", "tab\tstop", 0 }, { "not a \\#comment", "not a #comment", 0 } }; /* * No escaped characters in command line args. * Arguments get appended. */ static struct fill_test args_data[] = { { "/", "/", 0, 0 }, { "-type", "/ -type", 0, 1 }, { "f", "/ -type f", 0, 1 }, { "-exec", "/ -type f -exec", 0, 1 }, { "ls", "/ -type f -exec ls", 0, 1 }, { "{}", "/ -type f -exec ls {}", 0, 1 } }; static int check_fill(const char *input, int len, int addspace, const char *expect, char **resultp) { if (!fill(input, len)) return -1; *resultp = sudoerslval.string; return !strcmp(sudoerslval.string, expect); } static int check_fill_cmnd(const char *input, int len, int addspace, const char *expect, char **resultp) { if (!fill_cmnd(input, len)) return -1; *resultp = sudoerslval.command.cmnd; return !strcmp(sudoerslval.command.cmnd, expect); } static int check_fill_args(const char *input, int len, int addspace, const char *expect, char **resultp) { if (!fill_args(input, len, addspace)) return -1; *resultp = sudoerslval.command.args; return !strcmp(sudoerslval.command.args, expect); } static int do_tests(int (*checker)(const char *, int, int, const char *, char **), struct fill_test *data, size_t ntests) { int len, errors = 0; unsigned int i; char *result; for (i = 0; i < ntests; i++) { if (data[i].len == 0) len = strlen(data[i].input); else len = data[i].len; switch ((*checker)(data[i].input, len, data[i].addspace, data[i].output, &result)) { case 0: /* no match */ fprintf(stderr, "Failed parsing %.*s: expected [%s], got [%s]\n", (int)data[i].len, data[i].input, data[i].output, result); errors++; break; case 1: /* match */ break; default: /* error */ fprintf(stderr, "Failed parsing %.*s: fill function failure\n", (int)data[i].len, data[i].input); errors++; break; } } return errors; } int main(int argc, char *argv[]) { int ntests, errors = 0; errors += do_tests(check_fill, txt_data, sizeof(txt_data) / sizeof(txt_data[0])); errors += do_tests(check_fill_cmnd, cmd_data, sizeof(cmd_data) / sizeof(cmd_data[0])); errors += do_tests(check_fill_args, args_data, sizeof(args_data) / sizeof(args_data[0])); ntests = sizeof(txt_data) / sizeof(txt_data[0]) + sizeof(cmd_data) / sizeof(cmd_data[0]) + sizeof(args_data) / sizeof(args_data[0]); printf("check_fill: %d tests run, %d errors, %d%% success rate\n", ntests, errors, (ntests - errors) * 100 / ntests); exit(errors); } /* STUB */ void sudoerserror(const char *s) { return; } sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test1.in010064400175440000012000000004601226304126400222370ustar00millertstaff# # Verify that all command tags are parsed OK. # See http://www.sudo.ws/bugs/show_bug.cgi?id=437 # user1 ALL = LOG_INPUT: LOG_OUTPUT: /usr/bin/su -:\ ALL = NOLOG_INPUT: NOLOG_OUTPUT: /usr/bin/id user2 ALL = NOPASSWD: NOEXEC: SETENV: /usr/bin/vi:\ ALL = PASSWD: EXEC: NOSETENV: /usr/bin/echo sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test1.out.ok010064400175440000012000000002121226304126400230430ustar00millertstaffParses OK. user1 ALL = /usr/bin/su - : ALL = /usr/bin/id user2 ALL = NOPASSWD: NOEXEC: /usr/bin/vi : ALL = PASSWD: EXEC: /usr/bin/echo sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test1.toke.ok010064400175440000012000000002641226304126400232050ustar00millertstaff# # # # WORD(5) ALL = LOG_INPUT LOG_OUTPUT COMMAND ARG : ALL = NOLOG_INPUT NOLOG_OUTPUT COMMAND WORD(5) ALL = NOPASSWD NOEXEC SETENV COMMAND : ALL = PASSWD EXEC NOSETENV COMMAND sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test10.in010064400175440000012000000000011226304126400223060ustar00millertstaff sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test10.out.ok010064400175440000012000000000161226304126400231250ustar00millertstaffParses OK. sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test10.toke.ok010064400175440000012000000000011226304126400232520ustar00millertstaff sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test11.in010064400175440000012000000000061226304126400223140ustar00millertstaffbogus sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test11.out.ok010064400175440000012000000000471226304126400231320ustar00millertstaffParse error in sudoers near line 1. sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test11.toke.ok010064400175440000012000000000151226304126400232600ustar00millertstaffWORD(5) <*> sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test12.in010064400175440000012000000000211226304126400223120ustar00millertstaffuser ALL = (ALL) sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test12.out.ok010064400175440000012000000000471226304126400231330ustar00millertstaffParse error in sudoers near line 1. sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test12.toke.ok010064400175440000012000000000331226304126400232610ustar00millertstaffWORD(5) ALL = ( ALL ) <*> sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test13.in010064400175440000012000000000201226304126400223120ustar00millertstaffuser ALL = (ALL)sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test13.out.ok010064400175440000012000000000471226304126400231340ustar00millertstaffParse error in sudoers near line 1. sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test13.toke.ok010064400175440000012000000000321226304126400232610ustar00millertstaffWORD(5) ALL = ( ALL ) <*> sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test14.in010064400175440000012000000004431226304126400223240ustar00millertstaffCmnd_Alias LS = sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1 /bin/ls Cmnd_Alias SH = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM= /bin/sh millert ALL = LS, SH, sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test14.out.ok010064400175440000012000000001361226304126400231340ustar00millertstaffParses OK. Cmnd_Alias LS = /bin/ls Cmnd_Alias SH = /bin/sh millert ALL = LS, SH, /bin/kill sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test14.toke.ok010064400175440000012000000002161226304126400232660ustar00millertstaffCMNDALIAS ALIAS = SHA224 : DIGEST COMMAND CMNDALIAS ALIAS = SHA256 : DIGEST COMMAND WORD(5) ALL = ALIAS , ALIAS , SHA512 : DIGEST COMMAND sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test2.in010064400175440000012000000033121226304126400222370ustar00millertstaff# Check quoted user name in User_Alias User_Alias UA1 = "foo" User_Alias UA2 = "foo.bar" User_Alias UA3 = "foo\"" User_Alias UA4 = "foo:bar" User_Alias UA5 = "foo:bar\"" # Check quoted group name in User_Alias User_Alias UA6 = "%baz" User_Alias UA7 = "%baz.biz" # Check quoted non-Unix group name in User_Alias User_Alias UA8 = "%:C/non UNIX 0 c" User_Alias UA9 = "%:C/non\'UNIX\'1 c" User_Alias UA10 = "%:C/non\"UNIX\"0 c" User_Alias UA11 = "%:C/non_UNIX_0 c" User_Alias UA12 = "%:C/non\'UNIX_3 c" # Check quoted user name in Runas_Alias Runas_Alias RA1 = "foo" Runas_Alias RA2 = "foo\"" Runas_Alias RA3 = "foo:bar" Runas_Alias RA4 = "foo:bar\"" # Check quoted host name in Defaults Defaults@"somehost" set_home Defaults@"quoted\"" set_home # Check quoted user name in Defaults Defaults:"you" set_home Defaults:"us\"" set_home Defaults:"%them" set_home Defaults:"%: non UNIX 0 c" set_home Defaults:"+net" set_home # Check quoted runas name in Defaults Defaults>"someone" set_home Defaults>"some one" set_home # Check quoted command in Defaults # XXX - not currently supported #Defaults!"/bin/ls -l" set_home #Defaults!"/bin/ls -l \"foo\"" set_home # Check quoted user, runas and host name in Cmnd_Spec "foo" "hosta" = ("root") ALL "foo.bar" "hostb" = ("root") ALL "foo\"" "hostc" = ("root") ALL "foo:bar" "hostd" = ("root") ALL "foo:bar\"" "hoste" = ("root") ALL # Check quoted group/netgroup name in Cmnd_Spec "%baz" "hosta" = ("root") ALL "%baz.biz" "hostb" = ("root") ALL "%:C/non UNIX 0 c" "hostc" = ("root") ALL "%:C/non\'UNIX\'1 c" "hostd" = ("root") ALL "%:C/non\"UNIX\"0 c" "hoste" = ("root") ALL "%:C/non_UNIX_0 c" "hostf" = ("root") ALL "%:C/non\'UNIX_3 c" "hostg" = ("root") ALL "+netgr" "hosth" = ("root") ALL sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test2.out.ok010064400175440000012000000020641226304126500230540ustar00millertstaffParses OK. Defaults@somehost set_home Defaults@quoted" set_home Defaults:you set_home Defaults:us" set_home Defaults:%them set_home Defaults:%: non UNIX 0 c set_home Defaults:+net set_home Defaults>someone set_home Defaults>some one set_home Runas_Alias RA1 = foo Runas_Alias RA2 = foo" Runas_Alias RA3 = foo:bar Runas_Alias RA4 = foo:bar" User_Alias UA1 = foo User_Alias UA10 = %:C/non"UNIX"0 c User_Alias UA11 = %:C/non_UNIX_0 c User_Alias UA12 = %:C/non\'UNIX_3 c User_Alias UA2 = foo.bar User_Alias UA3 = foo" User_Alias UA4 = foo:bar User_Alias UA5 = foo:bar" User_Alias UA6 = %baz User_Alias UA7 = %baz.biz User_Alias UA8 = %:C/non UNIX 0 c User_Alias UA9 = %:C/non\'UNIX\'1 c foo hosta = (root) ALL foo.bar hostb = (root) ALL foo" hostc = (root) ALL foo:bar hostd = (root) ALL foo:bar" hoste = (root) ALL %baz hosta = (root) ALL %baz.biz hostb = (root) ALL %:C/non UNIX 0 c hostc = (root) ALL %:C/non\'UNIX\'1 c hostd = (root) ALL %:C/non"UNIX"0 c hoste = (root) ALL %:C/non_UNIX_0 c hostf = (root) ALL %:C/non\'UNIX_3 c hostg = (root) ALL +netgr hosth = (root) ALL sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test2.toke.ok010064400175440000012000000054671226304126500232210ustar00millertstaff# USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) # USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR USERGROUP USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR USERGROUP # USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR USERGROUP USERALIAS ALIAS = BEGINSTR STRBODY BACKSLASH STRBODY BACKSLASH STRBODY ENDSTR USERGROUP USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR USERGROUP USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR USERGROUP USERALIAS ALIAS = BEGINSTR STRBODY BACKSLASH STRBODY ENDSTR USERGROUP # RUNASALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) RUNASALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) RUNASALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) RUNASALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) # DEFAULTS_HOST BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR DEFAULTS_HOST BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR # DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR # DEFAULTS_RUNAS BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR DEFAULTS_RUNAS BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR # # # # # BEGINSTR STRBODY ENDSTR WORD(4) BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL BEGINSTR STRBODY ENDSTR WORD(4) BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL BEGINSTR STRBODY ENDSTR WORD(4) BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL BEGINSTR STRBODY ENDSTR WORD(4) BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL BEGINSTR STRBODY ENDSTR WORD(4) BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL # BEGINSTR STRBODY ENDSTR USERGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL BEGINSTR STRBODY ENDSTR USERGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL BEGINSTR STRBODY ENDSTR USERGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL BEGINSTR STRBODY BACKSLASH STRBODY BACKSLASH STRBODY ENDSTR USERGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL BEGINSTR STRBODY ENDSTR USERGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL BEGINSTR STRBODY ENDSTR USERGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL BEGINSTR STRBODY BACKSLASH STRBODY ENDSTR USERGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL BEGINSTR STRBODY ENDSTR NETGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test3.in010064400175440000012000000003111226304126500222350ustar00millertstaff# Test whitespace in User_List as part of a per-user Defaults entry User_Alias FOO = foo, bar Defaults:FOO env_reset Defaults:foo,bar env_reset Defaults:foo,\ bar env_reset Defaults:foo, bar env_reset sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test3.out.ok010064400175440000012000000002211226304126500230460ustar00millertstaffParses OK. Defaults:FOO env_reset Defaults:foo,bar env_reset Defaults:foo, bar env_reset Defaults:foo,bar env_reset User_Alias FOO = foo, bar sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test3.toke.ok010064400175440000012000000002731226304126500232100ustar00millertstaff# USERALIAS ALIAS = WORD(5) , WORD(5) DEFAULTS_USER ALIAS DEFVAR DEFAULTS_USER WORD(5) , WORD(5) DEFVAR DEFAULTS_USER WORD(5) , WORD(5) DEFVAR DEFAULTS_USER WORD(5) , WORD(5) DEFVAR sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test4.in010064400175440000012000000003001226304126500222340ustar00millertstaff# Test line continuation with anchored matches User_Alias FOO = foo \ : BAR = bar # This used to pass for sudo < 1.8.1 (though it should not have) User_Alias FOO = foo \ User_Alias BAR = bar sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test4.out.ok010064400175440000012000000001211226304126500230460ustar00millertstaffParse error in sudoers near line 7. User_Alias BAR = bar User_Alias FOO = foo sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test4.toke.ok010064400175440000012000000001471226304126500232110ustar00millertstaff# USERALIAS ALIAS = WORD(5) : ALIAS = WORD(5) # USERALIAS ALIAS = WORD(5) ERROR <*> ALIAS = WORD(5) sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test5.in010064400175440000012000000001241226304126500222410ustar00millertstaff# Test empty string in User_Alias and Command_Spec User_Alias FOO = "" "" ALL = ALL sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test5.out.ok010064400175440000012000000000471226304126500230560ustar00millertstaffParse error in sudoers near line 2. sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test5.toke.ok010064400175440000012000000001241226304126500232050ustar00millertstaff# USERALIAS ALIAS = BEGINSTR ENDSTR ERROR <*> BEGINSTR ENDSTR ERROR <*> ALL = ALL sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test6.in010064400175440000012000000005341226304126500222470ustar00millertstaff# Check that uids work in per-user and per-runas Defaults Defaults:#123 set_home Defaults>#123 set_home Defaults:"#123" set_home Defaults>"#123" set_home # Check that uids work in a Command_Spec #0 ALL = ALL #0 ALL = (#0 : #0) ALL "#0" ALL = ALL "#0" ALL = ("#0" : "#0") ALL # Check that gids work in a Command_Spec %#0 ALL = ALL "%#0" ALL = ALL sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test6.out.ok010064400175440000012000000003161226304126500230560ustar00millertstaffParses OK. Defaults:#123 set_home Defaults>#123 set_home Defaults:#123 set_home Defaults>#123 set_home #0 ALL = ALL #0 ALL = (#0 : #0) ALL #0 ALL = ALL #0 ALL = (#0 : #0) ALL %#0 ALL = ALL %#0 ALL = ALL sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test6.toke.ok010064400175440000012000000007141226304126500232130ustar00millertstaff# DEFAULTS_USER WORD(5) DEFVAR DEFAULTS_RUNAS WORD(5) DEFVAR DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR DEFAULTS_RUNAS BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR # WORD(5) ALL = ALL WORD(5) ALL = ( WORD(5) : WORD(5) ) ALL BEGINSTR STRBODY ENDSTR WORD(4) ALL = ALL BEGINSTR STRBODY ENDSTR WORD(4) ALL = ( BEGINSTR STRBODY ENDSTR WORD(4) : BEGINSTR STRBODY ENDSTR WORD(4) ) ALL # USERGROUP ALL = ALL BEGINSTR STRBODY ENDSTR USERGROUP ALL = ALL sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test7.in010064400175440000012000000002441226304126500222460ustar00millertstaff# These should all be syntax errors User_Alias FOO1 = "%" User_Alias FOO2 = "%:" User_Alias FOO3 = "+" User_Alias FOO4 = % User_Alias FOO5 = %: User_Alias FOO6 = + sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test7.out.ok010064400175440000012000000000471226304126500230600ustar00millertstaffParse error in sudoers near line 2. sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test7.toke.ok010064400175440000012000000003701226304126500232120ustar00millertstaff# USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR ERROR <*> USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR ERROR <*> USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR ERROR <*> USERALIAS ALIAS = ERROR <*> USERALIAS ALIAS = ERROR <*> USERALIAS ALIAS = ERROR <*> sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test8.in010064400175440000012000000002411226304126500222440ustar00millertstaff# Test quoted strings User_Alias UA1 = "xy" User_Alias UA2 = "x\ y" User_Alias UA3 = x\"y # A newline in the middle of a string is an error User_Alias UA4 = "x sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test8.out.ok010064400175440000012000000001441226304126500230570ustar00millertstaffParse error in sudoers near line 8. User_Alias UA1 = xy User_Alias UA2 = xy User_Alias UA3 = x"y sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test8.toke.ok010064400175440000012000000003011226304126500232050ustar00millertstaff# USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) USERALIAS ALIAS = BEGINSTR STRBODY STRBODY ENDSTR WORD(4) USERALIAS ALIAS = WORD(5) # USERALIAS ALIAS = BEGINSTR STRBODY ERROR <*> ERROR sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test9.in010064400175440000012000000000001226304126500222360ustar00millertstaffsudo-1.8.9p5/plugins/sudoers/regress/sudoers/test9.out.ok010064400175440000012000000000161226304126500230560ustar00millertstaffParses OK. sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test9.toke.ok010064400175440000012000000000001226304126500232020ustar00millertstaffsudo-1.8.9p5/plugins/sudoers/regress/testsudoers/test1.out.ok010064400175440000012000000001201226304126500237420ustar00millertstaffParses OK. Entries for user root: ALL = ALL host matched Command unmatched sudo-1.8.9p5/plugins/sudoers/regress/testsudoers/test1.sh010075500175440000012000000003441226304126500231500ustar00millertstaff#!/bin/sh # # Test for NULL dereference with "sudo -g group" when the sudoers rule # has no runas user or group listed. # This is RedHat bug Bug 667103. # exec 2>&1 ./testsudoers -g bin root id <&1 ./testsudoers -U $MYUID -G $MYGID root id <&1 ./testsudoers -U $MYUID -G $MYGID root id <&1 ./testsudoers -U 1 root id <$TESTFILE <&1 # Test world writable chmod 666 $TESTFILE ./testsudoers -U $MYUID -G $MYGID root id < * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef _AIX # include #endif #include #include #include #include "sudoers.h" /* * Prototypes */ #if defined(HAVE_SETRESUID) || defined(HAVE_SETREUID) || defined(HAVE_SETEUID) static struct group_list *runas_setgroups(void); #endif /* * We keep track of the current permisstions and use a stack to restore * the old permissions. A depth of 16 is overkill. */ struct perm_state { uid_t ruid; uid_t euid; #if defined(HAVE_SETRESUID) || defined(ID_SAVED) uid_t suid; #endif gid_t rgid; gid_t egid; #if defined(HAVE_SETRESUID) || defined(ID_SAVED) gid_t sgid; #endif struct group_list *grlist; }; #define PERM_STACK_MAX 16 static struct perm_state perm_stack[PERM_STACK_MAX]; static int perm_stack_depth = 0; #undef ID #define ID(x) (state->x == ostate->x ? (uid_t)-1 : state->x) #undef OID #define OID(x) (ostate->x == state->x ? (uid_t)-1 : ostate->x) void rewind_perms(void) { debug_decl(rewind_perms, SUDO_DEBUG_PERMS) if (perm_stack_depth != 0) { while (perm_stack_depth > 1) restore_perms(); sudo_grlist_delref(perm_stack[0].grlist); } debug_return; } #if defined(HAVE_SETRESUID) #define UID_CHANGED (state->ruid != ostate->ruid || state->euid != ostate->euid || state->suid != ostate->suid) #define GID_CHANGED (state->rgid != ostate->rgid || state->egid != ostate->egid || state->sgid != ostate->sgid) /* * Set real and effective and saved uids and gids based on perm. * We always retain a saved uid of 0 unless we are headed for an exec(). * We only flip the effective gid since it only changes for PERM_SUDOERS. * This version of set_perms() works fine with the "stay_setuid" option. */ int set_perms(int perm) { struct perm_state *state, *ostate = NULL; char errbuf[1024]; const char *errstr = errbuf; int noexit; debug_decl(set_perms, SUDO_DEBUG_PERMS) noexit = ISSET(perm, PERM_NOEXIT); CLR(perm, PERM_MASK); if (perm_stack_depth == PERM_STACK_MAX) { errstr = N_("perm stack overflow"); errno = EINVAL; goto bad; } state = &perm_stack[perm_stack_depth]; if (perm != PERM_INITIAL) { if (perm_stack_depth == 0) { errstr = N_("perm stack underflow"); errno = EINVAL; goto bad; } ostate = &perm_stack[perm_stack_depth - 1]; } switch (perm) { case PERM_INITIAL: /* Stash initial state */ #ifdef HAVE_GETRESUID if (getresuid(&state->ruid, &state->euid, &state->suid)) { errstr = "PERM_INITIAL: getresuid"; goto bad; } if (getresgid(&state->rgid, &state->egid, &state->sgid)) { errstr = "PERM_INITIAL: getresgid"; goto bad; } #else state->ruid = getuid(); state->euid = geteuid(); state->suid = state->euid; /* in case we are setuid */ state->rgid = getgid(); state->egid = getegid(); state->sgid = state->egid; /* in case we are setgid */ #endif state->grlist = user_group_list; sudo_grlist_addref(state->grlist); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_INITIAL: " "ruid: %d, euid: %d, suid: %d, rgid: %d, egid: %d, sgid: %d", __func__, (int)state->ruid, (int)state->euid, (int)state->suid, (int)state->rgid, (int)state->egid, (int)state->sgid); break; case PERM_ROOT: state->ruid = ROOT_UID; state->euid = ROOT_UID; state->suid = ROOT_UID; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, (int)state->ruid, (int)state->euid, (int)state->suid); if (UID_CHANGED && setresuid(ID(ruid), ID(euid), ID(suid))) { snprintf(errbuf, sizeof(errbuf), "PERM_ROOT: setresuid(%d, %d, %d)", ID(ruid), ID(euid), ID(suid)); goto bad; } state->rgid = ostate->rgid; state->egid = ROOT_GID; state->sgid = ostate->sgid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, (int)state->rgid, (int)state->egid, (int)state->sgid); if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) { errstr = N_("unable to change to root gid"); goto bad; } state->grlist = ostate->grlist; sudo_grlist_addref(state->grlist); break; case PERM_USER: state->rgid = ostate->rgid; state->egid = user_gid; state->sgid = ostate->sgid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_USER: gid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, (int)state->rgid, (int)state->egid, (int)state->sgid); if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) { snprintf(errbuf, sizeof(errbuf), "PERM_USER: setresgid(%d, %d, %d)", ID(rgid), ID(egid), ID(sgid)); goto bad; } state->grlist = user_group_list; sudo_grlist_addref(state->grlist); if (state->grlist != ostate->grlist) { if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { errstr = "PERM_USER: setgroups"; goto bad; } } state->ruid = user_uid; state->euid = user_uid; state->suid = ROOT_UID; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_USER: uid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, (int)state->ruid, (int)state->euid, (int)state->suid); if (UID_CHANGED && setresuid(ID(ruid), ID(euid), ID(suid))) { snprintf(errbuf, sizeof(errbuf), "PERM_USER: setresuid(%d, %d, %d)", ID(ruid), ID(euid), ID(suid)); goto bad; } break; case PERM_FULL_USER: /* headed for exec() */ state->rgid = user_gid; state->egid = user_gid; state->sgid = user_gid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: gid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, (int)state->rgid, (int)state->egid, (int)state->sgid); if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) { snprintf(errbuf, sizeof(errbuf), "PERM_FULL_USER: setresgid(%d, %d, %d)", ID(rgid), ID(egid), ID(sgid)); goto bad; } state->grlist = user_group_list; sudo_grlist_addref(state->grlist); if (state->grlist != ostate->grlist) { if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { errstr = "PERM_FULL_USER: setgroups"; goto bad; } } state->ruid = user_uid; state->euid = user_uid; state->suid = user_uid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: uid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, (int)state->ruid, (int)state->euid, (int)state->suid); if (UID_CHANGED && setresuid(ID(ruid), ID(euid), ID(suid))) { snprintf(errbuf, sizeof(errbuf), "PERM_FULL_USER: setresuid(%d, %d, %d)", ID(ruid), ID(euid), ID(suid)); goto bad; } break; case PERM_RUNAS: state->rgid = ostate->rgid; state->egid = runas_gr ? runas_gr->gr_gid : runas_pw->pw_gid; state->sgid = ostate->sgid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_RUNAS: gid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, (int)state->rgid, (int)state->egid, (int)state->sgid); if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) { errstr = N_("unable to change to runas gid"); goto bad; } state->grlist = runas_setgroups(); state->ruid = ostate->ruid; state->euid = runas_pw ? runas_pw->pw_uid : user_uid; state->suid = ostate->suid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_RUNAS: uid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, (int)state->ruid, (int)state->euid, (int)state->suid); if (UID_CHANGED && setresuid(ID(ruid), ID(euid), ID(suid))) { errstr = N_("unable to change to runas uid"); goto bad; } break; case PERM_SUDOERS: state->grlist = ostate->grlist; sudo_grlist_addref(state->grlist); /* assumes euid == ROOT_UID, ruid == user */ state->rgid = ostate->rgid; state->egid = sudoers_gid; state->sgid = ostate->sgid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_SUDOERS: gid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, (int)state->rgid, (int)state->egid, (int)state->sgid); if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) { errstr = N_("unable to change to sudoers gid"); goto bad; } state->ruid = ROOT_UID; /* * If sudoers_uid == ROOT_UID and sudoers_mode is group readable * we use a non-zero uid in order to avoid NFS lossage. * Using uid 1 is a bit bogus but should work on all OS's. */ if (sudoers_uid == ROOT_UID && (sudoers_mode & S_IRGRP)) state->euid = 1; else state->euid = sudoers_uid; state->suid = ROOT_UID; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_SUDOERS: uid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, (int)state->ruid, (int)state->euid, (int)state->suid); if (UID_CHANGED && setresuid(ID(ruid), ID(euid), ID(suid))) { snprintf(errbuf, sizeof(errbuf), "PERM_SUDOERS: setresuid(%d, %d, %d)", ID(ruid), ID(euid), ID(suid)); goto bad; } break; case PERM_TIMESTAMP: state->grlist = ostate->grlist; sudo_grlist_addref(state->grlist); state->rgid = ostate->rgid; state->egid = ostate->egid; state->sgid = ostate->sgid; state->ruid = ROOT_UID; state->euid = timestamp_uid; state->suid = ROOT_UID; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_TIMESTAMP: uid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, (int)state->ruid, (int)state->euid, (int)state->suid); if (UID_CHANGED && setresuid(ID(ruid), ID(euid), ID(suid))) { snprintf(errbuf, sizeof(errbuf), "PERM_TIMESTAMP: setresuid(%d, %d, %d)", ID(ruid), ID(euid), ID(suid)); goto bad; } break; } perm_stack_depth++; debug_return_bool(1); bad: if (errno == EAGAIN) warningx(U_("%s: %s"), U_(errstr), U_("too many processes")); else warning("%s", U_(errstr)); if (noexit) debug_return_bool(0); exit(1); } void restore_perms(void) { struct perm_state *state, *ostate; debug_decl(restore_perms, SUDO_DEBUG_PERMS) if (perm_stack_depth < 2) debug_return; state = &perm_stack[perm_stack_depth - 1]; ostate = &perm_stack[perm_stack_depth - 2]; perm_stack_depth--; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: uid: [%d, %d, %d] -> [%d, %d, %d]", __func__, (int)state->ruid, (int)state->euid, (int)state->suid, (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: gid: [%d, %d, %d] -> [%d, %d, %d]", __func__, (int)state->rgid, (int)state->egid, (int)state->sgid, (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid); /* XXX - more cases here where euid != ruid */ if (OID(euid) == ROOT_UID) { if (setresuid(-1, ROOT_UID, -1)) { warning("setresuid() [%d, %d, %d] -> [%d, %d, %d]", (int)state->ruid, (int)state->euid, (int)state->suid, -1, ROOT_UID, -1); goto bad; } } if (setresuid(OID(ruid), OID(euid), OID(suid))) { warning("setresuid() [%d, %d, %d] -> [%d, %d, %d]", (int)state->ruid, (int)state->euid, (int)state->suid, (int)OID(ruid), (int)OID(euid), (int)OID(suid)); goto bad; } if (setresgid(OID(rgid), OID(egid), OID(sgid))) { warning("setresgid() [%d, %d, %d] -> [%d, %d, %d]", (int)state->rgid, (int)state->egid, (int)state->sgid, (int)OID(rgid), (int)OID(egid), (int)OID(sgid)); goto bad; } if (state->grlist != ostate->grlist) { if (sudo_setgroups(ostate->grlist->ngids, ostate->grlist->gids)) { warning("setgroups()"); goto bad; } } sudo_grlist_delref(state->grlist); debug_return; bad: exit(1); } #elif defined(_AIX) && defined(ID_SAVED) #define UID_CHANGED (state->ruid != ostate->ruid || state->euid != ostate->euid || state->suid != ostate->suid) #define GID_CHANGED (state->rgid != ostate->rgid || state->egid != ostate->egid || state->sgid != ostate->sgid) /* * Set real and effective and saved uids and gids based on perm. * We always retain a saved uid of 0 unless we are headed for an exec(). * We only flip the effective gid since it only changes for PERM_SUDOERS. * This version of set_perms() works fine with the "stay_setuid" option. */ int set_perms(int perm) { struct perm_state *state, *ostate = NULL; char errbuf[1024]; const char *errstr = errbuf; int noexit; debug_decl(set_perms, SUDO_DEBUG_PERMS) noexit = ISSET(perm, PERM_NOEXIT); CLR(perm, PERM_MASK); if (perm_stack_depth == PERM_STACK_MAX) { errstr = N_("perm stack overflow"); errno = EINVAL; goto bad; } state = &perm_stack[perm_stack_depth]; if (perm != PERM_INITIAL) { if (perm_stack_depth == 0) { errstr = N_("perm stack underflow"); errno = EINVAL; goto bad; } ostate = &perm_stack[perm_stack_depth - 1]; } switch (perm) { case PERM_INITIAL: /* Stash initial state */ state->ruid = getuidx(ID_REAL); state->euid = getuidx(ID_EFFECTIVE); state->suid = getuidx(ID_SAVED); state->rgid = getgidx(ID_REAL); state->egid = getgidx(ID_EFFECTIVE); state->sgid = getgidx(ID_SAVED); state->grlist = user_group_list; sudo_grlist_addref(state->grlist); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_INITIAL: " "ruid: %d, euid: %d, suid: %d, rgid: %d, egid: %d, sgid: %d", __func__, (unsigned int)state->ruid, (unsigned int)state->euid, (unsigned int)state->suid, (unsigned int)state->rgid, (unsigned int)state->egid, (unsigned int)state->sgid); break; case PERM_ROOT: state->ruid = ROOT_UID; state->euid = ROOT_UID; state->suid = ROOT_UID; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, (int)state->ruid, (int)state->euid, (int)state->suid); if (UID_CHANGED && setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, ROOT_UID)) { snprintf(errbuf, sizeof(errbuf), "PERM_ROOT: setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, %d)", ROOT_UID); goto bad; } state->rgid = ostate->rgid; state->egid = ROOT_GID; state->sgid = ostate->sgid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, (int)state->rgid, (int)state->egid, (int)state->sgid); if (GID_CHANGED && setgidx(ID_EFFECTIVE, ROOT_GID)) { errstr = N_("unable to change to root gid"); goto bad; } state->grlist = ostate->grlist; sudo_grlist_addref(state->grlist); break; case PERM_USER: state->rgid = ostate->rgid; state->egid = user_gid; state->sgid = ostate->sgid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_USER: gid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, (int)state->rgid, (int)state->egid, (int)state->sgid); if (GID_CHANGED && setgidx(ID_EFFECTIVE, user_gid)) { snprintf(errbuf, sizeof(errbuf), "PERM_USER: setgidx(ID_EFFECTIVE, %d)", user_gid); goto bad; } state->grlist = user_group_list; sudo_grlist_addref(state->grlist); if (state->grlist != ostate->grlist) { if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { errstr = "PERM_USER: setgroups"; goto bad; } } state->ruid = user_uid; state->euid = user_uid; state->suid = ROOT_UID; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_USER: uid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, (int)state->ruid, (int)state->euid, (int)state->suid); if (ostate->euid != ROOT_UID || ostate->suid != ROOT_UID) { if (setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, ROOT_UID)) { snprintf(errbuf, sizeof(errbuf), "PERM_USER: setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, %d)", ROOT_UID); goto bad; } } if (setuidx(ID_EFFECTIVE|ID_REAL, user_uid)) { snprintf(errbuf, sizeof(errbuf), "PERM_USER: setuidx(ID_EFFECTIVE|ID_REAL, %d)", user_uid); goto bad; } break; case PERM_FULL_USER: /* headed for exec() */ state->rgid = user_gid; state->egid = user_gid; state->sgid = user_gid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: gid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, (int)state->rgid, (int)state->egid, (int)state->sgid); if (GID_CHANGED && setgidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, user_gid)) { snprintf(errbuf, sizeof(errbuf), "PERM_FULL_USER: setgidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, %d)", user_gid); goto bad; } state->grlist = user_group_list; sudo_grlist_addref(state->grlist); if (state->grlist != ostate->grlist) { if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { errstr = "PERM_FULL_USER: setgroups"; goto bad; } } state->ruid = user_uid; state->euid = user_uid; state->suid = user_uid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: uid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, (int)state->ruid, (int)state->euid, (int)state->suid); if (UID_CHANGED && setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, user_uid)) { snprintf(errbuf, sizeof(errbuf), "PERM_FULL_USER: setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, %d)", user_uid); goto bad; } break; case PERM_RUNAS: state->rgid = ostate->rgid; state->egid = runas_gr ? runas_gr->gr_gid : runas_pw->pw_gid; state->sgid = ostate->sgid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_RUNAS: gid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, (int)state->rgid, (int)state->egid, (int)state->sgid); if (GID_CHANGED && setgidx(ID_EFFECTIVE, state->egid)) { errstr = N_("unable to change to runas gid"); goto bad; } state->grlist = runas_setgroups(); state->ruid = ostate->ruid; state->euid = runas_pw ? runas_pw->pw_uid : user_uid; state->suid = ostate->suid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_RUNAS: uid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, (int)state->ruid, (int)state->euid, (int)state->suid); if (UID_CHANGED && setuidx(ID_EFFECTIVE, state->euid)) { errstr = N_("unable to change to runas uid"); goto bad; } break; case PERM_SUDOERS: state->grlist = ostate->grlist; sudo_grlist_addref(state->grlist); /* assume euid == ROOT_UID, ruid == user */ state->rgid = ostate->rgid; state->egid = sudoers_gid; state->sgid = ostate->sgid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_SUDOERS: gid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, (int)state->rgid, (int)state->egid, (int)state->sgid); if (GID_CHANGED && setgidx(ID_EFFECTIVE, sudoers_gid)) { errstr = N_("unable to change to sudoers gid"); goto bad; } state->ruid = ROOT_UID; /* * If sudoers_uid == ROOT_UID and sudoers_mode is group readable * we use a non-zero uid in order to avoid NFS lossage. * Using uid 1 is a bit bogus but should work on all OS's. */ if (sudoers_uid == ROOT_UID && (sudoers_mode & S_IRGRP)) state->euid = 1; else state->euid = sudoers_uid; state->suid = ROOT_UID; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_SUDOERS: uid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, (int)state->ruid, (int)state->euid, (int)state->suid); if (UID_CHANGED) { if (ostate->ruid != ROOT_UID || ostate->suid != ROOT_UID) { if (setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, ROOT_UID)) { snprintf(errbuf, sizeof(errbuf), "PERM_SUDOERS: setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, %d)", ROOT_UID); goto bad; } } if (setuidx(ID_EFFECTIVE, state->euid)) { snprintf(errbuf, sizeof(errbuf), "PERM_SUDOERS: setuidx(ID_EFFECTIVE, %d)", sudoers_uid); goto bad; } } break; case PERM_TIMESTAMP: state->grlist = ostate->grlist; sudo_grlist_addref(state->grlist); state->rgid = ostate->rgid; state->egid = ostate->egid; state->sgid = ostate->sgid; state->ruid = ROOT_UID; state->euid = timestamp_uid; state->suid = ROOT_UID; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_TIMESTAMP: uid: " "[%d, %d, %d] -> [%d, %d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, (int)state->ruid, (int)state->euid, (int)state->suid); if (UID_CHANGED) { if (ostate->ruid != ROOT_UID || ostate->suid != ROOT_UID) { if (setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, ROOT_UID)) { snprintf(errbuf, sizeof(errbuf), "PERM_TIMESTAMP: setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, %d)", ROOT_UID); goto bad; } } if (setuidx(ID_EFFECTIVE, timestamp_uid)) { snprintf(errbuf, sizeof(errbuf), "PERM_TIMESTAMP: setuidx(ID_EFFECTIVE, %d)", timestamp_uid); goto bad; } } break; } perm_stack_depth++; debug_return_bool(1); bad: if (errno == EAGAIN) warningx(U_("%s: %s"), U_(errstr), U_("too many processes")); else warning("%s", U_(errstr)); if (noexit) debug_return_bool(0); exit(1); } void restore_perms(void) { struct perm_state *state, *ostate; debug_decl(restore_perms, SUDO_DEBUG_PERMS) if (perm_stack_depth < 2) debug_return; state = &perm_stack[perm_stack_depth - 1]; ostate = &perm_stack[perm_stack_depth - 2]; perm_stack_depth--; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: uid: [%d, %d, %d] -> [%d, %d, %d]", __func__, (int)state->ruid, (int)state->euid, (int)state->suid, (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: gid: [%d, %d, %d] -> [%d, %d, %d]", __func__, (int)state->rgid, (int)state->egid, (int)state->sgid, (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid); if (OID(ruid) != -1 || OID(euid) != -1 || OID(suid) != -1) { if (OID(euid) == ROOT_UID) { sudo_debug_printf(SUDO_DEBUG_INFO, "%s: setuidx(ID_EFFECTIVE, %d)", __func__, ROOT_UID); if (setuidx(ID_EFFECTIVE, ROOT_UID)) { warning("setuidx(ID_EFFECTIVE) [%d, %d, %d] -> [%d, %d, %d]", (int)state->ruid, (int)state->euid, (int)state->suid, -1, ROOT_UID, -1); goto bad; } } if (OID(ruid) == OID(euid) && OID(euid) == OID(suid)) { sudo_debug_printf(SUDO_DEBUG_INFO, "%s: setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, %d)", __func__, OID(ruid)); if (setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, OID(ruid))) { warning("setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED) [%d, %d, %d] -> [%d, %d, %d]", (int)state->ruid, (int)state->euid, (int)state->suid, (int)OID(ruid), (int)OID(euid), (int)OID(suid)); goto bad; } } else if (OID(ruid) == -1 && OID(suid) == -1) { /* May have already changed euid to ROOT_UID above. */ if (OID(euid) != ROOT_UID) { sudo_debug_printf(SUDO_DEBUG_INFO, "%s: setuidx(ID_EFFECTIVE, %d)", __func__, OID(euid)); if (setuidx(ID_EFFECTIVE, OID(euid))) { warning("setuidx(ID_EFFECTIVE) [%d, %d, %d] -> [%d, %d, %d]", (int)state->ruid, (int)state->euid, (int)state->suid, (int)OID(ruid), (int)OID(euid), (int)OID(suid)); goto bad; } } } else if (OID(suid) == -1) { /* Cannot set the real uid alone. */ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: setuidx(ID_REAL|ID_EFFECTIVE, %d)", __func__, OID(ruid)); if (setuidx(ID_REAL|ID_EFFECTIVE, OID(ruid))) { warning("setuidx(ID_REAL|ID_EFFECTIVE) [%d, %d, %d] -> [%d, %d, %d]", (int)state->ruid, (int)state->euid, (int)state->suid, (int)OID(ruid), (int)OID(euid), (int)OID(suid)); goto bad; } /* Restore the effective euid if it doesn't match the ruid. */ if (OID(euid) != OID(ruid)) { sudo_debug_printf(SUDO_DEBUG_INFO, "%s: setuidx(ID_EFFECTIVE, %d)", __func__, ostate->euid); if (setuidx(ID_EFFECTIVE, ostate->euid)) { warning("setuidx(ID_EFFECTIVE, %d)", ostate->euid); goto bad; } } } } if (OID(rgid) != -1 || OID(egid) != -1 || OID(sgid) != -1) { if (OID(rgid) == OID(egid) && OID(egid) == OID(sgid)) { sudo_debug_printf(SUDO_DEBUG_INFO, "%s: setgidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, %d)", __func__, OID(rgid)); if (setgidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, OID(rgid))) { warning("setgidx(ID_EFFECTIVE|ID_REAL|ID_SAVED) [%d, %d, %d] -> [%d, %d, %d]", (int)state->rgid, (int)state->egid, (int)state->sgid, (int)OID(rgid), (int)OID(egid), (int)OID(sgid)); goto bad; } } else if (OID(rgid) == -1 && OID(sgid) == -1) { sudo_debug_printf(SUDO_DEBUG_INFO, "%s: setgidx(ID_EFFECTIVE, %d)", __func__, OID(egid)); if (setgidx(ID_EFFECTIVE, OID(egid))) { warning("setgidx(ID_EFFECTIVE) [%d, %d, %d] -> [%d, %d, %d]", (int)state->rgid, (int)state->egid, (int)state->sgid, (int)OID(rgid), (int)OID(egid), (int)OID(sgid)); goto bad; } } else if (OID(sgid) == -1) { sudo_debug_printf(SUDO_DEBUG_INFO, "%s: setgidx(ID_EFFECTIVE|ID_REAL, %d)", __func__, OID(rgid)); if (setgidx(ID_REAL|ID_EFFECTIVE, OID(rgid))) { warning("setgidx(ID_REAL|ID_EFFECTIVE) [%d, %d, %d] -> [%d, %d, %d]", (int)state->rgid, (int)state->egid, (int)state->sgid, (int)OID(rgid), (int)OID(egid), (int)OID(sgid)); goto bad; } } } if (state->grlist != ostate->grlist) { if (sudo_setgroups(ostate->grlist->ngids, ostate->grlist->gids)) { warning("setgroups()"); goto bad; } } sudo_grlist_delref(state->grlist); debug_return; bad: exit(1); } #elif defined(HAVE_SETREUID) #define UID_CHANGED (state->ruid != ostate->ruid || state->euid != ostate->euid) #define GID_CHANGED (state->rgid != ostate->rgid || state->egid != ostate->egid) /* * Set real and effective and saved uids and gids based on perm. * We always retain a saved uid of 0 unless we are headed for an exec(). * We only flip the effective gid since it only changes for PERM_SUDOERS. * This version of set_perms() works fine with the "stay_setuid" option. */ int set_perms(int perm) { struct perm_state *state, *ostate = NULL; char errbuf[1024]; const char *errstr = errbuf; int noexit; debug_decl(set_perms, SUDO_DEBUG_PERMS) noexit = ISSET(perm, PERM_NOEXIT); CLR(perm, PERM_MASK); if (perm_stack_depth == PERM_STACK_MAX) { errstr = N_("perm stack overflow"); errno = EINVAL; goto bad; } state = &perm_stack[perm_stack_depth]; if (perm != PERM_INITIAL) { if (perm_stack_depth == 0) { errstr = N_("perm stack underflow"); errno = EINVAL; goto bad; } ostate = &perm_stack[perm_stack_depth - 1]; } switch (perm) { case PERM_INITIAL: /* Stash initial state */ state->ruid = getuid(); state->euid = geteuid(); state->rgid = getgid(); state->egid = getegid(); state->grlist = user_group_list; sudo_grlist_addref(state->grlist); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_INITIAL: " "ruid: %d, euid: %d, rgid: %d, egid: %d", __func__, (int)state->ruid, (int)state->euid, (int)state->rgid, (int)state->egid); break; case PERM_ROOT: state->ruid = ROOT_UID; state->euid = ROOT_UID; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)state->ruid, (int)state->euid); /* * setreuid(0, 0) may fail on some systems if euid is not already 0. */ if (ostate->euid != ROOT_UID) { if (setreuid(-1, ROOT_UID)) { snprintf(errbuf, sizeof(errbuf), "PERM_ROOT: setreuid(-1, %d)", PERM_ROOT); goto bad; } } if (ostate->ruid != ROOT_UID) { if (setreuid(ROOT_UID, -1)) { snprintf(errbuf, sizeof(errbuf), "PERM_ROOT: setreuid(%d, -1)", ROOT_UID); goto bad; } } state->rgid = ostate->rgid; state->egid = ROOT_GID; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)state->rgid, (int)state->egid); if (GID_CHANGED && setregid(ID(rgid), ID(egid))) { snprintf(errbuf, sizeof(errbuf), "PERM_ROOT: setregid(%d, %d)", ID(rgid), ID(egid)); goto bad; } state->grlist = ostate->grlist; sudo_grlist_addref(state->grlist); break; case PERM_USER: state->rgid = ostate->rgid; state->egid = user_gid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_USER: gid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)state->rgid, (int)state->egid); if (GID_CHANGED && setregid(ID(rgid), ID(egid))) { snprintf(errbuf, sizeof(errbuf), "PERM_USER: setregid(%d, %d)", ID(rgid), ID(egid)); goto bad; } state->grlist = user_group_list; sudo_grlist_addref(state->grlist); if (state->grlist != ostate->grlist) { if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { errstr = "PERM_USER: setgroups"; goto bad; } } state->ruid = ROOT_UID; state->euid = user_uid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_USER: uid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)state->ruid, (int)state->euid); if (UID_CHANGED && setreuid(ID(ruid), ID(euid))) { snprintf(errbuf, sizeof(errbuf), "PERM_USER: setreuid(%d, %d)", ID(ruid), ID(euid)); goto bad; } break; case PERM_FULL_USER: /* headed for exec() */ state->rgid = user_gid; state->egid = user_gid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: gid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)state->rgid, (int)state->egid); if (GID_CHANGED && setregid(ID(rgid), ID(egid))) { snprintf(errbuf, sizeof(errbuf), "PERM_FULL_USER: setregid(%d, %d)", ID(rgid), ID(egid)); goto bad; } state->grlist = user_group_list; sudo_grlist_addref(state->grlist); if (state->grlist != ostate->grlist) { if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { errstr = "PERM_FULL_USER: setgroups"; goto bad; } } state->ruid = user_uid; state->euid = user_uid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: uid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)state->ruid, (int)state->euid); if (UID_CHANGED && setreuid(ID(ruid), ID(euid))) { snprintf(errbuf, sizeof(errbuf), "PERM_FULL_USER: setreuid(%d, %d)", ID(ruid), ID(euid)); goto bad; } break; case PERM_RUNAS: state->rgid = ostate->rgid; state->egid = runas_gr ? runas_gr->gr_gid : runas_pw->pw_gid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_RUNAS: gid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)state->rgid, (int)state->egid); if (GID_CHANGED && setregid(ID(rgid), ID(egid))) { errstr = N_("unable to change to runas gid"); goto bad; } state->grlist = runas_setgroups(); state->ruid = ROOT_UID; state->euid = runas_pw ? runas_pw->pw_uid : user_uid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_RUNAS: uid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)state->ruid, (int)state->euid); if (UID_CHANGED && setreuid(ID(ruid), ID(euid))) { errstr = N_("unable to change to runas uid"); goto bad; } break; case PERM_SUDOERS: state->grlist = ostate->grlist; sudo_grlist_addref(state->grlist); /* assume euid == ROOT_UID, ruid == user */ state->rgid = ostate->rgid; state->egid = sudoers_gid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_SUDOERS: gid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)state->rgid, (int)state->egid); if (GID_CHANGED && setregid(ID(rgid), ID(egid))) { errstr = N_("unable to change to sudoers gid"); goto bad; } state->ruid = ROOT_UID; /* * If sudoers_uid == ROOT_UID and sudoers_mode is group readable * we use a non-zero uid in order to avoid NFS lossage. * Using uid 1 is a bit bogus but should work on all OS's. */ if (sudoers_uid == ROOT_UID && (sudoers_mode & S_IRGRP)) state->euid = 1; else state->euid = sudoers_uid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_SUDOERS: uid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)state->ruid, (int)state->euid); if (UID_CHANGED && setreuid(ID(ruid), ID(euid))) { snprintf(errbuf, sizeof(errbuf), "PERM_SUDOERS: setreuid(%d, %d)", ID(ruid), ID(euid)); goto bad; } break; case PERM_TIMESTAMP: state->grlist = ostate->grlist; sudo_grlist_addref(state->grlist); state->rgid = ostate->rgid; state->egid = ostate->egid; state->ruid = ROOT_UID; state->euid = timestamp_uid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_TIMESTAMP: uid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)state->ruid, (int)state->euid); if (UID_CHANGED && setreuid(ID(ruid), ID(euid))) { snprintf(errbuf, sizeof(errbuf), "PERM_TIMESTAMP: setreuid(%d, %d)", ID(ruid), ID(euid)); goto bad; } break; } perm_stack_depth++; debug_return_bool(1); bad: if (errno == EAGAIN) warningx(U_("%s: %s"), U_(errstr), U_("too many processes")); else warning("%s", U_(errstr)); if (noexit) debug_return_bool(0); exit(1); } void restore_perms(void) { struct perm_state *state, *ostate; debug_decl(restore_perms, SUDO_DEBUG_PERMS) if (perm_stack_depth < 2) debug_return; state = &perm_stack[perm_stack_depth - 1]; ostate = &perm_stack[perm_stack_depth - 2]; perm_stack_depth--; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: uid: [%d, %d] -> [%d, %d]", __func__, (int)state->ruid, (int)state->euid, (int)ostate->ruid, (int)ostate->euid); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: gid: [%d, %d] -> [%d, %d]", __func__, (int)state->rgid, (int)state->egid, (int)ostate->rgid, (int)ostate->egid); /* * When changing euid to ROOT_UID, setreuid() may fail even if * the ruid is ROOT_UID so call setuid() first. */ if (OID(euid) == ROOT_UID) { /* setuid() may not set the saved ID unless the euid is ROOT_UID */ if (ID(euid) != ROOT_UID) ignore_result(setreuid(-1, ROOT_UID)); if (setuid(ROOT_UID)) { warning("setuid() [%d, %d] -> %d)", (int)state->ruid, (int)state->euid, ROOT_UID); goto bad; } } if (setreuid(OID(ruid), OID(euid))) { warning("setreuid() [%d, %d] -> [%d, %d]", (int)state->ruid, (int)state->euid, (int)OID(ruid), (int)OID(euid)); goto bad; } if (setregid(OID(rgid), OID(egid))) { warning("setregid() [%d, %d] -> [%d, %d]", (int)state->rgid, (int)state->egid, (int)OID(rgid), (int)OID(egid)); goto bad; } if (state->grlist != ostate->grlist) { if (sudo_setgroups(ostate->grlist->ngids, ostate->grlist->gids)) { warning("setgroups()"); goto bad; } } sudo_grlist_delref(state->grlist); debug_return; bad: exit(1); } #elif defined(HAVE_SETEUID) #define GID_CHANGED (state->rgid != ostate->rgid || state->egid != ostate->egid) /* * Set real and effective uids and gids based on perm. * We always retain a real or effective uid of ROOT_UID unless * we are headed for an exec(). * This version of set_perms() works fine with the "stay_setuid" option. */ int set_perms(int perm) { struct perm_state *state, *ostate = NULL; char errbuf[1024]; const char *errstr = errbuf; int noexit; debug_decl(set_perms, SUDO_DEBUG_PERMS) noexit = ISSET(perm, PERM_NOEXIT); CLR(perm, PERM_MASK); if (perm_stack_depth == PERM_STACK_MAX) { errstr = N_("perm stack overflow"); errno = EINVAL; goto bad; } state = &perm_stack[perm_stack_depth]; if (perm != PERM_INITIAL) { if (perm_stack_depth == 0) { errstr = N_("perm stack underflow"); errno = EINVAL; goto bad; } ostate = &perm_stack[perm_stack_depth - 1]; } /* * Since we only have setuid() and seteuid() and semantics * for these calls differ on various systems, we set * real and effective uids to ROOT_UID initially to be safe. */ if (perm != PERM_INITIAL) { if (ostate->euid != ROOT_UID && seteuid(ROOT_UID)) { snprintf(errbuf, sizeof(errbuf), "set_perms: seteuid(%d)", ROOT_UID); goto bad; } if (ostate->ruid != ROOT_UID && setuid(ROOT_UID)) { snprintf(errbuf, sizeof(errbuf), "set_perms: setuid(%d)", ROOT_UID); goto bad; } } switch (perm) { case PERM_INITIAL: /* Stash initial state */ state->ruid = getuid(); state->euid = geteuid(); state->rgid = getgid(); state->egid = getegid(); state->grlist = user_group_list; sudo_grlist_addref(state->grlist); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_INITIAL: " "ruid: %d, euid: %d, rgid: %d, egid: %d", __func__, (int)state->ruid, (int)state->euid, (int)state->rgid, (int)state->egid); break; case PERM_ROOT: /* We already set ruid/euid above. */ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, ROOT_UID, ROOT_UID); state->ruid = ROOT_UID; state->euid = ROOT_UID; state->rgid = ostate->rgid; state->egid = ROOT_GID; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, ROOT_GID, ROOT_GID); if (GID_CHANGED && setegid(ROOT_GID)) { errstr = N_("unable to change to root gid"); goto bad; } state->grlist = ostate->grlist; sudo_grlist_addref(state->grlist); break; case PERM_USER: state->egid = user_gid; state->rgid = ostate->rgid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_USER: gid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)state->rgid, (int)state->egid); if (GID_CHANGED && setegid(user_gid)) { snprintf(errbuf, sizeof(errbuf), "PERM_USER: setegid(%d)", user_gid); goto bad; } state->grlist = user_group_list; sudo_grlist_addref(state->grlist); if (state->grlist != ostate->grlist) { if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { errstr = "PERM_USER: setgroups"; goto bad; } } state->ruid = ROOT_UID; state->euid = user_uid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_USER: uid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)state->ruid, (int)state->euid); if (seteuid(user_uid)) { snprintf(errbuf, sizeof(errbuf), "PERM_USER: seteuid(%d)", user_uid); goto bad; } break; case PERM_FULL_USER: /* headed for exec() */ state->rgid = user_gid; state->egid = user_gid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: gid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)state->rgid, (int)state->egid); if (GID_CHANGED && setgid(user_gid)) { snprintf(errbuf, sizeof(errbuf), "PERM_FULL_USER: setgid(%d)", user_gid); goto bad; } state->grlist = user_group_list; sudo_grlist_addref(state->grlist); if (state->grlist != ostate->grlist) { if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { errstr = "PERM_FULL_USER: setgroups"; goto bad; } } state->ruid = user_uid; state->euid = user_uid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: uid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)state->ruid, (int)state->euid); if (setuid(user_uid)) { snprintf(errbuf, sizeof(errbuf), "PERM_FULL_USER: setuid(%d)", user_uid); goto bad; } break; case PERM_RUNAS: state->rgid = ostate->rgid; state->egid = runas_gr ? runas_gr->gr_gid : runas_pw->pw_gid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_RUNAS: gid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)state->rgid, (int)state->egid); if (GID_CHANGED && setegid(state->egid)) { errstr = N_("unable to change to runas gid"); goto bad; } state->grlist = runas_setgroups(); state->ruid = ostate->ruid; state->euid = runas_pw ? runas_pw->pw_uid : user_uid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_RUNAS: uid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)state->ruid, (int)state->euid); if (seteuid(state->euid)) { errstr = N_("unable to change to runas uid"); goto bad; } break; case PERM_SUDOERS: state->grlist = ostate->grlist; sudo_grlist_addref(state->grlist); /* assume euid == ROOT_UID, ruid == user */ state->rgid = ostate->rgid; state->egid = sudoers_gid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_SUDOERS: gid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)state->rgid, (int)state->egid); if (GID_CHANGED && setegid(sudoers_gid)) { errstr = N_("unable to change to sudoers gid"); goto bad; } state->ruid = ROOT_UID; /* * If sudoers_uid == ROOT_UID and sudoers_mode is group readable * we use a non-zero uid in order to avoid NFS lossage. * Using uid 1 is a bit bogus but should work on all OS's. */ if (sudoers_uid == ROOT_UID && (sudoers_mode & S_IRGRP)) state->euid = 1; else state->euid = sudoers_uid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_SUDOERS: uid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)state->ruid, (int)state->euid); if (seteuid(state->euid)) { snprintf(errbuf, sizeof(errbuf), "PERM_SUDOERS: seteuid(%d)", state->euid); goto bad; } break; case PERM_TIMESTAMP: state->grlist = ostate->grlist; sudo_grlist_addref(state->grlist); state->rgid = ostate->rgid; state->egid = ostate->egid; state->ruid = ROOT_UID; state->euid = timestamp_uid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_TIMESTAMP: uid: " "[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)state->ruid, (int)state->euid); if (seteuid(timestamp_uid)) { snprintf(errbuf, sizeof(errbuf), "PERM_TIMESTAMP: seteuid(%d)", timestamp_uid); goto bad; } break; } perm_stack_depth++; debug_return_bool(1); bad: if (errno == EAGAIN) warningx(U_("%s: %s"), U_(errstr), U_("too many processes")); else warning("%s", U_(errstr)); if (noexit) debug_return_bool(0); exit(1); } void restore_perms(void) { struct perm_state *state, *ostate; debug_decl(restore_perms, SUDO_DEBUG_PERMS) if (perm_stack_depth < 2) debug_return; state = &perm_stack[perm_stack_depth - 1]; ostate = &perm_stack[perm_stack_depth - 2]; perm_stack_depth--; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: uid: [%d, %d] -> [%d, %d]", __func__, (int)state->ruid, (int)state->euid, (int)ostate->ruid, (int)ostate->euid); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: gid: [%d, %d] -> [%d, %d]", __func__, (int)state->rgid, (int)state->egid, (int)ostate->rgid, (int)ostate->egid); /* * Since we only have setuid() and seteuid() and semantics * for these calls differ on various systems, we set * real and effective uids to ROOT_UID initially to be safe. */ if (seteuid(ROOT_UID)) { warningx("seteuid() [%d] -> [%d]", (int)state->euid, ROOT_UID); goto bad; } if (setuid(ROOT_UID)) { warningx("setuid() [%d, %d] -> [%d, %d]", (int)state->ruid, ROOT_UID, ROOT_UID, ROOT_UID); goto bad; } if (OID(egid) != -1 && setegid(ostate->egid)) { warning("setegid(%d)", (int)ostate->egid); goto bad; } if (state->grlist != ostate->grlist) { if (sudo_setgroups(ostate->grlist->ngids, ostate->grlist->gids)) { warning("setgroups()"); goto bad; } } if (OID(euid) != -1 && seteuid(ostate->euid)) { warning("seteuid(%d)", ostate->euid); goto bad; } sudo_grlist_delref(state->grlist); debug_return; bad: exit(1); } #else /* !HAVE_SETRESUID && !HAVE_SETREUID && !HAVE_SETEUID */ /* * Set uids and gids based on perm via setuid() and setgid(). * NOTE: does not support the "stay_setuid" or timestampowner options. * Also, sudoers_uid and sudoers_gid are not used. */ int set_perms(int perm) { struct perm_state *state, *ostate = NULL; char errbuf[1024]; const char *errstr = errbuf; int noexit; debug_decl(set_perms, SUDO_DEBUG_PERMS) noexit = ISSET(perm, PERM_NOEXIT); CLR(perm, PERM_MASK); if (perm_stack_depth == PERM_STACK_MAX) { errstr = N_("perm stack overflow"); errno = EINVAL; goto bad; } state = &perm_stack[perm_stack_depth]; if (perm != PERM_INITIAL) { if (perm_stack_depth == 0) { errstr = N_("perm stack underflow"); errno = EINVAL; goto bad; } ostate = &perm_stack[perm_stack_depth - 1]; } switch (perm) { case PERM_INITIAL: /* Stash initial state */ state->ruid = geteuid() == ROOT_UID ? ROOT_UID : getuid(); state->rgid = getgid(); state->grlist = user_group_list; sudo_grlist_addref(state->grlist); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_INITIAL: " "ruid: %d, rgid: %d", __func__, (int)state->ruid, (int)state->rgid); break; case PERM_ROOT: state->ruid = ROOT_UID; state->rgid = ROOT_GID; state->grlist = ostate->grlist; sudo_grlist_addref(state->grlist); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: " "[%d] -> [%d]", __func__, (int)ostate->ruid, (int)state->ruid); if (setuid(ROOT_UID)) { snprintf(errbuf, sizeof(errbuf), "PERM_ROOT: setuid(%d)", ROOT_UID); goto bad; } sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " "[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid); if (setgid(ROOT_GID)) { errstr = N_("unable to change to root gid"); goto bad; } break; case PERM_FULL_USER: state->rgid = user_gid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: gid: " "[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid); (void) setgid(user_gid); state->grlist = user_group_list; sudo_grlist_addref(state->grlist); if (state->grlist != ostate->grlist) { if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { errstr = "PERM_FULL_USER: setgroups"; goto bad; } } state->ruid = user_uid; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: uid: " "[%d] -> [%d]", __func__, (int)ostate->ruid, (int)state->ruid); if (setuid(user_uid)) { snprintf(errbuf, sizeof(errbuf), "PERM_FULL_USER: setuid(%d)", user_uid); goto bad; } break; case PERM_USER: case PERM_SUDOERS: case PERM_RUNAS: case PERM_TIMESTAMP: /* Unsupported since we can't set euid. */ state->ruid = ostate->ruid; state->rgid = ostate->rgid; state->grlist = ostate->grlist; sudo_grlist_addref(state->grlist); break; } perm_stack_depth++; debug_return_bool(1); bad: if (errno == EAGAIN) warningx(U_("%s: %s"), U_(errstr), U_("too many processes")); else warning("%s", U_(errstr)); if (noexit) debug_return_bool(0); exit(1); } void restore_perms(void) { struct perm_state *state, *ostate; debug_decl(restore_perms, SUDO_DEBUG_PERMS) if (perm_stack_depth < 2) debug_return; state = &perm_stack[perm_stack_depth - 1]; ostate = &perm_stack[perm_stack_depth - 2]; perm_stack_depth--; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: uid: [%d] -> [%d]", __func__, (int)state->ruid, (int)ostate->ruid); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: gid: [%d] -> [%d]", __func__, (int)state->rgid, (int)ostate->rgid); if (OID(rgid) != -1 && setgid(ostate->rgid)) { warning("setgid(%d)", (int)ostate->rgid); goto bad; } if (state->grlist != ostate->grlist) { if (sudo_setgroups(ostate->grlist->ngids, ostate->grlist->gids)) { warning("setgroups()"); goto bad; } } sudo_grlist_delref(state->grlist); if (OID(ruid) != -1 && setuid(ostate->ruid)) { warning("setuid(%d)", (int)ostate->ruid); goto bad; } debug_return; bad: exit(1); } #endif /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */ #if defined(HAVE_SETRESUID) || defined(HAVE_SETREUID) || defined(HAVE_SETEUID) static struct group_list * runas_setgroups(void) { struct passwd *pw; struct group_list *grlist; debug_decl(runas_setgroups, SUDO_DEBUG_PERMS) if (def_preserve_groups) { sudo_grlist_addref(user_group_list); debug_return_ptr(user_group_list); } pw = runas_pw ? runas_pw : sudo_user.pw; #ifdef HAVE_SETAUTHDB aix_setauthdb(pw->pw_name); #endif grlist = sudo_get_grlist(pw); #ifdef HAVE_SETAUTHDB aix_restoreauthdb(); #endif if (sudo_setgroups(grlist->ngids, grlist->gids) < 0) log_fatal(USE_ERRNO|MSG_ONLY, N_("unable to set runas group vector")); debug_return_ptr(grlist); } #endif /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */ sudo-1.8.9p5/plugins/sudoers/sha2.c010064400175440000012000000352031226304126600165170ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * Implementation of SHA-224, SHA-256, SHA-384 and SHA-512 * as per FIPS 180-4: Secure Hash Standard (SHS) * http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf * * Derived from the public domain SHA-1 and SHA-2 implementations * by Steve Reid and Wei Dai respectively. */ #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #if defined(HAVE_STDINT_H) # include #elif defined(HAVE_INTTYPES_H) # include #endif #if defined(HAVE_ENDIAN_H) # include #elif defined(HAVE_SYS_ENDIAN_H) # include #elif defined(HAVE_MACHINE_ENDIAN_H) # include #else # include "compat/endian.h" #endif #include "missing.h" #include "sha2.h" /* * SHA-2 operates on 32-bit and 64-bit words in big endian byte order. * The following macros convert between character arrays and big endian words. */ #define BE8TO32(x, y) do { \ (x) = (((uint32_t)((y)[0] & 255) << 24) | \ ((uint32_t)((y)[1] & 255) << 16) | \ ((uint32_t)((y)[2] & 255) << 8) | \ ((uint32_t)((y)[3] & 255))); \ } while (0) #define BE8TO64(x, y) do { \ (x) = (((uint64_t)((y)[0] & 255) << 56) | \ ((uint64_t)((y)[1] & 255) << 48) | \ ((uint64_t)((y)[2] & 255) << 40) | \ ((uint64_t)((y)[3] & 255) << 32) | \ ((uint64_t)((y)[4] & 255) << 24) | \ ((uint64_t)((y)[5] & 255) << 16) | \ ((uint64_t)((y)[6] & 255) << 8) | \ ((uint64_t)((y)[7] & 255))); \ } while (0) #define BE32TO8(x, y) do { \ (x)[0] = (uint8_t)(((y) >> 24) & 255); \ (x)[1] = (uint8_t)(((y) >> 16) & 255); \ (x)[2] = (uint8_t)(((y) >> 8) & 255); \ (x)[3] = (uint8_t)((y) & 255); \ } while (0) #define BE64TO8(x, y) do { \ (x)[0] = (uint8_t)(((y) >> 56) & 255); \ (x)[1] = (uint8_t)(((y) >> 48) & 255); \ (x)[2] = (uint8_t)(((y) >> 40) & 255); \ (x)[3] = (uint8_t)(((y) >> 32) & 255); \ (x)[4] = (uint8_t)(((y) >> 24) & 255); \ (x)[5] = (uint8_t)(((y) >> 16) & 255); \ (x)[6] = (uint8_t)(((y) >> 8) & 255); \ (x)[7] = (uint8_t)((y) & 255); \ } while (0) #define rotrFixed(x,y) (y ? ((x>>y) | (x<<(sizeof(x)*8-y))) : x) #define blk0(i) (W[i]) #define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15])) #define Ch(x,y,z) (z^(x&(y^z))) #define Maj(x,y,z) (y^((x^y)&(y^z))) #define a(i) T[(0-i)&7] #define b(i) T[(1-i)&7] #define c(i) T[(2-i)&7] #define d(i) T[(3-i)&7] #define e(i) T[(4-i)&7] #define f(i) T[(5-i)&7] #define g(i) T[(6-i)&7] #define h(i) T[(7-i)&7] void SHA224Init(SHA2_CTX *ctx) { memset(ctx, 0, sizeof(*ctx)); ctx->state.st32[0] = 0xc1059ed8UL; ctx->state.st32[1] = 0x367cd507UL; ctx->state.st32[2] = 0x3070dd17UL; ctx->state.st32[3] = 0xf70e5939UL; ctx->state.st32[4] = 0xffc00b31UL; ctx->state.st32[5] = 0x68581511UL; ctx->state.st32[6] = 0x64f98fa7UL; ctx->state.st32[7] = 0xbefa4fa4UL; } void SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH]) { SHA256Transform(state, buffer); } void SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) { SHA256Update(ctx, data, len); } void SHA224Pad(SHA2_CTX *ctx) { SHA256Pad(ctx); } void SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx) { SHA256Pad(ctx); if (digest != NULL) { #if BYTE_ORDER == BIG_ENDIAN memcpy(digest, ctx->state.st32, SHA224_DIGEST_LENGTH); #else unsigned int i; for (i = 0; i < 7; i++) BE32TO8(digest + (i * 4), ctx->state.st32[i]); #endif memset(ctx, 0, sizeof(*ctx)); } } static const uint32_t SHA256_K[64] = { 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL }; void SHA256Init(SHA2_CTX *ctx) { memset(ctx, 0, sizeof(*ctx)); ctx->state.st32[0] = 0x6a09e667UL; ctx->state.st32[1] = 0xbb67ae85UL; ctx->state.st32[2] = 0x3c6ef372UL; ctx->state.st32[3] = 0xa54ff53aUL; ctx->state.st32[4] = 0x510e527fUL; ctx->state.st32[5] = 0x9b05688cUL; ctx->state.st32[6] = 0x1f83d9abUL; ctx->state.st32[7] = 0x5be0cd19UL; } /* Round macros for SHA256 */ #define R(i) do { \ h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA256_K[i+j]+(j?blk2(i):blk0(i)); \ d(i)+=h(i); \ h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \ } while (0) #define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22)) #define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25)) #define s0(x) (rotrFixed(x,7)^rotrFixed(x,18)^(x>>3)) #define s1(x) (rotrFixed(x,17)^rotrFixed(x,19)^(x>>10)) void SHA256Transform(uint32_t state[8], const uint8_t data[SHA256_BLOCK_LENGTH]) { uint32_t W[16]; uint32_t T[8]; unsigned int j; /* Copy context state to working vars. */ memcpy(T, state, sizeof(T)); /* Copy data to W in big endian format. */ #if BYTE_ORDER == BIG_ENDIAN memcpy(W, data, sizeof(W)); #else for (j = 0; j < 16; j++) { BE8TO32(W[j], data); data += 4; } #endif /* 64 operations, partially loop unrolled. */ for (j = 0; j < 64; j += 16) { R( 0); R( 1); R( 2); R( 3); R( 4); R( 5); R( 6); R( 7); R( 8); R( 9); R(10); R(11); R(12); R(13); R(14); R(15); } /* Add the working vars back into context state. */ state[0] += a(0); state[1] += b(0); state[2] += c(0); state[3] += d(0); state[4] += e(0); state[5] += f(0); state[6] += g(0); state[7] += h(0); /* Cleanup */ memset_s(T, sizeof(T), 0, sizeof(T)); memset_s(W, sizeof(W), 0, sizeof(W)); } #undef S0 #undef S1 #undef s0 #undef s1 #undef R void SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) { size_t i = 0, j; j = (size_t)((ctx->count[0] >> 3) & (SHA256_BLOCK_LENGTH - 1)); ctx->count[0] += (len << 3); if ((j + len) > SHA256_BLOCK_LENGTH - 1) { memcpy(&ctx->buffer[j], data, (i = SHA256_BLOCK_LENGTH - j)); SHA256Transform(ctx->state.st32, ctx->buffer); for ( ; i + SHA256_BLOCK_LENGTH - 1 < len; i += SHA256_BLOCK_LENGTH) SHA256Transform(ctx->state.st32, (uint8_t *)&data[i]); j = 0; } memcpy(&ctx->buffer[j], &data[i], len - i); } void SHA256Pad(SHA2_CTX *ctx) { uint8_t finalcount[8]; /* Store unpadded message length in bits in big endian format. */ BE64TO8(finalcount, ctx->count[0]); /* Append a '1' bit (0x80) to the message. */ SHA256Update(ctx, (uint8_t *)"\200", 1); /* Pad message such that the resulting length modulo 512 is 448. */ while ((ctx->count[0] & 504) != 448) SHA256Update(ctx, (uint8_t *)"\0", 1); /* Append length of message in bits and do final SHA256Transform(). */ SHA256Update(ctx, finalcount, sizeof(finalcount)); } void SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx) { SHA256Pad(ctx); if (digest != NULL) { #if BYTE_ORDER == BIG_ENDIAN memcpy(digest, ctx->state.st32, SHA256_DIGEST_LENGTH); #else unsigned int i; for (i = 0; i < 8; i++) BE32TO8(digest + (i * 4), ctx->state.st32[i]); #endif memset(ctx, 0, sizeof(*ctx)); } } void SHA384Init(SHA2_CTX *ctx) { memset(ctx, 0, sizeof(*ctx)); ctx->state.st64[0] = 0xcbbb9d5dc1059ed8ULL; ctx->state.st64[1] = 0x629a292a367cd507ULL; ctx->state.st64[2] = 0x9159015a3070dd17ULL; ctx->state.st64[3] = 0x152fecd8f70e5939ULL; ctx->state.st64[4] = 0x67332667ffc00b31ULL; ctx->state.st64[5] = 0x8eb44a8768581511ULL; ctx->state.st64[6] = 0xdb0c2e0d64f98fa7ULL; ctx->state.st64[7] = 0x47b5481dbefa4fa4ULL; } void SHA384Transform(uint64_t state[8], const uint8_t data[SHA384_BLOCK_LENGTH]) { SHA512Transform(state, data); } void SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) { SHA512Update(ctx, data, len); } void SHA384Pad(SHA2_CTX *ctx) { SHA512Pad(ctx); } void SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx) { SHA384Pad(ctx); if (digest != NULL) { #if BYTE_ORDER == BIG_ENDIAN memcpy(digest, ctx->state.st64, SHA384_DIGEST_LENGTH); #else unsigned int i; for (i = 0; i < 6; i++) BE64TO8(digest + (i * 8), ctx->state.st64[i]); #endif memset(ctx, 0, sizeof(*ctx)); } } static const uint64_t SHA512_K[80] = { 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL }; void SHA512Init(SHA2_CTX *ctx) { memset(ctx, 0, sizeof(*ctx)); ctx->state.st64[0] = 0x6a09e667f3bcc908ULL; ctx->state.st64[1] = 0xbb67ae8584caa73bULL; ctx->state.st64[2] = 0x3c6ef372fe94f82bULL; ctx->state.st64[3] = 0xa54ff53a5f1d36f1ULL; ctx->state.st64[4] = 0x510e527fade682d1ULL; ctx->state.st64[5] = 0x9b05688c2b3e6c1fULL; ctx->state.st64[6] = 0x1f83d9abfb41bd6bULL; ctx->state.st64[7] = 0x5be0cd19137e2179ULL; } /* Round macros for SHA512 */ #define R(i) do { \ h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA512_K[i+j]+(j?blk2(i):blk0(i)); \ d(i)+=h(i); \ h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \ } while (0) #define S0(x) (rotrFixed(x,28)^rotrFixed(x,34)^rotrFixed(x,39)) #define S1(x) (rotrFixed(x,14)^rotrFixed(x,18)^rotrFixed(x,41)) #define s0(x) (rotrFixed(x,1)^rotrFixed(x,8)^(x>>7)) #define s1(x) (rotrFixed(x,19)^rotrFixed(x,61)^(x>>6)) void SHA512Transform(uint64_t state[8], const uint8_t data[SHA512_BLOCK_LENGTH]) { uint64_t W[16]; uint64_t T[8]; unsigned int j; /* Copy context state to working vars. */ memcpy(T, state, sizeof(T)); /* Copy data to W in big endian format. */ #if BYTE_ORDER == BIG_ENDIAN memcpy(W, data, sizeof(W)); #else for (j = 0; j < 16; j++) { BE8TO64(W[j], data); data += 8; } #endif /* 80 operations, partially loop unrolled. */ for (j = 0; j < 80; j += 16) { R( 0); R( 1); R( 2); R( 3); R( 4); R( 5); R( 6); R( 7); R( 8); R( 9); R(10); R(11); R(12); R(13); R(14); R(15); } /* Add the working vars back into context state. */ state[0] += a(0); state[1] += b(0); state[2] += c(0); state[3] += d(0); state[4] += e(0); state[5] += f(0); state[6] += g(0); state[7] += h(0); /* Cleanup. */ memset_s(T, sizeof(T), 0, sizeof(T)); memset_s(W, sizeof(W), 0, sizeof(W)); } void SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) { size_t i = 0, j; j = (size_t)((ctx->count[0] >> 3) & (SHA512_BLOCK_LENGTH - 1)); ctx->count[0] += (len << 3); if (ctx->count[0] < (len << 3)) ctx->count[1]++; if ((j + len) > SHA512_BLOCK_LENGTH - 1) { memcpy(&ctx->buffer[j], data, (i = SHA512_BLOCK_LENGTH - j)); SHA512Transform(ctx->state.st64, ctx->buffer); for ( ; i + SHA512_BLOCK_LENGTH - 1 < len; i += SHA512_BLOCK_LENGTH) SHA512Transform(ctx->state.st64, (uint8_t *)&data[i]); j = 0; } memcpy(&ctx->buffer[j], &data[i], len - i); } void SHA512Pad(SHA2_CTX *ctx) { uint8_t finalcount[16]; /* Store unpadded message length in bits in big endian format. */ BE64TO8(finalcount, ctx->count[1]); BE64TO8(finalcount + 8, ctx->count[0]); /* Append a '1' bit (0x80) to the message. */ SHA512Update(ctx, (uint8_t *)"\200", 1); /* Pad message such that the resulting length modulo 1024 is 896. */ while ((ctx->count[0] & 1008) != 896) SHA512Update(ctx, (uint8_t *)"\0", 1); /* Append length of message in bits and do final SHA512Transform(). */ SHA512Update(ctx, finalcount, sizeof(finalcount)); } void SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx) { SHA512Pad(ctx); if (digest != NULL) { #if BYTE_ORDER == BIG_ENDIAN memcpy(digest, ctx->state.st64, SHA512_DIGEST_LENGTH); #else unsigned int i; for (i = 0; i < 8; i++) BE64TO8(digest + (i * 8), ctx->state.st64[i]); #endif memset(ctx, 0, sizeof(*ctx)); } } sudo-1.8.9p5/plugins/sudoers/sha2.h010064400175440000012000000055001226304126600165210ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * Derived from the public domain SHA-1 and SHA-2 implementations * by Steve Reid and Wei Dai respectively. */ #ifndef _SUDOERS_SHA2_H #define _SUDOERS_SHA2_H #define SHA224_BLOCK_LENGTH 64 #define SHA224_DIGEST_LENGTH 28 #define SHA224_DIGEST_STRING_LENGTH (SHA224_DIGEST_LENGTH * 2 + 1) #define SHA256_BLOCK_LENGTH 64 #define SHA256_DIGEST_LENGTH 32 #define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) #define SHA384_BLOCK_LENGTH 128 #define SHA384_DIGEST_LENGTH 48 #define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1) #define SHA512_BLOCK_LENGTH 128 #define SHA512_DIGEST_LENGTH 64 #define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) typedef struct { union { uint32_t st32[8]; /* sha224 and sha256 */ uint64_t st64[8]; /* sha384 and sha512 */ } state; uint64_t count[2]; uint8_t buffer[SHA512_BLOCK_LENGTH]; } SHA2_CTX; void SHA224Init(SHA2_CTX *ctx); void SHA224Pad(SHA2_CTX *ctx); void SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH]); void SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); void SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx); void SHA256Init(SHA2_CTX *ctx); void SHA256Pad(SHA2_CTX *ctx); void SHA256Transform(uint32_t state[8], const uint8_t buffer[SHA256_BLOCK_LENGTH]); void SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); void SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx); void SHA384Init(SHA2_CTX *ctx); void SHA384Pad(SHA2_CTX *ctx); void SHA384Transform(uint64_t state[8], const uint8_t buffer[SHA384_BLOCK_LENGTH]); void SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); void SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx); void SHA512Init(SHA2_CTX *ctx); void SHA512Pad(SHA2_CTX *ctx); void SHA512Transform(uint64_t state[8], const uint8_t buffer[SHA512_BLOCK_LENGTH]); void SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); void SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx); #endif /* _SUDOERS_SHA2_H */ sudo-1.8.9p5/plugins/sudoers/sssd.c010064400175440000012000001203051226304126600166340ustar00millertstaff/* * Copyright (c) 2003-2013 Todd C. Miller * Copyright (c) 2011 Daniel Kopecek * * This code is derived from software contributed by Aaron Spangler. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef TIME_WITH_SYS_TIME # include #endif #include #include #include #include #include #include "sudoers.h" #include "parse.h" #include "lbuf.h" #include "sudo_dso.h" #include "sudo_debug.h" /* SSSD <--> SUDO interface - do not change */ struct sss_sudo_attr { char *name; char **values; unsigned int num_values; }; struct sss_sudo_rule { unsigned int num_attrs; struct sss_sudo_attr *attrs; }; struct sss_sudo_result { unsigned int num_rules; struct sss_sudo_rule *rules; }; typedef int (*sss_sudo_send_recv_t)(uid_t, const char*, const char*, uint32_t*, struct sss_sudo_result**); typedef int (*sss_sudo_send_recv_defaults_t)(uid_t, const char*, uint32_t*, char**, struct sss_sudo_result**); typedef void (*sss_sudo_free_result_t)(struct sss_sudo_result*); typedef int (*sss_sudo_get_values_t)(struct sss_sudo_rule*, const char*, char***); typedef void (*sss_sudo_free_values_t)(char**); /* sudo_nss implementation */ struct sudo_sss_handle { char *domainname; struct passwd *pw; void *ssslib; sss_sudo_send_recv_t fn_send_recv; sss_sudo_send_recv_defaults_t fn_send_recv_defaults; sss_sudo_free_result_t fn_free_result; sss_sudo_get_values_t fn_get_values; sss_sudo_free_values_t fn_free_values; }; static int sudo_sss_open(struct sudo_nss *nss); static int sudo_sss_close(struct sudo_nss *nss); static int sudo_sss_parse(struct sudo_nss *nss); static void sudo_sss_parse_options(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule); static int sudo_sss_setdefs(struct sudo_nss *nss); static int sudo_sss_lookup(struct sudo_nss *nss, int ret, int pwflag); static int sudo_sss_display_cmnd(struct sudo_nss *nss, struct passwd *pw); static int sudo_sss_display_defaults(struct sudo_nss *nss, struct passwd *pw, struct lbuf *lbuf); static int sudo_sss_display_bound_defaults(struct sudo_nss *nss, struct passwd *pw, struct lbuf *lbuf); static int sudo_sss_display_privs(struct sudo_nss *nss, struct passwd *pw, struct lbuf *lbuf); static struct sss_sudo_result *sudo_sss_result_get(struct sudo_nss *nss, struct passwd *pw, uint32_t *state); static void sudo_sss_attrcpy(struct sss_sudo_attr *dst, const struct sss_sudo_attr *src) { int i; debug_decl(sudo_sss_attrcpy, SUDO_DEBUG_SSSD) sudo_debug_printf(SUDO_DEBUG_DEBUG, "dst=%p, src=%p", dst, src); sudo_debug_printf(SUDO_DEBUG_INFO, "emalloc: cnt=%d", src->num_values); dst->name = estrdup(src->name); dst->num_values = src->num_values; dst->values = emalloc2(dst->num_values, sizeof(char *)); for (i = 0; i < dst->num_values; ++i) dst->values[i] = estrdup(src->values[i]); debug_return; } static void sudo_sss_rulecpy(struct sss_sudo_rule *dst, const struct sss_sudo_rule *src) { int i; debug_decl(sudo_sss_rulecpy, SUDO_DEBUG_SSSD) sudo_debug_printf(SUDO_DEBUG_DEBUG, "dst=%p, src=%p", dst, src); sudo_debug_printf(SUDO_DEBUG_INFO, "emalloc: cnt=%d", src->num_attrs); dst->num_attrs = src->num_attrs; dst->attrs = emalloc2(dst->num_attrs, sizeof(struct sss_sudo_attr)); for (i = 0; i < dst->num_attrs; ++i) sudo_sss_attrcpy(dst->attrs + i, src->attrs + i); debug_return; } #define _SUDO_SSS_FILTER_INCLUDE 0 #define _SUDO_SSS_FILTER_EXCLUDE 1 #define _SUDO_SSS_STATE_HOSTMATCH 0x01 #define _SUDO_SSS_STATE_USERMATCH 0x02 static struct sss_sudo_result * sudo_sss_filter_result(struct sudo_sss_handle *handle, struct sss_sudo_result *in_res, int (*filterp)(struct sudo_sss_handle *, struct sss_sudo_rule *, void *), int act, void *filterp_arg) { struct sss_sudo_result *out_res; int i, l, r; debug_decl(sudo_sss_filter_result, SUDO_DEBUG_SSSD) sudo_debug_printf(SUDO_DEBUG_DEBUG, "in_res=%p, count=%u, act=%s", in_res, in_res->num_rules, act == _SUDO_SSS_FILTER_EXCLUDE ? "EXCLUDE" : "INCLUDE"); if (in_res == NULL) debug_return_ptr(NULL); sudo_debug_printf(SUDO_DEBUG_DEBUG, "emalloc: cnt=%d", in_res->num_rules); out_res = emalloc(sizeof(struct sss_sudo_result)); out_res->rules = in_res->num_rules > 0 ? emalloc2(in_res->num_rules, sizeof(struct sss_sudo_rule)) : NULL; out_res->num_rules = 0; for (i = l = 0; i < in_res->num_rules; ++i) { r = filterp(handle, in_res->rules + i, filterp_arg); if (( r && act == _SUDO_SSS_FILTER_INCLUDE) || (!r && act == _SUDO_SSS_FILTER_EXCLUDE)) { sudo_debug_printf(SUDO_DEBUG_DEBUG, "COPY (%s): %p[%u] => %p[%u] (= %p)", act == _SUDO_SSS_FILTER_EXCLUDE ? "not excluded" : "included", in_res->rules, i, out_res->rules, l, in_res->rules + i); sudo_sss_rulecpy(out_res->rules + l, in_res->rules + i); ++l; } } if (l < in_res->num_rules) { sudo_debug_printf(SUDO_DEBUG_DEBUG, "reallocating result: %p (count: %u -> %u)", out_res->rules, in_res->num_rules, l); if (l > 0) { out_res->rules = erealloc3(out_res->rules, l, sizeof(struct sss_sudo_rule)); } else { efree(out_res->rules); out_res->rules = NULL; } } out_res->num_rules = l; debug_return_ptr(out_res); } struct sudo_nss sudo_nss_sss = { { NULL, NULL }, sudo_sss_open, sudo_sss_close, sudo_sss_parse, sudo_sss_setdefs, sudo_sss_lookup, sudo_sss_display_cmnd, sudo_sss_display_defaults, sudo_sss_display_bound_defaults, sudo_sss_display_privs }; /* sudo_nss implementation */ // ok static int sudo_sss_open(struct sudo_nss *nss) { struct sudo_sss_handle *handle; static const char path[] = _PATH_SSSD_LIB"/libsss_sudo.so"; debug_decl(sudo_sss_open, SUDO_DEBUG_SSSD); /* Create a handle container. */ handle = emalloc(sizeof(struct sudo_sss_handle)); /* Load symbols */ handle->ssslib = sudo_dso_load(path, SUDO_DSO_LAZY); if (handle->ssslib == NULL) { warningx(U_("unable to load %s: %s"), path, sudo_dso_strerror()); warningx(U_("unable to initialize SSS source. Is SSSD installed on your machine?")); debug_return_int(EFAULT); } handle->fn_send_recv = sudo_dso_findsym(handle->ssslib, "sss_sudo_send_recv"); if (handle->fn_send_recv == NULL) { warningx(U_("unable to find symbol \"%s\" in %s"), path, "sss_sudo_send_recv"); debug_return_int(EFAULT); } handle->fn_send_recv_defaults = sudo_dso_findsym(handle->ssslib, "sss_sudo_send_recv_defaults"); if (handle->fn_send_recv_defaults == NULL) { warningx(U_("unable to find symbol \"%s\" in %s"), path, "sss_sudo_send_recv_defaults"); debug_return_int(EFAULT); } handle->fn_free_result = sudo_dso_findsym(handle->ssslib, "sss_sudo_free_result"); if (handle->fn_free_result == NULL) { warningx(U_("unable to find symbol \"%s\" in %s"), path, "sss_sudo_free_result"); debug_return_int(EFAULT); } handle->fn_get_values = sudo_dso_findsym(handle->ssslib, "sss_sudo_get_values"); if (handle->fn_get_values == NULL) { warningx(U_("unable to find symbol \"%s\" in %s"), path, "sss_sudo_get_values"); debug_return_int(EFAULT); } handle->fn_free_values = sudo_dso_findsym(handle->ssslib, "sss_sudo_free_values"); if (handle->fn_free_values == NULL) { warningx(U_("unable to find symbol \"%s\" in %s"), path, "sss_sudo_free_values"); debug_return_int(EFAULT); } handle->domainname = NULL; handle->pw = sudo_user.pw; nss->handle = handle; sudo_debug_printf(SUDO_DEBUG_DEBUG, "handle=%p", handle); debug_return_int(0); } // ok static int sudo_sss_close(struct sudo_nss *nss) { struct sudo_sss_handle *handle; debug_decl(sudo_sss_close, SUDO_DEBUG_SSSD); if (nss && nss->handle) { handle = nss->handle; sudo_dso_unload(handle->ssslib); efree(nss->handle); } debug_return_int(0); } // ok static int sudo_sss_parse(struct sudo_nss *nss) { debug_decl(sudo_sss_parse, SUDO_DEBUG_SSSD); debug_return_int(0); } static int sudo_sss_setdefs(struct sudo_nss *nss) { struct sudo_sss_handle *handle = nss->handle; struct sss_sudo_result *sss_result; struct sss_sudo_rule *sss_rule; uint32_t sss_error; int i; debug_decl(sudo_sss_setdefs, SUDO_DEBUG_SSSD); if (handle == NULL) debug_return_int(-1); sudo_debug_printf(SUDO_DEBUG_DIAG, "Looking for cn=defaults"); if (handle->fn_send_recv_defaults(handle->pw->pw_uid, handle->pw->pw_name, &sss_error, &handle->domainname, &sss_result) != 0) { sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_send_recv_defaults: != 0, sss_error=%u", sss_error); debug_return_int(-1); } if (sss_error == ENOENT) { sudo_debug_printf(SUDO_DEBUG_INFO, "The user was not found in SSSD."); debug_return_int(0); } else if(sss_error != 0) { sudo_debug_printf(SUDO_DEBUG_INFO, "sss_error=%u\n", sss_error); debug_return_int(-1); } for (i = 0; i < sss_result->num_rules; ++i) { sudo_debug_printf(SUDO_DEBUG_DIAG, "Parsing cn=defaults, %d/%d", i, sss_result->num_rules); sss_rule = sss_result->rules + i; sudo_sss_parse_options(handle, sss_rule); } handle->fn_free_result(sss_result); debug_return_int(0); } static int sudo_sss_checkpw(struct sudo_nss *nss, struct passwd *pw) { struct sudo_sss_handle *handle = nss->handle; debug_decl(sudo_sss_checkpw, SUDO_DEBUG_SSSD); if (pw->pw_name != handle->pw->pw_name || pw->pw_uid != handle->pw->pw_uid) { sudo_debug_printf(SUDO_DEBUG_DIAG, "Requested name or uid don't match the initial once, reinitializing..."); handle->pw = pw; if (sudo_sss_setdefs(nss) != 0) debug_return_int(-1); } debug_return_int(0); } static int sudo_sss_check_runas_user(struct sudo_sss_handle *handle, struct sss_sudo_rule *sss_rule) { char **val_array = NULL; char *val; int ret = false, i; debug_decl(sudo_sss_check_runas_user, SUDO_DEBUG_SSSD); if (!runas_pw) debug_return_int(UNSPEC); /* get the runas user from the entry */ switch (handle->fn_get_values(sss_rule, "sudoRunAsUser", &val_array)) { case 0: break; case ENOENT: sudo_debug_printf(SUDO_DEBUG_INFO, "No result. Trying old style (sudoRunAs)"); /* try old style */ switch (handle->fn_get_values(sss_rule, "sudoRunAs", &val_array)) { case 0: break; case ENOENT: sudo_debug_printf(SUDO_DEBUG_INFO, "No result. Matching against runas_default"); /* * If there are no runas entries, match runas_default against * what the user specified on the command line. */ return !strcasecmp(runas_pw->pw_name, def_runas_default); default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoRunAs): != 0"); debug_return_int(UNSPEC); } break; default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoRunAsUser): != 0"); debug_return_int(UNSPEC); } /* * BUG: * * if runas is not specified on the command line, the only information * as to which user to run as is in the runas_default option. We should * check to see if we have the local option present. Unfortunately we * don't parse these options until after this routine says yes or no. * The query has already returned, so we could peek at the attribute * values here though. * * For now just require users to always use -u option unless its set * in the global defaults. This behaviour is no different than the global * /etc/sudoers. * * Sigh - maybe add this feature later */ /* walk through values returned, looking for a match */ for (i = 0; val_array[i] != NULL && !ret; ++i) { val = val_array[i]; sudo_debug_printf(SUDO_DEBUG_DEBUG, "val[%d]=%s", i, val); switch (val[0]) { case '+': sudo_debug_printf(SUDO_DEBUG_DEBUG, "netgr_"); if (netgr_matches(val, NULL, NULL, runas_pw->pw_name)) { sudo_debug_printf(SUDO_DEBUG_DEBUG, "=> match"); ret = true; } break; case '%': sudo_debug_printf(SUDO_DEBUG_DEBUG, "usergr_"); if (usergr_matches(val, runas_pw->pw_name, runas_pw)) { sudo_debug_printf(SUDO_DEBUG_DEBUG, "=> match"); ret = true; } break; case 'A': if (strcmp(val, "ALL") == 0) { sudo_debug_printf(SUDO_DEBUG_DEBUG, "ALL => match"); ret = true; break; } /* FALLTHROUGH */ sudo_debug_printf(SUDO_DEBUG_DEBUG, "FALLTHROUGH"); default: if (userpw_matches(val, runas_pw->pw_name, runas_pw)) { sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s == %s (pw_name) => match", val, runas_pw->pw_name); ret = true; } break; } sudo_debug_printf(SUDO_DEBUG_INFO, "sssd/ldap sudoRunAsUser '%s' ... %s", val, ret ? "MATCH!" : "not"); } handle->fn_free_values(val_array); /* cleanup */ debug_return_int(ret); } static int sudo_sss_check_runas_group(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule) { char **val_array = NULL; char *val; int ret = false, i; debug_decl(sudo_sss_check_runas_group, SUDO_DEBUG_SSSD); /* runas_gr is only set if the user specified the -g flag */ if (!runas_gr) debug_return_int(UNSPEC); /* get the values from the entry */ switch (handle->fn_get_values(rule, "sudoRunAsGroup", &val_array)) { case 0: break; case ENOENT: sudo_debug_printf(SUDO_DEBUG_INFO, "No result."); debug_return_int(false); default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoRunAsGroup): != 0"); debug_return_int(UNSPEC); } /* walk through values returned, looking for a match */ for (i = 0; val_array[i] != NULL; ++i) { val = val_array[i]; sudo_debug_printf(SUDO_DEBUG_DEBUG, "val[%d]=%s", i, val); if (strcmp(val, "ALL") == 0 || group_matches(val, runas_gr)) ret = true; sudo_debug_printf(SUDO_DEBUG_INFO, "sssd/ldap sudoRunAsGroup '%s' ... %s", val, ret ? "MATCH!" : "not"); } handle->fn_free_values(val_array); debug_return_int(ret); } /* * Walk through search results and return true if we have a runas match, * else false. RunAs info is optional. */ static bool sudo_sss_check_runas(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule) { bool ret; debug_decl(sudo_sss_check_runas, SUDO_DEBUG_SSSD); if (rule == NULL) debug_return_bool(false); ret = sudo_sss_check_runas_user(handle, rule) != false && sudo_sss_check_runas_group(handle, rule) != false; debug_return_bool(ret); } static bool sudo_sss_check_host(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule) { char **val_array, *val; bool ret = false; int i; debug_decl(sudo_sss_check_host, SUDO_DEBUG_SSSD); if (rule == NULL) debug_return_bool(ret); /* get the values from the rule */ switch (handle->fn_get_values(rule, "sudoHost", &val_array)) { case 0: break; case ENOENT: sudo_debug_printf(SUDO_DEBUG_INFO, "No result."); debug_return_bool(false); default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoHost): != 0"); debug_return_bool(ret); } /* walk through values */ for (i = 0; val_array[i] != NULL; ++i) { val = val_array[i]; sudo_debug_printf(SUDO_DEBUG_DEBUG, "val[%d]=%s", i, val); /* match any or address or netgroup or hostname */ if (!strcmp(val, "ALL") || addr_matches(val) || netgr_matches(val, user_host, user_shost, NULL) || hostname_matches(user_shost, user_host, val)) ret = true; sudo_debug_printf(SUDO_DEBUG_INFO, "sssd/ldap sudoHost '%s' ... %s", val, ret ? "MATCH!" : "not"); } handle->fn_free_values(val_array); debug_return_bool(ret); } /* * Look for netgroup specifcations in the sudoUser attribute and * if found, filter according to netgroup membership. * returns: * true -> netgroup spec found && netgroup member * false -> netgroup spec found && not a member of netgroup * true -> netgroup spec not found (filtered by SSSD already, netgroups are an exception) */ static bool sudo_sss_filter_user_netgroup(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule) { bool ret = false, netgroup_spec_found = false; char **val_array, *val; int i; debug_decl(sudo_sss_filter_user_netgroup, SUDO_DEBUG_SSSD); if (!handle || !rule) debug_return_bool(ret); switch (handle->fn_get_values(rule, "sudoUser", &val_array)) { case 0: break; case ENOENT: sudo_debug_printf(SUDO_DEBUG_INFO, "No result."); debug_return_bool(ret); default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoUser): != 0"); debug_return_bool(ret); } for (i = 0; val_array[i] != NULL && !ret; ++i) { val = val_array[i]; if (*val == '+') { netgroup_spec_found = true; } sudo_debug_printf(SUDO_DEBUG_DEBUG, "val[%d]=%s", i, val); if (strcmp(val, "ALL") == 0 || netgr_matches(val, NULL, NULL, handle->pw->pw_name)) { ret = true; sudo_debug_printf(SUDO_DEBUG_DIAG, "sssd/ldap sudoUser '%s' ... MATCH! (%s)", val, handle->pw->pw_name); break; } } handle->fn_free_values(val_array); debug_return_bool(netgroup_spec_found ? ret : true); } static int sudo_sss_result_filterp(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule, void *unused) { (void)unused; debug_decl(sudo_sss_result_filterp, SUDO_DEBUG_SSSD); if (sudo_sss_check_host(handle, rule) && sudo_sss_filter_user_netgroup(handle, rule)) debug_return_int(1); else debug_return_int(0); } static struct sss_sudo_result * sudo_sss_result_get(struct sudo_nss *nss, struct passwd *pw, uint32_t *state) { struct sudo_sss_handle *handle = nss->handle; struct sss_sudo_result *u_sss_result, *f_sss_result; uint32_t sss_error = 0, ret; debug_decl(sudo_sss_result_get, SUDO_DEBUG_SSSD); if (sudo_sss_checkpw(nss, pw) != 0) debug_return_ptr(NULL); sudo_debug_printf(SUDO_DEBUG_DIAG, " username=%s", handle->pw->pw_name); sudo_debug_printf(SUDO_DEBUG_DIAG, "domainname=%s", handle->domainname ? handle->domainname : "NULL"); u_sss_result = f_sss_result = NULL; ret = handle->fn_send_recv(handle->pw->pw_uid, handle->pw->pw_name, handle->domainname, &sss_error, &u_sss_result); switch (ret) { case 0: switch (sss_error) { case 0: if (u_sss_result != NULL) { if (state != NULL) { sudo_debug_printf(SUDO_DEBUG_DEBUG, "state |= USERMATCH"); *state |= _SUDO_SSS_STATE_USERMATCH; } sudo_debug_printf(SUDO_DEBUG_INFO, "Received %u rule(s)", u_sss_result->num_rules); } else { sudo_debug_printf(SUDO_DEBUG_INFO, "Internal error: u_sss_result == NULL && sss_error == 0"); debug_return_ptr(NULL); } break; case ENOENT: sudo_debug_printf(SUDO_DEBUG_INFO, "The user was not found in SSSD."); default: sudo_debug_printf(SUDO_DEBUG_INFO, "sss_error=%u\n", sss_error); debug_return_ptr(NULL); } break; default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_send_recv: != 0: ret=%d", ret); debug_return_ptr(NULL); } f_sss_result = sudo_sss_filter_result(handle, u_sss_result, sudo_sss_result_filterp, _SUDO_SSS_FILTER_INCLUDE, NULL); if (f_sss_result != NULL) { if (f_sss_result->num_rules > 0) { if (state != NULL) { sudo_debug_printf(SUDO_DEBUG_DEBUG, "state |= HOSTMATCH"); *state |= _SUDO_SSS_STATE_HOSTMATCH; } } sudo_debug_printf(SUDO_DEBUG_DEBUG, "u_sss_result=(%p, %u) => f_sss_result=(%p, %u)", u_sss_result, u_sss_result->num_rules, f_sss_result, f_sss_result->num_rules); } else { sudo_debug_printf(SUDO_DEBUG_DEBUG, "u_sss_result=(%p, %u) => f_sss_result=NULL", u_sss_result, u_sss_result->num_rules); } handle->fn_free_result(u_sss_result); debug_return_ptr(f_sss_result); } /* * Search for boolean "option" in sudoOption. * Returns true if found and allowed, false if negated, else UNSPEC. */ static int sudo_sss_check_bool(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule, char *option) { char ch, *var, **val_array = NULL; int i, ret = UNSPEC; debug_decl(sudo_sss_check_bool, SUDO_DEBUG_SSSD); if (rule == NULL) debug_return_int(ret); switch (handle->fn_get_values(rule, "sudoOption", &val_array)) { case 0: break; case ENOENT: sudo_debug_printf(SUDO_DEBUG_INFO, "No result."); debug_return_int(ret); default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values: != 0"); debug_return_int(ret); } /* walk through options */ for (i = 0; val_array[i] != NULL; ++i) { var = val_array[i]; sudo_debug_printf(SUDO_DEBUG_INFO, "sssd/ldap sudoOption: '%s'", var); if ((ch = *var) == '!') var++; if (strcmp(var, option) == 0) ret = (ch != '!'); } handle->fn_free_values(val_array); debug_return_int(ret); } /* * If a digest prefix is present, fills in struct sudo_digest * and returns a pointer to it, updating cmnd to point to the * command after the digest. */ static struct sudo_digest * sudo_sss_extract_digest(char **cmnd, struct sudo_digest *digest) { char *ep, *cp = *cmnd; int digest_type = SUDO_DIGEST_INVALID; debug_decl(sudo_sss_check_command, SUDO_DEBUG_LDAP) /* * Check for and extract a digest prefix, e.g. * sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1 /bin/ls */ if (cp[0] == 's' && cp[1] == 'h' && cp[2] == 'a') { switch (cp[3]) { case '2': if (cp[4] == '2' && cp[5] == '4') digest_type = SUDO_DIGEST_SHA224; else if (cp[4] == '5' && cp[5] == '6') digest_type = SUDO_DIGEST_SHA256; break; case '3': if (cp[4] == '8' && cp[5] == '4') digest_type = SUDO_DIGEST_SHA384; break; case '5': if (cp[4] == '1' && cp[5] == '2') digest_type = SUDO_DIGEST_SHA512; break; } if (digest_type != SUDO_DIGEST_INVALID) { cp += 6; while (isblank((unsigned char)*cp)) cp++; if (*cp == ':') { cp++; while (isblank((unsigned char)*cp)) cp++; ep = cp; while (*ep != '\0' && !isblank((unsigned char)*ep)) ep++; if (*ep != '\0') { digest->digest_type = digest_type; digest->digest_str = estrndup(cp, (size_t)(ep - cp)); cp = ep + 1; while (isblank((unsigned char)*cp)) cp++; *cmnd = cp; sudo_debug_printf(SUDO_DEBUG_INFO, "%s digest %s for %s", digest_type == SUDO_DIGEST_SHA224 ? "sha224" : digest_type == SUDO_DIGEST_SHA256 ? "sha256" : digest_type == SUDO_DIGEST_SHA384 ? "sha384" : "sha512", digest->digest_str, cp); debug_return_ptr(digest); } } } } debug_return_ptr(NULL); } /* * Walk through search results and return true if we have a command match, * false if disallowed and UNSPEC if not matched. */ static int sudo_sss_check_command(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule, int *setenv_implied) { char **val_array = NULL, *val; char *allowed_cmnd, *allowed_args; int i, foundbang, ret = UNSPEC; struct sudo_digest digest, *allowed_digest = NULL; debug_decl(sudo_sss_check_command, SUDO_DEBUG_SSSD); if (rule == NULL) debug_return_int(ret); switch (handle->fn_get_values(rule, "sudoCommand", &val_array)) { case 0: break; case ENOENT: sudo_debug_printf(SUDO_DEBUG_INFO, "No result."); debug_return_int(ret); default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values: != 0"); debug_return_int(ret); } for (i = 0; val_array[i] != NULL && ret != false; ++i) { val = val_array[i]; sudo_debug_printf(SUDO_DEBUG_DEBUG, "val[%d]=%s", i, val); /* Match against ALL ? */ if (!strcmp(val, "ALL")) { ret = true; if (setenv_implied != NULL) *setenv_implied = true; sudo_debug_printf(SUDO_DEBUG_INFO, "sssd/ldap sudoCommand '%s' ... MATCH!", val); continue; } /* check for sha-2 digest */ allowed_digest = sudo_sss_extract_digest(&val, &digest); /* check for !command */ if (*val == '!') { foundbang = true; allowed_cmnd = estrdup(1 + val); /* !command */ } else { foundbang = false; allowed_cmnd = estrdup(val); /* command */ } /* split optional args away from command */ allowed_args = strchr(allowed_cmnd, ' '); if (allowed_args) *allowed_args++ = '\0'; /* check the command like normal */ if (command_matches(allowed_cmnd, allowed_args, NULL)) { /* * If allowed (no bang) set ret but keep on checking. * If disallowed (bang), exit loop. */ ret = foundbang ? false : true; } sudo_debug_printf(SUDO_DEBUG_INFO, "sssd/ldap sudoCommand '%s' ... %s", val, ret == true ? "MATCH!" : "not"); efree(allowed_cmnd); /* cleanup */ } handle->fn_free_values(val_array); /* more cleanup */ debug_return_int(ret); } static void sudo_sss_parse_options(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule) { int i; char op, *v, *val; char **val_array = NULL; debug_decl(sudo_sss_parse_options, SUDO_DEBUG_SSSD); if (rule == NULL) debug_return; switch (handle->fn_get_values(rule, "sudoOption", &val_array)) { case 0: break; case ENOENT: sudo_debug_printf(SUDO_DEBUG_INFO, "No result."); debug_return; default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoOption): != 0"); debug_return; } /* walk through options */ for (i = 0; val_array[i] != NULL; i++) { sudo_debug_printf(SUDO_DEBUG_INFO, "sssd/ldap sudoOption: '%s'", val_array[i]); v = estrdup(val_array[i]); /* check for equals sign past first char */ val = strchr(v, '='); if (val > v) { *val++ = '\0'; /* split on = and truncate var */ op = *(val - 2); /* peek for += or -= cases */ if (op == '+' || op == '-') { *(val - 2) = '\0'; /* found, remove extra char */ /* case var+=val or var-=val */ set_default(v, val, (int) op); } else { /* case var=val */ set_default(v, val, true); } } else if (*v == '!') { /* case !var Boolean False */ set_default(v + 1, NULL, false); } else { /* case var Boolean True */ set_default(v, NULL, true); } efree(v); } handle->fn_free_values(val_array); debug_return; } static int sudo_sss_lookup(struct sudo_nss *nss, int ret, int pwflag) { int rc, setenv_implied; struct sudo_sss_handle *handle = nss->handle; struct sss_sudo_result *sss_result = NULL; struct sss_sudo_rule *rule; uint32_t i, state = 0; debug_decl(sudo_sss_lookup, SUDO_DEBUG_SSSD); /* Fetch list of sudoRole entries that match user and host. */ sss_result = sudo_sss_result_get(nss, sudo_user.pw, &state); /* * The following queries are only determine whether or not a * password is required, so the order of the entries doesn't matter. */ if (pwflag) { int doauth = UNSPEC; int matched = UNSPEC; enum def_tuple pwcheck = (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple; sudo_debug_printf(SUDO_DEBUG_INFO, "perform search for pwflag %d", pwflag); if (sss_result != NULL) { for (i = 0; i < sss_result->num_rules; i++) { rule = sss_result->rules + i; if ((pwcheck == any && doauth != false) || (pwcheck == all && doauth == false)) { doauth = sudo_sss_check_bool(handle, rule, "authenticate"); } /* Only check the command when listing another user. */ if (user_uid == 0 || list_pw == NULL || user_uid == list_pw->pw_uid || sudo_sss_check_command(handle, rule, NULL)) { matched = true; break; } } } if (matched || user_uid == 0) { SET(ret, VALIDATE_OK); CLR(ret, VALIDATE_NOT_OK); if (def_authenticate) { switch (pwcheck) { case always: SET(ret, FLAG_CHECK_USER); break; case all: case any: if (doauth == false) def_authenticate = false; break; case never: def_authenticate = false; break; default: break; } } } goto done; } sudo_debug_printf(SUDO_DEBUG_DIAG, "searching SSSD/LDAP for sudoers entries"); setenv_implied = false; if (sss_result != NULL) { for (i = 0; i < sss_result->num_rules; i++) { rule = sss_result->rules + i; if (!sudo_sss_check_runas(handle, rule)) continue; rc = sudo_sss_check_command(handle, rule, &setenv_implied); if (rc != UNSPEC) { /* We have a match. */ sudo_debug_printf(SUDO_DEBUG_DIAG, "Command %sallowed", rc == true ? "" : "NOT "); if (rc == true) { sudo_debug_printf(SUDO_DEBUG_DEBUG, "SSSD rule: %p", rule); /* Apply entry-specific options. */ if (setenv_implied) def_setenv = true; sudo_sss_parse_options(handle, rule); #ifdef HAVE_SELINUX /* Set role and type if not specified on command line. */ if (user_role == NULL) user_role = def_role; if (user_type == NULL) user_type = def_type; #endif /* HAVE_SELINUX */ SET(ret, VALIDATE_OK); CLR(ret, VALIDATE_NOT_OK); } else { SET(ret, VALIDATE_NOT_OK); CLR(ret, VALIDATE_OK); } break; } } } done: sudo_debug_printf(SUDO_DEBUG_DIAG, "Done with LDAP searches"); if (!ISSET(ret, VALIDATE_OK)) { /* No matching entries. */ if (pwflag && list_pw == NULL) SET(ret, FLAG_NO_CHECK); } if (state & _SUDO_SSS_STATE_USERMATCH) CLR(ret, FLAG_NO_USER); if (state & _SUDO_SSS_STATE_HOSTMATCH) CLR(ret, FLAG_NO_HOST); sudo_debug_printf(SUDO_DEBUG_DEBUG, "sudo_sss_lookup(%d)=0x%02x", pwflag, ret); debug_return_int(ret); } static int sudo_sss_display_cmnd(struct sudo_nss *nss, struct passwd *pw) { struct sudo_sss_handle *handle = nss->handle; struct sss_sudo_result *sss_result = NULL; struct sss_sudo_rule *rule; int i, found = false; debug_decl(sudo_sss_display_cmnd, SUDO_DEBUG_SSSD); if (handle == NULL) goto done; if (sudo_sss_checkpw(nss, pw) != 0) debug_return_int(-1); /* * The sudo_sss_result_get() function returns all nodes that match * the user and the host. */ sudo_debug_printf(SUDO_DEBUG_DIAG, "sssd/ldap search for command list"); sss_result = sudo_sss_result_get(nss, pw, NULL); if (sss_result == NULL) goto done; for (i = 0; i < sss_result->num_rules; i++) { rule = sss_result->rules + i; if (sudo_sss_check_command(handle, rule, NULL) && sudo_sss_check_runas(handle, rule)) { found = true; goto done; } } done: if (found) printf("%s%s%s\n", safe_cmnd ? safe_cmnd : user_cmnd, user_args ? " " : "", user_args ? user_args : ""); if (sss_result != NULL) handle->fn_free_result(sss_result); debug_return_int(!found); } static int sudo_sss_display_defaults(struct sudo_nss *nss, struct passwd *pw, struct lbuf *lbuf) { struct sudo_sss_handle *handle = nss->handle; struct sss_sudo_rule *rule; struct sss_sudo_result *sss_result = NULL; uint32_t sss_error = 0; char *prefix, *val, **val_array = NULL; int count = 0, i, j; debug_decl(sudo_sss_display_defaults, SUDO_DEBUG_SSSD); if (handle == NULL) goto done; if (handle->fn_send_recv_defaults(pw->pw_uid, pw->pw_name, &sss_error, &handle->domainname, &sss_result) != 0) { sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_send_recv_defaults: !=0, sss_error=%u", sss_error); goto done; } if (sss_error == ENOENT) { sudo_debug_printf(SUDO_DEBUG_INFO, "The user was not found in SSSD."); goto done; } else if(sss_error != 0) { sudo_debug_printf(SUDO_DEBUG_INFO, "sss_error=%u\n", sss_error); goto done; } handle->pw = pw; for (i = 0; i < sss_result->num_rules; ++i) { rule = sss_result->rules + i; switch (handle->fn_get_values(rule, "sudoOption", &val_array)) { case 0: break; case ENOENT: sudo_debug_printf(SUDO_DEBUG_INFO, "No result."); continue; default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values: != 0"); continue; } if (lbuf->len == 0 || isspace((unsigned char)lbuf->buf[lbuf->len - 1])) prefix = " "; else prefix = ", "; for (j = 0; val_array[j] != NULL; ++j) { val = val_array[j]; lbuf_append(lbuf, "%s%s", prefix, val); prefix = ", "; count++; } handle->fn_free_values(val_array); val_array = NULL; } handle->fn_free_result(sss_result); done: debug_return_int(count); } // ok static int sudo_sss_display_bound_defaults(struct sudo_nss *nss, struct passwd *pw, struct lbuf *lbuf) { debug_decl(sudo_sss_display_bound_defaults, SUDO_DEBUG_SSSD); debug_return_int(0); } static int sudo_sss_display_entry_long(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule, struct lbuf *lbuf) { char **val_array = NULL; int count = 0, i; debug_decl(sudo_sss_display_entry_long, SUDO_DEBUG_SSSD); /* get the RunAsUser Values from the entry */ lbuf_append(lbuf, " RunAsUsers: "); switch (handle->fn_get_values(rule, "sudoRunAsUser", &val_array)) { case 0: for (i = 0; val_array[i] != NULL; ++i) lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]); handle->fn_free_values(val_array); break; case ENOENT: switch (handle->fn_get_values(rule, "sudoRunAs", &val_array)) { case 0: for (i = 0; val_array[i] != NULL; ++i) lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]); handle->fn_free_values(val_array); break; case ENOENT: sudo_debug_printf(SUDO_DEBUG_INFO, "No result."); lbuf_append(lbuf, "%s", def_runas_default); break; default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoRunAs): != 0"); debug_return_int(count); } break; default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoRunAsUser): != 0"); debug_return_int(count); } lbuf_append(lbuf, "\n"); /* get the RunAsGroup Values from the entry */ switch (handle->fn_get_values(rule, "sudoRunAsGroup", &val_array)) { case 0: lbuf_append(lbuf, " RunAsGroups: "); for (i = 0; val_array[i] != NULL; ++i) lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]); handle->fn_free_values(val_array); lbuf_append(lbuf, "\n"); break; case ENOENT: sudo_debug_printf(SUDO_DEBUG_INFO, "No result."); break; default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoRunAsGroup): != 0"); debug_return_int(count); } /* get the Option Values from the entry */ switch (handle->fn_get_values(rule, "sudoOption", &val_array)) { case 0: lbuf_append(lbuf, " Options: "); for (i = 0; val_array[i] != NULL; ++i) lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]); handle->fn_free_values(val_array); lbuf_append(lbuf, "\n"); break; case ENOENT: sudo_debug_printf(SUDO_DEBUG_INFO, "No result."); break; default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoOption): != 0"); debug_return_int(count); } /* Get the command values from the entry. */ switch (handle->fn_get_values(rule, "sudoCommand", &val_array)) { case 0: lbuf_append(lbuf, _(" Commands:\n")); for (i = 0; val_array[i] != NULL; ++i) { lbuf_append(lbuf, "\t%s\n", val_array[i]); count++; } handle->fn_free_values(val_array); break; case ENOENT: sudo_debug_printf(SUDO_DEBUG_INFO, "No result."); break; default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoCommand): != 0"); debug_return_int(count); } debug_return_int(count); } static int sudo_sss_display_entry_short(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule, struct lbuf *lbuf) { char **val_array = NULL; int count = 0, i; debug_decl(sudo_sss_display_entry_short, SUDO_DEBUG_SSSD); lbuf_append(lbuf, " ("); /* get the RunAsUser Values from the entry */ switch (handle->fn_get_values(rule, "sudoRunAsUser", &val_array)) { case 0: for (i = 0; val_array[i] != NULL; ++i) lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]); handle->fn_free_values(val_array); break; case ENOENT: sudo_debug_printf(SUDO_DEBUG_INFO, "No result. Trying old style (sudoRunAs)."); /* try old style */ switch (handle->fn_get_values(rule, "sudoRunAs", &val_array)) { case 0: for (i = 0; val_array[i] != NULL; ++i) lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]); handle->fn_free_values(val_array); break; case ENOENT: sudo_debug_printf(SUDO_DEBUG_INFO, "No result."); lbuf_append(lbuf, "%s", def_runas_default); break; default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoRunAs): != 0"); debug_return_int(count); } break; default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoRunAsUser): != 0"); debug_return_int(count); } /* get the RunAsGroup Values from the entry */ switch (handle->fn_get_values(rule, "sudoRunAsGroup", &val_array)) { case 0: lbuf_append(lbuf, " : "); for (i = 0; val_array[i] != NULL; ++i) lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]); handle->fn_free_values(val_array); break; case ENOENT: sudo_debug_printf(SUDO_DEBUG_INFO, "No result."); break; default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoRunAsGroup): != 0"); debug_return_int(count); } lbuf_append(lbuf, ") "); /* get the Option Values from the entry */ switch (handle->fn_get_values(rule, "sudoOption", &val_array)) { case 0: for (i = 0; val_array[i] != NULL; ++i) { char *cp = val_array[i]; if (*cp == '!') cp++; if (strcmp(cp, "authenticate") == 0) lbuf_append(lbuf, val_array[i][0] == '!' ? "NOPASSWD: " : "PASSWD: "); else if (strcmp(cp, "noexec") == 0) lbuf_append(lbuf, val_array[i][0] == '!' ? "EXEC: " : "NOEXEC: "); else if (strcmp(cp, "setenv") == 0) lbuf_append(lbuf, val_array[i][0] == '!' ? "NOSETENV: " : "SETENV: "); } handle->fn_free_values(val_array); break; case ENOENT: sudo_debug_printf(SUDO_DEBUG_INFO, "No result."); break; default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoOption): != 0"); debug_return_int(count); } /* get the Command Values from the entry */ switch (handle->fn_get_values(rule, "sudoCommand", &val_array)) { case 0: for (i = 0; val_array[i] != NULL; ++i) { lbuf_append(lbuf, "%s%s", i != 0 ? ", " : "", val_array[i]); count++; } handle->fn_free_values(val_array); break; case ENOENT: sudo_debug_printf(SUDO_DEBUG_INFO, "No result."); break; default: sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoCommand): != 0"); debug_return_int(count); } lbuf_append(lbuf, "\n"); debug_return_int(count); } static int sudo_sss_display_privs(struct sudo_nss *nss, struct passwd *pw, struct lbuf *lbuf) { struct sudo_sss_handle *handle = nss->handle; struct sss_sudo_result *sss_result = NULL; struct sss_sudo_rule *rule; unsigned int i, count = 0; debug_decl(sudo_sss_display_privs, SUDO_DEBUG_SSSD); if (handle == NULL) debug_return_int(-1); if (sudo_sss_checkpw(nss, pw) != 0) debug_return_int(-1); sudo_debug_printf(SUDO_DEBUG_INFO, "sssd/ldap search for command list"); sss_result = sudo_sss_result_get(nss, pw, NULL); if (sss_result == NULL) debug_return_int(count); /* Display all matching entries. */ for (i = 0; i < sss_result->num_rules; ++i) { rule = sss_result->rules + i; if (long_list) count += sudo_sss_display_entry_long(handle, rule, lbuf); else count += sudo_sss_display_entry_short(handle, rule, lbuf); } if (sss_result != NULL) handle->fn_free_result(sss_result); debug_return_int(count); } sudo-1.8.9p5/plugins/sudoers/sudo_nss.c010064400175440000012000000220001227253431700175120ustar00millertstaff/* * Copyright (c) 2007-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include "sudoers.h" #include "lbuf.h" extern struct sudo_nss sudo_nss_file; #ifdef HAVE_LDAP extern struct sudo_nss sudo_nss_ldap; #endif #ifdef HAVE_SSSD extern struct sudo_nss sudo_nss_sss; #endif #if (defined(HAVE_LDAP) || defined(HAVE_SSSD)) && defined(_PATH_NSSWITCH_CONF) /* * Read in /etc/nsswitch.conf * Returns a tail queue of matches. */ struct sudo_nss_list * sudo_read_nss(void) { FILE *fp; char *cp, *line = NULL; size_t linesize = 0; #ifdef HAVE_SSSD bool saw_sss = false; #endif bool saw_files = false; bool saw_ldap = false; bool got_match = false; static struct sudo_nss_list snl = TAILQ_HEAD_INITIALIZER(snl); debug_decl(sudo_read_nss, SUDO_DEBUG_NSS) if ((fp = fopen(_PATH_NSSWITCH_CONF, "r")) == NULL) goto nomatch; while (sudo_parseln(&line, &linesize, NULL, fp) != -1) { /* Skip blank or comment lines */ if (*line == '\0') continue; /* Look for a line starting with "sudoers:" */ if (strncasecmp(line, "sudoers:", 8) != 0) continue; /* Parse line */ for ((cp = strtok(line + 8, " \t")); cp != NULL; (cp = strtok(NULL, " \t"))) { if (strcasecmp(cp, "files") == 0 && !saw_files) { TAILQ_INSERT_TAIL(&snl, &sudo_nss_file, entries); got_match = true; #ifdef HAVE_LDAP } else if (strcasecmp(cp, "ldap") == 0 && !saw_ldap) { TAILQ_INSERT_TAIL(&snl, &sudo_nss_ldap, entries); got_match = true; #endif #ifdef HAVE_SSSD } else if (strcasecmp(cp, "sss") == 0 && !saw_sss) { TAILQ_INSERT_TAIL(&snl, &sudo_nss_sss, entries); got_match = true; #endif } else if (strcasecmp(cp, "[NOTFOUND=return]") == 0 && got_match) { /* NOTFOUND affects the most recent entry */ TAILQ_LAST(&snl, sudo_nss_list)->ret_if_notfound = true; got_match = false; } else if (strcasecmp(cp, "[SUCCESS=return]") == 0 && got_match) { /* SUCCESS affects the most recent entry */ TAILQ_LAST(&snl, sudo_nss_list)->ret_if_found = true; got_match = false; } else got_match = false; } /* Only parse the first "sudoers:" line */ break; } free(line); fclose(fp); nomatch: /* Default to files only if no matches */ if (TAILQ_EMPTY(&snl)) TAILQ_INSERT_TAIL(&snl, &sudo_nss_file, entries); debug_return_ptr(&snl); } #else /* (HAVE_LDAP || HAVE_SSSD) && _PATH_NSSWITCH_CONF */ # if (defined(HAVE_LDAP) || defined(HAVE_SSSD)) && defined(_PATH_NETSVC_CONF) /* * Read in /etc/netsvc.conf (like nsswitch.conf on AIX) * Returns a tail queue of matches. */ struct sudo_nss_list * sudo_read_nss(void) { FILE *fp; char *cp, *ep, *line = NULL; size_t linesize = 0; #ifdef HAVE_SSSD bool saw_sss = false; #endif bool saw_files = false; bool saw_ldap = false; bool got_match = false; static struct sudo_nss_list snl = TAILQ_HEAD_INITIALIZER(snl); debug_decl(sudo_read_nss, SUDO_DEBUG_NSS) if ((fp = fopen(_PATH_NETSVC_CONF, "r")) == NULL) goto nomatch; while (sudo_parseln(&line, &linesize, NULL, fp) != -1) { /* Skip blank or comment lines */ if (*(cp = line) == '\0') continue; /* Look for a line starting with "sudoers = " */ if (strncasecmp(cp, "sudoers", 7) != 0) continue; cp += 7; while (isspace((unsigned char)*cp)) cp++; if (*cp++ != '=') continue; /* Parse line */ for ((cp = strtok(cp, ",")); cp != NULL; (cp = strtok(NULL, ","))) { /* Trim leading whitespace. */ while (isspace((unsigned char)*cp)) cp++; if (!saw_files && strncasecmp(cp, "files", 5) == 0 && (isspace((unsigned char)cp[5]) || cp[5] == '\0')) { TAILQ_INSERT_TAIL(&snl, &sudo_nss_file, entries); got_match = true; ep = &cp[5]; #ifdef HAVE_LDAP } else if (!saw_ldap && strncasecmp(cp, "ldap", 4) == 0 && (isspace((unsigned char)cp[4]) || cp[4] == '\0')) { TAILQ_INSERT_TAIL(&snl, &sudo_nss_ldap, entries); got_match = true; ep = &cp[4]; #endif #ifdef HAVE_SSSD } else if (!saw_sss && strncasecmp(cp, "sss", 3) == 0 && (isspace((unsigned char)cp[3]) || cp[3] == '\0')) { TAILQ_INSERT_TAIL(&snl, &sudo_nss_sss, entries); got_match = true; ep = &cp[3]; #endif } else { got_match = false; } /* check for = auth qualifier */ if (got_match && *ep) { cp = ep; while (isspace((unsigned char)*cp) || *cp == '=') cp++; if (strncasecmp(cp, "auth", 4) == 0 && (isspace((unsigned char)cp[4]) || cp[4] == '\0')) { TAILQ_LAST(&snl, sudo_nss_list)->ret_if_found = true; } } } /* Only parse the first "sudoers" line */ break; } fclose(fp); nomatch: /* Default to files only if no matches */ if (TAILQ_EMPTY(&snl)) TAILQ_INSERT_TAIL(&snl, &sudo_nss_file, entries); debug_return_ptr(&snl); } # else /* !_PATH_NETSVC_CONF && !_PATH_NSSWITCH_CONF */ /* * Non-nsswitch.conf version with hard-coded order. */ struct sudo_nss_list * sudo_read_nss(void) { static struct sudo_nss_list snl = TAILQ_HEAD_INITIALIZER(snl); debug_decl(sudo_read_nss, SUDO_DEBUG_NSS) # ifdef HAVE_SSSD TAILQ_INSERT_TAIL(&snl, &sudo_nss_sss, entries); # endif # ifdef HAVE_LDAP TAILQ_INSERT_TAIL(&snl, &sudo_nss_ldap, entries); # endif TAILQ_INSERT_TAIL(&snl, &sudo_nss_file, entries); debug_return_ptr(&snl); } # endif /* !HAVE_LDAP || !_PATH_NETSVC_CONF */ #endif /* HAVE_LDAP && _PATH_NSSWITCH_CONF */ static int output(const char *buf) { struct sudo_conv_message msg; struct sudo_conv_reply repl; debug_decl(output, SUDO_DEBUG_NSS) /* Call conversation function */ memset(&msg, 0, sizeof(msg)); msg.msg_type = SUDO_CONV_INFO_MSG; msg.msg = buf; memset(&repl, 0, sizeof(repl)); if (sudo_conv(1, &msg, &repl) == -1) debug_return_int(0); debug_return_int(strlen(buf)); } /* * Print out privileges for the specified user. * We only get here if the user is allowed to run something. */ void display_privs(struct sudo_nss_list *snl, struct passwd *pw) { struct sudo_nss *nss; struct lbuf defs, privs; struct stat sb; int cols, count, olen; debug_decl(display_privs, SUDO_DEBUG_NSS) cols = sudo_user.cols; if (fstat(STDOUT_FILENO, &sb) == 0 && S_ISFIFO(sb.st_mode)) cols = 0; lbuf_init(&defs, output, 4, NULL, cols); lbuf_init(&privs, output, 8, NULL, cols); /* Display defaults from all sources. */ lbuf_append(&defs, _("Matching Defaults entries for %s on %s:\n"), pw->pw_name, user_srunhost); count = 0; TAILQ_FOREACH(nss, snl, entries) { count += nss->display_defaults(nss, pw, &defs); } if (count) lbuf_append(&defs, "\n\n"); else defs.len = 0; /* Display Runas and Cmnd-specific defaults from all sources. */ olen = defs.len; lbuf_append(&defs, _("Runas and Command-specific defaults for %s:\n"), pw->pw_name); count = 0; TAILQ_FOREACH(nss, snl, entries) { count += nss->display_bound_defaults(nss, pw, &defs); } if (count) lbuf_append(&defs, "\n\n"); else defs.len = olen; /* Display privileges from all sources. */ lbuf_append(&privs, _("User %s may run the following commands on %s:\n"), pw->pw_name, user_srunhost); count = 0; TAILQ_FOREACH(nss, snl, entries) { count += nss->display_privs(nss, pw, &privs); } if (count == 0) { defs.len = 0; privs.len = 0; lbuf_append(&privs, _("User %s is not allowed to run sudo on %s.\n"), pw->pw_name, user_shost); } lbuf_print(&defs); lbuf_print(&privs); lbuf_destroy(&defs); lbuf_destroy(&privs); debug_return; } /* * Check user_cmnd against sudoers and print the matching entry if the * command is allowed. * Returns true if the command is allowed, else false. */ bool display_cmnd(struct sudo_nss_list *snl, struct passwd *pw) { struct sudo_nss *nss; debug_decl(display_cmnd, SUDO_DEBUG_NSS) TAILQ_FOREACH(nss, snl, entries) { if (nss->display_cmnd(nss, pw) == 0) debug_return_bool(true); } debug_return_bool(false); } sudo-1.8.9p5/plugins/sudoers/sudo_nss.h010064400175440000012000000031651226304126600175260ustar00millertstaff/* * Copyright (c) 2007-2011, 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDOERS_NSS_H #define _SUDOERS_NSS_H struct lbuf; struct passwd; struct sudo_nss { TAILQ_ENTRY(sudo_nss) entries; int (*open)(struct sudo_nss *nss); int (*close)(struct sudo_nss *nss); int (*parse)(struct sudo_nss *nss); int (*setdefs)(struct sudo_nss *nss); int (*lookup)(struct sudo_nss *nss, int, int); int (*display_cmnd)(struct sudo_nss *nss, struct passwd *); int (*display_defaults)(struct sudo_nss *nss, struct passwd *, struct lbuf *); int (*display_bound_defaults)(struct sudo_nss *nss, struct passwd *, struct lbuf *); int (*display_privs)(struct sudo_nss *nss, struct passwd *, struct lbuf *); void *handle; short ret_if_found; short ret_if_notfound; }; TAILQ_HEAD(sudo_nss_list, sudo_nss); struct sudo_nss_list *sudo_read_nss(void); #endif /* _SUDOERS_NSS_H */ sudo-1.8.9p5/plugins/sudoers/sudoers.c010064400175440000012000000715071226304127700173570ustar00millertstaff/* * Copyright (c) 1993-1996, 1998-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #define _SUDO_MAIN #ifdef __TANDEM # include #endif #include #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include #include #include #include #ifdef HAVE_LOGIN_CAP_H # include # ifndef LOGIN_DEFROOTCLASS # define LOGIN_DEFROOTCLASS "daemon" # endif # ifndef LOGIN_SETENV # define LOGIN_SETENV 0 # endif #endif #ifdef HAVE_SELINUX # include #endif #include #ifndef HAVE_GETADDRINFO # include "compat/getaddrinfo.h" #endif #include "sudoers.h" #include "auth/sudo_auth.h" #include "secure_path.h" /* * Prototypes */ static char *find_editor(int nfiles, char **files, char ***argv_out); static int cb_runas_default(const char *); static int cb_sudoers_locale(const char *); static int set_cmnd(void); static void create_admin_success_flag(void); static void init_vars(char * const *); static void set_fqdn(void); static void set_loginclass(struct passwd *); static void set_runasgr(const char *); static void set_runaspw(const char *); static bool tty_present(void); /* * Globals */ struct sudo_user sudo_user; struct passwd *list_pw; int long_list; uid_t timestamp_uid; #ifdef HAVE_BSD_AUTH_H char *login_style; #endif /* HAVE_BSD_AUTH_H */ int sudo_mode; static char *prev_user; static char *runas_user; static char *runas_group; static struct sudo_nss_list *snl; /* XXX - must be extern for audit bits of sudo_auth.c */ int NewArgc; char **NewArgv; int sudoers_policy_init(void *info, char * const envp[]) { volatile int sources = 0; struct sudo_nss *nss, *nss_next; debug_decl(sudoers_policy_init, SUDO_DEBUG_PLUGIN) bindtextdomain("sudoers", LOCALEDIR); sudo_setpwent(); sudo_setgrent(); /* Register fatal/fatalx callback. */ fatal_callback_register(sudoers_cleanup); /* Initialize environment functions (including replacements). */ env_init(envp); /* Setup defaults data structures. */ init_defaults(); /* Parse info from front-end. */ sudo_mode = sudoers_policy_deserialize_info(info, &runas_user, &runas_group); init_vars(envp); /* XXX - move this later? */ /* Parse nsswitch.conf for sudoers order. */ snl = sudo_read_nss(); /* LDAP or NSS may modify the euid so we need to be root for the open. */ set_perms(PERM_ROOT); /* Open and parse sudoers, set global defaults */ TAILQ_FOREACH_SAFE(nss, snl, entries, nss_next) { if (nss->open(nss) == 0 && nss->parse(nss) == 0) { sources++; if (nss->setdefs(nss) != 0) log_warning(NO_STDERR, N_("problem with defaults entries")); } else { TAILQ_REMOVE(snl, nss, entries); } } if (sources == 0) { warningx(U_("no valid sudoers sources found, quitting")); debug_return_bool(-1); } /* XXX - collect post-sudoers parse settings into a function */ /* * Initialize external group plugin, if any. */ if (def_group_plugin) { if (group_plugin_load(def_group_plugin) != true) def_group_plugin = NULL; } /* * Set runas passwd/group entries based on command line or sudoers. * Note that if runas_group was specified without runas_user we * defer setting runas_pw so the match routines know to ignore it. */ /* XXX - qpm4u does more here as it may have already set runas_pw */ if (runas_group != NULL) { set_runasgr(runas_group); if (runas_user != NULL) set_runaspw(runas_user); } else set_runaspw(runas_user ? runas_user : def_runas_default); if (!update_defaults(SETDEF_RUNAS)) log_warning(NO_STDERR, N_("problem with defaults entries")); if (def_fqdn) set_fqdn(); /* deferred until after sudoers is parsed */ /* Set login class if applicable. */ set_loginclass(runas_pw ? runas_pw : sudo_user.pw); restore_perms(); debug_return_bool(true); } int sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], void *closure) { char **edit_argv = NULL; char *iolog_path = NULL; mode_t cmnd_umask = 0777; struct sudo_nss *nss; int cmnd_status = -1, oldlocale, validated; volatile int rval = true; debug_decl(sudoers_policy_main, SUDO_DEBUG_PLUGIN) /* XXX - would like to move this to policy.c but need the cleanup. */ if (fatal_setjmp() != 0) { /* error recovery via fatal(), fatalx() or log_fatal() */ rval = -1; goto done; } /* Is root even allowed to run sudo? */ if (user_uid == 0 && !def_root_sudo) { warningx(U_("sudoers specifies that root is not allowed to sudo")); goto bad; } set_perms(PERM_INITIAL); /* Environment variables specified on the command line. */ if (env_add != NULL && env_add[0] != NULL) sudo_user.env_vars = env_add; /* * Make a local copy of argc/argv, with special handling * for pseudo-commands and the '-i' option. */ if (argc == 0) { NewArgc = 1; NewArgv = emalloc2(NewArgc + 1, sizeof(char *)); NewArgv[0] = user_cmnd; NewArgv[1] = NULL; } else { /* Must leave an extra slot before NewArgv for bash's --login */ NewArgc = argc; NewArgv = emalloc2(NewArgc + 2, sizeof(char *)); memcpy(++NewArgv, argv, argc * sizeof(char *)); NewArgv[NewArgc] = NULL; if (ISSET(sudo_mode, MODE_LOGIN_SHELL) && runas_pw != NULL) NewArgv[0] = estrdup(runas_pw->pw_shell); } /* If given the -P option, set the "preserve_groups" flag. */ if (ISSET(sudo_mode, MODE_PRESERVE_GROUPS)) def_preserve_groups = true; /* Find command in path and apply per-command Defaults. */ cmnd_status = set_cmnd(); /* Check for -C overriding def_closefrom. */ if (user_closefrom >= 0 && user_closefrom != def_closefrom) { if (!def_closefrom_override) { warningx(U_("you are not permitted to use the -C option")); goto bad; } def_closefrom = user_closefrom; } /* * Check sudoers sources, using the locale specified in sudoers. */ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); validated = FLAG_NO_USER | FLAG_NO_HOST; TAILQ_FOREACH(nss, snl, entries) { validated = nss->lookup(nss, validated, pwflag); if (ISSET(validated, VALIDATE_OK)) { /* Handle [SUCCESS=return] */ if (nss->ret_if_found) break; } else { /* Handle [NOTFOUND=return] */ if (nss->ret_if_notfound) break; } } /* Restore user's locale. */ sudoers_setlocale(oldlocale, NULL); if (safe_cmnd == NULL) safe_cmnd = estrdup(user_cmnd); /* If only a group was specified, set runas_pw based on invoking user. */ if (runas_pw == NULL) set_runaspw(user_name); /* * Look up the timestamp dir owner if one is specified. */ if (def_timestampowner) { struct passwd *pw = NULL; if (*def_timestampowner == '#') { const char *errstr; uid_t uid = atoid(def_timestampowner + 1, NULL, NULL, &errstr); if (errstr == NULL) pw = sudo_getpwuid(uid); } if (pw == NULL) pw = sudo_getpwnam(def_timestampowner); if (pw != NULL) { timestamp_uid = pw->pw_uid; sudo_pw_delref(pw); } else { log_warning(0, N_("timestamp owner (%s): No such user"), def_timestampowner); timestamp_uid = ROOT_UID; } } /* If no command line args and "shell_noargs" is not set, error out. */ if (ISSET(sudo_mode, MODE_IMPLIED_SHELL) && !def_shell_noargs) { rval = -2; /* usage error */ goto done; } /* Bail if a tty is required and we don't have one. */ if (def_requiretty && !tty_present()) { audit_failure(NewArgv, N_("no tty")); warningx(U_("sorry, you must have a tty to run sudo")); goto bad; } /* * We don't reset the environment for sudoedit or if the user * specified the -E command line flag and they have setenv privs. */ if (ISSET(sudo_mode, MODE_EDIT) || (ISSET(sudo_mode, MODE_PRESERVE_ENV) && def_setenv)) def_env_reset = false; /* Build a new environment that avoids any nasty bits. */ rebuild_env(); /* Require a password if sudoers says so. */ rval = check_user(validated, sudo_mode); if (rval != true) { if (!ISSET(validated, VALIDATE_OK)) log_denial(validated, false); goto done; } /* If run as root with SUDO_USER set, set sudo_user.pw to that user. */ /* XXX - causes confusion when root is not listed in sudoers */ if (sudo_mode & (MODE_RUN | MODE_EDIT) && prev_user != NULL) { if (user_uid == 0 && strcmp(prev_user, "root") != 0) { struct passwd *pw; if ((pw = sudo_getpwnam(prev_user)) != NULL) { if (sudo_user.pw != NULL) sudo_pw_delref(sudo_user.pw); sudo_user.pw = pw; } } } /* If the user was not allowed to run the command we are done. */ if (!ISSET(validated, VALIDATE_OK)) { log_failure(validated, cmnd_status); goto bad; } /* Create Ubuntu-style dot file to indicate sudo was successful. */ create_admin_success_flag(); /* Finally tell the user if the command did not exist. */ if (cmnd_status == NOT_FOUND_DOT) { audit_failure(NewArgv, N_("command in current directory")); warningx(U_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd); goto bad; } else if (cmnd_status == NOT_FOUND) { if (ISSET(sudo_mode, MODE_CHECK)) { audit_failure(NewArgv, N_("%s: command not found"), NewArgv[0]); warningx(U_("%s: command not found"), NewArgv[0]); } else { audit_failure(NewArgv, N_("%s: command not found"), user_cmnd); warningx(U_("%s: command not found"), user_cmnd); } goto bad; } /* If user specified env vars make sure sudoers allows it. */ if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) { if (ISSET(sudo_mode, MODE_PRESERVE_ENV)) { warningx(U_("sorry, you are not allowed to preserve the environment")); goto bad; } else validate_env_vars(sudo_user.env_vars); } if (ISSET(sudo_mode, (MODE_RUN | MODE_EDIT))) { if ((def_log_input || def_log_output) && def_iolog_file && def_iolog_dir) { const char prefix[] = "iolog_path="; iolog_path = expand_iolog_path(prefix, def_iolog_dir, def_iolog_file, &sudo_user.iolog_file); sudo_user.iolog_file++; } } log_allowed(validated); if (ISSET(sudo_mode, MODE_CHECK)) rval = display_cmnd(snl, list_pw ? list_pw : sudo_user.pw); else if (ISSET(sudo_mode, MODE_LIST)) display_privs(snl, list_pw ? list_pw : sudo_user.pw); /* XXX - return val */ /* Cleanup sudoers sources */ TAILQ_FOREACH(nss, snl, entries) { nss->close(nss); } if (def_group_plugin) group_plugin_unload(); if (ISSET(sudo_mode, (MODE_VALIDATE|MODE_CHECK|MODE_LIST))) { /* rval already set appropriately */ goto done; } /* * Set umask based on sudoers. * If user's umask is more restrictive, OR in those bits too * unless umask_override is set. */ if (def_umask != 0777) { cmnd_umask = def_umask; if (!def_umask_override) cmnd_umask |= user_umask; } if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) { char *p; /* Convert /bin/sh -> -sh so shell knows it is a login shell */ if ((p = strrchr(NewArgv[0], '/')) == NULL) p = NewArgv[0]; *p = '-'; NewArgv[0] = p; /* * Newer versions of bash require the --login option to be used * in conjunction with the -c option even if the shell name starts * with a '-'. Unfortunately, bash 1.x uses -login, not --login * so this will cause an error for that. */ if (NewArgc > 1 && strcmp(NewArgv[0], "-bash") == 0 && strcmp(NewArgv[1], "-c") == 0) { /* Use the extra slot before NewArgv so we can store --login. */ NewArgv--; NewArgc++; NewArgv[0] = NewArgv[1]; NewArgv[1] = "--login"; } #if defined(_AIX) || (defined(__linux__) && !defined(HAVE_PAM)) /* Insert system-wide environment variables. */ read_env_file(_PATH_ENVIRONMENT, true); #endif #ifdef HAVE_LOGIN_CAP_H /* Set environment based on login class. */ if (login_class) { login_cap_t *lc = login_getclass(login_class); if (lc != NULL) { setusercontext(lc, runas_pw, runas_pw->pw_uid, LOGIN_SETPATH|LOGIN_SETENV); login_close(lc); } } #endif /* HAVE_LOGIN_CAP_H */ } /* Insert system-wide environment variables. */ if (def_env_file) read_env_file(def_env_file, false); /* Insert user-specified environment variables. */ insert_env_vars(sudo_user.env_vars); if (ISSET(sudo_mode, MODE_EDIT)) { efree(safe_cmnd); safe_cmnd = find_editor(NewArgc - 1, NewArgv + 1, &edit_argv); if (safe_cmnd == NULL) goto bad; } /* Must audit before uid change. */ audit_success(NewArgv); /* Setup execution environment to pass back to front-end. */ rval = sudoers_policy_exec_setup(edit_argv ? edit_argv : NewArgv, env_get(), cmnd_umask, iolog_path, closure); /* Zero out stashed copy of environment, it is owned by the front-end. */ env_init(NULL); goto done; bad: rval = false; done: fatal_disable_setjmp(); rewind_perms(); /* Close the password and group files and free up memory. */ sudo_endpwent(); sudo_endgrent(); debug_return_bool(rval); } /* * Initialize timezone and fill in ``sudo_user'' struct. */ static void init_vars(char * const envp[]) { char * const * ep; bool unknown_user = false; debug_decl(init_vars, SUDO_DEBUG_PLUGIN) sudoers_initlocale(setlocale(LC_ALL, NULL), def_sudoers_locale); for (ep = envp; *ep; ep++) { /* XXX - don't fill in if empty string */ switch (**ep) { case 'K': if (strncmp("KRB5CCNAME=", *ep, 11) == 0) user_ccname = *ep + 11; break; case 'P': if (strncmp("PATH=", *ep, 5) == 0) user_path = *ep + 5; break; case 'S': if (!user_prompt && strncmp("SUDO_PROMPT=", *ep, 12) == 0) user_prompt = *ep + 12; else if (strncmp("SUDO_USER=", *ep, 10) == 0) prev_user = *ep + 10; break; } } /* * Get a local copy of the user's struct passwd if we don't already * have one. */ if (sudo_user.pw == NULL) { if ((sudo_user.pw = sudo_getpwnam(user_name)) == NULL) { /* * It is not unusual for users to place "sudo -k" in a .logout * file which can cause sudo to be run during reboot after the * YP/NIS/NIS+/LDAP/etc daemon has died. */ if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) fatalx(U_("unknown uid: %u"), (unsigned int) user_uid); /* Need to make a fake struct passwd for the call to log_fatal(). */ sudo_user.pw = sudo_mkpwent(user_name, user_uid, user_gid, NULL, NULL); unknown_user = true; } } /* * Get group list and store initialize permissions. */ if (user_group_list == NULL) user_group_list = sudo_get_grlist(sudo_user.pw); set_perms(PERM_INITIAL); /* Set runas callback. */ sudo_defs_table[I_RUNAS_DEFAULT].callback = cb_runas_default; /* Set locale callback. */ sudo_defs_table[I_SUDOERS_LOCALE].callback = cb_sudoers_locale; /* Set maxseq callback. */ sudo_defs_table[I_MAXSEQ].callback = io_set_max_sessid; /* It is now safe to use log_fatal() and set_perms() */ if (unknown_user) log_fatal(0, N_("unknown uid: %u"), (unsigned int) user_uid); debug_return; } /* * Fill in user_cmnd, user_args, user_base and user_stat variables * and apply any command-specific defaults entries. */ static int set_cmnd(void) { int rval; char *path = user_path; debug_decl(set_cmnd, SUDO_DEBUG_PLUGIN) /* Resolve the path and return. */ rval = FOUND; user_stat = ecalloc(1, sizeof(struct stat)); /* Default value for cmnd, overridden below. */ if (user_cmnd == NULL) user_cmnd = NewArgv[0]; if (sudo_mode & (MODE_RUN | MODE_EDIT | MODE_CHECK)) { if (ISSET(sudo_mode, MODE_RUN | MODE_CHECK)) { if (def_secure_path && !user_is_exempt()) path = def_secure_path; set_perms(PERM_RUNAS); rval = find_path(NewArgv[0], &user_cmnd, user_stat, path, def_ignore_dot); restore_perms(); if (rval != FOUND) { /* Failed as root, try as invoking user. */ set_perms(PERM_USER); rval = find_path(NewArgv[0], &user_cmnd, user_stat, path, def_ignore_dot); restore_perms(); } } /* set user_args */ if (NewArgc > 1) { char *to, *from, **av; size_t size, n; /* Alloc and build up user_args. */ for (size = 0, av = NewArgv + 1; *av; av++) size += strlen(*av) + 1; user_args = emalloc(size); if (ISSET(sudo_mode, MODE_SHELL|MODE_LOGIN_SHELL)) { /* * When running a command via a shell, the sudo front-end * escapes potential meta chars. We unescape non-spaces * for sudoers matching and logging purposes. */ for (to = user_args, av = NewArgv + 1; (from = *av); av++) { while (*from) { if (from[0] == '\\' && !isspace((unsigned char)from[1])) from++; *to++ = *from++; } *to++ = ' '; } *--to = '\0'; } else { for (to = user_args, av = NewArgv + 1; *av; av++) { n = strlcpy(to, *av, size - (to - user_args)); if (n >= size - (to - user_args)) fatalx(U_("internal error, %s overflow"), "set_cmnd()"); to += n; *to++ = ' '; } *--to = '\0'; } } } if (strlen(user_cmnd) >= PATH_MAX) { errno = ENAMETOOLONG; fatal("%s", user_cmnd); } if ((user_base = strrchr(user_cmnd, '/')) != NULL) user_base++; else user_base = user_cmnd; if (!update_defaults(SETDEF_CMND)) log_warning(NO_STDERR, N_("problem with defaults entries")); debug_return_int(rval); } /* * Open sudoers and sanity check mode/owner/type. * Returns a handle to the sudoers file or NULL on error. */ FILE * open_sudoers(const char *sudoers, bool doedit, bool *keepopen) { struct stat sb; FILE *fp = NULL; debug_decl(open_sudoers, SUDO_DEBUG_PLUGIN) set_perms(PERM_SUDOERS); switch (sudo_secure_file(sudoers, sudoers_uid, sudoers_gid, &sb)) { case SUDO_PATH_SECURE: /* * If we are expecting sudoers to be group readable but * it is not, we must open the file as root, not uid 1. */ if (sudoers_uid == ROOT_UID && (sudoers_mode & S_IRGRP)) { if ((sb.st_mode & S_IRGRP) == 0) { restore_perms(); set_perms(PERM_ROOT); } } /* * Open sudoers and make sure we can read it so we can present * the user with a reasonable error message (unlike the lexer). */ if ((fp = fopen(sudoers, "r")) == NULL) { log_warning(USE_ERRNO, N_("unable to open %s"), sudoers); } else { if (sb.st_size != 0 && fgetc(fp) == EOF) { log_warning(USE_ERRNO, N_("unable to read %s"), sudoers); fclose(fp); fp = NULL; } else { /* Rewind fp and set close on exec flag. */ rewind(fp); (void) fcntl(fileno(fp), F_SETFD, 1); } } break; case SUDO_PATH_MISSING: log_warning(USE_ERRNO, N_("unable to stat %s"), sudoers); break; case SUDO_PATH_BAD_TYPE: log_warning(0, N_("%s is not a regular file"), sudoers); break; case SUDO_PATH_WRONG_OWNER: log_warning(0, N_("%s is owned by uid %u, should be %u"), sudoers, (unsigned int) sb.st_uid, (unsigned int) sudoers_uid); break; case SUDO_PATH_WORLD_WRITABLE: log_warning(0, N_("%s is world writable"), sudoers); break; case SUDO_PATH_GROUP_WRITABLE: log_warning(0, N_("%s is owned by gid %u, should be %u"), sudoers, (unsigned int) sb.st_gid, (unsigned int) sudoers_gid); break; default: /* NOTREACHED */ break; } restore_perms(); /* change back to root */ debug_return_ptr(fp); } #ifdef HAVE_LOGIN_CAP_H static void set_loginclass(struct passwd *pw) { const int errflags = NO_MAIL|MSG_ONLY; login_cap_t *lc; debug_decl(set_loginclass, SUDO_DEBUG_PLUGIN) if (!def_use_loginclass) debug_return; if (login_class && strcmp(login_class, "-") != 0) { if (user_uid != 0 && pw->pw_uid != 0) fatalx(U_("only root can use `-c %s'"), login_class); } else { login_class = pw->pw_class; if (!login_class || !*login_class) login_class = (pw->pw_uid == 0) ? LOGIN_DEFROOTCLASS : LOGIN_DEFCLASS; } /* Make sure specified login class is valid. */ lc = login_getclass(login_class); if (!lc || !lc->lc_class || strcmp(lc->lc_class, login_class) != 0) { /* * Don't make it a fatal error if the user didn't specify the login * class themselves. We do this because if login.conf gets * corrupted we want the admin to be able to use sudo to fix it. */ if (login_class) log_fatal(errflags, N_("unknown login class: %s"), login_class); else log_warning(errflags, N_("unknown login class: %s"), login_class); def_use_loginclass = false; } login_close(lc); debug_return; } #else static void set_loginclass(struct passwd *pw) { } #endif /* HAVE_LOGIN_CAP_H */ #ifndef AI_FQDN # define AI_FQDN AI_CANONNAME #endif /* * Look up the fully qualified domain name and set user_host and user_shost. * Use AI_FQDN if available since "canonical" is not always the same as fqdn. */ static void set_fqdn(void) { struct addrinfo *res0, hint; char *p; debug_decl(set_fqdn, SUDO_DEBUG_PLUGIN) memset(&hint, 0, sizeof(hint)); hint.ai_family = PF_UNSPEC; hint.ai_flags = AI_FQDN; if (getaddrinfo(user_host, NULL, &hint, &res0) != 0) { log_warning(MSG_ONLY, N_("unable to resolve host %s"), user_host); } else { if (user_shost != user_host) efree(user_shost); efree(user_host); user_host = estrdup(res0->ai_canonname); freeaddrinfo(res0); if ((p = strchr(user_host, '.')) != NULL) user_shost = estrndup(user_host, (size_t)(p - user_host)); else user_shost = user_host; } debug_return; } /* * Get passwd entry for the user we are going to run commands as * and store it in runas_pw. By default, commands run as "root". */ static void set_runaspw(const char *user) { struct passwd *pw = NULL; debug_decl(set_runaspw, SUDO_DEBUG_PLUGIN) if (*user == '#') { const char *errstr; uid_t uid = atoid(user + 1, NULL, NULL, &errstr); if (errstr == NULL) { if ((pw = sudo_getpwuid(uid)) == NULL) pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0); } } if (pw == NULL) { if ((pw = sudo_getpwnam(user)) == NULL) log_fatal(NO_MAIL|MSG_ONLY, N_("unknown user: %s"), user); } if (runas_pw != NULL) sudo_pw_delref(runas_pw); runas_pw = pw; debug_return; } /* * Get group entry for the group we are going to run commands as * and store it in runas_gr. */ static void set_runasgr(const char *group) { struct group *gr = NULL; debug_decl(set_runasgr, SUDO_DEBUG_PLUGIN) if (*group == '#') { const char *errstr; gid_t gid = atoid(group + 1, NULL, NULL, &errstr); if (errstr == NULL) { if ((gr = sudo_getgrgid(gid)) == NULL) gr = sudo_fakegrnam(group); } } if (gr == NULL) { if ((gr = sudo_getgrnam(group)) == NULL) log_fatal(NO_MAIL|MSG_ONLY, N_("unknown group: %s"), group); } if (runas_gr != NULL) sudo_gr_delref(runas_gr); runas_gr = gr; debug_return; } /* * Callback for runas_default sudoers setting. */ static int cb_runas_default(const char *user) { /* Only reset runaspw if user didn't specify one. */ if (!runas_user && !runas_group) set_runaspw(user); return true; } /* * Callback for sudoers_locale sudoers setting. */ static int cb_sudoers_locale(const char *locale) { sudoers_initlocale(NULL, locale); return true; } /* * Cleanup hook for fatal()/fatalx() */ void sudoers_cleanup(void) { struct sudo_nss *nss; debug_decl(sudoers_cleanup, SUDO_DEBUG_PLUGIN) if (snl != NULL) { TAILQ_FOREACH(nss, snl, entries) { nss->close(nss); } } if (def_group_plugin) group_plugin_unload(); sudo_endpwent(); sudo_endgrent(); debug_return; } static char * resolve_editor(const char *ed, size_t edlen, int nfiles, char **files, char ***argv_out) { char *cp, **nargv, *editor, *editor_path = NULL; int ac, i, nargc; bool wasblank; debug_decl(resolve_editor, SUDO_DEBUG_PLUGIN) /* Note: editor becomes part of argv_out and is not freed. */ editor = emalloc(edlen + 1); memcpy(editor, ed, edlen); editor[edlen] = '\0'; /* * Split editor into an argument vector; editor is reused (do not free). * The EDITOR and VISUAL environment variables may contain command * line args so look for those and alloc space for them too. */ nargc = 1; for (wasblank = false, cp = editor; *cp != '\0'; cp++) { if (isblank((unsigned char) *cp)) wasblank = true; else if (wasblank) { wasblank = false; nargc++; } } /* If we can't find the editor in the user's PATH, give up. */ cp = strtok(editor, " \t"); if (cp == NULL || find_path(cp, &editor_path, NULL, getenv("PATH"), 0) != FOUND) { efree(editor); debug_return_str(NULL); } nargv = (char **) emalloc2(nargc + 1 + nfiles + 1, sizeof(char *)); for (ac = 0; cp != NULL && ac < nargc; ac++) { nargv[ac] = cp; cp = strtok(NULL, " \t"); } nargv[ac++] = "--"; for (i = 0; i < nfiles; ) nargv[ac++] = files[i++]; nargv[ac] = NULL; *argv_out = nargv; debug_return_str(editor_path); } /* * Determine which editor to use. We don't need to worry about restricting * this to a "safe" editor since it runs with the uid of the invoking user, * not the runas (privileged) user. */ static char * find_editor(int nfiles, char **files, char ***argv_out) { const char *cp, *ep, *editor; char *editor_path = NULL, **ev, *ev0[4]; size_t len; debug_decl(find_editor, SUDO_DEBUG_PLUGIN) /* * If any of SUDO_EDITOR, VISUAL or EDITOR are set, choose the first one. */ ev0[0] = "SUDO_EDITOR"; ev0[1] = "VISUAL"; ev0[2] = "EDITOR"; ev0[3] = NULL; for (ev = ev0; editor_path == NULL && *ev != NULL; ev++) { if ((editor = getenv(*ev)) != NULL && *editor != '\0') { editor_path = resolve_editor(editor, strlen(editor), nfiles, files, argv_out); } } if (editor_path == NULL) { /* def_editor could be a path, split it up, avoiding strtok() */ cp = editor = def_editor; do { if ((ep = strchr(cp, ':')) != NULL) len = ep - cp; else len = strlen(cp); editor_path = resolve_editor(cp, len, nfiles, files, argv_out); cp = ep + 1; } while (ep != NULL && editor_path == NULL); } if (!editor_path) { audit_failure(NewArgv, N_("%s: command not found"), editor); warningx(U_("%s: command not found"), editor); } debug_return_str(editor_path); } #ifdef USE_ADMIN_FLAG static void create_admin_success_flag(void) { struct stat statbuf; char flagfile[PATH_MAX]; int fd, n; debug_decl(create_admin_success_flag, SUDO_DEBUG_PLUGIN) /* Check whether the user is in the admin group. */ if (!user_in_group(sudo_user.pw, "admin")) debug_return; /* Build path to flag file. */ n = snprintf(flagfile, sizeof(flagfile), "%s/.sudo_as_admin_successful", user_dir); if (n <= 0 || (size_t)n >= sizeof(flagfile)) debug_return; /* Create admin flag file if it doesn't already exist. */ set_perms(PERM_USER); if (stat(flagfile, &statbuf) != 0) { fd = open(flagfile, O_CREAT|O_WRONLY|O_EXCL, 0644); close(fd); } restore_perms(); debug_return; } #else /* !USE_ADMIN_FLAG */ static void create_admin_success_flag(void) { /* STUB */ } #endif /* USE_ADMIN_FLAG */ static bool tty_present(void) { #if defined(HAVE_STRUCT_KINFO_PROC2_P_TDEV) || defined(HAVE_STRUCT_KINFO_PROC_P_TDEV) || defined(HAVE_STRUCT_KINFO_PROC_KI_TDEV) || defined(HAVE_STRUCT_KINFO_PROC_KP_EPROC_E_TDEV) || defined(HAVE_STRUCT_PSINFO_PR_TTYDEV) || defined(HAVE_PSTAT_GETPROC) || defined(__linux__) return user_ttypath != NULL; #else int fd = open(_PATH_TTY, O_RDWR|O_NOCTTY); if (fd != -1) close(fd); return fd != -1; #endif } sudo-1.8.9p5/plugins/sudoers/sudoers.exp010064400175440000012000000001241226304126600177120ustar00millertstaffsudoers_policy sudoers_io sudo_getgrgid sudo_getgrnam sudo_gr_addref sudo_gr_delref sudo-1.8.9p5/plugins/sudoers/sudoers.h010064400175440000012000000256421226304127700173630ustar00millertstaff/* * Copyright (c) 1993-1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #ifndef _SUDOERS_SUDOERS_H #define _SUDOERS_SUDOERS_H #include #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif /* HAVE_STDBOOL_H */ #include #include "missing.h" #include "fatal.h" #include "alloc.h" #include "queue.h" #include "fileops.h" #include "defaults.h" #include "logging.h" #include "sudo_nss.h" #include "sudo_plugin.h" #include "sudo_debug.h" #include "sudo_util.h" #define DEFAULT_TEXT_DOMAIN "sudoers" #include "gettext.h" /* * Password db and supplementary group IDs with associated group names. */ struct group_list { char **groups; GETGROUPS_T *gids; int ngroups; int ngids; }; /* * Info pertaining to the invoking user. */ struct sudo_user { struct passwd *pw; struct passwd *_runas_pw; struct group *_runas_gr; struct stat *cmnd_stat; char *name; char *path; char *tty; char *ttypath; char *host; char *shost; char *runhost; char *srunhost; char *prompt; char *cmnd; char *cmnd_args; char *cmnd_base; char *cmnd_safe; char *class_name; char *krb5_ccname; struct group_list *group_list; char * const * env_vars; #ifdef HAVE_SELINUX char *role; char *type; #endif #ifdef HAVE_PRIV_SET char *privs; char *limitprivs; #endif const char *cwd; char *iolog_file; GETGROUPS_T *gids; int ngids; int closefrom; int lines; int cols; int flags; int max_groups; mode_t umask; uid_t uid; uid_t gid; pid_t sid; }; /* * sudo_user flag values */ #define RUNAS_USER_SPECIFIED 0x01 #define RUNAS_GROUP_SPECIFIED 0x02 /* * Return values for sudoers_lookup(), also used as arguments for log_auth() * Note: cannot use '0' as a value here. */ /* XXX - VALIDATE_SUCCESS and VALIDATE_FAILURE instead? */ #define VALIDATE_ERROR 0x001 #define VALIDATE_OK 0x002 #define VALIDATE_NOT_OK 0x004 #define FLAG_CHECK_USER 0x010 #define FLAG_NO_USER 0x020 #define FLAG_NO_HOST 0x040 #define FLAG_NO_CHECK 0x080 #define FLAG_NON_INTERACTIVE 0x100 #define FLAG_BAD_PASSWORD 0x200 #define FLAG_AUTH_ERROR 0x400 /* * find_path()/load_cmnd() return values */ #define FOUND 0 #define NOT_FOUND 1 #define NOT_FOUND_DOT 2 /* * Various modes sudo can be in (based on arguments) in hex */ #define MODE_RUN 0x00000001 #define MODE_EDIT 0x00000002 #define MODE_VALIDATE 0x00000004 #define MODE_INVALIDATE 0x00000008 #define MODE_KILL 0x00000010 #define MODE_VERSION 0x00000020 #define MODE_HELP 0x00000040 #define MODE_LIST 0x00000080 #define MODE_CHECK 0x00000100 #define MODE_LISTDEFS 0x00000200 #define MODE_MASK 0x0000ffff /* Mode flags */ #define MODE_BACKGROUND 0x00010000 /* XXX - unused */ #define MODE_SHELL 0x00020000 #define MODE_LOGIN_SHELL 0x00040000 #define MODE_IMPLIED_SHELL 0x00080000 #define MODE_RESET_HOME 0x00100000 #define MODE_PRESERVE_GROUPS 0x00200000 #define MODE_PRESERVE_ENV 0x00400000 #define MODE_NONINTERACTIVE 0x00800000 #define MODE_IGNORE_TICKET 0x01000000 /* * Used with set_perms() */ #define PERM_INITIAL 0x00 #define PERM_ROOT 0x01 #define PERM_USER 0x02 #define PERM_FULL_USER 0x03 #define PERM_SUDOERS 0x04 #define PERM_RUNAS 0x05 #define PERM_TIMESTAMP 0x06 #define PERM_NOEXIT 0x10 /* flag */ #define PERM_MASK 0xf0 /* * Shortcuts for sudo_user contents. */ #define user_name (sudo_user.name) #define user_uid (sudo_user.uid) #define user_gid (sudo_user.gid) #define user_sid (sudo_user.sid) #define user_umask (sudo_user.umask) #define user_passwd (sudo_user.pw->pw_passwd) #define user_dir (sudo_user.pw->pw_dir) #define user_gids (sudo_user.gids) #define user_ngids (sudo_user.ngids) #define user_group_list (sudo_user.group_list) #define user_tty (sudo_user.tty) #define user_ttypath (sudo_user.ttypath) #define user_cwd (sudo_user.cwd) #define user_cmnd (sudo_user.cmnd) #define user_args (sudo_user.cmnd_args) #define user_base (sudo_user.cmnd_base) #define user_stat (sudo_user.cmnd_stat) #define user_path (sudo_user.path) #define user_prompt (sudo_user.prompt) #define user_host (sudo_user.host) #define user_shost (sudo_user.shost) #define user_runhost (sudo_user.runhost) #define user_srunhost (sudo_user.srunhost) #define user_ccname (sudo_user.krb5_ccname) #define safe_cmnd (sudo_user.cmnd_safe) #define login_class (sudo_user.class_name) #define runas_pw (sudo_user._runas_pw) #define runas_gr (sudo_user._runas_gr) #define user_role (sudo_user.role) #define user_type (sudo_user.type) #define user_closefrom (sudo_user.closefrom) #define runas_privs (sudo_user.privs) #define runas_limitprivs (sudo_user.limitprivs) #ifdef __TANDEM # define ROOT_UID 65535 #else # define ROOT_UID 0 #endif #define ROOT_GID 0 struct lbuf; struct passwd; struct stat; struct timeval; /* * Function prototypes */ #define YY_DECL int sudoerslex(void) /* goodpath.c */ bool sudo_goodpath(const char *, struct stat *); /* findpath.c */ int find_path(char *, char **, struct stat *, char *, int); /* check.c */ int check_user(int validate, int mode); bool user_is_exempt(void); /* prompt.c */ char *expand_prompt(const char *old_prompt, const char *user, const char *host); /* timestamp.c */ void remove_timestamp(bool); bool set_lectured(void); /* sudo_auth.c */ bool sudo_auth_needs_end_session(void); int verify_user(struct passwd *pw, char *prompt, int validated); int sudo_auth_begin_session(struct passwd *pw, char **user_env[]); int sudo_auth_end_session(struct passwd *pw); int sudo_auth_init(struct passwd *pw); int sudo_auth_cleanup(struct passwd *pw); /* parse.c */ int sudo_file_open(struct sudo_nss *); int sudo_file_close(struct sudo_nss *); int sudo_file_setdefs(struct sudo_nss *); int sudo_file_lookup(struct sudo_nss *, int, int); int sudo_file_parse(struct sudo_nss *); int sudo_file_display_cmnd(struct sudo_nss *, struct passwd *); int sudo_file_display_defaults(struct sudo_nss *, struct passwd *, struct lbuf *); int sudo_file_display_bound_defaults(struct sudo_nss *, struct passwd *, struct lbuf *); int sudo_file_display_privs(struct sudo_nss *, struct passwd *, struct lbuf *); /* set_perms.c */ void rewind_perms(void); int set_perms(int); void restore_perms(void); int pam_prep_user(struct passwd *); /* gram.y */ int sudoersparse(void); extern char *login_style; extern const char *errorfile; extern int errorlineno; extern bool parse_error; extern bool sudoers_warnings; /* toke.l */ YY_DECL; extern FILE *sudoersin; extern const char *sudoers_file; extern char *sudoers; extern mode_t sudoers_mode; extern uid_t sudoers_uid; extern gid_t sudoers_gid; extern int sudolineno; extern int last_token; /* defaults.c */ void dump_defaults(void); void dump_auth_methods(void); /* getspwuid.c */ char *sudo_getepw(const struct passwd *); /* sudo_nss.c */ void display_privs(struct sudo_nss_list *, struct passwd *); bool display_cmnd(struct sudo_nss_list *, struct passwd *); /* pwutil.c */ __dso_public struct group *sudo_getgrgid(gid_t); __dso_public struct group *sudo_getgrnam(const char *); __dso_public void sudo_gr_addref(struct group *); __dso_public void sudo_gr_delref(struct group *); bool user_in_group(const struct passwd *, const char *); struct group *sudo_fakegrnam(const char *); struct group_list *sudo_get_grlist(const struct passwd *pw); struct passwd *sudo_fakepwnam(const char *, gid_t); struct passwd *sudo_mkpwent(const char *user, uid_t uid, gid_t gid, const char *home, const char *shell); struct passwd *sudo_getpwnam(const char *); struct passwd *sudo_getpwuid(uid_t); void sudo_endgrent(void); void sudo_endpwent(void); void sudo_endspent(void); void sudo_grlist_addref(struct group_list *); void sudo_grlist_delref(struct group_list *); void sudo_pw_addref(struct passwd *); void sudo_pw_delref(struct passwd *); void sudo_set_grlist(struct passwd *pw, char * const *groups, char * const *gids); void sudo_setgrent(void); void sudo_setpwent(void); void sudo_setspent(void); /* timestr.c */ char *get_timestr(time_t, int); /* boottime.c */ int get_boottime(struct timeval *); /* iolog.c */ int io_set_max_sessid(const char *sessid); void io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]); /* iolog_path.c */ char *expand_iolog_path(const char *prefix, const char *dir, const char *file, char **slashp); /* env.c */ char **env_get(void); void env_merge(char * const envp[]); void env_init(char * const envp[]); void init_envtables(void); void insert_env_vars(char * const envp[]); void read_env_file(const char *, int); void rebuild_env(void); void validate_env_vars(char * const envp[]); int sudo_setenv(const char *var, const char *val, int overwrite); int sudo_unsetenv(const char *var); char *sudo_getenv(const char *name); int sudoers_hook_getenv(const char *name, char **value, void *closure); int sudoers_hook_putenv(char *string, void *closure); int sudoers_hook_setenv(const char *name, const char *value, int overwrite, void *closure); int sudoers_hook_unsetenv(const char *name, void *closure); /* sudoers.c */ FILE *open_sudoers(const char *, bool, bool *); int sudoers_policy_init(void *info, char * const envp[]); int sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], void *closure); void sudoers_cleanup(void); /* policy.c */ int sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group); int sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, char *iolog_path, void *v); extern const char *path_ldap_conf; extern const char *path_ldap_secret; /* group_plugin.c */ int group_plugin_load(char *plugin_info); void group_plugin_unload(void); int group_plugin_query(const char *user, const char *group, const struct passwd *pwd); #ifndef _SUDO_MAIN extern struct sudo_user sudo_user; extern struct passwd *list_pw; extern int long_list; extern int sudo_mode; extern uid_t timestamp_uid; extern sudo_conv_t sudo_conv; #endif #endif /* _SUDOERS_SUDOERS_H */ sudo-1.8.9p5/plugins/sudoers/sudoers.in010064400175440000012000000054611226304126200175310ustar00millertstaff## sudoers file. ## ## This file MUST be edited with the 'visudo' command as root. ## Failure to use 'visudo' may result in syntax or file permission errors ## that prevent sudo from running. ## ## See the sudoers man page for the details on how to write a sudoers file. ## ## ## Host alias specification ## ## Groups of machines. These may include host names (optionally with wildcards), ## IP addresses, network numbers or netgroups. # Host_Alias WEBSERVERS = www1, www2, www3 ## ## User alias specification ## ## Groups of users. These may consist of user names, uids, Unix groups, ## or netgroups. # User_Alias ADMINS = millert, dowdy, mikef ## ## Cmnd alias specification ## ## Groups of commands. Often used to group related commands together. # Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \ # /usr/bin/pkill, /usr/bin/top ## ## Defaults specification ## ## You may wish to keep some of the following environment variables ## when running commands via sudo. ## ## Locale settings # Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" ## ## Run X applications through sudo; HOME is used to find the ## .Xauthority file. Note that other programs use HOME to find ## configuration files and this may lead to privilege escalation! # Defaults env_keep += "HOME" ## ## X11 resource path settings # Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" ## ## Desktop path settings # Defaults env_keep += "QTDIR KDEDIR" ## ## Allow sudo-run commands to inherit the callers' ConsoleKit session # Defaults env_keep += "XDG_SESSION_COOKIE" ## ## Uncomment to enable special input methods. Care should be taken as ## this may allow users to subvert the command being run via sudo. # Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" ## ## Uncomment to enable logging of a command's output, except for ## sudoreplay and reboot. Use sudoreplay to play back logged sessions. # Defaults log_output # Defaults!/usr/bin/sudoreplay !log_output # Defaults!/usr/local/bin/sudoreplay !log_output # Defaults!/sbin/reboot !log_output ## ## Runas alias specification ## ## ## User privilege specification ## root ALL=(ALL) ALL ## Uncomment to allow members of group wheel to execute any command # %wheel ALL=(ALL) ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL ## Uncomment to allow members of group sudo to execute any command # %sudo ALL=(ALL) ALL ## Uncomment to allow any user to run sudo if they know the password ## of the user they are running the command as (root by default). # Defaults targetpw # Ask for the password of the target user # ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' ## Read drop-in files from @sysconfdir@/sudoers.d ## (the '#' here does not indicate a comment) #includedir @sysconfdir@/sudoers.d sudo-1.8.9p5/plugins/sudoers/sudoers2ldif010075500175440000012000000107371226304126200200520ustar00millertstaff#!/usr/bin/env perl # # Copyright (c) 2007, 2010-2011, 2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # use strict; # # Converts a sudoers file to LDIF format in prepration for loading into # the LDAP server. # # BUGS: # Does not yet handle multiple lines with : in them # Does not yet remove quotation marks from options # Does not yet escape + at the beginning of a dn # Does not yet handle line wraps correctly # Does not yet handle multiple roles with same name (needs tiebreaker) # # CAVEATS: # Sudoers entries can have multiple RunAs entries that override former ones, # with LDAP sudoRunAs{Group,User} applies to all commands in a sudoRole my %RA; my %UA; my %HA; my %CA; my $base=$ENV{SUDOERS_BASE} or die "$0: Container SUDOERS_BASE undefined\n"; my @options=(); my $did_defaults=0; my $order = 0; # parse sudoers one line at a time while (<>){ # remove comment s/#.*//; # line continuation $_.=<> while s/\\\s*$//s; # cleanup newline chomp; # ignore blank lines next if /^\s*$/; if (/^Defaults\s+/i) { my $opt=$'; $opt=~s/\s+$//; # remove trailing whitespace push @options,$opt; } elsif (/^(\S+)\s+([^=]+)=\s*(.*)/) { # Aliases or Definitions my ($p1,$p2,$p3)=($1,$2,$3); $p2=~s/\s+$//; # remove trailing whitespace $p3=~s/\s+$//; # remove trailing whitespace if ($p1 eq "User_Alias") { $UA{$p2}=$p3; } elsif ($p1 eq "Runas_Alias") { $RA{$p2}=$p3; } elsif ($p1 eq "Host_Alias") { $HA{$p2}=$p3; } elsif ($p1 eq "Cmnd_Alias") { $CA{$p2}=$p3; } else { if (!$did_defaults++){ # do this once print "dn: cn=defaults,$base\n"; print "objectClass: top\n"; print "objectClass: sudoRole\n"; print "cn: defaults\n"; print "description: Default sudoOption's go here\n"; print "sudoOption: $_\n" foreach @options; printf "sudoOrder: %d\n", ++$order; print "\n"; } # Definition my @users=split /\s*,\s*/,$p1; my @hosts=split /\s*,\s*/,$p2; my @cmds= split /\s*,\s*/,$p3; @options=(); print "dn: cn=$users[0],$base\n"; print "objectClass: top\n"; print "objectClass: sudoRole\n"; print "cn: $users[0]\n"; # will clobber options print "sudoUser: $_\n" foreach expand(\%UA,@users); print "sudoHost: $_\n" foreach expand(\%HA,@hosts); foreach (@cmds) { if (s/^\(([^\)]+)\)\s*//) { my @runas = split(/:\s*/, $1); if (defined($runas[0])) { print "sudoRunAsUser: $_\n" foreach expand(\%RA, split(/,\s*/, $runas[0])); } if (defined($runas[1])) { print "sudoRunAsGroup: $_\n" foreach expand(\%RA, split(/,\s*/, $runas[1])); } } } print "sudoCommand: $_\n" foreach expand(\%CA,@cmds); print "sudoOption: $_\n" foreach @options; printf "sudoOrder: %d\n", ++$order; print "\n"; } } else { print "parse error: $_\n"; } } # # recursively expand hash elements sub expand{ my $ref=shift; my @a=(); # preen the line a little foreach (@_){ # if NOPASSWD: directive found, mark entire entry as not requiring s/NOPASSWD:\s*// && push @options,"!authenticate"; s/PASSWD:\s*// && push @options,"authenticate"; s/NOEXEC:\s*// && push @options,"noexec"; s/EXEC:\s*// && push @options,"!noexec"; s/SETENV:\s*// && push @options,"setenv"; s/NOSETENV:\s*// && push @options,"!setenv"; s/LOG_INPUT:\s*// && push @options,"log_input"; s/NOLOG_INPUT:\s*// && push @options,"!log_input"; s/LOG_OUTPUT:\s*// && push @options,"log_output"; s/NOLOG_OUTPUT:\s*// && push @options,"!log_output"; s/[[:upper:]]+://; # silently remove other tags s/\s+$//; # right trim } # do the expanding push @a,$ref->{$_} ? expand($ref,split /\s*,\s*/,$ref->{$_}):$_ foreach @_; @a; } sudo-1.8.9p5/plugins/sudoers/sudoers_version.h010064400175440000012000000074211226304126200211150ustar00millertstaff/* * Copyright (c) 2011-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * Major sudoers grammar changes are documented here. * Note that minor changes such as added Defaults options are not listed here. * This file placed in the public domain by Todd C. Miller on Apr 5, 2011. * * 1 sudo 1.1 * 2 sudo 1.3, adds support specifying a directory instead of a command. * 3 sudo 1.3.2, new parser, Aliases have to be upper case * 4 sudo 1.3.2, adds User_Alias * 5 sudo 1.3.4, netgroup support * 6 sudo 1.3.5, support for escaping special chars * 7 sudo 1.3.7, unix group support * 8 sudo 1.4.1, wildcard support * 9 sudo 1.4.2, double quote support in sudoers command line args * 10 sudo 1.4.3, added NOPASSWD tag * 11 sudo 1.4.3, added Runas_Spec * 12 sudo 1.4.3, wildcards may be used in the pathname * 13 sudo 1.4.3, command args of "" means no args allowed * 14 sudo 1.4.4, '(' in command args no longer are a syntax error. * 15 sudo 1.4.4, '!command' works in the presence of runas user or NOPASSWD. * 16 sudo 1.4.4, all-caps user and host names are now handled properly. * 17 sudo 1.5.0, usernames may now begin with a digit * 18 sudo 1.5.3, adds Runas_Alias * 19 sudo 1.5.7, %group may be used in a Runas_List * 20 sudo 1.6.0, The runas user and NOPASSWD tags are now persistent across entries in a command list. A PASSWD tag has been added to reverse NOPASSWD * 21 sudo 1.6.0, The '!' operator can be used in a Runas_Spec or an *_Alias * 22 sudo 1.6.0, a list of hosts may be used in a Host_Spec * 23 sudo 1.6.0, a list of users may be used in a User_Spec * 24 sudo 1.6.0, It is now possible to escape "special" characters in usernames, hostnames, etc with a backslash. * 25 sudo 1.6.0, Added Defaults run-time settings in sudoers. * 26 sudo 1.6.0, relaxed the regexp for matching user, host, group names. * 27 sudo 1.6.1, #uid is now allowed in a Runas_Alias. * 28 sudo 1.6.2, Wildcards are now allowed in hostnames. * 29 sudo 1.6.3p7, escaped special characters may be included in pathnames. * 30 sudo 1.6.8, added NOEXEC and EXEC tags. * 31 sudo 1.6.9, added SETENV and NOSETENV tags. * 32 sudo 1.6.9p4, support for IPv6 address matching. * 33 sudo 1.7.0, #include support. * 34 sudo 1.7.0, Runas_Group support. * 35 sudo 1.7.0, uid may now be used anywhere a username is valid. * 36 sudo 1.7.2, #includedir support. * 37 sudo 1.7.4, per-command Defaults support. * 38 sudo 1.7.4, added LOG_INPUT/LOG_OUTPUT and NOLOG_INPUT/NOLOG_OUTPUT tags * 39 sudo 1.7.6/1.8.1, White space is now permitted within a User_List in a per-user Defaults definition. * 40 sudo 1.7.6/1.8.1, A group ID is now allowed in a User_List or Runas_List. * 41 sudo 1.7.6/1.8.4, Support for relative paths in #include and #includedir * 42 sudo 1.8.6, Support for empty Runas_List (with or without a colon) to mean the invoking user. Support for Solaris Privilege Sets (PRIVS= and LIMITPRIVS=). * 43 sudo 1.8.7, Support for specifying a digest along with the command. */ #ifndef _SUDOERS_VERSION_H #define _SUDOERS_VERSION_H #define SUDOERS_GRAMMAR_VERSION 43 #endif /* _SUDOERS_VERSION_H */ sudo-1.8.9p5/plugins/sudoers/sudoreplay.c010064400175440000012000001012101226304126200200350ustar00millertstaff/* * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef TIME_WITH_SYS_TIME # include #endif #ifndef HAVE_STRUCT_TIMESPEC # include "compat/timespec.h" #endif #include #include #include #include #ifdef HAVE_DIRENT_H # include # define NAMLEN(dirent) strlen((dirent)->d_name) #else # define dirent direct # define NAMLEN(dirent) (dirent)->d_namlen # ifdef HAVE_SYS_NDIR_H # include # endif # ifdef HAVE_SYS_DIR_H # include # endif # ifdef HAVE_NDIR_H # include # endif #endif #ifdef HAVE_REGCOMP # include #endif #ifdef HAVE_ZLIB_H # include #endif #include #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif /* HAVE_STDBOOL_H */ #ifdef HAVE_GETOPT_LONG # include # else # include "compat/getopt.h" #endif /* HAVE_GETOPT_LONG */ #include #include "missing.h" #include "alloc.h" #include "fatal.h" #include "gettext.h" #include "logging.h" #include "iolog.h" #include "queue.h" #include "sudo_plugin.h" #include "sudo_conf.h" #include "sudo_debug.h" #include "sudo_event.h" #include "sudo_util.h" #ifndef LINE_MAX # define LINE_MAX 2048 #endif /* * Info present in the I/O log file */ struct log_info { char *cwd; char *user; char *runas_user; char *runas_group; char *tty; char *cmd; time_t tstamp; int rows; int cols; }; /* Closure for write_output */ struct write_closure { struct sudo_event *wevent; struct iovec *iov; unsigned int iovcnt; size_t nbytes; }; /* * Handle expressions like: * ( user millert or user root ) and tty console and command /bin/sh */ STAILQ_HEAD(search_node_list, search_node); struct search_node { STAILQ_ENTRY(search_node) entries; #define ST_EXPR 1 #define ST_TTY 2 #define ST_USER 3 #define ST_PATTERN 4 #define ST_RUNASUSER 5 #define ST_RUNASGROUP 6 #define ST_FROMDATE 7 #define ST_TODATE 8 #define ST_CWD 9 char type; bool negated; bool or; union { #ifdef HAVE_REGCOMP regex_t cmdre; #endif time_t tstamp; char *cwd; char *tty; char *user; char *pattern; char *runas_group; char *runas_user; struct search_node_list expr; void *ptr; } u; }; static struct search_node_list search_expr = STAILQ_HEAD_INITIALIZER(search_expr); static int timing_idx_adj; static double speed_factor = 1.0; static const char *session_dir = _PATH_SUDO_IO_LOGDIR; static const char short_opts[] = "d:f:hlm:s:V"; static struct option long_opts[] = { { "directory", required_argument, NULL, 'd' }, { "filter", required_argument, NULL, 'f' }, { "help", no_argument, NULL, 'h' }, { "list", no_argument, NULL, 'l' }, { "max-wait", required_argument, NULL, 'm' }, { "speed", required_argument, NULL, 's' }, { "version", no_argument, NULL, 'V' }, { NULL, no_argument, NULL, '\0' }, }; extern char *get_timestr(time_t, int); extern time_t get_date(char *); static int list_sessions(int, char **, const char *, const char *, const char *); static int open_io_fd(char *path, int len, struct io_log_file *iol); static int parse_expr(struct search_node_list *, char **, bool); static int parse_timing(const char *buf, const char *decimal, int *idx, double *seconds, size_t *nbytes); static struct log_info *parse_logfile(char *logfile); static void check_input(int fd, int what, void *v); static void free_log_info(struct log_info *li); static void help(void) __attribute__((__noreturn__)); static void replay_session(const double max_wait, const char *decimal); static void sudoreplay_cleanup(void); static void sudoreplay_handler(int); static void usage(int); static void write_output(int fd, int what, void *v); #ifdef HAVE_REGCOMP # define REGEX_T regex_t #else # define REGEX_T char #endif #define VALID_ID(s) (isalnum((unsigned char)(s)[0]) && \ isalnum((unsigned char)(s)[1]) && isalnum((unsigned char)(s)[2]) && \ isalnum((unsigned char)(s)[3]) && isalnum((unsigned char)(s)[4]) && \ isalnum((unsigned char)(s)[5]) && (s)[6] == '\0') #define IS_IDLOG(s) ( \ isalnum((unsigned char)(s)[0]) && isalnum((unsigned char)(s)[1]) && \ (s)[2] == '/' && \ isalnum((unsigned char)(s)[3]) && isalnum((unsigned char)(s)[4]) && \ (s)[5] == '/' && \ isalnum((unsigned char)(s)[6]) && isalnum((unsigned char)(s)[7]) && \ (s)[8] == '/' && (s)[9] == 'l' && (s)[10] == 'o' && (s)[11] == 'g' && \ (s)[12] == '\0') __dso_public int main(int argc, char *argv[]); int main(int argc, char *argv[]) { int ch, idx, plen, exitcode = 0, rows = 0, cols = 0; bool def_filter = true, listonly = false; const char *decimal, *id, *user = NULL, *pattern = NULL, *tty = NULL; char *cp, *ep, path[PATH_MAX]; struct log_info *li; double max_wait = 0; debug_decl(main, SUDO_DEBUG_MAIN) #if defined(SUDO_DEVEL) && defined(__OpenBSD__) { extern char *malloc_options; malloc_options = "AFGJPR"; } #endif initprogname(argc > 0 ? argv[0] : "sudoreplay"); setlocale(LC_ALL, ""); decimal = localeconv()->decimal_point; bindtextdomain("sudoers", LOCALEDIR); /* XXX - should have sudoreplay domain */ textdomain("sudoers"); /* Register fatal/fatalx callback. */ fatal_callback_register(sudoreplay_cleanup); /* Read sudo.conf. */ sudo_conf_read(NULL); while ((ch = getopt_long(argc, argv, short_opts, long_opts, NULL)) != -1) { switch (ch) { case 'd': session_dir = optarg; break; case 'f': /* Set the replay filter. */ def_filter = false; for (cp = strtok(optarg, ","); cp; cp = strtok(NULL, ",")) { if (strcmp(cp, "stdout") == 0) io_log_files[IOFD_STDOUT].enabled = true; else if (strcmp(cp, "stderr") == 0) io_log_files[IOFD_STDERR].enabled = true; else if (strcmp(cp, "ttyout") == 0) io_log_files[IOFD_TTYOUT].enabled = true; else fatalx(U_("invalid filter option: %s"), optarg); } break; case 'h': help(); /* NOTREACHED */ case 'l': listonly = true; break; case 'm': errno = 0; max_wait = strtod(optarg, &ep); if (*ep != '\0' || errno != 0) fatalx(U_("invalid max wait: %s"), optarg); break; case 's': errno = 0; speed_factor = strtod(optarg, &ep); if (*ep != '\0' || errno != 0) fatalx(U_("invalid speed factor: %s"), optarg); break; case 'V': (void) printf(_("%s version %s\n"), getprogname(), PACKAGE_VERSION); goto done; default: usage(1); /* NOTREACHED */ } } argc -= optind; argv += optind; if (listonly) { exitcode = list_sessions(argc, argv, pattern, user, tty); goto done; } if (argc != 1) usage(1); /* By default we replay stdout, stderr and ttyout. */ if (def_filter) { io_log_files[IOFD_STDOUT].enabled = true; io_log_files[IOFD_STDERR].enabled = true; io_log_files[IOFD_TTYOUT].enabled = true; } /* 6 digit ID in base 36, e.g. 01G712AB or free-form name */ id = argv[0]; if (VALID_ID(id)) { plen = snprintf(path, sizeof(path), "%s/%.2s/%.2s/%.2s/timing", session_dir, id, &id[2], &id[4]); if (plen <= 0 || (size_t)plen >= sizeof(path)) fatalx(U_("%s/%.2s/%.2s/%.2s/timing: %s"), session_dir, id, &id[2], &id[4], strerror(ENAMETOOLONG)); } else { plen = snprintf(path, sizeof(path), "%s/%s/timing", session_dir, id); if (plen <= 0 || (size_t)plen >= sizeof(path)) fatalx(U_("%s/%s/timing: %s"), session_dir, id, strerror(ENAMETOOLONG)); } plen -= 7; /* Open files for replay, applying replay filter for the -f flag. */ for (idx = 0; idx < IOFD_MAX; idx++) { if (open_io_fd(path, plen, &io_log_files[idx]) == -1) fatal(U_("unable to open %s"), path); } /* Parse log file. */ path[plen] = '\0'; strlcat(path, "/log", sizeof(path)); if ((li = parse_logfile(path)) == NULL) exit(1); printf(_("Replaying sudo session: %s\n"), li->cmd); /* Make sure the terminal is large enough. */ get_ttysize(&rows, &cols); if (li->rows != 0 && li->cols != 0) { if (li->rows > rows) { printf(_("Warning: your terminal is too small to properly replay the log.\n")); printf(_("Log geometry is %d x %d, your terminal's geometry is %d x %d."), li->rows, li->cols, rows, cols); } } /* Done with parsed log file. */ free_log_info(li); li = NULL; /* Replay session corresponding to io_log_files[]. */ replay_session(max_wait, decimal); term_restore(STDIN_FILENO, 1); done: sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, exitcode); exit(exitcode); } static void replay_session(const double max_wait, const char *decimal) { struct sudo_event *input_ev, *output_ev; unsigned int i, iovcnt = 0, iovmax = 0; struct sudo_event_base *evbase; struct iovec iovb, *iov = &iovb; bool interactive = false; struct write_closure wc; char buf[LINE_MAX]; sigaction_t sa; int idx; debug_decl(replay_session, SUDO_DEBUG_UTIL) /* Restore tty settings if interupted. */ fflush(stdout); memset(&sa, 0, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESETHAND; sa.sa_handler = sudoreplay_handler; (void) sigaction(SIGINT, &sa, NULL); (void) sigaction(SIGTERM, &sa, NULL); (void) sigaction(SIGHUP, &sa, NULL); (void) sigaction(SIGQUIT, &sa, NULL); /* Don't suspend as we cannot restore the screen on resume. */ sa.sa_flags = SA_RESTART; sa.sa_handler = SIG_IGN; (void) sigaction(SIGTSTP, &sa, NULL); /* XXX - read user input from /dev/tty and set STDOUT to raw if not a pipe */ /* Set stdin to raw mode if it is a tty */ interactive = isatty(STDIN_FILENO); if (interactive) { idx = fcntl(STDIN_FILENO, F_GETFL, 0); if (idx != -1) (void) fcntl(STDIN_FILENO, F_SETFL, idx | O_NONBLOCK); if (!term_raw(STDIN_FILENO, 1)) fatal(U_("unable to set tty to raw mode")); } /* Setup event base and input/output events. */ evbase = sudo_ev_base_alloc(); if (evbase == NULL) fatal(NULL); input_ev = sudo_ev_alloc(STDIN_FILENO, interactive ? SUDO_EV_READ : SUDO_EV_TIMEOUT, check_input, sudo_ev_self_cbarg()); if (input_ev == NULL) fatal(NULL); output_ev = sudo_ev_alloc(STDIN_FILENO, SUDO_EV_WRITE, write_output, &wc); if (output_ev == NULL) fatal(NULL); /* * Read each line of the timing file, displaying the output streams. */ #ifdef HAVE_ZLIB_H while (gzgets(io_log_files[IOFD_TIMING].fd.g, buf, sizeof(buf)) != NULL) { #else while (fgets(buf, sizeof(buf), io_log_files[IOFD_TIMING].fd.f) != NULL) { #endif size_t len, nbytes, nread; double seconds, to_wait; struct timeval timeout; bool need_nlcr = false; char last_char = '\0'; buf[strcspn(buf, "\n")] = '\0'; if (!parse_timing(buf, decimal, &idx, &seconds, &nbytes)) fatalx(U_("invalid timing file line: %s"), buf); /* Adjust delay using speed factor and clamp to max_wait */ to_wait = seconds / speed_factor; if (max_wait && to_wait > max_wait) to_wait = max_wait; /* Convert delay to a timeval. */ timeout.tv_sec = to_wait; timeout.tv_usec = (to_wait - timeout.tv_sec) * 1000000.0; /* Run event event loop to delay and get keyboard input. */ sudo_ev_add(evbase, input_ev, &timeout, false); sudo_ev_loop(evbase, 0); /* Even if we are not replaying, we still have to delay. */ if (io_log_files[idx].fd.v == NULL) continue; /* Check whether we need to convert newline to CR LF pairs. */ if (interactive) need_nlcr = (idx == IOFD_STDOUT || idx == IOFD_STDERR); /* All output is sent to stdout. */ /* XXX - assumes no wall clock time spent writing output. */ while (nbytes != 0) { if (nbytes > sizeof(buf)) len = sizeof(buf); else len = nbytes; #ifdef HAVE_ZLIB_H nread = gzread(io_log_files[idx].fd.g, buf, len); #else nread = fread(buf, 1, len, io_log_files[idx].fd.f); #endif nbytes -= nread; /* Convert newline to carriage return + linefeed if needed. */ if (need_nlcr) { size_t remainder = nread; size_t linelen; char *cp = buf; char *ep = buf - 1; /* Handle a "\r\n" pair that spans a buffer. */ if (last_char == '\r' && buf[0] == '\n') { ep++; remainder--; } iovcnt = 0; while ((ep = memchr(ep + 1, '\n', remainder)) != NULL) { /* Is there already a carriage return? */ if (cp != ep && ep[-1] == '\r') { remainder = (size_t)(&buf[nread - 1] - ep); continue; } /* Store the line in iov followed by \r\n pair. */ if (iovcnt + 3 > iovmax) { iov = iovmax ? erealloc3(iov, iovmax <<= 1, sizeof(*iov)) : emalloc2(iovmax = 32, sizeof(*iov)); } linelen = (size_t)(ep - cp) + 1; iov[iovcnt].iov_base = cp; iov[iovcnt].iov_len = linelen - 1; /* not including \n */ iovcnt++; iov[iovcnt].iov_base = "\r\n"; iov[iovcnt].iov_len = 2; iovcnt++; cp = ep + 1; remainder -= linelen; } if ((size_t)(cp - buf) != nread) { /* * Partial line without a linefeed or multiple lines * with \r\n pairs. */ iov[iovcnt].iov_base = cp; iov[iovcnt].iov_len = nread - (cp - buf); iovcnt++; } last_char = buf[nread - 1]; /* stash last char of old buffer */ } else { /* No conversion needed. */ iov[0].iov_base = buf; iov[0].iov_len = nread; iovcnt = 1; } /* Setup closure for write_output. */ wc.wevent = output_ev; wc.iov = iov; wc.iovcnt = iovcnt; wc.nbytes = 0; for (i = 0; i < iovcnt; i++) wc.nbytes += iov[i].iov_len; /* Run event event loop to write output. */ /* XXX - should use a single event loop with a circular buffer. */ sudo_ev_add(evbase, output_ev, NULL, false); sudo_ev_loop(evbase, 0); } } debug_return; } static int open_io_fd(char *path, int len, struct io_log_file *iol) { debug_decl(open_io_fd, SUDO_DEBUG_UTIL) if (!iol->enabled) debug_return_int(0); path[len] = '\0'; strlcat(path, iol->suffix, PATH_MAX); #ifdef HAVE_ZLIB_H iol->fd.g = gzopen(path, "r"); #else iol->fd.f = fopen(path, "r"); #endif debug_return_int(iol->fd.v ? 0 : -1); } static void write_output(int fd, int what, void *v) { struct write_closure *wc = v; ssize_t nwritten; size_t count, remainder; unsigned int i; debug_decl(write_output, SUDO_DEBUG_UTIL) nwritten = writev(STDOUT_FILENO, wc->iov, wc->iovcnt); switch (nwritten) { case -1: if (errno != EINTR && errno != EAGAIN) fatal(U_("unable to write to %s"), "stdout"); break; case 0: break; default: remainder = wc->nbytes - nwritten; if (remainder == 0) { /* writev completed */ debug_return; } /* short writev, adjust iov so we can write the remainder. */ count = 0; i = wc->iovcnt; while (i--) { count += wc->iov[i].iov_len; if (count == remainder) { wc->iov += i; wc->iovcnt -= i; break; } if (count > remainder) { size_t off = (count - remainder); wc->iov[i].iov_base = (char *)wc->iov[i].iov_base + off; wc->iov[i].iov_len -= off; wc->iov += i; wc->iovcnt -= i; break; } } break; } /* Reschedule event to write remainder. */ sudo_ev_add(sudo_ev_get_base(wc->wevent), wc->wevent, NULL, false); debug_return; } /* * Build expression list from search args */ static int parse_expr(struct search_node_list *head, char *argv[], bool sub_expr) { bool or = false, not = false; struct search_node *sn; char type, **av; debug_decl(parse_expr, SUDO_DEBUG_UTIL) for (av = argv; *av != NULL; av++) { switch (av[0][0]) { case 'a': /* and (ignore) */ if (strncmp(*av, "and", strlen(*av)) != 0) goto bad; continue; case 'o': /* or */ if (strncmp(*av, "or", strlen(*av)) != 0) goto bad; or = true; continue; case '!': /* negate */ if (av[0][1] != '\0') goto bad; not = true; continue; case 'c': /* command */ if (av[0][1] == '\0') fatalx(U_("ambiguous expression \"%s\""), *av); if (strncmp(*av, "cwd", strlen(*av)) == 0) type = ST_CWD; else if (strncmp(*av, "command", strlen(*av)) == 0) type = ST_PATTERN; else goto bad; break; case 'f': /* from date */ if (strncmp(*av, "fromdate", strlen(*av)) != 0) goto bad; type = ST_FROMDATE; break; case 'g': /* runas group */ if (strncmp(*av, "group", strlen(*av)) != 0) goto bad; type = ST_RUNASGROUP; break; case 'r': /* runas user */ if (strncmp(*av, "runas", strlen(*av)) != 0) goto bad; type = ST_RUNASUSER; break; case 't': /* tty or to date */ if (av[0][1] == '\0') fatalx(U_("ambiguous expression \"%s\""), *av); if (strncmp(*av, "todate", strlen(*av)) == 0) type = ST_TODATE; else if (strncmp(*av, "tty", strlen(*av)) == 0) type = ST_TTY; else goto bad; break; case 'u': /* user */ if (strncmp(*av, "user", strlen(*av)) != 0) goto bad; type = ST_USER; break; case '(': /* start sub-expression */ if (av[0][1] != '\0') goto bad; type = ST_EXPR; break; case ')': /* end sub-expression */ if (av[0][1] != '\0') goto bad; if (!sub_expr) fatalx(U_("unmatched ')' in expression")); debug_return_int(av - argv + 1); bad: default: fatalx(U_("unknown search term \"%s\""), *av); /* NOTREACHED */ } /* Allocate new search node */ sn = ecalloc(1, sizeof(*sn)); sn->type = type; sn->or = or; sn->negated = not; if (type == ST_EXPR) { STAILQ_INIT(&sn->u.expr); av += parse_expr(&sn->u.expr, av + 1, true); } else { if (*(++av) == NULL) fatalx(U_("%s requires an argument"), av[-1]); #ifdef HAVE_REGCOMP if (type == ST_PATTERN) { if (regcomp(&sn->u.cmdre, *av, REG_EXTENDED|REG_NOSUB) != 0) fatalx(U_("invalid regular expression: %s"), *av); } else #endif if (type == ST_TODATE || type == ST_FROMDATE) { sn->u.tstamp = get_date(*av); if (sn->u.tstamp == -1) fatalx(U_("could not parse date \"%s\""), *av); } else { sn->u.ptr = *av; } } not = or = false; /* reset state */ STAILQ_INSERT_TAIL(head, sn, entries); } if (sub_expr) fatalx(U_("unmatched '(' in expression")); if (or) fatalx(U_("illegal trailing \"or\"")); if (not) fatalx(U_("illegal trailing \"!\"")); debug_return_int(av - argv); } static bool match_expr(struct search_node_list *head, struct log_info *log, bool last_match) { struct search_node *sn; bool res, matched = last_match; int rc; debug_decl(match_expr, SUDO_DEBUG_UTIL) STAILQ_FOREACH(sn, head, entries) { switch (sn->type) { case ST_EXPR: res = match_expr(&sn->u.expr, log, matched); break; case ST_CWD: res = strcmp(sn->u.cwd, log->cwd) == 0; break; case ST_TTY: res = strcmp(sn->u.tty, log->tty) == 0; break; case ST_RUNASGROUP: res = strcmp(sn->u.runas_group, log->runas_group) == 0; break; case ST_RUNASUSER: res = strcmp(sn->u.runas_user, log->runas_user) == 0; break; case ST_USER: res = strcmp(sn->u.user, log->user) == 0; break; case ST_PATTERN: #ifdef HAVE_REGCOMP rc = regexec(&sn->u.cmdre, log->cmd, 0, NULL, 0); if (rc && rc != REG_NOMATCH) { char buf[BUFSIZ]; regerror(rc, &sn->u.cmdre, buf, sizeof(buf)); fatalx("%s", buf); } res = rc == REG_NOMATCH ? 0 : 1; #else res = strstr(log.cmd, sn->u.pattern) != NULL; #endif break; case ST_FROMDATE: res = log->tstamp >= sn->u.tstamp; break; case ST_TODATE: res = log->tstamp <= sn->u.tstamp; break; default: fatalx(U_("unknown search type %d"), sn->type); /* NOTREACHED */ } if (sn->negated) res = !res; matched = sn->or ? (res || last_match) : (res && last_match); last_match = matched; } debug_return_bool(matched); } static struct log_info * parse_logfile(char *logfile) { FILE *fp; char *buf = NULL, *cp, *ep; const char *errstr; size_t bufsize = 0, cwdsize = 0, cmdsize = 0; struct log_info *li = NULL; debug_decl(parse_logfile, SUDO_DEBUG_UTIL) fp = fopen(logfile, "r"); if (fp == NULL) { warning(U_("unable to open %s"), logfile); goto bad; } /* * ID file has three lines: * 1) a log info line * 2) cwd * 3) command with args */ li = ecalloc(1, sizeof(*li)); if (getline(&buf, &bufsize, fp) == -1 || getline(&li->cwd, &cwdsize, fp) == -1 || getline(&li->cmd, &cmdsize, fp) == -1) { warning(U_("%s: invalid log file"), logfile); goto bad; } /* Strip the newline from the cwd and command. */ li->cwd[strcspn(li->cwd, "\n")] = '\0'; li->cmd[strcspn(li->cmd, "\n")] = '\0'; /* * Crack the log line (rows and cols not present in old versions). * timestamp:user:runas_user:runas_group:tty:rows:cols * XXX - probably better to use strtok and switch on the state. */ buf[strcspn(buf, "\n")] = '\0'; cp = buf; /* timestamp */ if ((ep = strchr(cp, ':')) == NULL) { warning(U_("%s: time stamp field is missing"), logfile); goto bad; } *ep = '\0'; li->tstamp = sizeof(time_t) == 4 ? strtonum(cp, INT_MIN, INT_MAX, &errstr) : strtonum(cp, LLONG_MIN, LLONG_MAX, &errstr); if (errstr != NULL) { warning(U_("%s: time stamp %s: %s"), logfile, cp, errstr); goto bad; } /* user */ cp = ep + 1; if ((ep = strchr(cp, ':')) == NULL) { warning(U_("%s: user field is missing"), logfile); goto bad; } li->user = estrndup(cp, (size_t)(ep - cp)); /* runas user */ cp = ep + 1; if ((ep = strchr(cp, ':')) == NULL) { warning(U_("%s: runas user field is missing"), logfile); goto bad; } li->runas_user = estrndup(cp, (size_t)(ep - cp)); /* runas group */ cp = ep + 1; if ((ep = strchr(cp, ':')) == NULL) { warning(U_("%s: runas group field is missing"), logfile); goto bad; } if (cp != ep) li->runas_group = estrndup(cp, (size_t)(ep - cp)); /* tty, followed by optional rows + columns */ cp = ep + 1; if ((ep = strchr(cp, ':')) == NULL) { /* just the tty */ li->tty = estrdup(cp); } else { /* tty followed by rows + columns */ li->tty = estrndup(cp, (size_t)(ep - cp)); cp = ep + 1; /* need to NULL out separator to use strtonum() */ if ((ep = strchr(cp, ':')) != NULL) { *ep = '\0'; } li->rows = strtonum(cp, 1, INT_MAX, &errstr); if (errstr != NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "%s: tty rows %s: %s", logfile, cp, errstr); } if (ep != NULL) { cp = ep + 1; li->cols = strtonum(cp, 1, INT_MAX, &errstr); if (errstr != NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "%s: tty cols %s: %s", logfile, cp, errstr); } } } fclose(fp); efree(buf); debug_return_ptr(li); bad: if (fp != NULL) fclose(fp); efree(buf); free_log_info(li); debug_return_ptr(NULL); } static void free_log_info(struct log_info *li) { if (li != NULL) { efree(li->cwd); efree(li->user); efree(li->runas_user); efree(li->runas_group); efree(li->tty); efree(li->cmd); efree(li); } } static int list_session(char *logfile, REGEX_T *re, const char *user, const char *tty) { char idbuf[7], *idstr, *cp; struct log_info *li; int rval = -1; debug_decl(list_session, SUDO_DEBUG_UTIL) if ((li = parse_logfile(logfile)) == NULL) goto done; /* Match on search expression if there is one. */ if (!STAILQ_EMPTY(&search_expr) && !match_expr(&search_expr, li, true)) goto done; /* Convert from /var/log/sudo-sessions/00/00/01/log to 000001 */ cp = logfile + strlen(session_dir) + 1; if (IS_IDLOG(cp)) { idbuf[0] = cp[0]; idbuf[1] = cp[1]; idbuf[2] = cp[3]; idbuf[3] = cp[4]; idbuf[4] = cp[6]; idbuf[5] = cp[7]; idbuf[6] = '\0'; idstr = idbuf; } else { /* Not an id, just use the iolog_file portion. */ cp[strlen(cp) - 4] = '\0'; idstr = cp; } /* XXX - print rows + cols? */ printf("%s : %s : TTY=%s ; CWD=%s ; USER=%s ; ", get_timestr(li->tstamp, 1), li->user, li->tty, li->cwd, li->runas_user); if (li->runas_group) printf("GROUP=%s ; ", li->runas_group); printf("TSID=%s ; COMMAND=%s\n", idstr, li->cmd); rval = 0; done: free_log_info(li); debug_return_int(rval); } static int session_compare(const void *v1, const void *v2) { const char *s1 = *(const char **)v1; const char *s2 = *(const char **)v2; return strcmp(s1, s2); } /* XXX - always returns 0, calls fatal() on failure */ static int find_sessions(const char *dir, REGEX_T *re, const char *user, const char *tty) { DIR *d; struct dirent *dp; struct stat sb; size_t sdlen, sessions_len = 0, sessions_size = 36*36; unsigned int i; int len; char pathbuf[PATH_MAX], **sessions = NULL; #ifdef HAVE_STRUCT_DIRENT_D_TYPE bool checked_type = true; #else const bool checked_type = false; #endif debug_decl(find_sessions, SUDO_DEBUG_UTIL) d = opendir(dir); if (d == NULL) fatal(U_("unable to open %s"), dir); /* XXX - would be faster to chdir and use relative names */ sdlen = strlcpy(pathbuf, dir, sizeof(pathbuf)); if (sdlen + 1 >= sizeof(pathbuf)) { errno = ENAMETOOLONG; fatal("%s/", dir); } pathbuf[sdlen++] = '/'; pathbuf[sdlen] = '\0'; /* Store potential session dirs for sorting. */ sessions = emalloc2(sessions_size, sizeof(char *)); while ((dp = readdir(d)) != NULL) { /* Skip "." and ".." */ if (dp->d_name[0] == '.' && (dp->d_name[1] == '\0' || (dp->d_name[1] == '.' && dp->d_name[2] == '\0'))) continue; #ifdef HAVE_STRUCT_DIRENT_D_TYPE if (checked_type) { if (dp->d_type != DT_DIR) { /* Not all file systems support d_type. */ if (dp->d_type != DT_UNKNOWN) continue; checked_type = false; } } #endif /* Add name to session list. */ if (sessions_len + 1 > sessions_size) { sessions_size <<= 1; sessions = erealloc3(sessions, sessions_size, sizeof(char *)); } sessions[sessions_len++] = estrdup(dp->d_name); } closedir(d); /* Sort and list the sessions. */ qsort(sessions, sessions_len, sizeof(char *), session_compare); for (i = 0; i < sessions_len; i++) { len = snprintf(&pathbuf[sdlen], sizeof(pathbuf) - sdlen, "%s/log", sessions[i]); if (len <= 0 || (size_t)len >= sizeof(pathbuf) - sdlen) { errno = ENAMETOOLONG; fatal("%s/%s/log", dir, sessions[i]); } efree(sessions[i]); /* Check for dir with a log file. */ if (lstat(pathbuf, &sb) == 0 && S_ISREG(sb.st_mode)) { list_session(pathbuf, re, user, tty); } else { /* Strip off "/log" and recurse if a dir. */ pathbuf[sdlen + len - 4] = '\0'; if (checked_type || (lstat(pathbuf, &sb) == 0 && S_ISDIR(sb.st_mode))) find_sessions(pathbuf, re, user, tty); } } efree(sessions); debug_return_int(0); } /* XXX - always returns 0, calls fatal() on failure */ static int list_sessions(int argc, char **argv, const char *pattern, const char *user, const char *tty) { REGEX_T rebuf, *re = NULL; debug_decl(list_sessions, SUDO_DEBUG_UTIL) /* Parse search expression if present */ parse_expr(&search_expr, argv, false); #ifdef HAVE_REGCOMP /* optional regex */ if (pattern) { re = &rebuf; if (regcomp(re, pattern, REG_EXTENDED|REG_NOSUB) != 0) fatalx(U_("invalid regular expression: %s"), pattern); } #else re = (char *) pattern; #endif /* HAVE_REGCOMP */ debug_return_int(find_sessions(session_dir, re, user, tty)); } /* * Check input for ' ', '<', '>', return * pause, slow, fast, next */ static void check_input(int fd, int what, void *v) { struct sudo_event *ev = v; struct sudo_event_base *evbase = sudo_ev_get_base(ev); struct timeval tv, *timeout = NULL; static bool paused = 0; char ch; debug_decl(check_input, SUDO_DEBUG_UTIL) if (ISSET(what, SUDO_EV_READ)) { switch (read(fd, &ch, 1)) { case -1: if (errno != EINTR && errno != EAGAIN) fatal(U_("unable to read %s"), "stdin"); break; case 0: /* Ignore EOF. */ break; case 1: if (paused) { /* Any key will unpause, event is finished. */ /* XXX - pause time could be less than timeout */ paused = false; debug_return; /* XXX */ } switch (ch) { case ' ': paused = true; break; case '<': speed_factor /= 2; break; case '>': speed_factor *= 2; break; case '\r': case '\n': debug_return; /* XXX */ } break; } if (!paused) { /* Determine remaining timeout, if any. */ sudo_ev_get_timeleft(ev, &tv); if (!timevalisset(&tv)) { /* No time left, event is done. */ debug_return; } timeout = &tv; } /* Re-enable event. */ sudo_ev_add(evbase, ev, timeout, false); } debug_return; } /* * Parse a timing line, which is formatted as: * index sleep_time num_bytes * Where index is IOFD_*, sleep_time is the number of seconds to sleep * before writing the data and num_bytes is the number of bytes to output. * Returns 1 on success and 0 on failure. */ static int parse_timing(const char *buf, const char *decimal, int *idx, double *seconds, size_t *nbytes) { unsigned long ul; long l; double d, fract = 0; char *cp, *ep; debug_decl(parse_timing, SUDO_DEBUG_UTIL) /* Parse index */ ul = strtoul(buf, &ep, 10); if (ep == buf || !isspace((unsigned char) *ep)) goto bad; if (ul >= IOFD_TIMING) { if (ul != 6) goto bad; /* work around a bug in timing files generated by sudo 1.8.7 */ timing_idx_adj = 2; } *idx = (int)ul - timing_idx_adj; for (cp = ep + 1; isspace((unsigned char) *cp); cp++) continue; /* * Parse number of seconds. Sudo logs timing data in the C locale * but this may not match the current locale so we cannot use strtod(). * Furthermore, sudo < 1.7.4 logged with the user's locale so we need * to be able to parse those logs too. */ errno = 0; l = strtol(cp, &ep, 10); if (ep == cp || (*ep != '.' && strncmp(ep, decimal, strlen(decimal)) != 0)) goto bad; if (l < 0 || l > INT_MAX || (errno == ERANGE && l == LONG_MAX)) goto bad; *seconds = (double)l; cp = ep + (*ep == '.' ? 1 : strlen(decimal)); d = 10.0; while (isdigit((unsigned char) *cp)) { fract += (*cp - '0') / d; d *= 10; cp++; } *seconds += fract; while (isspace((unsigned char) *cp)) cp++; errno = 0; ul = strtoul(cp, &ep, 10); if (ep == cp || *ep != '\0' || (errno == ERANGE && ul == ULONG_MAX)) goto bad; *nbytes = (size_t)ul; debug_return_int(1); bad: debug_return_int(0); } static void usage(int fatal) { fprintf(fatal ? stderr : stdout, _("usage: %s [-h] [-d dir] [-m num] [-s num] ID\n"), getprogname()); fprintf(fatal ? stderr : stdout, _("usage: %s [-h] [-d dir] -l [search expression]\n"), getprogname()); if (fatal) exit(1); } static void help(void) { (void) printf(_("%s - replay sudo session logs\n\n"), getprogname()); usage(0); (void) puts(_("\nOptions:\n" " -d, --directory=dir specify directory for session logs\n" " -f, --filter=filter specify which I/O type(s) to display\n" " -h, --help display help message and exit\n" " -l, --list list available session IDs, with optional expression\n" " -m, --max-wait=num max number of seconds to wait between events\n" " -s, --speed=num speed up or slow down output\n" " -V, --version display version information and exit")); exit(0); } /* * Cleanup hook for fatal()/fatalx() */ static void sudoreplay_cleanup(void) { term_restore(STDIN_FILENO, 0); } /* * Signal handler for SIGINT, SIGTERM, SIGHUP, SIGQUIT * Must be installed with SA_RESETHAND enabled. */ static void sudoreplay_handler(int signo) { term_restore(STDIN_FILENO, 0); kill(getpid(), signo); } sudo-1.8.9p5/plugins/sudoers/testsudoers.c010064400175440000012000000404141226304126200202420ustar00millertstaff/* * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #define _SUDO_MAIN #include #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef HAVE_FNMATCH # include #else # include "compat/fnmatch.h" #endif /* HAVE_FNMATCH */ #ifdef HAVE_NETGROUP_H # include #endif /* HAVE_NETGROUP_H */ #include #include #include #include #include "tsgetgrpw.h" #include "sudoers.h" #include "interfaces.h" #include "parse.h" #include "sudo_conf.h" #include "secure_path.h" #include /* * Function Prototypes */ int print_alias(void *, void *); void dump_sudoers(void); void print_defaults(void); void print_privilege(struct privilege *); void print_userspecs(void); void usage(void) __attribute__((__noreturn__)); static void set_runaspw(const char *); static void set_runasgr(const char *); static int cb_runas_default(const char *); static int testsudoers_print(const char *msg); extern void setgrfile(const char *); extern void setgrent(void); extern void endgrent(void); extern struct group *getgrent(void); extern struct group *getgrnam(const char *); extern struct group *getgrgid(gid_t); extern void setpwfile(const char *); extern void setpwent(void); extern void endpwent(void); extern struct passwd *getpwent(void); extern struct passwd *getpwnam(const char *); extern struct passwd *getpwuid(uid_t); extern int (*trace_print)(const char *msg); /* * Globals */ struct sudo_user sudo_user; struct passwd *list_pw; static char *runas_group, *runas_user; #if defined(SUDO_DEVEL) && defined(__OpenBSD__) extern char *malloc_options; #endif #ifdef YYDEBUG extern int sudoersdebug; #endif __dso_public int main(int argc, char *argv[]); int main(int argc, char *argv[]) { struct cmndspec *cs; struct privilege *priv; struct userspec *us; char *p, *grfile, *pwfile; char hbuf[HOST_NAME_MAX + 1]; const char *errstr; int match, host_match, runas_match, cmnd_match; int ch, dflag, exitcode = 0; debug_decl(main, SUDO_DEBUG_MAIN) #if defined(SUDO_DEVEL) && defined(__OpenBSD__) malloc_options = "AFGJPR"; #endif #ifdef YYDEBUG sudoersdebug = 1; #endif initprogname(argc > 0 ? argv[0] : "testsudoers"); sudoers_initlocale(setlocale(LC_ALL, ""), def_sudoers_locale); bindtextdomain("sudoers", LOCALEDIR); /* XXX - should have own domain */ textdomain("sudoers"); /* Read sudo.conf. */ sudo_conf_read(NULL); dflag = 0; grfile = pwfile = NULL; while ((ch = getopt(argc, argv, "dg:G:h:P:p:tu:U:")) != -1) { switch (ch) { case 'd': dflag = 1; break; case 'h': user_host = optarg; break; case 'G': sudoers_gid = (gid_t)atoid(optarg, NULL, NULL, &errstr); if (errstr != NULL) fatalx("group ID %s: %s", optarg, errstr); break; case 'g': runas_group = optarg; break; case 'p': pwfile = optarg; break; case 'P': grfile = optarg; break; case 't': trace_print = testsudoers_print; break; case 'U': sudoers_uid = (uid_t)atoid(optarg, NULL, NULL, &errstr); if (errstr != NULL) fatalx("user ID %s: %s", optarg, errstr); break; case 'u': runas_user = optarg; break; default: usage(); break; } } argc -= optind; argv += optind; /* Set group/passwd file and init the cache. */ if (grfile) setgrfile(grfile); if (pwfile) setpwfile(pwfile); sudo_setpwent(); sudo_setgrent(); if (argc < 2) { if (!dflag) usage(); user_name = argc ? *argv++ : "root"; user_cmnd = user_base = "true"; argc = 0; } else { user_name = *argv++; user_cmnd = *argv++; if ((p = strrchr(user_cmnd, '/')) != NULL) user_base = p + 1; else user_base = user_cmnd; argc -= 2; } if ((sudo_user.pw = sudo_getpwnam(user_name)) == NULL) fatalx(U_("unknown user: %s"), user_name); if (user_host == NULL) { if (gethostname(hbuf, sizeof(hbuf)) != 0) fatal("gethostname"); hbuf[sizeof(hbuf) - 1] = '\0'; user_host = hbuf; } if ((p = strchr(user_host, '.'))) { *p = '\0'; user_shost = estrdup(user_host); *p = '.'; } else { user_shost = user_host; } user_runhost = user_host; user_srunhost = user_shost; /* Fill in user_args from argv. */ if (argc > 0) { char *to, **from; size_t size, n; for (size = 0, from = argv; *from; from++) size += strlen(*from) + 1; user_args = (char *) emalloc(size); for (to = user_args, from = argv; *from; from++) { n = strlcpy(to, *from, size - (to - user_args)); if (n >= size - (to - user_args)) fatalx(U_("internal error, %s overflow"), "init_vars()"); to += n; *to++ = ' '; } *--to = '\0'; } /* Initialize default values. */ init_defaults(); /* Set runas callback. */ sudo_defs_table[I_RUNAS_DEFAULT].callback = cb_runas_default; /* Load ip addr/mask for each interface. */ if (get_net_ifs(&p) > 0) set_interfaces(p); /* Allocate space for data structures in the parser. */ init_parser("sudoers", false); if (sudoersparse() != 0 || parse_error) { parse_error = true; if (errorlineno != -1) (void) printf("Parse error in %s near line %d", errorfile, errorlineno); else (void) printf("Parse error in %s", errorfile); } else { (void) fputs("Parses OK", stdout); } if (!update_defaults(SETDEF_ALL)) (void) fputs(" (problem with defaults entries)", stdout); puts("."); if (def_group_plugin && group_plugin_load(def_group_plugin) != true) def_group_plugin = NULL; /* * Set runas passwd/group entries based on command line or sudoers. * Note that if runas_group was specified without runas_user we * defer setting runas_pw so the match routines know to ignore it. */ if (runas_group != NULL) { set_runasgr(runas_group); if (runas_user != NULL) set_runaspw(runas_user); } else set_runaspw(runas_user ? runas_user : def_runas_default); if (dflag) { (void) putchar('\n'); dump_sudoers(); if (argc < 2) { exitcode = parse_error ? 1 : 0; goto done; } } /* This loop must match the one in sudo_file_lookup() */ printf("\nEntries for user %s:\n", user_name); match = UNSPEC; TAILQ_FOREACH_REVERSE(us, &userspecs, userspec_list, entries) { if (userlist_matches(sudo_user.pw, &us->users) != ALLOW) continue; TAILQ_FOREACH_REVERSE(priv, &us->privileges, privilege_list, entries) { putchar('\n'); print_privilege(priv); putchar('\n'); host_match = hostlist_matches(&priv->hostlist); if (host_match == ALLOW) { puts("\thost matched"); TAILQ_FOREACH_REVERSE(cs, &priv->cmndlist, cmndspec_list, entries) { runas_match = runaslist_matches(cs->runasuserlist, cs->runasgrouplist, NULL, NULL); if (runas_match == ALLOW) { puts("\trunas matched"); cmnd_match = cmnd_matches(cs->cmnd); if (cmnd_match != UNSPEC) match = cmnd_match; printf("\tcmnd %s\n", match == ALLOW ? "allowed" : match == DENY ? "denied" : "unmatched"); } } } else puts(_("\thost unmatched")); } } puts(match == ALLOW ? _("\nCommand allowed") : match == DENY ? _("\nCommand denied") : _("\nCommand unmatched")); /* * Exit codes: * 0 - parsed OK and command matched. * 1 - parse error * 2 - command not matched * 3 - command denied */ exitcode = parse_error ? 1 : (match == ALLOW ? 0 : match + 3); done: sudo_endpwent(); sudo_endgrent(); sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, exitcode); exit(exitcode); } static void set_runaspw(const char *user) { struct passwd *pw = NULL; debug_decl(set_runaspw, SUDO_DEBUG_UTIL) if (*user == '#') { const char *errstr; uid_t uid = atoid(user + 1, NULL, NULL, &errstr); if (errstr == NULL) { if ((pw = sudo_getpwuid(uid)) == NULL) pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0); } } if (pw == NULL) { if ((pw = sudo_getpwnam(user)) == NULL) fatalx(U_("unknown user: %s"), user); } if (runas_pw != NULL) sudo_pw_delref(runas_pw); runas_pw = pw; debug_return; } static void set_runasgr(const char *group) { struct group *gr = NULL; debug_decl(set_runasgr, SUDO_DEBUG_UTIL) if (*group == '#') { const char *errstr; gid_t gid = atoid(group + 1, NULL, NULL, &errstr); if (errstr == NULL) { if ((gr = sudo_getgrgid(gid)) == NULL) gr = sudo_fakegrnam(group); } } if (gr == NULL) { if ((gr = sudo_getgrnam(group)) == NULL) fatalx(U_("unknown group: %s"), group); } if (runas_gr != NULL) sudo_gr_delref(runas_gr); runas_gr = gr; debug_return; } /* * Callback for runas_default sudoers setting. */ static int cb_runas_default(const char *user) { /* Only reset runaspw if user didn't specify one. */ if (!runas_user && !runas_group) set_runaspw(user); return true; } void sudo_setspent(void) { return; } void sudo_endspent(void) { return; } FILE * open_sudoers(const char *sudoers, bool doedit, bool *keepopen) { struct stat sb; FILE *fp = NULL; char *sudoers_base; debug_decl(open_sudoers, SUDO_DEBUG_UTIL) sudoers_base = strrchr(sudoers, '/'); if (sudoers_base != NULL) sudoers_base++; switch (sudo_secure_file(sudoers, sudoers_uid, sudoers_gid, &sb)) { case SUDO_PATH_SECURE: fp = fopen(sudoers, "r"); break; case SUDO_PATH_MISSING: warning("unable to stat %s", sudoers_base); break; case SUDO_PATH_BAD_TYPE: warningx("%s is not a regular file", sudoers_base); break; case SUDO_PATH_WRONG_OWNER: warningx("%s should be owned by uid %u", sudoers_base, (unsigned int) sudoers_uid); break; case SUDO_PATH_WORLD_WRITABLE: warningx("%s is world writable", sudoers_base); break; case SUDO_PATH_GROUP_WRITABLE: warningx("%s should be owned by gid %u", sudoers_base, (unsigned int) sudoers_gid); break; default: /* NOTREACHED */ break; } debug_return_ptr(fp); } void init_envtables(void) { return; } int set_perms(int perm) { return 1; } void restore_perms(void) { } void print_member(struct member *m) { struct sudo_command *c; debug_decl(print_member, SUDO_DEBUG_UTIL) if (m->negated) putchar('!'); if (m->name == NULL) fputs("ALL", stdout); else if (m->type != COMMAND) fputs(m->name, stdout); else { c = (struct sudo_command *) m->name; printf("%s%s%s", c->cmnd, c->args ? " " : "", c->args ? c->args : ""); } debug_return; } void print_defaults(void) { struct defaults *d; struct member *m; debug_decl(print_defaults, SUDO_DEBUG_UTIL) TAILQ_FOREACH(d, &defaults, entries) { (void) fputs("Defaults", stdout); switch (d->type) { case DEFAULTS_HOST: putchar('@'); break; case DEFAULTS_USER: putchar(':'); break; case DEFAULTS_RUNAS: putchar('>'); break; case DEFAULTS_CMND: putchar('!'); break; } TAILQ_FOREACH(m, d->binding, entries) { if (m != TAILQ_FIRST(d->binding)) putchar(','); print_member(m); } printf("\t%s%s", d->op == false ? "!" : "", d->var); if (d->val != NULL) { printf("%c%s", d->op == true ? '=' : d->op, d->val); } putchar('\n'); } debug_return; } int print_alias(void *v1, void *v2) { struct alias *a = (struct alias *)v1; struct member *m; struct sudo_command *c; debug_decl(print_alias, SUDO_DEBUG_UTIL) switch (a->type) { case HOSTALIAS: (void) printf("Host_Alias\t%s = ", a->name); break; case CMNDALIAS: (void) printf("Cmnd_Alias\t%s = ", a->name); break; case USERALIAS: (void) printf("User_Alias\t%s = ", a->name); break; case RUNASALIAS: (void) printf("Runas_Alias\t%s = ", a->name); break; } TAILQ_FOREACH(m, &a->members, entries) { if (m != TAILQ_FIRST(&a->members)) fputs(", ", stdout); if (m->type == COMMAND) { c = (struct sudo_command *) m->name; printf("%s%s%s", c->cmnd, c->args ? " " : "", c->args ? c->args : ""); } else if (m->type == ALL) { fputs("ALL", stdout); } else { fputs(m->name, stdout); } } putchar('\n'); debug_return_int(0); } void print_privilege(struct privilege *priv) { struct cmndspec *cs; struct member *m; struct cmndtag tags; debug_decl(print_privilege, SUDO_DEBUG_UTIL) TAILQ_FOREACH(m, &priv->hostlist, entries) { if (m != TAILQ_FIRST(&priv->hostlist)) fputs(", ", stdout); print_member(m); } fputs(" = ", stdout); tags.nopasswd = UNSPEC; tags.noexec = UNSPEC; TAILQ_FOREACH(cs, &priv->cmndlist, entries) { if (cs != TAILQ_FIRST(&priv->cmndlist)) fputs(", ", stdout); if (cs->runasuserlist != NULL || cs->runasgrouplist != NULL) { fputs("(", stdout); if (cs->runasuserlist != NULL) { TAILQ_FOREACH(m, cs->runasuserlist, entries) { if (m != TAILQ_FIRST(cs->runasuserlist)) fputs(", ", stdout); print_member(m); } } else if (cs->runasgrouplist == NULL) { fputs(def_runas_default, stdout); } else { fputs(sudo_user.pw->pw_name, stdout); } if (cs->runasgrouplist != NULL) { fputs(" : ", stdout); TAILQ_FOREACH(m, cs->runasgrouplist, entries) { if (m != TAILQ_FIRST(cs->runasgrouplist)) fputs(", ", stdout); print_member(m); } } fputs(") ", stdout); } #ifdef HAVE_SELINUX if (cs->role) printf("ROLE=%s ", cs->role); if (cs->type) printf("TYPE=%s ", cs->type); #endif /* HAVE_SELINUX */ #ifdef HAVE_PRIV_SET if (cs->privs) printf("PRIVS=%s ", cs->privs); if (cs->limitprivs) printf("LIMITPRIVS=%s ", cs->limitprivs); #endif /* HAVE_PRIV_SET */ if (cs->tags.nopasswd != UNSPEC && cs->tags.nopasswd != tags.nopasswd) printf("%sPASSWD: ", cs->tags.nopasswd ? "NO" : ""); if (cs->tags.noexec != UNSPEC && cs->tags.noexec != tags.noexec) printf("%sEXEC: ", cs->tags.noexec ? "NO" : ""); print_member(cs->cmnd); memcpy(&tags, &cs->tags, sizeof(tags)); } debug_return; } void print_userspecs(void) { struct member *m; struct userspec *us; struct privilege *priv; debug_decl(print_userspecs, SUDO_DEBUG_UTIL) TAILQ_FOREACH(us, &userspecs, entries) { TAILQ_FOREACH(m, &us->users, entries) { if (m != TAILQ_FIRST(&us->users)) fputs(", ", stdout); print_member(m); } putchar('\t'); TAILQ_FOREACH(priv, &us->privileges, entries) { if (priv != TAILQ_FIRST(&us->privileges)) fputs(" : ", stdout); print_privilege(priv); } putchar('\n'); } debug_return; } void dump_sudoers(void) { debug_decl(dump_sudoers, SUDO_DEBUG_UTIL) print_defaults(); putchar('\n'); alias_apply(print_alias, NULL); putchar('\n'); print_userspecs(); debug_return; } static int testsudoers_print(const char *msg) { return fputs(msg, stderr); } void usage(void) { (void) fprintf(stderr, "usage: %s [-dt] [-G sudoers_gid] [-g group] [-h host] [-p grfile] [-p pwfile] [-U sudoers_uid] [-u user] [args]\n", getprogname()); exit(1); } sudo-1.8.9p5/plugins/sudoers/timestamp.c010064400175440000012000000277561226304126200176770ustar00millertstaff/* * Copyright (c) 1993-1996,1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #include #ifndef __TANDEM # include #endif #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef TIME_WITH_SYS_TIME # include #endif #include #include #include #include #include #include "sudoers.h" #include "check.h" static struct sudo_tty_info tty_info; static char timestampdir[PATH_MAX]; static char timestampfile[PATH_MAX]; /* * Fills in timestampdir as well as timestampfile if using tty tickets. */ int build_timestamp(struct passwd *pw) { char *dirparent; struct stat sb; int len; debug_decl(build_timestamp, SUDO_DEBUG_AUTH) /* Stash the tty's device, session ID and ctime for ticket comparison. */ if (def_tty_tickets) { if (user_ttypath && stat(user_ttypath, &sb) == 0) { tty_info.dev = sb.st_dev; tty_info.ino = sb.st_ino; tty_info.rdev = sb.st_rdev; tty_info.uid = sb.st_uid; tty_info.gid = sb.st_gid; } tty_info.sid = user_sid; } dirparent = def_timestampdir; timestampfile[0] = '\0'; len = snprintf(timestampdir, sizeof(timestampdir), "%s/%s", dirparent, user_name); if (len <= 0 || (size_t)len >= sizeof(timestampdir)) goto bad; /* * Timestamp file may be a file in the directory or NUL to use * the directory as the timestamp. */ if (def_tty_tickets) { char pidbuf[sizeof("pid") + (((sizeof(pid_t) * 8) + 2) / 3)]; char *p; if (user_ttypath == NULL) { /* No tty, use parent pid. */ len = snprintf(pidbuf, sizeof(pidbuf), "pid%u", (unsigned int)getppid()); if (len <= 0 || (size_t)len >= sizeof(pidbuf)) goto bad; p = pidbuf; } else if ((p = strrchr(user_tty, '/'))) { p++; } else { p = user_tty; } if (def_targetpw) { len = snprintf(timestampfile, sizeof(timestampfile), "%s/%s/%s:%s", dirparent, user_name, p, runas_pw->pw_name); } else { len = snprintf(timestampfile, sizeof(timestampfile), "%s/%s/%s", dirparent, user_name, p); } if (len <= 0 || (size_t)len >= sizeof(timestampfile)) goto bad; } else if (def_targetpw) { len = snprintf(timestampfile, sizeof(timestampfile), "%s/%s/%s", dirparent, user_name, runas_pw->pw_name); if (len <= 0 || (size_t)len >= sizeof(timestampfile)) goto bad; } sudo_debug_printf(SUDO_DEBUG_INFO, "using timestamp file %s", timestampfile); debug_return_int(len); bad: log_fatal(0, N_("timestamp path too long: %s"), *timestampfile ? timestampfile : timestampdir); /* NOTREACHED */ debug_return_int(-1); } /* * Update the time on the timestamp file/dir or create it if necessary. */ bool update_timestamp(struct passwd *pw) { debug_decl(update_timestamp, SUDO_DEBUG_AUTH) if (timestamp_uid != 0) set_perms(PERM_TIMESTAMP); if (*timestampfile) { /* * Store tty info in timestamp file */ int fd = open(timestampfile, O_WRONLY|O_CREAT, 0600); if (fd == -1) log_warning(USE_ERRNO, N_("unable to open %s"), timestampfile); else { lock_file(fd, SUDO_LOCK); if (write(fd, &tty_info, sizeof(tty_info)) != sizeof(tty_info)) log_warning(USE_ERRNO, N_("unable to write to %s"), timestampfile); close(fd); } } else { if (touch(-1, timestampdir, NULL) == -1) { if (mkdir(timestampdir, 0700) == -1) { log_warning(USE_ERRNO, N_("unable to mkdir %s"), timestampdir); } } } if (timestamp_uid != 0) restore_perms(); debug_return_bool(true); } /* * Check the timestamp file and directory and return their status. */ static int timestamp_status_internal(bool removing) { struct stat sb; struct timeval boottime, mtime; time_t now; char *dirparent = def_timestampdir; int status = TS_ERROR; /* assume the worst */ debug_decl(timestamp_status_internal, SUDO_DEBUG_AUTH) if (timestamp_uid != 0) set_perms(PERM_TIMESTAMP); /* * Sanity check dirparent and make it if it doesn't already exist. * We start out assuming the worst (that the dir is not sane) and * if it is ok upgrade the status to ``no timestamp file''. * Note that we don't check the parent(s) of dirparent for * sanity since the sudo dir is often just located in /tmp. */ if (lstat(dirparent, &sb) == 0) { if (!S_ISDIR(sb.st_mode)) log_warning(0, N_("%s exists but is not a directory (0%o)"), dirparent, (unsigned int) sb.st_mode); else if (sb.st_uid != timestamp_uid) log_warning(0, N_("%s owned by uid %u, should be uid %u"), dirparent, (unsigned int) sb.st_uid, (unsigned int) timestamp_uid); else if ((sb.st_mode & 0000022)) log_warning(0, N_("%s writable by non-owner (0%o), should be mode 0700"), dirparent, (unsigned int) sb.st_mode); else { if ((sb.st_mode & 0000777) != 0700) (void) chmod(dirparent, 0700); status = TS_MISSING; } } else if (errno != ENOENT) { log_warning(USE_ERRNO, N_("unable to stat %s"), dirparent); } else { /* No dirparent, try to make one. */ if (!removing) { if (mkdir(dirparent, S_IRWXU)) log_warning(USE_ERRNO, N_("unable to mkdir %s"), dirparent); else status = TS_MISSING; } } if (status == TS_ERROR) goto done; /* * Sanity check the user's ticket dir. We start by downgrading * the status to TS_ERROR. If the ticket dir exists and is sane * this will be upgraded to TS_OLD. If the dir does not exist, * it will be upgraded to TS_MISSING. */ status = TS_ERROR; /* downgrade status again */ if (lstat(timestampdir, &sb) == 0) { if (!S_ISDIR(sb.st_mode)) { if (S_ISREG(sb.st_mode)) { /* convert from old style */ if (unlink(timestampdir) == 0) status = TS_MISSING; } else log_warning(0, N_("%s exists but is not a directory (0%o)"), timestampdir, (unsigned int) sb.st_mode); } else if (sb.st_uid != timestamp_uid) log_warning(0, N_("%s owned by uid %u, should be uid %u"), timestampdir, (unsigned int) sb.st_uid, (unsigned int) timestamp_uid); else if ((sb.st_mode & 0000022)) log_warning(0, N_("%s writable by non-owner (0%o), should be mode 0700"), timestampdir, (unsigned int) sb.st_mode); else { if ((sb.st_mode & 0000777) != 0700) (void) chmod(timestampdir, 0700); status = TS_OLD; /* do date check later */ } } else if (errno != ENOENT) { log_warning(USE_ERRNO, N_("unable to stat %s"), timestampdir); } else status = TS_MISSING; /* * If there is no user ticket dir, AND we are in tty ticket mode, * AND we are not just going to remove it, create the user ticket dir. */ if (status == TS_MISSING && *timestampfile && !removing) { if (mkdir(timestampdir, S_IRWXU) == -1) { status = TS_ERROR; log_warning(USE_ERRNO, N_("unable to mkdir %s"), timestampdir); } } /* * Sanity check the tty ticket file if it exists. */ if (*timestampfile && status != TS_ERROR) { if (status != TS_MISSING) status = TS_NOFILE; /* dir there, file missing */ if (lstat(timestampfile, &sb) == 0) { if (!S_ISREG(sb.st_mode)) { status = TS_ERROR; log_warning(0, N_("%s exists but is not a regular file (0%o)"), timestampfile, (unsigned int) sb.st_mode); } else { /* If bad uid or file mode, complain and kill the bogus file. */ if (sb.st_uid != timestamp_uid) { log_warning(0, N_("%s owned by uid %u, should be uid %u"), timestampfile, (unsigned int) sb.st_uid, (unsigned int) timestamp_uid); (void) unlink(timestampfile); } else if ((sb.st_mode & 0000022)) { log_warning(0, N_("%s writable by non-owner (0%o), should be mode 0600"), timestampfile, (unsigned int) sb.st_mode); (void) unlink(timestampfile); } else { /* If not mode 0600, fix it. */ if ((sb.st_mode & 0000777) != 0600) (void) chmod(timestampfile, 0600); /* * Check for stored tty info. If the file is zero-sized * it is an old-style timestamp with no tty info in it. * If removing, we don't care about the contents. * The actual mtime check is done later. */ if (removing) { status = TS_OLD; } else if (sb.st_size != 0) { struct sudo_tty_info info; int fd = open(timestampfile, O_RDONLY, 0644); if (fd != -1) { if (read(fd, &info, sizeof(info)) == sizeof(info) && memcmp(&info, &tty_info, sizeof(info)) == 0) { status = TS_OLD; } close(fd); } } } } } else if (errno != ENOENT) { log_warning(USE_ERRNO, N_("unable to stat %s"), timestampfile); status = TS_ERROR; } } /* * If the file/dir exists and we are not removing it, check its mtime. */ if (status == TS_OLD && !removing) { mtim_get(&sb, &mtime); if (timevalisset(&mtime)) { /* Negative timeouts only expire manually (sudo -k). */ if (def_timestamp_timeout < 0) { status = TS_CURRENT; } else { time(&now); if (def_timestamp_timeout && now - mtime.tv_sec < 60 * def_timestamp_timeout) { /* * Check for bogus time on the stampfile. The clock may * have been set back or user could be trying to spoof us. */ if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) { time_t tv_sec = (time_t)mtime.tv_sec; log_warning(0, N_("timestamp too far in the future: %20.20s"), 4 + ctime(&tv_sec)); if (*timestampfile) (void) unlink(timestampfile); else (void) rmdir(timestampdir); status = TS_MISSING; } else if (get_boottime(&boottime) && timevalcmp(&mtime, &boottime, <)) { status = TS_OLD; } else { status = TS_CURRENT; } } } } } done: if (timestamp_uid != 0) restore_perms(); debug_return_int(status); } int timestamp_status(struct passwd *pw) { return timestamp_status_internal(false); } /* * Remove the timestamp ticket file/dir. */ void remove_timestamp(bool remove) { struct timeval tv; char *path; int status; debug_decl(remove_timestamp, SUDO_DEBUG_AUTH) if (build_timestamp(NULL) == -1) debug_return; status = timestamp_status_internal(true); if (status != TS_MISSING && status != TS_ERROR) { path = *timestampfile ? timestampfile : timestampdir; if (remove) { if (*timestampfile) status = unlink(timestampfile); else status = rmdir(timestampdir); if (status == -1 && errno != ENOENT) { log_warning(0, N_("unable to remove %s, will reset to the Unix epoch"), path); remove = false; } } if (!remove) { timevalclear(&tv); if (touch(-1, path, &tv) == -1 && errno != ENOENT) fatal(U_("unable to reset %s to the Unix epoch"), path); } } debug_return; } /* * Lecture status is currently implied by the timestamp status but * may be stored separately in a future release. */ bool set_lectured(void) { return true; } sudo-1.8.9p5/plugins/sudoers/timestr.c010064400175440000012000000034701226304126200173460ustar00millertstaff/* * Copyright (c) 1999, 2009-2011 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #include #include "missing.h" char *get_timestr(time_t, int); /* * Return a static buffer with the current date + time. * Uses strftime() if available, else falls back to ctime(). */ char * get_timestr(time_t tstamp, int log_year) { char *s; #ifdef HAVE_STRFTIME static char buf[128]; struct tm *timeptr; timeptr = localtime(&tstamp); /* strftime() does not guarantee to NUL-terminate so we must check. */ buf[sizeof(buf) - 1] = '\0'; if (strftime(buf, sizeof(buf), log_year ? "%h %e %T %Y" : "%h %e %T", timeptr) != 0 && buf[sizeof(buf) - 1] == '\0') return buf; #endif /* HAVE_STRFTIME */ s = ctime(&tstamp) + 4; /* skip day of the week */ if (log_year) s[20] = '\0'; /* avoid the newline */ else s[15] = '\0'; /* don't care about year */ return s; } sudo-1.8.9p5/plugins/sudoers/toke.c010064400175440000012000004601031226304126200166210ustar00millertstaff#include #define yy_create_buffer sudoers_create_buffer #define yy_delete_buffer sudoers_delete_buffer #define yy_scan_buffer sudoers_scan_buffer #define yy_scan_string sudoers_scan_string #define yy_scan_bytes sudoers_scan_bytes #define yy_flex_debug sudoers_flex_debug #define yy_init_buffer sudoers_init_buffer #define yy_flush_buffer sudoers_flush_buffer #define yy_load_buffer_state sudoers_load_buffer_state #define yy_switch_to_buffer sudoers_switch_to_buffer #define yyin sudoersin #define yyleng sudoersleng #define yylex sudoerslex #define yyout sudoersout #define yyrestart sudoersrestart #define yytext sudoerstext /* $OpenBSD: flex.skl,v 1.12 2013/11/04 17:03:32 millert Exp $ */ /* A lexical scanner generated by flex */ /* Scanner skeleton version: * $Header: /cvs/src/usr.bin/lex/flex.skl,v 1.12 2013/11/04 17:03:32 millert Exp $ */ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 #include #include /* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ #ifdef c_plusplus #ifndef __cplusplus #define __cplusplus #endif #endif #ifdef __cplusplus #include #include /* Use prototypes in function declarations. */ #define YY_USE_PROTOS /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST #else /* ! __cplusplus */ #ifdef __STDC__ #define YY_USE_PROTOS #define YY_USE_CONST #endif /* __STDC__ */ #endif /* ! __cplusplus */ #ifdef __TURBOC__ #pragma warn -rch #pragma warn -use #include #include #define YY_USE_CONST #define YY_USE_PROTOS #endif #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif #ifdef YY_USE_PROTOS #define YY_PROTO(proto) proto #else #define YY_PROTO(proto) () #endif /* Returned upon end-of-file. */ #define YY_NULL 0 /* Promotes a possibly negative, possibly signed char to an unsigned * integer for use as an array index. If the signed char is negative, * we want to instead treat it as an 8-bit unsigned char, hence the * double cast. */ #define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) /* Enter a start condition. This macro really ought to take a parameter, * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ #define BEGIN yy_start = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ #define YY_START ((yy_start - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ #define YY_NEW_FILE yyrestart( yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ #define YY_BUF_SIZE 16384 typedef struct yy_buffer_state *YY_BUFFER_STATE; extern int yyleng; extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 /* The funky do-while in the following #define is used to turn the definition * int a single C statement (which needs a semi-colon terminator). This * avoids problems with code like: * * if ( condition_holds ) * yyless( 5 ); * else * do_something_else(); * * Prior to using the do-while the compiler would get upset at the * "else" because it interpreted the "if" statement as being all * done when it reached the ';' after the yyless() call. */ /* Return all but the first 'n' matched characters back to the input stream. */ #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ *yy_cp = yy_hold_char; \ YY_RESTORE_YY_MORE_OFFSET \ yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) #define unput(c) yyunput( c, yytext_ptr ) /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). */ typedef unsigned int yy_size_t; struct yy_buffer_state { FILE *yy_input_file; char *yy_ch_buf; /* input buffer */ char *yy_buf_pos; /* current position in input buffer */ /* Size of input buffer in bytes, not including room for EOB * characters. */ yy_size_t yy_buf_size; /* Number of characters read into yy_ch_buf, not including EOB * characters. */ int yy_n_chars; /* Whether we "own" the buffer - i.e., we know we created it, * and can realloc() it to grow it, and should free() it to * delete it. */ int yy_is_our_buffer; /* Whether this is an "interactive" input source; if so, and * if we're using stdio for input, then we want to use getc() * instead of fread(), to make sure we stop fetching input after * each newline. */ int yy_is_interactive; /* Whether we're considered to be at the beginning of a line. * If so, '^' rules will be active on the next match, otherwise * not. */ int yy_at_bol; /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process * then we mark the buffer as YY_EOF_PENDING, to indicate that we * shouldn't try reading from the input source any more. We might * still have a bunch of tokens to match, though, because of * possible backing-up. * * When we actually see the EOF, we change the status to "new" * (via yyrestart()), so that the user can continue scanning by * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 }; static YY_BUFFER_STATE yy_current_buffer = 0; /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". */ #define YY_CURRENT_BUFFER yy_current_buffer /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; static int yy_n_chars; /* number of characters read into yy_ch_buf */ int yyleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = (char *) 0; static int yy_init = 1; /* whether we need to initialize */ static int yy_start = 0; /* start state number */ /* Flag which is used to allow yywrap()'s to do buffer switches * instead of setting up a fresh yyin. A bit of a hack ... */ static int yy_did_buffer_switch_on_eof; void yyrestart YY_PROTO(( FILE *input_file )); void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); void yy_load_buffer_state YY_PROTO(( void )); YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); #define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); static void *yy_flex_alloc YY_PROTO(( yy_size_t )); static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); static void yy_flex_free YY_PROTO(( void * )); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ if ( ! yy_current_buffer ) \ yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ yy_current_buffer->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ if ( ! yy_current_buffer ) \ yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ yy_current_buffer->yy_at_bol = at_bol; \ } #define YY_AT_BOL() (yy_current_buffer->yy_at_bol) #define yywrap() 1 #define YY_SKIP_YYWRAP typedef unsigned char YY_CHAR; FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; typedef int yy_state_type; extern char *yytext; #define yytext_ptr yytext static yy_state_type yy_get_previous_state YY_PROTO(( void )); static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); static int yy_get_next_buffer YY_PROTO(( void )); static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ yytext_ptr = yy_bp; \ yyleng = (int) (yy_cp - yy_bp); \ yy_hold_char = *yy_cp; \ *yy_cp = '\0'; \ yy_c_buf_p = yy_cp; #define YY_NUM_RULES 67 #define YY_END_OF_BUFFER 68 static yyconst short int yy_accept[814] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 68, 55, 63, 62, 61, 54, 65, 34, 56, 57, 34, 58, 55, 55, 55, 55, 60, 59, 66, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 66, 55, 55, 63, 65, 46, 46, 46, 46, 46, 2, 66, 1, 55, 46, 46, 55, 17, 16, 17, 16, 16, 66, 65, 66, 3, 9, 8, 9, 4, 9, 5, 66, 13, 13, 13, 11, 12, 66, 19, 19, 18, 18, 18, 19, 18, 18, 18, 19, 19, 19, 19, 19, 18, 19, 19, 55, 0, 63, 61, 65, 65, 0, 55, 36, 0, 34, 0, 35, 0, 53, 53, 0, 55, 55, 0, 55, 55, 55, 55, 0, 39, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 55, 64, 55, 55, 63, 0, 0, 0, 0, 0, 65, 55, 55, 55, 55, 55, 2, 1, 0, 1, 47, 47, 0, 55, 17, 17, 15, 14, 15, 0, 0, 3, 9, 0, 6, 7, 9, 9, 13, 0, 13, 13, 0, 10, 36, 0, 0, 35, 19, 19, 0, 19, 0, 0, 18, 18, 18, 18, 18, 18, 19, 19, 46, 19, 19, 19, 19, 19, 19, 19, 65, 65, 0, 36, 55, 55, 55, 55, 55, 0, 0, 39, 39, 46, 41, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 55, 55, 0, 0, 0, 0, 0, 65, 55, 55, 55, 55, 55, 0, 55, 10, 0, 0, 0, 18, 18, 18, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 65, 55, 55, 55, 55, 55, 55, 0, 40, 40, 40, 0, 0, 39, 39, 39, 39, 39, 39, 39, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 42, 46, 43, 55, 55, 55, 55, 0, 0, 0, 0, 0, 65, 55, 55, 55, 55, 0, 0, 0, 0, 0, 18, 18, 19, 46, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 55, 55, 55, 0, 0, 40, 40, 40, 0, 39, 39, 0, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 0, 27, 46, 46, 46, 46, 46, 46, 46, 46, 44, 46, 55, 55, 55, 55, 55, 0, 0, 0, 65, 55, 55, 55, 0, 0, 0, 18, 18, 46, 46, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 55, 55, 55, 55, 55, 0, 40, 0, 39, 39, 39, 0, 0, 0, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 46, 46, 46, 46, 46, 46, 46, 46, 46, 48, 49, 50, 51, 55, 0, 0, 65, 55, 55, 55, 0, 0, 0, 0, 0, 46, 46, 19, 46, 19, 19, 19, 19, 19, 19, 19, 19, 19, 37, 37, 37, 0, 0, 39, 39, 39, 39, 39, 39, 39, 0, 0, 0, 0, 0, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 46, 46, 46, 0, 26, 46, 46, 46, 46, 0, 25, 0, 28, 55, 0, 0, 65, 55, 55, 55, 37, 37, 37, 46, 46, 46, 46, 19, 19, 19, 55, 37, 37, 37, 37, 0, 39, 0, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 0, 0, 0, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 46, 46, 46, 46, 46, 46, 46, 52, 0, 0, 65, 55, 22, 47, 0, 37, 37, 37, 37, 46, 46, 46, 46, 19, 19, 19, 38, 38, 38, 38, 39, 0, 0, 0, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 0, 0, 0, 0, 0, 39, 39, 39, 39, 39, 39, 39, 39, 46, 46, 46, 46, 46, 0, 24, 0, 29, 0, 22, 65, 65, 55, 0, 55, 38, 38, 38, 38, 46, 46, 46, 46, 55, 55, 38, 38, 38, 38, 0, 0, 0, 0, 0, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 45, 0, 32, 46, 46, 46, 0, 65, 65, 20, 65, 23, 22, 0, 0, 0, 0, 0, 22, 0, 0, 0, 38, 38, 38, 38, 46, 46, 46, 55, 55, 55, 0, 0, 0, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, 0, 30, 46, 46, 23, 65, 0, 22, 0, 0, 0, 46, 46, 55, 55, 55, 55, 55, 0, 0, 0, 0, 0, 39, 39, 39, 39, 39, 39, 39, 39, 0, 33, 46, 65, 0, 0, 0, 0, 0, 46, 55, 55, 55, 39, 39, 39, 39, 39, 39, 0, 31, 65, 65, 21, 0, 0, 0, 55, 55, 55, 55, 55, 39, 39, 39, 39, 39, 0, 0, 0, 0, 0, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 0 } ; static yyconst int yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 4, 5, 6, 1, 7, 1, 1, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 1, 1, 27, 28, 10, 29, 30, 31, 32, 33, 34, 31, 35, 36, 37, 38, 38, 39, 40, 41, 42, 43, 38, 44, 45, 46, 47, 48, 49, 50, 51, 38, 10, 52, 10, 1, 53, 1, 54, 55, 56, 57, 58, 59, 60, 61, 62, 60, 60, 63, 64, 65, 66, 60, 60, 67, 68, 69, 70, 60, 60, 60, 60, 60, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 } ; static yyconst int yy_meta[71] = { 0, 1, 2, 3, 4, 5, 6, 1, 7, 7, 1, 8, 9, 10, 11, 12, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 14, 15, 7, 1, 16, 16, 16, 16, 16, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 18, 19, 20, 20, 20, 20, 20, 20, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21 } ; static yyconst short int yy_base[931] = { 0, 0, 69, 71, 79, 94, 124, 175, 244, 153, 197, 85, 130, 314, 0, 4514, 4461, 4510, 5604, 4507, 5604, 382, 86, 5604, 5604, 4458, 5604, 140, 394, 195, 153, 4483, 5604, 5604, 453, 4383, 43, 508, 37, 4379, 65, 4378, 4385, 4367, 566, 581, 91, 151, 604, 39, 41, 4351, 34, 4348, 117, 4402, 4412, 428, 4371, 4382, 136, 0, 5604, 4407, 5604, 0, 606, 664, 105, 0, 4358, 5604, 115, 5604, 133, 5604, 138, 4357, 152, 171, 5604, 188, 383, 641, 694, 737, 235, 245, 794, 843, 4369, 157, 898, 4365, 4364, 4375, 4370, 944, 0, 206, 4351, 266, 4400, 4397, 4397, 5604, 263, 532, 585, 4386, 608, 707, 4346, 829, 648, 4345, 968, 981, 1018, 4359, 4370, 563, 708, 422, 4357, 371, 1062, 1106, 4343, 4347, 4340, 4344, 596, 4333, 4340, 4337, 4329, 4331, 644, 5604, 237, 137, 946, 4309, 4314, 4305, 4300, 4301, 121, 225, 530, 377, 369, 335, 445, 4366, 720, 4365, 931, 4314, 1018, 169, 0, 4361, 160, 5604, 5604, 991, 388, 0, 4312, 638, 5604, 5604, 4311, 661, 4310, 4356, 392, 221, 420, 4358, 653, 665, 1139, 4296, 1145, 0, 1173, 1201, 1210, 1037, 1239, 4333, 1081, 1170, 826, 1288, 1343, 4307, 0, 4311, 4309, 899, 4298, 4296, 4287, 4283, 4336, 4335, 1222, 1258, 1389, 1362, 968, 1428, 4323, 4310, 1472, 520, 1517, 1561, 1605, 4303, 4297, 4280, 4282, 4289, 4300, 4295, 4283, 4279, 4292, 4291, 4290, 654, 493, 4258, 4252, 4242, 4244, 4250, 534, 579, 4253, 491, 407, 506, 1413, 626, 4304, 4251, 4239, 1651, 1661, 4227, 1705, 0, 4197, 4164, 4155, 4151, 4151, 4135, 4112, 4111, 811, 4067, 4122, 1749, 378, 0, 0, 1041, 243, 4098, 4097, 1786, 805, 4096, 4095, 623, 1410, 1799, 1447, 1091, 1844, 1890, 4094, 429, 4073, 632, 4084, 4082, 4056, 4054, 4050, 4053, 0, 4046, 0, 929, 638, 544, 561, 4022, 4024, 4008, 4022, 4008, 746, 524, 1063, 413, 662, 1491, 4060, 4059, 4058, 1270, 1900, 1944, 763, 904, 4037, 4020, 4009, 4007, 3992, 3988, 818, 3993, 3988, 3912, 1990, 2002, 2014, 3930, 3929, 2024, 3929, 3912, 3911, 3910, 919, 1536, 1003, 1580, 1142, 2037, 0, 1626, 2083, 1680, 1372, 2128, 2174, 764, 5604, 3892, 3877, 3870, 3884, 3862, 3869, 3879, 3879, 0, 3863, 698, 593, 820, 973, 1093, 3857, 3824, 3825, 922, 897, 969, 1097, 3866, 3858, 2186, 2196, 3829, 3807, 3800, 3814, 3778, 3784, 3794, 3793, 3747, 3726, 3716, 3711, 3696, 3656, 2240, 1017, 2279, 2291, 1637, 3686, 3662, 3648, 3646, 2301, 1127, 3642, 3641, 2347, 1154, 1205, 1209, 1724, 1761, 2359, 0, 1763, 2405, 1774, 1457, 2450, 2496, 2521, 1024, 1127, 1181, 1190, 1169, 1207, 1224, 1392, 3602, 3584, 3577, 3560, 1240, 3581, 3547, 1313, 1391, 874, 1774, 1821, 3584, 3576, 3569, 1503, 3523, 3519, 869, 1379, 3515, 3511, 949, 1045, 0, 0, 0, 0, 3478, 2577, 1863, 1546, 3510, 3509, 3506, 1919, 2616, 1963, 1590, 2660, 2706, 2056, 3517, 3509, 3487, 1692, 1879, 1979, 2096, 2104, 2147, 2106, 2718, 0, 2217, 2764, 2250, 1734, 2809, 2855, 2880, 2086, 1133, 1088, 5604, 421, 2087, 1184, 2088, 1369, 5604, 1370, 5604, 1197, 3418, 3389, 1282, 2127, 1249, 1368, 3442, 3427, 2936, 3386, 3320, 3309, 3295, 2951, 1219, 3272, 3006, 1181, 3044, 0, 1709, 3290, 3263, 2260, 58, 2320, 1774, 3083, 0, 2380, 3129, 2424, 1831, 3173, 3219, 3270, 3265, 3231, 2336, 2462, 2464, 2471, 3256, 2477, 3243, 0, 2589, 3289, 2600, 1929, 3335, 3360, 1376, 1087, 1847, 1409, 1542, 1586, 3218, 3184, 3166, 1832, 1427, 2060, 3174, 2635, 3210, 3186, 3185, 2435, 3129, 3111, 3114, 3066, 3429, 1454, 0, 3486, 2679, 2737, 1483, 3085, 2989, 2839, 3525, 2819, 2003, 2280, 2783, 2381, 3537, 0, 2830, 3583, 3016, 2157, 3627, 3673, 3026, 2821, 2801, 2750, 2228, 2472, 2474, 2695, 1189, 1531, 3685, 0, 2647, 1848, 1925, 1602, 1522, 1849, 1587, 5604, 1664, 5604, 2692, 1967, 1630, 2177, 2014, 2406, 2761, 2674, 2630, 3731, 2272, 1926, 2155, 2500, 1927, 3741, 2076, 3780, 0, 1967, 2277, 3054, 2598, 2535, 2509, 2841, 2470, 2431, 2485, 2600, 3064, 2617, 3819, 0, 3104, 3865, 3148, 3036, 3909, 3955, 2390, 2373, 3966, 3118, 2338, 1742, 2298, 2129, 5604, 2743, 1825, 1738, 2219, 2153, 1825, 5604, 2062, 2083, 3130, 3172, 3276, 3281, 1984, 2880, 1920, 3360, 3192, 1912, 1877, 1858, 3274, 1744, 2326, 2643, 2745, 3978, 3990, 4002, 1700, 1693, 4014, 1662, 1623, 2856, 2951, 3496, 3084, 4026, 0, 3508, 4072, 3556, 3074, 0, 1599, 1510, 1503, 3319, 1423, 2328, 5604, 3154, 2037, 5604, 2124, 3602, 3646, 1409, 1403, 4118, 2407, 2791, 4130, 2334, 4142, 4154, 3659, 3704, 1390, 1286, 1251, 3418, 1158, 1087, 3105, 1077, 1056, 4166, 0, 3568, 2499, 5604, 3270, 2220, 3751, 1014, 1005, 957, 3614, 2522, 4178, 4190, 4202, 3761, 3790, 3800, 684, 0, 683, 2685, 5604, 658, 2222, 5604, 522, 382, 4214, 4226, 2335, 4238, 4250, 3840, 5604, 3846, 3884, 3202, 5604, 3928, 374, 208, 117, 3716, 4260, 4297, 4334, 4045, 4091, 4270, 59, 4371, 3941, 5604, 4280, 3771, 5604, 4423, 4444, 4465, 4486, 4507, 4528, 4549, 4570, 4591, 4600, 2074, 4620, 4641, 2383, 4662, 4683, 4704, 4725, 4746, 4767, 4788, 4809, 2337, 4830, 4839, 4847, 4856, 4876, 4897, 4918, 2474, 4939, 4960, 4981, 5002, 5011, 5030, 5039, 5048, 2421, 2516, 5056, 5064, 5072, 5081, 5089, 5096, 5104, 5112, 5121, 5131, 2600, 2694, 5139, 5147, 5155, 2695, 2757, 5164, 5174, 5194, 2798, 5203, 5211, 2799, 5220, 5230, 5250, 2228, 2615, 5259, 5271, 5280, 5290, 2803, 2825, 5299, 5309, 5318, 5338, 2700, 5347, 5359, 2841, 2872, 5368, 5378, 2873, 5387, 5397, 5417, 5438, 5459, 3115, 3116, 5479, 3168, 5486, 5496, 2951, 2967, 5505, 2520, 5525, 3304, 3313, 5534, 5544, 3517, 3314, 3318, 5552, 5562, 5582, 3814, 3319, 3430 } ; static yyconst short int yy_def[931] = { 0, 813, 1, 1, 1, 814, 814, 815, 815, 816, 816, 817, 817, 813, 13, 813, 818, 813, 813, 813, 813, 819, 820, 813, 813, 821, 813, 822, 818, 28, 28, 823, 813, 813, 813, 34, 34, 34, 37, 37, 37, 37, 37, 37, 818, 28, 818, 813, 819, 34, 34, 37, 37, 37, 813, 824, 813, 825, 37, 37, 818, 826, 813, 826, 813, 826, 813, 819, 813, 827, 828, 813, 828, 813, 828, 813, 829, 830, 830, 830, 813, 813, 831, 832, 833, 813, 85, 85, 85, 813, 89, 89, 89, 92, 92, 92, 92, 85, 88, 88, 818, 818, 813, 813, 834, 813, 835, 813, 820, 836, 831, 820, 821, 821, 822, 837, 818, 818, 28, 838, 118, 118, 118, 118, 839, 840, 37, 126, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 818, 813, 818, 818, 813, 813, 813, 813, 813, 813, 834, 818, 118, 818, 818, 818, 813, 813, 813, 813, 841, 842, 818, 818, 843, 843, 813, 813, 813, 835, 813, 844, 845, 845, 813, 813, 845, 845, 830, 813, 830, 830, 813, 813, 831, 831, 831, 846, 847, 88, 846, 848, 813, 813, 85, 192, 192, 192, 192, 813, 197, 198, 849, 198, 198, 198, 198, 198, 88, 88, 834, 850, 813, 813, 818, 212, 212, 118, 215, 851, 813, 852, 813, 127, 221, 222, 222, 222, 222, 222, 222, 222, 222, 222, 222, 222, 222, 818, 818, 813, 813, 813, 813, 813, 834, 818, 215, 818, 818, 818, 813, 818, 813, 853, 854, 813, 88, 254, 197, 198, 198, 198, 198, 198, 198, 198, 198, 198, 88, 88, 850, 818, 818, 212, 212, 212, 818, 855, 856, 856, 277, 857, 856, 858, 220, 813, 283, 283, 813, 283, 222, 222, 222, 222, 222, 222, 222, 222, 222, 222, 222, 222, 222, 818, 818, 818, 818, 813, 813, 813, 813, 813, 834, 818, 818, 818, 818, 813, 813, 853, 853, 813, 254, 197, 198, 859, 198, 198, 198, 198, 198, 198, 88, 88, 88, 88, 212, 212, 212, 813, 860, 860, 339, 860, 861, 862, 863, 813, 864, 286, 864, 813, 349, 864, 813, 352, 352, 813, 352, 813, 813, 222, 222, 222, 222, 222, 222, 222, 222, 222, 222, 818, 818, 818, 818, 818, 813, 813, 813, 834, 818, 818, 818, 865, 866, 813, 88, 321, 859, 859, 198, 198, 198, 198, 198, 198, 88, 88, 88, 88, 88, 818, 818, 212, 212, 818, 867, 867, 868, 869, 813, 813, 870, 871, 813, 872, 872, 873, 355, 873, 813, 418, 873, 813, 421, 421, 813, 421, 813, 426, 426, 426, 426, 426, 426, 426, 426, 818, 818, 818, 818, 818, 813, 813, 874, 818, 818, 818, 813, 813, 875, 875, 813, 859, 859, 198, 859, 198, 198, 198, 198, 88, 88, 88, 88, 88, 818, 464, 464, 813, 876, 877, 408, 813, 471, 471, 813, 471, 813, 813, 878, 878, 813, 813, 879, 879, 880, 424, 880, 813, 487, 880, 813, 490, 490, 813, 490, 813, 495, 495, 813, 813, 495, 495, 495, 495, 813, 813, 813, 813, 818, 813, 813, 881, 818, 818, 818, 882, 883, 813, 884, 884, 884, 884, 813, 522, 885, 818, 818, 818, 527, 527, 813, 886, 813, 887, 474, 887, 813, 536, 887, 813, 539, 539, 813, 539, 888, 889, 813, 813, 890, 890, 891, 892, 891, 813, 553, 891, 813, 556, 556, 556, 813, 560, 560, 560, 560, 560, 560, 818, 813, 813, 893, 818, 818, 818, 813, 813, 894, 894, 813, 895, 895, 895, 895, 813, 583, 896, 818, 586, 586, 586, 813, 897, 898, 813, 899, 899, 900, 542, 900, 813, 599, 900, 813, 602, 602, 813, 602, 813, 813, 901, 901, 813, 813, 902, 902, 903, 903, 813, 617, 903, 560, 560, 560, 560, 560, 813, 813, 813, 813, 813, 813, 904, 893, 818, 905, 906, 907, 908, 813, 907, 909, 909, 909, 909, 818, 818, 818, 646, 646, 818, 813, 813, 910, 910, 813, 813, 911, 911, 912, 605, 912, 813, 661, 912, 813, 664, 664, 813, 664, 913, 914, 813, 813, 915, 915, 560, 813, 813, 560, 560, 560, 813, 904, 904, 813, 893, 818, 905, 905, 905, 905, 916, 905, 917, 917, 813, 813, 907, 907, 813, 813, 909, 909, 909, 646, 646, 646, 918, 919, 813, 813, 920, 920, 921, 667, 921, 813, 716, 921, 813, 719, 719, 922, 813, 913, 913, 813, 813, 813, 813, 560, 560, 813, 893, 813, 813, 923, 924, 813, 909, 909, 646, 818, 646, 646, 818, 813, 813, 918, 918, 813, 813, 925, 925, 926, 926, 926, 756, 926, 813, 813, 560, 927, 813, 813, 923, 923, 813, 909, 646, 646, 646, 813, 813, 813, 813, 928, 928, 813, 813, 927, 927, 813, 929, 930, 813, 646, 818, 646, 646, 818, 813, 813, 813, 813, 813, 813, 813, 929, 929, 813, 818, 818, 818, 813, 813, 813, 818, 818, 818, 813, 813, 813, 0, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813 } ; static yyconst short int yy_nxt[5675] = { 0, 16, 17, 18, 19, 20, 21, 22, 23, 24, 16, 25, 26, 16, 16, 27, 28, 29, 30, 28, 28, 28, 28, 28, 28, 28, 31, 32, 33, 16, 34, 35, 35, 35, 36, 37, 37, 37, 37, 38, 37, 39, 37, 40, 41, 42, 43, 37, 37, 37, 37, 37, 44, 16, 45, 45, 45, 45, 45, 45, 16, 16, 16, 16, 16, 16, 16, 16, 46, 16, 16, 47, 532, 54, 130, 48, 135, 55, 127, 131, 127, 54, 127, 56, 534, 55, 57, 78, 18, 79, 80, 56, 109, 129, 57, 133, 17, 62, 63, 150, 64, 49, 50, 149, 152, 51, 64, 168, 139, 134, 58, 101, 110, 52, 59, 37, 53, 37, 58, 154, 64, 65, 59, 37, 105, 37, 17, 62, 63, 155, 64, 796, 78, 18, 79, 80, 64, 81, 111, 60, 175, 139, 172, 101, 115, 115, 66, 60, 115, 115, 64, 65, 140, 142, 178, 17, 18, 19, 71, 67, 173, 141, 168, 139, 72, 73, 74, 171, 115, 122, 122, 122, 122, 122, 123, 179, 66, 17, 18, 19, 75, 67, 81, 143, 144, 171, 242, 145, 101, 101, 180, 181, 116, 176, 236, 146, 198, 140, 147, 17, 18, 19, 71, 67, 177, 76, 161, 201, 72, 73, 74, 121, 121, 121, 121, 121, 121, 121, 121, 121, 121, 101, 796, 177, 75, 179, 249, 68, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 17, 18, 19, 76, 67, 194, 194, 194, 194, 194, 194, 194, 194, 194, 194, 195, 195, 195, 195, 195, 196, 206, 100, 119, 100, 100, 100, 177, 100, 100, 207, 101, 100, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 101, 243, 235, 100, 100, 100, 101, 68, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 33, 17, 18, 19, 33, 33, 82, 23, 24, 33, 83, 26, 33, 33, 84, 85, 86, 87, 85, 85, 85, 85, 85, 85, 85, 31, 88, 33, 33, 89, 90, 90, 90, 91, 92, 92, 92, 92, 93, 92, 94, 92, 95, 92, 96, 92, 92, 92, 92, 92, 92, 68, 33, 97, 97, 97, 97, 97, 97, 98, 98, 98, 98, 98, 98, 98, 98, 99, 98, 98, 105, 218, 101, 796, 109, 168, 139, 269, 247, 178, 106, 796, 220, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 117, 183, 118, 118, 118, 118, 118, 118, 118, 118, 118, 118, 119, 101, 180, 181, 120, 120, 120, 120, 120, 101, 101, 357, 159, 159, 246, 184, 159, 159, 216, 216, 216, 216, 216, 216, 177, 245, 101, 154, 120, 120, 120, 120, 120, 120, 100, 358, 159, 155, 127, 101, 100, 313, 563, 100, 100, 101, 100, 100, 100, 126, 126, 126, 126, 126, 126, 126, 126, 126, 126, 119, 160, 311, 100, 126, 126, 126, 126, 126, 127, 127, 127, 127, 128, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 101, 127, 120, 120, 120, 120, 120, 120, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 813, 218, 796, 105, 127, 127, 127, 127, 127, 101, 100, 101, 282, 127, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 101, 304, 311, 372, 100, 100, 100, 100, 100, 100, 138, 139, 100, 100, 100, 311, 100, 100, 101, 378, 100, 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, 244, 310, 813, 100, 100, 100, 100, 101, 120, 120, 120, 120, 120, 120, 120, 120, 120, 120, 105, 164, 139, 165, 813, 166, 101, 109, 436, 165, 106, 166, 373, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 226, 101, 166, 166, 813, 227, 311, 111, 218, 228, 170, 229, 185, 170, 170, 101, 168, 139, 185, 282, 170, 185, 115, 115, 185, 185, 115, 115, 166, 813, 184, 782, 371, 168, 139, 170, 148, 105, 187, 360, 185, 109, 301, 302, 361, 303, 115, 167, 101, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 101, 813, 314, 188, 185, 115, 101, 532, 115, 115, 116, 115, 115, 115, 115, 184, 101, 115, 115, 108, 714, 108, 108, 171, 101, 108, 108, 184, 435, 108, 380, 187, 115, 115, 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, 108, 108, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 190, 115, 187, 105, 101, 191, 187, 192, 192, 192, 192, 192, 192, 192, 192, 192, 192, 119, 187, 357, 357, 193, 193, 193, 193, 193, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 358, 358, 193, 193, 193, 193, 193, 193, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 813, 377, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 813, 341, 341, 341, 187, 187, 187, 187, 187, 330, 331, 112, 332, 112, 112, 112, 394, 112, 112, 395, 437, 112, 255, 255, 255, 255, 255, 255, 187, 187, 187, 187, 187, 187, 187, 112, 112, 112, 187, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 119, 187, 498, 101, 197, 197, 197, 197, 197, 198, 198, 198, 198, 199, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 499, 200, 193, 193, 193, 193, 193, 193, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 813, 105, 101, 443, 198, 198, 198, 198, 198, 260, 218, 159, 159, 198, 261, 159, 159, 386, 262, 513, 263, 282, 387, 369, 142, 101, 370, 504, 187, 187, 187, 187, 187, 187, 813, 159, 193, 193, 193, 193, 193, 193, 193, 193, 193, 193, 114, 763, 100, 100, 114, 505, 100, 100, 143, 144, 114, 101, 145, 160, 272, 272, 272, 272, 272, 273, 146, 438, 442, 147, 114, 114, 100, 212, 213, 214, 212, 212, 212, 212, 212, 212, 212, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 345, 218, 763, 158, 101, 100, 100, 158, 101, 100, 100, 763, 347, 158, 399, 444, 101, 215, 215, 215, 215, 215, 215, 215, 215, 215, 215, 158, 158, 100, 506, 215, 215, 215, 215, 215, 251, 252, 253, 251, 251, 251, 251, 251, 251, 251, 100, 100, 100, 100, 496, 127, 101, 813, 507, 215, 215, 215, 215, 215, 215, 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, 119, 119, 498, 532, 221, 221, 221, 221, 221, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 350, 350, 350, 350, 350, 351, 714, 499, 101, 215, 215, 215, 215, 215, 215, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 813, 379, 622, 127, 127, 127, 127, 127, 127, 182, 218, 182, 182, 101, 185, 182, 182, 101, 439, 182, 185, 282, 445, 185, 813, 218, 185, 185, 100, 100, 100, 100, 100, 100, 182, 182, 347, 218, 127, 127, 187, 497, 185, 185, 562, 185, 185, 185, 347, 185, 185, 498, 659, 185, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 525, 188, 185, 185, 185, 185, 115, 345, 218, 115, 115, 499, 115, 115, 115, 115, 115, 127, 115, 115, 115, 565, 502, 345, 218, 127, 115, 345, 218, 127, 504, 500, 187, 115, 115, 347, 501, 101, 127, 416, 115, 115, 211, 211, 211, 211, 211, 211, 211, 211, 211, 211, 503, 101, 505, 127, 198, 190, 115, 254, 254, 254, 254, 254, 254, 254, 254, 254, 254, 746, 567, 584, 127, 254, 254, 254, 254, 254, 211, 211, 211, 211, 211, 211, 211, 211, 211, 211, 315, 105, 316, 316, 316, 316, 316, 316, 101, 254, 254, 254, 254, 254, 254, 187, 746, 101, 508, 187, 256, 256, 256, 256, 256, 256, 256, 256, 256, 256, 119, 187, 105, 572, 256, 256, 256, 256, 256, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 570, 200, 254, 254, 254, 254, 254, 254, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 813, 511, 504, 506, 198, 198, 198, 198, 198, 271, 271, 271, 271, 271, 271, 271, 271, 271, 271, 419, 419, 419, 419, 419, 420, 506, 505, 507, 187, 187, 187, 187, 187, 187, 269, 746, 270, 270, 270, 270, 270, 270, 270, 270, 270, 270, 159, 520, 763, 507, 159, 101, 521, 621, 763, 127, 159, 287, 287, 287, 287, 287, 287, 287, 287, 287, 287, 127, 573, 218, 159, 159, 101, 100, 101, 274, 274, 274, 274, 274, 274, 274, 274, 274, 274, 512, 624, 627, 127, 274, 274, 274, 274, 274, 349, 349, 349, 349, 349, 349, 349, 349, 349, 349, 488, 488, 488, 488, 488, 489, 101, 628, 633, 274, 274, 274, 274, 274, 274, 276, 277, 278, 278, 278, 278, 278, 278, 278, 278, 279, 649, 649, 649, 280, 280, 280, 280, 280, 381, 382, 383, 381, 381, 381, 381, 381, 381, 381, 446, 218, 447, 447, 447, 447, 447, 447, 218, 280, 280, 280, 280, 280, 280, 218, 283, 284, 285, 283, 283, 283, 283, 283, 283, 283, 286, 625, 813, 218, 287, 287, 287, 287, 287, 410, 411, 412, 410, 410, 410, 410, 410, 410, 410, 528, 528, 528, 528, 528, 529, 626, 679, 127, 287, 287, 287, 287, 287, 287, 288, 288, 288, 288, 288, 288, 288, 288, 288, 288, 119, 627, 625, 127, 288, 288, 288, 288, 288, 356, 356, 356, 356, 356, 356, 356, 356, 356, 356, 537, 537, 537, 537, 537, 538, 628, 626, 218, 274, 274, 274, 274, 274, 274, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 813, 683, 684, 127, 127, 127, 127, 127, 127, 345, 218, 414, 414, 414, 414, 414, 414, 678, 659, 127, 399, 347, 400, 400, 400, 400, 400, 400, 100, 100, 100, 100, 100, 100, 315, 627, 318, 318, 318, 318, 318, 319, 316, 316, 316, 316, 320, 320, 320, 320, 320, 320, 320, 320, 320, 320, 119, 597, 101, 628, 320, 320, 320, 320, 320, 418, 418, 418, 418, 418, 418, 418, 418, 418, 418, 476, 746, 477, 477, 477, 477, 477, 477, 746, 320, 320, 320, 320, 320, 320, 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, 100, 100, 100, 100, 321, 321, 321, 321, 321, 425, 425, 425, 425, 425, 425, 425, 425, 425, 425, 554, 554, 554, 554, 554, 555, 345, 218, 695, 320, 320, 320, 320, 320, 320, 334, 335, 336, 334, 334, 334, 334, 334, 334, 334, 813, 218, 345, 218, 483, 483, 483, 483, 483, 483, 731, 127, 416, 813, 416, 487, 487, 487, 487, 487, 487, 487, 487, 487, 487, 534, 101, 339, 339, 340, 341, 341, 341, 341, 341, 341, 341, 279, 345, 218, 346, 346, 346, 346, 346, 346, 346, 346, 346, 346, 347, 101, 683, 684, 348, 348, 348, 348, 348, 631, 105, 514, 515, 516, 517, 515, 515, 515, 515, 515, 515, 515, 600, 600, 600, 600, 600, 601, 348, 348, 348, 348, 348, 348, 218, 352, 353, 354, 352, 352, 352, 352, 352, 352, 352, 355, 730, 695, 127, 356, 356, 356, 356, 356, 527, 527, 527, 527, 527, 527, 527, 527, 527, 527, 632, 623, 695, 680, 675, 218, 127, 127, 127, 356, 356, 356, 356, 356, 356, 813, 347, 348, 348, 348, 348, 348, 348, 348, 348, 348, 348, 384, 384, 384, 384, 384, 384, 384, 384, 384, 384, 695, 676, 676, 813, 384, 384, 384, 384, 384, 475, 475, 475, 475, 475, 475, 475, 475, 475, 475, 618, 618, 618, 618, 618, 619, 677, 677, 813, 384, 384, 384, 384, 384, 384, 385, 385, 385, 385, 385, 385, 385, 385, 385, 385, 703, 634, 694, 127, 385, 385, 385, 385, 385, 536, 536, 536, 536, 536, 536, 536, 536, 536, 536, 100, 100, 100, 100, 634, 218, 634, 634, 734, 384, 384, 384, 384, 384, 384, 399, 416, 400, 400, 400, 400, 400, 400, 400, 400, 400, 400, 399, 532, 401, 401, 401, 401, 401, 401, 401, 401, 401, 401, 399, 534, 402, 402, 402, 402, 402, 403, 400, 400, 400, 400, 405, 405, 405, 405, 405, 405, 405, 405, 405, 405, 279, 345, 218, 414, 414, 414, 414, 414, 414, 414, 414, 414, 414, 347, 634, 105, 101, 413, 413, 413, 413, 413, 544, 545, 546, 544, 544, 544, 544, 544, 544, 544, 686, 761, 107, 127, 634, 107, 634, 635, 644, 413, 413, 413, 413, 413, 413, 345, 218, 415, 415, 415, 415, 415, 415, 415, 415, 415, 415, 416, 345, 218, 101, 417, 417, 417, 417, 417, 345, 218, 813, 218, 416, 127, 127, 127, 762, 105, 101, 733, 485, 676, 485, 561, 564, 101, 566, 417, 417, 417, 417, 417, 417, 218, 421, 422, 423, 421, 421, 421, 421, 421, 421, 421, 424, 677, 684, 813, 425, 425, 425, 425, 425, 494, 494, 494, 494, 494, 494, 494, 494, 494, 494, 662, 662, 662, 662, 662, 663, 101, 105, 813, 425, 425, 425, 425, 425, 425, 813, 571, 417, 417, 417, 417, 417, 417, 417, 417, 417, 417, 446, 701, 449, 449, 449, 449, 449, 450, 447, 447, 447, 447, 384, 384, 384, 384, 384, 384, 384, 384, 384, 384, 781, 782, 781, 782, 384, 384, 384, 384, 384, 345, 218, 549, 549, 549, 549, 549, 549, 685, 575, 575, 607, 485, 608, 608, 608, 608, 608, 608, 384, 384, 384, 384, 384, 384, 464, 465, 466, 464, 464, 464, 464, 464, 464, 464, 553, 553, 553, 553, 553, 553, 553, 553, 553, 553, 591, 592, 593, 591, 591, 591, 591, 591, 591, 591, 695, 732, 700, 700, 700, 644, 101, 399, 532, 400, 400, 400, 400, 400, 400, 400, 400, 400, 400, 399, 597, 400, 400, 400, 400, 400, 400, 400, 400, 400, 400, 471, 472, 473, 471, 471, 471, 471, 471, 471, 471, 474, 728, 101, 728, 475, 475, 475, 475, 475, 543, 543, 543, 543, 543, 543, 543, 543, 543, 543, 127, 211, 741, 786, 211, 218, 729, 218, 729, 475, 475, 475, 475, 475, 475, 476, 416, 479, 479, 479, 479, 479, 480, 477, 477, 477, 477, 345, 218, 483, 483, 483, 483, 483, 483, 483, 483, 483, 483, 416, 101, 101, 218, 482, 482, 482, 482, 482, 532, 813, 595, 595, 595, 595, 595, 595, 169, 169, 169, 218, 534, 597, 688, 759, 689, 690, 691, 482, 482, 482, 482, 482, 482, 345, 218, 484, 484, 484, 484, 484, 484, 484, 484, 484, 484, 485, 316, 760, 316, 486, 486, 486, 486, 486, 599, 599, 599, 599, 599, 599, 599, 599, 599, 599, 574, 575, 575, 575, 575, 575, 575, 597, 692, 486, 486, 486, 486, 486, 486, 218, 490, 491, 492, 490, 490, 490, 490, 490, 490, 490, 493, 218, 345, 218, 494, 494, 494, 494, 494, 345, 218, 218, 485, 218, 485, 813, 218, 169, 169, 169, 534, 551, 485, 532, 551, 759, 813, 551, 494, 494, 494, 494, 494, 494, 813, 597, 486, 486, 486, 486, 486, 486, 486, 486, 486, 486, 100, 650, 778, 760, 813, 317, 100, 317, 735, 100, 100, 735, 100, 100, 100, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 702, 779, 650, 100, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 495, 127, 127, 127, 127, 127, 127, 127, 101, 127, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 525, 526, 526, 526, 526, 526, 526, 526, 526, 526, 526, 345, 218, 614, 614, 614, 614, 614, 614, 447, 650, 447, 532, 551, 617, 617, 617, 617, 617, 617, 617, 617, 617, 617, 659, 576, 576, 101, 532, 813, 533, 533, 533, 533, 533, 533, 533, 533, 533, 533, 534, 659, 695, 813, 535, 535, 535, 535, 535, 636, 637, 638, 639, 636, 636, 636, 636, 636, 636, 345, 218, 674, 674, 674, 674, 674, 674, 813, 535, 535, 535, 535, 535, 535, 539, 540, 541, 539, 539, 539, 539, 539, 539, 539, 542, 778, 695, 739, 543, 543, 543, 543, 543, 646, 646, 646, 646, 646, 646, 646, 646, 646, 646, 448, 477, 448, 477, 345, 218, 779, 575, 575, 543, 543, 543, 543, 543, 543, 813, 551, 535, 535, 535, 535, 535, 535, 535, 535, 535, 535, 345, 218, 549, 549, 549, 549, 549, 549, 549, 549, 549, 549, 485, 728, 681, 813, 548, 548, 548, 548, 548, 647, 647, 647, 647, 647, 648, 649, 649, 649, 649, 688, 607, 689, 690, 691, 478, 729, 478, 813, 548, 548, 548, 548, 548, 548, 345, 218, 550, 550, 550, 550, 550, 550, 550, 550, 550, 550, 551, 127, 740, 813, 552, 552, 552, 552, 552, 606, 606, 606, 606, 606, 606, 606, 606, 606, 606, 447, 477, 447, 477, 694, 608, 607, 608, 813, 552, 552, 552, 552, 552, 552, 218, 556, 557, 558, 556, 556, 556, 556, 556, 556, 556, 607, 609, 768, 609, 559, 559, 559, 559, 559, 532, 534, 657, 657, 657, 657, 657, 657, 651, 650, 651, 650, 597, 651, 651, 651, 651, 651, 651, 559, 559, 559, 559, 559, 559, 813, 532, 552, 552, 552, 552, 552, 552, 552, 552, 552, 552, 100, 659, 652, 608, 652, 608, 100, 687, 687, 100, 100, 687, 100, 100, 100, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 687, 687, 687, 100, 127, 127, 127, 127, 127, 127, 127, 560, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 101, 127, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 574, 577, 577, 577, 577, 577, 578, 575, 575, 575, 575, 187, 723, 723, 532, 187, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 714, 187, 724, 724, 198, 198, 198, 583, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 650, 200, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 586, 587, 588, 589, 586, 586, 586, 586, 586, 586, 661, 661, 661, 661, 661, 661, 661, 661, 661, 661, 669, 670, 671, 669, 669, 669, 669, 669, 669, 669, 717, 717, 717, 717, 717, 718, 101, 525, 526, 526, 526, 526, 526, 526, 526, 526, 526, 526, 707, 708, 709, 707, 707, 707, 707, 707, 707, 707, 668, 668, 668, 668, 668, 668, 668, 668, 668, 668, 757, 757, 757, 757, 757, 758, 101, 532, 813, 595, 595, 595, 595, 595, 595, 595, 595, 595, 595, 534, 714, 470, 643, 594, 594, 594, 594, 594, 532, 532, 712, 712, 712, 712, 712, 712, 696, 697, 696, 697, 659, 714, 813, 218, 813, 813, 813, 594, 594, 594, 594, 594, 594, 532, 551, 596, 596, 596, 596, 596, 596, 596, 596, 596, 596, 597, 759, 642, 641, 598, 598, 598, 598, 598, 716, 716, 716, 716, 716, 716, 716, 716, 716, 716, 688, 640, 689, 690, 691, 651, 760, 651, 692, 598, 598, 598, 598, 598, 598, 602, 603, 604, 602, 602, 602, 602, 602, 602, 602, 605, 574, 574, 127, 606, 606, 606, 606, 606, 736, 737, 738, 736, 736, 736, 736, 736, 736, 736, 791, 791, 791, 791, 791, 791, 692, 574, 101, 606, 606, 606, 606, 606, 606, 813, 630, 598, 598, 598, 598, 598, 598, 598, 598, 598, 598, 607, 629, 610, 610, 610, 610, 610, 611, 608, 608, 608, 608, 345, 218, 614, 614, 614, 614, 614, 614, 614, 614, 614, 614, 551, 101, 218, 778, 613, 613, 613, 613, 613, 813, 607, 689, 690, 691, 813, 607, 813, 813, 691, 695, 470, 696, 696, 696, 696, 696, 696, 779, 613, 613, 613, 613, 613, 613, 345, 218, 615, 615, 615, 615, 615, 615, 615, 615, 615, 615, 747, 343, 747, 127, 616, 616, 616, 616, 616, 748, 764, 748, 764, 692, 765, 797, 765, 797, 692, 218, 723, 723, 723, 723, 723, 723, 585, 582, 616, 616, 616, 616, 616, 616, 813, 581, 616, 616, 616, 616, 616, 616, 616, 616, 616, 616, 100, 693, 580, 693, 693, 693, 100, 693, 693, 100, 100, 693, 100, 100, 100, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 693, 693, 693, 100, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 620, 127, 127, 127, 101, 127, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, 625, 746, 579, 747, 747, 747, 747, 747, 747, 187, 798, 574, 798, 187, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 626, 187, 574, 569, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 568, 200, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, 644, 476, 645, 645, 645, 645, 645, 645, 645, 645, 645, 645, 722, 722, 722, 722, 722, 722, 722, 722, 722, 722, 532, 476, 753, 753, 753, 753, 753, 753, 755, 476, 470, 755, 714, 343, 279, 755, 101, 650, 524, 653, 653, 653, 653, 653, 654, 651, 651, 651, 651, 532, 523, 657, 657, 657, 657, 657, 657, 657, 657, 657, 657, 597, 522, 519, 518, 656, 656, 656, 656, 656, 756, 756, 756, 756, 756, 756, 756, 756, 756, 756, 532, 446, 777, 777, 777, 777, 777, 777, 446, 656, 656, 656, 656, 656, 656, 532, 446, 658, 658, 658, 658, 658, 658, 658, 658, 658, 658, 659, 510, 509, 101, 660, 660, 660, 660, 660, 735, 735, 735, 735, 735, 735, 735, 735, 735, 735, 763, 101, 764, 764, 764, 764, 764, 764, 101, 660, 660, 660, 660, 660, 660, 664, 665, 666, 664, 664, 664, 664, 664, 664, 664, 667, 101, 476, 476, 668, 668, 668, 668, 668, 735, 735, 735, 735, 735, 735, 735, 735, 735, 735, 470, 741, 343, 742, 742, 742, 742, 742, 742, 668, 668, 668, 668, 668, 668, 813, 279, 660, 660, 660, 660, 660, 660, 660, 660, 660, 660, 345, 218, 674, 674, 674, 674, 674, 674, 674, 674, 674, 674, 101, 279, 463, 462, 673, 673, 673, 673, 673, 772, 773, 774, 772, 772, 772, 772, 772, 772, 772, 796, 461, 797, 797, 797, 797, 797, 797, 460, 673, 673, 673, 673, 673, 673, 695, 459, 698, 698, 698, 698, 698, 699, 700, 700, 700, 700, 704, 705, 706, 704, 704, 704, 704, 704, 704, 704, 783, 784, 785, 783, 783, 783, 783, 783, 783, 783, 791, 791, 791, 791, 791, 791, 791, 791, 791, 791, 810, 810, 810, 810, 810, 810, 101, 644, 458, 645, 645, 645, 645, 645, 645, 645, 645, 645, 645, 792, 792, 792, 792, 792, 792, 792, 792, 792, 792, 793, 793, 793, 793, 793, 794, 791, 791, 791, 791, 457, 795, 456, 455, 795, 454, 101, 532, 795, 712, 712, 712, 712, 712, 712, 712, 712, 712, 712, 659, 453, 452, 451, 711, 711, 711, 711, 711, 786, 813, 787, 787, 787, 787, 787, 787, 791, 791, 791, 791, 791, 791, 791, 791, 791, 791, 446, 711, 711, 711, 711, 711, 711, 532, 446, 713, 713, 713, 713, 713, 713, 713, 713, 713, 713, 714, 101, 374, 441, 715, 715, 715, 715, 715, 791, 791, 791, 791, 791, 791, 791, 791, 791, 791, 440, 434, 433, 432, 431, 430, 429, 428, 427, 715, 715, 715, 715, 715, 715, 719, 720, 721, 719, 719, 719, 719, 719, 719, 719, 426, 408, 343, 279, 722, 722, 722, 722, 722, 804, 805, 806, 804, 804, 804, 804, 804, 804, 804, 404, 279, 125, 807, 807, 807, 807, 807, 807, 722, 722, 722, 722, 722, 722, 813, 398, 715, 715, 715, 715, 715, 715, 715, 715, 715, 715, 218, 725, 725, 725, 725, 725, 726, 723, 723, 723, 723, 741, 101, 742, 742, 742, 742, 742, 742, 742, 742, 742, 742, 741, 397, 743, 743, 743, 743, 743, 743, 743, 743, 743, 743, 741, 396, 744, 744, 744, 744, 744, 745, 742, 742, 742, 742, 746, 393, 749, 749, 749, 749, 749, 750, 747, 747, 747, 747, 532, 392, 753, 753, 753, 753, 753, 753, 753, 753, 753, 753, 714, 391, 390, 389, 752, 752, 752, 752, 752, 810, 810, 810, 810, 810, 810, 810, 810, 810, 810, 388, 315, 315, 315, 374, 376, 374, 375, 374, 752, 752, 752, 752, 752, 752, 532, 368, 754, 754, 754, 754, 754, 754, 754, 754, 754, 754, 367, 366, 365, 364, 755, 755, 755, 755, 755, 804, 804, 804, 804, 804, 804, 804, 804, 804, 804, 363, 362, 359, 119, 279, 343, 279, 125, 105, 755, 755, 755, 755, 755, 755, 763, 333, 766, 766, 766, 766, 766, 767, 764, 764, 764, 764, 100, 329, 769, 770, 771, 769, 769, 769, 769, 769, 769, 769, 741, 328, 742, 742, 742, 742, 742, 742, 742, 742, 742, 742, 741, 327, 742, 742, 742, 742, 742, 742, 742, 742, 742, 742, 532, 326, 777, 777, 777, 777, 777, 777, 777, 777, 777, 777, 786, 325, 787, 787, 787, 787, 787, 787, 787, 787, 787, 787, 786, 324, 788, 788, 788, 788, 788, 788, 788, 788, 788, 788, 786, 323, 789, 789, 789, 789, 789, 790, 787, 787, 787, 787, 796, 322, 799, 799, 799, 799, 799, 800, 797, 797, 797, 797, 100, 191, 801, 802, 803, 801, 801, 801, 801, 801, 801, 801, 786, 315, 787, 787, 787, 787, 787, 787, 787, 787, 787, 787, 786, 315, 787, 787, 787, 787, 787, 787, 787, 787, 787, 787, 807, 807, 807, 807, 807, 807, 807, 807, 807, 807, 811, 811, 811, 811, 811, 812, 810, 810, 810, 810, 810, 810, 810, 810, 810, 810, 810, 810, 810, 810, 250, 312, 309, 308, 307, 306, 101, 801, 801, 801, 801, 801, 801, 801, 801, 801, 801, 305, 300, 299, 298, 297, 296, 295, 294, 293, 292, 291, 290, 289, 125, 117, 105, 105, 267, 266, 265, 264, 259, 258, 257, 813, 188, 101, 808, 808, 808, 808, 808, 809, 807, 807, 807, 807, 250, 176, 177, 171, 171, 163, 248, 157, 157, 241, 240, 239, 238, 237, 234, 233, 232, 231, 230, 225, 224, 223, 222, 125, 100, 125, 101, 807, 807, 807, 807, 807, 807, 807, 807, 807, 807, 190, 113, 210, 105, 103, 102, 101, 205, 204, 203, 202, 198, 177, 171, 163, 133, 131, 157, 156, 153, 151, 137, 136, 135, 132, 127, 101, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 70, 70, 70, 70, 70, 70, 70, 70, 70, 70, 70, 70, 70, 70, 70, 70, 70, 70, 70, 70, 70, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 100, 125, 113, 103, 102, 101, 813, 100, 813, 100, 100, 100, 100, 813, 813, 100, 100, 100, 100, 100, 100, 104, 104, 104, 104, 104, 104, 104, 104, 104, 104, 104, 104, 104, 104, 104, 104, 104, 104, 104, 104, 104, 108, 813, 813, 813, 813, 108, 813, 108, 813, 108, 108, 108, 108, 108, 813, 108, 108, 108, 108, 108, 108, 112, 813, 813, 813, 813, 813, 813, 112, 813, 112, 112, 112, 112, 813, 813, 112, 112, 112, 112, 112, 112, 114, 813, 813, 114, 114, 813, 114, 114, 813, 114, 114, 114, 114, 813, 813, 114, 114, 114, 114, 114, 114, 124, 124, 813, 124, 813, 813, 813, 124, 158, 813, 813, 158, 158, 813, 158, 158, 813, 158, 158, 158, 158, 813, 813, 158, 158, 158, 158, 158, 158, 162, 813, 813, 162, 162, 813, 162, 162, 813, 162, 162, 162, 162, 813, 162, 162, 162, 813, 162, 162, 162, 170, 813, 813, 170, 813, 813, 170, 170, 813, 170, 170, 170, 170, 170, 813, 170, 170, 170, 170, 170, 170, 174, 174, 174, 174, 174, 174, 174, 174, 174, 174, 174, 174, 174, 174, 174, 174, 174, 174, 174, 174, 174, 176, 176, 813, 176, 813, 176, 176, 176, 176, 176, 176, 176, 176, 176, 176, 176, 176, 176, 176, 176, 176, 182, 813, 813, 813, 813, 182, 813, 182, 813, 182, 182, 182, 182, 182, 813, 182, 182, 182, 182, 182, 182, 186, 813, 813, 813, 813, 813, 813, 186, 813, 186, 186, 186, 186, 813, 186, 186, 186, 186, 186, 186, 186, 189, 813, 813, 189, 189, 813, 189, 189, 813, 189, 189, 189, 189, 813, 189, 189, 189, 189, 189, 189, 189, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 209, 209, 813, 209, 209, 209, 209, 209, 209, 209, 209, 209, 209, 209, 209, 209, 209, 209, 209, 209, 209, 115, 813, 813, 115, 115, 813, 115, 115, 813, 115, 115, 115, 115, 813, 813, 115, 115, 115, 115, 115, 115, 124, 124, 813, 124, 813, 813, 813, 124, 217, 217, 813, 217, 813, 813, 813, 217, 219, 219, 219, 813, 219, 813, 813, 813, 219, 158, 813, 813, 158, 158, 813, 158, 158, 813, 158, 158, 158, 158, 813, 813, 158, 158, 158, 158, 158, 158, 159, 813, 813, 159, 159, 813, 159, 159, 813, 159, 159, 159, 159, 813, 813, 159, 159, 159, 159, 159, 159, 162, 813, 813, 162, 162, 813, 162, 162, 813, 162, 162, 162, 162, 813, 162, 162, 162, 813, 162, 162, 162, 170, 813, 813, 170, 813, 813, 170, 170, 813, 170, 170, 170, 170, 170, 813, 170, 170, 170, 170, 170, 170, 185, 813, 813, 813, 813, 813, 813, 185, 813, 185, 185, 185, 185, 813, 813, 185, 185, 185, 185, 185, 185, 186, 813, 813, 813, 813, 813, 813, 186, 813, 186, 186, 186, 186, 813, 186, 186, 186, 186, 186, 186, 186, 189, 813, 813, 189, 189, 813, 189, 189, 813, 189, 189, 189, 189, 813, 189, 189, 189, 189, 189, 189, 189, 200, 813, 813, 200, 200, 813, 200, 268, 268, 268, 268, 268, 268, 268, 268, 268, 268, 268, 268, 268, 268, 268, 268, 268, 268, 268, 268, 268, 275, 275, 813, 275, 813, 813, 813, 275, 281, 281, 281, 813, 281, 813, 813, 813, 281, 337, 337, 813, 337, 813, 813, 813, 337, 338, 338, 813, 338, 813, 813, 813, 338, 342, 342, 813, 342, 813, 813, 813, 342, 344, 344, 344, 813, 344, 813, 813, 813, 344, 200, 813, 813, 200, 200, 813, 200, 404, 404, 813, 404, 813, 813, 813, 404, 406, 406, 813, 406, 813, 813, 813, 406, 407, 407, 813, 407, 813, 813, 813, 407, 409, 409, 409, 813, 409, 813, 813, 813, 409, 413, 413, 413, 413, 813, 413, 813, 813, 813, 413, 467, 467, 813, 467, 813, 813, 813, 467, 468, 468, 813, 468, 813, 813, 813, 468, 469, 469, 813, 469, 813, 813, 813, 469, 481, 481, 481, 813, 481, 813, 813, 813, 481, 482, 482, 482, 482, 813, 482, 813, 813, 813, 482, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 530, 530, 813, 530, 813, 813, 813, 530, 531, 531, 813, 531, 813, 813, 813, 531, 547, 547, 547, 813, 547, 813, 813, 813, 547, 548, 548, 548, 548, 813, 548, 813, 813, 813, 548, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 200, 813, 813, 200, 200, 813, 200, 187, 813, 813, 813, 187, 187, 813, 187, 187, 187, 813, 813, 187, 187, 590, 590, 813, 590, 813, 813, 813, 590, 594, 813, 594, 594, 813, 594, 813, 813, 813, 594, 612, 612, 612, 813, 612, 813, 813, 813, 612, 613, 613, 613, 613, 813, 613, 813, 813, 813, 613, 559, 559, 813, 813, 559, 813, 813, 813, 559, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, 200, 813, 813, 200, 200, 813, 200, 187, 813, 813, 813, 187, 187, 813, 187, 187, 187, 813, 813, 187, 187, 655, 655, 813, 655, 813, 813, 813, 655, 656, 813, 656, 656, 813, 656, 813, 813, 813, 656, 672, 672, 672, 813, 672, 813, 813, 813, 672, 673, 673, 673, 813, 813, 673, 813, 813, 813, 673, 682, 682, 682, 682, 682, 682, 682, 682, 682, 682, 682, 682, 682, 682, 682, 682, 682, 682, 682, 682, 682, 687, 687, 813, 687, 687, 687, 813, 687, 813, 687, 687, 687, 687, 813, 813, 687, 687, 687, 687, 687, 687, 693, 693, 813, 693, 693, 693, 813, 693, 813, 693, 693, 693, 693, 813, 813, 693, 693, 693, 693, 693, 693, 200, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 200, 200, 813, 200, 200, 813, 200, 710, 710, 813, 710, 813, 813, 813, 710, 711, 813, 711, 711, 813, 711, 813, 813, 813, 711, 727, 727, 813, 813, 727, 813, 813, 813, 727, 693, 813, 813, 813, 813, 813, 813, 693, 813, 693, 693, 693, 693, 813, 813, 693, 693, 693, 693, 693, 693, 751, 751, 813, 751, 813, 813, 813, 751, 752, 813, 752, 752, 813, 752, 813, 813, 813, 752, 775, 775, 813, 775, 813, 813, 813, 775, 776, 813, 776, 813, 813, 776, 813, 813, 813, 776, 780, 780, 780, 780, 780, 780, 780, 780, 780, 780, 780, 780, 780, 780, 780, 780, 780, 780, 780, 780, 780, 15, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813 } ; static yyconst short int yy_chk[5675] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 533, 3, 38, 2, 52, 3, 49, 38, 50, 4, 36, 3, 533, 4, 3, 11, 11, 11, 11, 4, 22, 36, 4, 40, 5, 5, 5, 50, 5, 2, 2, 49, 52, 2, 5, 68, 68, 40, 3, 807, 22, 2, 3, 3, 2, 3, 4, 54, 5, 5, 4, 4, 148, 4, 6, 6, 6, 54, 6, 799, 12, 12, 12, 12, 6, 11, 22, 3, 76, 76, 72, 46, 27, 27, 5, 4, 27, 27, 6, 6, 46, 47, 78, 9, 9, 9, 9, 9, 74, 46, 164, 164, 9, 9, 9, 72, 27, 30, 30, 30, 30, 30, 30, 79, 6, 7, 7, 7, 9, 7, 12, 47, 47, 74, 148, 47, 60, 141, 81, 81, 27, 81, 141, 47, 91, 60, 47, 10, 10, 10, 10, 10, 78, 9, 60, 91, 10, 10, 10, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 161, 798, 79, 10, 179, 161, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 8, 8, 8, 10, 8, 86, 86, 86, 86, 86, 86, 86, 86, 86, 86, 87, 87, 87, 87, 87, 87, 99, 101, 274, 101, 101, 101, 179, 101, 101, 99, 149, 101, 106, 106, 106, 106, 106, 106, 106, 106, 106, 106, 140, 149, 140, 101, 101, 101, 274, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 21, 125, 153, 797, 82, 168, 168, 270, 153, 178, 21, 784, 125, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 28, 82, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 152, 180, 180, 28, 28, 28, 28, 28, 151, 270, 289, 57, 57, 152, 82, 57, 57, 123, 123, 123, 123, 123, 123, 178, 151, 28, 154, 28, 28, 28, 28, 28, 28, 34, 289, 57, 154, 500, 246, 34, 246, 500, 34, 34, 313, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 57, 313, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, 219, 783, 242, 37, 37, 37, 37, 37, 245, 150, 236, 219, 37, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 247, 236, 245, 303, 37, 37, 37, 37, 37, 37, 44, 44, 44, 44, 44, 247, 44, 44, 311, 311, 44, 121, 121, 121, 121, 121, 121, 121, 121, 121, 121, 150, 242, 108, 44, 44, 44, 45, 303, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 48, 66, 66, 66, 108, 66, 304, 110, 370, 66, 48, 66, 304, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 132, 243, 66, 66, 110, 132, 243, 108, 281, 132, 171, 132, 83, 171, 171, 370, 138, 138, 83, 281, 171, 83, 114, 114, 83, 83, 114, 114, 66, 182, 110, 780, 302, 175, 175, 171, 48, 67, 83, 291, 83, 183, 235, 235, 291, 235, 114, 67, 249, 182, 67, 67, 67, 67, 67, 67, 67, 67, 67, 67, 302, 183, 249, 83, 83, 84, 138, 777, 84, 84, 114, 84, 84, 84, 84, 182, 235, 84, 84, 111, 775, 111, 111, 175, 314, 111, 111, 183, 369, 111, 314, 84, 84, 84, 122, 122, 122, 122, 122, 122, 122, 122, 122, 122, 111, 111, 156, 156, 156, 156, 156, 156, 156, 156, 156, 156, 84, 84, 85, 310, 369, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 322, 357, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 322, 357, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, 88, 310, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 278, 278, 278, 88, 88, 88, 88, 88, 266, 266, 113, 266, 113, 113, 113, 330, 113, 113, 330, 371, 113, 196, 196, 196, 196, 196, 196, 88, 88, 88, 88, 88, 88, 89, 113, 113, 113, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 453, 371, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 453, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 377, 444, 378, 92, 92, 92, 92, 92, 203, 344, 158, 158, 92, 203, 158, 158, 323, 203, 444, 203, 344, 323, 301, 142, 378, 301, 457, 92, 92, 92, 92, 92, 92, 97, 158, 97, 97, 97, 97, 97, 97, 97, 97, 97, 97, 116, 766, 116, 116, 116, 457, 116, 116, 142, 142, 116, 301, 142, 158, 214, 214, 214, 214, 214, 214, 142, 372, 377, 142, 116, 116, 116, 117, 117, 117, 117, 117, 117, 117, 117, 117, 117, 167, 167, 167, 167, 167, 167, 167, 167, 167, 167, 346, 346, 765, 160, 379, 160, 160, 160, 372, 160, 160, 764, 346, 160, 400, 379, 117, 118, 118, 118, 118, 118, 118, 118, 118, 118, 118, 160, 160, 160, 458, 118, 118, 118, 118, 118, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 273, 273, 273, 273, 427, 427, 400, 755, 458, 118, 118, 118, 118, 118, 118, 126, 126, 126, 126, 126, 126, 126, 126, 126, 126, 126, 312, 498, 754, 126, 126, 126, 126, 126, 194, 194, 194, 194, 194, 194, 194, 194, 194, 194, 285, 285, 285, 285, 285, 285, 752, 498, 312, 126, 126, 126, 126, 126, 126, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 312, 562, 562, 127, 127, 127, 127, 127, 184, 409, 184, 184, 373, 186, 184, 184, 380, 373, 184, 186, 409, 380, 186, 348, 348, 186, 186, 127, 127, 127, 127, 127, 127, 184, 184, 348, 413, 497, 428, 186, 428, 186, 188, 497, 188, 188, 188, 413, 188, 188, 429, 751, 188, 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, 526, 186, 186, 188, 188, 188, 189, 615, 615, 189, 189, 429, 189, 189, 189, 189, 190, 431, 189, 189, 190, 502, 431, 414, 414, 502, 190, 415, 415, 429, 433, 430, 189, 189, 189, 414, 430, 526, 430, 415, 190, 190, 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, 432, 508, 433, 432, 523, 189, 189, 192, 192, 192, 192, 192, 192, 192, 192, 192, 192, 749, 508, 523, 433, 192, 192, 192, 192, 192, 211, 211, 211, 211, 211, 211, 211, 211, 211, 211, 319, 511, 319, 319, 319, 319, 319, 319, 439, 192, 192, 192, 192, 192, 192, 197, 748, 513, 439, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 442, 513, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 511, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, 442, 504, 506, 198, 198, 198, 198, 198, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 354, 354, 354, 354, 354, 354, 434, 504, 506, 198, 198, 198, 198, 198, 198, 212, 747, 212, 212, 212, 212, 212, 212, 212, 212, 212, 212, 248, 454, 737, 434, 248, 514, 454, 561, 736, 561, 248, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 434, 514, 727, 248, 248, 212, 215, 443, 215, 215, 215, 215, 215, 215, 215, 215, 215, 215, 443, 564, 584, 564, 215, 215, 215, 215, 215, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 423, 423, 423, 423, 423, 423, 571, 584, 571, 215, 215, 215, 215, 215, 215, 218, 218, 218, 218, 218, 218, 218, 218, 218, 218, 218, 589, 589, 589, 218, 218, 218, 218, 218, 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, 450, 725, 450, 450, 450, 450, 450, 450, 724, 218, 218, 218, 218, 218, 218, 220, 220, 220, 220, 220, 220, 220, 220, 220, 220, 220, 220, 565, 616, 616, 220, 220, 220, 220, 220, 345, 345, 345, 345, 345, 345, 345, 345, 345, 345, 466, 466, 466, 466, 466, 466, 565, 623, 623, 220, 220, 220, 220, 220, 220, 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, 566, 625, 565, 221, 221, 221, 221, 221, 347, 347, 347, 347, 347, 347, 347, 347, 347, 347, 473, 473, 473, 473, 473, 473, 566, 625, 723, 221, 221, 221, 221, 221, 221, 222, 222, 222, 222, 222, 222, 222, 222, 222, 222, 222, 631, 631, 566, 222, 222, 222, 222, 222, 351, 351, 351, 351, 351, 351, 351, 351, 622, 711, 622, 403, 351, 403, 403, 403, 403, 403, 403, 222, 222, 222, 222, 222, 222, 253, 627, 253, 253, 253, 253, 253, 253, 253, 253, 253, 253, 254, 254, 254, 254, 254, 254, 254, 254, 254, 254, 254, 710, 403, 627, 254, 254, 254, 254, 254, 353, 353, 353, 353, 353, 353, 353, 353, 353, 353, 480, 708, 480, 480, 480, 480, 480, 480, 707, 254, 254, 254, 254, 254, 254, 256, 256, 256, 256, 256, 256, 256, 256, 256, 256, 529, 529, 529, 529, 256, 256, 256, 256, 256, 416, 416, 416, 416, 416, 416, 416, 416, 416, 416, 492, 492, 492, 492, 492, 492, 674, 674, 700, 256, 256, 256, 256, 256, 256, 269, 269, 269, 269, 269, 269, 269, 269, 269, 269, 417, 417, 420, 420, 420, 420, 420, 420, 420, 420, 680, 680, 417, 535, 420, 422, 422, 422, 422, 422, 422, 422, 422, 422, 422, 535, 269, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 445, 683, 683, 283, 283, 283, 283, 283, 570, 570, 445, 446, 446, 446, 446, 446, 446, 446, 446, 446, 446, 541, 541, 541, 541, 541, 541, 283, 283, 283, 283, 283, 283, 286, 286, 286, 286, 286, 286, 286, 286, 286, 286, 286, 286, 679, 698, 679, 286, 286, 286, 286, 286, 465, 465, 465, 465, 465, 465, 465, 465, 465, 465, 570, 563, 697, 624, 620, 481, 563, 620, 624, 286, 286, 286, 286, 286, 286, 287, 481, 287, 287, 287, 287, 287, 287, 287, 287, 287, 287, 320, 320, 320, 320, 320, 320, 320, 320, 320, 320, 696, 621, 640, 643, 320, 320, 320, 320, 320, 470, 470, 470, 470, 470, 470, 470, 470, 470, 470, 558, 558, 558, 558, 558, 558, 621, 640, 643, 320, 320, 320, 320, 320, 320, 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, 643, 630, 693, 621, 321, 321, 321, 321, 321, 472, 472, 472, 472, 472, 472, 472, 472, 472, 472, 648, 648, 648, 648, 630, 482, 630, 630, 691, 321, 321, 321, 321, 321, 321, 334, 482, 334, 334, 334, 334, 334, 334, 334, 334, 334, 334, 335, 595, 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, 336, 595, 336, 336, 336, 336, 336, 336, 336, 336, 336, 336, 339, 339, 339, 339, 339, 339, 339, 339, 339, 339, 339, 349, 349, 349, 349, 349, 349, 349, 349, 349, 349, 349, 349, 349, 572, 685, 633, 349, 349, 349, 349, 349, 476, 476, 476, 476, 476, 476, 476, 476, 476, 476, 633, 731, 824, 731, 572, 824, 572, 572, 645, 349, 349, 349, 349, 349, 349, 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, 483, 483, 572, 352, 352, 352, 352, 352, 484, 484, 486, 486, 483, 496, 501, 503, 733, 733, 645, 685, 484, 676, 486, 496, 501, 686, 503, 352, 352, 352, 352, 352, 352, 355, 355, 355, 355, 355, 355, 355, 355, 355, 355, 355, 355, 676, 682, 641, 355, 355, 355, 355, 355, 485, 485, 485, 485, 485, 485, 485, 485, 485, 485, 604, 604, 604, 604, 604, 604, 512, 632, 641, 355, 355, 355, 355, 355, 355, 356, 512, 356, 356, 356, 356, 356, 356, 356, 356, 356, 356, 383, 641, 383, 383, 383, 383, 383, 383, 383, 383, 383, 383, 384, 384, 384, 384, 384, 384, 384, 384, 384, 384, 762, 762, 781, 781, 384, 384, 384, 384, 384, 489, 489, 489, 489, 489, 489, 489, 489, 632, 882, 882, 611, 489, 611, 611, 611, 611, 611, 611, 384, 384, 384, 384, 384, 384, 399, 399, 399, 399, 399, 399, 399, 399, 399, 399, 491, 491, 491, 491, 491, 491, 491, 491, 491, 491, 532, 532, 532, 532, 532, 532, 532, 532, 532, 532, 639, 681, 639, 639, 639, 649, 399, 401, 596, 401, 401, 401, 401, 401, 401, 401, 401, 401, 401, 402, 596, 402, 402, 402, 402, 402, 402, 402, 402, 402, 402, 408, 408, 408, 408, 408, 408, 408, 408, 408, 408, 408, 701, 649, 728, 408, 408, 408, 408, 408, 534, 534, 534, 534, 534, 534, 534, 534, 534, 534, 675, 836, 742, 787, 836, 547, 701, 673, 728, 408, 408, 408, 408, 408, 408, 412, 547, 412, 412, 412, 412, 412, 412, 412, 412, 412, 412, 418, 418, 418, 418, 418, 418, 418, 418, 418, 418, 418, 418, 418, 742, 787, 670, 418, 418, 418, 418, 418, 538, 598, 538, 538, 538, 538, 538, 538, 827, 827, 827, 669, 538, 598, 634, 739, 634, 634, 634, 418, 418, 418, 418, 418, 418, 421, 421, 421, 421, 421, 421, 421, 421, 421, 421, 421, 421, 421, 853, 739, 853, 421, 421, 421, 421, 421, 540, 540, 540, 540, 540, 540, 540, 540, 540, 540, 578, 578, 578, 578, 578, 578, 578, 656, 634, 421, 421, 421, 421, 421, 421, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, 548, 549, 549, 424, 424, 424, 424, 424, 550, 550, 612, 548, 613, 549, 552, 552, 844, 844, 844, 655, 550, 612, 657, 613, 759, 642, 552, 424, 424, 424, 424, 424, 424, 425, 657, 425, 425, 425, 425, 425, 425, 425, 425, 425, 425, 426, 653, 768, 759, 642, 854, 426, 854, 916, 426, 426, 916, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 642, 768, 652, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, 464, 464, 464, 464, 464, 464, 464, 464, 464, 464, 464, 555, 555, 555, 555, 555, 555, 555, 555, 865, 651, 865, 658, 555, 557, 557, 557, 557, 557, 557, 557, 557, 557, 557, 658, 883, 883, 464, 471, 660, 471, 471, 471, 471, 471, 471, 471, 471, 471, 471, 471, 660, 637, 702, 471, 471, 471, 471, 471, 574, 574, 574, 574, 574, 574, 574, 574, 574, 574, 619, 619, 619, 619, 619, 619, 619, 619, 702, 471, 471, 471, 471, 471, 471, 474, 474, 474, 474, 474, 474, 474, 474, 474, 474, 474, 778, 636, 702, 474, 474, 474, 474, 474, 587, 587, 587, 587, 587, 587, 587, 587, 587, 587, 866, 870, 866, 870, 614, 614, 778, 894, 894, 474, 474, 474, 474, 474, 474, 475, 614, 475, 475, 475, 475, 475, 475, 475, 475, 475, 475, 487, 487, 487, 487, 487, 487, 487, 487, 487, 487, 487, 487, 487, 678, 629, 703, 487, 487, 487, 487, 487, 588, 588, 588, 588, 588, 588, 588, 588, 588, 588, 635, 610, 635, 635, 635, 871, 678, 871, 703, 487, 487, 487, 487, 487, 487, 490, 490, 490, 490, 490, 490, 490, 490, 490, 490, 490, 490, 490, 678, 703, 740, 490, 490, 490, 490, 490, 597, 597, 597, 597, 597, 597, 597, 597, 597, 597, 875, 878, 875, 878, 635, 888, 609, 888, 740, 490, 490, 490, 490, 490, 490, 493, 493, 493, 493, 493, 493, 493, 493, 493, 493, 493, 608, 889, 740, 889, 493, 493, 493, 493, 493, 601, 594, 601, 601, 601, 601, 601, 601, 897, 592, 897, 654, 601, 654, 654, 654, 654, 654, 654, 493, 493, 493, 493, 493, 493, 494, 712, 494, 494, 494, 494, 494, 494, 494, 494, 494, 494, 495, 712, 898, 901, 898, 901, 495, 692, 692, 495, 495, 692, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 692, 692, 692, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, 517, 517, 517, 517, 517, 517, 517, 517, 517, 517, 517, 522, 913, 913, 713, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 713, 522, 914, 914, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 591, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, 525, 525, 525, 525, 525, 525, 525, 525, 525, 525, 603, 603, 603, 603, 603, 603, 603, 603, 603, 603, 607, 607, 607, 607, 607, 607, 607, 607, 607, 607, 666, 666, 666, 666, 666, 666, 525, 527, 527, 527, 527, 527, 527, 527, 527, 527, 527, 527, 650, 650, 650, 650, 650, 650, 650, 650, 650, 650, 659, 659, 659, 659, 659, 659, 659, 659, 659, 659, 721, 721, 721, 721, 721, 721, 527, 536, 715, 536, 536, 536, 536, 536, 536, 536, 536, 536, 536, 536, 715, 590, 582, 536, 536, 536, 536, 536, 663, 753, 663, 663, 663, 663, 663, 663, 907, 908, 907, 908, 663, 753, 687, 672, 687, 687, 687, 536, 536, 536, 536, 536, 536, 539, 672, 539, 539, 539, 539, 539, 539, 539, 539, 539, 539, 539, 730, 581, 580, 539, 539, 539, 539, 539, 665, 665, 665, 665, 665, 665, 665, 665, 665, 665, 688, 579, 688, 688, 688, 910, 730, 910, 687, 539, 539, 539, 539, 539, 539, 542, 542, 542, 542, 542, 542, 542, 542, 542, 542, 542, 577, 576, 730, 542, 542, 542, 542, 542, 695, 695, 695, 695, 695, 695, 695, 695, 695, 695, 794, 794, 794, 794, 794, 794, 688, 575, 573, 542, 542, 542, 542, 542, 542, 543, 569, 543, 543, 543, 543, 543, 543, 543, 543, 543, 543, 546, 568, 546, 546, 546, 546, 546, 546, 546, 546, 546, 546, 553, 553, 553, 553, 553, 553, 553, 553, 553, 553, 553, 553, 553, 567, 551, 761, 553, 553, 553, 553, 553, 689, 545, 689, 689, 689, 690, 544, 690, 690, 690, 699, 531, 699, 699, 699, 699, 699, 699, 761, 553, 553, 553, 553, 553, 553, 556, 556, 556, 556, 556, 556, 556, 556, 556, 556, 556, 556, 918, 530, 918, 761, 556, 556, 556, 556, 556, 919, 923, 919, 923, 689, 924, 929, 924, 929, 690, 726, 726, 726, 726, 726, 726, 726, 524, 521, 556, 556, 556, 556, 556, 556, 559, 520, 559, 559, 559, 559, 559, 559, 559, 559, 559, 559, 560, 694, 519, 694, 694, 694, 560, 694, 694, 560, 560, 694, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 694, 694, 694, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, 583, 750, 518, 750, 750, 750, 750, 750, 750, 583, 930, 516, 930, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 515, 510, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 509, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, 586, 479, 586, 586, 586, 586, 586, 586, 586, 586, 586, 586, 714, 714, 714, 714, 714, 714, 714, 714, 714, 714, 718, 478, 718, 718, 718, 718, 718, 718, 922, 477, 469, 922, 718, 468, 467, 922, 586, 593, 463, 593, 593, 593, 593, 593, 593, 593, 593, 593, 593, 599, 456, 599, 599, 599, 599, 599, 599, 599, 599, 599, 599, 599, 455, 452, 451, 599, 599, 599, 599, 599, 720, 720, 720, 720, 720, 720, 720, 720, 720, 720, 758, 449, 758, 758, 758, 758, 758, 758, 448, 599, 599, 599, 599, 599, 599, 602, 447, 602, 602, 602, 602, 602, 602, 602, 602, 602, 602, 602, 441, 440, 438, 602, 602, 602, 602, 602, 734, 734, 734, 734, 734, 734, 734, 734, 734, 734, 767, 437, 767, 767, 767, 767, 767, 767, 436, 602, 602, 602, 602, 602, 602, 605, 605, 605, 605, 605, 605, 605, 605, 605, 605, 605, 435, 411, 410, 605, 605, 605, 605, 605, 735, 735, 735, 735, 735, 735, 735, 735, 735, 735, 407, 745, 406, 745, 745, 745, 745, 745, 745, 605, 605, 605, 605, 605, 605, 606, 405, 606, 606, 606, 606, 606, 606, 606, 606, 606, 606, 617, 617, 617, 617, 617, 617, 617, 617, 617, 617, 617, 617, 745, 404, 398, 397, 617, 617, 617, 617, 617, 746, 746, 746, 746, 746, 746, 746, 746, 746, 746, 800, 396, 800, 800, 800, 800, 800, 800, 395, 617, 617, 617, 617, 617, 617, 638, 394, 638, 638, 638, 638, 638, 638, 638, 638, 638, 638, 644, 644, 644, 644, 644, 644, 644, 644, 644, 644, 763, 763, 763, 763, 763, 763, 763, 763, 763, 763, 772, 772, 772, 772, 772, 772, 772, 772, 772, 772, 812, 812, 812, 812, 812, 812, 644, 646, 393, 646, 646, 646, 646, 646, 646, 646, 646, 646, 646, 773, 773, 773, 773, 773, 773, 773, 773, 773, 773, 774, 774, 774, 774, 774, 774, 774, 774, 774, 774, 392, 928, 391, 390, 928, 389, 646, 661, 928, 661, 661, 661, 661, 661, 661, 661, 661, 661, 661, 661, 388, 387, 386, 661, 661, 661, 661, 661, 790, 385, 790, 790, 790, 790, 790, 790, 792, 792, 792, 792, 792, 792, 792, 792, 792, 792, 382, 661, 661, 661, 661, 661, 661, 664, 381, 664, 664, 664, 664, 664, 664, 664, 664, 664, 664, 664, 790, 376, 375, 664, 664, 664, 664, 664, 793, 793, 793, 793, 793, 793, 793, 793, 793, 793, 374, 368, 366, 365, 364, 363, 362, 361, 360, 664, 664, 664, 664, 664, 664, 667, 667, 667, 667, 667, 667, 667, 667, 667, 667, 359, 343, 342, 341, 667, 667, 667, 667, 667, 796, 796, 796, 796, 796, 796, 796, 796, 796, 796, 340, 338, 337, 809, 809, 809, 809, 809, 809, 667, 667, 667, 667, 667, 667, 668, 333, 668, 668, 668, 668, 668, 668, 668, 668, 668, 668, 671, 671, 671, 671, 671, 671, 671, 671, 671, 671, 671, 704, 809, 704, 704, 704, 704, 704, 704, 704, 704, 704, 704, 705, 332, 705, 705, 705, 705, 705, 705, 705, 705, 705, 705, 706, 331, 706, 706, 706, 706, 706, 706, 706, 706, 706, 706, 709, 329, 709, 709, 709, 709, 709, 709, 709, 709, 709, 709, 716, 328, 716, 716, 716, 716, 716, 716, 716, 716, 716, 716, 716, 327, 326, 325, 716, 716, 716, 716, 716, 804, 804, 804, 804, 804, 804, 804, 804, 804, 804, 324, 318, 317, 316, 309, 308, 307, 306, 305, 716, 716, 716, 716, 716, 716, 719, 299, 719, 719, 719, 719, 719, 719, 719, 719, 719, 719, 297, 296, 295, 294, 719, 719, 719, 719, 719, 805, 805, 805, 805, 805, 805, 805, 805, 805, 805, 293, 292, 290, 288, 280, 279, 276, 275, 268, 719, 719, 719, 719, 719, 719, 738, 267, 738, 738, 738, 738, 738, 738, 738, 738, 738, 738, 741, 265, 741, 741, 741, 741, 741, 741, 741, 741, 741, 741, 743, 264, 743, 743, 743, 743, 743, 743, 743, 743, 743, 743, 744, 263, 744, 744, 744, 744, 744, 744, 744, 744, 744, 744, 756, 262, 756, 756, 756, 756, 756, 756, 756, 756, 756, 756, 769, 261, 769, 769, 769, 769, 769, 769, 769, 769, 769, 769, 770, 260, 770, 770, 770, 770, 770, 770, 770, 770, 770, 770, 771, 259, 771, 771, 771, 771, 771, 771, 771, 771, 771, 771, 785, 258, 785, 785, 785, 785, 785, 785, 785, 785, 785, 785, 786, 255, 786, 786, 786, 786, 786, 786, 786, 786, 786, 786, 788, 252, 788, 788, 788, 788, 788, 788, 788, 788, 788, 788, 789, 251, 789, 789, 789, 789, 789, 789, 789, 789, 789, 789, 801, 801, 801, 801, 801, 801, 801, 801, 801, 801, 806, 806, 806, 806, 806, 806, 806, 806, 806, 806, 811, 811, 811, 811, 811, 811, 811, 811, 811, 811, 250, 244, 241, 240, 239, 238, 801, 802, 802, 802, 802, 802, 802, 802, 802, 802, 802, 237, 234, 233, 232, 231, 230, 229, 228, 227, 226, 225, 224, 223, 217, 216, 209, 208, 207, 206, 205, 204, 202, 201, 199, 193, 185, 802, 803, 803, 803, 803, 803, 803, 803, 803, 803, 803, 181, 177, 176, 174, 170, 163, 159, 157, 155, 147, 146, 145, 144, 143, 137, 136, 135, 134, 133, 131, 130, 129, 128, 124, 120, 119, 803, 808, 808, 808, 808, 808, 808, 808, 808, 808, 808, 115, 112, 109, 104, 103, 102, 100, 96, 95, 94, 93, 90, 77, 70, 63, 59, 58, 56, 55, 53, 51, 43, 42, 41, 39, 35, 808, 814, 814, 814, 814, 814, 814, 814, 814, 814, 814, 814, 814, 814, 814, 814, 814, 814, 814, 814, 814, 814, 815, 815, 815, 815, 815, 815, 815, 815, 815, 815, 815, 815, 815, 815, 815, 815, 815, 815, 815, 815, 815, 816, 816, 816, 816, 816, 816, 816, 816, 816, 816, 816, 816, 816, 816, 816, 816, 816, 816, 816, 816, 816, 817, 817, 817, 817, 817, 817, 817, 817, 817, 817, 817, 817, 817, 817, 817, 817, 817, 817, 817, 817, 817, 818, 31, 25, 19, 17, 16, 15, 818, 0, 818, 818, 818, 818, 0, 0, 818, 818, 818, 818, 818, 818, 819, 819, 819, 819, 819, 819, 819, 819, 819, 819, 819, 819, 819, 819, 819, 819, 819, 819, 819, 819, 819, 820, 0, 0, 0, 0, 820, 0, 820, 0, 820, 820, 820, 820, 820, 0, 820, 820, 820, 820, 820, 820, 821, 0, 0, 0, 0, 0, 0, 821, 0, 821, 821, 821, 821, 0, 0, 821, 821, 821, 821, 821, 821, 822, 0, 0, 822, 822, 0, 822, 822, 0, 822, 822, 822, 822, 0, 0, 822, 822, 822, 822, 822, 822, 823, 823, 0, 823, 0, 0, 0, 823, 825, 0, 0, 825, 825, 0, 825, 825, 0, 825, 825, 825, 825, 0, 0, 825, 825, 825, 825, 825, 825, 826, 0, 0, 826, 826, 0, 826, 826, 0, 826, 826, 826, 826, 0, 826, 826, 826, 0, 826, 826, 826, 828, 0, 0, 828, 0, 0, 828, 828, 0, 828, 828, 828, 828, 828, 0, 828, 828, 828, 828, 828, 828, 829, 829, 829, 829, 829, 829, 829, 829, 829, 829, 829, 829, 829, 829, 829, 829, 829, 829, 829, 829, 829, 830, 830, 0, 830, 0, 830, 830, 830, 830, 830, 830, 830, 830, 830, 830, 830, 830, 830, 830, 830, 830, 831, 0, 0, 0, 0, 831, 0, 831, 0, 831, 831, 831, 831, 831, 0, 831, 831, 831, 831, 831, 831, 832, 0, 0, 0, 0, 0, 0, 832, 0, 832, 832, 832, 832, 0, 832, 832, 832, 832, 832, 832, 832, 833, 0, 0, 833, 833, 0, 833, 833, 0, 833, 833, 833, 833, 0, 833, 833, 833, 833, 833, 833, 833, 834, 834, 834, 834, 834, 834, 834, 834, 834, 834, 834, 834, 834, 834, 834, 834, 834, 834, 834, 834, 834, 835, 835, 0, 835, 835, 835, 835, 835, 835, 835, 835, 835, 835, 835, 835, 835, 835, 835, 835, 835, 835, 837, 0, 0, 837, 837, 0, 837, 837, 0, 837, 837, 837, 837, 0, 0, 837, 837, 837, 837, 837, 837, 838, 838, 0, 838, 0, 0, 0, 838, 839, 839, 0, 839, 0, 0, 0, 839, 840, 840, 840, 0, 840, 0, 0, 0, 840, 841, 0, 0, 841, 841, 0, 841, 841, 0, 841, 841, 841, 841, 0, 0, 841, 841, 841, 841, 841, 841, 842, 0, 0, 842, 842, 0, 842, 842, 0, 842, 842, 842, 842, 0, 0, 842, 842, 842, 842, 842, 842, 843, 0, 0, 843, 843, 0, 843, 843, 0, 843, 843, 843, 843, 0, 843, 843, 843, 0, 843, 843, 843, 845, 0, 0, 845, 0, 0, 845, 845, 0, 845, 845, 845, 845, 845, 0, 845, 845, 845, 845, 845, 845, 846, 0, 0, 0, 0, 0, 0, 846, 0, 846, 846, 846, 846, 0, 0, 846, 846, 846, 846, 846, 846, 847, 0, 0, 0, 0, 0, 0, 847, 0, 847, 847, 847, 847, 0, 847, 847, 847, 847, 847, 847, 847, 848, 0, 0, 848, 848, 0, 848, 848, 0, 848, 848, 848, 848, 0, 848, 848, 848, 848, 848, 848, 848, 849, 0, 0, 849, 849, 0, 849, 850, 850, 850, 850, 850, 850, 850, 850, 850, 850, 850, 850, 850, 850, 850, 850, 850, 850, 850, 850, 850, 851, 851, 0, 851, 0, 0, 0, 851, 852, 852, 852, 0, 852, 0, 0, 0, 852, 855, 855, 0, 855, 0, 0, 0, 855, 856, 856, 0, 856, 0, 0, 0, 856, 857, 857, 0, 857, 0, 0, 0, 857, 858, 858, 858, 0, 858, 0, 0, 0, 858, 859, 0, 0, 859, 859, 0, 859, 860, 860, 0, 860, 0, 0, 0, 860, 861, 861, 0, 861, 0, 0, 0, 861, 862, 862, 0, 862, 0, 0, 0, 862, 863, 863, 863, 0, 863, 0, 0, 0, 863, 864, 864, 864, 864, 0, 864, 0, 0, 0, 864, 867, 867, 0, 867, 0, 0, 0, 867, 868, 868, 0, 868, 0, 0, 0, 868, 869, 869, 0, 869, 0, 0, 0, 869, 872, 872, 872, 0, 872, 0, 0, 0, 872, 873, 873, 873, 873, 0, 873, 0, 0, 0, 873, 874, 874, 874, 874, 874, 874, 874, 874, 874, 874, 874, 874, 874, 874, 874, 874, 874, 874, 874, 874, 874, 876, 876, 0, 876, 0, 0, 0, 876, 877, 877, 0, 877, 0, 0, 0, 877, 879, 879, 879, 0, 879, 0, 0, 0, 879, 880, 880, 880, 880, 0, 880, 0, 0, 0, 880, 881, 881, 881, 881, 881, 881, 881, 881, 881, 881, 881, 881, 881, 881, 881, 881, 881, 881, 881, 881, 881, 884, 0, 0, 884, 884, 0, 884, 885, 0, 0, 0, 885, 885, 0, 885, 885, 885, 0, 0, 885, 885, 886, 886, 0, 886, 0, 0, 0, 886, 887, 0, 887, 887, 0, 887, 0, 0, 0, 887, 890, 890, 890, 0, 890, 0, 0, 0, 890, 891, 891, 891, 891, 0, 891, 0, 0, 0, 891, 892, 892, 0, 0, 892, 0, 0, 0, 892, 893, 893, 893, 893, 893, 893, 893, 893, 893, 893, 893, 893, 893, 893, 893, 893, 893, 893, 893, 893, 893, 895, 0, 0, 895, 895, 0, 895, 896, 0, 0, 0, 896, 896, 0, 896, 896, 896, 0, 0, 896, 896, 899, 899, 0, 899, 0, 0, 0, 899, 900, 0, 900, 900, 0, 900, 0, 0, 0, 900, 902, 902, 902, 0, 902, 0, 0, 0, 902, 903, 903, 903, 0, 0, 903, 0, 0, 0, 903, 904, 904, 904, 904, 904, 904, 904, 904, 904, 904, 904, 904, 904, 904, 904, 904, 904, 904, 904, 904, 904, 905, 905, 0, 905, 905, 905, 0, 905, 0, 905, 905, 905, 905, 0, 0, 905, 905, 905, 905, 905, 905, 906, 906, 0, 906, 906, 906, 0, 906, 0, 906, 906, 906, 906, 0, 0, 906, 906, 906, 906, 906, 906, 909, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 909, 909, 0, 909, 909, 0, 909, 911, 911, 0, 911, 0, 0, 0, 911, 912, 0, 912, 912, 0, 912, 0, 0, 0, 912, 915, 915, 0, 0, 915, 0, 0, 0, 915, 917, 0, 0, 0, 0, 0, 0, 917, 0, 917, 917, 917, 917, 0, 0, 917, 917, 917, 917, 917, 917, 920, 920, 0, 920, 0, 0, 0, 920, 921, 0, 921, 921, 0, 921, 0, 0, 0, 921, 925, 925, 0, 925, 0, 0, 0, 925, 926, 0, 926, 0, 0, 926, 0, 0, 0, 926, 927, 927, 927, 927, 927, 927, 927, 927, 927, 927, 927, 927, 927, 927, 927, 927, 927, 927, 927, 927, 927, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, 813 } ; static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ #define REJECT reject_used_but_not_detected #define yymore() yymore_used_but_not_detected #define YY_MORE_ADJ 0 #define YY_RESTORE_YY_MORE_OFFSET char *yytext; #line 1 "toke.l" #define INITIAL 0 #line 2 "toke.l" /* * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #if defined(HAVE_STDINT_H) # include #elif defined(HAVE_INTTYPES_H) # include #endif #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS) # include #endif /* HAVE_MALLOC_H && !STDC_HEADERS */ #ifdef HAVE_DIRENT_H # include # define NAMLEN(dirent) strlen((dirent)->d_name) #else # define dirent direct # define NAMLEN(dirent) (dirent)->d_namlen # ifdef HAVE_SYS_NDIR_H # include # endif # ifdef HAVE_SYS_DIR_H # include # endif # ifdef HAVE_NDIR_H # include # endif #endif #include #include #include "sudoers.h" #include "parse.h" #include "toke.h" #include #include "lbuf.h" #include "sha2.h" #include "secure_path.h" int sudolineno; /* current sudoers line number. */ int last_token; /* last token that was parsed. */ char *sudoers; /* sudoers file being parsed. */ /* Default sudoers path, mode and owner (may be set via sudo.conf) */ const char *sudoers_file = _PATH_SUDOERS; mode_t sudoers_mode = SUDOERS_MODE; uid_t sudoers_uid = SUDOERS_UID; gid_t sudoers_gid = SUDOERS_GID; static bool continued, sawspace; static int prev_state; static int digest_len; static bool _push_include(char *, bool); static bool pop_include(void); static char *parse_include(char *); int (*trace_print)(const char *msg) = sudoers_trace_print; #define LEXRETURN(n) do { \ last_token = (n); \ return (n); \ } while (0) #define ECHO ignore_result(fwrite(sudoerstext, sudoersleng, 1, sudoersout)) #define push_include(_p) (_push_include((_p), false)) #define push_includedir(_p) (_push_include((_p), true)) #define YY_NO_INPUT 1 #define YY_NO_UNPUT 1 #define GOTDEFS 1 #define GOTCMND 2 #define STARTDEFS 3 #define INDEFS 4 #define INSTR 5 #define WANTDIGEST 6 #line 2053 "lex.sudoers.c" /* Macros after this point can all be overridden by user definitions in * section 1. */ #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus extern "C" int yywrap YY_PROTO(( void )); #else extern int yywrap YY_PROTO(( void )); #endif #endif #ifndef YY_NO_UNPUT static void yyunput YY_PROTO(( int c, char *buf_ptr )); #endif #ifndef yytext_ptr static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); #endif #ifdef YY_NEED_STRLEN static int yy_flex_strlen YY_PROTO(( yyconst char * )); #endif #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput YY_PROTO(( void )); #else static int input YY_PROTO(( void )); #endif #endif #if defined(YY_STACK_USED) && YY_STACK_USED static int yy_start_stack_ptr = 0; static int yy_start_stack_depth = 0; static int *yy_start_stack = 0; #ifndef YY_NO_PUSH_STATE static void yy_push_state YY_PROTO(( int new_state )); #endif #ifndef YY_NO_POP_STATE static void yy_pop_state YY_PROTO(( void )); #endif #ifndef YY_NO_TOP_STATE static int yy_top_state YY_PROTO(( void )); #endif #else #define YY_NO_PUSH_STATE 1 #define YY_NO_POP_STATE 1 #define YY_NO_TOP_STATE 1 #endif #ifdef YY_MALLOC_DECL YY_MALLOC_DECL #else #ifdef __STDC__ #ifndef __cplusplus #include #endif #else /* Just try to get by without declaring the routines. This will fail * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) * or sizeof(void*) != sizeof(int). */ #endif #endif /* Amount of stuff to slurp up with each read. */ #ifndef YY_READ_BUF_SIZE #define YY_READ_BUF_SIZE 8192 #endif /* Copy whatever the last rule matched to the standard output. */ #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ #define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) #endif /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, * is returned in "result". */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ if ( yy_current_buffer->yy_is_interactive ) \ { \ int c = '*', n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ if ( c == '\n' ) \ buf[n++] = (char) c; \ if ( c == EOF && ferror( yyin ) ) \ YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ && ferror( yyin ) ) \ YY_FATAL_ERROR( "input in flex scanner failed" ); #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - * we don't want an extra ';' after the "return" because that will cause * some compilers to complain about unreachable statements. */ #ifndef yyterminate #define yyterminate() return YY_NULL #endif /* Number of entries by which start-condition stack grows. */ #ifndef YY_START_STACK_INCR #define YY_START_STACK_INCR 25 #endif /* Report a fatal error. */ #ifndef YY_FATAL_ERROR #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL #define YY_DECL int yylex YY_PROTO(( void )) #endif /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. */ #ifndef YY_USER_ACTION #define YY_USER_ACTION #endif /* Code executed at the end of each rule. */ #ifndef YY_BREAK #define YY_BREAK break; #endif #define YY_RULE_SETUP \ if ( yyleng > 0 ) \ yy_current_buffer->yy_at_bol = \ (yytext[yyleng - 1] == '\n'); \ YY_USER_ACTION YY_DECL { register yy_state_type yy_current_state; register char *yy_cp, *yy_bp; register int yy_act; #line 137 "toke.l" #line 2209 "lex.sudoers.c" if ( yy_init ) { yy_init = 0; #ifdef YY_USER_INIT YY_USER_INIT; #endif if ( ! yy_start ) yy_start = 1; /* first start state */ if ( ! yyin ) yyin = stdin; if ( ! yyout ) yyout = stdout; if ( ! yy_current_buffer ) yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); yy_load_buffer_state(); } while ( 1 ) /* loops until end-of-file is reached */ { yy_cp = yy_c_buf_p; /* Support of yytext. */ *yy_cp = yy_hold_char; /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; yy_current_state = yy_start; yy_current_state += YY_AT_BOL(); yy_match: do { register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; if ( yy_accept[yy_current_state] ) { yy_last_accepting_state = yy_current_state; yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; if ( yy_current_state >= 814 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; ++yy_cp; } while ( yy_base[yy_current_state] != 5604 ); yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ yy_cp = yy_last_accepting_cpos; yy_current_state = yy_last_accepting_state; yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; do_action: /* This label is used only to access EOF actions. */ switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ *yy_cp = yy_hold_char; yy_cp = yy_last_accepting_cpos; yy_current_state = yy_last_accepting_state; goto yy_find_action; case 1: YY_RULE_SETUP #line 138 "toke.l" { LEXTRACE(", "); LEXRETURN(','); } /* return ',' */ YY_BREAK case 2: YY_RULE_SETUP #line 143 "toke.l" BEGIN STARTDEFS; YY_BREAK case 3: YY_RULE_SETUP #line 145 "toke.l" { BEGIN INDEFS; LEXTRACE("DEFVAR "); if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXRETURN(DEFVAR); } YY_BREAK case 4: YY_RULE_SETUP #line 154 "toke.l" { BEGIN STARTDEFS; LEXTRACE(", "); LEXRETURN(','); } /* return ',' */ YY_BREAK case 5: YY_RULE_SETUP #line 160 "toke.l" { LEXTRACE("= "); LEXRETURN('='); } /* return '=' */ YY_BREAK case 6: YY_RULE_SETUP #line 165 "toke.l" { LEXTRACE("+= "); LEXRETURN('+'); } /* return '+' */ YY_BREAK case 7: YY_RULE_SETUP #line 170 "toke.l" { LEXTRACE("-= "); LEXRETURN('-'); } /* return '-' */ YY_BREAK case 8: YY_RULE_SETUP #line 175 "toke.l" { LEXTRACE("BEGINSTR "); sudoerslval.string = NULL; prev_state = YY_START; BEGIN INSTR; } YY_BREAK case 9: YY_RULE_SETUP #line 182 "toke.l" { LEXTRACE("WORD(2) "); if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXRETURN(WORD); } YY_BREAK case 10: YY_RULE_SETUP #line 191 "toke.l" { /* Line continuation char followed by newline. */ sudolineno++; continued = true; } YY_BREAK case 11: YY_RULE_SETUP #line 197 "toke.l" { LEXTRACE("ENDSTR "); BEGIN prev_state; if (sudoerslval.string == NULL) { LEXTRACE("ERROR "); /* empty string */ LEXRETURN(ERROR); } if (prev_state == INITIAL) { switch (sudoerslval.string[0]) { case '%': if (sudoerslval.string[1] == '\0' || (sudoerslval.string[1] == ':' && sudoerslval.string[2] == '\0')) { LEXTRACE("ERROR "); /* empty group */ LEXRETURN(ERROR); } LEXTRACE("USERGROUP "); LEXRETURN(USERGROUP); case '+': if (sudoerslval.string[1] == '\0') { LEXTRACE("ERROR "); /* empty netgroup */ LEXRETURN(ERROR); } LEXTRACE("NETGROUP "); LEXRETURN(NETGROUP); } } LEXTRACE("WORD(4) "); LEXRETURN(WORD); } YY_BREAK case 12: YY_RULE_SETUP #line 229 "toke.l" { LEXTRACE("BACKSLASH "); if (!append(sudoerstext, sudoersleng)) yyterminate(); } YY_BREAK case 13: YY_RULE_SETUP #line 235 "toke.l" { LEXTRACE("STRBODY "); if (!append(sudoerstext, sudoersleng)) yyterminate(); } YY_BREAK case 14: YY_RULE_SETUP #line 243 "toke.l" { /* quoted fnmatch glob char, pass verbatim */ LEXTRACE("QUOTEDCHAR "); if (!fill_args(sudoerstext, 2, sawspace)) yyterminate(); sawspace = false; } YY_BREAK case 15: YY_RULE_SETUP #line 251 "toke.l" { /* quoted sudoers special char, strip backslash */ LEXTRACE("QUOTEDCHAR "); if (!fill_args(sudoerstext + 1, 1, sawspace)) yyterminate(); sawspace = false; } YY_BREAK case 16: YY_RULE_SETUP #line 259 "toke.l" { BEGIN INITIAL; yyless(0); LEXRETURN(COMMAND); } /* end of command line args */ YY_BREAK case 17: YY_RULE_SETUP #line 265 "toke.l" { LEXTRACE("ARG "); if (!fill_args(sudoerstext, sudoersleng, sawspace)) yyterminate(); sawspace = false; } /* a command line arg */ YY_BREAK case 18: YY_RULE_SETUP #line 273 "toke.l" { /* Only return DIGEST if the length is correct. */ if (sudoersleng == digest_len * 2) { if (!fill(sudoerstext, sudoersleng)) yyterminate(); BEGIN INITIAL; LEXTRACE("DIGEST "); LEXRETURN(DIGEST); } BEGIN INITIAL; yyless(sudoersleng); } /* hex digest */ YY_BREAK case 19: YY_RULE_SETUP #line 286 "toke.l" { /* Only return DIGEST if the length is correct. */ int len; if (sudoerstext[sudoersleng - 1] == '=') { /* use padding */ len = 4 * ((digest_len + 2) / 3); } else { /* no padding */ len = (4 * digest_len + 2) / 3; } if (sudoersleng == len) { if (!fill(sudoerstext, sudoersleng)) yyterminate(); BEGIN INITIAL; LEXTRACE("DIGEST "); LEXRETURN(DIGEST); } BEGIN INITIAL; yyless(sudoersleng); } /* base64 digest */ YY_BREAK case 20: YY_RULE_SETUP #line 307 "toke.l" { char *path; if (continued) { LEXTRACE("ERROR "); LEXRETURN(ERROR); } if ((path = parse_include(sudoerstext)) == NULL) yyterminate(); LEXTRACE("INCLUDE\n"); /* Push current buffer and switch to include file */ if (!push_include(path)) yyterminate(); } YY_BREAK case 21: YY_RULE_SETUP #line 325 "toke.l" { char *path; if (continued) { LEXTRACE("ERROR "); LEXRETURN(ERROR); } if ((path = parse_include(sudoerstext)) == NULL) yyterminate(); LEXTRACE("INCLUDEDIR\n"); /* * Push current buffer and switch to include file. * We simply ignore empty directories. */ if (!push_includedir(path) && parse_error) yyterminate(); } YY_BREAK case 22: YY_RULE_SETUP #line 346 "toke.l" { char deftype; int n; if (continued) { LEXTRACE("ERROR "); LEXRETURN(ERROR); } for (n = 0; isblank((unsigned char)sudoerstext[n]); n++) continue; n += sizeof("Defaults") - 1; if ((deftype = sudoerstext[n++]) != '\0') { while (isblank((unsigned char)sudoerstext[n])) n++; } BEGIN GOTDEFS; switch (deftype) { case ':': yyless(n); LEXTRACE("DEFAULTS_USER "); LEXRETURN(DEFAULTS_USER); case '>': yyless(n); LEXTRACE("DEFAULTS_RUNAS "); LEXRETURN(DEFAULTS_RUNAS); case '@': yyless(n); LEXTRACE("DEFAULTS_HOST "); LEXRETURN(DEFAULTS_HOST); case '!': yyless(n); LEXTRACE("DEFAULTS_CMND "); LEXRETURN(DEFAULTS_CMND); default: LEXTRACE("DEFAULTS "); LEXRETURN(DEFAULTS); } } YY_BREAK case 23: YY_RULE_SETUP #line 386 "toke.l" { int n; if (continued) { LEXTRACE("ERROR "); LEXRETURN(ERROR); } for (n = 0; isblank((unsigned char)sudoerstext[n]); n++) continue; switch (sudoerstext[n]) { case 'H': LEXTRACE("HOSTALIAS "); LEXRETURN(HOSTALIAS); case 'C': LEXTRACE("CMNDALIAS "); LEXRETURN(CMNDALIAS); case 'U': LEXTRACE("USERALIAS "); LEXRETURN(USERALIAS); case 'R': LEXTRACE("RUNASALIAS "); LEXRETURN(RUNASALIAS); } } YY_BREAK case 24: YY_RULE_SETUP #line 412 "toke.l" { /* cmnd does not require passwd for this user */ LEXTRACE("NOPASSWD "); LEXRETURN(NOPASSWD); } YY_BREAK case 25: YY_RULE_SETUP #line 418 "toke.l" { /* cmnd requires passwd for this user */ LEXTRACE("PASSWD "); LEXRETURN(PASSWD); } YY_BREAK case 26: YY_RULE_SETUP #line 424 "toke.l" { LEXTRACE("NOEXEC "); LEXRETURN(NOEXEC); } YY_BREAK case 27: YY_RULE_SETUP #line 429 "toke.l" { LEXTRACE("EXEC "); LEXRETURN(EXEC); } YY_BREAK case 28: YY_RULE_SETUP #line 434 "toke.l" { LEXTRACE("SETENV "); LEXRETURN(SETENV); } YY_BREAK case 29: YY_RULE_SETUP #line 439 "toke.l" { LEXTRACE("NOSETENV "); LEXRETURN(NOSETENV); } YY_BREAK case 30: YY_RULE_SETUP #line 444 "toke.l" { LEXTRACE("LOG_OUTPUT "); LEXRETURN(LOG_OUTPUT); } YY_BREAK case 31: YY_RULE_SETUP #line 449 "toke.l" { LEXTRACE("NOLOG_OUTPUT "); LEXRETURN(NOLOG_OUTPUT); } YY_BREAK case 32: YY_RULE_SETUP #line 454 "toke.l" { LEXTRACE("LOG_INPUT "); LEXRETURN(LOG_INPUT); } YY_BREAK case 33: YY_RULE_SETUP #line 459 "toke.l" { LEXTRACE("NOLOG_INPUT "); LEXRETURN(NOLOG_INPUT); } YY_BREAK case 34: YY_RULE_SETUP #line 464 "toke.l" { /* empty group or netgroup */ LEXTRACE("ERROR "); LEXRETURN(ERROR); } YY_BREAK case 35: YY_RULE_SETUP #line 470 "toke.l" { /* netgroup */ if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NETGROUP "); LEXRETURN(NETGROUP); } YY_BREAK case 36: YY_RULE_SETUP #line 478 "toke.l" { /* group */ if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("USERGROUP "); LEXRETURN(USERGROUP); } YY_BREAK case 37: YY_RULE_SETUP #line 486 "toke.l" { if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NTWKADDR "); LEXRETURN(NTWKADDR); } YY_BREAK case 38: YY_RULE_SETUP #line 493 "toke.l" { if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NTWKADDR "); LEXRETURN(NTWKADDR); } YY_BREAK case 39: YY_RULE_SETUP #line 500 "toke.l" { if (!ipv6_valid(sudoerstext)) { LEXTRACE("ERROR "); LEXRETURN(ERROR); } if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NTWKADDR "); LEXRETURN(NTWKADDR); } YY_BREAK case 40: YY_RULE_SETUP #line 511 "toke.l" { if (!ipv6_valid(sudoerstext)) { LEXTRACE("ERROR "); LEXRETURN(ERROR); } if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NTWKADDR "); LEXRETURN(NTWKADDR); } YY_BREAK case 41: YY_RULE_SETUP #line 522 "toke.l" { LEXTRACE("ALL "); LEXRETURN(ALL); } YY_BREAK case 42: YY_RULE_SETUP #line 528 "toke.l" { #ifdef HAVE_SELINUX LEXTRACE("ROLE "); LEXRETURN(ROLE); #else goto got_alias; #endif } YY_BREAK case 43: YY_RULE_SETUP #line 537 "toke.l" { #ifdef HAVE_SELINUX LEXTRACE("TYPE "); LEXRETURN(TYPE); #else goto got_alias; #endif } YY_BREAK case 44: YY_RULE_SETUP #line 545 "toke.l" { #ifdef HAVE_PRIV_SET LEXTRACE("PRIVS "); LEXRETURN(PRIVS); #else goto got_alias; #endif } YY_BREAK case 45: YY_RULE_SETUP #line 554 "toke.l" { #ifdef HAVE_PRIV_SET LEXTRACE("LIMITPRIVS "); LEXRETURN(LIMITPRIVS); #else goto got_alias; #endif } YY_BREAK case 46: YY_RULE_SETUP #line 563 "toke.l" { got_alias: if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("ALIAS "); LEXRETURN(ALIAS); } YY_BREAK case 47: YY_RULE_SETUP #line 571 "toke.l" { /* XXX - no way to specify digest for command */ /* no command args allowed for Defaults!/path */ if (!fill_cmnd(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("COMMAND "); LEXRETURN(COMMAND); } YY_BREAK case 48: YY_RULE_SETUP #line 580 "toke.l" { digest_len = SHA224_DIGEST_LENGTH; BEGIN WANTDIGEST; LEXTRACE("SHA224 "); LEXRETURN(SHA224); } YY_BREAK case 49: YY_RULE_SETUP #line 587 "toke.l" { digest_len = SHA256_DIGEST_LENGTH; BEGIN WANTDIGEST; LEXTRACE("SHA256 "); LEXRETURN(SHA256); } YY_BREAK case 50: YY_RULE_SETUP #line 594 "toke.l" { digest_len = SHA384_DIGEST_LENGTH; BEGIN WANTDIGEST; LEXTRACE("SHA384 "); LEXRETURN(SHA384); } YY_BREAK case 51: YY_RULE_SETUP #line 601 "toke.l" { digest_len = SHA512_DIGEST_LENGTH; BEGIN WANTDIGEST; LEXTRACE("SHA512 "); LEXRETURN(SHA512); } YY_BREAK case 52: YY_RULE_SETUP #line 608 "toke.l" { BEGIN GOTCMND; LEXTRACE("COMMAND "); if (!fill_cmnd(sudoerstext, sudoersleng)) yyterminate(); } /* sudo -e */ YY_BREAK case 53: YY_RULE_SETUP #line 615 "toke.l" { /* directories can't have args... */ if (sudoerstext[sudoersleng - 1] == '/') { LEXTRACE("COMMAND "); if (!fill_cmnd(sudoerstext, sudoersleng)) yyterminate(); LEXRETURN(COMMAND); } else { BEGIN GOTCMND; LEXTRACE("COMMAND "); if (!fill_cmnd(sudoerstext, sudoersleng)) yyterminate(); } } /* a pathname */ YY_BREAK case 54: YY_RULE_SETUP #line 630 "toke.l" { LEXTRACE("BEGINSTR "); sudoerslval.string = NULL; prev_state = YY_START; BEGIN INSTR; } YY_BREAK case 55: YY_RULE_SETUP #line 637 "toke.l" { /* a word */ if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("WORD(5) "); LEXRETURN(WORD); } YY_BREAK case 56: YY_RULE_SETUP #line 645 "toke.l" { LEXTRACE("( "); LEXRETURN('('); } YY_BREAK case 57: YY_RULE_SETUP #line 650 "toke.l" { LEXTRACE(") "); LEXRETURN(')'); } YY_BREAK case 58: YY_RULE_SETUP #line 655 "toke.l" { LEXTRACE(", "); LEXRETURN(','); } /* return ',' */ YY_BREAK case 59: YY_RULE_SETUP #line 660 "toke.l" { LEXTRACE("= "); LEXRETURN('='); } /* return '=' */ YY_BREAK case 60: YY_RULE_SETUP #line 665 "toke.l" { LEXTRACE(": "); LEXRETURN(':'); } /* return ':' */ YY_BREAK case 61: YY_RULE_SETUP #line 670 "toke.l" { if (sudoersleng & 1) { LEXTRACE("!"); LEXRETURN('!'); /* return '!' */ } } YY_BREAK case 62: YY_RULE_SETUP #line 677 "toke.l" { if (YY_START == INSTR) { LEXTRACE("ERROR "); LEXRETURN(ERROR); /* line break in string */ } BEGIN INITIAL; sudolineno++; continued = false; LEXTRACE("\n"); LEXRETURN(COMMENT); } /* return newline */ YY_BREAK case 63: YY_RULE_SETUP #line 689 "toke.l" { /* throw away space/tabs */ sawspace = true; /* but remember for fill_args */ } YY_BREAK case 64: YY_RULE_SETUP #line 693 "toke.l" { sawspace = true; /* remember for fill_args */ sudolineno++; continued = true; } /* throw away EOL after \ */ YY_BREAK case 65: YY_RULE_SETUP #line 699 "toke.l" { if (sudoerstext[sudoersleng - 1] == '\n') { /* comment ending in a newline */ BEGIN INITIAL; sudolineno++; continued = false; } else if (!feof(yyin)) { LEXTRACE("ERROR "); LEXRETURN(ERROR); } LEXTRACE("#\n"); LEXRETURN(COMMENT); } /* comment, not uid/gid */ YY_BREAK case 66: YY_RULE_SETUP #line 713 "toke.l" { LEXTRACE("ERROR "); LEXRETURN(ERROR); } /* parse error */ YY_BREAK case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(GOTDEFS): case YY_STATE_EOF(GOTCMND): case YY_STATE_EOF(STARTDEFS): case YY_STATE_EOF(INDEFS): case YY_STATE_EOF(INSTR): case YY_STATE_EOF(WANTDIGEST): #line 718 "toke.l" { if (YY_START != INITIAL) { BEGIN INITIAL; LEXTRACE("ERROR "); LEXRETURN(ERROR); } if (!pop_include()) yyterminate(); } YY_BREAK case 67: YY_RULE_SETUP #line 728 "toke.l" ECHO; YY_BREAK #line 3095 "lex.sudoers.c" case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ *yy_cp = yy_hold_char; YY_RESTORE_YY_MORE_OFFSET if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure * consistency between yy_current_buffer and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ yy_n_chars = yy_current_buffer->yy_n_chars; yy_current_buffer->yy_input_file = yyin; yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position * of the first EOB in the buffer, since yy_c_buf_p will * already have been incremented past the NUL character * (since all states make transitions on EOB to the * end-of-buffer state). Contrast this with the test * in input(). */ if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) { /* This was really a NUL. */ yy_state_type yy_next_state; yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state(); /* Okay, we're now positioned to make the NUL * transition. We couldn't have * yy_get_previous_state() go ahead and do it * for us because it doesn't know how to deal * with the possibility of jamming (and we don't * want to build jamming into it because then it * will run more slowly). */ yy_next_state = yy_try_NUL_trans( yy_current_state ); yy_bp = yytext_ptr + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ yy_cp = ++yy_c_buf_p; yy_current_state = yy_next_state; goto yy_match; } else { yy_cp = yy_c_buf_p; goto yy_find_action; } } else switch ( yy_get_next_buffer() ) { case EOB_ACT_END_OF_FILE: { yy_did_buffer_switch_on_eof = 0; if ( yywrap() ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up * yytext, we can now set up * yy_c_buf_p so that if some total * hoser (like flex itself) wants to * call the scanner after we return the * YY_NULL, it'll still work - another * YY_NULL will get returned. */ yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; } else { if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state(); yy_cp = yy_c_buf_p; yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: yy_c_buf_p = &yy_current_buffer->yy_ch_buf[yy_n_chars]; yy_current_state = yy_get_previous_state(); yy_cp = yy_c_buf_p; yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_find_action; } break; } default: YY_FATAL_ERROR( "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ } /* end of yylex */ /* yy_get_next_buffer - try to read in a new buffer * * Returns a code representing an action: * EOB_ACT_LAST_MATCH - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ static int yy_get_next_buffer YY_PROTO(( void )) { register char *dest = yy_current_buffer->yy_ch_buf; register char *source = yytext_ptr; register int number_to_move, i; int ret_val; if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); if ( yy_current_buffer->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. */ return EOB_ACT_END_OF_FILE; } else { /* We matched some text prior to the EOB, first * process it. */ return EOB_ACT_LAST_MATCH; } } /* Try to read more data. */ /* First move last chars to start of buffer. */ number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ yy_current_buffer->yy_n_chars = yy_n_chars = 0; else { int num_to_read = yy_current_buffer->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ #ifdef YY_USES_REJECT YY_FATAL_ERROR( "input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); #else /* just a shorter name for the current buffer */ YY_BUFFER_STATE b = yy_current_buffer; int yy_c_buf_p_offset = (int) (yy_c_buf_p - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { int new_size = b->yy_buf_size * 2; if ( new_size <= 0 ) b->yy_buf_size += b->yy_buf_size / 8; else b->yy_buf_size *= 2; b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ yy_flex_realloc( (void *) b->yy_ch_buf, b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ b->yy_ch_buf = 0; if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; num_to_read = yy_current_buffer->yy_buf_size - number_to_move - 1; #endif } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), yy_n_chars, num_to_read ); yy_current_buffer->yy_n_chars = yy_n_chars; } if ( yy_n_chars == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; yyrestart( yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; yy_current_buffer->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } else ret_val = EOB_ACT_CONTINUE_SCAN; yy_n_chars += number_to_move; yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; return ret_val; } /* yy_get_previous_state - get the state just before the EOB char was reached */ static yy_state_type yy_get_previous_state YY_PROTO(( void )) { register yy_state_type yy_current_state; register char *yy_cp; yy_current_state = yy_start; yy_current_state += YY_AT_BOL(); for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) { register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { yy_last_accepting_state = yy_current_state; yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; if ( yy_current_state >= 814 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; } return yy_current_state; } /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ #ifdef YY_USE_PROTOS static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) #else static yy_state_type yy_try_NUL_trans( yy_current_state ) yy_state_type yy_current_state; #endif { register int yy_is_jam; register char *yy_cp = yy_c_buf_p; register YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { yy_last_accepting_state = yy_current_state; yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; if ( yy_current_state >= 814 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; yy_is_jam = (yy_current_state == 813); return yy_is_jam ? 0 : yy_current_state; } #ifndef YY_NO_UNPUT #ifdef YY_USE_PROTOS static void yyunput( int c, register char *yy_bp ) #else static void yyunput( c, yy_bp ) int c; register char *yy_bp; #endif { register char *yy_cp = yy_c_buf_p; /* undo effects of setting up yytext */ *yy_cp = yy_hold_char; if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ register int number_to_move = yy_n_chars + 2; register char *dest = &yy_current_buffer->yy_ch_buf[ yy_current_buffer->yy_buf_size + 2]; register char *source = &yy_current_buffer->yy_ch_buf[number_to_move]; while ( source > yy_current_buffer->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); yy_current_buffer->yy_n_chars = yy_n_chars = yy_current_buffer->yy_buf_size; if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; yytext_ptr = yy_bp; yy_hold_char = *yy_cp; yy_c_buf_p = yy_cp; } #endif /* ifndef YY_NO_UNPUT */ #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput YY_PROTO(( void )) #else static int input YY_PROTO(( void )) #endif { int c; *yy_c_buf_p = yy_hold_char; if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) /* This was really a NUL. */ *yy_c_buf_p = '\0'; else { /* need more input */ int offset = yy_c_buf_p - yytext_ptr; ++yy_c_buf_p; switch ( yy_get_next_buffer() ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() * sees that we've accumulated a * token and flags that we need to * try matching the token before * proceeding. But for input(), * there's no matching to consider. * So convert the EOB_ACT_LAST_MATCH * to EOB_ACT_END_OF_FILE. */ /* Reset buffer status. */ yyrestart( yyin ); /* fall through */ case EOB_ACT_END_OF_FILE: { if ( yywrap() ) return EOF; if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); #else return input(); #endif } case EOB_ACT_CONTINUE_SCAN: yy_c_buf_p = yytext_ptr + offset; break; } } } c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ *yy_c_buf_p = '\0'; /* preserve yytext */ yy_hold_char = *++yy_c_buf_p; yy_current_buffer->yy_at_bol = (c == '\n'); return c; } #endif /* ifndef YY_NO_INPUT */ #ifdef YY_USE_PROTOS void yyrestart( FILE *input_file ) #else void yyrestart( input_file ) FILE *input_file; #endif { if ( ! yy_current_buffer ) yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); yy_init_buffer( yy_current_buffer, input_file ); yy_load_buffer_state(); } #ifdef YY_USE_PROTOS void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) #else void yy_switch_to_buffer( new_buffer ) YY_BUFFER_STATE new_buffer; #endif { if ( yy_current_buffer == new_buffer ) return; if ( yy_current_buffer ) { /* Flush out information for old buffer. */ *yy_c_buf_p = yy_hold_char; yy_current_buffer->yy_buf_pos = yy_c_buf_p; yy_current_buffer->yy_n_chars = yy_n_chars; } yy_current_buffer = new_buffer; yy_load_buffer_state(); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ yy_did_buffer_switch_on_eof = 1; } #ifdef YY_USE_PROTOS void yy_load_buffer_state( void ) #else void yy_load_buffer_state() #endif { yy_n_chars = yy_current_buffer->yy_n_chars; yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; yyin = yy_current_buffer->yy_input_file; yy_hold_char = *yy_c_buf_p; } #ifdef YY_USE_PROTOS YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) #else YY_BUFFER_STATE yy_create_buffer( file, size ) FILE *file; int size; #endif { YY_BUFFER_STATE b; b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_buf_size = size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; yy_init_buffer( b, file ); return b; } #ifdef YY_USE_PROTOS void yy_delete_buffer( YY_BUFFER_STATE b ) #else void yy_delete_buffer( b ) YY_BUFFER_STATE b; #endif { if ( ! b ) return; if ( b == yy_current_buffer ) yy_current_buffer = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) yy_flex_free( (void *) b->yy_ch_buf ); yy_flex_free( (void *) b ); } #ifndef YY_ALWAYS_INTERACTIVE #ifndef YY_NEVER_INTERACTIVE #include #endif #endif #ifdef YY_USE_PROTOS void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) #else void yy_init_buffer( b, file ) YY_BUFFER_STATE b; FILE *file; #endif { int oerrno = errno; yy_flush_buffer( b ); b->yy_input_file = file; b->yy_fill_buffer = 1; #if defined(YY_ALWAYS_INTERACTIVE) && YY_ALWAYS_INTERACTIVE b->yy_is_interactive = 1; #else #if defined(YY_NEVER_INTERACTIVE) && YY_NEVER_INTERACTIVE b->yy_is_interactive = 0; #else b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; #endif #endif errno = oerrno; } #ifdef YY_USE_PROTOS void yy_flush_buffer( YY_BUFFER_STATE b ) #else void yy_flush_buffer( b ) YY_BUFFER_STATE b; #endif { if ( ! b ) return; b->yy_n_chars = 0; /* We always need two end-of-buffer characters. The first causes * a transition to the end-of-buffer state. The second causes * a jam in that state. */ b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; b->yy_buf_pos = &b->yy_ch_buf[0]; b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; if ( b == yy_current_buffer ) yy_load_buffer_state(); } #ifndef YY_NO_SCAN_BUFFER #ifdef YY_USE_PROTOS YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) #else YY_BUFFER_STATE yy_scan_buffer( base, size ) char *base; yy_size_t size; #endif { YY_BUFFER_STATE b; if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ b->yy_buf_pos = b->yy_ch_buf = base; b->yy_is_our_buffer = 0; b->yy_input_file = 0; b->yy_n_chars = b->yy_buf_size; b->yy_is_interactive = 0; b->yy_at_bol = 1; b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; yy_switch_to_buffer( b ); return b; } #endif #ifndef YY_NO_SCAN_STRING #ifdef YY_USE_PROTOS YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) #else YY_BUFFER_STATE yy_scan_string( yy_str ) yyconst char *yy_str; #endif { int len; for ( len = 0; yy_str[len]; ++len ) ; return yy_scan_bytes( yy_str, len ); } #endif #ifndef YY_NO_SCAN_BYTES #ifdef YY_USE_PROTOS YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) #else YY_BUFFER_STATE yy_scan_bytes( bytes, len ) yyconst char *bytes; int len; #endif { YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; /* Get memory for full buffer, including space for trailing EOB's. */ n = len + 2; buf = (char *) yy_flex_alloc( n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); for ( i = 0; i < len; ++i ) buf[i] = bytes[i]; buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; b = yy_scan_buffer( buf, n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); /* It's okay to grow etc. this buffer, and we should throw it * away when we're done. */ b->yy_is_our_buffer = 1; return b; } #endif #ifndef YY_NO_PUSH_STATE #ifdef YY_USE_PROTOS static void yy_push_state( int new_state ) #else static void yy_push_state( new_state ) int new_state; #endif { if ( yy_start_stack_ptr >= yy_start_stack_depth ) { yy_size_t new_size; yy_start_stack_depth += YY_START_STACK_INCR; new_size = yy_start_stack_depth * sizeof( int ); if ( ! yy_start_stack ) yy_start_stack = (int *) yy_flex_alloc( new_size ); else yy_start_stack = (int *) yy_flex_realloc( (void *) yy_start_stack, new_size ); if ( ! yy_start_stack ) YY_FATAL_ERROR( "out of memory expanding start-condition stack" ); } yy_start_stack[yy_start_stack_ptr++] = YY_START; BEGIN(new_state); } #endif #ifndef YY_NO_POP_STATE static void yy_pop_state YY_PROTO(( void )) { if ( --yy_start_stack_ptr < 0 ) YY_FATAL_ERROR( "start-condition stack underflow" ); BEGIN(yy_start_stack[yy_start_stack_ptr]); } #endif #ifndef YY_NO_TOP_STATE static int yy_top_state YY_PROTO(( void )) { return yy_start_stack[yy_start_stack_ptr - 1]; } #endif #ifndef YY_EXIT_FAILURE #define YY_EXIT_FAILURE 2 #endif #ifdef YY_USE_PROTOS static void yy_fatal_error( yyconst char msg[] ) #else static void yy_fatal_error( msg ) char msg[]; #endif { (void) fprintf( stderr, "%s\n", msg ); exit( YY_EXIT_FAILURE ); } /* Redefine yyless() so it works in section 3 code. */ #undef yyless #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ yytext[yyleng] = yy_hold_char; \ yy_c_buf_p = yytext + n; \ yy_hold_char = *yy_c_buf_p; \ *yy_c_buf_p = '\0'; \ yyleng = n; \ } \ while ( 0 ) /* Internal utility routines. */ #ifndef yytext_ptr #ifdef YY_USE_PROTOS static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) #else static void yy_flex_strncpy( s1, s2, n ) char *s1; yyconst char *s2; int n; #endif { register int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; } #endif #ifdef YY_NEED_STRLEN #ifdef YY_USE_PROTOS static int yy_flex_strlen( yyconst char *s ) #else static int yy_flex_strlen( s ) yyconst char *s; #endif { register int n; for ( n = 0; s[n]; ++n ) ; return n; } #endif #ifdef YY_USE_PROTOS static void *yy_flex_alloc( yy_size_t size ) #else static void *yy_flex_alloc( size ) yy_size_t size; #endif { return (void *) malloc( size ); } #ifdef YY_USE_PROTOS static void *yy_flex_realloc( void *ptr, yy_size_t size ) #else static void *yy_flex_realloc( ptr, size ) void *ptr; yy_size_t size; #endif { /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter * because both ANSI C and C++ allow castless assignment from * any pointer type to void*, and deal with argument conversions * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); } #ifdef YY_USE_PROTOS static void yy_flex_free( void *ptr ) #else static void yy_flex_free( ptr ) void *ptr; #endif { free( ptr ); } #if defined(YY_MAIN) && YY_MAIN int main() { yylex(); return 0; } #endif #line 728 "toke.l" struct path_list { SLIST_ENTRY(path_list) entries; char *path; }; SLIST_HEAD(path_list_head, path_list); struct include_stack { YY_BUFFER_STATE bs; char *path; struct path_list_head more; /* more files in case of includedir */ int lineno; bool keepopen; }; /* * Compare two struct path_list structs in reverse order. */ static int pl_compare(const void *v1, const void *v2) { const struct path_list * const *p1 = v1; const struct path_list * const *p2 = v2; return strcmp((*p2)->path, (*p1)->path); } static char * switch_dir(struct include_stack *stack, char *dirpath) { DIR *dir; unsigned int i, count = 0; unsigned int max_paths = 32; char *path = NULL; struct dirent *dent; struct stat sb; struct path_list *pl, **paths = NULL; debug_decl(switch_dir, SUDO_DEBUG_PARSER) if (!(dir = opendir(dirpath))) { if (errno != ENOENT) { warning("%s", dirpath); sudoerserror(NULL); } goto done; } paths = malloc(sizeof(*paths) * max_paths); if (paths == NULL) { closedir(dir); goto bad; } while ((dent = readdir(dir))) { /* Ignore files that end in '~' or have a '.' in them. */ if (dent->d_name[0] == '\0' || dent->d_name[NAMLEN(dent) - 1] == '~' || strchr(dent->d_name, '.') != NULL) { continue; } if (asprintf(&path, "%s/%s", dirpath, dent->d_name) == -1) { closedir(dir); goto bad; } if (stat(path, &sb) != 0 || !S_ISREG(sb.st_mode)) { efree(path); path = NULL; continue; } pl = malloc(sizeof(*pl)); if (pl == NULL) goto bad; pl->path = path; if (count >= max_paths) { struct path_list **tmp; max_paths <<= 1; tmp = realloc(paths, sizeof(*paths) * max_paths); if (tmp == NULL) { closedir(dir); goto bad; } paths = tmp; } paths[count++] = pl; path = NULL; } closedir(dir); if (count == 0) goto done; /* Sort the list as an array in reverse order. */ qsort(paths, count, sizeof(*paths), pl_compare); /* Build up the list in sorted order. */ for (i = 0; i < count; i++) { SLIST_INSERT_HEAD(&stack->more, paths[i], entries); } /* Pull out the first element for parsing, leave the rest for later. */ pl = SLIST_FIRST(&stack->more); SLIST_REMOVE_HEAD(&stack->more, entries); path = pl->path; efree(pl); done: efree(paths); efree(dirpath); debug_return_str(path); bad: for (i = 0; i < count; i++) { efree(paths[i]->path); efree(paths[i]); } efree(paths); efree(dirpath); efree(path); debug_return_str(NULL); } #define MAX_SUDOERS_DEPTH 128 #define SUDOERS_STACK_INCREMENT 16 static size_t istacksize, idepth; static struct include_stack *istack; static bool keepopen; void init_lexer(void) { struct path_list *pl; debug_decl(init_lexer, SUDO_DEBUG_PARSER) while (idepth) { idepth--; while ((pl = SLIST_FIRST(&istack[idepth].more)) != NULL) { SLIST_REMOVE_HEAD(&istack[idepth].more, entries); efree(pl->path); efree(pl); } efree(istack[idepth].path); if (idepth && !istack[idepth].keepopen) fclose(istack[idepth].bs->yy_input_file); sudoers_delete_buffer(istack[idepth].bs); } efree(istack); istack = NULL; istacksize = idepth = 0; sudolineno = 1; keepopen = false; sawspace = false; continued = false; prev_state = INITIAL; debug_return; } static bool _push_include(char *path, bool isdir) { struct path_list *pl; FILE *fp; debug_decl(_push_include, SUDO_DEBUG_PARSER) /* push current state onto stack */ if (idepth >= istacksize) { if (idepth > MAX_SUDOERS_DEPTH) { sudoerserror(N_("too many levels of includes")); debug_return_bool(false); } istacksize += SUDOERS_STACK_INCREMENT; istack = (struct include_stack *) realloc(istack, sizeof(*istack) * istacksize); if (istack == NULL) { warning(NULL); sudoerserror(NULL); debug_return_bool(false); } } SLIST_INIT(&istack[idepth].more); if (isdir) { struct stat sb; switch (sudo_secure_dir(path, sudoers_uid, sudoers_gid, &sb)) { case SUDO_PATH_SECURE: break; case SUDO_PATH_MISSING: debug_return_bool(false); case SUDO_PATH_BAD_TYPE: errno = ENOTDIR; if (sudoers_warnings) { warning("%s", path); } debug_return_bool(false); case SUDO_PATH_WRONG_OWNER: if (sudoers_warnings) { warningx(U_("%s is owned by uid %u, should be %u"), path, (unsigned int) sb.st_uid, (unsigned int) sudoers_uid); } debug_return_bool(false); case SUDO_PATH_WORLD_WRITABLE: if (sudoers_warnings) { warningx(U_("%s is world writable"), path); } debug_return_bool(false); case SUDO_PATH_GROUP_WRITABLE: if (sudoers_warnings) { warningx(U_("%s is owned by gid %u, should be %u"), path, (unsigned int) sb.st_gid, (unsigned int) sudoers_gid); } debug_return_bool(false); default: /* NOTREACHED */ debug_return_bool(false); } if (!(path = switch_dir(&istack[idepth], path))) { /* switch_dir() called sudoerserror() for us */ debug_return_bool(false); } while ((fp = open_sudoers(path, false, &keepopen)) == NULL) { /* Unable to open path in includedir, go to next one, if any. */ efree(path); if ((pl = SLIST_FIRST(&istack[idepth].more)) == NULL) debug_return_bool(false); SLIST_REMOVE_HEAD(&istack[idepth].more, entries); path = pl->path; efree(pl); } } else { if ((fp = open_sudoers(path, true, &keepopen)) == NULL) { /* The error was already printed by open_sudoers() */ sudoerserror(NULL); debug_return_bool(false); } } /* Push the old (current) file and open the new one. */ istack[idepth].path = sudoers; /* push old path */ istack[idepth].bs = YY_CURRENT_BUFFER; istack[idepth].lineno = sudolineno; istack[idepth].keepopen = keepopen; idepth++; sudolineno = 1; sudoers = path; sudoers_switch_to_buffer(sudoers_create_buffer(fp, YY_BUF_SIZE)); debug_return_bool(true); } static bool pop_include(void) { struct path_list *pl; FILE *fp; debug_decl(pop_include, SUDO_DEBUG_PARSER) if (idepth == 0) debug_return_bool(false); if (!keepopen) fclose(YY_CURRENT_BUFFER->yy_input_file); sudoers_delete_buffer(YY_CURRENT_BUFFER); /* If we are in an include dir, move to the next file. */ while ((pl = SLIST_FIRST(&istack[idepth - 1].more)) != NULL) { SLIST_REMOVE_HEAD(&istack[idepth - 1].more, entries); fp = open_sudoers(pl->path, false, &keepopen); if (fp != NULL) { efree(sudoers); sudoers = pl->path; sudolineno = 1; sudoers_switch_to_buffer(sudoers_create_buffer(fp, YY_BUF_SIZE)); efree(pl); break; } /* Unable to open path in include dir, go to next one. */ efree(pl->path); efree(pl); } /* If no path list, just pop the last dir on the stack. */ if (pl == NULL) { idepth--; sudoers_switch_to_buffer(istack[idepth].bs); efree(sudoers); sudoers = istack[idepth].path; sudolineno = istack[idepth].lineno; keepopen = istack[idepth].keepopen; } debug_return_bool(true); } static char * parse_include(char *base) { char *cp, *ep, *path, *pp; int dirlen = 0, len = 0, subst = 0; size_t shost_len = 0; debug_decl(parse_include, SUDO_DEBUG_PARSER) /* Pull out path from #include line. */ cp = base + sizeof("#include"); if (*cp == 'i') cp += 3; /* includedir */ while (isblank((unsigned char) *cp)) cp++; ep = cp; while (*ep != '\0' && !isspace((unsigned char) *ep)) { if (ep[0] == '%' && ep[1] == 'h') { shost_len = strlen(user_shost); len += shost_len - 2; subst = 1; } ep++; } /* Relative paths are located in the same dir as the sudoers file. */ if (*cp != '/') { char *dirend = strrchr(sudoers, '/'); if (dirend != NULL) dirlen = (int)(dirend - sudoers) + 1; } /* Make a copy of the fully-qualified path and return it. */ len += (int)(ep - cp); path = pp = malloc(len + dirlen + 1); if (path == NULL) { warning(NULL); sudoerserror(NULL); debug_return_str(NULL); } if (dirlen) { memcpy(path, sudoers, dirlen); pp += dirlen; } if (subst) { /* substitute for %h */ while (cp < ep) { if (cp[0] == '%' && cp[1] == 'h') { memcpy(pp, user_shost, shost_len); pp += shost_len; cp += 2; continue; } *pp++ = *cp++; } *pp = '\0'; } else { memcpy(pp, cp, len); pp[len] = '\0'; } /* Push any excess characters (e.g. comment, newline) back to the lexer */ if (*ep != '\0') yyless((int)(ep - base)); debug_return_str(path); } #ifdef TRACELEXER int sudoers_trace_print(const char *msg) { return fputs(msg, stderr); } #else int sudoers_trace_print(const char *msg) { static bool initialized; static struct lbuf lbuf; if (!initialized) { initialized = true; lbuf_init(&lbuf, NULL, 0, NULL, 0); } lbuf_append(&lbuf, "%s", msg); /* XXX - assumes a final newline */ if (strchr(msg, '\n') != NULL) { sudo_debug_printf2(NULL, NULL, 0, SUDO_DEBUG_PARSER|SUDO_DEBUG_DEBUG, "%s:%d %s", sudoers, sudolineno, lbuf.buf); lbuf.len = 0; } return 0; } #endif /* TRACELEXER */ sudo-1.8.9p5/plugins/sudoers/toke.h010064400175440000012000000026671226304126200166350ustar00millertstaff/* * Copyright (c) 2011-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDOERS_TOKE_H #define _SUDOERS_TOKE_H bool append(const char *, int); bool fill_args(const char *, int, int); bool fill_cmnd(const char *, int); bool fill_txt(const char *, int, int); bool ipv6_valid(const char *s); int sudoers_trace_print(const char *msg); void sudoerserror(const char *); #ifndef FLEX_SCANNER extern int (*trace_print)(const char *msg); #endif #define fill(a, b) fill_txt(a, b, 0) /* realloc() to size + COMMANDARGINC to make room for command args */ #define COMMANDARGINC 64 #define LEXTRACE(msg) do { \ if (trace_print != NULL) \ (*trace_print)(msg); \ } while (0); #endif /* _SUDOERS_TOKE_H */ sudo-1.8.9p5/plugins/sudoers/toke.l010064400175440000012000000617551226304126200166440ustar00millertstaff%{ /* * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #if defined(HAVE_STDINT_H) # include #elif defined(HAVE_INTTYPES_H) # include #endif #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS) # include #endif /* HAVE_MALLOC_H && !STDC_HEADERS */ #ifdef HAVE_DIRENT_H # include # define NAMLEN(dirent) strlen((dirent)->d_name) #else # define dirent direct # define NAMLEN(dirent) (dirent)->d_namlen # ifdef HAVE_SYS_NDIR_H # include # endif # ifdef HAVE_SYS_DIR_H # include # endif # ifdef HAVE_NDIR_H # include # endif #endif #include #include #include "sudoers.h" #include "parse.h" #include "toke.h" #include #include "lbuf.h" #include "sha2.h" #include "secure_path.h" int sudolineno; /* current sudoers line number. */ int last_token; /* last token that was parsed. */ char *sudoers; /* sudoers file being parsed. */ /* Default sudoers path, mode and owner (may be set via sudo.conf) */ const char *sudoers_file = _PATH_SUDOERS; mode_t sudoers_mode = SUDOERS_MODE; uid_t sudoers_uid = SUDOERS_UID; gid_t sudoers_gid = SUDOERS_GID; static bool continued, sawspace; static int prev_state; static int digest_len; static bool _push_include(char *, bool); static bool pop_include(void); static char *parse_include(char *); int (*trace_print)(const char *msg) = sudoers_trace_print; #define LEXRETURN(n) do { \ last_token = (n); \ return (n); \ } while (0) #define ECHO ignore_result(fwrite(sudoerstext, sudoersleng, 1, sudoersout)) #define push_include(_p) (_push_include((_p), false)) #define push_includedir(_p) (_push_include((_p), true)) %} HEX16 [0-9A-Fa-f]{1,4} OCTET (1?[0-9]{1,2})|(2[0-4][0-9])|(25[0-5]) IPV4ADDR {OCTET}(\.{OCTET}){3} IPV6ADDR ({HEX16}?:){2,7}{HEX16}?|({HEX16}?:){2,6}:{IPV4ADDR} HOSTNAME [[:alnum:]_-]+ WORD ([^#>!=:,\(\) \t\n\\\"]|\\[^\n])+ ID #-?[0-9]+ PATH \/(\\[\,:= \t#]|[^\,:=\\ \t\n#])+ ENVAR ([^#!=, \t\n\\\"]|\\[^\n])([^#=, \t\n\\\"]|\\[^\n])* DEFVAR [a-z_]+ %option noinput %option nounput %option noyywrap %option prefix="sudoers" %s GOTDEFS %x GOTCMND %x STARTDEFS %x INDEFS %x INSTR %s WANTDIGEST %% [[:blank:]]*,[[:blank:]]* { LEXTRACE(", "); LEXRETURN(','); } /* return ',' */ [[:blank:]]+ BEGIN STARTDEFS; {DEFVAR} { BEGIN INDEFS; LEXTRACE("DEFVAR "); if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXRETURN(DEFVAR); } { , { BEGIN STARTDEFS; LEXTRACE(", "); LEXRETURN(','); } /* return ',' */ = { LEXTRACE("= "); LEXRETURN('='); } /* return '=' */ \+= { LEXTRACE("+= "); LEXRETURN('+'); } /* return '+' */ -= { LEXTRACE("-= "); LEXRETURN('-'); } /* return '-' */ \" { LEXTRACE("BEGINSTR "); sudoerslval.string = NULL; prev_state = YY_START; BEGIN INSTR; } {ENVAR} { LEXTRACE("WORD(2) "); if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXRETURN(WORD); } } { \\[[:blank:]]*\n[[:blank:]]* { /* Line continuation char followed by newline. */ sudolineno++; continued = true; } \" { LEXTRACE("ENDSTR "); BEGIN prev_state; if (sudoerslval.string == NULL) { LEXTRACE("ERROR "); /* empty string */ LEXRETURN(ERROR); } if (prev_state == INITIAL) { switch (sudoerslval.string[0]) { case '%': if (sudoerslval.string[1] == '\0' || (sudoerslval.string[1] == ':' && sudoerslval.string[2] == '\0')) { LEXTRACE("ERROR "); /* empty group */ LEXRETURN(ERROR); } LEXTRACE("USERGROUP "); LEXRETURN(USERGROUP); case '+': if (sudoerslval.string[1] == '\0') { LEXTRACE("ERROR "); /* empty netgroup */ LEXRETURN(ERROR); } LEXTRACE("NETGROUP "); LEXRETURN(NETGROUP); } } LEXTRACE("WORD(4) "); LEXRETURN(WORD); } \\ { LEXTRACE("BACKSLASH "); if (!append(sudoerstext, sudoersleng)) yyterminate(); } ([^\"\n\\]|\\\")+ { LEXTRACE("STRBODY "); if (!append(sudoerstext, sudoersleng)) yyterminate(); } } { \\[\*\?\[\]\!] { /* quoted fnmatch glob char, pass verbatim */ LEXTRACE("QUOTEDCHAR "); if (!fill_args(sudoerstext, 2, sawspace)) yyterminate(); sawspace = false; } \\[:\\,= \t#] { /* quoted sudoers special char, strip backslash */ LEXTRACE("QUOTEDCHAR "); if (!fill_args(sudoerstext + 1, 1, sawspace)) yyterminate(); sawspace = false; } [#:\,=\n] { BEGIN INITIAL; yyless(0); LEXRETURN(COMMAND); } /* end of command line args */ [^#\\:, \t\n]+ { LEXTRACE("ARG "); if (!fill_args(sudoerstext, sudoersleng, sawspace)) yyterminate(); sawspace = false; } /* a command line arg */ } [[:xdigit:]]+ { /* Only return DIGEST if the length is correct. */ if (sudoersleng == digest_len * 2) { if (!fill(sudoerstext, sudoersleng)) yyterminate(); BEGIN INITIAL; LEXTRACE("DIGEST "); LEXRETURN(DIGEST); } BEGIN INITIAL; yyless(sudoersleng); } /* hex digest */ [A-Za-z0-9\+/=]+ { /* Only return DIGEST if the length is correct. */ int len; if (sudoerstext[sudoersleng - 1] == '=') { /* use padding */ len = 4 * ((digest_len + 2) / 3); } else { /* no padding */ len = (4 * digest_len + 2) / 3; } if (sudoersleng == len) { if (!fill(sudoerstext, sudoersleng)) yyterminate(); BEGIN INITIAL; LEXTRACE("DIGEST "); LEXRETURN(DIGEST); } BEGIN INITIAL; yyless(sudoersleng); } /* base64 digest */ ^#include[[:blank:]]+.*\n { char *path; if (continued) { LEXTRACE("ERROR "); LEXRETURN(ERROR); } if ((path = parse_include(sudoerstext)) == NULL) yyterminate(); LEXTRACE("INCLUDE\n"); /* Push current buffer and switch to include file */ if (!push_include(path)) yyterminate(); } ^#includedir[[:blank:]]+.*\n { char *path; if (continued) { LEXTRACE("ERROR "); LEXRETURN(ERROR); } if ((path = parse_include(sudoerstext)) == NULL) yyterminate(); LEXTRACE("INCLUDEDIR\n"); /* * Push current buffer and switch to include file. * We simply ignore empty directories. */ if (!push_includedir(path) && parse_error) yyterminate(); } ^[[:blank:]]*Defaults([:@>\!][[:blank:]]*\!*\"?({ID}|{WORD}))? { char deftype; int n; if (continued) { LEXTRACE("ERROR "); LEXRETURN(ERROR); } for (n = 0; isblank((unsigned char)sudoerstext[n]); n++) continue; n += sizeof("Defaults") - 1; if ((deftype = sudoerstext[n++]) != '\0') { while (isblank((unsigned char)sudoerstext[n])) n++; } BEGIN GOTDEFS; switch (deftype) { case ':': yyless(n); LEXTRACE("DEFAULTS_USER "); LEXRETURN(DEFAULTS_USER); case '>': yyless(n); LEXTRACE("DEFAULTS_RUNAS "); LEXRETURN(DEFAULTS_RUNAS); case '@': yyless(n); LEXTRACE("DEFAULTS_HOST "); LEXRETURN(DEFAULTS_HOST); case '!': yyless(n); LEXTRACE("DEFAULTS_CMND "); LEXRETURN(DEFAULTS_CMND); default: LEXTRACE("DEFAULTS "); LEXRETURN(DEFAULTS); } } ^[[:blank:]]*(Host|Cmnd|User|Runas)_Alias { int n; if (continued) { LEXTRACE("ERROR "); LEXRETURN(ERROR); } for (n = 0; isblank((unsigned char)sudoerstext[n]); n++) continue; switch (sudoerstext[n]) { case 'H': LEXTRACE("HOSTALIAS "); LEXRETURN(HOSTALIAS); case 'C': LEXTRACE("CMNDALIAS "); LEXRETURN(CMNDALIAS); case 'U': LEXTRACE("USERALIAS "); LEXRETURN(USERALIAS); case 'R': LEXTRACE("RUNASALIAS "); LEXRETURN(RUNASALIAS); } } NOPASSWD[[:blank:]]*: { /* cmnd does not require passwd for this user */ LEXTRACE("NOPASSWD "); LEXRETURN(NOPASSWD); } PASSWD[[:blank:]]*: { /* cmnd requires passwd for this user */ LEXTRACE("PASSWD "); LEXRETURN(PASSWD); } NOEXEC[[:blank:]]*: { LEXTRACE("NOEXEC "); LEXRETURN(NOEXEC); } EXEC[[:blank:]]*: { LEXTRACE("EXEC "); LEXRETURN(EXEC); } SETENV[[:blank:]]*: { LEXTRACE("SETENV "); LEXRETURN(SETENV); } NOSETENV[[:blank:]]*: { LEXTRACE("NOSETENV "); LEXRETURN(NOSETENV); } LOG_OUTPUT[[:blank:]]*: { LEXTRACE("LOG_OUTPUT "); LEXRETURN(LOG_OUTPUT); } NOLOG_OUTPUT[[:blank:]]*: { LEXTRACE("NOLOG_OUTPUT "); LEXRETURN(NOLOG_OUTPUT); } LOG_INPUT[[:blank:]]*: { LEXTRACE("LOG_INPUT "); LEXRETURN(LOG_INPUT); } NOLOG_INPUT[[:blank:]]*: { LEXTRACE("NOLOG_INPUT "); LEXRETURN(NOLOG_INPUT); } (\+|\%|\%:) { /* empty group or netgroup */ LEXTRACE("ERROR "); LEXRETURN(ERROR); } \+{WORD} { /* netgroup */ if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NETGROUP "); LEXRETURN(NETGROUP); } \%:?({WORD}|{ID}) { /* group */ if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("USERGROUP "); LEXRETURN(USERGROUP); } {IPV4ADDR}(\/{IPV4ADDR})? { if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NTWKADDR "); LEXRETURN(NTWKADDR); } {IPV4ADDR}\/([12]?[0-9]|3[0-2]) { if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NTWKADDR "); LEXRETURN(NTWKADDR); } {IPV6ADDR}(\/{IPV6ADDR})? { if (!ipv6_valid(sudoerstext)) { LEXTRACE("ERROR "); LEXRETURN(ERROR); } if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NTWKADDR "); LEXRETURN(NTWKADDR); } {IPV6ADDR}\/([0-9]|[1-9][0-9]|1[01][0-9]|12[0-8]) { if (!ipv6_valid(sudoerstext)) { LEXTRACE("ERROR "); LEXRETURN(ERROR); } if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NTWKADDR "); LEXRETURN(NTWKADDR); } ALL { LEXTRACE("ALL "); LEXRETURN(ALL); } ROLE { #ifdef HAVE_SELINUX LEXTRACE("ROLE "); LEXRETURN(ROLE); #else goto got_alias; #endif } TYPE { #ifdef HAVE_SELINUX LEXTRACE("TYPE "); LEXRETURN(TYPE); #else goto got_alias; #endif } PRIVS { #ifdef HAVE_PRIV_SET LEXTRACE("PRIVS "); LEXRETURN(PRIVS); #else goto got_alias; #endif } LIMITPRIVS { #ifdef HAVE_PRIV_SET LEXTRACE("LIMITPRIVS "); LEXRETURN(LIMITPRIVS); #else goto got_alias; #endif } [[:upper:]][[:upper:][:digit:]_]* { got_alias: if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("ALIAS "); LEXRETURN(ALIAS); } ({PATH}|sudoedit) { /* XXX - no way to specify digest for command */ /* no command args allowed for Defaults!/path */ if (!fill_cmnd(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("COMMAND "); LEXRETURN(COMMAND); } sha224 { digest_len = SHA224_DIGEST_LENGTH; BEGIN WANTDIGEST; LEXTRACE("SHA224 "); LEXRETURN(SHA224); } sha256 { digest_len = SHA256_DIGEST_LENGTH; BEGIN WANTDIGEST; LEXTRACE("SHA256 "); LEXRETURN(SHA256); } sha384 { digest_len = SHA384_DIGEST_LENGTH; BEGIN WANTDIGEST; LEXTRACE("SHA384 "); LEXRETURN(SHA384); } sha512 { digest_len = SHA512_DIGEST_LENGTH; BEGIN WANTDIGEST; LEXTRACE("SHA512 "); LEXRETURN(SHA512); } sudoedit { BEGIN GOTCMND; LEXTRACE("COMMAND "); if (!fill_cmnd(sudoerstext, sudoersleng)) yyterminate(); } /* sudo -e */ {PATH} { /* directories can't have args... */ if (sudoerstext[sudoersleng - 1] == '/') { LEXTRACE("COMMAND "); if (!fill_cmnd(sudoerstext, sudoersleng)) yyterminate(); LEXRETURN(COMMAND); } else { BEGIN GOTCMND; LEXTRACE("COMMAND "); if (!fill_cmnd(sudoerstext, sudoersleng)) yyterminate(); } } /* a pathname */ \" { LEXTRACE("BEGINSTR "); sudoerslval.string = NULL; prev_state = YY_START; BEGIN INSTR; } ({ID}|{WORD}) { /* a word */ if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("WORD(5) "); LEXRETURN(WORD); } \( { LEXTRACE("( "); LEXRETURN('('); } \) { LEXTRACE(") "); LEXRETURN(')'); } , { LEXTRACE(", "); LEXRETURN(','); } /* return ',' */ = { LEXTRACE("= "); LEXRETURN('='); } /* return '=' */ : { LEXTRACE(": "); LEXRETURN(':'); } /* return ':' */ <*>!+ { if (sudoersleng & 1) { LEXTRACE("!"); LEXRETURN('!'); /* return '!' */ } } <*>\n { if (YY_START == INSTR) { LEXTRACE("ERROR "); LEXRETURN(ERROR); /* line break in string */ } BEGIN INITIAL; sudolineno++; continued = false; LEXTRACE("\n"); LEXRETURN(COMMENT); } /* return newline */ <*>[[:blank:]]+ { /* throw away space/tabs */ sawspace = true; /* but remember for fill_args */ } <*>\\[[:blank:]]*\n { sawspace = true; /* remember for fill_args */ sudolineno++; continued = true; } /* throw away EOL after \ */ #(-[^\n0-9].*|[^\n0-9-].*)?\n? { if (sudoerstext[sudoersleng - 1] == '\n') { /* comment ending in a newline */ BEGIN INITIAL; sudolineno++; continued = false; } else if (!feof(yyin)) { LEXTRACE("ERROR "); LEXRETURN(ERROR); } LEXTRACE("#\n"); LEXRETURN(COMMENT); } /* comment, not uid/gid */ <*>. { LEXTRACE("ERROR "); LEXRETURN(ERROR); } /* parse error */ <*><> { if (YY_START != INITIAL) { BEGIN INITIAL; LEXTRACE("ERROR "); LEXRETURN(ERROR); } if (!pop_include()) yyterminate(); } %% struct path_list { SLIST_ENTRY(path_list) entries; char *path; }; SLIST_HEAD(path_list_head, path_list); struct include_stack { YY_BUFFER_STATE bs; char *path; struct path_list_head more; /* more files in case of includedir */ int lineno; bool keepopen; }; /* * Compare two struct path_list structs in reverse order. */ static int pl_compare(const void *v1, const void *v2) { const struct path_list * const *p1 = v1; const struct path_list * const *p2 = v2; return strcmp((*p2)->path, (*p1)->path); } static char * switch_dir(struct include_stack *stack, char *dirpath) { DIR *dir; unsigned int i, count = 0; unsigned int max_paths = 32; char *path = NULL; struct dirent *dent; struct stat sb; struct path_list *pl, **paths = NULL; debug_decl(switch_dir, SUDO_DEBUG_PARSER) if (!(dir = opendir(dirpath))) { if (errno != ENOENT) { warning("%s", dirpath); sudoerserror(NULL); } goto done; } paths = malloc(sizeof(*paths) * max_paths); if (paths == NULL) { closedir(dir); goto bad; } while ((dent = readdir(dir))) { /* Ignore files that end in '~' or have a '.' in them. */ if (dent->d_name[0] == '\0' || dent->d_name[NAMLEN(dent) - 1] == '~' || strchr(dent->d_name, '.') != NULL) { continue; } if (asprintf(&path, "%s/%s", dirpath, dent->d_name) == -1) { closedir(dir); goto bad; } if (stat(path, &sb) != 0 || !S_ISREG(sb.st_mode)) { efree(path); path = NULL; continue; } pl = malloc(sizeof(*pl)); if (pl == NULL) goto bad; pl->path = path; if (count >= max_paths) { struct path_list **tmp; max_paths <<= 1; tmp = realloc(paths, sizeof(*paths) * max_paths); if (tmp == NULL) { closedir(dir); goto bad; } paths = tmp; } paths[count++] = pl; path = NULL; } closedir(dir); if (count == 0) goto done; /* Sort the list as an array in reverse order. */ qsort(paths, count, sizeof(*paths), pl_compare); /* Build up the list in sorted order. */ for (i = 0; i < count; i++) { SLIST_INSERT_HEAD(&stack->more, paths[i], entries); } /* Pull out the first element for parsing, leave the rest for later. */ pl = SLIST_FIRST(&stack->more); SLIST_REMOVE_HEAD(&stack->more, entries); path = pl->path; efree(pl); done: efree(paths); efree(dirpath); debug_return_str(path); bad: for (i = 0; i < count; i++) { efree(paths[i]->path); efree(paths[i]); } efree(paths); efree(dirpath); efree(path); debug_return_str(NULL); } #define MAX_SUDOERS_DEPTH 128 #define SUDOERS_STACK_INCREMENT 16 static size_t istacksize, idepth; static struct include_stack *istack; static bool keepopen; void init_lexer(void) { struct path_list *pl; debug_decl(init_lexer, SUDO_DEBUG_PARSER) while (idepth) { idepth--; while ((pl = SLIST_FIRST(&istack[idepth].more)) != NULL) { SLIST_REMOVE_HEAD(&istack[idepth].more, entries); efree(pl->path); efree(pl); } efree(istack[idepth].path); if (idepth && !istack[idepth].keepopen) fclose(istack[idepth].bs->yy_input_file); sudoers_delete_buffer(istack[idepth].bs); } efree(istack); istack = NULL; istacksize = idepth = 0; sudolineno = 1; keepopen = false; sawspace = false; continued = false; prev_state = INITIAL; debug_return; } static bool _push_include(char *path, bool isdir) { struct path_list *pl; FILE *fp; debug_decl(_push_include, SUDO_DEBUG_PARSER) /* push current state onto stack */ if (idepth >= istacksize) { if (idepth > MAX_SUDOERS_DEPTH) { sudoerserror(N_("too many levels of includes")); debug_return_bool(false); } istacksize += SUDOERS_STACK_INCREMENT; istack = (struct include_stack *) realloc(istack, sizeof(*istack) * istacksize); if (istack == NULL) { warning(NULL); sudoerserror(NULL); debug_return_bool(false); } } SLIST_INIT(&istack[idepth].more); if (isdir) { struct stat sb; switch (sudo_secure_dir(path, sudoers_uid, sudoers_gid, &sb)) { case SUDO_PATH_SECURE: break; case SUDO_PATH_MISSING: debug_return_bool(false); case SUDO_PATH_BAD_TYPE: errno = ENOTDIR; if (sudoers_warnings) { warning("%s", path); } debug_return_bool(false); case SUDO_PATH_WRONG_OWNER: if (sudoers_warnings) { warningx(U_("%s is owned by uid %u, should be %u"), path, (unsigned int) sb.st_uid, (unsigned int) sudoers_uid); } debug_return_bool(false); case SUDO_PATH_WORLD_WRITABLE: if (sudoers_warnings) { warningx(U_("%s is world writable"), path); } debug_return_bool(false); case SUDO_PATH_GROUP_WRITABLE: if (sudoers_warnings) { warningx(U_("%s is owned by gid %u, should be %u"), path, (unsigned int) sb.st_gid, (unsigned int) sudoers_gid); } debug_return_bool(false); default: /* NOTREACHED */ debug_return_bool(false); } if (!(path = switch_dir(&istack[idepth], path))) { /* switch_dir() called sudoerserror() for us */ debug_return_bool(false); } while ((fp = open_sudoers(path, false, &keepopen)) == NULL) { /* Unable to open path in includedir, go to next one, if any. */ efree(path); if ((pl = SLIST_FIRST(&istack[idepth].more)) == NULL) debug_return_bool(false); SLIST_REMOVE_HEAD(&istack[idepth].more, entries); path = pl->path; efree(pl); } } else { if ((fp = open_sudoers(path, true, &keepopen)) == NULL) { /* The error was already printed by open_sudoers() */ sudoerserror(NULL); debug_return_bool(false); } } /* Push the old (current) file and open the new one. */ istack[idepth].path = sudoers; /* push old path */ istack[idepth].bs = YY_CURRENT_BUFFER; istack[idepth].lineno = sudolineno; istack[idepth].keepopen = keepopen; idepth++; sudolineno = 1; sudoers = path; sudoers_switch_to_buffer(sudoers_create_buffer(fp, YY_BUF_SIZE)); debug_return_bool(true); } static bool pop_include(void) { struct path_list *pl; FILE *fp; debug_decl(pop_include, SUDO_DEBUG_PARSER) if (idepth == 0) debug_return_bool(false); if (!keepopen) fclose(YY_CURRENT_BUFFER->yy_input_file); sudoers_delete_buffer(YY_CURRENT_BUFFER); /* If we are in an include dir, move to the next file. */ while ((pl = SLIST_FIRST(&istack[idepth - 1].more)) != NULL) { SLIST_REMOVE_HEAD(&istack[idepth - 1].more, entries); fp = open_sudoers(pl->path, false, &keepopen); if (fp != NULL) { efree(sudoers); sudoers = pl->path; sudolineno = 1; sudoers_switch_to_buffer(sudoers_create_buffer(fp, YY_BUF_SIZE)); efree(pl); break; } /* Unable to open path in include dir, go to next one. */ efree(pl->path); efree(pl); } /* If no path list, just pop the last dir on the stack. */ if (pl == NULL) { idepth--; sudoers_switch_to_buffer(istack[idepth].bs); efree(sudoers); sudoers = istack[idepth].path; sudolineno = istack[idepth].lineno; keepopen = istack[idepth].keepopen; } debug_return_bool(true); } static char * parse_include(char *base) { char *cp, *ep, *path, *pp; int dirlen = 0, len = 0, subst = 0; size_t shost_len = 0; debug_decl(parse_include, SUDO_DEBUG_PARSER) /* Pull out path from #include line. */ cp = base + sizeof("#include"); if (*cp == 'i') cp += 3; /* includedir */ while (isblank((unsigned char) *cp)) cp++; ep = cp; while (*ep != '\0' && !isspace((unsigned char) *ep)) { if (ep[0] == '%' && ep[1] == 'h') { shost_len = strlen(user_shost); len += shost_len - 2; subst = 1; } ep++; } /* Relative paths are located in the same dir as the sudoers file. */ if (*cp != '/') { char *dirend = strrchr(sudoers, '/'); if (dirend != NULL) dirlen = (int)(dirend - sudoers) + 1; } /* Make a copy of the fully-qualified path and return it. */ len += (int)(ep - cp); path = pp = malloc(len + dirlen + 1); if (path == NULL) { warning(NULL); sudoerserror(NULL); debug_return_str(NULL); } if (dirlen) { memcpy(path, sudoers, dirlen); pp += dirlen; } if (subst) { /* substitute for %h */ while (cp < ep) { if (cp[0] == '%' && cp[1] == 'h') { memcpy(pp, user_shost, shost_len); pp += shost_len; cp += 2; continue; } *pp++ = *cp++; } *pp = '\0'; } else { memcpy(pp, cp, len); pp[len] = '\0'; } /* Push any excess characters (e.g. comment, newline) back to the lexer */ if (*ep != '\0') yyless((int)(ep - base)); debug_return_str(path); } #ifdef TRACELEXER int sudoers_trace_print(const char *msg) { return fputs(msg, stderr); } #else int sudoers_trace_print(const char *msg) { static bool initialized; static struct lbuf lbuf; if (!initialized) { initialized = true; lbuf_init(&lbuf, NULL, 0, NULL, 0); } lbuf_append(&lbuf, "%s", msg); /* XXX - assumes a final newline */ if (strchr(msg, '\n') != NULL) { sudo_debug_printf2(NULL, NULL, 0, SUDO_DEBUG_PARSER|SUDO_DEBUG_DEBUG, "%s:%d %s", sudoers, sudolineno, lbuf.buf); lbuf.len = 0; } return 0; } #endif /* TRACELEXER */ sudo-1.8.9p5/plugins/sudoers/toke_util.c010064400175440000012000000122011226304126200176460ustar00millertstaff/* * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS) # include #endif /* HAVE_MALLOC_H && !STDC_HEADERS */ #include #include #include "sudoers.h" #include "parse.h" #include "toke.h" #include static int arg_len = 0; static int arg_size = 0; bool fill_txt(const char *src, int len, int olen) { char *dst; debug_decl(fill_txt, SUDO_DEBUG_PARSER) dst = olen ? realloc(sudoerslval.string, olen + len + 1) : malloc(len + 1); if (dst == NULL) { warning(NULL); sudoerserror(NULL); debug_return_bool(false); } sudoerslval.string = dst; /* Copy the string and collapse any escaped characters. */ dst += olen; while (len--) { if (*src == '\\' && len) { if (src[1] == 'x' && len >= 3 && isxdigit((unsigned char) src[2]) && isxdigit((unsigned char) src[3])) { *dst++ = hexchar(src + 2); src += 4; len -= 3; } else { src++; len--; *dst++ = *src++; } } else { *dst++ = *src++; } } *dst = '\0'; debug_return_bool(true); } bool append(const char *src, int len) { int olen = 0; debug_decl(append, SUDO_DEBUG_PARSER) if (sudoerslval.string != NULL) olen = strlen(sudoerslval.string); debug_return_bool(fill_txt(src, len, olen)); } #define SPECIAL(c) \ ((c) == ',' || (c) == ':' || (c) == '=' || (c) == ' ' || (c) == '\t' || (c) == '#') bool fill_cmnd(const char *src, int len) { char *dst; int i; debug_decl(fill_cmnd, SUDO_DEBUG_PARSER) arg_len = arg_size = 0; dst = sudoerslval.command.cmnd = (char *) malloc(len + 1); if (sudoerslval.command.cmnd == NULL) { warning(NULL); sudoerserror(NULL); debug_return_bool(false); } /* Copy the string and collapse any escaped sudo-specific characters. */ for (i = 0; i < len; i++) { if (src[i] == '\\' && i != len - 1 && SPECIAL(src[i + 1])) *dst++ = src[++i]; else *dst++ = src[i]; } *dst = '\0'; sudoerslval.command.args = NULL; debug_return_bool(true); } bool fill_args(const char *s, int len, int addspace) { int new_len; char *p; debug_decl(fill_args, SUDO_DEBUG_PARSER) if (sudoerslval.command.args == NULL) { addspace = 0; new_len = len; } else new_len = arg_len + len + addspace; if (new_len >= arg_size) { /* Allocate more space than we need for subsequent args */ while (new_len >= (arg_size += COMMANDARGINC)) ; p = sudoerslval.command.args ? (char *) realloc(sudoerslval.command.args, arg_size) : (char *) malloc(arg_size); if (p == NULL) { efree(sudoerslval.command.args); warning(NULL); sudoerserror(NULL); debug_return_bool(false); } else sudoerslval.command.args = p; } /* Efficiently append the arg (with a leading space if needed). */ p = sudoerslval.command.args + arg_len; if (addspace) *p++ = ' '; if (strlcpy(p, s, arg_size - (p - sudoerslval.command.args)) != (size_t)len) { warningx(U_("fill_args: buffer overflow")); /* paranoia */ sudoerserror(NULL); debug_return_bool(false); } arg_len = new_len; debug_return_bool(true); } /* * Check to make sure an IPv6 address does not contain multiple instances * of the string "::". Assumes strlen(s) >= 1. * Returns true if address is valid else false. */ bool ipv6_valid(const char *s) { int nmatch = 0; debug_decl(ipv6_valid, SUDO_DEBUG_PARSER) for (; *s != '\0'; s++) { if (s[0] == ':' && s[1] == ':') { if (++nmatch > 1) break; } if (s[0] == '/') nmatch = 0; /* reset if we hit netmask */ } debug_return_bool(nmatch <= 1); } sudo-1.8.9p5/plugins/sudoers/tsgetgrpw.c010064400175440000012000000154331226304126200177070ustar00millertstaff/* * Copyright (c) 2005, 2008, 2010-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * Trivial replacements for the libc get{gr,pw}{uid,nam}() routines * for use by testsudoers in the sudo test harness. * We need our own since many platforms don't provide set{pw,gr}file(). */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include #include #include #include "tsgetgrpw.h" #include "sudoers.h" #ifndef LINE_MAX # define LINE_MAX 2048 #endif #undef GRMEM_MAX #define GRMEM_MAX 200 #ifndef UID_MAX # define UID_MAX 0xffffffffU #endif #ifndef GID_MAX # define GID_MAX UID_MAX #endif static FILE *pwf; static const char *pwfile = "/etc/passwd"; static int pw_stayopen; static FILE *grf; static const char *grfile = "/etc/group"; static int gr_stayopen; void setgrfile(const char *); void setgrent(void); void endgrent(void); struct group *getgrent(void); struct group *getgrnam(const char *); struct group *getgrgid(gid_t); void setpwfile(const char *); void setpwent(void); void endpwent(void); struct passwd *getpwent(void); struct passwd *getpwnam(const char *); struct passwd *getpwuid(uid_t); void setpwfile(const char *file) { pwfile = file; if (pwf != NULL) endpwent(); } void setpwent(void) { if (pwf == NULL) { pwf = fopen(pwfile, "r"); if (pwf != NULL) fcntl(fileno(pwf), F_SETFD, FD_CLOEXEC); } else { rewind(pwf); } pw_stayopen = 1; } void endpwent(void) { if (pwf != NULL) { fclose(pwf); pwf = NULL; } pw_stayopen = 0; } struct passwd * getpwent(void) { static struct passwd pw; static char pwbuf[LINE_MAX]; size_t len; id_t id; char *cp, *colon; const char *errstr; next_entry: if ((colon = fgets(pwbuf, sizeof(pwbuf), pwf)) == NULL) return NULL; memset(&pw, 0, sizeof(pw)); if ((colon = strchr(cp = colon, ':')) == NULL) goto next_entry; *colon++ = '\0'; pw.pw_name = cp; if ((colon = strchr(cp = colon, ':')) == NULL) goto next_entry; *colon++ = '\0'; pw.pw_passwd = cp; if ((colon = strchr(cp = colon, ':')) == NULL) goto next_entry; *colon++ = '\0'; id = atoid(cp, NULL, NULL, &errstr); if (errstr != NULL) goto next_entry; pw.pw_uid = (uid_t)id; if ((colon = strchr(cp = colon, ':')) == NULL) goto next_entry; *colon++ = '\0'; id = atoid(cp, NULL, NULL, &errstr); if (errstr != NULL) goto next_entry; pw.pw_gid = (gid_t)id; if ((colon = strchr(cp = colon, ':')) == NULL) goto next_entry; *colon++ = '\0'; pw.pw_gecos = cp; if ((colon = strchr(cp = colon, ':')) == NULL) goto next_entry; *colon++ = '\0'; pw.pw_dir = cp; pw.pw_shell = colon; len = strlen(colon); if (len > 0 && colon[len - 1] == '\n') colon[len - 1] = '\0'; return &pw; } struct passwd * getpwnam(const char *name) { struct passwd *pw; if (pwf == NULL) { if ((pwf = fopen(pwfile, "r")) == NULL) return NULL; fcntl(fileno(pwf), F_SETFD, FD_CLOEXEC); } else { rewind(pwf); } while ((pw = getpwent()) != NULL) { if (strcmp(pw->pw_name, name) == 0) break; } if (!pw_stayopen) { fclose(pwf); pwf = NULL; } return pw; } struct passwd * getpwuid(uid_t uid) { struct passwd *pw; if (pwf == NULL) { if ((pwf = fopen(pwfile, "r")) == NULL) return NULL; fcntl(fileno(pwf), F_SETFD, FD_CLOEXEC); } else { rewind(pwf); } while ((pw = getpwent()) != NULL) { if (pw->pw_uid == uid) break; } if (!pw_stayopen) { fclose(pwf); pwf = NULL; } return pw; } void setgrfile(const char *file) { grfile = file; if (grf != NULL) endgrent(); } void setgrent(void) { if (grf == NULL) { grf = fopen(grfile, "r"); if (grf != NULL) fcntl(fileno(grf), F_SETFD, FD_CLOEXEC); } else { rewind(grf); } gr_stayopen = 1; } void endgrent(void) { if (grf != NULL) { fclose(grf); grf = NULL; } gr_stayopen = 0; } struct group * getgrent(void) { static struct group gr; static char grbuf[LINE_MAX], *gr_mem[GRMEM_MAX+1]; size_t len; id_t id; char *cp, *colon; const char *errstr; int n; next_entry: if ((colon = fgets(grbuf, sizeof(grbuf), grf)) == NULL) return NULL; memset(&gr, 0, sizeof(gr)); if ((colon = strchr(cp = colon, ':')) == NULL) goto next_entry; *colon++ = '\0'; gr.gr_name = cp; if ((colon = strchr(cp = colon, ':')) == NULL) goto next_entry; *colon++ = '\0'; gr.gr_passwd = cp; if ((colon = strchr(cp = colon, ':')) == NULL) goto next_entry; *colon++ = '\0'; id = atoid(cp, NULL, NULL, &errstr); if (errstr != NULL) goto next_entry; gr.gr_gid = (gid_t)id; len = strlen(colon); if (len > 0 && colon[len - 1] == '\n') colon[len - 1] = '\0'; if (*colon != '\0') { gr.gr_mem = gr_mem; cp = strtok(colon, ","); for (n = 0; cp != NULL && n < GRMEM_MAX; n++) { gr.gr_mem[n] = cp; cp = strtok(NULL, ","); } gr.gr_mem[n++] = NULL; } else gr.gr_mem = NULL; return &gr; } struct group * getgrnam(const char *name) { struct group *gr; if (grf == NULL) { if ((grf = fopen(grfile, "r")) == NULL) return NULL; fcntl(fileno(grf), F_SETFD, FD_CLOEXEC); } else { rewind(grf); } while ((gr = getgrent()) != NULL) { if (strcmp(gr->gr_name, name) == 0) break; } if (!gr_stayopen) { fclose(grf); grf = NULL; } return gr; } struct group * getgrgid(gid_t gid) { struct group *gr; if (grf == NULL) { if ((grf = fopen(grfile, "r")) == NULL) return NULL; fcntl(fileno(grf), F_SETFD, FD_CLOEXEC); } else { rewind(grf); } while ((gr = getgrent()) != NULL) { if (gr->gr_gid == gid) break; } if (!gr_stayopen) { fclose(grf); grf = NULL; } return gr; } sudo-1.8.9p5/plugins/sudoers/tsgetgrpw.h010064400175440000012000000037731226304126200177200ustar00millertstaff/* * Copyright (c) 2010 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * Trivial replacements for the libc get{gr,pw}{uid,nam}() routines * for use by testsudoers in the sudo test harness. * We need our own since many platforms don't provide set{pw,gr}file(). */ #include /* * Define away the system prototypes so we don't have any conflicts. */ #define setgrfile sys_setgrfile #define setgrent sys_setgrent #define endgrent sys_endgrent #define getgrent sys_getgrent #define getgrnam sys_getgrnam #define getgrgid sys_getgrgid #define setpwfile sys_setpwfile #define setpwent sys_setpwent #define endpwent sys_endpwent #define getpwent sys_getpwent #define getpwnam sys_getpwnam #define getpwuid sys_getpwuid #include #include #undef setgrfile #undef setgrent #undef endgrent #undef getgrent #undef getgrnam #undef getgrgid void setgrfile(const char *); void setgrent(void); void endgrent(void); struct group *getgrent(void); struct group *getgrnam(const char *); struct group *getgrgid(gid_t); #undef setpwfile #undef setpwent #undef endpwent #undef getpwent #undef getpwnam #undef getpwuid void setpwfile(const char *); void setpwent(void); void endpwent(void); struct passwd *getpwent(void); struct passwd *getpwnam(const char *); struct passwd *getpwuid(uid_t); sudo-1.8.9p5/plugins/sudoers/visudo.c010064400175440000012000001025231226304127700171750ustar00millertstaff/* * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ /* * Lock the sudoers file for safe editing (ala vipw) and check for parse errors. */ #define _SUDO_MAIN #ifdef __TANDEM # include #endif #include #include #include #include #include #include #ifndef __TANDEM # include #endif #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H #include #endif /* HAVE_UNISTD_H */ #include #include #include #include #include #include #include #include #include #ifdef TIME_WITH_SYS_TIME # include #endif #ifdef HAVE_GETOPT_LONG # include # else # include "compat/getopt.h" #endif /* HAVE_GETOPT_LONG */ #include "sudoers.h" #include "parse.h" #include "redblack.h" #include "gettext.h" #include "sudoers_version.h" #include "sudo_conf.h" #include struct sudoersfile { TAILQ_ENTRY(sudoersfile) entries; char *path; char *tpath; int fd; int modified; int doedit; }; TAILQ_HEAD(sudoersfile_list, sudoersfile); /* * Function prototypes */ static void quit(int); static char *get_args(char *); static char *get_editor(char **); static void get_hostname(void); static int whatnow(void); static int check_aliases(bool, bool); static bool check_syntax(char *, bool, bool, bool); static bool edit_sudoers(struct sudoersfile *, char *, char *, int); static bool install_sudoers(struct sudoersfile *, bool); static int print_unused(void *, void *); static bool reparse_sudoers(char *, char *, bool, bool); static int run_command(char *, char **); static void setup_signals(void); static void help(void) __attribute__((__noreturn__)); static void usage(int); static void visudo_cleanup(void); extern bool export_sudoers(const char *, const char *, bool, bool); extern void sudoerserror(const char *); extern void sudoersrestart(FILE *); /* * Globals */ struct sudo_user sudo_user; struct passwd *list_pw; static struct sudoersfile_list sudoerslist = TAILQ_HEAD_INITIALIZER(sudoerslist); static struct rbtree *alias_freelist; static bool checkonly; static const char short_opts[] = "cf:hqsVx:"; static struct option long_opts[] = { { "check", no_argument, NULL, 'c' }, { "export", required_argument, NULL, 'x' }, { "file", required_argument, NULL, 'f' }, { "help", no_argument, NULL, 'h' }, { "quiet", no_argument, NULL, 'q' }, { "strict", no_argument, NULL, 's' }, { "version", no_argument, NULL, 'V' }, { NULL, no_argument, NULL, '\0' }, }; __dso_public int main(int argc, char *argv[]); int main(int argc, char *argv[]) { struct sudoersfile *sp; char *args, *editor, *sudoers_path; int ch, exitcode = 0; bool quiet, strict, oldperms; const char *export_path; debug_decl(main, SUDO_DEBUG_MAIN) #if defined(SUDO_DEVEL) && defined(__OpenBSD__) { extern char *malloc_options; malloc_options = "AFGJPR"; } #endif initprogname(argc > 0 ? argv[0] : "visudo"); sudoers_initlocale(setlocale(LC_ALL, ""), def_sudoers_locale); bindtextdomain("sudoers", LOCALEDIR); /* XXX - should have visudo domain */ textdomain("sudoers"); if (argc < 1) usage(1); /* Register fatal/fatalx callback. */ fatal_callback_register(visudo_cleanup); /* Read sudo.conf. */ sudo_conf_read(NULL); /* * Arg handling. */ checkonly = oldperms = quiet = strict = false; export_path = NULL; sudoers_path = _PATH_SUDOERS; while ((ch = getopt_long(argc, argv, short_opts, long_opts, NULL)) != -1) { switch (ch) { case 'V': (void) printf(_("%s version %s\n"), getprogname(), PACKAGE_VERSION); (void) printf(_("%s grammar version %d\n"), getprogname(), SUDOERS_GRAMMAR_VERSION); goto done; case 'c': checkonly = true; /* check mode */ break; case 'f': sudoers_path = optarg; /* sudoers file path */ oldperms = true; break; case 'h': help(); break; case 's': strict = true; /* strict mode */ break; case 'q': quiet = true; /* quiet mode */ break; case 'x': export_path = optarg; /* export mode */ break; default: usage(1); } } /* There should be no other command line arguments. */ if (argc - optind != 0) usage(1); sudo_setpwent(); sudo_setgrent(); /* Mock up a fake sudo_user struct. */ user_cmnd = user_base = ""; if ((sudo_user.pw = sudo_getpwuid(getuid())) == NULL) fatalx(U_("you do not exist in the %s database"), "passwd"); get_hostname(); /* Setup defaults data structures. */ init_defaults(); if (checkonly) { exitcode = check_syntax(sudoers_path, quiet, strict, oldperms) ? 0 : 1; goto done; } if (export_path != NULL) { exitcode = export_sudoers(sudoers_path, export_path, quiet, strict) ? 0 : 1; goto done; } /* * Parse the existing sudoers file(s) to highlight any existing * errors and to pull in editor and env_editor conf values. */ if ((sudoersin = open_sudoers(sudoers_path, true, NULL)) == NULL) exit(1); init_parser(sudoers_path, false); sudoersparse(); (void) update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER); editor = get_editor(&args); /* Install signal handlers to clean up temp files if we are killed. */ setup_signals(); /* Edit the sudoers file(s) */ TAILQ_FOREACH(sp, &sudoerslist, entries) { if (!sp->doedit) continue; if (sp != TAILQ_FIRST(&sudoerslist)) { printf(_("press return to edit %s: "), sp->path); while ((ch = getchar()) != EOF && ch != '\n') continue; } edit_sudoers(sp, editor, args, -1); } /* * Check edited files for a parse error, re-edit any that fail * and install the edited files as needed. */ if (reparse_sudoers(editor, args, strict, quiet)) { TAILQ_FOREACH(sp, &sudoerslist, entries) { (void) install_sudoers(sp, oldperms); } } done: sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, exitcode); exit(exitcode); } /* * List of editors that support the "+lineno" command line syntax. * If an entry starts with '*' the tail end of the string is matched. * No other wild cards are supported. */ static char *lineno_editors[] = { "ex", "nex", "vi", "nvi", "vim", "elvis", "*macs", "mg", "vile", "jove", "pico", "nano", "ee", "joe", "zile", NULL }; /* * Edit each sudoers file. * Returns true on success, else false. */ static bool edit_sudoers(struct sudoersfile *sp, char *editor, char *args, int lineno) { int tfd; /* sudoers temp file descriptor */ bool modified; /* was the file modified? */ int ac; /* argument count */ char **av; /* argument vector for run_command */ char *cp; /* scratch char pointer */ char buf[PATH_MAX*2]; /* buffer used for copying files */ char linestr[64]; /* string version of lineno */ struct timeval tv, tv1, tv2; /* time before and after edit */ struct timeval orig_mtim; /* starting mtime of sudoers file */ off_t orig_size; /* starting size of sudoers file */ ssize_t nread; /* number of bytes read */ struct stat sb; /* stat buffer */ bool rval = false; /* return value */ debug_decl(edit_sudoers, SUDO_DEBUG_UTIL) if (fstat(sp->fd, &sb) == -1) fatal(U_("unable to stat %s"), sp->path); orig_size = sb.st_size; mtim_get(&sb, &orig_mtim); /* Create the temp file if needed and set timestamp. */ if (sp->tpath == NULL) { easprintf(&sp->tpath, "%s.tmp", sp->path); tfd = open(sp->tpath, O_WRONLY | O_CREAT | O_TRUNC, 0600); if (tfd < 0) fatal("%s", sp->tpath); /* Copy sp->path -> sp->tpath and reset the mtime. */ if (orig_size != 0) { (void) lseek(sp->fd, (off_t)0, SEEK_SET); while ((nread = read(sp->fd, buf, sizeof(buf))) > 0) if (write(tfd, buf, nread) != nread) fatal(U_("write error")); /* Add missing newline at EOF if needed. */ if (nread > 0 && buf[nread - 1] != '\n') { buf[0] = '\n'; if (write(tfd, buf, 1) != 1) fatal(U_("write error")); } } (void) close(tfd); } (void) touch(-1, sp->tpath, &orig_mtim); /* Does the editor support +lineno? */ if (lineno > 0) { char *editor_base = strrchr(editor, '/'); if (editor_base != NULL) editor_base++; else editor_base = editor; if (*editor_base == 'r') editor_base++; for (av = lineno_editors; (cp = *av) != NULL; av++) { /* We only handle a leading '*' wildcard. */ if (*cp == '*') { size_t blen = strlen(editor_base); size_t clen = strlen(++cp); if (blen >= clen) { if (strcmp(cp, editor_base + blen - clen) == 0) break; } } else if (strcmp(cp, editor_base) == 0) break; } /* Disable +lineno if editor doesn't support it. */ if (cp == NULL) lineno = -1; } /* Find the length of the argument vector */ ac = 3 + (lineno > 0); if (args) { bool wasblank; ac++; for (wasblank = false, cp = args; *cp; cp++) { if (isblank((unsigned char) *cp)) wasblank = true; else if (wasblank) { wasblank = false; ac++; } } } /* Build up argument vector for the command */ av = emalloc2(ac, sizeof(char *)); if ((av[0] = strrchr(editor, '/')) != NULL) av[0]++; else av[0] = editor; ac = 1; if (lineno > 0) { (void) snprintf(linestr, sizeof(linestr), "+%d", lineno); av[ac++] = linestr; } if (args) { for ((cp = strtok(args, " \t")); cp; (cp = strtok(NULL, " \t"))) av[ac++] = cp; } av[ac++] = sp->tpath; av[ac++] = NULL; /* * Do the edit: * We cannot check the editor's exit value against 0 since * XPG4 specifies that vi's exit value is a function of the * number of errors during editing (?!?!). */ gettimeofday(&tv1, NULL); if (run_command(editor, av) != -1) { gettimeofday(&tv2, NULL); /* * Sanity checks. */ if (stat(sp->tpath, &sb) < 0) { warningx(U_("unable to stat temporary file (%s), %s unchanged"), sp->tpath, sp->path); goto done; } if (sb.st_size == 0 && orig_size != 0) { warningx(U_("zero length temporary file (%s), %s unchanged"), sp->tpath, sp->path); sp->modified = true; goto done; } } else { warningx(U_("editor (%s) failed, %s unchanged"), editor, sp->path); goto done; } /* Set modified bit if use changed the file. */ modified = true; mtim_get(&sb, &tv); if (orig_size == sb.st_size && timevalcmp(&orig_mtim, &tv, ==)) { /* * If mtime and size match but the user spent no measurable * time in the editor we can't tell if the file was changed. */ timevalsub(&tv1, &tv2); if (timevalisset(&tv2)) modified = false; } /* * If modified in this edit session, mark as modified. */ if (modified) sp->modified = modified; else warningx(U_("%s unchanged"), sp->tpath); rval = true; done: debug_return_bool(rval); } /* * Parse sudoers after editing and re-edit any ones that caused a parse error. */ static bool reparse_sudoers(char *editor, char *args, bool strict, bool quiet) { struct sudoersfile *sp, *last; FILE *fp; int ch; debug_decl(reparse_sudoers, SUDO_DEBUG_UTIL) /* * Parse the edited sudoers files and do sanity checking */ while ((sp = TAILQ_FIRST(&sudoerslist)) != NULL) { last = TAILQ_LAST(&sudoerslist, sudoersfile_list); fp = fopen(sp->tpath, "r+"); if (fp == NULL) fatalx(U_("unable to re-open temporary file (%s), %s unchanged."), sp->tpath, sp->path); /* Clean slate for each parse */ init_defaults(); init_parser(sp->path, quiet); /* Parse the sudoers temp file(s) */ sudoersrestart(fp); if (sudoersparse() && !parse_error) { warningx(U_("unabled to parse temporary file (%s), unknown error"), sp->tpath); parse_error = true; errorfile = sp->path; } fclose(sudoersin); if (!parse_error) { if (!check_defaults(SETDEF_ALL, quiet) || check_aliases(strict, quiet) != 0) { parse_error = true; errorfile = NULL; } } /* * Got an error, prompt the user for what to do now. */ if (parse_error) { switch (whatnow()) { case 'Q': parse_error = false; /* ignore parse error */ break; case 'x': visudo_cleanup(); /* discard changes */ debug_return_bool(false); case 'e': default: /* Edit file with the parse error */ TAILQ_FOREACH(sp, &sudoerslist, entries) { if (errorfile == NULL || strcmp(sp->path, errorfile) == 0) { edit_sudoers(sp, editor, args, errorlineno); if (errorfile != NULL) break; } } if (errorfile != NULL && sp == NULL) { fatalx(U_("internal error, unable to find %s in list!"), sudoers); } break; } } /* If any new #include directives were added, edit them too. */ for (sp = TAILQ_NEXT(last, entries); sp != NULL; sp = TAILQ_NEXT(sp, entries)) { printf(_("press return to edit %s: "), sp->path); while ((ch = getchar()) != EOF && ch != '\n') continue; edit_sudoers(sp, editor, args, errorlineno); } /* If all sudoers files parsed OK we are done. */ if (!parse_error) break; } debug_return_bool(true); } /* * Set the owner and mode on a sudoers temp file and * move it into place. Returns true on success, else false. */ static bool install_sudoers(struct sudoersfile *sp, bool oldperms) { struct stat sb; bool rval = false; debug_decl(install_sudoers, SUDO_DEBUG_UTIL) if (!sp->modified) { /* * No changes but fix owner/mode if needed. */ (void) unlink(sp->tpath); if (!oldperms && fstat(sp->fd, &sb) != -1) { if (sb.st_uid != SUDOERS_UID || sb.st_gid != SUDOERS_GID) ignore_result(chown(sp->path, SUDOERS_UID, SUDOERS_GID)); if ((sb.st_mode & 0777) != SUDOERS_MODE) ignore_result(chmod(sp->path, SUDOERS_MODE)); } rval = true; goto done; } /* * Change mode and ownership of temp file so when * we move it to sp->path things are kosher. */ if (oldperms) { /* Use perms of the existing file. */ if (fstat(sp->fd, &sb) == -1) fatal(U_("unable to stat %s"), sp->path); if (chown(sp->tpath, sb.st_uid, sb.st_gid) != 0) { warning(U_("unable to set (uid, gid) of %s to (%u, %u)"), sp->tpath, (unsigned int)sb.st_uid, (unsigned int)sb.st_gid); } if (chmod(sp->tpath, sb.st_mode & 0777) != 0) { warning(U_("unable to change mode of %s to 0%o"), sp->tpath, (unsigned int)(sb.st_mode & 0777)); } } else { if (chown(sp->tpath, SUDOERS_UID, SUDOERS_GID) != 0) { warning(U_("unable to set (uid, gid) of %s to (%u, %u)"), sp->tpath, SUDOERS_UID, SUDOERS_GID); goto done; } if (chmod(sp->tpath, SUDOERS_MODE) != 0) { warning(U_("unable to change mode of %s to 0%o"), sp->tpath, SUDOERS_MODE); goto done; } } /* * Now that sp->tpath is sane (parses ok) it needs to be * rename(2)'d to sp->path. If the rename(2) fails we try using * mv(1) in case sp->tpath and sp->path are on different file systems. */ if (rename(sp->tpath, sp->path) == 0) { efree(sp->tpath); sp->tpath = NULL; } else { if (errno == EXDEV) { char *av[4]; warningx(U_("%s and %s not on the same file system, using mv to rename"), sp->tpath, sp->path); /* Build up argument vector for the command */ if ((av[0] = strrchr(_PATH_MV, '/')) != NULL) av[0]++; else av[0] = _PATH_MV; av[1] = sp->tpath; av[2] = sp->path; av[3] = NULL; /* And run it... */ if (run_command(_PATH_MV, av)) { warningx(U_("command failed: '%s %s %s', %s unchanged"), _PATH_MV, sp->tpath, sp->path, sp->path); (void) unlink(sp->tpath); efree(sp->tpath); sp->tpath = NULL; goto done; } efree(sp->tpath); sp->tpath = NULL; } else { warning(U_("error renaming %s, %s unchanged"), sp->tpath, sp->path); (void) unlink(sp->tpath); goto done; } } rval = true; done: debug_return_bool(rval); } /* STUB */ void init_envtables(void) { return; } /* STUB */ bool user_is_exempt(void) { return false; } /* STUB */ void sudo_setspent(void) { return; } /* STUB */ void sudo_endspent(void) { return; } /* STUB */ int group_plugin_query(const char *user, const char *group, const struct passwd *pw) { return false; } /* STUB */ struct interface *get_interfaces(void) { return NULL; } /* * Assuming a parse error occurred, prompt the user for what they want * to do now. Returns the first letter of their choice. */ static int whatnow(void) { int choice, c; debug_decl(whatnow, SUDO_DEBUG_UTIL) for (;;) { (void) fputs(_("What now? "), stdout); choice = getchar(); for (c = choice; c != '\n' && c != EOF;) c = getchar(); switch (choice) { case EOF: choice = 'x'; /* FALLTHROUGH */ case 'e': case 'x': case 'Q': debug_return_int(choice); default: (void) puts(_("Options are:\n" " (e)dit sudoers file again\n" " e(x)it without saving changes to sudoers file\n" " (Q)uit and save changes to sudoers file (DANGER!)\n")); } } } /* * Install signal handlers for visudo. */ static void setup_signals(void) { sigaction_t sa; debug_decl(setup_signals, SUDO_DEBUG_UTIL) /* * Setup signal handlers to cleanup nicely. */ memset(&sa, 0, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; sa.sa_handler = quit; (void) sigaction(SIGTERM, &sa, NULL); (void) sigaction(SIGHUP, &sa, NULL); (void) sigaction(SIGINT, &sa, NULL); (void) sigaction(SIGQUIT, &sa, NULL); debug_return; } static int run_command(char *path, char **argv) { int status; pid_t pid, rv; debug_decl(run_command, SUDO_DEBUG_UTIL) switch (pid = sudo_debug_fork()) { case -1: fatal(U_("unable to execute %s"), path); break; /* NOTREACHED */ case 0: sudo_endpwent(); sudo_endgrent(); closefrom(STDERR_FILENO + 1); execv(path, argv); warning(U_("unable to run %s"), path); _exit(127); break; /* NOTREACHED */ } do { rv = waitpid(pid, &status, 0); } while (rv == -1 && errno == EINTR); if (rv != -1) rv = WIFEXITED(status) ? WEXITSTATUS(status) : -1; debug_return_int(rv); } static bool check_owner(const char *path, bool quiet) { struct stat sb; bool ok = true; debug_decl(check_owner, SUDO_DEBUG_UTIL) if (stat(path, &sb) == 0) { if (sb.st_uid != SUDOERS_UID || sb.st_gid != SUDOERS_GID) { ok = false; if (!quiet) { fprintf(stderr, _("%s: wrong owner (uid, gid) should be (%u, %u)\n"), path, SUDOERS_UID, SUDOERS_GID); } } if ((sb.st_mode & 07777) != SUDOERS_MODE) { ok = false; if (!quiet) { fprintf(stderr, _("%s: bad permissions, should be mode 0%o\n"), path, SUDOERS_MODE); } } } debug_return_bool(ok); } static bool check_syntax(char *sudoers_path, bool quiet, bool strict, bool oldperms) { bool ok = false; debug_decl(check_syntax, SUDO_DEBUG_UTIL) if (strcmp(sudoers_path, "-") == 0) { sudoersin = stdin; sudoers_path = "stdin"; } else if ((sudoersin = fopen(sudoers_path, "r")) == NULL) { if (!quiet) warning(U_("unable to open %s"), sudoers_path); goto done; } init_parser(sudoers_path, quiet); if (sudoersparse() && !parse_error) { if (!quiet) warningx(U_("failed to parse %s file, unknown error"), sudoers_path); parse_error = true; errorfile = sudoers_path; } if (!parse_error) { if (!check_defaults(SETDEF_ALL, quiet) || check_aliases(strict, quiet) != 0) { parse_error = true; errorfile = NULL; } } ok = !parse_error; if (parse_error) { if (!quiet) { if (errorlineno != -1) (void) printf(_("parse error in %s near line %d\n"), errorfile, errorlineno); else if (errorfile != NULL) (void) printf(_("parse error in %s\n"), errorfile); } } else { struct sudoersfile *sp; /* Parsed OK, check mode and owner. */ if (oldperms || check_owner(sudoers_path, quiet)) { if (!quiet) (void) printf(_("%s: parsed OK\n"), sudoers_path); } else { ok = false; } TAILQ_FOREACH(sp, &sudoerslist, entries) { if (oldperms || check_owner(sp->path, quiet)) { if (!quiet) (void) printf(_("%s: parsed OK\n"), sp->path); } else { ok = false; } } } done: debug_return_bool(ok); } /* * Used to open (and lock) the initial sudoers file and to also open * any subsequent files #included via a callback from the parser. */ FILE * open_sudoers(const char *path, bool doedit, bool *keepopen) { struct sudoersfile *entry; FILE *fp; int open_flags; debug_decl(open_sudoers, SUDO_DEBUG_UTIL) if (checkonly) open_flags = O_RDONLY; else open_flags = O_RDWR | O_CREAT; /* Check for existing entry */ TAILQ_FOREACH(entry, &sudoerslist, entries) { if (strcmp(path, entry->path) == 0) break; } if (entry == NULL) { entry = ecalloc(1, sizeof(*entry)); entry->path = estrdup(path); /* entry->modified = 0; */ entry->fd = open(entry->path, open_flags, SUDOERS_MODE); /* entry->tpath = NULL; */ entry->doedit = doedit; if (entry->fd == -1) { warning("%s", entry->path); efree(entry); debug_return_ptr(NULL); } if (!checkonly && !lock_file(entry->fd, SUDO_TLOCK)) fatalx(U_("%s busy, try again later"), entry->path); if ((fp = fdopen(entry->fd, "r")) == NULL) fatal("%s", entry->path); TAILQ_INSERT_TAIL(&sudoerslist, entry, entries); } else { /* Already exists, open .tmp version if there is one. */ if (entry->tpath != NULL) { if ((fp = fopen(entry->tpath, "r")) == NULL) fatal("%s", entry->tpath); } else { if ((fp = fdopen(entry->fd, "r")) == NULL) fatal("%s", entry->path); rewind(fp); } } if (keepopen != NULL) *keepopen = true; debug_return_ptr(fp); } static char * get_editor(char **args) { char *Editor, *EditorArgs, *EditorPath, *UserEditor, *UserEditorArgs; debug_decl(get_editor, SUDO_DEBUG_UTIL) /* * Check VISUAL and EDITOR environment variables to see which editor * the user wants to use (we may not end up using it though). * If the path is not fully-qualified, make it so and check that * the specified executable actually exists. */ UserEditorArgs = NULL; if ((UserEditor = getenv("VISUAL")) == NULL || *UserEditor == '\0') UserEditor = getenv("EDITOR"); if (UserEditor && *UserEditor == '\0') UserEditor = NULL; else if (UserEditor) { UserEditorArgs = get_args(UserEditor); if (find_path(UserEditor, &Editor, NULL, getenv("PATH"), 0) == FOUND) { UserEditor = Editor; } else { if (def_env_editor) { /* If we are honoring $EDITOR this is a fatal error. */ fatalx(U_("specified editor (%s) doesn't exist"), UserEditor); } else { /* Otherwise, just ignore $EDITOR. */ UserEditor = NULL; } } } /* * See if we can use the user's choice of editors either because * we allow any $EDITOR or because $EDITOR is in the allowable list. */ Editor = EditorArgs = EditorPath = NULL; if (def_env_editor && UserEditor) { Editor = UserEditor; EditorArgs = UserEditorArgs; } else if (UserEditor) { struct stat editor_sb; struct stat user_editor_sb; char *base, *userbase; if (stat(UserEditor, &user_editor_sb) != 0) { /* Should never happen since we already checked above. */ fatal(U_("unable to stat editor (%s)"), UserEditor); } EditorPath = estrdup(def_editor); Editor = strtok(EditorPath, ":"); do { EditorArgs = get_args(Editor); /* * Both Editor and UserEditor should be fully qualified but * check anyway... */ if ((base = strrchr(Editor, '/')) == NULL) continue; if ((userbase = strrchr(UserEditor, '/')) == NULL) { Editor = NULL; break; } base++, userbase++; /* * We compare the basenames first and then use stat to match * for sure. */ if (strcmp(base, userbase) == 0) { if (stat(Editor, &editor_sb) == 0 && S_ISREG(editor_sb.st_mode) && (editor_sb.st_mode & 0000111) && editor_sb.st_dev == user_editor_sb.st_dev && editor_sb.st_ino == user_editor_sb.st_ino) break; } } while ((Editor = strtok(NULL, ":"))); } /* * Can't use $EDITOR, try each element of def_editor until we * find one that exists, is regular, and is executable. */ if (Editor == NULL || *Editor == '\0') { efree(EditorPath); EditorPath = estrdup(def_editor); Editor = strtok(EditorPath, ":"); do { EditorArgs = get_args(Editor); if (sudo_goodpath(Editor, NULL)) break; } while ((Editor = strtok(NULL, ":"))); /* Bleah, none of the editors existed! */ if (Editor == NULL || *Editor == '\0') fatalx(U_("no editor found (editor path = %s)"), def_editor); } *args = EditorArgs; debug_return_str(Editor); } /* * Split out any command line arguments and return them. */ static char * get_args(char *cmnd) { char *args; debug_decl(get_args, SUDO_DEBUG_UTIL) args = cmnd; while (*args && !isblank((unsigned char) *args)) args++; if (*args) { *args++ = '\0'; while (*args && isblank((unsigned char) *args)) args++; } debug_return_str(*args ? args : NULL); } /* * Look up the hostname and set user_host and user_shost. */ static void get_hostname(void) { char *p, thost[HOST_NAME_MAX + 1]; debug_decl(get_hostname, SUDO_DEBUG_UTIL) if (gethostname(thost, sizeof(thost)) != -1) { thost[sizeof(thost) - 1] = '\0'; user_host = estrdup(thost); if ((p = strchr(user_host, '.'))) { *p = '\0'; user_shost = estrdup(user_host); *p = '.'; } else { user_shost = user_host; } } else { user_host = user_shost = "localhost"; } user_runhost = user_host; user_srunhost = user_shost; debug_return; } static bool alias_remove_recursive(char *name, int type) { struct member *m; struct alias *a; bool rval = true; debug_decl(alias_remove_recursive, SUDO_DEBUG_ALIAS) if ((a = alias_remove(name, type)) != NULL) { TAILQ_FOREACH(m, &a->members, entries) { if (m->type == ALIAS) { if (!alias_remove_recursive(m->name, type)) rval = false; } } rbinsert(alias_freelist, a); } debug_return_bool(rval); } static int check_alias(char *name, int type, int strict, int quiet) { struct member *m; struct alias *a; int errors = 0; debug_decl(check_alias, SUDO_DEBUG_ALIAS) if ((a = alias_get(name, type)) != NULL) { /* check alias contents */ TAILQ_FOREACH(m, &a->members, entries) { if (m->type == ALIAS) errors += check_alias(m->name, type, strict, quiet); } alias_put(a); } else { if (!quiet) { if (errno == ELOOP) { warningx(strict ? U_("Error: cycle in %s_Alias `%s'") : U_("Warning: cycle in %s_Alias `%s'"), type == HOSTALIAS ? "Host" : type == CMNDALIAS ? "Cmnd" : type == USERALIAS ? "User" : type == RUNASALIAS ? "Runas" : "Unknown", name); } else { warningx(strict ? U_("Error: %s_Alias `%s' referenced but not defined") : U_("Warning: %s_Alias `%s' referenced but not defined"), type == HOSTALIAS ? "Host" : type == CMNDALIAS ? "Cmnd" : type == USERALIAS ? "User" : type == RUNASALIAS ? "Runas" : "Unknown", name); } } errors++; } debug_return_int(errors); } /* * Iterate through the sudoers datastructures looking for undefined * aliases or unused aliases. */ static int check_aliases(bool strict, bool quiet) { struct cmndspec *cs; struct member *m; struct privilege *priv; struct userspec *us; struct defaults *d; int atype, errors = 0; debug_decl(check_aliases, SUDO_DEBUG_ALIAS) alias_freelist = rbcreate(alias_compare); /* Forward check. */ TAILQ_FOREACH(us, &userspecs, entries) { TAILQ_FOREACH(m, &us->users, entries) { if (m->type == ALIAS) { errors += check_alias(m->name, USERALIAS, strict, quiet); } } TAILQ_FOREACH(priv, &us->privileges, entries) { TAILQ_FOREACH(m, &priv->hostlist, entries) { if (m->type == ALIAS) { errors += check_alias(m->name, HOSTALIAS, strict, quiet); } } TAILQ_FOREACH(cs, &priv->cmndlist, entries) { if (cs->runasuserlist != NULL) { TAILQ_FOREACH(m, cs->runasuserlist, entries) { if (m->type == ALIAS) { errors += check_alias(m->name, RUNASALIAS, strict, quiet); } } } if (cs->runasgrouplist != NULL) { TAILQ_FOREACH(m, cs->runasgrouplist, entries) { if (m->type == ALIAS) { errors += check_alias(m->name, RUNASALIAS, strict, quiet); } } } if ((m = cs->cmnd)->type == ALIAS) { errors += check_alias(m->name, CMNDALIAS, strict, quiet); } } } } /* Reverse check (destructive) */ TAILQ_FOREACH(us, &userspecs, entries) { TAILQ_FOREACH(m, &us->users, entries) { if (m->type == ALIAS) { if (!alias_remove_recursive(m->name, USERALIAS)) errors++; } } TAILQ_FOREACH(priv, &us->privileges, entries) { TAILQ_FOREACH(m, &priv->hostlist, entries) { if (m->type == ALIAS) { if (!alias_remove_recursive(m->name, HOSTALIAS)) errors++; } } TAILQ_FOREACH(cs, &priv->cmndlist, entries) { if (cs->runasuserlist != NULL) { TAILQ_FOREACH(m, cs->runasuserlist, entries) { if (m->type == ALIAS) { if (!alias_remove_recursive(m->name, RUNASALIAS)) errors++; } } } if (cs->runasgrouplist != NULL) { TAILQ_FOREACH(m, cs->runasgrouplist, entries) { if (m->type == ALIAS) { if (!alias_remove_recursive(m->name, RUNASALIAS)) errors++; } } } if ((m = cs->cmnd)->type == ALIAS) { if (!alias_remove_recursive(m->name, CMNDALIAS)) errors++; } } } } TAILQ_FOREACH(d, &defaults, entries) { switch (d->type) { case DEFAULTS_HOST: atype = HOSTALIAS; break; case DEFAULTS_USER: atype = USERALIAS; break; case DEFAULTS_RUNAS: atype = RUNASALIAS; break; case DEFAULTS_CMND: atype = CMNDALIAS; break; default: continue; /* not an alias */ } TAILQ_FOREACH(m, d->binding, entries) { if (m->type == ALIAS) { if (!alias_remove_recursive(m->name, atype)) errors++; } } } rbdestroy(alias_freelist, alias_free); /* If all aliases were referenced we will have an empty tree. */ if (!no_aliases() && !quiet) alias_apply(print_unused, strict ? "Error" : "Warning"); debug_return_int(strict ? errors : 0); } static int print_unused(void *v1, void *v2) { struct alias *a = (struct alias *)v1; char *prefix = (char *)v2; warningx_nodebug(U_("%s: unused %s_Alias %s"), prefix, a->type == HOSTALIAS ? "Host" : a->type == CMNDALIAS ? "Cmnd" : a->type == USERALIAS ? "User" : a->type == RUNASALIAS ? "Runas" : "Unknown", a->name); return 0; } /* * Unlink any sudoers temp files that remain. */ static void visudo_cleanup(void) { struct sudoersfile *sp; TAILQ_FOREACH(sp, &sudoerslist, entries) { if (sp->tpath != NULL) (void) unlink(sp->tpath); } sudo_endpwent(); sudo_endgrent(); } /* * Unlink sudoers temp files (if any) and exit. */ static void quit(int signo) { struct sudoersfile *sp; struct iovec iov[4]; TAILQ_FOREACH(sp, &sudoerslist, entries) { if (sp->tpath != NULL) (void) unlink(sp->tpath); } #define emsg " exiting due to signal: " iov[0].iov_base = (char *)getprogname(); iov[0].iov_len = strlen(iov[0].iov_base); iov[1].iov_base = emsg; iov[1].iov_len = sizeof(emsg) - 1; iov[2].iov_base = strsignal(signo); iov[2].iov_len = strlen(iov[2].iov_base); iov[3].iov_base = "\n"; iov[3].iov_len = 1; ignore_result(writev(STDERR_FILENO, iov, 4)); _exit(signo); } static void usage(int fatal) { (void) fprintf(fatal ? stderr : stdout, "usage: %s [-chqsV] [-f sudoers] [-x file]\n", getprogname()); if (fatal) exit(1); } static void help(void) { (void) printf(_("%s - safely edit the sudoers file\n\n"), getprogname()); usage(0); (void) puts(_("\nOptions:\n" " -c, --check check-only mode\n" " -f, --file=file specify sudoers file location\n" " -h, --help display help message and exit\n" " -q, --quiet less verbose (quiet) syntax error messages\n" " -s, --strict strict syntax checking\n" " -V, --version display version information and exit\n" " -x, --export=file export sudoers in JSON format")); exit(0); } sudo-1.8.9p5/plugins/sudoers/visudo_json.c010064400175440000012000000633721226304126300202310ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H #include #endif /* HAVE_UNISTD_H */ #include #include #include "sudoers.h" #include "parse.h" #include "gettext.h" #include /* * JSON values may be of the following types. */ enum json_value_type { JSON_STRING, JSON_ID, JSON_NUMBER, JSON_OBJECT, JSON_ARRAY, JSON_BOOL, JSON_NULL }; /* * JSON value suitable for printing. * Note: this does not support object or array values. */ struct json_value { enum json_value_type type; union { char *string; int number; id_t id; bool boolean; } u; }; /* * Closure used to store state when iterating over all aliases. */ struct json_alias_closure { FILE *fp; const char *title; unsigned int count; int alias_type; int indent; bool need_comma; }; /* * Type values used to disambiguate the generic WORD and ALIAS types. */ enum word_type { TYPE_COMMAND, TYPE_HOSTNAME, TYPE_RUNASGROUP, TYPE_RUNASUSER, TYPE_USERNAME }; /* * Print "indent" number of blank characters. */ static void print_indent(FILE *fp, int indent) { while (indent--) putc(' ', fp); } /* * Print a JSON string, escaping special characters. * Does not support unicode escapes. */ static void print_string_json_unquoted(FILE *fp, const char *str) { char ch; while ((ch = *str++) != '\0') { switch (ch) { case '"': case '\\': case '/': putc('\\', fp); break; case '\b': ch = 'b'; putc('\\', fp); break; case '\f': ch = 'f'; putc('\\', fp); break; case '\n': ch = 'n'; putc('\\', fp); break; case '\r': ch = 'r'; putc('\\', fp); break; case '\t': ch = 't'; putc('\\', fp); break; } putc(ch, fp); } } /* * Print a quoted JSON string, escaping special characters. * Does not support unicode escapes. */ static void print_string_json(FILE *fp, const char *str) { putc('\"', fp); print_string_json_unquoted(fp, str); putc('\"', fp); } /* * Print a JSON name: value pair with proper quoting and escaping. */ static void print_pair_json(FILE *fp, const char *pre, const char *name, const struct json_value *value, const char *post, int indent) { debug_decl(print_pair_json, SUDO_DEBUG_UTIL) print_indent(fp, indent); /* prefix */ if (pre != NULL) fputs(pre, fp); /* name */ print_string_json(fp, name); putc(':', fp); putc(' ', fp); /* value */ switch (value->type) { case JSON_STRING: print_string_json(fp, value->u.string); break; case JSON_ID: fprintf(fp, "%u", (unsigned int)value->u.id); break; case JSON_NUMBER: fprintf(fp, "%d", value->u.number); break; case JSON_NULL: fputs("null", fp); break; case JSON_BOOL: fputs(value->u.boolean ? "true" : "false", fp); break; case JSON_OBJECT: fatalx("internal error: can't print JSON_OBJECT"); break; case JSON_ARRAY: fatalx("internal error: can't print JSON_ARRAY"); break; } /* postfix */ if (post != NULL) fputs(post, fp); debug_return; } /* * Print a JSON string with optional prefix and postfix to fp. * Strings are not quoted but are escaped as per the JSON spec. */ static void printstr_json(FILE *fp, const char *pre, const char *str, const char *post, int indent) { debug_decl(printstr_json, SUDO_DEBUG_UTIL) print_indent(fp, indent); if (pre != NULL) fputs(pre, fp); if (str != NULL) { print_string_json_unquoted(fp, str); } if (post != NULL) fputs(post, fp); debug_return; } /* * Print struct sudo_command in JSON format, with specified indentation. * If last_one is false, a comma will be printed before the newline * that closes the object. */ static void print_command_json(FILE *fp, struct sudo_command *c, int indent, bool last_one) { struct json_value value; const char *digest_name; debug_decl(print_command_json, SUDO_DEBUG_UTIL) printstr_json(fp, "{", NULL, NULL, indent); if (c->digest != NULL) { putc('\n', fp); indent += 4; switch (c->digest->digest_type) { case SUDO_DIGEST_SHA224: digest_name = "sha224"; break; case SUDO_DIGEST_SHA256: digest_name = "sha256"; break; case SUDO_DIGEST_SHA384: digest_name = "sha384"; break; case SUDO_DIGEST_SHA512: digest_name = "sha512"; break; default: digest_name = "invalid digest"; break; } value.type = JSON_STRING; value.u.string = c->digest->digest_str; print_pair_json(fp, NULL, digest_name, &value, ",\n", indent); } else { putc(' ', fp); indent = 0; } if (c->args != NULL) { printstr_json(fp, "\"", "command", "\": ", indent); printstr_json(fp, "\"", c->cmnd, " ", 0); printstr_json(fp, NULL, c->args, "\"", 0); } else { value.type = JSON_STRING; value.u.string = c->cmnd; print_pair_json(fp, NULL, "command", &value, NULL, indent); } if (c->digest != NULL) { indent -= 4; putc('\n', fp); print_indent(fp, indent); } else { putc(' ', fp); } putc('}', fp); if (!last_one) putc(',', fp); putc('\n', fp); debug_return; } /* * Map an alias type to enum word_type. */ static enum word_type alias_to_word_type(int alias_type) { switch (alias_type) { case CMNDALIAS: return TYPE_COMMAND; case HOSTALIAS: return TYPE_HOSTNAME; case RUNASALIAS: return TYPE_RUNASUSER; case USERALIAS: return TYPE_USERNAME; default: fatalx_nodebug("unexpected alias type %d", alias_type); } } /* * Map a Defaults type to enum word_type. */ static enum word_type defaults_to_word_type(int defaults_type) { switch (defaults_type) { case DEFAULTS_CMND: return TYPE_COMMAND; case DEFAULTS_HOST: return TYPE_HOSTNAME; case DEFAULTS_RUNAS: return TYPE_RUNASUSER; case DEFAULTS_USER: return TYPE_USERNAME; default: fatalx_nodebug("unexpected defaults type %d", defaults_type); } } /* * Print struct member in JSON format, with specified indentation. * If last_one is false, a comma will be printed before the newline * that closes the object. */ static void print_member_json(FILE *fp, struct member *m, enum word_type word_type, bool last_one, int indent) { struct json_value value; const char *typestr; const char *errstr; id_t id; debug_decl(print_member_json, SUDO_DEBUG_UTIL) /* Most of the time we print a string. */ value.type = JSON_STRING; value.u.string = m->name; switch (m->type) { case USERGROUP: value.u.string++; /* skip leading '%' */ if (*value.u.string == ':') { value.u.string++; typestr = "nonunixgroup"; if (*value.u.string == '#') { id = atoid(m->name + 3, NULL, NULL, &errstr); if (errstr != NULL) { warningx("internal error: non-Unix group ID %s: \"%s\"", errstr, m->name); } else { value.type = JSON_ID; value.u.id = id; typestr = "nonunixgid"; } } } else { typestr = "usergroup"; if (*value.u.string == '#') { id = atoid(m->name + 2, NULL, NULL, &errstr); if (errstr != NULL) { warningx("internal error: group ID %s: \"%s\"", errstr, m->name); } else { value.type = JSON_ID; value.u.id = id; typestr = "usergid"; } } } break; case NETGROUP: typestr = "netgroup"; value.u.string++; /* skip leading '+' */ break; case NTWKADDR: typestr = "networkaddr"; break; case COMMAND: print_command_json(fp, (struct sudo_command *)m->name, indent, last_one); debug_return; case WORD: switch (word_type) { case TYPE_HOSTNAME: typestr = "hostname"; break; case TYPE_RUNASGROUP: typestr = "usergroup"; break; case TYPE_RUNASUSER: case TYPE_USERNAME: typestr = "username"; if (*value.u.string == '#') { id = atoid(m->name + 1, NULL, NULL, &errstr); if (errstr != NULL) { warningx("internal error: user ID %s: \"%s\"", errstr, m->name); } else { value.type = JSON_ID; value.u.id = id; typestr = "userid"; } } break; default: fatalx("unexpected word type %d", word_type); } break; case ALL: value.u.string = "ALL"; /* FALLTHROUGH */ case ALIAS: switch (word_type) { case TYPE_COMMAND: typestr = "cmndalias"; break; case TYPE_HOSTNAME: typestr = "hostalias"; break; case TYPE_RUNASGROUP: case TYPE_RUNASUSER: typestr = "runasalias"; break; case TYPE_USERNAME: typestr = "useralias"; break; default: fatalx("unexpected word type %d", word_type); } break; default: fatalx("unexpected member type %d", m->type); } print_pair_json(fp, "{ ", typestr, &value, " }", indent); if (!last_one) putc(',', fp); putc('\n', fp); debug_return; } /* * Callback for alias_apply() to print an alias entry if it matches * the type specified in the closure. */ int print_alias_json(void *v1, void *v2) { struct alias *a = v1; struct json_alias_closure *closure = v2; struct member *m; debug_decl(print_alias_json, SUDO_DEBUG_UTIL) if (a->type != closure->alias_type) debug_return_int(0); /* Open the aliases object or close the last entry, then open new one. */ if (closure->count++ == 0) { fprintf(closure->fp, "%s\n%*s\"%s\": {\n", closure->need_comma ? "," : "", closure->indent, "", closure->title); closure->indent += 4; } else { fprintf(closure->fp, "%*s],\n", closure->indent, ""); } printstr_json(closure->fp, "\"", a->name, "\": [\n", closure->indent); closure->indent += 4; TAILQ_FOREACH(m, &a->members, entries) { print_member_json(closure->fp, m, alias_to_word_type(closure->alias_type), TAILQ_NEXT(m, entries) == NULL, closure->indent); } closure->indent -= 4; debug_return_int(0); } /* * Print the binding for a Defaults entry of the specified type. */ static void print_binding_json(FILE *fp, struct member_list *binding, int type, int indent) { struct member *m; debug_decl(print_binding_json, SUDO_DEBUG_UTIL) if (TAILQ_EMPTY(binding)) debug_return; fprintf(fp, "%*s\"Binding\": [\n", indent, ""); indent += 4; /* Print each member object in binding. */ TAILQ_FOREACH(m, binding, entries) { print_member_json(fp, m, defaults_to_word_type(type), TAILQ_NEXT(m, entries) == NULL, indent); } indent -= 4; fprintf(fp, "%*s],\n", indent, ""); debug_return; } /* * Print a Defaults list JSON format. */ static void print_defaults_list_json(FILE *fp, struct defaults *def, int indent) { char savech, *start, *end = def->val; struct json_value value; debug_decl(print_defaults_list_json, SUDO_DEBUG_UTIL) fprintf(fp, "%*s{\n", indent, ""); indent += 4; value.type = JSON_STRING; switch (def->op) { case '+': value.u.string = "list_add"; break; case '-': value.u.string = "list_remove"; break; case true: value.u.string = "list_assign"; break; default: warningx("internal error: unexpected list op %d", def->op); value.u.string = "unsupported"; break; } print_pair_json(fp, NULL, "operation", &value, ",\n", indent); printstr_json(fp, "\"", def->var, "\": [\n", indent); indent += 4; print_indent(fp, indent); /* Split value into multiple space-separated words. */ do { /* Remove leading blanks, must have a non-empty string. */ for (start = end; isblank((unsigned char)*start); start++) ; if (*start == '\0') break; /* Find the end and print it. */ for (end = start; *end && !isblank((unsigned char)*end); end++) ; savech = *end; *end = '\0'; print_string_json(fp, start); if (savech != '\0') putc(',', fp); *end = savech; } while (*end++ != '\0'); putc('\n', fp); indent -= 4; fprintf(fp, "%*s]\n", indent, ""); indent -= 4; fprintf(fp, "%*s}", indent, ""); debug_return; } static int get_defaults_type(struct defaults *def) { struct sudo_defs_types *cur; /* Look up def in table to find its type. */ for (cur = sudo_defs_table; cur->name; cur++) { if (strcmp(def->var, cur->name) == 0) return cur->type; } return -1; } /* * Export all Defaults in JSON format. */ static bool print_defaults_json(FILE *fp, int indent, bool need_comma) { struct json_value value; struct defaults *def, *next; int type; debug_decl(print_defaults_json, SUDO_DEBUG_UTIL) if (TAILQ_EMPTY(&defaults)) debug_return_bool(need_comma); fprintf(fp, "%s\n%*s\"Defaults\": [\n", need_comma ? "," : "", indent, ""); TAILQ_FOREACH_SAFE(def, &defaults, entries, next) { type = get_defaults_type(def); if (type == -1) { warningx(U_("unknown defaults entry `%s'"), def->var); /* XXX - just pass it through as a string anyway? */ continue; } /* Found it, print object container and binding (if any). */ indent += 4; fprintf(fp, "%*s{\n", indent, ""); indent += 4; print_binding_json(fp, def->binding, def->type, indent); /* Validation checks. */ /* XXX - validate values in addition to names? */ /* Print options, merging ones with the same binding. */ fprintf(fp, "%*s\"Options\": [\n", indent, ""); indent += 4; for (;;) { next = TAILQ_NEXT(def, entries); /* XXX - need to update cur too */ if ((type & T_MASK) == T_FLAG || def->val == NULL) { value.type = JSON_BOOL; value.u.boolean = def->op; print_pair_json(fp, "{ ", def->var, &value, " }", indent); } else if ((type & T_MASK) == T_LIST) { print_defaults_list_json(fp, def, indent); } else { value.type = JSON_STRING; value.u.string = def->val; print_pair_json(fp, "{ ", def->var, &value, " }", indent); } if (next == NULL || def->binding != next->binding) break; def = next; type = get_defaults_type(def); if (type == -1) { warningx(U_("unknown defaults entry `%s'"), def->var); /* XXX - just pass it through as a string anyway? */ break;; } fputs(",\n", fp); } putc('\n', fp); indent -= 4; print_indent(fp, indent); fputs("]\n", fp); indent -= 4; print_indent(fp, indent); fprintf(fp, "}%s\n", next != NULL ? "," : ""); } /* Close Defaults array; comma (if any) & newline will be printer later. */ indent -= 4; print_indent(fp, indent); fputs("]", fp); debug_return_bool(true); } /* * Export all aliases of the specified type in JSON format. * Iterates through the entire aliases tree. */ static bool print_aliases_by_type_json(FILE *fp, int alias_type, const char *title, int indent, bool need_comma) { struct json_alias_closure closure; debug_decl(print_aliases_by_type_json, SUDO_DEBUG_UTIL) closure.fp = fp; closure.indent = indent; closure.count = 0; closure.alias_type = alias_type; closure.title = title; closure.need_comma = need_comma; alias_apply(print_alias_json, &closure); if (closure.count != 0) { print_indent(fp, closure.indent); fputs("]\n", fp); closure.indent -= 4; print_indent(fp, closure.indent); putc('}', fp); need_comma = true; } debug_return_bool(need_comma); } /* * Export all aliases in JSON format. */ static bool print_aliases_json(FILE *fp, int indent, bool need_comma) { debug_decl(print_aliases_json, SUDO_DEBUG_UTIL) need_comma = print_aliases_by_type_json(fp, USERALIAS, "User_Aliases", indent, need_comma); need_comma = print_aliases_by_type_json(fp, RUNASALIAS, "Runas_Aliases", indent, need_comma); need_comma = print_aliases_by_type_json(fp, HOSTALIAS, "Host_Aliases", indent, need_comma); need_comma = print_aliases_by_type_json(fp, CMNDALIAS, "Command_Aliases", indent, need_comma); debug_return_bool(need_comma); } /* XXX these are all duplicated w/ parse.c */ #define RUNAS_CHANGED(cs1, cs2) \ (cs1 == NULL || cs2 == NULL || \ cs1->runasuserlist != cs2->runasuserlist || \ cs1->runasgrouplist != cs2->runasgrouplist) #define TAG_SET(tt) \ ((tt) != UNSPEC && (tt) != IMPLIED) #define TAGS_CHANGED(ot, nt) \ ((TAG_SET((nt).setenv) && (nt).setenv != (ot).setenv) || \ (TAG_SET((nt).noexec) && (nt).noexec != (ot).noexec) || \ (TAG_SET((nt).nopasswd) && (nt).nopasswd != (ot).nopasswd) || \ (TAG_SET((nt).log_input) && (nt).log_input != (ot).log_input) || \ (TAG_SET((nt).log_output) && (nt).log_output != (ot).log_output)) /* * Print a Cmnd_Spec in JSON format at the specified indent level. * A pointer to the next Cmnd_Spec is passed in to make it possible to * merge adjacent entries that are identical in all but the command. */ static void print_cmndspec_json(FILE *fp, struct cmndspec *cs, struct cmndspec **nextp, int indent) { struct cmndspec *next = *nextp; struct json_value value; struct member *m; bool last_one; debug_decl(print_cmndspec_json, SUDO_DEBUG_UTIL) /* Open Cmnd_Spec object. */ fprintf(fp, "%*s{\n", indent, ""); indent += 4; /* Print runasuserlist */ if (cs->runasuserlist != NULL) { fprintf(fp, "%*s\"runasusers\": [\n", indent, ""); indent += 4; TAILQ_FOREACH(m, cs->runasuserlist, entries) { print_member_json(fp, m, TYPE_RUNASUSER, TAILQ_NEXT(m, entries) == NULL, indent); } indent -= 4; fprintf(fp, "%*s],\n", indent, ""); } /* Print runasgrouplist */ if (cs->runasgrouplist != NULL) { fprintf(fp, "%*s\"runasgroups\": [\n", indent, ""); indent += 4; TAILQ_FOREACH(m, cs->runasgrouplist, entries) { print_member_json(fp, m, TYPE_RUNASGROUP, TAILQ_NEXT(m, entries) == NULL, indent); } indent -= 4; fprintf(fp, "%*s],\n", indent, ""); } /* Print tags */ if (cs->tags.nopasswd != UNSPEC || cs->tags.noexec != UNSPEC || cs->tags.setenv != UNSPEC || cs->tags.log_input != UNSPEC || cs->tags.log_output != UNSPEC) { fprintf(fp, "%*s\"Options\": {\n", indent, ""); indent += 4; if (cs->tags.nopasswd != UNSPEC) { value.type = JSON_BOOL; value.u.boolean = !cs->tags.nopasswd; last_one = cs->tags.noexec == UNSPEC && cs->tags.setenv == UNSPEC && cs->tags.log_input == UNSPEC && cs->tags.log_output == UNSPEC; print_pair_json(fp, NULL, "authenticate", &value, last_one ? "\n" : ",\n", indent); } if (cs->tags.noexec != UNSPEC) { value.type = JSON_BOOL; value.u.boolean = cs->tags.noexec; last_one = cs->tags.setenv == UNSPEC && cs->tags.log_input == UNSPEC && cs->tags.log_output == UNSPEC; print_pair_json(fp, NULL, "noexec", &value, last_one ? "\n" : ",\n", indent); } if (cs->tags.setenv != UNSPEC) { value.type = JSON_BOOL; value.u.boolean = cs->tags.setenv; last_one = cs->tags.log_input == UNSPEC && cs->tags.log_output == UNSPEC; print_pair_json(fp, NULL, "setenv", &value, last_one ? "\n" : ",\n", indent); } if (cs->tags.log_input != UNSPEC) { value.type = JSON_BOOL; value.u.boolean = cs->tags.log_input; last_one = cs->tags.log_output == UNSPEC; print_pair_json(fp, NULL, "log_input", &value, last_one ? "\n" : ",\n", indent); } if (cs->tags.log_output != UNSPEC) { value.type = JSON_BOOL; value.u.boolean = cs->tags.log_output; print_pair_json(fp, NULL, "log_output", &value, "\n", indent); } indent -= 4; fprintf(fp, "%*s},\n", indent, ""); } #ifdef HAVE_SELINUX /* Print SELinux role/type */ if (cs->role != NULL && cs->type != NULL) { fprintf(fp, "%*s\"SELinux_Spec\": [\n", indent, ""); indent += 4; value.type = JSON_STRING; value.u.string = cs->role; print_pair_json(fp, NULL, "role", &value, ",\n", indent); value.u.string = cs->type; print_pair_json(fp, NULL, "type", &value, "\n", indent); indent -= 4; fprintf(fp, "%*s],\n", indent, ""); } #endif /* HAVE_SELINUX */ #ifdef HAVE_PRIV_SET /* Print Solaris privs/limitprivs */ if (cs->privs != NULL || cs->limitprivs != NULL) { fprintf(fp, "%*s\"Solaris_Priv_Spec\": [\n", indent, ""); indent += 4; value.type = JSON_STRING; if (cs->privs != NULL) { value.u.string = cs->privs; print_pair_json(fp, NULL, "privs", &value, cs->limitprivs != NULL ? ",\n" : "\n", indent); } if (cs->limitprivs != NULL) { value.u.string = cs->limitprivs; print_pair_json(fp, NULL, "limitprivs", &value, "\n", indent); } indent -= 4; fprintf(fp, "%*s],\n", indent, ""); } #endif /* HAVE_PRIV_SET */ /* * Merge adjacent commands with matching tags, runas, SELinux * role/type and Solaris priv settings. */ fprintf(fp, "%*s\"Commands\": [\n", indent, ""); indent += 4; for (;;) { /* Does the next entry differ only in the command itself? */ /* XXX - move into a function that returns bool */ last_one = next == NULL || RUNAS_CHANGED(cs, next) || TAGS_CHANGED(cs->tags, next->tags) #ifdef HAVE_PRIV_SET || cs->privs != next->privs || cs->limitprivs != next->limitprivs #endif /* HAVE_PRIV_SET */ #ifdef HAVE_SELINUX || cs->role != next->role || cs->type != next->type #endif /* HAVE_SELINUX */ ; print_member_json(fp, cs->cmnd, TYPE_COMMAND, last_one, indent); if (last_one) break; cs = next; next = TAILQ_NEXT(cs, entries); } indent -= 4; fprintf(fp, "%*s]\n", indent, ""); /* Close Cmnd_Spec object. */ indent -= 4; fprintf(fp, "%*s}%s\n", indent, "", TAILQ_NEXT(cs, entries) != NULL ? "," : ""); *nextp = next; debug_return; } /* * Print a User_Spec in JSON format at the specified indent level. */ static void print_userspec_json(FILE *fp, struct userspec *us, int indent) { struct privilege *priv; struct member *m; struct cmndspec *cs, *next; debug_decl(print_userspec_json, SUDO_DEBUG_UTIL) /* * Each userspec struct may contain multiple privileges for * a user. We export each privilege as a separate User_Spec * object for simplicity's sake. */ TAILQ_FOREACH(priv, &us->privileges, entries) { /* Open User_Spec object. */ fprintf(fp, "%*s{\n", indent, ""); indent += 4; /* Print users list. */ fprintf(fp, "%*s\"User_List\": [\n", indent, ""); indent += 4; TAILQ_FOREACH(m, &us->users, entries) { print_member_json(fp, m, TYPE_USERNAME, TAILQ_NEXT(m, entries) == NULL, indent); } indent -= 4; fprintf(fp, "%*s],\n", indent, ""); /* Print hosts list. */ fprintf(fp, "%*s\"Host_List\": [\n", indent, ""); indent += 4; TAILQ_FOREACH(m, &priv->hostlist, entries) { print_member_json(fp, m, TYPE_HOSTNAME, TAILQ_NEXT(m, entries) == NULL, indent); } indent -= 4; fprintf(fp, "%*s],\n", indent, ""); /* Print commands. */ fprintf(fp, "%*s\"Cmnd_Specs\": [\n", indent, ""); indent += 4; TAILQ_FOREACH_SAFE(cs, &priv->cmndlist, entries, next) { print_cmndspec_json(fp, cs, &next, indent); } indent -= 4; fprintf(fp, "%*s]\n", indent, ""); /* Close User_Spec object. */ indent -= 4; fprintf(fp, "%*s}%s\n", indent, "", TAILQ_NEXT(priv, entries) != NULL || TAILQ_NEXT(us, entries) != NULL ? "," : ""); } debug_return; } static bool print_userspecs_json(FILE *fp, int indent, bool need_comma) { struct userspec *us; debug_decl(print_userspecs_json, SUDO_DEBUG_UTIL) if (TAILQ_EMPTY(&userspecs)) debug_return_bool(need_comma); fprintf(fp, "%s\n%*s\"User_Specs\": [\n", need_comma ? "," : "", indent, ""); indent += 4; TAILQ_FOREACH(us, &userspecs, entries) { print_userspec_json(fp, us, indent); } indent -= 4; fprintf(fp, "%*s]", indent, ""); debug_return_bool(true); } /* * Export the parsed sudoers file in JSON format. * XXX - ignores strict flag and doesn't pass through quiet flag */ bool export_sudoers(const char *sudoers_path, const char *export_path, bool quiet, bool strict) { bool ok = false, need_comma = false; const int indent = 4; FILE *export_fp; debug_decl(export_sudoers, SUDO_DEBUG_UTIL) if (strcmp(sudoers_path, "-") == 0) { sudoersin = stdin; sudoers_path = "stdin"; } else if ((sudoersin = fopen(sudoers_path, "r")) == NULL) { if (!quiet) warning(U_("unable to open %s"), sudoers_path); goto done; } if (strcmp(export_path, "-") == 0) { export_fp = stdout; export_path = "stdout"; } else if ((export_fp = fopen(export_path, "w")) == NULL) { if (!quiet) warning(U_("unable to open %s"), export_path); goto done; } init_parser(sudoers_path, quiet); if (sudoersparse() && !parse_error) { if (!quiet) warningx(U_("failed to parse %s file, unknown error"), sudoers_path); parse_error = true; errorfile = sudoers_path; } ok = !parse_error; if (parse_error) { if (!quiet) { if (errorlineno != -1) warningx(_("parse error in %s near line %d\n"), errorfile, errorlineno); else if (errorfile != NULL) warningx(_("parse error in %s\n"), errorfile); } goto done; } /* Open JSON output. */ putc('{', export_fp); /* Dump Defaults in JSON format. */ need_comma = print_defaults_json(export_fp, indent, need_comma); /* Dump Aliases in JSON format. */ need_comma = print_aliases_json(export_fp, indent, need_comma); /* Dump User_Specs in JSON format. */ print_userspecs_json(export_fp, indent, need_comma); /* Close JSON output. */ fputs("\n}\n", export_fp); fclose(export_fp); done: debug_return_bool(ok); } sudo-1.8.9p5/plugins/system_group/Makefile.in010064400175440000012000000077531226304126300206450ustar00millertstaff# # Copyright (c) 2011-2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # @configure_input@ # #### Start of system configuration section. #### srcdir = @srcdir@ devdir = @devdir@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ incdir = $(top_srcdir)/include cross_compiling = @CROSS_COMPILING@ # Compiler & tools to use CC = @CC@ LIBTOOL = @LIBTOOL@ @LT_STATIC@ # Our install program supports extra flags... INSTALL = $(SHELL) $(top_srcdir)/install-sh -c # Libraries LT_LIBS = $(LIBOBJDIR)libreplace.la LIBS = $(LT_LIBS) # C preprocessor flags CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(top_srcdir) @CPPFLAGS@ # Usually -O and/or -g CFLAGS = @CFLAGS@ # Flags to pass to the link stage LDFLAGS = @LDFLAGS@ LT_LDFLAGS = @LT_LDFLAGS@ @LT_LDMAP@ @LT_LDOPT@ @LT_LDEXPORTS@ # PIE flags PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ # Stack smashing protection flags SSP_CFLAGS = @SSP_CFLAGS@ SSP_LDFLAGS = @SSP_LDFLAGS@ # Where to install things... prefix = @prefix@ exec_prefix = @exec_prefix@ bindir = @bindir@ sbindir = @sbindir@ sysconfdir = @sysconfdir@ libexecdir = @libexecdir@ datarootdir = @datarootdir@ localstatedir = @localstatedir@ plugindir = @PLUGINDIR@ # File extension, mode and map file to use for shared libraries/objects soext = @SOEXT@ shlib_mode = @SHLIB_MODE@ shlib_exp = $(srcdir)/system_group.exp shlib_map = system_group.map shlib_opt = system_group.opt # OS dependent defines DEFS = @OSDEFS@ #### End of system configuration section. #### SHELL = @SHELL@ OBJS = system_group.lo LIBOBJDIR = $(top_builddir)/@ac_config_libobj_dir@/ VERSION = @PACKAGE_VERSION@ all: system_group.la Makefile: $(srcdir)/Makefile.in (cd $(top_builddir) && ./config.status --file plugins/system_group/Makefile) .SUFFIXES: .o .c .h .lo .c.lo: $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $< $(shlib_map): $(shlib_exp) @awk 'BEGIN { print "{\n\tglobal:" } { print "\t\t"$$0";" } END { print "\tlocal:\n\t\t*;\n};" }' $(shlib_exp) > $@ $(shlib_opt): $(shlib_exp) @sed 's/^/+e /' $(shlib_exp) > $@ system_group.la: $(OBJS) $(LT_LIBS) @LT_LDDEP@ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) -o $@ $(OBJS) $(LIBS) -module -avoid-version -rpath $(plugindir) pre-install: install: install-plugin install-dirs: $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir) install-binaries: install-includes: install-doc: install-plugin: install-dirs system_group.la if [ X"$(soext)" != X"" ]; then \ $(INSTALL) -b~ -m $(shlib_mode) .libs/system_group$(soext) $(DESTDIR)$(plugindir)/system_group.so; \ fi uninstall: -rm -f $(DESTDIR)$(plugindir)/system_group.so check: clean: -$(LIBTOOL) --mode=clean rm -f *.lo *.o *.la *.a stamp-* core *.core core.* mostlyclean: clean distclean: clean -rm -rf Makefile .libs clobber: distclean realclean: distclean rm -f TAGS tags cleandir: realclean # Autogenerated dependencies, do not modify system_group.lo: $(srcdir)/system_group.c $(incdir)/missing.h \ $(incdir)/sudo_dso.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/system_group.c sudo-1.8.9p5/plugins/system_group/system_group.c010064400175440000012000000103241226304126300214700ustar00millertstaff/* * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif /* HAVE_STDBOOL_H */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include #include #include #include "missing.h" #include "sudo_dso.h" #include "sudo_plugin.h" #include "sudo_util.h" /* * Sudoers group plugin that does group name-based lookups using the system * group database functions, similar to how sudo behaved prior to 1.7.3. * This can be used on systems where lookups by group ID are problematic. */ static sudo_printf_t sudo_log; typedef struct group * (*sysgroup_getgrnam_t)(const char *); typedef struct group * (*sysgroup_getgrgid_t)(gid_t); typedef void (*sysgroup_gr_delref_t)(struct group *); static sysgroup_getgrnam_t sysgroup_getgrnam; static sysgroup_getgrgid_t sysgroup_getgrgid; static sysgroup_gr_delref_t sysgroup_gr_delref; static bool need_setent; static int sysgroup_init(int version, sudo_printf_t sudo_printf, char *const argv[]) { void *handle; sudo_log = sudo_printf; if (GROUP_API_VERSION_GET_MAJOR(version) != GROUP_API_VERSION_MAJOR) { sudo_log(SUDO_CONV_ERROR_MSG, "sysgroup_group: incompatible major version %d, expected %d\n", GROUP_API_VERSION_GET_MAJOR(version), GROUP_API_VERSION_MAJOR); return -1; } /* Share group cache with sudo if possible. */ handle = sudo_dso_findsym(SUDO_DSO_DEFAULT, "sudo_getgrnam"); if (handle != NULL) { sysgroup_getgrnam = (sysgroup_getgrnam_t)handle; } else { sysgroup_getgrnam = (sysgroup_getgrnam_t)getgrnam; need_setent = true; } handle = sudo_dso_findsym(SUDO_DSO_DEFAULT, "sudo_getgrgid"); if (handle != NULL) { sysgroup_getgrgid = (sysgroup_getgrgid_t)handle; } else { sysgroup_getgrgid = (sysgroup_getgrgid_t)getgrgid; need_setent = true; } handle = sudo_dso_findsym(SUDO_DSO_DEFAULT, "sudo_gr_delref"); if (handle != NULL) sysgroup_gr_delref = (sysgroup_gr_delref_t)handle; if (need_setent) setgrent(); return true; } static void sysgroup_cleanup(void) { if (need_setent) endgrent(); } /* * Returns true if "user" is a member of "group", else false. */ static int sysgroup_query(const char *user, const char *group, const struct passwd *pwd) { char **member; struct group *grp; grp = sysgroup_getgrnam(group); if (grp == NULL && group[0] == '#' && group[1] != '\0') { const char *errstr; gid_t gid = atoid(group + 1, NULL, NULL, &errstr); if (errstr == NULL) grp = sysgroup_getgrgid(gid); } if (grp != NULL) { for (member = grp->gr_mem; *member != NULL; member++) { if (strcasecmp(user, *member) == 0) { if (sysgroup_gr_delref) sysgroup_gr_delref(grp); return true; } } if (sysgroup_gr_delref) sysgroup_gr_delref(grp); } return false; } __dso_public struct sudoers_group_plugin group_plugin = { GROUP_API_VERSION, sysgroup_init, sysgroup_cleanup, sysgroup_query }; sudo-1.8.9p5/plugins/system_group/system_group.exp010064400175440000012000000000151226304126300220360ustar00millertstaffgroup_plugin sudo-1.8.9p5/pp010075500175440000012000006565571226304126300127400ustar00millertstaff#!/bin/sh # Copyright 2012 Quest Software, Inc. ALL RIGHTS RESERVED pp_revision="371" # Copyright 2012 Quest Software, Inc. ALL RIGHTS RESERVED. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. Neither the name of Quest Software, Inc. nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED # TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR # PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # Please see for more information pp_version="1.0.0.$pp_revision" pp_copyright="Copyright 2012, Quest Software, Inc. ALL RIGHTS RESERVED." pp_opt_debug=false pp_opt_destdir="$DESTDIR" pp_opt_install_script= pp_opt_list=false pp_opt_no_clean=false pp_opt_no_package=false pp_opt_only_front=false pp_opt_platform= pp_opt_probe=false pp_opt_strip=false pp_opt_save_unstripped=false pp_opt_vas_platforms=false pp_opt_wrkdir="`pwd`/pp.work.$$" pp_opt_verbose=false pp_opt_version=false pp_opt_input="-" pp_opt_init_vars="" pp_opt_eval= test -n "$PP_NO_CLEAN" && pp_opt_no_clean=true test -n "$PP_DEBUG" && pp_opt_debug=true test -n "$PP_VERBOSE" && pp_opt_verbose=true pp_main_cleanup () { pp_debug "main_cleanup" pp_remove_later_now if $pp_opt_no_clean || test x"$pp_platform" = x"unknown"; then : no cleanup else pp_backend_${pp_platform}_cleanup $pp_errors && pp_die "Errors during cleanup" if test -d "$pp_wrkdir"; then if $pp_opt_debug; then pp_debug "not removing $pp_wrkdir" else pp_verbose rm -rf "$pp_wrkdir" fi fi fi } pp_parseopts () { typeset a n _var _val while test $# -gt 0; do # convert -[dilpv] to --long-options case "$1" in --?*=?*) n=`echo "$1" | sed -ne 's/^--\([^=]*\)=.*/\1/p'` a=`echo "$1" | sed -ne 's/^--[^=]*=\(.*\)/\1/p'` shift set -- "--$n" "$a" "$@";; --?*) : ;; -d) shift; set -- "--debug" "$@";; -d*) a=`echo "$1" | sed -ne 's/^-.//'` shift; set -- "--debug" "$@";; -i) shift; set -- "--install-script" "$@";; -i*) a=`echo "$1" | sed -ne 's/^-.//'` shift; set -- "--install-script" "$a" "$@";; -l) shift; set -- "--list" "$@";; -l*) a=`echo "$1" | sed -ne 's/^-.//'` shift; set -- "--list" "$@";; -p) shift; set -- "--platform" "$@";; -p*) a=`echo "$1" | sed -ne 's/^-.//'` shift; set -- "--platform" "$a" "$@";; -v) shift; set -- "--verbose" "$@";; -v*) a=`echo "$1" | sed -ne 's/^-.//'` shift; set -- "--verbose" "$@";; -\?) shift; set -- "--help" "$@";; -\?*) a=`echo "$1" | sed -ne 's/^-.//'` shift; set -- "--help" "$@";; esac case "$1" in --destdir|--eval|--install-script|--platform|--wrkdir) test $# -ge 2 || pp_error "missing argument to $1";; esac case "$1" in --) shift;break;; --debug) pp_opt_debug=true; shift;; --destdir) pp_opt_destdir="$2"; shift;shift;; --eval) pp_opt_eval="$2"; shift;shift;; # undoc --install-script) pp_opt_install_script="$2"; shift;shift;; --list) pp_opt_list=true; shift;; --no-clean) pp_opt_no_clean=true; shift;; --no-package) pp_opt_no_package=true; shift;; --only-front) pp_opt_only_front=true; shift;; --platform) pp_opt_platform="$2"; shift;shift;; --probe) pp_opt_probe=true; shift;; --strip) pp_opt_strip=true; shift;; --save-unstripped) pp_opt_save_unstripped=true; shift;; --wrkdir) pp_opt_wrkdir="$2"; shift;shift;; --vas-platforms) pp_opt_vas_platforms=true; shift;; --verbose) pp_opt_verbose=true; shift;; --version) pp_opt_version=true; shift;; --help) pp_errors=true; shift;; -) break;; -*) pp_error "unknown option $1"; shift;; *) break;; esac done pp_opt_input=- if test $# -gt 0; then pp_opt_input="$1" shift fi #-- extra arguments of the form Foo=bar alter *global* vars while test $# -gt 0; do case "$1" in -*) pp_error "unexpected option '$1'" shift;; *=*) _val="${1#*=}" _var=${1%="$_val"} _val=`echo "$_val"|sed -e 's/[$"\\]/\\&/g'` pp_debug "setting $_var = \"$_val\"" pp_opt_init_vars="$pp_opt_init_vars$_var=\"$_val\";" shift;; *) pp_error "unexpected argument $1'" shift;; esac done test $# -gt 0 && pp_error "unknown argument $1" if $pp_errors; then cat <<. >&2 polypkg $pp_version $pp_copyright usage: $0 [options] [input.pp] [var=value ...] -d --debug -- write copious info to stderr --destdir=path -- file root, defaults to \$DESTDIR -? --help -- display this information -i --install-script=path -- create an install helper script -l --list -- write package filenames to stdout --no-clean -- don't remove temporary files --no-package -- do everything but create packages --only-front -- only perform front-end actions -p --platform=platform -- defaults to local platform --probe -- print local system identifier, then exit --strip -- strip debug symbols from binaries before packaging (modifies files in destdir) --save-unstripped -- save unstripped binaries to \$name-\$version-unstripped.tar.gz --wrkdir=path -- defaults to subdirectory of \$TMPDIR or /tmp -v --verbose -- write info to stderr --version -- display version and quit . exit 1 fi } pp_drive () { # initialise the front and back ends pp_model_init pp_frontend_init $pp_opt_only_front || pp_backend_init # run the front-end to generate the intermediate files # set $pp_input_dir to be the 'include dir' if needed pp_debug "calling frontend on $pp_opt_input" case "$pp_opt_input" in -) pp_input_dir=. test -t 1<&0 && pp_warn "reading directives from standard input" pp_frontend ;; */*) pp_input_dir=${pp_opt_input%/*} pp_frontend <"$pp_opt_input" ;; *) pp_input_dir=. pp_frontend <"$pp_opt_input" ;; esac pp_files_ignore_others pp_service_scan_groups # some sanity checks after front-end processing if test x"$pp_platform" != x"null"; then pp_debug "sanity checks" test -n "$pp_components" || pp_error "No components?" pp_check_var_is_defined "name" pp_check_var_is_defined "version" pp_files_check_duplicates pp_files_check_coverage pp_die_if_errors "Errors during sanity checks" fi # stop now if we're only running the front $pp_opt_only_front && return if test x"$pp_opt_strip" = x"true"; then pp_strip_binaries fi # run the back-end to generate the package pp_debug "calling backend" pp_backend pp_die_if_errors "Errors during backend processing" # copy the resulting package files to PP_PKGDESTDIR or . for f in `pp_backend_names` -; do test x"$f" = x"-" && continue pp_debug "copying: $f to `pwd`" if pp_verbose cp -r $pp_wrkdir/$f ${PP_PKGDESTDIR:-.}; then echo "${PP_PKGDESTDIR:+$PP_PKGDESTDIR/}$f" else pp_error "$f: missing package" fi done pp_die_if_errors "Errors during package copying" } pp_install_script () { pp_debug "writing install script to $pp_opt_install_script" rm -f $pp_opt_install_script pp_backend_install_script > $pp_opt_install_script pp_die_if_errors "Errors during package install script" chmod +x $pp_opt_install_script } pp_main () { # If PP_DEV_PATH is set, then jump to that script. # (Useful when working on polypkg source that isn't installed) if test -n "$PP_DEV_PATH" -a x"$PP_DEV_PATH" != x"$0"; then pp_warn "switching from $0 to $PP_DEV_PATH ..." exec "$PP_DEV_PATH" "$@" || exit 1 fi pp_set_expand_converter_or_reexec "$@" pp_parseopts "$@" if $pp_opt_version; then #-- print version and exit echo "polypkg $pp_version" exit 0 fi pp_set_platform trap 'pp_main_cleanup' 0 pp_wrkdir="$pp_opt_wrkdir" pp_debug "pp_wrkdir = $pp_wrkdir" rm -rf "$pp_wrkdir" mkdir -p "$pp_wrkdir" pp_destdir="$pp_opt_destdir" pp_debug "pp_destdir = $pp_destdir" if $pp_opt_probe; then pp_backend_init pp_backend_probe elif $pp_opt_vas_platforms; then pp_backend_init pp_backend_vas_platforms elif test -n "$pp_opt_eval"; then #-- execute a shell command eval "$pp_opt_eval" || exit else pp_drive if test -n "$pp_opt_install_script"; then pp_install_script fi fi exit 0 } pp_errors=false if test -n "$TERM" -a -t 1 && (tput op) >/dev/null 2>/dev/null; then pp_col_redfg=`tput setf 4` 2>/dev/null pp_col_bluefg=`tput setf 1` 2>/dev/null pp_col_reset=`tput op` 2>/dev/null else pp_col_redfg='[' pp_col_bluefg='[' pp_col_reset=']' fi pp__warn () { if test x"" = x"$pp_lineno"; then echo "$1 $2" >&2 else echo "$1 line $pp_lineno: $2" >&2 fi } pp_warn () { pp__warn "pp: ${pp_col_redfg}warning${pp_col_reset}" "$*" } pp_error () { pp__warn "pp: ${pp_col_redfg}error${pp_col_reset}" "$*" pp_errors=true } pp_die () { pp_error "$@" exit 1 } pp_die_if_errors () { $pp_errors && pp_die "$@" } pp_debug () { $pp_opt_debug && echo "${pp_col_bluefg}debug${pp_col_reset} $*" >&2 } pp_verbose () { $pp_opt_verbose && echo "pp: ${pp_col_bluefg}info${pp_col_reset} $*" >&2 "$@"; } pp_substitute () { sed -e 's,%(\([^)]*\)),`\1`,g' \ -e 's,%{\([^}]*\)},${\1},g' \ -e 's,$,,' | tr '' '\012' | sed -e '/^[^]/s/["$`\\]/\\&/g' \ -e 's/^//' \ -e '1s/^/echo "/' \ -e '$s,$,",' \ -e 's,,"echo ",g' | tr -d '\012' | tr '' '\012' echo } pp_incr () { eval "$1=\`expr \$$1 + 1\`" } pp_decr () { eval "$1=\`expr \$$1 - 1\`" } pp_check_var_is_defined () { if eval test -z "\"\$$1\""; then pp_error "\$$1: not set" eval "$1=undefined" fi } pp_contains () { case " $1 " in *" $2 "*) return 0;; *) return 1;; esac } pp_contains_all () { typeset _s _c _l="$1"; shift for _w do pp_contains "$_l" "$_w" || return 1 done return 0 } pp_contains_any () { typeset _s _c _l="$1"; shift for _w do pp_contains "$_l" "$_w" && return 0 done return 1 } pp_add_to_list () { if eval test -z \"\$$1\"; then eval $1='"$2"' elif eval pp_contains '"$'$1'"' '"$2"'; then : already there else eval $1='"$'$1' $2"' fi } pp_unique () { typeset result element result= for element do pp_add_to_list result $element done echo $result } pp_mode_strip_altaccess () { case "$1" in ??????????[+.]) echo `echo "$1" | cut -b -10`;; *) echo "$1";; esac } pp_mode_from_ls () { typeset umode gmode omode smode set -- `pp_mode_strip_altaccess "$1"` case "$1" in ?--[-X]??????) umode=0;; ?--[xs]??????) umode=1;; ?-w[-X]??????) umode=2;; ?-w[xs]??????) umode=3;; ?r-[-X]??????) umode=4;; ?r-[xs]??????) umode=5;; ?rw[-X]??????) umode=6;; ?rw[xs]??????) umode=7;; *) pp_error "bad user mode $1";; esac case "$1" in ????--[-S]???) gmode=0;; ????--[xs]???) gmode=1;; ????-w[-S]???) gmode=2;; ????-w[xs]???) gmode=3;; ????r-[-X]???) gmode=4;; ????r-[xs]???) gmode=5;; ????rw[-X]???) gmode=6;; ????rw[xs]???) gmode=7;; *) pp_error "bad group mode $1";; esac case "$1" in ???????--[-T]) omode=0;; ???????--[xt]) omode=1;; ???????-w[-T]) omode=2;; ???????-w[xt]) omode=3;; ???????r-[-T]) omode=4;; ???????r-[xt]) omode=5;; ???????rw[-T]) omode=6;; ???????rw[xt]) omode=7;; *) pp_error "bad other mode $1";; esac case "$1" in ???[-x]??[-x]??[-x]) smode=;; ???[-x]??[-x]??[tT]) smode=1;; ???[-x]??[Ss]??[-x]) smode=2;; ???[-x]??[Ss]??[tT]) smode=3;; ???[Ss]??[-x]??[-x]) smode=4;; ???[Ss]??[-x]??[tT]) smode=5;; ???[Ss]??[Ss]??[-x]) smode=6;; ???[Ss]??[Ss]??[tT]) smode=7;; *) pp_error "bad set-id mode $1";; esac echo "$smode$umode$gmode$omode" } pp_find_recurse () { pp_debug "find: ${1#$pp_destdir}/" for f in "$1"/.* "$1"/*; do case "$f" in */.|*/..) continue;; esac # should never happen! if test -d "$f" -o -f "$f" -o -h "$f"; then if test -d "$f" -a ! -h "$f"; then echo "${f#$pp_destdir}/" pp_find_recurse "$f" else echo "${f#$pp_destdir}" fi fi done } pp_prepend () { #test -t && pp_warn "pp_prepend: stdin is a tty?" if test -f $1; then pp_debug "prepending to $1" mv $1 $1._prepend cat - $1._prepend >$1 rm -f $1._prepend else pp_debug "prepend: creating $1" cat >$1 fi } pp_note_file_used() { echo "$1" >> $pp_wrkdir/all.files } pp_create_dir_if_missing () { case "$1" in */) pp_error "pp_create_dir_if_missing: trailing / forbidden";; "") return 0;; *) if test ! -d "$pp_destdir$1"; then pp_debug "fabricating directory $1/" pp_create_dir_if_missing "${1%/*}" mkdir "$pp_destdir$1" && pp_note_file_used "$1/" pp_remove_later "$1" && chmod ${2:-755} "$pp_destdir$1" fi;; esac } pp_add_file_if_missing () { typeset dir #-- check that the file isn't already declared in the component if test -s $pp_wrkdir/%files.${2:-run}; then awk "\$6 == \"$1\" {exit 1}" < $pp_wrkdir/%files.${2:-run} || return 1 fi pp_create_dir_if_missing "${1%/*}" pp_debug "fabricating file $1" echo "f ${3:-755} - - ${4:--} $1" >> $pp_wrkdir/%files.${2:-run} pp_note_file_used "$1" pp_remove_later "$1" return 0 } pp_add_transient_file () { test -f "$pp_destdir$1" && pp_die "$pp_destdir$1: exists" pp_create_dir_if_missing "${1%/*}" pp_debug "transient file $1" pp_note_file_used "$1" pp_remove_later "$1" } pp_remove_later () { { echo "$1" test -s $pp_wrkdir/pp_cleanup && cat $pp_wrkdir/pp_cleanup } > $pp_wrkdir/pp_cleanup.new mv $pp_wrkdir/pp_cleanup.new $pp_wrkdir/pp_cleanup } pp_ls_readlink () { if test -h "$1"; then ls -1ld "$1" | sed -ne 's,.* -> ,,p' else echo "$1: not a symbolic link" >&2 return 1 fi } pp_remove_later_now () { typeset f if test -s $pp_wrkdir/pp_cleanup; then pp_debug "pp_remove_later_now" while read f; do pp_debug "removing $pp_destdir$f" if test -d $pp_destdir$f; then rmdir $pp_destdir$f else rm $pp_destdir$f fi done < $pp_wrkdir/pp_cleanup rm $pp_wrkdir/pp_cleanup fi } pp_readlink() { pp_debug "&& pp_readlink_fn=$pp_readlink_fn" if test -n "$pp_readlink_fn"; then pp_debug "&& calling $pp_readlink_fn $*" "$pp_readlink_fn" "$@" else readlink "$@" fi } pp_install_script_common () { cat <<-. # Automatically generated for # $name $version ($pp_platform) # by PolyPackage $pp_version usage () { case "$1" in "list-services") echo "usage: \$0 list-services" ;; "list-components") echo "usage: \$0 list-components" ;; "list-files") echo "usage: \$0 list-files {cpt...|all}" ;; "install") echo "usage: \$0 install {cpt...|all}" ;; "uninstall") echo "usage: \$0 uninstall {cpt...|all}" ;; "start") echo "usage: \$0 start {svc...}" ;; "stop") echo "usage: \$0 stop {svc...}" ;; "print-platform") echo "usage: \$0 print-platform" ;; *) echo "usage: \$0 [-q] command [args]" echo " list-services" echo " list-components" echo " list-files {cpt...|all}" echo " install {cpt...|all}" echo " uninstall {cpt...|all}" echo " start {svc...}" echo " stop {svc...}" echo " print-platform" ;; esac >&2 exit 1 } if test x"\$1" = x"-q"; then shift verbose () { "\$@"; } verbosemsg () { : ; } else verbose () { echo "+ \$*"; "\$@"; } verbosemsg () { echo "\$*"; } fi . } pp_functions () { typeset func deps allfuncs allfuncs= while test $# -gt 0; do pp_add_to_list allfuncs "$1" deps=`pp_backend_function "$1:depends"` shift set -- `pp_unique "$@" $deps` done for func in $allfuncs do pp_debug "generating function code for '$1'" echo "" echo "$func () {" case "$func" in pp_mkgroup|pp_mkuser|pp_havelib) echo <<.;; if test \$# -lt 1; then echo "$func: not enough arguments" >&2 return 1 fi . esac pp_backend_function "$func" || cat <<. echo "$func: not implemented" >&2 return 1 . echo "}" done } pp_function () { pp_functions "$1" } pp_makevar () { #-- convert all non alpha/digits to underscores echo "$*" | tr -c '[a-z][A-Z][0-9]\012' '[_*]' } pp_getpwuid () { awk -F: '$3 == uid { if (!found) print $1; found=1; } END { if (!found) exit 1; }' uid="$1" \ < /etc/passwd || pp_error "no local username for uid $1" } pp_getgrgid () { awk -F: '$3 == gid { if (!found) print $1; found=1; } END { if (!found) exit 1; }' gid="$1" \ < /etc/group || pp_error "no local group for gid $1" } pp_backend_function_getopt () { cat <<'..' pp_getopt () { _pp_optstring="$1"; shift; eval `_pp_getopt "$_pp_optstring"` } _pp_getopt_meta=s,[\\\\\"\'\`\$\&\;\(\)\{\}\#\%\ \ ],\\\\\&,g _pp_protect () { sed "$_pp_getopt_meta" <<. | tr '\012' ' ' $* . } _pp_protect2 () { sed "s,^..,,$pp_getopt_meta" <<. | tr '\012' ' ' $* . } _pp_nonl () { tr '\012' ' ' <<. $* . } _pp_getopt () { _pp_nonl '_pp_nonl set --; while test $# -gt 0; do case "$1" in "--") shift; break;;' sed 's/\([^: ]:*\)/<@<\1>@>/g; s/<@<\(.\):>@>/"-\1") _pp_nonl -"\1"; _pp_protect "$2"; shift; shift;; "-\1"*) _pp_nonl -"\1"; _pp_protect2 "$1"; shift;;/g;s/<@<\(.\)>@>/ "-\1") _pp_nonl -"\1"; shift;; "-\1"*) _pp_nonl -"\1"; _pp_tmp="$1"; shift; set -- -`_pp_protect2 "$_pp_tmp"` "$@";;/g' <<. $1 . _pp_nonl '-*) echo "$1: unknown option">&2; return 1;; *) break;; esac; done; _pp_nonl --; while test $# -gt 0; do _pp_nonl "$1"; shift; done; echo' echo } .. } pp_copy_unstripped () { typeset filedir realdir filedir="`dirname ${1#$pp_destdir}`" realdir="$pp_wrkdir/unstripped/$filedir" mkdir -p "$realdir" # Can't use hardlinks because `strip` modifies the original file in-place cp "$1" "$realdir" } pp_package_stripped_binaries () { (cd "$pp_wrkdir/unstripped" && tar -c .) \ | gzip > "$name-dbg-$version.tar.gz" rm -rf "$pp_wrkdir/unstripped" } pp_strip_binaries () { if test x"$pp_opt_save_unstripped" = x"true"; then rm -rf "$pp_wrkdir/unstripped" mkdir "$pp_wrkdir/unstripped" fi for f in `find "$pp_destdir" -type f`; do if file "$f" | awk '{print $2}' | grep ^ELF >/dev/null 2>&1; then if test x"$pp_opt_save_unstripped" = x"true"; then if file "$f" | LC_MESSAGES=C grep 'not stripped' >/dev/null 2>&1; then pp_debug "Saving unstripped binary $f" pp_copy_unstripped "$f" else pp_debug "$f is already stripped; not saving a copy" fi fi pp_debug "Stripping unnecessary symbols from $f" strip "$f" fi done if test x"$pp_opt_save_unstripped" = x"true"; then pp_package_stripped_binaries fi } pp_if_true=0 pp_if_false=0 pp_frontend_init () { name= version= summary="no summary" description="No description" copyright="Copyright 2012 Quest Software, Inc. ALL RIGHTS RESERVED." #-- if the user supplied extra arguments on the command line # then load them now. pp_debug "pp_opt_init_vars=$pp_opt_init_vars" test -n "$pp_opt_init_vars" && eval "$pp_opt_init_vars" } pp_is_qualifier () { typeset ret case "$1" in "["*"]") ret=true;; *) ret=false;; esac pp_debug "is_qualifier: $* -> $ret" test $ret = true } pp_eval_qualifier () { typeset ret case "$1" in "[!$pp_platform]"| \ "[!"*",$pp_platform]"| \ "[!$pp_platform,"*"]"| \ "[!"*",$pp_platform,"*"]") ret=false;; "[!"*"]") ret=true;; "[$pp_platform]"| \ "["*",$pp_platform]"| \ "[$pp_platform,"*"]"| \ "["*",$pp_platform,"*"]") ret=true;; "["*"]") ret=false;; *) pp_die "pp_eval_qualifier: bad qualifier '$1'" esac pp_debug "eval: $* -> $ret" test true = $ret } pp_frontend_if () { typeset ifcmd ifret ifcmd="$1"; shift case "$ifcmd" in %if) if test 0 = $pp_if_false; then case "$*" in true |1) pp_incr pp_if_true;; false|0) pp_incr pp_if_false;; *) ifret=true if pp_is_qualifier "$*"; then pp_eval_qualifier "$*" || ifret=false else eval test "$@" || ifret=false pp_debug "evaluating test $* -> $ifret" fi pp_incr pp_if_$ifret ;; esac else pp_incr pp_if_false fi;; %else) test $# = 0 || pp_warn "ignoring argument to %else" if test $pp_if_false -gt 1; then : no change elif test $pp_if_false = 1; then pp_incr pp_if_true pp_decr pp_if_false elif test $pp_if_true = 0; then pp_die "unmatched %else" else pp_incr pp_if_false pp_decr pp_if_true fi;; %endif) test $# = 0 || pp_warn "ignoring argument to %endif" if test $pp_if_false -gt 0; then pp_decr pp_if_false elif test $pp_if_true -gt 0; then pp_decr pp_if_true else pp_die "unmatched %endif" fi;; *) pp_die "frontend_if: unknown cmd $ifcmd";; esac } pp_frontend () { typeset section newsection sed_word sed_ws line cpt svc typeset section_enabled newsection_enabled s sed sed_candidate section='%_initial' newsection='%_initial' section_enabled=: newsection_enabled=: sed_word="[a-zA-Z_][a-zA-Z_0-9]*" sed_ws="[ ]" #-- not all seds are created equal sed= for sed_candidate in ${PP_SED:-sed} /usr/xpg4/bin/sed; do if echo 'foo' | $sed_candidate -ne '/^\(x\)*foo/p' | grep foo > /dev/null then sed="$sed_candidate" break fi done test -z "$sed" && pp_die "sed is broken on this system" pp_lineno=0 #-- Note: this sed script should perform similar to pp_eval_qualifier() $sed -e "/^#/s/.*//" \ -e "/^\\[!\\($sed_word,\\)*$pp_platform\\(,$sed_word\\)*\\]/s/.*//" \ -e "s/^\\[\\($sed_word,\\)*$pp_platform\\(,$sed_word\\)*\\]$sed_ws*//" \ -e "s/^\\[!\\($sed_word,\\)*$sed_word\\]$sed_ws*//" \ -e "/^\\[\\($sed_word,\\)*$sed_word\\]/s/.*//" \ -e "s/^%$sed_ws*/%/" \ -e "s/^$sed_ws/%\\\\&/" \ > $pp_wrkdir/frontend.tmp #-- add an ignore section at the end to force section completion echo '%ignore' >> $pp_wrkdir/frontend.tmp echo >> $pp_wrkdir/frontend.tmp exec 0<$pp_wrkdir/frontend.tmp : > $pp_wrkdir/tmp : > $pp_wrkdir/%fixup while read -r line; do #-- Convert leading double-% to single-%, or switch sections pp_incr pp_lineno pp_debug "line $pp_lineno: $line" set -f set -- $line set +f #pp_debug "line $pp_lineno: $*" case "$line" in %*) case "$1" in %if|%else|%endif) pp_debug "processing if directive $1" pp_frontend_if "$@" continue;; esac test 0 -ne $pp_if_false && continue # ignore lines %if'd out case "$1" in %set|%fixup|%ignore) pp_debug "processing new section $1" newsection="$1"; shift newsection_enabled=: if pp_is_qualifier "$1"; then pp_eval_qualifier "$1" || newsection_enabled=false shift fi test $# -eq 0 || pp_warn "ignoring extra arguments: $line" continue;; %pre|%post|%preun|%postup|%postun|%files|%depend|%check|%conflict) pp_debug "processing new component section $*" s="$1"; shift if test $# -eq 0 || pp_is_qualifier "$1"; then cpt=run else cpt="$1" shift fi newsection="$s.$cpt" newsection_enabled=: if test $# -gt 0 && pp_is_qualifier "$1"; then pp_eval_qualifier "$1" || newsection_enabled=false shift fi test $# -eq 0 || pp_warn "ignoring extra arguments: $line" case "$cpt" in run|dbg|doc|dev) $newsection_enabled && pp_add_component "$cpt";; x-*) :;; # useful for discarding stuff *) pp_error "unknown component: $1 $cpt";; esac continue;; %pp) newsection="%ignore"; shift if test $# -gt 0; then pp_set_api_version "$1" shift else pp_error "%pp: missing version" fi test $# -gt 0 && pp_error "%pp: too many arguments" continue;; %service) pp_debug "processing new service section $1 $2" s="$1"; shift if test $# -eq 0 || pp_is_qualifier "$1"; then pp_error "$s: service name required" svc=unknown else svc="$1"; shift fi newsection="$s.$svc" newsection_enabled=: if test $# -gt 0 && pp_is_qualifier "$1"; then pp_eval_qualifier "$1" || newsection_enabled=false shift fi test $# -eq 0 || pp_warn "ignoring extra arguments: $line" $newsection_enabled && pp_add_service "$svc" continue;; %\\*) pp_debug "removing leading %\\" line="${line#??}" pp_debug " result is <$line>" set -f set -- $line set +f ;; %%*) pp_debug "removing leading %" line="${line#%}" set -f set -- $line set +f ;; %*) pp_error "unknown section $1" newsection='%ignore' newsection_enabled=: continue;; esac;; esac test 0 != $pp_if_false && continue # ignore lines %if'd out pp_debug "section=$section (enabled=$section_enabled) newsection=$newsection (enabled=$newsection_enabled)" #-- finish processing a previous section if test x"$newsection" != x""; then $section_enabled && case "$section" in %ignore|%_initial) pp_debug "leaving ignored section $section" : ignore # guaranteed to be the last section ;; %set) pp_debug "leaving $section: sourcing $pp_wrkdir/tmp" $pp_opt_debug && cat $pp_wrkdir/tmp >&2 . $pp_wrkdir/tmp : > $pp_wrkdir/tmp ;; %pre.*|%preun.*|%post.*|%postup.*|%postun.*|%depend.*|%check.*|%conflict.*|%service.*|%fixup) pp_debug "leaving $section: substituting $pp_wrkdir/tmp" # cat $pp_wrkdir/tmp >&2 # debugging $pp_opt_debug && pp_substitute < $pp_wrkdir/tmp >&2 pp_substitute < $pp_wrkdir/tmp > $pp_wrkdir/tmp.sh . $pp_wrkdir/tmp.sh >> $pp_wrkdir/$section || pp_error "shell error in $section" rm -f $pp_wrkdir/tmp.sh : > $pp_wrkdir/tmp ;; esac section="$newsection" section_enabled="$newsection_enabled" newsection= fi #-- ignore section content that is disabled $section_enabled || continue #-- process some lines in-place case "$section" in %_initial) case "$line" in "") continue;; esac # ignore non-section blanks pp_die "Ignoring text before % section introducer";; %set|%pre.*|%preun.*|%post.*|%postup.*|%postun.*|%check.*|%service.*|%fixup) pp_debug "appending line to \$pp_wrkdir/tmp" echo "$line" >> $pp_wrkdir/tmp ;; %files.*) test $# -eq 0 && continue; pp_files_expand "$@" >> $pp_wrkdir/$section ;; %depend.*) pp_debug "Adding explicit dependency $@ to $cpt" echo "$@" >> $pp_wrkdir/%depend.$cpt ;; %conflict.*) pp_debug "Adding explicit conflict $@ to $cpt" echo "$@" >> $pp_wrkdir/%conflict.$cpt ;; esac done exec <&- if test $pp_if_true != 0 -o $pp_if_false != 0; then pp_die "missing %endif at end of file" fi pp_lineno= pp_debug " name = $name" pp_debug " version = $version" pp_debug " summary = $summary" pp_debug " description = $description" pp_debug " copyright = $copyright" pp_debug "" pp_debug "\$pp_components: $pp_components" pp_debug "\$pp_services: $pp_services" } pp_set_api_version() { case "$1" in 1.0) : ;; *) pp_error "This version of polypackage is too old";; esac } pp_platform= pp_set_platform () { if test -n "$pp_opt_platform"; then pp_contains "$pp_platforms" "$pp_opt_platform" || pp_die "$pp_opt_platform: unknown platform" pp_platform="$pp_opt_platform" else uname_s=`uname -s 2>/dev/null` pp_platform= for p in $pp_platforms; do pp_debug "probing for platform $p" if eval pp_backend_${p}_detect "$uname_s"; then pp_platform="$p" break; fi done test -z "$pp_platform" && pp_die "cannot detect platform (supported: $pp_platforms)" fi pp_debug "pp_platform = $pp_platform" } pp_expand_path= pp_expand_test_usr_bin () { awk '$1 == "/usr" || $2 == "/usr" {usr++} $1 == "/bin" || $2 == "/bin" {bin++} END { if (usr == 1 && bin == 1) exit(0); else exit(1); }' } pp_set_expand_converter_or_reexec () { test -d /usr -a -d /bin || pp_die "missing /usr or /bin" echo /usr /bin | pp_expand_test_usr_bin || pp_die "pp_expand_test_usr_bin?" if (eval "echo /{usr,bin}" | pp_expand_test_usr_bin) 2>/dev/null; then pp_expand_path=pp_expand_path_brace elif (eval "echo /@(usr|bin)" | pp_expand_test_usr_bin) 2>/dev/null; then pp_expand_path=pp_expand_path_at else test x"$pp_expand_rexec" != x"true" || pp_die "problem finding shell that can do brace expansion" for shell in ksh ksh93 bash; do if ($shell -c 'echo /{usr,bin}' | pp_expand_test_usr_bin) 2>/dev/null || ($shell -c 'echo /@(usr|bin)' | pp_expand_test_usr_bin) 2>/dev/null then pp_debug "switching to shell $shell" pp_expand_rexec=true exec $shell "$0" "$@" fi done pp_die "cannot find a shell that does brace expansion" fi } pp_expand_path_brace () { typeset f eval "for f in $1; do echo \"\$f\"; done|sort -u" } pp_expand_path_at () { typeset f eval "for f in ` echo "$1" | sed -e 's/{/@(/g' -e 's/}/)/g' -e 's/,/|/g' `; do echo \"\$f\"; done|sort -u" } pp_shlib_suffix='.so*' pp_model_init () { #@ $pp_components: whitespace-delimited list of components seen in %files pp_components= #@ $pp_services: whitespace-delimited list of %service seen pp_services= rm -f $pp_wrkdir/%files.* \ $pp_wrkdir/%post.* \ $pp_wrkdir/%pre.* \ $pp_wrkdir/%preun.* \ $pp_wrkdir/%postup.* \ $pp_wrkdir/%postun.* \ $pp_wrkdir/%service.* \ $pp_wrkdir/%set \ $pp_wrkdir/%fixup } pp_have_component () { pp_contains "$pp_components" "$1" } pp_have_all_components () { pp_contains_all "$pp_components" "$@" } pp_add_component () { pp_add_to_list 'pp_components' "$1" } pp_add_service () { pp_add_to_list 'pp_services' "$1" } pp_service_init_vars () { cmd= pidfile= stop_signal=15 # SIGTERM user=root group= enable=yes # make it so the service starts on boot optional=no # Whether installing this service is optional pp_backend_init_svc_vars } pp_service_check_vars () { test -n "$cmd" || pp_error "%service $1: cmd not defined" case "$enable" in yes|no) : ;; *) pp_error "%service $1: \$enable must be set to yes or no";; esac } pp_load_service_vars () { pp_service_init_vars . "$pp_wrkdir/%service.$1" pp_service_check_vars "$1" } pp_files_expand () { typeset _p _mode _group _owner _flags _path _optional _has_target _tree typeset _path _file _tgt _m _o _g _f _type _lm _ll _lo _lg _ls _lx typeset _ignore _a test $# -eq 0 && return pp_debug "pp_files_expand: path is: $1" case "$1" in "#"*) return;; esac _p="$1"; shift pp_debug "pp_files_expand: other arguments: $*" #-- the mode must be an octal number of at least three digits _mode="=" _a=`eval echo \"$1\"` case "$_a" in *:*) :;; -|=|[01234567][01234567][01234567]*) _mode="$_a"; shift;; esac #-- the owner:group field may have optional parts _a=`eval echo \"$1\"` case "$_a" in *:*) _group=${_a#*:}; _owner=${_a%:*}; shift;; =|-) _group=$_a; _owner=$_a; shift;; *) _group=; _owner=;; esac #-- process the flags argument _flags= _optional=false _has_target=false _ignore=false if test $# -gt 0; then _a=`eval echo \"$1\"` case ",$_a," in *,volatile,*) _flags="${_flags}v";; esac case ",$_a," in *,optional,*) _optional=true;; esac case ",$_a," in *,symlink,*) _has_target=true;; esac case ",$_a," in *,ignore-others,*) _flags="${_flags}i";; esac case ",$_a," in *,ignore,*) _ignore=true;; esac shift fi #-- process the target argument if $_has_target; then test $# -ne 0 || pp_error "$_p: missing target" _a=`eval echo \"$1\"` _target="$_a" shift fi pp_debug "pp_files_expand: $_mode|$_owner:$_group|$_flags|$_target|$*" test $# -eq 0 || pp_error "$_p: too many arguments" #-- process speciall suffixes tree= case "$_p" in *"/**") _p="${_p%"/**"}"; tree="**";; *".%so") _p="${_p%".%so"}$pp_shlib_suffix";; esac #-- expand the path using the shell glob pp_debug "expanding .$_p ... with $pp_expand_path" (cd ${pp_destdir} && $pp_expand_path ".$_p") > $pp_wrkdir/tmp.files.exp #-- expand path/** by rewriting the glob output file case "$tree" in "") : ;; "**") pp_debug "expanding /** tree ..." while read _path; do _path="${_path#.}" pp_find_recurse "$pp_destdir${_path%/}" done < $pp_wrkdir/tmp.files.exp | sort -u > $pp_wrkdir/tmp.files.exp2 mv $pp_wrkdir/tmp.files.exp2 $pp_wrkdir/tmp.files.exp ;; esac while read _path; do _path="${_path#.}" _file="${pp_destdir}${_path}" _tgt= _m="$_mode" _o="${_owner:--}" _g="${_group:--}" _f="$_flags" case "$_path" in /*) :;; *) pp_warn "$_path: inserting leading /" _path="/$_path";; # ensure leading / esac #-- sanity checks case "$_path" in */../*|*/..) pp_error "$_path: invalid .. in path";; */./*|*/.) pp_warn "$_path: invalid component . in path";; *//*) pp_warn "$_path: redundant / in path";; esac #-- set the type based on the real file's type if $_ignore; then _type=f _m=_ _o=_ _g=_ elif test -h "$_file"; then case "$_path" in */) pp_warn "$_path (symlink $_file): removing trailing /" _path="${_path%/}" ;; esac _type=s if test x"$_target" != x"=" -a -n "$_target"; then _tgt="$_target" pp_debug "symlink target is $_tgt" else _tgt=`pp_readlink "$_file"`; test -z "$_tgt" && pp_error "can't readlink $_file" case "$_tgt" in ${pp_destdir}/*) pp_warn "stripped \$destdir from symlink ($_path)" _tgt="${_tgt#$pp_destdir}";; esac fi _m=777 elif test -d "$_file"; then #-- display a warning if the user forgot the trailing / case "$_path" in */) :;; *) pp_warn "$_path (matching $_file): adding trailing /" _path="$_path/";; esac _type=d $_has_target && pp_error "$_file: not a symlink" elif test -f "$_file"; then case "$_path" in */) pp_warn "$_path (matching $_file): removing trailing /" _path="${_path%/}" ;; esac _type=f $_has_target && pp_error "$_file: not a symlink" else $_optional && continue pp_error "$_file: missing" _type=f fi #-- convert '=' shortcuts into mode/owner/group from ls case ":$_m:$_o:$_g:" in *:=:*) if LS_OPTIONS=--color=never /bin/ls -ld "$_file" \ > $pp_wrkdir/ls.tmp then read _lm _ll _lo _lg _ls _lx < $pp_wrkdir/ls.tmp test x"$_m" = x"=" && _m=`pp_mode_from_ls "$_lm"` test x"$_o" = x"=" && _o="$_lo" test x"$_g" = x"=" && _g="$_lg" else pp_error "cannot read $_file" test x"$_m" = x"=" && _m=- test x"$_o" = x"=" && _o=- test x"$_g" = x"=" && _g=- fi ;; esac test -n "$_f" || _f=- #-- sanity checks test -n "$_type" || pp_die "_type empty" test -n "$_path" || pp_die "_path empty" test -n "$_m" || pp_die "_m empty" test -n "$_o" || pp_die "_o empty" test -n "$_g" || pp_die "_g empty" #-- setuid/gid files must be given an explicit owner/group (or =) case "$_o:$_g:$_m" in -:*:[4657][1357]??|-:*:[4657]?[1357]?|-:*:[4657]??[1357]) pp_error "$_path: setuid file ($_m) missing explicit owner";; *:-:[2367][1357]??|*:-:[2367]?[1357]?|*:-:[2367]??[1357]) pp_error "$_path: setgid file ($_m) missing explicit group";; esac # convert numeric uids into usernames; only works for /etc/passwd case "$_o" in [0-9]*) _o=`pp_getpwuid $_o`;; esac case "$_g" in [0-9]*) _g=`pp_getgrgid $_g`;; esac pp_debug "$_type $_m $_o $_g $_f $_path" $_tgt $_ignore || echo "$_type $_m $_o $_g $_f $_path" $_tgt pp_note_file_used "$_path" case "$_f" in *i*) echo "$_path" >> $pp_wrkdir/ign.files;; esac done < $pp_wrkdir/tmp.files.exp } pp_files_check_duplicates () { typeset _path if test -s $pp_wrkdir/all.files; then sort < $pp_wrkdir/all.files | uniq -d > $pp_wrkdir/duplicate.files if test -f $pp_wrkdir/ign.awk; then # Remove ignored files mv $pp_wrkdir/duplicate.files $pp_wrkdir/duplicate.files.ign sed -e 's/^/_ _ _ _ _ /' < $pp_wrkdir/duplicate.files.ign | awk -f $pp_wrkdir/ign.awk | sed -e 's/^_ _ _ _ _ //' > $pp_wrkdir/duplicate.files fi while read _path; do pp_warn "$_path: file declared more than once" done <$pp_wrkdir/duplicate.files fi } pp_files_check_coverage () { pp_find_recurse "$pp_destdir" | sort > $pp_wrkdir/coverage.avail if test -s $pp_wrkdir/all.files; then sort -u < $pp_wrkdir/all.files else : fi > $pp_wrkdir/coverage.used join -v1 $pp_wrkdir/coverage.avail $pp_wrkdir/coverage.used \ > $pp_wrkdir/coverage.not-packaged if test -s $pp_wrkdir/coverage.not-packaged; then pp_warn "The following files/directories were found but not packaged:" sed -e 's,^, ,' < $pp_wrkdir/coverage.not-packaged >&2 fi join -v2 $pp_wrkdir/coverage.avail $pp_wrkdir/coverage.used \ > $pp_wrkdir/coverage.not-avail if test -s $pp_wrkdir/coverage.not-avail; then pp_warn "The following files/directories were named but not found:" sed -e 's,^, ,' < $pp_wrkdir/coverage.not-avail >&2 fi } pp_files_ignore_others () { typeset p f test -s $pp_wrkdir/ign.files || return #-- for each file in ign.files, we remove it from all the # other %files.* lists, except where it has an i flag. # rather than scan each list multiple times, we build # an awk script pp_debug "stripping ignore files" while read p; do echo '$6 == "'"$p"'" && $5 !~ /i/ { next }' done < $pp_wrkdir/ign.files > $pp_wrkdir/ign.awk echo '{ print }' >> $pp_wrkdir/ign.awk $pp_opt_debug && cat $pp_wrkdir/ign.awk for f in $pp_wrkdir/%files.*; do mv $f $f.ign awk -f $pp_wrkdir/ign.awk < $f.ign > $f || pp_error "awk" done } pp_service_scan_groups () { typeset svc #-- scan for "group" commands, and build a list of groups pp_service_groups= if test -n "$pp_services"; then for svc in $pp_services; do group= . $pp_wrkdir/%service.$svc if test -n "$group"; then pp_contains "$pp_services" "$group" && pp_error \ "%service $svc: group name $group in use by a service" pp_add_to_list 'pp_service_groups' "$group" echo "$svc" >> $pp_wrkdir/%svcgrp.$group fi done fi } pp_service_get_svc_group () { (tr '\012' ' ' < $pp_wrkdir/%svcgrp.$1 ; echo) | sed -e 's/ $//' } for _sufx in _init '' _names _cleanup _install_script \ _init_svc_vars _function _probe _vas_platforms do eval "pp_backend$_sufx () { pp_debug pp_backend$_sufx; pp_backend_\${pp_platform}$_sufx \"\$@\"; }" done pp_platforms="$pp_platforms aix" pp_backend_aix_detect () { test x"$1" = x"AIX" } pp_backend_aix_init () { pp_aix_detect_arch pp_aix_detect_os pp_aix_bosboot= # components that need bosboot pp_aix_lang=en_US pp_aix_copyright= pp_aix_start_services_after_install=false pp_aix_init_services_after_install=true pp_aix_sudo=sudo # AIX package tools must run as root case "$pp_aix_os" in *) pp_readlink_fn=pp_ls_readlink;; # XXX esac pp_aix_abis_seen= } pp_aix_detect_arch () { pp_aix_arch_p=`uname -p 2>/dev/null` case "$pp_aix_arch_p" in "") pp_debug "can't get processor type from uname -p" pp_aix_arch_p=powerpc pp_aix_arch=R;; # guess (lsattr -l proc0 ??) powerpc) pp_aix_arch=R;; *) pp_aix_arch_p=intel pp_aix_arch=I;; # XXX? verify esac case "`/usr/sbin/lsattr -El proc0 -a type -F value`" in PowerPC_POWER*) pp_aix_arch_std=ppc64;; PowerPC*) pp_aix_arch_std=ppc;; *) pp_aix_arch_std=unknown;; esac } pp_aix_detect_os () { typeset r v r=`uname -r` v=`uname -v` pp_aix_os=aix$v$r } pp_aix_version_fix () { typeset v v=`echo $1 | sed 's/[-+]/./' | tr -c -d '[0-9].\012' | awk -F"." '{ printf "%d.%d.%d.%.4s\n", $1, $2, $3, $4 }' | sed 's/[.]*$//g'` if test x"$v" != x"$1"; then pp_warn "stripped version '$1' to '$v'" fi case $v in ""|*..*|.*|*.) pp_error "malformed '$1'" echo "0.0.0.0";; *.*.*.*.*) # 5 components are only valid for fileset updates, not base # filesets (full packages). We trim 5+ components down to 4. pp_warn "version '$1' has too many dots for AIX, truncating" echo "$v" | cut -d. -f1-4;; *.*.*.*) echo "$v";; *.*.*) echo "$v.0";; *.*) echo "$v.0.0";; *) echo "$v.0.0.0";; esac } pp_aix_select () { case "$1" in -user) op="";; -root) op="!";; *) pp_die "pp_aix_select: bad argument";; esac #pp_debug awk '$5 '$op' /^\/(usr|opt)(\/|$)/ { print; }' #awk '$5 '$op' /^\/(usr|opt)(\/|$)/ { print; }' awk $op'($6 ~ /^\/usr\// || $6 ~ /^\/opt\//) { print; }' } pp_aix_copy_root () { typeset t m o g f p st target while read t m o g f p st; do case "$t" in d) pp_create_dir_if_missing "$1${p%/}";; f) pp_add_transient_file "$1$p" pp_verbose ln "$pp_destdir$p" "$pp_destdir$1$p" || pp_error "can't link $p into $1";; *) pp_warn "pp_aix_copy_root: filetype $t not handled";; esac done } pp_aix_size () { typeset prefix t m o g f p st prefix="$1" while read t m o g f p st; do case "$t" in f) du -a "$pp_destdir$p";; esac done | sed -e 's!/[^/]*$!!' | sort +1 | awk '{ if ($2 != d) { if (sz) print d,sz; d=$2; sz=0 } sz += $1; } END { if (sz) print d,sz }' | sed -n -e "s!^$pp_destdir!$prefix!p" } pp_aix_list () { awk '{ print "." pfx $6; }' pfx="$1" } pp_aix_make_liblpp () { typeset out dn fl f out="$1"; shift dn=`dirname "$2"` fl= for f do case "$f" in "$dn/"*) fl="$fl `basename $f`" ;; *) pp_die "liblpp name $f not in $dn/";; esac done (cd "$dn" && pp_verbose ar -c -g -r "$out" $fl) || pp_error "ar error" } pp_aix_make_script () { rm -f "$1" echo "#!/bin/sh" > "$1" cat >> "$1" echo "exit 0" >> "$1" chmod +x "$1" } pp_aix_inventory () { typeset fileset t m o g f p st type fileset="$1" while read t m o g f p st; do case "$p" in *:*) pp_error "path $p contains colon";; esac echo "$p:" case "$t" in f) type=FILE; defm=644 ;; s) type=SYMLINK; defm=777 ;; d) type=DIRECTORY; defm=755 ;; esac echo " type = $type" echo " class = inventory,apply,$fileset" if test x"$m" = x"-"; then m="$defm"; fi if test x"$o" = x"-"; then o="root"; fi if test x"$g" = x"-"; then g="system"; fi echo " owner = $o" echo " group = $g" case "$m" in ????) m=`echo $m|sed -e 's/^1/TCB,/' \ -e 's/^[23]/TCB,SGID,/' \ -e 's/^[45]/TCB,SUID,/' \ -e 's/^[67]/TCB,SUID,SGID,/'`;; # vtx bit ignored esac echo " mode = $m" case "$t" in f) if test ! -f "$pp_destdir$p"; then pp_error "$p: missing file" fi case "$flags" in *v*) echo " size = VOLATILE" echo " checksum = VOLATILE" ;; *) if test -r "$pp_destdir$p"; then echo " size = $size" pp_verbose sum -r < "$pp_destdir$p" | sed -e 's/.*/ checksum = "&"/' fi ;; esac;; s) echo " target = $st" ;; esac #-- Record ABI types seen case "$t" in f) if test -r "$pp_destdir$p"; then case "`file "$pp_destdir$p"`" in *"executable (RISC System/6000)"*) abi=ppc;; *"64-bit XCOFF executable"*) abi=ppc64;; *) abi=;; esac if test -n "$abi"; then pp_add_to_list pp_aix_abis_seen $abi fi fi;; esac done } pp_aix_depend () { if test -s "$1"; then pp_warn "aix dependencies not implemented" fi } pp_aix_add_service () { typeset svc cmd_cmd cmd_arg f svc="$1" pp_load_service_vars $svc set -- $cmd cmd_cmd="$1"; shift cmd_arg="${pp_aix_mkssys_cmd_args:-$*}"; case "$stop_signal" in HUP) stop_signal=1;; INT) stop_signal=2;; QUIT) stop_signal=3;; KILL) stop_signal=9;; TERM) stop_signal=15;; USR1) stop_signal=30;; USR2) stop_signal=31;; "") pp_error "%service $svc: stop_signal not set";; [a-zA-Z]*) pp_error "%service $svc: bad stop_signal ($stop_signal)";; esac test -z "$pidfile" || pp_error "aix requires empty pidfile (non daemon)" pp_add_component run if test "$user" = "root"; then uid=0 else uid="\"\`/usr/bin/id -u $user\`\"" fi #-- add command text to create/remove the service cat <<-. >> $pp_wrkdir/%post.$svc svc=$svc uid=0 cmd_cmd="$cmd_cmd" cmd_arg="$cmd_arg" stop_signal=$stop_signal force_signal=9 srcgroup="$pp_aix_mkssys_group" instances_allowed=${pp_aix_mkssys_instances_allowed:--Q} lssrc -s \$svc > /dev/null 2>&1 if [ \$? -eq 0 ]; then lssrc -s \$svc | grep "active" > /dev/null 2>&1 if [ \$? -eq 0 ]; then stopsrc -s \$svc > /dev/null 2>&1 fi rmsys -s \$svc > /dev/null 2>&1 fi mkssys -s \$svc -u \$uid -p "\$cmd_cmd" \${cmd_arg:+-a "\$cmd_arg"} -S -n \$stop_signal -f 9 ${pp_aix_mkssys_args} \${srcgroup:+-G \$srcgroup} \$instances_allowed . #-- add code to start the service on reboot ${pp_aix_init_services_after_install} && cat <<-. >> $pp_wrkdir/%post.$svc id=\`echo "\$svc" | cut -c1-14\` mkitab "\$id:2:once:/usr/bin/startsrc -s \$svc" > /dev/null 2>&1 . ${pp_aix_start_services_after_install} && cat <<-. >> $pp_wrkdir/%post.$svc startsrc -s \$svc . if [ -f "$pp_wrkdir/%post.run" ];then cat $pp_wrkdir/%post.run >> $pp_wrkdir/%post.$svc fi mv $pp_wrkdir/%post.$svc $pp_wrkdir/%post.run ${pp_aix_init_services_after_install} && pp_prepend $pp_wrkdir/%preun.$svc <<-. rmitab `echo "$svc" | cut -c1-14` > /dev/null 2>&1 . pp_prepend $pp_wrkdir/%preun.$svc <<-. stopsrc -s $svc >/dev/null 2>&1 rmssys -s $svc . if [ -f "$pp_wrkdir/%preun.run" ];then cat $pp_wrkdir/%preun.run >> $pp_wrkdir/%preun.$svc fi mv $pp_wrkdir/%preun.$svc $pp_wrkdir/%preun.run } pp_backend_aix () { typeset briefex instuser instroot svc cmp outbff typeset user_wrkdir root_wrkdir typeset user_files root_files test -n "$pp_destdir" || pp_error "AIX backend requires the '--destdir' option" instuser="/usr/lpp/$name" instroot="$instuser/inst_root" pp_aix_bff_name=${pp_aix_bff_name:-$name} # Here is the component mapping: # run -> $pp_aix_bff_name.rte ('Run time environment') # doc -> $pp_aix_bff_name.doc (non-standard) # dev -> $pp_aix_bff_name.adt ('Application developer toolkit') # dbg -> $pp_aix_bff_name.diag ('Diagnostics') test `echo "$summary" | wc -c ` -gt 40 && pp_error "\$summary too long" user_wrkdir=$pp_wrkdir/u root_wrkdir=$pp_wrkdir/r pp_verbose rm -rf $user_wrkdir $root_wrkdir pp_verbose mkdir -p $user_wrkdir $root_wrkdir for svc in $pp_services .; do test . = "$svc" && continue pp_aix_add_service $svc done { echo "4 $pp_aix_arch I $name {" for cmp in $pp_components; do case "$cmp" in run) ex=rte briefex="runtime";; doc) ex=doc briefex="documentation";; dev) ex=adt briefex="developer toolkit";; dbg) ex=diag briefex="diagnostics";; esac user_files=$pp_wrkdir/%files.$cmp.u root_files=$pp_wrkdir/%files.$cmp.r pp_aix_select -user < $pp_wrkdir/%files.$cmp > $user_files pp_aix_select -root < $pp_wrkdir/%files.$cmp > $root_files # Default to USR only unless there are root files, # or a post/pre/check script associated content=U if test -s $root_files \ -o -s $pp_wrkdir/%pre.$cmp \ -o -s $pp_wrkdir/%post.$cmp \ -o -s $pp_wrkdir/%preun.$cmp \ -o -s $pp_wrkdir/%postun.$cmp \ -o -s $pp_wrkdir/%check.$cmp then content=B fi if $pp_opt_debug; then echo "$cmp USER %files:" cat $user_files echo "$cmp ROOT %files:" cat $root_files fi >&2 bosboot=N; pp_contains_any "$pp_aix_bosboot" $cmp && bosboot=b echo $pp_aix_bff_name.$ex \ `[ $pp_aix_version ] && pp_aix_version_fix $pp_aix_version || pp_aix_version_fix "$version"` \ 1 $bosboot $content \ $pp_aix_lang "$summary $briefex" echo "[" pp_aix_depend $pp_wrkdir/%depend.$cmp echo "%" # generate per-directory size information pp_aix_size < $user_files pp_aix_size $instroot < $root_files pp_aix_list < $user_files > $user_wrkdir/$pp_aix_bff_name.$ex.al pp_aix_list $instroot < $root_files >> $user_wrkdir/$pp_aix_bff_name.$ex.al pp_aix_list < $root_files > $root_wrkdir/$pp_aix_bff_name.$ex.al if $pp_opt_debug; then echo "$cmp USER $pp_aix_bff_name.$ex.al:" cat $user_wrkdir/$pp_aix_bff_name.$ex.al echo "$cmp ROOT $pp_aix_bff_name.$ex.al:" cat $root_wrkdir/$pp_aix_bff_name.$ex.al fi >&2 pp_aix_inventory $pp_aix_bff_name.$ex < $user_files \ > $user_wrkdir/$pp_aix_bff_name.$ex.inventory pp_aix_inventory $pp_aix_bff_name.$ex < $root_files \ > $root_wrkdir/$pp_aix_bff_name.$ex.inventory if $pp_opt_debug; then pp_debug "$cmp USER $pp_aix_bff_name.$ex.inventory:" cat $user_wrkdir/$pp_aix_bff_name.$ex.inventory pp_debug "$cmp ROOT $pp_aix_bff_name.$ex.inventory:" cat $root_wrkdir/$pp_aix_bff_name.$ex.inventory fi >&2 if test x"" != x"${pp_aix_copyright:-$copyright}"; then echo "${pp_aix_copyright:-$copyright}" > $user_wrkdir/$pp_aix_bff_name.$ex.copyright echo "${pp_aix_copyright:-$copyright}" > $root_wrkdir/$pp_aix_bff_name.$ex.copyright fi #-- assume that post/pre uninstall scripts only make # sense when installed in a root context if test -r $pp_wrkdir/%pre.$cmp; then pp_aix_make_script $user_wrkdir/$pp_aix_bff_name.$ex.pre_i \ < $pp_wrkdir/%pre.$cmp fi if test -r $pp_wrkdir/%post.$cmp; then pp_aix_make_script $root_wrkdir/$pp_aix_bff_name.$ex.post_i \ < $pp_wrkdir/%post.$cmp fi if test -r $pp_wrkdir/%preun.$cmp; then pp_aix_make_script $root_wrkdir/$pp_aix_bff_name.$ex.unpost_i \ < $pp_wrkdir/%preun.$cmp fi if test -r $pp_wrkdir/%postun.$cmp; then pp_aix_make_script $root_wrkdir/$pp_aix_bff_name.$ex.unpre_i \ < $pp_wrkdir/%postun.$cmp fi # remove empty files for f in $user_wrkdir/$pp_aix_bff_name.$ex.* $root_wrkdir/$pp_aix_bff_name.$ex.*; do if test ! -s "$f"; then pp_debug "removing empty $f" rm -f "$f" fi done # copy/link the root files so we can do an easy backup later pp_aix_copy_root $instroot < $root_files echo "%" echo "]" done echo "}" } > $pp_wrkdir/lpp_name if $pp_opt_debug; then echo "/lpp_name :" cat $pp_wrkdir/lpp_name fi >&2 #-- copy the /lpp_name file to the destdir pp_add_transient_file /lpp_name cp $pp_wrkdir/lpp_name $pp_destdir/lpp_name #-- copy the liblpp.a files under destdir for packaging (cd $user_wrkdir && pp_verbose ar -c -g -r liblpp.a $name.*) || pp_error "ar error" if test -s $user_wrkdir/liblpp.a; then pp_add_transient_file $instuser/liblpp.a pp_verbose cp $user_wrkdir/liblpp.a $pp_destdir$instuser/liblpp.a || pp_error "cannot create user liblpp.a" fi (cd $root_wrkdir && pp_verbose ar -c -g -r liblpp.a $name.*) || pp_error "ar error" if test -s $root_wrkdir/liblpp.a; then pp_add_transient_file $instroot/liblpp.a pp_verbose cp $root_wrkdir/liblpp.a $pp_destdir$instroot/liblpp.a || pp_error "cannot create root liblpp.a" fi { echo ./lpp_name test -s $user_wrkdir/liblpp.a && echo .$instuser/liblpp.a test -s $root_wrkdir/liblpp.a && echo .$instroot/liblpp.a cat $user_wrkdir/$name.*.al # includes the relocated root files! } > $pp_wrkdir/bff.list if test -n "$pp_aix_abis_seen" -a x"$pp_aix_arch_std" = x"auto"; then case "$pp_aix_abis_seen" in "ppc ppc64"|"ppc64 ppc") pp_aix_arch_std=ppc64 ;; ppc|ppc64) pp_aix_arch_std=$pp_aix_abis_seen ;; *" "*) pp_warn "multiple architectures detected: $pp_aix_abis_seen" pp_aix_arch_std=unknown ;; "") pp_warn "no binary executables detected; using noarch" pp_aix_arch_std=noarch ;; *) pp_warn "unknown architecture detected $pp_aix_abis_seen" pp_aix_arch_std=$pp_aix_abis_seen ;; esac fi . $pp_wrkdir/%fixup outbff=`pp_backend_aix_names` pp_debug "creating: $pp_wrkdir/$outbff" (cd $pp_destdir && pp_verbose /usr/sbin/backup -i -q -p -f -) \ < $pp_wrkdir/bff.list \ > $pp_wrkdir/$outbff || pp_error "backup failed" $pp_aix_sudo /usr/sbin/installp -l -d $pp_wrkdir/$outbff } pp_backend_aix_cleanup () { : } pp_backend_aix_names () { echo "$name.`[ $pp_aix_version ] && pp_aix_version_fix $pp_aix_version || pp_aix_version_fix "$version"`.bff" } pp_backend_aix_install_script () { typeset pkgname platform # # The script should take a first argument being the # operation; further arguments refer to components or services # # list-components -- lists components in the pkg # install component... -- installs the components # uninstall component... -- uninstalles the components # list-services -- lists the services in the pkg # start service... -- starts the name service # stop service... -- stops the named services # print-platform -- prints the platform group # pkgname="`pp_backend_aix_names`" platform="`pp_backend_aix_probe`" # XXX should be derived from files fsets= for cmp in $pp_components; do case "$cmp" in run) ex=rte;; doc) ex=doc;; dev) ex=adt;; dbg) ex=diag;; esac fsets="$fsets $name.$ex" done echo '#!/bin/sh' pp_install_script_common cat <<-. cpt_to_fileset () { test x"\$*" = x"all" && set -- $pp_components for cpt do case "\$cpt" in run) echo "$name.rte";; doc) echo "$name.doc";; dev) echo "$name.adt";; dbg) echo "$name.diag";; *) usage;; esac done } test \$# -eq 0 && usage op="\$1"; shift case "\$op" in list-components) test \$# -eq 0 || usage \$op echo "$pp_components" ;; list-services) test \$# -eq 0 || usage \$op echo "$pp_services" ;; list-files) test \$# -ge 1 || usage \$op echo \${PP_PKGDESTDIR:-.}/$pkgname ;; install) test \$# -ge 1 || usage \$op verbose /usr/sbin/installp -acX -V0 -F \ -d \${PP_PKGDESTDIR:-.}/$pkgname \ \`cpt_to_fileset "\$@"\` ;; uninstall) test \$# -ge 1 || usage \$op verbose /usr/sbin/installp -u -e/dev/null \ -V0 \`cpt_to_fileset "\$@"\` ;; start|stop) test \$# -ge 1 || usage \$op ec=0 for svc do verbose \${op}src -s \$svc || ec=1 done exit \$ec ;; print-platform) echo "$platform" ;; *) usage;; esac . } pp_backend_aix_init_svc_vars () { : } pp_backend_aix_probe () { echo "${pp_aix_os}-${pp_aix_arch_std}" } pp_backend_aix_vas_platforms () { case "${pp_aix_arch_std}" in ppc*) :;; *) pp_die "unknown architecture ${pp_aix_arch_std}";; esac case "${pp_aix_os}" in aix43) echo "aix-43";; aix51) echo "aix-51 aix-43";; aix52) echo "aix-51 aix-43";; aix53) echo "aix-53 aix-51 aix-43";; aix61) echo "aix-53 aix-51 aix-43";; *) pp_die "unknown system ${pp_aix_os}";; esac } pp_backend_aix_function () { case "$1" in pp_mkgroup) cat <<'.';; /usr/sbin/lsgroup "$1" >/dev/null && return 0 echo "Creating group $1" /usr/bin/mkgroup -A "$1" . pp_mkuser:depends) echo pp_mkgroup;; pp_mkuser) cat <<'.';; /usr/sbin/lsuser "$1" >/dev/null && return 0 pp_mkgroup "${2:-$1}" || return 1 echo "Creating user $1" /usr/bin/mkuser \ login=false \ rlogin=false \ account_locked=true \ home="${3:-/nohome.$1}" \ pgrp="${2:-$1}" \ "$1" . pp_havelib) cat <<'.';; case "$2" in "") pp_tmp_name="lib$1.so";; *.*.*) pp_tmp_name="lib$1.so.$2";; *.*) pp_tmp_name="lib$1.so.$2.0";; *) pp_tmp_name="lib$1.so.$2";; esac for pp_tmp_dir in `echo "/usr/lib:/lib${3:+:$3}" | tr : ' '`; do test -r "$pp_tmp_dir/$pp_tmp_name" -a \ -r "$pp_tmp_dir/lib$1.so" && return 0 done return 1 . *) false;; esac } pp_platforms="$pp_platforms sd" pp_backend_sd_detect () { test x"$1" = x"HP-UX" } pp_backend_sd_init () { pp_sd_sudo= pp_sd_startlevels=2 pp_sd_stoplevels=auto pp_sd_config_file= pp_sd_vendor= pp_sd_vendor_tag=Quest pp_sd_default_start=1 # config_file default start value pp_readlink_fn=pp_ls_readlink # HPUX has no readlink pp_shlib_suffix='.sl' # .so on most other platforms pp_sd_detect_os } pp_sd_detect_os () { typeset revision revision=`uname -r` pp_sd_os="${revision#?.}" test -z "$pp_sd_os" && pp_warn "cannot detect OS version" pp_sd_os_std="hpux`echo $pp_sd_os | tr -d .`" case "`uname -m`" in 9000/[678]??) pp_sd_arch_std=hppa;; ia64) pp_sd_arch_std=ia64;; *) pp_sd_arch_std=unknown;; esac } pp_sd_write_files () { typeset t m o g f p st line dm while read t m o g f p st; do line=" file" case "$f" in *v*) line="$line -v";; esac # FIXME for uninstall case ${pp_sd_os} in 10.*) case $t in f) dm=644;; d) p=${p%/}; dm=755;; esac ;; *) case $t in f) dm=644;; d) line="$line -t d"; p=${p%/}; dm=755;; s) line="$line -t s";; esac ;; esac test x"$o" = x"-" && o=root test x"$g" = x"-" && g=sys test x"$m" = x"-" && m=$dm case $t in s) # swpackage will make unqualified links relative to the # current working (source) directory, not the destination; # we need to qualify them to prevent this. case "$st" in [!/]*) st="`dirname \"$p\"`/$st";; esac echo "$line -o $o -g $g -m $m $st $p" ;; *) echo "$line -o $o -g $g -m $m $pp_destdir$p $p" ;; esac done } pp_sd_service_group_script () { typeset grp svcs scriptpath out grp="$1" svcs="$2" scriptpath="/sbin/init.d/$grp" out="$pp_destdir$scriptpath" pp_add_file_if_missing $scriptpath run 755 || return 0 cat <<-. > $out #!/sbin/sh # generated by pp $pp_version svcs="$svcs" . cat <<-'.' >> $out #-- starts services in order.. stops them all if any break pp_start () { undo= for svc in \$svcs; do /sbin/init.d/\$svc start case \$? in 0|4) undo="\$svc \$undo" ;; *) if test -n "\$undo"; then for svc in \$undo; do /sbin/init.d/\$svc stop done return 1 fi ;; esac done return 0 } #-- stops services in reverse pp_stop () { reverse= for svc in \$svcs; do reverse="\$svc \$reverse" done rc=0 for svc in \$reverse; do /sbin/init.d/\$svc stop || rc=\$? done return \$rc } case \$1 in start_msg) echo "Starting \$svcs";; stop_msg) echo "Stopping \$svcs";; start) pp_start;; stop) pp_stop;; *) echo "usage: \$0 {start|stop|start_msg|stop_msg}" exit 1;; esac . } pp_sd_service_script () { typeset svc config_file config_value scriptpath out svc="$1" scriptpath="/sbin/init.d/$svc" config_file=${pp_sd_config_file:-/etc/rc.config.d/$svc} sd_config_var=`echo run-$svc | tr '[a-z]-' '[A-Z]_'` sd_config_value=${pp_sd_default_start:-0} pp_load_service_vars "$svc" test -n "$user" -a x"$user" != x"root" && cmd="SHELL=/usr/bin/sh /usr/bin/su $user -c \"exec `echo $cmd | sed -e 's,[$\\\`],\\&,g'`\"" if test -z "$pidfile"; then pidfile="/var/run/$svc.pid" cmd="$cmd & echo \$! > \$pidfile" fi pp_debug "config file is $config_file" pp_add_file_if_missing $scriptpath run 755 pp_add_file_if_missing $config_file run 644 v cat <<-. >> $pp_destdir$config_file # Controls whether the $svc service is started $sd_config_var=$sd_config_value . if test ! -f $pp_destdir$scriptpath; then cat <<-. > $pp_destdir$scriptpath #!/sbin/sh # generated by pp $pp_version svc="$svc" pidfile="$pidfile" config_file="$config_file" pp_start () { $cmd } pp_disabled () { test \${$sd_config_var:-0} -eq 0 } pp_stop () { if test ! -s "\$pidfile"; then echo "Unable to stop \$svc (no pid file)" return 1 else read pid < "\$pidfile" if kill -0 "\$pid" 2>/dev/null; then if kill -${stop_signal:-TERM} "\$pid"; then rm -f "\$pidfile" return 0 else echo "Unable to stop \$svc" return 1 fi else rm -f "\$pidfile" return 0 fi fi } pp_running () { if test ! -s "\$pidfile"; then return 1 else read pid < "\$pidfile" kill -0 "\$pid" 2>/dev/null fi } case \$1 in start_msg) echo "Starting the \$svc service";; stop_msg) echo "Stopping the \$svc service";; start) if test -f "\$config_file"; then . \$config_file fi if pp_disabled; then exit 2 elif pp_running; then echo "\$svc already running"; exit 0 elif pp_start; then echo "\$svc started"; # rc(1M) says we should exit 4, but nobody expects it! exit 0 else exit 1 fi;; stop) if pp_stop; then echo "\$svc stopped"; exit 0 else exit 1 fi;; *) echo "usage: \$0 {start|stop|start_msg|stop_msg}" exit 1;; esac . fi } pp_sd_make_service () { typeset level startpriority stoppriority startlevels stoplevels typeset svc svcvar symtype svc="$1" svcvar=`pp_makevar $svc` case ${pp_sd_os} in 10.*) symtype="file";; *) symtype="file -t s";; esac # TODO: Figure out why this check is here #-- don't do anything if the script exists #if test -s "$pp_destdir/sbin/init.d/$svc"; then # pp_error "$pp_destdir/sbin/init.d/$svc exists" # return #fi # symlink the script, depending on the priorities chosen eval startpriority='${pp_sd_startpriority_'$svcvar'}' eval stoppriority='${pp_sd_stoppriority_'$svcvar'}' test -z "$startpriority" && startpriority="${pp_sd_startpriority:-50}" test -z "$stoppriority" && stoppriority="${pp_sd_stoppriority:-50}" eval startlevels='${pp_sd_startlevels_'$svcvar'}' test -z "$startlevels" && startlevels="$pp_sd_startlevels" eval stoplevels='${pp_sd_stoplevels_'$svcvar'}' test -z "$stoplevels" && stoplevels="$pp_sd_stoplevels" # create the script and config file pp_sd_service_script $svc # fix the priority up case "$startpriority" in ???) :;; ??) startpriority=0$startpriority;; ?) startpriority=00$startpriority;; esac case "$stoppriority" in ???) :;; ??) stoppriority=0$stoppriority;; ?) stoppriority=00$stoppriority;; esac if test x"$stoplevels" = x"auto"; then stoplevels= test -z "$startlevels" || for level in $startlevels; do stoplevels="$stoplevels `expr $level - 1`" done fi # create the symlinks test -z "$startlevels" || for level in $startlevels; do echo " ${symtype}" \ "/sbin/init.d/$svc" \ "/sbin/rc$level.d/S$startpriority$svc" done test -z "$stoplevels" || for level in $stoplevels; do echo " ${symtype}" \ "/sbin/init.d/$svc" \ "/sbin/rc$level.d/K$stoppriority$svc" done } pp_sd_control () { typeset ctrl script typeset cpt ctrl="$1"; shift cpt="$1"; shift script="$pp_wrkdir/control.$ctrl.$cpt" cat <<. >$script . cat "$@" >> $script echo "exit 0" >> $script /usr/bin/chmod +x $script echo " $ctrl $script" } pp_sd_depend () { typeset _name _vers while read _name _vers; do case "$_name" in ""| "#"*) continue ;; esac echo " prerequisites $_name ${_vers:+r>= $_vers}" done } pp_sd_conflict () { typeset _name _vers while read _name _vers; do case "$_name" in ""| "#"*) continue ;; esac echo " exrequisites $_name ${_vers:+r>= $_vers}" done } pp_backend_sd () { typeset psf cpt svc outfile release swp_flags psf=$pp_wrkdir/psf release="?.${pp_sd_os%.[0-9][0-9]}.*" echo "depot" > $psf echo "layout_version 1.0" >>$psf #-- vendor cat <<. >>$psf vendor tag $pp_sd_vendor_tag title "${pp_sd_vendor:-$vendor}" end product tag $name revision $version vendor_tag $pp_sd_vendor_tag is_patch false title "$summary" copyright "$copyright" machine_type * os_name HP-UX os_release $release os_version ? directory / is_locatable false . test -n "$description" \ && echo $description > $pp_wrkdir/description \ && cat <<. >> $psf description < $pp_wrkdir/description . # make convenience service groups if test -n "$pp_service_groups"; then for grp in $pp_service_groups; do pp_sd_service_group_script \ $grp "`pp_service_get_svc_group $grp`" done fi for cpt in $pp_components; do cat <<. >>$psf fileset tag ${pp_sd_fileset_tag:-$cpt} title "${summary:-cpt}" revision $version . test -s $pp_wrkdir/%depend.$cpt && pp_sd_depend < $pp_wrkdir/%depend.$cpt >> $psf test -s $pp_wrkdir/%conflict.$cpt && pp_sd_conflict < $pp_wrkdir/%conflict.$cpt >> $psf #-- make sure services are shut down during uninstall if test $cpt = run -a -n "$pp_services"; then for svc in $pp_services; do pp_prepend $pp_wrkdir/%preun.$cpt <<-. /sbin/init.d/$svc stop . done fi #-- we put the post/preun code into configure/unconfigure # and not postinstall/preremove, because configure/unconfigure # scripts are run on the hosts where the package is installed, # not loaded (a subtle difference). test -s $pp_wrkdir/%pre.$cpt && pp_sd_control checkinstall $cpt $pp_wrkdir/%pre.$cpt >> $psf test -s $pp_wrkdir/%post.$cpt && pp_sd_control configure $cpt $pp_wrkdir/%post.$cpt >> $psf test -s $pp_wrkdir/%preun.$cpt && pp_sd_control unconfigure $cpt $pp_wrkdir/%preun.$cpt >> $psf test -s $pp_wrkdir/%postun.$cpt && pp_sd_control postremove $cpt $pp_wrkdir/%postun.$cpt >> $psf test -s $pp_wrkdir/%check.$cpt && pp_sd_control checkinstall $cpt $pp_wrkdir/%check.$cpt >> $psf if test $cpt = run -a -n "$pp_services"; then for svc in $pp_services; do #-- service names are 10 chars max on hpux case "$svc" in ???????????*) pp_warn "service name '$svc' is too long for hpux";; esac pp_sd_make_service $svc >> $psf done #pp_sd_make_service_config fi pp_sd_write_files < $pp_wrkdir/%files.$cpt >> $psf #-- end fileset clause cat <<. >>$psf end . done #-- end product clause cat <<. >>$psf end . $pp_opt_debug && cat $psf >&2 test -s $pp_wrkdir/%fixup && . $pp_wrkdir/%fixup outfile=`pp_backend_sd_names` case ${pp_sd_os} in 10.*) swp_flags="-x target_type=tape" ;; *) swp_flags="-x media_type=tape" ;; esac if pp_verbose ${pp_sd_sudo} /usr/sbin/swpackage -s $psf $swp_flags \ @ $pp_wrkdir/$outfile then pp_verbose ${pp_sd_sudo} /usr/sbin/swlist -l file -s $pp_wrkdir/$outfile else pp_error "swpackage failed" fi } pp_backend_sd_cleanup () { : } pp_backend_sd_names () { echo "$name-$version.$pp_sd_arch_std.depot" } pp_backend_sd_install_script () { typeset pkgname platform pkgname=`pp_backend_sd_names` platform="`pp_backend_sd_probe`" echo "#!/bin/sh" pp_install_script_common cat <<. cpt_to_tags () { test x"\$*" = x"all" && set -- $pp_components for cpt do echo "$name.\$cpt" done } test \$# -eq 0 && usage op="\$1"; shift case "\$op" in list-components) test \$# -eq 0 || usage \$op echo "$pp_components" ;; list-services) test \$# -eq 0 || usage \$op echo "$pp_services" ;; list-files) test \$# -ge 1 || usage \$op echo \${PP_PKGDESTDIR:-.}/$pkgname ;; install) test \$# -ge 1 || usage \$op verbose /usr/sbin/swinstall -x verbose=0 \ -s \${PP_PKGDESTDIR:-\`pwd\`}/$pkgname \ \`cpt_to_tags "\$@"\` ;; uninstall) test \$# -ge 1 || usage \$op verbose /usr/sbin/swremove -x verbose=0 \ \`cpt_to_tags "\$@"\` ;; start|stop) test \$# -ge 1 || usage \$op ec=0 for svc do verbose /sbin/init.d/\$svc \$op [ \$? -eq 4 -o \$? -eq 0 ] || ec=1 done exit \$ec ;; print-platform) echo "$platform" ;; *) usage ;; esac . } pp_backend_sd_probe () { echo "${pp_sd_os_std}-${pp_sd_arch_std}" } pp_backend_sd_vas_platforms () { case "`pp_backend_sd_probe`" in hpux*-hppa) echo hpux-pa;; hpux*-ia64) echo hpux-ia64 hpux-pa;; *) pp_die "unknown system `pp_backend_sd_probe`";; esac } pp_backend_sd_init_svc_vars () { : } pp_backend_sd_function () { case "$1" in pp_mkgroup) cat <<'.';; /usr/sbin/groupmod "$1" 2>/dev/null || /usr/sbin/groupadd "$1" . pp_mkuser:depends) echo pp_mkgroup;; pp_mkuser) cat <<'.';; pp_mkgroup "${2:-$1}" || return 1 /usr/sbin/useradd \ -g "${2:-$1}" \ -d "${3:-/nonexistent}" \ -s "${4:-/bin/false}" \ "$1" . pp_havelib) cat <<'.';; for pp_tmp_dir in `echo /usr/lib${3:+:$3} | tr : ' '`; do test -r "$pp_tmp_dir/lib$1${2:+.$2}.sl" && return 0 done return 1 . *) false;; esac } pp_platforms="$pp_platforms solaris" pp_backend_solaris_detect () { test x"$1" = x"SunOS" } pp_backend_solaris_init () { pp_solaris_category= pp_solaris_istates="s S 1 2 3" # run-states when install is ok pp_solaris_rstates="s S 1 2 3" # run-states when remove is ok pp_solaris_maxinst= pp_solaris_vendor= pp_solaris_pstamp= pp_solaris_copyright= pp_solaris_name= pp_solaris_desc= pp_solaris_package_arch=auto pp_solaris_detect_os pp_solaris_detect_arch pp_solaris_init_svc #-- readlink not reliably available on Solaris pp_readlink_fn=pp_ls_readlink } pp_solaris_detect_os () { typeset osrel osrel=`/usr/bin/uname -r` case "$osrel" in 5.[0-6]) pp_solaris_os="sol2${osrel#5.}";; 5.*) pp_solaris_os="sol${osrel#5.}";; esac test -z "$pp_solaris_os" && pp_warn "can't determine OS suffix from uname -r" } pp_solaris_detect_arch () { pp_solaris_arch=`/usr/bin/optisa amd64 sparcv9 i386 sparc` [ -z "$pp_solaris_arch" ] && pp_error "can't determine processor architecture" case "$pp_solaris_arch" in amd64) pp_solaris_arch_std=x86_64;; i386) pp_solaris_arch_std=i386;; sparcv9) pp_solaris_arch_std=sparc64;; sparc) pp_solaris_arch_std=sparc;; *) pp_solaris_arch_std=unknown;; esac } pp_solaris_is_request_script_necessary () { typeset has_optional_services has_optional_services=no for _svc in $pp_services; do pp_load_service_vars $_svc if test "$optional" = "yes"; then has_optional_services=yes fi done # If the package has no optional services and only one component, don't # create a request script at all. if test "$has_optional_services" = "no" && test `echo $pp_components | wc -w` -eq 1; then return 1 # no fi return 0 # yes } pp_solaris_request () { typeset _cmp _svc #-- The common part of the request script contains the ask() function # and resets the CLASSES list to empty cat <<'.' trap 'exit 3' 15 ask () { ans=`ckyorn -d "$1" \ -p "Do you want to $2"` \ || exit $? case "$ans" in y*|Y*) return 0;; *) return 1;; esac } CLASSES= . #-- each of our components adds itself to the CLASSES list for _cmp in $pp_components; do case "$_cmp" in run) :;; doc) echo 'ask y "install the documentation files" &&';; dev) echo 'ask y "install the development files" &&';; dbg) echo 'ask n "install the diagnostic files" &&';; esac echo ' CLASSES="$CLASSES '$_cmp'"' done #-- the request script writes the CLASSES var to its output cat <<'.' echo "CLASSES=$CLASSES" > $1 . if test -n "$pp_services"; then echo 'SERVICES=' for _svc in $pp_services; do pp_load_service_vars $_svc if test "$enable" = "yes"; then _default_prompt=y else _default_prompt=n fi if test "$optional" = "yes"; then echo 'ask '$_default_prompt' "install '$_svc' service" &&' fi echo ' SERVICES="$SERVICES '$_svc'"' done echo 'echo "SERVICES=$SERVICES" >> $1' fi } pp_solaris_procedure () { cat <<. #-- $2 for $1 component of $name case " \$CLASSES " in *" $1 "*) . cat cat <<. ;; esac . } pp_solaris_depend () { typeset _name _vers while read _name _vers; do if test -n "$_name"; then echo "P $_name $_name" test -n "$_vers" && echo " $_vers" fi done } pp_solaris_conflict () { typeset _name _vers while read _name _vers; do if test -n "$_name"; then echo "I $_name $_name" test -n "$_vers" && echo " $_vers" fi done } pp_solaris_space() { echo "$2:$3:$1" >> $pp_wrkdir/space.cumulative } pp_solaris_sum_space () { if test -s $pp_wrkdir/space.cumulative; then sort -t: +2 < $pp_wrkdir/space.cumulative | awk -F: 'NR==1{n=$3}{if($3==n){b+=$1;i+=$2}else{print n" "b" "i;b=$1;i=$2;n=$3}}END{print n" "b" "i}' > $pp_wrkdir/space fi } pp_solaris_proto () { typeset t m o g f p st typeset abi while read t m o g f p st; do # Use Solaris default mode, owner and group if all unspecified if test x"$m$o$g" = x"---"; then m="?"; o="?"; g="?" fi test x"$o" = x"-" && o="root" case "$t" in f) test x"$g" = x"-" && g="bin" test x"$m" = x"-" && m=444 case "$f" in *v*) echo "v $1 $p=$pp_destdir$p $m $o $g";; *) echo "f $1 $p=$pp_destdir$p $m $o $g";; esac if test -r "$pp_destdir$p"; then #-- Use file to record ABI types seen case "`file "$pp_destdir$p"`" in *"ELF 32"*80386*) abi=i386;; *"ELF 64"*AMD*) abi=x86_64;; *"ELF 32"*SPARC*) abi=sparc;; *"ELF 64"*SPARC*) abi=sparc64;; *) abi=;; esac if test -n "$abi"; then pp_add_to_list pp_solaris_abis_seen $abi fi fi ;; d) test x"$g" = x"-" && g="sys" test x"$m" = x"-" && m=555 echo "d $1 $p $m $o $g" ;; s) test x"$g" = x"-" && g="bin" test x"$m" = x"-" && m=777 if test x"$m" != x"777" -a x"$m" != x"?"; then pp_warn "$p: invalid mode $m for symlink, should be 777 or -" fi echo "s $1 $p=$st $m $o $g" ;; esac done } pp_backend_solaris () { typeset _cmp _svc _grp prototype=$pp_wrkdir/prototype : > $prototype pkginfo=$pp_wrkdir/pkginfo : > $pkginfo echo "i pkginfo=$pkginfo" >> $prototype case "${pp_solaris_name:-$name}" in [0-9]*) pp_error "Package name '${pp_solaris_name:-$name}'" \ "cannot start with a number" ;; ???????????????*) pp_warn "Package name '${pp_solaris_name:-$name}'" \ "too long for Solaris 2.6 or 2.7 (max 9 characters)" ;; ??????????*) pp_warn "Package name '${pp_solaris_name:-$name}'" \ "too long for 2.7 Solaris (max 9 characters)" ;; esac #-- generate the package info file echo "VERSION=$version" >> $pkginfo echo "PKG=${pp_solaris_name:-$name}" >> $pkginfo echo "CLASSES=$pp_components" >> $pkginfo echo "BASEDIR=/" >> $pkginfo echo "NAME=$name $version" >> $pkginfo echo "CATEGORY=${pp_solaris_category:-application}" >> $pkginfo desc="${pp_solaris_desc:-$description}" test -n "$desc" && echo "DESC=$desc" >> $pkginfo test -n "$pp_solaris_rstates" && echo "RSTATES=$pp_solaris_rstates" >> $pkginfo test -n "$pp_solaris_istates" && echo "ISTATES=$pp_solaris_istates" >> $pkginfo test -n "$pp_solaris_maxinst" && echo "MAXINST=$pp_solaris_maxinst" >> $pkginfo test -n "${pp_solaris_vendor:-$vendor}" && echo "VENDOR=${pp_solaris_vendor:-$vendor}" >> $pkginfo test -n "$pp_solaris_pstamp" && echo "PSTAMP=$pp_solaris_pstamp" >> $pkginfo if test -n "${pp_solaris_copyright:-$copyright}"; then echo "${pp_solaris_copyright:-$copyright}" > $pp_wrkdir/copyright echo "i copyright=$pp_wrkdir/copyright" >> $prototype fi #-- scripts to run before and after install : > $pp_wrkdir/postinstall : > $pp_wrkdir/preremove : > $pp_wrkdir/postremove for _cmp in $pp_components; do #-- add the preinstall scripts in definition order if test -s $pp_wrkdir/%pre.$_cmp; then pp_solaris_procedure $_cmp preinst < $pp_wrkdir/%pre.$_cmp \ >> $pp_wrkdir/preinstall fi #-- add the postinstall scripts in definition order if test -s $pp_wrkdir/%post.$_cmp; then pp_solaris_procedure $_cmp postinst < $pp_wrkdir/%post.$_cmp \ >> $pp_wrkdir/postinstall fi #-- add the preremove rules in reverse definition order if test -s $pp_wrkdir/%preun.$_cmp; then pp_solaris_procedure $_cmp preremove < $pp_wrkdir/%preun.$_cmp | pp_prepend $pp_wrkdir/preremove fi #-- add the postremove scripts in definition order if test -s $pp_wrkdir/%postun.$_cmp; then pp_solaris_procedure $_cmp postremove < $pp_wrkdir/%postun.$_cmp \ >> $pp_wrkdir/postremove fi #-- Add the check script in definition order if test -s $pp_wrkdir/%check.$_cmp; then pp_solaris_procedure $_cmp checkinstall \ < $pp_wrkdir/%check.$_cmp \ >> $pp_wrkdir/checkinstall fi #-- All dependencies and conflicts are merged together for Solaris pkgs test -s $pp_wrkdir/%depend.$_cmp && pp_solaris_depend < $pp_wrkdir/%depend.$_cmp >> $pp_wrkdir/depend test -s $pp_wrkdir/%conflict.$_cmp && pp_solaris_conflict < $pp_wrkdir/%conflict.$_cmp >> $pp_wrkdir/depend done if pp_solaris_is_request_script_necessary; then pp_solaris_request > $pp_wrkdir/request fi test -n "$pp_services" && for _svc in $pp_services; do pp_load_service_vars $_svc pp_solaris_smf $_svc pp_solaris_make_service $_svc pp_solaris_install_service $_svc | pp_prepend $pp_wrkdir/postinstall pp_solaris_remove_service $_svc | pp_prepend $pp_wrkdir/preremove pp_solaris_remove_service $_svc | pp_prepend $pp_wrkdir/postremove unset pp_svc_xml_file done test -n "$pp_service_groups" && for _grp in $pp_service_groups; do pp_solaris_make_service_group \ $_grp "`pp_service_get_svc_group $_grp`" done #-- if installf was used; we need to indicate a termination grep installf $pp_wrkdir/postinstall >/dev/null && echo 'installf -f $PKGINST' >> $pp_wrkdir/postinstall pp_solaris_sum_space # NB: pkginfo and copyright are added earlier for f in compver depend space checkinstall \ preinstall request postinstall \ preremove postremove; do if test -s $pp_wrkdir/$f; then case $f in *install|*remove|request) # turn scripts into a proper shell scripts mv $pp_wrkdir/$f $pp_wrkdir/$f.tmp { echo "#!/bin/sh"; echo "# $f script for ${pp_solaris_name:-$name}-$version" cat $pp_wrkdir/$f.tmp echo "exit 0"; } > $pp_wrkdir/$f chmod +x $pp_wrkdir/$f rm -f $pp_wrkdir/$f.tmp ;; esac if $pp_opt_debug; then pp_debug "contents of $f:" cat $pp_wrkdir/$f >&2 fi echo "i $f=$pp_wrkdir/$f" >> $prototype fi done #-- create the prototype file which lists the files to install # do this as late as possible because files could be added pp_solaris_abis_seen= for _cmp in $pp_components; do pp_solaris_proto $_cmp < $pp_wrkdir/%files.$_cmp done >> $prototype if test x"$pp_solaris_package_arch" = x"auto"; then if pp_contains "$pp_solaris_abis_seen" sparc64; then pp_solaris_package_arch_std="sparc64" echo "ARCH=sparcv9" >> $pkginfo elif pp_contains "$pp_solaris_abis_seen" sparc; then pp_solaris_package_arch_std="sparc" echo "ARCH=sparc" >> $pkginfo elif pp_contains "$pp_solaris_abis_seen" x86_64; then pp_solaris_package_arch_std="x86_64" echo "ARCH=amd64" >> $pkginfo elif pp_contains "$pp_solaris_abis_seen" i386; then pp_solaris_package_arch_std="i386" echo "ARCH=i386" >> $pkginfo else pp_warn "No ELF files found: not supplying an ARCH type" pp_solaris_package_arch_std="noarch" fi else pp_solaris_package_arch_std="$pp_solaris_package_arch" echo "ARCH=$pp_solaris_package_arch" >> $pkginfo fi mkdir $pp_wrkdir/pkg . $pp_wrkdir/%fixup if $pp_opt_debug; then echo "$pkginfo::"; cat $pkginfo echo "$prototype::"; cat $prototype fi >&2 pkgmk -d $pp_wrkdir/pkg -f $prototype \ || { error "pkgmk failed"; return; } pkgtrans -s $pp_wrkdir/pkg \ $pp_wrkdir/`pp_backend_solaris_names` \ ${pp_solaris_name:-$name} \ || { error "pkgtrans failed"; return; } } pp_backend_solaris_cleanup () { : } pp_backend_solaris_names () { echo ${pp_solaris_name:-$name}-$version-${pp_solaris_package_arch_std:-$pp_solaris_arch}.pkg } pp_backend_solaris_install_script () { typeset pkgname platform platform="${pp_solaris_os:-solaris}-${pp_solaris_package_arch_std:-$pp_solaris_arch}" echo "#! /sbin/sh" pp_install_script_common pkgname=`pp_backend_solaris_names` cat <<. tmpnocheck=/tmp/nocheck\$\$ tmpresponse=/tmp/response\$\$ trap 'rm -f \$tmpnocheck \$tmpresponse' 0 make_tmpfiles () { cat <<-.. > \$tmpresponse CLASSES=\$* SERVICES=$pp_services .. cat <<-.. > \$tmpnocheck mail= instance=overwrite partial=nocheck runlevel=nocheck idepend=nocheck rdepend=nocheck space=nocheck setuid=nocheck conflict=nocheck action=nocheck basedir=default .. } test \$# -eq 0 && usage op="\$1"; shift case "\$op" in list-components) test \$# -eq 0 || usage \$op echo "$pp_components" ;; list-services) test \$# -eq 0 || usage \$op echo "$pp_services" ;; list-files) test \$# -ge 1 || usage \$op echo \${PP_PKGDESTDIR:-.}/$pkgname ;; install) test \$# -ge 1 || usage \$op make_tmpfiles "\$@" verbose /usr/sbin/pkgadd -n -d \${PP_PKGDESTDIR:-.}/$pkgname \ -r \$tmpresponse \ -a \$tmpnocheck \ ${pp_solaris_name:-$name} ;; uninstall) test \$# -ge 1 || usage \$op make_tmpfiles "\$@" verbose /usr/sbin/pkgrm -n \ -a \$tmpnocheck \ ${pp_solaris_name:-$name} ;; start|stop) test \$# -ge 1 || usage \$op ec=0 for svc do verbose /etc/init.d/\$svc \$op || ec=1 done exit \$ec ;; print-platform) echo "$platform" ;; *) usage ;; esac . } pp_solaris_dynlib_depend () { xargs ldd 2>/dev/null | sed -e '/^[^ ]*:$/d' -e 's,.*=>[ ]*,,' -e 's,^[ ]*,,' | sort -u | grep -v '^/usr/platform/' | ( set -- ""; shift while read p; do set -- "$@" -p "$p" if [ $# -gt 32 ]; then echo "$# is $#" >&2 pkgchk -l "$@" set -- ""; shift fi done [ $# -gt 0 ] && pkgchk -l "$@" )| awk '/^Current status:/{p=0} p==1 {print $1} /^Referenced by/ {p=1}' | sort -u | xargs -l32 pkginfo -x | awk 'NR % 2 == 1 { name=$1; } NR%2 == 0 { print name, $2 }' } pp_solaris_add_dynlib_depends () { typeset tmp tmp=$pp_wrkdir/tmp.dynlib for _cmp in $pp_components; do awk '{print destdir $6}' destdir="$pp_destdir" \ < $pp_wrkdir/%files.$_cmp | pp_solaris_dynlib_depend > $tmp if test -s $tmp; then cat $tmp >> $pp_wrkdir/%depend.$_cmp fi rm -f $tmp done } pp_backend_solaris_probe () { echo "${pp_solaris_os}-${pp_solaris_arch_std}" } pp_backend_solaris_vas_platforms () { case `pp_backend_solaris_probe` in sol10-sparc* | sol9-sparc* | sol8-sparc*) echo solaris8-sparc solaris7-sparc solaris26-sparc;; sol7-sparc*) echo solaris7-sparc solaris26-sparc;; sol26-sparc*) echo solaris26-sparc;; sol8-*86) echo solaris8-x86;; sol10-*86 | sol10-x86_64) echo solaris10-x64 solaris8-x86;; *) pp_die "unknown system `pp_backend_solaris_probe`";; esac } pp_backend_solaris_function() { case "$1" in pp_mkgroup) cat<<'.';; /usr/sbin/groupmod "$1" 2>/dev/null && return 0 /usr/sbin/groupadd "$1" . pp_mkuser:depends) echo pp_mkgroup;; pp_mkuser) cat<<'.';; id "$1" >/dev/null 2>/dev/null && return 0 pp_mkgroup "${2:-$1}" || return 1 /usr/sbin/useradd \ -g "${2:-$1}" \ -d "${3:-/nonexistent}" \ -s "${4:-/bin/false}" \ "$1" . *) false;; esac } pp_backend_solaris_init_svc_vars () { _smf_category=${pp_solaris_smf_category:-application} _smf_method_envvar_name=${smf_method_envvar_name:-"PP_SMF_SERVICE"} pp_solaris_service_shell=/sbin/sh } pp_solaris_init_svc () { smf_version=1 smf_type=service solaris_user= solaris_stop_signal= solaris_sysv_init_start=S70 # invocation order for start scripts solaris_sysv_init_kill=K30 # invocation order for kill scripts solaris_sysv_init_start_states="2" # states to install start link solaris_sysv_init_kill_states="S 0 1" # states to install kill link # # To have the service be installed to start automatically, # %service foo # solaris_sysv_init_start_states="S 0 1 2" # } pp_solaris_smf () { typeset f _pp_solaris_service_script svc _pp_solaris_manpage pp_solaris_name=${pp_solaris_name:-$name} pp_solaris_manpath=${pp_solaris_manpath:-"/usr/share/man"} pp_solaris_mansect=${pp_solaris_mansect:-1} smf_start_timeout=${smf_start_timeout:-60} smf_stop_timeout=${smf_stop_timeout:-60} smf_restart_timeout=${smf_restart_timeout:-60} svc=${pp_solaris_smf_service_name:-$1} _pp_solaris_service_script=${pp_solaris_service_script:-"/etc/init.d/${pp_solaris_service_script_name:-$svc}"} _pp_solaris_manpage=${pp_solaris_manpage:-$svc} if [ -z $pp_svc_xml_file ]; then pp_svc_xml_file="/var/svc/manifest/$_smf_category/$svc.xml" echo "## Generating the smf service manifest file for $pp_svc_xml_file" else echo "## SMF service manifest file already defined at $pp_svc_xml_file" if [ -z $pp_solaris_smf_service_name ] || [ -z $pp_solaris_smf_category ] || [ -z $pp_solaris_service_script ] || [ -z $smf_method_envvar_name ]; then pp_error "All required variables are not set.\n"\ "When using a custom manifest file all of the following variables must be set:\n"\ "pp_solaris_smf_service_name, pp_solaris_smf_category, pp_solaris_service_script and smf_method_envvar_name.\n\n"\ "Example:\n"\ " \$pp_solaris_smf_category=application\n"\ " \$pp_solaris_smf_service_name=pp\n\n"\ " \n\n"\ "Example:\n"\ " \$pp_solaris_service_script=/etc/init.d/pp\n\n"\ " \n\n"\ "Example:\n"\ " \$smf_method_envvar_name=PP_SMF_SERVICE\n\n"\ " \n"\ " \n"\ " \n" return 1 fi return 0 fi f=$pp_svc_xml_file pp_add_file_if_missing $f || return 0 pp_solaris_add_parent_dirs "$f" _pp_solaris_smf_dependencies=" " _pp_solaris_smf_dependencies=${pp_solaris_smf_dependencies:-$_pp_solaris_smf_dependencies} cat <<-. >$pp_destdir$f $_pp_solaris_smf_dependencies $pp_solaris_smf_additional_dependencies . } pp_solaris_make_service_group () { typeset group out file svcs svc group="$1" svcs="$2" file="/etc/init.d/$group" out="$pp_destdir$file" #-- return if the script is supplied already pp_add_file_if_missing "$file" run 755 || return 0 pp_solaris_add_parent_dirs "$file" echo "#! /sbin/sh" > $out echo "# polypkg service group script for these services:" >> $out echo "svcs=\"$svcs\"" >> $out cat <<'.' >>$out #-- starts services in order.. stops them all if any break pp_start () { undo= for svc in $svcs; do if /etc/init.d/$svc start; then undo="$svc $undo" else if test -n "$undo"; then for svc in $undo; do /etc/init.d/$svc stop done return 1 fi fi done return 0 } #-- stops services in reverse pp_stop () { reverse= for svc in $svcs; do reverse="$svc $reverse" done rc=0 for svc in $reverse; do /etc/init.d/$svc stop || rc=$? done return $rc } #-- returns true only if all services return true status pp_status () { rc=0 for svc in $svcs; do /etc/init.d/$svc status || rc=$? done return $rc } case "$1" in start) pp_start;; stop) pp_stop;; status) pp_status;; restart) pp_stop && pp_start;; *) echo "usage: $0 {start|stop|restart|status}" >&2; exit 1;; esac . } pp_solaris_make_service () { typeset file out _cmd svc svc="${pp_solaris_smf_service_name:-$1}" file=${pp_solaris_service_script:-"/etc/init.d/${pp_solaris_service_script_name:-$svc}"} out="$pp_destdir$file" #-- return if we don't need to create the init script pp_add_file_if_missing "$file" run 755 || return 0 pp_solaris_add_parent_dirs "$file" echo "#! /sbin/sh" >$out echo "#-- This service init file generated by polypkg" >>$out #-- Start SMF integration. if [ -n "$pp_svc_xml_file" ] ; then cat <<_EOF >>$out if [ -x /usr/sbin/svcadm ] && [ "x\$1" != "xstatus" ] && [ "t\$$_smf_method_envvar_name" = "t" ] ; then case "\$1" in start) echo "starting $svc" /usr/sbin/svcadm clear svc:/$_smf_category/$svc:default >/dev/null 2>&1 /usr/sbin/svcadm enable -s $_smf_category/$svc RESULT=\$? if [ "\$RESULT" -ne 0 ] ; then echo "Error \$RESULT starting $svc" >&2 fi ;; stop) echo "stopping $svc" /usr/sbin/svcadm disable -ts $_smf_category/$svc RESULT=0 ;; restart) echo "restarting $svc" /usr/sbin/svcadm disable -ts $_smf_category/$svc /usr/sbin/svcadm clear svc:/$_smf_category/$svc:default >/dev/null 2>&1 /usr/sbin/svcadm enable -s $_smf_category/$svc RESULT=\$? if [ "\$RESULT" -ne 0 ] ; then echo "Error \$RESULT starting $svc" >&2 fi ;; *) echo "Usage: $file {start|stop|restart|status}" >&2 RESULT=1 esac exit $RESULT fi _EOF fi #-- construct a start command that builds a pid file as needed # and forks the daemon _cmd="$cmd"; if test -z "$pidfile"; then # The service does not define a pidfile, so we have to make # our own up. On Solaris systems where there is no /var/run # we must use /tmp to guarantee the pid files are removed after # a system crash. cat <<. >>$out pp_piddir="/var/run" test -d "\$pp_piddir/." || pp_piddir="/tmp" pidfile="\$pp_piddir/$svc.pid" . _cmd="$cmd & echo \$! > \$pidfile" else # The service is able to write its own PID file cat <<. >>$out pidfile="$pidfile" . fi if test "${user:-root}" != "root"; then _cmd="su $user -c exec $_cmd"; fi cat <<. >>$out stop_signal="${stop_signal:-TERM}" svc="${svc}" # generated command to run $svc as a daemon process pp_exec () { $_cmd; } . #-- write the invariant section of the init script cat <<'.' >>$out # returns true if $svc is running pp_running () { test -s "$pidfile" || return 1 read pid junk < "$pidfile" 2>/dev/null test ${pid:-0} -gt 1 && kill -0 "$pid" 2>/dev/null } # prints a message describing $svc's running state pp_status () { if pp_running; then echo "service $svc is running (pid $pid)" return 0 elif test -f "$pidfile"; then echo "service $svc is not running, but pid file exists" return 2 else echo "service $svc is not running" return 1 fi } # starts $svc pp_start () { if pp_running; then echo "service $svc already running" >&2 return 0 fi echo "starting $svc... \c" if pp_exec; then echo "done." else echo "ERROR." exit 1 fi } # stops $svc pp_stop () { if pp_running; then echo "stopping $svc... \c" if kill -$stop_signal $pid; then rm -f "$pidfile" echo "done." else echo "ERROR." return 1 fi else echo "service $svc already stopped" >&2 return 0 fi } umask 022 case "$1" in start) pp_start;; stop) pp_stop;; status) pp_status;; restart) pp_stop && pp_start;; *) echo "usage: $0 {start|stop|restart|status}" >&2; exit 1;; esac . } pp_solaris_remove_service () { typeset file svc svc="${pp_solaris_smf_service_name:-$1}" file=${pp_solaris_service_script:-"/etc/init.d/${pp_solaris_service_script_name:-$svc}"} echo ' '$file' stop >/dev/null 2>/dev/null if [ "x${PKG_INSTALL_ROOT}" = 'x' ]; then if [ -x /usr/sbin/svcadm ] ; then # Likely un-needed, but just in case. /usr/sbin/svcadm disable -s '$svc' 2>/dev/null /usr/sbin/svccfg delete '$svc' 2>/dev/null fi fi ' } pp_solaris_install_service () { typeset s k l file svc svc="${pp_solaris_smf_service_name:-$1}" file=${pp_solaris_service_script:-"/etc/init.d/${pp_solaris_service_script_name:-$svc}"} s="${solaris_sysv_init_start}$svc" k="${solaris_sysv_init_kill}$svc" echo ' if [ "x${PKG_INSTALL_ROOT}" != "x" ]; then if [ -x ${PKG_INSTALL_ROOT}/usr/sbin/svcadm ]; then echo "/usr/sbin/svccfg import '$pp_svc_xml_file' 2>/dev/null" >> ${PKG_INSTALL_ROOT}/var/svc/profile/upgrade else' test -n "${solaris_sysv_init_start_states}" && for state in ${solaris_sysv_init_start_states}; do l="/etc/rc$state.d/$s" echo "echo '$l'" echo "installf -c run \$PKGINST \$PKG_INSTALL_ROOT$l=$file s" pp_solaris_space /etc/rc$state.d 0 1 done test -n "${solaris_sysv_init_kill_states}" && for state in ${solaris_sysv_init_kill_states}; do l="/etc/rc$state.d/$k" echo "echo '$l'" echo "installf -c run \$PKGINST \$PKG_INSTALL_ROOT$l=$file s" pp_solaris_space /etc/rc$state.d 0 1 done echo ' fi else if [ -x /usr/sbin/svcadm ]; then echo "Registering '$svc' with SMF" /usr/sbin/svcadm disable -s '$svc' 2>/dev/null /usr/sbin/svccfg delete '$svc' 2>/dev/null /usr/sbin/svccfg import '$pp_svc_xml_file' else' test -n "${solaris_sysv_init_start_states}" && for state in ${solaris_sysv_init_start_states}; do l="/etc/rc$state.d/$s" echo "echo '$l'" echo "installf -c run \$PKGINST \$PKG_INSTALL_ROOT$l=$file s" pp_solaris_space /etc/rc$state.d 0 1 done test -n "${solaris_sysv_init_kill_states}" && for state in ${solaris_sysv_init_kill_states}; do l="/etc/rc$state.d/$k" echo "echo '$l'" echo "installf -c run \$PKGINST \$PKG_INSTALL_ROOT$l=$file s" pp_solaris_space /etc/rc$state.d 0 1 done echo ' fi fi' } pp_solaris_add_parent_dirs () { typeset dir dir=${1%/*} while test -n "$dir"; do if awk "\$6 == \"$dir/\" {exit 1}" < $pp_wrkdir/%files.run; then echo "d - - - - $dir/" >> $pp_wrkdir/%files.run fi dir=${dir%/*} done } pp_platforms="$pp_platforms deb" pp_backend_deb_detect () { test -f /etc/debian_version } pp_deb_cmp_full_name () { local prefix prefix="${pp_deb_name:-$name}" case "$1" in run) echo "${prefix}" ;; dbg) echo "${prefix}-${pp_deb_dbg_pkgname}";; dev) echo "${prefix}-${pp_deb_dev_pkgname}";; doc) echo "${prefix}-${pp_deb_doc_pkgname}";; *) pp_error "unknown component '$1'"; esac } pp_backend_deb_init () { pp_deb_dpkg_version="2.0" pp_deb_name= pp_deb_version= pp_deb_release= pp_deb_arch= pp_deb_arch_std= pp_deb_maintainer="Quest Software, Inc " pp_deb_copyright= pp_deb_distro= pp_deb_control_description= pp_deb_summary= pp_deb_description= pp_deb_dbg_pkgname="dbg" pp_deb_dev_pkgname="dev" pp_deb_doc_pkgname="doc" pp_deb_section=contrib # Free software that depends on non-free software # Detect the host architecture pp_deb_detect_arch # Make sure any programs we require are installed pp_deb_check_required_programs } pp_deb_check_required_programs () { local p needed notfound ok needed= notfound= for prog in dpkg dpkg-deb install md5sum fakeroot do if which $prog 2>/dev/null >/dev/null; then pp_debug "$prog: found" else pp_debug "$prog: not found" case "$prog" in dpkg|dpkg-deb) p=dpkg;; install|md5sum) p=coreutils;; fakeroot) p=fakeroot;; *) pp_die "unexpected dpkg tool $prog";; esac notfound="$notfound $prog" pp_contains "$needed" "$p" || needed="$needed $p" fi done if [ -n "$notfound" ]; then pp_error "cannot find these programs: $notfound" pp_error "please install these packages: $needed" fi } pp_deb_munge_description () { # Insert a leading space on each line, replace blank lines with a #space followed by a full-stop. pp_deb_control_description="`echo ${pp_deb_description:-$description} | \ sed 's,^\(.*\)$, \1, ' | sed 's,^[ \t]*$, .,g' | fmt -w 80`" } pp_deb_detect_arch () { pp_deb_arch=`dpkg --print-architecture` pp_deb_arch_std=`uname -m` } pp_deb_sanitize_version() { echo "$@" | tr -d -c '[:alnum:].+-:~' } pp_deb_version_final() { if test -n "$pp_deb_version"; then # Don't sanitize; assume the user is sane (hah!) echo "$pp_deb_version" else pp_deb_sanitize_version "$version" fi } pp_deb_conflict () { local _name _vers _conflicts _conflicts="Conflicts:" while read _name _vers; do case "$_name" in ""| "#"*) continue ;; esac _conflicts="$_conflicts $_name" test -n "$_vers" && _conflicts="$_conflicts $_name (>= $vers)" _conflicts="${_conflicts}," done echo "${_conflicts%,}" } pp_deb_make_control() { local cmp="$1" local installed_size # compute the installed size installed_size=`pp_deb_files_size < $pp_wrkdir/%files.$cmp` package_name=`pp_deb_cmp_full_name "$cmp"` cat <<-. Package: ${package_name} Version: `pp_deb_version_final`-${pp_deb_release:-1} Section: ${pp_deb_section:-contrib} Priority: optional Architecture: ${pp_deb_arch} Maintainer: ${pp_deb_maintainer:-$maintainer} Description: ${pp_deb_summary:-$summary} ${pp_deb_control_description} Installed-Size: ${installed_size} . if test -s $pp_wrkdir/%depend."$cmp"; then sed -ne '/^[ ]*$/!s/^[ ]*/Depends: /p' \ < $pp_wrkdir/%depend."$cmp" fi if test -s $pp_wrkdir/%conflict."$cmp"; then pp_deb_conflict < $pp_wrkdir/%conflict."$cmp" fi } pp_deb_make_md5sums() { local cmp="$1"; shift local pkg_dir pkg_dir=$pp_wrkdir/`pp_deb_cmp_full_name $cmp` (cd $pkg_dir && md5sum "$@") > $pkg_dir/DEBIAN/md5sums || pp_error "cannot make md5sums" } pp_deb_make_package_maintainer_script() { local output="$1" local source="$2" local desc="$3" # See if we need to create this script at all if [ -s "$source" ] then # Create header cat <<-. >$output || pp_error "Cannot create $output" #!/bin/sh # $desc # Generated by PolyPackage $pp_version . cat $source >> "$output" || pp_error "Cannot append to $output" # Set perms chmod 755 "$output" || pp_error "Cannot chmod $output" fi } pp_deb_handle_services() { local svc #-- add service start/stop code if test -n "$pp_services"; then #-- record the uninstall commands in reverse order for svc in $pp_services; do pp_load_service_vars $svc # Create init script (unless one exists) pp_deb_service_make_init_script $svc #-- append %post code to install the svc test x"yes" = x"$enable" && cat<<-. >> $pp_wrkdir/%post.run case "\$1" in configure) # Install the service links update-rc.d $svc defaults ;; esac . #-- prepend %preun code to stop svc cat<<-. | pp_prepend $pp_wrkdir/%preun.run case "\$1" in remove|deconfigure|upgrade) # Stop the $svc service invoke-rc.d $svc stop ;; esac . #-- prepend %postun code to remove service cat<<-. | pp_prepend $pp_wrkdir/%postun.run case "\$1" in purge) # Remove the service links update-rc.d $svc remove ;; esac . done #pp_deb_service_remove_common | pp_prepend $pp_wrkdir/%preun.run fi } pp_deb_fakeroot () { if test -s $pp_wrkdir/fakeroot.save; then fakeroot -i $pp_wrkdir/fakeroot.save -s $pp_wrkdir/fakeroot.save "$@" else fakeroot -s $pp_wrkdir/fakeroot.save "$@" fi } pp_deb_files_size () { local t m o g f p st while read t m o g f p st; do case $t in f|s) du -k "${pp_destdir}$p";; d) echo 4;; esac done | awk '{n+=$1} END {print n}' } pp_deb_make_DEBIAN() { local cmp="${1:-run}" local data cmp_full_name local old_umask old_umask=`umask` umask 0022 cmp_full_name=`pp_deb_cmp_full_name $cmp` data=$pp_wrkdir/$cmp_full_name # Create DEBIAN dir $data/DEBIAN mkdir -p $data/DEBIAN # Create control file pp_deb_make_control $cmp > $data/DEBIAN/control # Copy in conffiles if test -f $pp_wrkdir/%conffiles.$cmp; then cp $pp_wrkdir/%conffiles.$cmp $data/DEBIAN/conffiles fi # Create preinst pp_deb_make_package_maintainer_script "$data/DEBIAN/preinst" \ "$pp_wrkdir/%pre.$cmp" "Pre-install script for $cmp_full_name"\ || exit $? # Create postinst pp_deb_make_package_maintainer_script "$data/DEBIAN/postinst" \ "$pp_wrkdir/%post.$cmp" "Post-install script for $cmp_full_name"\ || exit $? # Create prerm pp_deb_make_package_maintainer_script "$data/DEBIAN/prerm" \ "$pp_wrkdir/%preun.$cmp" "Pre-uninstall script for $cmp_full_name"\ || exit $? # Create postrm pp_deb_make_package_maintainer_script "$data/DEBIAN/postrm" \ "$pp_wrkdir/%postun.$cmp" "Post-uninstall script for $cmp_full_name"\ || exit $? umask $old_umask } pp_deb_make_data() { local _l t m o g f p st data local data share_doc owner group cmp=$1 data=$pp_wrkdir/`pp_deb_cmp_full_name $cmp` cat $pp_wrkdir/%files.${cmp} | while read t m o g f p st; do if test x"$m" = x"-"; then case "$t" in d) m=755;; f) m=644;; esac fi test x"$o" = x"-" && o=root test x"$g" = x"-" && g=root case "$t" in f) # Files pp_deb_fakeroot install -D -o $o -g $g -m ${m} $pp_destdir/$p $data/$p; if [ x"$f" = x"v" ] then # File marked as "volatile". Assume this means it's a conffile # TODO: check this as admins like modified conffiles to be left # behind echo "$p" >> $pp_wrkdir/%conffiles.$cmp fi;; d) # Directories pp_deb_fakeroot install -m ${m} -o $o -g $g -d $data/$p;; s) # Symlinks # Remove leading / from vars rel_p=`echo $p | sed s,^/,,` rel_st=`echo $st | sed s,^/,,` # TODO: we are always doing absolute links here. We should follow # the debian policy of relative links when in the same top-level # directory (cd $data; ln -sf $st $rel_p);; *) pp_error "Unsupported data file type: $t";; esac done # If no copyright file is present add one. This is a debian requirement. share_doc="/usr/share/doc/`pp_deb_cmp_full_name $cmp`" if [ ! -f "$data/$share_doc/copyright" ] then echo "${pp_deb_copyright:-$copyright}" > "$pp_wrkdir/copyright" install -D -m 644 "$pp_wrkdir/copyright" "$data/$share_doc/copyright" fi } pp_deb_makedeb () { local cmp local package_build_dir cmp="$1" package_build_dir=$pp_wrkdir/`pp_deb_cmp_full_name $cmp` # Create package dir mkdir -p $package_build_dir # Copy in data pp_deb_make_data $cmp || pp_die "Could not make DEBIAN data files for $cmp" # Make control files # must be done after copying data so conffiles are found pp_deb_make_DEBIAN $cmp || pp_die "Could not make DEBIAN control files for $cmp" # Create md5sums pp_deb_make_md5sums $cmp `(cd $package_build_dir; find . -name DEBIAN -prune -o -type f -print | sed "s,^\./,,")` || pp_die "Could not make DEBIAN md5sums for $cmp" } pp_backend_deb () { local debname # Munge description for control file inclusion pp_deb_munge_description # Handle services pp_deb_handle_services $cmp for cmp in $pp_components do debname=`pp_deb_name $cmp` pp_deb_makedeb $cmp done . $pp_wrkdir/%fixup for cmp in $pp_components do debname=`pp_deb_name $cmp` # Create debian package pp_debug "Building `pp_deb_cmp_full_name $cmp` -> $output" pp_deb_fakeroot dpkg-deb \ --build $pp_wrkdir/`pp_deb_cmp_full_name $cmp` \ $pp_wrkdir/$debname || pp_error "failed to create $cmp package" done } pp_backend_deb_cleanup () { # rm -rf $pp_wrkdir : } pp_deb_name () { local cmp="${1:-run}" echo `pp_deb_cmp_full_name $cmp`"_"`pp_deb_version_final`"-${pp_deb_release:-1}_${pp_deb_arch}.deb" } pp_backend_deb_names () { for cmp in $pp_components do pp_deb_name $cmp done } pp_backend_deb_install_script () { local cmp _cmp_full_name echo "#!/bin/sh" pp_install_script_common cat <<. cmp_to_pkgname () { test x"\$*" = x"all" && set -- $pp_components for cmp do case \$cmp in . for cmp in $pp_components; do echo "$cmp) echo '`pp_deb_cmp_full_name $cmp`';;" done cat <<. *) usage;; esac done } cmp_to_pathname () { test x"\$*" = x"all" && set -- $pp_components for cmp do case \$cmp in . for cmp in $pp_components; do echo "$cmp) echo \${PP_PKGDESTDIR:-.}/'`pp_deb_name $cmp`';;" done cat <<. *) usage;; esac done } test \$# -eq 0 && usage op="\$1"; shift case "\$op" in list-components) test \$# -eq 0 || usage \$op echo $pp_components ;; list-services) test \$# -eq 0 || usage \$op echo $pp_services ;; list-files) test \$# -ge 1 || usage \$op cmp_to_pathname "\$@" ;; install) test \$# -ge 1 || usage \$op dpkg --install \`cmp_to_pathname "\$@"\` ;; uninstall) test \$# -ge 1 || usage \$op dpkg --remove \`cmp_to_pkgname "\$@"\`; : ;; start|stop) test \$# -ge 1 || usage \$op ec=0 for svc do /etc/init.d/\$svc \$op || ec=1 done exit \$ec ;; print-platform) test \$# -eq 0 || usage \$op echo "linux-${pp_deb_arch}" ;; *) usage ;; esac . } pp_backend_deb_probe() { local arch distro release pp_deb_detect_arch # /etc/debian_version exists on Debian & Ubuntu, so it's no use # to us. Use lsb_release instead. case `(lsb_release -is || echo no-lsb) 2>/dev/null` in Debian) distro=deb ;; Ubuntu) distro=ubu ;; no-lsb) echo unknown-$pp_deb_arch_std return 0 ;; *) distro=unknown ;; esac release=`lsb_release -rs` # If release is not numeric, use the codename case $release in *[!.0-9r]*) release=`lsb_release -cs` case $release in buzz) release="11" ;; rex) release="12" ;; bo) release="13" ;; hamm) release="20" ;; slink) release="21" ;; potato) release="22" ;; woody) release="30" ;; sarge) release="31" ;; etch) release="40" ;; lenny) release="50" ;; squeeze) release="60" ;; esac ;; *) # Remove trailing revision number and any dots release=`echo $release | cut -dr -f1 | tr -d .` ;; esac echo $distro$release-$pp_deb_arch_std } pp_backend_deb_vas_platforms () { case "$pp_deb_arch_std" in x86_64) echo "linux-x86_64.deb";; # DO NOT add linux-x86.deb here!! *86) echo "linux-x86.deb";; *) pp_die "unknown architecture ${pp_deb_arch_std}";; esac } pp_backend_deb_init_svc_vars () { reload_signal= start_runlevels=${pp_deb_default_start_runlevels-"2 3 4 5"} # == lsb default-start stop_runlevels=${pp_deb_default_stop_runlevels-"0 1 6"} # == lsb default-stop svc_description="${pp_deb_default_svc_description}" # == lsb short descr svc_process= lsb_required_start='$local_fs $network' lsb_should_start= lsb_required_stop='$local_fs' lsb_description= start_priority=50 stop_priority=50 #-- stop_priority = 100 - start_priority } pp_deb_service_make_init_script () { local svc=$1 local script=/etc/init.d/$svc local out=$pp_destdir$script local _process _cmd pp_add_file_if_missing $script run 755 v || return 0 #-- start out as an empty shell script cat <<-'.' >$out #!/bin/sh . #-- determine the process name from $cmd unless $svc_process is given set -- $cmd #_process=${svc_process:-"$1"} --? WTF #-- construct a start command that builds a pid file if needed #-- the command name in /proc/[pid]/stat is limited to 15 characters _cmd="$cmd"; _cmd_path=`echo $cmd | cut -d" " -f1` _cmd_name=`basename $_cmd_path | cut -c1-15` _cmd_args=`echo $cmd | cut -d" " -f2-` test x"$_cmd_path" != x"$_cmd_args" || _cmd_args= #-- generate the LSB init info cat <<-. >>$out ### BEGIN INIT INFO # Provides: ${svc} # Required-Start: ${lsb_required_start} # Should-Start: ${lsb_should_start} # Required-Stop: ${lsb_required_stop} # Default-Start: ${start_runlevels} # Default-Stop: ${stop_runlevels} # Short-Description: ${svc_description:-no description} ### END INIT INFO # Generated by PolyPackage ${pp_version} # ${copyright} . if test x"${svc_description}" = x"${pp_deb_default_svc_description}"; then svc_description= fi #-- write service-specific definitions cat <<. >>$out NAME="${_cmd_name}" DESC="${svc_description:-$svc service}" USER="${user}" GROUP="${group}" PIDFILE="${pidfile}" STOP_SIGNAL="${stop_signal}" RELOAD_SIGNAL="${reload_signal}" CMD="${_cmd}" DAEMON="${_cmd_path}" DAEMON_ARGS="${_cmd_args}" SCRIPTNAME=${script} . #-- write the generic part of the init script cat <<'.' >>$out [ -x "$DAEMON" ] || exit 0 [ -r /etc/default/$NAME ] && . /etc/default/$NAME [ -f /etc/default/rcS ] && . /etc/default/rcS . /lib/lsb/init-functions do_start() { # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started if [ -n "$PIDFILE" ] then pidfile_opt="--pidfile $PIDFILE" else pidfile_opt="--make-pidfile --background --pidfile /var/run/$NAME.pid" fi if [ -n "$USER" ] then user_opt="--user $USER" fi if [ -n "$GROUP" ] then group_opt="--group $GROUP" fi start-stop-daemon --start --quiet $pidfile_opt $user_opt --exec $DAEMON --test > /dev/null \ || return 1 # Note: there seems to be no way to tell whether the daemon will fork itself or not, so pass # --background for now start-stop-daemon --start --quiet $pidfile_opt $user_opt --exec $DAEMON -- \ $DAEMON_ARGS \ || return 2 } do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred if [ -n "$PIDFILE" ] then pidfile_opt="--pidfile $PIDFILE" else pidfile_opt="--pidfile /var/run/$NAME.pid" fi if [ -n "$USER" ] then user_opt="--user $USER" fi if [ -n $STOP_SIGNAL ] then signal_opt="--signal $STOP_SIGNAL" fi start-stop-daemon --stop --quiet $signal_opt --retry=TERM/30/KILL/5 $pidfile_opt --name $NAME RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Wait for children to finish too if this is a daemon that forks # and if the daemon is only ever run from this initscript. # If the above conditions are not satisfied then add some other code # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON [ "$?" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. test -z $PIDFILE || rm -f $PIDFILE return "$RETVAL" } do_reload() { # # If the daemon can reload its configuration without # restarting (for example, when it is sent a SIGHUP), # then implement that here. # if [ -n "$PIDFILE" ] then pidfile_opt="--pidfile $PIDFILE" else pidfile_opt="--pidfile /var/run/$NAME.pid" fi if [ -n "$RELOAD_SIGNAL" ] then start-stop-daemon --stop --signal $RELOAD_SIGNAL --quiet $pidfile_opt --name $NAME fi return 0 } case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; reload|force-reload) if [ -n "$RELOAD_SIGNAL" ] then log_daemon_msg "Reloading $DESC" "$NAME" do_reload log_end_msg $? else # Do a restart instead "$0" restart fi ;; restart) # # If the "reload" option is implemented then remove the # 'force-reload' alias # log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 exit 3 ;; esac : . chmod 755 $out } pp_backend_deb_function() { case "$1" in pp_mkgroup) cat<<'.';; /usr/sbin/groupmod "$1" 2>/dev/null && return 0 /usr/sbin/groupadd "$1" . pp_mkuser:depends) echo pp_mkgroup;; pp_mkuser) cat<<'.';; pp_tmp_system= id -u "$1" >/dev/null 2>/dev/null && return 0 # deb 3.1's useradd changed API in 4.0. Gah! /usr/sbin/useradd --help 2>&1 | /bin/grep -q .--system && pp_tmp_system=--system pp_mkgroup "${2:-$1}" || return 1 /usr/sbin/useradd \ -g "${2:-$1}" \ -d "${3:-/nonexistent}" \ -s "${4:-/bin/false}" \ $pp_tmp_system \ "$1" . pp_havelib) cat<<'.';; for pp_tmp_dir in `echo "/usr/lib:/lib${3:+:$3}" | tr : ' '`; do test -r "$pp_tmp_dir/lib$1.so{$2:+.$2}" && return 0 done return 1 . *) false;; esac } pp_platforms="$pp_platforms kit" pp_backend_kit_detect () { test x"$1" = x"OSF1" } pp_backend_kit_init () { pp_kit_name= pp_kit_package= pp_kit_desc= pp_kit_version= pp_kit_subset= pp_readlink_fn=pp_ls_readlink pp_kit_startlevels="2 3" pp_kit_stoplevels="0 2 3" } pp_backend_kit () { typeset mi_file k_file svc outfile typeset desc pp_backend_kit_names > /dev/null if test -z "$pp_kit_desc"; then pp_kit_desc="$description" fi mi_file="$pp_wrkdir/$pp_kit_subset.mi" k_file="$pp_wrkdir/$pp_kit_subset.k" scp_file="$pp_wrkdir/$pp_kit_subset.scp" desc="${pp_kit_desc:-$description}" cat <<-. >> $k_file NAME='$name' CODE=$pp_kit_name VERS=$pp_kit_version MI=$mi_file COMPRESS=0 %% $pp_kit_subset . 0 '$desc' . if test -n "$pp_services"; then for svc in $pp_services; do pp_kit_make_service $svc pp_prepend $pp_wrkdir/%preun.run <<-. /sbin/init.d/$svc stop . done fi pp_backend_kit_make_mi "$mi_file" pp_backend_kit_make_scp #rm -rf $pp_wrkdir/kit_dest mkdir -p $pp_wrkdir/kit_dest pp_backend_kit_kits $k_file $pp_opt_destdir $pp_wrkdir/kit_dest tar cvf $pp_wrkdir/$pp_kit_subset.tar -C $pp_wrkdir/kit_dest . gzip -c $pp_wrkdir/$pp_kit_subset.tar > $pp_wrkdir/$pp_kit_subset.tar.gz #rm -rf $pp_wrkdir/$pp_kit_subset.tar $pp_wrkdir/scps } pp_backend_kit_make_mi () { # XXX this information should go into the .inv files typeset t m o g f p st line dm while read t m o g f p st; do case $t in f|d) echo "0 .$p $pp_kit_subset" echo " chmod $m $p" >> $pp_wrkdir/%post.run if [ x"$o" = x"-" ] ; then echo " chown root $p" >> $pp_wrkdir/%post.run else echo " chown $o $p" >> $pp_wrkdir/%post.run fi if [ x"$g" = x"-" ] ; then echo " chgrp 0 $p" >> $pp_wrkdir/%post.run else echo " chgrp $g $p" >> $pp_wrkdir/%post.run fi ;; s) echo " ln -s $st $p" >> $pp_wrkdir/%post.run echo " rm -f $p" >> $pp_wrkdir/%preun.run ;; esac done < $pp_wrkdir/%files.run | sort -k3 |uniq > $1 } pp_backend_kit_make_scp () { scpdir="$pp_wrkdir/scps" mkdir "$scpdir" && touch "$scpdir"/$pp_kit_subset.scp cat <"$scpdir"/$pp_kit_subset.scp . /usr/share/lib/shell/libscp case "\$ACT" in PRE_L) STL_ScpInit ;; POST_L) STL_ScpInit STL_LinkCreate EOF cat $pp_wrkdir/%post.run >>"$scpdir"/$pp_kit_subset.scp cat >>"$scpdir"/$pp_kit_subset.scp <>"$scpdir"/$pp_kit_subset.scp cat >>"$scpdir"/$pp_kit_subset.scp </dev/null || /usr/sbin/groupadd $1 . pp_mkuser) cat <<'.';; eval user=\$$# grep "^$user:" /etc/passwd >/dev/null || /usr/sbin/useradd -s /usr/bin/false "$@" . pp_havelib) cat <<'.';; for dir in `echo /usr/lib${3+:$3} | tr : ' '`; do test -r "$dir/lib$1.${2-sl}" && return 0 done return 1 . *) pp_error "unknown function request: $1";; esac } pp_backend_kit_init_svc_vars () { : } pp_backend_kit_probe () { echo tru64-`uname -r | sed 's/V\([0-9]*\)\.\([0-9]*\)/\1\2/'` } pp_kit_service_group_script () { typeset grp svcs scriptpath out grp="$1" svcs="$2" scriptpath="/sbin/init.d/$grp" out="$pp_destdir$scriptpath" pp_add_file_if_missing $scriptpath run 755 || return 0 cat <<-. > $out #!/sbin/sh # generated by pp $pp_version svcs="$svcs" . cat <<-'.' >> $out #-- starts services in order.. stops them all if any break pp_start () { undo= for svc in $svcs; do /sbin/init.d/$svc start case $? in 0|4) undo="$svc $undo" ;; *) if test -n "$undo"; then for svc in $undo; do /sbin/init.d/$svc stop done return 1 fi ;; esac done return 0 } #-- stops services in reverse pp_stop () { reverse= for svc in $svcs; do reverse="$svc $reverse" done rc=0 for svc in $reverse; do /sbin/init.d/$svc stop || rc=$? done return $rc } case "$1" in start_msg) echo "Starting $svcs";; stop_msg) echo "Stopping $svcs";; start) pp_start;; stop) pp_stop;; *) echo "usage: $0 {start|stop|start_msg|stop_msg}" exit 1;; esac . } pp_kit_service_script () { typeset svc scriptpath out svc="$1" scriptpath="/sbin/init.d/$svc" pp_load_service_vars "$svc" test -n "$user" -a x"$user" != x"root" && cmd="SHELL=/usr/bin/sh /usr/bin/su $user -c \"exec `echo $cmd | sed -e 's,[$\\\`],\\&,g'`\"" if test -z "$pidfile"; then pidfile="/var/run/$svc.pid" cmd="$cmd & echo \$! > \$pidfile" fi pp_add_file_if_missing $scriptpath run 755 cat <<-. > $pp_destdir$scriptpath svc="$svc" pidfile="$pidfile" pp_start () { $cmd } . cat <<-'.' >>$pp_destdir$scriptpath pp_stop () { if test ! -s "$pidfile"; then echo "Unable to stop $svc (no pid file)" return 1 else read pid < "$pidfile" if kill -0 "$pid" 2>/dev/null; then if kill -${stop_signal:-TERM} "$pid"; then rm -f "$pidfile" return 0 else echo "Unable to stop $svc" return 1 fi else rm -f "$pidfile" return 0 fi fi } pp_running () { if test ! -s "$pidfile"; then return 1 else read pid < "$pidfile" kill -0 "$pid" 2>/dev/null fi } case "$1" in start_msg) echo "Starting the $svc service";; stop_msg) echo "Stopping the $svc service";; start) if pp_running; then echo "$svc already running"; exit 0 elif pp_start; then echo "$svc started"; # rc(1M) says we should exit 4, but nobody expects it! exit 0 else exit 1 fi ;; stop) if pp_stop; then echo "$svc stopped"; exit 0 else exit 1 fi ;; *) echo "usage: $0 {start|stop|start_msg|stop_msg}" exit 1 ;; esac . } pp_kit_make_service () { typeset level priority startlevels stoplevels typeset svc svcvar svc="$1" svcvar=`pp_makevar $svc` #-- don't do anything if the script exists if test -s "$pp_destdir/sbin/init.d/$svc"; then pp_error "$pp_destdir/sbin/init.d/$svc exists" return fi # symlink the script, depending on the priorities chosen eval priority='${pp_kit_priority_'$svcvar'}' test -z "$priority" && priority="${pp_kit_priority:-50}" eval startlevels='${pp_kit_startlevels_'$svcvar'}' test -z "$startlevels" && startlevels="$pp_kit_startlevels" eval stoplevels='${pp_kit_stoplevels_'$svcvar'}' test -z "$stoplevels" && stoplevels="$pp_kit_stoplevels" # create the script and config file pp_kit_service_script $svc # fix the priority up case "$priority" in ???) :;; ??) priority=0$priority;; ?) priority=00$priority;; esac if test x"$stoplevels" = x"auto"; then stoplevels= test -z "$startlevels" || for level in $startlevels; do stoplevels="$stoplevels `expr $level - 1`" done fi # create the symlinks test -z "$startlevels" || for level in $startlevels; do echo " ln -s /sbin/init.d/$svc /sbin/rc$level.d/S$priority$svc" >>$pp_wrkdir/%post.run echo " rm /sbin/rc$level.d/S$priority$svc" >>$pp_wrkdir/%preun.run done test -z "$stoplevels" || for level in $stoplevels; do echo " ln -s /sbin/init.d/$svc /sbin/rc$level.d/K$priority$svc" >>$pp_wrkdir/%post.run echo " rm -f /sbin/rc$level.d/K$priority$svc" >>$pp_wrkdir/%preun.run done } pp_backend_kit_sizes () { awk ' BEGIN { root = usr = var = 0; } { if (substr($9, 1, 1) != "l") if (substr($10, 1, 6) == "./var/") var += $2; else if (substr($10, 1, 10) == "./usr/var/") var += $2 else if (substr($10, 1, 6) == "./usr/") usr += $2 else root += $2 } END { printf "%d\t%d\t%d", root, usr, var } ' "$@" } pp_kit_kits_global () { line=`sed -n '/^%%/q;/^'$2'=/{s/^'$2'=//p;q;}' <"$1"` test -z "$line" && return 1 eval "echo $line" : } pp_backend_kit_kits () { typeset KITFILE FROMDIR TODIR typeset SCPDIR SCPDIR="$pp_wrkdir/scps" PATH="/usr/lbin:/usr/bin:/etc:/usr/ucb:$PATH"; export PATH # XXX #umask 2 # XXX test $# -ge 3 || pp_die "pp_backend_kit_kits: too few arguments" KITFILE="$1"; shift FROMDIR="$1"; shift TODIR="$1"; shift test -f "$KITFILE" || pp_die "$KITFILE not found" test -d "$FROMDIR" || pp_die "$FROMDIR not found" test -d "$TODIR" || pp_die "$TODIR not found" INSTCTRL="$TODIR/instctrl" mkdir -p "$INSTCTRL" || pp_die "cannot create instctrl directory" chmod 775 "$INSTCTRL" grep "%%" $KITFILE > /dev/null || pp_die "no %% in $KITFILE" typeset NAME CODE VERS MI ROOT COMPRESS typeset S_LIST ALLSUBS NAME=`pp_kit_kits_global "$KITFILE" NAME` || pp_die "no NAME in $KITFILE" CODE=`pp_kit_kits_global "$KITFILE" CODE` || pp_die "no CODE in $KITFILE" VERS=`pp_kit_kits_global "$KITFILE" VERS` || pp_die "no VERS in $KITFILE" MI=`pp_kit_kits_global "$KITFILE" MI` || pp_die "no MI in $KITFILE" ROOT=`pp_kit_kits_global "$KITFILE" ROOT` COMPRESS=`pp_kit_kits_global "$KITFILE" COMPRESS` test -f "$MI" || pp_die "Inventory file $MI not found" case "$ROOT" in *ROOT) test -f "$TODIR/$ROOT" || pp_die "Root image $ROOT not found in $TODIR" ;; esac ALLSUBS=`awk 'insub==1 {print $1} /^%%/ {insub=1}' <"$KITFILE"` test $# -eq 0 && set -- $ALLSUBS pp_debug "Creating $# $NAME subsets." pp_debug "ALLSUBS=<$ALLSUBS>" if test x"$COMPRESS" = x"1"; then COMPRESS=: else COMPRESS=false fi #rm -f *.ctrl Volume* for SUB do test -z "$SUB" && pp_die "SUB is empty" typeset INV CTRL ROOTSIZE USRSIZE VARSIZE TSSUB #rm -f Volume* case $SUB in .*) :;; *) pp_verbose rm -f "$TODIR/$SUB"* "$INSTCTRL/$SUB"*;; esac TSSUB="$pp_wrkdir/ts.$SUB" pp_debug "kits: Subset $SUB" INV="$SUB.inv" CTRL="$SUB.ctrl" pp_debug "kits: Generating media creation information..." # Invcutter takes as input # SUB dir/path # and generates stl_inv(4) files, like this # f 0 00000 0 0 100644 2/11/09 010 f dir/path none SUB grep " $SUB\$" "$MI" | pp_verbose /usr/lbin/invcutter \ -v "$VERS" -f "$FROMDIR" > "$INSTCTRL/$INV" || pp_die "failed to create $INSTCTRL/$INV" chmod 664 "$INSTCTRL/$INV" pp_backend_kit_sizes "$INSTCTRL/$INV" > "$pp_wrkdir/kit.sizes" read ROOTSIZE USRSIZE VARSIZE < "$pp_wrkdir/kit.sizes" # Prefix each line with $FROMDIR. This will be stripped awk '$1 != "d" {print from $10}' from="$FROMDIR/" \ > "$TSSUB" < "$INSTCTRL/$INV" || pp_die "failed" NVOLS=0 pp_debug "kits: Creating $SUB control file..." sed '1,/^%%/d;/^'"$SUB"'/{p;q;}' < "$KITFILE" > "$pp_wrkdir/kit.line" read _SUB _IGNOR DEPS FLAGS DESC < "$pp_wrkdir/kit.line" if test -z "$_SUB"; then pp_warn "No such subset $SUB in $KITFILE" continue fi DEPS=`echo $DEPS | tr '|' ' '` case $FLAGS in FLGEXP*) pp_verbose FLAGS='"${'"$FLAGS"'}"' ;; esac case $DESC in *%*) DESC=`echo $DESC|awk -F% '{printf "%-36s%%%s\n", $1, $2}'`;; esac cat > "$INSTCTRL/$CTRL" <<-. NAME='$NAME $SUB' DESC=$DESC ROOTSIZE=$ROOTSIZE USRSIZE=$USRSIZE VARSIZE=$VARSIZE NVOLS=1:$NVOLS MTLOC=1:$TLOC DEPS="$DEPS" FLAGS=$FLAGS . chmod 664 "$INSTCTRL/$CTRL" pp_debug "kits: Making tar image" pp_verbose tar cfPR "$TODIR/$SUB" "$FROMDIR/" "$TSSUB" || pp_error "problem creating kit file" if $COMPRESS; then pp_debug "kits: Compressing" (cd "$TODIR" && compress -f -v "$SUB") || pp_die "problem compressing $TODIR/$SUB" SPC=`expr $SUB : '\(...\).*'` # first three characters SVC=`expr $SUB : '.*\(...\)'` # last three characters : > "$INSTCTRL/$SPC$SVC.comp" chmod 664 "$INSTCTRL/$SPC$SVC.comp" pp_debug "kits: Padding compressed file to 10kB" # wtf? rm -f "$TODIR/$SUB" pp_verbose \ dd if="$TODIR/$SUB.Z" of="$TODIR/$SUB" bs=10k conv=sync || pp_die "problem moving compressed file" rm -f "$TODIR/$SUB.Z" fi chmod 664 "$TODIR/$SUB" if test -f "$SCPDIR/$SUB.scp"; then cp "$SCPDIR/$SUB.scp" "$INSTCTRL/$SUB.scp" chmod 755 "$INSTCTRL/$SUB.scp" else pp_debug "kits: null subset control program for $SUB" : > "$INSTCTRL/$SUB.scp" chmod 744 "$INSTCTRL/$SUB.scp" fi pp_debug "kits: Finished creating media image for $SUB" done pp_debug "kits: Creating $CODE.image" case "$ROOT" in *ROOT) ALLSUBS="$ROOT $ALLSUBS" ;; esac (cd "$TODIR" && sum $ALLSUBS) > "$INSTCTRL/$CODE.image" chmod 664 "$INSTTRL/$CODE.image" pp_debug "kits: Creating INSTCTRL" (cd "$INSTCTRL" && tar cpvf - *) > "$TODIR/INSTCTRL" chmod 664 "$TODIR/INSTCTRL" cp "$INSTCTRL/$CODE.image" "$TODIR/$CODE.image" chmod 664 "$TODIR/$CODE.image" pp_debug "kits: Media image production complete" } pp_platforms="$pp_platforms rpm" pp_backend_rpm_detect () { test x"$1" = x"Linux" -a ! -f /etc/debian_version } pp_backend_rpm_init () { pp_rpm_version= pp_rpm_summary= pp_rpm_description= pp_rpm_group="Applications/Internet" pp_rpm_license="Unspecified" pp_rpm_vendor= pp_rpm_url= pp_rpm_packager= pp_rpm_provides= pp_rpm_requires= pp_rpm_release= pp_rpm_epoch= pp_rpm_dev_group="Development/Libraries" pp_rpm_dbg_group="Development/Tools" pp_rpm_doc_group="Documentation" pp_rpm_dev_description= pp_rpm_dbg_description= pp_rpm_doc_description= pp_rpm_dev_requires= pp_rpm_dbg_requires= pp_rpm_doc_requires= pp_rpm_dev_provides= pp_rpm_dbg_provides= pp_rpm_doc_provides= pp_rpm_dbg_pkgname=debug pp_rpm_dev_pkgname=devel pp_rpm_doc_pkgname=doc pp_rpm_defattr_uid=root pp_rpm_defattr_gid=root pp_rpm_detect_arch pp_rpm_detect_distro pp_rpm_rpmbuild=`pp_rpm_detect_rpmbuild` # SLES8 doesn't always come with readlink test -x /usr/bin/readlink -o -x /bin/readlink || pp_readlink_fn=pp_ls_readlink } pp_rpm_detect_arch () { pp_rpm_arch=auto #-- Find the default native architecture that RPM is configured to use cat <<-. >$pp_wrkdir/dummy.spec Name: dummy Version: 1 Release: 1 Summary: dummy Group: ${pp_rpm_group} License: ${pp_rpm_license} %description dummy . $pp_opt_debug && cat $pp_wrkdir/dummy.spec pp_rpm_arch_local=`rpm -q --qf '%{arch}\n' --specfile $pp_wrkdir/dummy.spec` rm $pp_wrkdir/dummy.spec #-- Ask the kernel what machine architecture is in use local arch for arch in "`uname -m`" "`uname -p`"; do case "$arch" in i?86) pp_rpm_arch_std=i386 break ;; x86_64|ppc|ppc64|ia64|s390|s390x) pp_rpm_arch_std="$arch" break ;; powerpc) # Probably AIX case "`/usr/sbin/lsattr -El proc0 -a type -F value`" in PowerPC_POWER*) pp_rpm_arch_std=ppc64;; *) pp_rpm_arch_std=ppc;; esac break ;; *) pp_rpm_arch_std=unknown ;; esac done #-- Later on, when files are processed, we use 'file' to determine # what platform ABIs are used. This is used when pp_rpm_arch == auto pp_rpm_arch_seen= } pp_rpm_detect_distro () { pp_rpm_distro= if test -f /etc/whitebox-release; then pp_rpm_distro=`awk ' /^White Box Enterprise Linux release/ { print "wbel" $6; exit; } ' /etc/whitebox-release` elif test -f /etc/mandrakelinux-release; then pp_rpm_distro=`awk ' /^Mandrakelinux release/ { print "mand" $3; exit; } ' /etc/mandrake-release` elif test -f /etc/mandrake-release; then pp_rpm_distro=`awk ' /^Linux Mandrake release/ { print "mand" $4; exit; } /^Mandrake Linux release/ { print "mand" $4; exit; } ' /etc/mandrake-release` elif test -f /etc/fedora-release; then pp_rpm_distro=`awk ' /^Fedora Core release/ { print "fc" $4; exit; } /^Fedora release/ { print "f" $3; exit; } ' /etc/fedora-release` elif test -f /etc/redhat-release; then pp_rpm_distro=`awk ' /^Red Hat Enterprise Linux/ { print "rhel" $7; exit; } /^CentOS release/ { print "centos" $3; exit; } /^CentOS Linux release/ { print "centos" $4; exit; } /^Red Hat Linux release/ { print "rh" $5; exit; } ' /etc/redhat-release` elif test -f /etc/SuSE-release; then pp_rpm_distro=`awk ' /^SuSE Linux [0-9]/ { print "suse" $3; exit; } /^SUSE LINUX [0-9]/ { print "suse" $3; exit; } /^openSUSE [0-9]/ { print "suse" $2; exit; } /^S[uU]SE Linux Enterprise Server [0-9]/ { print "sles" $5; exit; } /^S[uU]SE LINUX Enterprise Server [0-9]/ { print "sles" $5; exit; } /^SuSE SLES-[0-9]/ { print "sles" substr($2,6); exit; } ' /etc/SuSE-release` elif test -f /etc/pld-release; then pp_rpm_distro=`awk ' /^[^ ]* PLD Linux/ { print "pld" $1; exit; } ' /etc/pld-release` elif test X"`uname -s 2>/dev/null`" = X"AIX"; then local r v r=`uname -r` v=`uname -v` pp_rpm_distro="aix$v$r" fi pp_rpm_distro=`echo $pp_rpm_distro | tr -d .` test -z "$pp_rpm_distro" && pp_warn "unknown distro" } pp_rpm_detect_rpmbuild () { local cmd for cmd in rpmbuild rpm; do if `which $cmd > /dev/null 2>&1`; then echo $cmd return 0 fi done pp_error "Could not find rpmbuild" # Default to `rpmbuild` in case it magically appears echo rpmbuild return 1 } pp_rpm_label () { local label arg label="$1"; shift for arg do test -z "$arg" || echo "$label: $arg" done } pp_rpm_writefiles () { local _l t m o g f p st fo farch while read t m o g f p st; do _l="$p" test $t = d && _l="%dir ${_l%/}/" if test x"$m" = x"-"; then case "$t" in d) m=755;; f) m=644;; esac fi test x"$o" = x"-" && o="${pp_rpm_defattr_uid:-root}" test x"$g" = x"-" && g="${pp_rpm_defattr_gid:-root}" _l="%attr($m,$o,$g) $_l" if test "$t" = "f" -a x"$pp_rpm_arch" = x"auto"; then fo=`file "${pp_destdir}$p" 2>/dev/null` #NB: The following should match executables and shared objects, #relocatable objects. It will not match .a files however. case "$fo" in *": ELF 32-bit LSB "*", Intel 80386"*) farch=i386;; *": ELF 64-bit LSB "*", AMD x86-64"*|\ *": ELF 64-bit LSB "*", x86-64"*) farch=x86_64;; *": ELF 32-bit MSB "*", PowerPC"*) farch=ppc;; *": ELF 64-bit MSB "*", 64-bit PowerPC"*) farch=ppc64;; *": ELF 64-bit LSB "*", IA-64"*) farch=ia64;; *": ELF 32-bit MSB "*", IBM S/390"*) farch=s390;; *": ELF 64-bit MSB "*", IBM S/390"*) farch=s390x;; *"executable (RISC System/6000)"*) farch=ppc;; *"64-bit XCOFF executable"*) farch=ppc64;; *" ELF "*) farch=ELF;; *) farch=noarch;; esac # If file(1) doesn't provide enough info, try readelf(1) if test "$farch" = "ELF"; then fo=`readelf -h "${pp_destdir}$p" | awk '{if ($1 == "Class:") {class=$2} else if ($1 == "Machine:") {machine=$0; sub(/^ *Machine: */, "", machine)}} END {print class " " machine}' 2>/dev/null` case "$fo" in "ELF32 Intel 80386") farch=i386;; "ELF64 "*[xX]"86-64") farch=x86_64;; "ELF32 PowerPC") farch=ppc;; "ELF64 PowerPC"*) farch=ppc64;; "ELF64 IA-64") farch=ia64;; "ELF32 IBM S/390") farch=s390;; "ELF64 IBM S/390") farch=s390x;; *) farch=noarch;; esac fi pp_debug "file: $fo -> $farch" test x"$farch" = x"noarch" || pp_add_to_list pp_rpm_arch_seen $farch fi case $f in *v*) _l="%config(noreplace) $_l";; esac echo "$_l" done echo } pp_rpm_subname () { case "$1" in run) : ;; dbg) echo "${2}${pp_rpm_dbg_pkgname}";; dev) echo "${2}${pp_rpm_dev_pkgname}";; doc) echo "${2}${pp_rpm_doc_pkgname}";; *) pp_error "unknown component '$1'"; esac } pp_rpm_depend () { local _name _vers while read _name _vers; do case "$_name" in ""| "#"*) continue ;; esac echo "Requires: $_name ${_vers:+>= $_vers}" done } pp_rpm_conflict () { local _name _vers while read _name _vers; do case "$_name" in ""| "#"*) continue ;; esac echo "Conflicts: $_name ${_vers:+>= $_vers}" done } pp_rpm_override_requires () { local orig_find_requires if test -z "$pp_rpm_depend_filter_cmd"; then return 0 fi orig_find_requires=`rpm --eval '%{__find_requires}'` cat << EOF > "$pp_wrkdir/filtered-find-requires" $orig_find_requires \$@ | $pp_rpm_depend_filter_cmd EOF chmod +x "$pp_wrkdir/filtered-find-requires" echo "%define __find_requires $pp_wrkdir/filtered-find-requires" # Might be necessary for old versions of RPM? Not for 4.4.2. #echo "%define _use_internal_dependency_generator 0" } pp_backend_rpm () { local cmp specfile _summary _group _desc _pkg _subname svc specfile=$pp_wrkdir/$name.spec : > $specfile #-- force existence of a 'run' component pp_add_component run : >> $pp_wrkdir/%files.run if test -z "$pp_rpm_arch"; then pp_error "Unknown RPM architecture" return 1 fi #-- Write the header components of the RPM spec file cat <<-. >>$specfile Name: ${pp_rpm_name:-$name} Version: ${pp_rpm_version:-$version} Release: ${pp_rpm_release:-1} Summary: ${pp_rpm_summary:-$summary} Group: ${pp_rpm_group} License: ${pp_rpm_license} . if test -n "$pp_rpm_url"; then pp_rpm_label "URL" "$pp_rpm_url" >>$specfile fi pp_rpm_label "Vendor" "${pp_rpm_vendor:-$vendor}" >>$specfile pp_rpm_label "Packager" "$pp_rpm_packager" >>$specfile pp_rpm_label "Provides" "$pp_rpm_provides" >>$specfile pp_rpm_label "Requires" "$pp_rpm_requires" >>$specfile test -n "$pp_rpm_serial" && pp_warn "pp_rpm_serial deprecated" if test -n "$pp_rpm_epoch"; then #-- Epoch was introduced in RPM 2.5.6 case `$pp_rpm_rpmbuild --version 2>/dev/null` in 1.*|2.[0-5].*|2.5.[0-5]) pp_rpm_label "Serial" $pp_rpm_epoch >>$specfile;; *) pp_rpm_label "Epoch" $pp_rpm_epoch >>$specfile;; esac fi if test -n "$pp_rpm_requires"; then pp_rpm_label "Requires" "$pp_rpm_requires" >>$specfile elif test -s $pp_wrkdir/%depend.run; then pp_rpm_depend < $pp_wrkdir/%depend.run >> $specfile fi if test -s $pp_wrkdir/%conflict.run; then pp_rpm_conflict < $pp_wrkdir/%conflict.run >> $specfile fi pp_rpm_override_requires >> $specfile cat <<-. >>$specfile %description ${pp_rpm_description:-$description} . for cmp in $pp_components; do case $cmp in run) continue;; dev) _summary="development tools for $pp_rpm_summary" _group="$pp_rpm_dev_group" _desc="${pp_rpm_dev_description:-Development libraries for $name. $pp_rpm_description.}" ;; doc) _summary="documentation for $pp_rpm_summary" _group="$pp_rpm_doc_group" _desc="${pp_rpm_doc_description:-Documentation for $name. $pp_rpm_description.}" ;; dbg) _summary="diagnostic tools for $pp_rpm_summary" _group="$pp_rpm_dbg_group" _desc="${pp_rpm_dbg_description:-Diagnostic tools for $name.}" ;; esac _subname=`pp_rpm_subname $cmp` cat <<-. %package $_subname Summary: $name $_summary Group: $_group . eval '_pkg="$pp_rpm_'$cmp'_requires"' if test -n "$_pkg"; then eval pp_rpm_label Requires ${pp_rpm_name:-$name} $_pkg elif test -s $pp_wrkdir/%depend.$cmp; then pp_rpm_depend < $pp_wrkdir/%depend.$cmp >> $specfile fi if test -s $pp_wrkdir/%conflict.$cmp; then pp_rpm_conflict < $pp_wrkdir/%conflict.$cmp >> $specfile fi eval '_pkg="$pp_rpm_'$cmp'_provides"' eval pp_rpm_label Provides $_pkg cat <<-. %description $_subname $_desc . done >>$specfile #-- NB: we don't put any %prep, %build or %install RPM sections # into the spec file. #-- add service start/stop code if test -n "$pp_services"; then pp_rpm_service_install_common >> $pp_wrkdir/%post.run #-- record the uninstall commands in reverse order for svc in $pp_services; do pp_load_service_vars $svc pp_rpm_service_make_init_script $svc #-- append %post code to install the svc pp_rpm_service_install $svc >> $pp_wrkdir/%post.run #-- prepend %preun code to uninstall svc # (use files in case vars are modified) pp_rpm_service_remove $svc | pp_prepend $pp_wrkdir/%preun.run done pp_rpm_service_remove_common | pp_prepend $pp_wrkdir/%preun.run fi # make convenience service groups if test -n "$pp_service_groups"; then for grp in $pp_service_groups; do pp_rpm_service_group_make_init_script \ $grp "`pp_service_get_svc_group $grp`" done fi #-- Write the RPM %file sections # (do this after services, since services adds to %files.run) for cmp in $pp_components; do _subname=`pp_rpm_subname $cmp` if test -s $pp_wrkdir/%check.$cmp; then echo "" echo "%pre $_subname" cat $pp_wrkdir/%check.$cmp echo : # causes script to exit true by default fi if test -s $pp_wrkdir/%files.$cmp; then echo "" echo "%files $_subname" pp_rpm_writefiles < $pp_wrkdir/%files.$cmp fi if test -n "$pp_rpm_ghost"; then for ghost in $pp_rpm_ghost; do echo "%ghost $ghost" done fi if test -s $pp_wrkdir/%pre.$cmp; then echo "" echo "%pre $_subname" cat $pp_wrkdir/%pre.$cmp echo : # causes script to exit true fi if test -s $pp_wrkdir/%post.$cmp; then echo "" echo "%post $_subname" cat $pp_wrkdir/%post.$cmp echo : # causes script to exit true fi if test -s $pp_wrkdir/%preun.$cmp; then echo "" echo "%preun $_subname" cat $pp_wrkdir/%preun.$cmp echo : # causes script to exit true fi if test -s $pp_wrkdir/%postun.$cmp; then echo "" echo "%postun $_subname" cat $pp_wrkdir/%postun.$cmp echo : # causes script to exit true fi done >>$specfile #-- create a suitable work area for rpmbuild cat <<-. >$pp_wrkdir/.rpmmacros %_topdir $pp_wrkdir # XXX Note escaped %% for use in headerSprintf %_rpmfilename %%{ARCH}/%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm . mkdir $pp_wrkdir/RPMS mkdir $pp_wrkdir/BUILD if test x"$pp_rpm_arch" = x"auto"; then #-- Reduce the arch_seen list to exactly one item case "$pp_rpm_arch_seen" in "i386 x86_64"|"x86_64 i386") pp_rpm_arch_seen=x86_64;; *"s390 s390x"* | *"s390x s390"* ) pp_rpm_arch_seen=s390x;; *" "*) pp_error "detected multiple targets: $pp_rpm_arch_seen" pp_rpm_arch_seen=unknown;; # not detected "") pp_warn "detected no binaries: using target noarch" pp_rpm_arch_seen=noarch;; *) pp_debug "detected architecture $pp_rpm_arch_seen" esac pp_rpm_arch="$pp_rpm_arch_seen" fi . $pp_wrkdir/%fixup $pp_opt_debug && cat $specfile pp_debug "creating: `pp_backend_rpm_names`" pp_debug "pp_rpm_arch_seen = <${pp_rpm_arch_seen}>" pp_debug "pp_rpm_arch = <${pp_rpm_arch}>" HOME=$pp_wrkdir \ pp_verbose \ $pp_rpm_rpmbuild -bb \ --buildroot="$pp_destdir/" \ --target="${pp_rpm_arch}" \ --define='_unpackaged_files_terminate_build 0' \ --define='_use_internal_dependency_generator 0' \ `$pp_opt_debug && echo --verbose || echo --quiet` \ $pp_rpm_rpmbuild_extra_flags \ $specfile || pp_error "Problem creating RPM packages" for f in `pp_backend_rpm_names`; do # The package might be in an arch-specific subdir pkgfile=not-found for dir in $pp_wrkdir/RPMS/${pp_rpm_arch} $pp_wrkdir/RPMS; do if test -f $dir/$f; then pkgfile=$dir/$f fi done if test x"$pkgfile" = x"not-found"; then pp_error "Problem predicting RPM filename: $f" else ln $pkgfile $pp_wrkdir/$f fi done } pp_rpm_output_name () { echo "${pp_rpm_name:-$name}`pp_rpm_subname "$1" -`-${pp_rpm_version:-$version}-${pp_rpm_release:-1}.${pp_rpm_arch}.rpm" } pp_backend_rpm_names () { local cmp _subname for cmp in $pp_components; do pp_rpm_output_name $cmp done } pp_backend_rpm_cleanup () { : } pp_rpm_print_requires () { local _subname _name echo "CPU:$pp_rpm_arch" ## XXX should be lines of the form (from file/ldd/objdump) # EXEC:/bin/sh # RTLD:libc.so.4:open rpm -q --requires -p $pp_wrkdir/`pp_rpm_output_name $1` |sed -e '/^rpmlib(/d;s/ //g;s/^/RPM:/' | sort -u } pp_backend_rpm_install_script () { local cmp _subname echo "#!/bin/sh" pp_install_script_common cat <<. cmp_to_pkgname () { local oi name if test x"\$1" = x"--only-installed"; then #-- only print if installation detected oi=false shift else oi=true fi test x"\$*" = x"all" && set -- $pp_components for cmp do case \$cmp in . for cmp in $pp_components; do _subname=`pp_rpm_subname $cmp -` echo "$cmp) name=${pp_rpm_name:-$name}${_subname};;" done cat <<. *) usage;; esac if \$oi || rpm -q "\$name" >/dev/null 2>/dev/null; then echo "\$name" fi done } cmp_to_pathname () { test x"\$*" = x"all" && set -- $pp_components for cmp do case \$cmp in . for cmp in $pp_components; do echo "$cmp) echo \${PP_PKGDESTDIR:-.}/`pp_rpm_output_name $cmp` ;;" done cat <<. *) usage;; esac done } print_requires () { test x"\$*" = x"all" && set -- $pp_components for cmp do case \$cmp in . for cmp in $pp_components; do echo "$cmp) cat <<'._end'" pp_rpm_print_requires $cmp echo "._end"; echo ';;' done cat <<. *) usage;; esac done } test \$# -eq 0 && usage op="\$1"; shift case "\$op" in list-components) test \$# -eq 0 || usage \$op echo $pp_components ;; list-services) test \$# -eq 0 || usage \$op echo $pp_services ;; list-files) test \$# -ge 1 || usage \$op cmp_to_pathname "\$@" ;; install) test \$# -ge 1 || usage \$op verbose rpm -U --replacepkgs --oldpackage \ \`cmp_to_pathname "\$@"\` ;; uninstall) test \$# -ge 1 || usage \$op pkgs=\`cmp_to_pkgname --only-installed "\$@"\` if test -z "\$pkgs"; then verbosemsg "nothing to uninstall" else verbose rpm -e \$pkgs fi ;; start|stop) test \$# -ge 1 || usage \$op ec=0 for svc do verbose /etc/init.d/\$svc \$op || ec=1 done exit \$ec ;; print-platform) test \$# -eq 0 || usage \$op echo "linux-${pp_rpm_arch}" ;; print-requires) test \$# -ge 1 || usage \$op print_requires "\$@" ;; *) usage ;; esac . } pp_backend_rpm_probe () { echo "${pp_rpm_distro}-${pp_rpm_arch_std}" } pp_backend_rpm_vas_platforms () { case "$pp_rpm_arch_std" in x86_64) echo "linux-x86_64.rpm linux-x86.rpm";; *86) echo "linux-x86.rpm";; s390) echo "linux-s390";; s390x) echo "linux-s390x";; ppc*) echo "linux-glibc23-ppc64 linux-glibc22-ppc64";; ia64) echo "linux-ia64";; *) pp_die "unknown architecture $pp_rpm_arch_std";; esac } pp_rpm_service_install_common () { cat <<-'.' _pp_install_service () { local svc level svc="$1" if [ -x /usr/lib/lsb/install_initd -a ! -r /etc/redhat-release ] then # LSB-style install /usr/lib/lsb/install_initd /etc/init.d/$svc &> /dev/null elif [ -x /sbin/chkconfig ]; then # Red Hat/chkconfig-style install /sbin/chkconfig --add $svc &> /dev/null /sbin/chkconfig $svc off &> /dev/null else : # manual links under /etc/init.d fi } _pp_enable_service () { local svc level svc="$1" if [ -x /usr/lib/lsb/install_initd -a ! -r /etc/redhat-release ] then # LSB-style install : # not sure how to enable elif [ -x /sbin/chkconfig ]; then # Red Hat/chkconfig-style install /sbin/chkconfig $svc on &> /dev/null else # manual install set -- `sed -n -e 's/^# Default-Start://p' /etc/init.d/$svc` start_priority=`sed -n -e 's/^# X-Quest-Start-Priority:[[:space:]]*//p' /etc/init.d/$svc` stop_priority=`sed -n -e 's/^# X-Quest-Stop-Priority:[[:space:]]*//p' /etc/init.d/$svc` # Provide default start & stop priorities of 20 & 80 in # accordance with Debian update-rc.d defaults if [ -z "$start_priority" ]; then start_priority=20 fi if [ -z "$stop_priority" ]; then stop_priority=80 fi if [ -d "/etc/rc.d" ];then rcdir=/etc/rc.d else rcdir=/etc fi for level do ln -sf /etc/init.d/$svc $rcdir/rc$level.d/S$start_priority$svc; done set -- `sed -n -e 's/^# Default-Stop://p' /etc/init.d/$svc` for level do ln -sf /etc/init.d/$svc $rcdir/rc$level.d/K$stop_priority$svc; done fi } . } pp_rpm_service_remove_common () { cat <<-'.' _pp_remove_service () { local svc svc="$1" /etc/init.d/$svc stop >/dev/null 2>&1 if [ -x /usr/lib/lsb/remove_initd -a ! -r /etc/redhat-release ] then /usr/lib/lsb/remove_initd /etc/init.d/$svc &> /dev/null elif [ -x /sbin/chkconfig ]; then /sbin/chkconfig --del $svc &> /dev/null else if [ -d "/etc/rc.d" ];then rcdir=/etc/rc.d else rcdir=/etc fi rm -f $rcdir/rc?.d/[SK]??$svc fi } . } pp_rpm_service_install () { pp_rpm_service_make_init_script $1 >/dev/null || pp_error "could not create init script for service $1" echo "_pp_install_service $1" test $enable = yes && echo "_pp_enable_service $1" } pp_rpm_service_remove () { cat <<-. if [ "\$1" = "remove" -o "\$1" = "0" ]; then # only remove the service if not upgrade _pp_remove_service $1 fi . } pp_backend_rpm_init_svc_vars () { reload_signal= start_runlevels=${pp_rpm_default_start_runlevels-"2 3 4 5"} # == lsb default-start stop_runlevels=${pp_rpm_default_stop_runlevels-"0 1 6"} # == lsb default-stop svc_description="${pp_rpm_default_svc_description}" # == lsb short descr svc_process= lsb_required_start='$local_fs $network' lsb_should_start= lsb_required_stop= lsb_description= start_priority=50 stop_priority=50 #-- stop_priority = 100 - start_priority } pp_rpm_service_group_make_init_script () { local grp=$1 local svcs="$2" local script=/etc/init.d/$grp local out=$pp_destdir$script pp_add_file_if_missing $script run 755 || return 0 cat <<-. >>$out #!/bin/sh svcs="$svcs" . cat <<-'.' >>$out #-- prints usage message pp_usage () { echo "usage: $0 {start|stop|status|restart|reload|condrestart|try-restart|force-reload}" >&2 return 2 } #-- starts services in order.. stops them all if any break pp_start () { undo= for svc in $svcs; do if /etc/init.d/$svc start; then undo="$svc $undo" else if test -n "$undo"; then for svc in $undo; do /etc/init.d/$svc stop done return 1 fi fi done return 0 } #-- stops services in reverse pp_stop () { reverse= for svc in $svcs; do reverse="$svc $reverse" done rc=0 for svc in $reverse; do /etc/init.d/$svc stop || rc=$? done return $rc } #-- returns true only if all services return true status pp_status () { rc=0 for svc in $svcs; do /etc/init.d/$svc status || rc=$? done return $rc } pp_reload () { rc=0 for svc in $svcs; do /etc/init.d/$svc reload || rc=$? done return $rc } case "$1" in start) pp_start;; stop) pp_stop;; restart) pp_stop; pp_start;; status) pp_status;; try-restart|condrestart) if pp_status >/dev/null; then pp_restart fi;; reload) pp_reload;; force-reload) if pp_status >/dev/null; then pp_reload else pp_restart fi;; *) pp_usage;; esac . chmod 755 $out } pp_rpm_service_make_init_script () { local svc=$1 local script=/etc/init.d/$svc local out=$pp_destdir$script local _process _cmd _rpmlevels pp_add_file_if_missing $script run 755 || return 0 #-- start out as an empty shell script cat <<-'.' >$out #!/bin/sh . #-- determine the process name from $cmd unless $svc_process is given set -- $cmd _process=${svc_process:-"$1"} #-- construct a start command that builds a pid file if needed _cmd="$cmd"; if test -z "$pidfile"; then pidfile=/var/run/$svc.pid _cmd="$cmd & echo \$! > \$pidfile" fi if test "$user" != "root"; then _cmd="su $user -c exec $_cmd"; fi #-- generate the Red Hat chkconfig headers _rpmlevels=`echo $start_runlevels | tr -d ' '` cat <<-. >>$out # chkconfig: ${_rpmlevels:--} ${start_priority:-50} ${stop_priority:-50} # description: ${svc_description:-no description} # processname: ${_process} # pidfile: ${pidfile} . #-- generate the LSB init info cat <<-. >>$out ### BEGIN INIT INFO # Provides: ${svc} # Required-Start: ${lsb_required_start} # Should-Start: ${lsb_should_start} # Required-Stop: ${lsb_required_stop} # Default-Start: ${start_runlevels} # Default-Stop: ${stop_runlevels} # Short-Description: ${svc_description} ### END INIT INFO # Generated by PolyPackage ${pp_version} # ${copyright} . if test x"${svc_description}" = x"${pp_rpm_default_svc_description}"; then svc_description= fi #-- write service-specific definitions cat <<. >>$out #-- definitions specific to service ${svc} svc_name="${svc_description:-$svc service}" user="${user}" pidfile="${pidfile}" stop_signal="${stop_signal}" reload_signal="${reload_signal}" pp_exec_cmd () { $_cmd; } . #-- write the generic part of the init script cat <<'.' >>$out #-- use system message logging, if available if [ -f /lib/lsb/init-functions -a ! -r /etc/redhat-release ]; then . /lib/lsb/init-functions pp_success_msg () { log_success_msg "$@"; } pp_failure_msg () { log_failure_msg "$@"; } pp_warning_msg () { log_warning_msg "$@"; } elif [ -f /etc/init.d/functions ]; then . /etc/init.d/functions pp_success_msg () { echo -n "$*"; success "$@"; echo; } pp_failure_msg () { echo -n "$*"; failure "$@"; echo; } pp_warning_msg () { echo -n "$*"; warning "$@"; echo; } else pp_success_msg () { echo ${1:+"$*:"} OK; } pp_failure_msg () { echo ${1:+"$*:"} FAIL; } pp_warning_msg () { echo ${1:+"$*:"} WARNING; } fi #-- prints a status message pp_msg () { echo -n "$*: "; } #-- prints usage message pp_usage () { echo "usage: $0 {start|stop|status|restart|reload|condrestart|try-restart|force-reload}" >&2 return 2 } #-- reloads the service, if possible # returns 0=success 1=failure 3=unimplemented pp_reload () { test -n "$reload_signal" || return 3 # unimplemented pp_msg "Reloading ${svc_name}" if pp_signal -${reload_signal}; then pp_success_msg return 0 else pp_failure_msg "not running" return 1 fi } #-- delivers signal $1 to the pidfile # returns 0=success 1=failure pp_signal () { if test -r "$pidfile"; then read pid < $pidfile kill "$@" "$pid" 2>/dev/null else return 1 fi } #-- prints information about the service status # returns 0=running 1=crashed 3=stopped pp_status () { pp_msg "Checking for ${svc_name}" if pp_signal -0; then pp_success_msg "running" return 0 elif test -r "$pidfile"; then pp_failure_msg "not running (crashed)" return 1 else pp_failure_msg "not running" return 3 fi } #-- starts the service # returns 0=success 1=failure pp_start () { pp_msg "Starting ${svc_name}" if pp_status >/dev/null; then pp_warning_msg "already started" return 0 elif pp_exec_cmd; then pp_success_msg return 0 else pp_failure_msg "cannot start" return 1 fi } #-- stops the service # returns 0=success (always) pp_stop () { pp_msg "Stopping ${svc_name}" if pp_signal -${stop_signal}; then pp_success_msg else pp_success_msg "already stopped" fi rm -f "$pidfile" return 0 } #-- stops and starts the service pp_restart () { pp_stop pp_start } case "$1" in start) pp_start;; stop) pp_stop;; restart) pp_restart;; status) pp_status;; try-restart|condrestart) if pp_status >/dev/null; then pp_restart fi;; reload) pp_reload;; force-reload) if pp_status >/dev/null; then pp_reload else pp_restart fi;; *) pp_usage;; esac . chmod 755 $out } pp_backend_rpm_function () { case "$1" in pp_mkgroup) cat<<'.';; /usr/sbin/groupadd -f -r "$1" . pp_mkuser:depends) echo pp_mkgroup;; pp_mkuser) cat<<'.';; pp_mkgroup "${2:-$1}" || return 1 /usr/sbin/useradd \ -g "${2:-$1}" \ -M -d "${3:-/nonexistent}" \ -s "${4:-/bin/false}" \ -r "$1" . pp_havelib) cat<<'.';; for pp_tmp_dir in `echo "/usr/lib:/lib${3:+:$3}" | tr : ' '`; do test -r "$pp_tmp_dir/lib$1.so{$2:+.$2}" && return 0 done return 1 . *) false;; esac } : NOTES <<. # creating a dmg file for publishing on the web hdiutil create -srcfolder /path/foo foo.dmg hdiutil internet-enable -yes /path/foo.dmg # Layout for packages -/component/ -/extras/postinstall -/extras/postupgrade # /Developer/usr/bin/packagemaker (man packagemaker) Make a bunch of packages, and then build a 'distribution' which is only understood by macos>10.4 # Message files in the resource path used are Welcome.{rtf,html,rtfd,txt} - limited text shown in Intro ReadMe.{rtf,html,rtfd,txt} - scrollable/printable, after Intro License.{rtf,html,rtfd,txt} - ditto, user must click 'Accept' background.{jpg,tif,gif,pict,eps,pdf} 620x418 background image # These scripts looked for in the resource path InstallationCheck $pkgpath $defaultloc $targetvol 0:ok 32:warn 32+x:warn[1] 64:stop 96+x:stop[2] VolumeCheck $volpath 0:ok 32:failure 32+x:failure[3] preflight $pkgpath $targetloc $targetvol [priv] preinstall $pkgpath $targetloc $targetvol [priv] preupgrade $pkgpath $targetloc $targetvol [priv] postinstall $pkgpath $targetloc $targetvol [priv] postupgrade $pkgpath $targetloc $targetvol [priv] postflight $pkgpath $targetloc $targetvol [priv] 0:ok else fail (for all scripts) A detailed reason is deduced by finding an index x (16..31) in the file InstallationCheck.strings or VolumeCheck.strings. Scripts marked [priv] are executed with root privileges. None of the [priv] scripts are used by metapackages. # Default permissions Permissions of existing directories should match those of a clean install of the OS; typically root:admin 0775 New directories or files should be 0775 or 0664 with the appropriate user:group. Exceptions: /etc root:admin 0755 /var root:admin 0755 Info.plist = { CFBundleGetInfoString: "1.2.3, Quest Software, Inc.", CFBundleIdentifier: "com.quest.rc.openssh", CFBundleShortVersionString: "1.2.3", IFMajorVersion: 1, IFMinorVersion: 2, IFPkgFlagAllowBackRev: false, IFPkgFlagAuthorizationAction: "AdminAuthorization", IFPkgFlagDefaultLocation: "/", IFPkgFlagFollowLinks: true, IFPkgFlagInstallFat: false, IFPkgFlagInstalledSize: , # this is added by packagemaker IFPkgFlagIsRequired: false, IFPkgFlagOverwritePermissions: false, IFPkgFlagRelocatable: false, IFPkgFlagRestartAction: "NoRestart", IFPkgFlagRootVolumeOnly: false, IFPkgFlagUpdateInstalledLanguages: false, IFPkgFormatVersion= 0.10000000149011612, IFRequirementDicts: [ { Level = "requires", SpecArgument = "/opt/quest/lib/libvas.4.2.0.dylib", SpecType = "file", TestObject = true, TestOperator = "eq", } ] } Description.plist = { IFPkgDescriptionDescription = "this is the description text", IFPkgDescriptionTitle = "quest-openssh" } # Startup scripts 'launchd' is a kind of combined inetd and rc/init.d system. Create a /Library/LaunchDaemons/$daemonname.plist file Examples found in /System/Library/LaunchDaemons/ See manual page launchd.plist(5) for details: { Label: "com.quest.rc.foo", # required Program: "/sbin/program", ProgramArguments: [ "/sbin/program", "arg1", "arg2" ], # required RunAtLoad: true, WatchPaths: [ "/etc/crontab" ], QueueDirectories: [ "/var/cron/tabs" ], inetdCompatibility: { Wait: false }, # inetd-only OnDemand: false, # recommended SessionCreate: true, UserName: "nobody", InitGroups: true, Sockets: { # inetd only Listeners: { SockServiceName: "ssh", Bonjour: ["ssh", "sftp-ssh"], } }, Disabled: false, StandardErrorPath: "/dev/null", } How to add a new user dscl . -create /Users/$user dscl . -create /Users/$user UserShell /bin/bash dscl . -create /Users/$user RealName "$user" dscl . -create /Users/$user UniqueID $uid dscl . -create /Users/$user PrimaryGroupID $gid dscl . -create /Users/$user NFSHomeDirectory /Users/$user dscl . -passwd /Users/$user "$passwd" mkdir /Users/$user chown $uid.$gid /Users/$user . pp_platforms="$pp_platforms macos" pp_backend_macos_detect () { [ x"$1" = x"Darwin" ] } pp_backend_macos_init () { pp_macos_default_bundle_id_prefix="com.quest.rc." pp_macos_bundle_id= pp_macos_bundle_vendor= pp_macos_bundle_version= pp_macos_bundle_info_string= pp_macos_pkg_type=bundle pp_macos_pkg_license= pp_macos_pkg_readme= pp_macos_pkg_welcome= pp_macos_sudo=sudo pp_macos_installer_plugin= # OS X puts the library version *before* the .dylib extension pp_shlib_suffix='*.dylib' } pp_macos_plist () { typeset in in="" while test $# -gt 0; do case "$1" in start-plist) cat <<-.; in=" "; shift ;; . end-plist) echo ""; in=; shift;; '[') echo "$in"; in="$in "; shift;; ']') echo "$in"; in="${in# }"; shift;; '{') echo ""; in="$in "; shift;; '}') echo ""; in="${in# }"; shift;; key) shift; echo "$in$1"; shift;; string) shift; echo "$1" | sed -e 's/&/&/g;s//\>/g;' \ -e 's/^/'"$in"'/;s/$/<\/string>/'; shift;; true) echo "$in"; shift;; false) echo "$in"; shift;; real) shift; echo "$in$1"; shift;; integer) shift; echo "$in$1"; shift;; date) shift; echo "$in$1"; shift;; # ISO 8601 format data) shift; echo "$in$1"; shift;; # base64 encoded *) pp_error "pp_macos_plist: bad argument '$1'"; shift;; esac done } pp_macos_rewrite_cpio () { typeset script script=$pp_wrkdir/cpio-rewrite.pl cat <<-'.' >$script #!/usr/bin/perl # # Filter a cpio file, applying the user/group/mode specified in %files # # A CPIO header block has octal fields at the following offset/lengths: # 0 6 magic # 6 6 dev # 12 6 ino # 18 6 mode # 24 6 uid # 30 6 gid # 36 6 nlink # 42 6 rdev # 48 11 mtime # 59 6 namesize (including NUL terminator) # 65 11 filesize # 76 -- # use strict; use warnings; no strict 'subs'; # set %uid, %gid, %mode based on %files my (%uid, %gid, %mode, %users, %groups); my %type_map = ( d => 0040000, f => 0100000, s => 0120000 ); while () { my ($type,$mode,$uid,$gid,$flags,$name) = m/^(.) (\S+) (\S+) (\S+) (\S+) (\S+)/; $mode = $type eq "f" ? "0644" : "0755" if $mode eq "-"; $uid = 0 if $uid eq "-"; $gid = 0 if $gid eq "-"; if ($uid ne "=" and $uid =~ m/\D/) { unless (exists $users{$uid}) { my @pw = getpwnam($uid) or die "bad username '$uid'"; $users{$uid} = $pw[2]; } $uid = $users{$uid}; } if ($gid ne "=" and $gid =~ m/\D/) { unless (exists $groups{$gid}) { my @gr = getgrnam($gid) or die "bad group'$gid'"; $groups{$gid} = $gr[2]; } $gid = $groups{$gid}; } $name =~ s:/$:: if $type eq "d"; $name = ".".$name."\0"; $uid{$name} = sprintf("%06o",int($uid)) unless $uid eq "="; $gid{$name} = sprintf("%06o",int($gid)) unless $gid eq "="; $mode{$name} = sprintf("%06o",oct($mode)|$type_map{$type}) unless $mode eq "="; } undef %users; undef %groups; # parse the cpio file my $hdrlen = 76; while (read(STDIN, my $header, $hdrlen)) { my ($name, $namesize, $filesize); my $filepad = 0; if ($header =~ m/^07070[12]/) { # SVR4 ASCII format, convert to ODC if ($hdrlen == 76) { # Read in rest of header and update header len for SVR4 read(STDIN, $header, 110 - 76, 76); $hdrlen = 110; } my $ino = hex(substr($header, 6, 8)) & 0x3ffff; my $mode = hex(substr($header, 14, 8)) & 0x3ffff; my $uid = hex(substr($header, 22, 8)) & 0x3ffff; my $gid = hex(substr($header, 30, 8)) & 0x3ffff; my $nlink = hex(substr($header, 38, 8)) & 0x3ffff; my $mtime = hex(substr($header, 46, 8)) & 0xffffffff; $filesize = hex(substr($header, 54, 8)) & 0xffffffff; my $dev_maj = hex(substr($header, 62, 8)); my $dev_min = hex(substr($header, 70, 8)); my $dev = &makedev($dev_maj, $dev_min) & 0x3ffff; my $rdev_maj = hex(substr($header, 78, 8)); my $rdev_min = hex(substr($header, 86, 8)); my $rdev = &makedev($rdev_maj, $rdev_min) & 0x3ffff; $namesize = hex(substr($header, 94, 8)) & 0x3ffff; read(STDIN, $name, $namesize); # Header + name is padded to a multiple of 4 bytes my $namepad = (($hdrlen + $namesize + 3) & 0xfffffffc) - ($hdrlen + $namesize); read(STDIN, my $padding, $namepad) if ($namepad); # File data is padded to be a multiple of 4 bytes $filepad = (($filesize + 3) & 0xfffffffc) - $filesize; my $new_header = sprintf("070707%06o%06o%06o%06o%06o%06o%06o%011o%06o%011o", $dev, $ino, $mode, $uid, $gid, $nlink, $rdev, $mtime, $namesize, $filesize); $header = $new_header; } elsif ($header =~ m/^070707/) { # POSIX Portable ASCII Format $namesize = oct(substr($header, 59, 6)); $filesize = oct(substr($header, 65, 11)); read(STDIN, $name, $namesize); } else { die "bad magic"; } # update uid, gid and mode (already in octal) substr($header, 24, 6) = $uid{$name} if exists $uid{$name}; substr($header, 30, 6) = $gid{$name} if exists $gid{$name}; substr($header, 18, 6) = $mode{$name} if exists $mode{$name}; print($header, $name); # check for trailer at EOF last if $filesize == 0 && $name =~ /^TRAILER!!!\0/; # copy-through the file data while ($filesize > 0) { my $seg = 8192; $seg = $filesize if $filesize < $seg; read(STDIN, my $data, $seg); print $data; $filesize -= $seg; } # If file data is padded, skip it read(STDIN, my $padding, $filepad) if ($filepad); } # pass through any padding at the end (blocksize-dependent) for (;;) { my $numread = read(STDIN, my $data, 8192); last unless $numread; print $data; } exit(0); sub makedev { (((($_[0] & 0xff)) << 24) | ($_[1] & 0xffffff)); } __DATA__ . # Append to the script the %files data cat "$@" > $script /usr/bin/perl $script || pp_error "pp_macos_rewrite_cpio error"; } pp_macos_files_bom () { typeset _l t m o g f p st owner while read t m o g f p st; do # make sure that $m is padded up to 4 digits long case "$m" in ?) m="000$m";; ??) m="00$m";; ???) m="0$m";; ?????*) pp_error "pp_macos_writebom: mode '$m' too long";; esac # convert owner,group into owner/group in octal case $o in -) o=0;; esac case $g in -) g=0;; esac owner=`pp_d2o $o`/`pp_d2o $g` case $t in f) test x"$m" = x"000-" && m=0644 echo ".$p 10$m $owner ` /usr/bin/cksum < "${pp_destdir}$p" | awk '{print $2 " " $1}'`" ;; d) test x"$m" = x"000-" && m=0755 echo ".${p%/} 4$m $owner" ;; s) test x"$m" = x"000-" && m=0755 rl=`/usr/bin/readlink "${pp_destdir}$p"` #test x"$rl" = x"$st" || # pp_error "symlink mismatch $rl != $st" echo ".$p 12$m $owner ` /usr/bin/readlink -n "${pp_destdir}$p" | /usr/bin/cksum | awk '{print $2 " " $1}'` $st" ;; esac done } pp_macos_bom_fix_parents () { perl -pe ' sub dirname { my $d=shift; $d=~s,/[^/]*$,,; $d; } sub chk { my $d=shift; &chk(&dirname($d)) if $d =~ m,/,; unless ($seen{$d}++) { # Make sure we do not override system directories if ($d =~ m:^\./(etc|var)$:) { my $tgt = "private/$1"; my ($sum, $len) = split(/\s+/, `/usr/bin/printf "$tgt" | /usr/bin/cksum /dev/stdin`); print "$d\t120755\t0/0\t$len\t$sum\t$tgt\n"; } elsif ($d eq "." || $d eq "./Library") { print "$d\t41775\t0/80\n"; } elsif ($d eq "./Applications" || $d eq "./Developer") { print "$d\t40775\t0/80\n"; } else { print "$d\t40755\t0/0\n"; } } } m/^(\S+)\s+(\d+)/; if (oct($2) & 040000) { $seen{$1}++; # directory } &chk(&dirname($1));' } pp_macos_files_size () { typeset _l t m o g f p st owner while read t m o g f p st; do case $t in f) wc -c < "${pp_destdir}$p";; s) echo 4095;; d) ;; # always seems to be zero esac done | awk '{n+=1+int($1/4096)} END {print n*4}' } pp_o2d () { awk 'BEGIN { x=0; '`echo "$1" | sed -e 's/./x=x*8+&;/g'`'print x;}' /dev/null; then rm -f "$2" /usr/bin/mkbom -i "$1" "$2" return fi # On 10.4 we have this nonsense. pp_warn "mkbom workaround: copying source files to staging area" bomstage=$pp_wrkdir/bom_stage $pp_macos_sudo /bin/mkdir "$bomstage" while IFS=' ' read path mode ugid size cksumi linkpath; do if test -h "$pp_destdir/$path"; then $pp_macos_sudo /bin/ln -s "$linkpath" "$bomstage/$path" else if test -d "$pp_destdir/$path"; then $pp_macos_sudo /bin/mkdir -p "$bomstage/$path" else $pp_macos_sudo /bin/cp "$pp_destdir/$path" "$bomstage/$path" fi $pp_macos_sudo /bin/chmod $mode "$bomstage/$path" $pp_macos_sudo /usr/sbin/chown `echo $ugid| tr / :` "$bomstage/$path" fi done <"$1" (cd $bomstage && $pp_macos_sudo mkbom . $pp_wrkdir/bom_stage.bom) || pp_error "mkbom failed" $pp_macos_sudo mv $pp_wrkdir/bom_stage.bom "$2" } pp_backend_macos () { : ${pp_macos_bundle_id:=$pp_macos_default_bundle_id_prefix$name} case "$pp_macos_pkg_type" in bundle) pp_backend_macos_bundle;; flat) pp_backend_macos_flat;; *) pp_error "unsupported package type $pp_macos_pkg_type";; esac } pp_backend_macos_bundle () { typeset pkgdir Contents Resources lprojdir svc typeset Info_plist Description_plist typeset bundle_vendor bundle_version size cmp filelists mac_version=`sw_vers -productVersion` bundle_vendor=${pp_macos_bundle_vendor:-$vendor} if test -z "$pp_macos_bundle_version"; then bundle_version=`echo "$version.0.0.0" | sed -n -e 's/[^0-9.]//g' \ -e 's/^\([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\).*/\1/p'` else bundle_version="$pp_macos_bundle_version" fi source_version=`echo $version | sed 's/.*\.//'` # build the package layout pkgdir=$pp_wrkdir/$name.pkg Contents=$pkgdir/Contents Resources=$Contents/Resources lprojdir=$Resources/en.lproj mkdir $pkgdir $Contents $Resources $lprojdir || pp_error "Can't make package temporary directories" echo "major: 1" > $Resources/package_version echo "minor: 0" >> $Resources/package_version echo "pmkrpkg1" > $Contents/PkgInfo case $mac_version in "10.6"*) xattr -w "com.apple.TextEncoding" "macintosh;0" "$Resources/package_version" xattr -w "com.apple.TextEncoding" "macintosh;0" "$Contents/PkgInfo" ;; esac # Copy welcome file/dir for display at package install time. if test -n "$pp_macos_pkg_welcome"; then typeset sfx sfx=`echo "$pp_macos_pkg_welcome"|sed 's/^.*\.\([^\.]*\)$/\1/'` case "$sfx" in rtf|html|rtfd|txt) ;; *) sfx=txt;; esac cp -R ${pp_macos_pkg_welcome} $Resources/Welcome.$sfx fi # Copy readme file/dir for display at package install time. if test -n "$pp_macos_pkg_readme"; then typeset sfx sfx=`echo "$pp_macos_pkg_readme"|sed 's/^.*\.\([^\.]*\)$/\1/'` case "$sfx" in rtf|html|rtfd|txt) ;; *) sfx=txt;; esac cp -R ${pp_macos_pkg_readme} $Resources/ReadMe.$sfx fi # Copy license file/dir for display at package install time. if test -n "$pp_macos_pkg_license"; then typeset sfx sfx=`echo "$pp_macos_pkg_license"|sed 's/^.*\.\([^\.]*\)$/\1/'` case "$sfx" in rtf|html|rtfd|txt) ;; *) sfx=txt;; esac cp -R ${pp_macos_pkg_license} $Resources/License.$sfx fi # Add services (may modify %files) for svc in $pp_services .; do test . = "$svc" && continue pp_macos_add_service $svc done # Find file lists (%files.* includes ignore files) for cmp in $pp_components; do test -f $pp_wrkdir/%files.$cmp && filelists="$filelists${filelists:+ }$pp_wrkdir/%files.$cmp" done # compute the installed size size=`cat $filelists | pp_macos_files_size` #-- Create Info.plist Info_plist=$Contents/Info.plist pp_macos_plist \ start-plist \{ \ key CFBundleGetInfoString string \ "${pp_macos_bundle_info_string:-$version $bundle_vendor}" \ key CFBundleIdentifier string \ "${pp_macos_bundle_id}" \ key CFBundleName string "$name" \ key CFBundleShortVersionString string "$bundle_version" \ key IFMajorVersion integer 1 \ key IFMinorVersion integer 0 \ key IFPkgFlagAllowBackRev false \ key IFPkgFlagAuthorizationAction string "RootAuthorization" \ key IFPkgFlagDefaultLocation string "/" \ key IFPkgFlagFollowLinks true \ key IFPkgFlagInstallFat true \ key IFPkgFlagInstalledSize integer $size \ key IFPkgFlagIsRequired false \ key IFPkgFlagOverwritePermissions true \ key IFPkgFlagRelocatable false \ key IFPkgFlagRestartAction string "NoRestart" \ key IFPkgFlagRootVolumeOnly true \ key IFPkgFlagUpdateInstalledLanguages false \ key IFPkgFlagUseUserMask false \ key IFPkgFormatVersion real 0.10000000149011612 \ key SourceVersion string $source_version \ \} end-plist> $Info_plist # write en.lproj/Description.plist Description_plist=$lprojdir/Description.plist pp_macos_plist \ start-plist \{ \ key IFPkgDescriptionDeleteWarning string "" \ key IFPkgDescriptionDescription string "$pp_macos_bundle_info_string" \ key IFPkgDescriptionTitle string "$name" \ key IFPkgDescriptionVersion string "$version" \ \} end-plist > $Description_plist # write Resources/files awk '{print $6}' $filelists > $Resources/files # write package size file printf \ "NumFiles 0 InstalledSize $size CompressedSize 0 " > $Resources/$name.sizes # write Resources/preinstall for cmp in $pp_components; do if test -s $pp_wrkdir/%pre.$cmp; then if test ! -s $Resources/preinstall; then echo "#!/bin/sh" > $Resources/preinstall chmod +x $Resources/preinstall fi cat $pp_wrkdir/%pre.$cmp >> $Resources/preinstall echo : >> $Resources/preinstall fi done # write Resources/postinstall for cmp in $pp_components; do if test -s $pp_wrkdir/%post.$cmp; then if test ! -s $Resources/postinstall; then echo "#!/bin/sh" > $Resources/postinstall chmod +x $Resources/postinstall fi cat $pp_wrkdir/%post.$cmp >> $Resources/postinstall echo : >> $Resources/postinstall fi done # write Resources/postupgrade for cmp in $pp_components; do if test -s $pp_wrkdir/%postup.$cmp; then if test ! -s $Resources/postupgrade; then echo "#!/bin/sh" > $Resources/postupgrade chmod +x $Resources/postupgrade fi cat $pp_wrkdir/%postup.$cmp >> $Resources/postupgrade echo : >> $Resources/postupgrade fi done # write Resources/preremove for cmp in $pp_components; do if test -s $pp_wrkdir/%preun.$cmp; then if test ! -s $Resources/preremove; then echo "#!/bin/sh" > $Resources/preremove chmod +x $Resources/preremove fi cat $pp_wrkdir/%preun.$cmp >> $Resources/preremove echo : >> $Resources/preremove fi done # write Resources/postremove for cmp in $pp_components; do if test -s $pp_wrkdir/%postun.$cmp; then if test ! -s $Resources/postremove; then echo "#!/bin/sh" > $Resources/postremove chmod +x $Resources/postremove fi cat $pp_wrkdir/%postun.$cmp >> $Resources/postremove echo : >> $Resources/postremove fi done # write uninstall info echo "version=$version" > $Resources/uninstall if [ -n "$pp_macos_requires" ];then echo "requires=$pp_macos_requires" >> $Resources/uninstall fi . $pp_wrkdir/%fixup # Create the bill-of-materials (Archive.bom) cat $filelists | pp_macos_files_bom | sort | pp_macos_bom_fix_parents > $pp_wrkdir/tmp.bomls pp_macos_mkbom $pp_wrkdir/tmp.bomls $Contents/Archive.bom # Create the cpio archive (Archive.pax.gz) ( cd $pp_destdir && awk '{ print "." $6 }' $filelists | sed 's:/$::' | sort | /usr/bin/cpio -o | pp_macos_rewrite_cpio $filelists | gzip -9f -c > $Contents/Archive.pax.gz ) # Copy installer plugins if any if test -n "$pp_macos_installer_plugin"; then if test ! -f "$pp_macos_installer_plugin/InstallerSections.plist"; then pp_error "Missing InstallerSections.plist file in $pp_macos_installer_plugin" fi mkdir -p $pkgdir/Plugins cp -R "$pp_macos_installer_plugin"/* $pkgdir/Plugins fi test -d $pp_wrkdir/bom_stage && $pp_macos_sudo rm -rf $pp_wrkdir/bom_stage rm -f ${name}-${version}.dmg hdiutil create -fs HFS+ -srcfolder $pkgdir -volname $name ${name}-${version}.dmg } pp_backend_macos_flat () { typeset pkgdir bundledir Resources lprojdir svc typeset Info_plist Description_plist typeset bundle_vendor bundle_version size numfiles cmp filelists mac_version=`sw_vers -productVersion` bundle_vendor=${pp_macos_bundle_vendor:-$vendor} if test -z "$pp_macos_bundle_version"; then bundle_version=`echo "$version.0.0.0" | sed -n -e 's/[^0-9.]//g' \ -e 's/^\([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\).*/\1/p'` else bundle_version="$pp_macos_bundle_version" fi source_version=`echo $version | sed 's/.*\.//'` # build the flat package layout pkgdir=$pp_wrkdir/pkg bundledir=$pp_wrkdir/pkg/$name.pkg Resources=$pkgdir/Resources lprojdir=$Resources/en.lproj mkdir $pkgdir $bundledir $Resources $lprojdir || pp_error "Can't make package temporary directories" # Add services (may modify %files) for svc in $pp_services .; do test . = "$svc" && continue pp_macos_add_service $svc done # Find file lists (%files.* includes ignore files) for cmp in $pp_components; do test -f $pp_wrkdir/%files.$cmp && filelists="$filelists${filelists:+ }$pp_wrkdir/%files.$cmp" done # compute the installed size and number of files/dirs size=`cat $filelists | pp_macos_files_size` numfiles=`cat $filelists | wc -l` numfiles="${numfiles##* }" # Write Distribution file cat <<-. >$pkgdir/Distribution $name $version . if test -n "$pp_macos_pkg_welcome"; then cp -R "${pp_macos_pkg_welcome}" $Resources echo " " >>$pkgdir/Distribution fi if test -n "$pp_macos_pkg_readme"; then cp -R "${pp_macos_pkg_readme}" $Resources echo " " >>$pkgdir/Distribution fi if test -n "$pp_macos_pkg_license"; then cp -R "${pp_macos_pkg_license}" $Resources echo " " >>$pkgdir/Distribution fi cat <<-. >>$pkgdir/Distribution #$name.pkg . # write scripts archive # XXX - missing preupgrade, preflight, postflight mkdir $pp_wrkdir/scripts for cmp in $pp_components; do if test -s $pp_wrkdir/%pre.$cmp; then if test ! -s $pp_wrkdir/scripts/preinstall; then echo "#!/bin/sh" > $pp_wrkdir/scripts/preinstall chmod +x $pp_wrkdir/scripts/preinstall fi cat $pp_wrkdir/%pre.$cmp >> $pp_wrkdir/scripts/preinstall echo : >> $pp_wrkdir/scripts/preinstall fi if test -s $pp_wrkdir/%post.$cmp; then if test ! -s $pp_wrkdir/scripts/postinstall; then echo "#!/bin/sh" > $pp_wrkdir/scripts/postinstall chmod +x $pp_wrkdir/scripts/postinstall fi cat $pp_wrkdir/%post.$cmp >> $pp_wrkdir/scripts/postinstall echo : >> $pp_wrkdir/scripts/postinstall fi if test -s $pp_wrkdir/%postup.$cmp; then if test ! -s $pp_wrkdir/scripts/postupgrade; then echo "#!/bin/sh" > $pp_wrkdir/scripts/postupgrade chmod +x $pp_wrkdir/scripts/postupgrade fi cat $pp_wrkdir/%postup.$cmp >> $pp_wrkdir/scripts/postupgrade echo : >> $pp_wrkdir/scripts/postupgrade fi # XXX - not supported if test -s $pp_wrkdir/%preun.$cmp; then if test ! -s $pp_wrkdir/scripts/preremove; then echo "#!/bin/sh" > $pp_wrkdir/scripts/preremove chmod +x $pp_wrkdir/scripts/preremove fi cat $pp_wrkdir/%preun.$cmp >> $pp_wrkdir/scripts/preremove echo : >> $pp_wrkdir/scripts/preremove fi # XXX - not supported if test -s $pp_wrkdir/%postun.$cmp; then if test ! -s $pp_wrkdir/scripts/postremove; then echo "#!/bin/sh" > $pp_wrkdir/scripts/postremove chmod +x $pp_wrkdir/scripts/postremove fi cat $pp_wrkdir/%postun.$cmp >> $pp_wrkdir/scripts/postremove echo : >> $pp_wrkdir/scripts/postremove fi done if test "`echo $pp_wrkdir/scripts/*`" != "$pp_wrkdir/scripts/*"; then # write scripts archive, scripts are mode 0755 uid/gid 0/0 # resetting the owner and mode is not strictly required ( cd $pp_wrkdir/scripts || pp_error "Can't cd to $pp_wrkdir/scripts" rm -f $pp_wrkdir/tmp.files.scripts for s in *; do echo "f 0755 0 0 - ./$s" >>$pp_wrkdir/tmp.files.scripts done find . -type f | /usr/bin/cpio -o | pp_macos_rewrite_cpio $pp_wrkdir/tmp.files.scripts | gzip -9f -c > $bundledir/Scripts ) fi # Write PackageInfo file cat <<-. >$bundledir/PackageInfo . if test -s $bundledir/Scripts; then echo " " >>$bundledir/PackageInfo for s in preflight postflight preinstall postinstall preupgrade postupgrade; do if test -s "$pp_wrkdir/scripts/$s"; then echo " <$s file=\"$s\"/>" >>$bundledir/PackageInfo fi done echo " " >>$bundledir/PackageInfo fi cat <<-. >>$bundledir/PackageInfo . . $pp_wrkdir/%fixup # Create the bill-of-materials (Bom) cat $filelists | pp_macos_files_bom | sort | pp_macos_bom_fix_parents > $pp_wrkdir/tmp.bomls pp_macos_mkbom $pp_wrkdir/tmp.bomls $bundledir/Bom # Create the cpio payload ( cd $pp_destdir || pp_error "Can't cd to $pp_destdir" awk '{ print "." $6 }' $filelists | sed 's:/$::' | sort | /usr/bin/cpio -o | pp_macos_rewrite_cpio $filelists | gzip -9f -c > $bundledir/Payload ) # Copy installer plugins if any if test -n "$pp_macos_installer_plugin"; then if test ! -f "$pp_macos_installer_plugin/InstallerSections.plist"; then pp_error "Missing InstallerSections.plist file in $pp_macos_installer_plugin" fi mkdir -p $pkgdir/Plugins cp -R "$pp_macos_installer_plugin"/* $pkgdir/Plugins fi test -d $pp_wrkdir/bom_stage && $pp_macos_sudo rm -rf $pp_wrkdir/bom_stage # Create the flat package with xar (like pkgutil --flatten does) # Note that --distribution is only supported by Mac OS X 10.6 and above xar_flags="--compression=bzip2 --no-compress Scripts --no-compress Payload" case $mac_version in "10.5"*) ;; *) xar_flags="$xar_flags --distribution";; esac (cd $pkgdir && /usr/bin/xar $xar_flags -cf "../$name-$version.pkg" *) } pp_backend_macos_cleanup () { : } pp_backend_macos_names () { case "$pp_macos_pkg_type" in bundle) echo ${name}.pkg;; flat) echo ${name}-${version}.pkg;; *) pp_error "unsupported package type $pp_macos_pkg_type";; esac } pp_backend_macos_install_script () { echo '#!/bin/sh' typeset pkgname platform pkgname="`pp_backend_macos_names`" platform="`pp_backend_macos_probe`" pp_install_script_common cat <<. test \$# -eq 0 && usage op="\$1"; shift case "\$op" in list-components) test \$# -eq 0 || usage \$op echo "$pp_components" ;; list-services) test \$# -eq 0 || usage \$op echo "$pp_services" ;; list-files) test \$# -ge 1 || usage \$op echo \${PP_PKGDESTDIR:-.}/"$pkgname" ;; install) test \$# -ge 1 || usage \$op vol=/Volumes/pp\$\$ pkg=\$vol/${name}-${version}.pkg hdiutil attach -readonly -mountpoint \$vol \ \${PP_PKGDESTDIR:-.}/"$pkgname" trap "hdiutil detach \$vol" 0 installer -pkginfo -pkg \$pkg installer -verbose -pkg \$pkg -target / ;; uninstall) test \$# -ge 1 || usage \$op # XXX echo "Uninstall not implemented" >&2 exit 1;; start|stop) test \$# -ge 1 || usage \$op ec=0 for svc do # XXX echo "\${op} not implemented" >&2 ec=1 done exit \$ec ;; print-platform) echo "$platform" ;; *) usage;; esac . } pp_backend_macos_init_svc_vars () { pp_macos_start_services_after_install=false pp_macos_service_name= pp_macos_default_service_id_prefix="com.quest.rc." pp_macos_service_id= pp_macos_service_user= pp_macos_service_group= pp_macos_service_initgroups= pp_macos_service_umask= pp_macos_service_cwd= pp_macos_service_nice= pp_macos_svc_plist_file= } pp_macos_launchd_plist () { typeset svc svc_id svc="$1" svc_id="$2" set -- $cmd if [ -n "$pp_macos_svc_plist_file" ]; then echo "## Launchd plist file already defined at $pp_macos_svc_plist_file" return fi echo "## Generating the launchd plist file for $svc" pp_macos_svc_plist_file="$pp_wrkdir/$svc.plist" cat <<-. > $pp_macos_svc_plist_file Label $svc_id ProgramArguments . while test $# != 0; do printf " $1\n" >> $pp_macos_svc_plist_file shift done cat <<-. >> $pp_macos_svc_plist_file KeepAlive . if test -n "$pp_macos_service_user"; then printf " UserName\n" >> $pp_macos_svc_plist_file printf " $pp_macos_service_user\n" >> $pp_macos_svc_plist_file fi if test -n "$pp_macos_service_group"; then printf " GroupName\n" >> $pp_macos_svc_plist_file printf " $pp_macos_service_group\n" >> $pp_macos_svc_plist_file fi if test -n "$pp_macos_service_initgroups"; then printf " InitGroups\n" >> $pp_macos_svc_plist_file printf " $pp_macos_service_initgroups\n" >> $pp_macos_svc_plist_file fi if test -n "$pp_macos_service_umask"; then printf " Umask\n" >> $pp_macos_svc_plist_file printf " $pp_macos_service_umask\n" >> $pp_macos_svc_plist_file fi if test -n "$pp_macos_service_cwd"; then printf " WorkingDirectory\n" >> $pp_macos_svc_plist_file printf " $pp_macos_service_cwd\n" >> $pp_macos_svc_plist_file fi if test -n "$pp_macos_service_nice"; then printf " Nice\n" >> $pp_macos_svc_plist_file printf " $pp_macos_service_nice\n" >> $pp_macos_svc_plist_file fi cat <<-. >> $pp_macos_svc_plist_file . } pp_macos_add_service () { typeset svc svc_id plist_file plist_dir pp_load_service_vars "$1" svc=${pp_macos_service_name:-$1} svc_id=${pp_macos_service_id:-$pp_macos_default_service_id_prefix$svc} #-- create a plist file for svc pp_macos_launchd_plist "$svc" "$svc_id" #-- copy the plist file into place and add to %files plist_dir="/Library/LaunchDaemons" plist_file="$plist_dir/$svc_id.plist" mkdir -p "$pp_destdir/$plist_dir" cp "$pp_macos_svc_plist_file" "$pp_destdir/$plist_file" pp_add_file_if_missing "$plist_file" #-- add code to start the service on install ${pp_macos_start_services_after_install} && <<-. >> $pp_wrkdir/%post.$svc # start service '$svc' automatically after install launchctl load "$plist_file" . } pp_backend_macos_probe () { typeset name vers arch case `sw_vers -productName` in "Mac OS X") name="macos";; *) name="unknown";; esac vers=`sw_vers -productVersion | sed -e 's/^\([^.]*\)\.\([^.]*\).*/\1\2/'` arch=`arch` echo "$name$vers-$arch" } pp_backend_macos_vas_platforms () { echo "osx" # XXX non-really sure what they do.. it should be "macos" } pp_backend_macos_function () { case "$1" in _pp_macos_search_unused) cat<<'.';; # Find an unused value in the given path # args: path attribute minid [maxid] pp_tmp_val=$3 while :; do test $pp_tmp_val -ge ${4:-999999} && return 1 /usr/bin/dscl . -search "$1" "$2" $pp_tmp_val | grep . > /dev/null || break pp_tmp_val=`expr $pp_tmp_val + 1` done echo $pp_tmp_val . pp_mkgroup:depends) echo _pp_macos_search_unused;; pp_mkgroup) cat<<'.';; set -e /usr/bin/dscl . -read /Groups/"$1" >/dev/null 2>&1 && return pp_tmp_gid=`_pp_macos_search_unused /Groups PrimaryGroupID 100` /usr/bin/dscl . -create /Groups/"$1" /usr/bin/dscl . -create /Groups/"$1" PrimaryGroupID $pp_tmp_gid /usr/bin/dscl . -create /Groups/"$1" RealName "Group $1" /usr/bin/dscl . -create /Groups/"$1" GroupMembership "" /usr/bin/dscl . -create /Groups/"$1" Password '*' . pp_mkuser:depends) echo pp_mkgroup _pp_macos_search_unused;; pp_mkuser) cat<<'.';; set -e /usr/bin/dscl . -read /Users/"$1" >/dev/null 2>&1 && return pp_tmp_uid=`_pp_macos_search_unused /Users UniqueID 100` pp_mkgroup "${2:-$1}" pp_tmp_gid=`/usr/bin/dscl . -read /Groups/"${2:-$1}" \ PrimaryGroupID | awk '{print $2}'` /usr/bin/dscl . -create /Users/"$1" /usr/bin/dscl . -create /Users/"$1" PrimaryGroupID $pp_tmp_gid /usr/bin/dscl . -create /Users/"$1" NFSHomeDirectory \ "${3:-/var/empty}" /usr/bin/dscl . -create /Users/"$1" UserShell \ "${4:-/usr/bin/false}" /usr/bin/dscl . -create /Users/"$1" RealName "$1" /usr/bin/dscl . -create /Users/"$1" UniqueID $pp_tmp_uid /usr/bin/dscl . -create /Users/"$1" Password '*' . pp_havelib) cat<<'.';; # (use otool -L to find dependent libraries) for pp_tmp_dir in `echo "${3:+$3:}/usr/local/lib:/lib:/usr/lib" | tr : ' '`; do test -r "$pp_tmp_dir/lib$1{$2:+.$2}.dylib" && return 0 done return 1 . *) false;; esac } pp_platforms="$pp_platforms inst" pp_backend_inst_detect () { case "$1" in IRIX*) return 0;; *) return 1;; esac } pp_backend_inst_init () { pp_readlink_fn=pp_ls_readlink } pp_backend_inst_create_idb() { typeset t m o g f p st while read t m o g f p st; do if test x"$o" = x"-"; then o="root" fi if test x"$g" = x"-"; then g="sys" fi case "$t" in f) test x"$m" = x"-" && m=444 echo "f 0$m $o $g $p $p $name.sw.base" ;; d) test x"$m" = x"-" && m=555 echo "d 0$m $o $g $p $p $name.sw.base" ;; s) test x"$m" = x"-" && m=777 test x"$m" = x"777" || pp_warn "$p: invalid mode $m for symlink, should be 777 or -" echo "l 0$m $o $g $p $p $name.sw.base symval($st)" ;; esac done } pp_backend_inst_create_spec() { echo "product $name" echo " id \"${summary}. Version: ${version}\"" echo " image sw" echo " id \"Software\"" echo " version $version" echo " order 9999" echo " subsys base" echo " id \"Base Software\"" echo " replaces self" echo " exp $name.sw.base" echo " endsubsys" echo " endimage" echo "endproduct" } pp_backend_inst () { curdir=`pwd` cd "$pp_opt_wrkdir" # initialize pp_inst_tardist=tardist pp_inst_spec=${name}.spec pp_inst_idb=${name}.idb rm -rf $pp_inst_tardist $pp_inst_spec $pp_inst_idb mkdir -p $pp_inst_tardist # Create idb file (for _cmp in $pp_components; do cat %files.$_cmp | sort +4u -6 | pp_backend_inst_create_idb done) >> $pp_inst_idb pp_backend_inst_create_spec >> $pp_inst_spec # Generate tardist gendist -verbose -all -root / -source $pp_opt_destdir -idb $pp_inst_idb -spec $pp_inst_spec -dist $pp_inst_tardist $name tar -cvf `pp_backend_inst_names` $pp_inst_tardist cd "$curdir" } pp_backend_inst_cleanup () { : } pp_backend_inst_names () { echo ${name}-${version}.tardist } pp_backend_inst_install_script () { : } pp_backend_inst_function () { echo false } pp_backend_inst_init_svc_vars () { : } pp_backend_inst_probe () { cpu=`hinv|sed -n '/^CPU/{s/000 /k /;s/^CPU: //;s/ Process.*//;s/^MIPS //;p;q;}'|tr A-Z a-z` echo irix`uname -r`-$cpu } pp_backend_inst_vas_platforms () { echo "irix-65" } pp_platforms="$pp_platforms null" pp_backend_null_detect () { ! : } pp_backend_null_init () { : } pp_backend_null () { : } pp_backend_null_cleanup () { : } pp_backend_null_names () { : } pp_backend_null_install_script () { : } pp_backend_null_function () { echo false } pp_backend_null_init_svc_vars () { : } pp_backend_null_probe () { echo unknown-unknown } pp_backend_null_vas_platforms () { : } quest_require_vas () { typeset v d if test $# -ne 1; then return fi set -- `echo "$1" | tr . ' '` 0 0 0 for d do echo $d | grep '^[0-9][0-9]*$' > /dev/null || pp_error "quest_require_vas: Bad version component $d" done test $# -lt 4 && pp_error "quest_require_vas: missing version number" case "$1.$2.$3.$4" in *.0.0.0) v=$1;; *.*.0.0) v=$1.$2;; *.*.*.0) v=$1.$2.$3;; *) v=$1.$2.$3.$4;; esac cat <<. if test -x /opt/quest/bin/vastool && /opt/quest/bin/vastool -v | awk 'NR == 1 {print \$4}' | awk -F. '{ if (\$1<$1 || \$1==$1 && ( \ \$2<$2 || \$2==$2 && ( \ \$3<$3 || \$2==$3 && ( \ \$4<$4 )))) exit(1); }' then exit 0 else echo "Requires VAS $v or later" exit 1 fi . } pp_main ${1+"$@"} sudo-1.8.9p5/src/Makefile.in010064400175440000012000000405231226304127700152100ustar00millertstaff# # Copyright (c) 2010-2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # @configure_input@ # #### Start of system configuration section. #### srcdir = @srcdir@ devdir = @devdir@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ incdir = $(top_srcdir)/include cross_compiling = @CROSS_COMPILING@ # Compiler & tools to use CC = @CC@ LIBTOOL = @LIBTOOL@ @LT_STATIC@ # Our install program supports extra flags... INSTALL = $(SHELL) $(top_srcdir)/install-sh -c # Libraries LT_LIBS = $(top_builddir)/common/libsudo_util.la $(LIBOBJDIR)libreplace.la LIBS = @LIBS@ @SUDO_LIBS@ @GETGROUPS_LIB@ @NET_LIBS@ @LIBINTL@ $(LT_LIBS) @LIBDL@ # C preprocessor flags CPPFLAGS = -I$(incdir) -I$(top_builddir) -I. -I$(srcdir) -I$(top_srcdir) @CPPFLAGS@ # Usually -O and/or -g CFLAGS = @CFLAGS@ # Flags to pass to the link stage LDFLAGS = @LDFLAGS@ LT_LDFLAGS = @LT_LDFLAGS@ # PIE flags PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ # Stack smashing protection flags SSP_CFLAGS = @SSP_CFLAGS@ SSP_LDFLAGS = @SSP_LDFLAGS@ # Where to install things... prefix = @prefix@ exec_prefix = @exec_prefix@ bindir = @bindir@ sbindir = @sbindir@ sysconfdir = @sysconfdir@ libexecdir = @libexecdir@ datarootdir = @datarootdir@ localedir = @localedir@ localstatedir = @localstatedir@ noexecfile = @NOEXECFILE@ noexecdir = @NOEXECDIR@ # User and group ids the installed files should be "owned" by install_uid = 0 install_gid = 0 # File extension and mode to use for shared libraries shlib_ext = @SHLIB_EXT@ shlib_mode = @SHLIB_MODE@ TEST_PROGS = check_ttyname TEST_LIBS = @LIBS@ @LIBINTL@ $(LT_LIBS) TEST_LDFLAGS = @LDFLAGS@ # OS dependent defines DEFS = @OSDEFS@ -DLOCALEDIR=\"$(localedir)\" #### End of system configuration section. #### SHELL = @SHELL@ PROGS = @PROGS@ OBJS = conversation.o env_hooks.o exec.o exec_common.o exec_pty.o \ get_pty.o hooks.o net_ifs.o load_plugins.o parse_args.o \ preserve_fds.o signal.o sudo.o sudo_edit.o tgetpass.o ttyname.o \ utmp.o @SUDO_OBJS@ SESH_OBJS = sesh.o locale_stub.o exec_common.o CHECK_TTYNAME_OBJS = check_ttyname.o locale_stub.o ttyname.o LIBOBJDIR = $(top_builddir)/@ac_config_libobj_dir@/ VERSION = @PACKAGE_VERSION@ all: $(PROGS) Makefile: $(srcdir)/Makefile.in (cd $(top_builddir) && ./config.status --file src/Makefile) ./sudo_usage.h: $(srcdir)/sudo_usage.h.in (cd $(top_builddir) && ./config.status --file src/sudo_usage.h) .SUFFIXES: .c .h .lo .o .c.o: $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $< .c.lo: $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $< sudo: $(OBJS) $(LT_LIBS) $(LIBTOOL) --mode=link $(CC) -o $@ $(OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) libsudo_noexec.la: sudo_noexec.lo $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir) sesh: $(SESH_OBJS) @LIBINTL@ $(LT_LIBS) $(LIBTOOL) --mode=link $(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) @LIBINTL@ $(LIBS) check_ttyname: $(CHECK_TTYNAME_OBJS) $(top_builddir)/common/libsudo_util.la $(LIBOBJDIR)libreplace.la $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_TTYNAME_OBJS) $(TEST_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LIBS) pre-install: install: install-binaries @INSTALL_NOEXEC@ install-dirs: $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(bindir) \ $(DESTDIR)$(libexecdir)/sudo $(DESTDIR)$(noexecdir) install-binaries: install-dirs $(PROGS) $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m 04755 sudo $(DESTDIR)$(bindir)/sudo rm -f $(DESTDIR)$(bindir)/sudoedit ln -s sudo $(DESTDIR)$(bindir)/sudoedit if [ -f sesh ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0755 sesh $(DESTDIR)$(libexecdir)/sudo/sesh; fi install-doc: install-includes: # We install sudo_noexec by hand so we can avoid a "lib" prefix # and a version number. Since we use LD_PRELOAD, neither is needed. install-noexec: install-dirs libsudo_noexec.la if [ -f .libs/libsudo_noexec$(shlib_ext) ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m $(shlib_mode) .libs/libsudo_noexec$(shlib_ext) $(DESTDIR)$(noexecdir)/$(noexecfile); fi install-plugin: uninstall: -rm -f $(DESTDIR)$(bindir)/sudo $(DESTDIR)$(bindir)/sudoedit \ $(DESTDIR)$(libexecdir)/sudo/sesh \ $(DESTDIR)$(noexecdir)/$(noexecfile) check: $(TEST_PROGS) ./check_ttyname clean: -$(LIBTOOL) --mode=clean rm -f $(PROGS) $(TEST_PROGS) *.lo *.o *.la *.a stamp-* core *.core core.* mostlyclean: clean distclean: clean -rm -rf Makefile .libs sudo_usage.h clobber: distclean realclean: distclean rm -f TAGS tags cleandir: realclean # Autogenerated dependencies, do not modify check_ttyname.o: $(srcdir)/regress/ttyname/check_ttyname.c $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/missing.h $(incdir)/sudo_util.h \ $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/ttyname/check_ttyname.c conversation.o: $(srcdir)/conversation.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/conversation.c env_hooks.o: $(srcdir)/env_hooks.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_dso.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/env_hooks.c exec.o: $(srcdir)/exec.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_event.h $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ $(srcdir)/sudo.h $(srcdir)/sudo_exec.h $(srcdir)/sudo_plugin_int.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/exec.c exec_common.o: $(srcdir)/exec_common.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/exec_common.c exec_pty.o: $(srcdir)/exec_pty.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_event.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \ $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/exec_pty.c get_pty.o: $(srcdir)/get_pty.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/get_pty.c hooks.o: $(srcdir)/hooks.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/hooks.c load_plugins.o: $(srcdir)/load_plugins.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_dso.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(srcdir)/sudo.h \ $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/load_plugins.c locale_stub.o: $(srcdir)/locale_stub.c $(incdir)/fatal.h $(incdir)/gettext.h \ $(incdir)/missing.h $(top_builddir)/config.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/locale_stub.c net_ifs.o: $(srcdir)/net_ifs.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/sudo_debug.h \ $(top_builddir)/config.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/net_ifs.c openbsd.o: $(srcdir)/openbsd.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/openbsd.c parse_args.o: $(srcdir)/parse_args.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/lbuf.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/getopt.h $(top_srcdir)/compat/stdbool.h \ ./sudo_usage.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/parse_args.c preload.o: $(srcdir)/preload.c $(incdir)/sudo_dso.h $(incdir)/sudo_plugin.h \ $(top_builddir)/config.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/preload.c preserve_fds.o: $(srcdir)/preserve_fds.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_util.h $(srcdir)/sudo.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/preserve_fds.c selinux.o: $(srcdir)/selinux.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/selinux.c sesh.o: $(srcdir)/sesh.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/queue.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ $(srcdir)/sudo_exec.h $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sesh.c signal.o: $(srcdir)/signal.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/signal.c solaris.o: $(srcdir)/solaris.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/solaris.c sudo.o: $(srcdir)/sudo.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h \ ./sudo_usage.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudo.c sudo_edit.o: $(srcdir)/sudo_edit.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudo_edit.c sudo_noexec.lo: $(srcdir)/sudo_noexec.c $(incdir)/missing.h \ $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudo_noexec.c tgetpass.o: $(srcdir)/tgetpass.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/tgetpass.c ttyname.o: $(srcdir)/ttyname.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/ttyname.c utmp.o: $(srcdir)/utmp.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/fileops.h $(incdir)/gettext.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/utmp.c sudo-1.8.9p5/src/conversation.c010064400175440000012000000062311226304126300160120ustar00millertstaff/* * Copyright (c) 1999-2005, 2007-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include "sudo.h" #include "sudo_plugin.h" #include "sudo_plugin_int.h" extern int tgetpass_flags; /* XXX */ /* * Sudo conversation function. */ int sudo_conversation(int num_msgs, const struct sudo_conv_message msgs[], struct sudo_conv_reply replies[]) { struct sudo_conv_reply *repl; const struct sudo_conv_message *msg; char *pass; int n, flags = tgetpass_flags; for (n = 0; n < num_msgs; n++) { msg = &msgs[n]; repl = &replies[n]; switch (msg->msg_type & 0xff) { case SUDO_CONV_PROMPT_ECHO_ON: case SUDO_CONV_PROMPT_MASK: if (msg->msg_type == SUDO_CONV_PROMPT_ECHO_ON) SET(flags, TGP_ECHO); else SET(flags, TGP_MASK); /* FALLTHROUGH */ case SUDO_CONV_PROMPT_ECHO_OFF: if (ISSET(msg->msg_type, SUDO_CONV_PROMPT_ECHO_OK)) SET(flags, TGP_NOECHO_TRY); /* Read the password unless interrupted. */ pass = tgetpass(msg->msg, msg->timeout, flags); if (pass == NULL) goto err; repl->reply = estrdup(pass); memset_s(pass, SUDO_CONV_REPL_MAX, 0, strlen(pass)); break; case SUDO_CONV_INFO_MSG: if (msg->msg) (void) fputs(msg->msg, stdout); break; case SUDO_CONV_ERROR_MSG: if (msg->msg) (void) fputs(msg->msg, stderr); break; case SUDO_CONV_DEBUG_MSG: if (msg->msg) sudo_debug_write(msg->msg, strlen(msg->msg), 0); break; default: goto err; } } return 0; err: /* Zero and free allocated memory and return an error. */ do { repl = &replies[n]; if (repl->reply != NULL) { memset_s(repl->reply, SUDO_CONV_REPL_MAX, 0, strlen(repl->reply)); free(repl->reply); repl->reply = NULL; } } while (n--); return -1; } sudo-1.8.9p5/src/env_hooks.c010064400175440000012000000151101226304126300152670ustar00millertstaff/* * Copyright (c) 2010, 2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS) # include #endif /* HAVE_MALLOC_H && !STDC_HEADERS */ #include #include "sudo.h" #include "sudo_plugin.h" #include "sudo_dso.h" extern char **environ; /* global environment pointer */ static char **priv_environ; /* private environment pointer */ static char * rpl_getenv(const char *name) { char **ep, *val = NULL; size_t namelen = 0; /* For BSD compatibility, treat '=' in name like end of string. */ while (name[namelen] != '\0' && name[namelen] != '=') namelen++; for (ep = environ; *ep != NULL; ep++) { if (strncmp(*ep, name, namelen) == 0 && (*ep)[namelen] == '=') { val = *ep + namelen + 1; break; } } return val; } typedef char * (*sudo_fn_getenv_t)(const char *); char * getenv_unhooked(const char *name) { sudo_fn_getenv_t fn; fn = (sudo_fn_getenv_t)sudo_dso_findsym(SUDO_DSO_NEXT, "getenv"); if (fn != NULL) return fn(name); return rpl_getenv(name); } char * getenv(const char *name) { char *val = NULL; switch (process_hooks_getenv(name, &val)) { case SUDO_HOOK_RET_STOP: return val; case SUDO_HOOK_RET_ERROR: return NULL; default: return getenv_unhooked(name); } } static int rpl_putenv(PUTENV_CONST char *string) { char **ep; size_t len; bool found = false; /* Look for existing entry. */ len = (strchr(string, '=') - string) + 1; for (ep = environ; *ep != NULL; ep++) { if (strncmp(string, *ep, len) == 0) { *ep = (char *)string; found = true; break; } } /* Prune out duplicate variables. */ if (found) { while (*ep != NULL) { if (strncmp(string, *ep, len) == 0) { char **cur = ep; while ((*cur = *(cur + 1)) != NULL) cur++; } else { ep++; } } } /* Append at the end if not already found. */ if (!found) { size_t env_len = (size_t)(ep - environ); char **envp = erealloc3(priv_environ, env_len + 2, sizeof(char *)); if (environ != priv_environ) memcpy(envp, environ, env_len * sizeof(char *)); envp[env_len++] = (char *)string; envp[env_len] = NULL; priv_environ = environ = envp; } return 0; } typedef int (*sudo_fn_putenv_t)(PUTENV_CONST char *); static int putenv_unhooked(PUTENV_CONST char *string) { sudo_fn_putenv_t fn; fn = (sudo_fn_putenv_t)sudo_dso_findsym(SUDO_DSO_NEXT, "putenv"); if (fn != NULL) return fn(string); return rpl_putenv(string); } int putenv(PUTENV_CONST char *string) { switch (process_hooks_putenv((char *)string)) { case SUDO_HOOK_RET_STOP: return 0; case SUDO_HOOK_RET_ERROR: return -1; default: return putenv_unhooked(string); } } static int rpl_setenv(const char *var, const char *val, int overwrite) { char *envstr, *dst; const char *src; size_t esize; if (!var || *var == '\0') { errno = EINVAL; return -1; } /* * POSIX says a var name with '=' is an error but BSD * just ignores the '=' and anything after it. */ for (src = var; *src != '\0' && *src != '='; src++) ; esize = (size_t)(src - var) + 2; if (val) { esize += strlen(val); /* glibc treats a NULL val as "" */ } /* Allocate and fill in envstr. */ if ((envstr = malloc(esize)) == NULL) return -1; for (src = var, dst = envstr; *src != '\0' && *src != '=';) *dst++ = *src++; *dst++ = '='; if (val) { for (src = val; *src != '\0';) *dst++ = *src++; } *dst = '\0'; if (!overwrite && getenv(var) != NULL) { free(envstr); return 0; } return rpl_putenv(envstr); } typedef int (*sudo_fn_setenv_t)(const char *, const char *, int); static int setenv_unhooked(const char *var, const char *val, int overwrite) { sudo_fn_setenv_t fn; fn = (sudo_fn_setenv_t)sudo_dso_findsym(SUDO_DSO_NEXT, "setenv"); if (fn != NULL) return fn(var, val, overwrite); return rpl_setenv(var, val, overwrite); } int setenv(const char *var, const char *val, int overwrite) { switch (process_hooks_setenv(var, val, overwrite)) { case SUDO_HOOK_RET_STOP: return 0; case SUDO_HOOK_RET_ERROR: return -1; default: return setenv_unhooked(var, val, overwrite); } } static int rpl_unsetenv(const char *var) { char **ep = environ; size_t len; if (var == NULL || *var == '\0' || strchr(var, '=') != NULL) { errno = EINVAL; return -1; } len = strlen(var); while (*ep != NULL) { if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') { /* Found it; shift remainder + NULL over by one. */ char **cur = ep; while ((*cur = *(cur + 1)) != NULL) cur++; /* Keep going, could be multiple instances of the var. */ } else { ep++; } } return 0; } #ifdef UNSETENV_VOID typedef void (*sudo_fn_unsetenv_t)(const char *); #else typedef int (*sudo_fn_unsetenv_t)(const char *); #endif static int unsetenv_unhooked(const char *var) { int rval = 0; sudo_fn_unsetenv_t fn; fn = (sudo_fn_unsetenv_t)sudo_dso_findsym(SUDO_DSO_NEXT, "unsetenv"); if (fn != NULL) { # ifdef UNSETENV_VOID fn(var); # else rval = fn(var); # endif } else { rval = rpl_unsetenv(var); } return rval; } #ifdef UNSETENV_VOID void #else int #endif unsetenv(const char *var) { int rval; switch (process_hooks_unsetenv(var)) { case SUDO_HOOK_RET_STOP: rval = 0; break; case SUDO_HOOK_RET_ERROR: rval = -1; break; default: rval = unsetenv_unhooked(var); break; } #ifndef UNSETENV_VOID return rval; #endif } sudo-1.8.9p5/src/exec.c010064400175440000012000000665761226540124100142440ustar00millertstaff/* * Copyright (c) 2009-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef TIME_WITH_SYS_TIME # include #endif #include #include #include #include #include "sudo.h" #include "sudo_exec.h" #include "sudo_event.h" #include "sudo_plugin.h" #include "sudo_plugin_int.h" struct exec_closure { pid_t child; bool log_io; sigset_t omask; struct command_status *cstat; struct command_details *details; struct sudo_event_base *evbase; }; /* We keep a tailq of signals to forward to child. */ struct sigforward { TAILQ_ENTRY(sigforward) entries; int signo; }; TAILQ_HEAD(sigfwd_list, sigforward); static struct sigfwd_list sigfwd_list = TAILQ_HEAD_INITIALIZER(sigfwd_list); static struct sudo_event *signal_event; static struct sudo_event *sigfwd_event; static struct sudo_event *backchannel_event; static pid_t ppgrp = -1; volatile pid_t cmnd_pid = -1; static void signal_pipe_cb(int fd, int what, void *v); static int dispatch_pending_signals(struct command_status *cstat); static void forward_signals(int fd, int what, void *v); static void schedule_signal(struct sudo_event_base *evbase, int signo); #ifdef SA_SIGINFO static void handler_user_only(int s, siginfo_t *info, void *context); #endif /* * Fork and execute a command, returns the child's pid. * Sends errno back on sv[1] if execve() fails. */ static int fork_cmnd(struct command_details *details, int sv[2]) { struct command_status cstat; sigaction_t sa; debug_decl(fork_cmnd, SUDO_DEBUG_EXEC) ppgrp = getpgrp(); /* parent's process group */ /* * Handle suspend/restore of sudo and the command. * In most cases, the command will be in the same process group as * sudo and job control will "just work". However, if the command * changes its process group ID and does not change it back (or is * kill by SIGSTOP which is not catchable), we need to resume the * command manually. Also, if SIGTSTP is sent directly to sudo, * we need to suspend the command, and then suspend ourself, restoring * the default SIGTSTP handler temporarily. * * XXX - currently we send SIGCONT upon resume in some cases where * we don't need to (e.g. command pgrp == parent pgrp). */ memset(&sa, 0, sizeof(sa)); sigfillset(&sa.sa_mask); sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */ #ifdef SA_SIGINFO sa.sa_flags |= SA_SIGINFO; sa.sa_sigaction = handler; #else sa.sa_handler = handler; #endif sudo_sigaction(SIGCONT, &sa, NULL); #ifdef SA_SIGINFO sa.sa_sigaction = handler_user_only; #endif sudo_sigaction(SIGTSTP, &sa, NULL); /* * The policy plugin's session init must be run before we fork * or certain pam modules won't be able to track their state. */ if (policy_init_session(details) != true) fatalx(U_("policy plugin failed session initialization")); cmnd_pid = sudo_debug_fork(); switch (cmnd_pid) { case -1: fatal(U_("unable to fork")); break; case 0: /* child */ close(sv[0]); close(signal_pipe[0]); close(signal_pipe[1]); fcntl(sv[1], F_SETFD, FD_CLOEXEC); exec_cmnd(details, &cstat, sv[1]); send(sv[1], &cstat, sizeof(cstat), 0); sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, 1); _exit(1); } sudo_debug_printf(SUDO_DEBUG_INFO, "executed %s, pid %d", details->command, (int)cmnd_pid); debug_return_int(cmnd_pid); } /* * Setup the execution environment and execute the command. * If SELinux is enabled, run the command via sesh, otherwise * execute it directly. * If the exec fails, cstat is filled in with the value of errno. */ void exec_cmnd(struct command_details *details, struct command_status *cstat, int errfd) { debug_decl(exec_cmnd, SUDO_DEBUG_EXEC) restore_signals(); if (exec_setup(details, NULL, -1) == true) { /* headed for execve() */ sudo_debug_execve(SUDO_DEBUG_INFO, details->command, details->argv, details->envp); if (details->closefrom >= 0) { /* Preserve debug fd and error pipe as needed. */ int debug_fd = sudo_debug_fd_get(); if (debug_fd != -1) add_preserved_fd(&details->preserved_fds, debug_fd); if (errfd != -1) add_preserved_fd(&details->preserved_fds, errfd); /* Close all fds except those explicitly preserved. */ closefrom_except(details->closefrom, &details->preserved_fds); } #ifdef HAVE_SELINUX if (ISSET(details->flags, CD_RBAC_ENABLED)) { selinux_execve(details->command, details->argv, details->envp, ISSET(details->flags, CD_NOEXEC)); } else #endif { sudo_execve(details->command, details->argv, details->envp, ISSET(details->flags, CD_NOEXEC)); } cstat->type = CMD_ERRNO; cstat->val = errno; sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to exec %s: %s", details->command, strerror(errno)); } debug_return; } static void backchannel_cb(int fd, int what, void *v) { struct exec_closure *ec = v; ssize_t n; debug_decl(backchannel_cb, SUDO_DEBUG_EXEC) /* read child status */ n = recv(fd, ec->cstat, sizeof(struct command_status), MSG_WAITALL); if (n != sizeof(struct command_status)) { if (n == -1) { switch (errno) { case EINTR: /* got a signal, restart loop to service it. */ sudo_ev_loopcontinue(ec->evbase); break; case EAGAIN: /* not ready after all... */ break; default: ec->cstat->type = CMD_ERRNO; ec->cstat->val = errno; sudo_debug_printf(SUDO_DEBUG_ERROR, "failed to read child status: %s", strerror(errno)); sudo_ev_loopbreak(ec->evbase); break; } } else { /* Short read or EOF. */ sudo_debug_printf(SUDO_DEBUG_ERROR, "failed to read child status: %s", n ? "short read" : "EOF"); if (!ec->log_io && n == 0) { /* * If not logging I/O we may get EOF when the command is * executed and the other end of the backchannel is closed. * Just remove the event in this case. */ (void)sudo_ev_del(ec->evbase, backchannel_event); } else { /* XXX - need new CMD_ type for monitor errors. */ errno = n ? EIO : ECONNRESET; ec->cstat->type = CMD_ERRNO; ec->cstat->val = errno; sudo_ev_loopbreak(ec->evbase); } } debug_return; } switch (ec->cstat->type) { case CMD_PID: /* * Once we know the command's pid we can unblock * signals which ere blocked in fork_pty(). This * avoids a race between exec of the command and * receipt of a fatal signal from it. */ cmnd_pid = ec->cstat->val; sudo_debug_printf(SUDO_DEBUG_INFO, "executed %s, pid %d", ec->details->command, (int)cmnd_pid); if (ec->log_io) sigprocmask(SIG_SETMASK, &ec->omask, NULL); break; case CMD_WSTATUS: if (WIFSTOPPED(ec->cstat->val)) { /* Suspend parent and tell child how to resume on return. */ sudo_debug_printf(SUDO_DEBUG_INFO, "child stopped, suspending parent"); n = suspend_parent(WSTOPSIG(ec->cstat->val)); schedule_signal(ec->evbase, n); /* Re-enable I/O events and restart event loop to service signal. */ add_io_events(ec->evbase); sudo_ev_loopcontinue(ec->evbase); } else { /* Child exited or was killed, either way we are done. */ sudo_debug_printf(SUDO_DEBUG_INFO, "child exited or was killed"); sudo_ev_loopexit(ec->evbase); } break; case CMD_ERRNO: /* Child was unable to execute command or broken pipe. */ sudo_debug_printf(SUDO_DEBUG_INFO, "errno from child: %s", strerror(ec->cstat->val)); sudo_ev_loopbreak(ec->evbase); break; } debug_return; } /* * Setup initial exec events. * Allocates events for the signal pipe and backchannel. * Forwarded signals on the backchannel are enabled on demand. */ static struct sudo_event_base * exec_event_setup(int backchannel, struct exec_closure *ec) { struct sudo_event_base *evbase; debug_decl(exec_event_setup, SUDO_DEBUG_EXEC) evbase = sudo_ev_base_alloc(); if (evbase == NULL) fatal(NULL); /* Event for incoming signals via signal_pipe. */ signal_event = sudo_ev_alloc(signal_pipe[0], SUDO_EV_READ|SUDO_EV_PERSIST, signal_pipe_cb, ec); if (signal_event == NULL) fatal(NULL); if (sudo_ev_add(evbase, signal_event, NULL, false) == -1) fatal(U_("unable to add event to queue")); /* Event for command status via backchannel. */ backchannel_event = sudo_ev_alloc(backchannel, SUDO_EV_READ|SUDO_EV_PERSIST, backchannel_cb, ec); if (backchannel_event == NULL) fatal(NULL); if (sudo_ev_add(evbase, backchannel_event, NULL, false) == -1) fatal(U_("unable to add event to queue")); /* The signal forwarding event gets added on demand. */ sigfwd_event = sudo_ev_alloc(backchannel, SUDO_EV_WRITE, forward_signals, NULL); if (sigfwd_event == NULL) fatal(NULL); sudo_debug_printf(SUDO_DEBUG_INFO, "signal pipe fd %d\n", signal_pipe[0]); sudo_debug_printf(SUDO_DEBUG_INFO, "backchannel fd %d\n", backchannel); debug_return_ptr(evbase); } /* * Execute a command, potentially in a pty with I/O loggging, and * wait for it to finish. * This is a little bit tricky due to how POSIX job control works and * we fact that we have two different controlling terminals to deal with. */ int sudo_execute(struct command_details *details, struct command_status *cstat) { struct sigforward *sigfwd, *sigfwd_next; const char *utmp_user = NULL; struct sudo_event_base *evbase; struct exec_closure ec; bool log_io = false; sigaction_t sa; pid_t child; int sv[2]; debug_decl(sudo_execute, SUDO_DEBUG_EXEC) dispatch_pending_signals(cstat); /* If running in background mode, fork and exit. */ if (ISSET(details->flags, CD_BACKGROUND)) { switch (sudo_debug_fork()) { case -1: cstat->type = CMD_ERRNO; cstat->val = errno; debug_return_int(-1); case 0: /* child continues without controlling terminal */ (void)setpgid(0, 0); break; default: /* parent exits (but does not flush buffers) */ sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, 0); _exit(0); } } /* * If we have an I/O plugin or the policy plugin has requested one, we * need to allocate a pty. It is OK to set log_io in the pty-only case * as the io plugin tailqueue will be empty and no I/O logging will occur. */ if (!TAILQ_EMPTY(&io_plugins) || ISSET(details->flags, CD_USE_PTY)) { log_io = true; if (ISSET(details->flags, CD_SET_UTMP)) utmp_user = details->utmp_user ? details->utmp_user : user_details.username; sudo_debug_printf(SUDO_DEBUG_INFO, "allocate pty for I/O logging"); pty_setup(details->euid, user_details.tty, utmp_user); } else if (!ISSET(details->flags, CD_SET_TIMEOUT|CD_SUDOEDIT) && policy_plugin.u.policy->close == NULL) { /* * If there is no policy close function, no I/O logging or pty, * and we were not invoked as sudoedit, just exec directly. */ exec_cmnd(details, cstat, -1); goto done; } /* * We communicate with the child over a bi-directional pair of sockets. * Parent sends signal info to child and child sends back wait status. */ if (socketpair(PF_UNIX, SOCK_STREAM, 0, sv) == -1) fatal(U_("unable to create sockets")); /* * Signals to forward to the child process (excluding SIGALRM and SIGCHLD). * We block all other signals while running the signal handler. * Note: HP-UX select() will not be interrupted if SA_RESTART set. */ memset(&sa, 0, sizeof(sa)); sigfillset(&sa.sa_mask); sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */ #ifdef SA_SIGINFO sa.sa_flags |= SA_SIGINFO; sa.sa_sigaction = handler; #else sa.sa_handler = handler; #endif sudo_sigaction(SIGTERM, &sa, NULL); sudo_sigaction(SIGALRM, &sa, NULL); /* XXX - only if there is a timeout */ sudo_sigaction(SIGCHLD, &sa, NULL); sudo_sigaction(SIGPIPE, &sa, NULL); sudo_sigaction(SIGUSR1, &sa, NULL); sudo_sigaction(SIGUSR2, &sa, NULL); /* * When not running the command in a pty, we do not want to * forward signals generated by the kernel that the child will * already have received either by virtue of being in the * controlling tty's process group (SIGINT, SIGQUIT) or because * the session is terminating (SIGHUP). */ #ifdef SA_SIGINFO if (!log_io) { sa.sa_flags |= SA_SIGINFO; sa.sa_sigaction = handler_user_only; } #endif sudo_sigaction(SIGHUP, &sa, NULL); sudo_sigaction(SIGINT, &sa, NULL); sudo_sigaction(SIGQUIT, &sa, NULL); /* * Child will run the command in the pty, parent will pass data * to and from pty. */ if (log_io) child = fork_pty(details, sv, &ec.omask); else child = fork_cmnd(details, sv); close(sv[1]); /* Set command timeout if specified. */ if (ISSET(details->flags, CD_SET_TIMEOUT)) alarm(details->timeout); /* * I/O logging must be in the C locale for floating point numbers * to be logged consistently. */ setlocale(LC_ALL, "C"); /* * Allocate event base and two persistent events: * the signal pipe and the child process's backchannel. */ evbase = exec_event_setup(sv[0], &ec); /* * Generic exec closure used for signal_pipe and backchannel callbacks. * Note ec.omask is set earlier. */ ec.child = child; ec.log_io = log_io; ec.cstat = cstat; ec.evbase = evbase; ec.details = details; /* * In the event loop we pass input from user tty to master * and pass output from master to stdout and IO plugin. */ if (log_io) add_io_events(evbase); if (sudo_ev_loop(evbase, 0) == -1) warning(U_("error in event loop")); if (sudo_ev_got_break(evbase)) { /* error from callback */ sudo_debug_printf(SUDO_DEBUG_ERROR, "event loop exited prematurely"); /* kill command if still running and not I/O logging */ if (!log_io && kill(child, 0) == 0) terminate_command(child, true); } if (log_io) { /* Flush any remaining output and free pty-related memory. */ pty_close(cstat); } #ifdef HAVE_SELINUX if (ISSET(details->flags, CD_RBAC_ENABLED)) { /* This is probably not needed in log_io mode. */ if (selinux_restore_tty() != 0) warningx(U_("unable to restore tty label")); } #endif /* Free things up. */ sudo_ev_base_free(evbase); sudo_ev_free(sigfwd_event); sudo_ev_free(signal_event); sudo_ev_free(backchannel_event); TAILQ_FOREACH_SAFE(sigfwd, &sigfwd_list, entries, sigfwd_next) { efree(sigfwd); } TAILQ_INIT(&sigfwd_list); done: debug_return_int(cstat->type == CMD_ERRNO ? -1 : 0); } /* * Forward a signal to the command (non-pty version). */ static int dispatch_signal(struct sudo_event_base *evbase, pid_t child, int signo, char *signame, struct command_status *cstat) { int rc = 1; debug_decl(dispatch_signal, SUDO_DEBUG_EXEC) sudo_debug_printf(SUDO_DEBUG_INFO, "%s: evbase %p, child: %d, signo %s(%d), cstat %p", __func__, evbase, (int)child, signame, signo, cstat); if (signo == SIGCHLD) { pid_t pid; int status; /* * The command stopped or exited. */ do { pid = waitpid(child, &status, WUNTRACED|WNOHANG); } while (pid == -1 && errno == EINTR); if (pid == child) { if (WIFSTOPPED(status)) { /* * Save the controlling terminal's process group * so we can restore it after we resume, if needed. * Most well-behaved shells change the pgrp back to * its original value before suspending so we must * not try to restore in that case, lest we race with * the child upon resume, potentially stopping sudo * with SIGTTOU while the command continues to run. */ sigaction_t sa, osa; pid_t saved_pgrp = (pid_t)-1; int signo = WSTOPSIG(status); int fd = open(_PATH_TTY, O_RDWR|O_NOCTTY, 0); if (fd != -1) { saved_pgrp = tcgetpgrp(fd); /* * Child was stopped trying to access controlling * terminal. If the child has a different pgrp * and we own the controlling terminal, give it * to the child's pgrp and let it continue. */ if (signo == SIGTTOU || signo == SIGTTIN) { if (saved_pgrp == ppgrp) { pid_t child_pgrp = getpgid(child); if (child_pgrp != ppgrp) { if (tcsetpgrp(fd, child_pgrp) == 0) { if (killpg(child_pgrp, SIGCONT) != 0) { warning("kill(%d, SIGCONT)", (int)child_pgrp); } close(fd); goto done; } } } } } if (signo == SIGTSTP) { memset(&sa, 0, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; sa.sa_handler = SIG_DFL; sudo_sigaction(SIGTSTP, &sa, &osa); } if (kill(getpid(), signo) != 0) warning("kill(%d, SIG%s)", (int)getpid(), signame); if (signo == SIGTSTP) sudo_sigaction(SIGTSTP, &osa, NULL); if (fd != -1) { /* * Restore command's process group if different. * Otherwise, we cannot resume some shells. */ if (saved_pgrp != ppgrp) (void)tcsetpgrp(fd, saved_pgrp); close(fd); } } else { /* Child has exited or been killed, we are done. */ cstat->type = CMD_WSTATUS; cstat->val = status; sudo_ev_loopexit(evbase); goto done; } } } else { /* Send signal to child. */ if (signo == SIGALRM) { terminate_command(child, false); } else if (kill(child, signo) != 0) { warning("kill(%d, SIG%s)", (int)child, signame); } } rc = 0; done: debug_return_int(rc); } /* * Forward a signal to the monitory (pty version). */ static int dispatch_signal_pty(struct sudo_event_base *evbase, pid_t child, int signo, char *signame, struct command_status *cstat) { int rc = 1; debug_decl(dispatch_signal_pty, SUDO_DEBUG_EXEC) sudo_debug_printf(SUDO_DEBUG_INFO, "%s: evbase %p, child: %d, signo %s(%d), cstat %p", __func__, evbase, (int)child, signame, signo, cstat); if (signo == SIGCHLD) { int n, status; pid_t pid; /* * Monitor process was signaled; wait for it as needed. */ do { pid = waitpid(child, &status, WUNTRACED|WNOHANG); } while (pid == -1 && errno == EINTR); if (pid == child) { /* * If the monitor dies we get notified via backchannel_cb(). * If it was stopped, we should stop too (the command keeps * running in its pty) and continue it when we come back. */ if (WIFSTOPPED(status)) { sudo_debug_printf(SUDO_DEBUG_INFO, "monitor stopped, suspending parent"); n = suspend_parent(WSTOPSIG(status)); kill(pid, SIGCONT); schedule_signal(evbase, n); /* Re-enable I/O events and restart event loop. */ add_io_events(evbase); sudo_ev_loopcontinue(evbase); goto done; } else if (WIFSIGNALED(status)) { sudo_debug_printf(SUDO_DEBUG_INFO, "monitor killed, signal %d", WTERMSIG(status)); } else { sudo_debug_printf(SUDO_DEBUG_INFO, "monitor exited, status %d", WEXITSTATUS(status)); } } } else { /* Schedule signo to be forwared to the child. */ schedule_signal(evbase, signo); /* Restart event loop to service signal immediately. */ sudo_ev_loopcontinue(evbase); } rc = 0; done: debug_return_int(rc); } /* Signal pipe callback */ static void signal_pipe_cb(int fd, int what, void *v) { struct exec_closure *ec = v; char signame[SIG2STR_MAX]; unsigned char signo; ssize_t nread; int rc = 0; debug_decl(signal_pipe_cb, SUDO_DEBUG_EXEC) do { /* read signal pipe */ nread = read(fd, &signo, sizeof(signo)); if (nread <= 0) { /* It should not be possible to get EOF but just in case... */ if (nread == 0) errno = ECONNRESET; /* Restart if interrupted by signal so the pipe doesn't fill. */ if (errno == EINTR) continue; /* On error, store errno and break out of the event loop. */ if (errno != EAGAIN) { sudo_debug_printf(SUDO_DEBUG_ERROR, "error reading signal pipe %s", strerror(errno)); ec->cstat->type = CMD_ERRNO; ec->cstat->val = errno; sudo_ev_loopbreak(ec->evbase); } break; } if (sig2str(signo, signame) == -1) snprintf(signame, sizeof(signame), "%d", signo); sudo_debug_printf(SUDO_DEBUG_DIAG, "received SIG%s", signame); if (ec->log_io) { rc = dispatch_signal_pty(ec->evbase, ec->child, signo, signame, ec->cstat); } else { rc = dispatch_signal(ec->evbase, ec->child, signo, signame, ec->cstat); } } while (rc == 0); debug_return; } /* * Drain pending signals from signale_pipe written by sudo_handler(). * Handles the case where the signal was sent to us before * we have executed the command. * Returns 1 if we should terminate, else 0. */ static int dispatch_pending_signals(struct command_status *cstat) { ssize_t nread; struct sigaction sa; unsigned char signo = 0; int rval = 0; debug_decl(dispatch_pending_signals, SUDO_DEBUG_EXEC) for (;;) { nread = read(signal_pipe[0], &signo, sizeof(signo)); if (nread <= 0) { /* It should not be possible to get EOF but just in case. */ if (nread == 0) errno = ECONNRESET; /* Restart if interrupted by signal so the pipe doesn't fill. */ if (errno == EINTR) continue; /* If pipe is empty, we are done. */ if (errno == EAGAIN) break; sudo_debug_printf(SUDO_DEBUG_ERROR, "error reading signal pipe %s", strerror(errno)); cstat->type = CMD_ERRNO; cstat->val = errno; rval = 1; break; } /* Take the first terminal signal. */ if (signo == SIGINT || signo == SIGQUIT) { cstat->type = CMD_WSTATUS; cstat->val = signo + 128; rval = 1; break; } } /* Only stop if we haven't already been terminated. */ if (signo == SIGTSTP) { memset(&sa, 0, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; sa.sa_handler = SIG_DFL; sudo_sigaction(SIGTSTP, &sa, NULL); if (kill(getpid(), SIGTSTP) != 0) warning("kill(%d, SIGTSTP)", (int)getpid()); /* No need to reinstall SIGTSTP handler. */ } debug_return_int(rval); } /* * Forward signals in sigfwd_list to child listening on fd. */ static void forward_signals(int sock, int what, void *v) { char signame[SIG2STR_MAX]; struct sigforward *sigfwd; struct command_status cstat; ssize_t nsent; debug_decl(forward_signals, SUDO_DEBUG_EXEC) while (!TAILQ_EMPTY(&sigfwd_list)) { sigfwd = TAILQ_FIRST(&sigfwd_list); if (sigfwd->signo == SIGCONT_FG) strlcpy(signame, "CONT_FG", sizeof(signame)); else if (sigfwd->signo == SIGCONT_BG) strlcpy(signame, "CONT_BG", sizeof(signame)); else if (sig2str(sigfwd->signo, signame) == -1) snprintf(signame, sizeof(signame), "%d", sigfwd->signo); sudo_debug_printf(SUDO_DEBUG_INFO, "sending SIG%s to child over backchannel", signame); cstat.type = CMD_SIGNO; cstat.val = sigfwd->signo; do { nsent = send(sock, &cstat, sizeof(cstat), 0); } while (nsent == -1 && errno == EINTR); TAILQ_REMOVE(&sigfwd_list, sigfwd, entries); efree(sigfwd); if (nsent != sizeof(cstat)) { if (errno == EPIPE) { struct sigforward *sigfwd_next; sudo_debug_printf(SUDO_DEBUG_ERROR, "broken pipe writing to child over backchannel"); /* Other end of socket gone, empty out sigfwd_list. */ TAILQ_FOREACH_SAFE(sigfwd, &sigfwd_list, entries, sigfwd_next) { efree(sigfwd); } TAILQ_INIT(&sigfwd_list); /* XXX - child (monitor) is dead, we should exit too? */ } break; } } } /* * Schedule a signal to be forwarded. */ static void schedule_signal(struct sudo_event_base *evbase, int signo) { struct sigforward *sigfwd; char signame[SIG2STR_MAX]; debug_decl(schedule_signal, SUDO_DEBUG_EXEC) if (signo == SIGCONT_FG) strlcpy(signame, "CONT_FG", sizeof(signame)); else if (signo == SIGCONT_BG) strlcpy(signame, "CONT_BG", sizeof(signame)); else if (sig2str(signo, signame) == -1) snprintf(signame, sizeof(signame), "%d", signo); sudo_debug_printf(SUDO_DEBUG_DIAG, "scheduled SIG%s for child", signame); sigfwd = ecalloc(1, sizeof(*sigfwd)); sigfwd->signo = signo; TAILQ_INSERT_TAIL(&sigfwd_list, sigfwd, entries); if (sudo_ev_add(evbase, sigfwd_event, NULL, true) == -1) fatal(U_("unable to add event to queue")); debug_return; } /* * Generic handler for signals passed from parent -> child. * The other end of signal_pipe is checked in the main event loop. */ #ifdef SA_SIGINFO void handler(int s, siginfo_t *info, void *context) { unsigned char signo = (unsigned char)s; /* * If the signal came from the command we ran, just ignore * it since we don't want the child to indirectly kill itself. * This can happen with, e.g. BSD-derived versions of reboot * that call kill(-1, SIGTERM) to kill all other processes. */ if (info != NULL && info->si_code == SI_USER && info->si_pid == cmnd_pid) return; /* * The pipe is non-blocking, if we overflow the kernel's pipe * buffer we drop the signal. This is not a problem in practice. */ ignore_result(write(signal_pipe[1], &signo, sizeof(signo))); } #else void handler(int s) { unsigned char signo = (unsigned char)s; /* * The pipe is non-blocking, if we overflow the kernel's pipe * buffer we drop the signal. This is not a problem in practice. */ ignore_result(write(signal_pipe[1], &signo, sizeof(signo))); } #endif #ifdef SA_SIGINFO /* * Generic handler for signals passed from parent -> child. * The other end of signal_pipe is checked in the main event loop. * This version is for the non-pty case and does not forward * signals that are generated by the kernel. */ static void handler_user_only(int s, siginfo_t *info, void *context) { unsigned char signo = (unsigned char)s; /* Only forward user-generated signals. */ if (info != NULL && info->si_code == SI_USER) { /* * The pipe is non-blocking, if we overflow the kernel's pipe * buffer we drop the signal. This is not a problem in practice. */ ignore_result(write(signal_pipe[1], &signo, sizeof(signo))); } } #endif /* SA_SIGINFO */ /* * Open a pipe and make both ends non-blocking. * Returns 0 on success and -1 on error. */ int pipe_nonblock(int fds[2]) { int flags, rval; debug_decl(pipe_nonblock, SUDO_DEBUG_EXEC) rval = pipe(fds); if (rval != -1) { flags = fcntl(fds[0], F_GETFL, 0); if (flags != -1 && !ISSET(flags, O_NONBLOCK)) rval = fcntl(fds[0], F_SETFL, flags | O_NONBLOCK); if (rval != -1) { flags = fcntl(fds[1], F_GETFL, 0); if (flags != -1 && !ISSET(flags, O_NONBLOCK)) rval = fcntl(fds[1], F_SETFL, flags | O_NONBLOCK); } if (rval == -1) { close(fds[0]); close(fds[1]); } } debug_return_int(rval); } sudo-1.8.9p5/src/exec_common.c010064400175440000012000000114411226304126300155730ustar00millertstaff/* * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef HAVE_PRIV_SET # include #endif #include #include #include #include "sudo.h" #include "sudo_exec.h" /* * Disable execution of child processes in the command we are about * to run. On systems with privilege sets, we can remove the exec * privilege. On other systems we use LD_PRELOAD and the like. */ static char * const * disable_execute(char *const envp[]) { #ifdef _PATH_SUDO_NOEXEC char *preload, **nenvp = NULL; int env_len, env_size; int preload_idx = -1; # ifdef RTLD_PRELOAD_ENABLE_VAR bool enabled = false; # endif #endif /* _PATH_SUDO_NOEXEC */ debug_decl(disable_execute, SUDO_DEBUG_UTIL) #ifdef HAVE_PRIV_SET /* Solaris privileges, remove PRIV_PROC_EXEC post-execve. */ (void)priv_set(PRIV_ON, PRIV_INHERITABLE, "PRIV_FILE_DAC_READ", NULL); (void)priv_set(PRIV_ON, PRIV_INHERITABLE, "PRIV_FILE_DAC_WRITE", NULL); (void)priv_set(PRIV_ON, PRIV_INHERITABLE, "PRIV_FILE_DAC_SEARCH", NULL); if (priv_set(PRIV_OFF, PRIV_LIMIT, "PRIV_PROC_EXEC", NULL) == 0) debug_return_const_ptr(envp); warning(U_("unable to remove PRIV_PROC_EXEC from PRIV_LIMIT")); #endif /* HAVE_PRIV_SET */ #ifdef _PATH_SUDO_NOEXEC /* * Preload a noexec file. For a list of LD_PRELOAD-alikes, see * http://www.fortran-2000.com/ArnaudRecipes/sharedlib.html * XXX - need to support 32-bit and 64-bit variants */ /* Count entries in envp, looking for LD_PRELOAD as we go. */ for (env_len = 0; envp[env_len] != NULL; env_len++) { if (strncmp(envp[env_len], RTLD_PRELOAD_VAR "=", sizeof(RTLD_PRELOAD_VAR)) == 0) { preload_idx = env_len; continue; } #ifdef RTLD_PRELOAD_ENABLE_VAR if (strncmp(envp[env_len], RTLD_PRELOAD_ENABLE_VAR "=", sizeof(RTLD_PRELOAD_ENABLE_VAR)) == 0) { enabled = true; continue; } #endif } /* Make a new copy of envp as needed. */ env_size = env_len + 1 + (preload_idx == -1); #ifdef RTLD_PRELOAD_ENABLE_VAR if (!enabled) env_size++; #endif nenvp = emalloc2(env_size, sizeof(*envp)); memcpy(nenvp, envp, env_len * sizeof(*envp)); nenvp[env_len] = NULL; /* Prepend our LD_PRELOAD to existing value or add new entry at the end. */ if (preload_idx == -1) { # ifdef RTLD_PRELOAD_DEFAULT easprintf(&preload, "%s=%s%s%s", RTLD_PRELOAD_VAR, sudo_conf_noexec_path(), RTLD_PRELOAD_DELIM, RTLD_PRELOAD_DEFAULT); # else preload = fmt_string(RTLD_PRELOAD_VAR, sudo_conf_noexec_path()); # endif if (preload == NULL) fatal(NULL); nenvp[env_len++] = preload; nenvp[env_len] = NULL; } else { easprintf(&preload, "%s=%s%s%s", RTLD_PRELOAD_VAR, sudo_conf_noexec_path(), RTLD_PRELOAD_DELIM, nenvp[preload_idx]); nenvp[preload_idx] = preload; } # ifdef RTLD_PRELOAD_ENABLE_VAR if (!enabled) { nenvp[env_len++] = RTLD_PRELOAD_ENABLE_VAR "="; nenvp[env_len] = NULL; } # endif /* Install new env pointer. */ envp = nenvp; #endif /* _PATH_SUDO_NOEXEC */ debug_return_const_ptr(envp); } /* * Like execve(2) but falls back to running through /bin/sh * ala execvp(3) if we get ENOEXEC. */ int sudo_execve(const char *path, char *const argv[], char *const envp[], int noexec) { /* Modify the environment as needed to disable further execve(). */ if (noexec) envp = disable_execute(envp); execve(path, argv, envp); if (errno == ENOEXEC) { int argc; char **nargv; for (argc = 0; argv[argc] != NULL; argc++) continue; nargv = emalloc2(argc + 2, sizeof(char *)); nargv[0] = "sh"; nargv[1] = (char *)path; memcpy(nargv + 2, argv + 1, argc * sizeof(char *)); execve(_PATH_BSHELL, nargv, envp); efree(nargv); } return -1; } sudo-1.8.9p5/src/exec_pty.c010064400175440000012000001231731226304127700151320ustar00millertstaff/* * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef TIME_WITH_SYS_TIME # include #endif #include #include #include #include #include "sudo.h" #include "sudo_event.h" #include "sudo_exec.h" #include "sudo_plugin.h" #include "sudo_plugin_int.h" #define SFD_STDIN 0 #define SFD_STDOUT 1 #define SFD_STDERR 2 #define SFD_MASTER 3 #define SFD_SLAVE 4 #define SFD_USERTTY 5 /* Evaluates to true if the event has /dev/tty as its fd. */ #define USERTTY_EVENT(_ev) (sudo_ev_get_fd((_ev)) == io_fds[SFD_USERTTY]) #define TERM_COOKED 0 #define TERM_RAW 1 /* Compatibility with older tty systems. */ #if !defined(TIOCGWINSZ) && defined(TIOCGSIZE) # define TIOCGWINSZ TIOCGSIZE # define TIOCSWINSZ TIOCSSIZE # define winsize ttysize #endif struct io_buffer { SLIST_ENTRY(io_buffer) entries; struct sudo_event *revent; struct sudo_event *wevent; bool (*action)(const char *buf, unsigned int len); int len; /* buffer length (how much produced) */ int off; /* write position (how much already consumed) */ char buf[32 * 1024]; }; SLIST_HEAD(io_buffer_list, io_buffer); static char slavename[PATH_MAX]; static bool foreground, pipeline, tty_initialized; static int io_fds[6] = { -1, -1, -1, -1, -1, -1}; static int ttymode = TERM_COOKED; static pid_t ppgrp, cmnd_pgrp, mon_pgrp; static sigset_t ttyblock; static struct io_buffer_list iobufs; static void del_io_events(void); static int exec_monitor(struct command_details *details, int backchannel); static void exec_pty(struct command_details *details, struct command_status *cstat, int errfd); static void sigwinch(int s); static void sync_ttysize(int src, int dst); static void deliver_signal(pid_t pid, int signo, bool from_parent); static int safe_close(int fd); static void ev_free_by_fd(struct sudo_event_base *evbase, int fd); static void check_foreground(void); /* * Cleanup hook for fatal()/fatalx() */ static void pty_cleanup(void) { debug_decl(cleanup, SUDO_DEBUG_EXEC); if (!TAILQ_EMPTY(&io_plugins) && io_fds[SFD_USERTTY] != -1) { check_foreground(); if (foreground) term_restore(io_fds[SFD_USERTTY], 0); } #ifdef HAVE_SELINUX selinux_restore_tty(); #endif utmp_logout(slavename, 0); /* XXX - only if CD_SET_UTMP */ debug_return; } /* * Generic handler for signals recieved by the monitor process. * The other end of signal_pipe is checked in the monitor event loop. */ #ifdef SA_SIGINFO static void mon_handler(int s, siginfo_t *info, void *context) { unsigned char signo = (unsigned char)s; /* * If the signal came from the command we ran, just ignore * it since we don't want the command to indirectly kill itself. * This can happen with, e.g. BSD-derived versions of reboot * that call kill(-1, SIGTERM) to kill all other processes. */ if (info != NULL && info->si_code == SI_USER && info->si_pid == cmnd_pid) return; /* * The pipe is non-blocking, if we overflow the kernel's pipe * buffer we drop the signal. This is not a problem in practice. */ ignore_result(write(signal_pipe[1], &signo, sizeof(signo))); } #else static void mon_handler(int s) { unsigned char signo = (unsigned char)s; /* * The pipe is non-blocking, if we overflow the kernel's pipe * buffer we drop the signal. This is not a problem in practice. */ ignore_result(write(signal_pipe[1], &signo, sizeof(signo))); } #endif /* * Allocate a pty if /dev/tty is a tty. * Fills in io_fds[SFD_USERTTY], io_fds[SFD_MASTER], io_fds[SFD_SLAVE] * and slavename globals. */ void pty_setup(uid_t uid, const char *tty, const char *utmp_user) { debug_decl(pty_setup, SUDO_DEBUG_EXEC); io_fds[SFD_USERTTY] = open(_PATH_TTY, O_RDWR|O_NOCTTY, 0); if (io_fds[SFD_USERTTY] != -1) { if (!get_pty(&io_fds[SFD_MASTER], &io_fds[SFD_SLAVE], slavename, sizeof(slavename), uid)) fatal(U_("unable to allocate pty")); /* Add entry to utmp/utmpx? */ if (utmp_user != NULL) utmp_login(tty, slavename, io_fds[SFD_SLAVE], utmp_user); } debug_return; } /* Call I/O plugin tty input log method. */ static bool log_ttyin(const char *buf, unsigned int n) { struct plugin_container *plugin; sigset_t omask; bool rval = true; debug_decl(log_ttyin, SUDO_DEBUG_EXEC); sigprocmask(SIG_BLOCK, &ttyblock, &omask); TAILQ_FOREACH(plugin, &io_plugins, entries) { if (plugin->u.io->log_ttyin) { if (!plugin->u.io->log_ttyin(buf, n)) { rval = false; break; } } } sigprocmask(SIG_SETMASK, &omask, NULL); debug_return_bool(rval); } /* Call I/O plugin stdin log method. */ static bool log_stdin(const char *buf, unsigned int n) { struct plugin_container *plugin; sigset_t omask; bool rval = true; debug_decl(log_stdin, SUDO_DEBUG_EXEC); sigprocmask(SIG_BLOCK, &ttyblock, &omask); TAILQ_FOREACH(plugin, &io_plugins, entries) { if (plugin->u.io->log_stdin) { if (!plugin->u.io->log_stdin(buf, n)) { rval = false; break; } } } sigprocmask(SIG_SETMASK, &omask, NULL); debug_return_bool(rval); } /* Call I/O plugin tty output log method. */ static bool log_ttyout(const char *buf, unsigned int n) { struct plugin_container *plugin; sigset_t omask; bool rval = true; debug_decl(log_ttyout, SUDO_DEBUG_EXEC); sigprocmask(SIG_BLOCK, &ttyblock, &omask); TAILQ_FOREACH(plugin, &io_plugins, entries) { if (plugin->u.io->log_ttyout) { if (!plugin->u.io->log_ttyout(buf, n)) { rval = false; break; } } } sigprocmask(SIG_SETMASK, &omask, NULL); debug_return_bool(rval); } /* Call I/O plugin stdout log method. */ static bool log_stdout(const char *buf, unsigned int n) { struct plugin_container *plugin; sigset_t omask; bool rval = true; debug_decl(log_stdout, SUDO_DEBUG_EXEC); sigprocmask(SIG_BLOCK, &ttyblock, &omask); TAILQ_FOREACH(plugin, &io_plugins, entries) { if (plugin->u.io->log_stdout) { if (!plugin->u.io->log_stdout(buf, n)) { rval = false; break; } } } sigprocmask(SIG_SETMASK, &omask, NULL); debug_return_bool(rval); } /* Call I/O plugin stderr log method. */ static bool log_stderr(const char *buf, unsigned int n) { struct plugin_container *plugin; sigset_t omask; bool rval = true; debug_decl(log_stderr, SUDO_DEBUG_EXEC); sigprocmask(SIG_BLOCK, &ttyblock, &omask); TAILQ_FOREACH(plugin, &io_plugins, entries) { if (plugin->u.io->log_stderr) { if (!plugin->u.io->log_stderr(buf, n)) { rval = false; break; } } } sigprocmask(SIG_SETMASK, &omask, NULL); debug_return_bool(rval); } /* * Check whether we are running in the foregroup. * Updates the foreground global and does lazy init of the * the pty slave as needed. */ static void check_foreground(void) { debug_decl(check_foreground, SUDO_DEBUG_EXEC); if (io_fds[SFD_USERTTY] != -1) { foreground = tcgetpgrp(io_fds[SFD_USERTTY]) == ppgrp; if (foreground && !tty_initialized) { if (term_copy(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE])) { tty_initialized = true; sync_ttysize(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE]); } } } debug_return; } /* * Suspend sudo if the underlying command is suspended. * Returns SIGCONT_FG if the command should be resumed in the * foreground or SIGCONT_BG if it is a background process. */ int suspend_parent(int signo) { char signame[SIG2STR_MAX]; sigaction_t sa, osa; int n, rval = 0; debug_decl(suspend_parent, SUDO_DEBUG_EXEC); switch (signo) { case SIGTTOU: case SIGTTIN: /* * If sudo is already the foreground process, just resume the command * in the foreground. If not, we'll suspend sudo and resume later. */ if (!foreground) check_foreground(); if (foreground) { if (ttymode != TERM_RAW) { do { n = term_raw(io_fds[SFD_USERTTY], 0); } while (!n && errno == EINTR); ttymode = TERM_RAW; } rval = SIGCONT_FG; /* resume command in foreground */ break; } /* FALLTHROUGH */ case SIGSTOP: case SIGTSTP: /* Flush any remaining output and deschedule I/O events. */ del_io_events(); /* Restore original tty mode before suspending. */ if (ttymode != TERM_COOKED) { do { n = term_restore(io_fds[SFD_USERTTY], 0); } while (!n && errno == EINTR); } if (sig2str(signo, signame) == -1) snprintf(signame, sizeof(signame), "%d", signo); /* Suspend self and continue command when we resume. */ if (signo != SIGSTOP) { memset(&sa, 0, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; sa.sa_handler = SIG_DFL; sudo_sigaction(signo, &sa, &osa); } sudo_debug_printf(SUDO_DEBUG_INFO, "kill parent SIG%s", signame); if (killpg(ppgrp, signo) != 0) warning("killpg(%d, SIG%s)", (int)ppgrp, signame); /* Check foreground/background status on resume. */ check_foreground(); /* * We always resume the command in the foreground if sudo itself * is the foreground process. This helps work around poorly behaved * programs that catch SIGTTOU/SIGTTIN but suspend themselves with * SIGSTOP. At worst, sudo will go into the background but upon * resume the command will be runnable. Otherwise, we can get into * a situation where the command will immediately suspend itself. */ sudo_debug_printf(SUDO_DEBUG_INFO, "parent is in %s, ttymode %d -> %d", foreground ? "foreground" : "background", ttymode, foreground ? TERM_RAW : TERM_COOKED); if (foreground) { /* Foreground process, set tty to raw mode. */ do { n = term_raw(io_fds[SFD_USERTTY], 0); } while (!n && errno == EINTR); ttymode = TERM_RAW; } else { /* Background process, no access to tty. */ ttymode = TERM_COOKED; } if (signo != SIGSTOP) sudo_sigaction(signo, &osa, NULL); rval = ttymode == TERM_RAW ? SIGCONT_FG : SIGCONT_BG; break; } debug_return_int(rval); } /* * Kill command with increasing urgency. */ void terminate_command(pid_t pid, bool use_pgrp) { debug_decl(terminate_command, SUDO_DEBUG_EXEC); /* * Note that SIGCHLD will interrupt the sleep() */ if (use_pgrp) { sudo_debug_printf(SUDO_DEBUG_INFO, "killpg %d SIGHUP", (int)pid); killpg(pid, SIGHUP); sudo_debug_printf(SUDO_DEBUG_INFO, "killpg %d SIGTERM", (int)pid); killpg(pid, SIGTERM); sleep(2); sudo_debug_printf(SUDO_DEBUG_INFO, "killpg %d SIGKILL", (int)pid); killpg(pid, SIGKILL); } else { sudo_debug_printf(SUDO_DEBUG_INFO, "kill %d SIGHUP", (int)pid); kill(pid, SIGHUP); sudo_debug_printf(SUDO_DEBUG_INFO, "kill %d SIGTERM", (int)pid); kill(pid, SIGTERM); sleep(2); sudo_debug_printf(SUDO_DEBUG_INFO, "kill %d SIGKILL", (int)pid); kill(pid, SIGKILL); } debug_return; } /* * Read/write an iobuf that is ready. */ static void io_callback(int fd, int what, void *v) { struct io_buffer *iob = v; struct sudo_event_base *evbase; int n; debug_decl(io_callback, SUDO_DEBUG_EXEC); if (ISSET(what, SUDO_EV_READ)) { evbase = sudo_ev_get_base(iob->revent); do { n = read(fd, iob->buf + iob->len, sizeof(iob->buf) - iob->len); } while (n == -1 && errno == EINTR); switch (n) { case -1: if (errno == EAGAIN) break; /* treat read error as fatal and close the fd */ sudo_debug_printf(SUDO_DEBUG_ERROR, "error reading fd %d: %s", fd, strerror(errno)); /* FALLTHROUGH */ case 0: /* got EOF or pty has gone away */ if (n == 0) { sudo_debug_printf(SUDO_DEBUG_INFO, "read EOF from fd %d", fd); } safe_close(fd); ev_free_by_fd(evbase, fd); /* If writer already consumed the buffer, close it too. */ if (iob->wevent != NULL && iob->off == iob->len) { safe_close(sudo_ev_get_fd(iob->wevent)); ev_free_by_fd(evbase, sudo_ev_get_fd(iob->wevent)); iob->off = iob->len = 0; } break; default: sudo_debug_printf(SUDO_DEBUG_INFO, "read %d bytes from fd %d", n, fd); if (!iob->action(iob->buf + iob->len, n)) terminate_command(cmnd_pid, true); iob->len += n; /* Enable writer if not /dev/tty or we are foreground pgrp. */ if (iob->wevent != NULL && (foreground || !USERTTY_EVENT(iob->wevent))) { if (sudo_ev_add(evbase, iob->wevent, NULL, false) == -1) fatal(U_("unable to add event to queue")); } /* Re-enable reader if buffer is not full. */ if (iob->len != sizeof(iob->buf)) { if (sudo_ev_add(evbase, iob->revent, NULL, false) == -1) fatal(U_("unable to add event to queue")); } break; } } if (ISSET(what, SUDO_EV_WRITE)) { evbase = sudo_ev_get_base(iob->wevent); do { n = write(fd, iob->buf + iob->off, iob->len - iob->off); } while (n == -1 && errno == EINTR); if (n == -1) { switch (errno) { case EPIPE: case ENXIO: case EIO: case EBADF: /* other end of pipe closed or pty revoked */ sudo_debug_printf(SUDO_DEBUG_INFO, "unable to write %d bytes to fd %d", iob->len - iob->off, fd); if (iob->revent != NULL) { safe_close(sudo_ev_get_fd(iob->revent)); ev_free_by_fd(evbase, sudo_ev_get_fd(iob->revent)); } safe_close(fd); ev_free_by_fd(evbase, fd); break; case EAGAIN: /* not an error */ break; default: #if 0 /* XXX -- how to set cstat? stash in iobufs instead? */ if (cstat != NULL) { cstat->type = CMD_ERRNO; cstat->val = errno; } #endif /* XXX */ sudo_debug_printf(SUDO_DEBUG_ERROR, "error writing fd %d: %s", fd, strerror(errno)); sudo_ev_loopbreak(evbase); break; } } else { sudo_debug_printf(SUDO_DEBUG_INFO, "wrote %d bytes to fd %d", n, fd); iob->off += n; /* Reset buffer if fully consumed. */ if (iob->off == iob->len) { iob->off = iob->len = 0; /* Forward the EOF from reader to writer. */ if (iob->revent == NULL) { safe_close(fd); ev_free_by_fd(evbase, fd); } } /* Re-enable writer if buffer is not empty. */ if (iob->len > iob->off) { if (sudo_ev_add(evbase, iob->wevent, NULL, false) == -1) fatal(U_("unable to add event to queue")); } /* Enable reader if buffer is not full. */ if (iob->revent != NULL && (ttymode == TERM_RAW || !USERTTY_EVENT(iob->revent))) { if (iob->len != sizeof(iob->buf)) { if (sudo_ev_add(evbase, iob->revent, NULL, false) == -1) fatal(U_("unable to add event to queue")); } } } } } static void io_buf_new(int rfd, int wfd, bool (*action)(const char *, unsigned int), struct io_buffer_list *head) { int n; struct io_buffer *iob; debug_decl(io_buf_new, SUDO_DEBUG_EXEC); /* Set non-blocking mode. */ n = fcntl(rfd, F_GETFL, 0); if (n != -1 && !ISSET(n, O_NONBLOCK)) (void) fcntl(rfd, F_SETFL, n | O_NONBLOCK); n = fcntl(wfd, F_GETFL, 0); if (n != -1 && !ISSET(n, O_NONBLOCK)) (void) fcntl(wfd, F_SETFL, n | O_NONBLOCK); /* Allocate and add to head of list. */ iob = emalloc(sizeof(*iob)); iob->revent = sudo_ev_alloc(rfd, SUDO_EV_READ, io_callback, iob); iob->wevent = sudo_ev_alloc(wfd, SUDO_EV_WRITE, io_callback, iob); iob->len = 0; iob->off = 0; iob->action = action; iob->buf[0] = '\0'; if (iob->revent == NULL || iob->wevent == NULL) fatal(NULL); SLIST_INSERT_HEAD(head, iob, entries); debug_return; } /* * Fork a monitor process which runs the actual command as its own child * process with std{in,out,err} hooked up to the pty or pipes as appropriate. * Returns the child pid. */ int fork_pty(struct command_details *details, int sv[], sigset_t *omask) { struct command_status cstat; int io_pipe[3][2], n; sigaction_t sa; sigset_t mask; pid_t child; debug_decl(fork_pty, SUDO_DEBUG_EXEC); ppgrp = getpgrp(); /* parent's pgrp, so child can signal us */ memset(&sa, 0, sizeof(sa)); sigemptyset(&sa.sa_mask); if (io_fds[SFD_USERTTY] != -1) { sa.sa_flags = SA_RESTART; sa.sa_handler = sigwinch; sudo_sigaction(SIGWINCH, &sa, NULL); } /* So we can block tty-generated signals */ sigemptyset(&ttyblock); sigaddset(&ttyblock, SIGINT); sigaddset(&ttyblock, SIGQUIT); sigaddset(&ttyblock, SIGTSTP); sigaddset(&ttyblock, SIGTTIN); sigaddset(&ttyblock, SIGTTOU); /* * Setup stdin/stdout/stderr for child, to be duped after forking. * In background mode there is no stdin. */ if (!ISSET(details->flags, CD_BACKGROUND)) io_fds[SFD_STDIN] = io_fds[SFD_SLAVE]; io_fds[SFD_STDOUT] = io_fds[SFD_SLAVE]; io_fds[SFD_STDERR] = io_fds[SFD_SLAVE]; if (io_fds[SFD_USERTTY] != -1) { /* Read from /dev/tty, write to pty master */ if (!ISSET(details->flags, CD_BACKGROUND)) { io_buf_new(io_fds[SFD_USERTTY], io_fds[SFD_MASTER], log_ttyin, &iobufs); } /* Read from pty master, write to /dev/tty */ io_buf_new(io_fds[SFD_MASTER], io_fds[SFD_USERTTY], log_ttyout, &iobufs); /* Are we the foreground process? */ foreground = tcgetpgrp(io_fds[SFD_USERTTY]) == ppgrp; } /* * If either stdin, stdout or stderr is not a tty we use a pipe * to interpose ourselves instead of duping the pty fd. */ memset(io_pipe, 0, sizeof(io_pipe)); if (io_fds[SFD_STDIN] == -1 || !isatty(STDIN_FILENO)) { sudo_debug_printf(SUDO_DEBUG_INFO, "stdin not a tty, creating a pipe"); pipeline = true; if (pipe(io_pipe[STDIN_FILENO]) != 0) fatal(U_("unable to create pipe")); io_buf_new(STDIN_FILENO, io_pipe[STDIN_FILENO][1], log_stdin, &iobufs); io_fds[SFD_STDIN] = io_pipe[STDIN_FILENO][0]; } if (io_fds[SFD_STDOUT] == -1 || !isatty(STDOUT_FILENO)) { sudo_debug_printf(SUDO_DEBUG_INFO, "stdout not a tty, creating a pipe"); pipeline = true; if (pipe(io_pipe[STDOUT_FILENO]) != 0) fatal(U_("unable to create pipe")); io_buf_new(io_pipe[STDOUT_FILENO][0], STDOUT_FILENO, log_stdout, &iobufs); io_fds[SFD_STDOUT] = io_pipe[STDOUT_FILENO][1]; } if (io_fds[SFD_STDERR] == -1 || !isatty(STDERR_FILENO)) { sudo_debug_printf(SUDO_DEBUG_INFO, "stderr not a tty, creating a pipe"); if (pipe(io_pipe[STDERR_FILENO]) != 0) fatal(U_("unable to create pipe")); io_buf_new(io_pipe[STDERR_FILENO][0], STDERR_FILENO, log_stderr, &iobufs); io_fds[SFD_STDERR] = io_pipe[STDERR_FILENO][1]; } /* We don't want to receive SIGTTIN/SIGTTOU, getting EIO is preferable. */ sa.sa_handler = SIG_IGN; sudo_sigaction(SIGTTIN, &sa, NULL); sudo_sigaction(SIGTTOU, &sa, NULL); /* Job control signals to relay from parent to child. */ sigfillset(&sa.sa_mask); sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */ #ifdef SA_SIGINFO sa.sa_flags |= SA_SIGINFO; sa.sa_sigaction = handler; #else sa.sa_handler = handler; #endif sudo_sigaction(SIGTSTP, &sa, NULL); if (foreground) { /* Copy terminal attrs from user tty -> pty slave. */ if (term_copy(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE])) { tty_initialized = true; sync_ttysize(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE]); } /* Start out in raw mode unless part of a pipeline or backgrounded. */ if (!pipeline && !ISSET(details->flags, CD_EXEC_BG)) { ttymode = TERM_RAW; do { n = term_raw(io_fds[SFD_USERTTY], 0); } while (!n && errno == EINTR); if (!n) fatal(U_("unable to set terminal to raw mode")); } } /* * The policy plugin's session init must be run before we fork * or certain pam modules won't be able to track their state. */ if (policy_init_session(details) != true) fatalx(U_("policy plugin failed session initialization")); /* * Block some signals until cmnd_pid is set in the parent to avoid a * race between exec of the command and receipt of a fatal signal from it. */ sigemptyset(&mask); sigaddset(&mask, SIGTERM); sigaddset(&mask, SIGHUP); sigaddset(&mask, SIGINT); sigaddset(&mask, SIGQUIT); sigprocmask(SIG_BLOCK, &mask, omask); child = sudo_debug_fork(); switch (child) { case -1: fatal(U_("unable to fork")); break; case 0: /* child */ close(sv[0]); close(signal_pipe[0]); close(signal_pipe[1]); fcntl(sv[1], F_SETFD, FD_CLOEXEC); sigprocmask(SIG_SETMASK, omask, NULL); /* Close the other end of the stdin/stdout/stderr pipes and exec. */ if (io_pipe[STDIN_FILENO][1]) close(io_pipe[STDIN_FILENO][1]); if (io_pipe[STDOUT_FILENO][0]) close(io_pipe[STDOUT_FILENO][0]); if (io_pipe[STDERR_FILENO][0]) close(io_pipe[STDERR_FILENO][0]); exec_monitor(details, sv[1]); cstat.type = CMD_ERRNO; cstat.val = errno; ignore_result(send(sv[1], &cstat, sizeof(cstat), 0)); _exit(1); } /* Close the other end of the stdin/stdout/stderr pipes. */ if (io_pipe[STDIN_FILENO][0]) close(io_pipe[STDIN_FILENO][0]); if (io_pipe[STDOUT_FILENO][1]) close(io_pipe[STDOUT_FILENO][1]); if (io_pipe[STDERR_FILENO][1]) close(io_pipe[STDERR_FILENO][1]); debug_return_int(child); } void pty_close(struct command_status *cstat) { struct io_buffer *iob; int n; debug_decl(pty_close, SUDO_DEBUG_EXEC); /* Flush any remaining output (the plugin already got it) */ if (io_fds[SFD_USERTTY] != -1) { n = fcntl(io_fds[SFD_USERTTY], F_GETFL, 0); if (n != -1 && ISSET(n, O_NONBLOCK)) { CLR(n, O_NONBLOCK); (void) fcntl(io_fds[SFD_USERTTY], F_SETFL, n); } } del_io_events(); /* Free I/O buffers. */ while ((iob = SLIST_FIRST(&iobufs)) != NULL) { SLIST_REMOVE_HEAD(&iobufs, entries); efree(iob); } /* Restore terminal settings. */ if (io_fds[SFD_USERTTY] != -1) { check_foreground(); if (foreground) { do { n = term_restore(io_fds[SFD_USERTTY], 0); } while (!n && errno == EINTR); } } /* If child was signalled, write the reason to stdout like the shell. */ if (cstat->type == CMD_WSTATUS && WIFSIGNALED(cstat->val)) { int signo = WTERMSIG(cstat->val); if (signo && signo != SIGINT && signo != SIGPIPE) { const char *reason = strsignal(signo); n = io_fds[SFD_USERTTY] != -1 ? io_fds[SFD_USERTTY] : STDOUT_FILENO; if (write(n, reason, strlen(reason)) != -1) { if (WCOREDUMP(cstat->val)) { ignore_result(write(n, " (core dumped)", 14)); } ignore_result(write(n, "\n", 1)); } } } utmp_logout(slavename, cstat->type == CMD_WSTATUS ? cstat->val : 0); /* XXX - only if CD_SET_UTMP */ debug_return; } /* * Schedule I/O events before starting the main event loop or * resuming from suspend. */ void add_io_events(struct sudo_event_base *evbase) { struct io_buffer *iob; debug_decl(add_io_events, SUDO_DEBUG_EXEC); /* * Schedule all readers as long as the buffer is not full. * Schedule writers that contain buffered data. * Normally, write buffers are added on demand when data is read. */ SLIST_FOREACH(iob, &iobufs, entries) { /* Don't read/write from /dev/tty if we are not in the foreground. */ if (iob->revent != NULL && (ttymode == TERM_RAW || !USERTTY_EVENT(iob->revent))) { if (iob->len != sizeof(iob->buf)) { sudo_debug_printf(SUDO_DEBUG_INFO, "added I/O revent %p, fd %d, events %d", iob->revent, iob->revent->fd, iob->revent->events); if (sudo_ev_add(evbase, iob->revent, NULL, false) == -1) fatal(U_("unable to add event to queue")); } } if (iob->wevent != NULL && (foreground || !USERTTY_EVENT(iob->wevent))) { if (iob->len > iob->off) { sudo_debug_printf(SUDO_DEBUG_INFO, "added I/O wevent %p, fd %d, events %d", iob->wevent, iob->wevent->fd, iob->wevent->events); if (sudo_ev_add(evbase, iob->wevent, NULL, false) == -1) fatal(U_("unable to add event to queue")); } } } debug_return; } /* * Flush any output buffered in iobufs or readable from fds other * than /dev/tty. Removes I/O events from the event base when done. */ static void del_io_events(void) { struct io_buffer *iob; struct sudo_event_base *evbase; debug_decl(del_io_events, SUDO_DEBUG_EXEC); /* Remove iobufs from existing event base. */ SLIST_FOREACH(iob, &iobufs, entries) { if (iob->revent != NULL) { sudo_debug_printf(SUDO_DEBUG_INFO, "deleted I/O revent %p, fd %d, events %d", iob->revent, iob->revent->fd, iob->revent->events); sudo_ev_del(NULL, iob->revent); } if (iob->wevent != NULL) { sudo_debug_printf(SUDO_DEBUG_INFO, "deleted I/O wevent %p, fd %d, events %d", iob->wevent, iob->wevent->fd, iob->wevent->events); sudo_ev_del(NULL, iob->wevent); } } /* Create temporary event base for flushing. */ evbase = sudo_ev_base_alloc(); if (evbase == NULL) fatal(NULL); /* Avoid reading from /dev/tty, just flush existing data. */ SLIST_FOREACH(iob, &iobufs, entries) { /* Don't read from /dev/tty while flushing. */ if (iob->revent != NULL && !USERTTY_EVENT(iob->revent)) { if (iob->len != sizeof(iob->buf)) { if (sudo_ev_add(evbase, iob->revent, NULL, false) == -1) fatal(U_("unable to add event to queue")); } } /* Flush any write buffers with data in them. */ if (iob->wevent != NULL) { if (iob->len > iob->off) { if (sudo_ev_add(evbase, iob->wevent, NULL, false) == -1) fatal(U_("unable to add event to queue")); } } } (void) sudo_ev_loop(evbase, SUDO_EVLOOP_NONBLOCK); /* Free temporary event base, removing its events. */ sudo_ev_base_free(evbase); debug_return; } static void deliver_signal(pid_t pid, int signo, bool from_parent) { char signame[SIG2STR_MAX]; int status; debug_decl(deliver_signal, SUDO_DEBUG_EXEC); if (signo == SIGCONT_FG) strlcpy(signame, "CONT_FG", sizeof(signame)); else if (signo == SIGCONT_BG) strlcpy(signame, "CONT_BG", sizeof(signame)); else if (sig2str(signo, signame) == -1) snprintf(signame, sizeof(signame), "%d", signo); /* Handle signal from parent. */ sudo_debug_printf(SUDO_DEBUG_INFO, "received SIG%s%s", signame, from_parent ? " from parent" : ""); switch (signo) { case SIGALRM: terminate_command(pid, true); break; case SIGCONT_FG: /* Continue in foreground, grant it controlling tty. */ do { status = tcsetpgrp(io_fds[SFD_SLAVE], cmnd_pgrp); } while (status == -1 && errno == EINTR); killpg(pid, SIGCONT); break; case SIGCONT_BG: /* Continue in background, I take controlling tty. */ do { status = tcsetpgrp(io_fds[SFD_SLAVE], mon_pgrp); } while (status == -1 && errno == EINTR); killpg(pid, SIGCONT); break; case SIGKILL: _exit(1); /* XXX */ /* NOTREACHED */ default: /* Relay signal to command. */ killpg(pid, signo); break; } debug_return; } /* * Send status to parent over socketpair. * Return value is the same as send(2). */ static int send_status(int fd, struct command_status *cstat) { int n = -1; debug_decl(send_status, SUDO_DEBUG_EXEC); if (cstat->type != CMD_INVALID) { sudo_debug_printf(SUDO_DEBUG_INFO, "sending status message to parent: [%d, %d]", cstat->type, cstat->val); do { n = send(fd, cstat, sizeof(*cstat), 0); } while (n == -1 && errno == EINTR); if (n != sizeof(*cstat)) { sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to send status to parent: %s", strerror(errno)); } cstat->type = CMD_INVALID; /* prevent re-sending */ } debug_return_int(n); } /* * Wait for command status after receiving SIGCHLD. * If the command was stopped, the status is send back to the parent. * Otherwise, cstat is filled in but not sent. * Returns true if command is still alive, else false. */ static bool handle_sigchld(int backchannel, struct command_status *cstat) { bool alive = true; int status; pid_t pid; debug_decl(handle_sigchld, SUDO_DEBUG_EXEC); /* read command status */ do { pid = waitpid(cmnd_pid, &status, WUNTRACED|WNOHANG); } while (pid == -1 && errno == EINTR); if (pid == cmnd_pid) { if (cstat->type != CMD_ERRNO) { char signame[SIG2STR_MAX]; cstat->type = CMD_WSTATUS; cstat->val = status; if (WIFSTOPPED(status)) { if (sig2str(WSTOPSIG(status), signame) == -1) snprintf(signame, sizeof(signame), "%d", WSTOPSIG(status)); sudo_debug_printf(SUDO_DEBUG_INFO, "command stopped, SIG%s", signame); /* Saved the foreground pgid so we can restore it later. */ do { pid = tcgetpgrp(io_fds[SFD_SLAVE]); } while (pid == -1 && errno == EINTR); if (pid != mon_pgrp) cmnd_pgrp = pid; if (send_status(backchannel, cstat) == -1) return alive; /* XXX */ } else if (WIFSIGNALED(status)) { if (sig2str(WTERMSIG(status), signame) == -1) snprintf(signame, sizeof(signame), "%d", WTERMSIG(status)); sudo_debug_printf(SUDO_DEBUG_INFO, "command killed, SIG%s", signame); } else { sudo_debug_printf(SUDO_DEBUG_INFO, "command exited: %d", WEXITSTATUS(status)); } } if (!WIFSTOPPED(status)) alive = false; } debug_return_bool(alive); } struct monitor_closure { struct sudo_event_base *evbase; struct sudo_event *errpipe_event; struct sudo_event *backchannel_event; struct sudo_event *signal_pipe_event; struct command_status *cstat; int backchannel; bool alive; }; static void mon_signal_pipe_cb(int fd, int what, void *v) { struct monitor_closure *mc = v; unsigned char signo; ssize_t n; debug_decl(mon_signal_pipe_cb, SUDO_DEBUG_EXEC); n = read(fd, &signo, sizeof(signo)); if (n == -1) { if (errno != EINTR && errno != EAGAIN) { warning(U_("error reading from signal pipe")); sudo_ev_loopbreak(mc->evbase); } } else { /* * Handle SIGCHLD specially and deliver other signals * directly to the command. */ if (signo == SIGCHLD) { mc->alive = handle_sigchld(mc->backchannel, mc->cstat); if (!mc->alive) { /* Remove all but the errpipe event. */ sudo_ev_del(mc->evbase, mc->backchannel_event); sudo_ev_del(mc->evbase, mc->signal_pipe_event); } } else { deliver_signal(cmnd_pid, signo, false); } } debug_return; } static void mon_errpipe_cb(int fd, int what, void *v) { struct monitor_closure *mc = v; ssize_t n; debug_decl(mon_errpipe_cb, SUDO_DEBUG_EXEC); /* read errno or EOF from command pipe */ n = read(fd, mc->cstat, sizeof(struct command_status)); if (n == -1) { if (errno != EINTR && errno != EAGAIN) { warning(U_("error reading from pipe")); sudo_ev_loopbreak(mc->evbase); } } else { /* Got errno or EOF, either way we are done with errpipe. */ sudo_ev_del(mc->evbase, mc->errpipe_event); close(fd); } debug_return; } static void mon_backchannel_cb(int fd, int what, void *v) { struct monitor_closure *mc = v; struct command_status cstmp; ssize_t n; debug_decl(mon_backchannel_cb, SUDO_DEBUG_EXEC); /* read command from backchannel, should be a signal */ n = recv(fd, &cstmp, sizeof(cstmp), MSG_WAITALL); if (n != sizeof(cstmp)) { if (n == -1) { if (errno == EINTR || errno == EAGAIN) debug_return; warning(U_("error reading from socketpair")); } else { /* short read or EOF, parent process died? */ } sudo_ev_loopbreak(mc->evbase); } else { if (cstmp.type == CMD_SIGNO) { deliver_signal(cmnd_pid, cstmp.val, true); } else { warningx(U_("unexpected reply type on backchannel: %d"), cstmp.type); } } debug_return; } /* * Monitor process that creates a new session with the controlling tty, * resets signal handlers and forks a child to call exec_pty(). * Waits for status changes from the command and relays them to the * parent and relays signals from the parent to the command. * Returns an error if fork(2) fails, else calls _exit(2). */ static int exec_monitor(struct command_details *details, int backchannel) { struct command_status cstat; struct sudo_event_base *evbase; struct monitor_closure mc; sigaction_t sa; int errpipe[2], n; debug_decl(exec_monitor, SUDO_DEBUG_EXEC); /* Close unused fds. */ if (io_fds[SFD_MASTER] != -1) close(io_fds[SFD_MASTER]); if (io_fds[SFD_USERTTY] != -1) close(io_fds[SFD_USERTTY]); /* * We use a pipe to atomically handle signal notification within * the event loop. */ if (pipe_nonblock(signal_pipe) != 0) fatal(U_("unable to create pipe")); /* Reset SIGWINCH and SIGALRM. */ memset(&sa, 0, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; sa.sa_handler = SIG_DFL; sudo_sigaction(SIGWINCH, &sa, NULL); sudo_sigaction(SIGALRM, &sa, NULL); /* Ignore any SIGTTIN or SIGTTOU we get. */ sa.sa_handler = SIG_IGN; sudo_sigaction(SIGTTIN, &sa, NULL); sudo_sigaction(SIGTTOU, &sa, NULL); /* Block all signals in mon_handler(). */ sigfillset(&sa.sa_mask); /* Note: HP-UX poll() will not be interrupted if SA_RESTART is set. */ sa.sa_flags = SA_INTERRUPT; #ifdef SA_SIGINFO sa.sa_flags |= SA_SIGINFO; sa.sa_sigaction = mon_handler; #else sa.sa_handler = mon_handler; #endif sudo_sigaction(SIGCHLD, &sa, NULL); /* Catch common signals so we can cleanup properly. */ sa.sa_flags = SA_RESTART; #ifdef SA_SIGINFO sa.sa_flags |= SA_SIGINFO; sa.sa_sigaction = mon_handler; #else sa.sa_handler = mon_handler; #endif sudo_sigaction(SIGHUP, &sa, NULL); sudo_sigaction(SIGINT, &sa, NULL); sudo_sigaction(SIGQUIT, &sa, NULL); sudo_sigaction(SIGTERM, &sa, NULL); sudo_sigaction(SIGTSTP, &sa, NULL); sudo_sigaction(SIGUSR1, &sa, NULL); sudo_sigaction(SIGUSR2, &sa, NULL); /* * Start a new session with the parent as the session leader * and the slave pty as the controlling terminal. * This allows us to be notified when the command has been suspended. */ if (setsid() == -1) { warning("setsid"); goto bad; } if (io_fds[SFD_SLAVE] != -1) { #ifdef TIOCSCTTY if (ioctl(io_fds[SFD_SLAVE], TIOCSCTTY, NULL) != 0) fatal(U_("unable to set controlling tty")); #else /* Set controlling tty by reopening slave. */ if ((n = open(slavename, O_RDWR)) >= 0) close(n); #endif } mon_pgrp = getpgrp(); /* save a copy of our process group */ /* * If stdin/stdout is not a tty, start command in the background * since it might be part of a pipeline that reads from /dev/tty. * In this case, we rely on the command receiving SIGTTOU or SIGTTIN * when it needs access to the controlling tty. */ if (pipeline) foreground = false; /* Start command and wait for it to stop or exit */ if (pipe(errpipe) == -1) fatal(U_("unable to create pipe")); cmnd_pid = sudo_debug_fork(); if (cmnd_pid == -1) { warning(U_("unable to fork")); goto bad; } if (cmnd_pid == 0) { /* We pass errno back to our parent via pipe on exec failure. */ close(backchannel); close(signal_pipe[0]); close(signal_pipe[1]); close(errpipe[0]); fcntl(errpipe[1], F_SETFD, FD_CLOEXEC); restore_signals(); /* setup tty and exec command */ exec_pty(details, &cstat, errpipe[1]); ignore_result(write(errpipe[1], &cstat, sizeof(cstat))); _exit(1); } close(errpipe[1]); /* Send the command's pid to main sudo process. */ cstat.type = CMD_PID; cstat.val = cmnd_pid; ignore_result(send(backchannel, &cstat, sizeof(cstat), 0)); /* If any of stdin/stdout/stderr are pipes, close them in parent. */ if (io_fds[SFD_STDIN] != io_fds[SFD_SLAVE]) close(io_fds[SFD_STDIN]); if (io_fds[SFD_STDOUT] != io_fds[SFD_SLAVE]) close(io_fds[SFD_STDOUT]); if (io_fds[SFD_STDERR] != io_fds[SFD_SLAVE]) close(io_fds[SFD_STDERR]); /* Put command in its own process group. */ cmnd_pgrp = cmnd_pid; setpgid(cmnd_pid, cmnd_pgrp); /* Make the command the foreground process for the pty slave. */ if (foreground && !ISSET(details->flags, CD_EXEC_BG)) { do { n = tcsetpgrp(io_fds[SFD_SLAVE], cmnd_pgrp); } while (n == -1 && errno == EINTR); } /* * Create new event base and register read events for the * signal pipe, error pipe, and backchannel. */ evbase = sudo_ev_base_alloc(); if (evbase == NULL) fatal(NULL); memset(&cstat, 0, sizeof(cstat)); mc.cstat = &cstat; mc.evbase = evbase; mc.backchannel = backchannel; mc.alive = true; mc.signal_pipe_event = sudo_ev_alloc(signal_pipe[0], SUDO_EV_READ|SUDO_EV_PERSIST, mon_signal_pipe_cb, &mc); if (mc.signal_pipe_event == NULL) fatal(NULL); if (sudo_ev_add(evbase, mc.signal_pipe_event, NULL, false) == -1) fatal(U_("unable to add event to queue")); mc.errpipe_event = sudo_ev_alloc(errpipe[0], SUDO_EV_READ|SUDO_EV_PERSIST, mon_errpipe_cb, &mc); if (mc.errpipe_event == NULL) fatal(NULL); if (sudo_ev_add(evbase, mc.errpipe_event, NULL, false) == -1) fatal(U_("unable to add event to queue")); mc.backchannel_event = sudo_ev_alloc(backchannel, SUDO_EV_READ|SUDO_EV_PERSIST, mon_backchannel_cb, &mc); if (mc.backchannel_event == NULL) fatal(NULL); if (sudo_ev_add(evbase, mc.backchannel_event, NULL, false) == -1) fatal(U_("unable to add event to queue")); /* * Wait for errno on pipe, signal on backchannel or for SIGCHLD. * The event loop ends when the child is no longer running and * the error pipe is closed. */ (void) sudo_ev_loop(evbase, 0); if (mc.alive) { /* XXX An error occurred, should send a message back. */ sudo_debug_printf(SUDO_DEBUG_ERROR, "Command still running after event loop exit, sending SIGKILL"); kill(cmnd_pid, SIGKILL); } else { /* Send parent status. */ send_status(backchannel, &cstat); } sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, 1); _exit(1); bad: debug_return_int(errno); } /* * Sets up std{in,out,err} and executes the actual command. * Returns only if execve() fails. */ static void exec_pty(struct command_details *details, struct command_status *cstat, int errfd) { pid_t self = getpid(); debug_decl(exec_pty, SUDO_DEBUG_EXEC); /* Register cleanup function */ fatal_callback_register(pty_cleanup); /* Set command process group here too to avoid a race. */ setpgid(0, self); /* Wire up standard fds, note that stdout/stderr may be pipes. */ if (dup2(io_fds[SFD_STDIN], STDIN_FILENO) == -1 || dup2(io_fds[SFD_STDOUT], STDOUT_FILENO) == -1 || dup2(io_fds[SFD_STDERR], STDERR_FILENO) == -1) fatal("dup2"); /* Wait for parent to grant us the tty if we are foreground. */ if (foreground && !ISSET(details->flags, CD_EXEC_BG)) { while (tcgetpgrp(io_fds[SFD_SLAVE]) != self) ; /* spin */ } /* We have guaranteed that the slave fd is > 2 */ if (io_fds[SFD_SLAVE] != -1) close(io_fds[SFD_SLAVE]); if (io_fds[SFD_STDIN] != io_fds[SFD_SLAVE]) close(io_fds[SFD_STDIN]); if (io_fds[SFD_STDOUT] != io_fds[SFD_SLAVE]) close(io_fds[SFD_STDOUT]); if (io_fds[SFD_STDERR] != io_fds[SFD_SLAVE]) close(io_fds[SFD_STDERR]); /* Execute command; only returns on error. */ exec_cmnd(details, cstat, errfd); debug_return; } /* * Propagates tty size change signals to pty being used by the command. */ static void sync_ttysize(int src, int dst) { #ifdef TIOCGWINSZ struct winsize wsize; pid_t pgrp; debug_decl(sync_ttysize, SUDO_DEBUG_EXEC); if (ioctl(src, TIOCGWINSZ, &wsize) == 0) { ioctl(dst, TIOCSWINSZ, &wsize); if ((pgrp = tcgetpgrp(dst)) != -1) killpg(pgrp, SIGWINCH); } debug_return; #endif } /* * Handler for SIGWINCH in parent. */ static void sigwinch(int s) { int serrno = errno; sync_ttysize(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE]); errno = serrno; } /* * Remove and free any events associated with the specified * file descriptor present in the I/O buffers list. */ static void ev_free_by_fd(struct sudo_event_base *evbase, int fd) { struct io_buffer *iob; debug_decl(ev_free_by_fd, SUDO_DEBUG_EXEC); /* Deschedule any users of the fd and free up the events. */ SLIST_FOREACH(iob, &iobufs, entries) { if (iob->revent != NULL) { if (sudo_ev_get_fd(iob->revent) == fd) { sudo_debug_printf(SUDO_DEBUG_INFO, "%s: deleting and freeing revent %p with fd %d", __func__, iob->revent, fd); sudo_ev_del(evbase, iob->revent); sudo_ev_free(iob->revent); iob->revent = NULL; } } if (iob->wevent != NULL) { if (sudo_ev_get_fd(iob->wevent) == fd) { sudo_debug_printf(SUDO_DEBUG_INFO, "%s: deleting and freeing wevent %p with fd %d", __func__, iob->wevent, fd); sudo_ev_del(evbase, iob->wevent); sudo_ev_free(iob->wevent); iob->wevent = NULL; } } } debug_return; } /* * Only close the fd if it is not /dev/tty or std{in,out,err}. * Return value is the same as close(2). */ static int safe_close(int fd) { debug_decl(safe_close, SUDO_DEBUG_EXEC); /* Avoid closing /dev/tty or std{in,out,err}. */ if (fd < 3 || fd == io_fds[SFD_USERTTY]) { sudo_debug_printf(SUDO_DEBUG_INFO, "%s: not closing fd %d (/dev/tty)", __func__, fd); errno = EINVAL; debug_return_int(-1); } sudo_debug_printf(SUDO_DEBUG_INFO, "%s: closing fd %d", __func__, fd); debug_return_int(close(fd)); } sudo-1.8.9p5/src/get_pty.c010064400175440000012000000112511226304126300147510ustar00millertstaff/* * Copyright (c) 2009-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #ifdef HAVE_SYS_STROPTS_H #include #endif /* HAVE_SYS_STROPTS_H */ #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include #if defined(HAVE_LIBUTIL_H) # include #elif defined(HAVE_UTIL_H) # include #endif #ifdef HAVE_PTY_H # include #endif #include "sudo.h" #if defined(HAVE_OPENPTY) int get_pty(int *master, int *slave, char *name, size_t namesz, uid_t ttyuid) { struct group *gr; gid_t ttygid = -1; int rval = 0; debug_decl(get_pty, SUDO_DEBUG_PTY) if ((gr = getgrnam("tty")) != NULL) ttygid = gr->gr_gid; if (openpty(master, slave, name, NULL, NULL) == 0) { if (chown(name, ttyuid, ttygid) == 0) rval = 1; } debug_return_bool(rval); } #elif defined(HAVE__GETPTY) int get_pty(int *master, int *slave, char *name, size_t namesz, uid_t ttyuid) { char *line; int rval = 0; debug_decl(get_pty, SUDO_DEBUG_PTY) /* IRIX-style dynamic ptys (may fork) */ line = _getpty(master, O_RDWR, S_IRUSR|S_IWUSR|S_IWGRP, 0); if (line != NULL) { *slave = open(line, O_RDWR|O_NOCTTY, 0); if (*slave != -1) { (void) chown(line, ttyuid, -1); strlcpy(name, line, namesz); rval = 1; } else { close(*master); *master = -1; } } debug_return_bool(rval); } #elif defined(HAVE_GRANTPT) # ifndef HAVE_POSIX_OPENPT static int posix_openpt(int oflag) { int fd; # ifdef _AIX fd = open("/dev/ptc", oflag); # else fd = open("/dev/ptmx", oflag); # endif return fd; } # endif /* HAVE_POSIX_OPENPT */ int get_pty(int *master, int *slave, char *name, size_t namesz, uid_t ttyuid) { char *line; int rval = 0; debug_decl(get_pty, SUDO_DEBUG_PTY) *master = posix_openpt(O_RDWR|O_NOCTTY); if (*master != -1) { (void) grantpt(*master); /* may fork */ if (unlockpt(*master) != 0) { close(*master); goto done; } line = ptsname(*master); if (line == NULL) { close(*master); goto done; } *slave = open(line, O_RDWR|O_NOCTTY, 0); if (*slave == -1) { close(*master); goto done; } # if defined(I_PUSH) && !defined(_AIX) ioctl(*slave, I_PUSH, "ptem"); /* pseudo tty emulation module */ ioctl(*slave, I_PUSH, "ldterm"); /* line discipline module */ # endif (void) chown(line, ttyuid, -1); strlcpy(name, line, namesz); rval = 1; } done: debug_return_bool(rval); } #else /* Old-style BSD ptys */ static char line[] = "/dev/ptyXX"; int get_pty(int *master, int *slave, char *name, size_t namesz, uid_t ttyuid) { char *bank, *cp; struct group *gr; gid_t ttygid = -1; int rval = 0; debug_decl(get_pty, SUDO_DEBUG_PTY) if ((gr = getgrnam("tty")) != NULL) ttygid = gr->gr_gid; for (bank = "pqrs"; *bank != '\0'; bank++) { line[sizeof("/dev/ptyX") - 2] = *bank; for (cp = "0123456789abcdef"; *cp != '\0'; cp++) { line[sizeof("/dev/ptyXX") - 2] = *cp; *master = open(line, O_RDWR|O_NOCTTY, 0); if (*master == -1) { if (errno == ENOENT) goto done; /* out of ptys */ continue; /* already in use */ } line[sizeof("/dev/p") - 2] = 't'; (void) chown(line, ttyuid, ttygid); (void) chmod(line, S_IRUSR|S_IWUSR|S_IWGRP); # ifdef HAVE_REVOKE (void) revoke(line); # endif *slave = open(line, O_RDWR|O_NOCTTY, 0); if (*slave != -1) { strlcpy(name, line, namesz); rval = 1; /* success */ goto done; } (void) close(*master); } } done: debug_return(rval); } #endif /* HAVE_OPENPTY */ sudo-1.8.9p5/src/hooks.c010064400175440000012000000163201226304126300144230ustar00millertstaff/* * Copyright (c) 2012-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include "sudo.h" #include "sudo_plugin.h" #include "sudo_plugin_int.h" #include "sudo_debug.h" #include "queue.h" /* Singly linked hook list. */ struct sudo_hook_entry { SLIST_ENTRY(sudo_hook_entry) entries; union { sudo_hook_fn_t generic_fn; sudo_hook_fn_setenv_t setenv_fn; sudo_hook_fn_unsetenv_t unsetenv_fn; sudo_hook_fn_getenv_t getenv_fn; sudo_hook_fn_putenv_t putenv_fn; } u; void *closure; }; SLIST_HEAD(sudo_hook_list, sudo_hook_entry); /* Each hook type gets own hook list. */ static struct sudo_hook_list sudo_hook_setenv_list = SLIST_HEAD_INITIALIZER(sudo_hook_setenv_list); static struct sudo_hook_list sudo_hook_unsetenv_list = SLIST_HEAD_INITIALIZER(sudo_hook_unsetenv_list); static struct sudo_hook_list sudo_hook_getenv_list = SLIST_HEAD_INITIALIZER(sudo_hook_getenv_list); static struct sudo_hook_list sudo_hook_putenv_list = SLIST_HEAD_INITIALIZER(sudo_hook_putenv_list); /* NOTE: must not anything that might call setenv() */ int process_hooks_setenv(const char *name, const char *value, int overwrite) { struct sudo_hook_entry *hook; int rc = SUDO_HOOK_RET_NEXT; /* First process the hooks. */ SLIST_FOREACH(hook, &sudo_hook_setenv_list, entries) { rc = hook->u.setenv_fn(name, value, overwrite, hook->closure); switch (rc) { case SUDO_HOOK_RET_NEXT: break; case SUDO_HOOK_RET_ERROR: case SUDO_HOOK_RET_STOP: goto done; default: warningx_nodebug("invalid setenv hook return value: %d", rc); break; } } done: return rc; } /* NOTE: must not anything that might call putenv() */ int process_hooks_putenv(char *string) { struct sudo_hook_entry *hook; int rc = SUDO_HOOK_RET_NEXT; /* First process the hooks. */ SLIST_FOREACH(hook, &sudo_hook_putenv_list, entries) { rc = hook->u.putenv_fn(string, hook->closure); switch (rc) { case SUDO_HOOK_RET_NEXT: break; case SUDO_HOOK_RET_ERROR: case SUDO_HOOK_RET_STOP: goto done; default: warningx_nodebug("invalid putenv hook return value: %d", rc); break; } } done: return rc; } /* NOTE: must not anything that might call getenv() */ int process_hooks_getenv(const char *name, char **value) { struct sudo_hook_entry *hook; char *val = NULL; int rc = SUDO_HOOK_RET_NEXT; /* First process the hooks. */ SLIST_FOREACH(hook, &sudo_hook_getenv_list, entries) { rc = hook->u.getenv_fn(name, &val, hook->closure); switch (rc) { case SUDO_HOOK_RET_NEXT: break; case SUDO_HOOK_RET_ERROR: case SUDO_HOOK_RET_STOP: goto done; default: warningx_nodebug("invalid getenv hook return value: %d", rc); break; } } done: if (val != NULL) *value = val; return rc; } /* NOTE: must not anything that might call unsetenv() */ int process_hooks_unsetenv(const char *name) { struct sudo_hook_entry *hook; int rc = SUDO_HOOK_RET_NEXT; /* First process the hooks. */ SLIST_FOREACH(hook, &sudo_hook_unsetenv_list, entries) { rc = hook->u.unsetenv_fn(name, hook->closure); switch (rc) { case SUDO_HOOK_RET_NEXT: break; case SUDO_HOOK_RET_ERROR: case SUDO_HOOK_RET_STOP: goto done; default: warningx_nodebug("invalid unsetenv hook return value: %d", rc); break; } } done: return rc; } /* Hook registration internals. */ static void register_hook_internal(struct sudo_hook_list *head, int (*hook_fn)(), void *closure) { struct sudo_hook_entry *hook; debug_decl(register_hook_internal, SUDO_DEBUG_HOOKS) hook = ecalloc(1, sizeof(*hook)); hook->u.generic_fn = hook_fn; hook->closure = closure; SLIST_INSERT_HEAD(head, hook, entries); debug_return; } /* Register the specified hook. */ int register_hook(struct sudo_hook *hook) { int rval = 0; debug_decl(register_hook, SUDO_DEBUG_HOOKS) if (SUDO_HOOK_VERSION_GET_MAJOR(hook->hook_version) != SUDO_HOOK_VERSION_MAJOR) { /* Major versions must match. */ rval = -1; } else { switch (hook->hook_type) { case SUDO_HOOK_GETENV: register_hook_internal(&sudo_hook_getenv_list, hook->hook_fn, hook->closure); break; case SUDO_HOOK_PUTENV: register_hook_internal(&sudo_hook_putenv_list, hook->hook_fn, hook->closure); break; case SUDO_HOOK_SETENV: register_hook_internal(&sudo_hook_setenv_list, hook->hook_fn, hook->closure); break; case SUDO_HOOK_UNSETENV: register_hook_internal(&sudo_hook_unsetenv_list, hook->hook_fn, hook->closure); break; default: /* XXX - use define for unknown value */ rval = 1; break; } } debug_return_int(rval); } /* Hook deregistration internals. */ static void deregister_hook_internal(struct sudo_hook_list *head, int (*hook_fn)(), void *closure) { struct sudo_hook_entry *hook, *prev = NULL; debug_decl(deregister_hook_internal, SUDO_DEBUG_HOOKS) SLIST_FOREACH(hook, head, entries) { if (hook->u.generic_fn == hook_fn && hook->closure == closure) { /* Remove from list and free. */ if (prev == NULL) SLIST_REMOVE_HEAD(head, entries); else SLIST_REMOVE_AFTER(prev, entries); efree(hook); break; } prev = hook; } debug_return; } /* Deregister the specified hook. */ int deregister_hook(struct sudo_hook *hook) { int rval = 0; debug_decl(deregister_hook, SUDO_DEBUG_HOOKS) if (SUDO_HOOK_VERSION_GET_MAJOR(hook->hook_version) != SUDO_HOOK_VERSION_MAJOR) { /* Major versions must match. */ rval = -1; } else { switch (hook->hook_type) { case SUDO_HOOK_GETENV: deregister_hook_internal(&sudo_hook_getenv_list, hook->hook_fn, hook->closure); break; case SUDO_HOOK_PUTENV: deregister_hook_internal(&sudo_hook_putenv_list, hook->hook_fn, hook->closure); break; case SUDO_HOOK_SETENV: deregister_hook_internal(&sudo_hook_setenv_list, hook->hook_fn, hook->closure); break; case SUDO_HOOK_UNSETENV: deregister_hook_internal(&sudo_hook_unsetenv_list, hook->hook_fn, hook->closure); break; default: /* XXX - use define for unknown value */ rval = 1; break; } } debug_return_int(rval); } sudo-1.8.9p5/src/load_plugins.c010064400175440000012000000247731226304127700160000ustar00millertstaff/* * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include "sudo.h" #include "sudo_plugin.h" #include "sudo_plugin_int.h" #include "sudo_conf.h" #include "sudo_dso.h" #include "sudo_debug.h" /* We always use the same name for the sudoers plugin, regardless of the OS */ #define SUDOERS_PLUGIN "sudoers.so" #ifdef _PATH_SUDO_PLUGIN_DIR static int sudo_stat_plugin(struct plugin_info *info, char *fullpath, size_t pathsize, struct stat *sb) { int status = -1; debug_decl(sudo_stat_plugin, SUDO_DEBUG_PLUGIN) if (info->path[0] == '/') { if (strlcpy(fullpath, info->path, pathsize) >= pathsize) { warningx(U_("error in %s, line %d while loading plugin `%s'"), _PATH_SUDO_CONF, info->lineno, info->symbol_name); warningx(U_("%s: %s"), info->path, strerror(ENAMETOOLONG)); goto done; } status = stat(fullpath, sb); } else { int len; #ifdef STATIC_SUDOERS_PLUGIN /* Check static symbols. */ if (strcmp(info->path, SUDOERS_PLUGIN) == 0) { if (strlcpy(fullpath, info->path, pathsize) >= pathsize) { warningx(U_("error in %s, line %d while loading plugin `%s'"), _PATH_SUDO_CONF, info->lineno, info->symbol_name); warningx(U_("%s: %s"), info->path, strerror(ENAMETOOLONG)); goto done; } /* Plugin is static, fake up struct stat. */ memset(sb, 0, sizeof(*sb)); sb->st_uid = ROOT_UID; sb->st_mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH; status = 0; goto done; } #endif /* STATIC_SUDOERS_PLUGIN */ len = snprintf(fullpath, pathsize, "%s%s", _PATH_SUDO_PLUGIN_DIR, info->path); if (len <= 0 || (size_t)len >= pathsize) { warningx(U_("error in %s, line %d while loading plugin `%s'"), _PATH_SUDO_CONF, info->lineno, info->symbol_name); warningx(U_("%s%s: %s"), _PATH_SUDO_PLUGIN_DIR, info->path, strerror(ENAMETOOLONG)); goto done; } /* Try parent dir for compatibility with old plugindir default. */ if ((status = stat(fullpath, sb)) != 0) { char *cp = strrchr(fullpath, '/'); if (cp > fullpath + 4 && cp[-5] == '/' && cp[-4] == 's' && cp[-3] == 'u' && cp[-2] == 'd' && cp[-1] == 'o') { int serrno = errno; strlcpy(cp - 4, info->path, pathsize - (cp - 4 - fullpath)); if ((status = stat(fullpath, sb)) != 0) errno = serrno; } } # ifdef __hpux /* Try .sl instead of .so on HP-UX for backwards compatibility. */ if (status != 0) { size_t len = strlen(info->path); if (len >= 3 && info->path[len - 3] == '.' && info->path[len - 2] == 's' && info->path[len - 1] == 'o') { const char *sopath = info->path; char *slpath = estrdup(info->path); int serrno = errno; slpath[len - 1] = 'l'; info->path = slpath; status = sudo_stat_plugin(info, fullpath, pathsize, sb); if (status == 0) { efree((void *)sopath); } else { efree(slpath); info->path = sopath; errno = serrno; } } } # endif /* __hpux */ } done: debug_return_int(status); } static bool sudo_check_plugin(struct plugin_info *info, char *fullpath, size_t pathsize) { struct stat sb; int rval = false; debug_decl(sudo_check_plugin, SUDO_DEBUG_PLUGIN) if (sudo_stat_plugin(info, fullpath, pathsize, &sb) != 0) { warningx(U_("error in %s, line %d while loading plugin `%s'"), _PATH_SUDO_CONF, info->lineno, info->symbol_name); warning("%s%s", _PATH_SUDO_PLUGIN_DIR, info->path); goto done; } if (sb.st_uid != ROOT_UID) { warningx(U_("error in %s, line %d while loading plugin `%s'"), _PATH_SUDO_CONF, info->lineno, info->symbol_name); warningx(U_("%s must be owned by uid %d"), fullpath, ROOT_UID); goto done; } if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { warningx(U_("error in %s, line %d while loading plugin `%s'"), _PATH_SUDO_CONF, info->lineno, info->symbol_name); warningx(U_("%s must be only be writable by owner"), fullpath); goto done; } rval = true; done: debug_return_bool(rval); } #else static bool sudo_check_plugin(struct plugin_info *info, char *fullpath, size_t pathsize) { debug_decl(sudo_check_plugin, SUDO_DEBUG_PLUGIN) (void)strlcpy(fullpath, info->path, pathsize); debug_return_bool(true); } #endif /* _PATH_SUDO_PLUGIN_DIR */ /* * Load the plugin specified by "info". */ static bool sudo_load_plugin(struct plugin_container *policy_plugin, struct plugin_container_list *io_plugins, struct plugin_info *info) { struct plugin_container *container; struct generic_plugin *plugin; char path[PATH_MAX]; bool rval = false; void *handle; debug_decl(sudo_load_plugin, SUDO_DEBUG_PLUGIN) /* Sanity check plugin and fill in path */ if (!sudo_check_plugin(info, path, sizeof(path))) goto done; /* Open plugin and map in symbol */ handle = sudo_dso_load(path, SUDO_DSO_LAZY|SUDO_DSO_GLOBAL); if (!handle) { warningx(U_("error in %s, line %d while loading plugin `%s'"), _PATH_SUDO_CONF, info->lineno, info->symbol_name); warningx(U_("unable to load %s: %s"), path, sudo_dso_strerror()); goto done; } plugin = sudo_dso_findsym(handle, info->symbol_name); if (!plugin) { warningx(U_("error in %s, line %d while loading plugin `%s'"), _PATH_SUDO_CONF, info->lineno, info->symbol_name); warningx(U_("unable to find symbol `%s' in %s"), info->symbol_name, path); goto done; } if (plugin->type != SUDO_POLICY_PLUGIN && plugin->type != SUDO_IO_PLUGIN) { warningx(U_("error in %s, line %d while loading plugin `%s'"), _PATH_SUDO_CONF, info->lineno, info->symbol_name); warningx(U_("unknown policy type %d found in %s"), plugin->type, path); goto done; } if (SUDO_API_VERSION_GET_MAJOR(plugin->version) != SUDO_API_VERSION_MAJOR) { warningx(U_("error in %s, line %d while loading plugin `%s'"), _PATH_SUDO_CONF, info->lineno, info->symbol_name); warningx(U_("incompatible plugin major version %d (expected %d) found in %s"), SUDO_API_VERSION_GET_MAJOR(plugin->version), SUDO_API_VERSION_MAJOR, path); goto done; } if (plugin->type == SUDO_POLICY_PLUGIN) { if (policy_plugin->handle) { /* Ignore duplicate entries. */ if (strcmp(policy_plugin->name, info->symbol_name) != 0) { warningx(U_("ignoring policy plugin `%s' in %s, line %d"), info->symbol_name, _PATH_SUDO_CONF, info->lineno); warningx(U_("only a single policy plugin may be specified")); goto done; } warningx(U_("ignoring duplicate policy plugin `%s' in %s, line %d"), info->symbol_name, _PATH_SUDO_CONF, info->lineno); sudo_dso_unload(handle); handle = NULL; } if (handle != NULL) { policy_plugin->handle = handle; policy_plugin->name = info->symbol_name; policy_plugin->options = info->options; policy_plugin->u.generic = plugin; } } else if (plugin->type == SUDO_IO_PLUGIN) { /* Check for duplicate entries. */ TAILQ_FOREACH(container, io_plugins, entries) { if (strcmp(container->name, info->symbol_name) == 0) { warningx(U_("ignoring duplicate I/O plugin `%s' in %s, line %d"), info->symbol_name, _PATH_SUDO_CONF, info->lineno); sudo_dso_unload(handle); handle = NULL; break; } } if (handle != NULL) { container = ecalloc(1, sizeof(*container)); container->handle = handle; container->name = info->symbol_name; container->options = info->options; container->u.generic = plugin; TAILQ_INSERT_TAIL(io_plugins, container, entries); } } rval = true; done: debug_return_bool(rval); } /* * Load the plugins listed in sudo.conf. */ bool sudo_load_plugins(struct plugin_container *policy_plugin, struct plugin_container_list *io_plugins) { struct plugin_container *container; struct plugin_info_list *plugins; struct plugin_info *info; bool rval = false; debug_decl(sudo_load_plugins, SUDO_DEBUG_PLUGIN) /* Walk the plugin list from sudo.conf, if any. */ plugins = sudo_conf_plugins(); TAILQ_FOREACH(info, plugins, entries) { rval = sudo_load_plugin(policy_plugin, io_plugins, info); if (!rval) goto done; } /* * If no policy plugin, fall back to the default (sudoers). * If there is also no I/O log plugin, sudoers for that too. */ if (policy_plugin->handle == NULL) { /* Default policy plugin */ info = ecalloc(1, sizeof(*info)); info->symbol_name = "sudoers_policy"; info->path = SUDOERS_PLUGIN; /* info->options = NULL; */ rval = sudo_load_plugin(policy_plugin, io_plugins, info); efree(info); if (!rval) goto done; /* Default I/O plugin */ if (TAILQ_EMPTY(io_plugins)) { info = ecalloc(1, sizeof(*info)); info->symbol_name = "sudoers_io"; info->path = SUDOERS_PLUGIN; /* info->options = NULL; */ rval = sudo_load_plugin(policy_plugin, io_plugins, info); efree(info); if (!rval) goto done; } } if (policy_plugin->u.policy->check_policy == NULL) { warningx(U_("policy plugin %s does not include a check_policy method"), policy_plugin->name); rval = false; goto done; } /* Install hooks (XXX - later). */ if (policy_plugin->u.policy->version >= SUDO_API_MKVERSION(1, 2)) { if (policy_plugin->u.policy->register_hooks != NULL) policy_plugin->u.policy->register_hooks(SUDO_HOOK_VERSION, register_hook); } TAILQ_FOREACH(container, io_plugins, entries) { if (container->u.io->version >= SUDO_API_MKVERSION(1, 2)) { if (container->u.io->register_hooks != NULL) container->u.io->register_hooks(SUDO_HOOK_VERSION, register_hook); } } done: debug_return_bool(rval); } sudo-1.8.9p5/src/locale_stub.c010064400175440000012000000021401226304126300155670ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include "missing.h" #include "fatal.h" #include "gettext.h" #ifdef HAVE_LIBINTL_H /* No need to swap locales in the front end. */ char * warning_gettext(const char *msgid) { return gettext(msgid); } #endif /* HAVE_LIBINTL_H */ sudo-1.8.9p5/src/net_ifs.c010064400175440000012000000232361226304126300147330ustar00millertstaff/* * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ /* * Suppress a warning w/ gcc on Digital UN*X. * The system headers should really do this.... */ #if defined(__osf__) && !defined(__cplusplus) struct mbuf; struct rtentry; #endif #include #include #include #include #include #if defined(HAVE_SYS_SOCKIO_H) && !defined(SIOCGIFCONF) # include #endif #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #ifdef _ISC # include # include # include # define STRSET(cmd, param, len) {strioctl.ic_cmd=(cmd);\ strioctl.ic_dp=(param);\ strioctl.ic_timout=0;\ strioctl.ic_len=(len);} #endif /* _ISC */ #ifdef _MIPS # include #endif /* _MIPS */ #include #include #include #ifdef HAVE_GETIFADDRS # include #endif #include "missing.h" #include "alloc.h" #include "fatal.h" #include "sudo_debug.h" #define DEFAULT_TEXT_DOMAIN "sudo" #include "gettext.h" /* Minix apparently lacks IFF_LOOPBACK */ #ifndef IFF_LOOPBACK # define IFF_LOOPBACK 0 #endif #ifndef INET6_ADDRSTRLEN # define INET6_ADDRSTRLEN 46 #endif #ifdef HAVE_GETIFADDRS /* * Fill in the interfaces string with the machine's ip addresses and netmasks * and return the number of interfaces found. */ int get_net_ifs(char **addrinfo) { struct ifaddrs *ifa, *ifaddrs; struct sockaddr_in *sin; #ifdef HAVE_STRUCT_IN6_ADDR struct sockaddr_in6 *sin6; char addrbuf[INET6_ADDRSTRLEN]; #endif int ailen, len, num_interfaces = 0; char *cp; debug_decl(get_net_ifs, SUDO_DEBUG_NETIF) if (getifaddrs(&ifaddrs)) debug_return_int(0); /* Allocate space for the interfaces info string. */ for (ifa = ifaddrs; ifa != NULL; ifa = ifa -> ifa_next) { /* Skip interfaces marked "down" and "loopback". */ if (ifa->ifa_addr == NULL || ifa->ifa_netmask == NULL || !ISSET(ifa->ifa_flags, IFF_UP) || ISSET(ifa->ifa_flags, IFF_LOOPBACK)) continue; switch (ifa->ifa_addr->sa_family) { case AF_INET: #ifdef HAVE_STRUCT_IN6_ADDR case AF_INET6: #endif num_interfaces++; break; } } if (num_interfaces == 0) debug_return_int(0); ailen = num_interfaces * 2 * INET6_ADDRSTRLEN; *addrinfo = cp = emalloc(ailen); /* Store the IP addr/netmask pairs. */ for (ifa = ifaddrs; ifa != NULL; ifa = ifa -> ifa_next) { /* Skip interfaces marked "down" and "loopback". */ if (ifa->ifa_addr == NULL || ifa->ifa_netmask == NULL || !ISSET(ifa->ifa_flags, IFF_UP) || ISSET(ifa->ifa_flags, IFF_LOOPBACK)) continue; switch (ifa->ifa_addr->sa_family) { case AF_INET: sin = (struct sockaddr_in *)ifa->ifa_addr; len = snprintf(cp, ailen - (*addrinfo - cp), "%s%s/", cp == *addrinfo ? "" : " ", inet_ntoa(sin->sin_addr)); if (len <= 0 || len >= ailen - (*addrinfo - cp)) { warningx(U_("load_interfaces: overflow detected")); goto done; } cp += len; sin = (struct sockaddr_in *)ifa->ifa_netmask; len = snprintf(cp, ailen - (*addrinfo - cp), "%s", inet_ntoa(sin->sin_addr)); if (len <= 0 || len >= ailen - (*addrinfo - cp)) { warningx(U_("load_interfaces: overflow detected")); goto done; } cp += len; break; #ifdef HAVE_STRUCT_IN6_ADDR case AF_INET6: sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; inet_ntop(AF_INET6, &sin6->sin6_addr, addrbuf, sizeof(addrbuf)); len = snprintf(cp, ailen - (*addrinfo - cp), "%s%s/", cp == *addrinfo ? "" : " ", addrbuf); if (len <= 0 || len >= ailen - (*addrinfo - cp)) { warningx(U_("load_interfaces: overflow detected")); goto done; } cp += len; sin6 = (struct sockaddr_in6 *)ifa->ifa_netmask; inet_ntop(AF_INET6, &sin6->sin6_addr, addrbuf, sizeof(addrbuf)); len = snprintf(cp, ailen - (*addrinfo - cp), "%s", addrbuf); if (len <= 0 || len >= ailen - (*addrinfo - cp)) { warningx(U_("load_interfaces: overflow detected")); goto done; } cp += len; break; #endif /* HAVE_STRUCT_IN6_ADDR */ } } done: #ifdef HAVE_FREEIFADDRS freeifaddrs(ifaddrs); #else efree(ifaddrs); #endif debug_return_int(num_interfaces); } #elif defined(SIOCGIFCONF) && !defined(STUB_LOAD_INTERFACES) /* * Allocate and fill in the interfaces global variable with the * machine's ip addresses and netmasks. */ int get_net_ifs(char **addrinfo) { struct ifconf *ifconf; struct ifreq *ifr, ifr_tmp; struct sockaddr_in *sin; int ailen, i, len, n, sock, num_interfaces = 0; size_t buflen = sizeof(struct ifconf) + BUFSIZ; char *cp, *previfname = "", *ifconf_buf = NULL; #ifdef _ISC struct strioctl strioctl; #endif /* _ISC */ debug_decl(get_net_ifs, SUDO_DEBUG_NETIF) sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) fatal(U_("unable to open socket")); /* * Get interface configuration or return. */ for (;;) { ifconf_buf = emalloc(buflen); ifconf = (struct ifconf *) ifconf_buf; ifconf->ifc_len = buflen - sizeof(struct ifconf); ifconf->ifc_buf = (caddr_t) (ifconf_buf + sizeof(struct ifconf)); #ifdef _ISC STRSET(SIOCGIFCONF, (caddr_t) ifconf, buflen); if (ioctl(sock, I_STR, (caddr_t) &strioctl) < 0) #else /* Note that some kernels return EINVAL if the buffer is too small */ if (ioctl(sock, SIOCGIFCONF, (caddr_t) ifconf) < 0 && errno != EINVAL) #endif /* _ISC */ goto done; /* Break out of loop if we have a big enough buffer. */ if (ifconf->ifc_len + sizeof(struct ifreq) < buflen) break; buflen += BUFSIZ; efree(ifconf_buf); } /* Allocate space for the maximum number of interfaces that could exist. */ if ((n = ifconf->ifc_len / sizeof(struct ifreq)) == 0) debug_return_int(0); ailen = n * 2 * INET6_ADDRSTRLEN; *addrinfo = cp = emalloc(ailen); /* For each interface, store the ip address and netmask. */ for (i = 0; i < ifconf->ifc_len; ) { /* Get a pointer to the current interface. */ ifr = (struct ifreq *) &ifconf->ifc_buf[i]; /* Set i to the subscript of the next interface. */ i += sizeof(struct ifreq); #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN if (ifr->ifr_addr.sa_len > sizeof(ifr->ifr_addr)) i += ifr->ifr_addr.sa_len - sizeof(struct sockaddr); #endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */ /* Skip duplicates and interfaces with NULL addresses. */ sin = (struct sockaddr_in *) &ifr->ifr_addr; if (sin->sin_addr.s_addr == 0 || strncmp(previfname, ifr->ifr_name, sizeof(ifr->ifr_name) - 1) == 0) continue; if (ifr->ifr_addr.sa_family != AF_INET) continue; #ifdef SIOCGIFFLAGS memset(&ifr_tmp, 0, sizeof(ifr_tmp)); strncpy(ifr_tmp.ifr_name, ifr->ifr_name, sizeof(ifr_tmp.ifr_name) - 1); if (ioctl(sock, SIOCGIFFLAGS, (caddr_t) &ifr_tmp) < 0) #endif ifr_tmp = *ifr; /* Skip interfaces marked "down" and "loopback". */ if (!ISSET(ifr_tmp.ifr_flags, IFF_UP) || ISSET(ifr_tmp.ifr_flags, IFF_LOOPBACK)) continue; sin = (struct sockaddr_in *) &ifr->ifr_addr; len = snprintf(cp, ailen - (*addrinfo - cp), "%s%s/", cp == *addrinfo ? "" : " ", inet_ntoa(sin->sin_addr)); if (len <= 0 || len >= ailen - (*addrinfo - cp)) { warningx(U_("load_interfaces: overflow detected")); goto done; } cp += len; /* Stash the name of the interface we saved. */ previfname = ifr->ifr_name; /* Get the netmask. */ memset(&ifr_tmp, 0, sizeof(ifr_tmp)); strncpy(ifr_tmp.ifr_name, ifr->ifr_name, sizeof(ifr_tmp.ifr_name) - 1); #ifdef _ISC STRSET(SIOCGIFNETMASK, (caddr_t) &ifr_tmp, sizeof(ifr_tmp)); if (ioctl(sock, I_STR, (caddr_t) &strioctl) < 0) { #else if (ioctl(sock, SIOCGIFNETMASK, (caddr_t) &ifr_tmp) < 0) { #endif /* _ISC */ sin = (struct sockaddr_in *) &ifr_tmp.ifr_addr; sin->sin_addr.s_addr = htonl(IN_CLASSC_NET); } sin = (struct sockaddr_in *) &ifr_tmp.ifr_addr; len = snprintf(cp, ailen - (*addrinfo - cp), "%s", inet_ntoa(sin->sin_addr)); if (len <= 0 || len >= ailen - (*addrinfo - cp)) { warningx(U_("load_interfaces: overflow detected")); goto done; } cp += len; num_interfaces++; } done: efree(ifconf_buf); (void) close(sock); debug_return_int(num_interfaces); } #else /* !SIOCGIFCONF || STUB_LOAD_INTERFACES */ /* * Stub function for those without SIOCGIFCONF or getifaddrs() */ int get_net_ifs(char **addrinfo) { debug_decl(get_net_ifs, SUDO_DEBUG_NETIF) debug_return_int(0); } #endif /* SIOCGIFCONF && !STUB_LOAD_INTERFACES */ sudo-1.8.9p5/src/openbsd.c010064400175440000012000000027511226304126300147350ustar00millertstaff/* * Copyright (c) 2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include "sudo.h" int os_init(int argc, char *argv[], char *envp[]) { #ifdef SUDO_DEVEL extern char *malloc_options; malloc_options = "AFGJPR"; #endif return os_init_common(argc, argv, envp); } sudo-1.8.9p5/src/parse_args.c010064400175440000012000000475621226304127700154470ustar00millertstaff/* * Copyright (c) 1993-1996, 1998-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef HAVE_GETOPT_LONG # include # else # include "compat/getopt.h" #endif /* HAVE_GETOPT_LONG */ #include #include #include #include #include "sudo.h" #include "lbuf.h" int tgetpass_flags; /* * Local functions. */ static void help(void) __attribute__((__noreturn__)); static void usage_excl(int); /* * Mapping of command line flags to name/value settings. */ static struct sudo_settings { const char *name; const char *value; } sudo_settings[] = { #define ARG_BSDAUTH_TYPE 0 { "bsdauth_type" }, #define ARG_LOGIN_CLASS 1 { "login_class" }, #define ARG_DEBUG_FLAGS 2 { "debug_flags" }, #define ARG_PRESERVE_ENVIRONMENT 3 { "preserve_environment" }, #define ARG_RUNAS_GROUP 4 { "runas_group" }, #define ARG_SET_HOME 5 { "set_home" }, #define ARG_USER_SHELL 6 { "run_shell" }, #define ARG_LOGIN_SHELL 7 { "login_shell" }, #define ARG_IGNORE_TICKET 8 { "ignore_ticket" }, #define ARG_PROMPT 9 { "prompt" }, #define ARG_SELINUX_ROLE 10 { "selinux_role" }, #define ARG_SELINUX_TYPE 11 { "selinux_type" }, #define ARG_RUNAS_USER 12 { "runas_user" }, #define ARG_PROGNAME 13 { "progname" }, #define ARG_IMPLIED_SHELL 14 { "implied_shell" }, #define ARG_PRESERVE_GROUPS 15 { "preserve_groups" }, #define ARG_NONINTERACTIVE 16 { "noninteractive" }, #define ARG_SUDOEDIT 17 { "sudoedit" }, #define ARG_CLOSEFROM 18 { "closefrom" }, #define ARG_NET_ADDRS 19 { "network_addrs" }, #define ARG_MAX_GROUPS 20 { "max_groups" }, #define ARG_PLUGIN_DIR 21 { "plugin_dir" }, #define ARG_REMOTE_HOST 22 { "remote_host" }, #define NUM_SETTINGS 23 { NULL } }; /* * Default flags allowed when running a command. */ #define DEFAULT_VALID_FLAGS (MODE_BACKGROUND|MODE_PRESERVE_ENV|MODE_RESET_HOME|MODE_LOGIN_SHELL|MODE_NONINTERACTIVE|MODE_SHELL) /* Option number for the --host long option due to ambiguity of the -h flag. */ #define OPT_HOSTNAME 256 /* * Available command line options, both short and long. * Note that we must disable arg permutation to support setting environment * variables and to better support the optional arg of the -h flag. */ static const char short_opts[] = "+Aa:bC:c:D:Eeg:Hh::iKklnPp:r:Sst:U:u:Vv"; static struct option long_opts[] = { { "askpass", no_argument, NULL, 'A' }, { "auth-type", required_argument, NULL, 'a' }, { "background", no_argument, NULL, 'b' }, { "close-from", required_argument, NULL, 'C' }, { "login-class", required_argument, NULL, 'c' }, { "preserve-env", no_argument, NULL, 'E' }, { "edit", no_argument, NULL, 'e' }, { "group", required_argument, NULL, 'g' }, { "set-home", no_argument, NULL, 'H' }, { "help", no_argument, NULL, 'h' }, { "host", required_argument, NULL, OPT_HOSTNAME }, { "login", no_argument, NULL, 'i' }, { "remove-timestamp", no_argument, NULL, 'K' }, { "reset-timestamp", no_argument, NULL, 'k' }, { "list", no_argument, NULL, 'l' }, { "non-interactive", no_argument, NULL, 'n' }, { "preserve-groups", no_argument, NULL, 'P' }, { "prompt", required_argument, NULL, 'p' }, { "role", required_argument, NULL, 'r' }, { "stdin", no_argument, NULL, 'S' }, { "shell", no_argument, NULL, 's' }, { "type", required_argument, NULL, 't' }, { "other-user", required_argument, NULL, 'U' }, { "user", required_argument, NULL, 'u' }, { "version", no_argument, NULL, 'V' }, { "validate", no_argument, NULL, 'v' }, { NULL, no_argument, NULL, '\0' }, }; /* * Command line argument parsing. * Sets nargc and nargv which corresponds to the argc/argv we'll use * for the command to be run (if we are running one). */ int parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp, char ***env_addp) { int mode = 0; /* what mode is sudo to be run in? */ int flags = 0; /* mode flags */ int valid_flags = DEFAULT_VALID_FLAGS; int ch, i, j; char *cp, **env_add, **settings; const char *runas_user = NULL; const char *runas_group = NULL; const char *debug_flags; int nenv = 0; int env_size = 32; debug_decl(parse_args, SUDO_DEBUG_ARGS) env_add = emalloc2(env_size, sizeof(char *)); /* Pass progname to plugin so it can call initprogname() */ sudo_settings[ARG_PROGNAME].value = getprogname(); /* First, check to see if we were invoked as "sudoedit". */ if (strcmp(getprogname(), "sudoedit") == 0) { mode = MODE_EDIT; sudo_settings[ARG_SUDOEDIT].value = "true"; } /* Load local IP addresses and masks. */ if (get_net_ifs(&cp) > 0) sudo_settings[ARG_NET_ADDRS].value = cp; /* Set debug file and flags from sudo.conf. */ debug_flags = sudo_conf_debug_flags(); if (debug_flags != NULL) sudo_settings[ARG_DEBUG_FLAGS].value = debug_flags; /* Set max_groups from sudo.conf. */ i = sudo_conf_max_groups(); if (i != -1) { easprintf(&cp, "%d", i); sudo_settings[ARG_MAX_GROUPS].value = cp; } /* Returns true if the last option string was "-h" */ #define got_host_flag (optind > 1 && argv[optind - 1][0] == '-' && \ argv[optind - 1][1] == 'h' && argv[optind - 1][2] == '\0') /* Returns true if the last option string was "--" */ #define got_end_of_args (optind > 1 && argv[optind - 1][0] == '-' && \ argv[optind - 1][1] == '-' && argv[optind - 1][2] == '\0') /* Returns true if next option is an environment variable */ #define is_envar (optind < argc && argv[optind][0] != '/' && \ strchr(argv[optind], '=') != NULL) /* XXX - should fill in settings at the end to avoid dupes */ for (;;) { /* * Some trickiness is required to allow environment variables * to be interspersed with command line options. */ if ((ch = getopt_long(argc, argv, short_opts, long_opts, NULL)) != -1) { switch (ch) { case 'A': SET(tgetpass_flags, TGP_ASKPASS); break; #ifdef HAVE_BSD_AUTH_H case 'a': sudo_settings[ARG_BSDAUTH_TYPE].value = optarg; break; #endif case 'b': SET(flags, MODE_BACKGROUND); break; case 'C': if (strtonum(optarg, 3, INT_MAX, NULL) == 0) { warningx(_("the argument to -C must be a number greater than or equal to 3")); usage(1); } sudo_settings[ARG_CLOSEFROM].value = optarg; break; #ifdef HAVE_LOGIN_CAP_H case 'c': sudo_settings[ARG_LOGIN_CLASS].value = optarg; break; #endif case 'D': /* Ignored for backwards compatibility. */ break; case 'E': sudo_settings[ARG_PRESERVE_ENVIRONMENT].value = "true"; break; case 'e': if (mode && mode != MODE_EDIT) usage_excl(1); mode = MODE_EDIT; sudo_settings[ARG_SUDOEDIT].value = "true"; valid_flags = MODE_NONINTERACTIVE; break; case 'g': runas_group = optarg; sudo_settings[ARG_RUNAS_GROUP].value = optarg; break; case 'H': sudo_settings[ARG_SET_HOME].value = "true"; break; case 'h': if (optarg == NULL) { /* * Optional args support -hhostname, not -h hostname. * If we see a non-option after the -h flag, treat as * remote host and bump optind to skip over it. */ if (got_host_flag && !is_envar && argv[optind] != NULL && argv[optind][0] != '-') { sudo_settings[ARG_REMOTE_HOST].value = argv[optind++]; continue; } if (mode && mode != MODE_HELP) { if (strcmp(getprogname(), "sudoedit") != 0) usage_excl(1); } mode = MODE_HELP; valid_flags = 0; break; } /* FALLTHROUGH */ case OPT_HOSTNAME: sudo_settings[ARG_REMOTE_HOST].value = optarg; break; case 'i': sudo_settings[ARG_LOGIN_SHELL].value = "true"; SET(flags, MODE_LOGIN_SHELL); break; case 'k': sudo_settings[ARG_IGNORE_TICKET].value = "true"; break; case 'K': sudo_settings[ARG_IGNORE_TICKET].value = "true"; if (mode && mode != MODE_KILL) usage_excl(1); mode = MODE_KILL; valid_flags = 0; break; case 'l': if (mode) { if (mode == MODE_LIST) SET(flags, MODE_LONG_LIST); else usage_excl(1); } mode = MODE_LIST; valid_flags = MODE_NONINTERACTIVE|MODE_LONG_LIST; break; case 'n': SET(flags, MODE_NONINTERACTIVE); sudo_settings[ARG_NONINTERACTIVE].value = "true"; break; case 'P': sudo_settings[ARG_PRESERVE_GROUPS].value = "true"; break; case 'p': sudo_settings[ARG_PROMPT].value = optarg; break; #ifdef HAVE_SELINUX case 'r': sudo_settings[ARG_SELINUX_ROLE].value = optarg; break; case 't': sudo_settings[ARG_SELINUX_TYPE].value = optarg; break; #endif case 'S': SET(tgetpass_flags, TGP_STDIN); break; case 's': sudo_settings[ARG_USER_SHELL].value = "true"; SET(flags, MODE_SHELL); break; case 'U': list_user = optarg; break; case 'u': runas_user = optarg; sudo_settings[ARG_RUNAS_USER].value = optarg; break; case 'v': if (mode && mode != MODE_VALIDATE) usage_excl(1); mode = MODE_VALIDATE; valid_flags = MODE_NONINTERACTIVE; break; case 'V': if (mode && mode != MODE_VERSION) usage_excl(1); mode = MODE_VERSION; valid_flags = 0; break; default: usage(1); } } else if (!got_end_of_args && is_envar) { if (nenv == env_size - 2) { env_size *= 2; env_add = erealloc3(env_add, env_size, sizeof(char *)); } env_add[nenv++] = argv[optind]; /* Crank optind and resume getopt. */ optind++; } else { /* Not an option or an environment variable -- we're done. */ break; } } env_add[nenv] = NULL; argc -= optind; argv += optind; if (!mode) { /* Defer -k mode setting until we know whether it is a flag or not */ if (sudo_settings[ARG_IGNORE_TICKET].value != NULL) { if (argc == 0 && !(flags & (MODE_SHELL|MODE_LOGIN_SHELL))) { mode = MODE_INVALIDATE; /* -k by itself */ sudo_settings[ARG_IGNORE_TICKET].value = NULL; valid_flags = 0; } } if (!mode) mode = MODE_RUN; /* running a command */ } if (argc > 0 && mode == MODE_LIST) mode = MODE_CHECK; if (ISSET(flags, MODE_LOGIN_SHELL)) { if (ISSET(flags, MODE_SHELL)) { warningx(U_("you may not specify both the `-i' and `-s' options")); usage(1); } if (ISSET(flags, MODE_PRESERVE_ENV)) { warningx(U_("you may not specify both the `-i' and `-E' options")); usage(1); } SET(flags, MODE_SHELL); } if ((flags & valid_flags) != flags) usage(1); if (mode == MODE_EDIT && (ISSET(flags, MODE_PRESERVE_ENV) || env_add[0] != NULL)) { if (ISSET(mode, MODE_PRESERVE_ENV)) warningx(U_("the `-E' option is not valid in edit mode")); if (env_add[0] != NULL) warningx(U_("you may not specify environment variables in edit mode")); usage(1); } if ((runas_user != NULL || runas_group != NULL) && !ISSET(mode, MODE_EDIT | MODE_RUN | MODE_CHECK | MODE_VALIDATE)) { usage(1); } if (list_user != NULL && mode != MODE_LIST && mode != MODE_CHECK) { warningx(U_("the `-U' option may only be used with the `-l' option")); usage(1); } if (ISSET(tgetpass_flags, TGP_STDIN) && ISSET(tgetpass_flags, TGP_ASKPASS)) { warningx(U_("the `-A' and `-S' options may not be used together")); usage(1); } if ((argc == 0 && mode == MODE_EDIT) || (argc > 0 && !ISSET(mode, MODE_RUN | MODE_EDIT | MODE_CHECK))) usage(1); if (argc == 0 && mode == MODE_RUN && !ISSET(flags, MODE_SHELL)) { SET(flags, (MODE_IMPLIED_SHELL | MODE_SHELL)); sudo_settings[ARG_IMPLIED_SHELL].value = "true"; } if (mode == MODE_HELP) help(); /* * For shell mode we need to rewrite argv */ if (ISSET(mode, MODE_RUN) && ISSET(flags, MODE_SHELL)) { char **av, *cmnd = NULL; int ac = 1; if (argc != 0) { /* shell -c "command" */ char *src, *dst; size_t cmnd_size = (size_t) (argv[argc - 1] - argv[0]) + strlen(argv[argc - 1]) + 1; cmnd = dst = emalloc2(cmnd_size, 2); for (av = argv; *av != NULL; av++) { for (src = *av; *src != '\0'; src++) { /* quote potential meta characters */ if (!isalnum((unsigned char)*src) && *src != '_' && *src != '-' && *src != '$') *dst++ = '\\'; *dst++ = *src; } *dst++ = ' '; } if (cmnd != dst) dst--; /* replace last space with a NUL */ *dst = '\0'; ac += 2; /* -c cmnd */ } av = emalloc2(ac + 1, sizeof(char *)); av[0] = (char *)user_details.shell; /* plugin may override shell */ if (cmnd != NULL) { av[1] = "-c"; av[2] = cmnd; } av[ac] = NULL; argv = av; argc = ac; } /* * Format setting_pairs into settings array. */ #ifdef _PATH_SUDO_PLUGIN_DIR sudo_settings[ARG_PLUGIN_DIR].value = sudo_conf_plugin_dir_path(); #endif settings = emalloc2(NUM_SETTINGS + 1, sizeof(char *)); for (i = 0, j = 0; i < NUM_SETTINGS; i++) { if (sudo_settings[i].value) { sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s=%s", sudo_settings[i].name, sudo_settings[i].value); settings[j] = fmt_string(sudo_settings[i].name, sudo_settings[i].value); if (settings[j] == NULL) fatal(NULL); j++; } } settings[j] = NULL; if (mode == MODE_EDIT) { #if defined(HAVE_SETRESUID) || defined(HAVE_SETREUID) || defined(HAVE_SETEUID) /* Must have the command in argv[0]. */ argc++; argv--; argv[0] = "sudoedit"; #else fatalx(U_("sudoedit is not supported on this platform")); #endif } *settingsp = settings; *env_addp = env_add; *nargc = argc; *nargv = argv; debug_return_int(mode | flags); } static int usage_err(const char *buf) { return fputs(buf, stderr); } static int usage_out(const char *buf) { return fputs(buf, stdout); } /* * Give usage message and exit. * The actual usage strings are in sudo_usage.h for configure substitution. */ void usage(int fatal) { struct lbuf lbuf; char *uvec[6]; int i, ulen; /* * Use usage vectors appropriate to the progname. */ if (strcmp(getprogname(), "sudoedit") == 0) { uvec[0] = SUDO_USAGE5 + 3; uvec[1] = NULL; } else { uvec[0] = SUDO_USAGE1; uvec[1] = SUDO_USAGE2; uvec[2] = SUDO_USAGE3; uvec[3] = SUDO_USAGE4; uvec[4] = SUDO_USAGE5; uvec[5] = NULL; } /* * Print usage and wrap lines as needed, depending on the * tty width. */ ulen = (int)strlen(getprogname()) + 8; lbuf_init(&lbuf, fatal ? usage_err : usage_out, ulen, NULL, user_details.ts_cols); for (i = 0; uvec[i] != NULL; i++) { lbuf_append(&lbuf, "usage: %s%s", getprogname(), uvec[i]); lbuf_print(&lbuf); } lbuf_destroy(&lbuf); if (fatal) exit(1); } /* * Tell which options are mutually exclusive and exit. */ static void usage_excl(int fatal) { debug_decl(usage_excl, SUDO_DEBUG_ARGS) warningx(U_("Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified")); usage(fatal); } static void help(void) { struct lbuf lbuf; const int indent = 30; const char *pname = getprogname(); debug_decl(help, SUDO_DEBUG_ARGS) lbuf_init(&lbuf, usage_out, indent, NULL, user_details.ts_cols); if (strcmp(pname, "sudoedit") == 0) lbuf_append(&lbuf, _("%s - edit files as another user\n\n"), pname); else lbuf_append(&lbuf, _("%s - execute a command as another user\n\n"), pname); lbuf_print(&lbuf); usage(0); lbuf_append(&lbuf, _("\nOptions:\n")); lbuf_append(&lbuf, " -A, --askpass %s\n", _("use a helper program for password prompting")); #ifdef HAVE_BSD_AUTH_H lbuf_append(&lbuf, " -a, --auth-type=type %s\n", _("use specified BSD authentication type")); #endif lbuf_append(&lbuf, " -b, --background %s\n", _("run command in the background")); lbuf_append(&lbuf, " -C, --close-from=num %s\n", _("close all file descriptors >= num")); #ifdef HAVE_LOGIN_CAP_H lbuf_append(&lbuf, " -c, --login-class=class %s\n", _("run command with the specified BSD login class")); #endif lbuf_append(&lbuf, " -E, --preserve-env %s\n", _("preserve user environment when running command")); lbuf_append(&lbuf, " -e, --edit %s\n", _("edit files instead of running a command")); lbuf_append(&lbuf, " -g, --group=group %s\n", _("run command as the specified group name or ID")); lbuf_append(&lbuf, " -H, --set-home %s\n", _("set HOME variable to target user's home dir")); lbuf_append(&lbuf, " -h, --help %s\n", _("display help message and exit")); lbuf_append(&lbuf, " -h, --host=host %s\n", _("run command on host (if supported by plugin)")); lbuf_append(&lbuf, " -i, --login %s\n", _("run login shell as the target user; a command may also be specified")); lbuf_append(&lbuf, " -K, --remove-timestamp %s\n", _("remove timestamp file completely")); lbuf_append(&lbuf, " -k, --reset-timestamp %s\n", _("invalidate timestamp file")); lbuf_append(&lbuf, " -l, --list %s\n", _("list user's privileges or check a specific command; use twice for longer format")); lbuf_append(&lbuf, " -n, --non-interactive %s\n", _("non-interactive mode, no prompts are used")); lbuf_append(&lbuf, " -P, --preserve-groups %s\n", _("preserve group vector instead of setting to target's")); lbuf_append(&lbuf, " -p, --prompt=prompt %s\n", _("use the specified password prompt")); #ifdef HAVE_SELINUX lbuf_append(&lbuf, " -r, --role=role %s\n", _("create SELinux security context with specified role")); #endif lbuf_append(&lbuf, " -S, --stdin %s\n", _("read password from standard input")); lbuf_append(&lbuf, " -s, --shell %s\n", _("run shell as the target user; a command may also be specified")); #ifdef HAVE_SELINUX lbuf_append(&lbuf, " -t, --type=type %s\n", _("create SELinux security context with specified type")); #endif lbuf_append(&lbuf, " -U, --other-user=user %s\n", _("in list mode, display privileges for user")); lbuf_append(&lbuf, " -u, --user=user %s\n", _("run command (or edit file) as specified user name or ID")); lbuf_append(&lbuf, " -V, --version %s\n", _("display version information and exit")); lbuf_append(&lbuf, " -v, --validate %s\n", _("update user's timestamp without running a command")); lbuf_append(&lbuf, " -- %s\n", _("stop processing command line arguments")); lbuf_print(&lbuf); lbuf_destroy(&lbuf); sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, 0); exit(0); } sudo-1.8.9p5/src/preserve_fds.c010064400175440000012000000146001227416533400157760ustar00millertstaff/* * Copyright (c) 2013-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include /* for howmany() on Linux */ #ifdef HAVE_SYS_SYSMACROS_H # include /* for howmany() on Solaris */ #endif /* HAVE_SYS_SYSMACROS_H */ #ifdef HAVE_SYS_SELECT_H # include /* for FD_* macros */ #endif /* HAVE_SYS_SELECT_H */ #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include "sudo.h" /* * Add an fd to preserve. */ int add_preserved_fd(struct preserved_fd_list *pfds, int fd) { struct preserved_fd *pfd, *pfd_new; debug_decl(add_preserved_fd, SUDO_DEBUG_UTIL) pfd_new = emalloc(sizeof(*pfd)); pfd_new->lowfd = fd; pfd_new->highfd = fd; pfd_new->flags = fcntl(fd, F_GETFD); if (pfd_new->flags == -1) { efree(pfd_new); debug_return_int(-1); } TAILQ_FOREACH(pfd, pfds, entries) { if (fd == pfd->highfd) { /* already preserved */ sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "fd %d already preserved", fd); efree(pfd_new); break; } if (fd < pfd->highfd) { TAILQ_INSERT_BEFORE(pfd, pfd_new, entries); sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "preserving fd %d", fd); break; } } if (pfd == NULL) { TAILQ_INSERT_TAIL(pfds, pfd_new, entries); sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "preserving fd %d", fd); } debug_return_int(0); } /* * Close all descriptors, startfd and higher except those listed * in pfds. */ void closefrom_except(int startfd, struct preserved_fd_list *pfds) { int debug_fd, fd, lastfd = -1; struct preserved_fd *pfd, *pfd_next; fd_set *fdsp; debug_decl(closefrom_except, SUDO_DEBUG_UTIL) debug_fd = sudo_debug_fd_get(); /* First, relocate preserved fds to be as contiguous as possible. */ TAILQ_FOREACH_REVERSE_SAFE(pfd, pfds, preserved_fd_list, entries, pfd_next) { if (pfd->highfd < startfd) continue; fd = dup(pfd->highfd); if (fd == -1) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, "dup %d", pfd->highfd); if (errno == EBADF) { TAILQ_REMOVE(pfds, pfd, entries); continue; } /* NOTE: still need to adjust lastfd below with unchanged lowfd. */ } else if (fd < pfd->highfd) { pfd->lowfd = fd; fd = pfd->highfd; if (fd == debug_fd) debug_fd = sudo_debug_fd_set(pfd->lowfd); sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "dup %d -> %d", pfd->highfd, pfd->lowfd); } if (fd != -1) (void) close(fd); if (pfd->lowfd > lastfd) lastfd = pfd->lowfd; /* highest (relocated) preserved fd */ } if (lastfd == -1) { /* No fds to preserve. */ sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "closefrom(%d)", startfd); closefrom(startfd); debug_return; } /* Create bitmap of preserved (relocated) fds. */ fdsp = ecalloc(howmany(lastfd + 1, NFDBITS), sizeof(fd_mask)); TAILQ_FOREACH(pfd, pfds, entries) { FD_SET(pfd->lowfd, fdsp); } /* * Close any unpreserved fds [startfd,lastfd] */ for (fd = startfd; fd <= lastfd; fd++) { if (!FD_ISSET(fd, fdsp)) { sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "closing fd %d", fd); #ifdef __APPLE__ /* Avoid potential libdispatch crash when we close its fds. */ (void) fcntl(fd, F_SETFD, FD_CLOEXEC); #else (void) close(fd); #endif } } free(fdsp); /* Let closefrom() do the rest for us. */ sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "closefrom(%d)", lastfd + 1); closefrom(lastfd + 1); /* Restore preserved fds and set flags. */ TAILQ_FOREACH_REVERSE(pfd, pfds, preserved_fd_list, entries) { if (pfd->lowfd != pfd->highfd) { if (dup2(pfd->lowfd, pfd->highfd) == -1) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "dup2(%d, %d): %s", pfd->lowfd, pfd->highfd, strerror(errno)); } else { sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "dup2(%d, %d)", pfd->lowfd, pfd->highfd); } if (fcntl(pfd->highfd, F_SETFD, pfd->flags) == -1) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "fcntl(%d, F_SETFD, %d): %s", pfd->highfd, pfd->flags, strerror(errno)); } else { sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "fcntl(%d, F_SETFD, %d)", pfd->highfd, pfd->flags); } if (pfd->lowfd == debug_fd) debug_fd = sudo_debug_fd_set(pfd->highfd); (void) close(pfd->lowfd); pfd->lowfd = pfd->highfd; } } debug_return; } /* * Parse a comma-separated list of fds and add them to preserved_fds. */ void parse_preserved_fds(struct preserved_fd_list *pfds, const char *fdstr) { const char *cp = fdstr; long lval; char *ep; debug_decl(parse_preserved_fds, SUDO_DEBUG_UTIL) do { errno = 0; lval = strtol(cp, &ep, 10); if (ep == cp || (*ep != ',' && *ep != '\0')) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "unable to parse fd string %s", cp); break; } if ((errno == ERANGE && lval == LONG_MAX) || lval < 0 || lval > INT_MAX) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "range error parsing fd string %s", cp); } else { add_preserved_fd(pfds, (int)lval); } cp = ep + 1; } while (*ep != '\0'); debug_return; } sudo-1.8.9p5/src/po/README010064400175440000012000000013651226304126300144350ustar00millertstaffNLS Translations for sudo are coordinated through the Translation Project, at http://translationproject.org/ If you would like to contribute a translation for sudo, please join a translation team at the Translation Project instead of contributing a po file directly. This will avoid duplicated work if there is already a translation in progress. If you would like to become a member of a translation team, please follow the instructions at http://translationproject.org/html/translators.html The messages in sudo are split into two domains: sudo and sudoers. The former is used by the sudo front-end and utility functions. The latter is used by the sudoers policy and I/O logging plug-ins as well as the sudoers-specific commands visudo and sudoreplay. sudo-1.8.9p5/src/po/cs.mo010064400175440000012000000415011226304146200145140ustar00millertstaffÞ•§Tߌ  !(6_q†Ÿ#¹Ýò$*6E |‰’™ ¡­ÄÔIë5F!U#w8›Ô3ð3$X$v'›{Ã7?.w¦ ºÛó0Jd#~1¢4Ô* )4>^#¹#Ý$$&%K%q&— ¾ÌOæ"66YC/Ô),.,[7ˆ4À3õ/)5Y+4».ð! Ab'7©-á,-.ZC‰=Í+ "77Z&’*¹2ä)5A>w¶Ñî &&B!i‹¡#ºÞó !B5Q&‡®1É"û4%Flˆž´/Ò  # > V r ƒ ˜ µ +Ó ÿ  !!8!(Z!ƒ!¡!%À!"æ! ")"A"\"(n"—"*­"(Ø"##"2#U#,r#1Ÿ#+Ñ#%ý#!#$)E$o$$<$2Ì$2ÿ$62%#i%z%'.'/G'w' ‹'¬'Ç'3à'!(6(,N({(9š( Ô(â(ë(ò( ú($)+)?)P[)¬)»)/Í)(ý)M&*0t*=¥*>ã*"+#A+,e+“’+O&,:v,±,7Ð,-&$-&K-%r-%˜-$¾-,ã-J.E[.7¡.3Ù.G /#U/$y/$ž/%Ã/%é/&0&603]0‘0&£0kÊ0(61O_1Z¯1D 26O2(†26¯24æ2A35]31“38Å3/þ3;.4/j4"š4-½4!ë4, 5N:56‰5À57Ü586RM6B 6:ã6078O77ˆ7.À7@ï7408De87ª8â8 þ89'29(Z9ƒ9¡9Á9×93ï92#:V:4g:#œ:À:EØ:';F;>b;&¡;È;Ý;1ð; "<C<%Z<!€<,¢<Ï<è<þ<=8=I=i="ˆ=#«=5Ï=>>?7> w>˜>&¸>.ß>)?8?!Q?s?.Ž?½?,Ð?6ý?(4@$]@,‚@¯@6Ê@@A:BA'}A ¥A2ÆAùABD0B8uB9®B:èB#C3XVt5˜E>^|T€*„/!@FOBpze  Aƒ6“–\ …Qdœqv{’=¤f¦(Z•‡I:r+`kMU[›Cw¥<žhamJ4ŒRu ¢1‚)#N iD%o?&ІG§,ˆLH] sŽ; g-2"bPKW$Y£908}”™'_‘—.j¡~xl7n‰‹ycŸSš Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: %s %s: %s: %s %s: not a regular file%s: short writeConfigure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= numcontents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified rolecreate SELinux security context with specified typedisplay help message and exitdisplay version information and exitedit files instead of running a commandeffective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error in %s, line %d while loading plugin `%s'error in event looperror initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairfailed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsignoring duplicate I/O plugin `%s' in %s, line %dignoring duplicate policy plugin `%s' in %s, line %dignoring policy plugin `%s' in %s, line %din list mode, display privileges for userincompatible plugin major version %d (expected %d) found in %sinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalid max groups `%s' in %s, line %dinvalid valueinvalidate timestamp filelist user's privileges or check a specific command; use twice for longer formatload_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, no prompts are usedonly a single policy plugin may be specifiedplugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin %s is missing the `check_policy' methodpolicy plugin failed session initializationpreserve group vector instead of setting to target'spreserve user environment when running commandread password from standard inputremove timestamp file completelyrequires at least one argumentresource control limit has been reachedrun command (or edit file) as specified user name or IDrun command as the specified group name or IDrun command in the backgroundrun command on host (if supported by plugin)run command with the specified BSD login classrun login shell as the target user; a command may also be specifiedrun shell as the target user; a command may also be specifiedset HOME variable to target user's home dirsetproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line argumentssudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to add event to queueunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to find symbol `%s' in %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to load %s: %sunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set tty context to %sunable to set uid to %uunable to set user contextunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown policy type %d found in %sunknown uid %u: who are you?unsupported group source `%s' in %s, line %dupdate user's timestamp without running a commanduse a helper program for password promptinguse specified BSD authentication typeuse the specified password promptuser "%s" is not a member of project "%s"value too largevalue too smallwarning, resource control assignment failed for project "%s"you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo 1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-11 13:41-0700 PO-Revision-Date: 2013-12-27 17:44+0100 Last-Translator: Petr Pisar Language-Team: Czech Language: cs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PÅ™epínaÄe: %s – upraví soubory jako jiný uživatel %s – vykoná příkaz jako jiný uživatel %s zmÄ›nilo znaÄky%s je zapisovatelný pro skupinu%s není obyÄejný soubor%s není platný kontext%s je vlastnÄ›n UID %u, avÅ¡ak UID by mÄ›lo být %u%s je zapisovatelný pro vÅ¡echny%s ponechán nezmÄ›nÄ›n%s musí být zapisovatelný jen vlastníkem%s musí být vlastnÄ›n UID %d%s musí být vlastnÄ›n UID %d a mít nastaven bit setuid%s nezmÄ›nÄ›n%s%s: %s%s: %s%s: %s %s: %s: %s %s: nejedná se o obyÄejný soubor%s: krátký zápisPÅ™epínaÄe configure: %s Smí být zadán pouze jeden z pÅ™epínaÄů -e, -h, -i, -K, -l, -s, -v nebo -VSudo verze %s Neznámý signáluzavÅ™e vÅ¡echny deskriptory souboru >= Äísluobsah relace s úpravami ponechán v %su projektu „%s“ se nebylo možné navázat na výchozí množinu zdrojůnebylo možné se pÅ™ipojit k projektu „%s“vytvoří selinuxový bezpeÄnostní kontext se zadanou rolívytvoří selinuxový bezpeÄnostní kontext se zadaným typemzobrazí nápovÄ›du a skonÄízobrazí údaje o verzi a skonÄímísto spuÅ¡tÄ›ní příkazu upraví souboryefektivní UID není %d, nalézá se %s na souborovém systému s nastavenou volbou „nosuid“ nebo na souborovém systému NFS bez práv roota?efektivní UID není %d, je sudo nainstalované jako setuid vlastnÄ›né rootem?chyba v %s na řádku %d pÅ™i zavádÄ›ní modulu „%s“chyba ve smyÄce s událostmichyba pÅ™i inicializaci vstupnÄ›-výstupního modulu %schyba pÅ™i Ätení z rourychyba pÅ™i Ätení ze signální rourychyba pÅ™i Ätení z dvojice socketůnepodaÅ™ilo se získat starý kontextnepodaÅ™ilo se nastavit novou roli %snepodaÅ™ilo se nastavit nový typ %snepÅ™ekonatelná chyba, moduly nelze zavéstignoruje je násobný modul vstupu a výstupu „%s“ v %s na řádku %dignoruje je násobný modul s politikou „%s“ v %s na řádku %dignoruje se modul politiky „%s“ v %s na řádku %dv režimu výpisu zobrazí oprávnÄ›ní uživatelenesluÄitelná hlavní verze modulu %d (oÄekáváno %d) nalezena v %svnitÅ™ní chyba, pÅ™eteÄení v %svnitÅ™ní chyba, pokus o ecalloc(0)vnitÅ™ní chyba, pokus o emalloc(0)vnitÅ™ní chyba, pokus o emalloc2(0)vnitÅ™ní chyba, pokus o erealloc(0)vnitÅ™ní chyba, pokus o erealloc3(0)vnitÅ™ní chyba, pokus o erecalloc(0)neplatné maximum skupin „%s“ v %s, řádek %dneplatná hodnotazneplatní soubor s Äasovými údajivypíše oprávnÄ›ní uživatele nebo zkontroluje urÄitý příkaz; pro delší výstup použijte dvakrátload_interfaces: zjiÅ¡tÄ›no pÅ™eteÄeníprogram pro dotazování se na heslo nebyl zadán, zkuste nastavit SUDO_ASKPASSpro projekt „%s“ neexistuje žádná množina zdrojů pÅ™ijímající výchozí vazbuchybí terminál a program pro dotazování se na heslo nebyl zadánneinteraktivní režim, nepoužijí se žádné dotazylze zadat pouze jeden modul s politikouchyba modulu: programu sudoedit chybí seznam souborůmodul s politikou %s neobsahuje metodu check_policymodul s politikami %s nepodporuje získání seznamu oprávnÄ›nímodul s politikami %s nepodporuje pÅ™epínaÄe -k/-Kmodul s politikami %s nepodporuje pÅ™epínaÄ -vmodulu s politikami %s chybí metoda „check_policy“modul s politikami zruÅ¡il inicializaci relacezachová vektor skupin namísto nastavení na skupiny cílepÅ™i spuÅ¡tÄ›ní příkazu zachová prostÅ™edínaÄte heslo ze standardní vstupuúplnÄ› odstraní soubor s Äasovými údajije tÅ™eba alespoň jeden argumentomezení z řízení zdrojů bylo dosaženospustí příkaz (nebo upraví soubor) jako uživatel urÄený jménem nebo IDspustí příkaz jako skupina urÄení názvem nebo IDspustí příkaz na pozadíspustí příkaz na stroji (je-li podporováno modulem)spustí příkaz se zadanou pÅ™ihlaÅ¡ovací třídou BSDspustí pÅ™ihlaÅ¡ovací shell jako cílový uživatel; příkaz lze rovněž zadatspustí shell jako cílový uživatel; příkaz lze rovněž zadatnastaví promÄ›nnou HOME na domovský adresář uživatelevolání setproject selhalo u projektu „%s“pro projekt „%s“ neexistuje zadaná množina zdrojůpÅ™estane zpracovávat argumenty příkazového řádkuna této platformÄ› není sudoedit podporovánpÅ™epínaÄe „-A“ a „-S“ smí nesmí být použity spolupÅ™epínaÄ â€ž-E“ není platný v režimu úpravpÅ™epínaÄ â€ž-U“ smí být použit jen s pÅ™epínaÄem „-l“argument u -C musí být Äíslo vÄ›tší nebo rovno 3volaná úloha je koneÄnáudálost nelze pÅ™idat do frontynelze alokovat PTYpracovní adresář nelze zmÄ›nit na %skoÅ™enový adresář nelze zmÄ›nit na %snelze zmÄ›nit UID na (%u, %u)UID nelze zmÄ›nit na roota (%u)nelze vytvoÅ™it rourunelze vytvoÅ™it socketynepodaÅ™ilo se urÄit režim vynucování SELinuxu.standardní vstup nelze zduplikovat voláním dup2%s nelze spustitnelze získat kontext souboru %s pomocí fgetfileconv %s nelze nalézt symbol „%s“nelze vytvoÅ™it potomkanelze získat kontext souÄasného TTY, TTY nebude znaÄka pÅ™epsánavýchozí typ pro roli %s nelze získatnelze získat vektor skupinnelze získat nový kontext TTY, TTY nebude znaÄka pÅ™epsánamodul s politikami nelze inicializovat%s nelze zavést: %s%s nelze otevřít%s nelze otevřít, TTY nebude znaÄka pÅ™epsánanelze otevřít auditní systémnelze otevřít socketnelze otevřít databázi uživatelůnelze pÅ™eÄíst doÄasný souborz PRIV_LIMIT nelze odstranit PRIV_PROC_EXECnelze obnovit kontext %sregistr nelze obnovitstandardní vstup nelze obnovitnelze obnovit znaÄku TTY%s nelze spustitstandardní vstup nelze uložitnelze odeslat auditní zprávuřídicí terminál nelze nastavitefektivní GID nelze nastavit na %unepodaÅ™ilo se nastavit kontext pro spuÅ¡tÄ›ní na %sGID nelze nastavit na %uGID nelze nastavit na %unepodaÅ™ilo se nastavit kontext pro vytváření klíÄů na %snelze nastavit nový kontext TTYnelze nastavit prioritu procesunelze nastavit ID doplňkových skupinterminál nelze pÅ™epnout do syrového režimunepodaÅ™ilo se nastavit kontext TTY na %sUID nelze nastavit na %unelze nastavit kontext uživatelenelze získat údaje o %snelze se pÅ™epnout do registru „%s“ pro %sdo %s nelze zapsatneoÄekávaný důvod ukonÄení potomka: %dneoÄekávaný druh odpovÄ›di na zpÄ›tném kanálu: %dneoÄekávaný režim programu sudo 0x%xneznámá pÅ™ihlaÅ¡ovací třída %sv %2$s nalezen neznámý druh politiky %1$dneznámé UID %u: kdo jsi?nepodporovaný zdroj skupin „%s“ v %s, řádek %daktualizuje Äasové údaje uživatele bez spuÅ¡tÄ›ní příkazudotazuje se na heslo prostÅ™ednictvím pomocného programupoužije zadaný druh BSD autentizacepoužije urÄený dotaz na heslouživatel „%s“ není Älenem projektu „%s“hodnota je příliÅ¡ velkáhodnota je příliÅ¡ malápozor, nepodaÅ™ilo se pÅ™iÅ™adit řízení zdrojů projektu „%s“nesmíte zadávat pÅ™epínaÄe „-i“ a „-E“ spolunesmíte zadávat pÅ™epínaÄe „-i“ a „-s“ spoluv režimu úprav nesmíte zadávat promÄ›nné prostÅ™edípro typ %s musíte zadat rolisudo-1.8.9p5/src/po/cs.po010064400175440000012000000550631226304126300145260ustar00millertstaff# Portable object template file for sudo # This file is put in the public domain. # Todd C. Miller , 2011-2013 # Petr Pisar , 2013. # msgid "" msgstr "" "Project-Id-Version: sudo 1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-11 13:41-0700\n" "PO-Revision-Date: 2013-12-27 17:44+0100\n" "Last-Translator: Petr Pisar \n" "Language-Team: Czech \n" "Language: cs\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: common/aix.c:93 common/aix.c:150 msgid "unable to open userdb" msgstr "nelze otevřít databázi uživatelů" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "nelze se pÅ™epnout do registru „%s“ pro %s" #: common/aix.c:170 msgid "unable to restore registry" msgstr "registr nelze obnovit" #: common/alloc.c:81 msgid "internal error, tried to emalloc(0)" msgstr "vnitÅ™ní chyba, pokus o emalloc(0)" #: common/alloc.c:98 msgid "internal error, tried to emalloc2(0)" msgstr "vnitÅ™ní chyba, pokus o emalloc2(0)" #: common/alloc.c:100 common/alloc.c:122 common/alloc.c:162 common/alloc.c:185 #, c-format msgid "internal error, %s overflow" msgstr "vnitÅ™ní chyba, pÅ™eteÄení v %s" #: common/alloc.c:119 msgid "internal error, tried to ecalloc(0)" msgstr "vnitÅ™ní chyba, pokus o ecalloc(0)" #: common/alloc.c:141 msgid "internal error, tried to erealloc(0)" msgstr "vnitÅ™ní chyba, pokus o erealloc(0)" #: common/alloc.c:160 msgid "internal error, tried to erealloc3(0)" msgstr "vnitÅ™ní chyba, pokus o erealloc3(0)" #: common/alloc.c:183 msgid "internal error, tried to erecalloc(0)" msgstr "vnitÅ™ní chyba, pokus o erecalloc(0)" #: common/atoid.c:78 common/atoid.c:106 common/atomode.c:54 #: compat/strtonum.c:65 compat/strtonum.c:183 msgid "invalid value" msgstr "neplatná hodnota" #: common/atoid.c:85 common/atoid.c:113 common/atomode.c:60 #: compat/strtonum.c:68 compat/strtonum.c:195 msgid "value too large" msgstr "hodnota je příliÅ¡ velká" #: common/atoid.c:91 common/atomode.c:60 compat/strtonum.c:68 #: compat/strtonum.c:189 msgid "value too small" msgstr "hodnota je příliÅ¡ malá" #: common/fatal.c:158 #, c-format msgid "%s: %s: %s\n" msgstr "%s: %s: %s\n" #: common/fatal.c:161 common/fatal.c:165 #, c-format msgid "%s: %s\n" msgstr "%s: %s\n" #: common/gidlist.c:80 src/load_plugins.c:63 src/load_plugins.c:76 #: src/sudo.c:558 src/sudo.c:577 src/sudo.c:599 src/sudo.c:608 src/sudo.c:617 #: src/sudo.c:632 src/sudo.c:679 src/sudo.c:689 #, c-format msgid "%s: %s" msgstr "%s: %s" #: common/sudo_conf.c:177 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "nepodporovaný zdroj skupin „%s“ v %s, řádek %d" #: common/sudo_conf.c:191 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "neplatné maximum skupin „%s“ v %s, řádek %d" #: common/sudo_conf.c:391 #, c-format msgid "unable to stat %s" msgstr "nelze získat údaje o %s" #: common/sudo_conf.c:394 #, c-format msgid "%s is not a regular file" msgstr "%s není obyÄejný soubor" #: common/sudo_conf.c:397 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s je vlastnÄ›n UID %u, avÅ¡ak UID by mÄ›lo být %u" #: common/sudo_conf.c:401 #, c-format msgid "%s is world writable" msgstr "%s je zapisovatelný pro vÅ¡echny" #: common/sudo_conf.c:404 #, c-format msgid "%s is group writable" msgstr "%s je zapisovatelný pro skupinu" #: common/sudo_conf.c:414 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "%s nelze otevřít" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Neznámý signál" #: src/exec.c:133 src/exec_pty.c:744 msgid "policy plugin failed session initialization" msgstr "modul s politikami zruÅ¡il inicializaci relace" #: src/exec.c:138 src/exec_pty.c:760 src/exec_pty.c:1272 src/tgetpass.c:221 msgid "unable to fork" msgstr "nelze vytvoÅ™it potomka" #: src/exec.c:309 src/exec.c:317 src/exec.c:841 src/exec_pty.c:507 #: src/exec_pty.c:512 src/exec_pty.c:570 src/exec_pty.c:577 src/exec_pty.c:870 #: src/exec_pty.c:880 src/exec_pty.c:925 src/exec_pty.c:932 #: src/exec_pty.c:1334 src/exec_pty.c:1341 src/exec_pty.c:1348 msgid "unable to add event to queue" msgstr "událost nelze pÅ™idat do fronty" #: src/exec.c:394 msgid "unable to create sockets" msgstr "nelze vytvoÅ™it sockety" #: src/exec.c:477 msgid "error in event loop" msgstr "chyba ve smyÄce s událostmi" #: src/exec.c:492 msgid "unable to restore tty label" msgstr "nelze obnovit znaÄku TTY" #: src/exec_common.c:73 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "z PRIV_LIMIT nelze odstranit PRIV_PROC_EXEC" #: src/exec_pty.c:184 msgid "unable to allocate pty" msgstr "nelze alokovat PTY" #: src/exec_pty.c:682 src/exec_pty.c:691 src/exec_pty.c:699 #: src/exec_pty.c:1192 src/exec_pty.c:1269 src/signal.c:126 src/tgetpass.c:218 msgid "unable to create pipe" msgstr "nelze vytvoÅ™it rouru" #: src/exec_pty.c:735 msgid "unable to set terminal to raw mode" msgstr "terminál nelze pÅ™epnout do syrového režimu" #: src/exec_pty.c:1091 msgid "error reading from signal pipe" msgstr "chyba pÅ™i Ätení ze signální roury" #: src/exec_pty.c:1124 msgid "error reading from pipe" msgstr "chyba pÅ™i Ätení z roury" #: src/exec_pty.c:1149 msgid "error reading from socketpair" msgstr "chyba pÅ™i Ätení z dvojice socketů" #: src/exec_pty.c:1158 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "neoÄekávaný druh odpovÄ›di na zpÄ›tném kanálu: %d" #: src/exec_pty.c:1248 msgid "unable to set controlling tty" msgstr "řídicí terminál nelze nastavit" #: src/load_plugins.c:61 src/load_plugins.c:74 src/load_plugins.c:91 #: src/load_plugins.c:144 src/load_plugins.c:150 src/load_plugins.c:156 #: src/load_plugins.c:197 src/load_plugins.c:204 src/load_plugins.c:211 #: src/load_plugins.c:217 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "chyba v %s na řádku %d pÅ™i zavádÄ›ní modulu „%s“" #: src/load_plugins.c:93 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:152 #, c-format msgid "%s must be owned by uid %d" msgstr "%s musí být vlastnÄ›n UID %d" #: src/load_plugins.c:158 #, c-format msgid "%s must be only be writable by owner" msgstr "%s musí být zapisovatelný jen vlastníkem" #: src/load_plugins.c:199 #, c-format msgid "unable to load %s: %s" msgstr "%s nelze zavést: %s" #: src/load_plugins.c:206 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "v %s nelze nalézt symbol „%s“" #: src/load_plugins.c:213 #, c-format msgid "unknown policy type %d found in %s" msgstr "v %2$s nalezen neznámý druh politiky %1$d" #: src/load_plugins.c:219 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "nesluÄitelná hlavní verze modulu %d (oÄekáváno %d) nalezena v %s" #: src/load_plugins.c:228 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "ignoruje se modul politiky „%s“ v %s na řádku %d" #: src/load_plugins.c:230 msgid "only a single policy plugin may be specified" msgstr "lze zadat pouze jeden modul s politikou" #: src/load_plugins.c:233 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "ignoruje je násobný modul s politikou „%s“ v %s na řádku %d" #: src/load_plugins.c:248 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "ignoruje je násobný modul vstupu a výstupu „%s“ v %s na řádku %d" #: src/load_plugins.c:319 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "modul s politikou %s neobsahuje metodu check_policy" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 msgid "load_interfaces: overflow detected" msgstr "load_interfaces: zjiÅ¡tÄ›no pÅ™eteÄení" #: src/net_ifs.c:226 msgid "unable to open socket" msgstr "nelze otevřít socket" #: src/parse_args.c:246 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "argument u -C musí být Äíslo vÄ›tší nebo rovno 3" #: src/parse_args.c:408 msgid "you may not specify both the `-i' and `-s' options" msgstr "nesmíte zadávat pÅ™epínaÄe „-i“ a „-s“ spolu" #: src/parse_args.c:412 msgid "you may not specify both the `-i' and `-E' options" msgstr "nesmíte zadávat pÅ™epínaÄe „-i“ a „-E“ spolu" #: src/parse_args.c:422 msgid "the `-E' option is not valid in edit mode" msgstr "pÅ™epínaÄ â€ž-E“ není platný v režimu úprav" #: src/parse_args.c:424 msgid "you may not specify environment variables in edit mode" msgstr "v režimu úprav nesmíte zadávat promÄ›nné prostÅ™edí" #: src/parse_args.c:432 msgid "the `-U' option may only be used with the `-l' option" msgstr "pÅ™epínaÄ â€ž-U“ smí být použit jen s pÅ™epínaÄem „-l“" #: src/parse_args.c:436 msgid "the `-A' and `-S' options may not be used together" msgstr "pÅ™epínaÄe „-A“ a „-S“ smí nesmí být použity spolu" #: src/parse_args.c:519 msgid "sudoedit is not supported on this platform" msgstr "na této platformÄ› není sudoedit podporován" #: src/parse_args.c:592 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Smí být zadán pouze jeden z pÅ™epínaÄů -e, -h, -i, -K, -l, -s, -v nebo -V" #: src/parse_args.c:606 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s – upraví soubory jako jiný uživatel\n" "\n" #: src/parse_args.c:608 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s – vykoná příkaz jako jiný uživatel\n" "\n" #: src/parse_args.c:613 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "PÅ™epínaÄe:\n" #: src/parse_args.c:615 msgid "use a helper program for password prompting" msgstr "dotazuje se na heslo prostÅ™ednictvím pomocného programu" #: src/parse_args.c:618 msgid "use specified BSD authentication type" msgstr "použije zadaný druh BSD autentizace" #: src/parse_args.c:621 msgid "run command in the background" msgstr "spustí příkaz na pozadí" #: src/parse_args.c:623 msgid "close all file descriptors >= num" msgstr "uzavÅ™e vÅ¡echny deskriptory souboru >= Äíslu" #: src/parse_args.c:626 msgid "run command with the specified BSD login class" msgstr "spustí příkaz se zadanou pÅ™ihlaÅ¡ovací třídou BSD" #: src/parse_args.c:629 msgid "preserve user environment when running command" msgstr "pÅ™i spuÅ¡tÄ›ní příkazu zachová prostÅ™edí" #: src/parse_args.c:631 msgid "edit files instead of running a command" msgstr "místo spuÅ¡tÄ›ní příkazu upraví soubory" #: src/parse_args.c:633 msgid "run command as the specified group name or ID" msgstr "spustí příkaz jako skupina urÄení názvem nebo ID" #: src/parse_args.c:635 msgid "set HOME variable to target user's home dir" msgstr "nastaví promÄ›nnou HOME na domovský adresář uživatele" #: src/parse_args.c:637 msgid "display help message and exit" msgstr "zobrazí nápovÄ›du a skonÄí" #: src/parse_args.c:639 msgid "run command on host (if supported by plugin)" msgstr "spustí příkaz na stroji (je-li podporováno modulem)" #: src/parse_args.c:641 msgid "run login shell as the target user; a command may also be specified" msgstr "spustí pÅ™ihlaÅ¡ovací shell jako cílový uživatel; příkaz lze rovněž zadat" #: src/parse_args.c:643 msgid "remove timestamp file completely" msgstr "úplnÄ› odstraní soubor s Äasovými údaji" #: src/parse_args.c:645 msgid "invalidate timestamp file" msgstr "zneplatní soubor s Äasovými údaji" #: src/parse_args.c:647 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "vypíše oprávnÄ›ní uživatele nebo zkontroluje urÄitý příkaz; pro delší výstup použijte dvakrát" #: src/parse_args.c:649 msgid "non-interactive mode, no prompts are used" msgstr "neinteraktivní režim, nepoužijí se žádné dotazy" #: src/parse_args.c:651 msgid "preserve group vector instead of setting to target's" msgstr "zachová vektor skupin namísto nastavení na skupiny cíle" #: src/parse_args.c:653 msgid "use the specified password prompt" msgstr "použije urÄený dotaz na heslo" #: src/parse_args.c:656 msgid "create SELinux security context with specified role" msgstr "vytvoří selinuxový bezpeÄnostní kontext se zadanou rolí" #: src/parse_args.c:659 msgid "read password from standard input" msgstr "naÄte heslo ze standardní vstupu" #: src/parse_args.c:661 msgid "run shell as the target user; a command may also be specified" msgstr "spustí shell jako cílový uživatel; příkaz lze rovněž zadat" #: src/parse_args.c:664 msgid "create SELinux security context with specified type" msgstr "vytvoří selinuxový bezpeÄnostní kontext se zadaným typem" #: src/parse_args.c:667 msgid "in list mode, display privileges for user" msgstr "v režimu výpisu zobrazí oprávnÄ›ní uživatele" #: src/parse_args.c:669 msgid "run command (or edit file) as specified user name or ID" msgstr "spustí příkaz (nebo upraví soubor) jako uživatel urÄený jménem nebo ID" #: src/parse_args.c:671 msgid "display version information and exit" msgstr "zobrazí údaje o verzi a skonÄí" #: src/parse_args.c:673 msgid "update user's timestamp without running a command" msgstr "aktualizuje Äasové údaje uživatele bez spuÅ¡tÄ›ní příkazu" #: src/parse_args.c:675 msgid "stop processing command line arguments" msgstr "pÅ™estane zpracovávat argumenty příkazového řádku" #: src/selinux.c:77 msgid "unable to open audit system" msgstr "nelze otevřít auditní systém" #: src/selinux.c:85 msgid "unable to send audit message" msgstr "nelze odeslat auditní zprávu" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "nelze získat kontext souboru %s pomocí fgetfilecon" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s zmÄ›nilo znaÄky" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "nelze obnovit kontext %s" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "%s nelze otevřít, TTY nebude znaÄka pÅ™epsána" #: src/selinux.c:172 msgid "unable to get current tty context, not relabeling tty" msgstr "nelze získat kontext souÄasného TTY, TTY nebude znaÄka pÅ™epsána" #: src/selinux.c:179 msgid "unable to get new tty context, not relabeling tty" msgstr "nelze získat nový kontext TTY, TTY nebude znaÄka pÅ™epsána" #: src/selinux.c:186 msgid "unable to set new tty context" msgstr "nelze nastavit nový kontext TTY" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "pro typ %s musíte zadat roli" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "výchozí typ pro roli %s nelze získat" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "nepodaÅ™ilo se nastavit novou roli %s" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "nepodaÅ™ilo se nastavit nový typ %s" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s není platný kontext" #: src/selinux.c:324 msgid "failed to get old_context" msgstr "nepodaÅ™ilo se získat starý kontext" #: src/selinux.c:330 msgid "unable to determine enforcing mode." msgstr "nepodaÅ™ilo se urÄit režim vynucování SELinuxu." #: src/selinux.c:342 #, c-format msgid "unable to set tty context to %s" msgstr "nepodaÅ™ilo se nastavit kontext TTY na %s" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "nepodaÅ™ilo se nastavit kontext pro spuÅ¡tÄ›ní na %s" #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "nepodaÅ™ilo se nastavit kontext pro vytváření klíÄů na %s" #: src/sesh.c:57 msgid "requires at least one argument" msgstr "je tÅ™eba alespoň jeden argument" #: src/sesh.c:78 src/sudo.c:1088 #, c-format msgid "unable to execute %s" msgstr "%s nelze spustit" #: src/solaris.c:88 msgid "resource control limit has been reached" msgstr "omezení z řízení zdrojů bylo dosaženo" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "uživatel „%s“ není Älenem projektu „%s“" #: src/solaris.c:95 msgid "the invoking task is final" msgstr "volaná úloha je koneÄná" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "nebylo možné se pÅ™ipojit k projektu „%s“" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "pro projekt „%s“ neexistuje žádná množina zdrojů pÅ™ijímající výchozí vazbu" #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "pro projekt „%s“ neexistuje zadaná množina zdrojů" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "u projektu „%s“ se nebylo možné navázat na výchozí množinu zdrojů" #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "volání setproject selhalo u projektu „%s“" #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "pozor, nepodaÅ™ilo se pÅ™iÅ™adit řízení zdrojů projektu „%s“" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo verze %s\n" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "PÅ™epínaÄe configure: %s\n" #: src/sudo.c:203 msgid "fatal error, unable to load plugins" msgstr "nepÅ™ekonatelná chyba, moduly nelze zavést" #: src/sudo.c:211 msgid "unable to initialize policy plugin" msgstr "modul s politikami nelze inicializovat" #: src/sudo.c:267 #, c-format msgid "error initializing I/O plugin %s" msgstr "chyba pÅ™i inicializaci vstupnÄ›-výstupního modulu %s" #: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "neoÄekávaný režim programu sudo 0x%x" #: src/sudo.c:413 msgid "unable to get group vector" msgstr "nelze získat vektor skupin" #: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "neznámé UID %u: kdo jsi?" #: src/sudo.c:762 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s musí být vlastnÄ›n UID %d a mít nastaven bit setuid" #: src/sudo.c:765 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "efektivní UID není %d, nalézá se %s na souborovém systému s nastavenou volbou „nosuid“ nebo na souborovém systému NFS bez práv roota?" #: src/sudo.c:771 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "efektivní UID není %d, je sudo nainstalované jako setuid vlastnÄ›né rootem?" #: src/sudo.c:897 #, c-format msgid "unknown login class %s" msgstr "neznámá pÅ™ihlaÅ¡ovací třída %s" #: src/sudo.c:910 msgid "unable to set user context" msgstr "nelze nastavit kontext uživatele" #: src/sudo.c:924 msgid "unable to set supplementary group IDs" msgstr "nelze nastavit ID doplňkových skupin" #: src/sudo.c:931 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "efektivní GID nelze nastavit na %u" #: src/sudo.c:937 #, c-format msgid "unable to set gid to runas gid %u" msgstr "GID nelze nastavit na %u" #: src/sudo.c:944 msgid "unable to set process priority" msgstr "nelze nastavit prioritu procesu" #: src/sudo.c:952 #, c-format msgid "unable to change root to %s" msgstr "koÅ™enový adresář nelze zmÄ›nit na %s" #: src/sudo.c:965 src/sudo.c:971 src/sudo.c:977 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "nelze zmÄ›nit UID na (%u, %u)" #: src/sudo.c:994 #, c-format msgid "unable to change directory to %s" msgstr "pracovní adresář nelze zmÄ›nit na %s" #: src/sudo.c:1051 #, c-format msgid "unexpected child termination condition: %d" msgstr "neoÄekávaný důvod ukonÄení potomka: %d" #: src/sudo.c:1108 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "modulu s politikami %s chybí metoda „check_policy“" #: src/sudo.c:1121 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "modul s politikami %s nepodporuje získání seznamu oprávnÄ›ní" #: src/sudo.c:1133 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "modul s politikami %s nepodporuje pÅ™epínaÄ -v" #: src/sudo.c:1145 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "modul s politikami %s nepodporuje pÅ™epínaÄe -k/-K" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "UID nelze zmÄ›nit na roota (%u)" #: src/sudo_edit.c:142 msgid "plugin error: missing file list for sudoedit" msgstr "chyba modulu: programu sudoedit chybí seznam souborů" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: nejedná se o obyÄejný soubor" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: krátký zápis" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s ponechán nezmÄ›nÄ›n" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s nezmÄ›nÄ›n" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "do %s nelze zapsat" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "obsah relace s úpravami ponechán v %s" #: src/sudo_edit.c:314 msgid "unable to read temporary file" msgstr "nelze pÅ™eÄíst doÄasný soubor" #: src/tgetpass.c:90 msgid "no tty present and no askpass program specified" msgstr "chybí terminál a program pro dotazování se na heslo nebyl zadán" #: src/tgetpass.c:99 msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "program pro dotazování se na heslo nebyl zadán, zkuste nastavit SUDO_ASKPASS" #: src/tgetpass.c:232 #, c-format msgid "unable to set gid to %u" msgstr "GID nelze nastavit na %u" #: src/tgetpass.c:236 #, c-format msgid "unable to set uid to %u" msgstr "UID nelze nastavit na %u" #: src/tgetpass.c:241 #, c-format msgid "unable to run %s" msgstr "%s nelze spustit" #: src/utmp.c:278 msgid "unable to save stdin" msgstr "standardní vstup nelze uložit" #: src/utmp.c:280 msgid "unable to dup2 stdin" msgstr "standardní vstup nelze zduplikovat voláním dup2" #: src/utmp.c:283 msgid "unable to restore stdin" msgstr "standardní vstup nelze obnovit" #~ msgid "value out of range" #~ msgstr "hodnota je mimo rozsah" #~ msgid "select failed" #~ msgstr "volání select selhalo" sudo-1.8.9p5/src/po/da.mo010064400175440000012000000405331226304146200144770ustar00millertstaffÞ•§Tߌ  !(6_q†Ÿ#¹Ýò$*6E |‰’™ ¡­ÄÔIë5F!U#w8›Ô3ð3$X$v'›{Ã7?.w¦ ºÛó0Jd#~1¢4Ô* )4>^#¹#Ý$$&%K%q&— ¾ÌOæ"66YC/Ô),.,[7ˆ4À3õ/)5Y+4».ð! Ab'7©-á,-.ZC‰=Í+ "77Z&’*¹2ä)5A>w¶Ñî &&B!i‹¡#ºÞó !B5Q&‡®1É"û4%Flˆž´/Ò  # > V r ƒ ˜ µ +Ó ÿ  !!8!(Z!ƒ!¡!%À!"æ! ")"A"\"(n"—"*­"(Ø"##"2#U#,r#1Ÿ#+Ñ#%ý#!#$)E$o$$<$2Ì$2ÿ$62%#i%h% ö&('-*'X'n'ˆ'£'$Á'æ'þ'$(8(7U( (š(£(ª( ²(¾(×( ê(D )P) a)o)+)<»)$ø)1*0O*€*!›*/½*‘í*9+A¹+û+5,G,'g, ,1°,â,-/-<M-?Š-6Ê-*.M,.z.$“.$¸.%Ý.%/&)/&P/+w/£/²/`Í/$.0=S0M‘04ß0014E15z1F°1C÷1<;29x2>²2@ñ2523)h3$’3!·3Ù3%ô3A43\44?«4*ë4B5<Y5/–5%Æ53ì5/ 61P62‚66µ64ì6;!7]7#x7œ7´7-Ó7(8#*8#N8r87Œ8Ä8Ø8ê8#9(9C<9+€9¬9@Ë91 :>:Y:/k:$›:À:Ø:î:- ;!;;];x;;¯;Á;$Ú;$ÿ;-$<(R<{<&–<2½<ð<!=*2=3]=%‘=·=Ò=ñ=*>3>+J>/v>¦>Á>!Ø>ú>4?5J?5€?!¶?#Ø?0ü?-@=@>N@8@7Æ@8þ@#7A3XVt5˜E>^|T€*„/!@FOBpze  Aƒ6“–\ …Qdœqv{’=¤f¦(Z•‡I:r+`kMU[›Cw¥<žhamJ4ŒRu ¢1‚)#N iD%o?&ІG§,ˆLH] sŽ; g-2"bPKW$Y£908}”™'_‘—.j¡~xl7n‰‹ycŸSš Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: %s %s: %s: %s %s: not a regular file%s: short writeConfigure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= numcontents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified rolecreate SELinux security context with specified typedisplay help message and exitdisplay version information and exitedit files instead of running a commandeffective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error in %s, line %d while loading plugin `%s'error in event looperror initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairfailed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsignoring duplicate I/O plugin `%s' in %s, line %dignoring duplicate policy plugin `%s' in %s, line %dignoring policy plugin `%s' in %s, line %din list mode, display privileges for userincompatible plugin major version %d (expected %d) found in %sinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalid max groups `%s' in %s, line %dinvalid valueinvalidate timestamp filelist user's privileges or check a specific command; use twice for longer formatload_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, no prompts are usedonly a single policy plugin may be specifiedplugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin %s is missing the `check_policy' methodpolicy plugin failed session initializationpreserve group vector instead of setting to target'spreserve user environment when running commandread password from standard inputremove timestamp file completelyrequires at least one argumentresource control limit has been reachedrun command (or edit file) as specified user name or IDrun command as the specified group name or IDrun command in the backgroundrun command on host (if supported by plugin)run command with the specified BSD login classrun login shell as the target user; a command may also be specifiedrun shell as the target user; a command may also be specifiedset HOME variable to target user's home dirsetproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line argumentssudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to add event to queueunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to find symbol `%s' in %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to load %s: %sunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set tty context to %sunable to set uid to %uunable to set user contextunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown policy type %d found in %sunknown uid %u: who are you?unsupported group source `%s' in %s, line %dupdate user's timestamp without running a commanduse a helper program for password promptinguse specified BSD authentication typeuse the specified password promptuser "%s" is not a member of project "%s"value too largevalue too smallwarning, resource control assignment failed for project "%s"you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo 1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-11 13:41-0700 PO-Revision-Date: 2013-12-28 23:06+0100 Last-Translator: Joe Hansen Language-Team: Danish Language: da MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tilvalg: %s - rediger filer som en anden bruger %s - udfør en kommando som en anden bruger %s ændrede etiketter%s er skrivbar for gruppe%s er ikke en regulær fil%s er ikke en gyldig kontekst%s er ejet af uid %u, burde være %u%s er skrivbar for alle%s tilbage uændrede%s mÃ¥ kun være skrivbar for ejeren%s skal være ejet af uid %d%s skal være ejet af uid %d og have setuid bit angivet%s uændrede%s%s: %s%s: %s%s: %s %s: %s: %s %s: ikke en regulær fil%s: kort skrivningKonfigurationsindstillinger: %s Kun et af tilvalgene -e, -h, -i, -K, -l, -s, -v eller -V mÃ¥ angivesSudo version %s ukendt signalluk alle filbeskrivelser >= numindhold fra redigeringssession tilbage i %skunne ikke binde til standardressourcekø for projekt »%s«kunne ikke slutte til projekt »%s«opret SELinux-sikkerhedskontekt med angivet rolleopret SELinux-sikkerhedskontekt med angivet typevis hjælpetekst og afslutvis versionsinformation og afslutrediger filer i stedet for at køre en kommandoeffektiv uid er ikke %d, er %s pÃ¥ et filsystem med indstillingen »nosuid« angivet eller et NFS-filsytsem uden administratorprivilegier (root)?effektiv uid er ikke %d, er sudo installeret setuid root?fejl i %s, linje %d under indlæsning af udvidelsesmodulet »%s«fejl i hændelsesloopfejl under initialisering af I/O-udvidelsesmodulet %sfejl ved læsning fra datakanalfejl under læsning fra signaldatakanalfejl ved læsning fra socketpairkunne ikke indhente gammel_kontekst (old_context)kunne ikke angive ny rolle %skunne ikke angive ny type %sfatal fejl, kan ikke indlæse udvidelsesmodulerignorerer duplikat I/O-udvidelsesmodul »%s« i %s, linje %dignorerer duplikat politikudvidelsesmodul »%s« i %s, linje %dignorerer politikudvidelsesmodul »%s« i %s, linje %di vis-tilstand, vis privilegier for brugerinkompatibelt udvidelsesmodul for hovedversion %d (forventede %d) fundet i %sintern fejl, %s-overløbintern fejl, forsøgte at ecalloc(0)intern fejl, forsøgte at emalloc(0)intern fejl, forsøgte at emalloc2(0)intern fejl, forsøgte at erealloc(0)intern fejl, forsøgte at erealloc3(0)intern fejl, forsøgte at erecalloc(0)ugyldige maks grupper »%s« i %s, linje %dugyldig værdiugyldiggør tidsstempelfilvis brugers privilegier eller kontroller en specifik kommando; brug to gange for længere formatload_interfaces: overløb detekteretintet askpass-program angivet, forsøg at angive SUDO_ASKPASSingen ressourcekø som accepterer standardbindinger findes for projekt »%s«ingen tty til stede og intet askpass-program angivetikkeinteraktiv tilstand, vil ikke spørge brugerkun et udvidelsesmodul for politik mÃ¥ være angivetfejl i udvidelsesmodul: mangler filliste for sudoeditpolitikudvidelsesmodulet %s inkluderer ikke en metode for check_policypolitikudvidelsesmodul %s understøter ikke listning af privilegierpolitikudvidelsesmodul %s understøtter ikke tilvalget -k/-Kpolitikudvidelsesmodul %s understøtter ikke tilvalget -vpolitikudvidelsesmodulet %s mangler i metoden »check_policy«udvidelsesmodul for politik mislykkedes i sessionsinitialiseringbevar gruppevektor i stedet for at sætte til mÃ¥letsbevar brugermiljø nÃ¥r kommando udføreslæs adgangskode fra standardinddatafjern tidsstempelfil fuldstændigkræver mindst et argumentgrænse for ressourcekontrol er nÃ¥etkør kommando (eller rediger fil) som angivet brugernavn eller IDudfør kommando som det angivne gruppenavn eller IDkør kommando i baggrundenkør kommando pÃ¥ vært (hvis understøttet af udvidelsesmodul)kør kommando med angivet BSD-logindklassekør en logindskal som mÃ¥lbrugeren; en kommando kan ogsÃ¥ angiveskør skal som mÃ¥lbruger; en kommando kan ogsÃ¥ specificeresangiv HOME-variabel til mÃ¥lbrugers hjemmemappesetproject fejlede for projekt »%s«angivet ressourcekø findes ikke for projekt »%s«stop behandling af parametre for kommandolinjensudoedit er ikke understøttet pÃ¥ denne platformtilvalgene »-A« og »-S« mÃ¥ ikke bruges sammentilvalget »-E« er ikke gyldigt i redigeringstilstandtilvalget »-U« mÃ¥ kun bruges med tilvalget »-l«argumentet for -C skal være et tal større end eller lig 3start af opgave er færdigkan ikke tilføje hændelse til køkunne ikke allokere ptykunne ikke ændre mappe til %skunne ikke ændre administrator (root) til %skunne ikke ændre til runas uid (%u, %u)kunne ikke ændre uid til root (%u)kunne ikke oprette datakanal (pipe)kunne ikke oprette soklerkunne ikke bestemme tilstanden gennemtving (enforcing).kan ikke dup2 stdinkan ikke køre %skunne ikke fgetfilecon %skunne ikke finde symbol »%s« i %skunne ikke forgrenekan ikke indhente aktuel tty-kontekst, giver ikke ny etiket til ttykan ikke indhente standardtype for rolle %skan ikke indhente gruppevektorkan ikke indhente ny tty-kontekst, giver ikke nyt etiket til ttykan ikke initialisere udvidelsesmodul for politikkunne ikke indlæse %s: %skan ikke Ã¥bne %skan ikke Ã¥bne %s, giver ikke ny etiket til ttykunne ikke Ã¥bne overvÃ¥gningssystemkunne ikke Ã¥bne sokkelkan ikke Ã¥bne userdbkan ikke læse midlertidig filkan ikke fjerne PRIV_PROC_EXEC fra PRIV_LIMITkan ikke gendanne kontekst for %skan ikke gendanne registerkan ikke gendanne stdinkunne ikke gendanne tty-etiketkan ikke køre %skan ikke gemme til stdinkunne ikke sende overvÃ¥gningsbeskedkunne ikke angive kontrollerende ttykan ikke angive effektiv gid til runas gid %ukunne ikke angive kørselskontekt til %skan ikke angive gid til %ukunne ikke angive gid til runas gid %ukunne ikke angive nøgleoprettelseskontekst til %skan ikke angive ny tty-kontekstkunne ikke angive procesprioritetkunne ikke angive supplerende gruppe-id'erkunne ikke angive terminal til tilstanden rÃ¥ (raw)kunne ikke angive tty-kontekst for %skan ikke angive uid til %ukan ikke angive brugerkontekstkan ikke køre stat %skan ikke skifte til register »%s« for %skan ikke skrive til %suventet underbetingelse for terminering: %duventet svartype pÃ¥ bagkanal (backchannel): %duventet sudo-tilstand 0x%xukendt logindklasse %sukendt politiktype %d fundet i %sukendt uid %u: hvem er du?ikke understøttet gruppekilde »%s« i %s, linje %dopdater brugers tidsstempel uden at køre en kommandobrug et hjælpeprogram for indhentelse af adgangskodebrug angivet BSD-godkendelsestypebrug angivet logind for adgangskodebruger »%s« er ikke medlem af projektet »%s«værdi for storværdi for lilleadvarsel, ressourcekontroltildeling fejlede for projekt »%s«du kan ikke samtidig angive tilvalgende »-i« og »-E«du kan ikke samtidig angive tilvalgene »-i« og »-s«du mÃ¥ ikke angive miljøvariabler i redigeringstilstanddu skal angive en rolle for type %ssudo-1.8.9p5/src/po/da.po010064400175440000012000000546001226304126300145010ustar00millertstaff# Danish translation of sudo. # This file is put in the public domain. # Joe Hansen , 2011, 2012, 2013. # # audit -> overvÃ¥gning # overflow -> overløb # # projekt bruger konsekvent smÃ¥ bogstaver, og sÃ¥ i starten af sætninger, sÃ¥ # dette er ogsÃ¥ valgt pÃ¥ dansk uanset at der er : som efterfølgende normalt # ville have stort begyndelsesbogstav pÃ¥ dansk. # msgid "" msgstr "" "Project-Id-Version: sudo 1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-11 13:41-0700\n" "PO-Revision-Date: 2013-12-28 23:06+0100\n" "Last-Translator: Joe Hansen \n" "Language-Team: Danish \n" "Language: da\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: common/aix.c:93 common/aix.c:150 msgid "unable to open userdb" msgstr "kan ikke Ã¥bne userdb" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "kan ikke skifte til register »%s« for %s" #: common/aix.c:170 msgid "unable to restore registry" msgstr "kan ikke gendanne register" #: common/alloc.c:81 msgid "internal error, tried to emalloc(0)" msgstr "intern fejl, forsøgte at emalloc(0)" #: common/alloc.c:98 msgid "internal error, tried to emalloc2(0)" msgstr "intern fejl, forsøgte at emalloc2(0)" #: common/alloc.c:100 common/alloc.c:122 common/alloc.c:162 common/alloc.c:185 #, c-format msgid "internal error, %s overflow" msgstr "intern fejl, %s-overløb" #: common/alloc.c:119 msgid "internal error, tried to ecalloc(0)" msgstr "intern fejl, forsøgte at ecalloc(0)" #: common/alloc.c:141 msgid "internal error, tried to erealloc(0)" msgstr "intern fejl, forsøgte at erealloc(0)" #: common/alloc.c:160 msgid "internal error, tried to erealloc3(0)" msgstr "intern fejl, forsøgte at erealloc3(0)" #: common/alloc.c:183 msgid "internal error, tried to erecalloc(0)" msgstr "intern fejl, forsøgte at erecalloc(0)" #: common/atoid.c:78 common/atoid.c:106 common/atomode.c:54 #: compat/strtonum.c:65 compat/strtonum.c:183 msgid "invalid value" msgstr "ugyldig værdi" #: common/atoid.c:85 common/atoid.c:113 common/atomode.c:60 #: compat/strtonum.c:68 compat/strtonum.c:195 msgid "value too large" msgstr "værdi for stor" #: common/atoid.c:91 common/atomode.c:60 compat/strtonum.c:68 #: compat/strtonum.c:189 msgid "value too small" msgstr "værdi for lille" #: common/fatal.c:158 #, c-format msgid "%s: %s: %s\n" msgstr "%s: %s: %s\n" #: common/fatal.c:161 common/fatal.c:165 #, c-format msgid "%s: %s\n" msgstr "%s: %s\n" #: common/gidlist.c:80 src/load_plugins.c:63 src/load_plugins.c:76 #: src/sudo.c:558 src/sudo.c:577 src/sudo.c:599 src/sudo.c:608 src/sudo.c:617 #: src/sudo.c:632 src/sudo.c:679 src/sudo.c:689 #, c-format msgid "%s: %s" msgstr "%s: %s" #: common/sudo_conf.c:177 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "ikke understøttet gruppekilde »%s« i %s, linje %d" #: common/sudo_conf.c:191 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "ugyldige maks grupper »%s« i %s, linje %d" #: common/sudo_conf.c:391 #, c-format msgid "unable to stat %s" msgstr "kan ikke køre stat %s" #: common/sudo_conf.c:394 #, c-format msgid "%s is not a regular file" msgstr "%s er ikke en regulær fil" #: common/sudo_conf.c:397 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s er ejet af uid %u, burde være %u" #: common/sudo_conf.c:401 #, c-format msgid "%s is world writable" msgstr "%s er skrivbar for alle" #: common/sudo_conf.c:404 #, c-format msgid "%s is group writable" msgstr "%s er skrivbar for gruppe" #: common/sudo_conf.c:414 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "kan ikke Ã¥bne %s" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "ukendt signal" #: src/exec.c:133 src/exec_pty.c:744 msgid "policy plugin failed session initialization" msgstr "udvidelsesmodul for politik mislykkedes i sessionsinitialisering" #: src/exec.c:138 src/exec_pty.c:760 src/exec_pty.c:1272 src/tgetpass.c:221 msgid "unable to fork" msgstr "kunne ikke forgrene" #: src/exec.c:309 src/exec.c:317 src/exec.c:841 src/exec_pty.c:507 #: src/exec_pty.c:512 src/exec_pty.c:570 src/exec_pty.c:577 src/exec_pty.c:870 #: src/exec_pty.c:880 src/exec_pty.c:925 src/exec_pty.c:932 #: src/exec_pty.c:1334 src/exec_pty.c:1341 src/exec_pty.c:1348 msgid "unable to add event to queue" msgstr "kan ikke tilføje hændelse til kø" #: src/exec.c:394 msgid "unable to create sockets" msgstr "kunne ikke oprette sokler" #: src/exec.c:477 msgid "error in event loop" msgstr "fejl i hændelsesloop" #: src/exec.c:492 msgid "unable to restore tty label" msgstr "kunne ikke gendanne tty-etiket" #: src/exec_common.c:73 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "kan ikke fjerne PRIV_PROC_EXEC fra PRIV_LIMIT" #: src/exec_pty.c:184 msgid "unable to allocate pty" msgstr "kunne ikke allokere pty" #: src/exec_pty.c:682 src/exec_pty.c:691 src/exec_pty.c:699 #: src/exec_pty.c:1192 src/exec_pty.c:1269 src/signal.c:126 src/tgetpass.c:218 msgid "unable to create pipe" msgstr "kunne ikke oprette datakanal (pipe)" #: src/exec_pty.c:735 msgid "unable to set terminal to raw mode" msgstr "kunne ikke angive terminal til tilstanden rÃ¥ (raw)" #: src/exec_pty.c:1091 msgid "error reading from signal pipe" msgstr "fejl under læsning fra signaldatakanal" #: src/exec_pty.c:1124 msgid "error reading from pipe" msgstr "fejl ved læsning fra datakanal" #: src/exec_pty.c:1149 msgid "error reading from socketpair" msgstr "fejl ved læsning fra socketpair" #: src/exec_pty.c:1158 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "uventet svartype pÃ¥ bagkanal (backchannel): %d" #: src/exec_pty.c:1248 msgid "unable to set controlling tty" msgstr "kunne ikke angive kontrollerende tty" #: src/load_plugins.c:61 src/load_plugins.c:74 src/load_plugins.c:91 #: src/load_plugins.c:144 src/load_plugins.c:150 src/load_plugins.c:156 #: src/load_plugins.c:197 src/load_plugins.c:204 src/load_plugins.c:211 #: src/load_plugins.c:217 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "fejl i %s, linje %d under indlæsning af udvidelsesmodulet »%s«" #: src/load_plugins.c:93 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:152 #, c-format msgid "%s must be owned by uid %d" msgstr "%s skal være ejet af uid %d" # engelsk fejl be dobbelt? #: src/load_plugins.c:158 #, c-format msgid "%s must be only be writable by owner" msgstr "%s mÃ¥ kun være skrivbar for ejeren" #: src/load_plugins.c:199 #, c-format msgid "unable to load %s: %s" msgstr "kunne ikke indlæse %s: %s" #: src/load_plugins.c:206 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "kunne ikke finde symbol »%s« i %s" #: src/load_plugins.c:213 #, c-format msgid "unknown policy type %d found in %s" msgstr "ukendt politiktype %d fundet i %s" #: src/load_plugins.c:219 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "inkompatibelt udvidelsesmodul for hovedversion %d (forventede %d) fundet i %s" #: src/load_plugins.c:228 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "ignorerer politikudvidelsesmodul »%s« i %s, linje %d" #: src/load_plugins.c:230 msgid "only a single policy plugin may be specified" msgstr "kun et udvidelsesmodul for politik mÃ¥ være angivet" #: src/load_plugins.c:233 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "ignorerer duplikat politikudvidelsesmodul »%s« i %s, linje %d" #: src/load_plugins.c:248 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "ignorerer duplikat I/O-udvidelsesmodul »%s« i %s, linje %d" #: src/load_plugins.c:319 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "politikudvidelsesmodulet %s inkluderer ikke en metode for check_policy" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 msgid "load_interfaces: overflow detected" msgstr "load_interfaces: overløb detekteret" #: src/net_ifs.c:226 msgid "unable to open socket" msgstr "kunne ikke Ã¥bne sokkel" #: src/parse_args.c:246 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "argumentet for -C skal være et tal større end eller lig 3" #: src/parse_args.c:408 msgid "you may not specify both the `-i' and `-s' options" msgstr "du kan ikke samtidig angive tilvalgene »-i« og »-s«" #: src/parse_args.c:412 msgid "you may not specify both the `-i' and `-E' options" msgstr "du kan ikke samtidig angive tilvalgende »-i« og »-E«" #: src/parse_args.c:422 msgid "the `-E' option is not valid in edit mode" msgstr "tilvalget »-E« er ikke gyldigt i redigeringstilstand" #: src/parse_args.c:424 msgid "you may not specify environment variables in edit mode" msgstr "du mÃ¥ ikke angive miljøvariabler i redigeringstilstand" #: src/parse_args.c:432 msgid "the `-U' option may only be used with the `-l' option" msgstr "tilvalget »-U« mÃ¥ kun bruges med tilvalget »-l«" #: src/parse_args.c:436 msgid "the `-A' and `-S' options may not be used together" msgstr "tilvalgene »-A« og »-S« mÃ¥ ikke bruges sammen" #: src/parse_args.c:519 msgid "sudoedit is not supported on this platform" msgstr "sudoedit er ikke understøttet pÃ¥ denne platform" #: src/parse_args.c:592 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Kun et af tilvalgene -e, -h, -i, -K, -l, -s, -v eller -V mÃ¥ angives" #: src/parse_args.c:606 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s - rediger filer som en anden bruger\n" "\n" #: src/parse_args.c:608 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s - udfør en kommando som en anden bruger\n" "\n" #: src/parse_args.c:613 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "Tilvalg:\n" #: src/parse_args.c:615 msgid "use a helper program for password prompting" msgstr "brug et hjælpeprogram for indhentelse af adgangskode" #: src/parse_args.c:618 msgid "use specified BSD authentication type" msgstr "brug angivet BSD-godkendelsestype" #: src/parse_args.c:621 msgid "run command in the background" msgstr "kør kommando i baggrunden" #: src/parse_args.c:623 msgid "close all file descriptors >= num" msgstr "luk alle filbeskrivelser >= num" #: src/parse_args.c:626 msgid "run command with the specified BSD login class" msgstr "kør kommando med angivet BSD-logindklasse" #: src/parse_args.c:629 msgid "preserve user environment when running command" msgstr "bevar brugermiljø nÃ¥r kommando udføres" #: src/parse_args.c:631 msgid "edit files instead of running a command" msgstr "rediger filer i stedet for at køre en kommando" #: src/parse_args.c:633 msgid "run command as the specified group name or ID" msgstr "udfør kommando som det angivne gruppenavn eller ID" #: src/parse_args.c:635 msgid "set HOME variable to target user's home dir" msgstr "angiv HOME-variabel til mÃ¥lbrugers hjemmemappe" #: src/parse_args.c:637 msgid "display help message and exit" msgstr "vis hjælpetekst og afslut" #: src/parse_args.c:639 msgid "run command on host (if supported by plugin)" msgstr "kør kommando pÃ¥ vært (hvis understøttet af udvidelsesmodul)" #: src/parse_args.c:641 msgid "run login shell as the target user; a command may also be specified" msgstr "kør en logindskal som mÃ¥lbrugeren; en kommando kan ogsÃ¥ angives" #: src/parse_args.c:643 msgid "remove timestamp file completely" msgstr "fjern tidsstempelfil fuldstændig" #: src/parse_args.c:645 msgid "invalidate timestamp file" msgstr "ugyldiggør tidsstempelfil" #: src/parse_args.c:647 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "vis brugers privilegier eller kontroller en specifik kommando; brug to gange for længere format" #: src/parse_args.c:649 msgid "non-interactive mode, no prompts are used" msgstr "ikkeinteraktiv tilstand, vil ikke spørge bruger" #: src/parse_args.c:651 msgid "preserve group vector instead of setting to target's" msgstr "bevar gruppevektor i stedet for at sætte til mÃ¥lets" #: src/parse_args.c:653 msgid "use the specified password prompt" msgstr "brug angivet logind for adgangskode" #: src/parse_args.c:656 msgid "create SELinux security context with specified role" msgstr "opret SELinux-sikkerhedskontekt med angivet rolle" #: src/parse_args.c:659 msgid "read password from standard input" msgstr "læs adgangskode fra standardinddata" #: src/parse_args.c:661 msgid "run shell as the target user; a command may also be specified" msgstr "kør skal som mÃ¥lbruger; en kommando kan ogsÃ¥ specificeres" #: src/parse_args.c:664 msgid "create SELinux security context with specified type" msgstr "opret SELinux-sikkerhedskontekt med angivet type" #: src/parse_args.c:667 msgid "in list mode, display privileges for user" msgstr "i vis-tilstand, vis privilegier for bruger" #: src/parse_args.c:669 msgid "run command (or edit file) as specified user name or ID" msgstr "kør kommando (eller rediger fil) som angivet brugernavn eller ID" #: src/parse_args.c:671 msgid "display version information and exit" msgstr "vis versionsinformation og afslut" #: src/parse_args.c:673 msgid "update user's timestamp without running a command" msgstr "opdater brugers tidsstempel uden at køre en kommando" #: src/parse_args.c:675 msgid "stop processing command line arguments" msgstr "stop behandling af parametre for kommandolinjen" #: src/selinux.c:77 msgid "unable to open audit system" msgstr "kunne ikke Ã¥bne overvÃ¥gningssystem" #: src/selinux.c:85 msgid "unable to send audit message" msgstr "kunne ikke sende overvÃ¥gningsbesked" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "kunne ikke fgetfilecon %s" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s ændrede etiketter" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "kan ikke gendanne kontekst for %s" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "kan ikke Ã¥bne %s, giver ikke ny etiket til tty" #: src/selinux.c:172 msgid "unable to get current tty context, not relabeling tty" msgstr "kan ikke indhente aktuel tty-kontekst, giver ikke ny etiket til tty" #: src/selinux.c:179 msgid "unable to get new tty context, not relabeling tty" msgstr "kan ikke indhente ny tty-kontekst, giver ikke nyt etiket til tty" #: src/selinux.c:186 msgid "unable to set new tty context" msgstr "kan ikke angive ny tty-kontekst" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "du skal angive en rolle for type %s" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "kan ikke indhente standardtype for rolle %s" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "kunne ikke angive ny rolle %s" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "kunne ikke angive ny type %s" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s er ikke en gyldig kontekst" #: src/selinux.c:324 msgid "failed to get old_context" msgstr "kunne ikke indhente gammel_kontekst (old_context)" #: src/selinux.c:330 msgid "unable to determine enforcing mode." msgstr "kunne ikke bestemme tilstanden gennemtving (enforcing)." #: src/selinux.c:342 #, c-format msgid "unable to set tty context to %s" msgstr "kunne ikke angive tty-kontekst for %s" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "kunne ikke angive kørselskontekt til %s" # engelsk: mangler vist lidt info her tast eller nøgle. mon ikke det er nøgle #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "kunne ikke angive nøgleoprettelseskontekst til %s" #: src/sesh.c:57 msgid "requires at least one argument" msgstr "kræver mindst et argument" #: src/sesh.c:78 src/sudo.c:1088 #, c-format msgid "unable to execute %s" msgstr "kan ikke køre %s" #: src/solaris.c:88 msgid "resource control limit has been reached" msgstr "grænse for ressourcekontrol er nÃ¥et" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "bruger »%s« er ikke medlem af projektet »%s«" #: src/solaris.c:95 msgid "the invoking task is final" msgstr "start af opgave er færdig" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "kunne ikke slutte til projekt »%s«" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "ingen ressourcekø som accepterer standardbindinger findes for projekt »%s«" #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "angivet ressourcekø findes ikke for projekt »%s«" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "kunne ikke binde til standardressourcekø for projekt »%s«" #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "setproject fejlede for projekt »%s«" #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "advarsel, ressourcekontroltildeling fejlede for projekt »%s«" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo version %s\n" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Konfigurationsindstillinger: %s\n" #: src/sudo.c:203 msgid "fatal error, unable to load plugins" msgstr "fatal fejl, kan ikke indlæse udvidelsesmoduler" #: src/sudo.c:211 msgid "unable to initialize policy plugin" msgstr "kan ikke initialisere udvidelsesmodul for politik" #: src/sudo.c:267 #, c-format msgid "error initializing I/O plugin %s" msgstr "fejl under initialisering af I/O-udvidelsesmodulet %s" #: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "uventet sudo-tilstand 0x%x" #: src/sudo.c:413 msgid "unable to get group vector" msgstr "kan ikke indhente gruppevektor" #: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "ukendt uid %u: hvem er du?" #: src/sudo.c:762 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s skal være ejet af uid %d og have setuid bit angivet" #: src/sudo.c:765 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "effektiv uid er ikke %d, er %s pÃ¥ et filsystem med indstillingen »nosuid« angivet eller et NFS-filsytsem uden administratorprivilegier (root)?" #: src/sudo.c:771 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "effektiv uid er ikke %d, er sudo installeret setuid root?" #: src/sudo.c:897 #, c-format msgid "unknown login class %s" msgstr "ukendt logindklasse %s" #: src/sudo.c:910 msgid "unable to set user context" msgstr "kan ikke angive brugerkontekst" #: src/sudo.c:924 msgid "unable to set supplementary group IDs" msgstr "kunne ikke angive supplerende gruppe-id'er" #: src/sudo.c:931 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "kan ikke angive effektiv gid til runas gid %u" #: src/sudo.c:937 #, c-format msgid "unable to set gid to runas gid %u" msgstr "kunne ikke angive gid til runas gid %u" #: src/sudo.c:944 msgid "unable to set process priority" msgstr "kunne ikke angive procesprioritet" #: src/sudo.c:952 #, c-format msgid "unable to change root to %s" msgstr "kunne ikke ændre administrator (root) til %s" #: src/sudo.c:965 src/sudo.c:971 src/sudo.c:977 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "kunne ikke ændre til runas uid (%u, %u)" #: src/sudo.c:994 #, c-format msgid "unable to change directory to %s" msgstr "kunne ikke ændre mappe til %s" #: src/sudo.c:1051 #, c-format msgid "unexpected child termination condition: %d" msgstr "uventet underbetingelse for terminering: %d" #: src/sudo.c:1108 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "politikudvidelsesmodulet %s mangler i metoden »check_policy«" #: src/sudo.c:1121 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "politikudvidelsesmodul %s understøter ikke listning af privilegier" #: src/sudo.c:1133 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "politikudvidelsesmodul %s understøtter ikke tilvalget -v" #: src/sudo.c:1145 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "politikudvidelsesmodul %s understøtter ikke tilvalget -k/-K" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "kunne ikke ændre uid til root (%u)" #: src/sudo_edit.c:142 msgid "plugin error: missing file list for sudoedit" msgstr "fejl i udvidelsesmodul: mangler filliste for sudoedit" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: ikke en regulær fil" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: kort skrivning" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s tilbage uændrede" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s uændrede" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "kan ikke skrive til %s" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "indhold fra redigeringssession tilbage i %s" #: src/sudo_edit.c:314 msgid "unable to read temporary file" msgstr "kan ikke læse midlertidig fil" #: src/tgetpass.c:90 msgid "no tty present and no askpass program specified" msgstr "ingen tty til stede og intet askpass-program angivet" #: src/tgetpass.c:99 msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "intet askpass-program angivet, forsøg at angive SUDO_ASKPASS" #: src/tgetpass.c:232 #, c-format msgid "unable to set gid to %u" msgstr "kan ikke angive gid til %u" #: src/tgetpass.c:236 #, c-format msgid "unable to set uid to %u" msgstr "kan ikke angive uid til %u" #: src/tgetpass.c:241 #, c-format msgid "unable to run %s" msgstr "kan ikke køre %s" #: src/utmp.c:278 msgid "unable to save stdin" msgstr "kan ikke gemme til stdin" #: src/utmp.c:280 msgid "unable to dup2 stdin" msgstr "kan ikke dup2 stdin" #: src/utmp.c:283 msgid "unable to restore stdin" msgstr "kan ikke gendanne stdin" #~ msgid "value out of range" #~ msgstr "værdi uden for interval" #~ msgid "select failed" #~ msgstr "select fejlede" sudo-1.8.9p5/src/po/de.mo010064400175440000012000000436511226304146200145070ustar00millertstaffÞ•¦Lß| ø ù !(&Oav#©Íâ$õ65 ly‚‰ ‘´ÄIÛ%6!E#g8‹Ä3à3H$f'‹{³7/.g –·Ïî &@#Z1~4°*å)>:y#•#¹$Ý$%'%M&s š¨OÂ"65Cl/°)à, ,77d4œ3Ñ/55+k4—.Ì!û >']7…-½ë, .6Ce=© ç+õ"!7D&|*£2Î)5+>a » Òó&!6Xn#‡«ÃØí '56&l“1®"à%;Wmƒ/¡ Ñò % A R g „ +¢ Î ï !!()!R!p!%!"µ!Ø!ø!"+"(="f"*|"(§"Ð"ê""#$#,A#1n#+ #%Ì#!ò#)$>$Q$<a$2ž$2Ñ$6%#;%¨_% '.'3C'w'(•'¾'Û'=ù'#7([(*q($œ(MÁ())()/) 7)C)]) z)N›)ê)û)(*)7*Ra*.´*=ã*8!+Z+(u+3ž+‹Ò+G^,<¦,/ã,-!.-"P-0s-/¤-+Ô-<.E=.Mƒ.8Ñ.1 /N45]4;“45Ï4B55H5&~5%¥5!Ë5,í5Z6@u6 ¶6G×607MP7Iž7è74ÿ7.48Ec84©82Þ8E93W9=‹99É9!: %:/F:0v:;§:.ã:*;(=;1f;1˜;:Ê;"<5(<0^<<Z®<: =(D=Vm=3Ä= ø=C>.]>$Œ>-±>,ß>: ?9G?=?5¿?7õ?"-@/P@2€@0³@=ä@:"A)]A3‡AF»A2B-5B:cB4žB.ÓB)C),C)VCK€C"ÌC6ïC2&DYDvD0•D ÆD8çDF E2gE-šE$ÈE5íE"#F FFNTFE£FEéFC/G5sG2WUt4—D={S)ƒ.!?ENApydŸ @‚Ž5’•\ „Pc›kqz‘<œ£e¥'Z”€H9r*`jLT[šBv¤;XgamI3‹Qu ^(#M  hC%o>0‰…F¦+‡KG] s: f,1"bOJV~$Y¢8/7|“˜†&_–-i¡}wl6nˆŠxŒžR™ Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: %s %s: %s: %s %s: not a regular file%s: short writeConfigure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= numcontents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified rolecreate SELinux security context with specified typedisplay help message and exitdisplay version information and exitedit files instead of running a commandeffective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error in %s, line %d while loading plugin `%s'error initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairfailed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsignoring duplicate I/O plugin `%s' in %s, line %dignoring duplicate policy plugin `%s' in %s, line %dignoring policy plugin `%s' in %s, line %din list mode, display privileges for userincompatible plugin major version %d (expected %d) found in %sinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalid max groups `%s' in %s, line %dinvalid valueinvalidate timestamp filelist user's privileges or check a specific command; use twice for longer formatload_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, no prompts are usedonly a single policy plugin may be specifiedplugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin %s is missing the `check_policy' methodpolicy plugin failed session initializationpreserve group vector instead of setting to target'spreserve user environment when running commandread password from standard inputremove timestamp file completelyrequires at least one argumentresource control limit has been reachedrun command (or edit file) as specified user name or IDrun command as the specified group name or IDrun command in the backgroundrun command on host (if supported by plugin)run command with the specified BSD login classrun login shell as the target user; a command may also be specifiedrun shell as the target user; a command may also be specifiedselect failedset HOME variable to target user's home dirsetproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line argumentssudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dlopen %s: %sunable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to find symbol `%s' in %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set tty context to %sunable to set uid to %uunable to set user contextunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown policy type %d found in %sunknown uid %u: who are you?unsupported group source `%s' in %s, line %dupdate user's timestamp without running a commanduse a helper program for password promptinguse specified BSD authentication typeuse the specified password promptuser "%s" is not a member of project "%s"value out of rangevalue too largewarning, resource control assignment failed for project "%s"you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo 1.8.8b3 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-09-03 14:44-0600 PO-Revision-Date: 2013-10-23 23:00+0200 Last-Translator: Jakob Kramer Language-Team: German Language: de MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); Optionen: %s - Dateien als anderer Benutzer verändern %s - Einen Befehl als anderer Benutzer ausführen %s änderte die Kennzeichnung%s kann von der Gruppe verändert werden%s ist keine reguläre Datei%s ist kein gültiger Kontext%s gehört Benutzer mit UID %u, sollte allerdings %u gehören%s kann von allen verändert werden%s blieb unverändert%s darf nur vom Besitzer beschreibbar sein%s muss Benutzer mit UID %d gehören%s muss dem Benutzer mit UID %d gehören und das »setuid«-Bit gesetzt haben%s unverändert%s%s: %s%s: %s%s: %s %s: %s: %s %s: Keine reguläre Datei%s: Zu kurzer SchreibvorgangOptionen für »configure«: %s Nur eine der Optionen -e, -h, -i, -K, -l, -s, -v oder -V darf angegeben werdenSudo-Version %s Unbekanntes SignalAlle Dateideskriptoren >= num schließenBearbeitungssitzung wurden in %s gelassenEs konnte nicht zum Standard-Ressourcen-Pool für Projekt »%s« verbunden werden.Projekt »%s« konnte nicht beigetreten werdenSELinux-Sicherheitskontext mit angegebener Funktion erstellenSELinux-Sicherheitskontext mit angegebenem Typ erstellenHilfe ausgeben und beendenVersionsinformation anzeigen und beendenDateien bearbeiten, statt einen Befehl auszuführenEffektive UID ist nicht %d. Liegt %s auf einem Dateisystem mit gesetzter »nosuid«-Option oder auf einem NFS-Dateisystem ohne Root-Rechte?Effektive UID ist nicht %d. Wurde sudo mit »setuid root« installiert?Fehler in %s, Zeile %d, während Plugin »%s« geladen wurdeE/A-Plugin %s konnte nicht initialisiert werdenFehler beim Lesen der PipeFehler beim Lesen der Signal-PipeFehler beim Lesen des Socket-Paars»old_context« konnte nicht wiedergeholt werdenNeue Funktion %s konnte nicht festgelegt werdenNeuer Typ %s konnte nicht festgelegt werdenSchwerwiegender Fehler, Plugins konnten nicht geladen werdenDoppelt vorhandenes E/A-Plugin »%s« in %s, Zeile %d, wird ignoriertDoppelt vorhandenes Regelswerks-Plugin »%s« in %s, Zeile %d, wird ignoriertRegelwerks-Plugin »%s« in %s, Zeile %d, wird ignoriertim Aufzählungsmodus, Rechte des Nutzers anzeigenInkompatible Hauptversion %d des Regelwerks (%d erwartet) wurde in %s gefundenInterner Fehler: %s-ÜberlaufInterner Fehler: Es wurde versucht, ecalloc(0) auszuführenInterner Fehler: Es wurde versucht, emalloc(0) auszuführenInterner Fehler: Es wurde versucht, emalloc2(0) auszuführenInterner Fehler: Es wurde versucht, erealloc(0) auszuführenInterner Fehler: Es wurde versucht, erealloc3(0) auszuführenInterner Fehler: Es wurde versucht, erecalloc(0) auszuführenUngültige Maximalzahl an Gruppen »%s« in %s, Zeile %dungültiger WertZeitstempeldatei ungültig machenBenutzerrechte aufzählen oder einen bestimmten Befehl testen; für ein längeres Format zweimal angebenload_interfaces: Überlauf entdecktKein »askpass«-Programm angegeben, es wird versucht, SUDO_ASKPASS zu setzenFür Projekt »%s« gibt es keinen Ressourcen-Pool, der die Standardanbindungen unterstützt.Kein TTY vorhanden und kein »askpass«-Programm angegebenNicht-interaktiver Modus, es werden keine Prompts verwendetNur ein einziges Regelwerks-Plugin kann geladen werdenPlugin-Fehler: Fehlende Dateiliste für sudoeditDas Regelwerks-Plugin %s enthält keine check_policy-MethodeRegelwerks-Plugin %s unterstützt das Auflisten von Privilegien nichtRegelwerks-Plugin %s unterstützt die Optionen -k und -K nichtRegelwerks-Plugin %s unterstützt die Option -v nichtDem Regelwerks-Plugin %s fehlt die »check_policy«-MethodeRegelwerks-Plugin konnte Sitzung nicht initialisierenGruppen-Vektor beibehalten, statt zu dem des Zielnutzers zu setzenBenutzerumgebung beim Starten des Befehls beibehaltenPasswort von der Standardeingabe lesenZeitstempeldateien komplett entfernenBenötigt mindestens ein ArgumentLimit der Ressourcenkontrolle wurde erreichtBefehl oder Datei unter angegebenem Benutzernamen oder Benutzer-ID ausführen bzw. ändernBefehl unter angegebenem Gruppennamen oder Gruppen-ID ausführenBefehl im Hintergrund ausführenBefehl auf entferntem System ausführen (falls vom Plugin unterstützt)Befehl unter angegebener Login-Klasse ausführenAnmeldeshell als Zielnutzer starten; es kann auch ein Befehl angegeben werdenShell als Zielnutzer ausführen; es kann auch ein Befehl angegeben werden»select« schlug fehlHOME-Variable als Home-Ordner des Zielnutzers setzen»setproject« schlug für Projekt »%s« fehlDen angegebenen Ressourcen-Pool gibt es für das Projekt »%s« nichtAufhören, die Befehlszeilenargumente zu verarbeitensudoedit ist auf dieser Plattform nicht verfügbarDie Optionen »-A« und »-S« können nicht gemeinsam benutzt werdenDie Option »-E« ist im Bearbeiten-Modus ungültigDie »-U«-Option kann nur zusammen mit »-l« benutzt werdenDas Argument für -C muss eine Zahl größergleich 3 seinDer aufrufende Prozess ist fertigPTY konnte nicht vergeben werdenIn Ordner »%s« konnte nicht gewechselt werdenWurzelordner konnte nicht zu %s geändert werdenEs konnte nicht zu »runas«-GID gewechselt werden (%u, %u)UID konnte nicht zu Root (%u) geändert werdenWeiterleitung konnte nicht erstellt werdenSockets konnten nicht hergestellt werden»Enforcing«-Modus konnte nicht bestimmt werden.dlopen konnte nicht auf %s ausgeführt werden: %sdup2 konnte nicht auf die Standardeingabe angewandt werden%s konnte nicht ausgeführt werden»fgetfilecon« konnte nicht auf %s angewendet werdenSymbol »%s« konnte in %s nicht gefunden werdenEs konnte nicht geforkt werdenAktueller TTY-Kontext konnte nicht festgestellt werden, TTY wird nicht neu gekennzeichnet.Standardtyp für Funktion %s konnte nicht ermittelt werdenGruppenvektor konnte nicht geholt werdenNeuer TTY-Kontext konnte nicht festgestellt werden, TTY wird nicht neu gekennzeichnet.Regelwerks-Plugin konnte nicht initialisiert werden%s konnte nicht geöffnet werden%s konnte nicht geöffnet werden, TTY wird nicht neu gekennzeichnetDas Audit-System konnte nicht geöffnet werdenSocket konnte nicht geöffnet werdenNutzerdatenbank konnte nicht geöffnet werdenTemporäre Datei konnte nicht gelesen werdenPRIV_PROC_EXEC konnte nicht von PRIV_LIMIT entfernt werdenDer Kontext für %s konnte nicht wiederhergestellt werdenRegistrierungsdatenbank konnte nicht wiederhergestellt werdenStandardeingabe konnte nicht wiederhergestellt werdenTTY-Kennzeichnung konnte nicht wiederhergestellt werden%s konnte nicht ausgeführt werdenStandardeingabe konnte nicht gespeichert werdenDie Audit-Nachricht konnte nicht verschickt werdenKontrollierendes TTY konnte nicht gesetzt werdenEffektive GID konnte nicht zu »runas«-GID %u gesetzt werdenAusführungskontext konnte nicht auf »%s« gesetzt werdenGID konnte nicht als %u festgelegt werdenGID konnte nicht zu »runas«-GID %u gesetzt werdenKontext der Schüsselerstellung konnte nicht auf %s festgelegt werden.Neuer TTY-Kontext konnte nicht festgestellt werdenProzesspriorität konnte nicht gesetzt werdenZusätzliche Gruppenkennungen konnten nicht gesetzt werdenTerminal konnte nicht in den Rohmodus gesetzt werdenTTY-Kontext konnte nicht auf %s gesetzt werdenUID konnte nicht als %u festgelegt werdenNutzerkontext konnte nicht gesetzt werdenstat konnte nicht auf %s angewandt werdenEs konnte nicht zur Registrierungsdatenbank »%s« von %s gewechselt werden%s konnte nicht beschrieben werdenUnerwartete Abbruchsbedingung eines Unterprozesses: %dUnerwarteter Antworttyp auf Rückmeldungskanal: %dUnerwarteter sudo-Modus 0x%xUnbekannte Anmeldungsklasse %sUnbekannter Regelwerktyp %d wurde in %s gefundenUnbekannte UID %u: Wer sind Sie?Nicht unterstützte Gruppenquelle »%s« in %s, Zeile %dDen Zeitstempel des Benutzers erneuern, ohne einen Befehl auszuführenHilfsprogramm zum Eingeben des Passworts verwendenAngegebenen BSD-Legitimierungstypen verwendenAngegebenen Passwort-Prompt benutzenBenutzer »%s« ist kein Mitglied des Projekts »%s«Wert liegt außerhalb des BereichsWert zu großWarnung: Ressourcenkontrolle von Projekt »%s« konnte nicht zugewiesen werdenDie Optionen »-i« und »-E« können nicht gemeinsam benutzt werdenDie Optionen »-i« und »-s« können nicht gemeinsam benutzt werdenIm Bearbeiten-Modus können keine Umgebungsvariablen gesetzt werdenFür den Typen %s muss eine Funktion angegeben werdensudo-1.8.9p5/src/po/de.po010064400175440000012000000575241226304126300145150ustar00millertstaff# German translation for sudo. # This file is distributed under the same license as the sudo package. # Jakob Kramer , 2012, 2013. # Mario Blättermann , 2012. # msgid "" msgstr "" "Project-Id-Version: sudo 1.8.8b3\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-09-03 14:44-0600\n" "PO-Revision-Date: 2013-10-23 23:00+0200\n" "Last-Translator: Jakob Kramer \n" "Language-Team: German \n" "Language: de\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: common/aix.c:150 #, c-format msgid "unable to open userdb" msgstr "Nutzerdatenbank konnte nicht geöffnet werden" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "Es konnte nicht zur Registrierungsdatenbank »%s« von %s gewechselt werden" #: common/aix.c:170 #, c-format msgid "unable to restore registry" msgstr "Registrierungsdatenbank konnte nicht wiederhergestellt werden" #: common/alloc.c:81 msgid "internal error, tried to emalloc(0)" msgstr "Interner Fehler: Es wurde versucht, emalloc(0) auszuführen" #: common/alloc.c:98 msgid "internal error, tried to emalloc2(0)" msgstr "Interner Fehler: Es wurde versucht, emalloc2(0) auszuführen" #: common/alloc.c:100 common/alloc.c:122 common/alloc.c:162 common/alloc.c:186 #, c-format msgid "internal error, %s overflow" msgstr "Interner Fehler: %s-Überlauf" #: common/alloc.c:119 msgid "internal error, tried to ecalloc(0)" msgstr "Interner Fehler: Es wurde versucht, ecalloc(0) auszuführen" #: common/alloc.c:141 msgid "internal error, tried to erealloc(0)" msgstr "Interner Fehler: Es wurde versucht, erealloc(0) auszuführen" #: common/alloc.c:160 msgid "internal error, tried to erealloc3(0)" msgstr "Interner Fehler: Es wurde versucht, erealloc3(0) auszuführen" #: common/alloc.c:184 msgid "internal error, tried to erecalloc(0)" msgstr "Interner Fehler: Es wurde versucht, erecalloc(0) auszuführen" #: common/atoid.c:77 common/atoid.c:99 src/sudo.c:561 src/sudo.c:586 #: src/sudo.c:694 src/sudo.c:710 msgid "invalid value" msgstr "ungültiger Wert" #: common/atoid.c:84 src/sudo.c:565 src/sudo.c:590 src/sudo.c:698 #: src/sudo.c:714 msgid "value out of range" msgstr "Wert liegt außerhalb des Bereichs" #: common/atoid.c:105 msgid "value too large" msgstr "Wert zu groß" #: common/fatal.c:154 #, c-format msgid "%s: %s: %s\n" msgstr "%s: %s: %s\n" #: common/fatal.c:157 common/fatal.c:161 #, c-format msgid "%s: %s\n" msgstr "%s: %s\n" #: common/gidlist.c:80 src/load_plugins.c:72 src/sudo.c:561 src/sudo.c:565 #: src/sudo.c:586 src/sudo.c:590 src/sudo.c:613 src/sudo.c:622 src/sudo.c:631 #: src/sudo.c:646 src/sudo.c:694 src/sudo.c:698 src/sudo.c:710 src/sudo.c:714 #, c-format msgid "%s: %s" msgstr "%s: %s" #: common/sudo_conf.c:176 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "Nicht unterstützte Gruppenquelle »%s« in %s, Zeile %d" #: common/sudo_conf.c:190 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "Ungültige Maximalzahl an Gruppen »%s« in %s, Zeile %d" #: common/sudo_conf.c:394 #, c-format msgid "unable to stat %s" msgstr "stat konnte nicht auf %s angewandt werden" #: common/sudo_conf.c:397 #, c-format msgid "%s is not a regular file" msgstr "%s ist keine reguläre Datei" #: common/sudo_conf.c:400 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s gehört Benutzer mit UID %u, sollte allerdings %u gehören" #: common/sudo_conf.c:404 #, c-format msgid "%s is world writable" msgstr "%s kann von allen verändert werden" #: common/sudo_conf.c:407 #, c-format msgid "%s is group writable" msgstr "%s kann von der Gruppe verändert werden" #: common/sudo_conf.c:417 src/selinux.c:196 src/selinux.c:209 src/sudo.c:329 #, c-format msgid "unable to open %s" msgstr "%s konnte nicht geöffnet werden" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Unbekanntes Signal" #: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "Regelwerks-Plugin konnte Sitzung nicht initialisieren" #: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:221 #, c-format msgid "unable to fork" msgstr "Es konnte nicht geforkt werden" #: src/exec.c:259 #, c-format msgid "unable to create sockets" msgstr "Sockets konnten nicht hergestellt werden" #: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "»select« schlug fehl" #: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "TTY-Kennzeichnung konnte nicht wiederhergestellt werden" #: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "PRIV_PROC_EXEC konnte nicht von PRIV_LIMIT entfernt werden" #: src/exec_pty.c:183 #, c-format msgid "unable to allocate pty" msgstr "PTY konnte nicht vergeben werden" #: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 #: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:218 #, c-format msgid "unable to create pipe" msgstr "Weiterleitung konnte nicht erstellt werden" #: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" msgstr "Terminal konnte nicht in den Rohmodus gesetzt werden" #: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "Kontrollierendes TTY konnte nicht gesetzt werden" #: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "Fehler beim Lesen der Signal-Pipe" #: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "Fehler beim Lesen der Pipe" #: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "Fehler beim Lesen des Socket-Paars" #: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "Unerwarteter Antworttyp auf Rückmeldungskanal: %d" #: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 #: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 #: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "Fehler in %s, Zeile %d, während Plugin »%s« geladen wurde" #: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "%s muss Benutzer mit UID %d gehören" #: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "%s darf nur vom Besitzer beschreibbar sein" #: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "dlopen konnte nicht auf %s ausgeführt werden: %s" #: src/load_plugins.c:194 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "Symbol »%s« konnte in %s nicht gefunden werden" #: src/load_plugins.c:201 #, c-format msgid "unknown policy type %d found in %s" msgstr "Unbekannter Regelwerktyp %d wurde in %s gefunden" #: src/load_plugins.c:207 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "Inkompatible Hauptversion %d des Regelwerks (%d erwartet) wurde in %s gefunden" #: src/load_plugins.c:216 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "Regelwerks-Plugin »%s« in %s, Zeile %d, wird ignoriert" #: src/load_plugins.c:218 #, c-format msgid "only a single policy plugin may be specified" msgstr "Nur ein einziges Regelwerks-Plugin kann geladen werden" #: src/load_plugins.c:221 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "Doppelt vorhandenes Regelswerks-Plugin »%s« in %s, Zeile %d, wird ignoriert" #: src/load_plugins.c:236 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "Doppelt vorhandenes E/A-Plugin »%s« in %s, Zeile %d, wird ignoriert" #: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "Das Regelwerks-Plugin %s enthält keine check_policy-Methode" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: Überlauf entdeckt" #: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "Socket konnte nicht geöffnet werden" #: src/parse_args.c:246 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "Das Argument für -C muss eine Zahl größergleich 3 sein" #: src/parse_args.c:408 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "Die Optionen »-i« und »-s« können nicht gemeinsam benutzt werden" #: src/parse_args.c:412 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "Die Optionen »-i« und »-E« können nicht gemeinsam benutzt werden" #: src/parse_args.c:422 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "Die Option »-E« ist im Bearbeiten-Modus ungültig" #: src/parse_args.c:424 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "Im Bearbeiten-Modus können keine Umgebungsvariablen gesetzt werden" #: src/parse_args.c:432 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "Die »-U«-Option kann nur zusammen mit »-l« benutzt werden" #: src/parse_args.c:436 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "Die Optionen »-A« und »-S« können nicht gemeinsam benutzt werden" #: src/parse_args.c:519 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit ist auf dieser Plattform nicht verfügbar" #: src/parse_args.c:592 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Nur eine der Optionen -e, -h, -i, -K, -l, -s, -v oder -V darf angegeben werden" #: src/parse_args.c:606 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s - Dateien als anderer Benutzer verändern\n" "\n" #: src/parse_args.c:608 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s - Einen Befehl als anderer Benutzer ausführen\n" "\n" #: src/parse_args.c:613 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "Optionen:\n" #: src/parse_args.c:615 msgid "use a helper program for password prompting" msgstr "Hilfsprogramm zum Eingeben des Passworts verwenden" #: src/parse_args.c:618 msgid "use specified BSD authentication type" msgstr "Angegebenen BSD-Legitimierungstypen verwenden" #: src/parse_args.c:621 msgid "run command in the background" msgstr "Befehl im Hintergrund ausführen" #: src/parse_args.c:623 msgid "close all file descriptors >= num" msgstr "Alle Dateideskriptoren >= num schließen" #: src/parse_args.c:626 msgid "run command with the specified BSD login class" msgstr "Befehl unter angegebener Login-Klasse ausführen" #: src/parse_args.c:629 msgid "preserve user environment when running command" msgstr "Benutzerumgebung beim Starten des Befehls beibehalten" #: src/parse_args.c:631 msgid "edit files instead of running a command" msgstr "Dateien bearbeiten, statt einen Befehl auszuführen" #: src/parse_args.c:633 msgid "run command as the specified group name or ID" msgstr "Befehl unter angegebenem Gruppennamen oder Gruppen-ID ausführen" #: src/parse_args.c:635 msgid "set HOME variable to target user's home dir" msgstr "HOME-Variable als Home-Ordner des Zielnutzers setzen" #: src/parse_args.c:637 msgid "display help message and exit" msgstr "Hilfe ausgeben und beenden" #: src/parse_args.c:639 msgid "run command on host (if supported by plugin)" msgstr "Befehl auf entferntem System ausführen (falls vom Plugin unterstützt)" #: src/parse_args.c:641 msgid "run login shell as the target user; a command may also be specified" msgstr "Anmeldeshell als Zielnutzer starten; es kann auch ein Befehl angegeben werden" #: src/parse_args.c:643 msgid "remove timestamp file completely" msgstr "Zeitstempeldateien komplett entfernen" #: src/parse_args.c:645 msgid "invalidate timestamp file" msgstr "Zeitstempeldatei ungültig machen" #: src/parse_args.c:647 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "Benutzerrechte aufzählen oder einen bestimmten Befehl testen; für ein längeres Format zweimal angeben" #: src/parse_args.c:649 msgid "non-interactive mode, no prompts are used" msgstr "Nicht-interaktiver Modus, es werden keine Prompts verwendet" #: src/parse_args.c:651 msgid "preserve group vector instead of setting to target's" msgstr "Gruppen-Vektor beibehalten, statt zu dem des Zielnutzers zu setzen" #: src/parse_args.c:653 msgid "use the specified password prompt" msgstr "Angegebenen Passwort-Prompt benutzen" #: src/parse_args.c:656 msgid "create SELinux security context with specified role" msgstr "SELinux-Sicherheitskontext mit angegebener Funktion erstellen" #: src/parse_args.c:659 msgid "read password from standard input" msgstr "Passwort von der Standardeingabe lesen" #: src/parse_args.c:661 msgid "run shell as the target user; a command may also be specified" msgstr "Shell als Zielnutzer ausführen; es kann auch ein Befehl angegeben werden" #: src/parse_args.c:664 msgid "create SELinux security context with specified type" msgstr "SELinux-Sicherheitskontext mit angegebenem Typ erstellen" #: src/parse_args.c:667 msgid "in list mode, display privileges for user" msgstr "im Aufzählungsmodus, Rechte des Nutzers anzeigen" #: src/parse_args.c:669 msgid "run command (or edit file) as specified user name or ID" msgstr "Befehl oder Datei unter angegebenem Benutzernamen oder Benutzer-ID ausführen bzw. ändern" #: src/parse_args.c:671 msgid "display version information and exit" msgstr "Versionsinformation anzeigen und beenden" #: src/parse_args.c:673 msgid "update user's timestamp without running a command" msgstr "Den Zeitstempel des Benutzers erneuern, ohne einen Befehl auszuführen" #: src/parse_args.c:675 msgid "stop processing command line arguments" msgstr "Aufhören, die Befehlszeilenargumente zu verarbeiten" #: src/selinux.c:77 #, c-format msgid "unable to open audit system" msgstr "Das Audit-System konnte nicht geöffnet werden" #: src/selinux.c:85 #, c-format msgid "unable to send audit message" msgstr "Die Audit-Nachricht konnte nicht verschickt werden" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "»fgetfilecon« konnte nicht auf %s angewendet werden" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s änderte die Kennzeichnung" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "Der Kontext für %s konnte nicht wiederhergestellt werden" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "%s konnte nicht geöffnet werden, TTY wird nicht neu gekennzeichnet" #: src/selinux.c:172 #, c-format msgid "unable to get current tty context, not relabeling tty" msgstr "" "Aktueller TTY-Kontext konnte nicht festgestellt werden, TTY wird nicht neu\n" "gekennzeichnet." #: src/selinux.c:179 #, c-format msgid "unable to get new tty context, not relabeling tty" msgstr "" "Neuer TTY-Kontext konnte nicht festgestellt werden, TTY wird nicht neu\n" "gekennzeichnet." #: src/selinux.c:186 #, c-format msgid "unable to set new tty context" msgstr "Neuer TTY-Kontext konnte nicht festgestellt werden" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "Für den Typen %s muss eine Funktion angegeben werden" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "Standardtyp für Funktion %s konnte nicht ermittelt werden" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "Neue Funktion %s konnte nicht festgelegt werden" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "Neuer Typ %s konnte nicht festgelegt werden" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s ist kein gültiger Kontext" #: src/selinux.c:324 #, c-format msgid "failed to get old_context" msgstr "»old_context« konnte nicht wiedergeholt werden" #: src/selinux.c:330 #, c-format msgid "unable to determine enforcing mode." msgstr "»Enforcing«-Modus konnte nicht bestimmt werden." #: src/selinux.c:342 #, c-format msgid "unable to set tty context to %s" msgstr "TTY-Kontext konnte nicht auf %s gesetzt werden" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "Ausführungskontext konnte nicht auf »%s« gesetzt werden" #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "Kontext der Schüsselerstellung konnte nicht auf %s festgelegt werden." #: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "Benötigt mindestens ein Argument" #: src/sesh.c:78 src/sudo.c:1114 #, c-format msgid "unable to execute %s" msgstr "%s konnte nicht ausgeführt werden" #: src/solaris.c:88 #, c-format msgid "resource control limit has been reached" msgstr "Limit der Ressourcenkontrolle wurde erreicht" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "Benutzer »%s« ist kein Mitglied des Projekts »%s«" #: src/solaris.c:95 #, c-format msgid "the invoking task is final" msgstr "Der aufrufende Prozess ist fertig" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "Projekt »%s« konnte nicht beigetreten werden" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "Für Projekt »%s« gibt es keinen Ressourcen-Pool, der die Standardanbindungen unterstützt." #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "Den angegebenen Ressourcen-Pool gibt es für das Projekt »%s« nicht" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "Es konnte nicht zum Standard-Ressourcen-Pool für Projekt »%s« verbunden werden." #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "»setproject« schlug für Projekt »%s« fehl" #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "Warnung: Ressourcenkontrolle von Projekt »%s« konnte nicht zugewiesen werden" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo-Version %s\n" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Optionen für »configure«: %s\n" #: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" msgstr "Schwerwiegender Fehler, Plugins konnten nicht geladen werden" #: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" msgstr "Regelwerks-Plugin konnte nicht initialisiert werden" #: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "E/A-Plugin %s konnte nicht initialisiert werden" #: src/sudo.c:294 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "Unerwarteter sudo-Modus 0x%x" #: src/sudo.c:414 #, c-format msgid "unable to get group vector" msgstr "Gruppenvektor konnte nicht geholt werden" #: src/sudo.c:466 #, c-format msgid "unknown uid %u: who are you?" msgstr "Unbekannte UID %u: Wer sind Sie?" #: src/sudo.c:788 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s muss dem Benutzer mit UID %d gehören und das »setuid«-Bit gesetzt haben" #: src/sudo.c:791 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "Effektive UID ist nicht %d. Liegt %s auf einem Dateisystem mit gesetzter »nosuid«-Option oder auf einem NFS-Dateisystem ohne Root-Rechte?" #: src/sudo.c:797 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "Effektive UID ist nicht %d. Wurde sudo mit »setuid root« installiert?" #: src/sudo.c:923 #, c-format msgid "unknown login class %s" msgstr "Unbekannte Anmeldungsklasse %s" #: src/sudo.c:936 #, c-format msgid "unable to set user context" msgstr "Nutzerkontext konnte nicht gesetzt werden" #: src/sudo.c:950 #, c-format msgid "unable to set supplementary group IDs" msgstr "Zusätzliche Gruppenkennungen konnten nicht gesetzt werden" #: src/sudo.c:957 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "Effektive GID konnte nicht zu »runas«-GID %u gesetzt werden" #: src/sudo.c:963 #, c-format msgid "unable to set gid to runas gid %u" msgstr "GID konnte nicht zu »runas«-GID %u gesetzt werden" #: src/sudo.c:970 #, c-format msgid "unable to set process priority" msgstr "Prozesspriorität konnte nicht gesetzt werden" #: src/sudo.c:978 #, c-format msgid "unable to change root to %s" msgstr "Wurzelordner konnte nicht zu %s geändert werden" #: src/sudo.c:991 src/sudo.c:997 src/sudo.c:1003 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "Es konnte nicht zu »runas«-GID gewechselt werden (%u, %u)" #: src/sudo.c:1020 #, c-format msgid "unable to change directory to %s" msgstr "In Ordner »%s« konnte nicht gewechselt werden" #: src/sudo.c:1077 #, c-format msgid "unexpected child termination condition: %d" msgstr "Unerwartete Abbruchsbedingung eines Unterprozesses: %d" #: src/sudo.c:1134 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "Dem Regelwerks-Plugin %s fehlt die »check_policy«-Methode" #: src/sudo.c:1147 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "Regelwerks-Plugin %s unterstützt das Auflisten von Privilegien nicht" #: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "Regelwerks-Plugin %s unterstützt die Option -v nicht" #: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "Regelwerks-Plugin %s unterstützt die Optionen -k und -K nicht" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "UID konnte nicht zu Root (%u) geändert werden" #: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "Plugin-Fehler: Fehlende Dateiliste für sudoedit" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: Keine reguläre Datei" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: Zu kurzer Schreibvorgang" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s blieb unverändert" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s unverändert" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "%s konnte nicht beschrieben werden" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "Bearbeitungssitzung wurden in %s gelassen" #: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "Temporäre Datei konnte nicht gelesen werden" #: src/tgetpass.c:90 #, c-format msgid "no tty present and no askpass program specified" msgstr "Kein TTY vorhanden und kein »askpass«-Programm angegeben" #: src/tgetpass.c:99 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "Kein »askpass«-Programm angegeben, es wird versucht, SUDO_ASKPASS zu setzen" #: src/tgetpass.c:232 #, c-format msgid "unable to set gid to %u" msgstr "GID konnte nicht als %u festgelegt werden" #: src/tgetpass.c:236 #, c-format msgid "unable to set uid to %u" msgstr "UID konnte nicht als %u festgelegt werden" #: src/tgetpass.c:241 #, c-format msgid "unable to run %s" msgstr "%s konnte nicht ausgeführt werden" #: src/utmp.c:278 #, c-format msgid "unable to save stdin" msgstr "Standardeingabe konnte nicht gespeichert werden" #: src/utmp.c:280 #, c-format msgid "unable to dup2 stdin" msgstr "dup2 konnte nicht auf die Standardeingabe angewandt werden" #: src/utmp.c:283 #, c-format msgid "unable to restore stdin" msgstr "Standardeingabe konnte nicht wiederhergestellt werden" sudo-1.8.9p5/src/po/eo.mo010064400175440000012000000405571226304146200145240ustar00millertstaffÞ•§Tߌ  !(6_q†Ÿ#¹Ýò$*6E |‰’™ ¡­ÄÔIë5F!U#w8›Ô3ð3$X$v'›{Ã7?.w¦ ºÛó0Jd#~1¢4Ô* )4>^#¹#Ý$$&%K%q&— ¾ÌOæ"66YC/Ô),.,[7ˆ4À3õ/)5Y+4».ð! Ab'7©-á,-.ZC‰=Í+ "77Z&’*¹2ä)5A>w¶Ñî &&B!i‹¡#ºÞó !B5Q&‡®1É"û4%Flˆž´/Ò  # > V r ƒ ˜ µ +Ó ÿ  !!8!(Z!ƒ!¡!%À!"æ! ")"A"\"(n"—"*­"(Ø"##"2#U#,r#1Ÿ#+Ñ#%ý#!#$)E$o$$<$2Ì$2ÿ$62%#i%Ã% Q')_'*‰'´'#Ê'î' ()&(P(l(‚(¢(FÂ( ))"))) 1)=)S)i)>€)¿)Ð)+á)% *53* i*4Š*4¿*"ô*#+.;+j+Fì+33,g,+ƒ,¯, Æ,#ç, -!&-!H--j-A˜-BÚ-5.1S.C….É.#è.# /$0/$U/%z/$ /0Å/ö/$0b+0%Ž0A´0Kö08B1){1-¥19Ó1= 2<K2=ˆ25Æ2?ü22<3/o35Ÿ3Õ3$ó3 4!94?[4?›4Û4?ó4335Hg5<°5Cí5(160Z6)‹6/µ6"å6/7%870^77(¯7Ø7!ï7"8.48*c8Ž8¢8&½8ä8ü89"09S95b9+˜9Ä92ä9(:@:[:*p:!›:½:&Û:!;/$;$T;y;˜;²;Ñ;è;< <5@<%v<œ<4¹<-î<$=$A=1f=/˜=$È=í=! >,>-A>o>0…>-¶>ä>?&?D?-c?E‘?$×?"ü?@):@d@w@8@&Æ@&í@6A#KA3XVt5˜E>^|T€*„/!@FOBpze  Aƒ6“–\ …Qdœqv{’=¤f¦(Z•‡I:r+`kMU[›Cw¥<žhamJ4ŒRu ¢1‚)#N iD%o?&ІG§,ˆLH] sŽ; g-2"bPKW$Y£908}”™'_‘—.j¡~xl7n‰‹ycŸSš Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: %s %s: %s: %s %s: not a regular file%s: short writeConfigure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= numcontents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified rolecreate SELinux security context with specified typedisplay help message and exitdisplay version information and exitedit files instead of running a commandeffective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error in %s, line %d while loading plugin `%s'error in event looperror initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairfailed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsignoring duplicate I/O plugin `%s' in %s, line %dignoring duplicate policy plugin `%s' in %s, line %dignoring policy plugin `%s' in %s, line %din list mode, display privileges for userincompatible plugin major version %d (expected %d) found in %sinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalid max groups `%s' in %s, line %dinvalid valueinvalidate timestamp filelist user's privileges or check a specific command; use twice for longer formatload_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, no prompts are usedonly a single policy plugin may be specifiedplugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin %s is missing the `check_policy' methodpolicy plugin failed session initializationpreserve group vector instead of setting to target'spreserve user environment when running commandread password from standard inputremove timestamp file completelyrequires at least one argumentresource control limit has been reachedrun command (or edit file) as specified user name or IDrun command as the specified group name or IDrun command in the backgroundrun command on host (if supported by plugin)run command with the specified BSD login classrun login shell as the target user; a command may also be specifiedrun shell as the target user; a command may also be specifiedset HOME variable to target user's home dirsetproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line argumentssudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to add event to queueunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to find symbol `%s' in %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to load %s: %sunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set tty context to %sunable to set uid to %uunable to set user contextunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown policy type %d found in %sunknown uid %u: who are you?unsupported group source `%s' in %s, line %dupdate user's timestamp without running a commanduse a helper program for password promptinguse specified BSD authentication typeuse the specified password promptuser "%s" is not a member of project "%s"value too largevalue too smallwarning, resource control assignment failed for project "%s"you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo 1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-11 13:41-0700 PO-Revision-Date: 2013-12-30 09:29-0300 Last-Translator: Felipe Castro Language-Team: Esperanto Language: eo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); X-Generator: Poedit 1.5.4 Parametroj: %s - redakti dosierojn kiel alia uzanto %s - plenumigi komandon kiel alia uzanto %s ÅanÄis etikedojn%s estas skribebla de la tuta grupo%s estas ne regula dosiero%s ne estas valida kunteksto%s estas estrata de uid %u, devas esti %u%s estas skribebla de ĉiuj%s restas ne modifita%s estas skribebla nur de estro%s devas esti estrita de uid %d%s devas esti estrita de uid %d kaj la setuid-bito devas esti elektita%s ne ÅanÄita%s%s: %s%s: %s%s: %s %s: %s: %s %s: ne regula dosiero%s: mallonga skribadoMuntaj parametroj: %s Vi rajtas specifi nur unu el -e, -h, -i, -K, -l, -s, -v aÅ­ -VSudo: eldono %s Nekonata signalofermi ĉiujn dosierpriskribilojn >= numeronenhavo de redakta seanco restas en %sne eblis bindi al aprioran rimedujo por projekto "%s"ne eblis aliÄi al projekto "%s"krei SELinux-sekurecan kuntekston kun specifita rolokrei SELinux-sekurecan kuntekston kun specifita roloelmontri helpan mesaÄon kaj elirielmontri eldonan informon kaj eliriredakti dosierojn anstataÅ­ plenumigi komandonefektiva uid ne estas %d; ĉu %s estas en dosiersistemo kun la elekto 'nosuid' aÅ­ reta dosiersistemo sen ĉefuzanto-privilegioj?efektiva uid ne estas %d; ĉu sudo estas instalita kiel setuid-radiko?eraro en %s, linio %d dum Åargi kromprogramon `%s'eraro en la eventa iteracioeraro dum komenci eneligan kromprogramon %seraro dum legi el tuboeraro dum legi la signalan tuboneraro dum legi la konektingan paronmalsukcesis je old_contextmalsukcesis elekti novan rolon %smalsukcesis elekti novan tipon %sĉesiga eraro: ne eblas Åargi kromprogramojnignoranta duobligitan eneligan kromprogramon `%s' en %s, linio %dignoranta duobligantan kondutan kromprogramon `%s' en %s, linio %dignoranta kondutan kromprogramon `%s' en %s, linio %den lista reÄimo elmontri privilegiojn por uzantomalkongrua granda eldono %d de kromprogramo (estu %d) trovita en %sinterna eraro, superfluo en %sinterna eraro, provis je ecalloc(0)interna eraro, provis je emalloc(0)interna eraro, provis je emalloc2(0)interna eraro, provis je erealloc(0)interna eraro, provis je erealloc3(0)interna eraro, provis je erealloc(0)nevalidaj maksimumaj grupoj '%s' en %s, linio %dnevalida valoroeksvalidigi tempo-indikilan dosieronlistigi privilegiojn de la uzanto aÅ­ kontroli specifan komandon; uzu dufoje por pli longa formatoload_interfaces: superfluo malkovritaneniu pasvorto-programo specifita, provi valorizi SUDO_ASKPASS-onneniu rimedujo akceptanta aÅ­tomatajn bindaĵojn ekzistas por projekto "%s"neniu tty ĉeestas kaj neniu pasvorto-programo specifitaneinteraga reÄimo, ne demandos al uzantonur unu konduta kromprogramo eblas specifiÄikromprograma eraro: malhavas dosieran liston por sudoeditkonduta kromprogramo %s ne inkluzivas la metodon check_policykonduta kromprogramo %s ne komprenas listigon de privilegiojkonduta kromprogramo %s ne komprenas la parametrojn -k kaj -Kkonduta kromprogramo %s ne komprenas la parametron -vkonduta kromprogramo %s ne inkluzivas la metodon `check_policy'konduta kromprogramo fiaskis dum seanca komenciÄokonservi grupan vektoron anstataÅ­ elekti celankonservi uzanto-medivariablojn dum plenumigi komandonlegi pasvorton el norma enigotute forigi tempo-indikilan dosieronpostulas almenaÅ­ unu parametronrimedo-rega limigo estis atingitaplenumigi komandon (aÅ­ redakti dosieron) kiel specifita uzantoplenumigi komandon kiel la specifitan grupnomon aÅ­ identigilonplenumigi komandon foneplenumigi komandon en gastiganto (se permesata de kromprogramo)plenumigi komandon per specifita BSD-ensaluta klasoplenumigi ensalutan Åelon kiel celan uzanton; komando ankaÅ­ enmeteblasplenumigi Åelon kiel cela uzanto; komando ankaÅ­ specifeblavalorizi medivariablon HOME je la hejma dosierujo de la cela uzantosetproject malsukcesis por projekto "%s"specifita rimedujo ne ekzistas por projekto "%s"ĉesigi procedi komandliniajn parametrojnsudoedit ne estas havebla en ĉi tiu platformon'-A' kaj '-S' ne eblas uziÄi kunela parametro '-E' ne validas en redakta reÄimola parametro '-U' ne validas kun '-l'la parametro de -C devas esti nombron almenaÅ­ 3la voka tasko estas nenuligeblane eblas aldoni al la atendovico eventonne eblis generi pty-onne eblas ÅanÄi dosierujon al %sne eblas ÅanÄi ĉefuzanton al %sne eblas ÅanÄi al plenumigkiela uid (%u, %u)ne eblas ÅanÄi uid-on al ĉefuzanto (%u)ne eblas krei tubonne eblas krei konektingojnne povas determini eldevigan reÄimon.ne eblas kopii al enigone eblas plenumigi: %sne eblas voki fgetfilecon %sne eblas trovi simbolon `%s' en %sne eblas forkine eblas akiri aktualan tty-kuntekston, ne remarkantane eblas akiri aÅ­tomatan tipon por rolo %sne eblas elekti grupan vektoronne eblas akiri novan tty-kuntekston, ne remarkantane eblas komenci konduktan kromprogramonmaleblas ÅarÄi je %s: %sne eblas malfermi %sne eblas malfermi %s, ne remarkanta tty-onne eblas malfermi aÅ­dan sistemonne eblas malfermi konektingonne eblas malfermi la uzanto-datumbazonne eblas legi provizoran dosieronne eblas forigi PRIV_PROC_EXEC-on de PRIV_LIMITne eblas restarigi kuntekston por %sne eblas restarigi registrejonne eblas restarigi enigonne eblis reatingi tty-etikedonne eblas plenumigi: %sne eblas konservi enigonne eblas sendi aÅ­dan mesaÄonne eblas elekti la regan tty-onne eblas elekti efikan gid-on al plenumigkiela gid %une eblas elekti exec-kuntekston al %sne eblas elekti gid-on al %une eblas elekti gid-on kiel plenumigkielan gid-on %une eblas elekti Ålosilkrean kuntekston al %sne eblas elekti novan tty-kuntekstonne eblas elekti procezan prioritatonne eblas elekti suplementajn grupajn identigilojnne eblas elekti nudan reÄimon ĉe la terminalone eblas agordi tty-kuntekston al %sne eblas elekti uid-on al %une eblas elekti uzanto-kuntekstonne eblas trovi je %sne eblas ÅanÄiÄi al registrejo "%s" por %sne eblas skribi al %sneatendita ido ekzekutiÄis laÅ­ la kondiĉo: %dneatendita respondotipo ĉe la postkanalo: %dneatendita sudo-reÄimon 0x%xnekonata ensaluta klaso %snekonata konduta tipo %d trovita en %snekonata uid %u: kiu vi estas?nekomprenata grupa fonto `%s' en %s, linio %dÄisdatigi la tempo-indikilon de la uzanto, sed ne plenumigi komandonuzi helpoprogrogramon por pasvortilouzi specifitan BSD-konstatan tiponuzi specifitan pasvortilonuzanto "%s" ne estas ano de projekto "%s"valoro tro grandasvaloro tro malgrandasaverto, rimedo-rega asigno malsukcesis por projekto "%s"vi ne rajtas specifi kaj '-i' kaj '-E'vi ne rajtas specifi kaj '-i' kaj '-s'vi ne rajtas specifi medivariablojn en redakta reÄimovi devas specifi rolon por tipon %ssudo-1.8.9p5/src/po/eo.po010064400175440000012000000556531226304126400145320ustar00millertstaff# Esperanto translations for sudo package. # This file is put in the public domain. # Felipe Castro , 2013. # msgid "" msgstr "" "Project-Id-Version: sudo 1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-11 13:41-0700\n" "PO-Revision-Date: 2013-12-30 09:29-0300\n" "Last-Translator: Felipe Castro \n" "Language-Team: Esperanto \n" "Language: eo\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Poedit 1.5.4\n" #: common/aix.c:93 common/aix.c:150 msgid "unable to open userdb" msgstr "ne eblas malfermi la uzanto-datumbazon" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "ne eblas ÅanÄiÄi al registrejo \"%s\" por %s" #: common/aix.c:170 msgid "unable to restore registry" msgstr "ne eblas restarigi registrejon" #: common/alloc.c:81 msgid "internal error, tried to emalloc(0)" msgstr "interna eraro, provis je emalloc(0)" #: common/alloc.c:98 msgid "internal error, tried to emalloc2(0)" msgstr "interna eraro, provis je emalloc2(0)" #: common/alloc.c:100 common/alloc.c:122 common/alloc.c:162 common/alloc.c:185 #, c-format msgid "internal error, %s overflow" msgstr "interna eraro, superfluo en %s" #: common/alloc.c:119 msgid "internal error, tried to ecalloc(0)" msgstr "interna eraro, provis je ecalloc(0)" #: common/alloc.c:141 msgid "internal error, tried to erealloc(0)" msgstr "interna eraro, provis je erealloc(0)" #: common/alloc.c:160 msgid "internal error, tried to erealloc3(0)" msgstr "interna eraro, provis je erealloc3(0)" #: common/alloc.c:183 msgid "internal error, tried to erecalloc(0)" msgstr "interna eraro, provis je erealloc(0)" #: common/atoid.c:78 common/atoid.c:106 common/atomode.c:54 #: compat/strtonum.c:65 compat/strtonum.c:183 msgid "invalid value" msgstr "nevalida valoro" #: common/atoid.c:85 common/atoid.c:113 common/atomode.c:60 #: compat/strtonum.c:68 compat/strtonum.c:195 msgid "value too large" msgstr "valoro tro grandas" #: common/atoid.c:91 common/atomode.c:60 compat/strtonum.c:68 #: compat/strtonum.c:189 msgid "value too small" msgstr "valoro tro malgrandas" #: common/fatal.c:158 #, c-format msgid "%s: %s: %s\n" msgstr "%s: %s: %s\n" #: common/fatal.c:161 common/fatal.c:165 #, c-format msgid "%s: %s\n" msgstr "%s: %s\n" #: common/gidlist.c:80 src/load_plugins.c:63 src/load_plugins.c:76 #: src/sudo.c:558 src/sudo.c:577 src/sudo.c:599 src/sudo.c:608 src/sudo.c:617 #: src/sudo.c:632 src/sudo.c:679 src/sudo.c:689 #, c-format msgid "%s: %s" msgstr "%s: %s" #: common/sudo_conf.c:177 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "nekomprenata grupa fonto `%s' en %s, linio %d" #: common/sudo_conf.c:191 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "nevalidaj maksimumaj grupoj '%s' en %s, linio %d" #: common/sudo_conf.c:391 #, c-format msgid "unable to stat %s" msgstr "ne eblas trovi je %s" #: common/sudo_conf.c:394 #, c-format msgid "%s is not a regular file" msgstr "%s estas ne regula dosiero" #: common/sudo_conf.c:397 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s estas estrata de uid %u, devas esti %u" #: common/sudo_conf.c:401 #, c-format msgid "%s is world writable" msgstr "%s estas skribebla de ĉiuj" #: common/sudo_conf.c:404 #, c-format msgid "%s is group writable" msgstr "%s estas skribebla de la tuta grupo" #: common/sudo_conf.c:414 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "ne eblas malfermi %s" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Nekonata signalo" #: src/exec.c:133 src/exec_pty.c:744 msgid "policy plugin failed session initialization" msgstr "konduta kromprogramo fiaskis dum seanca komenciÄo" #: src/exec.c:138 src/exec_pty.c:760 src/exec_pty.c:1272 src/tgetpass.c:221 msgid "unable to fork" msgstr "ne eblas forki" #: src/exec.c:309 src/exec.c:317 src/exec.c:841 src/exec_pty.c:507 #: src/exec_pty.c:512 src/exec_pty.c:570 src/exec_pty.c:577 src/exec_pty.c:870 #: src/exec_pty.c:880 src/exec_pty.c:925 src/exec_pty.c:932 #: src/exec_pty.c:1334 src/exec_pty.c:1341 src/exec_pty.c:1348 msgid "unable to add event to queue" msgstr "ne eblas aldoni al la atendovico eventon" #: src/exec.c:394 msgid "unable to create sockets" msgstr "ne eblas krei konektingojn" #: src/exec.c:477 msgid "error in event loop" msgstr "eraro en la eventa iteracio" #: src/exec.c:492 msgid "unable to restore tty label" msgstr "ne eblis reatingi tty-etikedon" #: src/exec_common.c:73 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "ne eblas forigi PRIV_PROC_EXEC-on de PRIV_LIMIT" #: src/exec_pty.c:184 msgid "unable to allocate pty" msgstr "ne eblis generi pty-on" #: src/exec_pty.c:682 src/exec_pty.c:691 src/exec_pty.c:699 #: src/exec_pty.c:1192 src/exec_pty.c:1269 src/signal.c:126 src/tgetpass.c:218 msgid "unable to create pipe" msgstr "ne eblas krei tubon" #: src/exec_pty.c:735 msgid "unable to set terminal to raw mode" msgstr "ne eblas elekti nudan reÄimon ĉe la terminalo" #: src/exec_pty.c:1091 msgid "error reading from signal pipe" msgstr "eraro dum legi la signalan tubon" #: src/exec_pty.c:1124 msgid "error reading from pipe" msgstr "eraro dum legi el tubo" #: src/exec_pty.c:1149 msgid "error reading from socketpair" msgstr "eraro dum legi la konektingan paron" #: src/exec_pty.c:1158 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "neatendita respondotipo ĉe la postkanalo: %d" #: src/exec_pty.c:1248 msgid "unable to set controlling tty" msgstr "ne eblas elekti la regan tty-on" #: src/load_plugins.c:61 src/load_plugins.c:74 src/load_plugins.c:91 #: src/load_plugins.c:144 src/load_plugins.c:150 src/load_plugins.c:156 #: src/load_plugins.c:197 src/load_plugins.c:204 src/load_plugins.c:211 #: src/load_plugins.c:217 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "eraro en %s, linio %d dum Åargi kromprogramon `%s'" #: src/load_plugins.c:93 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:152 #, c-format msgid "%s must be owned by uid %d" msgstr "%s devas esti estrita de uid %d" #: src/load_plugins.c:158 #, c-format msgid "%s must be only be writable by owner" msgstr "%s estas skribebla nur de estro" #: src/load_plugins.c:199 #, c-format msgid "unable to load %s: %s" msgstr "maleblas ÅarÄi je %s: %s" #: src/load_plugins.c:206 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "ne eblas trovi simbolon `%s' en %s" #: src/load_plugins.c:213 #, c-format msgid "unknown policy type %d found in %s" msgstr "nekonata konduta tipo %d trovita en %s" #: src/load_plugins.c:219 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "malkongrua granda eldono %d de kromprogramo (estu %d) trovita en %s" #: src/load_plugins.c:228 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "ignoranta kondutan kromprogramon `%s' en %s, linio %d" #: src/load_plugins.c:230 msgid "only a single policy plugin may be specified" msgstr "nur unu konduta kromprogramo eblas specifiÄi" #: src/load_plugins.c:233 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "ignoranta duobligantan kondutan kromprogramon `%s' en %s, linio %d" #: src/load_plugins.c:248 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "ignoranta duobligitan eneligan kromprogramon `%s' en %s, linio %d" #: src/load_plugins.c:319 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "konduta kromprogramo %s ne inkluzivas la metodon check_policy" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 msgid "load_interfaces: overflow detected" msgstr "load_interfaces: superfluo malkovrita" #: src/net_ifs.c:226 msgid "unable to open socket" msgstr "ne eblas malfermi konektingon" #: src/parse_args.c:246 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "la parametro de -C devas esti nombron almenaÅ­ 3" #: src/parse_args.c:408 msgid "you may not specify both the `-i' and `-s' options" msgstr "vi ne rajtas specifi kaj '-i' kaj '-s'" #: src/parse_args.c:412 msgid "you may not specify both the `-i' and `-E' options" msgstr "vi ne rajtas specifi kaj '-i' kaj '-E'" #: src/parse_args.c:422 msgid "the `-E' option is not valid in edit mode" msgstr "la parametro '-E' ne validas en redakta reÄimo" #: src/parse_args.c:424 msgid "you may not specify environment variables in edit mode" msgstr "vi ne rajtas specifi medivariablojn en redakta reÄimo" #: src/parse_args.c:432 msgid "the `-U' option may only be used with the `-l' option" msgstr "la parametro '-U' ne validas kun '-l'" #: src/parse_args.c:436 msgid "the `-A' and `-S' options may not be used together" msgstr "'-A' kaj '-S' ne eblas uziÄi kune" #: src/parse_args.c:519 msgid "sudoedit is not supported on this platform" msgstr "sudoedit ne estas havebla en ĉi tiu platformon" #: src/parse_args.c:592 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Vi rajtas specifi nur unu el -e, -h, -i, -K, -l, -s, -v aÅ­ -V" #: src/parse_args.c:606 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s - redakti dosierojn kiel alia uzanto\n" "\n" #: src/parse_args.c:608 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s - plenumigi komandon kiel alia uzanto\n" "\n" #: src/parse_args.c:613 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "Parametroj:\n" #: src/parse_args.c:615 msgid "use a helper program for password prompting" msgstr "uzi helpoprogrogramon por pasvortilo" #: src/parse_args.c:618 msgid "use specified BSD authentication type" msgstr "uzi specifitan BSD-konstatan tipon" #: src/parse_args.c:621 msgid "run command in the background" msgstr "plenumigi komandon fone" #: src/parse_args.c:623 msgid "close all file descriptors >= num" msgstr "fermi ĉiujn dosierpriskribilojn >= numeron" #: src/parse_args.c:626 msgid "run command with the specified BSD login class" msgstr "plenumigi komandon per specifita BSD-ensaluta klaso" #: src/parse_args.c:629 msgid "preserve user environment when running command" msgstr "konservi uzanto-medivariablojn dum plenumigi komandon" #: src/parse_args.c:631 msgid "edit files instead of running a command" msgstr "redakti dosierojn anstataÅ­ plenumigi komandon" #: src/parse_args.c:633 msgid "run command as the specified group name or ID" msgstr "plenumigi komandon kiel la specifitan grupnomon aÅ­ identigilon" #: src/parse_args.c:635 msgid "set HOME variable to target user's home dir" msgstr "valorizi medivariablon HOME je la hejma dosierujo de la cela uzanto" #: src/parse_args.c:637 msgid "display help message and exit" msgstr "elmontri helpan mesaÄon kaj eliri" #: src/parse_args.c:639 msgid "run command on host (if supported by plugin)" msgstr "plenumigi komandon en gastiganto (se permesata de kromprogramo)" #: src/parse_args.c:641 msgid "run login shell as the target user; a command may also be specified" msgstr "plenumigi ensalutan Åelon kiel celan uzanton; komando ankaÅ­ enmeteblas" #: src/parse_args.c:643 msgid "remove timestamp file completely" msgstr "tute forigi tempo-indikilan dosieron" #: src/parse_args.c:645 msgid "invalidate timestamp file" msgstr "eksvalidigi tempo-indikilan dosieron" #: src/parse_args.c:647 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "listigi privilegiojn de la uzanto aÅ­ kontroli specifan komandon; uzu dufoje por pli longa formato" #: src/parse_args.c:649 msgid "non-interactive mode, no prompts are used" msgstr "neinteraga reÄimo, ne demandos al uzanto" #: src/parse_args.c:651 msgid "preserve group vector instead of setting to target's" msgstr "konservi grupan vektoron anstataÅ­ elekti celan" #: src/parse_args.c:653 msgid "use the specified password prompt" msgstr "uzi specifitan pasvortilon" #: src/parse_args.c:656 msgid "create SELinux security context with specified role" msgstr "krei SELinux-sekurecan kuntekston kun specifita rolo" #: src/parse_args.c:659 msgid "read password from standard input" msgstr "legi pasvorton el norma enigo" #: src/parse_args.c:661 msgid "run shell as the target user; a command may also be specified" msgstr "plenumigi Åelon kiel cela uzanto; komando ankaÅ­ specifebla" #: src/parse_args.c:664 msgid "create SELinux security context with specified type" msgstr "krei SELinux-sekurecan kuntekston kun specifita rolo" #: src/parse_args.c:667 msgid "in list mode, display privileges for user" msgstr "en lista reÄimo elmontri privilegiojn por uzanto" #: src/parse_args.c:669 msgid "run command (or edit file) as specified user name or ID" msgstr "plenumigi komandon (aÅ­ redakti dosieron) kiel specifita uzanto" #: src/parse_args.c:671 msgid "display version information and exit" msgstr "elmontri eldonan informon kaj eliri" #: src/parse_args.c:673 msgid "update user's timestamp without running a command" msgstr "Äisdatigi la tempo-indikilon de la uzanto, sed ne plenumigi komandon" #: src/parse_args.c:675 msgid "stop processing command line arguments" msgstr "ĉesigi procedi komandliniajn parametrojn" #: src/selinux.c:77 msgid "unable to open audit system" msgstr "ne eblas malfermi aÅ­dan sistemon" #: src/selinux.c:85 msgid "unable to send audit message" msgstr "ne eblas sendi aÅ­dan mesaÄon" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "ne eblas voki fgetfilecon %s" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s ÅanÄis etikedojn" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "ne eblas restarigi kuntekston por %s" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "ne eblas malfermi %s, ne remarkanta tty-on" #: src/selinux.c:172 msgid "unable to get current tty context, not relabeling tty" msgstr "ne eblas akiri aktualan tty-kuntekston, ne remarkanta" #: src/selinux.c:179 msgid "unable to get new tty context, not relabeling tty" msgstr "ne eblas akiri novan tty-kuntekston, ne remarkanta" #: src/selinux.c:186 msgid "unable to set new tty context" msgstr "ne eblas elekti novan tty-kuntekston" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "vi devas specifi rolon por tipon %s" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "ne eblas akiri aÅ­tomatan tipon por rolo %s" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "malsukcesis elekti novan rolon %s" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "malsukcesis elekti novan tipon %s" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s ne estas valida kunteksto" #: src/selinux.c:324 msgid "failed to get old_context" msgstr "malsukcesis je old_context" #: src/selinux.c:330 msgid "unable to determine enforcing mode." msgstr "ne povas determini eldevigan reÄimon." #: src/selinux.c:342 #, c-format msgid "unable to set tty context to %s" msgstr "ne eblas agordi tty-kuntekston al %s" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "ne eblas elekti exec-kuntekston al %s" #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "ne eblas elekti Ålosilkrean kuntekston al %s" #: src/sesh.c:57 msgid "requires at least one argument" msgstr "postulas almenaÅ­ unu parametron" #: src/sesh.c:78 src/sudo.c:1088 #, c-format msgid "unable to execute %s" msgstr "ne eblas plenumigi: %s" #: src/solaris.c:88 msgid "resource control limit has been reached" msgstr "rimedo-rega limigo estis atingita" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "uzanto \"%s\" ne estas ano de projekto \"%s\"" #: src/solaris.c:95 msgid "the invoking task is final" msgstr "la voka tasko estas nenuligebla" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "ne eblis aliÄi al projekto \"%s\"" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "neniu rimedujo akceptanta aÅ­tomatajn bindaĵojn ekzistas por projekto \"%s\"" #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "specifita rimedujo ne ekzistas por projekto \"%s\"" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "ne eblis bindi al aprioran rimedujo por projekto \"%s\"" #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "setproject malsukcesis por projekto \"%s\"" #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "averto, rimedo-rega asigno malsukcesis por projekto \"%s\"" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo: eldono %s\n" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Muntaj parametroj: %s\n" #: src/sudo.c:203 msgid "fatal error, unable to load plugins" msgstr "ĉesiga eraro: ne eblas Åargi kromprogramojn" #: src/sudo.c:211 msgid "unable to initialize policy plugin" msgstr "ne eblas komenci konduktan kromprogramon" #: src/sudo.c:267 #, c-format msgid "error initializing I/O plugin %s" msgstr "eraro dum komenci eneligan kromprogramon %s" #: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "neatendita sudo-reÄimon 0x%x" #: src/sudo.c:413 msgid "unable to get group vector" msgstr "ne eblas elekti grupan vektoron" #: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "nekonata uid %u: kiu vi estas?" #: src/sudo.c:762 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s devas esti estrita de uid %d kaj la setuid-bito devas esti elektita" #: src/sudo.c:765 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "efektiva uid ne estas %d; ĉu %s estas en dosiersistemo kun la elekto 'nosuid' aÅ­ reta dosiersistemo sen ĉefuzanto-privilegioj?" #: src/sudo.c:771 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "efektiva uid ne estas %d; ĉu sudo estas instalita kiel setuid-radiko?" #: src/sudo.c:897 #, c-format msgid "unknown login class %s" msgstr "nekonata ensaluta klaso %s" #: src/sudo.c:910 msgid "unable to set user context" msgstr "ne eblas elekti uzanto-kuntekston" #: src/sudo.c:924 msgid "unable to set supplementary group IDs" msgstr "ne eblas elekti suplementajn grupajn identigilojn" #: src/sudo.c:931 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "ne eblas elekti efikan gid-on al plenumigkiela gid %u" #: src/sudo.c:937 #, c-format msgid "unable to set gid to runas gid %u" msgstr "ne eblas elekti gid-on kiel plenumigkielan gid-on %u" #: src/sudo.c:944 msgid "unable to set process priority" msgstr "ne eblas elekti procezan prioritaton" #: src/sudo.c:952 #, c-format msgid "unable to change root to %s" msgstr "ne eblas ÅanÄi ĉefuzanton al %s" #: src/sudo.c:965 src/sudo.c:971 src/sudo.c:977 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "ne eblas ÅanÄi al plenumigkiela uid (%u, %u)" #: src/sudo.c:994 #, c-format msgid "unable to change directory to %s" msgstr "ne eblas ÅanÄi dosierujon al %s" #: src/sudo.c:1051 #, c-format msgid "unexpected child termination condition: %d" msgstr "neatendita ido ekzekutiÄis laÅ­ la kondiĉo: %d" #: src/sudo.c:1108 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "konduta kromprogramo %s ne inkluzivas la metodon `check_policy'" #: src/sudo.c:1121 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "konduta kromprogramo %s ne komprenas listigon de privilegioj" #: src/sudo.c:1133 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "konduta kromprogramo %s ne komprenas la parametron -v" #: src/sudo.c:1145 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "konduta kromprogramo %s ne komprenas la parametrojn -k kaj -K" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "ne eblas ÅanÄi uid-on al ĉefuzanto (%u)" #: src/sudo_edit.c:142 msgid "plugin error: missing file list for sudoedit" msgstr "kromprograma eraro: malhavas dosieran liston por sudoedit" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: ne regula dosiero" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: mallonga skribado" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s restas ne modifita" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s ne ÅanÄita" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "ne eblas skribi al %s" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "enhavo de redakta seanco restas en %s" #: src/sudo_edit.c:314 msgid "unable to read temporary file" msgstr "ne eblas legi provizoran dosieron" #: src/tgetpass.c:90 msgid "no tty present and no askpass program specified" msgstr "neniu tty ĉeestas kaj neniu pasvorto-programo specifita" #: src/tgetpass.c:99 msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "neniu pasvorto-programo specifita, provi valorizi SUDO_ASKPASS-on" #: src/tgetpass.c:232 #, c-format msgid "unable to set gid to %u" msgstr "ne eblas elekti gid-on al %u" #: src/tgetpass.c:236 #, c-format msgid "unable to set uid to %u" msgstr "ne eblas elekti uid-on al %u" #: src/tgetpass.c:241 #, c-format msgid "unable to run %s" msgstr "ne eblas plenumigi: %s" #: src/utmp.c:278 msgid "unable to save stdin" msgstr "ne eblas konservi enigon" #: src/utmp.c:280 msgid "unable to dup2 stdin" msgstr "ne eblas kopii al enigo" #: src/utmp.c:283 msgid "unable to restore stdin" msgstr "ne eblas restarigi enigon" #~ msgid "value out of range" #~ msgstr "valoro ne en permesata skalo" #~ msgid "select failed" #~ msgstr "elekto malsukcesis" #~ msgid "unknown user: %s" #~ msgstr "nekonata uzanto: %s" #~ msgid "list user's available commands\n" #~ msgstr "listigi disponeblajn komandojn de uzanto\n" #~ msgid "run a shell as target user\n" #~ msgstr "plenumigi Åelon kiel cela uzanto\n" #~ msgid "when listing, list specified user's privileges\n" #~ msgstr "dum listigo, listigi privilegiojn de specifita uzanto\n" #~ msgid "unable to allocate memory" #~ msgstr "ne eblas generi memoron" #~ msgid ": " #~ msgstr ": " #~ msgid "internal error, emalloc2() overflow" #~ msgstr "interna eraro, emalloc2() superfluo" #~ msgid "internal error, erealloc3() overflow" #~ msgstr "interna eraro, erealloc3() superfluo" #~ msgid "%s: at least one policy plugin must be specified" #~ msgstr "%s: almenaÅ­ unu konduku devas esti specifita" #~ msgid "must be setuid root" #~ msgstr "devas esti ĉefuzanto setuid" sudo-1.8.9p5/src/po/es.mo010064400175440000012000000407631226304146200145270ustar00millertstaffÞ•¢,ß< ¸ ¹ !Ä (æ !6O#i¢$µÚ6õ ,9BI Q]t„I›åö!#'8K„4 Õ%ô({C7¿.÷ &G_~'œÄÞø#164h*>È###G$k$%µ%Û&(C"c6†C½/+1,],Š7·4ï3$/X5ˆ+¾5ê1 "R!u—'¶!Þ-J'i ‘-Ÿ"Í7ð'(*P2{)®5Ø>Mh  &¼!ã#4Xp…š ³Ô5ã&@1["°%Âè0/N ~ŸºÒîÿ1+O {œ!´(Öÿ %< "b …  "¸ Û (í !*,!(W!€!š!"±!Ô!ñ!,"2/"*b"&"´")Ó"<ý"/:#2j#2#6Ð##$Ù+$ &'&+9&e&|&š&¶&%Ó&ù&'7%' ]'B~'Á'Ð'Ù'à' è'ó'($(PD(•(§(/º(4ê(P)"p)@“)%Ô).ú)-)*‹W*?ã*1#+*U+€+,+Ê+.æ+,#3,"W,+z,6¦,<Ý,2-aM-#¯- Ó- ô-!.!7."Y."|.0Ÿ.Ð.+ì.)/EB/Tˆ/7Ý/+04A09v0=°0<î08+13d1@˜1<Ù1>2@U2-–2*Ä2ï233?B3?‚3DÂ3$4B,4o4<‚4)¿4Aé4:+5/f5<–51Ó5665<6!r6”6$¬6 Ñ6(ò6#7?7Z7,t7¡7»7Ø7ð7/ 8;8EP86–8&Í8Dô8.99h9/|9-¬9Ú9ö9$:34:)h:!’:´:&Ð:÷:;();)R;@|;5½;"ó;7<=N<)Œ<.¶<4å<2="M=.p=.Ÿ=Î=,å=>.->3\>>)ª>1Ô>$?+?1C?7u??­?5í? #@/D@It@F¾@AAAGA?‰A)ÉA1†š 3“B„w{(ˆ—nCW?l@`œ >~O4Ž‘ RN_gmv\ŸQa€Œ&˜Vu.F8e*f–KLrž=Tc]ŠJG2‡q ƒZ¡'"b0kA$<-U…D¢+Ij™XEYi o‰9 },SP^MHdz#p;7/6x”|%[‹’!: ys›h5‚)t• Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: %s %s: %s: %s %s: not a regular file%s: short writeConfigure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= fd contents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified role display help message and exit display version information and exit edit files instead of running a command effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error in %s, line %d while loading plugin `%s'error initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairexecute command as the specified group failed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsignoring duplicate I/O plugin `%s' in %s, line %dignoring duplicate policy plugin `%s' in %s, line %dignoring policy plugin `%s' in %s, line %dincompatible plugin major version %d (expected %d) found in %sinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalid max groups `%s' in %s, line %dinvalidate timestamp file list user's available commands load_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, will not prompt user only a single policy plugin may be specifiedplugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin %s is missing the `check_policy' methodpolicy plugin failed session initializationpreserve group vector instead of setting to target's preserve user environment when executing command read password from standard input remove timestamp file completely requires at least one argumentresource control limit has been reachedrun a login shell as target user run a shell as target user run command (or edit file) as specified user run command in the background run command with specified login class select failedset HOME variable to target user's home dir. setproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line arguments sudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dlopen %s: %sunable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to find symbol `%s' in %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set uid to %uunable to set user contextunable to setup tty context for %sunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown policy type %d found in %sunknown uid %u: who are you?unknown user: %sunsupported group source `%s' in %s, line %dupdate user's timestamp without running a command use helper program for password prompting use specified BSD authentication type use specified password prompt user "%s" is not a member of project "%s"warning, resource control assignment failed for project "%s"when listing, list specified user's privileges you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo 1.8.7b1 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-04-02 10:40-0400 PO-Revision-Date: 2013-07-01 15:57-0300 Last-Translator: Abel Sendón Language-Team: Spanish Language: es MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Generator: Lokalize 1.4 Plural-Forms: nplurals=1; plural=0; X-Poedit-Language: Spanish X-Poedit-Country: ARGENTINA Opciones: %s - edita archivos como otro usuario %s - ejecuta un comando como otro usuario %s etiquetas cambiadas%s es escribible por el grupo%s no es un archivo regular%s no es un contexto válido%s es adueñado por uid %u, sería %u%s es escribible por todos%s sin modificar%s sólo tener permisos de escritura por el propietario%s debe ser propiedad del uid %d%s debe ser propiedad del uid %d y tener el bit setuid establecido%s sin cambios%s%s: %s%s: %s%s: %s %s:%s: %s %s: no es un archivo regular%s: escritura cortaOpciones de configuración: %s puede ser especificada sólo una de las opciones -e, -h, -i, -K, -l, -s, -v o -VSudo versión %s Señal desconocidacierra todos los descriptores de archivo >= fd los contenidos de edición de sesión se dejan en %sno se podría enlazar al fondo de recursos predeterminado para el proyecto "%s" no podría unirse al proyecto "%s"crea el contexto de seguridad SELinux con la regla especificada muestra este mensaje de ayuda y sale muestra la información de la versión y sale edita archivos en vez de ejecutar un comando el uid no es %d, es %s en un sistema de archivos con la opción 'nosuid' establecida o un sistema de archivos NFS sin privilegios de root?el uid efectivo no es %d, sudo está instalado con setuid root?error en %s, línea %d mientras carga plugin `%s'error al inicializar los plugins de E/S %serror al leer de la tuberíaerror al leer desde la tubería de la señalerror leyendo de socketpairejecuta un comando como el grupo especificado falló al obtener old_contextfalló al establecer nueva regla %sfalló al establecer nuevo tipo %serror fatal, no se puede cargar los pluginsIgnorando E/S de plugin duplicada `%s' en %s, linea %dIgnorando política de plugin duplicada `%s' en %s, linea %dIgnorando política de plugin `%s' en %s, linea %dincompatible la versión principal de la política de plugin %d (se esperaba %d) encontrada in %serror interno: desbordamiento de %serror interno: trató ecalloc(0)error interno: trató emalloc(0)error interno: trató emalloc2(0)error interno: trató erealloc(0)error interno: trató erealloc3(0)error interno: trató erecalloc(0)Máximo de grupos inválido `%s' en %s, linea %darchivo de marca inválido lista los comandos del usuario disponibles load_interfaces: desbordamiento detectadono hay programa askpass especificado, intente establecer SUDO_ASKPASSno hay fondo de recursos aceptando las asignaciones existentes para el proyecto "%s"sin tty presente y no hay programa askpass especificadomodo no-interactivo, no se pedirá usuario sólo una política de plugin puede ser especificadaerror de plugin: falta la lista de archivos para sudoeditla política del plugin %s no incluye un método check_policyla política del plugin %s no soporta listado de privilegiosla política del plugin %s no soporta las opciones -k/-Kla política del plugin %s no soporta la opción -vla política del plugin %s no incluye un método `check_policy' política de plugin falló en la inicialización de sesión preserva el vector de grupos en vez de establecer de objetivo preserva entorno del usuario cuando está ejecutando un comando lee la contraseña desde la entrada estandar remueve un archivo de marca completamente requiere al menos un argumentoel límite de control de recursos ha sido alcanzadoejecuta un intérprete de comandos como un determinado usuario ejecuta un intérprete de comandos como un determinado usuario ejecuta un comando (o edita un archivo) como un usuario específico ejecuta un comando en segundo plano ejecuta un comando con la clase especificada de inicio de sesión selección fallidaasigna la variable HOME al directorio de inicio del usuario configuración del proyecto fallida "%s" el fondo de recursos especificado no existe para el proyecto "%s"detiene el proceso de argumentos de la línea de comandos sudoedit no está soportado en ésta plataformalas opciones '-A' y '-S' no se pueden utilizar conjuntamentela opción '-E' no es válida en el modo ediciónla opción '-U' sólo se puede usar con la opcion '-l'el argumento -C debe ser un número mayor o igual a 3la tarea que invoca es definitivano se puede asignar ptyno se puede cambiar al directorio %sno se puede cambiar de root a %sno se puede cambiar a runas uid (%u, %u)no se puede cambiar uid a root (%u)no se puede crear tuberíano se puede crear socketsno se puede determinar el método de forzadono se puede dlopen %s: %sno se puede hacer dup2 stdinno se puede ejecutar %sno se puede fgetfilecon %sno se puede de encontrar el símbolo `%s' en %sno se puede bifurcarno se puede obtener el actual contexto tty, no volver a etiquetar ttyno se puede obtener el tipo de regla predeterminada %sno se puede obtener el vector de grupono se puede obtener el nuevo contexto tty, no volver a etiquetar ttyno se puede inicializar la política de pluginno se pudo abrir %sno se puede abrir %s, no volver a etiquetar ttyno se puede de abrir el sistema de auditoríano se puede de abrir socketno se puede abrir userdbno se puede leer el archivo temporalno se puede remover PRIV_PROC_EXEC desde PRIV_LIMITno se puede restaurar el contexto para %sno se puede restaurar el registrono se puede restaurar stdinno se puede restaurar la etiqueta tty no se puede ejecutar %sno se puede guardar stdinno se puede enviar mensaje de auditoríano se puede establecer el controlador ttyno se puede establecer el gid efectivo para ejecutar como gid %uno se puede establecer el contexto de ejecución a %sno se puede establecer el gid a %uno se puede establecer el gid para ejecutar como gid %uno se puede establecer la clave de creación de contexto a %sno se puede establecer nuevo contexto ttyno se puede establecer la prioridad de procesono se puede establecer el grupo suplementario de IDsno se puede establecer la terminal en modo directono se puede establecer el uid a %uno se puede establecer el contexto del usuariono se puede establecer el contexto tty para %sno se puede stat en %sno se puede cambiar al registro "%s" para %sno se puede escribir en %sinesperada terminación de condición hija: %dtipo de respuesta inesperada en canales alternos %dinesperado modo sudo 0x%xclase de inicio de sesión desconocida %stipo de política desconocido %d encontrado en %suid desconocido %u: quién es usted?usuario desconocido: %sFuente de grupo no soportada `%s' en %s, linea %dactualiza la marca del usuario sin ejecutar un comando utilizar el programa de ayuda para la solicitud de contraseña utiliza tipo de autentificación especificado en BSD usa la contraseña especificada el usuario "%s" no es miembro del proyecto "%s"aviso, el control de asignación de recursos falló para el proyecto "%s"cuando está listando, lista los privilegios del usuario especificado no se deben especificar las opciones '-i' y '-E' simultáneamenteno se deben especificar las opciones '-i' y '-s' simultáneamenteno se debe especificar variables de entorno en el modo ediciónse debe especificar una regla por tipo %ssudo-1.8.9p5/src/po/es.po010064400175440000012000000552361226304126400145330ustar00millertstaff# traducción al español de sudo. # This file is distributed under the same license as the sudo package. # # Abel Sendón , 2012. msgid "" msgstr "" "Project-Id-Version: sudo 1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-04-02 10:40-0400\n" "PO-Revision-Date: 2013-07-01 15:57-0300\n" "Last-Translator: Abel Sendón \n" "Language-Team: Spanish \n" "Language: es\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.4\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Poedit-Language: Spanish\n" "X-Poedit-Country: ARGENTINA\n" #: common/aix.c:150 #, c-format msgid "unable to open userdb" msgstr "no se puede abrir userdb" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "no se puede cambiar al registro \"%s\" para %s" #: common/aix.c:170 #, c-format msgid "unable to restore registry" msgstr "no se puede restaurar el registro" #: common/alloc.c:82 msgid "internal error, tried to emalloc(0)" msgstr "error interno: trató emalloc(0)" #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" msgstr "error interno: trató emalloc2(0)" #: common/alloc.c:101 common/alloc.c:123 common/alloc.c:163 common/alloc.c:187 #, c-format msgid "internal error, %s overflow" msgstr "error interno: desbordamiento de %s" #: common/alloc.c:120 msgid "internal error, tried to ecalloc(0)" msgstr "error interno: trató ecalloc(0)" #: common/alloc.c:142 msgid "internal error, tried to erealloc(0)" msgstr "error interno: trató erealloc(0)" #: common/alloc.c:161 msgid "internal error, tried to erealloc3(0)" msgstr "error interno: trató erealloc3(0)" #: common/alloc.c:185 msgid "internal error, tried to erecalloc(0)" msgstr "error interno: trató erecalloc(0)" #: common/error.c:154 #, c-format msgid "%s: %s: %s\n" msgstr "%s:%s: %s\n" #: common/error.c:157 common/error.c:161 #, c-format msgid "%s: %s\n" msgstr "%s: %s\n" #: common/sudo_conf.c:172 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "Fuente de grupo no soportada `%s' en %s, linea %d" #: common/sudo_conf.c:186 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "Máximo de grupos inválido `%s' en %s, linea %d" #: common/sudo_conf.c:382 #, c-format msgid "unable to stat %s" msgstr "no se puede stat en %s" #: common/sudo_conf.c:385 #, c-format msgid "%s is not a regular file" msgstr "%s no es un archivo regular" #: common/sudo_conf.c:388 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s es adueñado por uid %u, sería %u" #: common/sudo_conf.c:392 #, c-format msgid "%s is world writable" msgstr "%s es escribible por todos" #: common/sudo_conf.c:395 #, c-format msgid "%s is group writable" msgstr "%s es escribible por el grupo" #: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "no se pudo abrir %s" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Señal desconocida" #: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "política de plugin falló en la inicialización de sesión " #: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220 #, c-format msgid "unable to fork" msgstr "no se puede bifurcar" #: src/exec.c:259 #, c-format msgid "unable to create sockets" msgstr "no se puede crear sockets" #: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "selección fallida" #: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "no se puede restaurar la etiqueta tty " #: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "no se puede remover PRIV_PROC_EXEC desde PRIV_LIMIT" #: src/exec_pty.c:183 #, c-format msgid "unable to allocate pty" msgstr "no se puede asignar pty" #: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 #: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217 #, c-format msgid "unable to create pipe" msgstr "no se puede crear tubería" #: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" msgstr "no se puede establecer la terminal en modo directo" #: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "no se puede establecer el controlador tty" #: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "error al leer desde la tubería de la señal" #: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "error al leer de la tubería" #: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "error leyendo de socketpair" #: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "tipo de respuesta inesperada en canales alternos %d" #: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 #: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 #: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "error en %s, línea %d mientras carga plugin `%s'" #: src/load_plugins.c:72 #, c-format msgid "%s: %s" msgstr "%s: %s" #: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "%s debe ser propiedad del uid %d" #: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "%s sólo tener permisos de escritura por el propietario" #: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "no se puede dlopen %s: %s" #: src/load_plugins.c:194 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "no se puede de encontrar el símbolo `%s' en %s" #: src/load_plugins.c:201 #, c-format msgid "unknown policy type %d found in %s" msgstr "tipo de política desconocido %d encontrado en %s" #: src/load_plugins.c:207 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "incompatible la versión principal de la política de plugin %d (se esperaba %d) encontrada in %s" #: src/load_plugins.c:216 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "Ignorando política de plugin `%s' en %s, linea %d" #: src/load_plugins.c:218 #, c-format msgid "only a single policy plugin may be specified" msgstr "sólo una política de plugin puede ser especificada" #: src/load_plugins.c:221 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "Ignorando política de plugin duplicada `%s' en %s, linea %d" #: src/load_plugins.c:236 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "Ignorando E/S de plugin duplicada `%s' en %s, linea %d" #: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "la política del plugin %s no incluye un método check_policy" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: desbordamiento detectado" #: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "no se puede de abrir socket" #: src/parse_args.c:197 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "el argumento -C debe ser un número mayor o igual a 3" #: src/parse_args.c:286 #, c-format msgid "unknown user: %s" msgstr "usuario desconocido: %s" #: src/parse_args.c:345 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "no se deben especificar las opciones '-i' y '-s' simultáneamente" #: src/parse_args.c:349 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "no se deben especificar las opciones '-i' y '-E' simultáneamente" #: src/parse_args.c:359 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "la opción '-E' no es válida en el modo edición" #: src/parse_args.c:361 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "no se debe especificar variables de entorno en el modo edición" #: src/parse_args.c:369 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "la opción '-U' sólo se puede usar con la opcion '-l'" #: src/parse_args.c:373 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "las opciones '-A' y '-S' no se pueden utilizar conjuntamente" #: src/parse_args.c:456 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit no está soportado en ésta plataforma" #: src/parse_args.c:529 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "puede ser especificada sólo una de las opciones -e, -h, -i, -K, -l, -s, -v o -V" #: src/parse_args.c:543 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s - edita archivos como otro usuario\n" "\n" #: src/parse_args.c:545 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s - ejecuta un comando como otro usuario\n" "\n" #: src/parse_args.c:550 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "Opciones:\n" #: src/parse_args.c:552 msgid "use helper program for password prompting\n" msgstr "utilizar el programa de ayuda para la solicitud de contraseña\n" #: src/parse_args.c:555 msgid "use specified BSD authentication type\n" msgstr "utiliza tipo de autentificación especificado en BSD\n" #: src/parse_args.c:558 msgid "run command in the background\n" msgstr "ejecuta un comando en segundo plano\n" #: src/parse_args.c:560 msgid "close all file descriptors >= fd\n" msgstr "cierra todos los descriptores de archivo >= fd\n" #: src/parse_args.c:563 msgid "run command with specified login class\n" msgstr "ejecuta un comando con la clase especificada de inicio de sesión\n" #: src/parse_args.c:566 msgid "preserve user environment when executing command\n" msgstr "preserva entorno del usuario cuando está ejecutando un comando\n" #: src/parse_args.c:568 msgid "edit files instead of running a command\n" msgstr "edita archivos en vez de ejecutar un comando\n" #: src/parse_args.c:570 msgid "execute command as the specified group\n" msgstr "ejecuta un comando como el grupo especificado\n" #: src/parse_args.c:572 msgid "set HOME variable to target user's home dir.\n" msgstr "asigna la variable HOME al directorio de inicio del usuario\n" #: src/parse_args.c:574 msgid "display help message and exit\n" msgstr "muestra este mensaje de ayuda y sale\n" #: src/parse_args.c:576 msgid "run a login shell as target user\n" msgstr "ejecuta un intérprete de comandos como un determinado usuario\n" #: src/parse_args.c:578 msgid "remove timestamp file completely\n" msgstr "remueve un archivo de marca completamente\n" #: src/parse_args.c:580 msgid "invalidate timestamp file\n" msgstr "archivo de marca inválido\n" #: src/parse_args.c:582 msgid "list user's available commands\n" msgstr "lista los comandos del usuario disponibles\n" #: src/parse_args.c:584 msgid "non-interactive mode, will not prompt user\n" msgstr "modo no-interactivo, no se pedirá usuario\n" #: src/parse_args.c:586 msgid "preserve group vector instead of setting to target's\n" msgstr "preserva el vector de grupos en vez de establecer de objetivo\n" #: src/parse_args.c:588 msgid "use specified password prompt\n" msgstr "usa la contraseña especificada\n" #: src/parse_args.c:591 src/parse_args.c:599 msgid "create SELinux security context with specified role\n" msgstr "crea el contexto de seguridad SELinux con la regla especificada\n" #: src/parse_args.c:594 msgid "read password from standard input\n" msgstr "lee la contraseña desde la entrada estandar\n" #: src/parse_args.c:596 msgid "run a shell as target user\n" msgstr "ejecuta un intérprete de comandos como un determinado usuario\n" #: src/parse_args.c:602 msgid "when listing, list specified user's privileges\n" msgstr "cuando está listando, lista los privilegios del usuario especificado\n" #: src/parse_args.c:604 msgid "run command (or edit file) as specified user\n" msgstr "ejecuta un comando (o edita un archivo) como un usuario específico\n" #: src/parse_args.c:606 msgid "display version information and exit\n" msgstr "muestra la información de la versión y sale\n" #: src/parse_args.c:608 msgid "update user's timestamp without running a command\n" msgstr "actualiza la marca del usuario sin ejecutar un comando\n" #: src/parse_args.c:610 msgid "stop processing command line arguments\n" msgstr "detiene el proceso de argumentos de la línea de comandos\n" #: src/selinux.c:77 #, c-format msgid "unable to open audit system" msgstr "no se puede de abrir el sistema de auditoría" #: src/selinux.c:85 #, c-format msgid "unable to send audit message" msgstr "no se puede enviar mensaje de auditoría" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "no se puede fgetfilecon %s" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s etiquetas cambiadas" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "no se puede restaurar el contexto para %s" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "no se puede abrir %s, no volver a etiquetar tty" #: src/selinux.c:172 #, c-format msgid "unable to get current tty context, not relabeling tty" msgstr "no se puede obtener el actual contexto tty, no volver a etiquetar tty" #: src/selinux.c:179 #, c-format msgid "unable to get new tty context, not relabeling tty" msgstr "no se puede obtener el nuevo contexto tty, no volver a etiquetar tty" #: src/selinux.c:186 #, c-format msgid "unable to set new tty context" msgstr "no se puede establecer nuevo contexto tty" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "se debe especificar una regla por tipo %s" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "no se puede obtener el tipo de regla predeterminada %s" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "falló al establecer nueva regla %s" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "falló al establecer nuevo tipo %s" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s no es un contexto válido" #: src/selinux.c:324 #, c-format msgid "failed to get old_context" msgstr "falló al obtener old_context" #: src/selinux.c:330 #, c-format msgid "unable to determine enforcing mode." msgstr "no se puede determinar el método de forzado" #: src/selinux.c:342 #, c-format msgid "unable to setup tty context for %s" msgstr "no se puede establecer el contexto tty para %s" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "no se puede establecer el contexto de ejecución a %s" #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "no se puede establecer la clave de creación de contexto a %s" #: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "requiere al menos un argumento" #: src/sesh.c:78 src/sudo.c:1126 #, c-format msgid "unable to execute %s" msgstr "no se puede ejecutar %s" #: src/solaris.c:88 #, c-format msgid "resource control limit has been reached" msgstr "el límite de control de recursos ha sido alcanzado" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "el usuario \"%s\" no es miembro del proyecto \"%s\"" #: src/solaris.c:95 #, c-format msgid "the invoking task is final" msgstr "la tarea que invoca es definitiva" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "no podría unirse al proyecto \"%s\"" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "no hay fondo de recursos aceptando las asignaciones existentes para el proyecto \"%s\"" #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "el fondo de recursos especificado no existe para el proyecto \"%s\"" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "no se podría enlazar al fondo de recursos predeterminado para el proyecto \"%s\" " #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "configuración del proyecto fallida \"%s\" " #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "aviso, el control de asignación de recursos falló para el proyecto \"%s\"" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo versión %s\n" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Opciones de configuración: %s\n" #: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" msgstr "error fatal, no se puede cargar los plugins" #: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" msgstr "no se puede inicializar la política de plugin" #: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "error al inicializar los plugins de E/S %s" #: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "inesperado modo sudo 0x%x" #: src/sudo.c:413 #, c-format msgid "unable to get group vector" msgstr "no se puede obtener el vector de grupo" #: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "uid desconocido %u: quién es usted?" #: src/sudo.c:802 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s debe ser propiedad del uid %d y tener el bit setuid establecido" #: src/sudo.c:805 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "el uid no es %d, es %s en un sistema de archivos con la opción 'nosuid' establecida o un sistema de archivos NFS sin privilegios de root?" #: src/sudo.c:811 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "el uid efectivo no es %d, sudo está instalado con setuid root?" #: src/sudo.c:915 #, c-format msgid "unknown login class %s" msgstr "clase de inicio de sesión desconocida %s" #: src/sudo.c:929 src/sudo.c:932 #, c-format msgid "unable to set user context" msgstr "no se puede establecer el contexto del usuario" #: src/sudo.c:944 #, c-format msgid "unable to set supplementary group IDs" msgstr "no se puede establecer el grupo suplementario de IDs" #: src/sudo.c:951 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "no se puede establecer el gid efectivo para ejecutar como gid %u" #: src/sudo.c:957 #, c-format msgid "unable to set gid to runas gid %u" msgstr "no se puede establecer el gid para ejecutar como gid %u" #: src/sudo.c:964 #, c-format msgid "unable to set process priority" msgstr "no se puede establecer la prioridad de proceso" #: src/sudo.c:972 #, c-format msgid "unable to change root to %s" msgstr "no se puede cambiar de root a %s" #: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "no se puede cambiar a runas uid (%u, %u)" #: src/sudo.c:1005 #, c-format msgid "unable to change directory to %s" msgstr "no se puede cambiar al directorio %s" #: src/sudo.c:1089 #, c-format msgid "unexpected child termination condition: %d" msgstr "inesperada terminación de condición hija: %d" #: src/sudo.c:1146 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "la política del plugin %s no incluye un método `check_policy' " #: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "la política del plugin %s no soporta listado de privilegios" #: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "la política del plugin %s no soporta la opción -v" #: src/sudo.c:1183 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "la política del plugin %s no soporta las opciones -k/-K" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "no se puede cambiar uid a root (%u)" #: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "error de plugin: falta la lista de archivos para sudoedit" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: no es un archivo regular" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: escritura corta" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s sin modificar" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s sin cambios" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "no se puede escribir en %s" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "los contenidos de edición de sesión se dejan en %s" #: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "no se puede leer el archivo temporal" #: src/tgetpass.c:89 #, c-format msgid "no tty present and no askpass program specified" msgstr "sin tty presente y no hay programa askpass especificado" #: src/tgetpass.c:98 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "no hay programa askpass especificado, intente establecer SUDO_ASKPASS" #: src/tgetpass.c:230 #, c-format msgid "unable to set gid to %u" msgstr "no se puede establecer el gid a %u" #: src/tgetpass.c:234 #, c-format msgid "unable to set uid to %u" msgstr "no se puede establecer el uid a %u" #: src/tgetpass.c:239 #, c-format msgid "unable to run %s" msgstr "no se puede ejecutar %s" #: src/utmp.c:278 #, c-format msgid "unable to save stdin" msgstr "no se puede guardar stdin" #: src/utmp.c:280 #, c-format msgid "unable to dup2 stdin" msgstr "no se puede hacer dup2 stdin" #: src/utmp.c:283 #, c-format msgid "unable to restore stdin" msgstr "no se puede restaurar stdin" #~ msgid "unable to allocate memory" #~ msgstr "no se puede de asignar memoria" #~ msgid ": " #~ msgstr ": " #~ msgid "%s: at least one policy plugin must be specified" #~ msgstr "%s: debe ser especificada al menos una política de plugin" #~ msgid "internal error, emalloc2() overflow" #~ msgstr "error interno: desbordamiento en emalloc2()" #~ msgid "internal error, erealloc3() overflow" #~ msgstr "error interno: desbordamiento de erealloc3()" #~ msgid "must be setuid root" #~ msgstr "debe ser setuid root" #~ msgid "the argument to -D must be between 1 and 9 inclusive" #~ msgstr "el argumento -D debe estar entre 1 y 9 inclusive" sudo-1.8.9p5/src/po/eu.mo010064400175440000012000000151341226304146200145230ustar00millertstaffÞ•H\aœ  !!,(N$wœ ·ÄÍÔë#&I=‡˜§Ã â:#X#|$ #Å$é$ %3 Y t "” · 6Ë / !2 T !s • "£ *Æ 2ñ )$ 5N >„ 4à ø ! 4 J c {  ¥ ¾ Í ã ù  2 J [ p ˆ (  É (ß 22L6Œ¶ C7N:†+Á!í'.Jj†ˆR¢õ!";"^##Á+å$&62]33Ä4ø#-7Q&‰°@Ç3&< c:„¿0Ö/87(p:™.Ô48"PsŠ#¡Åá$ö-D)[…¤ÁÖî-L0d•7°7è; H "9' 1<@*!.=0$6/2,% BA&4)G+#E- 7C8 D;:> 5(?F3 Options: %s - edit files as another user %s - execute a command as another user %s must be only be writable by owner%s must be owned by uid %d%s unchanged%s%s: %s%s: %s%s: not a regular file%s: unable to find symbol %s%s: unknown policy type %d: Configure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalcould not join project "%s"display help message and exit error initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairfatal error, unable to load pluginsinternal error, emalloc2() overflowinternal error, erealloc3() overflowinternal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)invalidate timestamp file list user's available commands load_interfaces: overflow detectedmust be setuid rootno askpass program specified, try setting SUDO_ASKPASSno tty present and no askpass program specifiedremove timestamp file completely requires at least one argumentrun a login shell as target user select failedsetproject failed for project "%s"sudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the argument to -D must be between 1 and 9 inclusiveunable to allocate memoryunable to change uid to root (%u)unable to create pipeunable to create socketsunable to dlopen %s: %sunable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to forkunable to open socketunable to open userdbunable to read temporary fileunable to restore registryunable to restore stdinunable to run %sunable to save stdinunable to set gid to %uunable to set uid to %uunable to switch to registry "%s" for %sunable to write to %sunexpected reply type on backchannel: %dunknown user: %syou may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeProject-Id-Version: sudo 1.8.2rc2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2011-06-04 18:27-0400 PO-Revision-Date: 2011-06-06 18:28+0100 Last-Translator: Mikel Olasagasti Uranga Language-Team: Basque Language: eu MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Aukerak: %s - editatu fitxategia beste erabiltzaile bat bezala %s - exekutatu komandu bat beste erabiltzaile bat bezala %s jabeak bakarrik idazteko moduan behar du%s-(r)en jabeak %d uid-a behar du%s aldatugabea%s%s: %s%s: %s%s: ez da fitxategi normala%s: ezin da %s sinboloa aurkitu%s: %d arau moeta ezezaguna:Konfigurazio aukerak: %s Soilik -e, -h, -i, -K, -l, -s, -v edo -V aukeretako bat definitu beharko litzateke%s sudo bertsioa Seinale ezezagunaezin izan da "%s" proiektura batulaguntza mezua erakutsi eta irten errorea %s I/O plugina abiarazteanerrorea hoditik irakurtzeanerrorea seinale hoditik irakurtzeanerrorea socketpair-etik irakurtzeanerrore larria, ezin dira gehigarriak gehitubarne errorea, emalloc2() overflow-abarne errorea, erealloc3(0) overflow-abarne errorea, emalloc(0) egiteko saiakera egon dabarne errorea, emalloc2(0) egiteko saiakera egon dabarne errorea, erealloc(0) egiteko saiakera egon dabarne errorea, erealloc3(0) egiteko saiakera egon dabaliogabetu data-zigilu fitxategia zerrendatu erabiltzaileak eskuragarri dituen komandoak load_interfaces: overflow-a atzeman daroot setuid-a behar duez da askpass aplikaziorik zehaztu, saiatu SUDO_ASKPASS ezartzenez dago tty-rik eta askpass aplikazioa zehaztu gabeezabatu guztiz data-zigilu fitxategia gutxienez argumentu bat behar duabiarazi login shell bat helburua den erabiltzaile moduan select-ek huts egin dusetproject-ek huts egin du "%s" proiektuarentzatsudoedit-ek ez du euskarririk plataforma hontan`-A' eta `-S' aukerak ez lirateke batera erabili beharko`-E' aukera ez da onartzen edizio moduan`-U' aukera `-l' aukerarekin erabili beharko zenuke soilik-C argumentuak 3 edo zenbaki altuagoa behar du-D argumentua 1 eta 9 bitartean behar du, biak barneezin da memoria esleituezin da uid-a root-era aldatu (%u)ezin da pipe bat sortuezin da socketik sortuezin da %s-(r)engan dlopen egin: %sezin da stdin-era dup2 eginezin da %s exekutatuezin da %s-(r)engan fgetfilecon eginezin da fork eginezin da socket-a irekiezin da userdb-a irekiezin da aldi baterako fitxategia irakurriezin da erregistroa leheneratuezin da stdin-era leheneratuezin da %s exekutatuezin da stdin-era gordeezin da %u gid-a ezarriezin da %u uid-a ezarriezin da "%s" erregistrora aldatu %s-(r)entzatezin da %s-(e)ra idatziespero ez zen erantzun moeta backchannel-ean: %derabiltzaile ezezaguna: %sez zenitzuke `-i' eta `-E' aukerak batera erabili beharez zenituzke `-i' eta `-s' aukerak batera erabili beharez zenuke ingurune aldagairik zehaztu beharko edizio moduansudo-1.8.9p5/src/po/eu.po010064400175440000012000000401521226304126400145240ustar00millertstaff# Basque translation of sudo. # Copyright (C) 2011 Free Software Foundation, Inc. # This file is distributed under the same license as the sudo package. # Mikel Olasagasti Uranga , 2011. # msgid "" msgstr "" "Project-Id-Version: sudo 1.8.2rc2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2011-06-04 18:27-0400\n" "PO-Revision-Date: 2011-06-06 18:28+0100\n" "Last-Translator: Mikel Olasagasti Uranga \n" "Language-Team: Basque \n" "Language: eu\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "\n" #: src/error.c:82 src/error.c:86 msgid ": " msgstr ":" #: src/exec.c:125 src/exec_pty.c:573 src/exec_pty.c:880 src/tgetpass.c:224 #, c-format msgid "unable to fork" msgstr "ezin da fork egin" #: src/exec.c:246 #, c-format msgid "unable to create sockets" msgstr "ezin da socketik sortu" #: src/exec.c:253 src/exec_pty.c:526 src/exec_pty.c:534 src/exec_pty.c:541 #: src/exec_pty.c:826 src/exec_pty.c:877 src/tgetpass.c:221 #, c-format msgid "unable to create pipe" msgstr "ezin da pipe bat sortu" #: src/exec.c:319 src/exec_pty.c:944 src/exec_pty.c:1077 #, c-format msgid "select failed" msgstr "select-ek huts egin du" #: src/exec.c:387 #, c-format msgid "unable to restore tty label" msgstr "" #: src/exec_pty.c:136 #, c-format msgid "unable to allocate pty" msgstr "" #: src/exec_pty.c:566 #, c-format msgid "unable to set terminal to raw mode" msgstr "" #: src/exec_pty.c:858 #, c-format msgid "unable to set controlling tty" msgstr "" #: src/exec_pty.c:952 #, c-format msgid "error reading from signal pipe" msgstr "errorea seinale hoditik irakurtzean" #: src/exec_pty.c:971 #, c-format msgid "error reading from pipe" msgstr "errorea hoditik irakurtzean" #: src/exec_pty.c:987 #, c-format msgid "error reading from socketpair" msgstr "errorea socketpair-etik irakurtzean" #: src/exec_pty.c:991 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "espero ez zen erantzun moeta backchannel-ean: %d" #: src/load_plugins.c:154 #, c-format msgid "%s: %s" msgstr "%s: %s" #: src/load_plugins.c:160 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:170 #, c-format msgid "%s must be owned by uid %d" msgstr "%s-(r)en jabeak %d uid-a behar du" #: src/load_plugins.c:174 #, c-format msgid "%s must be only be writable by owner" msgstr "%s jabeak bakarrik idazteko moduan behar du" #: src/load_plugins.c:181 #, c-format msgid "unable to dlopen %s: %s" msgstr "ezin da %s-(r)engan dlopen egin: %s" #: src/load_plugins.c:186 #, c-format msgid "%s: unable to find symbol %s" msgstr "%s: ezin da %s sinboloa aurkitu" #: src/load_plugins.c:192 #, c-format msgid "%s: unknown policy type %d" msgstr "%s: %d arau moeta ezezaguna" #: src/load_plugins.c:196 #, c-format msgid "%s: incompatible policy major version %d, expected %d" msgstr "" #: src/load_plugins.c:203 #, c-format msgid "%s: only a single policy plugin may be loaded" msgstr "" #: src/load_plugins.c:221 #, c-format msgid "%s: at least one policy plugin must be specified" msgstr "" #: src/load_plugins.c:226 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "" #: src/net_ifs.c:155 src/net_ifs.c:164 src/net_ifs.c:176 src/net_ifs.c:185 #: src/net_ifs.c:295 src/net_ifs.c:319 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: overflow-a atzeman da" #: src/net_ifs.c:224 #, c-format msgid "unable to open socket" msgstr "ezin da socket-a ireki" #: src/parse_args.c:180 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "-C argumentuak 3 edo zenbaki altuagoa behar du" #: src/parse_args.c:192 #, c-format msgid "the argument to -D must be between 1 and 9 inclusive" msgstr "-D argumentua 1 eta 9 bitartean behar du, biak barne" #: src/parse_args.c:273 #, c-format msgid "unknown user: %s" msgstr "erabiltzaile ezezaguna: %s" #: src/parse_args.c:332 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "ez zenituzke `-i' eta `-s' aukerak batera erabili behar" #: src/parse_args.c:336 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "ez zenitzuke `-i' eta `-E' aukerak batera erabili behar" #: src/parse_args.c:346 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "`-E' aukera ez da onartzen edizio moduan" #: src/parse_args.c:348 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "ez zenuke ingurune aldagairik zehaztu beharko edizio moduan" #: src/parse_args.c:356 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "`-U' aukera `-l' aukerarekin erabili beharko zenuke soilik" #: src/parse_args.c:360 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "`-A' eta `-S' aukerak ez lirateke batera erabili beharko" #: src/parse_args.c:418 src/sudo.c:398 src/sudo.c:418 src/sudo.c:426 #: src/sudo.c:436 common/alloc.c:85 common/alloc.c:105 common/alloc.c:123 #: common/alloc.c:145 common/alloc.c:203 common/alloc.c:217 #, c-format msgid "unable to allocate memory" msgstr "ezin da memoria esleitu" #: src/parse_args.c:431 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit-ek ez du euskarririk plataforma hontan" #: src/parse_args.c:502 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Soilik -e, -h, -i, -K, -l, -s, -v edo -V aukeretako bat definitu beharko litzateke" #: src/parse_args.c:515 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s - editatu fitxategia beste erabiltzaile bat bezala\n" "\n" #: src/parse_args.c:517 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s - exekutatu komandu bat beste erabiltzaile bat bezala\n" "\n" #: src/parse_args.c:522 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "Aukerak:\n" #: src/parse_args.c:525 msgid "use helper program for password prompting\n" msgstr "" #: src/parse_args.c:528 msgid "use specified BSD authentication type\n" msgstr "" #: src/parse_args.c:530 msgid "run command in the background\n" msgstr "" #: src/parse_args.c:532 msgid "close all file descriptors >= fd\n" msgstr "" #: src/parse_args.c:535 msgid "run command with specified login class\n" msgstr "" #: src/parse_args.c:538 msgid "preserve user environment when executing command\n" msgstr "" #: src/parse_args.c:540 msgid "edit files instead of running a command\n" msgstr "" #: src/parse_args.c:542 msgid "execute command as the specified group\n" msgstr "" #: src/parse_args.c:544 msgid "set HOME variable to target user's home dir.\n" msgstr "" #: src/parse_args.c:546 msgid "display help message and exit\n" msgstr "laguntza mezua erakutsi eta irten\n" #: src/parse_args.c:548 msgid "run a login shell as target user\n" msgstr "abiarazi login shell bat helburua den erabiltzaile moduan\n" #: src/parse_args.c:550 msgid "remove timestamp file completely\n" msgstr "ezabatu guztiz data-zigilu fitxategia\n" #: src/parse_args.c:552 msgid "invalidate timestamp file\n" msgstr "baliogabetu data-zigilu fitxategia\n" #: src/parse_args.c:554 msgid "list user's available commands\n" msgstr "zerrendatu erabiltzaileak eskuragarri dituen komandoak\n" #: src/parse_args.c:556 msgid "non-interactive mode, will not prompt user\n" msgstr "" #: src/parse_args.c:558 msgid "preserve group vector instead of setting to target's\n" msgstr "" #: src/parse_args.c:560 msgid "use specified password prompt\n" msgstr "" #: src/parse_args.c:563 src/parse_args.c:571 msgid "create SELinux security context with specified role\n" msgstr "" #: src/parse_args.c:566 msgid "read password from standard input\n" msgstr "" #: src/parse_args.c:568 msgid "run a shell as target user\n" msgstr "" #: src/parse_args.c:574 msgid "when listing, list specified user's privileges\n" msgstr "" #: src/parse_args.c:576 msgid "run command (or edit file) as specified user\n" msgstr "" #: src/parse_args.c:578 msgid "display version information and exit\n" msgstr "" #: src/parse_args.c:580 msgid "update user's timestamp without running a command\n" msgstr "" #: src/parse_args.c:582 msgid "stop processing command line arguments\n" msgstr "" #: src/selinux.c:75 #, c-format msgid "unable to open audit system" msgstr "" #: src/selinux.c:85 #, c-format msgid "unable to send audit message" msgstr "" #: src/selinux.c:112 #, c-format msgid "unable to fgetfilecon %s" msgstr "ezin da %s-(r)engan fgetfilecon egin" #: src/selinux.c:117 #, c-format msgid "%s changed labels" msgstr "" #: src/selinux.c:122 #, c-format msgid "unable to restore context for %s" msgstr "" #: src/selinux.c:161 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "" #: src/selinux.c:170 #, c-format msgid "unable to get current tty context, not relabeling tty" msgstr "" #: src/selinux.c:177 #, c-format msgid "unable to get new tty context, not relabeling tty" msgstr "" #: src/selinux.c:184 #, c-format msgid "unable to set new tty context" msgstr "" #: src/selinux.c:194 src/selinux.c:207 src/sudo.c:330 #, c-format msgid "unable to open %s" msgstr "" #: src/selinux.c:249 #, c-format msgid "you must specify a role for type %s" msgstr "" #: src/selinux.c:255 #, c-format msgid "unable to get default type for role %s" msgstr "" #: src/selinux.c:273 #, c-format msgid "failed to set new role %s" msgstr "" #: src/selinux.c:277 #, c-format msgid "failed to set new type %s" msgstr "" #: src/selinux.c:286 #, c-format msgid "%s is not a valid context" msgstr "" #: src/selinux.c:320 #, c-format msgid "failed to get old_context" msgstr "" #: src/selinux.c:326 #, c-format msgid "unable to determine enforcing mode." msgstr "" #: src/selinux.c:338 #, c-format msgid "unable to setup tty context for %s" msgstr "" #: src/selinux.c:367 #, c-format msgid "unable to set exec context to %s" msgstr "" #: src/selinux.c:374 #, c-format msgid "unable to set key creation context to %s" msgstr "" #: src/sesh.c:48 msgid "requires at least one argument" msgstr "gutxienez argumentu bat behar du" #: src/sesh.c:64 #, c-format msgid "unable to execute %s" msgstr "ezin da %s exekutatu" #: src/sudo.c:192 #, c-format msgid "must be setuid root" msgstr "root setuid-a behar du" #: src/sudo.c:210 #, c-format msgid "Sudo version %s\n" msgstr "%s sudo bertsioa\n" #: src/sudo.c:212 #, c-format msgid "Configure options: %s\n" msgstr "Konfigurazio aukerak: %s\n" #: src/sudo.c:217 #, c-format msgid "fatal error, unable to load plugins" msgstr "errore larria, ezin dira gehigarriak gehitu" #: src/sudo.c:225 #, c-format msgid "unable to initialize policy plugin" msgstr "" #: src/sudo.c:280 #, c-format msgid "error initializing I/O plugin %s" msgstr "errorea %s I/O plugina abiaraztean" #: src/sudo.c:307 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "" #: src/sudo.c:356 #, c-format msgid "unable to get group vector" msgstr "" #: src/sudo.c:394 #, c-format msgid "unknown uid %u: who are you?" msgstr "" #: src/sudo.c:734 #, c-format msgid "resource control limit has been reached" msgstr "" #: src/sudo.c:737 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "" #: src/sudo.c:741 #, c-format msgid "the invoking task is final" msgstr "" #: src/sudo.c:744 #, c-format msgid "could not join project \"%s\"" msgstr "ezin izan da \"%s\" proiektura batu" #: src/sudo.c:749 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "" #: src/sudo.c:753 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "" #: src/sudo.c:757 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "" #: src/sudo.c:763 #, c-format msgid "setproject failed for project \"%s\"" msgstr "setproject-ek huts egin du \"%s\" proiektuarentzat" #: src/sudo.c:765 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "" #: src/sudo.c:791 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "" #: src/sudo.c:895 #, c-format msgid "unknown login class %s" msgstr "" #: src/sudo.c:902 src/sudo.c:905 #, c-format msgid "unable to set user context" msgstr "" #: src/sudo.c:916 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "" #: src/sudo.c:921 #, c-format msgid "unable to set gid to runas gid %u" msgstr "" #: src/sudo.c:929 src/sudo.c:935 #, c-format msgid "unable to set supplementary group IDs" msgstr "" #: src/sudo.c:943 #, c-format msgid "unable to set process priority" msgstr "" #: src/sudo.c:951 #, c-format msgid "unable to change root to %s" msgstr "" #: src/sudo.c:961 src/sudo.c:967 src/sudo.c:973 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "" #: src/sudo.c:987 #, c-format msgid "unable to change directory to %s" msgstr "" #: src/sudo.c:1078 #, c-format msgid "unexpected child termination condition: %d" msgstr "" #: src/sudo.c:1118 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "" #: src/sudo.c:1129 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "" #: src/sudo.c:1140 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "" #: src/sudo_edit.c:108 #, c-format msgid "unable to change uid to root (%u)" msgstr "ezin da uid-a root-era aldatu (%u)" #: src/sudo_edit.c:140 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "" #: src/sudo_edit.c:172 src/sudo_edit.c:280 #, c-format msgid "%s: not a regular file" msgstr "%s: ez da fitxategi normala" #: src/sudo_edit.c:206 src/sudo_edit.c:316 #, c-format msgid "%s: short write" msgstr "" #: src/sudo_edit.c:281 #, c-format msgid "%s left unmodified" msgstr "" #: src/sudo_edit.c:294 #, c-format msgid "%s unchanged" msgstr "%s aldatugabea" #: src/sudo_edit.c:306 src/sudo_edit.c:327 #, c-format msgid "unable to write to %s" msgstr "ezin da %s-(e)ra idatzi" #: src/sudo_edit.c:307 src/sudo_edit.c:325 src/sudo_edit.c:328 #, c-format msgid "contents of edit session left in %s" msgstr "" #: src/sudo_edit.c:324 #, c-format msgid "unable to read temporary file" msgstr "ezin da aldi baterako fitxategia irakurri" #: src/tgetpass.c:95 #, c-format msgid "no tty present and no askpass program specified" msgstr "ez dago tty-rik eta askpass aplikazioa zehaztu gabe" #: src/tgetpass.c:104 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "ez da askpass aplikaziorik zehaztu, saiatu SUDO_ASKPASS ezartzen" #: src/tgetpass.c:234 #, c-format msgid "unable to set gid to %u" msgstr "ezin da %u gid-a ezarri" #: src/tgetpass.c:238 #, c-format msgid "unable to set uid to %u" msgstr "ezin da %u uid-a ezarri" #: src/tgetpass.c:243 #, c-format msgid "unable to run %s" msgstr "ezin da %s exekutatu" #: src/utmp.c:263 #, c-format msgid "unable to save stdin" msgstr "ezin da stdin-era gorde" #: src/utmp.c:265 #, c-format msgid "unable to dup2 stdin" msgstr "ezin da stdin-era dup2 egin" #: src/utmp.c:268 #, c-format msgid "unable to restore stdin" msgstr "ezin da stdin-era leheneratu" #: common/aix.c:144 #, c-format msgid "unable to open userdb" msgstr "ezin da userdb-a ireki" #: common/aix.c:147 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "ezin da \"%s\" erregistrora aldatu %s-(r)entzat" #: common/aix.c:161 #, c-format msgid "unable to restore registry" msgstr "ezin da erregistroa leheneratu" #: common/alloc.c:82 #, c-format msgid "internal error, tried to emalloc(0)" msgstr "barne errorea, emalloc(0) egiteko saiakera egon da" #: common/alloc.c:99 #, c-format msgid "internal error, tried to emalloc2(0)" msgstr "barne errorea, emalloc2(0) egiteko saiakera egon da" #: common/alloc.c:101 #, c-format msgid "internal error, emalloc2() overflow" msgstr "barne errorea, emalloc2() overflow-a" #: common/alloc.c:119 #, c-format msgid "internal error, tried to erealloc(0)" msgstr "barne errorea, erealloc(0) egiteko saiakera egon da" #: common/alloc.c:138 #, c-format msgid "internal error, tried to erealloc3(0)" msgstr "barne errorea, erealloc3(0) egiteko saiakera egon da" #: common/alloc.c:140 #, c-format msgid "internal error, erealloc3() overflow" msgstr "barne errorea, erealloc3(0) overflow-a" #: compat/strsignal.c:47 msgid "Unknown signal" msgstr "Seinale ezezaguna" sudo-1.8.9p5/src/po/fi.mo010064400175440000012000000434411226304146200145120ustar00millertstaffÞ•§Tߌ  !(6_q†Ÿ#¹Ýò$*6E |‰’™ ¡­ÄÔIë5F!U#w8›Ô3ð3$X$v'›{Ã7?.w¦ ºÛó0Jd#~1¢4Ô* )4>^#¹#Ý$$&%K%q&— ¾ÌOæ"66YC/Ô),.,[7ˆ4À3õ/)5Y+4».ð! Ab'7©-á,-.ZC‰=Í+ "77Z&’*¹2ä)5A>w¶Ñî &&B!i‹¡#ºÞó !B5Q&‡®1É"û4%Flˆž´/Ò  # > V r ƒ ˜ µ +Ó ÿ  !!8!(Z!ƒ!¡!%À!"æ! ")"A"\"(n"—"*­"(Ø"##"2#U#,r#1Ÿ#+Ñ#%ý#!#$)E$o$$<$2Ì$2ÿ$62%#i%®% <'0J'/{'«'À'Ú' ø')(C(\(/z(#ª(FÎ()$)-)4) <)H)g){)N‘)à)ð)$*0)*9Z*-”*6Â*6ù*0+O+1n+¼ +_],>½,ü,+-B-!\-~-*ž-(É-(ò-0.NL.P›.Fì.83/Nl/»/0Ø/0 01:01l02ž02Ñ0G1L1^1nz1"é1H 2HU2Jž2/é2530O3:€3=»30ù3-*4@X49™4<Ó485I5!h5$Š5¯5ZÏ5=*6h63‚68¶6Yï6NI7A˜73Ú7:8)I8(s8:œ84×8F 91S9%…9+«9×9$õ9<:IW:I¡:ë:";.+;7Z;%’;/¸;8è;!<Q9</‹<!»<NÝ</,=&\=!ƒ=B¥=+è=!>46>,k>D˜>4Ý>-?)@?&j?-‘?,¿?)ì?'@f>@.¥@.Ô@WA3[A/A-¿A0íA3B*RB3}B0±B*âBG C)UC.C,®CÛCöC6D1MD7D7·D$ïD+E(@E4iEžE²E>ÆEVFV\FG³F%ûF3XVt5˜E>^|T€*„/!@FOBpze  Aƒ6“–\ …Qdœqv{’=¤f¦(Z•‡I:r+`kMU[›Cw¥<žhamJ4ŒRu ¢1‚)#N iD%o?&ІG§,ˆLH] sŽ; g-2"bPKW$Y£908}”™'_‘—.j¡~xl7n‰‹ycŸSš Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: %s %s: %s: %s %s: not a regular file%s: short writeConfigure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= numcontents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified rolecreate SELinux security context with specified typedisplay help message and exitdisplay version information and exitedit files instead of running a commandeffective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error in %s, line %d while loading plugin `%s'error in event looperror initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairfailed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsignoring duplicate I/O plugin `%s' in %s, line %dignoring duplicate policy plugin `%s' in %s, line %dignoring policy plugin `%s' in %s, line %din list mode, display privileges for userincompatible plugin major version %d (expected %d) found in %sinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalid max groups `%s' in %s, line %dinvalid valueinvalidate timestamp filelist user's privileges or check a specific command; use twice for longer formatload_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, no prompts are usedonly a single policy plugin may be specifiedplugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin %s is missing the `check_policy' methodpolicy plugin failed session initializationpreserve group vector instead of setting to target'spreserve user environment when running commandread password from standard inputremove timestamp file completelyrequires at least one argumentresource control limit has been reachedrun command (or edit file) as specified user name or IDrun command as the specified group name or IDrun command in the backgroundrun command on host (if supported by plugin)run command with the specified BSD login classrun login shell as the target user; a command may also be specifiedrun shell as the target user; a command may also be specifiedset HOME variable to target user's home dirsetproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line argumentssudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to add event to queueunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to find symbol `%s' in %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to load %s: %sunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set tty context to %sunable to set uid to %uunable to set user contextunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown policy type %d found in %sunknown uid %u: who are you?unsupported group source `%s' in %s, line %dupdate user's timestamp without running a commanduse a helper program for password promptinguse specified BSD authentication typeuse the specified password promptuser "%s" is not a member of project "%s"value too largevalue too smallwarning, resource control assignment failed for project "%s"you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo 1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-11 13:41-0700 PO-Revision-Date: 2013-12-31 07:16+0200 Last-Translator: Jorma Karvonen Language-Team: Finnish Language: fi MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=n != 1; Valitsimet: %s - muokkaa tiedostoja toisena käyttäjänä %s - suorita komentoja toisena käyttäjänä %s muutti nimiöitä%s on ryhmäkirjoitettava%s ei ole tavallinen tiedosto%s ei ole kelvollinen asiayhteyspolun %s omistaja on %u, pitäisi olla %u%s on yleiskirjoitettava%s jätetty muokkaamattomaksipolun %s on oltava vain omistajan kirjoitettavapolun %s omistajan on oltava uid %dpolun %s omistajan on oltava uid %d ja setuid-bitin on oltava asetettu%s muuttamaton%s%s: %s%s: %s%s: %s %s: %s: %s %s: ei ole tavallinen tiedosto%s: lyhyt kirjoitusAsetusvalitsimet: %s Vain yksi valitsimista -e, -h, -i, -K, -l, -s, -v tai -V voidaan määritelläSudo-versio %s Tuntematon signaalisulje kaikki tiedostokuvaajat >= nummuokkausistunnon sisältö jätetty kohteessa %shankkeelle â€%s†ei voitu sitoa oletusresurssivarantoahankkeeseen â€%s†liittyminen epäonnistuiluo SELinux-turva-asiayhteys määritellyllä roolillaluo SELinux-turva-asiayhteys määritellyllä roolillanäytä opasteviesti ja poistunäytä versiotiedot ja poistumuokkaa tiedostoja komennon suorittamisen sijastatodellinen käyttäjätunniste ei ole %d, onko %s asetettu tiedostojärjestelmässä, jossa on ’nosuid’-valitsin vai onko tämä NFS-tiedostojärjestelmä ilman root-käyttöoikeuksia?todellinen käyttäjätunniste ei ole %d, onko sudo asennettu setuid root -käyttöoikeuksilla?virhe tiedostossa %s, rivi %d alustettaessa lisäosaa â€%sâ€virhe tapahtumasilmukassavirhe alustettaessa siirräntälisäosaa %svirhe luettaessa putkestavirhe luettaessa signaaliputkestavirhe luettaessa vastakeparistakohteen old_context hakeminen epäonnistuiuuden roolin %s asettaminen epäonnistuiuuden tyypin %s asettaminen epäonnistuivakava virhe, lisäosien lataaminen epäonnistuiohitetaan siirräntälisäosan â€%s†kaksoiskappale tiedostossa %s, rivi %dohitetaan menettelytapalisäosan â€%s†kaksoiskappale tiedostossa %s, rivi %dohitetaan menettelytapaliitännäinen â€%s†tiedostossa %s, rivi %dluettelotilassa, näytä käyttöoikeudet käyttäjälleyhteensopimaton lisäosan major-versio %d (odotettiin %d) löytyi kohteesta %ssisäinen virhe, %s-ylivuotosisäinen virhe, yritettiin suorittaa ecalloc(0)sisäinen virhe, yritettiin suorittaa emalloc(0)sisäinen virhe, yritettiin suorittaa emalloc2(0)sisäinen virhe, yritettiin suorittaa erealloc(0)sisäinen virhe, yritettiin suorittaa erealloc3(0)sisäinen virhe, yritettiin suorittaa erecalloc(0)virheellinen ryhmien â€%s†enimmäismäärä tiedostossa %s, rivi %dvirheellinen arvomitätöi aikaleimatiedostoluettele käyttäjä käyttöoikeudet ja tarkista määritelty komento; käytä kahdesti pitemmällä muodollaload_interfaces: ylivuoto havaittusalasanan kyselyohjelma ei ole määritelty, yritä asettaa SUDO_ASKPASShankkeelle â€%s†ei ole oletusyhteydet hyväksyvää resurssivarantoaei tty:tä käytettävissä eikä salasanan kyselyohjelmaa määriteltynävuorovaikutteeton tila, ei kysy käyttäjältävain yksi menettelytapalisäosa voidaan määritellälisäosavirhe: puuttuu sudoedit-tiedostoluettelomenettelytapalisäosa %s ei sisällä check_policy-metodiamenettelytapalisäosa %s ei tue luettelointikäyttöoikeuksiamenettelytapalisäosa %s ei tue valitsimia -k/-Kmenettelytapalisäosa %s ei tue valitsinta -vmenettelytapalisäosa %s ei sisällä â€check_policyâ€-metodiaMenettelytapalisäosa epäonnistui istunnon alustamisessasäilytä ryhmävektori kohteen vektorin asettamisen sijastasäilytä käyttäjäympäristö komentoa suoritettaessalue salasana vakiosyötteestäpoista aikaleimatiedosto kokonaanvaatii vähintään yhden argumentinresurssivalvontaraja saavutettusuorita komento (tai muokkaa tiedostoa) määriteltynä käyttäjänimenä tai tunnisteenasuorita komento määriteltynä ryhmänimenä tai tunnisteenasuorita komento taustallasuorita komento verkkokoneessa (jos lisäosa tukee)suorita komento määritellyllä BSD-kirjautumisluokallasuorita kirjautumiskomentoikkuna kohdekäyttäjänä; komento voidaan myös määritelläsuorita komentotulkki kohdekäyttäjänä; myös komento voidaan määritelläaseta HOME-muuttuja osoittamaan kohdekäyttäjän kotihakemistoonfunktio setproject hankkeelle â€%s†epäonnistuihankkeelle â€%s†ei ole määriteltyä resurssivarantoalopeta komentoriviargumenttien käsittelysudoedit ei ole tuettu tällä alustallavalitsimia â€-A†ja â€-S†ei voi käyttää yhdessävalitsin â€-E†ei ole kelvollinen muokkaustilassavalitsinta â€-U†voidaan käyttää vain valitsimen â€-l†kanssavalitsimen -C argumentin on oltava vähintään 3kutsuttu tehtävä on final-tyyppinentapahtuman lisääminen jonoon epäonnistuipty:n varaaminen epäonnistuiei kyetä vaihtamaan hakemistoksi %sroot-käyttäjän vaihtaminen käyttäjäksi %s epäonnistuiei kyetä vaihtamaan suoritettavaksi uid-käyttäjätunnisteeksi (%u, %u)uid-käyttäjätunnisteen vaihtaminen root-tunnisteeksi (%u) epäonnistuiputken luominen epäonnistuivastakkeiden luominen epäonnistuivahvistustilan määritteleminen epäonnistui.funktion dup2 kutsuminen vakiosyötteellä epäonnistuikohteen %s suorittaminen epäonnistuifunktion fgetfilecon %s kutsuminen epäonnistuisymbolin â€%s†löytäminen kohteesta %s epäonnistuifork-kutsu epäonnistuinykyisen tty-asiayhteyden hakeminen epäonnistui, ei nimiöidä uudelleen tty:täoletustyypin hakeminen roolille %s epäonnistuiei kyetä hakemaan ryhmävektoriauuden tty-asiayhteyden hakeminen epäonnistui, ei nimiöidä uudelleen tty:tämenettelytapalisäosan alustaminen epäonnistuikohteen %s lataaminen epäonnistui: %skohteen %s avaaminen epäonnistuikohteen %s avaaminen epäonnistui, ei nimiöidä uudelleen tty:täaudit-järjestelmän avaaminen epäonnistuivastakkeen avaaminen epäonnistuiuserdb-käyttäjätietokannan avaaminen epäonnistuitilapäisen tiedoston lukeminen epäonnistuikohteen PRIV_PROC_EXEC poistaminen kohteesta PRIV_LIMIT epäonnistuiasiayhteyden palauttaminen kohteelle %s epäonnistuirekisteröitymisen palauttaminen epäonnistuivakiosyötteen palauttaminen epäonnistuitty-nimiön palauttaminen epäonnistuisalasanakyselyn %s suorittaminen epäonnistuivakiosyötteeseen tallentaminen epäonnistuiaudit-viestin lähettäminen epäonnistuiohjaavan tty:n asettaminen epäonnistuivoimassaolevan gid-ryhmätunnisteen asettaminen suoritettavaksi gid-ryhmätunnisteeksi %u epäonnistuiei kyetä asettamaan suoritusasiayhteydeksi %sei kyetä asettamaan gid-ryhmätunnisteeksi %ugid-ryhmätunnisteen asettaminen suoritettavaksi gid-ryhmätunnisteeksi %u epäonnistuiei kyetä asettamaan avaimenluontiasiayhteydeksi %suuden tty-asiayhteyden asettaminen epäonnistuiprosessiprioriteetin asettaminen epäonnistuilisäryhmätunnisteiden asettaminen epäonnistuipääteikkunan asentaminen raakatilaan epäonnistuiei kyetä asettamaan tty-asiayhteydeksi %sei kyetä asettamaan uid-käyttäjätunnisteeksi %ukäyttäjäasiayhteyden asettaminen epäonnistuikäskyn stat %s suorittaminen epäonnistuivaihtaminen registeröitymiseen â€%s†käyttäjälle %s epäonnistuikohteeseen %s kirjoittaminen epäonnistuilapsiprosessin odottamaton päättymisehto: %dodottamaton vastaustyyppi paluukanavalla: %dodottamaton sudo-tila 0x%xtuntematon kirjautumisluokka %stuntematon menettelytapatyyppi %d löytyi kohteesta %stuntematon uid-käyttäjätunniste %u: kuka olet?tukematon ryhmälähde â€%s†tiedostossa %s, rivi %dpäivitä käyttäjän aikaleima suorittamatta komentoakäytä apuohjelmaa salasanakyselyynkäytä määriteltyä BSD-todennustyyppiäkäytä määriteltyä salasanakehotettakäyttäjä â€%s†ei ole hankkeen â€%s†jäsenarvo on liian suuriarvo on liian pienivaroitus, hankkeen â€%s†resurssiohjausosoitus epäonnistuisekä valitsimen â€-i†että valitsimen â€-E†määritteleminen ei ole sallittuasekä valitsimen â€-i†että valitsimen â€-s†määritteleminen ei ole sallittuaympäristömuuttujien määritteleminen muokkaustilassa ei ole salittuatyypille %s on määriteltävä roolisudo-1.8.9p5/src/po/fi.po010064400175440000012000000624561226304126400145240ustar00millertstaff# Finnish messages for sudo. # This file is put in the public domain. # This file is distributed under the same license as the sudo package. # Jorma Karvonen , 2011-2013. # msgid "" msgstr "" "Project-Id-Version: sudo 1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-11 13:41-0700\n" "PO-Revision-Date: 2013-12-31 07:16+0200\n" "Last-Translator: Jorma Karvonen \n" "Language-Team: Finnish \n" "Language: fi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" #: common/aix.c:93 common/aix.c:150 msgid "unable to open userdb" msgstr "userdb-käyttäjätietokannan avaaminen epäonnistui" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "vaihtaminen registeröitymiseen â€%s†käyttäjälle %s epäonnistui" #: common/aix.c:170 msgid "unable to restore registry" msgstr "rekisteröitymisen palauttaminen epäonnistui" #: common/alloc.c:81 msgid "internal error, tried to emalloc(0)" msgstr "sisäinen virhe, yritettiin suorittaa emalloc(0)" #: common/alloc.c:98 msgid "internal error, tried to emalloc2(0)" msgstr "sisäinen virhe, yritettiin suorittaa emalloc2(0)" #: common/alloc.c:100 common/alloc.c:122 common/alloc.c:162 common/alloc.c:185 #, c-format msgid "internal error, %s overflow" msgstr "sisäinen virhe, %s-ylivuoto" #: common/alloc.c:119 msgid "internal error, tried to ecalloc(0)" msgstr "sisäinen virhe, yritettiin suorittaa ecalloc(0)" #: common/alloc.c:141 msgid "internal error, tried to erealloc(0)" msgstr "sisäinen virhe, yritettiin suorittaa erealloc(0)" #: common/alloc.c:160 msgid "internal error, tried to erealloc3(0)" msgstr "sisäinen virhe, yritettiin suorittaa erealloc3(0)" #: common/alloc.c:183 msgid "internal error, tried to erecalloc(0)" msgstr "sisäinen virhe, yritettiin suorittaa erecalloc(0)" #: common/atoid.c:78 common/atoid.c:106 common/atomode.c:54 #: compat/strtonum.c:65 compat/strtonum.c:183 msgid "invalid value" msgstr "virheellinen arvo" #: common/atoid.c:85 common/atoid.c:113 common/atomode.c:60 #: compat/strtonum.c:68 compat/strtonum.c:195 msgid "value too large" msgstr "arvo on liian suuri" #: common/atoid.c:91 common/atomode.c:60 compat/strtonum.c:68 #: compat/strtonum.c:189 msgid "value too small" msgstr "arvo on liian pieni" #: common/fatal.c:158 #, c-format msgid "%s: %s: %s\n" msgstr "%s: %s: %s\n" #: common/fatal.c:161 common/fatal.c:165 #, c-format msgid "%s: %s\n" msgstr "%s: %s\n" #: common/gidlist.c:80 src/load_plugins.c:63 src/load_plugins.c:76 #: src/sudo.c:558 src/sudo.c:577 src/sudo.c:599 src/sudo.c:608 src/sudo.c:617 #: src/sudo.c:632 src/sudo.c:679 src/sudo.c:689 #, c-format msgid "%s: %s" msgstr "%s: %s" #: common/sudo_conf.c:177 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "tukematon ryhmälähde â€%s†tiedostossa %s, rivi %d" #: common/sudo_conf.c:191 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "virheellinen ryhmien â€%s†enimmäismäärä tiedostossa %s, rivi %d" #: common/sudo_conf.c:391 #, c-format msgid "unable to stat %s" msgstr "käskyn stat %s suorittaminen epäonnistui" #: common/sudo_conf.c:394 #, c-format msgid "%s is not a regular file" msgstr "%s ei ole tavallinen tiedosto" # ensimmäinen parametri on path #: common/sudo_conf.c:397 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "polun %s omistaja on %u, pitäisi olla %u" #: common/sudo_conf.c:401 #, c-format msgid "%s is world writable" msgstr "%s on yleiskirjoitettava" #: common/sudo_conf.c:404 #, c-format msgid "%s is group writable" msgstr "%s on ryhmäkirjoitettava" #: common/sudo_conf.c:414 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "kohteen %s avaaminen epäonnistui" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Tuntematon signaali" #: src/exec.c:133 src/exec_pty.c:744 msgid "policy plugin failed session initialization" msgstr "Menettelytapalisäosa epäonnistui istunnon alustamisessa" #: src/exec.c:138 src/exec_pty.c:760 src/exec_pty.c:1272 src/tgetpass.c:221 msgid "unable to fork" msgstr "fork-kutsu epäonnistui" #: src/exec.c:309 src/exec.c:317 src/exec.c:841 src/exec_pty.c:507 #: src/exec_pty.c:512 src/exec_pty.c:570 src/exec_pty.c:577 src/exec_pty.c:870 #: src/exec_pty.c:880 src/exec_pty.c:925 src/exec_pty.c:932 #: src/exec_pty.c:1334 src/exec_pty.c:1341 src/exec_pty.c:1348 msgid "unable to add event to queue" msgstr "tapahtuman lisääminen jonoon epäonnistui" #: src/exec.c:394 msgid "unable to create sockets" msgstr "vastakkeiden luominen epäonnistui" #: src/exec.c:477 msgid "error in event loop" msgstr "virhe tapahtumasilmukassa" #: src/exec.c:492 msgid "unable to restore tty label" msgstr "tty-nimiön palauttaminen epäonnistui" # Solaris privileges, remove PRIV_PROC_EXEC post-execve. #: src/exec_common.c:73 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "kohteen PRIV_PROC_EXEC poistaminen kohteesta PRIV_LIMIT epäonnistui" #: src/exec_pty.c:184 msgid "unable to allocate pty" msgstr "pty:n varaaminen epäonnistui" #: src/exec_pty.c:682 src/exec_pty.c:691 src/exec_pty.c:699 #: src/exec_pty.c:1192 src/exec_pty.c:1269 src/signal.c:126 src/tgetpass.c:218 msgid "unable to create pipe" msgstr "putken luominen epäonnistui" #: src/exec_pty.c:735 msgid "unable to set terminal to raw mode" msgstr "pääteikkunan asentaminen raakatilaan epäonnistui" #: src/exec_pty.c:1091 msgid "error reading from signal pipe" msgstr "virhe luettaessa signaaliputkesta" #: src/exec_pty.c:1124 msgid "error reading from pipe" msgstr "virhe luettaessa putkesta" #: src/exec_pty.c:1149 msgid "error reading from socketpair" msgstr "virhe luettaessa vastakeparista" #: src/exec_pty.c:1158 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "odottamaton vastaustyyppi paluukanavalla: %d" # Istunnolla voi olla ohjaava tty. Istunnon yksi prosessiryhmä voi olla edustaprosessiryhmä ja toimia siten ohjaavana tty:nä, joka vastaanottaa tty-syötteen ja -signaalit. #: src/exec_pty.c:1248 msgid "unable to set controlling tty" msgstr "ohjaavan tty:n asettaminen epäonnistui" #: src/load_plugins.c:61 src/load_plugins.c:74 src/load_plugins.c:91 #: src/load_plugins.c:144 src/load_plugins.c:150 src/load_plugins.c:156 #: src/load_plugins.c:197 src/load_plugins.c:204 src/load_plugins.c:211 #: src/load_plugins.c:217 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "virhe tiedostossa %s, rivi %d alustettaessa lisäosaa â€%sâ€" #: src/load_plugins.c:93 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" # ensimmäinen parametri on path #: src/load_plugins.c:152 #, c-format msgid "%s must be owned by uid %d" msgstr "polun %s omistajan on oltava uid %d" # parametri on path #: src/load_plugins.c:158 #, c-format msgid "%s must be only be writable by owner" msgstr "polun %s on oltava vain omistajan kirjoitettava" #: src/load_plugins.c:199 #, c-format msgid "unable to load %s: %s" msgstr "kohteen %s lataaminen epäonnistui: %s" #: src/load_plugins.c:206 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "symbolin â€%s†löytäminen kohteesta %s epäonnistui" #: src/load_plugins.c:213 #, c-format msgid "unknown policy type %d found in %s" msgstr "tuntematon menettelytapatyyppi %d löytyi kohteesta %s" #: src/load_plugins.c:219 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "yhteensopimaton lisäosan major-versio %d (odotettiin %d) löytyi kohteesta %s" #: src/load_plugins.c:228 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "ohitetaan menettelytapaliitännäinen â€%s†tiedostossa %s, rivi %d" #: src/load_plugins.c:230 msgid "only a single policy plugin may be specified" msgstr "vain yksi menettelytapalisäosa voidaan määritellä" #: src/load_plugins.c:233 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "ohitetaan menettelytapalisäosan â€%s†kaksoiskappale tiedostossa %s, rivi %d" #: src/load_plugins.c:248 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "ohitetaan siirräntälisäosan â€%s†kaksoiskappale tiedostossa %s, rivi %d" #: src/load_plugins.c:319 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "menettelytapalisäosa %s ei sisällä check_policy-metodia" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 msgid "load_interfaces: overflow detected" msgstr "load_interfaces: ylivuoto havaittu" #: src/net_ifs.c:226 msgid "unable to open socket" msgstr "vastakkeen avaaminen epäonnistui" #: src/parse_args.c:246 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "valitsimen -C argumentin on oltava vähintään 3" #: src/parse_args.c:408 msgid "you may not specify both the `-i' and `-s' options" msgstr "sekä valitsimen â€-i†että valitsimen â€-s†määritteleminen ei ole sallittua" #: src/parse_args.c:412 msgid "you may not specify both the `-i' and `-E' options" msgstr "sekä valitsimen â€-i†että valitsimen â€-E†määritteleminen ei ole sallittua" #: src/parse_args.c:422 msgid "the `-E' option is not valid in edit mode" msgstr "valitsin â€-E†ei ole kelvollinen muokkaustilassa" #: src/parse_args.c:424 msgid "you may not specify environment variables in edit mode" msgstr "ympäristömuuttujien määritteleminen muokkaustilassa ei ole salittua" #: src/parse_args.c:432 msgid "the `-U' option may only be used with the `-l' option" msgstr "valitsinta â€-U†voidaan käyttää vain valitsimen â€-l†kanssa" #: src/parse_args.c:436 msgid "the `-A' and `-S' options may not be used together" msgstr "valitsimia â€-A†ja â€-S†ei voi käyttää yhdessä" #: src/parse_args.c:519 msgid "sudoedit is not supported on this platform" msgstr "sudoedit ei ole tuettu tällä alustalla" #: src/parse_args.c:592 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Vain yksi valitsimista -e, -h, -i, -K, -l, -s, -v tai -V voidaan määritellä" #: src/parse_args.c:606 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s - muokkaa tiedostoja toisena käyttäjänä\n" "\n" #: src/parse_args.c:608 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s - suorita komentoja toisena käyttäjänä\n" "\n" #: src/parse_args.c:613 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "Valitsimet:\n" #: src/parse_args.c:615 msgid "use a helper program for password prompting" msgstr "käytä apuohjelmaa salasanakyselyyn" #: src/parse_args.c:618 msgid "use specified BSD authentication type" msgstr "käytä määriteltyä BSD-todennustyyppiä" #: src/parse_args.c:621 msgid "run command in the background" msgstr "suorita komento taustalla" #: src/parse_args.c:623 msgid "close all file descriptors >= num" msgstr "sulje kaikki tiedostokuvaajat >= num" #: src/parse_args.c:626 msgid "run command with the specified BSD login class" msgstr "suorita komento määritellyllä BSD-kirjautumisluokalla" #: src/parse_args.c:629 msgid "preserve user environment when running command" msgstr "säilytä käyttäjäympäristö komentoa suoritettaessa" #: src/parse_args.c:631 msgid "edit files instead of running a command" msgstr "muokkaa tiedostoja komennon suorittamisen sijasta" # tämä viittaa runas_group-määritelyyn #: src/parse_args.c:633 msgid "run command as the specified group name or ID" msgstr "suorita komento määriteltynä ryhmänimenä tai tunnisteena" #: src/parse_args.c:635 msgid "set HOME variable to target user's home dir" msgstr "aseta HOME-muuttuja osoittamaan kohdekäyttäjän kotihakemistoon" #: src/parse_args.c:637 msgid "display help message and exit" msgstr "näytä opasteviesti ja poistu" #: src/parse_args.c:639 msgid "run command on host (if supported by plugin)" msgstr "suorita komento verkkokoneessa (jos lisäosa tukee)" #: src/parse_args.c:641 msgid "run login shell as the target user; a command may also be specified" msgstr "suorita kirjautumiskomentoikkuna kohdekäyttäjänä; komento voidaan myös määritellä" #: src/parse_args.c:643 msgid "remove timestamp file completely" msgstr "poista aikaleimatiedosto kokonaan" #: src/parse_args.c:645 msgid "invalidate timestamp file" msgstr "mitätöi aikaleimatiedosto" #: src/parse_args.c:647 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "luettele käyttäjä käyttöoikeudet ja tarkista määritelty komento; käytä kahdesti pitemmällä muodolla" #: src/parse_args.c:649 msgid "non-interactive mode, no prompts are used" msgstr "vuorovaikutteeton tila, ei kysy käyttäjältä" #: src/parse_args.c:651 msgid "preserve group vector instead of setting to target's" msgstr "säilytä ryhmävektori kohteen vektorin asettamisen sijasta" #: src/parse_args.c:653 msgid "use the specified password prompt" msgstr "käytä määriteltyä salasanakehotetta" #: src/parse_args.c:656 msgid "create SELinux security context with specified role" msgstr "luo SELinux-turva-asiayhteys määritellyllä roolilla" #: src/parse_args.c:659 msgid "read password from standard input" msgstr "lue salasana vakiosyötteestä" #: src/parse_args.c:661 msgid "run shell as the target user; a command may also be specified" msgstr "suorita komentotulkki kohdekäyttäjänä; myös komento voidaan määritellä" #: src/parse_args.c:664 msgid "create SELinux security context with specified type" msgstr "luo SELinux-turva-asiayhteys määritellyllä roolilla" #: src/parse_args.c:667 msgid "in list mode, display privileges for user" msgstr "luettelotilassa, näytä käyttöoikeudet käyttäjälle" #: src/parse_args.c:669 msgid "run command (or edit file) as specified user name or ID" msgstr "suorita komento (tai muokkaa tiedostoa) määriteltynä käyttäjänimenä tai tunnisteena" #: src/parse_args.c:671 msgid "display version information and exit" msgstr "näytä versiotiedot ja poistu" #: src/parse_args.c:673 msgid "update user's timestamp without running a command" msgstr "päivitä käyttäjän aikaleima suorittamatta komentoa" #: src/parse_args.c:675 msgid "stop processing command line arguments" msgstr "lopeta komentoriviargumenttien käsittely" #: src/selinux.c:77 msgid "unable to open audit system" msgstr "audit-järjestelmän avaaminen epäonnistui" #: src/selinux.c:85 msgid "unable to send audit message" msgstr "audit-viestin lähettäminen epäonnistui" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "funktion fgetfilecon %s kutsuminen epäonnistui" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s muutti nimiöitä" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "asiayhteyden palauttaminen kohteelle %s epäonnistui" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "kohteen %s avaaminen epäonnistui, ei nimiöidä uudelleen tty:tä" #: src/selinux.c:172 msgid "unable to get current tty context, not relabeling tty" msgstr "nykyisen tty-asiayhteyden hakeminen epäonnistui, ei nimiöidä uudelleen tty:tä" #: src/selinux.c:179 msgid "unable to get new tty context, not relabeling tty" msgstr "uuden tty-asiayhteyden hakeminen epäonnistui, ei nimiöidä uudelleen tty:tä" #: src/selinux.c:186 msgid "unable to set new tty context" msgstr "uuden tty-asiayhteyden asettaminen epäonnistui" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "tyypille %s on määriteltävä rooli" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "oletustyypin hakeminen roolille %s epäonnistui" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "uuden roolin %s asettaminen epäonnistui" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "uuden tyypin %s asettaminen epäonnistui" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s ei ole kelvollinen asiayhteys" #: src/selinux.c:324 msgid "failed to get old_context" msgstr "kohteen old_context hakeminen epäonnistui" #: src/selinux.c:330 msgid "unable to determine enforcing mode." msgstr "vahvistustilan määritteleminen epäonnistui." #: src/selinux.c:342 #, c-format msgid "unable to set tty context to %s" msgstr "ei kyetä asettamaan tty-asiayhteydeksi %s" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "ei kyetä asettamaan suoritusasiayhteydeksi %s" #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "ei kyetä asettamaan avaimenluontiasiayhteydeksi %s" #: src/sesh.c:57 msgid "requires at least one argument" msgstr "vaatii vähintään yhden argumentin" #: src/sesh.c:78 src/sudo.c:1088 #, c-format msgid "unable to execute %s" msgstr "kohteen %s suorittaminen epäonnistui" #: src/solaris.c:88 msgid "resource control limit has been reached" msgstr "resurssivalvontaraja saavutettu" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "käyttäjä â€%s†ei ole hankkeen â€%s†jäsen" #: src/solaris.c:95 msgid "the invoking task is final" msgstr "kutsuttu tehtävä on final-tyyppinen" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "hankkeeseen â€%s†liittyminen epäonnistui" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "hankkeelle â€%s†ei ole oletusyhteydet hyväksyvää resurssivarantoa" #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "hankkeelle â€%s†ei ole määriteltyä resurssivarantoa" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "hankkeelle â€%s†ei voitu sitoa oletusresurssivarantoa" #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "funktio setproject hankkeelle â€%s†epäonnistui" #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "varoitus, hankkeen â€%s†resurssiohjausosoitus epäonnistui" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo-versio %s\n" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Asetusvalitsimet: %s\n" #: src/sudo.c:203 msgid "fatal error, unable to load plugins" msgstr "vakava virhe, lisäosien lataaminen epäonnistui" #: src/sudo.c:211 msgid "unable to initialize policy plugin" msgstr "menettelytapalisäosan alustaminen epäonnistui" #: src/sudo.c:267 #, c-format msgid "error initializing I/O plugin %s" msgstr "virhe alustettaessa siirräntälisäosaa %s" #: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "odottamaton sudo-tila 0x%x" #: src/sudo.c:413 msgid "unable to get group vector" msgstr "ei kyetä hakemaan ryhmävektoria" #: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "tuntematon uid-käyttäjätunniste %u: kuka olet?" # ensimmäinen parametri on path #: src/sudo.c:762 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "polun %s omistajan on oltava uid %d ja setuid-bitin on oltava asetettu" #: src/sudo.c:765 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "todellinen käyttäjätunniste ei ole %d, onko %s asetettu tiedostojärjestelmässä, jossa on ’nosuid’-valitsin vai onko tämä NFS-tiedostojärjestelmä ilman root-käyttöoikeuksia?" #: src/sudo.c:771 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "todellinen käyttäjätunniste ei ole %d, onko sudo asennettu setuid root -käyttöoikeuksilla?" #: src/sudo.c:897 #, c-format msgid "unknown login class %s" msgstr "tuntematon kirjautumisluokka %s" #: src/sudo.c:910 msgid "unable to set user context" msgstr "käyttäjäasiayhteyden asettaminen epäonnistui" #: src/sudo.c:924 msgid "unable to set supplementary group IDs" msgstr "lisäryhmätunnisteiden asettaminen epäonnistui" # tämän ymmärrän niin, että käyttöjärjestelmäydin luo tiedoston ja antaa tälle tavallaan tilapäisen effective gid-tunnisteen, joka vaihdetaan suorittamisen yhteydessä prosessin omistajan suoritettavaksi ryhmätunnisteeksi. #: src/sudo.c:931 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "voimassaolevan gid-ryhmätunnisteen asettaminen suoritettavaksi gid-ryhmätunnisteeksi %u epäonnistui" #: src/sudo.c:937 #, c-format msgid "unable to set gid to runas gid %u" msgstr "gid-ryhmätunnisteen asettaminen suoritettavaksi gid-ryhmätunnisteeksi %u epäonnistui" #: src/sudo.c:944 msgid "unable to set process priority" msgstr "prosessiprioriteetin asettaminen epäonnistui" #: src/sudo.c:952 #, c-format msgid "unable to change root to %s" msgstr "root-käyttäjän vaihtaminen käyttäjäksi %s epäonnistui" #: src/sudo.c:965 src/sudo.c:971 src/sudo.c:977 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "ei kyetä vaihtamaan suoritettavaksi uid-käyttäjätunnisteeksi (%u, %u)" # parametrina on CWD- eli Change Working Directory- komennolla palautettava hakemisto #: src/sudo.c:994 #, c-format msgid "unable to change directory to %s" msgstr "ei kyetä vaihtamaan hakemistoksi %s" #: src/sudo.c:1051 #, c-format msgid "unexpected child termination condition: %d" msgstr "lapsiprosessin odottamaton päättymisehto: %d" #: src/sudo.c:1108 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "menettelytapalisäosa %s ei sisällä â€check_policyâ€-metodia" #: src/sudo.c:1121 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "menettelytapalisäosa %s ei tue luettelointikäyttöoikeuksia" #: src/sudo.c:1133 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "menettelytapalisäosa %s ei tue valitsinta -v" #: src/sudo.c:1145 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "menettelytapalisäosa %s ei tue valitsimia -k/-K" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "uid-käyttäjätunnisteen vaihtaminen root-tunnisteeksi (%u) epäonnistui" #: src/sudo_edit.c:142 msgid "plugin error: missing file list for sudoedit" msgstr "lisäosavirhe: puuttuu sudoedit-tiedostoluettelo" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: ei ole tavallinen tiedosto" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: lyhyt kirjoitus" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s jätetty muokkaamattomaksi" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s muuttamaton" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "kohteeseen %s kirjoittaminen epäonnistui" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "muokkausistunnon sisältö jätetty kohteessa %s" #: src/sudo_edit.c:314 msgid "unable to read temporary file" msgstr "tilapäisen tiedoston lukeminen epäonnistui" #: src/tgetpass.c:90 msgid "no tty present and no askpass program specified" msgstr "ei tty:tä käytettävissä eikä salasanan kyselyohjelmaa määriteltynä" #: src/tgetpass.c:99 msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "salasanan kyselyohjelma ei ole määritelty, yritä asettaa SUDO_ASKPASS" #: src/tgetpass.c:232 #, c-format msgid "unable to set gid to %u" msgstr "ei kyetä asettamaan gid-ryhmätunnisteeksi %u" #: src/tgetpass.c:236 #, c-format msgid "unable to set uid to %u" msgstr "ei kyetä asettamaan uid-käyttäjätunnisteeksi %u" #: src/tgetpass.c:241 #, c-format msgid "unable to run %s" msgstr "salasanakyselyn %s suorittaminen epäonnistui" #: src/utmp.c:278 msgid "unable to save stdin" msgstr "vakiosyötteeseen tallentaminen epäonnistui" #: src/utmp.c:280 msgid "unable to dup2 stdin" msgstr "funktion dup2 kutsuminen vakiosyötteellä epäonnistui" #: src/utmp.c:283 msgid "unable to restore stdin" msgstr "vakiosyötteen palauttaminen epäonnistui" #~ msgid "value out of range" #~ msgstr "arvo lukualueen ulkopuolella" #~ msgid "select failed" #~ msgstr "select-funktio epäonnistui" #~ msgid "unknown user: %s" #~ msgstr "tuntematon käyttäjä: %s" #~ msgid "list user's available commands\n" #~ msgstr "luettele käyttäjän käytettävissä olevat komennot\n" #~ msgid "run a shell as target user\n" #~ msgstr "suorita komentotulkki kohdekäyttäjänä\n" #~ msgid "when listing, list specified user's privileges\n" #~ msgstr "luetteloitaessa luettele määritellyn käyttäjän käyttöoikeudet\n" #~ msgid "unable to allocate memory" #~ msgstr "muistin varaaminen epäonnistui" #~ msgid ": " #~ msgstr ": " #~ msgid "internal error, emalloc2() overflow" #~ msgstr "sisäinen virhe, emalloc2() -ylivuoto" #~ msgid "internal error, erealloc3() overflow" #~ msgstr "sisäinen virhe, erealloc3() -ylivuoto" #~ msgid "%s: at least one policy plugin must be specified" #~ msgstr "%s: vähintään yksi menettelytapalisäosa on määriteltävä" #~ msgid "must be setuid root" #~ msgstr "on oltava setuid root" #~ msgid "the argument to -D must be between 1 and 9 inclusive" #~ msgstr "valitsimen -D argumentin on oltava alueella 1 - 9" sudo-1.8.9p5/src/po/fr.mo010064400175440000012000000432221226304146200145200ustar00millertstaffÞ•¦Lß| ø ù !(&Oav#©Íâ$õ65 ly‚‰ ‘´ÄIÛ%6!E#g8‹Ä3à3H$f'‹{³7/.g –·Ïî &@#Z1~4°*å)>:y#•#¹$Ý$%'%M&s š¨OÂ"65Cl/°)à, ,77d4œ3Ñ/55+k4—.Ì!û >']7…-½ë, .6Ce=© ç+õ"!7D&|*£2Î)5+>a » Òó&!6Xn#‡«ÃØí '56&l“1®"à%;Wmƒ/¡ Ñò % A R g „ +¢ Î ï !!()!R!p!%!"µ!Ø!ð!" "."(@"i"*"(ª"Ó"í""#'#,D#1q#+£#%Ï#!õ#)$A$T$<d$2¡$2Ô$6%#>%”b% ÷&<'>?'~'"œ'!¿'á'>(&@(g(2{(&®(AÕ()')0)7) ?)K)h)‚)M¢)ð)*/*0@*Lq**¾*Aé*@++&l+0“+5Ä+ ú+J›,Aæ,,(-U-(s-)œ-$Æ--ë-,.1F.<x.Cµ.9ù.83/Jl/·/)×/)0*+0*V0+0+­01Ù0 1 1}>1'¼1>ä1\#2:€2,»20è2?3AY3C›3:ß344AO4G‘4KÙ4E%5.k5.š5É57ä5[6Cx6&¼6?ã61#7`U7]¶78L&8/s8G£86ë87"9MZ96¨9Gß9>':%f:Œ:,¨: Õ:-ö:)$;N; k;/Œ;&¼;%ã; <%#<3I<}<OŒ<9Ü<*=PA=.’=Á=7Ø='>8>4V>(‹>4´>)é>#?7?+U??›?'»?)ã?5 @,C@"p@,“@<À@0ý@/.A8^A-—A"ÅA-èA8B#OB:sB®B)ËB,õB"C;C!WC#yC1CGÏC;D2SD,†DA³DõD EWEQtEQÆEJF.cF2WUt4—D={S)ƒ.!?ENApydŸ @‚5’•\ „Pc›kqz‘<œ£e'Z”€H9r*`jLT[šBv¤;XgaŽmI3‹Qu ^(#M  hC%o>0‰…F¦+‡KG] s: f,1"bOJV~$Y¢8/7|“˜†&_–-i¡}wl6n¥ˆŠxŒžR™ Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: %s %s: %s: %s %s: not a regular file%s: short writeConfigure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= numcontents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified rolecreate SELinux security context with specified typedisplay help message and exitdisplay version information and exitedit files instead of running a commandeffective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error in %s, line %d while loading plugin `%s'error initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairfailed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsignoring duplicate I/O plugin `%s' in %s, line %dignoring duplicate policy plugin `%s' in %s, line %dignoring policy plugin `%s' in %s, line %din list mode, display privileges for userincompatible plugin major version %d (expected %d) found in %sinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalid max groups `%s' in %s, line %dinvalid valueinvalidate timestamp filelist user's privileges or check a specific command; use twice for longer formatload_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, no prompts are usedonly a single policy plugin may be specifiedplugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin %s is missing the `check_policy' methodpolicy plugin failed session initializationpreserve group vector instead of setting to target'spreserve user environment when running commandread password from standard inputremove timestamp file completelyrequires at least one argumentresource control limit has been reachedrun command (or edit file) as specified user name or IDrun command as the specified group name or IDrun command in the backgroundrun command on host (if supported by plugin)run command with the specified BSD login classrun login shell as the target user; a command may also be specifiedrun shell as the target user; a command may also be specifiedselect failedset HOME variable to target user's home dirsetproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line argumentssudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dlopen %s: %sunable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to find symbol `%s' in %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set uid to %uunable to set user contextunable to setup tty context for %sunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown policy type %d found in %sunknown uid %u: who are you?unsupported group source `%s' in %s, line %dupdate user's timestamp without running a commanduse a helper program for password promptinguse specified BSD authentication typeuse the specified password promptuser "%s" is not a member of project "%s"value out of rangevalue too largewarning, resource control assignment failed for project "%s"you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo 1.8.8b1 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-08-16 10:14-0600 PO-Revision-Date: 2013-08-19 07:53+0200 Last-Translator: Frédéric Marchal Language-Team: French Language: fr MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n > 1); Options: %s – édite les fichiers en tant qu'un autre utilisateur %s – exécute une commande en tant qu'un autre utilisateur %s à changé des étiquettes%s peut être écrit par le groupe%s n'est pas un fichier régulier%s n'est pas un contexte valide%s est la propriété du uid %u alors que ça devrait être %u%s peut être écrit par tout le monde%s laissé tel quelseul le propriétaire doit pouvoir écrire dans %s%s doit être la propriété du uid %d%s doit être la propriété du uid %d et avoir le bit setuid mis%s non modifié%s%s: %s%s: %s%s: %s %s: %s: %s %s: pas un fichier régulier%s: écriture trop courteOptions de configuration : %s Seule une des options -e, -h, -i, -K, -l, -s, -v ou -V peut être spécifiéeSudo version %s Signal inconnufermer tous les descripteurs de fichiers >= n°contenu de la session d'édition laissé dans %simpossible de se lier au pool de ressources par défaut du projet « %s »impossible de joindre le projet « %s »créer le contexte de sécurité SELinux avec le rôle spécifiécréer le contexte de sécurité SELinux avec le type spécifiéafficher le message d'aide et terminerafficher les informations de version et termineréditer les fichiers au lieu d'exécuter une commandele uid effectif n'est pas %d. Est-ce que %s est sur un système de fichiers avec l'option « nosuid » ou un système de fichiers NFS sans privilèges root ?le uid effectif n'est pas %d. Est-ce que sudo est installé setuid root ?erreur dans %s, ligne %d lors du chargement du greffon « %s »erreur à l'initialisation du greffon E/S %serreur de lecture sur le tubeerreur lors de la lecture du tube signalerreur de lecture sur la paire de socketséchec de l'obtention de old_contextéchec lors du changement du nouveau rôle %séchec lors du changement du nouveau type %serreur fatale, impossible de charger les greffonsignore le greffon E/S en double « %s » dans %s, ligne %dignore le greffon de règles en double « %s » dans %s, ligne %dignore le greffon de règles « %s » dans %s, ligne %den mode liste, afficher les privilèges de l'utilisateurgreffon à la version majeure %d incompatible (%d attendu) trouvé dans %serreur interne, débordement %serreur interne, ecalloc(0) a été tentéerreur interne, emalloc(0) a été tentéerreur interne, emalloc2(0) a été tentéerreur interne, erealloc(0) a été tentéerreur interne, erealloc3(0) a été tentéerreur interne, erecalloc(0) a été tentémax_groups « %s » incorrect dans %s, ligne %dvaleur incorrecteinvalide le fichier d'horodatageafficher les privilèges de l'utilisateur ou vérifie une commande spécifique. Utilisez deux fois pour une forme plus longueload_interfaces: débordement détectépas de programme askpass spécifié, essayez avec SUDO_ASKPASSaucun pool de ressources acceptant les liaisons par défaut existe pour le projet « %s »pas de tty présent et pas de programme askpass spécifiémode non interactif, aucune invite utiliséeun seul greffon de règles peut être spécifiéerreur de greffon : liste de fichiers manquantes pour sudoeditle greffon de règles %s ne contient pas de méthode check_policyle greffon de règles %s ne supporte pas les privilèges de listagele greffon de règles %s ne supporte pas les options -k/-Kle greffon de règles %s ne supporte pas l'option -vle greffon de règles %s n'a pas de méthode « check_policy »le greffon de règles a échoué lors de l'initialisation de la sessionpréserve le vecteur des groupes au lieu de le changer en celui de la ciblepréserver l'environnement de l'utilisateur en exécutant la commandelire le mot de passe depuis l'entrée standardsupprime complètement le fichier d'horodatageexige au moins un argumentla limite de contrôle de la ressource a été atteinteexécuter la commande (ou éditer le fichier) sous le nom d'utilisateur ou le ID spécifiéexécuter la commande en tant que le nom ou ID de groupe spécifiéexécuter la commande en arrière-planexécuter la commande sur l'hôte (si supporté par le greffon)exécuter la commande avec la classe de login BSDexécuter le shell de login comme l'utilisateur cible. Une commande peut aussi être spécifiéeexécuter le shell en tant que l'utilisateur cible. Une commande peut aussi être spécifiéeselect a échouéassigner à la variable HOME le répertoire personnel de l'utilisateur ciblesetproject a échoué pour le projet « %s »le pool de ressources spécifié n'existe pas pour le projet « %s »arrêter de traiter les arguments en ligne de commandesudoedit n'est pas pris en charge sur cette plate-formeles options « -A » et « -S » ne peuvent pas être utilisées ensemblel'option « -E » n'est pas valable en mode éditionl'option « -U » ne peut être utilisée qu'avec l'option « -l »l'argument à -C doit être un nombre plus grand ou égal à 3la tâche appelante est « final »impossible d'allouer le ptyimpossible de changer le répertoire vers %simpossible de changer root en %simpossible de changer vers runas uid (%u, %u)impossible de changer le uid en root (%u)impossible de créer le tubeimpossible de créer des socketsimpossible de déterminer le mode de contrainteimpossible d'exécuter dlopen %s : %simpossible d'exécuter dup2 sur stdinimpossible d'exécuter %simpossible d'exécuter fgetfilecon %simpossible de trouver le symbole « %s » dans %serreur de forkimpossible d'obtenir le contexte actuel du tty, le tty n'est pas ré-étiquetéimpossible d'obtenir le type par défaut pour le rôle %simpossible d'obtenir le vecteur de groupesimpossible d'obtenir le nouveau contexte du tty, le tty n'est pas ré-étiquetéimpossible d'initialiser le greffon de règlesimpossible d'ouvrir %simpossible d'ouvrir %s, le tty n'est pas ré-étiquetéimpossible d'ouvrir le système d'auditimpossible d'ouvrir la socketimpossible d'ouvrir la base de données utilisateursimpossible de lire le fichier temporaireimpossible de supprimer PRIV_PROC_EXEC de PRIV_LIMITimpossible de rétablir le contexte de %simpossible de rétablir le registreimpossible de rétablir stdinimpossible de rétablir l'étiquette du ttyimpossible d'exécuter %simpossible de sauvegarder stdinimpossible d'envoyer le message d'auditimpossible de choisir le tty de contrôleimpossible de changer le gid effectif à runas gid %uimpossible de changer le contexte exec en %simpossible de changer le gid en %uimpossible de changer le gid à runas gid %uimpossible de changer le contexte de création de clé en %simpossible de changer le nouveau contexte du ttyimpossible de changer la priorité du processusimpossible d'attribuer les ID de groupe supplémentairesimpossible de mettre le terminal en mode brutimpossible de changer le uid en %uimpossible de changer le contexte utilisateurimpossible de mettre en place le contexte du tty pour %simpossible d'évaluer par stat() %simpossible de basculer vers le registre « %s » pour %simpossible d'écrire dans %scondition de fin de l'enfant inconnue: %dréponse inattendue sur le backchannel : %dmode sudo 0x%x inattenduclasse de login %s inconnuetype de règle %d inconnu dans %suid %u inconnu : qui êtes-vous ?group_source « %s » inconnu dans %s, ligne %dmettre à jour l'horodatage de l'utilisateur sans exécuter de commandeutiliser un programme adjoint pour demander le mot de passeutiliser le type d'authentification BSD spécifiéutiliser l'invite de mot de passe spécifiél'utilisateur « %s » n'est pas un membre du projet « %s »valeur hors limitesvaleur trop grandeattention, l'assignement du contrôle de ressources a échoue pour le projet « %s »vous ne pouvez pas spécifier les options « -i » et « -E » en même tempsvous ne pouvez pas spécifier les options « -i » et « -s » en même tempsvous ne pouvez pas spécifier de variable d'environnement en mode éditionvous devez spécifier un rôle pour le type %ssudo-1.8.9p5/src/po/fr.po010064400175440000012000000571001226304126400145230ustar00millertstaff# Messages français pour sudo. # Copyright (C) 2013 Free Software Foundation, Inc. # This file is put in the public domain. # Todd C. Miller , 2011-2013 # Frédéric Marchal , 2013 # msgid "" msgstr "" "Project-Id-Version: sudo 1.8.8b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-08-16 10:14-0600\n" "PO-Revision-Date: 2013-08-19 07:53+0200\n" "Last-Translator: Frédéric Marchal \n" "Language-Team: French \n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" #: common/aix.c:150 #, c-format msgid "unable to open userdb" msgstr "impossible d'ouvrir la base de données utilisateurs" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "impossible de basculer vers le registre « %s » pour %s" #: common/aix.c:170 #, c-format msgid "unable to restore registry" msgstr "impossible de rétablir le registre" #: common/alloc.c:81 msgid "internal error, tried to emalloc(0)" msgstr "erreur interne, emalloc(0) a été tenté" #: common/alloc.c:98 msgid "internal error, tried to emalloc2(0)" msgstr "erreur interne, emalloc2(0) a été tenté" #: common/alloc.c:100 common/alloc.c:122 common/alloc.c:162 common/alloc.c:186 #, c-format msgid "internal error, %s overflow" msgstr "erreur interne, débordement %s" #: common/alloc.c:119 msgid "internal error, tried to ecalloc(0)" msgstr "erreur interne, ecalloc(0) a été tenté" #: common/alloc.c:141 msgid "internal error, tried to erealloc(0)" msgstr "erreur interne, erealloc(0) a été tenté" #: common/alloc.c:160 msgid "internal error, tried to erealloc3(0)" msgstr "erreur interne, erealloc3(0) a été tenté" #: common/alloc.c:184 msgid "internal error, tried to erecalloc(0)" msgstr "erreur interne, erecalloc(0) a été tenté" #: common/atoid.c:77 common/atoid.c:99 src/sudo.c:561 src/sudo.c:586 #: src/sudo.c:694 src/sudo.c:710 msgid "invalid value" msgstr "valeur incorrecte" #: common/atoid.c:84 src/sudo.c:565 src/sudo.c:590 src/sudo.c:698 #: src/sudo.c:714 msgid "value out of range" msgstr "valeur hors limites" #: common/atoid.c:105 msgid "value too large" msgstr "valeur trop grande" #: common/fatal.c:154 #, c-format msgid "%s: %s: %s\n" msgstr "%s: %s: %s\n" #: common/fatal.c:157 common/fatal.c:161 #, c-format msgid "%s: %s\n" msgstr "%s: %s\n" #: common/gidlist.c:80 src/load_plugins.c:72 src/sudo.c:561 src/sudo.c:565 #: src/sudo.c:586 src/sudo.c:590 src/sudo.c:613 src/sudo.c:622 src/sudo.c:631 #: src/sudo.c:646 src/sudo.c:694 src/sudo.c:698 src/sudo.c:710 src/sudo.c:714 #, c-format msgid "%s: %s" msgstr "%s: %s" #: common/sudo_conf.c:176 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "group_source « %s » inconnu dans %s, ligne %d" #: common/sudo_conf.c:190 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "max_groups « %s » incorrect dans %s, ligne %d" #: common/sudo_conf.c:394 #, c-format msgid "unable to stat %s" msgstr "impossible d'évaluer par stat() %s" #: common/sudo_conf.c:397 #, c-format msgid "%s is not a regular file" msgstr "%s n'est pas un fichier régulier" #: common/sudo_conf.c:400 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s est la propriété du uid %u alors que ça devrait être %u" #: common/sudo_conf.c:404 #, c-format msgid "%s is world writable" msgstr "%s peut être écrit par tout le monde" #: common/sudo_conf.c:407 #, c-format msgid "%s is group writable" msgstr "%s peut être écrit par le groupe" #: common/sudo_conf.c:417 src/selinux.c:196 src/selinux.c:209 src/sudo.c:329 #, c-format msgid "unable to open %s" msgstr "impossible d'ouvrir %s" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Signal inconnu" #: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "le greffon de règles a échoué lors de l'initialisation de la session" #: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:221 #, c-format msgid "unable to fork" msgstr "erreur de fork" #: src/exec.c:259 #, c-format msgid "unable to create sockets" msgstr "impossible de créer des sockets" #: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "select a échoué" #: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "impossible de rétablir l'étiquette du tty" #: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "impossible de supprimer PRIV_PROC_EXEC de PRIV_LIMIT" #: src/exec_pty.c:183 #, c-format msgid "unable to allocate pty" msgstr "impossible d'allouer le pty" #: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 #: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:218 #, c-format msgid "unable to create pipe" msgstr "impossible de créer le tube" #: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" msgstr "impossible de mettre le terminal en mode brut" #: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "impossible de choisir le tty de contrôle" #: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "erreur lors de la lecture du tube signal" #: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "erreur de lecture sur le tube" #: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "erreur de lecture sur la paire de sockets" #: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "réponse inattendue sur le backchannel : %d" #: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 #: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 #: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "erreur dans %s, ligne %d lors du chargement du greffon « %s »" #: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "%s doit être la propriété du uid %d" #: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "seul le propriétaire doit pouvoir écrire dans %s" #: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "impossible d'exécuter dlopen %s : %s" #: src/load_plugins.c:194 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "impossible de trouver le symbole « %s » dans %s" #: src/load_plugins.c:201 #, c-format msgid "unknown policy type %d found in %s" msgstr "type de règle %d inconnu dans %s" #: src/load_plugins.c:207 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "greffon à la version majeure %d incompatible (%d attendu) trouvé dans %s" #: src/load_plugins.c:216 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "ignore le greffon de règles « %s » dans %s, ligne %d" #: src/load_plugins.c:218 #, c-format msgid "only a single policy plugin may be specified" msgstr "un seul greffon de règles peut être spécifié" #: src/load_plugins.c:221 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "ignore le greffon de règles en double « %s » dans %s, ligne %d" #: src/load_plugins.c:236 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "ignore le greffon E/S en double « %s » dans %s, ligne %d" #: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "le greffon de règles %s ne contient pas de méthode check_policy" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: débordement détecté" #: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "impossible d'ouvrir la socket" #: src/parse_args.c:246 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "l'argument à -C doit être un nombre plus grand ou égal à 3" #: src/parse_args.c:408 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "vous ne pouvez pas spécifier les options « -i » et « -s » en même temps" #: src/parse_args.c:412 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "vous ne pouvez pas spécifier les options « -i » et « -E » en même temps" #: src/parse_args.c:422 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "l'option « -E » n'est pas valable en mode édition" #: src/parse_args.c:424 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "vous ne pouvez pas spécifier de variable d'environnement en mode édition" #: src/parse_args.c:432 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "l'option « -U » ne peut être utilisée qu'avec l'option « -l »" #: src/parse_args.c:436 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "les options « -A » et « -S » ne peuvent pas être utilisées ensemble" #: src/parse_args.c:519 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit n'est pas pris en charge sur cette plate-forme" #: src/parse_args.c:592 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Seule une des options -e, -h, -i, -K, -l, -s, -v ou -V peut être spécifiée" #: src/parse_args.c:606 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s – édite les fichiers en tant qu'un autre utilisateur\n" "\n" #: src/parse_args.c:608 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s – exécute une commande en tant qu'un autre utilisateur\n" "\n" #: src/parse_args.c:613 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "Options:\n" #: src/parse_args.c:615 msgid "use a helper program for password prompting" msgstr "utiliser un programme adjoint pour demander le mot de passe" #: src/parse_args.c:618 msgid "use specified BSD authentication type" msgstr "utiliser le type d'authentification BSD spécifié" #: src/parse_args.c:621 msgid "run command in the background" msgstr "exécuter la commande en arrière-plan" #: src/parse_args.c:623 msgid "close all file descriptors >= num" msgstr "fermer tous les descripteurs de fichiers >= n°" #: src/parse_args.c:626 msgid "run command with the specified BSD login class" msgstr "exécuter la commande avec la classe de login BSD" #: src/parse_args.c:629 msgid "preserve user environment when running command" msgstr "préserver l'environnement de l'utilisateur en exécutant la commande" #: src/parse_args.c:631 msgid "edit files instead of running a command" msgstr "éditer les fichiers au lieu d'exécuter une commande" #: src/parse_args.c:633 msgid "run command as the specified group name or ID" msgstr "exécuter la commande en tant que le nom ou ID de groupe spécifié" #: src/parse_args.c:635 msgid "set HOME variable to target user's home dir" msgstr "assigner à la variable HOME le répertoire personnel de l'utilisateur cible" #: src/parse_args.c:637 msgid "display help message and exit" msgstr "afficher le message d'aide et terminer" #: src/parse_args.c:639 msgid "run command on host (if supported by plugin)" msgstr "exécuter la commande sur l'hôte (si supporté par le greffon)" #: src/parse_args.c:641 msgid "run login shell as the target user; a command may also be specified" msgstr "exécuter le shell de login comme l'utilisateur cible. Une commande peut aussi être spécifiée" #: src/parse_args.c:643 msgid "remove timestamp file completely" msgstr "supprime complètement le fichier d'horodatage" #: src/parse_args.c:645 msgid "invalidate timestamp file" msgstr "invalide le fichier d'horodatage" #: src/parse_args.c:647 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "afficher les privilèges de l'utilisateur ou vérifie une commande spécifique. Utilisez deux fois pour une forme plus longue" #: src/parse_args.c:649 msgid "non-interactive mode, no prompts are used" msgstr "mode non interactif, aucune invite utilisée" #: src/parse_args.c:651 msgid "preserve group vector instead of setting to target's" msgstr "préserve le vecteur des groupes au lieu de le changer en celui de la cible" #: src/parse_args.c:653 msgid "use the specified password prompt" msgstr "utiliser l'invite de mot de passe spécifié" #: src/parse_args.c:656 msgid "create SELinux security context with specified role" msgstr "créer le contexte de sécurité SELinux avec le rôle spécifié" #: src/parse_args.c:659 msgid "read password from standard input" msgstr "lire le mot de passe depuis l'entrée standard" #: src/parse_args.c:661 msgid "run shell as the target user; a command may also be specified" msgstr "exécuter le shell en tant que l'utilisateur cible. Une commande peut aussi être spécifiée" #: src/parse_args.c:664 msgid "create SELinux security context with specified type" msgstr "créer le contexte de sécurité SELinux avec le type spécifié" #: src/parse_args.c:667 msgid "in list mode, display privileges for user" msgstr "en mode liste, afficher les privilèges de l'utilisateur" #: src/parse_args.c:669 msgid "run command (or edit file) as specified user name or ID" msgstr "exécuter la commande (ou éditer le fichier) sous le nom d'utilisateur ou le ID spécifié" #: src/parse_args.c:671 msgid "display version information and exit" msgstr "afficher les informations de version et terminer" #: src/parse_args.c:673 msgid "update user's timestamp without running a command" msgstr "mettre à jour l'horodatage de l'utilisateur sans exécuter de commande" #: src/parse_args.c:675 msgid "stop processing command line arguments" msgstr "arrêter de traiter les arguments en ligne de commande" #: src/selinux.c:77 #, c-format msgid "unable to open audit system" msgstr "impossible d'ouvrir le système d'audit" #: src/selinux.c:85 #, c-format msgid "unable to send audit message" msgstr "impossible d'envoyer le message d'audit" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "impossible d'exécuter fgetfilecon %s" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s à changé des étiquettes" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "impossible de rétablir le contexte de %s" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "impossible d'ouvrir %s, le tty n'est pas ré-étiqueté" #: src/selinux.c:172 #, c-format msgid "unable to get current tty context, not relabeling tty" msgstr "impossible d'obtenir le contexte actuel du tty, le tty n'est pas ré-étiqueté" #: src/selinux.c:179 #, c-format msgid "unable to get new tty context, not relabeling tty" msgstr "impossible d'obtenir le nouveau contexte du tty, le tty n'est pas ré-étiqueté" #: src/selinux.c:186 #, c-format msgid "unable to set new tty context" msgstr "impossible de changer le nouveau contexte du tty" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "vous devez spécifier un rôle pour le type %s" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "impossible d'obtenir le type par défaut pour le rôle %s" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "échec lors du changement du nouveau rôle %s" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "échec lors du changement du nouveau type %s" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s n'est pas un contexte valide" #: src/selinux.c:324 #, c-format msgid "failed to get old_context" msgstr "échec de l'obtention de old_context" #: src/selinux.c:330 #, c-format msgid "unable to determine enforcing mode." msgstr "impossible de déterminer le mode de contrainte" #: src/selinux.c:342 #, c-format msgid "unable to setup tty context for %s" msgstr "impossible de mettre en place le contexte du tty pour %s" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "impossible de changer le contexte exec en %s" #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "impossible de changer le contexte de création de clé en %s" #: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "exige au moins un argument" #: src/sesh.c:78 src/sudo.c:1114 #, c-format msgid "unable to execute %s" msgstr "impossible d'exécuter %s" #: src/solaris.c:88 #, c-format msgid "resource control limit has been reached" msgstr "la limite de contrôle de la ressource a été atteinte" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "l'utilisateur « %s » n'est pas un membre du projet « %s »" #: src/solaris.c:95 #, c-format msgid "the invoking task is final" msgstr "la tâche appelante est « final »" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "impossible de joindre le projet « %s »" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "aucun pool de ressources acceptant les liaisons par défaut existe pour le projet « %s »" #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "le pool de ressources spécifié n'existe pas pour le projet « %s »" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "impossible de se lier au pool de ressources par défaut du projet « %s »" #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "setproject a échoué pour le projet « %s »" #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "attention, l'assignement du contrôle de ressources a échoue pour le projet « %s »" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo version %s\n" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Options de configuration : %s\n" #: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" msgstr "erreur fatale, impossible de charger les greffons" #: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" msgstr "impossible d'initialiser le greffon de règles" #: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "erreur à l'initialisation du greffon E/S %s" #: src/sudo.c:294 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "mode sudo 0x%x inattendu" #: src/sudo.c:414 #, c-format msgid "unable to get group vector" msgstr "impossible d'obtenir le vecteur de groupes" #: src/sudo.c:466 #, c-format msgid "unknown uid %u: who are you?" msgstr "uid %u inconnu : qui êtes-vous ?" #: src/sudo.c:788 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s doit être la propriété du uid %d et avoir le bit setuid mis" #: src/sudo.c:791 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "le uid effectif n'est pas %d. Est-ce que %s est sur un système de fichiers avec l'option « nosuid » ou un système de fichiers NFS sans privilèges root ?" #: src/sudo.c:797 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "le uid effectif n'est pas %d. Est-ce que sudo est installé setuid root ?" #: src/sudo.c:923 #, c-format msgid "unknown login class %s" msgstr "classe de login %s inconnue" #: src/sudo.c:936 #, c-format msgid "unable to set user context" msgstr "impossible de changer le contexte utilisateur" #: src/sudo.c:950 #, c-format msgid "unable to set supplementary group IDs" msgstr "impossible d'attribuer les ID de groupe supplémentaires" #: src/sudo.c:957 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "impossible de changer le gid effectif à runas gid %u" #: src/sudo.c:963 #, c-format msgid "unable to set gid to runas gid %u" msgstr "impossible de changer le gid à runas gid %u" #: src/sudo.c:970 #, c-format msgid "unable to set process priority" msgstr "impossible de changer la priorité du processus" #: src/sudo.c:978 #, c-format msgid "unable to change root to %s" msgstr "impossible de changer root en %s" #: src/sudo.c:991 src/sudo.c:997 src/sudo.c:1003 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "impossible de changer vers runas uid (%u, %u)" #: src/sudo.c:1020 #, c-format msgid "unable to change directory to %s" msgstr "impossible de changer le répertoire vers %s" #: src/sudo.c:1077 #, c-format msgid "unexpected child termination condition: %d" msgstr "condition de fin de l'enfant inconnue: %d" #: src/sudo.c:1134 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "le greffon de règles %s n'a pas de méthode « check_policy »" #: src/sudo.c:1147 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "le greffon de règles %s ne supporte pas les privilèges de listage" #: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "le greffon de règles %s ne supporte pas l'option -v" #: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "le greffon de règles %s ne supporte pas les options -k/-K" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "impossible de changer le uid en root (%u)" #: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "erreur de greffon : liste de fichiers manquantes pour sudoedit" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: pas un fichier régulier" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: écriture trop courte" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s laissé tel quel" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s non modifié" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "impossible d'écrire dans %s" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "contenu de la session d'édition laissé dans %s" #: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "impossible de lire le fichier temporaire" #: src/tgetpass.c:90 #, c-format msgid "no tty present and no askpass program specified" msgstr "pas de tty présent et pas de programme askpass spécifié" #: src/tgetpass.c:99 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "pas de programme askpass spécifié, essayez avec SUDO_ASKPASS" #: src/tgetpass.c:232 #, c-format msgid "unable to set gid to %u" msgstr "impossible de changer le gid en %u" #: src/tgetpass.c:236 #, c-format msgid "unable to set uid to %u" msgstr "impossible de changer le uid en %u" #: src/tgetpass.c:241 #, c-format msgid "unable to run %s" msgstr "impossible d'exécuter %s" #: src/utmp.c:278 #, c-format msgid "unable to save stdin" msgstr "impossible de sauvegarder stdin" #: src/utmp.c:280 #, c-format msgid "unable to dup2 stdin" msgstr "impossible d'exécuter dup2 sur stdin" #: src/utmp.c:283 #, c-format msgid "unable to restore stdin" msgstr "impossible de rétablir stdin" sudo-1.8.9p5/src/po/gl.mo010064400175440000012000000375051226304146200145220ustar00millertstaffÞ•›ôÓÌ   !$ (F o  – ¯ #É í $:6U Œ™¢5©ß-ö$4QloI†Ðá!ð#86o4‹À%ß({.7ª â:'X€š´#Îò##2$V${% %Æì"'6JC/Å+õ,!7N4†3»/ï+5K1"³!Öø'!?a-}«'Ê ò-".7Q'‰*±2Ü)59>o®Éã ú&7!^€–#¯Óë.5=&sš1µ"ç %B^tŠ/¨ Øù,HYn‹+© Õö!(0Yw%–"¼ß÷"5(Gp*†(±Úô ( 29 *l &— ¾ )Ý <!/D!2t!2§!6Ú!#"Ÿ5" Õ#)á#+ $7$N$k$ˆ$0¦$"×$ú$6 % B%Ac%¥%´%½%AÄ%&1%&W&(k&%”&º&½&GÝ&%'7'.J'2y'P¬')ý'='(#e((‰(/²(‘â(Bt)*·)%â)3*'<*,d*'‘*-¹*,ç*0+!E+g+‡+ §+ È+!é+ ,,,(K,(t,E,Uã,99-4s-:¨->ã-;".7^.2–.PÉ.B/5]/,“/3À/ ô/.0<D0<0E¾0#1>(1g19z1)´1BÞ10!2'R2?z20º24ë24 3!U3 w3˜3'µ3%Ý3.4(24 [4|40›4Ì4!ë4 5()5R5Kp58¼5'õ5F64d6™65³6.é6787'V78~7-·7%å7 8),8V8s8/‘8.Á8Dð8.59'd9;Œ9BÈ90 :4<:9q:6«:'â:2 ;3=;$q;.–;Å;1å;1<I<*e<%<¶<4Ï<:=0?=p=.=H¿=D>EM>E“>@Ù>*?a=€i>“st0”:ˆcCqRQ5/…%;X‘,N@† Š&#MKdj‰+$olw47D_3ev ~›hE•'Ž™ (nT x‚AIVZ–}8m<?O‹*["yb1W—’„uŒ|r.]k` \{^SBJL)zGYP-š2˜!9fFƒH6‡gpU Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: incompatible policy major version %d, expected %d%s: not a regular file%s: only a single policy plugin may be loaded%s: short write%s: unable to find symbol %s%s: unknown policy type %d: Configure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= fd contents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified role display help message and exit display version information and exit edit files instead of running a command effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairexecute command as the specified group failed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalidate timestamp file list user's available commands load_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, will not prompt user plugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin failed session initializationpreserve group vector instead of setting to target's preserve user environment when executing command read password from standard input remove timestamp file completely requires at least one argumentresource control limit has been reachedrun a login shell as target user run a shell as target user run command (or edit file) as specified user run command in the background run command with specified login class select failedset HOME variable to target user's home dir. setproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line arguments sudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to allocate memoryunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dlopen %s: %sunable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set uid to %uunable to set user contextunable to setup tty context for %sunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown uid %u: who are you?unknown user: %supdate user's timestamp without running a command use helper program for password prompting use specified BSD authentication type use specified password prompt user "%s" is not a member of project "%s"warning, resource control assignment failed for project "%s"when listing, list specified user's privileges you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo 1.8.6b4 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2012-08-10 13:08-0400 PO-Revision-Date: 2013-02-02 13:37+0200 Last-Translator: Leandro Regueiro Language-Team: Galician Language: gl MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); Opcións: %s - edita ficheiros como outro usuario %s - executa unha orde como outro usuario %s etiquetas cambiadas%s é escribíbel polo grupo%s non é un ficheiro normal%s non é un contexto válido%s é propiedade de uid %u, pero debería ser %u%s é escribíbel por todo o mundo%s sen modificar%s só debe ter permisos de escritura polo propietario%s debe ser propiedade do uid %d%s debe ser propiedade do uid %d e debe ter definido o bit setuid%s sen cambios%s%s: %s%s: %s%s: versión maiór %d da política incompatíbel, agardábase %d%s: non é un ficheiro regular%s: só se pode cargar unha política de engadido%s: escritura curta%s: non é posíbel atopar o símbolo %s%s: tipo de política descoñecida %d: Opcións de configuración: %s Só pode especificar unha das opcións -e, -h, -i, -K, -l, -s, -v ou -VSudo versión %s Sinal descoñecidopecha todos os descriptores de ficheiro >= td os contidos de edición de sesión déixanse en %snon é posíbel ligar ao fondo de recursos predeterminado para o proxecto «%s»non é posíbel unirse ao proxecto «%s»crea un contexto de seguranza SELinux coa regra especificada mostra esta mensaxe de axuda e sae mostra a información da versión e sae edita ficheiros no lugar de executar unha orde o uid efectivo non é %d, é %s nun sistema de ficheiros coa opción «nosuid» definida ou nun sistema de ficheiros NFS sen privilexios de root?o uid efectivo non é %d, está sudo instalado con setuid de root?erro ao inicializar os engadidos de E/S %sproduciuse un erro ao ler da tuberíaproduciuse un erro ao ler desde a tubería do sinalproduciuse un erro ao ler de socketpairexecuta unha orde como o grupo especificado produciuse un erro ao obter old_contextproduciuse un erro ao definir a nova regra %sproduciuse un erro ao definir o novo tipo %serro fatal, non foi posíbel cargar os engadidoserro interno, desbordamento en %serro interno, tentou ecalloc(0)erro interno: tentou emalloc(0)erro interno: tentou emalloc2(0)erro interno, tentou erealloc(0)erro interno, tentou erealloc3(0)erro interno, tentou erealloc(0)ficheiro de marca non válido lista de ordes do usuario dispoñíbeis load_interfaces: desbordamento detectadonon hai programa askpass especificado, tente estabelecer SUDO_ASKPASSnon hai fondo de recursos aceptando as asignacións existentes par ao proxecto «%s»sen tty presente e non se especificou un programa askpassmodo non interactivo, non se preguntará ao usuario erro do engadido: falta a lista de ficheiros para sudoedita política do engadido %s non inclúe un método check_policya política do engadido %s non admite listar os privilexiosa normativa do engadido %s non admite as opcións -k/-Ka política do engadido %s non admite a opción -vproduciuse un erro durante a inicialización de sesión do engadido de políticapreserva o vector de grupos no lugar de estabelecelo ao obxectivo conserva o ambiente de usuario ao executar unha orde lee o contrasinal desde a entrada estándar retira un ficheiro de marca de tempo completamente require cando menos un argumentoo límite de control de recursos foi alcanzadoexecuta un intérprete de ordes como un determinado usuario executa un intérprete de ordes como un determinado usuario executa unha orde (ou edita un ficheiro) como un usuario específico executa unha orde en segundo plano executa unha orde coa clase especificada de inicio de sesión selección falladaasigna a variábel HOME ao cartafol de inicio do usuario configuración do proxecto fallada «%s»o fondo de recursos especificado non existe para o proxecto «%s»deten o proceso de argumentos da liña de ordes sudoedit non se admite nesta plataformaas opcións «-A» e «-S» non se poden empregar conxuntamentea opción «-E» non é válida no modo edicióna opción «-U» só se pode usar coa opción «-l»o agumento -C debe ser un número maior ou igual a 3a tarefa que invoca é definitivanon foi posíbel asignar memorianon foi posíbel asignar ptynon foi posíbel cambiar ao cartafol %snon foi posíbel cambiar de root a %snon foi posíbel cambiar as runas uid (%u, %u)non foi posíbel cambiar uid a root (%u)non foi psosíbel crear tuberíanon foi posíbel crear socketsnon foi posíbel determinar o método de forzadonon foi posíbel dlopen %s: %snon foi posíbel facer dup2 stdinnon é posíbel executar %snon foi posíbel executar fgetfilecon %snon é posíbel realizar forknon foi posíbel obter o contexto actual de tty, non se volve etiquetar ttynon foi posíbel obter o tipo de regra predeterminada %snon é posíbel obter o vector de gruponon foi posíbel obter o novo contexto tty, non volver a etiquetar ttynon foi posíbel inicializar a normativa do engadidonon foi posíbel abrir %snon foi posíbel abrir %s, non volver a etiquetar ttynon foi posíbel abrir o sistema de auditoríanon foi posíbel abrir o socketnon foi posíbel abrir userdbnon é posíbel ler o ficheiro temporalnon foi posíbel retirar PRIV_PROC_EXEC desde PRIV_LIMITnon foi posíbel restaurar o contexto para %snon foi posíbel restaurar o rexistronon foi posíbel restaurar stdinnon foi posíbel restaurar a etiqueta ttynon foi posíbel executar %snon foi posíbel gardar stdinnon foi posíbel enviar a mensaxe de auditoríanon foi posíebl estabelecer o controlador ttynon foi posíbel estabelcer o gid efectivo para executar como gid %unon foi posíbel o contexto de execución a %snon foi posíbel estabelecer o gid a %unon foi posíbel estabelcer o gid para executar como gid %unon foi posíbel estabelecer a chave de creación de contexto a %snon foi posíbel estabelecer o novo contexto ttynon foi posíbel estabelecer a prioridade de procesonon foi posíbel estabelecer o grupo suplementario de IDsnon foi posíbel estabelcer a terminal en modo directonon foi posíbel estabelecer o uid a %unon foi posíbel estabelecer o contexto do usuarionon foi posíbel estabelecer o contexto tty para %snon foi posíbel executar stat en %snon foi posíbel ir ao rexistro «%s» para %snon foi posíbel escribir en %sterminación de condición filla non agardada: %dtipo de resposta inesperada en canles alternos %dmodo sudo 0x%x non agardadoclase de inicio de sesión descoñecida %suid descoñecido %u: quen é vostede?usuario descoñecido: %sactualiza a marca do usuario sen executar unha orde usar o programa de axuda para a solicitude de contrasinal usar tipo de autenticación especificado en BSD usa o contrasinal especificado o usuario «%s» non é membro do grupo «%s»aviso, o control de asignación de recuros fallou para o proxecto «%s»cando está na lista, mostra os privilexios do usuario especificado non se deben especificar as opcións «-i» e «-E» simultáneamentenon se deben especificar as opcións «-i» e «-s» simultáneamentenon se deben especificar variábeis de ambiente no modo edicióndébese especificar unha regra por tipo %ssudo-1.8.9p5/src/po/gl.po010064400175440000012000000532471226304126400145260ustar00millertstaff# Galician translations for sudo package. # This file is put in the public domain. # # Fran Dieguez , 2012. # Francisco Diéguez , 2012. # Leandro Regueiro , 2012, 2013. # # Proxecto Trasno - Adaptación do software libre á lingua galega: Se desexas # colaborar connosco, podes atopar máis información en # msgid "" msgstr "" "Project-Id-Version: sudo 1.8.6b4\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2012-08-10 13:08-0400\n" "PO-Revision-Date: 2013-02-02 13:37+0200\n" "Last-Translator: Leandro Regueiro \n" "Language-Team: Galician \n" "Language: gl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: common/aix.c:150 #, c-format msgid "unable to open userdb" msgstr "non foi posíbel abrir userdb" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "non foi posíbel ir ao rexistro «%s» para %s" #: common/aix.c:170 #, c-format msgid "unable to restore registry" msgstr "non foi posíbel restaurar o rexistro" #: common/alloc.c:82 msgid "internal error, tried to emalloc(0)" msgstr "erro interno: tentou emalloc(0)" #: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 #: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270 #: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482 #: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759 #, c-format msgid "unable to allocate memory" msgstr "non foi posíbel asignar memoria" #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" msgstr "erro interno: tentou emalloc2(0)" #: common/alloc.c:101 common/alloc.c:123 common/alloc.c:163 common/alloc.c:187 #, c-format msgid "internal error, %s overflow" msgstr "erro interno, desbordamento en %s" #: common/alloc.c:120 msgid "internal error, tried to ecalloc(0)" msgstr "erro interno, tentou ecalloc(0)" #: common/alloc.c:142 msgid "internal error, tried to erealloc(0)" msgstr "erro interno, tentou erealloc(0)" #: common/alloc.c:161 msgid "internal error, tried to erealloc3(0)" msgstr "erro interno, tentou erealloc3(0)" #: common/alloc.c:185 msgid "internal error, tried to erecalloc(0)" msgstr "erro interno, tentou erealloc(0)" #: common/sudo_conf.c:305 #, c-format msgid "unable to stat %s" msgstr "non foi posíbel executar stat en %s" #: common/sudo_conf.c:308 #, c-format msgid "%s is not a regular file" msgstr "%s non é un ficheiro normal" #: common/sudo_conf.c:311 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s é propiedade de uid %u, pero debería ser %u" #: common/sudo_conf.c:315 #, c-format msgid "%s is world writable" msgstr "%s é escribíbel por todo o mundo" #: common/sudo_conf.c:318 #, c-format msgid "%s is group writable" msgstr "%s é escribíbel polo grupo" #: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331 #, c-format msgid "unable to open %s" msgstr "non foi posíbel abrir %s" #: compat/strsignal.c:47 msgid "Unknown signal" msgstr "Sinal descoñecido" #: src/error.c:82 src/error.c:86 msgid ": " msgstr ": " #: src/exec.c:113 src/exec_pty.c:674 #, c-format msgid "policy plugin failed session initialization" msgstr "produciuse un erro durante a inicialización de sesión do engadido de política" #: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221 #, c-format msgid "unable to fork" msgstr "non é posíbel realizar fork" #: src/exec.c:268 #, c-format msgid "unable to create sockets" msgstr "non foi posíbel crear sockets" #: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630 #: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218 #, c-format msgid "unable to create pipe" msgstr "non foi psosíbel crear tubería" #: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240 #, c-format msgid "select failed" msgstr "selección fallada" #: src/exec.c:467 #, c-format msgid "unable to restore tty label" msgstr "non foi posíbel restaurar a etiqueta tty" #: src/exec_common.c:69 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "non foi posíbel retirar PRIV_PROC_EXEC desde PRIV_LIMIT" #: src/exec_pty.c:183 #, c-format msgid "unable to allocate pty" msgstr "non foi posíbel asignar pty" #: src/exec_pty.c:665 #, c-format msgid "unable to set terminal to raw mode" msgstr "non foi posíbel estabelcer a terminal en modo directo" #: src/exec_pty.c:1013 #, c-format msgid "unable to set controlling tty" msgstr "non foi posíebl estabelecer o controlador tty" #: src/exec_pty.c:1111 #, c-format msgid "error reading from signal pipe" msgstr "produciuse un erro ao ler desde a tubería do sinal" #: src/exec_pty.c:1132 #, c-format msgid "error reading from pipe" msgstr "produciuse un erro ao ler da tubería" #: src/exec_pty.c:1148 #, c-format msgid "error reading from socketpair" msgstr "produciuse un erro ao ler de socketpair" #: src/exec_pty.c:1152 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "tipo de resposta inesperada en canles alternos %d" #: src/load_plugins.c:74 #, c-format msgid "%s: %s" msgstr "%s: %s" #: src/load_plugins.c:80 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:90 #, c-format msgid "%s must be owned by uid %d" msgstr "%s debe ser propiedade do uid %d" #: src/load_plugins.c:94 #, c-format msgid "%s must be only be writable by owner" msgstr "%s só debe ter permisos de escritura polo propietario" #: src/load_plugins.c:101 #, c-format msgid "unable to dlopen %s: %s" msgstr "non foi posíbel dlopen %s: %s" #: src/load_plugins.c:106 #, c-format msgid "%s: unable to find symbol %s" msgstr "%s: non é posíbel atopar o símbolo %s" #: src/load_plugins.c:112 #, c-format msgid "%s: unknown policy type %d" msgstr "%s: tipo de política descoñecida %d" #: src/load_plugins.c:116 #, c-format msgid "%s: incompatible policy major version %d, expected %d" msgstr "%s: versión maiór %d da política incompatíbel, agardábase %d" #: src/load_plugins.c:123 #, c-format msgid "%s: only a single policy plugin may be loaded" msgstr "%s: só se pode cargar unha política de engadido" #: src/load_plugins.c:200 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "a política do engadido %s non inclúe un método check_policy" #: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187 #: src/net_ifs.c:298 src/net_ifs.c:322 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: desbordamento detectado" #: src/net_ifs.c:227 #, c-format msgid "unable to open socket" msgstr "non foi posíbel abrir o socket" #: src/parse_args.c:187 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "o agumento -C debe ser un número maior ou igual a 3" #: src/parse_args.c:276 #, c-format msgid "unknown user: %s" msgstr "usuario descoñecido: %s" #: src/parse_args.c:335 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "non se deben especificar as opcións «-i» e «-s» simultáneamente" #: src/parse_args.c:339 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "non se deben especificar as opcións «-i» e «-E» simultáneamente" #: src/parse_args.c:349 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "a opción «-E» non é válida no modo edición" #: src/parse_args.c:351 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "non se deben especificar variábeis de ambiente no modo edición" #: src/parse_args.c:359 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "a opción «-U» só se pode usar coa opción «-l»" #: src/parse_args.c:363 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "as opcións «-A» e «-S» non se poden empregar conxuntamente" #: src/parse_args.c:443 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit non se admite nesta plataforma" #: src/parse_args.c:516 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Só pode especificar unha das opcións -e, -h, -i, -K, -l, -s, -v ou -V" #: src/parse_args.c:530 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s - edita ficheiros como outro usuario\n" "\n" #: src/parse_args.c:532 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s - executa unha orde como outro usuario\n" "\n" #: src/parse_args.c:537 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "Opcións:\n" #: src/parse_args.c:540 msgid "use helper program for password prompting\n" msgstr "usar o programa de axuda para a solicitude de contrasinal\n" #: src/parse_args.c:543 msgid "use specified BSD authentication type\n" msgstr "usar tipo de autenticación especificado en BSD\n" #: src/parse_args.c:545 msgid "run command in the background\n" msgstr "executa unha orde en segundo plano\n" #: src/parse_args.c:547 msgid "close all file descriptors >= fd\n" msgstr "pecha todos os descriptores de ficheiro >= td\n" #: src/parse_args.c:550 msgid "run command with specified login class\n" msgstr "executa unha orde coa clase especificada de inicio de sesión\n" #: src/parse_args.c:553 msgid "preserve user environment when executing command\n" msgstr "conserva o ambiente de usuario ao executar unha orde\n" #: src/parse_args.c:555 msgid "edit files instead of running a command\n" msgstr "edita ficheiros no lugar de executar unha orde\n" #: src/parse_args.c:557 msgid "execute command as the specified group\n" msgstr "executa unha orde como o grupo especificado\n" #: src/parse_args.c:559 msgid "set HOME variable to target user's home dir.\n" msgstr "asigna a variábel HOME ao cartafol de inicio do usuario\n" #: src/parse_args.c:561 msgid "display help message and exit\n" msgstr "mostra esta mensaxe de axuda e sae\n" #: src/parse_args.c:563 msgid "run a login shell as target user\n" msgstr "executa un intérprete de ordes como un determinado usuario\n" #: src/parse_args.c:565 msgid "remove timestamp file completely\n" msgstr "retira un ficheiro de marca de tempo completamente\n" #: src/parse_args.c:567 msgid "invalidate timestamp file\n" msgstr "ficheiro de marca non válido\n" #: src/parse_args.c:569 msgid "list user's available commands\n" msgstr "lista de ordes do usuario dispoñíbeis\n" #: src/parse_args.c:571 msgid "non-interactive mode, will not prompt user\n" msgstr "modo non interactivo, non se preguntará ao usuario\n" #: src/parse_args.c:573 msgid "preserve group vector instead of setting to target's\n" msgstr "preserva o vector de grupos no lugar de estabelecelo ao obxectivo\n" #: src/parse_args.c:575 msgid "use specified password prompt\n" msgstr "usa o contrasinal especificado\n" #: src/parse_args.c:578 src/parse_args.c:586 msgid "create SELinux security context with specified role\n" msgstr "crea un contexto de seguranza SELinux coa regra especificada\n" #: src/parse_args.c:581 msgid "read password from standard input\n" msgstr "lee o contrasinal desde a entrada estándar\n" #: src/parse_args.c:583 msgid "run a shell as target user\n" msgstr "executa un intérprete de ordes como un determinado usuario\n" #: src/parse_args.c:589 msgid "when listing, list specified user's privileges\n" msgstr "cando está na lista, mostra os privilexios do usuario especificado\n" #: src/parse_args.c:591 msgid "run command (or edit file) as specified user\n" msgstr "executa unha orde (ou edita un ficheiro) como un usuario específico\n" #: src/parse_args.c:593 msgid "display version information and exit\n" msgstr "mostra a información da versión e sae\n" #: src/parse_args.c:595 msgid "update user's timestamp without running a command\n" msgstr "actualiza a marca do usuario sen executar unha orde\n" #: src/parse_args.c:597 msgid "stop processing command line arguments\n" msgstr "deten o proceso de argumentos da liña de ordes\n" #: src/selinux.c:77 #, c-format msgid "unable to open audit system" msgstr "non foi posíbel abrir o sistema de auditoría" #: src/selinux.c:85 #, c-format msgid "unable to send audit message" msgstr "non foi posíbel enviar a mensaxe de auditoría" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "non foi posíbel executar fgetfilecon %s" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s etiquetas cambiadas" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "non foi posíbel restaurar o contexto para %s" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "non foi posíbel abrir %s, non volver a etiquetar tty" #: src/selinux.c:172 #, c-format msgid "unable to get current tty context, not relabeling tty" msgstr "non foi posíbel obter o contexto actual de tty, non se volve etiquetar tty" #: src/selinux.c:179 #, c-format msgid "unable to get new tty context, not relabeling tty" msgstr "non foi posíbel obter o novo contexto tty, non volver a etiquetar tty" #: src/selinux.c:186 #, c-format msgid "unable to set new tty context" msgstr "non foi posíbel estabelecer o novo contexto tty" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "débese especificar unha regra por tipo %s" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "non foi posíbel obter o tipo de regra predeterminada %s" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "produciuse un erro ao definir a nova regra %s" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "produciuse un erro ao definir o novo tipo %s" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s non é un contexto válido" #: src/selinux.c:324 #, c-format msgid "failed to get old_context" msgstr "produciuse un erro ao obter old_context" #: src/selinux.c:330 #, c-format msgid "unable to determine enforcing mode." msgstr "non foi posíbel determinar o método de forzado" #: src/selinux.c:342 #, c-format msgid "unable to setup tty context for %s" msgstr "non foi posíbel estabelecer o contexto tty para %s" #: src/selinux.c:373 #, c-format msgid "unable to set exec context to %s" msgstr "non foi posíbel o contexto de execución a %s" #: src/selinux.c:380 #, c-format msgid "unable to set key creation context to %s" msgstr "non foi posíbel estabelecer a chave de creación de contexto a %s" #: src/sesh.c:70 #, c-format msgid "requires at least one argument" msgstr "require cando menos un argumento" #: src/sesh.c:91 #, c-format msgid "unable to execute %s" msgstr "non é posíbel executar %s" #: src/sudo.c:211 #, c-format msgid "Sudo version %s\n" msgstr "Sudo versión %s\n" #: src/sudo.c:213 #, c-format msgid "Configure options: %s\n" msgstr "Opcións de configuración: %s\n" #: src/sudo.c:218 #, c-format msgid "fatal error, unable to load plugins" msgstr "erro fatal, non foi posíbel cargar os engadidos" #: src/sudo.c:226 #, c-format msgid "unable to initialize policy plugin" msgstr "non foi posíbel inicializar a normativa do engadido" #: src/sudo.c:281 #, c-format msgid "error initializing I/O plugin %s" msgstr "erro ao inicializar os engadidos de E/S %s" #: src/sudo.c:306 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "modo sudo 0x%x non agardado" #: src/sudo.c:400 #, c-format msgid "unable to get group vector" msgstr "non é posíbel obter o vector de grupo" #: src/sudo.c:452 #, c-format msgid "unknown uid %u: who are you?" msgstr "uid descoñecido %u: quen é vostede?" #: src/sudo.c:782 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s debe ser propiedade do uid %d e debe ter definido o bit setuid" #: src/sudo.c:785 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "o uid efectivo non é %d, é %s nun sistema de ficheiros coa opción «nosuid» definida ou nun sistema de ficheiros NFS sen privilexios de root?" #: src/sudo.c:791 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "o uid efectivo non é %d, está sudo instalado con setuid de root?" #: src/sudo.c:860 #, c-format msgid "resource control limit has been reached" msgstr "o límite de control de recursos foi alcanzado" #: src/sudo.c:863 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "o usuario «%s» non é membro do grupo «%s»" #: src/sudo.c:867 #, c-format msgid "the invoking task is final" msgstr "a tarefa que invoca é definitiva" #: src/sudo.c:870 #, c-format msgid "could not join project \"%s\"" msgstr "non é posíbel unirse ao proxecto «%s»" #: src/sudo.c:875 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "non hai fondo de recursos aceptando as asignacións existentes par ao proxecto «%s»" #: src/sudo.c:879 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "o fondo de recursos especificado non existe para o proxecto «%s»" #: src/sudo.c:883 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "non é posíbel ligar ao fondo de recursos predeterminado para o proxecto «%s»" #: src/sudo.c:889 #, c-format msgid "setproject failed for project \"%s\"" msgstr "configuración do proxecto fallada «%s»" #: src/sudo.c:891 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "aviso, o control de asignación de recuros fallou para o proxecto «%s»" #: src/sudo.c:959 #, c-format msgid "unknown login class %s" msgstr "clase de inicio de sesión descoñecida %s" #: src/sudo.c:973 src/sudo.c:976 #, c-format msgid "unable to set user context" msgstr "non foi posíbel estabelecer o contexto do usuario" #: src/sudo.c:988 #, c-format msgid "unable to set supplementary group IDs" msgstr "non foi posíbel estabelecer o grupo suplementario de IDs" #: src/sudo.c:995 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "non foi posíbel estabelcer o gid efectivo para executar como gid %u" #: src/sudo.c:1001 #, c-format msgid "unable to set gid to runas gid %u" msgstr "non foi posíbel estabelcer o gid para executar como gid %u" #: src/sudo.c:1008 #, c-format msgid "unable to set process priority" msgstr "non foi posíbel estabelecer a prioridade de proceso" #: src/sudo.c:1016 #, c-format msgid "unable to change root to %s" msgstr "non foi posíbel cambiar de root a %s" #: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "non foi posíbel cambiar as runas uid (%u, %u)" #: src/sudo.c:1049 #, c-format msgid "unable to change directory to %s" msgstr "non foi posíbel cambiar ao cartafol %s" #: src/sudo.c:1133 #, c-format msgid "unexpected child termination condition: %d" msgstr "terminación de condición filla non agardada: %d" #: src/sudo.c:1194 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "a política do engadido %s non admite listar os privilexios" #: src/sudo.c:1206 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "a política do engadido %s non admite a opción -v" #: src/sudo.c:1218 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "a normativa do engadido %s non admite as opcións -k/-K" #: src/sudo_edit.c:111 #, c-format msgid "unable to change uid to root (%u)" msgstr "non foi posíbel cambiar uid a root (%u)" #: src/sudo_edit.c:143 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "erro do engadido: falta a lista de ficheiros para sudoedit" #: src/sudo_edit.c:171 src/sudo_edit.c:271 #, c-format msgid "%s: not a regular file" msgstr "%s: non é un ficheiro regular" #: src/sudo_edit.c:205 src/sudo_edit.c:307 #, c-format msgid "%s: short write" msgstr "%s: escritura curta" #: src/sudo_edit.c:272 #, c-format msgid "%s left unmodified" msgstr "%s sen modificar" #: src/sudo_edit.c:285 #, c-format msgid "%s unchanged" msgstr "%s sen cambios" #: src/sudo_edit.c:297 src/sudo_edit.c:318 #, c-format msgid "unable to write to %s" msgstr "non foi posíbel escribir en %s" #: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319 #, c-format msgid "contents of edit session left in %s" msgstr "os contidos de edición de sesión déixanse en %s" #: src/sudo_edit.c:315 #, c-format msgid "unable to read temporary file" msgstr "non é posíbel ler o ficheiro temporal" #: src/tgetpass.c:90 #, c-format msgid "no tty present and no askpass program specified" msgstr "sen tty presente e non se especificou un programa askpass" #: src/tgetpass.c:99 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "non hai programa askpass especificado, tente estabelecer SUDO_ASKPASS" #: src/tgetpass.c:231 #, c-format msgid "unable to set gid to %u" msgstr "non foi posíbel estabelecer o gid a %u" #: src/tgetpass.c:235 #, c-format msgid "unable to set uid to %u" msgstr "non foi posíbel estabelecer o uid a %u" #: src/tgetpass.c:240 #, c-format msgid "unable to run %s" msgstr "non foi posíbel executar %s" #: src/utmp.c:278 #, c-format msgid "unable to save stdin" msgstr "non foi posíbel gardar stdin" #: src/utmp.c:280 #, c-format msgid "unable to dup2 stdin" msgstr "non foi posíbel facer dup2 stdin" #: src/utmp.c:283 #, c-format msgid "unable to restore stdin" msgstr "non foi posíbel restaurar stdin" #~ msgid "%s: at least one policy plugin must be specified" #~ msgstr "%s: debe ser especificada cando menos unha política de engadido" #~ msgid "must be setuid root" #~ msgstr "debe ser setuid root" #~ msgid "internal error, erealloc3() overflow" #~ msgstr "erro interno: desbordamento de erealloc3(0)" sudo-1.8.9p5/src/po/hr.mo010064400175440000012000000377751226304146200145420ustar00millertstaffÞ•¢,ß< ¸ ¹ !Ä (æ !6O#i¢$µÚ6õ ,9BI Q]t„I›åö!#'8K„4 Õ%ô({C7¿.÷ &G_~'œÄÞø#164h*>È###G$k$%µ%Û&(C"c6†C½/+1,],Š7·4ï3$/X5ˆ+¾5ê1 "R!u—'¶!Þ-J'i ‘-Ÿ"Í7ð'(*P2{)®5Ø>Mh  &¼!ã#4Xp…š ³Ô5ã&@1["°%Âè0/N ~ŸºÒîÿ1+O {œ!´(Öÿ %< "b …  "¸ Û (í !*,!(W!€!š!"±!Ô!ñ!,"2/"*b"&"´")Ó"<ý"/:#2j#2#6Ð##$ +$ 5&(?&)h&’&$ª&Ï&è&#'(&'O'.`''>«'ê'û'( ( ((9(L(Eh(®(À($Ð(#õ(A)%[)6)¸))Ö)**•+*<Á*;þ**:+e+%ƒ+"©+#Ì+2ð+##,#G,+k,=—,@Õ,6-GM-•-(±-(Ú-).)-.*W.*‚.8­..æ.%/!;/L]/Qª/=ü/2:0-m09›07Õ00 1/>1,n14›16Ð1925A2$w2*œ2Ç2*æ2/3'A3;i3¥3-Á3ï3E4)G4:q4,¬4(Ù4753:59n50¨5Ù5÷5# 6 166R6#‰6­6È6!ä67&7C7 X7%y7Ÿ7?²7*ò78;=8*y8¤8+¸8 ä89* 9#K9-o99¼9Õ9ë9::2:R:.r:(¡:Ê:2å:1;#J;#n;0’;*Ã;î;& <$0<U<-o<<+±<3Ý<=,=)G=q=Ž=/¤=>Ô=.>$B>#g>.‹>Hº>1?55?5k?:¡? Ü?1†š 3“B„w{(ˆ—nCW?l@`œ >~O4Ž‘ RN_gmv\ŸQa€Œ&˜Vu.F8e*f–KLrž=Tc]ŠJG2‡q ƒZ¡'"b0kA$<-U…D¢+Ij™XEYi o‰9 },SP^MHdz#p;7/6x”|%[‹’!: ys›h5‚)t• Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: %s %s: %s: %s %s: not a regular file%s: short writeConfigure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= fd contents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified role display help message and exit display version information and exit edit files instead of running a command effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error in %s, line %d while loading plugin `%s'error initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairexecute command as the specified group failed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsignoring duplicate I/O plugin `%s' in %s, line %dignoring duplicate policy plugin `%s' in %s, line %dignoring policy plugin `%s' in %s, line %dincompatible plugin major version %d (expected %d) found in %sinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalid max groups `%s' in %s, line %dinvalidate timestamp file list user's available commands load_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, will not prompt user only a single policy plugin may be specifiedplugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin %s is missing the `check_policy' methodpolicy plugin failed session initializationpreserve group vector instead of setting to target's preserve user environment when executing command read password from standard input remove timestamp file completely requires at least one argumentresource control limit has been reachedrun a login shell as target user run a shell as target user run command (or edit file) as specified user run command in the background run command with specified login class select failedset HOME variable to target user's home dir. setproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line arguments sudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dlopen %s: %sunable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to find symbol `%s' in %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set uid to %uunable to set user contextunable to setup tty context for %sunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown policy type %d found in %sunknown uid %u: who are you?unknown user: %sunsupported group source `%s' in %s, line %dupdate user's timestamp without running a command use helper program for password prompting use specified BSD authentication type use specified password prompt user "%s" is not a member of project "%s"warning, resource control assignment failed for project "%s"when listing, list specified user's privileges you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo 1.8.7b1 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-04-02 10:40-0400 PO-Revision-Date: 2013-04-18 15:22+0200 Last-Translator: Tomislav Krznar Language-Team: Croatian Language: hr MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2); X-Generator: Gtranslator 2.91.6 Opcije: %s - uredi datoteke kao drugi korisnik %s - izvrÅ¡i naredbu kao drugi korisnik %s je promijenio oznake%s ima dozvole za pisanje svih grupa%s nije obiÄna datoteka%s nije ispravan kontekstvlasnik %s je uid %u, treba biti %u%s ima dozvole za pisanje svih korisnika%s nepromijenjensamo vlasnik smije imati dozvole za pisanje %svlasnik %s mora biti uid %dvlasnik %s mora biti uid %d i mora imati postavljen setuid bit%s nepromijenjen%s%s: %s%s: %s%s: %s %s: %s: %s %s: nije obiÄna datoteka%s: kratko pisanjeKonfiguracijske opcije: %s Smijete navesti samo jednu od opcija -e, -h, -i, -K, -l, -s, -v i -V Sudo inaÄica %s Nepoznat signalzatvori sve opisnike datoteka >= fd sadržaj ureÄ‘ivanja ostavljen u %sne mogu povezati na zadano skladiÅ¡te resursa za projekt „%sâ€ne mogu pridružiti projektu „%sâ€stvori SELinux sigurnosni kontekst s navedenom ulogom prikaži ovu pomoć i izaÄ‘i prikaži informacije o inaÄici i izaÄ‘i uredi datoteke umjesto pokretanja naredbe efektivni uid nije %d, je li %s na datoteÄnom sustavu s postavljenom opcijom „nosuid†ili NFS datoteÄnom sustavu bez administratorskih ovlasti?efektivni uid nije %d, je li sudo instaliran uz setuid root?greÅ¡ka u %s, redak %d pri uÄitavanju prikljuÄka „%sâ€greÅ¡ka inicijalizacije U/I prikljuÄka %sgreÅ¡ka Äitanja iz cjevovodagreÅ¡ka Äitanja iz cjevovoda signalagreÅ¡ka Äitanja iz para utiÄnicaizvrÅ¡i naredbu kao navedena grupa nisam uspio dohvatiti stari kontekst (old_context)nisam uspio postaviti novu ulogu %snisam uspio postaviti novu vrstu %skobna greÅ¡ka, ne mogu uÄitati prikljuÄkezanemarujem dvostruki U/I prikljuÄak „%s†u %s, redak %dzanemarujem dvostruki prikljuÄak police „%s†u %s, redak %dzanemarujem prikljuÄak police „%s†u %s, redak %dnekompatibilna glavna inaÄica police %d (oÄekujem %d) pronaÄ‘ena u %sinterna greÅ¡ka, %s preljevinterna greÅ¡ka, pokuÅ¡ao sam ecalloc(0)interna greÅ¡ka, pokuÅ¡ao sam emalloc(0)interna greÅ¡ka, pokuÅ¡ao sam emalloc2(0)interna greÅ¡ka, pokuÅ¡ao sam erealloc(0)interna greÅ¡ka, pokuÅ¡ao sam erealloc3(0)interna greÅ¡ka, pokuÅ¡ao sam erecalloc(0)neispravan maksimalni broj grupa „%s†u %s, redak %duÄini datoteku vremenskih oznaka nevažećom ispiÅ¡i dostupne korisniÄke naredbe load_interfaces: otkriven preljevnije naveden program za traženje lozinke, pokuÅ¡ajte postaviti SUDO_ASKPASSne postoji skladiÅ¡te resursa koje prihvaća zadane poveznice za projekt „%sâ€nije prisutan tty i nije naveden program za traženje lozinkeneinteraktivni naÄin, neće ispitivati korisnika možete navesti samo jedan prikljuÄak policegreÅ¡ka prikljuÄka: nedostaje popis datoteka za sudoeditprikljuÄak police %s ne ukljuÄuje metodu check_policyprikljuÄak police %s ne podržava ispis ovlastiprikljuÄak police %s ne podržava opcije -k/-KprikljuÄak police %s ne podržava opciju -vprikljuÄak police %s nema metodu „check_policyâ€prikljuÄak police nije uspio inicijalizirati sjednicuoÄuvaj grupni vektor umjesto postavljanja na odrediÅ¡ni oÄuvaj korisniÄku okolinu pri izvrÅ¡avanju naredbe Äitaj lozinku sa standardnog ulaza potpuno ukloni datoteku vremenskih oznaka zahtijeva barem jedan argumentdosegnuta je granica upravljanja resursimapokreni ljusku prijave kao odrediÅ¡ni korisnik pokreni ljusku kao odrediÅ¡ni korisnik pokreni naredbu (ili uredi datoteku) kao navedeni korisnik pokreni naredbu u pozadini pokreni naredbu s navedenim razredom prijave odabir nije uspiopostavi HOME varijablu na poÄetni direktorij odrediÅ¡nog korisnika. setproject nije uspio za projekt „%sâ€ne postoji navedeno skladiÅ¡te resursa za projekt „%sâ€zaustavi obradu argumenata naredbenog retka sudoedit nije podržan na ovoj platformine možete koristiti opcije „-A†i „-S†zajednoopcija „-E†nije ispravna u naÄinu ureÄ‘ivanjaopciju „-U†možete koristiti samo uz opciju „-lâ€argument za -C mora biti broj veći ili jednak 3pozivanje zadatka je konaÄnone mogu alocirati ptyne mogu promijeniti direktorij u %sne mogu promijeniti korijen u %sne mogu promijeniti u runas (pokreni kao) uid (%u, %u)ne mogu promijeniti uid u root (%u)ne mogu napraviti cjevovodne mogu napraviti utiÄnicene mogu odrediti naÄin provedbe.ne mogu izvrÅ¡iti dlopen %s: %sne mogu izvrÅ¡iti dup2 stdinne mogu izvrÅ¡iti %sne mogu izvrÅ¡iti fgetfilecon %sne mogu pronaći simbol „%s†u %sne mogu razdvojitine mogu dohvatiti trenutni tty kontekst, ne mijenjam oznaku ttyne mogu dohvatiti zadanu vrstu za ulogu %sne mogu dohvatiti grupni vektorne mogu dohvatiti novi tty kontekst, ne mijenjam oznaku ttyne mogu inicijalizirati prikljuÄak policene mogu otvoriti %sne mogu otvoriti %s, ne mijenjam oznaku ttyne mogu otvoriti sustav revizijene mogu otvoriti utiÄnicune mogu otvoriti korisniÄku bazu podatakane mogu Äitati privremenu datotekune mogu ukloniti PRIV_PROC_EXEC iz PRIV_LIMITne mogu vratiti kontekst za %sne mogu vratiti registarne mogu vratiti stdinne mogu vratiti tty oznakune mogu pokrenuti %sne mogu spremiti stdinne mogu poslati poruku revizijene mogu postaviti kontrolni ttyne mogu postaviti efektivni gid u runas gid %une mogu postaviti izvrÅ¡ni kontekst u %sne mogu postaviti gid u %une mogu postaviti gid u runas (pokreni kao) gid %une mogu postaviti kontekst stvaranja kljuÄa u %sne mogu postaviti novi tty kontekstne mogu postaviti prioritet procesane mogu postaviti dopunske grupne identifikatorene mogu postaviti terminal u sirovi naÄinne mogu postaviti uid u %une mogu postaviti korisniÄki kontekstne mogu postaviti tty kontekst za %sne mogu izvrÅ¡iti stat %sne mogu promijeniti u registar „%s†za %sne mogu pisati u %sneoÄekivani uvjet zavrÅ¡avanja djeteta: %dneoÄekivana vrsta odgovora na povratnom kanalu: %dneoÄekivani sudo mod 0x%xnepoznat razred prijave %snepoznata vrsta police %d pronaÄ‘ena u %snepoznat uid %u: tko ste vi?nepoznat korisnik: %snepodržani izvor grupe „%s†u %s, redak %dažuriraj korisniÄku vremensku oznaku bez pokretanja naredbe koristi pomoćni program za traženje lozinke koristi navedenu vrstu BSD provjere koristi navedeno traženje lozinke korisnik „%s†nije Älan projekta „%sâ€upozorenje, zadatak upravljanja resursima nije uspio za projekt „%sâ€pri ispisu, ispiÅ¡i navedene korisniÄke ovlasti ne možete navesti opcije „-i†i „-E†zajednone možete navesti opcije „-i†i „-s†zajednone možete navesti varijable okoline u naÄinu ureÄ‘ivanjamorate navesti ulogu za vrstu %ssudo-1.8.9p5/src/po/hr.po010064400175440000012000000536401226304126400145320ustar00millertstaff# Translation of sudo to Croatian. # This file is put in the public domain. # Tomislav Krznar , 2012, 2013. # msgid "" msgstr "" "Project-Id-Version: sudo 1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-04-02 10:40-0400\n" "PO-Revision-Date: 2013-04-18 15:22+0200\n" "Last-Translator: Tomislav Krznar \n" "Language-Team: Croatian \n" "Language: hr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" "X-Generator: Gtranslator 2.91.6\n" #: common/aix.c:150 #, c-format msgid "unable to open userdb" msgstr "ne mogu otvoriti korisniÄku bazu podataka" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "ne mogu promijeniti u registar „%s†za %s" #: common/aix.c:170 #, c-format msgid "unable to restore registry" msgstr "ne mogu vratiti registar" #: common/alloc.c:82 msgid "internal error, tried to emalloc(0)" msgstr "interna greÅ¡ka, pokuÅ¡ao sam emalloc(0)" #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" msgstr "interna greÅ¡ka, pokuÅ¡ao sam emalloc2(0)" #: common/alloc.c:101 common/alloc.c:123 common/alloc.c:163 common/alloc.c:187 #, c-format msgid "internal error, %s overflow" msgstr "interna greÅ¡ka, %s preljev" #: common/alloc.c:120 msgid "internal error, tried to ecalloc(0)" msgstr "interna greÅ¡ka, pokuÅ¡ao sam ecalloc(0)" #: common/alloc.c:142 msgid "internal error, tried to erealloc(0)" msgstr "interna greÅ¡ka, pokuÅ¡ao sam erealloc(0)" #: common/alloc.c:161 msgid "internal error, tried to erealloc3(0)" msgstr "interna greÅ¡ka, pokuÅ¡ao sam erealloc3(0)" #: common/alloc.c:185 msgid "internal error, tried to erecalloc(0)" msgstr "interna greÅ¡ka, pokuÅ¡ao sam erecalloc(0)" #: common/error.c:154 #, c-format msgid "%s: %s: %s\n" msgstr "%s: %s: %s\n" #: common/error.c:157 common/error.c:161 #, c-format msgid "%s: %s\n" msgstr "%s: %s\n" #: common/sudo_conf.c:172 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "nepodržani izvor grupe „%s†u %s, redak %d" #: common/sudo_conf.c:186 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "neispravan maksimalni broj grupa „%s†u %s, redak %d" #: common/sudo_conf.c:382 #, c-format msgid "unable to stat %s" msgstr "ne mogu izvrÅ¡iti stat %s" #: common/sudo_conf.c:385 #, c-format msgid "%s is not a regular file" msgstr "%s nije obiÄna datoteka" #: common/sudo_conf.c:388 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "vlasnik %s je uid %u, treba biti %u" #: common/sudo_conf.c:392 #, c-format msgid "%s is world writable" msgstr "%s ima dozvole za pisanje svih korisnika" #: common/sudo_conf.c:395 #, c-format msgid "%s is group writable" msgstr "%s ima dozvole za pisanje svih grupa" #: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "ne mogu otvoriti %s" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Nepoznat signal" #: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "prikljuÄak police nije uspio inicijalizirati sjednicu" #: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220 #, c-format msgid "unable to fork" msgstr "ne mogu razdvojiti" #: src/exec.c:259 #, c-format msgid "unable to create sockets" msgstr "ne mogu napraviti utiÄnice" #: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "odabir nije uspio" #: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "ne mogu vratiti tty oznaku" #: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "ne mogu ukloniti PRIV_PROC_EXEC iz PRIV_LIMIT" #: src/exec_pty.c:183 #, c-format msgid "unable to allocate pty" msgstr "ne mogu alocirati pty" #: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 #: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217 #, c-format msgid "unable to create pipe" msgstr "ne mogu napraviti cjevovod" #: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" msgstr "ne mogu postaviti terminal u sirovi naÄin" #: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "ne mogu postaviti kontrolni tty" #: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "greÅ¡ka Äitanja iz cjevovoda signala" #: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "greÅ¡ka Äitanja iz cjevovoda" #: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "greÅ¡ka Äitanja iz para utiÄnica" #: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "neoÄekivana vrsta odgovora na povratnom kanalu: %d" #: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 #: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 #: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "greÅ¡ka u %s, redak %d pri uÄitavanju prikljuÄka „%sâ€" #: src/load_plugins.c:72 #, c-format msgid "%s: %s" msgstr "%s: %s" #: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "vlasnik %s mora biti uid %d" #: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "samo vlasnik smije imati dozvole za pisanje %s" #: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "ne mogu izvrÅ¡iti dlopen %s: %s" #: src/load_plugins.c:194 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "ne mogu pronaći simbol „%s†u %s" #: src/load_plugins.c:201 #, c-format msgid "unknown policy type %d found in %s" msgstr "nepoznata vrsta police %d pronaÄ‘ena u %s" #: src/load_plugins.c:207 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "nekompatibilna glavna inaÄica police %d (oÄekujem %d) pronaÄ‘ena u %s" #: src/load_plugins.c:216 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "zanemarujem prikljuÄak police „%s†u %s, redak %d" #: src/load_plugins.c:218 #, c-format msgid "only a single policy plugin may be specified" msgstr "možete navesti samo jedan prikljuÄak police" #: src/load_plugins.c:221 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "zanemarujem dvostruki prikljuÄak police „%s†u %s, redak %d" #: src/load_plugins.c:236 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "zanemarujem dvostruki U/I prikljuÄak „%s†u %s, redak %d" #: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "prikljuÄak police %s ne ukljuÄuje metodu check_policy" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: otkriven preljev" #: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "ne mogu otvoriti utiÄnicu" #: src/parse_args.c:197 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "argument za -C mora biti broj veći ili jednak 3" #: src/parse_args.c:286 #, c-format msgid "unknown user: %s" msgstr "nepoznat korisnik: %s" #: src/parse_args.c:345 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "ne možete navesti opcije „-i†i „-s†zajedno" #: src/parse_args.c:349 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "ne možete navesti opcije „-i†i „-E†zajedno" #: src/parse_args.c:359 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "opcija „-E†nije ispravna u naÄinu ureÄ‘ivanja" #: src/parse_args.c:361 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "ne možete navesti varijable okoline u naÄinu ureÄ‘ivanja" #: src/parse_args.c:369 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "opciju „-U†možete koristiti samo uz opciju „-lâ€" #: src/parse_args.c:373 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "ne možete koristiti opcije „-A†i „-S†zajedno" #: src/parse_args.c:456 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit nije podržan na ovoj platformi" #: src/parse_args.c:529 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Smijete navesti samo jednu od opcija -e, -h, -i, -K, -l, -s, -v i -V " #: src/parse_args.c:543 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s - uredi datoteke kao drugi korisnik\n" "\n" #: src/parse_args.c:545 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s - izvrÅ¡i naredbu kao drugi korisnik\n" "\n" #: src/parse_args.c:550 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "Opcije:\n" #: src/parse_args.c:552 msgid "use helper program for password prompting\n" msgstr "koristi pomoćni program za traženje lozinke\n" #: src/parse_args.c:555 msgid "use specified BSD authentication type\n" msgstr "koristi navedenu vrstu BSD provjere\n" #: src/parse_args.c:558 msgid "run command in the background\n" msgstr "pokreni naredbu u pozadini\n" #: src/parse_args.c:560 msgid "close all file descriptors >= fd\n" msgstr "zatvori sve opisnike datoteka >= fd\n" #: src/parse_args.c:563 msgid "run command with specified login class\n" msgstr "pokreni naredbu s navedenim razredom prijave\n" #: src/parse_args.c:566 msgid "preserve user environment when executing command\n" msgstr "oÄuvaj korisniÄku okolinu pri izvrÅ¡avanju naredbe\n" #: src/parse_args.c:568 msgid "edit files instead of running a command\n" msgstr "uredi datoteke umjesto pokretanja naredbe\n" #: src/parse_args.c:570 msgid "execute command as the specified group\n" msgstr "izvrÅ¡i naredbu kao navedena grupa\n" #: src/parse_args.c:572 msgid "set HOME variable to target user's home dir.\n" msgstr "postavi HOME varijablu na poÄetni direktorij odrediÅ¡nog korisnika.\n" #: src/parse_args.c:574 msgid "display help message and exit\n" msgstr "prikaži ovu pomoć i izaÄ‘i\n" #: src/parse_args.c:576 msgid "run a login shell as target user\n" msgstr "pokreni ljusku prijave kao odrediÅ¡ni korisnik\n" #: src/parse_args.c:578 msgid "remove timestamp file completely\n" msgstr "potpuno ukloni datoteku vremenskih oznaka\n" #: src/parse_args.c:580 msgid "invalidate timestamp file\n" msgstr "uÄini datoteku vremenskih oznaka nevažećom\n" #: src/parse_args.c:582 msgid "list user's available commands\n" msgstr "ispiÅ¡i dostupne korisniÄke naredbe\n" #: src/parse_args.c:584 msgid "non-interactive mode, will not prompt user\n" msgstr "neinteraktivni naÄin, neće ispitivati korisnika\n" #: src/parse_args.c:586 msgid "preserve group vector instead of setting to target's\n" msgstr "oÄuvaj grupni vektor umjesto postavljanja na odrediÅ¡ni\n" #: src/parse_args.c:588 msgid "use specified password prompt\n" msgstr "koristi navedeno traženje lozinke\n" #: src/parse_args.c:591 src/parse_args.c:599 msgid "create SELinux security context with specified role\n" msgstr "stvori SELinux sigurnosni kontekst s navedenom ulogom\n" #: src/parse_args.c:594 msgid "read password from standard input\n" msgstr "Äitaj lozinku sa standardnog ulaza\n" #: src/parse_args.c:596 msgid "run a shell as target user\n" msgstr "pokreni ljusku kao odrediÅ¡ni korisnik\n" #: src/parse_args.c:602 msgid "when listing, list specified user's privileges\n" msgstr "pri ispisu, ispiÅ¡i navedene korisniÄke ovlasti\n" #: src/parse_args.c:604 msgid "run command (or edit file) as specified user\n" msgstr "pokreni naredbu (ili uredi datoteku) kao navedeni korisnik\n" #: src/parse_args.c:606 msgid "display version information and exit\n" msgstr "prikaži informacije o inaÄici i izaÄ‘i\n" #: src/parse_args.c:608 msgid "update user's timestamp without running a command\n" msgstr "ažuriraj korisniÄku vremensku oznaku bez pokretanja naredbe\n" #: src/parse_args.c:610 msgid "stop processing command line arguments\n" msgstr "zaustavi obradu argumenata naredbenog retka\n" #: src/selinux.c:77 #, c-format msgid "unable to open audit system" msgstr "ne mogu otvoriti sustav revizije" #: src/selinux.c:85 #, c-format msgid "unable to send audit message" msgstr "ne mogu poslati poruku revizije" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "ne mogu izvrÅ¡iti fgetfilecon %s" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s je promijenio oznake" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "ne mogu vratiti kontekst za %s" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "ne mogu otvoriti %s, ne mijenjam oznaku tty" #: src/selinux.c:172 #, c-format msgid "unable to get current tty context, not relabeling tty" msgstr "ne mogu dohvatiti trenutni tty kontekst, ne mijenjam oznaku tty" #: src/selinux.c:179 #, c-format msgid "unable to get new tty context, not relabeling tty" msgstr "ne mogu dohvatiti novi tty kontekst, ne mijenjam oznaku tty" #: src/selinux.c:186 #, c-format msgid "unable to set new tty context" msgstr "ne mogu postaviti novi tty kontekst" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "morate navesti ulogu za vrstu %s" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "ne mogu dohvatiti zadanu vrstu za ulogu %s" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "nisam uspio postaviti novu ulogu %s" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "nisam uspio postaviti novu vrstu %s" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s nije ispravan kontekst" #: src/selinux.c:324 #, c-format msgid "failed to get old_context" msgstr "nisam uspio dohvatiti stari kontekst (old_context)" #: src/selinux.c:330 #, c-format msgid "unable to determine enforcing mode." msgstr "ne mogu odrediti naÄin provedbe." #: src/selinux.c:342 #, c-format msgid "unable to setup tty context for %s" msgstr "ne mogu postaviti tty kontekst za %s" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "ne mogu postaviti izvrÅ¡ni kontekst u %s" #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "ne mogu postaviti kontekst stvaranja kljuÄa u %s" #: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "zahtijeva barem jedan argument" #: src/sesh.c:78 src/sudo.c:1126 #, c-format msgid "unable to execute %s" msgstr "ne mogu izvrÅ¡iti %s" #: src/solaris.c:88 #, c-format msgid "resource control limit has been reached" msgstr "dosegnuta je granica upravljanja resursima" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "korisnik „%s†nije Älan projekta „%sâ€" #: src/solaris.c:95 #, c-format msgid "the invoking task is final" msgstr "pozivanje zadatka je konaÄno" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "ne mogu pridružiti projektu „%sâ€" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "ne postoji skladiÅ¡te resursa koje prihvaća zadane poveznice za projekt „%sâ€" #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "ne postoji navedeno skladiÅ¡te resursa za projekt „%sâ€" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "ne mogu povezati na zadano skladiÅ¡te resursa za projekt „%sâ€" #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "setproject nije uspio za projekt „%sâ€" #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "upozorenje, zadatak upravljanja resursima nije uspio za projekt „%sâ€" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo inaÄica %s\n" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Konfiguracijske opcije: %s\n" #: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" msgstr "kobna greÅ¡ka, ne mogu uÄitati prikljuÄke" #: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" msgstr "ne mogu inicijalizirati prikljuÄak police" #: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "greÅ¡ka inicijalizacije U/I prikljuÄka %s" #: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "neoÄekivani sudo mod 0x%x" #: src/sudo.c:413 #, c-format msgid "unable to get group vector" msgstr "ne mogu dohvatiti grupni vektor" #: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "nepoznat uid %u: tko ste vi?" #: src/sudo.c:802 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "vlasnik %s mora biti uid %d i mora imati postavljen setuid bit" #: src/sudo.c:805 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "efektivni uid nije %d, je li %s na datoteÄnom sustavu s postavljenom opcijom „nosuid†ili NFS datoteÄnom sustavu bez administratorskih ovlasti?" #: src/sudo.c:811 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "efektivni uid nije %d, je li sudo instaliran uz setuid root?" #: src/sudo.c:915 #, c-format msgid "unknown login class %s" msgstr "nepoznat razred prijave %s" #: src/sudo.c:929 src/sudo.c:932 #, c-format msgid "unable to set user context" msgstr "ne mogu postaviti korisniÄki kontekst" #: src/sudo.c:944 #, c-format msgid "unable to set supplementary group IDs" msgstr "ne mogu postaviti dopunske grupne identifikatore" #: src/sudo.c:951 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "ne mogu postaviti efektivni gid u runas gid %u" #: src/sudo.c:957 #, c-format msgid "unable to set gid to runas gid %u" msgstr "ne mogu postaviti gid u runas (pokreni kao) gid %u" #: src/sudo.c:964 #, c-format msgid "unable to set process priority" msgstr "ne mogu postaviti prioritet procesa" #: src/sudo.c:972 #, c-format msgid "unable to change root to %s" msgstr "ne mogu promijeniti korijen u %s" #: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "ne mogu promijeniti u runas (pokreni kao) uid (%u, %u)" #: src/sudo.c:1005 #, c-format msgid "unable to change directory to %s" msgstr "ne mogu promijeniti direktorij u %s" #: src/sudo.c:1089 #, c-format msgid "unexpected child termination condition: %d" msgstr "neoÄekivani uvjet zavrÅ¡avanja djeteta: %d" #: src/sudo.c:1146 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "prikljuÄak police %s nema metodu „check_policyâ€" #: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "prikljuÄak police %s ne podržava ispis ovlasti" #: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "prikljuÄak police %s ne podržava opciju -v" #: src/sudo.c:1183 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "prikljuÄak police %s ne podržava opcije -k/-K" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "ne mogu promijeniti uid u root (%u)" #: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "greÅ¡ka prikljuÄka: nedostaje popis datoteka za sudoedit" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: nije obiÄna datoteka" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: kratko pisanje" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s nepromijenjen" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s nepromijenjen" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "ne mogu pisati u %s" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "sadržaj ureÄ‘ivanja ostavljen u %s" #: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "ne mogu Äitati privremenu datoteku" #: src/tgetpass.c:89 #, c-format msgid "no tty present and no askpass program specified" msgstr "nije prisutan tty i nije naveden program za traženje lozinke" #: src/tgetpass.c:98 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "nije naveden program za traženje lozinke, pokuÅ¡ajte postaviti SUDO_ASKPASS" #: src/tgetpass.c:230 #, c-format msgid "unable to set gid to %u" msgstr "ne mogu postaviti gid u %u" #: src/tgetpass.c:234 #, c-format msgid "unable to set uid to %u" msgstr "ne mogu postaviti uid u %u" #: src/tgetpass.c:239 #, c-format msgid "unable to run %s" msgstr "ne mogu pokrenuti %s" #: src/utmp.c:278 #, c-format msgid "unable to save stdin" msgstr "ne mogu spremiti stdin" #: src/utmp.c:280 #, c-format msgid "unable to dup2 stdin" msgstr "ne mogu izvrÅ¡iti dup2 stdin" #: src/utmp.c:283 #, c-format msgid "unable to restore stdin" msgstr "ne mogu vratiti stdin" #~ msgid "unable to allocate memory" #~ msgstr "ne mogu alocirati memoriju" #~ msgid ": " #~ msgstr ": " #~ msgid "internal error, emalloc2() overflow" #~ msgstr "interna greÅ¡ka, emalloc2() preljev" #~ msgid "internal error, erealloc3() overflow" #~ msgstr "interna greÅ¡ka, erealloc3() preljev" #~ msgid "%s: at least one policy plugin must be specified" #~ msgstr "%s: mora biti naveden barem jedan prikljuÄak police" sudo-1.8.9p5/src/po/it.mo010064400175440000012000000426041226304146200145300ustar00millertstaffÞ•§Tߌ  !(6_q†Ÿ#¹Ýò$*6E |‰’™ ¡­ÄÔIë5F!U#w8›Ô3ð3$X$v'›{Ã7?.w¦ ºÛó0Jd#~1¢4Ô* )4>^#¹#Ý$$&%K%q&— ¾ÌOæ"66YC/Ô),.,[7ˆ4À3õ/)5Y+4».ð! Ab'7©-á,-.ZC‰=Í+ "77Z&’*¹2ä)5A>w¶Ñî &&B!i‹¡#ºÞó !B5Q&‡®1É"û4%Flˆž´/Ò  # > V r ƒ ˜ µ +Ó ÿ  !!8!(Z!ƒ!¡!%À!"æ! ")"A"\"(n"—"*­"(Ø"##"2#U#,r#1Ÿ#+Ñ#%ý#!#$)E$o$$<$2Ì$2ÿ$62%#i%®% <')G'-q'Ÿ'½'Ù'ô'7(I(c(/~()®(IØ(")4)=)D) L)X)t)ˆ)N§)ö) *) *3J*F~*#Å*>é*=(+(f+1+-Á+‹ï+L{,=È,--#-Q-(o-!˜-*º-'å-+ .39.=m.B«.8î.7'/U_/µ/0Ô/001601h02š02Í0-1.1@1i[1"Å1Jè1U32H‰28Ò22 33>3;r3A®36ð32'4=Z4O˜4Jè4@35&t5'›5Ã5.à5M63]6‘66±6:è6R#7Hv7;¿7,û7>(86g80ž85Ï8598;9=t9²9)Ò9ü9 : 6:-W:)…:¯:Ë:1å:%;=;#U;)y;£;J½;=<)F<Hp<3¹<í< =3=&S=z=”=&±=2Ø=+ >$7>!\>(~>§>¿>)Ü>)?;0?+l?!˜?5º?@ð?+1@/]@0@3¾@*ò@!A(?AhA+ˆA´A,ÏA2üA!/B QB-rB' B2ÈB;ûB87C7pC0¨C,ÙCDDU1D=‡D<ÅDJE6ME3XVt5˜E>^|T€*„/!@FOBpze  Aƒ6“–\ …Qdœqv{’=¤f¦(Z•‡I:r+`kMU[›Cw¥<žhamJ4ŒRu ¢1‚)#N iD%o?&ІG§,ˆLH] sŽ; g-2"bPKW$Y£908}”™'_‘—.j¡~xl7n‰‹ycŸSš Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: %s %s: %s: %s %s: not a regular file%s: short writeConfigure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= numcontents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified rolecreate SELinux security context with specified typedisplay help message and exitdisplay version information and exitedit files instead of running a commandeffective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error in %s, line %d while loading plugin `%s'error in event looperror initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairfailed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsignoring duplicate I/O plugin `%s' in %s, line %dignoring duplicate policy plugin `%s' in %s, line %dignoring policy plugin `%s' in %s, line %din list mode, display privileges for userincompatible plugin major version %d (expected %d) found in %sinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalid max groups `%s' in %s, line %dinvalid valueinvalidate timestamp filelist user's privileges or check a specific command; use twice for longer formatload_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, no prompts are usedonly a single policy plugin may be specifiedplugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin %s is missing the `check_policy' methodpolicy plugin failed session initializationpreserve group vector instead of setting to target'spreserve user environment when running commandread password from standard inputremove timestamp file completelyrequires at least one argumentresource control limit has been reachedrun command (or edit file) as specified user name or IDrun command as the specified group name or IDrun command in the backgroundrun command on host (if supported by plugin)run command with the specified BSD login classrun login shell as the target user; a command may also be specifiedrun shell as the target user; a command may also be specifiedset HOME variable to target user's home dirsetproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line argumentssudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to add event to queueunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to find symbol `%s' in %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to load %s: %sunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set tty context to %sunable to set uid to %uunable to set user contextunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown policy type %d found in %sunknown uid %u: who are you?unsupported group source `%s' in %s, line %dupdate user's timestamp without running a commanduse a helper program for password promptinguse specified BSD authentication typeuse the specified password promptuser "%s" is not a member of project "%s"value too largevalue too smallwarning, resource control assignment failed for project "%s"you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo-1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-11 13:41-0700 PO-Revision-Date: 2013-12-26 22:10+0100 Last-Translator: Milo Casagrande Language-Team: Italian Language: it MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8-bit Plural-Forms: nplurals=2; plural=(n!=1); X-Generator: Gtranslator 2.91.6 Opzioni: %s - modifica file come un altro utente %s - esegue un comando come un altro utente %s ha modificato le etichette%s è scrivibile dal gruppo%s non è un file regolare%s non è un contesto valido%s è di proprietà dello uid %u, dovrebbe essere di %u%s è scrivibile da tutti%s lasciato non modificato%s deve essere scrivibile solo dal proprietario%s deve essere di proprietà dello uid %d%s deve essere di proprietà dello uid %d e avere il bit setuid impostato%s non modificato%s%s: %s%s: %s%s: %s %s: %s: %s %s: non è un file regolare%s: scrittura breveOpzioni di configurazione: %s Solo una delle opzioni -e, -h, -i, -K, -l, -s, -v o -V può essere specificataVersione di sudo: %s Segnale sconosciutoChiude tutti i descrittori di file >= numcontenuto della sessione di modifica lasciato in %simpossibile unirsi al pool di risorse predefinito per il progetto "%s"impossibile unirsi al progetto "%s"Crea il contesto di sicurezza SELinux con il ruolo specificatoCrea il contesto di sicurezza SELinux con il tipo specificatoVisualizza il messaggio di aiuto ed esceVisualizza le informazioni sulla versione ed esceModifica i file invece di eseguire un comandolo uid effettivo non è %d. %s si trova su un file system con l'opzione "nosuid" impostata o su un file system NFS senza privilegi di root?lo uid effettivo non è %d. Il programma sudo è installato con setuid root?errore in %s, riga %d, durante il caricamento del plugin "%s"errore nel ciclo dell'eventoerrore nell'inizializzare il plugin di I/O %serrore nel leggere dalla pipeerrore nel leggere dalla pipe di segnaleerrore nel leggere dal socketpairrecupero del vecchio contesto non riuscitoimpossibile impostare il nuovo ruolo %simpossibile impostare la nuova tipologia %serrore irreversibile, impossibile caricare i pluginviene ignorato il plugin di I/O duplicato "%s" in %s, riga %dviene ignorato il plugin di politica duplicato "%s" in %s, riga %dviene ignorato il plugin di politica "%s" in %s, riga %dIn modalità elenco, visualizza i privilegi dell'utentenumero principale di versione del plugin %d non compatibile (atteso %d) trovato in %serrore interno, overflow di %serrore interno, tentativo di chiamare ecalloc(0)errore interno, tentativo di chiamare emalloc(0)errore interno, tentativo di chiamare emalloc2(0)errore interno, tentativo di chiamare erealloc(0)errore interno, tentativo di chiamare erealloc3(0)errore interno, tentativo di chiamare erecalloc(0)gruppi massimi "%s" non validi in %s, riga %dvalore non validoInvalida il file temporaleElenca i privilegi dell'utente o verifica un comando specifico; usare due volte per il formato più lungoload_interfaces: rilevato overflownessun programma di richiesta password specificato, impostare SUDO_ASKPASSnon esiste alcun pool di risorse per il progetto "%s" che accetti binding predefinitinessun tty presente e nessun programma di richiesta password specificatoModalità non interattiva, non richiede nulla all'utentesolo un plugin di politica può essere specificatoerrore di plugin: elenco file mancante per sudoeditil plugin di politica %s non include un metodo check_policyil plugin di politica %s non supporta l'elencazione dei privilegiil plugin di politica %s non supporta le opzioni -k/-Kil plugin di politica %s non supporta l'opzione -vil plugin di politica %s non include un metodo "check_policy"inizializzazione della sessione non riuscita da parte del plugin della politicaMantiene il vettore di gruppo invece di impostarlo a quello dell'obiettivoMantiene l'ambiente dell'utente quando viene eseguito il comandoLegge la password dallo standard inputRimuove completamente il file temporalerichiede almeno un argomentoraggiunto il limite di controllo delle risorseEsegue un comando (o modifica un file) come il nome utente o l'ID specificatoEsegue il comando come il gruppo o l'ID specificatoEsegue il comando in backgroundEsegue il comando sull'host (se supportato dal plugin)Esegue il comando con la classe di accesso BSD specificataEsegue una shell di login come l'utente finale; può essere specificato un comandoEsegue la shell come l'utente finale; può essere specificato un comandoImposta la variabile HOME alla directory dell'utente finalesetproject per il progetto "%s" non riuscitail pool di risorse specificato non esiste per il progetto "%s"Ferma l'elaborazione degli argomenti a riga di comandosudoedit non è supportato su questa piattaformanon è possibile usare assieme le opzioni "-A" e "-S"l'opzione "-E" non è valida in modalità di modifical'opzione "-U" può essere usata solo con l'opzione "-l"l'argomento di -C deve essere un numero maggiore o uguale a 3il task chiamante è definitivoimpossibile aggiungere l'evento alla codaimpossibile allocare ptyimpossibile passare alla root %simpossibile modificare root a %simpossibile passare a un diverso uid (%u, %u)impossibile modificare lo uid a root (%u)impossibile creare una pipeimpossibile creare socketimpossibile determinare la modalità di rispetto.impossibile eseguire dup2 sullo stdinimpossibile eseguire %simpossibile eseguire fgetfilecon %simpossibile trovare il simbolo "%s" in %simpossibile eseguire forkimpossibile ottenere il contesto tty attuale, tty non viene ri-etichettatoimpossibile ottenere la tipologia predefinita per il ruolo %simpossibile ottenere il vettore di gruppoimpossibile ottenere il nuovo contesto tty, tty non viene ri-etichettatoimpossibile inizializzare il plugin delle politicheimpossibile caricare %s: %simpossibile aprire %simpossibile aprire %s, tty non viene ri-etichettatoimpossibile aprire il sistema di auditimpossibile aprire socketimpossibile aprire lo userdbimpossibile leggere il file temporaneoimpossibile rimuovere PRIV_PROC_EXEC da PRIV_LIMITimpossibile ripristinare il contesto per %simpossibile ripristinare il registroimpossibile ripristinare lo stdinimpossibile ripristinare l'etichetta ttyimpossibile eseguire %simpossibile salvare lo stdinimpossibile inviare il messaggio di auditimpossibile impostare il tty di controlloimpossibile impostare il gid effettivo per eseguire come %uimpossibile impostare il contesto exec a %simpossibile impostare il gid a %uimpossibile impostare il gid per eseguire come gid %uimpossibile impostare il contesto di creazione della chiave a %simpossibile impostare il nuovo contesto ttyimpossibile impostare la priorità del processoimpossibile impostare ID di gruppo supplementariimpossibile impostare il terminale in modalità rawimpossibile impostare il contesto tty a %simpossibile impostare lo uid a %uimpossibile impostare il contesto utenteimpossibile eseguire stat su %simpossibile passare al registro "%s" per %simpossibile scrivere su %scondizione di uscita del figlio inattesa: %dtipologia di risposta inattesa sul backchannel: %dmodalità 0x%x di sudo non attesaclasse di accesso %s sconosciutapolitica di tipo %d sconosciuta trovata in %suid %u sconosciuto: utente sconosciuto.gruppo sorgente "%s" non supportato in %s, riga %dAggiorna il timestamp dell'utente senza eseguire un comandoUtilizza un programma d'aiuto per richiedere la passwordUtilizza la tipologia di autenticazione BSD specificataUtilizza la richiesta della password specificatal'utente "%s" non fa parte del progetto "%s"valore troppo grandevalore troppo piccoloattenzione, assegnazione della risorsa di controllo per il progetto "%s" non riuscitanon è possibile specificare entrambe le opzioni "-i" ed "-E"non è possibile specificare entrambe le opzioni "-i" e "-s"non è possibile specificare variabili d'ambiente in modalità di modificaè necessario specificare un ruolo per la tipologia %ssudo-1.8.9p5/src/po/it.po010064400175440000012000000560561226304126400145410ustar00millertstaff# Italian translations for sudo package # This file is put in the public domain. # Milo Casagrande , 2011, 2012, 2013. # msgid "" msgstr "" "Project-Id-Version: sudo-1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-11 13:41-0700\n" "PO-Revision-Date: 2013-12-26 22:10+0100\n" "Last-Translator: Milo Casagrande \n" "Language-Team: Italian \n" "Language: it\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8-bit\n" "Plural-Forms: nplurals=2; plural=(n!=1);\n" "X-Generator: Gtranslator 2.91.6\n" #: common/aix.c:93 common/aix.c:150 msgid "unable to open userdb" msgstr "impossibile aprire lo userdb" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "impossibile passare al registro \"%s\" per %s" #: common/aix.c:170 msgid "unable to restore registry" msgstr "impossibile ripristinare il registro" #: common/alloc.c:81 msgid "internal error, tried to emalloc(0)" msgstr "errore interno, tentativo di chiamare emalloc(0)" #: common/alloc.c:98 msgid "internal error, tried to emalloc2(0)" msgstr "errore interno, tentativo di chiamare emalloc2(0)" #: common/alloc.c:100 common/alloc.c:122 common/alloc.c:162 common/alloc.c:185 #, c-format msgid "internal error, %s overflow" msgstr "errore interno, overflow di %s" #: common/alloc.c:119 msgid "internal error, tried to ecalloc(0)" msgstr "errore interno, tentativo di chiamare ecalloc(0)" #: common/alloc.c:141 msgid "internal error, tried to erealloc(0)" msgstr "errore interno, tentativo di chiamare erealloc(0)" #: common/alloc.c:160 msgid "internal error, tried to erealloc3(0)" msgstr "errore interno, tentativo di chiamare erealloc3(0)" #: common/alloc.c:183 msgid "internal error, tried to erecalloc(0)" msgstr "errore interno, tentativo di chiamare erecalloc(0)" #: common/atoid.c:78 common/atoid.c:106 common/atomode.c:54 #: compat/strtonum.c:65 compat/strtonum.c:183 msgid "invalid value" msgstr "valore non valido" #: common/atoid.c:85 common/atoid.c:113 common/atomode.c:60 #: compat/strtonum.c:68 compat/strtonum.c:195 msgid "value too large" msgstr "valore troppo grande" #: common/atoid.c:91 common/atomode.c:60 compat/strtonum.c:68 #: compat/strtonum.c:189 msgid "value too small" msgstr "valore troppo piccolo" #: common/fatal.c:158 #, c-format msgid "%s: %s: %s\n" msgstr "%s: %s: %s\n" #: common/fatal.c:161 common/fatal.c:165 #, c-format msgid "%s: %s\n" msgstr "%s: %s\n" #: common/gidlist.c:80 src/load_plugins.c:63 src/load_plugins.c:76 #: src/sudo.c:558 src/sudo.c:577 src/sudo.c:599 src/sudo.c:608 src/sudo.c:617 #: src/sudo.c:632 src/sudo.c:679 src/sudo.c:689 #, c-format msgid "%s: %s" msgstr "%s: %s" #: common/sudo_conf.c:177 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "gruppo sorgente \"%s\" non supportato in %s, riga %d" #: common/sudo_conf.c:191 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "gruppi massimi \"%s\" non validi in %s, riga %d" #: common/sudo_conf.c:391 #, c-format msgid "unable to stat %s" msgstr "impossibile eseguire stat su %s" #: common/sudo_conf.c:394 #, c-format msgid "%s is not a regular file" msgstr "%s non è un file regolare" #: common/sudo_conf.c:397 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s è di proprietà dello uid %u, dovrebbe essere di %u" #: common/sudo_conf.c:401 #, c-format msgid "%s is world writable" msgstr "%s è scrivibile da tutti" #: common/sudo_conf.c:404 #, c-format msgid "%s is group writable" msgstr "%s è scrivibile dal gruppo" #: common/sudo_conf.c:414 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "impossibile aprire %s" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Segnale sconosciuto" #: src/exec.c:133 src/exec_pty.c:744 msgid "policy plugin failed session initialization" msgstr "inizializzazione della sessione non riuscita da parte del plugin della politica" #: src/exec.c:138 src/exec_pty.c:760 src/exec_pty.c:1272 src/tgetpass.c:221 msgid "unable to fork" msgstr "impossibile eseguire fork" #: src/exec.c:309 src/exec.c:317 src/exec.c:841 src/exec_pty.c:507 #: src/exec_pty.c:512 src/exec_pty.c:570 src/exec_pty.c:577 src/exec_pty.c:870 #: src/exec_pty.c:880 src/exec_pty.c:925 src/exec_pty.c:932 #: src/exec_pty.c:1334 src/exec_pty.c:1341 src/exec_pty.c:1348 msgid "unable to add event to queue" msgstr "impossibile aggiungere l'evento alla coda" #: src/exec.c:394 msgid "unable to create sockets" msgstr "impossibile creare socket" #: src/exec.c:477 msgid "error in event loop" msgstr "errore nel ciclo dell'evento" #: src/exec.c:492 msgid "unable to restore tty label" msgstr "impossibile ripristinare l'etichetta tty" #: src/exec_common.c:73 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "impossibile rimuovere PRIV_PROC_EXEC da PRIV_LIMIT" #: src/exec_pty.c:184 msgid "unable to allocate pty" msgstr "impossibile allocare pty" #: src/exec_pty.c:682 src/exec_pty.c:691 src/exec_pty.c:699 #: src/exec_pty.c:1192 src/exec_pty.c:1269 src/signal.c:126 src/tgetpass.c:218 msgid "unable to create pipe" msgstr "impossibile creare una pipe" #: src/exec_pty.c:735 msgid "unable to set terminal to raw mode" msgstr "impossibile impostare il terminale in modalità raw" #: src/exec_pty.c:1091 msgid "error reading from signal pipe" msgstr "errore nel leggere dalla pipe di segnale" #: src/exec_pty.c:1124 msgid "error reading from pipe" msgstr "errore nel leggere dalla pipe" #: src/exec_pty.c:1149 msgid "error reading from socketpair" msgstr "errore nel leggere dal socketpair" #: src/exec_pty.c:1158 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "tipologia di risposta inattesa sul backchannel: %d" #: src/exec_pty.c:1248 msgid "unable to set controlling tty" msgstr "impossibile impostare il tty di controllo" #: src/load_plugins.c:61 src/load_plugins.c:74 src/load_plugins.c:91 #: src/load_plugins.c:144 src/load_plugins.c:150 src/load_plugins.c:156 #: src/load_plugins.c:197 src/load_plugins.c:204 src/load_plugins.c:211 #: src/load_plugins.c:217 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "errore in %s, riga %d, durante il caricamento del plugin \"%s\"" #: src/load_plugins.c:93 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:152 #, c-format msgid "%s must be owned by uid %d" msgstr "%s deve essere di proprietà dello uid %d" #: src/load_plugins.c:158 #, c-format msgid "%s must be only be writable by owner" msgstr "%s deve essere scrivibile solo dal proprietario" #: src/load_plugins.c:199 #, c-format msgid "unable to load %s: %s" msgstr "impossibile caricare %s: %s" #: src/load_plugins.c:206 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "impossibile trovare il simbolo \"%s\" in %s" #: src/load_plugins.c:213 #, c-format msgid "unknown policy type %d found in %s" msgstr "politica di tipo %d sconosciuta trovata in %s" #: src/load_plugins.c:219 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "numero principale di versione del plugin %d non compatibile (atteso %d) trovato in %s" #: src/load_plugins.c:228 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "viene ignorato il plugin di politica \"%s\" in %s, riga %d" #: src/load_plugins.c:230 msgid "only a single policy plugin may be specified" msgstr "solo un plugin di politica può essere specificato" #: src/load_plugins.c:233 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "viene ignorato il plugin di politica duplicato \"%s\" in %s, riga %d" #: src/load_plugins.c:248 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "viene ignorato il plugin di I/O duplicato \"%s\" in %s, riga %d" #: src/load_plugins.c:319 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "il plugin di politica %s non include un metodo check_policy" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 msgid "load_interfaces: overflow detected" msgstr "load_interfaces: rilevato overflow" #: src/net_ifs.c:226 msgid "unable to open socket" msgstr "impossibile aprire socket" #: src/parse_args.c:246 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "l'argomento di -C deve essere un numero maggiore o uguale a 3" #: src/parse_args.c:408 msgid "you may not specify both the `-i' and `-s' options" msgstr "non è possibile specificare entrambe le opzioni \"-i\" e \"-s\"" #: src/parse_args.c:412 msgid "you may not specify both the `-i' and `-E' options" msgstr "non è possibile specificare entrambe le opzioni \"-i\" ed \"-E\"" #: src/parse_args.c:422 msgid "the `-E' option is not valid in edit mode" msgstr "l'opzione \"-E\" non è valida in modalità di modifica" #: src/parse_args.c:424 msgid "you may not specify environment variables in edit mode" msgstr "non è possibile specificare variabili d'ambiente in modalità di modifica" #: src/parse_args.c:432 msgid "the `-U' option may only be used with the `-l' option" msgstr "l'opzione \"-U\" può essere usata solo con l'opzione \"-l\"" #: src/parse_args.c:436 msgid "the `-A' and `-S' options may not be used together" msgstr "non è possibile usare assieme le opzioni \"-A\" e \"-S\"" #: src/parse_args.c:519 msgid "sudoedit is not supported on this platform" msgstr "sudoedit non è supportato su questa piattaforma" #: src/parse_args.c:592 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Solo una delle opzioni -e, -h, -i, -K, -l, -s, -v o -V può essere specificata" #: src/parse_args.c:606 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s - modifica file come un altro utente\n" "\n" #: src/parse_args.c:608 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s - esegue un comando come un altro utente\n" "\n" #: src/parse_args.c:613 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "Opzioni:\n" #: src/parse_args.c:615 msgid "use a helper program for password prompting" msgstr "Utilizza un programma d'aiuto per richiedere la password" #: src/parse_args.c:618 msgid "use specified BSD authentication type" msgstr "Utilizza la tipologia di autenticazione BSD specificata" #: src/parse_args.c:621 msgid "run command in the background" msgstr "Esegue il comando in background" #: src/parse_args.c:623 msgid "close all file descriptors >= num" msgstr "Chiude tutti i descrittori di file >= num" #: src/parse_args.c:626 msgid "run command with the specified BSD login class" msgstr "Esegue il comando con la classe di accesso BSD specificata" #: src/parse_args.c:629 msgid "preserve user environment when running command" msgstr "Mantiene l'ambiente dell'utente quando viene eseguito il comando" #: src/parse_args.c:631 msgid "edit files instead of running a command" msgstr "Modifica i file invece di eseguire un comando" #: src/parse_args.c:633 msgid "run command as the specified group name or ID" msgstr "Esegue il comando come il gruppo o l'ID specificato" #: src/parse_args.c:635 msgid "set HOME variable to target user's home dir" msgstr "Imposta la variabile HOME alla directory dell'utente finale" #: src/parse_args.c:637 msgid "display help message and exit" msgstr "Visualizza il messaggio di aiuto ed esce" #: src/parse_args.c:639 msgid "run command on host (if supported by plugin)" msgstr "Esegue il comando sull'host (se supportato dal plugin)" #: src/parse_args.c:641 msgid "run login shell as the target user; a command may also be specified" msgstr "Esegue una shell di login come l'utente finale; può essere specificato un comando" #: src/parse_args.c:643 msgid "remove timestamp file completely" msgstr "Rimuove completamente il file temporale" #: src/parse_args.c:645 msgid "invalidate timestamp file" msgstr "Invalida il file temporale" #: src/parse_args.c:647 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "Elenca i privilegi dell'utente o verifica un comando specifico; usare due volte per il formato più lungo" #: src/parse_args.c:649 msgid "non-interactive mode, no prompts are used" msgstr "Modalità non interattiva, non richiede nulla all'utente" #: src/parse_args.c:651 msgid "preserve group vector instead of setting to target's" msgstr "Mantiene il vettore di gruppo invece di impostarlo a quello dell'obiettivo" #: src/parse_args.c:653 msgid "use the specified password prompt" msgstr "Utilizza la richiesta della password specificata" #: src/parse_args.c:656 msgid "create SELinux security context with specified role" msgstr "Crea il contesto di sicurezza SELinux con il ruolo specificato" #: src/parse_args.c:659 msgid "read password from standard input" msgstr "Legge la password dallo standard input" #: src/parse_args.c:661 msgid "run shell as the target user; a command may also be specified" msgstr "Esegue la shell come l'utente finale; può essere specificato un comando" #: src/parse_args.c:664 msgid "create SELinux security context with specified type" msgstr "Crea il contesto di sicurezza SELinux con il tipo specificato" #: src/parse_args.c:667 msgid "in list mode, display privileges for user" msgstr "In modalità elenco, visualizza i privilegi dell'utente" #: src/parse_args.c:669 msgid "run command (or edit file) as specified user name or ID" msgstr "Esegue un comando (o modifica un file) come il nome utente o l'ID specificato" #: src/parse_args.c:671 msgid "display version information and exit" msgstr "Visualizza le informazioni sulla versione ed esce" #: src/parse_args.c:673 msgid "update user's timestamp without running a command" msgstr "Aggiorna il timestamp dell'utente senza eseguire un comando" #: src/parse_args.c:675 msgid "stop processing command line arguments" msgstr "Ferma l'elaborazione degli argomenti a riga di comando" #: src/selinux.c:77 msgid "unable to open audit system" msgstr "impossibile aprire il sistema di audit" #: src/selinux.c:85 msgid "unable to send audit message" msgstr "impossibile inviare il messaggio di audit" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "impossibile eseguire fgetfilecon %s" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s ha modificato le etichette" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "impossibile ripristinare il contesto per %s" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "impossibile aprire %s, tty non viene ri-etichettato" #: src/selinux.c:172 msgid "unable to get current tty context, not relabeling tty" msgstr "impossibile ottenere il contesto tty attuale, tty non viene ri-etichettato" #: src/selinux.c:179 msgid "unable to get new tty context, not relabeling tty" msgstr "impossibile ottenere il nuovo contesto tty, tty non viene ri-etichettato" #: src/selinux.c:186 msgid "unable to set new tty context" msgstr "impossibile impostare il nuovo contesto tty" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "è necessario specificare un ruolo per la tipologia %s" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "impossibile ottenere la tipologia predefinita per il ruolo %s" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "impossibile impostare il nuovo ruolo %s" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "impossibile impostare la nuova tipologia %s" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s non è un contesto valido" #: src/selinux.c:324 msgid "failed to get old_context" msgstr "recupero del vecchio contesto non riuscito" #: src/selinux.c:330 msgid "unable to determine enforcing mode." msgstr "impossibile determinare la modalità di rispetto." #: src/selinux.c:342 #, c-format msgid "unable to set tty context to %s" msgstr "impossibile impostare il contesto tty a %s" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "impossibile impostare il contesto exec a %s" #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "impossibile impostare il contesto di creazione della chiave a %s" #: src/sesh.c:57 msgid "requires at least one argument" msgstr "richiede almeno un argomento" #: src/sesh.c:78 src/sudo.c:1088 #, c-format msgid "unable to execute %s" msgstr "impossibile eseguire %s" #: src/solaris.c:88 msgid "resource control limit has been reached" msgstr "raggiunto il limite di controllo delle risorse" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "l'utente \"%s\" non fa parte del progetto \"%s\"" #: src/solaris.c:95 msgid "the invoking task is final" msgstr "il task chiamante è definitivo" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "impossibile unirsi al progetto \"%s\"" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "non esiste alcun pool di risorse per il progetto \"%s\" che accetti binding predefiniti" #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "il pool di risorse specificato non esiste per il progetto \"%s\"" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "impossibile unirsi al pool di risorse predefinito per il progetto \"%s\"" #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "setproject per il progetto \"%s\" non riuscita" #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "attenzione, assegnazione della risorsa di controllo per il progetto \"%s\" non riuscita" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Versione di sudo: %s\n" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Opzioni di configurazione: %s\n" #: src/sudo.c:203 msgid "fatal error, unable to load plugins" msgstr "errore irreversibile, impossibile caricare i plugin" #: src/sudo.c:211 msgid "unable to initialize policy plugin" msgstr "impossibile inizializzare il plugin delle politiche" #: src/sudo.c:267 #, c-format msgid "error initializing I/O plugin %s" msgstr "errore nell'inizializzare il plugin di I/O %s" #: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "modalità 0x%x di sudo non attesa" #: src/sudo.c:413 msgid "unable to get group vector" msgstr "impossibile ottenere il vettore di gruppo" # (ndt) mah... andrebbe resa meglio... #: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "uid %u sconosciuto: utente sconosciuto." #: src/sudo.c:762 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s deve essere di proprietà dello uid %d e avere il bit setuid impostato" #: src/sudo.c:765 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "lo uid effettivo non è %d. %s si trova su un file system con l'opzione \"nosuid\" impostata o su un file system NFS senza privilegi di root?" #: src/sudo.c:771 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "lo uid effettivo non è %d. Il programma sudo è installato con setuid root?" #: src/sudo.c:897 #, c-format msgid "unknown login class %s" msgstr "classe di accesso %s sconosciuta" #: src/sudo.c:910 msgid "unable to set user context" msgstr "impossibile impostare il contesto utente" #: src/sudo.c:924 msgid "unable to set supplementary group IDs" msgstr "impossibile impostare ID di gruppo supplementari" #: src/sudo.c:931 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "impossibile impostare il gid effettivo per eseguire come %u" #: src/sudo.c:937 #, c-format msgid "unable to set gid to runas gid %u" msgstr "impossibile impostare il gid per eseguire come gid %u" #: src/sudo.c:944 msgid "unable to set process priority" msgstr "impossibile impostare la priorità del processo" #: src/sudo.c:952 #, c-format msgid "unable to change root to %s" msgstr "impossibile modificare root a %s" #: src/sudo.c:965 src/sudo.c:971 src/sudo.c:977 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "impossibile passare a un diverso uid (%u, %u)" #: src/sudo.c:994 #, c-format msgid "unable to change directory to %s" msgstr "impossibile passare alla root %s" #: src/sudo.c:1051 #, c-format msgid "unexpected child termination condition: %d" msgstr "condizione di uscita del figlio inattesa: %d" #: src/sudo.c:1108 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "il plugin di politica %s non include un metodo \"check_policy\"" #: src/sudo.c:1121 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "il plugin di politica %s non supporta l'elencazione dei privilegi" #: src/sudo.c:1133 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "il plugin di politica %s non supporta l'opzione -v" #: src/sudo.c:1145 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "il plugin di politica %s non supporta le opzioni -k/-K" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "impossibile modificare lo uid a root (%u)" #: src/sudo_edit.c:142 msgid "plugin error: missing file list for sudoedit" msgstr "errore di plugin: elenco file mancante per sudoedit" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: non è un file regolare" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: scrittura breve" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s lasciato non modificato" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s non modificato" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "impossibile scrivere su %s" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "contenuto della sessione di modifica lasciato in %s" #: src/sudo_edit.c:314 msgid "unable to read temporary file" msgstr "impossibile leggere il file temporaneo" #: src/tgetpass.c:90 msgid "no tty present and no askpass program specified" msgstr "nessun tty presente e nessun programma di richiesta password specificato" #: src/tgetpass.c:99 msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "nessun programma di richiesta password specificato, impostare SUDO_ASKPASS" #: src/tgetpass.c:232 #, c-format msgid "unable to set gid to %u" msgstr "impossibile impostare il gid a %u" #: src/tgetpass.c:236 #, c-format msgid "unable to set uid to %u" msgstr "impossibile impostare lo uid a %u" #: src/tgetpass.c:241 #, c-format msgid "unable to run %s" msgstr "impossibile eseguire %s" #: src/utmp.c:278 msgid "unable to save stdin" msgstr "impossibile salvare lo stdin" #: src/utmp.c:280 msgid "unable to dup2 stdin" msgstr "impossibile eseguire dup2 sullo stdin" #: src/utmp.c:283 msgid "unable to restore stdin" msgstr "impossibile ripristinare lo stdin" sudo-1.8.9p5/src/po/ja.mo010064400175440000012000000442531226304146200145100ustar00millertstaffÞ•›ôÓÌ   !$ (F o  – ¯ #É í $:6U Œ™¢5©ß-ö$4QloI†Ðá!ð#86o4‹À%ß({.7ª â:'X€š´#Îò##2$V${% %Æì"'6JC/Å+õ,!7N4†3»/ï+5K1"³!Öø'!?a-}«'Ê ò-".7Q'‰*±2Ü)59>o®Éã ú&7!^€–#¯Óë.5=&sš1µ"ç %B^tŠ/¨ Øù,HYn‹+© Õö!(0Yw%–"¼ß÷"5(Gp*†(±Úô ( 29 *l &— ¾ )Ý <!/D!2t!2§!6Ú!#"°5"æ#@ù#@:$${$E $-æ$6%aK%'­%'Õ%Eý%8C&p|&í&''i'+€'R¬'ÿ';(,X(…(ˆ(O§(÷():,)=g)c¥)0 *U:*4*1Å*C÷*·;+xó+Gl,B´,N÷,KF-7’-EÊ-1.4B.?w.:·./ò./"/1R/1„/2¶/2é/40@Q0>’0|Ñ0{N1rÊ1F=2M„2ZÒ2X-3S†3PÚ3N+4^z4LÙ41&5:X53“53Ç5Fû5:B6^}67Ü6@7U7Zr7>Í7T 84a8Q–8Mè8869Po9?À93:04:"e:4ˆ:$½:Bâ:;%;!a;$ƒ;9¨;/â;-<@<0\<<g¢<C =0N=g=6ç=>R4>3‡>-»>?é>9)?Hc?B¬?*ï?$@%?@e@$@6¦@%Ý@SA7WA-AM½A= B8IB-‚B/°B/àB-C6>CDuC,ºCKçC*3D:^DR™D-ìD(E0CEtER”EFçE0.F:_FQšFTìFRAGM”GMâG90H@jHa=€i>“st0”:ˆcCqRQ5/…%;X‘,N@† Š&#MKdj‰+$olw47D_3ev ~›hE•'Ž™ (nT x‚AIVZ–}8m<?O‹*["yb1W—’„uŒ|r.]k` \{^SBJL)zGYP-š2˜!9fFƒH6‡gpU Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: incompatible policy major version %d, expected %d%s: not a regular file%s: only a single policy plugin may be loaded%s: short write%s: unable to find symbol %s%s: unknown policy type %d: Configure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= fd contents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified role display help message and exit display version information and exit edit files instead of running a command effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairexecute command as the specified group failed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalidate timestamp file list user's available commands load_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, will not prompt user plugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin failed session initializationpreserve group vector instead of setting to target's preserve user environment when executing command read password from standard input remove timestamp file completely requires at least one argumentresource control limit has been reachedrun a login shell as target user run a shell as target user run command (or edit file) as specified user run command in the background run command with specified login class select failedset HOME variable to target user's home dir. setproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line arguments sudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to allocate memoryunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dlopen %s: %sunable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set uid to %uunable to set user contextunable to setup tty context for %sunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown uid %u: who are you?unknown user: %supdate user's timestamp without running a command use helper program for password prompting use specified BSD authentication type use specified password prompt user "%s" is not a member of project "%s"warning, resource control assignment failed for project "%s"when listing, list specified user's privileges you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo 1.8.6b4 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2012-08-10 13:08-0400 PO-Revision-Date: 2012-08-18 19:20+0900 Last-Translator: Takeshi Hamasaki Language-Team: Japanese Language: ja MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=1; plural=0; オプション: %s - 別ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¨ã—ã¦ãƒ•ァイルを編集ã—ã¾ã™ %s - 別ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¨ã—ã¦ã‚³ãƒžãƒ³ãƒ‰ã‚’実行ã—ã¾ã™ %s ã¯ãƒ©ãƒ™ãƒ«ã‚’変更ã—ã¾ã—ãŸ%s ã¯ã‚°ãƒ«ãƒ¼ãƒ—ã®ãƒ¡ãƒ³ãƒãƒ¼ã«ã‚ˆã‚‹æ›¸ãè¾¼ã¿ãŒå¯èƒ½ã§ã™%s ã¯é€šå¸¸ãƒ•ァイルã§ã¯ã‚りã¾ã›ã‚“%s ã¯æœ‰åйãªã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§ã¯ã‚りã¾ã›ã‚“%s ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ID %u ã«ã‚ˆã£ã¦æ‰€æœ‰ã•れã¦ã„ã¾ã™ã€‚ã“れ㯠%u ã§ã‚ã‚‹ã¹ãã§ã™%s ã¯èª°ã§ã‚‚書ãè¾¼ã¿å¯èƒ½ã§ã™%s を修正ã—ãªã„ã¾ã¾ã«ã—ã¾ã™%s ã¯æ‰€æœ‰è€…ã®ã¿æ›¸ãè¾¼ã¿å¯èƒ½ã§ç„¡ã‘れã°ã„ã‘ã¾ã›ã‚“%s ã®æ‰€æœ‰è€…㯠uid %d ã§ãªã‘れã°ã„ã‘ã¾ã›ã‚“%s ã¯æ‰€æœ‰è€…㌠uid %d ã§ã‚ã‚‹å¿…è¦ãŒã‚りã€ã‹ã¤ setuid ãŒè¨­å®šã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™%s を変更ã—ã¾ã›ã‚“%s%s: %s%s: %s%s: äº’æ›æ€§ã®ç„¡ã„ãƒãƒªã‚·ãƒ¼ãƒ¡ã‚¸ãƒ£ãƒ¼ãƒãƒ¼ã‚¸ãƒ§ãƒ³ %d ã§ã™ã€‚予期ã•れるã®ã¯ %d ã§ã™%s: 通常ファイルã§ã¯ã‚りã¾ã›ã‚“%s: 一ã¤ã®ãƒãƒªã‚·ãƒ¼ãƒ—ラグインã®ã¿ãƒ­ãƒ¼ãƒ‰ã•れã¦ã„るよã†ã§ã™%s: çŸ­ã„æ›¸ãè¾¼ã¿ã§ã™%s: シンボル %s を見ã¤ã‘ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“%s: 䏿˜Žãªãƒãƒªã‚·ãƒ¼ã‚¿ã‚¤ãƒ— %d ã§ã™: configure オプション: %s -e, -h, -i, -K, -l, -s, -v ã¾ãŸã¯ -V ã®ã†ã¡ä¸€ã¤ã®ã¿æŒ‡å®šã§ãã¾ã™Sudo ãƒãƒ¼ã‚¸ãƒ§ãƒ³ %s 䏿˜Žãªã‚·ã‚°ãƒŠãƒ«ã§ã™fd 以上ã®ã™ã¹ã¦ã®ãƒ•ァイル記述å­ã‚’é–‰ã˜ã‚‹ 編集セッションã®å†…容㌠%s å†…ã«æ®‹ã£ã¦ã„ã¾ã™ãƒ—ロジェクト "%s" 用ã«ãƒ‡ãƒ•ォルト資æºãƒ—ールを割り当ã¦ã‚‰ã‚Œã¾ã›ã‚“ã§ã—ãŸãƒ—ロジェクト "%s" ã«å‚加ã§ãã¾ã›ã‚“指定ã—ãŸå½¹å‰²ã§ SELinux セキュリティーコンテキストを作æˆã™ã‚‹ ヘルプメッセージを表示ã—ã¦çµ‚了ã™ã‚‹ ãƒãƒ¼ã‚¸ãƒ§ãƒ³æƒ…報を表示ã—ã¦çµ‚了ã™ã‚‹ コマンドを実行ã™ã‚‹ä»£ã‚りã«ãƒ•ァイルを編集ã™ã‚‹ 実効 uid ㌠%d ã§ã¯ã‚りã¾ã›ã‚“ã€%s 㯠'nosuid' ãŒè¨­å®šã•れãŸãƒ•ァイルシステムã«ã‚ã‚‹ã‹ã€root 権é™ã®ãªã„NFSファイルシステムã«ã‚ã‚‹ã®ã§ã¯ï¼Ÿå®Ÿåй uid ㌠%d ã§ã¯ã‚りã¾ã›ã‚“ã€sudo 㯠setuid root を設定ã—ã¦ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã•れã¦ã„ã¾ã™ã‹ï¼ŸI/O プラグイン %s ã‚’åˆæœŸåŒ–中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸãƒ‘イプã‹ã‚‰ã®èª­ã¿è¾¼ã¿ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã‚·ã‚°ãƒŠãƒ«ãƒ‘イプã‹ã‚‰ã®èª­ã¿è¾¼ã¿ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã‚½ã‚±ãƒƒãƒˆãƒšã‚¢ã‹ã‚‰ã®èª­ã¿è¾¼ã¿ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸæŒ‡å®šã—ãŸã‚°ãƒ«ãƒ¼ãƒ—ã§ã‚³ãƒžãƒ³ãƒ‰ã‚’実行ã™ã‚‹ å¤ã„コンテキスト (old_context) ã®å–å¾—ã«å¤±æ•—ã—ã¾ã—ãŸæ–°ã—ã„役割 %s ã®è¨­å®šã«å¤±æ•—ã—ã¾ã—ãŸæ–°ã—ã„タイプ %s ã®è¨­å®šã«å¤±æ•—ã—ã¾ã—ãŸè‡´å‘½çš„エラーã€ãƒ—ラグインをロードã§ãã¾ã›ã‚“内部エラー〠%s ãŒã‚ªãƒ¼ãƒãƒ¼ãƒ•ローã—ã¾ã—ãŸå†…部エラーã€ecalloc(0) を試ã¿ã¾ã—ãŸå†…部エラーã€emalloc(0) を試ã¿ã¾ã—ãŸå†…部エラー〠emalloc2(0) を試ã¿ã¾ã—ãŸå†…部エラー〠erealloc(0) を試ã¿ã¾ã—ãŸå†…部エラー〠erealloc3(0) を試ã¿ã¾ã—ãŸå†…部エラー〠erecalloc(0) を試ã¿ã¾ã—ãŸã‚¿ã‚¤ãƒ ã‚¹ã‚¿ãƒ³ãƒ—ファイルを無効ã«ã™ã‚‹ ユーザーãŒä½¿ç”¨å¯èƒ½ãªã‚³ãƒžãƒ³ãƒ‰ã‚’一覧表示ã™ã‚‹ load_interfaces: オーãƒãƒ¼ãƒ•ãƒ­ãƒ¼ãŒæ¤œå‡ºã•れã¾ã—ãŸãƒ‘スワードを尋ã­ã‚‹ (askpass) ãƒ—ãƒ­ã‚°ãƒ©ãƒ ãŒæŒ‡å®šã•れã¦ã„ã¾ã›ã‚“。 SUDO_ASKPASS ã®è¨­å®šã‚’試ã¿ã¾ã™ãƒ—ロジェクト "%s" 用ã«ã¯ãƒ‡ãƒ•ォルト割り当ã¦ã¨ã—ã¦å—ã‘付ã‘られる資æºãƒ—ールãŒã‚りã¾ã›ã‚“端末 (tty) ãŒå­˜åœ¨ã›ãšã€ãƒ‘スワードを尋ã­ã‚‹ (askpass) ãƒ—ãƒ­ã‚°ãƒ©ãƒ ãŒæŒ‡å®šã•れã¦ã„ã¾ã›ã‚“éžå¯¾è©±ãƒ¢ãƒ¼ãƒ‰ã§å®Ÿè¡Œã—ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã«å…¥åŠ›ã‚’æ±‚ã‚ãªã„ プラグインエラー: sudoedit 用ã®ãƒ•ァイル一覧ãŒã‚りã¾ã›ã‚“ãƒãƒªã‚·ãƒ¼ãƒ—ラグイン %s ã«ã¯ check_policy メソッドãŒå«ã¾ã‚Œã¦ã„ã¾ã›ã‚“ãƒãƒªã‚·ãƒ¼ãƒ—ラグイン %s ã¯æ¨©é™ã®ä¸€è¦§è¡¨ç¤ºã‚’サãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“ãƒãƒªã‚·ãƒ¼ãƒ—ラグイン %s 㯠-k/-K オプションをサãƒãƒ¼ãƒˆã—ã¾ã›ã‚“ãƒãƒªã‚·ãƒ¼ãƒ—ラグイン %s 㯠-v オプションをサãƒãƒ¼ãƒˆã—ã¾ã›ã‚“ãƒãƒªã‚·ãƒ¼ãƒ—ラグインãŒã‚»ãƒƒã‚·ãƒ§ãƒ³ã®åˆæœŸåŒ–ã«å¤±æ•—ã—ã¾ã—ãŸã‚°ãƒ«ãƒ¼ãƒ—ベクトルをä¿è­·ã™ã‚‹ (変更先ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ã‚‚ã®ã«è¨­å®šã—ãªã„) コマンドを実行ã™ã‚‹æ™‚ã«ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ç’°å¢ƒå¤‰æ•°ã‚’ä¿è­·ã™ã‚‹ 標準入力ã‹ã‚‰ãƒ‘スワードを読ã¿è¾¼ã‚€ タイムスタンプファイルを完全ã«å‰Šé™¤ã™ã‚‹ 最低ã§ã‚‚一ã¤ä»¥ä¸ŠãŠã®å¼•æ•°ãŒå¿…è¦ã§ã™è³‡æºåˆ¶å¾¡ã®åˆ¶é™ã®æœ€å¤§å€¤ã«é”ã—ã¾ã—ãŸå¤‰æ›´å…ˆã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¨ã—ã¦ãƒ­ã‚°ã‚¤ãƒ³ã‚·ã‚§ãƒ«ã‚’実行ã™ã‚‹ 変更先ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¨ã—ã¦ã‚·ã‚§ãƒ«ã‚’実行ã™ã‚‹ 指定ã—ãŸãƒ¦ãƒ¼ã‚¶ãƒ¼ã§ã‚³ãƒžãƒ³ãƒ‰ã‚’実行ã™ã‚‹ (ã¾ãŸã¯ãƒ•ァイルを編集ã™ã‚‹) コマンドをãƒãƒƒã‚¯ã‚°ãƒ©ã‚¦ãƒ³ãƒ‰ã§å®Ÿè¡Œã™ã‚‹ 指定ã—ãŸãƒ­ã‚°ã‚¤ãƒ³ã‚¯ãƒ©ã‚¹ã§ã‚³ãƒžãƒ³ãƒ‰ã‚’実行ã™ã‚‹ select ã«å¤±æ•—ã—ã¾ã—ãŸHOME 変数を変更先ã¨ãªã‚‹ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ›ãƒ¼ãƒ ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«è¨­å®šã™ã‚‹ プロジェクト"%s" ã¸ã® setproject ã«å¤±æ•—ã—ã¾ã—ãŸãƒ—ロジェクト "%s" 用ã¨ã—ã¦æŒ‡å®šã—ãŸè³‡æºãƒ—ールã¯å­˜åœ¨ã—ã¾ã›ã‚“コマンドライン引数ã®å‡¦ç†ã‚’終了ã™ã‚‹ sudoedit ã¯ã“ã®ãƒ—ラットフォームã§ã¯ã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã¾ã›ã‚“`-A' 㨠`-S' オプションã¯åŒæ™‚ã«æŒ‡å®šã™ã‚‹ã“ã¨ã¯ã§ãã¾ã›ã‚“`-E' オプションã¯ç·¨é›†ãƒ¢ãƒ¼ãƒ‰ã§ã¯ç„¡åйã§ã™`-U' オプション㯠`-l' オプションã®ã¿ã¨åŒæ™‚ã«æŒ‡å®šã§ãã¾ã™-C ã®å¼•数㯠3 ä»¥ä¸Šã®æ•°å€¤ã§ãªã‘れã°ã„ã‘ã¾ã›ã‚“èµ·å‹•ã—ã¦ã„ã‚‹ã‚¿ã‚¹ã‚¯ã¯æœ€å¾Œ (final) ã§ã™ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚’行ãˆã¾ã›ã‚“ã§ã—ãŸpty を割り当ã¦ã‚‰ã‚Œã¾ã›ã‚“ディレクトリーを %s ã«å¤‰æ›´ã§ãã¾ã›ã‚“root ã‚’ %s ã¸å¤‰æ›´ã§ãã¾ã›ã‚“実行時ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ID (uid) (%u, %u) ã¸å¤‰æ›´ã§ãã¾ã›ã‚“ユーザーID (uid) ã‚’ root (%u) ã«å¤‰æ›´ã§ãã¾ã›ã‚“パイプを作æˆã§ãã¾ã›ã‚“ソケットを作æˆã§ãã¾ã›ã‚“強制モードを決定ã™ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“。dlopen %s を行ã†ã“ã¨ãŒã§ãã¾ã›ã‚“: %s標準入力㸠dup2 を実行ã§ãã¾ã›ã‚“%s を実行ã§ãã¾ã›ã‚“fgetfilecon %s を行ã†ã“ã¨ãŒã§ãã¾ã›ã‚“fork ã§ãã¾ã›ã‚“ç¾åœ¨ã® tty コンテキストをå–å¾—ã§ãã¾ã›ã‚“。 tty ã®å†ãƒ©ãƒ™ãƒ«ä»˜ã‘を行ã„ã¾ã›ã‚“役割 %s 用ã®ãƒ‡ãƒ•ォルトã®ã‚¿ã‚¤ãƒ—ã‚’å–å¾—ã§ãã¾ã›ã‚“グループベクトルをå–å¾—ã§ãã¾ã›ã‚“æ–°ã—ã„ tty コンテキストをå–å¾—ã§ãã¾ã›ã‚“。 tty ã®å†ãƒ©ãƒ™ãƒ«ä»˜ã‘を行ã„ã¾ã›ã‚“ãƒãƒªã‚·ãƒ¼ãƒ—ãƒ©ã‚°ã‚¤ãƒ³ã‚’åˆæœŸåŒ–ã§ãã¾ã›ã‚“%s ã‚’é–‹ã‘ã¾ã›ã‚“%s ã‚’é–‹ãã“ã¨ãŒã§ãã¾ã›ã‚“。tty ã®å†ãƒ©ãƒ™ãƒ«ä»˜ã‘を行ã„ã¾ã›ã‚“監査システムを開ãã“ã¨ãŒã§ãã¾ã›ã‚“ソケットを開ãã“ã¨ãŒã§ãã¾ã›ã‚“ユーザーデータベースを開ãã“ã¨ãŒã§ãã¾ã›ã‚“一時ファイルを読ã¿è¾¼ã‚€ã“ã¨ãŒã§ãã¾ã›ã‚“PRIV_LIMIT ã‹ã‚‰ PRIV_PROC_EXEC ã‚’å–り除ãã“ã¨ãŒã§ãã¾ã›ã‚“%s 用ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’復元ã™ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“レジストリーを復元ã§ãã¾ã›ã‚“標準入力を復元ã§ãã¾ã›ã‚“tty ラベルを復旧ã§ãã¾ã›ã‚“%s を実行ã§ãã¾ã›ã‚“標準入力をä¿å­˜ã§ãã¾ã›ã‚“監査メッセージをé€ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“tty ã®åˆ¶å¾¡è¨­å®šãŒã§ãã¾ã›ã‚“実行時ã®ã‚°ãƒ«ãƒ¼ãƒ—ID (gid) %u を実効グループIDã«è¨­å®šã§ãã¾ã›ã‚“実行コンテキストを %s ã«è¨­å®šã§ãã¾ã›ã‚“グループIDã‚’ %u ã«è¨­å®šã§ãã¾ã›ã‚“実行時ã®ã‚°ãƒ«ãƒ¼ãƒ—ID (gid) %u をグループIDã«è¨­å®šã§ãã¾ã›ã‚“キー作æˆã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ %s ã¸è¨­å®šã§ãã¾ã›ã‚“æ–°ã—ã„ tty コンテキストを設定ã§ãã¾ã›ã‚“プロセス優先度を設定ã§ãã¾ã›ã‚“追加ã®ã‚°ãƒ«ãƒ¼ãƒ—IDを設定ã§ãã¾ã›ã‚“端末を raw モードã«è¨­å®šã§ãã¾ã›ã‚“ユーザーIDã‚’ %u ã«è¨­å®šã§ãã¾ã›ã‚“ユーザーコンテキストを設定ã§ãã¾ã›ã‚“%s 用㮠tty コンテキストをセットアップã§ãã¾ã›ã‚“%s ã®çŠ¶æ…‹å–å¾— (stat) ãŒã§ãã¾ã›ã‚“%s 用ã®ãƒ¬ã‚¸ã‚¹ãƒˆãƒªãƒ¼ "%s" ã¸åˆ‡ã‚Šæ›¿ãˆã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“%s ã¸æ›¸ã込むã“ã¨ãŒã§ãã¾ã›ã‚“予期ã—ãªã„å­ãƒ—ロセスã®çµ‚了コードã§ã™: %dãƒãƒƒã‚¯ãƒãƒ£ãƒ³ãƒãƒ«ã«é–¢ã™ã‚‹äºˆæœŸã—ãªã„リプレイタイプã§ã™: %d予期ã—ãªã„ sudo ã®ãƒ¢ãƒ¼ãƒ‰ 0x%x ã§ã™ä¸æ˜Žãªãƒ­ã‚°ã‚¤ãƒ³ã‚¯ãƒ©ã‚¹ %s ã§ã™ä¸æ˜Žãªãƒ¦ãƒ¼ã‚¶ãƒ¼ID %u ã§ã™: 誰ã§ã™ã‹?䏿˜Žãªãƒ¦ãƒ¼ã‚¶ãƒ¼ã§ã™: %sコマンドを実行ã›ãšã«ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ã‚¿ã‚¤ãƒ ã‚¹ã‚¿ãƒ³ãƒ—ã‚’æ›´æ–°ã™ã‚‹ ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰è¦æ±‚ã®ãŸã‚ã«è£œåŠ©ãƒ—ãƒ­ã‚°ãƒ©ãƒ ã‚’ä½¿ç”¨ã™ã‚‹ 指定ã—㟠BSD èªè¨¼ã‚¿ã‚¤ãƒ—を使用ã™ã‚‹ 指定ã—ãŸãƒ‘スワードプロンプトを使用ã™ã‚‹ ユーザー "%s" ã¯ãƒ—ロジェクト "%s" ã®ãƒ¡ãƒ³ãƒãƒ¼ã§ã¯ã‚りã¾ã›ã‚“警告ã€ãƒ—ロジェクト "%s" ã¸ã®è³‡æºåˆ¶å¾¡å‰²ã‚Šå½“ã¦ã«å¤±æ•—ã—ã¾ã—ãŸä¸€è¦§è¡¨ç¤ºã™ã‚‹æ™‚ã«ã€æŒ‡å®šã—ãŸãƒ¦ãƒ¼ã‚¶ãƒ¼ã®æ¨©é™ã‚’一覧表示ã™ã‚‹ `-i' 㨠`-E' ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã‚’åŒæ™‚ã«æŒ‡å®šã™ã‚‹ã“ã¨ã¯ã§ãã¾ã›ã‚“`-i' 㨠`-s' ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã‚’åŒæ™‚ã«æŒ‡å®šã™ã‚‹ã“ã¨ã¯ã§ãã¾ã›ã‚“編集モードã§ã¯ç’°å¢ƒå¤‰æ•°ã‚’指定ã§ãã¾ã›ã‚“タイプ %s 用ã®å½¹å‰²ã‚’指定ã—ãªã‘れã°ã„ã‘ã¾ã›ã‚“sudo-1.8.9p5/src/po/ja.po010064400175440000012000000602311226304126400145050ustar00millertstaff# Japanese messages for sudo # This file is put in the public domain. # Yasuaki Taniguchi , 2011. # Takeshi Hamasaki , 2012 # msgid "" msgstr "" "Project-Id-Version: sudo 1.8.6b4\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2012-08-10 13:08-0400\n" "PO-Revision-Date: 2012-08-18 19:20+0900\n" "Last-Translator: Takeshi Hamasaki \n" "Language-Team: Japanese \n" "Language: ja\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" #: common/aix.c:150 #, c-format msgid "unable to open userdb" msgstr "ユーザーデータベースを開ãã“ã¨ãŒã§ãã¾ã›ã‚“" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "%s 用ã®ãƒ¬ã‚¸ã‚¹ãƒˆãƒªãƒ¼ \"%s\" ã¸åˆ‡ã‚Šæ›¿ãˆã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“" #: common/aix.c:170 #, c-format msgid "unable to restore registry" msgstr "レジストリーを復元ã§ãã¾ã›ã‚“" #: common/alloc.c:82 msgid "internal error, tried to emalloc(0)" msgstr "内部エラーã€emalloc(0) を試ã¿ã¾ã—ãŸ" #: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 #: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270 #: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482 #: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759 #, c-format msgid "unable to allocate memory" msgstr "メモリ割り当ã¦ã‚’行ãˆã¾ã›ã‚“ã§ã—ãŸ" #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" msgstr "内部エラー〠emalloc2(0) を試ã¿ã¾ã—ãŸ" #: common/alloc.c:101 common/alloc.c:123 common/alloc.c:163 common/alloc.c:187 #, c-format msgid "internal error, %s overflow" msgstr "内部エラー〠%s ãŒã‚ªãƒ¼ãƒãƒ¼ãƒ•ローã—ã¾ã—ãŸ" #: common/alloc.c:120 msgid "internal error, tried to ecalloc(0)" msgstr "内部エラーã€ecalloc(0) を試ã¿ã¾ã—ãŸ" #: common/alloc.c:142 msgid "internal error, tried to erealloc(0)" msgstr "内部エラー〠erealloc(0) を試ã¿ã¾ã—ãŸ" #: common/alloc.c:161 msgid "internal error, tried to erealloc3(0)" msgstr "内部エラー〠erealloc3(0) を試ã¿ã¾ã—ãŸ" #: common/alloc.c:185 msgid "internal error, tried to erecalloc(0)" msgstr "内部エラー〠erecalloc(0) を試ã¿ã¾ã—ãŸ" #: common/sudo_conf.c:305 #, c-format msgid "unable to stat %s" msgstr "%s ã®çŠ¶æ…‹å–å¾— (stat) ãŒã§ãã¾ã›ã‚“" #: common/sudo_conf.c:308 #, c-format msgid "%s is not a regular file" msgstr "%s ã¯é€šå¸¸ãƒ•ァイルã§ã¯ã‚りã¾ã›ã‚“" #: common/sudo_conf.c:311 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ID %u ã«ã‚ˆã£ã¦æ‰€æœ‰ã•れã¦ã„ã¾ã™ã€‚ã“れ㯠%u ã§ã‚ã‚‹ã¹ãã§ã™" #: common/sudo_conf.c:315 #, c-format msgid "%s is world writable" msgstr "%s ã¯èª°ã§ã‚‚書ãè¾¼ã¿å¯èƒ½ã§ã™" #: common/sudo_conf.c:318 #, c-format msgid "%s is group writable" msgstr "%s ã¯ã‚°ãƒ«ãƒ¼ãƒ—ã®ãƒ¡ãƒ³ãƒãƒ¼ã«ã‚ˆã‚‹æ›¸ãè¾¼ã¿ãŒå¯èƒ½ã§ã™" #: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331 #, c-format msgid "unable to open %s" msgstr "%s ã‚’é–‹ã‘ã¾ã›ã‚“" #: compat/strsignal.c:47 msgid "Unknown signal" msgstr "䏿˜Žãªã‚·ã‚°ãƒŠãƒ«ã§ã™" #: src/error.c:82 src/error.c:86 msgid ": " msgstr ": " #: src/exec.c:113 src/exec_pty.c:674 #, c-format msgid "policy plugin failed session initialization" msgstr "ãƒãƒªã‚·ãƒ¼ãƒ—ラグインãŒã‚»ãƒƒã‚·ãƒ§ãƒ³ã®åˆæœŸåŒ–ã«å¤±æ•—ã—ã¾ã—ãŸ" #: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221 #, c-format msgid "unable to fork" msgstr "fork ã§ãã¾ã›ã‚“" #: src/exec.c:268 #, c-format msgid "unable to create sockets" msgstr "ソケットを作æˆã§ãã¾ã›ã‚“" #: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630 #: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218 #, c-format msgid "unable to create pipe" msgstr "パイプを作æˆã§ãã¾ã›ã‚“" #: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240 #, c-format msgid "select failed" msgstr "select ã«å¤±æ•—ã—ã¾ã—ãŸ" #: src/exec.c:467 #, c-format msgid "unable to restore tty label" msgstr "tty ラベルを復旧ã§ãã¾ã›ã‚“" #: src/exec_common.c:69 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "PRIV_LIMIT ã‹ã‚‰ PRIV_PROC_EXEC ã‚’å–り除ãã“ã¨ãŒã§ãã¾ã›ã‚“" #: src/exec_pty.c:183 #, c-format msgid "unable to allocate pty" msgstr "pty を割り当ã¦ã‚‰ã‚Œã¾ã›ã‚“" #: src/exec_pty.c:665 #, c-format msgid "unable to set terminal to raw mode" msgstr "端末を raw モードã«è¨­å®šã§ãã¾ã›ã‚“" #: src/exec_pty.c:1013 #, c-format msgid "unable to set controlling tty" msgstr "tty ã®åˆ¶å¾¡è¨­å®šãŒã§ãã¾ã›ã‚“" #: src/exec_pty.c:1111 #, c-format msgid "error reading from signal pipe" msgstr "シグナルパイプã‹ã‚‰ã®èª­ã¿è¾¼ã¿ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸ" #: src/exec_pty.c:1132 #, c-format msgid "error reading from pipe" msgstr "パイプã‹ã‚‰ã®èª­ã¿è¾¼ã¿ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸ" #: src/exec_pty.c:1148 #, c-format msgid "error reading from socketpair" msgstr "ソケットペアã‹ã‚‰ã®èª­ã¿è¾¼ã¿ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸ" #: src/exec_pty.c:1152 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "ãƒãƒƒã‚¯ãƒãƒ£ãƒ³ãƒãƒ«ã«é–¢ã™ã‚‹äºˆæœŸã—ãªã„リプレイタイプã§ã™: %d" #: src/load_plugins.c:74 #, c-format msgid "%s: %s" msgstr "%s: %s" #: src/load_plugins.c:80 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:90 #, c-format msgid "%s must be owned by uid %d" msgstr "%s ã®æ‰€æœ‰è€…㯠uid %d ã§ãªã‘れã°ã„ã‘ã¾ã›ã‚“" #: src/load_plugins.c:94 #, c-format msgid "%s must be only be writable by owner" msgstr "%s ã¯æ‰€æœ‰è€…ã®ã¿æ›¸ãè¾¼ã¿å¯èƒ½ã§ç„¡ã‘れã°ã„ã‘ã¾ã›ã‚“" #: src/load_plugins.c:101 #, c-format msgid "unable to dlopen %s: %s" msgstr "dlopen %s を行ã†ã“ã¨ãŒã§ãã¾ã›ã‚“: %s" #: src/load_plugins.c:106 #, c-format msgid "%s: unable to find symbol %s" msgstr "%s: シンボル %s を見ã¤ã‘ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“" #: src/load_plugins.c:112 #, c-format msgid "%s: unknown policy type %d" msgstr "%s: 䏿˜Žãªãƒãƒªã‚·ãƒ¼ã‚¿ã‚¤ãƒ— %d ã§ã™" #: src/load_plugins.c:116 #, c-format msgid "%s: incompatible policy major version %d, expected %d" msgstr "%s: äº’æ›æ€§ã®ç„¡ã„ãƒãƒªã‚·ãƒ¼ãƒ¡ã‚¸ãƒ£ãƒ¼ãƒãƒ¼ã‚¸ãƒ§ãƒ³ %d ã§ã™ã€‚予期ã•れるã®ã¯ %d ã§ã™" #: src/load_plugins.c:123 #, c-format msgid "%s: only a single policy plugin may be loaded" msgstr "%s: 一ã¤ã®ãƒãƒªã‚·ãƒ¼ãƒ—ラグインã®ã¿ãƒ­ãƒ¼ãƒ‰ã•れã¦ã„るよã†ã§ã™" #: src/load_plugins.c:200 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "ãƒãƒªã‚·ãƒ¼ãƒ—ラグイン %s ã«ã¯ check_policy メソッドãŒå«ã¾ã‚Œã¦ã„ã¾ã›ã‚“" #: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187 #: src/net_ifs.c:298 src/net_ifs.c:322 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: オーãƒãƒ¼ãƒ•ãƒ­ãƒ¼ãŒæ¤œå‡ºã•れã¾ã—ãŸ" #: src/net_ifs.c:227 #, c-format msgid "unable to open socket" msgstr "ソケットを開ãã“ã¨ãŒã§ãã¾ã›ã‚“" #: src/parse_args.c:187 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "-C ã®å¼•数㯠3 ä»¥ä¸Šã®æ•°å€¤ã§ãªã‘れã°ã„ã‘ã¾ã›ã‚“" #: src/parse_args.c:276 #, c-format msgid "unknown user: %s" msgstr "䏿˜Žãªãƒ¦ãƒ¼ã‚¶ãƒ¼ã§ã™: %s" #: src/parse_args.c:335 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "`-i' 㨠`-s' ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã‚’åŒæ™‚ã«æŒ‡å®šã™ã‚‹ã“ã¨ã¯ã§ãã¾ã›ã‚“" #: src/parse_args.c:339 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "`-i' 㨠`-E' ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã‚’åŒæ™‚ã«æŒ‡å®šã™ã‚‹ã“ã¨ã¯ã§ãã¾ã›ã‚“" #: src/parse_args.c:349 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "`-E' オプションã¯ç·¨é›†ãƒ¢ãƒ¼ãƒ‰ã§ã¯ç„¡åйã§ã™" #: src/parse_args.c:351 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "編集モードã§ã¯ç’°å¢ƒå¤‰æ•°ã‚’指定ã§ãã¾ã›ã‚“" #: src/parse_args.c:359 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "`-U' オプション㯠`-l' オプションã®ã¿ã¨åŒæ™‚ã«æŒ‡å®šã§ãã¾ã™" #: src/parse_args.c:363 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "`-A' 㨠`-S' オプションã¯åŒæ™‚ã«æŒ‡å®šã™ã‚‹ã“ã¨ã¯ã§ãã¾ã›ã‚“" #: src/parse_args.c:443 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit ã¯ã“ã®ãƒ—ラットフォームã§ã¯ã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã¾ã›ã‚“" #: src/parse_args.c:516 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "-e, -h, -i, -K, -l, -s, -v ã¾ãŸã¯ -V ã®ã†ã¡ä¸€ã¤ã®ã¿æŒ‡å®šã§ãã¾ã™" #: src/parse_args.c:530 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s - 別ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¨ã—ã¦ãƒ•ァイルを編集ã—ã¾ã™\n" "\n" #: src/parse_args.c:532 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s - 別ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¨ã—ã¦ã‚³ãƒžãƒ³ãƒ‰ã‚’実行ã—ã¾ã™\n" "\n" #: src/parse_args.c:537 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "オプション:\n" #: src/parse_args.c:540 msgid "use helper program for password prompting\n" msgstr "ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰è¦æ±‚ã®ãŸã‚ã«è£œåŠ©ãƒ—ãƒ­ã‚°ãƒ©ãƒ ã‚’ä½¿ç”¨ã™ã‚‹\n" #: src/parse_args.c:543 msgid "use specified BSD authentication type\n" msgstr "指定ã—㟠BSD èªè¨¼ã‚¿ã‚¤ãƒ—を使用ã™ã‚‹\n" #: src/parse_args.c:545 msgid "run command in the background\n" msgstr "コマンドをãƒãƒƒã‚¯ã‚°ãƒ©ã‚¦ãƒ³ãƒ‰ã§å®Ÿè¡Œã™ã‚‹\n" #: src/parse_args.c:547 msgid "close all file descriptors >= fd\n" msgstr "fd 以上ã®ã™ã¹ã¦ã®ãƒ•ァイル記述å­ã‚’é–‰ã˜ã‚‹\n" #: src/parse_args.c:550 msgid "run command with specified login class\n" msgstr "指定ã—ãŸãƒ­ã‚°ã‚¤ãƒ³ã‚¯ãƒ©ã‚¹ã§ã‚³ãƒžãƒ³ãƒ‰ã‚’実行ã™ã‚‹\n" #: src/parse_args.c:553 msgid "preserve user environment when executing command\n" msgstr "コマンドを実行ã™ã‚‹æ™‚ã«ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ç’°å¢ƒå¤‰æ•°ã‚’ä¿è­·ã™ã‚‹\n" #: src/parse_args.c:555 msgid "edit files instead of running a command\n" msgstr "コマンドを実行ã™ã‚‹ä»£ã‚りã«ãƒ•ァイルを編集ã™ã‚‹\n" #: src/parse_args.c:557 msgid "execute command as the specified group\n" msgstr "指定ã—ãŸã‚°ãƒ«ãƒ¼ãƒ—ã§ã‚³ãƒžãƒ³ãƒ‰ã‚’実行ã™ã‚‹\n" #: src/parse_args.c:559 msgid "set HOME variable to target user's home dir.\n" msgstr "HOME 変数を変更先ã¨ãªã‚‹ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ›ãƒ¼ãƒ ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«è¨­å®šã™ã‚‹\n" #: src/parse_args.c:561 msgid "display help message and exit\n" msgstr "ヘルプメッセージを表示ã—ã¦çµ‚了ã™ã‚‹\n" #: src/parse_args.c:563 msgid "run a login shell as target user\n" msgstr "変更先ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¨ã—ã¦ãƒ­ã‚°ã‚¤ãƒ³ã‚·ã‚§ãƒ«ã‚’実行ã™ã‚‹\n" #: src/parse_args.c:565 msgid "remove timestamp file completely\n" msgstr "タイムスタンプファイルを完全ã«å‰Šé™¤ã™ã‚‹\n" #: src/parse_args.c:567 msgid "invalidate timestamp file\n" msgstr "タイムスタンプファイルを無効ã«ã™ã‚‹\n" #: src/parse_args.c:569 msgid "list user's available commands\n" msgstr "ユーザーãŒä½¿ç”¨å¯èƒ½ãªã‚³ãƒžãƒ³ãƒ‰ã‚’一覧表示ã™ã‚‹\n" #: src/parse_args.c:571 msgid "non-interactive mode, will not prompt user\n" msgstr "éžå¯¾è©±ãƒ¢ãƒ¼ãƒ‰ã§å®Ÿè¡Œã—ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã«å…¥åŠ›ã‚’æ±‚ã‚ãªã„\n" #: src/parse_args.c:573 msgid "preserve group vector instead of setting to target's\n" msgstr "グループベクトルをä¿è­·ã™ã‚‹ (変更先ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ã‚‚ã®ã«è¨­å®šã—ãªã„)\n" #: src/parse_args.c:575 msgid "use specified password prompt\n" msgstr "指定ã—ãŸãƒ‘スワードプロンプトを使用ã™ã‚‹\n" #: src/parse_args.c:578 src/parse_args.c:586 msgid "create SELinux security context with specified role\n" msgstr "指定ã—ãŸå½¹å‰²ã§ SELinux セキュリティーコンテキストを作æˆã™ã‚‹\n" #: src/parse_args.c:581 msgid "read password from standard input\n" msgstr "標準入力ã‹ã‚‰ãƒ‘スワードを読ã¿è¾¼ã‚€\n" #: src/parse_args.c:583 msgid "run a shell as target user\n" msgstr "変更先ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¨ã—ã¦ã‚·ã‚§ãƒ«ã‚’実行ã™ã‚‹\n" #: src/parse_args.c:589 msgid "when listing, list specified user's privileges\n" msgstr "一覧表示ã™ã‚‹æ™‚ã«ã€æŒ‡å®šã—ãŸãƒ¦ãƒ¼ã‚¶ãƒ¼ã®æ¨©é™ã‚’一覧表示ã™ã‚‹\n" #: src/parse_args.c:591 msgid "run command (or edit file) as specified user\n" msgstr "指定ã—ãŸãƒ¦ãƒ¼ã‚¶ãƒ¼ã§ã‚³ãƒžãƒ³ãƒ‰ã‚’実行ã™ã‚‹ (ã¾ãŸã¯ãƒ•ァイルを編集ã™ã‚‹)\n" #: src/parse_args.c:593 msgid "display version information and exit\n" msgstr "ãƒãƒ¼ã‚¸ãƒ§ãƒ³æƒ…報を表示ã—ã¦çµ‚了ã™ã‚‹\n" #: src/parse_args.c:595 msgid "update user's timestamp without running a command\n" msgstr "コマンドを実行ã›ãšã«ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ã‚¿ã‚¤ãƒ ã‚¹ã‚¿ãƒ³ãƒ—ã‚’æ›´æ–°ã™ã‚‹\n" #: src/parse_args.c:597 msgid "stop processing command line arguments\n" msgstr "コマンドライン引数ã®å‡¦ç†ã‚’終了ã™ã‚‹\n" #: src/selinux.c:77 #, c-format msgid "unable to open audit system" msgstr "監査システムを開ãã“ã¨ãŒã§ãã¾ã›ã‚“" #: src/selinux.c:85 #, c-format msgid "unable to send audit message" msgstr "監査メッセージをé€ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "fgetfilecon %s を行ã†ã“ã¨ãŒã§ãã¾ã›ã‚“" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s ã¯ãƒ©ãƒ™ãƒ«ã‚’変更ã—ã¾ã—ãŸ" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "%s 用ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’復元ã™ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "%s ã‚’é–‹ãã“ã¨ãŒã§ãã¾ã›ã‚“。tty ã®å†ãƒ©ãƒ™ãƒ«ä»˜ã‘を行ã„ã¾ã›ã‚“" #: src/selinux.c:172 #, c-format msgid "unable to get current tty context, not relabeling tty" msgstr "ç¾åœ¨ã® tty コンテキストをå–å¾—ã§ãã¾ã›ã‚“。 tty ã®å†ãƒ©ãƒ™ãƒ«ä»˜ã‘を行ã„ã¾ã›ã‚“" #: src/selinux.c:179 #, c-format msgid "unable to get new tty context, not relabeling tty" msgstr "æ–°ã—ã„ tty コンテキストをå–å¾—ã§ãã¾ã›ã‚“。 tty ã®å†ãƒ©ãƒ™ãƒ«ä»˜ã‘を行ã„ã¾ã›ã‚“" #: src/selinux.c:186 #, c-format msgid "unable to set new tty context" msgstr "æ–°ã—ã„ tty コンテキストを設定ã§ãã¾ã›ã‚“" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "タイプ %s 用ã®å½¹å‰²ã‚’指定ã—ãªã‘れã°ã„ã‘ã¾ã›ã‚“" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "役割 %s 用ã®ãƒ‡ãƒ•ォルトã®ã‚¿ã‚¤ãƒ—ã‚’å–å¾—ã§ãã¾ã›ã‚“" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "æ–°ã—ã„役割 %s ã®è¨­å®šã«å¤±æ•—ã—ã¾ã—ãŸ" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "æ–°ã—ã„タイプ %s ã®è¨­å®šã«å¤±æ•—ã—ã¾ã—ãŸ" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s ã¯æœ‰åйãªã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§ã¯ã‚りã¾ã›ã‚“" #: src/selinux.c:324 #, c-format msgid "failed to get old_context" msgstr "å¤ã„コンテキスト (old_context) ã®å–å¾—ã«å¤±æ•—ã—ã¾ã—ãŸ" #: src/selinux.c:330 #, c-format msgid "unable to determine enforcing mode." msgstr "強制モードを決定ã™ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“。" #: src/selinux.c:342 #, c-format msgid "unable to setup tty context for %s" msgstr "%s 用㮠tty コンテキストをセットアップã§ãã¾ã›ã‚“" #: src/selinux.c:373 #, c-format msgid "unable to set exec context to %s" msgstr "実行コンテキストを %s ã«è¨­å®šã§ãã¾ã›ã‚“" #: src/selinux.c:380 #, c-format msgid "unable to set key creation context to %s" msgstr "キー作æˆã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ %s ã¸è¨­å®šã§ãã¾ã›ã‚“" #: src/sesh.c:70 #, c-format msgid "requires at least one argument" msgstr "最低ã§ã‚‚一ã¤ä»¥ä¸ŠãŠã®å¼•æ•°ãŒå¿…è¦ã§ã™" #: src/sesh.c:91 #, c-format msgid "unable to execute %s" msgstr "%s を実行ã§ãã¾ã›ã‚“" #: src/sudo.c:211 #, c-format msgid "Sudo version %s\n" msgstr "Sudo ãƒãƒ¼ã‚¸ãƒ§ãƒ³ %s\n" #: src/sudo.c:213 #, c-format msgid "Configure options: %s\n" msgstr "configure オプション: %s\n" #: src/sudo.c:218 #, c-format msgid "fatal error, unable to load plugins" msgstr "致命的エラーã€ãƒ—ラグインをロードã§ãã¾ã›ã‚“" #: src/sudo.c:226 #, c-format msgid "unable to initialize policy plugin" msgstr "ãƒãƒªã‚·ãƒ¼ãƒ—ãƒ©ã‚°ã‚¤ãƒ³ã‚’åˆæœŸåŒ–ã§ãã¾ã›ã‚“" #: src/sudo.c:281 #, c-format msgid "error initializing I/O plugin %s" msgstr "I/O プラグイン %s ã‚’åˆæœŸåŒ–中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸ" #: src/sudo.c:306 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "予期ã—ãªã„ sudo ã®ãƒ¢ãƒ¼ãƒ‰ 0x%x ã§ã™" #: src/sudo.c:400 #, c-format msgid "unable to get group vector" msgstr "グループベクトルをå–å¾—ã§ãã¾ã›ã‚“" #: src/sudo.c:452 #, c-format msgid "unknown uid %u: who are you?" msgstr "䏿˜Žãªãƒ¦ãƒ¼ã‚¶ãƒ¼ID %u ã§ã™: 誰ã§ã™ã‹?" #: src/sudo.c:782 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s ã¯æ‰€æœ‰è€…㌠uid %d ã§ã‚ã‚‹å¿…è¦ãŒã‚りã€ã‹ã¤ setuid ãŒè¨­å®šã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™" #: src/sudo.c:785 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "実効 uid ㌠%d ã§ã¯ã‚りã¾ã›ã‚“ã€%s 㯠'nosuid' ãŒè¨­å®šã•れãŸãƒ•ァイルシステムã«ã‚ã‚‹ã‹ã€root 権é™ã®ãªã„NFSファイルシステムã«ã‚ã‚‹ã®ã§ã¯ï¼Ÿ" #: src/sudo.c:791 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "実効 uid ㌠%d ã§ã¯ã‚りã¾ã›ã‚“ã€sudo 㯠setuid root を設定ã—ã¦ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã•れã¦ã„ã¾ã™ã‹ï¼Ÿ" #: src/sudo.c:860 #, c-format msgid "resource control limit has been reached" msgstr "資æºåˆ¶å¾¡ã®åˆ¶é™ã®æœ€å¤§å€¤ã«é”ã—ã¾ã—ãŸ" #: src/sudo.c:863 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "ユーザー \"%s\" ã¯ãƒ—ロジェクト \"%s\" ã®ãƒ¡ãƒ³ãƒãƒ¼ã§ã¯ã‚りã¾ã›ã‚“" #: src/sudo.c:867 #, c-format msgid "the invoking task is final" msgstr "èµ·å‹•ã—ã¦ã„ã‚‹ã‚¿ã‚¹ã‚¯ã¯æœ€å¾Œ (final) ã§ã™" #: src/sudo.c:870 #, c-format msgid "could not join project \"%s\"" msgstr "プロジェクト \"%s\" ã«å‚加ã§ãã¾ã›ã‚“" #: src/sudo.c:875 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "プロジェクト \"%s\" 用ã«ã¯ãƒ‡ãƒ•ォルト割り当ã¦ã¨ã—ã¦å—ã‘付ã‘られる資æºãƒ—ールãŒã‚りã¾ã›ã‚“" #: src/sudo.c:879 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "プロジェクト \"%s\" 用ã¨ã—ã¦æŒ‡å®šã—ãŸè³‡æºãƒ—ールã¯å­˜åœ¨ã—ã¾ã›ã‚“" #: src/sudo.c:883 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "プロジェクト \"%s\" 用ã«ãƒ‡ãƒ•ォルト資æºãƒ—ールを割り当ã¦ã‚‰ã‚Œã¾ã›ã‚“ã§ã—ãŸ" #: src/sudo.c:889 #, c-format msgid "setproject failed for project \"%s\"" msgstr "プロジェクト\"%s\" ã¸ã® setproject ã«å¤±æ•—ã—ã¾ã—ãŸ" #: src/sudo.c:891 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "警告ã€ãƒ—ロジェクト \"%s\" ã¸ã®è³‡æºåˆ¶å¾¡å‰²ã‚Šå½“ã¦ã«å¤±æ•—ã—ã¾ã—ãŸ" #: src/sudo.c:959 #, c-format msgid "unknown login class %s" msgstr "䏿˜Žãªãƒ­ã‚°ã‚¤ãƒ³ã‚¯ãƒ©ã‚¹ %s ã§ã™" #: src/sudo.c:973 src/sudo.c:976 #, c-format msgid "unable to set user context" msgstr "ユーザーコンテキストを設定ã§ãã¾ã›ã‚“" #: src/sudo.c:988 #, c-format msgid "unable to set supplementary group IDs" msgstr "追加ã®ã‚°ãƒ«ãƒ¼ãƒ—IDを設定ã§ãã¾ã›ã‚“" #: src/sudo.c:995 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "実行時ã®ã‚°ãƒ«ãƒ¼ãƒ—ID (gid) %u を実効グループIDã«è¨­å®šã§ãã¾ã›ã‚“" #: src/sudo.c:1001 #, c-format msgid "unable to set gid to runas gid %u" msgstr "実行時ã®ã‚°ãƒ«ãƒ¼ãƒ—ID (gid) %u をグループIDã«è¨­å®šã§ãã¾ã›ã‚“" #: src/sudo.c:1008 #, c-format msgid "unable to set process priority" msgstr "プロセス優先度を設定ã§ãã¾ã›ã‚“" #: src/sudo.c:1016 #, c-format msgid "unable to change root to %s" msgstr "root ã‚’ %s ã¸å¤‰æ›´ã§ãã¾ã›ã‚“" #: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "実行時ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ID (uid) (%u, %u) ã¸å¤‰æ›´ã§ãã¾ã›ã‚“" #: src/sudo.c:1049 #, c-format msgid "unable to change directory to %s" msgstr "ディレクトリーを %s ã«å¤‰æ›´ã§ãã¾ã›ã‚“" #: src/sudo.c:1133 #, c-format msgid "unexpected child termination condition: %d" msgstr "予期ã—ãªã„å­ãƒ—ロセスã®çµ‚了コードã§ã™: %d" #: src/sudo.c:1194 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "ãƒãƒªã‚·ãƒ¼ãƒ—ラグイン %s ã¯æ¨©é™ã®ä¸€è¦§è¡¨ç¤ºã‚’サãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“" #: src/sudo.c:1206 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "ãƒãƒªã‚·ãƒ¼ãƒ—ラグイン %s 㯠-v オプションをサãƒãƒ¼ãƒˆã—ã¾ã›ã‚“" #: src/sudo.c:1218 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "ãƒãƒªã‚·ãƒ¼ãƒ—ラグイン %s 㯠-k/-K オプションをサãƒãƒ¼ãƒˆã—ã¾ã›ã‚“" #: src/sudo_edit.c:111 #, c-format msgid "unable to change uid to root (%u)" msgstr "ユーザーID (uid) ã‚’ root (%u) ã«å¤‰æ›´ã§ãã¾ã›ã‚“" #: src/sudo_edit.c:143 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "プラグインエラー: sudoedit 用ã®ãƒ•ァイル一覧ãŒã‚りã¾ã›ã‚“" #: src/sudo_edit.c:171 src/sudo_edit.c:271 #, c-format msgid "%s: not a regular file" msgstr "%s: 通常ファイルã§ã¯ã‚りã¾ã›ã‚“" #: src/sudo_edit.c:205 src/sudo_edit.c:307 #, c-format msgid "%s: short write" msgstr "%s: çŸ­ã„æ›¸ãè¾¼ã¿ã§ã™" #: src/sudo_edit.c:272 #, c-format msgid "%s left unmodified" msgstr "%s を修正ã—ãªã„ã¾ã¾ã«ã—ã¾ã™" #: src/sudo_edit.c:285 #, c-format msgid "%s unchanged" msgstr "%s を変更ã—ã¾ã›ã‚“" #: src/sudo_edit.c:297 src/sudo_edit.c:318 #, c-format msgid "unable to write to %s" msgstr "%s ã¸æ›¸ã込むã“ã¨ãŒã§ãã¾ã›ã‚“" #: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319 #, c-format msgid "contents of edit session left in %s" msgstr "編集セッションã®å†…容㌠%s å†…ã«æ®‹ã£ã¦ã„ã¾ã™" #: src/sudo_edit.c:315 #, c-format msgid "unable to read temporary file" msgstr "一時ファイルを読ã¿è¾¼ã‚€ã“ã¨ãŒã§ãã¾ã›ã‚“" #: src/tgetpass.c:90 #, c-format msgid "no tty present and no askpass program specified" msgstr "端末 (tty) ãŒå­˜åœ¨ã›ãšã€ãƒ‘スワードを尋ã­ã‚‹ (askpass) ãƒ—ãƒ­ã‚°ãƒ©ãƒ ãŒæŒ‡å®šã•れã¦ã„ã¾ã›ã‚“" #: src/tgetpass.c:99 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "パスワードを尋ã­ã‚‹ (askpass) ãƒ—ãƒ­ã‚°ãƒ©ãƒ ãŒæŒ‡å®šã•れã¦ã„ã¾ã›ã‚“。 SUDO_ASKPASS ã®è¨­å®šã‚’試ã¿ã¾ã™" #: src/tgetpass.c:231 #, c-format msgid "unable to set gid to %u" msgstr "グループIDã‚’ %u ã«è¨­å®šã§ãã¾ã›ã‚“" #: src/tgetpass.c:235 #, c-format msgid "unable to set uid to %u" msgstr "ユーザーIDã‚’ %u ã«è¨­å®šã§ãã¾ã›ã‚“" #: src/tgetpass.c:240 #, c-format msgid "unable to run %s" msgstr "%s を実行ã§ãã¾ã›ã‚“" #: src/utmp.c:278 #, c-format msgid "unable to save stdin" msgstr "標準入力をä¿å­˜ã§ãã¾ã›ã‚“" #: src/utmp.c:280 #, c-format msgid "unable to dup2 stdin" msgstr "標準入力㸠dup2 を実行ã§ãã¾ã›ã‚“" #: src/utmp.c:283 #, c-format msgid "unable to restore stdin" msgstr "標準入力を復元ã§ãã¾ã›ã‚“" #~ msgid "internal error, emalloc2() overflow" #~ msgstr "内部エラー〠emalloc2() ãŒã‚ªãƒ¼ãƒãƒ¼ãƒ•ローã—ã¾ã—ãŸ" #~ msgid "internal error, erealloc3() overflow" #~ msgstr "内部エラー〠erealloc3() ãŒã‚ªãƒ¼ãƒãƒ¼ãƒ•ローã—ã¾ã—ãŸ" #~ msgid "%s: at least one policy plugin must be specified" #~ msgstr "%s: 最低ã§ã‚‚一ã¤ä»¥ä¸Šã®ãƒãƒªã‚·ãƒ¼ãƒ—ラグインを指定ã—ãªã‘れã°ã„ã‘ã¾ã›ã‚“" #~ msgid "must be setuid root" #~ msgstr "setuid root ã•れã¦ã„ãªã‘れã°ã„ã‘ã¾ã›ã‚“" #~ msgid "the argument to -D must be between 1 and 9 inclusive" #~ msgstr "-D ã®å¼•数㯠1 ã‹ã‚‰ 9 ã®é–“ã§ãªã‘れã°ã„ã‘ã¾ã›ã‚“" sudo-1.8.9p5/src/po/nl.mo010064400175440000012000000411611226304146200145220ustar00millertstaffÞ•¦Lß| ø ù !(&Oav#©Íâ$õ65 ly‚‰ ‘´ÄIÛ%6!E#g8‹Ä3à3H$f'‹{³7/.g –·Ïî &@#Z1~4°*å)>:y#•#¹$Ý$%'%M&s š¨OÂ"65Cl/°)à, ,77d4œ3Ñ/55+k4—.Ì!û >']7…-½ë, .6Ce=© ç+õ"!7D&|*£2Î)5+>a » Òó&!6Xn#‡«ÃØí '56&l“1®"à%;Wmƒ/¡ Ñò % A R g „ +¢ Î ï !!()!R!p!%!"µ!Ø!ð!" "."(@"i"*"(ª"Ó"í""#'#,D#1q#+£#%Ï#!õ#)$A$T$<d$2¡$2Ô$6%#>%mb% Ð&0Ú&5 'A'#V'z'“'4®'&ã' (/!( Q(Hr(»(Ê(Ó(Ú( â(î()!)X9)’)¢)"³)/Ö)>*!E*<g*=¤*â*"ý*9 +‘Z+Lì+99,%s,™,"±,Ô,ò,#-#5-$Y-7~-:¶-2ñ-2$.RW.ª."Ä."ç.# /#./$R/$w/5œ/Ò/ã/pý/"n0U‘0Wç0K?16‹1-Â11ð11"2;T222.Ã21ò2+$3@P34‘3#Æ3ê3 4!*4CL4(4#¹4@Ý455ST5G¨5ð5J6$N6Ws6&Ë6/ò6:"7,]7:Š7IÅ78%,8R8p8)8$¹8Þ8ò8" 9,9*K9v9Œ9 £9Ä9Vâ9.9: h:V‰:!à:;>;T;r;‰;  ;2Á;#ô;<5<!O<q<‡< £<)Ä<1î<+ =L=&i=:=)Ë=!õ=*>.B>q>$Ž>*³>Þ>,þ>+?)F?8p?©?Å?(ß?@0&@9W@8‘@%Ê@%ð@+ABAWACgA2«A2ÞA<B"NB2WUt4—D={S)ƒ.!?ENApydŸ @‚5’•\ „Pc›kqz‘<œ£e'Z”€H9r*`jLT[šBv¤;XgaŽmI3‹Qu ^(#M  hC%o>0‰…F¦+‡KG] s: f,1"bOJV~$Y¢8/7|“˜†&_–-i¡}wl6n¥ˆŠxŒžR™ Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: %s %s: %s: %s %s: not a regular file%s: short writeConfigure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= numcontents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified rolecreate SELinux security context with specified typedisplay help message and exitdisplay version information and exitedit files instead of running a commandeffective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error in %s, line %d while loading plugin `%s'error initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairfailed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsignoring duplicate I/O plugin `%s' in %s, line %dignoring duplicate policy plugin `%s' in %s, line %dignoring policy plugin `%s' in %s, line %din list mode, display privileges for userincompatible plugin major version %d (expected %d) found in %sinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalid max groups `%s' in %s, line %dinvalid valueinvalidate timestamp filelist user's privileges or check a specific command; use twice for longer formatload_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, no prompts are usedonly a single policy plugin may be specifiedplugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin %s is missing the `check_policy' methodpolicy plugin failed session initializationpreserve group vector instead of setting to target'spreserve user environment when running commandread password from standard inputremove timestamp file completelyrequires at least one argumentresource control limit has been reachedrun command (or edit file) as specified user name or IDrun command as the specified group name or IDrun command in the backgroundrun command on host (if supported by plugin)run command with the specified BSD login classrun login shell as the target user; a command may also be specifiedrun shell as the target user; a command may also be specifiedselect failedset HOME variable to target user's home dirsetproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line argumentssudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dlopen %s: %sunable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to find symbol `%s' in %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set uid to %uunable to set user contextunable to setup tty context for %sunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown policy type %d found in %sunknown uid %u: who are you?unsupported group source `%s' in %s, line %dupdate user's timestamp without running a commanduse a helper program for password promptinguse specified BSD authentication typeuse the specified password promptuser "%s" is not a member of project "%s"value out of rangevalue too largewarning, resource control assignment failed for project "%s"you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo 1.8.8b1 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-08-16 10:14-0600 PO-Revision-Date: 2013-09-03 15:18+0200 Last-Translator: P. Hamming Language-Team: Dutch Language: nl MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Opties: %s - bewerk bestanden als een andere gebruiker %s - voer een opdracht uit als een andere gebruiker %s gewijzigde labels%s kan door groep worden geschreven%s geen regulier bestand%s is geen geldige context%s is eigendom van %u, moet gebruikersnummer %u zijn%s kan door iedereen worden geschreven%s ongewijzigd gelaten%s mag alleen schrijfbaar zijn voor de eigenaareigenaar van %s moet uid %d zijneigenaar van %s moet gebruikersnummer %d zijn en de setuid bit ingesteld%s ongewijzigd%s%s: %s%s: %s%s: %s %s: %s: %s %s: geen regulier bestand%s: te weinig geschrevenConfiguratieopties: %s Slechts een van de volgende opties mag worden gebruikt: -e, -h, -i, -K, -l, -s, -v of -VSudo versie %s Onbekend signaalsluit alle file descriptors >= numinhoud van bewerkingssessie achtergelaten in %skan niet verbinden met standaard hulpbronnen voor project "%s"kan project "%s" niet samenvoegenmaak SELinux beveiligingscontext met gespecificeerde rol aanmaak SELinux beveiligingscontext met gespecificeerde type aanhulptekst tonen en stoppenversie-informatie tonen en stoppenbewerk bestanden in plaats van uitvoeren van een opdrachtgebruikt gebruikersnummer is niet %d, is %s op een bestandssysteem met de 'nosuid' optie ingesteld of een NFS bestandssysteem zonder rootrechten?gebruikt gebruikersnummer is niet %d, is sudo geinstalleerd met setuid root?fout in %s, regel %d bij het initialiseren-I/O plug-in %sfout bij initialiseren-I/O plug-in %sfout met lezen van pijpfout met het lezen van signaalpijpfout met lezen van socketpaarverkrijgen old_context misluktinstellen van nieuwe rol %s misluktinstellen van nieuw type %s misluktfatale fout, kan geen plug-ins ladendubbele I/O-plugin '%s' in %s, regel %d wordt genegeerddubbele beleidsplugin '%s' in %s, regel %d wordt genegeerdbeleidsplugin '%s' in %s, regel %d wordt genegeerdin lijstmodus, geef privileges voor gebruiker weerniet-compatibel hoofdbeleidsversie %d, (verwachtte %d) gevonden in %s voor pluginsinterne fout, %s overloopinterne fout, probeerde ecalloc(0)interne fout, probeerde emalloc(0)interne fout, probeerde emalloc2(0)interne fout, probeerde erealloc(0)interne fout, probeerde erealloc3(0)interne fout, probeerde erecalloc(0)ongeldig maximaal aantal groepen '%s' in %s, regel %dongeldige waardemaak tijdbestand ongeldiggeef privileges van gebruiker weer of controleer specifieke opdracht; gebuik twee keer voor uitgebreidere opmaakload_interfaces: overloop gevondengeen wachtwoordvraag(askpass)-programma opgegeven, probeer SUDO_ASKPASS in te stellener bestaat geen hulpbronnengroep voor project "%s" die de standaardbindingen accepteertgeen terminal aanwezig en geen wachtwoordvraag(askpass)-programma opgegevenniet-interactieve modus, geen interactie met gebruikerslechts een beleidsplug-in mag geladen wordenplug-infout: missende bestandslijst voor sudoeditbeleidsplug-in %s heeft geen check_policy methodebeleidsplug-in %s ondersteunt niet het tonen van privilegesbeleidsplug-in %s ondersteunt niet de -k/-K optiesbeleidsplug-in %s ondersteunt niet de -v optiebeleidsplug-in %s heeft geen check_policy methodebeleidsplugin kon sessie niet initialiserenbehoud groepsvector in plaats van die van het doel in te stellenbehoud gebruikersomgeving bij uitvoeren van opdrachtlees wachtwoord van standaardinvoerverwijder tijdbestand volledigtenminste één argument vereisthulpbroncontrolelimiet is bereiktvoer opdracht uit (of bewerk bestand) als gespecificeerde gebruikervoer opdracht uit als de opgegeven groepvoer opdracht op de achtergrond uitvoer opdracht uit op computer (enkel als plugin dit ondersteund)voer opdracht uit met gespecificeerde BSD-inlogklassevoer een inlogshell uit als beoogd gebruiker; een opdracht mag ook worden opgegevenvoer shell uit als doelgebruiker; een opdracht mag ook worden opgegevenselecteren misluktstel HOME variabele in om naar persoonlijke map van gebruiker te verwijzensetproject mislukt voor project "%s"er bestaat geen hulpbronnengroep voor project "%s" die de standaardbindingen accepteertstop verwerken opdrachtregelargumentensudoedit wordt niet ondersteund op dit platformde opties '-A' en '-S' mogen niet tegelijk worden gebruiktoptie '-E' is niet geldig in bewerkingsmodusoptie '-U' mag alleen worden gebruikt samen met optie '-l'het argument van -C moet een getal zijn dat groter dan of gelijk aan 3 isde aanroepende taak is klaarkan geen virtuele terminal reserverenkan map niet wijzigen naar %skan root niet wijzigen naar %skan niet wijzigen naar runas uid (%u, %u)kan uid niet wijzigen naar root (%u)kan geen pijp makenkan geen sockets makenkan afdwingende modus niet vinden.dlopen %s is niet mogelijk: %skan dup2 niet uitvoeren op standaardinvoerkan %s niet uitvoerenfgetfilecon %s misluktkan symbool %s niet vinden in %skan geen nieuw proces startenkan huidige terminalcontext niet verkrijgen, terminaltitel wordt niet opniew ingesteldkan standaard-type niet verkrijgen voor rol %skan groepsvector niet verkrijgenkan geen nieuwe terminalcontext verkrijgen, terminaltitel wordt niet opnieuw ingesteldkan beleidsplug-in niet instellenkan %s niet openenkan %s niet openen, terminaltitel wordt niet opnieuw ingesteldkan audit-systeem niet openenkan geen socket openenkan userdb niet openenkan tijdelijk bestand niet lezenkan PRIV_PROC_EXEC niet verwijderen van PRIV_LIMITkan context voor %s niet herstellenkan register niet herstellenkan stdin niet herstellenkan terminallabel niet herstellenkan %s niet uitvoerenkan niet opslaan naar stdinkan audit-melding niet verzendenkan geen controlerende terminal instellenkan effectieve gid niet instellen op runas-gid %ukan uitvoeringscontext niet instellen op %skan gid niet instellen op %ukan gid niet instellen op runas-gid %ukan context voor aanmaak van sleutels niet instellen op %skan nieuwe terminalcontext niet instellenkan taakprioriteit niet instellenkan aanvullende groeps-ID's niet instellenkan de terminal niet op de raw-modus instellenkan uid niet instellen op %ukan gebruikerscontext niet instellenkan terminalcontext niet instellen voor %skan status niet opvragen van %skan niet wijzigen naar register "%s" voor %skan niet schrijven naar %sonverwachte dochter-afsluitvoorwaarde: %donverwachte soort beantwoording van het achterkanaal: %donverwachte sudo modus 0x%xonbekende inlog-klasse %sonbekende beleidssoort %d gevonden in %sonbekende uid %u: wie bent u?niet-ondersteunde brongroup '%s' in %s, regel %dwerk tijd van gebruiker bij zonder opdracht uit te voerengebruik een hulpprogramma voor het vragen van wachtwoordgebruik opgegeven BSD-verificatietypegebruik gespecifeerde wachtwoordvraaggebruiker "%s" is geen lid van project "%s"waarde buiten bereikwaarde te grootwaarschuwing, hulpbrontoewijzingscontrole mislukt voor project "%s"u mag de opties '-i' en '-E' niet tegelijk opgevenu mag de opties '-i' en '-s' niet tegelijk opgevenu mag geen omgevingsvariabelen opgeven in de bewerkingsmodusu moet een rol kiezen voor type %ssudo-1.8.9p5/src/po/nl.po010064400175440000012000000557641226304126400145430ustar00millertstaff# Dutch translation for sudo. # Copyright (C) 2013 P. Hamming # This file is distributed under the same license as the sudo package. # P. Hamming , 2013 msgid "" msgstr "" "Project-Id-Version: sudo 1.8.8b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-08-16 10:14-0600\n" "PO-Revision-Date: 2013-09-03 15:18+0200\n" "Last-Translator: P. Hamming \n" "Language-Team: Dutch \n" "Language: nl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: common/aix.c:150 #, c-format msgid "unable to open userdb" msgstr "kan userdb niet openen" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "kan niet wijzigen naar register \"%s\" voor %s" #: common/aix.c:170 #, c-format msgid "unable to restore registry" msgstr "kan register niet herstellen" #: common/alloc.c:81 msgid "internal error, tried to emalloc(0)" msgstr "interne fout, probeerde emalloc(0)" #: common/alloc.c:98 msgid "internal error, tried to emalloc2(0)" msgstr "interne fout, probeerde emalloc2(0)" #: common/alloc.c:100 common/alloc.c:122 common/alloc.c:162 common/alloc.c:186 #, c-format msgid "internal error, %s overflow" msgstr "interne fout, %s overloop" #: common/alloc.c:119 msgid "internal error, tried to ecalloc(0)" msgstr "interne fout, probeerde ecalloc(0)" #: common/alloc.c:141 msgid "internal error, tried to erealloc(0)" msgstr "interne fout, probeerde erealloc(0)" #: common/alloc.c:160 msgid "internal error, tried to erealloc3(0)" msgstr "interne fout, probeerde erealloc3(0)" #: common/alloc.c:184 msgid "internal error, tried to erecalloc(0)" msgstr "interne fout, probeerde erecalloc(0)" #: common/atoid.c:77 common/atoid.c:99 src/sudo.c:561 src/sudo.c:586 #: src/sudo.c:694 src/sudo.c:710 msgid "invalid value" msgstr "ongeldige waarde" #: common/atoid.c:84 src/sudo.c:565 src/sudo.c:590 src/sudo.c:698 #: src/sudo.c:714 msgid "value out of range" msgstr "waarde buiten bereik" #: common/atoid.c:105 msgid "value too large" msgstr "waarde te groot" #: common/fatal.c:154 #, c-format msgid "%s: %s: %s\n" msgstr "%s: %s: %s\n" #: common/fatal.c:157 common/fatal.c:161 #, c-format msgid "%s: %s\n" msgstr "%s: %s\n" #: common/gidlist.c:80 src/load_plugins.c:72 src/sudo.c:561 src/sudo.c:565 #: src/sudo.c:586 src/sudo.c:590 src/sudo.c:613 src/sudo.c:622 src/sudo.c:631 #: src/sudo.c:646 src/sudo.c:694 src/sudo.c:698 src/sudo.c:710 src/sudo.c:714 #, c-format msgid "%s: %s" msgstr "%s: %s" #: common/sudo_conf.c:176 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "niet-ondersteunde brongroup '%s' in %s, regel %d" #: common/sudo_conf.c:190 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "ongeldig maximaal aantal groepen '%s' in %s, regel %d" #: common/sudo_conf.c:394 #, c-format msgid "unable to stat %s" msgstr "kan status niet opvragen van %s" #: common/sudo_conf.c:397 #, c-format msgid "%s is not a regular file" msgstr "%s geen regulier bestand" #: common/sudo_conf.c:400 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s is eigendom van %u, moet gebruikersnummer %u zijn" #: common/sudo_conf.c:404 #, c-format msgid "%s is world writable" msgstr "%s kan door iedereen worden geschreven" #: common/sudo_conf.c:407 #, c-format msgid "%s is group writable" msgstr "%s kan door groep worden geschreven" #: common/sudo_conf.c:417 src/selinux.c:196 src/selinux.c:209 src/sudo.c:329 #, c-format msgid "unable to open %s" msgstr "kan %s niet openen" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Onbekend signaal" #: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "beleidsplugin kon sessie niet initialiseren" #: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:221 #, c-format msgid "unable to fork" msgstr "kan geen nieuw proces starten" #: src/exec.c:259 #, c-format msgid "unable to create sockets" msgstr "kan geen sockets maken" #: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "selecteren mislukt" #: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "kan terminallabel niet herstellen" #: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "kan PRIV_PROC_EXEC niet verwijderen van PRIV_LIMIT" #: src/exec_pty.c:183 #, c-format msgid "unable to allocate pty" msgstr "kan geen virtuele terminal reserveren" #: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 #: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:218 #, c-format msgid "unable to create pipe" msgstr "kan geen pijp maken" #: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" msgstr "kan de terminal niet op de raw-modus instellen" #: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "kan geen controlerende terminal instellen" #: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "fout met het lezen van signaalpijp" #: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "fout met lezen van pijp" #: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "fout met lezen van socketpaar" #: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "onverwachte soort beantwoording van het achterkanaal: %d" #: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 #: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 #: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "fout in %s, regel %d bij het initialiseren-I/O plug-in %s" #: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "eigenaar van %s moet uid %d zijn" #: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "%s mag alleen schrijfbaar zijn voor de eigenaar" #: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "dlopen %s is niet mogelijk: %s" #: src/load_plugins.c:194 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "kan symbool %s niet vinden in %s" #: src/load_plugins.c:201 #, c-format msgid "unknown policy type %d found in %s" msgstr "onbekende beleidssoort %d gevonden in %s" #: src/load_plugins.c:207 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "niet-compatibel hoofdbeleidsversie %d, (verwachtte %d) gevonden in %s voor plugins" #: src/load_plugins.c:216 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "beleidsplugin '%s' in %s, regel %d wordt genegeerd" #: src/load_plugins.c:218 #, c-format msgid "only a single policy plugin may be specified" msgstr "slechts een beleidsplug-in mag geladen worden" #: src/load_plugins.c:221 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "dubbele beleidsplugin '%s' in %s, regel %d wordt genegeerd" #: src/load_plugins.c:236 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "dubbele I/O-plugin '%s' in %s, regel %d wordt genegeerd" #: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "beleidsplug-in %s heeft geen check_policy methode" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: overloop gevonden" #: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "kan geen socket openen" #: src/parse_args.c:246 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "het argument van -C moet een getal zijn dat groter dan of gelijk aan 3 is" #: src/parse_args.c:408 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "u mag de opties '-i' en '-s' niet tegelijk opgeven" #: src/parse_args.c:412 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "u mag de opties '-i' en '-E' niet tegelijk opgeven" #: src/parse_args.c:422 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "optie '-E' is niet geldig in bewerkingsmodus" #: src/parse_args.c:424 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "u mag geen omgevingsvariabelen opgeven in de bewerkingsmodus" #: src/parse_args.c:432 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "optie '-U' mag alleen worden gebruikt samen met optie '-l'" #: src/parse_args.c:436 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "de opties '-A' en '-S' mogen niet tegelijk worden gebruikt" #: src/parse_args.c:519 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit wordt niet ondersteund op dit platform" #: src/parse_args.c:592 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Slechts een van de volgende opties mag worden gebruikt: -e, -h, -i, -K, -l, -s, -v of -V" #: src/parse_args.c:606 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s - bewerk bestanden als een andere gebruiker\n" "\n" #: src/parse_args.c:608 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s - voer een opdracht uit als een andere gebruiker\n" "\n" #: src/parse_args.c:613 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "Opties:\n" #: src/parse_args.c:615 msgid "use a helper program for password prompting" msgstr "gebruik een hulpprogramma voor het vragen van wachtwoord" #: src/parse_args.c:618 msgid "use specified BSD authentication type" msgstr "gebruik opgegeven BSD-verificatietype" #: src/parse_args.c:621 msgid "run command in the background" msgstr "voer opdracht op de achtergrond uit" #: src/parse_args.c:623 msgid "close all file descriptors >= num" msgstr "sluit alle file descriptors >= num" #: src/parse_args.c:626 msgid "run command with the specified BSD login class" msgstr "voer opdracht uit met gespecificeerde BSD-inlogklasse" #: src/parse_args.c:629 msgid "preserve user environment when running command" msgstr "behoud gebruikersomgeving bij uitvoeren van opdracht" #: src/parse_args.c:631 msgid "edit files instead of running a command" msgstr "bewerk bestanden in plaats van uitvoeren van een opdracht" #: src/parse_args.c:633 msgid "run command as the specified group name or ID" msgstr "voer opdracht uit als de opgegeven groep" #: src/parse_args.c:635 msgid "set HOME variable to target user's home dir" msgstr "stel HOME variabele in om naar persoonlijke map van gebruiker te verwijzen" #: src/parse_args.c:637 msgid "display help message and exit" msgstr "hulptekst tonen en stoppen" #: src/parse_args.c:639 msgid "run command on host (if supported by plugin)" msgstr "voer opdracht uit op computer (enkel als plugin dit ondersteund)" #: src/parse_args.c:641 msgid "run login shell as the target user; a command may also be specified" msgstr "voer een inlogshell uit als beoogd gebruiker; een opdracht mag ook worden opgegeven" #: src/parse_args.c:643 msgid "remove timestamp file completely" msgstr "verwijder tijdbestand volledig" #: src/parse_args.c:645 msgid "invalidate timestamp file" msgstr "maak tijdbestand ongeldig" #: src/parse_args.c:647 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "geef privileges van gebruiker weer of controleer specifieke opdracht; gebuik twee keer voor uitgebreidere opmaak" #: src/parse_args.c:649 msgid "non-interactive mode, no prompts are used" msgstr "niet-interactieve modus, geen interactie met gebruiker" #: src/parse_args.c:651 msgid "preserve group vector instead of setting to target's" msgstr "behoud groepsvector in plaats van die van het doel in te stellen" #: src/parse_args.c:653 msgid "use the specified password prompt" msgstr "gebruik gespecifeerde wachtwoordvraag" #: src/parse_args.c:656 msgid "create SELinux security context with specified role" msgstr "maak SELinux beveiligingscontext met gespecificeerde rol aan" #: src/parse_args.c:659 msgid "read password from standard input" msgstr "lees wachtwoord van standaardinvoer" #: src/parse_args.c:661 msgid "run shell as the target user; a command may also be specified" msgstr "voer shell uit als doelgebruiker; een opdracht mag ook worden opgegeven" #: src/parse_args.c:664 msgid "create SELinux security context with specified type" msgstr "maak SELinux beveiligingscontext met gespecificeerde type aan" #: src/parse_args.c:667 msgid "in list mode, display privileges for user" msgstr "in lijstmodus, geef privileges voor gebruiker weer" #: src/parse_args.c:669 msgid "run command (or edit file) as specified user name or ID" msgstr "voer opdracht uit (of bewerk bestand) als gespecificeerde gebruiker" #: src/parse_args.c:671 msgid "display version information and exit" msgstr "versie-informatie tonen en stoppen" #: src/parse_args.c:673 msgid "update user's timestamp without running a command" msgstr "werk tijd van gebruiker bij zonder opdracht uit te voeren" #: src/parse_args.c:675 msgid "stop processing command line arguments" msgstr "stop verwerken opdrachtregelargumenten" #: src/selinux.c:77 #, c-format msgid "unable to open audit system" msgstr "kan audit-systeem niet openen" #: src/selinux.c:85 #, c-format msgid "unable to send audit message" msgstr "kan audit-melding niet verzenden" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "fgetfilecon %s mislukt" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s gewijzigde labels" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "kan context voor %s niet herstellen" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "kan %s niet openen, terminaltitel wordt niet opnieuw ingesteld" #: src/selinux.c:172 #, c-format msgid "unable to get current tty context, not relabeling tty" msgstr "kan huidige terminalcontext niet verkrijgen, terminaltitel wordt niet opniew ingesteld" #: src/selinux.c:179 #, c-format msgid "unable to get new tty context, not relabeling tty" msgstr "kan geen nieuwe terminalcontext verkrijgen, terminaltitel wordt niet opnieuw ingesteld" #: src/selinux.c:186 #, c-format msgid "unable to set new tty context" msgstr "kan nieuwe terminalcontext niet instellen" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "u moet een rol kiezen voor type %s" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "kan standaard-type niet verkrijgen voor rol %s" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "instellen van nieuwe rol %s mislukt" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "instellen van nieuw type %s mislukt" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s is geen geldige context" #: src/selinux.c:324 #, c-format msgid "failed to get old_context" msgstr "verkrijgen old_context mislukt" #: src/selinux.c:330 #, c-format msgid "unable to determine enforcing mode." msgstr "kan afdwingende modus niet vinden." #: src/selinux.c:342 #, c-format msgid "unable to setup tty context for %s" msgstr "kan terminalcontext niet instellen voor %s" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "kan uitvoeringscontext niet instellen op %s" #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "kan context voor aanmaak van sleutels niet instellen op %s" #: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "tenminste één argument vereist" #: src/sesh.c:78 src/sudo.c:1114 #, c-format msgid "unable to execute %s" msgstr "kan %s niet uitvoeren" #: src/solaris.c:88 #, c-format msgid "resource control limit has been reached" msgstr "hulpbroncontrolelimiet is bereikt" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "gebruiker \"%s\" is geen lid van project \"%s\"" #: src/solaris.c:95 #, c-format msgid "the invoking task is final" msgstr "de aanroepende taak is klaar" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "kan project \"%s\" niet samenvoegen" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "er bestaat geen hulpbronnengroep voor project \"%s\" die de standaardbindingen accepteert" #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "er bestaat geen hulpbronnengroep voor project \"%s\" die de standaardbindingen accepteert" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "kan niet verbinden met standaard hulpbronnen voor project \"%s\"" #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "setproject mislukt voor project \"%s\"" #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "waarschuwing, hulpbrontoewijzingscontrole mislukt voor project \"%s\"" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo versie %s\n" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Configuratieopties: %s\n" #: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" msgstr "fatale fout, kan geen plug-ins laden" #: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" msgstr "kan beleidsplug-in niet instellen" #: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "fout bij initialiseren-I/O plug-in %s" #: src/sudo.c:294 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "onverwachte sudo modus 0x%x" #: src/sudo.c:414 #, c-format msgid "unable to get group vector" msgstr "kan groepsvector niet verkrijgen" #: src/sudo.c:466 #, c-format msgid "unknown uid %u: who are you?" msgstr "onbekende uid %u: wie bent u?" #: src/sudo.c:788 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "eigenaar van %s moet gebruikersnummer %d zijn en de setuid bit ingesteld" #: src/sudo.c:791 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "gebruikt gebruikersnummer is niet %d, is %s op een bestandssysteem met de 'nosuid' optie ingesteld of een NFS bestandssysteem zonder rootrechten?" #: src/sudo.c:797 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "gebruikt gebruikersnummer is niet %d, is sudo geinstalleerd met setuid root?" #: src/sudo.c:923 #, c-format msgid "unknown login class %s" msgstr "onbekende inlog-klasse %s" #: src/sudo.c:936 #, c-format msgid "unable to set user context" msgstr "kan gebruikerscontext niet instellen" #: src/sudo.c:950 #, c-format msgid "unable to set supplementary group IDs" msgstr "kan aanvullende groeps-ID's niet instellen" #: src/sudo.c:957 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "kan effectieve gid niet instellen op runas-gid %u" #: src/sudo.c:963 #, c-format msgid "unable to set gid to runas gid %u" msgstr "kan gid niet instellen op runas-gid %u" #: src/sudo.c:970 #, c-format msgid "unable to set process priority" msgstr "kan taakprioriteit niet instellen" #: src/sudo.c:978 #, c-format msgid "unable to change root to %s" msgstr "kan root niet wijzigen naar %s" #: src/sudo.c:991 src/sudo.c:997 src/sudo.c:1003 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "kan niet wijzigen naar runas uid (%u, %u)" #: src/sudo.c:1020 #, c-format msgid "unable to change directory to %s" msgstr "kan map niet wijzigen naar %s" #: src/sudo.c:1077 #, c-format msgid "unexpected child termination condition: %d" msgstr "onverwachte dochter-afsluitvoorwaarde: %d" #: src/sudo.c:1134 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "beleidsplug-in %s heeft geen check_policy methode" #: src/sudo.c:1147 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "beleidsplug-in %s ondersteunt niet het tonen van privileges" #: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "beleidsplug-in %s ondersteunt niet de -v optie" #: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "beleidsplug-in %s ondersteunt niet de -k/-K opties" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "kan uid niet wijzigen naar root (%u)" #: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "plug-infout: missende bestandslijst voor sudoedit" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: geen regulier bestand" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: te weinig geschreven" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s ongewijzigd gelaten" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s ongewijzigd" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "kan niet schrijven naar %s" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "inhoud van bewerkingssessie achtergelaten in %s" #: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "kan tijdelijk bestand niet lezen" #: src/tgetpass.c:90 #, c-format msgid "no tty present and no askpass program specified" msgstr "geen terminal aanwezig en geen wachtwoordvraag(askpass)-programma opgegeven" #: src/tgetpass.c:99 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "geen wachtwoordvraag(askpass)-programma opgegeven, probeer SUDO_ASKPASS in te stellen" #: src/tgetpass.c:232 #, c-format msgid "unable to set gid to %u" msgstr "kan gid niet instellen op %u" #: src/tgetpass.c:236 #, c-format msgid "unable to set uid to %u" msgstr "kan uid niet instellen op %u" #: src/tgetpass.c:241 #, c-format msgid "unable to run %s" msgstr "kan %s niet uitvoeren" #: src/utmp.c:278 #, c-format msgid "unable to save stdin" msgstr "kan niet opslaan naar stdin" #: src/utmp.c:280 #, c-format msgid "unable to dup2 stdin" msgstr "kan dup2 niet uitvoeren op standaardinvoer" #: src/utmp.c:283 #, c-format msgid "unable to restore stdin" msgstr "kan stdin niet herstellen" #~ msgid "unable to allocate memory" #~ msgstr "kan geen geheugen reserveren" #~ msgid ": " #~ msgstr ": " #~ msgid "unknown user: %s" #~ msgstr "onbekende gebruiker: %s" #~ msgid "list user's available commands\n" #~ msgstr "geef voor gebruiker beschikbare opdrachten weer\n" #~ msgid "run a shell as target user\n" #~ msgstr "voer een shell uit als doel-gebruiker\n" #~ msgid "when listing, list specified user's privileges\n" #~ msgstr "bij listing, toon privileges van gespecificeerde gebruiker\n" sudo-1.8.9p5/src/po/pl.mo010064400175440000012000000424251226304146200145300ustar00millertstaffÞ•§Tߌ  !(6_q†Ÿ#¹Ýò$*6E |‰’™ ¡­ÄÔIë5F!U#w8›Ô3ð3$X$v'›{Ã7?.w¦ ºÛó0Jd#~1¢4Ô* )4>^#¹#Ý$$&%K%q&— ¾ÌOæ"66YC/Ô),.,[7ˆ4À3õ/)5Y+4».ð! Ab'7©-á,-.ZC‰=Í+ "77Z&’*¹2ä)5A>w¶Ñî &&B!i‹¡#ºÞó !B5Q&‡®1É"û4%Flˆž´/Ò  # > V r ƒ ˜ µ +Ó ÿ  !!8!(Z!ƒ!¡!%À!"æ! ")"A"\"(n"—"*­"(Ø"##"2#U#,r#1Ÿ#+Ñ#%ý#!#$)E$o$$<$2Ì$2ÿ$62%#i%~% '2'1H'z'’'°' Í'/î'(>(1Y("‹(A®(ð() )) )&)D)X)Dp)µ)Å)*Ö)**B,*,o*>œ*>Û*"+0=+4n+~£+G",8j,£,%¼,â,$ú,-*<-&g-'Ž-5¶-=ì-@*.3k.6Ÿ.MÖ.%$/2J/2}/3°/3ä/404M05‚0¸0$Ë0oð0'`1Sˆ1OÜ13,2 `2.2/°23à293.N3+}35©3:ß354?P4'4+¸4)ä4$5O351ƒ5µ5FÒ556YO6O©6Bù6/<72l75Ÿ70Õ768,=83j81ž8$Ð8+õ8 !9'B92j9=9,Û9 : ):,J:6w:®:'Ê:,ò:;K=;5‰;%¿;Få;-,<"Z<}<5š<(Ð<!ù< =,<=4i=)ž=#È=3ì=) >J>/h>.˜>)Ç>Hñ>4:?$o?<”?9Ñ?- @+9@,e@3’@,Æ@$ó@/A#HA4lA¡A0ÀA4ñA&BCB'_B‡B5¥BEÛB0!C-RC!€C2¢CÕCêCIÿC4ID4~DA³DõD3XVt5˜E>^|T€*„/!@FOBpze  Aƒ6“–\ …Qdœqv{’=¤f¦(Z•‡I:r+`kMU[›Cw¥<žhamJ4ŒRu ¢1‚)#N iD%o?&ІG§,ˆLH] sŽ; g-2"bPKW$Y£908}”™'_‘—.j¡~xl7n‰‹ycŸSš Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: %s %s: %s: %s %s: not a regular file%s: short writeConfigure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= numcontents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified rolecreate SELinux security context with specified typedisplay help message and exitdisplay version information and exitedit files instead of running a commandeffective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error in %s, line %d while loading plugin `%s'error in event looperror initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairfailed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsignoring duplicate I/O plugin `%s' in %s, line %dignoring duplicate policy plugin `%s' in %s, line %dignoring policy plugin `%s' in %s, line %din list mode, display privileges for userincompatible plugin major version %d (expected %d) found in %sinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalid max groups `%s' in %s, line %dinvalid valueinvalidate timestamp filelist user's privileges or check a specific command; use twice for longer formatload_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, no prompts are usedonly a single policy plugin may be specifiedplugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin %s is missing the `check_policy' methodpolicy plugin failed session initializationpreserve group vector instead of setting to target'spreserve user environment when running commandread password from standard inputremove timestamp file completelyrequires at least one argumentresource control limit has been reachedrun command (or edit file) as specified user name or IDrun command as the specified group name or IDrun command in the backgroundrun command on host (if supported by plugin)run command with the specified BSD login classrun login shell as the target user; a command may also be specifiedrun shell as the target user; a command may also be specifiedset HOME variable to target user's home dirsetproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line argumentssudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to add event to queueunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to find symbol `%s' in %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to load %s: %sunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set tty context to %sunable to set uid to %uunable to set user contextunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown policy type %d found in %sunknown uid %u: who are you?unsupported group source `%s' in %s, line %dupdate user's timestamp without running a commanduse a helper program for password promptinguse specified BSD authentication typeuse the specified password promptuser "%s" is not a member of project "%s"value too largevalue too smallwarning, resource control assignment failed for project "%s"you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo 1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-11 13:41-0700 PO-Revision-Date: 2013-12-26 21:15+0100 Last-Translator: Jakub Bogusz Language-Team: Polish Language: pl MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Opcje: %s - modyfikowanie plików jako inny użytkownik %s - wykonywanie poleceÅ„ jako inny użytkownik zmienionych etykiet: %s%s jest zapisywalny dla grupy%s nie jest zwykÅ‚ym plikiem%s nie jest poprawnym kontekstemwÅ‚aÅ›cicielem %s jest uid %u, powinien być %u%s jest zapisywalny dla Å›wiatapozostawiono bez zmian: %sprawo zapisu do %s może mieć tylko wÅ‚aÅ›cicielwÅ‚aÅ›cicielem %s musi być uid %d%s musi mieć uid %d jako wÅ‚aÅ›ciciela oraz ustawiony bit setuidnie zmieniono: %s%s%s: %s%s: %s%s: %s %s: %s: %s %s: nie jest zwykÅ‚ym plikiem%s: skrócony zapisOpcje konfiguracji: %s Można podać tylko jednÄ… z opcji -e, -h, -i, -K, -l, -s, -v lub -VSudo wersja %s Nieznany sygnaÅ‚zamkniÄ™cie wszystkich deskryptorów >= fdzawartość sesji edycji pozostawiono w %snie można przypisać do domyÅ›lnej puli zasobów w projekcie "%s"nie udaÅ‚o siÄ™ dołączyć do projektu "%s"utworzenie kontekstu bezpieczeÅ„stwa SELinuksa z podanÄ… rolÄ…utworzenie kontekstu bezpieczeÅ„stwa SELinuksa z podanym typemwyÅ›wietlenie opisu i zakoÅ„czeniewyÅ›wietlenie informacji o wersji i zakoÅ„czeniemodyfikowanie plików zamiast uruchomienia poleceniaefektywny uid nie wynosi %d, czy %s jest na systemie plików z opcjÄ… 'nosuid' albo systemie plików NFS bez uprawnieÅ„ roota?efektywny uid nie wynosi %d, czy sudo jest zainstalowane z setuid root?błąd w %s, w linii %d podczas wczytywania wtyczki `%s'błąd w pÄ™tli zdarzeÅ„błąd inicjalizacji wtyczki we/wy %sbłąd odczytu z potokubłąd odczytu z potoku sygnaÅ‚owegobłąd odczytu z pary gniazdnie udaÅ‚o siÄ™ uzyskać starego kontekstunie udaÅ‚o siÄ™ ustawić nowej roli %snie udaÅ‚o siÄ™ ustawić nowego typu %sbłąd krytyczny, nie udaÅ‚o siÄ™ zaÅ‚adować wtyczekzignotowano powtórzonÄ… wtyczkÄ™ we/wy `%s' w %s, w linii %dzignotowano powtórzonÄ… wtyczkÄ™ polityki `%s' w %s, w linii %dzignorowano wtyczkÄ™ polityki `%s' w %s, w linii %dw trybie listy - wyÅ›wietlenie uprawnieÅ„ użytkownikaniezgodna główna wersja polityki %d (zamiast oczekiwanej %d) napotkana w %sbłąd wewnÄ™trzny, przepeÅ‚nienie %sbłąd wewnÄ™trzny, próbowano wykonać ecalloc(0)błąd wewnÄ™trzny, próbowano wykonać emalloc(0)błąd wewnÄ™trzny, próbowano wykonać emalloc2(0)błąd wewnÄ™trzny, próbowano wykonać erealloc(0)błąd wewnÄ™trzny, próbowano wykonać erealloc3(0)błąd wewnÄ™trzny, próbowano wykonać erecalloc(0)błędna liczba maksymalna grup `%s' w %s, w linii %dbłędna wartośćunieważnienie pliku znacznika czasuwypisanie uprawnieÅ„ użytkownika lub sprawdzenie okreÅ›lonego polecenia; dwukrotne użycie to dÅ‚uższy formatload_interfaces: wykryto przepeÅ‚nienienie podano programu pytajÄ…cego o hasÅ‚o, proszÄ™ spróbować ustawić SUDO_ASKPASSnie istnieje pula zasobów akceptujÄ…ca domyÅ›lne przypisania dla projektu "%s"brak tty i nie podano programu pytajÄ…cego o hasÅ‚otryb nieinteraktywny, bez pytaÅ„może być podana tylko jedna wtyczka politykibłąd wtyczki: brak listy plików dla sudoeditwtyczka polityki %s nie zawiera metody check_policywtyczka polityki %s nie obsÅ‚uguje wypisywania uprawnieÅ„wtyczka polityki %s nie obsÅ‚uguje opcji -k/-Kwtyczka polityki %s nie obsÅ‚uguje opcji -vwtyczka polityki %s nie zawiera metody `check_policy'nie udaÅ‚o siÄ™ zainicjować sesji przez wtyczkÄ™ politykizachowanie wektora grup zamiast ustawiania docelowychzachowanie Å›rodowiska użytkownika przy uruchamianiu poleceniaodczyt hasÅ‚a ze standardowego wejÅ›ciacaÅ‚kowite usuniÄ™cie pliku znacznika czasuwymagany jest przynajmniej jeden argumentosiÄ…gniÄ™to limit kontroli zasobówuruchomienie polecenia (lub modyfikowanie pliku) jako podany użytkownik lub IDwywoÅ‚anie polecenia jako okreÅ›lona grupa lub IDuruchomienie polecenia w tleuruchomienie polecenia na hoÅ›cie (jeÅ›li obsÅ‚ugiwane przez wtyczkÄ™)uruchomienie polecenia z podanÄ… klasÄ… logowania BSDuruchomienie powÅ‚oki logowania jako użytkownik docelowy; można także podać polecenieuruchomienie powÅ‚oki jako użytkownik docelowy; można także podać polecenieustawienie zmiennej HOME na katalog domowy użytkownika docelowegosetproject dla projektu "%s" nie powiodÅ‚o siÄ™podana pula zasobów nie istnieje w projekcie "%s"zakoÅ„czenie przetwarzania argumentów linii poleceÅ„sudoedit nie jest obsÅ‚ugiwane na tej platformieopcji `-A' oraz `-S' nie można używać jednoczeÅ›nieopcja `-E' nie jest poprawna w trybie edycjiopcji `-U' można używać tylko wraz z opcjÄ… `-l'argument opcji -C musi być wiÄ™kszy lub równy 3zadanie uruchamiajÄ…ce jest ostatnimnie udaÅ‚o siÄ™ dodać zdarzenia do kolejkinie udaÅ‚o siÄ™ przydzielić ptynie udaÅ‚o siÄ™ zmienić katalogu na %snie udaÅ‚o siÄ™ zmienić katalogu głównego na %snie udaÅ‚o siÄ™ zmienić uid-ów, aby dziaÅ‚ać jako (%u, %u)nie udaÅ‚o siÄ™ zmienić uid-a na roota (%u)nie udaÅ‚o siÄ™ utworzyć potokunie udaÅ‚o siÄ™ utworzyć gniazdnie udaÅ‚o siÄ™ okreÅ›lić trybu wymuszenia.nie udaÅ‚o siÄ™ wykonać dup2 na standardowym wejÅ›ciunie udaÅ‚o siÄ™ wykonać %snie udaÅ‚o siÄ™ wykonać fgetfilecon %snie udaÅ‚o siÄ™ odnaleźć symbolu `%s' w %snie udaÅ‚o siÄ™ wykonać forknie udaÅ‚o siÄ™ uzyskać bieżącego kontekstu tty, bez zmiany etykiety ttynie udaÅ‚o siÄ™ uzyskać domyÅ›lnego typu dla roli %snie udaÅ‚o siÄ™ uzyskać wektora grupnie udaÅ‚o siÄ™ uzyskać nowego kontekstu tty, bez zmiany etykiety ttynie udaÅ‚o siÄ™ zainicjować wtyczki politykinie udaÅ‚o siÄ™ zaÅ‚adować %s: %snie udaÅ‚o siÄ™ otworzyć %snie udaÅ‚o siÄ™ otworzyć %s, bez zmiany etykiety ttynie udaÅ‚o siÄ™ otworzyć systemu audytunie udaÅ‚o siÄ™ otworzyć gniazdanie udaÅ‚o siÄ™ otworzyć userdbnie udaÅ‚o siÄ™ odczytać pliku tymczasowegonie udaÅ‚o siÄ™ usunąć PRIV_PROC_EXEC z PRIV_LIMITnie udaÅ‚o siÄ™ przywrócić kontekstu %snie udaÅ‚o siÄ™ odtworzyć rejestrunie udaÅ‚o siÄ™ przywrócić standardowego wejÅ›cianie udaÅ‚o siÄ™ przywrócić etykiety ttynie udaÅ‚o siÄ™ uruchomić %snie udaÅ‚o siÄ™ zapisać standardowego wejÅ›cianie udaÅ‚o siÄ™ wysÅ‚ać komunikatu audytowegonie udaÅ‚o siÄ™ ustawić sterujÄ…cego ttynie udaÅ‚o siÄ™ ustawić efektywnego gid-a w celu dziaÅ‚ania jako gid %unie udaÅ‚o siÄ™ ustawić kontekstu wykonywania na %snie udaÅ‚o siÄ™ ustawić gid-a na %unie udaÅ‚o siÄ™ ustawić gid-a w celu dziaÅ‚ania jako gid %unie udaÅ‚o siÄ™ ustawić kontekstu tworzenia klucza na %snie udaÅ‚o siÄ™ ustawić nowego kontekstu ttynie udaÅ‚o siÄ™ ustawić priorytetu procesunie udaÅ‚o siÄ™ ustawić ID dodatkowych grupnie udaÅ‚o siÄ™ przestawić terminala w tryb surowynie udaÅ‚o siÄ™ ustawić kontekstu tty na %snie udaÅ‚o siÄ™ ustawić uid-a na %unie udaÅ‚o siÄ™ ustawić kontekstu użytkownikanie udaÅ‚o siÄ™ wykonać stat na %snie udaÅ‚o siÄ™ przełączyć na rejestr "%s" dla %snie udaÅ‚o siÄ™ zapisać do %snieoczekiwane zakoÅ„czenie procesu potomnego: %dnieoczekiwany typ odpowiedzi z kanaÅ‚u zwrotnego: %dnieoczekiwany tryb sudo 0x%xnieznana klasa logowania %snieznany typ polityki %d napotkany w %snieznany uid %u: kim jesteÅ›?nie obsÅ‚ugiwane źródÅ‚o grup `%s' w %s, w linii %duaktualnienie znacznika czasu użytkownika bez uruchamiania poleceniaużycie programu pomocniczego do pytaÅ„ o hasÅ‚oużycie podanego rodzaju uwierzytelnienia BSDużycie podanego pytania o hasÅ‚oużytkownik "%s" nie jest czÅ‚onkiem projektu "%s"wartość zbyt dużawartość zbyt maÅ‚auwaga: przypisanie kontroli zasobów dla projektu "%s" nie powiodÅ‚o siÄ™nie można podać jednoczeÅ›nie opcji `-i' oraz `-E'nie można podać jednoczeÅ›nie opcji `-i' oraz `-s'w trybie edycji nie można przekazywać zmiennych Å›rodowiskowychtrzeba podać rolÄ™ dla typu %ssudo-1.8.9p5/src/po/pl.po010064400175440000012000000555371226304126400145430ustar00millertstaff# Polish translation for sudo. # This file is put in the public domain. # Jakub Bogusz , 2011-2013. # msgid "" msgstr "" "Project-Id-Version: sudo 1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-11 13:41-0700\n" "PO-Revision-Date: 2013-12-26 21:15+0100\n" "Last-Translator: Jakub Bogusz \n" "Language-Team: Polish \n" "Language: pl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: common/aix.c:93 common/aix.c:150 msgid "unable to open userdb" msgstr "nie udaÅ‚o siÄ™ otworzyć userdb" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "nie udaÅ‚o siÄ™ przełączyć na rejestr \"%s\" dla %s" #: common/aix.c:170 msgid "unable to restore registry" msgstr "nie udaÅ‚o siÄ™ odtworzyć rejestru" #: common/alloc.c:81 msgid "internal error, tried to emalloc(0)" msgstr "błąd wewnÄ™trzny, próbowano wykonać emalloc(0)" #: common/alloc.c:98 msgid "internal error, tried to emalloc2(0)" msgstr "błąd wewnÄ™trzny, próbowano wykonać emalloc2(0)" #: common/alloc.c:100 common/alloc.c:122 common/alloc.c:162 common/alloc.c:185 #, c-format msgid "internal error, %s overflow" msgstr "błąd wewnÄ™trzny, przepeÅ‚nienie %s" #: common/alloc.c:119 msgid "internal error, tried to ecalloc(0)" msgstr "błąd wewnÄ™trzny, próbowano wykonać ecalloc(0)" #: common/alloc.c:141 msgid "internal error, tried to erealloc(0)" msgstr "błąd wewnÄ™trzny, próbowano wykonać erealloc(0)" #: common/alloc.c:160 msgid "internal error, tried to erealloc3(0)" msgstr "błąd wewnÄ™trzny, próbowano wykonać erealloc3(0)" #: common/alloc.c:183 msgid "internal error, tried to erecalloc(0)" msgstr "błąd wewnÄ™trzny, próbowano wykonać erecalloc(0)" #: common/atoid.c:78 common/atoid.c:106 common/atomode.c:54 #: compat/strtonum.c:65 compat/strtonum.c:183 msgid "invalid value" msgstr "błędna wartość" #: common/atoid.c:85 common/atoid.c:113 common/atomode.c:60 #: compat/strtonum.c:68 compat/strtonum.c:195 msgid "value too large" msgstr "wartość zbyt duża" #: common/atoid.c:91 common/atomode.c:60 compat/strtonum.c:68 #: compat/strtonum.c:189 msgid "value too small" msgstr "wartość zbyt maÅ‚a" #: common/fatal.c:158 #, c-format msgid "%s: %s: %s\n" msgstr "%s: %s: %s\n" #: common/fatal.c:161 common/fatal.c:165 #, c-format msgid "%s: %s\n" msgstr "%s: %s\n" #: common/gidlist.c:80 src/load_plugins.c:63 src/load_plugins.c:76 #: src/sudo.c:558 src/sudo.c:577 src/sudo.c:599 src/sudo.c:608 src/sudo.c:617 #: src/sudo.c:632 src/sudo.c:679 src/sudo.c:689 #, c-format msgid "%s: %s" msgstr "%s: %s" #: common/sudo_conf.c:177 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "nie obsÅ‚ugiwane źródÅ‚o grup `%s' w %s, w linii %d" #: common/sudo_conf.c:191 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "błędna liczba maksymalna grup `%s' w %s, w linii %d" #: common/sudo_conf.c:391 #, c-format msgid "unable to stat %s" msgstr "nie udaÅ‚o siÄ™ wykonać stat na %s" #: common/sudo_conf.c:394 #, c-format msgid "%s is not a regular file" msgstr "%s nie jest zwykÅ‚ym plikiem" #: common/sudo_conf.c:397 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "wÅ‚aÅ›cicielem %s jest uid %u, powinien być %u" #: common/sudo_conf.c:401 #, c-format msgid "%s is world writable" msgstr "%s jest zapisywalny dla Å›wiata" #: common/sudo_conf.c:404 #, c-format msgid "%s is group writable" msgstr "%s jest zapisywalny dla grupy" #: common/sudo_conf.c:414 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "nie udaÅ‚o siÄ™ otworzyć %s" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Nieznany sygnaÅ‚" #: src/exec.c:133 src/exec_pty.c:744 msgid "policy plugin failed session initialization" msgstr "nie udaÅ‚o siÄ™ zainicjować sesji przez wtyczkÄ™ polityki" #: src/exec.c:138 src/exec_pty.c:760 src/exec_pty.c:1272 src/tgetpass.c:221 msgid "unable to fork" msgstr "nie udaÅ‚o siÄ™ wykonać fork" #: src/exec.c:309 src/exec.c:317 src/exec.c:841 src/exec_pty.c:507 #: src/exec_pty.c:512 src/exec_pty.c:570 src/exec_pty.c:577 src/exec_pty.c:870 #: src/exec_pty.c:880 src/exec_pty.c:925 src/exec_pty.c:932 #: src/exec_pty.c:1334 src/exec_pty.c:1341 src/exec_pty.c:1348 msgid "unable to add event to queue" msgstr "nie udaÅ‚o siÄ™ dodać zdarzenia do kolejki" #: src/exec.c:394 msgid "unable to create sockets" msgstr "nie udaÅ‚o siÄ™ utworzyć gniazd" #: src/exec.c:477 msgid "error in event loop" msgstr "błąd w pÄ™tli zdarzeÅ„" #: src/exec.c:492 msgid "unable to restore tty label" msgstr "nie udaÅ‚o siÄ™ przywrócić etykiety tty" #: src/exec_common.c:73 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "nie udaÅ‚o siÄ™ usunąć PRIV_PROC_EXEC z PRIV_LIMIT" #: src/exec_pty.c:184 msgid "unable to allocate pty" msgstr "nie udaÅ‚o siÄ™ przydzielić pty" #: src/exec_pty.c:682 src/exec_pty.c:691 src/exec_pty.c:699 #: src/exec_pty.c:1192 src/exec_pty.c:1269 src/signal.c:126 src/tgetpass.c:218 msgid "unable to create pipe" msgstr "nie udaÅ‚o siÄ™ utworzyć potoku" #: src/exec_pty.c:735 msgid "unable to set terminal to raw mode" msgstr "nie udaÅ‚o siÄ™ przestawić terminala w tryb surowy" #: src/exec_pty.c:1091 msgid "error reading from signal pipe" msgstr "błąd odczytu z potoku sygnaÅ‚owego" #: src/exec_pty.c:1124 msgid "error reading from pipe" msgstr "błąd odczytu z potoku" #: src/exec_pty.c:1149 msgid "error reading from socketpair" msgstr "błąd odczytu z pary gniazd" #: src/exec_pty.c:1158 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "nieoczekiwany typ odpowiedzi z kanaÅ‚u zwrotnego: %d" #: src/exec_pty.c:1248 msgid "unable to set controlling tty" msgstr "nie udaÅ‚o siÄ™ ustawić sterujÄ…cego tty" #: src/load_plugins.c:61 src/load_plugins.c:74 src/load_plugins.c:91 #: src/load_plugins.c:144 src/load_plugins.c:150 src/load_plugins.c:156 #: src/load_plugins.c:197 src/load_plugins.c:204 src/load_plugins.c:211 #: src/load_plugins.c:217 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "błąd w %s, w linii %d podczas wczytywania wtyczki `%s'" #: src/load_plugins.c:93 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:152 #, c-format msgid "%s must be owned by uid %d" msgstr "wÅ‚aÅ›cicielem %s musi być uid %d" #: src/load_plugins.c:158 #, c-format msgid "%s must be only be writable by owner" msgstr "prawo zapisu do %s może mieć tylko wÅ‚aÅ›ciciel" #: src/load_plugins.c:199 #, c-format msgid "unable to load %s: %s" msgstr "nie udaÅ‚o siÄ™ zaÅ‚adować %s: %s" #: src/load_plugins.c:206 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "nie udaÅ‚o siÄ™ odnaleźć symbolu `%s' w %s" #: src/load_plugins.c:213 #, c-format msgid "unknown policy type %d found in %s" msgstr "nieznany typ polityki %d napotkany w %s" #: src/load_plugins.c:219 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "niezgodna główna wersja polityki %d (zamiast oczekiwanej %d) napotkana w %s" #: src/load_plugins.c:228 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "zignorowano wtyczkÄ™ polityki `%s' w %s, w linii %d" #: src/load_plugins.c:230 msgid "only a single policy plugin may be specified" msgstr "może być podana tylko jedna wtyczka polityki" #: src/load_plugins.c:233 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "zignotowano powtórzonÄ… wtyczkÄ™ polityki `%s' w %s, w linii %d" #: src/load_plugins.c:248 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "zignotowano powtórzonÄ… wtyczkÄ™ we/wy `%s' w %s, w linii %d" #: src/load_plugins.c:319 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "wtyczka polityki %s nie zawiera metody check_policy" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 msgid "load_interfaces: overflow detected" msgstr "load_interfaces: wykryto przepeÅ‚nienie" #: src/net_ifs.c:226 msgid "unable to open socket" msgstr "nie udaÅ‚o siÄ™ otworzyć gniazda" #: src/parse_args.c:246 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "argument opcji -C musi być wiÄ™kszy lub równy 3" #: src/parse_args.c:408 msgid "you may not specify both the `-i' and `-s' options" msgstr "nie można podać jednoczeÅ›nie opcji `-i' oraz `-s'" #: src/parse_args.c:412 msgid "you may not specify both the `-i' and `-E' options" msgstr "nie można podać jednoczeÅ›nie opcji `-i' oraz `-E'" #: src/parse_args.c:422 msgid "the `-E' option is not valid in edit mode" msgstr "opcja `-E' nie jest poprawna w trybie edycji" #: src/parse_args.c:424 msgid "you may not specify environment variables in edit mode" msgstr "w trybie edycji nie można przekazywać zmiennych Å›rodowiskowych" #: src/parse_args.c:432 msgid "the `-U' option may only be used with the `-l' option" msgstr "opcji `-U' można używać tylko wraz z opcjÄ… `-l'" #: src/parse_args.c:436 msgid "the `-A' and `-S' options may not be used together" msgstr "opcji `-A' oraz `-S' nie można używać jednoczeÅ›nie" #: src/parse_args.c:519 msgid "sudoedit is not supported on this platform" msgstr "sudoedit nie jest obsÅ‚ugiwane na tej platformie" #: src/parse_args.c:592 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Można podać tylko jednÄ… z opcji -e, -h, -i, -K, -l, -s, -v lub -V" #: src/parse_args.c:606 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s - modyfikowanie plików jako inny użytkownik\n" "\n" #: src/parse_args.c:608 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s - wykonywanie poleceÅ„ jako inny użytkownik\n" "\n" #: src/parse_args.c:613 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "Opcje:\n" #: src/parse_args.c:615 msgid "use a helper program for password prompting" msgstr "użycie programu pomocniczego do pytaÅ„ o hasÅ‚o" #: src/parse_args.c:618 msgid "use specified BSD authentication type" msgstr "użycie podanego rodzaju uwierzytelnienia BSD" #: src/parse_args.c:621 msgid "run command in the background" msgstr "uruchomienie polecenia w tle" #: src/parse_args.c:623 msgid "close all file descriptors >= num" msgstr "zamkniÄ™cie wszystkich deskryptorów >= fd" #: src/parse_args.c:626 msgid "run command with the specified BSD login class" msgstr "uruchomienie polecenia z podanÄ… klasÄ… logowania BSD" #: src/parse_args.c:629 msgid "preserve user environment when running command" msgstr "zachowanie Å›rodowiska użytkownika przy uruchamianiu polecenia" #: src/parse_args.c:631 msgid "edit files instead of running a command" msgstr "modyfikowanie plików zamiast uruchomienia polecenia" #: src/parse_args.c:633 msgid "run command as the specified group name or ID" msgstr "wywoÅ‚anie polecenia jako okreÅ›lona grupa lub ID" #: src/parse_args.c:635 msgid "set HOME variable to target user's home dir" msgstr "ustawienie zmiennej HOME na katalog domowy użytkownika docelowego" #: src/parse_args.c:637 msgid "display help message and exit" msgstr "wyÅ›wietlenie opisu i zakoÅ„czenie" #: src/parse_args.c:639 msgid "run command on host (if supported by plugin)" msgstr "uruchomienie polecenia na hoÅ›cie (jeÅ›li obsÅ‚ugiwane przez wtyczkÄ™)" #: src/parse_args.c:641 msgid "run login shell as the target user; a command may also be specified" msgstr "uruchomienie powÅ‚oki logowania jako użytkownik docelowy; można także podać polecenie" #: src/parse_args.c:643 msgid "remove timestamp file completely" msgstr "caÅ‚kowite usuniÄ™cie pliku znacznika czasu" #: src/parse_args.c:645 msgid "invalidate timestamp file" msgstr "unieważnienie pliku znacznika czasu" #: src/parse_args.c:647 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "wypisanie uprawnieÅ„ użytkownika lub sprawdzenie okreÅ›lonego polecenia; dwukrotne użycie to dÅ‚uższy format" #: src/parse_args.c:649 msgid "non-interactive mode, no prompts are used" msgstr "tryb nieinteraktywny, bez pytaÅ„" #: src/parse_args.c:651 msgid "preserve group vector instead of setting to target's" msgstr "zachowanie wektora grup zamiast ustawiania docelowych" #: src/parse_args.c:653 msgid "use the specified password prompt" msgstr "użycie podanego pytania o hasÅ‚o" #: src/parse_args.c:656 msgid "create SELinux security context with specified role" msgstr "utworzenie kontekstu bezpieczeÅ„stwa SELinuksa z podanÄ… rolÄ…" #: src/parse_args.c:659 msgid "read password from standard input" msgstr "odczyt hasÅ‚a ze standardowego wejÅ›cia" #: src/parse_args.c:661 msgid "run shell as the target user; a command may also be specified" msgstr "uruchomienie powÅ‚oki jako użytkownik docelowy; można także podać polecenie" #: src/parse_args.c:664 msgid "create SELinux security context with specified type" msgstr "utworzenie kontekstu bezpieczeÅ„stwa SELinuksa z podanym typem" #: src/parse_args.c:667 msgid "in list mode, display privileges for user" msgstr "w trybie listy - wyÅ›wietlenie uprawnieÅ„ użytkownika" #: src/parse_args.c:669 msgid "run command (or edit file) as specified user name or ID" msgstr "uruchomienie polecenia (lub modyfikowanie pliku) jako podany użytkownik lub ID" #: src/parse_args.c:671 msgid "display version information and exit" msgstr "wyÅ›wietlenie informacji o wersji i zakoÅ„czenie" #: src/parse_args.c:673 msgid "update user's timestamp without running a command" msgstr "uaktualnienie znacznika czasu użytkownika bez uruchamiania polecenia" #: src/parse_args.c:675 msgid "stop processing command line arguments" msgstr "zakoÅ„czenie przetwarzania argumentów linii poleceÅ„" #: src/selinux.c:77 msgid "unable to open audit system" msgstr "nie udaÅ‚o siÄ™ otworzyć systemu audytu" #: src/selinux.c:85 msgid "unable to send audit message" msgstr "nie udaÅ‚o siÄ™ wysÅ‚ać komunikatu audytowego" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "nie udaÅ‚o siÄ™ wykonać fgetfilecon %s" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "zmienionych etykiet: %s" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "nie udaÅ‚o siÄ™ przywrócić kontekstu %s" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "nie udaÅ‚o siÄ™ otworzyć %s, bez zmiany etykiety tty" #: src/selinux.c:172 msgid "unable to get current tty context, not relabeling tty" msgstr "nie udaÅ‚o siÄ™ uzyskać bieżącego kontekstu tty, bez zmiany etykiety tty" #: src/selinux.c:179 msgid "unable to get new tty context, not relabeling tty" msgstr "nie udaÅ‚o siÄ™ uzyskać nowego kontekstu tty, bez zmiany etykiety tty" #: src/selinux.c:186 msgid "unable to set new tty context" msgstr "nie udaÅ‚o siÄ™ ustawić nowego kontekstu tty" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "trzeba podać rolÄ™ dla typu %s" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "nie udaÅ‚o siÄ™ uzyskać domyÅ›lnego typu dla roli %s" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "nie udaÅ‚o siÄ™ ustawić nowej roli %s" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "nie udaÅ‚o siÄ™ ustawić nowego typu %s" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s nie jest poprawnym kontekstem" #: src/selinux.c:324 msgid "failed to get old_context" msgstr "nie udaÅ‚o siÄ™ uzyskać starego kontekstu" #: src/selinux.c:330 msgid "unable to determine enforcing mode." msgstr "nie udaÅ‚o siÄ™ okreÅ›lić trybu wymuszenia." #: src/selinux.c:342 #, c-format msgid "unable to set tty context to %s" msgstr "nie udaÅ‚o siÄ™ ustawić kontekstu tty na %s" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "nie udaÅ‚o siÄ™ ustawić kontekstu wykonywania na %s" #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "nie udaÅ‚o siÄ™ ustawić kontekstu tworzenia klucza na %s" #: src/sesh.c:57 msgid "requires at least one argument" msgstr "wymagany jest przynajmniej jeden argument" #: src/sesh.c:78 src/sudo.c:1088 #, c-format msgid "unable to execute %s" msgstr "nie udaÅ‚o siÄ™ wykonać %s" #: src/solaris.c:88 msgid "resource control limit has been reached" msgstr "osiÄ…gniÄ™to limit kontroli zasobów" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "użytkownik \"%s\" nie jest czÅ‚onkiem projektu \"%s\"" #: src/solaris.c:95 msgid "the invoking task is final" msgstr "zadanie uruchamiajÄ…ce jest ostatnim" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "nie udaÅ‚o siÄ™ dołączyć do projektu \"%s\"" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "nie istnieje pula zasobów akceptujÄ…ca domyÅ›lne przypisania dla projektu \"%s\"" #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "podana pula zasobów nie istnieje w projekcie \"%s\"" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "nie można przypisać do domyÅ›lnej puli zasobów w projekcie \"%s\"" #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "setproject dla projektu \"%s\" nie powiodÅ‚o siÄ™" #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "uwaga: przypisanie kontroli zasobów dla projektu \"%s\" nie powiodÅ‚o siÄ™" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo wersja %s\n" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Opcje konfiguracji: %s\n" #: src/sudo.c:203 msgid "fatal error, unable to load plugins" msgstr "błąd krytyczny, nie udaÅ‚o siÄ™ zaÅ‚adować wtyczek" #: src/sudo.c:211 msgid "unable to initialize policy plugin" msgstr "nie udaÅ‚o siÄ™ zainicjować wtyczki polityki" #: src/sudo.c:267 #, c-format msgid "error initializing I/O plugin %s" msgstr "błąd inicjalizacji wtyczki we/wy %s" #: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "nieoczekiwany tryb sudo 0x%x" #: src/sudo.c:413 msgid "unable to get group vector" msgstr "nie udaÅ‚o siÄ™ uzyskać wektora grup" #: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "nieznany uid %u: kim jesteÅ›?" #: src/sudo.c:762 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s musi mieć uid %d jako wÅ‚aÅ›ciciela oraz ustawiony bit setuid" #: src/sudo.c:765 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "efektywny uid nie wynosi %d, czy %s jest na systemie plików z opcjÄ… 'nosuid' albo systemie plików NFS bez uprawnieÅ„ roota?" #: src/sudo.c:771 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "efektywny uid nie wynosi %d, czy sudo jest zainstalowane z setuid root?" #: src/sudo.c:897 #, c-format msgid "unknown login class %s" msgstr "nieznana klasa logowania %s" #: src/sudo.c:910 msgid "unable to set user context" msgstr "nie udaÅ‚o siÄ™ ustawić kontekstu użytkownika" #: src/sudo.c:924 msgid "unable to set supplementary group IDs" msgstr "nie udaÅ‚o siÄ™ ustawić ID dodatkowych grup" #: src/sudo.c:931 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "nie udaÅ‚o siÄ™ ustawić efektywnego gid-a w celu dziaÅ‚ania jako gid %u" #: src/sudo.c:937 #, c-format msgid "unable to set gid to runas gid %u" msgstr "nie udaÅ‚o siÄ™ ustawić gid-a w celu dziaÅ‚ania jako gid %u" #: src/sudo.c:944 msgid "unable to set process priority" msgstr "nie udaÅ‚o siÄ™ ustawić priorytetu procesu" #: src/sudo.c:952 #, c-format msgid "unable to change root to %s" msgstr "nie udaÅ‚o siÄ™ zmienić katalogu głównego na %s" #: src/sudo.c:965 src/sudo.c:971 src/sudo.c:977 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "nie udaÅ‚o siÄ™ zmienić uid-ów, aby dziaÅ‚ać jako (%u, %u)" #: src/sudo.c:994 #, c-format msgid "unable to change directory to %s" msgstr "nie udaÅ‚o siÄ™ zmienić katalogu na %s" #: src/sudo.c:1051 #, c-format msgid "unexpected child termination condition: %d" msgstr "nieoczekiwane zakoÅ„czenie procesu potomnego: %d" #: src/sudo.c:1108 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "wtyczka polityki %s nie zawiera metody `check_policy'" #: src/sudo.c:1121 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "wtyczka polityki %s nie obsÅ‚uguje wypisywania uprawnieÅ„" #: src/sudo.c:1133 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "wtyczka polityki %s nie obsÅ‚uguje opcji -v" #: src/sudo.c:1145 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "wtyczka polityki %s nie obsÅ‚uguje opcji -k/-K" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "nie udaÅ‚o siÄ™ zmienić uid-a na roota (%u)" #: src/sudo_edit.c:142 msgid "plugin error: missing file list for sudoedit" msgstr "błąd wtyczki: brak listy plików dla sudoedit" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: nie jest zwykÅ‚ym plikiem" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: skrócony zapis" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "pozostawiono bez zmian: %s" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "nie zmieniono: %s" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "nie udaÅ‚o siÄ™ zapisać do %s" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "zawartość sesji edycji pozostawiono w %s" #: src/sudo_edit.c:314 msgid "unable to read temporary file" msgstr "nie udaÅ‚o siÄ™ odczytać pliku tymczasowego" #: src/tgetpass.c:90 msgid "no tty present and no askpass program specified" msgstr "brak tty i nie podano programu pytajÄ…cego o hasÅ‚o" #: src/tgetpass.c:99 msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "nie podano programu pytajÄ…cego o hasÅ‚o, proszÄ™ spróbować ustawić SUDO_ASKPASS" #: src/tgetpass.c:232 #, c-format msgid "unable to set gid to %u" msgstr "nie udaÅ‚o siÄ™ ustawić gid-a na %u" #: src/tgetpass.c:236 #, c-format msgid "unable to set uid to %u" msgstr "nie udaÅ‚o siÄ™ ustawić uid-a na %u" #: src/tgetpass.c:241 #, c-format msgid "unable to run %s" msgstr "nie udaÅ‚o siÄ™ uruchomić %s" #: src/utmp.c:278 msgid "unable to save stdin" msgstr "nie udaÅ‚o siÄ™ zapisać standardowego wejÅ›cia" #: src/utmp.c:280 msgid "unable to dup2 stdin" msgstr "nie udaÅ‚o siÄ™ wykonać dup2 na standardowym wejÅ›ciu" #: src/utmp.c:283 msgid "unable to restore stdin" msgstr "nie udaÅ‚o siÄ™ przywrócić standardowego wejÅ›cia" sudo-1.8.9p5/src/po/pt_BR.mo010064400175440000012000000426051226304126400151230ustar00millertstaffÞ•§Tߌ  !(6_q†Ÿ#¹Ýò$*6E |‰’™ ¡­ÄÔIë5F!U#w8›Ô3ð3$X$v'›{Ã7?.w¦ ºÛó0Jd#~1¢4Ô* )4>^#¹#Ý$$&%K%q&— ¾ÌOæ"66YC/Ô),.,[7ˆ4À3õ/)5Y+4».ð! Ab'7©-á,-.ZC‰=Í+ "77Z&’*¹2ä)5A>w¶Ñî &&B!i‹¡#ºÞó !B5Q&‡®1É"û4%Flˆž´/Ò  # > V r ƒ ˜ µ +Ó ÿ  !!8!(Z!ƒ!¡!%À!"æ! ")"A"\"(n"—"*­"(Ø"##"2#U#,r#1Ÿ#+Ñ#%ý#!#$)E$o$$<$2Ì$2ÿ$62%#i%Õ% c')o'-™'Ç'Û'ö'()1([(w(&Ž(µ(:Ô()")+)2) :)F)c)u)N•)ä)õ)/*.8*Kg*-³*?á*>!+!`+(‚+,«+Ø+Df,-«,Ù,'ð,&-/?-o-Ž-©-È-3æ-7.=R.3.1Ä.Hö.$?/%d/%Š/&°/&×/'þ/'&00N00"0j²0+1CI1T1=â13 24T28‰2>Â2C3;E3637¸35ð3<&47c4›4.º4é4*5S15:…5$À5>å57$6V\6N³6=7%@7>f7:¥7,à7< 82J87}88µ8î8. 9:9-X9)†97°9+è93:!H:2j:3:Ñ:*ð:0;L;Gj;5²;(è;F<3X<"Œ<¯<4Ë</= 0=!Q=*s=7ž=+Ö=%>.(>+W>ƒ>+¢>/Î>*þ>@)?1j?&œ?8Ã?Aü?2>@1q@5£@3Ù@0 A&>A/eA'•A5½AóA.B3BBvB“B2³B#æB/ C=:C)xC-¢CÐC/éCD-DFBDB‰DBÌDFE.VE3XVt5˜E>^|T€*„/!@FOBpze  Aƒ6“–\ …Qdœqv{’=¤f¦(Z•‡I:r+`kMU[›Cw¥<žhamJ4ŒRu ¢1‚)#N iD%o?&ІG§,ˆLH] sŽ; g-2"bPKW$Y£908}”™'_‘—.j¡~xl7n‰‹ycŸSš Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: %s %s: %s: %s %s: not a regular file%s: short writeConfigure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= numcontents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified rolecreate SELinux security context with specified typedisplay help message and exitdisplay version information and exitedit files instead of running a commandeffective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error in %s, line %d while loading plugin `%s'error in event looperror initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairfailed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsignoring duplicate I/O plugin `%s' in %s, line %dignoring duplicate policy plugin `%s' in %s, line %dignoring policy plugin `%s' in %s, line %din list mode, display privileges for userincompatible plugin major version %d (expected %d) found in %sinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalid max groups `%s' in %s, line %dinvalid valueinvalidate timestamp filelist user's privileges or check a specific command; use twice for longer formatload_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, no prompts are usedonly a single policy plugin may be specifiedplugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin %s is missing the `check_policy' methodpolicy plugin failed session initializationpreserve group vector instead of setting to target'spreserve user environment when running commandread password from standard inputremove timestamp file completelyrequires at least one argumentresource control limit has been reachedrun command (or edit file) as specified user name or IDrun command as the specified group name or IDrun command in the backgroundrun command on host (if supported by plugin)run command with the specified BSD login classrun login shell as the target user; a command may also be specifiedrun shell as the target user; a command may also be specifiedset HOME variable to target user's home dirsetproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line argumentssudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to add event to queueunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to find symbol `%s' in %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to load %s: %sunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set tty context to %sunable to set uid to %uunable to set user contextunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown policy type %d found in %sunknown uid %u: who are you?unsupported group source `%s' in %s, line %dupdate user's timestamp without running a commanduse a helper program for password promptinguse specified BSD authentication typeuse the specified password promptuser "%s" is not a member of project "%s"value too largevalue too smallwarning, resource control assignment failed for project "%s"you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo 1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-11 13:41-0700 PO-Revision-Date: 2013-12-26 18:18-0300 Last-Translator: Rafael Ferreira Language-Team: Brazilian Portuguese Language: pt_BR MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Generator: Poedit 1.5.4 Plural-Forms: nplurals=2; plural=(n > 1); opções: %s - edita arquivos como outro usuário %s - executa um comando como outro usuário %s mudou de rótulo%s é gravável pelo grupo%s não é um arquivo comum%s não é um contexto válido%s tem como dono o uid %u, deveria ser %u%s é gravável globalmente%s não foi modificado%s deve ser gravável apenas pelo dono%s deve ter como dono o uid %d%s deve ter como dono o uid %d e tem definido o bit setuid%s sem alteração%s%s: %s%s: %s%s: %s %s: %s: %s %s: não é um arquivo comum%s: escrita curtaOpções de configuração: %s Apenas uma das opções -e, -h, -i, -K, -l, -s, -v ou -V pode ser especificadaSudo versão %s Sinal desconhecidofecha todos os descritores, de arquivos, >= numconteúdo da sessão de edição deixado em %snão foi possível vincular ao pool de recursos padrão para o projeto "%s"não foi possível participar do projeto "%s"cria um contexto de segurança SELinux com o papel especificadocria um contexto de segurança SELinux com o tipo especificadoexibe uma mensagem de ajuda e saiexibe as informações de versão e saiedita arquivos em vez de executar um comandouid efetivo não é %d, é %s em um sistema de arquivos com a opção "nosuid" defina ou um sistema de arquivos NFS sem privilégios de root?uid efetivo não é %d, sudo está instalado em uma raiz com setuid?erro em %s, linha %d ao carregar plug-in "%s"erro em loop de eventoerro ao inicializar o plug-in de E/S %serro ao ler de redirecionamento (pipe)erro ao ler do sinal de redirecionamento (pipe)erro ao ler do par de soquetesfalha ao obter old_contextfalha ao definir novo papel %sfalha ao definir novo tipo %serro fatal, não foi possível carregar os plug-insignorando plug-in de E/S "%s" duplicado em %s, linha %dignorando plug-in de política duplicada "%s" em %s, linha %dignorando plug-in de política "%s" em %s, linha %dno modo lista, exibe os privilégios por usuárioversão maior %d do plug-in incompatível (esperava %d) localizada em %serro interno, estouro de pilha de %serro interno, tentou fazer ecalloc(0)erro interno, tentou fazer emalloc(0)erro interno, tentou fazer emalloc2(0)erro interno, tentou fazer erealloc(0)erro interno, tentou fazer erealloc3(0)erro interno, tentou fazer erecalloc(0)máximo de grupos inválido "%s" em %s, linha %dvalor inválidoinvalida arquivo de marca de tempolista os privilégios do usuário ou verifica um comando específico; use duas vezes para um formato maiorload_interfaces: estouro de pilha detectadonenhum programa de askpass especificado, tente definir SUDO_ASKPASSnenhuma pool de recursos aceitando vinculações padrões existe para o projeto "%s"nenhum tty presente e nenhum programa de askpass especificadomodo não interativo, não pergunta para o usuárioapenas um plug-in de política pode ser especificadoerro no plug-in: faltando lista de arquivo para sudoeditplug-in de política %s não inclui um método de check_policyplug-in de política %s não tem suporte a listagem de privilégiosplug-in de política %s não tem suporte às opções -k/-Kplug-in de política %s não tem suporte à opção -vplug-in de política %s é sem o método "check_policy"plug-in de política falhou ao inicializar da sessãopreserva vetor de grupos ao invés de definir para o do alvopreserva um ambiente de usuário ao executar um comandolê a senha da entrada padrãoremove arquivo de marca de tempo completamenterequer ao menos um argumentolimite de controle de recurso foi atingidoexecuta um comando (ou edita um arquivo) como o nome ou ID do usuário especificadoexecuta um comando como o ID ou nome de grupo especificadoexecuta um comando em plano de fundoexecuta o comando na máquina (se houver suporte pelo plug-in)executa um comando com uma classe de login especificadaexecuta um shell de login como usuário alvo; um comando também pode ser especificadoexecuta o shell como o usuário alvo; um comando também pode ser especificadodefine a variável HOME para a pasta pessoal do usuário alvosetproject falhou para o projeto "%s"pool de recursos especificados não existe para o projeto "%s"interrompe processamento de argumentos de linha de comandonão há suporte a sudoedit nesta plataformaas opções "-A" e "-S" não podem ser usadas ao mesmo tempoa opção "-E" não é válida no modo de ediçãoa opção "-U" pode ser usada apenas com a opção "-l"o argumento do -C deve ser um número maior ou igual a 3a tarefa de chamada é finalnão foi possível adicionar um evento à filanão foi possível alocar ptynão foi possível alterar diretório para %snão foi possível alterar a raiz para %snão foi possível alterar para uid de "runas" (%u, %u)não foi possível alterar uid de root (%u)não foi possível criar um redirecionamento (pipe)não foi possível criar soquetesnão foi possível determinar modo de aplicação.não foi possível realizar dup2 da entrada padrãonão foi possível executar %snão foi possível fazer fgetfilecon de %snão foi possível localizar símbolo "%s" em %snão foi possível fazer forknão foi possível obter contexto de tty atual, não re-rotulando o ttynão foi possível obter tipo padrão para o papel %snão foi possível obter vetor de gruposnão foi possível obter novo contexto de tty, não re-rotulando o ttynão foi possível inicializar plug-in de políticanão foi possível carregar %s: %snão foi possível abrir %snão foi possível abrir %s, não re-rotulando o ttynão foi possível abrir o sistema de auditorianão foi possível abrir soquetenão foi possível abrir o userdbnão foi possível ler arquivo temporárionão foi possível remover PRIV_PROC_EXEC de PRIV_LIMITnão foi possível restaurar contexto de %snão foi possível restaurar registronão foi possível restaurar a entrada padrãonão foi possível restaurar rótulo de ttynão foi possível executar %snão foi possível salvar a entrada padrãonão foi possível enviar mensagem de auditorianão foi possível definir tty de controlenão foi possível definir gid efetivo para executar como gid %unão foi possível definir contexto de exec de %snão foi possível definir gid para %unão foi possível definir gid para executar como gid %unão foi possível definir contexto de criação de chave para %snão foi possível definir um novo contexto de ttynão foi possível definir prioridade do processonão foi possível definir IDs de grupo suplementaresnão foi possível definir o terminal para modo rawnão foi possível definir contexto de tty de %snão foi possível definir uid para %unão foi possível definir contexto de usuárionão foi possível obter o estado de %snão foi possível alterar para registro "%s" para %snão foi possível gravar em %scondição inesperada de término de filho: %dtipo de resposta inesperada no canal de retorno: %dmodo de sudo inesperado 0x%xclasse de login desconhecida %stipo de política %d desconhecida localizada em %suid desconhecido %u: quem é você?fonte de grupo sem suporte "%s" em %s, linha %datualiza a marca de tempo do usuário sem executar um comandousa um programa auxiliar para pedir senhausa o tipo de autenticação BSD especificadousa a senha especificadausuário "%s" não é um membro do projeto "%s"valor grande demaisvalor pequeno demaisaviso, atribuição de controle de recursos falhou para o projeto "%s"você não pode especificar as opções "-i" e "-E" ao mesmo tempovocê não pode especificar as opções "-i" e "-s" ao mesmo tempovocê não pode especificar variáveis de ambiente no modo de ediçãovocê deve especificar um papel para o tipo %ssudo-1.8.9p5/src/po/pt_BR.po010064400175440000012000000572401226304126400151270ustar00millertstaff# Brazilian Portuguese translation of sudo. # This file is distributed under the same license as the sudo package. # Copyright (C) 2013 Free Software Foundation, Inc. # Rafael Ferreira , 2013. # msgid "" msgstr "" "Project-Id-Version: sudo 1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-11 13:41-0700\n" "PO-Revision-Date: 2013-12-26 18:18-0300\n" "Last-Translator: Rafael Ferreira \n" "Language-Team: Brazilian Portuguese \n" "Language: pt_BR\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Poedit 1.5.4\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" #: common/aix.c:93 common/aix.c:150 msgid "unable to open userdb" msgstr "não foi possível abrir o userdb" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "não foi possível alterar para registro \"%s\" para %s" #: common/aix.c:170 msgid "unable to restore registry" msgstr "não foi possível restaurar registro" #: common/alloc.c:81 msgid "internal error, tried to emalloc(0)" msgstr "erro interno, tentou fazer emalloc(0)" #: common/alloc.c:98 msgid "internal error, tried to emalloc2(0)" msgstr "erro interno, tentou fazer emalloc2(0)" #: common/alloc.c:100 common/alloc.c:122 common/alloc.c:162 common/alloc.c:185 #, c-format msgid "internal error, %s overflow" msgstr "erro interno, estouro de pilha de %s" #: common/alloc.c:119 msgid "internal error, tried to ecalloc(0)" msgstr "erro interno, tentou fazer ecalloc(0)" #: common/alloc.c:141 msgid "internal error, tried to erealloc(0)" msgstr "erro interno, tentou fazer erealloc(0)" #: common/alloc.c:160 msgid "internal error, tried to erealloc3(0)" msgstr "erro interno, tentou fazer erealloc3(0)" #: common/alloc.c:183 msgid "internal error, tried to erecalloc(0)" msgstr "erro interno, tentou fazer erecalloc(0)" #: common/atoid.c:78 common/atoid.c:106 common/atomode.c:54 #: compat/strtonum.c:65 compat/strtonum.c:183 msgid "invalid value" msgstr "valor inválido" #: common/atoid.c:85 common/atoid.c:113 common/atomode.c:60 #: compat/strtonum.c:68 compat/strtonum.c:195 msgid "value too large" msgstr "valor grande demais" #: common/atoid.c:91 common/atomode.c:60 compat/strtonum.c:68 #: compat/strtonum.c:189 msgid "value too small" msgstr "valor pequeno demais" #: common/fatal.c:158 #, c-format msgid "%s: %s: %s\n" msgstr "%s: %s: %s\n" #: common/fatal.c:161 common/fatal.c:165 #, c-format msgid "%s: %s\n" msgstr "%s: %s\n" #: common/gidlist.c:80 src/load_plugins.c:63 src/load_plugins.c:76 #: src/sudo.c:558 src/sudo.c:577 src/sudo.c:599 src/sudo.c:608 src/sudo.c:617 #: src/sudo.c:632 src/sudo.c:679 src/sudo.c:689 #, c-format msgid "%s: %s" msgstr "%s: %s" #: common/sudo_conf.c:177 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "fonte de grupo sem suporte \"%s\" em %s, linha %d" #: common/sudo_conf.c:191 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "máximo de grupos inválido \"%s\" em %s, linha %d" #: common/sudo_conf.c:391 #, c-format msgid "unable to stat %s" msgstr "não foi possível obter o estado de %s" #: common/sudo_conf.c:394 #, c-format msgid "%s is not a regular file" msgstr "%s não é um arquivo comum" #: common/sudo_conf.c:397 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s tem como dono o uid %u, deveria ser %u" #: common/sudo_conf.c:401 #, c-format msgid "%s is world writable" msgstr "%s é gravável globalmente" #: common/sudo_conf.c:404 #, c-format msgid "%s is group writable" msgstr "%s é gravável pelo grupo" #: common/sudo_conf.c:414 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "não foi possível abrir %s" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Sinal desconhecido" #: src/exec.c:133 src/exec_pty.c:744 msgid "policy plugin failed session initialization" msgstr "plug-in de política falhou ao inicializar da sessão" #: src/exec.c:138 src/exec_pty.c:760 src/exec_pty.c:1272 src/tgetpass.c:221 msgid "unable to fork" msgstr "não foi possível fazer fork" #: src/exec.c:309 src/exec.c:317 src/exec.c:841 src/exec_pty.c:507 #: src/exec_pty.c:512 src/exec_pty.c:570 src/exec_pty.c:577 src/exec_pty.c:870 #: src/exec_pty.c:880 src/exec_pty.c:925 src/exec_pty.c:932 #: src/exec_pty.c:1334 src/exec_pty.c:1341 src/exec_pty.c:1348 msgid "unable to add event to queue" msgstr "não foi possível adicionar um evento à fila" #: src/exec.c:394 msgid "unable to create sockets" msgstr "não foi possível criar soquetes" #: src/exec.c:477 msgid "error in event loop" msgstr "erro em loop de evento" #: src/exec.c:492 msgid "unable to restore tty label" msgstr "não foi possível restaurar rótulo de tty" #: src/exec_common.c:73 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "não foi possível remover PRIV_PROC_EXEC de PRIV_LIMIT" #: src/exec_pty.c:184 msgid "unable to allocate pty" msgstr "não foi possível alocar pty" #: src/exec_pty.c:682 src/exec_pty.c:691 src/exec_pty.c:699 #: src/exec_pty.c:1192 src/exec_pty.c:1269 src/signal.c:126 src/tgetpass.c:218 msgid "unable to create pipe" msgstr "não foi possível criar um redirecionamento (pipe)" #: src/exec_pty.c:735 msgid "unable to set terminal to raw mode" msgstr "não foi possível definir o terminal para modo raw" #: src/exec_pty.c:1091 msgid "error reading from signal pipe" msgstr "erro ao ler do sinal de redirecionamento (pipe)" #: src/exec_pty.c:1124 msgid "error reading from pipe" msgstr "erro ao ler de redirecionamento (pipe)" #: src/exec_pty.c:1149 msgid "error reading from socketpair" msgstr "erro ao ler do par de soquetes" #: src/exec_pty.c:1158 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "tipo de resposta inesperada no canal de retorno: %d" #: src/exec_pty.c:1248 msgid "unable to set controlling tty" msgstr "não foi possível definir tty de controle" #: src/load_plugins.c:61 src/load_plugins.c:74 src/load_plugins.c:91 #: src/load_plugins.c:144 src/load_plugins.c:150 src/load_plugins.c:156 #: src/load_plugins.c:197 src/load_plugins.c:204 src/load_plugins.c:211 #: src/load_plugins.c:217 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "erro em %s, linha %d ao carregar plug-in \"%s\"" #: src/load_plugins.c:93 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:152 #, c-format msgid "%s must be owned by uid %d" msgstr "%s deve ter como dono o uid %d" #: src/load_plugins.c:158 #, c-format msgid "%s must be only be writable by owner" msgstr "%s deve ser gravável apenas pelo dono" #: src/load_plugins.c:199 #, c-format msgid "unable to load %s: %s" msgstr "não foi possível carregar %s: %s" #: src/load_plugins.c:206 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "não foi possível localizar símbolo \"%s\" em %s" #: src/load_plugins.c:213 #, c-format msgid "unknown policy type %d found in %s" msgstr "tipo de política %d desconhecida localizada em %s" #: src/load_plugins.c:219 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "versão maior %d do plug-in incompatível (esperava %d) localizada em %s" #: src/load_plugins.c:228 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "ignorando plug-in de política \"%s\" em %s, linha %d" #: src/load_plugins.c:230 msgid "only a single policy plugin may be specified" msgstr "apenas um plug-in de política pode ser especificado" #: src/load_plugins.c:233 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "ignorando plug-in de política duplicada \"%s\" em %s, linha %d" #: src/load_plugins.c:248 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "ignorando plug-in de E/S \"%s\" duplicado em %s, linha %d" #: src/load_plugins.c:319 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "plug-in de política %s não inclui um método de check_policy" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 msgid "load_interfaces: overflow detected" msgstr "load_interfaces: estouro de pilha detectado" #: src/net_ifs.c:226 msgid "unable to open socket" msgstr "não foi possível abrir soquete" #: src/parse_args.c:246 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "o argumento do -C deve ser um número maior ou igual a 3" #: src/parse_args.c:408 msgid "you may not specify both the `-i' and `-s' options" msgstr "você não pode especificar as opções \"-i\" e \"-s\" ao mesmo tempo" #: src/parse_args.c:412 msgid "you may not specify both the `-i' and `-E' options" msgstr "você não pode especificar as opções \"-i\" e \"-E\" ao mesmo tempo" #: src/parse_args.c:422 msgid "the `-E' option is not valid in edit mode" msgstr "a opção \"-E\" não é válida no modo de edição" #: src/parse_args.c:424 msgid "you may not specify environment variables in edit mode" msgstr "você não pode especificar variáveis de ambiente no modo de edição" #: src/parse_args.c:432 msgid "the `-U' option may only be used with the `-l' option" msgstr "a opção \"-U\" pode ser usada apenas com a opção \"-l\"" #: src/parse_args.c:436 msgid "the `-A' and `-S' options may not be used together" msgstr "as opções \"-A\" e \"-S\" não podem ser usadas ao mesmo tempo" #: src/parse_args.c:519 msgid "sudoedit is not supported on this platform" msgstr "não há suporte a sudoedit nesta plataforma" #: src/parse_args.c:592 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Apenas uma das opções -e, -h, -i, -K, -l, -s, -v ou -V pode ser especificada" #: src/parse_args.c:606 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s - edita arquivos como outro usuário\n" "\n" #: src/parse_args.c:608 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s - executa um comando como outro usuário\n" "\n" # Deixei minúsculo para seguir o padrão das demais linhas do "sudo -h" #: src/parse_args.c:613 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "opções:\n" #: src/parse_args.c:615 msgid "use a helper program for password prompting" msgstr "usa um programa auxiliar para pedir senha" #: src/parse_args.c:618 msgid "use specified BSD authentication type" msgstr "usa o tipo de autenticação BSD especificado" #: src/parse_args.c:621 msgid "run command in the background" msgstr "executa um comando em plano de fundo" #: src/parse_args.c:623 msgid "close all file descriptors >= num" msgstr "fecha todos os descritores, de arquivos, >= num" #: src/parse_args.c:626 msgid "run command with the specified BSD login class" msgstr "executa um comando com uma classe de login especificada" #: src/parse_args.c:629 msgid "preserve user environment when running command" msgstr "preserva um ambiente de usuário ao executar um comando" #: src/parse_args.c:631 msgid "edit files instead of running a command" msgstr "edita arquivos em vez de executar um comando" #: src/parse_args.c:633 msgid "run command as the specified group name or ID" msgstr "executa um comando como o ID ou nome de grupo especificado" #: src/parse_args.c:635 msgid "set HOME variable to target user's home dir" msgstr "define a variável HOME para a pasta pessoal do usuário alvo" #: src/parse_args.c:637 msgid "display help message and exit" msgstr "exibe uma mensagem de ajuda e sai" #: src/parse_args.c:639 msgid "run command on host (if supported by plugin)" msgstr "executa o comando na máquina (se houver suporte pelo plug-in)" #: src/parse_args.c:641 msgid "run login shell as the target user; a command may also be specified" msgstr "executa um shell de login como usuário alvo; um comando também pode ser especificado" #: src/parse_args.c:643 msgid "remove timestamp file completely" msgstr "remove arquivo de marca de tempo completamente" #: src/parse_args.c:645 msgid "invalidate timestamp file" msgstr "invalida arquivo de marca de tempo" #: src/parse_args.c:647 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "lista os privilégios do usuário ou verifica um comando específico; use duas vezes para um formato maior" #: src/parse_args.c:649 msgid "non-interactive mode, no prompts are used" msgstr "modo não interativo, não pergunta para o usuário" #: src/parse_args.c:651 msgid "preserve group vector instead of setting to target's" msgstr "preserva vetor de grupos ao invés de definir para o do alvo" #: src/parse_args.c:653 msgid "use the specified password prompt" msgstr "usa a senha especificada" #: src/parse_args.c:656 msgid "create SELinux security context with specified role" msgstr "cria um contexto de segurança SELinux com o papel especificado" #: src/parse_args.c:659 msgid "read password from standard input" msgstr "lê a senha da entrada padrão" #: src/parse_args.c:661 msgid "run shell as the target user; a command may also be specified" msgstr "executa o shell como o usuário alvo; um comando também pode ser especificado" #: src/parse_args.c:664 msgid "create SELinux security context with specified type" msgstr "cria um contexto de segurança SELinux com o tipo especificado" #: src/parse_args.c:667 msgid "in list mode, display privileges for user" msgstr "no modo lista, exibe os privilégios por usuário" #: src/parse_args.c:669 msgid "run command (or edit file) as specified user name or ID" msgstr "executa um comando (ou edita um arquivo) como o nome ou ID do usuário especificado" #: src/parse_args.c:671 msgid "display version information and exit" msgstr "exibe as informações de versão e sai" #: src/parse_args.c:673 msgid "update user's timestamp without running a command" msgstr "atualiza a marca de tempo do usuário sem executar um comando" #: src/parse_args.c:675 msgid "stop processing command line arguments" msgstr "interrompe processamento de argumentos de linha de comando" #: src/selinux.c:77 msgid "unable to open audit system" msgstr "não foi possível abrir o sistema de auditoria" #: src/selinux.c:85 msgid "unable to send audit message" msgstr "não foi possível enviar mensagem de auditoria" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "não foi possível fazer fgetfilecon de %s" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s mudou de rótulo" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "não foi possível restaurar contexto de %s" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "não foi possível abrir %s, não re-rotulando o tty" #: src/selinux.c:172 msgid "unable to get current tty context, not relabeling tty" msgstr "não foi possível obter contexto de tty atual, não re-rotulando o tty" #: src/selinux.c:179 msgid "unable to get new tty context, not relabeling tty" msgstr "não foi possível obter novo contexto de tty, não re-rotulando o tty" #: src/selinux.c:186 msgid "unable to set new tty context" msgstr "não foi possível definir um novo contexto de tty" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "você deve especificar um papel para o tipo %s" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "não foi possível obter tipo padrão para o papel %s" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "falha ao definir novo papel %s" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "falha ao definir novo tipo %s" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s não é um contexto válido" #: src/selinux.c:324 msgid "failed to get old_context" msgstr "falha ao obter old_context" #: src/selinux.c:330 msgid "unable to determine enforcing mode." msgstr "não foi possível determinar modo de aplicação." #: src/selinux.c:342 #, c-format msgid "unable to set tty context to %s" msgstr "não foi possível definir contexto de tty de %s" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "não foi possível definir contexto de exec de %s" #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "não foi possível definir contexto de criação de chave para %s" #: src/sesh.c:57 msgid "requires at least one argument" msgstr "requer ao menos um argumento" #: src/sesh.c:78 src/sudo.c:1088 #, c-format msgid "unable to execute %s" msgstr "não foi possível executar %s" #: src/solaris.c:88 msgid "resource control limit has been reached" msgstr "limite de controle de recurso foi atingido" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "usuário \"%s\" não é um membro do projeto \"%s\"" #: src/solaris.c:95 msgid "the invoking task is final" msgstr "a tarefa de chamada é final" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "não foi possível participar do projeto \"%s\"" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "nenhuma pool de recursos aceitando vinculações padrões existe para o projeto \"%s\"" #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "pool de recursos especificados não existe para o projeto \"%s\"" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "não foi possível vincular ao pool de recursos padrão para o projeto \"%s\"" #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "setproject falhou para o projeto \"%s\"" #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "aviso, atribuição de controle de recursos falhou para o projeto \"%s\"" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo versão %s\n" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Opções de configuração: %s\n" #: src/sudo.c:203 msgid "fatal error, unable to load plugins" msgstr "erro fatal, não foi possível carregar os plug-ins" #: src/sudo.c:211 msgid "unable to initialize policy plugin" msgstr "não foi possível inicializar plug-in de política" #: src/sudo.c:267 #, c-format msgid "error initializing I/O plugin %s" msgstr "erro ao inicializar o plug-in de E/S %s" #: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "modo de sudo inesperado 0x%x" #: src/sudo.c:413 msgid "unable to get group vector" msgstr "não foi possível obter vetor de grupos" #: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "uid desconhecido %u: quem é você?" #: src/sudo.c:762 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s deve ter como dono o uid %d e tem definido o bit setuid" #: src/sudo.c:765 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "uid efetivo não é %d, é %s em um sistema de arquivos com a opção \"nosuid\" defina ou um sistema de arquivos NFS sem privilégios de root?" #: src/sudo.c:771 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "uid efetivo não é %d, sudo está instalado em uma raiz com setuid?" #: src/sudo.c:897 #, c-format msgid "unknown login class %s" msgstr "classe de login desconhecida %s" #: src/sudo.c:910 msgid "unable to set user context" msgstr "não foi possível definir contexto de usuário" #: src/sudo.c:924 msgid "unable to set supplementary group IDs" msgstr "não foi possível definir IDs de grupo suplementares" #: src/sudo.c:931 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "não foi possível definir gid efetivo para executar como gid %u" #: src/sudo.c:937 #, c-format msgid "unable to set gid to runas gid %u" msgstr "não foi possível definir gid para executar como gid %u" #: src/sudo.c:944 msgid "unable to set process priority" msgstr "não foi possível definir prioridade do processo" #: src/sudo.c:952 #, c-format msgid "unable to change root to %s" msgstr "não foi possível alterar a raiz para %s" #: src/sudo.c:965 src/sudo.c:971 src/sudo.c:977 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "não foi possível alterar para uid de \"runas\" (%u, %u)" #: src/sudo.c:994 #, c-format msgid "unable to change directory to %s" msgstr "não foi possível alterar diretório para %s" #: src/sudo.c:1051 #, c-format msgid "unexpected child termination condition: %d" msgstr "condição inesperada de término de filho: %d" #: src/sudo.c:1108 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "plug-in de política %s é sem o método \"check_policy\"" #: src/sudo.c:1121 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "plug-in de política %s não tem suporte a listagem de privilégios" #: src/sudo.c:1133 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "plug-in de política %s não tem suporte à opção -v" #: src/sudo.c:1145 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "plug-in de política %s não tem suporte às opções -k/-K" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "não foi possível alterar uid de root (%u)" #: src/sudo_edit.c:142 msgid "plugin error: missing file list for sudoedit" msgstr "erro no plug-in: faltando lista de arquivo para sudoedit" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: não é um arquivo comum" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: escrita curta" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s não foi modificado" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s sem alteração" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "não foi possível gravar em %s" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "conteúdo da sessão de edição deixado em %s" #: src/sudo_edit.c:314 msgid "unable to read temporary file" msgstr "não foi possível ler arquivo temporário" #: src/tgetpass.c:90 msgid "no tty present and no askpass program specified" msgstr "nenhum tty presente e nenhum programa de askpass especificado" #: src/tgetpass.c:99 msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "nenhum programa de askpass especificado, tente definir SUDO_ASKPASS" #: src/tgetpass.c:232 #, c-format msgid "unable to set gid to %u" msgstr "não foi possível definir gid para %u" #: src/tgetpass.c:236 #, c-format msgid "unable to set uid to %u" msgstr "não foi possível definir uid para %u" #: src/tgetpass.c:241 #, c-format msgid "unable to run %s" msgstr "não foi possível executar %s" #: src/utmp.c:278 msgid "unable to save stdin" msgstr "não foi possível salvar a entrada padrão" #: src/utmp.c:280 msgid "unable to dup2 stdin" msgstr "não foi possível realizar dup2 da entrada padrão" #: src/utmp.c:283 msgid "unable to restore stdin" msgstr "não foi possível restaurar a entrada padrão" #~ msgid "value out of range" #~ msgstr "valor fora de faixa" #~ msgid "select failed" #~ msgstr "seleção falhou" #~ msgid "unknown user: %s" #~ msgstr "usuário desconhecido: %s" #~ msgid "list user's available commands\n" #~ msgstr "lista comandos disponíveis do usuário\n" #~ msgid "run a shell as target user\n" #~ msgstr "executa um shell como usuário alvo\n" #~ msgid "when listing, list specified user's privileges\n" #~ msgstr "ao listar, lista os privilégios do usuário especificado\n" sudo-1.8.9p5/src/po/ru.mo010064400175440000012000000550331226304146200145420ustar00millertstaffÞ•§Tߌ  !(6_q†Ÿ#¹Ýò$*6E |‰’™ ¡­ÄÔIë5F!U#w8›Ô3ð3$X$v'›{Ã7?.w¦ ºÛó0Jd#~1¢4Ô* )4>^#¹#Ý$$&%K%q&— ¾ÌOæ"66YC/Ô),.,[7ˆ4À3õ/)5Y+4».ð! Ab'7©-á,-.ZC‰=Í+ "77Z&’*¹2ä)5A>w¶Ñî &&B!i‹¡#ºÞó !B5Q&‡®1É"û4%Flˆž´/Ò  # > V r ƒ ˜ µ +Ó ÿ  !!8!(Z!ƒ!¡!%À!"æ! ")"A"\"(n"—"*­"(Ø"##"2#U#,r#1Ÿ#+Ñ#%ý#!#$)E$o$$<$2Ì$2ÿ$62%#i%ë%y'j'bú'](D}(4Â(B÷(‰:)@Ä)(*[.*KŠ*gÖ*>+W+`+g+ o+ {+!œ+*¾+^é+H,#^,@‚,WÃ,w-I“-aÝ-^?.-ž.?Ì.V /c/’v0P 1/Z1OŠ1+Ú1B26I20€2?±2=ñ2T/3n„3gó3T[4U°4u5>|5O»5O 6P[6P¬6Qý6RO7r¢7)8D?8Á„8>F9r…9‘ø9<Š:bÇ:R*;[};NÙ;T(<W}<RÕ<R(=[{=h×=q@>B²>4õ>>*?Ei?–¯?[F@@¢@fã@gJA±²A”dBƒùBP}CNÎC\DKzDYÆD\ Eg}EnåE8TFEF(ÓF9üF16G<hG7¥G-ÝG/ HP;HVŒH)ãH5 I8CIB|IŠ¿IVJJ>¡JyàJRZK-­K%ÛKeL>gL-¦L)ÔL@þLA?MGM9ÉMLNJPN)›NFÅNF OCSOS—O[ëO;GP<ƒPrÀPH3QJ|QkÇQT3R?ˆR;ÈRPS9USQS*áSM TQZT,¬T/ÙTD U+NUbzUrÝUiPV^ºVEWX_W,¸W(åW¡XY°XY YvdY?ÛY3XVt5˜E>^|T€*„/!@FOBpze  Aƒ6“–\ …Qdœqv{’=¤f¦(Z•‡I:r+`kMU[›Cw¥<žhamJ4ŒRu ¢1‚)#N iD%o?&ІG§,ˆLH] sŽ; g-2"bPKW$Y£908}”™'_‘—.j¡~xl7n‰‹ycŸSš Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: %s %s: %s: %s %s: not a regular file%s: short writeConfigure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= numcontents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified rolecreate SELinux security context with specified typedisplay help message and exitdisplay version information and exitedit files instead of running a commandeffective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error in %s, line %d while loading plugin `%s'error in event looperror initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairfailed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsignoring duplicate I/O plugin `%s' in %s, line %dignoring duplicate policy plugin `%s' in %s, line %dignoring policy plugin `%s' in %s, line %din list mode, display privileges for userincompatible plugin major version %d (expected %d) found in %sinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalid max groups `%s' in %s, line %dinvalid valueinvalidate timestamp filelist user's privileges or check a specific command; use twice for longer formatload_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, no prompts are usedonly a single policy plugin may be specifiedplugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin %s is missing the `check_policy' methodpolicy plugin failed session initializationpreserve group vector instead of setting to target'spreserve user environment when running commandread password from standard inputremove timestamp file completelyrequires at least one argumentresource control limit has been reachedrun command (or edit file) as specified user name or IDrun command as the specified group name or IDrun command in the backgroundrun command on host (if supported by plugin)run command with the specified BSD login classrun login shell as the target user; a command may also be specifiedrun shell as the target user; a command may also be specifiedset HOME variable to target user's home dirsetproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line argumentssudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to add event to queueunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to find symbol `%s' in %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to load %s: %sunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set tty context to %sunable to set uid to %uunable to set user contextunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown policy type %d found in %sunknown uid %u: who are you?unsupported group source `%s' in %s, line %dupdate user's timestamp without running a commanduse a helper program for password promptinguse specified BSD authentication typeuse the specified password promptuser "%s" is not a member of project "%s"value too largevalue too smallwarning, resource control assignment failed for project "%s"you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo 1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-11 13:41-0700 PO-Revision-Date: 2013-12-29 12:59+0400 Last-Translator: Yuri Kozlov Language-Team: Russian Language: ru MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Generator: Lokalize 1.4 Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2); Параметры: %s — редактирование файлов от имени другого Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ %s — выполнение команд от имени другого Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¾ меток: %sдоÑтуп на запиÑÑŒ в %s разрешена группе%s не ÑвлÑетÑÑ Ð¾Ð±Ñ‹Ñ‡Ð½Ñ‹Ð¼ файлом%s не ÑвлÑетÑÑ Ð´Ð¾Ð¿ÑƒÑтимым контекÑтом%s принадлежит пользователю Ñ uid %u, а должен принадлежать пользователю Ñ uid %uдоÑтуп на запиÑÑŒ в %s разрешена вÑем%s оÑталоÑÑŒ неизменным%s должен быть доÑтупен на запиÑÑŒ только владельцу%s должен принадлежать пользователю Ñ uid %d%s должен принадлежать пользователю Ñ uid %d и иметь бит setuid%s не изменено%s%s: %s%s: %s%s: %s %s: %s: %s %s: не обычный файл%s: Ð½ÐµÐ¿Ð¾Ð»Ð½Ð°Ñ Ð·Ð°Ð¿Ð¸ÑьПараметры наÑтройки: %s Можно указать только параметры -e, -h, -i, -K, -l, -s, -v или -VSudo верÑÐ¸Ñ %s ÐеизвеÑтный Ñигналзакрыть вÑе деÑкрипторы файлов >= numÑодержимое ÑеанÑа Ñ€ÐµÐ´Ð°ÐºÑ‚Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ñохранено в %sне удаётÑÑ Ð¿Ð¾Ð´ÐºÐ»ÑŽÑ‡Ð¸Ñ‚ÑŒÑÑ Ðº пулу реÑурÑов по умолчанию проекта «%s»не удалоÑÑŒ приÑоединитьÑÑ Ðº проекту «%s»Ñоздать контекÑÑ‚ безопаÑноÑти SELinux Ñ ÑƒÐºÐ°Ð·Ð°Ð½Ð½Ð¾Ð¹ рольюÑоздать контекÑÑ‚ безопаÑноÑти SELinux указанного типапоказать Ñправку и выйтипоказать ÑÐ²ÐµÐ´ÐµÐ½Ð¸Ñ Ð¾ верÑии и выйтиредактировать файлы вмеÑто Ð²Ñ‹Ð¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ‹Ñффективный uid не равен %d, возможно, %s находитÑÑ Ð² файловой ÑиÑтеме, Ñмонтированной Ñ Ð±Ð¸Ñ‚Ð¾Ð¼ «nosuid» или в файловой ÑиÑтеме NFS без прав ÑуперпользователÑ?Ñффективный uid не равен %d, программа sudo уÑтановлена Ñ Ð±Ð¸Ñ‚Ð¾Ð¼ setuid и принадлежит root?ошибка в %s, Ñтрока %d, при загрузке Ð¼Ð¾Ð´ÑƒÐ»Ñ Â«%s»ошибка в Ñобытийном циклеошибка инициализации Ð¼Ð¾Ð´ÑƒÐ»Ñ Ð²Ð²Ð¾Ð´Ð°-вывода %sошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð¸Ð· каналаошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð¸Ð· Ñигнального каналаошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð¸Ð· пары Ñокетовне удалоÑÑŒ получить old_contextне удалоÑÑŒ уÑтановить новую роль %sне удалоÑÑŒ уÑтановить новый тип %sÑ„Ð°Ñ‚Ð°Ð»ÑŒÐ½Ð°Ñ Ð¾ÑˆÐ¸Ð±ÐºÐ°, не удалоÑÑŒ загрузить модулиигнорируетÑÑ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ñ‹Ð¹ модуль ввода-вывода «%s» в %s, Ñтрока %dигнорируетÑÑ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ñ‹Ð¹ модуль политики «%s» в %s, Ñтрока %dигнорируетÑÑ Ð¼Ð¾Ð´ÑƒÐ»ÑŒ политики «%s» в %s, Ñтрока %dв режиме ÑпиÑка показывать права пользователÑнайдена неÑовмеÑÑ‚Ð¸Ð¼Ð°Ñ Ð¾ÑÐ½Ð¾Ð²Ð½Ð°Ñ Ð²ÐµÑ€ÑÐ¸Ñ Ð¼Ð¾Ð´ÑƒÐ»Ñ %d (ожидалаÑÑŒ %d) в %sвнутреннÑÑ Ð¾ÑˆÐ¸Ð±ÐºÐ°, переполнение %sвнутреннÑÑ Ð¾ÑˆÐ¸Ð±ÐºÐ°, попытка выполнить ecalloc(0)внутреннÑÑ Ð¾ÑˆÐ¸Ð±ÐºÐ°, попытка выполнить emalloc(0)внутреннÑÑ Ð¾ÑˆÐ¸Ð±ÐºÐ°, попытка выполнить emalloc2(0)внутреннÑÑ Ð¾ÑˆÐ¸Ð±ÐºÐ°, попытка выполнить erealloc(0)внутреннÑÑ Ð¾ÑˆÐ¸Ð±ÐºÐ°, попытка выполнить erealloc3(0)внутреннÑÑ Ð¾ÑˆÐ¸Ð±ÐºÐ°, попытка выполнить ereÑalloc(0)некорректное макÑимальное значение Ð´Ð»Ñ Ð³Ñ€ÑƒÐ¿Ð¿ «%s» в %s, Ñтрока %dнедопуÑтимое значениеобъÑвить недейÑтвительным файл timestampпоказать ÑпиÑок прав Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð¸Ð»Ð¸ проверить заданную команду; в длинном формате иÑпользуетÑÑ Ð´Ð²Ð°Ð¶Ð´Ñ‹load_interfaces: обнаружено переполнениене указана программа askpass, попробуйте задать значение в SUDO_ASKPASSÐ´Ð»Ñ Ð¿Ñ€Ð¾ÐµÐºÑ‚Ð° «%s» не ÑущеÑтвует пула реÑурÑов, принимающих привÑзки по умолчаниюнет tty и не указана программа askpassавтономный режим без не вывода запроÑов пользователюможет быть задан только один модуль политикиошибка модулÑ: отÑутÑтвует ÑпиÑок файлов Ð´Ð»Ñ sudoeditмодуль политики %s не Ñодержит метод check_policyмодуль политики %s не поддерживает ÑпиÑка правмодуль политики %s не поддерживает параметры -k/-Kмодуль политики %s не поддерживает параметр -vмодуль политики %s не Ñодержит метод «check_policy»модулю политик не удалоÑÑŒ инициализировать ÑеанÑÑохранить вектор группы вмеÑто уÑтановки целевой группыÑохранить пользовательÑкое окружение при выполнении командычитать пароль из Ñтандартного вводаполноÑтью удалить файл timestampукажите не менее одного аргументадоÑтигнут лимит ÑƒÐ¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ñ€ÐµÑурÑамивыполнить команду (или редактировать файл) от имени или ID указанного пользователÑвыполнить команду от имени или ID указанной группывыполнить команду в фоновом режимевыполнить команду на узле (еÑли поддерживаетÑÑ Ð¼Ð¾Ð´ÑƒÐ»ÐµÐ¼)выполнить команду Ñ ÑƒÐºÐ°Ð·Ð°Ð½Ð½Ñ‹Ð¼ клаÑÑом входа BSD в ÑиÑтемузапуÑтить оболочку входа в ÑиÑтему от имени указанного пользователÑ; также можно задать командузапуÑтить оболочку от имени указанного пользователÑ; также можно задать командууÑтановить Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ¼ÐµÐ½Ð½Ð¾Ð¹ HOME домашний каталог указанного пользователÑsetproject завершилаÑÑŒ Ñ Ð¾ÑˆÐ¸Ð±ÐºÐ¾Ð¹ Ð´Ð»Ñ Ð¿Ñ€Ð¾ÐµÐºÑ‚Ð° «%s»у проекта «%s» нет указанного пула реÑурÑовпрекратить обработку аргументов командной Ñтрокиsudoedit не поддерживаетÑÑ Ð½Ð° Ñтой платформепараметры «-A» и «-S» ÑвлÑÑŽÑ‚ÑÑ Ð²Ð·Ð°Ð¸Ð¼Ð¾Ð¸Ñключающимипараметр «-E» не дейÑтвует в режиме редактированиÑпараметр «-U» можно иÑпользовать только Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð¾Ð¼ «-l»аргумент Ð´Ð»Ñ -C должен быть чиÑлом, которое больше или равно 3вызывающе задание — поÑледнеене удаётÑÑ Ð´Ð¾Ð±Ð°Ð²Ð¸Ñ‚ÑŒ Ñобытие в очередьне удаётÑÑ Ð²Ñ‹Ð´ÐµÐ»Ð¸Ñ‚ÑŒ ptyне удаётÑÑ Ñменить каталог на %sне удаётÑÑ Ð¸Ð·Ð¼ÐµÐ½Ð¸Ñ‚ÑŒ root на %sне удаётÑÑ Ð¸Ð·Ð¼ÐµÐ½Ð¸Ñ‚ÑŒ на runas uid (%u, %u)Ðе удалоÑÑŒ изменить uid на root (%u)не удаётÑÑ Ñоздать каналне удаётÑÑ Ñоздать Ñокетыне удаётÑÑ Ð¾Ð¿Ñ€ÐµÐ´ÐµÐ»Ð¸Ñ‚ÑŒ принудительный режимне удаётÑÑ Ð²Ñ‹Ð¿Ð¾Ð»Ð½Ð¸Ñ‚ÑŒ dup2 Ð´Ð»Ñ Ñтандартного вводане удаётÑÑ Ð²Ñ‹Ð¿Ð¾Ð»Ð½Ð¸Ñ‚ÑŒ %sне удаётÑÑ Ð²Ñ‹Ð¿Ð¾Ð»Ð½Ð¸Ñ‚ÑŒ fgetfilecon %sне удаётÑÑ Ð½Ð°Ð¹Ñ‚Ð¸ Ñимвол «%s» в %sне удаётÑÑ Ñоздать дочерний процеÑÑне удаётÑÑ Ð¿Ð¾Ð»ÑƒÑ‡Ð¸Ñ‚ÑŒ контекÑÑ‚ текущего tty, tty без возможноÑти переименованиÑне удаётÑÑ Ð¿Ð¾Ð»ÑƒÑ‡Ð¸Ñ‚ÑŒ тип по умолчанию Ð´Ð»Ñ Ñ€Ð¾Ð»Ð¸ %sне удаётÑÑ Ð¿Ð¾Ð»ÑƒÑ‡Ð¸Ñ‚ÑŒ вектор группыне удаётÑÑ Ð¿Ð¾Ð»ÑƒÑ‡Ð¸Ñ‚ÑŒ контекÑÑ‚ tty, tty без возможноÑти переименованиÑне удаётÑÑ Ð¸Ð½Ð¸Ñ†Ð¸Ð°Ð»Ð¸Ð·Ð¸Ñ€Ð¾Ð²Ð°Ñ‚ÑŒ модуль политикине удаётÑÑ Ð·Ð°Ð³Ñ€ÑƒÐ·Ð¸Ñ‚ÑŒ %s: %sне удаётÑÑ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚ÑŒ %sне удаётÑÑ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚ÑŒ %s, tty без возможноÑти переименованиÑне удаётÑÑ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚ÑŒ ÑиÑтему аудитане удаётÑÑ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚ÑŒ Ñокетне удаётÑÑ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚ÑŒ userdbне удаётÑÑ Ð¿Ñ€Ð¾Ñ‡ÐµÑть временный файлне удаётÑÑ ÑƒÐ´Ð°Ð»Ð¸Ñ‚ÑŒ PRIV_PROC_EXEC из PRIV_LIMITне удаётÑÑ Ð²Ð¾ÑÑтановить контекÑÑ‚ Ð´Ð»Ñ %sне удаётÑÑ Ð²Ð¾ÑÑтановить рееÑтрне удаётÑÑ Ð²Ð¾ÑÑтановить Ñтандартный вводне удаётÑÑ Ñоздать воÑÑтановить метку ttyне удаётÑÑ Ð²Ñ‹Ð¿Ð¾Ð»Ð½Ð¸Ñ‚ÑŒ %sне удаётÑÑ Ñохранить Ñтандартный вводне удаётÑÑ Ð¾Ñ‚Ð¿Ñ€Ð°Ð²Ð¸Ñ‚ÑŒ Ñообщение аудитане удаётÑÑ ÑƒÑтановить управлÑющий ttyне удаётÑÑ Ð½Ð°Ð·Ð½Ð°Ñ‡Ð¸Ñ‚ÑŒ Ñффективный gid на runas gid %uне удаётÑÑ ÑƒÑтановить Ð´Ð»Ñ ÐºÐ¾Ð½Ñ‚ÐµÐºÑта exec значение %sне удаётÑÑ Ð½Ð°Ð·Ð½Ð°Ñ‡Ð¸Ñ‚ÑŒ gid равным %uне удаётÑÑ Ð½Ð°Ð·Ð½Ð°Ñ‡Ð¸Ñ‚ÑŒ gid на runas gid %uне удаётÑÑ ÑƒÑтановить Ð´Ð»Ñ ÐºÐ¾Ð½Ñ‚ÐµÐºÑта ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ ÐºÐ»ÑŽÑ‡Ð° значение %sне удаётÑÑ ÑƒÑтановить новый контекÑÑ‚ ttyне удаётÑÑ Ð½Ð°Ð·Ð½Ð°Ñ‡Ð¸Ñ‚ÑŒ приоритет процеÑÑане удаётÑÑ Ð½Ð°Ð·Ð½Ð°Ñ‡Ð¸Ñ‚ÑŒ дополнительные идентификаторы группне удаётÑÑ Ð¿ÐµÑ€ÐµÐ²ÐµÑти терминал в «Ñырой» режимне удаётÑÑ Ð·Ð°Ð´Ð°Ñ‚ÑŒ контекÑÑ‚ tty Ð´Ð»Ñ %sне удаётÑÑ Ð½Ð°Ð·Ð½Ð°Ñ‡Ð¸Ñ‚ÑŒ uid равным %uне удаётÑÑ Ð½Ð°Ð·Ð½Ð°Ñ‡Ð¸Ñ‚ÑŒ контекÑÑ‚ пользователÑне удалоÑÑŒ выполнить вызов stat %sне удаётÑÑ Ð¿ÐµÑ€ÐµÐºÐ»ÑŽÑ‡Ð¸Ñ‚ÑŒÑÑ Ð½Ð° рееÑтр «%s» Ð´Ð»Ñ %sне удаётÑÑ Ð·Ð°Ð¿Ð¸Ñать в %sнеожиданное уÑловие Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð¸Ñ Ð¿Ð¾Ñ‚Ð¾Ð¼ÐºÐ°: %dнеожиданный тип ответа в резервном канале: %dнеожиданный режим sudo: 0x%xнеизвеÑтный клаÑÑ Ð²Ñ…Ð¾Ð´Ð° %sнайден неизвеÑтный тип политики %d в %sнеизвеÑтный uid %u: кто вы?неподдерживаемый групповой иÑточник «%s» в %s, Ñтрока %dобновить временную метку Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð±ÐµÐ· Ð²Ñ‹Ð¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ‹Ð¸Ñпользовать вÑпомогательную программу Ð´Ð»Ñ Ð²Ð²Ð¾Ð´Ð° паролÑиÑпользовать указанный тип проверки подлинноÑти BSDиÑпользовать указанный Ð·Ð°Ð¿Ñ€Ð¾Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñпользователь «%s» не ÑвлÑетÑÑ Ñ‡Ð»ÐµÐ½Ð¾Ð¼ проекта «%s»значение Ñлишком великозначение Ñлишком малопредупреждение: назначение ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð·Ð° реÑурÑами завершилоÑÑŒ Ñ Ð¾ÑˆÐ¸Ð±ÐºÐ¾Ð¹ Ð´Ð»Ñ Ð¿Ñ€Ð¾ÐµÐºÑ‚Ð° «%s»параметры «-i» и «-E» ÑвлÑÑŽÑ‚ÑÑ Ð²Ð·Ð°Ð¸Ð¼Ð¾Ð¸Ñключающимипараметры «-i» и «-s» ÑвлÑÑŽÑ‚ÑÑ Ð²Ð·Ð°Ð¸Ð¼Ð¾Ð¸Ñключающимипеременные Ð¾ÐºÑ€ÑƒÐ¶ÐµÐ½Ð¸Ñ Ð½ÐµÐ»ÑŒÐ·Ñ Ð¾Ð¿Ñ€ÐµÐ´ÐµÐ»Ñть в режиме редактированиÑнеобходимо указать роль Ð´Ð»Ñ Ñ‚Ð¸Ð¿Ð° %ssudo-1.8.9p5/src/po/ru.po010064400175440000012000000734051226304126400145500ustar00millertstaff# Transation of sudo messages to Russian. # This file is put in the public domain. # This file is distributed under the same license as the sudo package. # # Pavel Maryanov , 2011. # Yuri Kozlov , 2011, 2012, 2013. msgid "" msgstr "" "Project-Id-Version: sudo 1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-11 13:41-0700\n" "PO-Revision-Date: 2013-12-29 12:59+0400\n" "Last-Translator: Yuri Kozlov \n" "Language-Team: Russian \n" "Language: ru\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.4\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" #: common/aix.c:93 common/aix.c:150 msgid "unable to open userdb" msgstr "не удаётÑÑ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚ÑŒ userdb" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "не удаётÑÑ Ð¿ÐµÑ€ÐµÐºÐ»ÑŽÑ‡Ð¸Ñ‚ÑŒÑÑ Ð½Ð° рееÑтр «%s» Ð´Ð»Ñ %s" #: common/aix.c:170 msgid "unable to restore registry" msgstr "не удаётÑÑ Ð²Ð¾ÑÑтановить рееÑтр" #: common/alloc.c:81 msgid "internal error, tried to emalloc(0)" msgstr "внутреннÑÑ Ð¾ÑˆÐ¸Ð±ÐºÐ°, попытка выполнить emalloc(0)" #: common/alloc.c:98 msgid "internal error, tried to emalloc2(0)" msgstr "внутреннÑÑ Ð¾ÑˆÐ¸Ð±ÐºÐ°, попытка выполнить emalloc2(0)" #: common/alloc.c:100 common/alloc.c:122 common/alloc.c:162 common/alloc.c:185 #, c-format msgid "internal error, %s overflow" msgstr "внутреннÑÑ Ð¾ÑˆÐ¸Ð±ÐºÐ°, переполнение %s" #: common/alloc.c:119 msgid "internal error, tried to ecalloc(0)" msgstr "внутреннÑÑ Ð¾ÑˆÐ¸Ð±ÐºÐ°, попытка выполнить ecalloc(0)" #: common/alloc.c:141 msgid "internal error, tried to erealloc(0)" msgstr "внутреннÑÑ Ð¾ÑˆÐ¸Ð±ÐºÐ°, попытка выполнить erealloc(0)" #: common/alloc.c:160 msgid "internal error, tried to erealloc3(0)" msgstr "внутреннÑÑ Ð¾ÑˆÐ¸Ð±ÐºÐ°, попытка выполнить erealloc3(0)" #: common/alloc.c:183 msgid "internal error, tried to erecalloc(0)" msgstr "внутреннÑÑ Ð¾ÑˆÐ¸Ð±ÐºÐ°, попытка выполнить ereÑalloc(0)" #: common/atoid.c:78 common/atoid.c:106 common/atomode.c:54 #: compat/strtonum.c:65 compat/strtonum.c:183 msgid "invalid value" msgstr "недопуÑтимое значение" #: common/atoid.c:85 common/atoid.c:113 common/atomode.c:60 #: compat/strtonum.c:68 compat/strtonum.c:195 msgid "value too large" msgstr "значение Ñлишком велико" #: common/atoid.c:91 common/atomode.c:60 compat/strtonum.c:68 #: compat/strtonum.c:189 msgid "value too small" msgstr "значение Ñлишком мало" #: common/fatal.c:158 #, c-format msgid "%s: %s: %s\n" msgstr "%s: %s: %s\n" #: common/fatal.c:161 common/fatal.c:165 #, c-format msgid "%s: %s\n" msgstr "%s: %s\n" #: common/gidlist.c:80 src/load_plugins.c:63 src/load_plugins.c:76 #: src/sudo.c:558 src/sudo.c:577 src/sudo.c:599 src/sudo.c:608 src/sudo.c:617 #: src/sudo.c:632 src/sudo.c:679 src/sudo.c:689 #, c-format msgid "%s: %s" msgstr "%s: %s" #: common/sudo_conf.c:177 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "неподдерживаемый групповой иÑточник «%s» в %s, Ñтрока %d" #: common/sudo_conf.c:191 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "некорректное макÑимальное значение Ð´Ð»Ñ Ð³Ñ€ÑƒÐ¿Ð¿ «%s» в %s, Ñтрока %d" #: common/sudo_conf.c:391 #, c-format msgid "unable to stat %s" msgstr "не удалоÑÑŒ выполнить вызов stat %s" #: common/sudo_conf.c:394 #, c-format msgid "%s is not a regular file" msgstr "%s не ÑвлÑетÑÑ Ð¾Ð±Ñ‹Ñ‡Ð½Ñ‹Ð¼ файлом" #: common/sudo_conf.c:397 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s принадлежит пользователю Ñ uid %u, а должен принадлежать пользователю Ñ uid %u" #: common/sudo_conf.c:401 #, c-format msgid "%s is world writable" msgstr "доÑтуп на запиÑÑŒ в %s разрешена вÑем" #: common/sudo_conf.c:404 #, c-format msgid "%s is group writable" msgstr "доÑтуп на запиÑÑŒ в %s разрешена группе" #: common/sudo_conf.c:414 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "не удаётÑÑ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚ÑŒ %s" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "ÐеизвеÑтный Ñигнал" #: src/exec.c:133 src/exec_pty.c:744 msgid "policy plugin failed session initialization" msgstr "модулю политик не удалоÑÑŒ инициализировать ÑеанÑ" #: src/exec.c:138 src/exec_pty.c:760 src/exec_pty.c:1272 src/tgetpass.c:221 msgid "unable to fork" msgstr "не удаётÑÑ Ñоздать дочерний процеÑÑ" #: src/exec.c:309 src/exec.c:317 src/exec.c:841 src/exec_pty.c:507 #: src/exec_pty.c:512 src/exec_pty.c:570 src/exec_pty.c:577 src/exec_pty.c:870 #: src/exec_pty.c:880 src/exec_pty.c:925 src/exec_pty.c:932 #: src/exec_pty.c:1334 src/exec_pty.c:1341 src/exec_pty.c:1348 msgid "unable to add event to queue" msgstr "не удаётÑÑ Ð´Ð¾Ð±Ð°Ð²Ð¸Ñ‚ÑŒ Ñобытие в очередь" #: src/exec.c:394 msgid "unable to create sockets" msgstr "не удаётÑÑ Ñоздать Ñокеты" #: src/exec.c:477 msgid "error in event loop" msgstr "ошибка в Ñобытийном цикле" #: src/exec.c:492 msgid "unable to restore tty label" msgstr "не удаётÑÑ Ñоздать воÑÑтановить метку tty" #: src/exec_common.c:73 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "не удаётÑÑ ÑƒÐ´Ð°Ð»Ð¸Ñ‚ÑŒ PRIV_PROC_EXEC из PRIV_LIMIT" #: src/exec_pty.c:184 msgid "unable to allocate pty" msgstr "не удаётÑÑ Ð²Ñ‹Ð´ÐµÐ»Ð¸Ñ‚ÑŒ pty" #: src/exec_pty.c:682 src/exec_pty.c:691 src/exec_pty.c:699 #: src/exec_pty.c:1192 src/exec_pty.c:1269 src/signal.c:126 src/tgetpass.c:218 msgid "unable to create pipe" msgstr "не удаётÑÑ Ñоздать канал" #: src/exec_pty.c:735 msgid "unable to set terminal to raw mode" msgstr "не удаётÑÑ Ð¿ÐµÑ€ÐµÐ²ÐµÑти терминал в «Ñырой» режим" #: src/exec_pty.c:1091 msgid "error reading from signal pipe" msgstr "ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð¸Ð· Ñигнального канала" #: src/exec_pty.c:1124 msgid "error reading from pipe" msgstr "ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð¸Ð· канала" #: src/exec_pty.c:1149 msgid "error reading from socketpair" msgstr "ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð¸Ð· пары Ñокетов" #: src/exec_pty.c:1158 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "неожиданный тип ответа в резервном канале: %d" #: src/exec_pty.c:1248 msgid "unable to set controlling tty" msgstr "не удаётÑÑ ÑƒÑтановить управлÑющий tty" #: src/load_plugins.c:61 src/load_plugins.c:74 src/load_plugins.c:91 #: src/load_plugins.c:144 src/load_plugins.c:150 src/load_plugins.c:156 #: src/load_plugins.c:197 src/load_plugins.c:204 src/load_plugins.c:211 #: src/load_plugins.c:217 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "ошибка в %s, Ñтрока %d, при загрузке Ð¼Ð¾Ð´ÑƒÐ»Ñ Â«%s»" #: src/load_plugins.c:93 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:152 #, c-format msgid "%s must be owned by uid %d" msgstr "%s должен принадлежать пользователю Ñ uid %d" #: src/load_plugins.c:158 #, c-format msgid "%s must be only be writable by owner" msgstr "%s должен быть доÑтупен на запиÑÑŒ только владельцу" #: src/load_plugins.c:199 #, c-format msgid "unable to load %s: %s" msgstr "не удаётÑÑ Ð·Ð°Ð³Ñ€ÑƒÐ·Ð¸Ñ‚ÑŒ %s: %s" #: src/load_plugins.c:206 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "не удаётÑÑ Ð½Ð°Ð¹Ñ‚Ð¸ Ñимвол «%s» в %s" #: src/load_plugins.c:213 #, c-format msgid "unknown policy type %d found in %s" msgstr "найден неизвеÑтный тип политики %d в %s" #: src/load_plugins.c:219 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "найдена неÑовмеÑÑ‚Ð¸Ð¼Ð°Ñ Ð¾ÑÐ½Ð¾Ð²Ð½Ð°Ñ Ð²ÐµÑ€ÑÐ¸Ñ Ð¼Ð¾Ð´ÑƒÐ»Ñ %d (ожидалаÑÑŒ %d) в %s" #: src/load_plugins.c:228 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "игнорируетÑÑ Ð¼Ð¾Ð´ÑƒÐ»ÑŒ политики «%s» в %s, Ñтрока %d" #: src/load_plugins.c:230 msgid "only a single policy plugin may be specified" msgstr "может быть задан только один модуль политики" #: src/load_plugins.c:233 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "игнорируетÑÑ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ñ‹Ð¹ модуль политики «%s» в %s, Ñтрока %d" #: src/load_plugins.c:248 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "игнорируетÑÑ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ñ‹Ð¹ модуль ввода-вывода «%s» в %s, Ñтрока %d" #: src/load_plugins.c:319 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "модуль политики %s не Ñодержит метод check_policy" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 msgid "load_interfaces: overflow detected" msgstr "load_interfaces: обнаружено переполнение" #: src/net_ifs.c:226 msgid "unable to open socket" msgstr "не удаётÑÑ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚ÑŒ Ñокет" #: src/parse_args.c:246 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "аргумент Ð´Ð»Ñ -C должен быть чиÑлом, которое больше или равно 3" #: src/parse_args.c:408 msgid "you may not specify both the `-i' and `-s' options" msgstr "параметры «-i» и «-s» ÑвлÑÑŽÑ‚ÑÑ Ð²Ð·Ð°Ð¸Ð¼Ð¾Ð¸Ñключающими" #: src/parse_args.c:412 msgid "you may not specify both the `-i' and `-E' options" msgstr "параметры «-i» и «-E» ÑвлÑÑŽÑ‚ÑÑ Ð²Ð·Ð°Ð¸Ð¼Ð¾Ð¸Ñключающими" #: src/parse_args.c:422 msgid "the `-E' option is not valid in edit mode" msgstr "параметр «-E» не дейÑтвует в режиме редактированиÑ" #: src/parse_args.c:424 msgid "you may not specify environment variables in edit mode" msgstr "переменные Ð¾ÐºÑ€ÑƒÐ¶ÐµÐ½Ð¸Ñ Ð½ÐµÐ»ÑŒÐ·Ñ Ð¾Ð¿Ñ€ÐµÐ´ÐµÐ»Ñть в режиме редактированиÑ" #: src/parse_args.c:432 msgid "the `-U' option may only be used with the `-l' option" msgstr "параметр «-U» можно иÑпользовать только Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð¾Ð¼ «-l»" #: src/parse_args.c:436 msgid "the `-A' and `-S' options may not be used together" msgstr "параметры «-A» и «-S» ÑвлÑÑŽÑ‚ÑÑ Ð²Ð·Ð°Ð¸Ð¼Ð¾Ð¸Ñключающими" #: src/parse_args.c:519 msgid "sudoedit is not supported on this platform" msgstr "sudoedit не поддерживаетÑÑ Ð½Ð° Ñтой платформе" #: src/parse_args.c:592 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Можно указать только параметры -e, -h, -i, -K, -l, -s, -v или -V" #: src/parse_args.c:606 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s — редактирование файлов от имени другого пользователÑ\n" "\n" #: src/parse_args.c:608 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s — выполнение команд от имени другого пользователÑ\n" "\n" #: src/parse_args.c:613 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "Параметры:\n" #: src/parse_args.c:615 msgid "use a helper program for password prompting" msgstr "иÑпользовать вÑпомогательную программу Ð´Ð»Ñ Ð²Ð²Ð¾Ð´Ð° паролÑ" #: src/parse_args.c:618 msgid "use specified BSD authentication type" msgstr "иÑпользовать указанный тип проверки подлинноÑти BSD" #: src/parse_args.c:621 msgid "run command in the background" msgstr "выполнить команду в фоновом режиме" #: src/parse_args.c:623 msgid "close all file descriptors >= num" msgstr "закрыть вÑе деÑкрипторы файлов >= num" #: src/parse_args.c:626 msgid "run command with the specified BSD login class" msgstr "выполнить команду Ñ ÑƒÐºÐ°Ð·Ð°Ð½Ð½Ñ‹Ð¼ клаÑÑом входа BSD в ÑиÑтему" #: src/parse_args.c:629 msgid "preserve user environment when running command" msgstr "Ñохранить пользовательÑкое окружение при выполнении команды" #: src/parse_args.c:631 msgid "edit files instead of running a command" msgstr "редактировать файлы вмеÑто Ð²Ñ‹Ð¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ‹" #: src/parse_args.c:633 msgid "run command as the specified group name or ID" msgstr "выполнить команду от имени или ID указанной группы" #: src/parse_args.c:635 msgid "set HOME variable to target user's home dir" msgstr "уÑтановить Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ¼ÐµÐ½Ð½Ð¾Ð¹ HOME домашний каталог указанного пользователÑ" #: src/parse_args.c:637 msgid "display help message and exit" msgstr "показать Ñправку и выйти" #: src/parse_args.c:639 msgid "run command on host (if supported by plugin)" msgstr "выполнить команду на узле (еÑли поддерживаетÑÑ Ð¼Ð¾Ð´ÑƒÐ»ÐµÐ¼)" #: src/parse_args.c:641 msgid "run login shell as the target user; a command may also be specified" msgstr "запуÑтить оболочку входа в ÑиÑтему от имени указанного пользователÑ; также можно задать команду" #: src/parse_args.c:643 msgid "remove timestamp file completely" msgstr "полноÑтью удалить файл timestamp" #: src/parse_args.c:645 msgid "invalidate timestamp file" msgstr "объÑвить недейÑтвительным файл timestamp" #: src/parse_args.c:647 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "показать ÑпиÑок прав Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð¸Ð»Ð¸ проверить заданную команду; в длинном формате иÑпользуетÑÑ Ð´Ð²Ð°Ð¶Ð´Ñ‹" #: src/parse_args.c:649 msgid "non-interactive mode, no prompts are used" msgstr "автономный режим без не вывода запроÑов пользователю" #: src/parse_args.c:651 msgid "preserve group vector instead of setting to target's" msgstr "Ñохранить вектор группы вмеÑто уÑтановки целевой группы" #: src/parse_args.c:653 msgid "use the specified password prompt" msgstr "иÑпользовать указанный Ð·Ð°Ð¿Ñ€Ð¾Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ" #: src/parse_args.c:656 msgid "create SELinux security context with specified role" msgstr "Ñоздать контекÑÑ‚ безопаÑноÑти SELinux Ñ ÑƒÐºÐ°Ð·Ð°Ð½Ð½Ð¾Ð¹ ролью" #: src/parse_args.c:659 msgid "read password from standard input" msgstr "читать пароль из Ñтандартного ввода" #: src/parse_args.c:661 msgid "run shell as the target user; a command may also be specified" msgstr "запуÑтить оболочку от имени указанного пользователÑ; также можно задать команду" #: src/parse_args.c:664 msgid "create SELinux security context with specified type" msgstr "Ñоздать контекÑÑ‚ безопаÑноÑти SELinux указанного типа" #: src/parse_args.c:667 msgid "in list mode, display privileges for user" msgstr "в режиме ÑпиÑка показывать права пользователÑ" #: src/parse_args.c:669 msgid "run command (or edit file) as specified user name or ID" msgstr "выполнить команду (или редактировать файл) от имени или ID указанного пользователÑ" #: src/parse_args.c:671 msgid "display version information and exit" msgstr "показать ÑÐ²ÐµÐ´ÐµÐ½Ð¸Ñ Ð¾ верÑии и выйти" #: src/parse_args.c:673 msgid "update user's timestamp without running a command" msgstr "обновить временную метку Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð±ÐµÐ· Ð²Ñ‹Ð¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ‹" #: src/parse_args.c:675 msgid "stop processing command line arguments" msgstr "прекратить обработку аргументов командной Ñтроки" #: src/selinux.c:77 msgid "unable to open audit system" msgstr "не удаётÑÑ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚ÑŒ ÑиÑтему аудита" #: src/selinux.c:85 msgid "unable to send audit message" msgstr "не удаётÑÑ Ð¾Ñ‚Ð¿Ñ€Ð°Ð²Ð¸Ñ‚ÑŒ Ñообщение аудита" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "не удаётÑÑ Ð²Ñ‹Ð¿Ð¾Ð»Ð½Ð¸Ñ‚ÑŒ fgetfilecon %s" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "изменено меток: %s" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "не удаётÑÑ Ð²Ð¾ÑÑтановить контекÑÑ‚ Ð´Ð»Ñ %s" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "не удаётÑÑ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚ÑŒ %s, tty без возможноÑти переименованиÑ" #: src/selinux.c:172 msgid "unable to get current tty context, not relabeling tty" msgstr "не удаётÑÑ Ð¿Ð¾Ð»ÑƒÑ‡Ð¸Ñ‚ÑŒ контекÑÑ‚ текущего tty, tty без возможноÑти переименованиÑ" #: src/selinux.c:179 msgid "unable to get new tty context, not relabeling tty" msgstr "не удаётÑÑ Ð¿Ð¾Ð»ÑƒÑ‡Ð¸Ñ‚ÑŒ контекÑÑ‚ tty, tty без возможноÑти переименованиÑ" #: src/selinux.c:186 msgid "unable to set new tty context" msgstr "не удаётÑÑ ÑƒÑтановить новый контекÑÑ‚ tty" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "необходимо указать роль Ð´Ð»Ñ Ñ‚Ð¸Ð¿Ð° %s" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "не удаётÑÑ Ð¿Ð¾Ð»ÑƒÑ‡Ð¸Ñ‚ÑŒ тип по умолчанию Ð´Ð»Ñ Ñ€Ð¾Ð»Ð¸ %s" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "не удалоÑÑŒ уÑтановить новую роль %s" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "не удалоÑÑŒ уÑтановить новый тип %s" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s не ÑвлÑетÑÑ Ð´Ð¾Ð¿ÑƒÑтимым контекÑтом" #: src/selinux.c:324 msgid "failed to get old_context" msgstr "не удалоÑÑŒ получить old_context" #: src/selinux.c:330 msgid "unable to determine enforcing mode." msgstr "не удаётÑÑ Ð¾Ð¿Ñ€ÐµÐ´ÐµÐ»Ð¸Ñ‚ÑŒ принудительный режим" #: src/selinux.c:342 #, c-format msgid "unable to set tty context to %s" msgstr "не удаётÑÑ Ð·Ð°Ð´Ð°Ñ‚ÑŒ контекÑÑ‚ tty Ð´Ð»Ñ %s" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "не удаётÑÑ ÑƒÑтановить Ð´Ð»Ñ ÐºÐ¾Ð½Ñ‚ÐµÐºÑта exec значение %s" #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "не удаётÑÑ ÑƒÑтановить Ð´Ð»Ñ ÐºÐ¾Ð½Ñ‚ÐµÐºÑта ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ ÐºÐ»ÑŽÑ‡Ð° значение %s" #: src/sesh.c:57 msgid "requires at least one argument" msgstr "укажите не менее одного аргумента" #: src/sesh.c:78 src/sudo.c:1088 #, c-format msgid "unable to execute %s" msgstr "не удаётÑÑ Ð²Ñ‹Ð¿Ð¾Ð»Ð½Ð¸Ñ‚ÑŒ %s" #: src/solaris.c:88 msgid "resource control limit has been reached" msgstr "доÑтигнут лимит ÑƒÐ¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ñ€ÐµÑурÑами" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "пользователь «%s» не ÑвлÑетÑÑ Ñ‡Ð»ÐµÐ½Ð¾Ð¼ проекта «%s»" #: src/solaris.c:95 msgid "the invoking task is final" msgstr "вызывающе задание — поÑледнее" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "не удалоÑÑŒ приÑоединитьÑÑ Ðº проекту «%s»" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "Ð´Ð»Ñ Ð¿Ñ€Ð¾ÐµÐºÑ‚Ð° «%s» не ÑущеÑтвует пула реÑурÑов, принимающих привÑзки по умолчанию" #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "у проекта «%s» нет указанного пула реÑурÑов" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "не удаётÑÑ Ð¿Ð¾Ð´ÐºÐ»ÑŽÑ‡Ð¸Ñ‚ÑŒÑÑ Ðº пулу реÑурÑов по умолчанию проекта «%s»" #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "setproject завершилаÑÑŒ Ñ Ð¾ÑˆÐ¸Ð±ÐºÐ¾Ð¹ Ð´Ð»Ñ Ð¿Ñ€Ð¾ÐµÐºÑ‚Ð° «%s»" #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "предупреждение: назначение ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð·Ð° реÑурÑами завершилоÑÑŒ Ñ Ð¾ÑˆÐ¸Ð±ÐºÐ¾Ð¹ Ð´Ð»Ñ Ð¿Ñ€Ð¾ÐµÐºÑ‚Ð° «%s»" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo верÑÐ¸Ñ %s\n" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Параметры наÑтройки: %s\n" #: src/sudo.c:203 msgid "fatal error, unable to load plugins" msgstr "Ñ„Ð°Ñ‚Ð°Ð»ÑŒÐ½Ð°Ñ Ð¾ÑˆÐ¸Ð±ÐºÐ°, не удалоÑÑŒ загрузить модули" #: src/sudo.c:211 msgid "unable to initialize policy plugin" msgstr "не удаётÑÑ Ð¸Ð½Ð¸Ñ†Ð¸Ð°Ð»Ð¸Ð·Ð¸Ñ€Ð¾Ð²Ð°Ñ‚ÑŒ модуль политики" #: src/sudo.c:267 #, c-format msgid "error initializing I/O plugin %s" msgstr "ошибка инициализации Ð¼Ð¾Ð´ÑƒÐ»Ñ Ð²Ð²Ð¾Ð´Ð°-вывода %s" #: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "неожиданный режим sudo: 0x%x" #: src/sudo.c:413 msgid "unable to get group vector" msgstr "не удаётÑÑ Ð¿Ð¾Ð»ÑƒÑ‡Ð¸Ñ‚ÑŒ вектор группы" #: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "неизвеÑтный uid %u: кто вы?" #: src/sudo.c:762 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s должен принадлежать пользователю Ñ uid %d и иметь бит setuid" #: src/sudo.c:765 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "Ñффективный uid не равен %d, возможно, %s находитÑÑ Ð² файловой ÑиÑтеме, Ñмонтированной Ñ Ð±Ð¸Ñ‚Ð¾Ð¼ «nosuid» или в файловой ÑиÑтеме NFS без прав ÑуперпользователÑ?" #: src/sudo.c:771 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "Ñффективный uid не равен %d, программа sudo уÑтановлена Ñ Ð±Ð¸Ñ‚Ð¾Ð¼ setuid и принадлежит root?" #: src/sudo.c:897 #, c-format msgid "unknown login class %s" msgstr "неизвеÑтный клаÑÑ Ð²Ñ…Ð¾Ð´Ð° %s" #: src/sudo.c:910 msgid "unable to set user context" msgstr "не удаётÑÑ Ð½Ð°Ð·Ð½Ð°Ñ‡Ð¸Ñ‚ÑŒ контекÑÑ‚ пользователÑ" #: src/sudo.c:924 msgid "unable to set supplementary group IDs" msgstr "не удаётÑÑ Ð½Ð°Ð·Ð½Ð°Ñ‡Ð¸Ñ‚ÑŒ дополнительные идентификаторы групп" #: src/sudo.c:931 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "не удаётÑÑ Ð½Ð°Ð·Ð½Ð°Ñ‡Ð¸Ñ‚ÑŒ Ñффективный gid на runas gid %u" #: src/sudo.c:937 #, c-format msgid "unable to set gid to runas gid %u" msgstr "не удаётÑÑ Ð½Ð°Ð·Ð½Ð°Ñ‡Ð¸Ñ‚ÑŒ gid на runas gid %u" #: src/sudo.c:944 msgid "unable to set process priority" msgstr "не удаётÑÑ Ð½Ð°Ð·Ð½Ð°Ñ‡Ð¸Ñ‚ÑŒ приоритет процеÑÑа" #: src/sudo.c:952 #, c-format msgid "unable to change root to %s" msgstr "не удаётÑÑ Ð¸Ð·Ð¼ÐµÐ½Ð¸Ñ‚ÑŒ root на %s" #: src/sudo.c:965 src/sudo.c:971 src/sudo.c:977 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "не удаётÑÑ Ð¸Ð·Ð¼ÐµÐ½Ð¸Ñ‚ÑŒ на runas uid (%u, %u)" #: src/sudo.c:994 #, c-format msgid "unable to change directory to %s" msgstr "не удаётÑÑ Ñменить каталог на %s" #: src/sudo.c:1051 #, c-format msgid "unexpected child termination condition: %d" msgstr "неожиданное уÑловие Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð¸Ñ Ð¿Ð¾Ñ‚Ð¾Ð¼ÐºÐ°: %d" #: src/sudo.c:1108 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "модуль политики %s не Ñодержит метод «check_policy»" #: src/sudo.c:1121 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "модуль политики %s не поддерживает ÑпиÑка прав" #: src/sudo.c:1133 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "модуль политики %s не поддерживает параметр -v" #: src/sudo.c:1145 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "модуль политики %s не поддерживает параметры -k/-K" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "Ðе удалоÑÑŒ изменить uid на root (%u)" #: src/sudo_edit.c:142 msgid "plugin error: missing file list for sudoedit" msgstr "ошибка модулÑ: отÑутÑтвует ÑпиÑок файлов Ð´Ð»Ñ sudoedit" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: не обычный файл" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: Ð½ÐµÐ¿Ð¾Ð»Ð½Ð°Ñ Ð·Ð°Ð¿Ð¸ÑÑŒ" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s оÑталоÑÑŒ неизменным" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s не изменено" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "не удаётÑÑ Ð·Ð°Ð¿Ð¸Ñать в %s" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "Ñодержимое ÑеанÑа Ñ€ÐµÐ´Ð°ÐºÑ‚Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ñохранено в %s" #: src/sudo_edit.c:314 msgid "unable to read temporary file" msgstr "не удаётÑÑ Ð¿Ñ€Ð¾Ñ‡ÐµÑть временный файл" #: src/tgetpass.c:90 msgid "no tty present and no askpass program specified" msgstr "нет tty и не указана программа askpass" #: src/tgetpass.c:99 msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "не указана программа askpass, попробуйте задать значение в SUDO_ASKPASS" #: src/tgetpass.c:232 #, c-format msgid "unable to set gid to %u" msgstr "не удаётÑÑ Ð½Ð°Ð·Ð½Ð°Ñ‡Ð¸Ñ‚ÑŒ gid равным %u" #: src/tgetpass.c:236 #, c-format msgid "unable to set uid to %u" msgstr "не удаётÑÑ Ð½Ð°Ð·Ð½Ð°Ñ‡Ð¸Ñ‚ÑŒ uid равным %u" #: src/tgetpass.c:241 #, c-format msgid "unable to run %s" msgstr "не удаётÑÑ Ð²Ñ‹Ð¿Ð¾Ð»Ð½Ð¸Ñ‚ÑŒ %s" #: src/utmp.c:278 msgid "unable to save stdin" msgstr "не удаётÑÑ Ñохранить Ñтандартный ввод" #: src/utmp.c:280 msgid "unable to dup2 stdin" msgstr "не удаётÑÑ Ð²Ñ‹Ð¿Ð¾Ð»Ð½Ð¸Ñ‚ÑŒ dup2 Ð´Ð»Ñ Ñтандартного ввода" #: src/utmp.c:283 msgid "unable to restore stdin" msgstr "не удаётÑÑ Ð²Ð¾ÑÑтановить Ñтандартный ввод" #~ msgid "value out of range" #~ msgstr "значение за пределами диапазона" #~ msgid "select failed" #~ msgstr "ошибка select" #~ msgid "unknown user: %s" #~ msgstr "неизвеÑтный пользователь: %s" #~ msgid "list user's available commands\n" #~ msgstr "вывеÑти ÑпиÑок команд, доÑтупных пользователю\n" #~ msgid "run a shell as target user\n" #~ msgstr "запуÑтить оболочку от имени указанного пользователÑ\n" #~ msgid "when listing, list specified user's privileges\n" #~ msgstr "при выводе ÑпиÑка показать привилегии пользователÑ\n" #~ msgid "unable to allocate memory" #~ msgstr "не удаётÑÑ Ð²Ñ‹Ð´ÐµÐ»Ð¸Ñ‚ÑŒ памÑть" #~ msgid ": " #~ msgstr ": " #~ msgid "internal error, emalloc2() overflow" #~ msgstr "внутреннÑÑ Ð¾ÑˆÐ¸Ð±ÐºÐ°, переполнение emalloc2()" #~ msgid "internal error, erealloc3() overflow" #~ msgstr "внутреннÑÑ Ð¾ÑˆÐ¸Ð±ÐºÐ°, переполнение erealloc3()" #~ msgid "%s: at least one policy plugin must be specified" #~ msgstr "%s: необходимо указать не менее одного Ð¼Ð¾Ð´ÑƒÐ»Ñ Ð¿Ð¾Ð»Ð¸Ñ‚Ð¸ÐºÐ¸" #~ msgid "must be setuid root" #~ msgstr "требуетÑÑ setuid Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ root" #~ msgid "the argument to -D must be between 1 and 9 inclusive" #~ msgstr "аргумент Ð´Ð»Ñ -D должен быть в диапазоне от 1 до 9 включительно" sudo-1.8.9p5/src/po/sl.mo010064400175440000012000000400701226304146200145250ustar00millertstaffÞ•¢,ß< ¸ ¹ !Ä (æ !6O#i¢$µÚ6õ ,9BI Q]t„I›åö!#'8K„4 Õ%ô({C7¿.÷ &G_~'œÄÞø#164h*>È###G$k$%µ%Û&(C"c6†C½/+1,],Š7·4ï3$/X5ˆ+¾5ê1 "R!u—'¶!Þ-J'i ‘-Ÿ"Í7ð'(*P2{)®5Ø>Mh  &¼!ã#4Xp…š ³Ô5ã&@1["°%Âè0/N ~ŸºÒîÿ1+O {œ!´(Öÿ %< "b …  "¸ Û (í !*,!(W!€!š!"±!Ô!ñ!,"2/"*b"&"´")Ó"<ý"/:#2j#2#6Ð##$›+$ Ç%)Ô%%þ%$&:&=&V&6m&-¤&Ò&'í&('M>'Œ''¦'­' µ'Á'Û'î'H(Q( e(!s($•(6º($ñ(4)'K)+s)%Ÿ)•Å)4[*I*&Ú*+" +"C+!f+&ˆ+"¯+"Ò++õ+>!,E`,;¦,:â,*-2H-*{-+¦-+Ò-,þ-++.;W.2“.)Æ..ð.J/Oj/?º/+ú/*&01Q08ƒ04¼00ñ0-"18P1*‰10´12å1#2/<2l2%…2,«2$Ø29ý273,N3{3>3'Ï3-÷3/%4U45u4,«45Ø495H5e5}5#58Á56ú516K6&h6"6"²6Õ6#í6"747JI7/”7%Ä7Fê7(18Z86p8%§8Í8ç8"92$9!W9y9—9±9Ð9æ9(: ):QJ:*œ:$Ç:Cì:50;%f;&Œ;.³;-â;'<'8<&`<&‡<+®<Ú<6ñ<3(=\={= ”=!µ=×=3ì=7 >3X>$Œ>%±>%×>=ý>:;?4v?4«?7à?@1†š 3“B„w{(ˆ—nCW?l@`œ >~O4Ž‘ RN_gmv\ŸQa€Œ&˜Vu.F8e*f–KLrž=Tc]ŠJG2‡q ƒZ¡'"b0kA$<-U…D¢+Ij™XEYi o‰9 },SP^MHdz#p;7/6x”|%[‹’!: ys›h5‚)t• Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: %s %s: %s: %s %s: not a regular file%s: short writeConfigure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= fd contents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified role display help message and exit display version information and exit edit files instead of running a command effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error in %s, line %d while loading plugin `%s'error initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairexecute command as the specified group failed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsignoring duplicate I/O plugin `%s' in %s, line %dignoring duplicate policy plugin `%s' in %s, line %dignoring policy plugin `%s' in %s, line %dincompatible plugin major version %d (expected %d) found in %sinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalid max groups `%s' in %s, line %dinvalidate timestamp file list user's available commands load_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, will not prompt user only a single policy plugin may be specifiedplugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin %s is missing the `check_policy' methodpolicy plugin failed session initializationpreserve group vector instead of setting to target's preserve user environment when executing command read password from standard input remove timestamp file completely requires at least one argumentresource control limit has been reachedrun a login shell as target user run a shell as target user run command (or edit file) as specified user run command in the background run command with specified login class select failedset HOME variable to target user's home dir. setproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line arguments sudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dlopen %s: %sunable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to find symbol `%s' in %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set uid to %uunable to set user contextunable to setup tty context for %sunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown policy type %d found in %sunknown uid %u: who are you?unknown user: %sunsupported group source `%s' in %s, line %dupdate user's timestamp without running a command use helper program for password prompting use specified BSD authentication type use specified password prompt user "%s" is not a member of project "%s"warning, resource control assignment failed for project "%s"when listing, list specified user's privileges you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo 1.8.7b1 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-04-02 10:40-0400 PO-Revision-Date: 2013-04-06 09:33+0100 Last-Translator: Klemen KoÅ¡ir Language-Team: Slovenian Language: sl MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Generator: Poedit 1.5.5 Možnosti: %s - urejaj datoteke kot drug uporabnik %s - izvedi ukaz kot drug uporabnik %s spremenjenih oznak%s%s ni obiÄajna datoteka%s ni veljavna vsebina%s je v lasti uporabnika z ID-jem %u, moral bi biti %uv datoteko %s lahko zapisujejo vsi uporabniki%s je ostalo nespremenjeno%s mora biti zapisljiv samo za lastnika%s mora biti v lasti ID-ja uporabnika %d%s si mora lastiti uporabnik z ID-jem %d and mora imeti nastavljen bit setuid%s nespremenjeno%s%s: %s%s: %s%s: %s %s: %s: %s %s: ni obiÄajna datoteka%s: kratko pisanjeNastavitev možnosti: %s Od -e, -h, -i, -K, -l, -s, -v ali -V je lahko navedena samo ena možnostSudo razliÄica %s Neznan signalzapri vse opisnike datotek >= fd vsebina seje urejanja je ostala v %sni mogoÄe vezati na privzet vir zalog za projekt "%s"ni mogoÄe pridružiti projekta "%s"ustvari varnostno vsebino SELinux z doloÄeno vlogo prikaži sporoÄilo pomoÄi in konÄaj prikaži podrobnosti razliÄice in konÄaj namesto izvedbe ukaza uredi datoteke trenutni ID uporabnika ni %d. Ali je %s na datoteÄnem sistemu z nastavljeno možnostjo "nosuid" ali datoteÄnem sistemu NFS brez dovoljenj skrbnika?trenutni uid ni %d. Ali je sudo pravilno nameÅ¡Äen?v datoteki %s (vrstica %d) je priÅ¡lo do napake med nalaganjem vstavka %snapaka med zaÄenjanjem I/O vstavka %snapaka med branjem iz cevovodanapaka med branjem iz cevi signalanapaka med branjem iz para vtiÄevizvedi ukaz kot navedena skupina pridobitev stare_vsebine je spodletelanastavitev nove vloge %s ni uspelanastavitev nove vrste %s ni uspelausodna napaka, ni mogoÄe naložiti vstavkapodvojeni vstavek I/O %s v datoteki %s v %d. vrstici bo prezrtpodvojeni vstavek pravilnika %s v datoteki %s v %d. vrstici bo prezrtvstavek pravilnika %s v datoteki %s v %d. vrstici bo prezrtnezdružljiva razliÄica vstavka %d (priÄakovana %d) v %snotranja napaka, prekoraÄitev funkcije %snotranja napaka med izvajanjem funkcije ecalloc(0)notranja napaka, poskus uporabe emalloc(0)notranja napaka, poskus uporabe emalloc2(0)notranja napaka, poskus uporabe erealloc(0)notranja napaka, poskus uporabe erealloc3(0)notranja napaka, poskus uporabe erealloc(0)neveljavna najveÄja skupina %s v datoteki %s v %d. vrsticirazveljavi veljavnost datoteke s Äasovnimi žigi prikaži razpoložljive ukaze uporabnika load_interfaces: zaznana je bila prekoraÄitevdoloÄenega ni nobenega programa askpass, poskusite nastaviti SUDO_ASKPASSnobene zaloge virov, ki sprejemajo privzete vezi, ne obstajajo za projekt "% s"prisotnega ni nobenega tty in doloÄen ni noben program askpassnevzajemni naÄin, ne bo poziva uporabnika naložen je lahko le en vstavek pravilnikanapaka vstavka: manjka seznam datotek za sudoeditvstavek pravilnika %s ne vkljuÄuje naÄina check_policyvstavek pravilnika %s ne podpira navajanja dovoljenjvstavek pravilnika %s ne podpira možnosti -k/-Kvstavek pravilnika %s ne podpira možnosti -vvstavek pravilnika %s ne vkljuÄuje naÄina check_policyvstavek za pravilnik ni mogel zagnati sejeohrani vektor skupine namesto nastavitve tarÄi ohrani okolje uporabnika, kadar se izvajajo ukazi preberi geslo s standardnega vnosa popolnoma odstrani datoteko s Äasovnimi žigi zahteva vsaj en argumentmeja omejitve virov je bila doseženazaženi lupino prijave kot ciljni uporabnik zaženi lupino kot ciljni uporabnik zaženi ukaz (ali uredi datoteko) kot doloÄen uporabnik zaženi ukaz v ozadju zaženi ukaz z navedenim prijavnim razredom izbira je spodletelanastavi spremenljivko HOME kot cilj v domaÄi mapi uporabnika setproject je spodletel za projekt "%s"doloÄen vir zalog ne obstaja za projekt "%s"zaustavi obdelovanje argumentov ukazne vrstice sudoedit ni podprt v tem okoljumožnosti `-A' in `-S' se ne smeta uporabljati hkratimožnost `-E' ni veljavna v naÄinu urejanjamožnost `-U' se lahko uporabi samo z možnostjo `-l'argument k -C mora biti Å¡tevilka, veÄja kot ali enaka 3priklicana naloga je konÄnani mogoÄe dodeliti ptyni mogoÄe spremeniti mape v %sni mogoÄe spremeniti skrbnika v %sni mogoÄe spremeniti ID uporabnika zaženi kot (%u, %u)ni mogoÄe spremeniti ID-ja uporabnika v skrbnika (%u)ni mogoÄe ustvariti cevini mogoÄe ustvariti vtiÄevni mogoÄe doloÄiti naÄina vsiljenjani mogoÄe uporabiti dlopen %s: %sni mogoÄe uporabiti dup2 za stdinni mogoÄe izvrÅ¡iti %sni mogoÄe uporabiti fgetfilecon %sni mogoÄe najti simbola '%s' v %sni mogoÄe razvejitini mogoÄe pridobiti trenutne vsebine tty, brez ponovnega oznaÄevanja ttyni mogoÄe pridobiti privzete vrste za vlogo %sni mogoÄe pridobiti vektorja skupineni mogoÄe pridobiti nove vsebine tty, brez ponovnega oznaÄevanja ttyni mogoÄe zaÄenjati vstavka pravilnikani mogoÄe odpreti %sni mogoÄe odpreti %s, brez ponovnega oznaÄevanja ttyni mogoÄe odpreti nadzornega sistemani mogoÄe odpreti vtiÄani mogoÄe odpreti userdbni mogoÄe brati zaÄasne datotekeni mogoÄe odstraniti PRIV_PROC_EXEC iz PRIV_LIMITni mogoÄe obnoviti vsebine za %sni mogoÄe obnoviti vpisnikani mogoÄe obnoviti stdinni mogoÄe obnoviti oznake ttyni mogoÄe zagnati %sni mogoÄe shraniti stdinni mogoÄe poslati nadzornega sporoÄilani mogoÄe nastaviti nadzora ttyni mogoÄe nastaviti uÄinkovitega ID-ja skupine, da se zažene kot ID skupine %uni mogoÄe nastavite izvedene vsebine k %sni mogoÄe nastaviti ID skupine v %uni mogoÄe nastaviti ID-ja skupine, da se zažene kot ID skupine %uni mogoÄe nastaviti vsebine ustvarjenja kljuÄa k %sni mogoÄe nastaviti nove vsebine ttyni mogoÄe nastaviti prednosti opravilni mogoÄe nastaviti dopolnilnih ID-jev skupinni mogoÄe postaviti terminala v surov naÄinni mogoÄe nastaviti ID uporabnika v %uni mogoÄe nastaviti vsebine uporabnikani mogoÄe nastaviti vsebine tty za %sstanja datoteke %s ni mogoÄe izpisatini mogoÄe preklopiti na vpisnik "%s" za %sni mogoÄe pisati v %snepriÄakovan pogoj uniÄenja podrejenega opravila: %dnepriÄakovana vrsta odgovora na ozadnem kanalu: %dnepriÄakovan naÄin sudo 0x%xneznan razred prijave %sneznana vrsta pravilnika %d v %sneznan ID uporabnika %u: kdo ste?neznan uporabnik: %snepodprt vir skupine %s v datoteki %s v %d. vrsticiposodobi Äasovni žig uporabnika brez izvajanja ukaza uporabi program pomagalnik za pozive za vnos gesla uporabi navedeno vrsto urejanja BSD uporabi doloÄen poziv za vnos gesla uporabnik "%s" ni Älan projekta "%s"opozorilo, naloga nadzora virov je spodletela za projekt "%s"med naÅ¡tevanjem prikaži doloÄena dovoljenja uporabnika možnosti `-i' in `-E' ne smeta biti navedeni hkratimožnosti `-i' in `-s' ne smeta biti navedeni hkrativ naÄinu urejanja se ne sme podati spremenljivk okoljapodati morate vlogo za vrsto %ssudo-1.8.9p5/src/po/sl.po010064400175440000012000000532651226304126400145420ustar00millertstaff# Slovenian translation of sudo. # This file is put in the public domain. # This file is distributed under the same license as the sudo package. # # Damir JerovÅ¡ek , 2012. # Klemen KoÅ¡ir , 2012 - 2013. # msgid "" msgstr "" "Project-Id-Version: sudo 1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-04-02 10:40-0400\n" "PO-Revision-Date: 2013-04-06 09:33+0100\n" "Last-Translator: Klemen KoÅ¡ir \n" "Language-Team: Slovenian \n" "Language: sl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Poedit 1.5.5\n" #: common/aix.c:150 #, c-format msgid "unable to open userdb" msgstr "ni mogoÄe odpreti userdb" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "ni mogoÄe preklopiti na vpisnik \"%s\" za %s" #: common/aix.c:170 #, c-format msgid "unable to restore registry" msgstr "ni mogoÄe obnoviti vpisnika" #: common/alloc.c:82 msgid "internal error, tried to emalloc(0)" msgstr "notranja napaka, poskus uporabe emalloc(0)" #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" msgstr "notranja napaka, poskus uporabe emalloc2(0)" #: common/alloc.c:101 common/alloc.c:123 common/alloc.c:163 common/alloc.c:187 #, c-format msgid "internal error, %s overflow" msgstr "notranja napaka, prekoraÄitev funkcije %s" #: common/alloc.c:120 msgid "internal error, tried to ecalloc(0)" msgstr "notranja napaka med izvajanjem funkcije ecalloc(0)" #: common/alloc.c:142 msgid "internal error, tried to erealloc(0)" msgstr "notranja napaka, poskus uporabe erealloc(0)" #: common/alloc.c:161 msgid "internal error, tried to erealloc3(0)" msgstr "notranja napaka, poskus uporabe erealloc3(0)" #: common/alloc.c:185 msgid "internal error, tried to erecalloc(0)" msgstr "notranja napaka, poskus uporabe erealloc(0)" #: common/error.c:154 #, c-format msgid "%s: %s: %s\n" msgstr "%s: %s: %s\n" #: common/error.c:157 common/error.c:161 #, c-format msgid "%s: %s\n" msgstr "%s: %s\n" #: common/sudo_conf.c:172 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "nepodprt vir skupine %s v datoteki %s v %d. vrstici" #: common/sudo_conf.c:186 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "neveljavna najveÄja skupina %s v datoteki %s v %d. vrstici" #: common/sudo_conf.c:382 #, c-format msgid "unable to stat %s" msgstr "stanja datoteke %s ni mogoÄe izpisati" #: common/sudo_conf.c:385 #, c-format msgid "%s is not a regular file" msgstr "%s ni obiÄajna datoteka" #: common/sudo_conf.c:388 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s je v lasti uporabnika z ID-jem %u, moral bi biti %u" #: common/sudo_conf.c:392 #, c-format msgid "%s is world writable" msgstr "v datoteko %s lahko zapisujejo vsi uporabniki" #: common/sudo_conf.c:395 #, c-format msgid "%s is group writable" msgstr "%s" #: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "ni mogoÄe odpreti %s" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Neznan signal" #: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "vstavek za pravilnik ni mogel zagnati seje" #: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220 #, c-format msgid "unable to fork" msgstr "ni mogoÄe razvejiti" #: src/exec.c:259 #, c-format msgid "unable to create sockets" msgstr "ni mogoÄe ustvariti vtiÄev" #: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "izbira je spodletela" #: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "ni mogoÄe obnoviti oznake tty" #: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "ni mogoÄe odstraniti PRIV_PROC_EXEC iz PRIV_LIMIT" #: src/exec_pty.c:183 #, c-format msgid "unable to allocate pty" msgstr "ni mogoÄe dodeliti pty" #: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 #: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217 #, c-format msgid "unable to create pipe" msgstr "ni mogoÄe ustvariti cevi" #: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" msgstr "ni mogoÄe postaviti terminala v surov naÄin" #: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "ni mogoÄe nastaviti nadzora tty" #: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "napaka med branjem iz cevi signala" #: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "napaka med branjem iz cevovoda" #: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "napaka med branjem iz para vtiÄev" #: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "nepriÄakovana vrsta odgovora na ozadnem kanalu: %d" #: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 #: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 #: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "v datoteki %s (vrstica %d) je priÅ¡lo do napake med nalaganjem vstavka %s" #: src/load_plugins.c:72 #, c-format msgid "%s: %s" msgstr "%s: %s" #: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "%s mora biti v lasti ID-ja uporabnika %d" #: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "%s mora biti zapisljiv samo za lastnika" #: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "ni mogoÄe uporabiti dlopen %s: %s" #: src/load_plugins.c:194 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "ni mogoÄe najti simbola '%s' v %s" #: src/load_plugins.c:201 #, c-format msgid "unknown policy type %d found in %s" msgstr "neznana vrsta pravilnika %d v %s" #: src/load_plugins.c:207 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "nezdružljiva razliÄica vstavka %d (priÄakovana %d) v %s" #: src/load_plugins.c:216 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "vstavek pravilnika %s v datoteki %s v %d. vrstici bo prezrt" #: src/load_plugins.c:218 #, c-format msgid "only a single policy plugin may be specified" msgstr "naložen je lahko le en vstavek pravilnika" #: src/load_plugins.c:221 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "podvojeni vstavek pravilnika %s v datoteki %s v %d. vrstici bo prezrt" #: src/load_plugins.c:236 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "podvojeni vstavek I/O %s v datoteki %s v %d. vrstici bo prezrt" #: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "vstavek pravilnika %s ne vkljuÄuje naÄina check_policy" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: zaznana je bila prekoraÄitev" #: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "ni mogoÄe odpreti vtiÄa" #: src/parse_args.c:197 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "argument k -C mora biti Å¡tevilka, veÄja kot ali enaka 3" #: src/parse_args.c:286 #, c-format msgid "unknown user: %s" msgstr "neznan uporabnik: %s" #: src/parse_args.c:345 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "možnosti `-i' in `-s' ne smeta biti navedeni hkrati" #: src/parse_args.c:349 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "možnosti `-i' in `-E' ne smeta biti navedeni hkrati" #: src/parse_args.c:359 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "možnost `-E' ni veljavna v naÄinu urejanja" #: src/parse_args.c:361 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "v naÄinu urejanja se ne sme podati spremenljivk okolja" #: src/parse_args.c:369 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "možnost `-U' se lahko uporabi samo z možnostjo `-l'" #: src/parse_args.c:373 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "možnosti `-A' in `-S' se ne smeta uporabljati hkrati" #: src/parse_args.c:456 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit ni podprt v tem okolju" #: src/parse_args.c:529 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Od -e, -h, -i, -K, -l, -s, -v ali -V je lahko navedena samo ena možnost" #: src/parse_args.c:543 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s - urejaj datoteke kot drug uporabnik\n" "\n" #: src/parse_args.c:545 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s - izvedi ukaz kot drug uporabnik\n" "\n" #: src/parse_args.c:550 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "Možnosti:\n" #: src/parse_args.c:552 msgid "use helper program for password prompting\n" msgstr "uporabi program pomagalnik za pozive za vnos gesla\n" #: src/parse_args.c:555 msgid "use specified BSD authentication type\n" msgstr "uporabi navedeno vrsto urejanja BSD\n" #: src/parse_args.c:558 msgid "run command in the background\n" msgstr "zaženi ukaz v ozadju\n" #: src/parse_args.c:560 msgid "close all file descriptors >= fd\n" msgstr "zapri vse opisnike datotek >= fd\n" #: src/parse_args.c:563 msgid "run command with specified login class\n" msgstr "zaženi ukaz z navedenim prijavnim razredom\n" #: src/parse_args.c:566 msgid "preserve user environment when executing command\n" msgstr "ohrani okolje uporabnika, kadar se izvajajo ukazi\n" #: src/parse_args.c:568 msgid "edit files instead of running a command\n" msgstr "namesto izvedbe ukaza uredi datoteke\n" #: src/parse_args.c:570 msgid "execute command as the specified group\n" msgstr "izvedi ukaz kot navedena skupina\n" #: src/parse_args.c:572 msgid "set HOME variable to target user's home dir.\n" msgstr "nastavi spremenljivko HOME kot cilj v domaÄi mapi uporabnika\n" #: src/parse_args.c:574 msgid "display help message and exit\n" msgstr "prikaži sporoÄilo pomoÄi in konÄaj\n" #: src/parse_args.c:576 msgid "run a login shell as target user\n" msgstr "zaženi lupino prijave kot ciljni uporabnik\n" #: src/parse_args.c:578 msgid "remove timestamp file completely\n" msgstr "popolnoma odstrani datoteko s Äasovnimi žigi\n" #: src/parse_args.c:580 msgid "invalidate timestamp file\n" msgstr "razveljavi veljavnost datoteke s Äasovnimi žigi\n" #: src/parse_args.c:582 msgid "list user's available commands\n" msgstr "prikaži razpoložljive ukaze uporabnika\n" #: src/parse_args.c:584 msgid "non-interactive mode, will not prompt user\n" msgstr "nevzajemni naÄin, ne bo poziva uporabnika\n" #: src/parse_args.c:586 msgid "preserve group vector instead of setting to target's\n" msgstr "ohrani vektor skupine namesto nastavitve tarÄi\n" #: src/parse_args.c:588 msgid "use specified password prompt\n" msgstr "uporabi doloÄen poziv za vnos gesla\n" #: src/parse_args.c:591 src/parse_args.c:599 msgid "create SELinux security context with specified role\n" msgstr "ustvari varnostno vsebino SELinux z doloÄeno vlogo\n" #: src/parse_args.c:594 msgid "read password from standard input\n" msgstr "preberi geslo s standardnega vnosa\n" #: src/parse_args.c:596 msgid "run a shell as target user\n" msgstr "zaženi lupino kot ciljni uporabnik\n" #: src/parse_args.c:602 msgid "when listing, list specified user's privileges\n" msgstr "med naÅ¡tevanjem prikaži doloÄena dovoljenja uporabnika\n" #: src/parse_args.c:604 msgid "run command (or edit file) as specified user\n" msgstr "zaženi ukaz (ali uredi datoteko) kot doloÄen uporabnik\n" #: src/parse_args.c:606 msgid "display version information and exit\n" msgstr "prikaži podrobnosti razliÄice in konÄaj\n" #: src/parse_args.c:608 msgid "update user's timestamp without running a command\n" msgstr "posodobi Äasovni žig uporabnika brez izvajanja ukaza\n" #: src/parse_args.c:610 msgid "stop processing command line arguments\n" msgstr "zaustavi obdelovanje argumentov ukazne vrstice\n" #: src/selinux.c:77 #, c-format msgid "unable to open audit system" msgstr "ni mogoÄe odpreti nadzornega sistema" #: src/selinux.c:85 #, c-format msgid "unable to send audit message" msgstr "ni mogoÄe poslati nadzornega sporoÄila" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "ni mogoÄe uporabiti fgetfilecon %s" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s spremenjenih oznak" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "ni mogoÄe obnoviti vsebine za %s" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "ni mogoÄe odpreti %s, brez ponovnega oznaÄevanja tty" #: src/selinux.c:172 #, c-format msgid "unable to get current tty context, not relabeling tty" msgstr "ni mogoÄe pridobiti trenutne vsebine tty, brez ponovnega oznaÄevanja tty" #: src/selinux.c:179 #, c-format msgid "unable to get new tty context, not relabeling tty" msgstr "ni mogoÄe pridobiti nove vsebine tty, brez ponovnega oznaÄevanja tty" #: src/selinux.c:186 #, c-format msgid "unable to set new tty context" msgstr "ni mogoÄe nastaviti nove vsebine tty" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "podati morate vlogo za vrsto %s" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "ni mogoÄe pridobiti privzete vrste za vlogo %s" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "nastavitev nove vloge %s ni uspela" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "nastavitev nove vrste %s ni uspela" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s ni veljavna vsebina" #: src/selinux.c:324 #, c-format msgid "failed to get old_context" msgstr "pridobitev stare_vsebine je spodletela" #: src/selinux.c:330 #, c-format msgid "unable to determine enforcing mode." msgstr "ni mogoÄe doloÄiti naÄina vsiljenja" #: src/selinux.c:342 #, c-format msgid "unable to setup tty context for %s" msgstr "ni mogoÄe nastaviti vsebine tty za %s" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "ni mogoÄe nastavite izvedene vsebine k %s" #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "ni mogoÄe nastaviti vsebine ustvarjenja kljuÄa k %s" #: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "zahteva vsaj en argument" #: src/sesh.c:78 src/sudo.c:1126 #, c-format msgid "unable to execute %s" msgstr "ni mogoÄe izvrÅ¡iti %s" #: src/solaris.c:88 #, c-format msgid "resource control limit has been reached" msgstr "meja omejitve virov je bila dosežena" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "uporabnik \"%s\" ni Älan projekta \"%s\"" #: src/solaris.c:95 #, c-format msgid "the invoking task is final" msgstr "priklicana naloga je konÄna" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "ni mogoÄe pridružiti projekta \"%s\"" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "nobene zaloge virov, ki sprejemajo privzete vezi, ne obstajajo za projekt \"% s\"" #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "doloÄen vir zalog ne obstaja za projekt \"%s\"" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "ni mogoÄe vezati na privzet vir zalog za projekt \"%s\"" #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "setproject je spodletel za projekt \"%s\"" #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "opozorilo, naloga nadzora virov je spodletela za projekt \"%s\"" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo razliÄica %s\n" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Nastavitev možnosti: %s\n" #: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" msgstr "usodna napaka, ni mogoÄe naložiti vstavka" #: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" msgstr "ni mogoÄe zaÄenjati vstavka pravilnika" #: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "napaka med zaÄenjanjem I/O vstavka %s" #: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "nepriÄakovan naÄin sudo 0x%x" #: src/sudo.c:413 #, c-format msgid "unable to get group vector" msgstr "ni mogoÄe pridobiti vektorja skupine" #: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "neznan ID uporabnika %u: kdo ste?" #: src/sudo.c:802 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s si mora lastiti uporabnik z ID-jem %d and mora imeti nastavljen bit setuid" #: src/sudo.c:805 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "trenutni ID uporabnika ni %d. Ali je %s na datoteÄnem sistemu z nastavljeno možnostjo \"nosuid\" ali datoteÄnem sistemu NFS brez dovoljenj skrbnika?" #: src/sudo.c:811 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "trenutni uid ni %d. Ali je sudo pravilno nameÅ¡Äen?" #: src/sudo.c:915 #, c-format msgid "unknown login class %s" msgstr "neznan razred prijave %s" #: src/sudo.c:929 src/sudo.c:932 #, c-format msgid "unable to set user context" msgstr "ni mogoÄe nastaviti vsebine uporabnika" #: src/sudo.c:944 #, c-format msgid "unable to set supplementary group IDs" msgstr "ni mogoÄe nastaviti dopolnilnih ID-jev skupin" #: src/sudo.c:951 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "ni mogoÄe nastaviti uÄinkovitega ID-ja skupine, da se zažene kot ID skupine %u" #: src/sudo.c:957 #, c-format msgid "unable to set gid to runas gid %u" msgstr "ni mogoÄe nastaviti ID-ja skupine, da se zažene kot ID skupine %u" #: src/sudo.c:964 #, c-format msgid "unable to set process priority" msgstr "ni mogoÄe nastaviti prednosti opravil" #: src/sudo.c:972 #, c-format msgid "unable to change root to %s" msgstr "ni mogoÄe spremeniti skrbnika v %s" #: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "ni mogoÄe spremeniti ID uporabnika zaženi kot (%u, %u)" #: src/sudo.c:1005 #, c-format msgid "unable to change directory to %s" msgstr "ni mogoÄe spremeniti mape v %s" #: src/sudo.c:1089 #, c-format msgid "unexpected child termination condition: %d" msgstr "nepriÄakovan pogoj uniÄenja podrejenega opravila: %d" #: src/sudo.c:1146 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "vstavek pravilnika %s ne vkljuÄuje naÄina check_policy" #: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "vstavek pravilnika %s ne podpira navajanja dovoljenj" #: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "vstavek pravilnika %s ne podpira možnosti -v" #: src/sudo.c:1183 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "vstavek pravilnika %s ne podpira možnosti -k/-K" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "ni mogoÄe spremeniti ID-ja uporabnika v skrbnika (%u)" #: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "napaka vstavka: manjka seznam datotek za sudoedit" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: ni obiÄajna datoteka" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: kratko pisanje" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s je ostalo nespremenjeno" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s nespremenjeno" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "ni mogoÄe pisati v %s" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "vsebina seje urejanja je ostala v %s" #: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "ni mogoÄe brati zaÄasne datoteke" #: src/tgetpass.c:89 #, c-format msgid "no tty present and no askpass program specified" msgstr "prisotnega ni nobenega tty in doloÄen ni noben program askpass" #: src/tgetpass.c:98 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "doloÄenega ni nobenega programa askpass, poskusite nastaviti SUDO_ASKPASS" #: src/tgetpass.c:230 #, c-format msgid "unable to set gid to %u" msgstr "ni mogoÄe nastaviti ID skupine v %u" #: src/tgetpass.c:234 #, c-format msgid "unable to set uid to %u" msgstr "ni mogoÄe nastaviti ID uporabnika v %u" #: src/tgetpass.c:239 #, c-format msgid "unable to run %s" msgstr "ni mogoÄe zagnati %s" #: src/utmp.c:278 #, c-format msgid "unable to save stdin" msgstr "ni mogoÄe shraniti stdin" #: src/utmp.c:280 #, c-format msgid "unable to dup2 stdin" msgstr "ni mogoÄe uporabiti dup2 za stdin" #: src/utmp.c:283 #, c-format msgid "unable to restore stdin" msgstr "ni mogoÄe obnoviti stdin" sudo-1.8.9p5/src/po/sr.mo010064400175440000012000000535541226304146200145460ustar00millertstaffÞ•¦Lß| ø ù !(&Oav#©Íâ$õ65 ly‚‰ ‘´ÄIÛ%6!E#g8‹Ä3à3H$f'‹{³7/.g –·Ïî &@#Z1~4°*å)>:y#•#¹$Ý$%'%M&s š¨OÂ"65Cl/°)à, ,77d4œ3Ñ/55+k4—.Ì!û >']7…-½ë, .6Ce=© ç+õ"!7D&|*£2Î)5+>a » Òó&!6Xn#‡«ÃØí '56&l“1®"à%;Wmƒ/¡ Ñò % A R g „ +¢ Î ï !!()!R!p!%!"µ!Ø!ø!"+"(="f"*|"(§"Ð"ê""#$#,A#1n#+ #%Ì#!ò#)$>$Q$<a$2ž$2Ñ$6%#;%ö_%V'Kf'K²'"þ'!!(/C(-s(G¡(#é(% )M3)8)qº),*I*R*Y* a**m*˜*&²*mÙ*G+a+=+D¿+u,?z,hº,h#-<Œ-AÉ-M .øY.tR/dÇ/L,0.y0=¨0=æ0E$1@j1@«1Kì1c82pœ2Y 3_g3…Ç3QM4@Ÿ4Rà4S35S‡5TÛ5T06O…6%Õ6Oû6±K7Iý7wG8€¿8^@9IŸ9\é9rF:k¹:l%;S’;Pæ;Z7<Y’<Qì<a>=> =Xß=58>Nn>o½>Y-?1‡?g¹?\!@~@~ A‹AoªAZBYuBXÏBI(CZrCRÍC` DRD5ÔD% EB0EHsEQ¼EOF0^F4FDÄF- G87G$pGW•G?íG!-H‚OHNÒH9!I~[IKÚI$&J`KJ9¬J2æJPKIjK@´K<õK42LAgL4©L&ÞL?M9EM>Me¾MI$N.nNRNVðNBGOCŠOGÎOMPAdP.¦PGÕP<QOZQ%ªQMÐQ[R/zR/ªRSÚR/.SK^SxªSK#TUoT7ÅTEýT-CU(qU}šUPVPiVpºV@+W2WUt4—D={S)ƒ.!?ENApydŸ @‚Ž5’•\ „Pc›kqz‘<œ£e¥'Z”€H9r*`jLT[šBv¤;XgamI3‹Qu ^(#M  hC%o>0‰…F¦+‡KG] s: f,1"bOJV~$Y¢8/7|“˜†&_–-i¡}wl6nˆŠxŒžR™ Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: %s %s: %s: %s %s: not a regular file%s: short writeConfigure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= numcontents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified rolecreate SELinux security context with specified typedisplay help message and exitdisplay version information and exitedit files instead of running a commandeffective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error in %s, line %d while loading plugin `%s'error initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairfailed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsignoring duplicate I/O plugin `%s' in %s, line %dignoring duplicate policy plugin `%s' in %s, line %dignoring policy plugin `%s' in %s, line %din list mode, display privileges for userincompatible plugin major version %d (expected %d) found in %sinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalid max groups `%s' in %s, line %dinvalid valueinvalidate timestamp filelist user's privileges or check a specific command; use twice for longer formatload_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, no prompts are usedonly a single policy plugin may be specifiedplugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin %s is missing the `check_policy' methodpolicy plugin failed session initializationpreserve group vector instead of setting to target'spreserve user environment when running commandread password from standard inputremove timestamp file completelyrequires at least one argumentresource control limit has been reachedrun command (or edit file) as specified user name or IDrun command as the specified group name or IDrun command in the backgroundrun command on host (if supported by plugin)run command with the specified BSD login classrun login shell as the target user; a command may also be specifiedrun shell as the target user; a command may also be specifiedselect failedset HOME variable to target user's home dirsetproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line argumentssudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dlopen %s: %sunable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to find symbol `%s' in %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set tty context to %sunable to set uid to %uunable to set user contextunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown policy type %d found in %sunknown uid %u: who are you?unsupported group source `%s' in %s, line %dupdate user's timestamp without running a commanduse a helper program for password promptinguse specified BSD authentication typeuse the specified password promptuser "%s" is not a member of project "%s"value out of rangevalue too largewarning, resource control assignment failed for project "%s"you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo-1.8.8b3 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-09-03 14:44-0600 PO-Revision-Date: 2013-10-03 11:25+0200 Last-Translator: МироÑлав Ðиколић Language-Team: Serbian Language: sr MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2); Опције: %s — уредите датотеке као други кориÑник %s — извршите наредбу као други кориÑник %s измењена натпиÑа%s је групно упиÑив„%s“ није обична датотека%s није иÑправан контекÑÑ‚%s је у влаÑништву уиб-а %u, а треба бити %u%s је ÑветÑки упиÑив%s је оÑтао неизмењен%s мора бити упиÑив Ñамо од Ñтране влаÑника%s мора бити у влаÑништву уида %d%s мора бити влаÑништвo уида %d и треба да има подешен бит „setuid“%s је непромењен%s%s: %s%s: %s%s: %s %s: %s: %s %s: није обична датотека%s: кратак упиÑОпције подешавања: %s Само једна од опција -e, -h, -i, -K, -l, -s, -v или -V може бити наведенаСудо издање %s Ðепознати Ñигналзатвара Ñве опиÑнике датотеке >= fdÑадржај ÑеÑије уређивања је оÑтао у %sне могу да Ñе повежем Ñа оÑновним депоом извора за пројекат „%s“не могу да приÑтупим пројекту „%s“Ñтвара Ð¡Ð•Ð›Ð¸Ð½ÑƒÐºÑ ÑигурноÑни контекÑÑ‚ Ñа наведеном улогомÑтвара Ð¡Ð•Ð›Ð¸Ð½ÑƒÐºÑ ÑигурноÑни контекÑÑ‚ Ñа наведеном улогомприказује поруку помоћи и излазиприказује податке о издању и излазиуређује датотеке умеÑто да изврши наредбуÑтварни уид није %d, већ %s на ÑиÑтему датотека Ñа подешеном опцијом „nosuid“ или је ÐФС ÑиÑтем датотека без админиÑтраторÑких привилегија?Ñтварни уид није %d, већ Ñетуид админиÑтратор инÑталиран Ñудоом?грешка у „%s“, %d. ред приликом учитавања прикључка „%s“грешка приликом покретања У/И прикључка %sгрешка у читању из Ñпојкегрешка у читању из Ñпојке Ñигналагрешка у читању из пара прикључканиÑам уÑпео да добавим Ñтари_контекÑтниÑам уÑпео да подеÑим нову улогу %sниÑам уÑпео да подеÑим нову врÑту %sкобна грешка, не могу да учитам прикључкезанемарујем удвоÑтручени У/И прикључак „%s“ у %s, %d. редзанемарујем удвоÑтручен прикључак ÑигурноÑти „%s“ у %s, %d. редзанемарујем прикључак ÑигурноÑти „%s“ у %s, %d. реду режиму ÑпиÑка, приказује привилегије за кориÑникапронађено је неÑаглаÑно главно издање прикључка %d (очекивано је %d) у „%s“унутрашња грешка, прекорачење функције „%s“унутрашња грешка, покушах „ecalloc(0)“унутрашња грешка, покушах да обавим „emalloc(0)“унутрашња грешка, покушах да обавим „emalloc2(0)“унутрашња грешка, покушах да обавим „erealloc(0)“унутрашња грешка, покушах да обавим „erealloc3(0)“унутрашња грешка, покушах да обавим „erecalloc(0)“неиÑправне највеће групе „%s“ у „%s“, %d. реднеиÑправна вредноÑтчини неиÑправном датотеку датума и временаиÑпиÑује привилегије кориÑника или проверава поÑебну наредбу; кориÑти Ñе двапута за дуже запиÑеучитај_Ñучеља: откривено је прекорачењеније наведен програм за пропуштање, покушајте да подеÑите SUDO_ASKPASSне поÑтоји депо извора који прихвата оÑновне пречице за пројекат „%s“тту не поÑтоји и није наведен програм за пропуштањенемеђудејÑтвени режим, не кориÑти упитеможе бити наведен Ñамо један прикључак ÑигурноÑтигрешка прикључка: недоÑтаје датотеа ÑпиÑка за уређивање Ñудоаприкључак ÑигурноÑти %s не Ñадржи метод провере_ÑигурноÑтиприкључак ÑигурноÑти %s не подржава привилегије иÑпиÑивањаприкључак ÑигурноÑти %s не подржава опције -k/-Kприкључак ÑигурноÑти %s не подржава опцију -vприкључак ÑигурноÑти %s не Ñадржи метод „check_policy“није уÑпело покретање ÑеÑије прикључка политикечува вектор групе умеÑто да подеÑи на циљевечува кориÑничко окружење приликом покретања наредбечита лозинку Ñа Ñтандардног улазапотпуно уклања датотеку запиÑа датума и временазахтева барем један аргументограничење контроле реÑурÑа је доÑтигнутопокреће наредбу (или уређује датотеку) као наведени кориÑникизвршава наредбу као наведени назив групе или ИБпокреће наредбу у позадинипокреће наредбу на домаћину (ако је подржано прикључком)покреће наредбу Ñа наведеним разредом БСД пријавепокреће љуÑку пријаве као крајњи кориÑник; наредба може такође бити наведенапокреће љуÑку као крајњи кориÑник; наредба такође може бити наведенаизбор није уÑпеоподешава променљиву ЛИЧÐО у циљну кориÑничку личну фаÑциклуподешавање пројекта није уÑпело за пројекат „%s“наведени депо извора не поÑтоји за пројекат „%s“зауÑтавља обрађивање аргумената линије наредби„sudoedit“ није подржано на овој платформиопције „-A“ и „-S“ не могу бити коришћене заједноопција „-E“ није иÑправна у режиму уређивањаопција „-U“ може бити коришћена Ñамо Ñа опцијом „-l“аргумент уз -C мора бити број већи или једнак 3задатак призивања је завршнине могу да доделим ptyне могу да променим директоријум у %sне могу да променим админиÑтратора на %sне могу да Ñе пребацим у покрени_као уид (%u, %u)не могу да променим уид у админиÑтратора (%u)не могу да направим Ñпојкуне могу да направим утичницене могу да одредим режим приÑиљавања.не могу да дл-отворим %s: %sне могу да дуп2 Ñтандардни улазне могу да извршим %sне могу да добавим контекÑÑ‚ отворене датотеке %sне могу да пронађем Ñимбол „%s“ у %sне могу да поделимне могу да добавим текући тту контекÑÑ‚, није тту за поновно натпиÑивањене могу да добавим оÑновну врÑту за улогу %sне могу да добавим вектор групене могу да добавим нови тту контекÑÑ‚, није тту за поновно натпиÑивањене могу да започнем прикључак ÑигурноÑтине могу да отворим %sне могу да отворим %s, није тту за поновно натпиÑивањене могу да отворим аудит ÑиÑтемне могу да отворим утичницуне могу да отворим кориÑничку базу податакане могу да прочитам привремену датотекуне могу да уклоним PRIV_PROC_EXEC из PRIV_LIMITне могу да повратим контекÑÑ‚ за %sне могу да повратим региÑтарне могу да повратим Ñтандардни улазне могу да повратим tty натпиÑне могу да покренем %sне могу да Ñачувам Ñтандардни улазне могу да пошаљем аудит порукуне могу да подеÑим контролиÑање ttyне могу да подеÑим ефективан гид да Ñе покрене_као гид %uне могу да подеÑим извршни контекÑÑ‚ за %sне могу да подеÑим гид у %uне могу да подеÑим гид да Ñе покрене као гид %uне могу да подеÑим контекÑÑ‚ Ñтварања кључа за %sне могу да подеÑим нови тту контекÑтне могу да подеÑим приоритет процеÑане могу да подеÑим додатне ИБ-ове групене могу да подеÑим терминал у Ñирови режимне могу да подеÑим тту контекÑÑ‚ на %sне могу да подеÑим уид у %uне могу да подеÑим кориÑнички контекÑтне могу да добијем податке о „%s“не могу да Ñе пребацим на региÑтар „%s“ за %sне могу да упишем у %sнеочекивани уÑлов завршетка потпроцеÑа: %dнеочекивана врÑта одговора на повратном каналу: %dнеочекивани Ñудо режим 0x%xнепозната клаÑа пријаве %sнепозната врÑта ÑигурноÑти %d је пронађена у %sнепознати уид %u: ко Ñте ви?неподржани извор групе „%s“ у „%s“, %d. редоÑвежава кориÑнички Ð·Ð°Ð¿Ð¸Ñ Ð´Ð°Ñ‚ÑƒÐ¼Ð° и времена без покретања наредбекориÑти програм иÑпомоћи за упит лозинкекориÑти наведену врÑту БСД потврде идентитетакориÑти упит наведене лозинкекориÑник „%s“ није члан пројекта „%s“вредноÑÑ‚ је изван опÑегавредноÑÑ‚ је превеликаупозорење, није уÑпело додељивање контроле реÑурÑа за пројекат „%s“не можете да наведете обе опције „-i“ и „-E“не можете да наведете обе опције „-i“ и „-s“не можете да одредите променљиве окружења у режиму уређивањаморате да наведете улогу за врÑту %ssudo-1.8.9p5/src/po/sr.po010064400175440000012000000673441226304126400145530ustar00millertstaff# Language sudo-1 translations for sudo package. # This file is put in the public domain. # МироÑлав Ðиколић , 2011, 2012, 2013. msgid "" msgstr "" "Project-Id-Version: sudo-1.8.8b3\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-09-03 14:44-0600\n" "PO-Revision-Date: 2013-10-03 11:25+0200\n" "Last-Translator: МироÑлав Ðиколић \n" "Language-Team: Serbian \n" "Language: sr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" #: common/aix.c:150 #, c-format msgid "unable to open userdb" msgstr "не могу да отворим кориÑничку базу података" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "не могу да Ñе пребацим на региÑтар „%s“ за %s" #: common/aix.c:170 #, c-format msgid "unable to restore registry" msgstr "не могу да повратим региÑтар" #: common/alloc.c:81 msgid "internal error, tried to emalloc(0)" msgstr "унутрашња грешка, покушах да обавим „emalloc(0)“" #: common/alloc.c:98 msgid "internal error, tried to emalloc2(0)" msgstr "унутрашња грешка, покушах да обавим „emalloc2(0)“" #: common/alloc.c:100 common/alloc.c:122 common/alloc.c:162 common/alloc.c:186 #, c-format msgid "internal error, %s overflow" msgstr "унутрашња грешка, прекорачење функције „%s“" #: common/alloc.c:119 msgid "internal error, tried to ecalloc(0)" msgstr "унутрашња грешка, покушах „ecalloc(0)“" #: common/alloc.c:141 msgid "internal error, tried to erealloc(0)" msgstr "унутрашња грешка, покушах да обавим „erealloc(0)“" #: common/alloc.c:160 msgid "internal error, tried to erealloc3(0)" msgstr "унутрашња грешка, покушах да обавим „erealloc3(0)“" #: common/alloc.c:184 msgid "internal error, tried to erecalloc(0)" msgstr "унутрашња грешка, покушах да обавим „erecalloc(0)“" #: common/atoid.c:77 common/atoid.c:99 src/sudo.c:561 src/sudo.c:586 #: src/sudo.c:694 src/sudo.c:710 msgid "invalid value" msgstr "неиÑправна вредноÑÑ‚" #: common/atoid.c:84 src/sudo.c:565 src/sudo.c:590 src/sudo.c:698 #: src/sudo.c:714 msgid "value out of range" msgstr "вредноÑÑ‚ је изван опÑега" #: common/atoid.c:105 msgid "value too large" msgstr "вредноÑÑ‚ је превелика" #: common/fatal.c:154 #, c-format msgid "%s: %s: %s\n" msgstr "%s: %s: %s\n" #: common/fatal.c:157 common/fatal.c:161 #, c-format msgid "%s: %s\n" msgstr "%s: %s\n" #: common/gidlist.c:80 src/load_plugins.c:72 src/sudo.c:561 src/sudo.c:565 #: src/sudo.c:586 src/sudo.c:590 src/sudo.c:613 src/sudo.c:622 src/sudo.c:631 #: src/sudo.c:646 src/sudo.c:694 src/sudo.c:698 src/sudo.c:710 src/sudo.c:714 #, c-format msgid "%s: %s" msgstr "%s: %s" #: common/sudo_conf.c:176 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "неподржани извор групе „%s“ у „%s“, %d. ред" #: common/sudo_conf.c:190 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "неиÑправне највеће групе „%s“ у „%s“, %d. ред" #: common/sudo_conf.c:394 #, c-format msgid "unable to stat %s" msgstr "не могу да добијем податке о „%s“" #: common/sudo_conf.c:397 #, c-format msgid "%s is not a regular file" msgstr "„%s“ није обична датотека" #: common/sudo_conf.c:400 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s је у влаÑништву уиб-а %u, а треба бити %u" #: common/sudo_conf.c:404 #, c-format msgid "%s is world writable" msgstr "%s је ÑветÑки упиÑив" #: common/sudo_conf.c:407 #, c-format msgid "%s is group writable" msgstr "%s је групно упиÑив" #: common/sudo_conf.c:417 src/selinux.c:196 src/selinux.c:209 src/sudo.c:329 #, c-format msgid "unable to open %s" msgstr "не могу да отворим %s" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Ðепознати Ñигнал" #: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "није уÑпело покретање ÑеÑије прикључка политике" #: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:221 #, c-format msgid "unable to fork" msgstr "не могу да поделим" #: src/exec.c:259 #, c-format msgid "unable to create sockets" msgstr "не могу да направим утичнице" #: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "избор није уÑпео" #: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "не могу да повратим tty натпиÑ" #: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "не могу да уклоним PRIV_PROC_EXEC из PRIV_LIMIT" #: src/exec_pty.c:183 #, c-format msgid "unable to allocate pty" msgstr "не могу да доделим pty" #: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 #: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:218 #, c-format msgid "unable to create pipe" msgstr "не могу да направим Ñпојку" #: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" msgstr "не могу да подеÑим терминал у Ñирови режим" #: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "не могу да подеÑим контролиÑање tty" #: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "грешка у читању из Ñпојке Ñигнала" #: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "грешка у читању из Ñпојке" #: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "грешка у читању из пара прикључка" #: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "неочекивана врÑта одговора на повратном каналу: %d" #: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 #: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 #: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "грешка у „%s“, %d. ред приликом учитавања прикључка „%s“" #: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "%s мора бити у влаÑништву уида %d" #: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "%s мора бити упиÑив Ñамо од Ñтране влаÑника" #: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "не могу да дл-отворим %s: %s" #: src/load_plugins.c:194 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "не могу да пронађем Ñимбол „%s“ у %s" #: src/load_plugins.c:201 #, c-format msgid "unknown policy type %d found in %s" msgstr "непозната врÑта ÑигурноÑти %d је пронађена у %s" #: src/load_plugins.c:207 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "пронађено је неÑаглаÑно главно издање прикључка %d (очекивано је %d) у „%s“" #: src/load_plugins.c:216 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "занемарујем прикључак ÑигурноÑти „%s“ у %s, %d. ред" #: src/load_plugins.c:218 #, c-format msgid "only a single policy plugin may be specified" msgstr "може бити наведен Ñамо један прикључак ÑигурноÑти" #: src/load_plugins.c:221 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "занемарујем удвоÑтручен прикључак ÑигурноÑти „%s“ у %s, %d. ред" #: src/load_plugins.c:236 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "занемарујем удвоÑтручени У/И прикључак „%s“ у %s, %d. ред" #: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "прикључак ÑигурноÑти %s не Ñадржи метод провере_ÑигурноÑти" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "учитај_Ñучеља: откривено је прекорачење" #: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "не могу да отворим утичницу" #: src/parse_args.c:246 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "аргумент уз -C мора бити број већи или једнак 3" #: src/parse_args.c:408 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "не можете да наведете обе опције „-i“ и „-s“" #: src/parse_args.c:412 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "не можете да наведете обе опције „-i“ и „-E“" #: src/parse_args.c:422 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "опција „-E“ није иÑправна у режиму уређивања" #: src/parse_args.c:424 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "не можете да одредите променљиве окружења у режиму уређивања" #: src/parse_args.c:432 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "опција „-U“ може бити коришћена Ñамо Ñа опцијом „-l“" #: src/parse_args.c:436 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "опције „-A“ и „-S“ не могу бити коришћене заједно" #: src/parse_args.c:519 #, c-format msgid "sudoedit is not supported on this platform" msgstr "„sudoedit“ није подржано на овој платформи" #: src/parse_args.c:592 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Само једна од опција -e, -h, -i, -K, -l, -s, -v или -V може бити наведена" #: src/parse_args.c:606 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s — уредите датотеке као други кориÑник\n" "\n" #: src/parse_args.c:608 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s — извршите наредбу као други кориÑник\n" "\n" #: src/parse_args.c:613 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "Опције:\n" #: src/parse_args.c:615 msgid "use a helper program for password prompting" msgstr "кориÑти програм иÑпомоћи за упит лозинке" #: src/parse_args.c:618 msgid "use specified BSD authentication type" msgstr "кориÑти наведену врÑту БСД потврде идентитета" #: src/parse_args.c:621 msgid "run command in the background" msgstr "покреће наредбу у позадини" #: src/parse_args.c:623 msgid "close all file descriptors >= num" msgstr "затвара Ñве опиÑнике датотеке >= fd" #: src/parse_args.c:626 msgid "run command with the specified BSD login class" msgstr "покреће наредбу Ñа наведеним разредом БСД пријаве" #: src/parse_args.c:629 msgid "preserve user environment when running command" msgstr "чува кориÑничко окружење приликом покретања наредбе" #: src/parse_args.c:631 msgid "edit files instead of running a command" msgstr "уређује датотеке умеÑто да изврши наредбу" #: src/parse_args.c:633 msgid "run command as the specified group name or ID" msgstr "извршава наредбу као наведени назив групе или ИБ" #: src/parse_args.c:635 msgid "set HOME variable to target user's home dir" msgstr "подешава променљиву ЛИЧÐО у циљну кориÑничку личну фаÑциклу" #: src/parse_args.c:637 msgid "display help message and exit" msgstr "приказује поруку помоћи и излази" #: src/parse_args.c:639 msgid "run command on host (if supported by plugin)" msgstr "покреће наредбу на домаћину (ако је подржано прикључком)" #: src/parse_args.c:641 msgid "run login shell as the target user; a command may also be specified" msgstr "покреће љуÑку пријаве као крајњи кориÑник; наредба може такође бити наведена" #: src/parse_args.c:643 msgid "remove timestamp file completely" msgstr "потпуно уклања датотеку запиÑа датума и времена" #: src/parse_args.c:645 msgid "invalidate timestamp file" msgstr "чини неиÑправном датотеку датума и времена" #: src/parse_args.c:647 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "иÑпиÑује привилегије кориÑника или проверава поÑебну наредбу; кориÑти Ñе двапута за дуже запиÑе" #: src/parse_args.c:649 msgid "non-interactive mode, no prompts are used" msgstr "немеђудејÑтвени режим, не кориÑти упите" #: src/parse_args.c:651 msgid "preserve group vector instead of setting to target's" msgstr "чува вектор групе умеÑто да подеÑи на циљеве" #: src/parse_args.c:653 msgid "use the specified password prompt" msgstr "кориÑти упит наведене лозинке" #: src/parse_args.c:656 msgid "create SELinux security context with specified role" msgstr "Ñтвара Ð¡Ð•Ð›Ð¸Ð½ÑƒÐºÑ ÑигурноÑни контекÑÑ‚ Ñа наведеном улогом" #: src/parse_args.c:659 msgid "read password from standard input" msgstr "чита лозинку Ñа Ñтандардног улаза" #: src/parse_args.c:661 msgid "run shell as the target user; a command may also be specified" msgstr "покреће љуÑку као крајњи кориÑник; наредба такође може бити наведена" #: src/parse_args.c:664 msgid "create SELinux security context with specified type" msgstr "Ñтвара Ð¡Ð•Ð›Ð¸Ð½ÑƒÐºÑ ÑигурноÑни контекÑÑ‚ Ñа наведеном улогом" #: src/parse_args.c:667 msgid "in list mode, display privileges for user" msgstr "у режиму ÑпиÑка, приказује привилегије за кориÑника" #: src/parse_args.c:669 msgid "run command (or edit file) as specified user name or ID" msgstr "покреће наредбу (или уређује датотеку) као наведени кориÑник" #: src/parse_args.c:671 msgid "display version information and exit" msgstr "приказује податке о издању и излази" #: src/parse_args.c:673 msgid "update user's timestamp without running a command" msgstr "оÑвежава кориÑнички Ð·Ð°Ð¿Ð¸Ñ Ð´Ð°Ñ‚ÑƒÐ¼Ð° и времена без покретања наредбе" #: src/parse_args.c:675 msgid "stop processing command line arguments" msgstr "зауÑтавља обрађивање аргумената линије наредби" #: src/selinux.c:77 #, c-format msgid "unable to open audit system" msgstr "не могу да отворим аудит ÑиÑтем" #: src/selinux.c:85 #, c-format msgid "unable to send audit message" msgstr "не могу да пошаљем аудит поруку" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "не могу да добавим контекÑÑ‚ отворене датотеке %s" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s измењена натпиÑа" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "не могу да повратим контекÑÑ‚ за %s" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "не могу да отворим %s, није тту за поновно натпиÑивање" #: src/selinux.c:172 #, c-format msgid "unable to get current tty context, not relabeling tty" msgstr "не могу да добавим текући тту контекÑÑ‚, није тту за поновно натпиÑивање" #: src/selinux.c:179 #, c-format msgid "unable to get new tty context, not relabeling tty" msgstr "не могу да добавим нови тту контекÑÑ‚, није тту за поновно натпиÑивање" #: src/selinux.c:186 #, c-format msgid "unable to set new tty context" msgstr "не могу да подеÑим нови тту контекÑÑ‚" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "морате да наведете улогу за врÑту %s" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "не могу да добавим оÑновну врÑту за улогу %s" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "ниÑам уÑпео да подеÑим нову улогу %s" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "ниÑам уÑпео да подеÑим нову врÑту %s" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s није иÑправан контекÑÑ‚" #: src/selinux.c:324 #, c-format msgid "failed to get old_context" msgstr "ниÑам уÑпео да добавим Ñтари_контекÑÑ‚" #: src/selinux.c:330 #, c-format msgid "unable to determine enforcing mode." msgstr "не могу да одредим режим приÑиљавања." #: src/selinux.c:342 #, c-format msgid "unable to set tty context to %s" msgstr "не могу да подеÑим тту контекÑÑ‚ на %s" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "не могу да подеÑим извршни контекÑÑ‚ за %s" #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "не могу да подеÑим контекÑÑ‚ Ñтварања кључа за %s" #: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "захтева барем један аргумент" #: src/sesh.c:78 src/sudo.c:1114 #, c-format msgid "unable to execute %s" msgstr "не могу да извршим %s" #: src/solaris.c:88 #, c-format msgid "resource control limit has been reached" msgstr "ограничење контроле реÑурÑа је доÑтигнуто" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "кориÑник „%s“ није члан пројекта „%s“" #: src/solaris.c:95 #, c-format msgid "the invoking task is final" msgstr "задатак призивања је завршни" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "не могу да приÑтупим пројекту „%s“" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "не поÑтоји депо извора који прихвата оÑновне пречице за пројекат „%s“" #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "наведени депо извора не поÑтоји за пројекат „%s“" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "не могу да Ñе повежем Ñа оÑновним депоом извора за пројекат „%s“" #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "подешавање пројекта није уÑпело за пројекат „%s“" #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "упозорење, није уÑпело додељивање контроле реÑурÑа за пројекат „%s“" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Судо издање %s\n" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Опције подешавања: %s\n" #: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" msgstr "кобна грешка, не могу да учитам прикључке" #: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" msgstr "не могу да започнем прикључак ÑигурноÑти" #: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "грешка приликом покретања У/И прикључка %s" #: src/sudo.c:294 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "неочекивани Ñудо режим 0x%x" #: src/sudo.c:414 #, c-format msgid "unable to get group vector" msgstr "не могу да добавим вектор групе" #: src/sudo.c:466 #, c-format msgid "unknown uid %u: who are you?" msgstr "непознати уид %u: ко Ñте ви?" #: src/sudo.c:788 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s мора бити влаÑништвo уида %d и треба да има подешен бит „setuid“" #: src/sudo.c:791 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "Ñтварни уид није %d, већ %s на ÑиÑтему датотека Ñа подешеном опцијом „nosuid“ или је ÐФС ÑиÑтем датотека без админиÑтраторÑких привилегија?" #: src/sudo.c:797 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "Ñтварни уид није %d, већ Ñетуид админиÑтратор инÑталиран Ñудоом?" #: src/sudo.c:923 #, c-format msgid "unknown login class %s" msgstr "непозната клаÑа пријаве %s" #: src/sudo.c:936 #, c-format msgid "unable to set user context" msgstr "не могу да подеÑим кориÑнички контекÑÑ‚" #: src/sudo.c:950 #, c-format msgid "unable to set supplementary group IDs" msgstr "не могу да подеÑим додатне ИБ-ове групе" #: src/sudo.c:957 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "не могу да подеÑим ефективан гид да Ñе покрене_као гид %u" #: src/sudo.c:963 #, c-format msgid "unable to set gid to runas gid %u" msgstr "не могу да подеÑим гид да Ñе покрене као гид %u" #: src/sudo.c:970 #, c-format msgid "unable to set process priority" msgstr "не могу да подеÑим приоритет процеÑа" #: src/sudo.c:978 #, c-format msgid "unable to change root to %s" msgstr "не могу да променим админиÑтратора на %s" #: src/sudo.c:991 src/sudo.c:997 src/sudo.c:1003 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "не могу да Ñе пребацим у покрени_као уид (%u, %u)" #: src/sudo.c:1020 #, c-format msgid "unable to change directory to %s" msgstr "не могу да променим директоријум у %s" #: src/sudo.c:1077 #, c-format msgid "unexpected child termination condition: %d" msgstr "неочекивани уÑлов завршетка потпроцеÑа: %d" #: src/sudo.c:1134 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "прикључак ÑигурноÑти %s не Ñадржи метод „check_policy“" #: src/sudo.c:1147 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "прикључак ÑигурноÑти %s не подржава привилегије иÑпиÑивања" #: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "прикључак ÑигурноÑти %s не подржава опцију -v" #: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "прикључак ÑигурноÑти %s не подржава опције -k/-K" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "не могу да променим уид у админиÑтратора (%u)" #: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "грешка прикључка: недоÑтаје датотеа ÑпиÑка за уређивање Ñудоа" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: није обична датотека" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: кратак упиÑ" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s је оÑтао неизмењен" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s је непромењен" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "не могу да упишем у %s" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "Ñадржај ÑеÑије уређивања је оÑтао у %s" #: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "не могу да прочитам привремену датотеку" #: src/tgetpass.c:90 #, c-format msgid "no tty present and no askpass program specified" msgstr "тту не поÑтоји и није наведен програм за пропуштање" #: src/tgetpass.c:99 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "није наведен програм за пропуштање, покушајте да подеÑите SUDO_ASKPASS" #: src/tgetpass.c:232 #, c-format msgid "unable to set gid to %u" msgstr "не могу да подеÑим гид у %u" #: src/tgetpass.c:236 #, c-format msgid "unable to set uid to %u" msgstr "не могу да подеÑим уид у %u" #: src/tgetpass.c:241 #, c-format msgid "unable to run %s" msgstr "не могу да покренем %s" #: src/utmp.c:278 #, c-format msgid "unable to save stdin" msgstr "не могу да Ñачувам Ñтандардни улаз" #: src/utmp.c:280 #, c-format msgid "unable to dup2 stdin" msgstr "не могу да дуп2 Ñтандардни улаз" #: src/utmp.c:283 #, c-format msgid "unable to restore stdin" msgstr "не могу да повратим Ñтандардни улаз" sudo-1.8.9p5/src/po/sudo.pot010064400175440000012000000367141226304127700152660ustar00millertstaff# Portable object template file for sudo # This file is put in the public domain. # Todd C. Miller , 2011-2013 # #, fuzzy msgid "" msgstr "" "Project-Id-Version: sudo 1.8.9\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-11 13:41-0700\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #: common/aix.c:93 common/aix.c:150 msgid "unable to open userdb" msgstr "" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "" #: common/aix.c:170 msgid "unable to restore registry" msgstr "" #: common/alloc.c:81 msgid "internal error, tried to emalloc(0)" msgstr "" #: common/alloc.c:98 msgid "internal error, tried to emalloc2(0)" msgstr "" #: common/alloc.c:100 common/alloc.c:122 common/alloc.c:162 common/alloc.c:185 #, c-format msgid "internal error, %s overflow" msgstr "" #: common/alloc.c:119 msgid "internal error, tried to ecalloc(0)" msgstr "" #: common/alloc.c:141 msgid "internal error, tried to erealloc(0)" msgstr "" #: common/alloc.c:160 msgid "internal error, tried to erealloc3(0)" msgstr "" #: common/alloc.c:183 msgid "internal error, tried to erecalloc(0)" msgstr "" #: common/atoid.c:78 common/atoid.c:106 common/atomode.c:54 #: compat/strtonum.c:65 compat/strtonum.c:183 msgid "invalid value" msgstr "" #: common/atoid.c:85 common/atoid.c:113 common/atomode.c:60 #: compat/strtonum.c:68 compat/strtonum.c:195 msgid "value too large" msgstr "" #: common/atoid.c:91 common/atomode.c:60 compat/strtonum.c:68 #: compat/strtonum.c:189 msgid "value too small" msgstr "" #: common/fatal.c:158 #, c-format msgid "%s: %s: %s\n" msgstr "" #: common/fatal.c:161 common/fatal.c:165 #, c-format msgid "%s: %s\n" msgstr "" #: common/gidlist.c:80 src/load_plugins.c:63 src/load_plugins.c:76 #: src/sudo.c:558 src/sudo.c:577 src/sudo.c:599 src/sudo.c:608 src/sudo.c:617 #: src/sudo.c:632 src/sudo.c:679 src/sudo.c:689 #, c-format msgid "%s: %s" msgstr "" #: common/sudo_conf.c:177 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "" #: common/sudo_conf.c:191 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "" #: common/sudo_conf.c:391 #, c-format msgid "unable to stat %s" msgstr "" #: common/sudo_conf.c:394 #, c-format msgid "%s is not a regular file" msgstr "" #: common/sudo_conf.c:397 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "" #: common/sudo_conf.c:401 #, c-format msgid "%s is world writable" msgstr "" #: common/sudo_conf.c:404 #, c-format msgid "%s is group writable" msgstr "" #: common/sudo_conf.c:414 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "" #: src/exec.c:133 src/exec_pty.c:744 msgid "policy plugin failed session initialization" msgstr "" #: src/exec.c:138 src/exec_pty.c:760 src/exec_pty.c:1272 src/tgetpass.c:221 msgid "unable to fork" msgstr "" #: src/exec.c:309 src/exec.c:317 src/exec.c:841 src/exec_pty.c:507 #: src/exec_pty.c:512 src/exec_pty.c:570 src/exec_pty.c:577 src/exec_pty.c:870 #: src/exec_pty.c:880 src/exec_pty.c:925 src/exec_pty.c:932 #: src/exec_pty.c:1334 src/exec_pty.c:1341 src/exec_pty.c:1348 msgid "unable to add event to queue" msgstr "" #: src/exec.c:394 msgid "unable to create sockets" msgstr "" #: src/exec.c:477 msgid "error in event loop" msgstr "" #: src/exec.c:492 msgid "unable to restore tty label" msgstr "" #: src/exec_common.c:73 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "" #: src/exec_pty.c:184 msgid "unable to allocate pty" msgstr "" #: src/exec_pty.c:682 src/exec_pty.c:691 src/exec_pty.c:699 #: src/exec_pty.c:1192 src/exec_pty.c:1269 src/signal.c:126 src/tgetpass.c:218 msgid "unable to create pipe" msgstr "" #: src/exec_pty.c:735 msgid "unable to set terminal to raw mode" msgstr "" #: src/exec_pty.c:1091 msgid "error reading from signal pipe" msgstr "" #: src/exec_pty.c:1124 msgid "error reading from pipe" msgstr "" #: src/exec_pty.c:1149 msgid "error reading from socketpair" msgstr "" #: src/exec_pty.c:1158 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "" #: src/exec_pty.c:1248 msgid "unable to set controlling tty" msgstr "" #: src/load_plugins.c:61 src/load_plugins.c:74 src/load_plugins.c:91 #: src/load_plugins.c:144 src/load_plugins.c:150 src/load_plugins.c:156 #: src/load_plugins.c:197 src/load_plugins.c:204 src/load_plugins.c:211 #: src/load_plugins.c:217 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "" #: src/load_plugins.c:93 #, c-format msgid "%s%s: %s" msgstr "" #: src/load_plugins.c:152 #, c-format msgid "%s must be owned by uid %d" msgstr "" #: src/load_plugins.c:158 #, c-format msgid "%s must be only be writable by owner" msgstr "" #: src/load_plugins.c:199 #, c-format msgid "unable to load %s: %s" msgstr "" #: src/load_plugins.c:206 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "" #: src/load_plugins.c:213 #, c-format msgid "unknown policy type %d found in %s" msgstr "" #: src/load_plugins.c:219 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "" #: src/load_plugins.c:228 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "" #: src/load_plugins.c:230 msgid "only a single policy plugin may be specified" msgstr "" #: src/load_plugins.c:233 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "" #: src/load_plugins.c:248 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "" #: src/load_plugins.c:319 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 msgid "load_interfaces: overflow detected" msgstr "" #: src/net_ifs.c:226 msgid "unable to open socket" msgstr "" #: src/parse_args.c:246 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "" #: src/parse_args.c:408 msgid "you may not specify both the `-i' and `-s' options" msgstr "" #: src/parse_args.c:412 msgid "you may not specify both the `-i' and `-E' options" msgstr "" #: src/parse_args.c:422 msgid "the `-E' option is not valid in edit mode" msgstr "" #: src/parse_args.c:424 msgid "you may not specify environment variables in edit mode" msgstr "" #: src/parse_args.c:432 msgid "the `-U' option may only be used with the `-l' option" msgstr "" #: src/parse_args.c:436 msgid "the `-A' and `-S' options may not be used together" msgstr "" #: src/parse_args.c:519 msgid "sudoedit is not supported on this platform" msgstr "" #: src/parse_args.c:592 msgid "" "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "" #: src/parse_args.c:606 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" #: src/parse_args.c:608 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" #: src/parse_args.c:613 #, c-format msgid "" "\n" "Options:\n" msgstr "" #: src/parse_args.c:615 msgid "use a helper program for password prompting" msgstr "" #: src/parse_args.c:618 msgid "use specified BSD authentication type" msgstr "" #: src/parse_args.c:621 msgid "run command in the background" msgstr "" #: src/parse_args.c:623 msgid "close all file descriptors >= num" msgstr "" #: src/parse_args.c:626 msgid "run command with the specified BSD login class" msgstr "" #: src/parse_args.c:629 msgid "preserve user environment when running command" msgstr "" #: src/parse_args.c:631 msgid "edit files instead of running a command" msgstr "" #: src/parse_args.c:633 msgid "run command as the specified group name or ID" msgstr "" #: src/parse_args.c:635 msgid "set HOME variable to target user's home dir" msgstr "" #: src/parse_args.c:637 msgid "display help message and exit" msgstr "" #: src/parse_args.c:639 msgid "run command on host (if supported by plugin)" msgstr "" #: src/parse_args.c:641 msgid "run login shell as the target user; a command may also be specified" msgstr "" #: src/parse_args.c:643 msgid "remove timestamp file completely" msgstr "" #: src/parse_args.c:645 msgid "invalidate timestamp file" msgstr "" #: src/parse_args.c:647 msgid "" "list user's privileges or check a specific command; use twice for longer " "format" msgstr "" #: src/parse_args.c:649 msgid "non-interactive mode, no prompts are used" msgstr "" #: src/parse_args.c:651 msgid "preserve group vector instead of setting to target's" msgstr "" #: src/parse_args.c:653 msgid "use the specified password prompt" msgstr "" #: src/parse_args.c:656 msgid "create SELinux security context with specified role" msgstr "" #: src/parse_args.c:659 msgid "read password from standard input" msgstr "" #: src/parse_args.c:661 msgid "run shell as the target user; a command may also be specified" msgstr "" #: src/parse_args.c:664 msgid "create SELinux security context with specified type" msgstr "" #: src/parse_args.c:667 msgid "in list mode, display privileges for user" msgstr "" #: src/parse_args.c:669 msgid "run command (or edit file) as specified user name or ID" msgstr "" #: src/parse_args.c:671 msgid "display version information and exit" msgstr "" #: src/parse_args.c:673 msgid "update user's timestamp without running a command" msgstr "" #: src/parse_args.c:675 msgid "stop processing command line arguments" msgstr "" #: src/selinux.c:77 msgid "unable to open audit system" msgstr "" #: src/selinux.c:85 msgid "unable to send audit message" msgstr "" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "" #: src/selinux.c:172 msgid "unable to get current tty context, not relabeling tty" msgstr "" #: src/selinux.c:179 msgid "unable to get new tty context, not relabeling tty" msgstr "" #: src/selinux.c:186 msgid "unable to set new tty context" msgstr "" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "" #: src/selinux.c:324 msgid "failed to get old_context" msgstr "" #: src/selinux.c:330 msgid "unable to determine enforcing mode." msgstr "" #: src/selinux.c:342 #, c-format msgid "unable to set tty context to %s" msgstr "" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "" #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "" #: src/sesh.c:57 msgid "requires at least one argument" msgstr "" #: src/sesh.c:78 src/sudo.c:1088 #, c-format msgid "unable to execute %s" msgstr "" #: src/solaris.c:88 msgid "resource control limit has been reached" msgstr "" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "" #: src/solaris.c:95 msgid "the invoking task is final" msgstr "" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "" #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "" #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "" #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "" #: src/sudo.c:203 msgid "fatal error, unable to load plugins" msgstr "" #: src/sudo.c:211 msgid "unable to initialize policy plugin" msgstr "" #: src/sudo.c:267 #, c-format msgid "error initializing I/O plugin %s" msgstr "" #: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "" #: src/sudo.c:413 msgid "unable to get group vector" msgstr "" #: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "" #: src/sudo.c:762 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "" #: src/sudo.c:765 #, c-format msgid "" "effective uid is not %d, is %s on a file system with the 'nosuid' option set " "or an NFS file system without root privileges?" msgstr "" #: src/sudo.c:771 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "" #: src/sudo.c:897 #, c-format msgid "unknown login class %s" msgstr "" #: src/sudo.c:910 msgid "unable to set user context" msgstr "" #: src/sudo.c:924 msgid "unable to set supplementary group IDs" msgstr "" #: src/sudo.c:931 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "" #: src/sudo.c:937 #, c-format msgid "unable to set gid to runas gid %u" msgstr "" #: src/sudo.c:944 msgid "unable to set process priority" msgstr "" #: src/sudo.c:952 #, c-format msgid "unable to change root to %s" msgstr "" #: src/sudo.c:965 src/sudo.c:971 src/sudo.c:977 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "" #: src/sudo.c:994 #, c-format msgid "unable to change directory to %s" msgstr "" #: src/sudo.c:1051 #, c-format msgid "unexpected child termination condition: %d" msgstr "" #: src/sudo.c:1108 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "" #: src/sudo.c:1121 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "" #: src/sudo.c:1133 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "" #: src/sudo.c:1145 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "" #: src/sudo_edit.c:142 msgid "plugin error: missing file list for sudoedit" msgstr "" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "" #: src/sudo_edit.c:314 msgid "unable to read temporary file" msgstr "" #: src/tgetpass.c:90 msgid "no tty present and no askpass program specified" msgstr "" #: src/tgetpass.c:99 msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "" #: src/tgetpass.c:232 #, c-format msgid "unable to set gid to %u" msgstr "" #: src/tgetpass.c:236 #, c-format msgid "unable to set uid to %u" msgstr "" #: src/tgetpass.c:241 #, c-format msgid "unable to run %s" msgstr "" #: src/utmp.c:278 msgid "unable to save stdin" msgstr "" #: src/utmp.c:280 msgid "unable to dup2 stdin" msgstr "" #: src/utmp.c:283 msgid "unable to restore stdin" msgstr "" sudo-1.8.9p5/src/po/sv.mo010064400175440000012000000235261226304146200145460ustar00millertstaffÞ•kt•Ì ! !, (N w Œ ¥ #¿ ã ø $ 0 K X a 0h ™ ° À Ý ø û I \ m #|   4¼ ñ % (6 _ w '– ¾ Ø ò # #0 $T #y $ $ %ç  "-P6d/›1Ë"ý! B!aƒ-ŸÍ'ì-"B7e*2È)û5%>[š´ Ëì&!/Qg€˜­&¼ãõ !?Zk+€ ¬Í!å&>Y(k”ªÁÞ2ï*"&Mt)“2½2ð6##Z˜~ -"0Pž¸Öõ''Oiy‚-‰·Î áE8~ /#Í1ñ"#%F5l¢!¾ à,-.,\4‰$¾%ã& '0'X(€+©'Õý?>U0”!Åç-""P:s®+Ê;ö+2 1^ ( 7¹ 0ñ 5"!CX!œ!¶!!Î!ð!)"$8"]"s"Š"©"½"1Ö"##$5# Z#!{##±#4Î#)$!-$+O$&{$!¢$*Ä$ï$- %9%S%n%‰%@Ÿ%6à%&&!>&2`&3“&3Ç&5û&$1'_d W 5 ;IXF8e#*S/?PC4Z7>Rg1]3KO@)9TYj%bcN\<$+L V`,:[MA(2'.f"iU!6a& =HBkQJ0hE^D-G Options: %s - edit files as another user %s - execute a command as another user %s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s unchanged%s%s: %s%s: %s%s: at least one policy plugin must be specified%s: not a regular file%s: short write%s: unable to find symbol %s%s: unknown policy type %d: Configure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalcontents of edit session left in %scould not join project "%s"create SELinux security context with specified role display help message and exit display version information and exit edit files instead of running a command error reading from pipeerror reading from signal pipeexecute command as the specified group failed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsinternal error, emalloc2() overflowinternal error, erealloc3() overflowinternal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)list user's available commands load_interfaces: overflow detectedmust be setuid rootno askpass program specified, try setting SUDO_ASKPASSno tty present and no askpass program specifiedpreserve user environment when executing command read password from standard input remove timestamp file completely requires at least one argumentrun a login shell as target user run a shell as target user run command (or edit file) as specified user run command in the background run command with specified login class set HOME variable to target user's home dir. setproject failed for project "%s"specified resource pool does not exist for project "%s"sudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3unable to allocate memoryunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to dlopen %s: %sunable to execute %sunable to forkunable to get default type for role %sunable to open %sunable to open socketunable to open userdbunable to read temporary fileunable to restore registryunable to run %sunable to save stdinunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set process priorityunable to set uid to %uunable to set user contextunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunknown login class %sunknown uid %u: who are you?unknown user: %supdate user's timestamp without running a command use helper program for password prompting use specified BSD authentication type use specified password prompt user "%s" is not a member of project "%s"you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo 1.8.5-b1 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2012-03-14 14:20-0400 PO-Revision-Date: 2012-03-19 12:10+0100 Last-Translator: Daniel Nylander Language-Team: Swedish Language: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); Flaggor: %s - redigera filer som en annan användare %s - kör ett kommando som en annan användare %s är skrivbar för gruppen%s är inte en vanlig fil%s är inte en giltig kontext%s ägs av uid %u, ska vara %u%s är skrivbar för alla%s lämnad oförändrad%s fÃ¥r endast vara skrivbar av ägaren%s mÃ¥ste ägas av uid %d%s oförändrad%s%s: %s%s: %s%s: minst en policyinsticksmodul mÃ¥ste anges%s: inte en vanlig fil%s: kort skrivning%s: kunde inte hitta symbolen %s%s: okänd policytyp %d: Konfigurationsflaggor: %s Endast en av flaggorna -e, -h, -i, -K, -l, -s, -v eller -V fÃ¥r angesSudo version %s Okänd signalinnehÃ¥ll av redigeringssession finns kvar i %skunde inte gÃ¥ med i projektet "%s"skapa SELinux-säkerhetskontext med angiven roll visa hjälpmeddelande och avsluta visa versionsinformation och avsluta redigera filer istället för att köra ett kommando fel vid läsning frÃ¥n rörfel vid läsning frÃ¥n signalrörkör kommando som angiven grupp misslyckades med att fÃ¥ tag pÃ¥ old_contextmisslyckades med att ställa in nya rollen %smisslyckades med att ställa in nya typen %södesdigert fel, kunde inte läsa in insticksmodulerinternt fel, stackspill i emalloc2()internt fel, stackspill i erealloc3()internt fel, försökte med emalloc(0)internt fel, försökte med emalloc2(0)internt fel, försökte med erealloc(0)internt fel, försökte med erealloc3(0)lista användarens tillgängliga kommandon load_interfaces: stackspill upptäcktesmÃ¥ste vara setuid rootinget askpass-program angivet, prova att ställ in SUDO_ASKPASSingen tty finns tillgänglig och inget askpass-program angivetbevara användarens miljö när kommandot körs läs lösenord frÃ¥n standard in ta bort tidsstämpelfilen helt kräver minst ett argumentkör ett inloggningsskal som mÃ¥lanvändaren kör ett skal som mÃ¥lanvändaren kör kommando (eller redigera fil) som angiven användare kör kommando i bakgrunden kör kommando med angiven inloggningsklass ställ in HOME-variabeln till mÃ¥lanvändarens hemkatalog. setproject misslyckades för projektet "%s"angiven resurspool finns inte för projektet "%s"sudoedit stöds inte pÃ¥ denna plattformflaggorna "-A" och "-S" fÃ¥r inte användas tillsammansflaggan "-E" är inte giltig i redigeringslägetthe `-U' option may only be used with the `-l' optionargumentet till -C mÃ¥ste vara ett tal större än eller lika med 3kunde inte allokera minnekunde inte allokera ptykunde inte ändra katalog till %skunde inte ändra rot till %skunde inte ändra till runas uid (%u, %u)kunde inte ändra uid till root (%u)kunde inte skapa rörkunde inte skapa uttagkunde inte köra dlopen %s: %skunde inte köra %skunde inte grena processkunde inte fÃ¥ tag pÃ¥ standardtyp för rollen %skunde inte öppna %skunde inte öppna uttagkunde inte öppna användardatabasenkunde inte läsa temporärfilenkunde inte Ã¥terställa registretkunde inte köra %skunde inte spara standard inkunde inte ställa in effektiv gid till runas gid %ukunde inte ställa in körkontext till %skunde inte ställa in gid till %ukunde inte ställa in gid för runas gid %ukunde inte ställa in processprioritetkunde inte ställa in uid till %ukunde inte ställa in användarens kontextkunde inte ta status pÃ¥ %skunde inte växla till registret "%s" för %skunde inte skriva till %sokänd inloggningsklass %sokänt uid %u: vem är du?okänd användare: %suppdatera användarens tidsstämpel utan att köra ett kommando använd hjälpprogram för att frÃ¥ga efter lösenord använd angiven BSD-autentiseringstyp använd angiven lösenordsprompt användaren "%s" är inte medlem av projektet "%s"du fÃ¥r inte ange flaggorna "-i" och "-E" samtidigtdu fÃ¥r inte ange flaggorna "-i" och "-s" samtidigtdu fÃ¥r inte ange miljövariabler i redigeringslägetdu mÃ¥ste ange en roll för typen %ssudo-1.8.9p5/src/po/sv.po010064400175440000012000000432331226304126400145460ustar00millertstaff# Swedish translation for sudo. # Copyright (C) 2012 Free Software Foundation, Inc. # This file is put in the public domain. # Daniel Nylander , 2012. # msgid "" msgstr "" "Project-Id-Version: sudo 1.8.5-b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2012-03-14 14:20-0400\n" "PO-Revision-Date: 2012-03-19 12:10+0100\n" "Last-Translator: Daniel Nylander \n" "Language-Team: Swedish \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: src/error.c:82 src/error.c:86 msgid ": " msgstr ": " #: src/exec.c:105 src/exec_pty.c:616 src/exec_pty.c:948 src/tgetpass.c:227 #, c-format msgid "unable to fork" msgstr "kunde inte grena process" #: src/exec.c:252 #, c-format msgid "unable to create sockets" msgstr "kunde inte skapa uttag" #: src/exec.c:259 src/exec_pty.c:567 src/exec_pty.c:576 src/exec_pty.c:584 #: src/exec_pty.c:883 src/exec_pty.c:945 src/tgetpass.c:224 #, c-format msgid "unable to create pipe" msgstr "kunde inte skapa rör" #: src/exec.c:340 src/exec_pty.c:1012 src/exec_pty.c:1147 #, c-format msgid "select failed" msgstr "" #: src/exec.c:425 #, c-format msgid "unable to restore tty label" msgstr "" #: src/exec_common.c:69 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "" #: src/exec_common.c:111 src/parse_args.c:432 src/sudo.c:451 src/sudo.c:471 #: src/sudo.c:478 src/sudo.c:489 src/sudo.c:848 common/alloc.c:85 #: common/alloc.c:105 common/alloc.c:123 common/alloc.c:145 common/alloc.c:203 #: common/alloc.c:217 #, c-format msgid "unable to allocate memory" msgstr "kunde inte allokera minne" #: src/exec_pty.c:140 #, c-format msgid "unable to allocate pty" msgstr "kunde inte allokera pty" #: src/exec_pty.c:609 #, c-format msgid "unable to set terminal to raw mode" msgstr "" #: src/exec_pty.c:926 #, c-format msgid "unable to set controlling tty" msgstr "" #: src/exec_pty.c:1020 #, c-format msgid "error reading from signal pipe" msgstr "fel vid läsning frÃ¥n signalrör" #: src/exec_pty.c:1039 #, c-format msgid "error reading from pipe" msgstr "fel vid läsning frÃ¥n rör" #: src/exec_pty.c:1055 #, c-format msgid "error reading from socketpair" msgstr "" #: src/exec_pty.c:1059 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "" #: src/load_plugins.c:79 #, c-format msgid "%s: %s" msgstr "%s: %s" #: src/load_plugins.c:85 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:95 #, c-format msgid "%s must be owned by uid %d" msgstr "%s mÃ¥ste ägas av uid %d" #: src/load_plugins.c:99 #, c-format msgid "%s must be only be writable by owner" msgstr "%s fÃ¥r endast vara skrivbar av ägaren" #: src/load_plugins.c:106 #, c-format msgid "unable to dlopen %s: %s" msgstr "kunde inte köra dlopen %s: %s" #: src/load_plugins.c:111 #, c-format msgid "%s: unable to find symbol %s" msgstr "%s: kunde inte hitta symbolen %s" #: src/load_plugins.c:117 #, c-format msgid "%s: unknown policy type %d" msgstr "%s: okänd policytyp %d" #: src/load_plugins.c:121 #, c-format msgid "%s: incompatible policy major version %d, expected %d" msgstr "" #: src/load_plugins.c:128 #, c-format msgid "%s: only a single policy plugin may be loaded" msgstr "" #: src/load_plugins.c:148 #, c-format msgid "%s: at least one policy plugin must be specified" msgstr "%s: minst en policyinsticksmodul mÃ¥ste anges" #: src/load_plugins.c:153 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "" #: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187 #: src/net_ifs.c:298 src/net_ifs.c:322 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: stackspill upptäcktes" #: src/net_ifs.c:227 #, c-format msgid "unable to open socket" msgstr "kunde inte öppna uttag" #: src/parse_args.c:187 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "argumentet till -C mÃ¥ste vara ett tal större än eller lika med 3" #: src/parse_args.c:276 #, c-format msgid "unknown user: %s" msgstr "okänd användare: %s" #: src/parse_args.c:335 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "du fÃ¥r inte ange flaggorna \"-i\" och \"-s\" samtidigt" #: src/parse_args.c:339 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "du fÃ¥r inte ange flaggorna \"-i\" och \"-E\" samtidigt" #: src/parse_args.c:349 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "flaggan \"-E\" är inte giltig i redigeringsläget" #: src/parse_args.c:351 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "du fÃ¥r inte ange miljövariabler i redigeringsläget" #: src/parse_args.c:359 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "the `-U' option may only be used with the `-l' option" #: src/parse_args.c:363 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "flaggorna \"-A\" och \"-S\" fÃ¥r inte användas tillsammans" #: src/parse_args.c:445 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit stöds inte pÃ¥ denna plattform" #: src/parse_args.c:518 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Endast en av flaggorna -e, -h, -i, -K, -l, -s, -v eller -V fÃ¥r anges" #: src/parse_args.c:532 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s - redigera filer som en annan användare\n" "\n" #: src/parse_args.c:534 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s - kör ett kommando som en annan användare\n" "\n" #: src/parse_args.c:539 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "Flaggor:\n" #: src/parse_args.c:542 msgid "use helper program for password prompting\n" msgstr "använd hjälpprogram för att frÃ¥ga efter lösenord\n" #: src/parse_args.c:545 msgid "use specified BSD authentication type\n" msgstr "använd angiven BSD-autentiseringstyp\n" #: src/parse_args.c:547 msgid "run command in the background\n" msgstr "kör kommando i bakgrunden\n" #: src/parse_args.c:549 msgid "close all file descriptors >= fd\n" msgstr "" #: src/parse_args.c:552 msgid "run command with specified login class\n" msgstr "kör kommando med angiven inloggningsklass\n" #: src/parse_args.c:555 msgid "preserve user environment when executing command\n" msgstr "bevara användarens miljö när kommandot körs\n" #: src/parse_args.c:557 msgid "edit files instead of running a command\n" msgstr "redigera filer istället för att köra ett kommando\n" #: src/parse_args.c:559 msgid "execute command as the specified group\n" msgstr "kör kommando som angiven grupp\n" #: src/parse_args.c:561 msgid "set HOME variable to target user's home dir.\n" msgstr "ställ in HOME-variabeln till mÃ¥lanvändarens hemkatalog.\n" #: src/parse_args.c:563 msgid "display help message and exit\n" msgstr "visa hjälpmeddelande och avsluta\n" #: src/parse_args.c:565 msgid "run a login shell as target user\n" msgstr "kör ett inloggningsskal som mÃ¥lanvändaren\n" #: src/parse_args.c:567 msgid "remove timestamp file completely\n" msgstr "ta bort tidsstämpelfilen helt\n" #: src/parse_args.c:569 msgid "invalidate timestamp file\n" msgstr "" #: src/parse_args.c:571 msgid "list user's available commands\n" msgstr "lista användarens tillgängliga kommandon\n" #: src/parse_args.c:573 msgid "non-interactive mode, will not prompt user\n" msgstr "" #: src/parse_args.c:575 msgid "preserve group vector instead of setting to target's\n" msgstr "" #: src/parse_args.c:577 msgid "use specified password prompt\n" msgstr "använd angiven lösenordsprompt\n" #: src/parse_args.c:580 src/parse_args.c:588 msgid "create SELinux security context with specified role\n" msgstr "skapa SELinux-säkerhetskontext med angiven roll\n" #: src/parse_args.c:583 msgid "read password from standard input\n" msgstr "läs lösenord frÃ¥n standard in\n" #: src/parse_args.c:585 msgid "run a shell as target user\n" msgstr "kör ett skal som mÃ¥lanvändaren\n" #: src/parse_args.c:591 msgid "when listing, list specified user's privileges\n" msgstr "" #: src/parse_args.c:593 msgid "run command (or edit file) as specified user\n" msgstr "kör kommando (eller redigera fil) som angiven användare\n" #: src/parse_args.c:595 msgid "display version information and exit\n" msgstr "visa versionsinformation och avsluta\n" #: src/parse_args.c:597 msgid "update user's timestamp without running a command\n" msgstr "uppdatera användarens tidsstämpel utan att köra ett kommando\n" #: src/parse_args.c:599 msgid "stop processing command line arguments\n" msgstr "" #: src/selinux.c:76 #, c-format msgid "unable to open audit system" msgstr "" #: src/selinux.c:84 #, c-format msgid "unable to send audit message" msgstr "" #: src/selinux.c:112 #, c-format msgid "unable to fgetfilecon %s" msgstr "" #: src/selinux.c:117 #, c-format msgid "%s changed labels" msgstr "" #: src/selinux.c:122 #, c-format msgid "unable to restore context for %s" msgstr "" #: src/selinux.c:162 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "" #: src/selinux.c:171 #, c-format msgid "unable to get current tty context, not relabeling tty" msgstr "" #: src/selinux.c:178 #, c-format msgid "unable to get new tty context, not relabeling tty" msgstr "" #: src/selinux.c:185 #, c-format msgid "unable to set new tty context" msgstr "" #: src/selinux.c:195 src/selinux.c:208 src/sudo.c:337 common/sudo_conf.c:328 #, c-format msgid "unable to open %s" msgstr "kunde inte öppna %s" #: src/selinux.c:251 #, c-format msgid "you must specify a role for type %s" msgstr "du mÃ¥ste ange en roll för typen %s" #: src/selinux.c:257 #, c-format msgid "unable to get default type for role %s" msgstr "kunde inte fÃ¥ tag pÃ¥ standardtyp för rollen %s" #: src/selinux.c:275 #, c-format msgid "failed to set new role %s" msgstr "misslyckades med att ställa in nya rollen %s" #: src/selinux.c:279 #, c-format msgid "failed to set new type %s" msgstr "misslyckades med att ställa in nya typen %s" #: src/selinux.c:288 #, c-format msgid "%s is not a valid context" msgstr "%s är inte en giltig kontext" #: src/selinux.c:323 #, c-format msgid "failed to get old_context" msgstr "misslyckades med att fÃ¥ tag pÃ¥ old_context" #: src/selinux.c:329 #, c-format msgid "unable to determine enforcing mode." msgstr "" #: src/selinux.c:341 #, c-format msgid "unable to setup tty context for %s" msgstr "" #: src/selinux.c:372 #, c-format msgid "unable to set exec context to %s" msgstr "kunde inte ställa in körkontext till %s" #: src/selinux.c:379 #, c-format msgid "unable to set key creation context to %s" msgstr "" #: src/sesh.c:70 #, c-format msgid "requires at least one argument" msgstr "kräver minst ett argument" #: src/sesh.c:91 #, c-format msgid "unable to execute %s" msgstr "kunde inte köra %s" #: src/sudo.c:191 #, c-format msgid "must be setuid root" msgstr "mÃ¥ste vara setuid root" #: src/sudo.c:214 #, c-format msgid "Sudo version %s\n" msgstr "Sudo version %s\n" #: src/sudo.c:216 #, c-format msgid "Configure options: %s\n" msgstr "Konfigurationsflaggor: %s\n" #: src/sudo.c:221 #, c-format msgid "fatal error, unable to load plugins" msgstr "ödesdigert fel, kunde inte läsa in insticksmoduler" #: src/sudo.c:229 #, c-format msgid "unable to initialize policy plugin" msgstr "" #: src/sudo.c:284 #, c-format msgid "error initializing I/O plugin %s" msgstr "" #: src/sudo.c:312 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "" #: src/sudo.c:406 #, c-format msgid "unable to get group vector" msgstr "" #: src/sudo.c:447 #, c-format msgid "unknown uid %u: who are you?" msgstr "okänt uid %u: vem är du?" #: src/sudo.c:790 #, c-format msgid "resource control limit has been reached" msgstr "" #: src/sudo.c:793 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "användaren \"%s\" är inte medlem av projektet \"%s\"" #: src/sudo.c:797 #, c-format msgid "the invoking task is final" msgstr "" #: src/sudo.c:800 #, c-format msgid "could not join project \"%s\"" msgstr "kunde inte gÃ¥ med i projektet \"%s\"" #: src/sudo.c:805 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "" #: src/sudo.c:809 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "angiven resurspool finns inte för projektet \"%s\"" #: src/sudo.c:813 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "" #: src/sudo.c:819 #, c-format msgid "setproject failed for project \"%s\"" msgstr "setproject misslyckades för projektet \"%s\"" #: src/sudo.c:821 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "" #: src/sudo.c:892 #, c-format msgid "unknown login class %s" msgstr "okänd inloggningsklass %s" #: src/sudo.c:906 src/sudo.c:909 #, c-format msgid "unable to set user context" msgstr "kunde inte ställa in användarens kontext" #: src/sudo.c:924 #, c-format msgid "unable to set supplementary group IDs" msgstr "" #: src/sudo.c:931 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "kunde inte ställa in effektiv gid till runas gid %u" #: src/sudo.c:937 #, c-format msgid "unable to set gid to runas gid %u" msgstr "kunde inte ställa in gid för runas gid %u" #: src/sudo.c:944 #, c-format msgid "unable to set process priority" msgstr "kunde inte ställa in processprioritet" #: src/sudo.c:952 #, c-format msgid "unable to change root to %s" msgstr "kunde inte ändra rot till %s" #: src/sudo.c:959 src/sudo.c:965 src/sudo.c:971 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "kunde inte ändra till runas uid (%u, %u)" #: src/sudo.c:985 #, c-format msgid "unable to change directory to %s" msgstr "kunde inte ändra katalog till %s" #: src/sudo.c:1058 #, c-format msgid "unexpected child termination condition: %d" msgstr "" #: src/sudo.c:1119 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "" #: src/sudo.c:1131 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "" #: src/sudo.c:1143 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "" #: src/sudo_edit.c:111 #, c-format msgid "unable to change uid to root (%u)" msgstr "kunde inte ändra uid till root (%u)" #: src/sudo_edit.c:143 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "" #: src/sudo_edit.c:171 src/sudo_edit.c:271 #, c-format msgid "%s: not a regular file" msgstr "%s: inte en vanlig fil" #: src/sudo_edit.c:205 src/sudo_edit.c:307 #, c-format msgid "%s: short write" msgstr "%s: kort skrivning" #: src/sudo_edit.c:272 #, c-format msgid "%s left unmodified" msgstr "%s lämnad oförändrad" #: src/sudo_edit.c:285 #, c-format msgid "%s unchanged" msgstr "%s oförändrad" #: src/sudo_edit.c:297 src/sudo_edit.c:318 #, c-format msgid "unable to write to %s" msgstr "kunde inte skriva till %s" #: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319 #, c-format msgid "contents of edit session left in %s" msgstr "innehÃ¥ll av redigeringssession finns kvar i %s" #: src/sudo_edit.c:315 #, c-format msgid "unable to read temporary file" msgstr "kunde inte läsa temporärfilen" #: src/tgetpass.c:96 #, c-format msgid "no tty present and no askpass program specified" msgstr "ingen tty finns tillgänglig och inget askpass-program angivet" #: src/tgetpass.c:105 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "inget askpass-program angivet, prova att ställ in SUDO_ASKPASS" #: src/tgetpass.c:237 #, c-format msgid "unable to set gid to %u" msgstr "kunde inte ställa in gid till %u" #: src/tgetpass.c:241 #, c-format msgid "unable to set uid to %u" msgstr "kunde inte ställa in uid till %u" #: src/tgetpass.c:246 #, c-format msgid "unable to run %s" msgstr "kunde inte köra %s" #: src/utmp.c:278 #, c-format msgid "unable to save stdin" msgstr "kunde inte spara standard in" #: src/utmp.c:280 #, c-format msgid "unable to dup2 stdin" msgstr "" #: src/utmp.c:283 #, c-format msgid "unable to restore stdin" msgstr "" #: common/aix.c:149 #, c-format msgid "unable to open userdb" msgstr "kunde inte öppna användardatabasen" #: common/aix.c:152 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "kunde inte växla till registret \"%s\" för %s" #: common/aix.c:169 #, c-format msgid "unable to restore registry" msgstr "kunde inte Ã¥terställa registret" #: common/alloc.c:82 msgid "internal error, tried to emalloc(0)" msgstr "internt fel, försökte med emalloc(0)" #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" msgstr "internt fel, försökte med emalloc2(0)" #: common/alloc.c:101 msgid "internal error, emalloc2() overflow" msgstr "internt fel, stackspill i emalloc2()" #: common/alloc.c:119 msgid "internal error, tried to erealloc(0)" msgstr "internt fel, försökte med erealloc(0)" #: common/alloc.c:138 msgid "internal error, tried to erealloc3(0)" msgstr "internt fel, försökte med erealloc3(0)" #: common/alloc.c:140 msgid "internal error, erealloc3() overflow" msgstr "internt fel, stackspill i erealloc3()" #: common/sudo_conf.c:306 #, c-format msgid "unable to stat %s" msgstr "kunde inte ta status pÃ¥ %s" #: common/sudo_conf.c:309 #, c-format msgid "%s is not a regular file" msgstr "%s är inte en vanlig fil" #: common/sudo_conf.c:312 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s ägs av uid %u, ska vara %u" #: common/sudo_conf.c:316 #, c-format msgid "%s is world writable" msgstr "%s är skrivbar för alla" #: common/sudo_conf.c:319 #, c-format msgid "%s is group writable" msgstr "%s är skrivbar för gruppen" #: compat/strsignal.c:47 msgid "Unknown signal" msgstr "Okänd signal" sudo-1.8.9p5/src/po/tr.mo010064400175440000012000000400501226304146200145320ustar00millertstaffÞ•¢,ß< ¸ ¹ !Ä (æ !6O#i¢$µÚ6õ ,9BI Q]t„I›åö!#'8K„4 Õ%ô({C7¿.÷ &G_~'œÄÞø#164h*>È###G$k$%µ%Û&(C"c6†C½/+1,],Š7·4ï3$/X5ˆ+¾5ê1 "R!u—'¶!Þ-J'i ‘-Ÿ"Í7ð'(*P2{)®5Ø>Mh  &¼!ã#4Xp…š ³Ô5ã&@1["°%Âè0/N ~ŸºÒîÿ1+O {œ!´(Öÿ %< "b …  "¸ Û (í !*,!(W!€!š!"±!Ô!ñ!,"2/"*b"&"´")Ó"<ý"/:#2j#2#6Ð##$²+$Þ%5í%9#&]&s&ˆ&¥&@Ä&'&'1B'4t'X©'((!((( 0(<(Z( k(NŒ(Û(ì(.þ(6-)8d));¹)#õ)(*1B*—t*H +;U+'‘+¹+ Ñ+ò++,;,S,n,)†,E°,Eö,9<-Ev-¼-Ö-õ- .6. V. w.1˜.*Ê.6õ.%,/BR/M•/2ã/40(K03t07¨05à041/K19{12µ1/è162 O2+p2œ2&º29á203GL3”33´3è38ü3*549`41š4%Ì40ò42#5:V57‘5É5â5û5!6,<6;i6#¥6É6&á67$7=7W7)t7ž7?¯7/ï78;;8 w8˜8,©8Ö8ô899/79#g9‹9¥9¾9Ý9÷9 :&,:7S:&‹:&²:1Ù:4 ;@;!`;!‚;"¤;-Ç;+õ;%!<G<,Z<‡<(£<,Ì<ù< =15=-g=•=9°=Hê=03>+d>">$³>?Ø><?6U?6Œ?9Ã?*ý?1†š 3“B„w{(ˆ—nCW?l@`œ >~O4Ž‘ RN_gmv\ŸQa€Œ&˜Vu.F8e*f–KLrž=Tc]ŠJG2‡q ƒZ¡'"b0kA$<-U…D¢+Ij™XEYi o‰9 },SP^MHdz#p;7/6x”|%[‹’!: ys›h5‚)t• Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: %s %s: %s: %s %s: not a regular file%s: short writeConfigure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= fd contents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified role display help message and exit display version information and exit edit files instead of running a command effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error in %s, line %d while loading plugin `%s'error initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairexecute command as the specified group failed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsignoring duplicate I/O plugin `%s' in %s, line %dignoring duplicate policy plugin `%s' in %s, line %dignoring policy plugin `%s' in %s, line %dincompatible plugin major version %d (expected %d) found in %sinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalid max groups `%s' in %s, line %dinvalidate timestamp file list user's available commands load_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, will not prompt user only a single policy plugin may be specifiedplugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin %s is missing the `check_policy' methodpolicy plugin failed session initializationpreserve group vector instead of setting to target's preserve user environment when executing command read password from standard input remove timestamp file completely requires at least one argumentresource control limit has been reachedrun a login shell as target user run a shell as target user run command (or edit file) as specified user run command in the background run command with specified login class select failedset HOME variable to target user's home dir. setproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line arguments sudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dlopen %s: %sunable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to find symbol `%s' in %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set uid to %uunable to set user contextunable to setup tty context for %sunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown policy type %d found in %sunknown uid %u: who are you?unknown user: %sunsupported group source `%s' in %s, line %dupdate user's timestamp without running a command use helper program for password prompting use specified BSD authentication type use specified password prompt user "%s" is not a member of project "%s"warning, resource control assignment failed for project "%s"when listing, list specified user's privileges you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo 1.8.7b1 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-04-02 10:40-0400 PO-Revision-Date: 2013-04-03 19:11+0100 Last-Translator: Volkan Gezer Language-Team: Turkish Language: tr MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=1; plural=0; X-Generator: Lokalize 1.5 Seçenekler: %s - dosyaları farklı kullanıcı olarak düzenle %s - bir komutu farklı kullanıcı olarak çalıştır %s deÄŸiÅŸmiÅŸ etiket%s grup yazılabilir%s düzenli bir dosya deÄŸil%s geçerli bir baÄŸlam deÄŸil%s, %u kullanıcı kimliÄŸi tarafından sahiplenmiÅŸ, %u olmalı%s genel yazılabilir%s düzenlenmemiÅŸ olarak bırakıldı%s sadece sahibi tarafından yazılabilir olmalı%s, %d kullanıcı kimliÄŸi tarafından sahiplenmeli%s, %d kullanıcı kimliÄŸi tarafından sahiplenmeli ve setuid biti ayarlanmış olmalı%s deÄŸiÅŸtirilmemiÅŸ%s%s: %s%s: %s%s: %s %s: %s: %s %s: düzenli bir dosya deÄŸil%s: kısa yazımYapılandırma seçenekleri: %s -e, -h, -i, -K, -l, -s, -v veya -V seçeneklerinden sadece biri belirtilebilirSudo sürüm %s Bilinmeyen sinyaltüm dosya tanımlayıcılarını kapat >= fd düzenleme oturumu içerikleri %s içinde bırakıldı"%s" projesi için öntanımlı kaynak havuzu atanamadı"%s" projesine katılamadıbelirtilen görev ile SELinux güvenlik baÄŸlamı oluÅŸtur yardım iletisini göster ve çık sürüm bilgisini görüntüle ve çık komut çalıştırmak yerine dosyaları düzenle etkin kullanıcı kimliÄŸi %d deÄŸil, %s 'nosuid' seçeneÄŸi ayarlanmış bir dosya sisteminde veya yetkisiz haklara sahip bir NFS dosya sisteminde mi?etkin kullanıcı kimliÄŸi %d deÄŸil, sudo setuid root ile mi yüklendi?%s içerisinde, satır %d, `%s' eklentisi yüklenirken hataG/Ç eklentisi %s baÅŸlatılırken hatatünelden okuma hatasısinyal tünelinden okuma hatasısockerpair'den okuma hatasıkomutu belirtilen grup olarak çalıştır old_context alınamadı%s yeni görevi atanamadıyeni tür %s atanamadıölümcül hata, eklentiler yüklenemiyoryinelenmiÅŸ `%s' G/Ç eklentisi yoksayılıyor, %s içinde, satır %dyinelenmiÅŸ `%s' ilke eklentisi yoksayılıyor, %s içinde, satır %d`%s' ilke eklentisi yoksayılıyor, %s içinde, satır %duyumsuz temel ilke sürümü %d bulundu (beklenen %d): %s içerisindedahili hata, %s taÅŸmasıdahili hata, ecalloc() denendidahili hata, emalloc(0) denendidahili hata, emalloc2(0) denendidahili hata, erealloc() denendidahili hata, erealloc3() denendidahili hata, erecalloc() denendi`%s' geçersiz azami grubu, %s içinde, satır %dzaman damgası dosyasını geçersiz kıl kullanıcının kullanılabilir komutlarını listele load_interfaces: taÅŸma tespit edildiaskpass programı belirtilmemiÅŸ, SUDO_ASKPASS ayarlamayı deneyin"%s" projesi için hiçbir kaynak havuzu varsayılan atamaları kabul etmiyortty bulunmuyor ve askpass programı belirtilmemiÅŸetkileÅŸimsiz kip, kullanıcı istemi yapılmayacak sadece tek ilke eklentisi belirtilebilireklenti hatası: sudoedit için eksik dosya listesi%s ilke eklentisi, bir check_policy yöntemi içermiyor%s ilke eklentisi listeleme yetkilerini desteklemiyor%s ilke eklentisi -k/-K seçeneklerini desteklemiyor%s ilke eklentisi -v seçeneÄŸini desteklemiyor%s ilke eklentisi, bir `check_policy' yöntemi içermiyoroturum baÅŸlatma için ilke eklentisi baÅŸarısızhedefe ayarlamak yerine grup vektörünü koru komutu çalıştırırken kullanıcı ortamını koru parolayı standart girdiden oku dosyadan zaman damgasını tamamen kaldır en az bir argüman gerektirirkaynak denetim sınırına ulaşıldıhedef kullanıcı olarak bir oturum kabuÄŸu çalıştır hedef kullanıcı olarak bir kabuk çalıştır belirtilen kullanıcı olarak komut çalıştır (veya dosya düzenle) komutu arkaplanda çalıştır komutu belirtilen oturum sınıfında çalıştır seçim baÅŸarısızhedef kullanıcının ev dizinine HOME deÄŸiÅŸkeni ata. "%s" projesi için setproject baÅŸarısızbelirtilen kaynak havuzu "%s" projesi için mevcut deÄŸilkomut satırı argümanlarını iÅŸlemeyi durdur sudoedit bu platformda desteklenmiyor`-A' ve `-S' seçenekleri birlikte kullanılamazdüzenleme kipinde `-E' seçeneÄŸi geçerli deÄŸil`-U' seçeneÄŸi sadece `-l' seçeneÄŸi ile kullanılabilir-C argümanı 3 veya daha büyük bir sayı olmalıdırçağırılan görev sonpty ayırma baÅŸarısız%s dizinine deÄŸiÅŸtirilemiyorkök %s olarak deÄŸiÅŸtirilemiyorrunas uid (%u, %u) olarak deÄŸiÅŸtirilemiyorkullanıcı kimliÄŸi yetkili (%u) olarak deÄŸiÅŸtirilemiyoriletiÅŸim tüneli oluÅŸturulamıyorsoket oluÅŸturulamıyorzorlama kipini belirleme baÅŸarısız.dlopen %s yapılamıyor: %sdup2 stdin yapılamıyor%s çalıştırılamıyorfgetfilecon %s yapılamıyor%s içerisinde `%s' sembolü bulunamıyorçatallanamıyorgeçerli tty baÄŸlamı alınamadı, tty yeniden etiketlenemiyor%s görevi için öntanımlı tür alınamıyorgrup vektörü alınamıyoryeni tty baÄŸlamı alınamadı, tty yeniden etiketlenemiyorilke eklentisi baÅŸlatılamıyor%s açılamıyor%s açılamadı, tty yeniden etiketlenemiyordenetim sistemi açılamıyorsoket açılamıyoruserdb açılamıyorgeçici dosya okunamıyorPRIV_LIMIT'ten PRIV_PROC_EXEC kaldırılamıyor%s için baÄŸlam geri yüklenemiyorkayıt geri yüklenemiyorstdin geri yüklenemiyortty etiketi geri yüklenemiyor%s çalıştırılamıyorstdin kaydedilemiyordenetim iletisi gönderilemiyortty denetleme ayarlaması baÅŸarısızetkin grup kimliÄŸi, runas gid %u olarak ayarlanamıyor%s için exec baÄŸlamı ayarlanamıyorgrup kimliÄŸi %u olarak ayarlanamıyorgrup kimliÄŸi, runas gid %u olarak ayarlanamıyor%s için anahtar oluÅŸturma baÄŸlamı ayarlanamıyoryeni tty baÄŸlamı alınamıyorsüreç önceliÄŸi ayarlanamıyorek grup kimlikleri ayarlanamıyoruçbirim ham kipine ayarlanamıyorkullanıcı kimliÄŸi %u olarak ayarlanamıyorkullanıcı baÄŸlamı ayarlama baÅŸarısız%s için tty baÄŸlamı ayarlanamıyor%s durumlanamıyor"%s" kaydına %s için geçiÅŸ yapılamıyor%s dosyasına yazılamıyorbeklenmeyen alt sonlandırma ÅŸartı: %dbackchannel'da beklenmeyen yanıt türü: %dbeklenmeyen 0x%x sudo kipibilinmeyen "%s" oturum sınıfıbilinmeyen ilke türü %d bulundu: %s içerisindebilinmeyen kullanıcı kimliÄŸi %u: kimsiniz?bilinmeyen kullanıcı: %s`%s' desteklenmeyen grup kaynağı, %s içinde, satır %dbir komut çalıştırmadan kullanıcının zaman damgasını güncelle parola istemi için yardımcı programı kullan belirtilen BSD yetkilendirme türü kullan belirtilen parola istemini kullan "%s", bir "%s" projesi üyesi deÄŸiluyarı, "%s" projesi için kaynak denetim ataması baÅŸarısızlistelerken, belirtilen kullanıcının haklarını listele `-i' ve `-E' seçeneklerini aynı anda belirtemezsiniz`-i' ve `-s' seçeneklerini aynı anda belirtemezsinizdüzenleme kipinde ortam deÄŸiÅŸkenlerini belirtemezsiniz%s türü için bir görev belirtmelisinizsudo-1.8.9p5/src/po/tr.po010064400175440000012000000532631226304126400145470ustar00millertstaff# This file is put in the public domain. # This file is distributed under the same license as the sudo package. # # Volkan Gezer , 2013. msgid "" msgstr "" "Project-Id-Version: sudo 1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-04-02 10:40-0400\n" "PO-Revision-Date: 2013-04-03 19:11+0100\n" "Last-Translator: Volkan Gezer \n" "Language-Team: Turkish \n" "Language: tr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Lokalize 1.5\n" #: common/aix.c:150 #, c-format msgid "unable to open userdb" msgstr "userdb açılamıyor" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "\"%s\" kaydına %s için geçiÅŸ yapılamıyor" #: common/aix.c:170 #, c-format msgid "unable to restore registry" msgstr "kayıt geri yüklenemiyor" #: common/alloc.c:82 msgid "internal error, tried to emalloc(0)" msgstr "dahili hata, emalloc(0) denendi" #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" msgstr "dahili hata, emalloc2(0) denendi" #: common/alloc.c:101 common/alloc.c:123 common/alloc.c:163 common/alloc.c:187 #, c-format msgid "internal error, %s overflow" msgstr "dahili hata, %s taÅŸması" #: common/alloc.c:120 msgid "internal error, tried to ecalloc(0)" msgstr "dahili hata, ecalloc() denendi" #: common/alloc.c:142 msgid "internal error, tried to erealloc(0)" msgstr "dahili hata, erealloc() denendi" #: common/alloc.c:161 msgid "internal error, tried to erealloc3(0)" msgstr "dahili hata, erealloc3() denendi" #: common/alloc.c:185 msgid "internal error, tried to erecalloc(0)" msgstr "dahili hata, erecalloc() denendi" #: common/error.c:154 #, c-format msgid "%s: %s: %s\n" msgstr "%s: %s: %s\n" #: common/error.c:157 common/error.c:161 #, c-format msgid "%s: %s\n" msgstr "%s: %s\n" #: common/sudo_conf.c:172 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "`%s' desteklenmeyen grup kaynağı, %s içinde, satır %d" #: common/sudo_conf.c:186 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "`%s' geçersiz azami grubu, %s içinde, satır %d" #: common/sudo_conf.c:382 #, c-format msgid "unable to stat %s" msgstr "%s durumlanamıyor" #: common/sudo_conf.c:385 #, c-format msgid "%s is not a regular file" msgstr "%s düzenli bir dosya deÄŸil" #: common/sudo_conf.c:388 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s, %u kullanıcı kimliÄŸi tarafından sahiplenmiÅŸ, %u olmalı" #: common/sudo_conf.c:392 #, c-format msgid "%s is world writable" msgstr "%s genel yazılabilir" #: common/sudo_conf.c:395 #, c-format msgid "%s is group writable" msgstr "%s grup yazılabilir" #: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "%s açılamıyor" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Bilinmeyen sinyal" #: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "oturum baÅŸlatma için ilke eklentisi baÅŸarısız" #: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220 #, c-format msgid "unable to fork" msgstr "çatallanamıyor" #: src/exec.c:259 #, c-format msgid "unable to create sockets" msgstr "soket oluÅŸturulamıyor" #: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "seçim baÅŸarısız" #: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "tty etiketi geri yüklenemiyor" #: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "PRIV_LIMIT'ten PRIV_PROC_EXEC kaldırılamıyor" #: src/exec_pty.c:183 #, c-format msgid "unable to allocate pty" msgstr "pty ayırma baÅŸarısız" #: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 #: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217 #, c-format msgid "unable to create pipe" msgstr "iletiÅŸim tüneli oluÅŸturulamıyor" #: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" msgstr "uçbirim ham kipine ayarlanamıyor" #: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "tty denetleme ayarlaması baÅŸarısız" #: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "sinyal tünelinden okuma hatası" #: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "tünelden okuma hatası" #: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "sockerpair'den okuma hatası" #: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "backchannel'da beklenmeyen yanıt türü: %d" #: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 #: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 #: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "%s içerisinde, satır %d, `%s' eklentisi yüklenirken hata" #: src/load_plugins.c:72 #, c-format msgid "%s: %s" msgstr "%s: %s" #: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "%s, %d kullanıcı kimliÄŸi tarafından sahiplenmeli" #: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "%s sadece sahibi tarafından yazılabilir olmalı" #: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "dlopen %s yapılamıyor: %s" #: src/load_plugins.c:194 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "%s içerisinde `%s' sembolü bulunamıyor" #: src/load_plugins.c:201 #, c-format msgid "unknown policy type %d found in %s" msgstr "bilinmeyen ilke türü %d bulundu: %s içerisinde" #: src/load_plugins.c:207 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "uyumsuz temel ilke sürümü %d bulundu (beklenen %d): %s içerisinde" #: src/load_plugins.c:216 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "`%s' ilke eklentisi yoksayılıyor, %s içinde, satır %d" #: src/load_plugins.c:218 #, c-format msgid "only a single policy plugin may be specified" msgstr "sadece tek ilke eklentisi belirtilebilir" #: src/load_plugins.c:221 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "yinelenmiÅŸ `%s' ilke eklentisi yoksayılıyor, %s içinde, satır %d" #: src/load_plugins.c:236 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "yinelenmiÅŸ `%s' G/Ç eklentisi yoksayılıyor, %s içinde, satır %d" #: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "%s ilke eklentisi, bir check_policy yöntemi içermiyor" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: taÅŸma tespit edildi" #: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "soket açılamıyor" #: src/parse_args.c:197 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "-C argümanı 3 veya daha büyük bir sayı olmalıdır" #: src/parse_args.c:286 #, c-format msgid "unknown user: %s" msgstr "bilinmeyen kullanıcı: %s" #: src/parse_args.c:345 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "`-i' ve `-s' seçeneklerini aynı anda belirtemezsiniz" #: src/parse_args.c:349 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "`-i' ve `-E' seçeneklerini aynı anda belirtemezsiniz" #: src/parse_args.c:359 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "düzenleme kipinde `-E' seçeneÄŸi geçerli deÄŸil" #: src/parse_args.c:361 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "düzenleme kipinde ortam deÄŸiÅŸkenlerini belirtemezsiniz" #: src/parse_args.c:369 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "`-U' seçeneÄŸi sadece `-l' seçeneÄŸi ile kullanılabilir" #: src/parse_args.c:373 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "`-A' ve `-S' seçenekleri birlikte kullanılamaz" #: src/parse_args.c:456 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit bu platformda desteklenmiyor" #: src/parse_args.c:529 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "-e, -h, -i, -K, -l, -s, -v veya -V seçeneklerinden sadece biri belirtilebilir" #: src/parse_args.c:543 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s - dosyaları farklı kullanıcı olarak düzenle\n" "\n" #: src/parse_args.c:545 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s - bir komutu farklı kullanıcı olarak çalıştır\n" "\n" #: src/parse_args.c:550 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "Seçenekler:\n" #: src/parse_args.c:552 msgid "use helper program for password prompting\n" msgstr "parola istemi için yardımcı programı kullan\n" #: src/parse_args.c:555 msgid "use specified BSD authentication type\n" msgstr "belirtilen BSD yetkilendirme türü kullan\n" #: src/parse_args.c:558 msgid "run command in the background\n" msgstr "komutu arkaplanda çalıştır\n" #: src/parse_args.c:560 msgid "close all file descriptors >= fd\n" msgstr "tüm dosya tanımlayıcılarını kapat >= fd\n" #: src/parse_args.c:563 msgid "run command with specified login class\n" msgstr "komutu belirtilen oturum sınıfında çalıştır\n" #: src/parse_args.c:566 msgid "preserve user environment when executing command\n" msgstr "komutu çalıştırırken kullanıcı ortamını koru\n" #: src/parse_args.c:568 msgid "edit files instead of running a command\n" msgstr "komut çalıştırmak yerine dosyaları düzenle\n" #: src/parse_args.c:570 msgid "execute command as the specified group\n" msgstr "komutu belirtilen grup olarak çalıştır\n" #: src/parse_args.c:572 msgid "set HOME variable to target user's home dir.\n" msgstr "hedef kullanıcının ev dizinine HOME deÄŸiÅŸkeni ata.\n" #: src/parse_args.c:574 msgid "display help message and exit\n" msgstr "yardım iletisini göster ve çık\n" #: src/parse_args.c:576 msgid "run a login shell as target user\n" msgstr "hedef kullanıcı olarak bir oturum kabuÄŸu çalıştır\n" #: src/parse_args.c:578 msgid "remove timestamp file completely\n" msgstr "dosyadan zaman damgasını tamamen kaldır\n" #: src/parse_args.c:580 msgid "invalidate timestamp file\n" msgstr "zaman damgası dosyasını geçersiz kıl\n" #: src/parse_args.c:582 msgid "list user's available commands\n" msgstr "kullanıcının kullanılabilir komutlarını listele\n" #: src/parse_args.c:584 msgid "non-interactive mode, will not prompt user\n" msgstr "etkileÅŸimsiz kip, kullanıcı istemi yapılmayacak\n" #: src/parse_args.c:586 msgid "preserve group vector instead of setting to target's\n" msgstr "hedefe ayarlamak yerine grup vektörünü koru\n" #: src/parse_args.c:588 msgid "use specified password prompt\n" msgstr "belirtilen parola istemini kullan\n" #: src/parse_args.c:591 src/parse_args.c:599 msgid "create SELinux security context with specified role\n" msgstr "belirtilen görev ile SELinux güvenlik baÄŸlamı oluÅŸtur\n" #: src/parse_args.c:594 msgid "read password from standard input\n" msgstr "parolayı standart girdiden oku\n" #: src/parse_args.c:596 msgid "run a shell as target user\n" msgstr "hedef kullanıcı olarak bir kabuk çalıştır\n" #: src/parse_args.c:602 msgid "when listing, list specified user's privileges\n" msgstr "listelerken, belirtilen kullanıcının haklarını listele\n" #: src/parse_args.c:604 msgid "run command (or edit file) as specified user\n" msgstr "belirtilen kullanıcı olarak komut çalıştır (veya dosya düzenle)\n" #: src/parse_args.c:606 msgid "display version information and exit\n" msgstr "sürüm bilgisini görüntüle ve çık\n" #: src/parse_args.c:608 msgid "update user's timestamp without running a command\n" msgstr "bir komut çalıştırmadan kullanıcının zaman damgasını güncelle\n" #: src/parse_args.c:610 msgid "stop processing command line arguments\n" msgstr "komut satırı argümanlarını iÅŸlemeyi durdur\n" #: src/selinux.c:77 #, c-format msgid "unable to open audit system" msgstr "denetim sistemi açılamıyor" #: src/selinux.c:85 #, c-format msgid "unable to send audit message" msgstr "denetim iletisi gönderilemiyor" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "fgetfilecon %s yapılamıyor" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s deÄŸiÅŸmiÅŸ etiket" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "%s için baÄŸlam geri yüklenemiyor" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "%s açılamadı, tty yeniden etiketlenemiyor" #: src/selinux.c:172 #, c-format msgid "unable to get current tty context, not relabeling tty" msgstr "geçerli tty baÄŸlamı alınamadı, tty yeniden etiketlenemiyor" #: src/selinux.c:179 #, c-format msgid "unable to get new tty context, not relabeling tty" msgstr "yeni tty baÄŸlamı alınamadı, tty yeniden etiketlenemiyor" #: src/selinux.c:186 #, c-format msgid "unable to set new tty context" msgstr "yeni tty baÄŸlamı alınamıyor" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "%s türü için bir görev belirtmelisiniz" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "%s görevi için öntanımlı tür alınamıyor" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "%s yeni görevi atanamadı" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "yeni tür %s atanamadı" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s geçerli bir baÄŸlam deÄŸil" #: src/selinux.c:324 #, c-format msgid "failed to get old_context" msgstr "old_context alınamadı" #: src/selinux.c:330 #, c-format msgid "unable to determine enforcing mode." msgstr "zorlama kipini belirleme baÅŸarısız." #: src/selinux.c:342 #, c-format msgid "unable to setup tty context for %s" msgstr "%s için tty baÄŸlamı ayarlanamıyor" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "%s için exec baÄŸlamı ayarlanamıyor" #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "%s için anahtar oluÅŸturma baÄŸlamı ayarlanamıyor" #: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "en az bir argüman gerektirir" #: src/sesh.c:78 src/sudo.c:1126 #, c-format msgid "unable to execute %s" msgstr "%s çalıştırılamıyor" #: src/solaris.c:88 #, c-format msgid "resource control limit has been reached" msgstr "kaynak denetim sınırına ulaşıldı" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "\"%s\", bir \"%s\" projesi üyesi deÄŸil" #: src/solaris.c:95 #, c-format msgid "the invoking task is final" msgstr "çağırılan görev son" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "\"%s\" projesine katılamadı" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "\"%s\" projesi için hiçbir kaynak havuzu varsayılan atamaları kabul etmiyor" #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "belirtilen kaynak havuzu \"%s\" projesi için mevcut deÄŸil" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "\"%s\" projesi için öntanımlı kaynak havuzu atanamadı" #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "\"%s\" projesi için setproject baÅŸarısız" #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "uyarı, \"%s\" projesi için kaynak denetim ataması baÅŸarısız" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo sürüm %s\n" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Yapılandırma seçenekleri: %s\n" #: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" msgstr "ölümcül hata, eklentiler yüklenemiyor" #: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" msgstr "ilke eklentisi baÅŸlatılamıyor" #: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "G/Ç eklentisi %s baÅŸlatılırken hata" #: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "beklenmeyen 0x%x sudo kipi" #: src/sudo.c:413 #, c-format msgid "unable to get group vector" msgstr "grup vektörü alınamıyor" #: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "bilinmeyen kullanıcı kimliÄŸi %u: kimsiniz?" #: src/sudo.c:802 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s, %d kullanıcı kimliÄŸi tarafından sahiplenmeli ve setuid biti ayarlanmış olmalı" #: src/sudo.c:805 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "etkin kullanıcı kimliÄŸi %d deÄŸil, %s 'nosuid' seçeneÄŸi ayarlanmış bir dosya sisteminde veya yetkisiz haklara sahip bir NFS dosya sisteminde mi?" #: src/sudo.c:811 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "etkin kullanıcı kimliÄŸi %d deÄŸil, sudo setuid root ile mi yüklendi?" #: src/sudo.c:915 #, c-format msgid "unknown login class %s" msgstr "bilinmeyen \"%s\" oturum sınıfı" #: src/sudo.c:929 src/sudo.c:932 #, c-format msgid "unable to set user context" msgstr "kullanıcı baÄŸlamı ayarlama baÅŸarısız" #: src/sudo.c:944 #, c-format msgid "unable to set supplementary group IDs" msgstr "ek grup kimlikleri ayarlanamıyor" #: src/sudo.c:951 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "etkin grup kimliÄŸi, runas gid %u olarak ayarlanamıyor" #: src/sudo.c:957 #, c-format msgid "unable to set gid to runas gid %u" msgstr "grup kimliÄŸi, runas gid %u olarak ayarlanamıyor" #: src/sudo.c:964 #, c-format msgid "unable to set process priority" msgstr "süreç önceliÄŸi ayarlanamıyor" #: src/sudo.c:972 #, c-format msgid "unable to change root to %s" msgstr "kök %s olarak deÄŸiÅŸtirilemiyor" #: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "runas uid (%u, %u) olarak deÄŸiÅŸtirilemiyor" #: src/sudo.c:1005 #, c-format msgid "unable to change directory to %s" msgstr "%s dizinine deÄŸiÅŸtirilemiyor" #: src/sudo.c:1089 #, c-format msgid "unexpected child termination condition: %d" msgstr "beklenmeyen alt sonlandırma ÅŸartı: %d" #: src/sudo.c:1146 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "%s ilke eklentisi, bir `check_policy' yöntemi içermiyor" #: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "%s ilke eklentisi listeleme yetkilerini desteklemiyor" #: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "%s ilke eklentisi -v seçeneÄŸini desteklemiyor" #: src/sudo.c:1183 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "%s ilke eklentisi -k/-K seçeneklerini desteklemiyor" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "kullanıcı kimliÄŸi yetkili (%u) olarak deÄŸiÅŸtirilemiyor" #: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "eklenti hatası: sudoedit için eksik dosya listesi" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: düzenli bir dosya deÄŸil" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: kısa yazım" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s düzenlenmemiÅŸ olarak bırakıldı" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s deÄŸiÅŸtirilmemiÅŸ" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "%s dosyasına yazılamıyor" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "düzenleme oturumu içerikleri %s içinde bırakıldı" #: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "geçici dosya okunamıyor" #: src/tgetpass.c:89 #, c-format msgid "no tty present and no askpass program specified" msgstr "tty bulunmuyor ve askpass programı belirtilmemiÅŸ" #: src/tgetpass.c:98 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "askpass programı belirtilmemiÅŸ, SUDO_ASKPASS ayarlamayı deneyin" #: src/tgetpass.c:230 #, c-format msgid "unable to set gid to %u" msgstr "grup kimliÄŸi %u olarak ayarlanamıyor" #: src/tgetpass.c:234 #, c-format msgid "unable to set uid to %u" msgstr "kullanıcı kimliÄŸi %u olarak ayarlanamıyor" #: src/tgetpass.c:239 #, c-format msgid "unable to run %s" msgstr "%s çalıştırılamıyor" #: src/utmp.c:278 #, c-format msgid "unable to save stdin" msgstr "stdin kaydedilemiyor" #: src/utmp.c:280 #, c-format msgid "unable to dup2 stdin" msgstr "dup2 stdin yapılamıyor" #: src/utmp.c:283 #, c-format msgid "unable to restore stdin" msgstr "stdin geri yüklenemiyor" #~ msgid "unable to allocate memory" #~ msgstr "bellek ayırma baÅŸarısız" #~ msgid ": " #~ msgstr ": " sudo-1.8.9p5/src/po/uk.mo010064400175440000012000000563621226304146200145410ustar00millertstaffÞ•§Tߌ  !(6_q†Ÿ#¹Ýò$*6E |‰’™ ¡­ÄÔIë5F!U#w8›Ô3ð3$X$v'›{Ã7?.w¦ ºÛó0Jd#~1¢4Ô* )4>^#¹#Ý$$&%K%q&— ¾ÌOæ"66YC/Ô),.,[7ˆ4À3õ/)5Y+4».ð! Ab'7©-á,-.ZC‰=Í+ "77Z&’*¹2ä)5A>w¶Ñî &&B!i‹¡#ºÞó !B5Q&‡®1É"û4%Flˆž´/Ò  # > V r ƒ ˜ µ +Ó ÿ  !!8!(Z!ƒ!¡!%À!"æ! ")"A"\"(n"—"*­"(Ø"##"2#U#,r#1Ÿ#+Ñ#%ý#!#$)E$o$$<$2Ì$2ÿ$62%#i%½%K'^a'^À'"(kB(*®(2Ù(6 )ZC)#ž)XÂ)?*ˆ[*ä*û*+ + +++K+0k+rœ+,%,@E,G†,„Î,ES-W™-Tñ-_F.R¦.Pù.ÿJ/{J0mÆ0641…k1Hñ1Y:2S”20è2=3=W3Z•3ð3jr4LÝ4_*5_Š5>ê5M)6Mw6NÅ6N7Oc7O³7e8%i8L8öÜ8:Ó9‚:„‘:I;€`;Zá;^<<Q›<†í<kt=fà=UG>s>€?j’?fý?Jd@C¯@Mó@»AAŸýA@BqÞBSPC¼¤C¡aD‘EW•E[íETIFZžFeùF\_Gt¼G]1H?HJÏH,I9GI/I±IWBJ/šJ1ÊJGüJ6DK'{K3£K>×K=LvTLMËL<MpVMLÇM1N'FNSnN@ÂN/O+3Oa_OAÁO:P5>P,tP;¡P'ÝP*QL0QF}Q¤ÄQciRCÍRSn¡SHTJYTc¤T[UTdUC¹UPýU3NVQ‚V7ÔV` W]mW-ËW)ùWE#X2iXTœXbñXnTYUÃYfZL€Z(ÍZ$öZ{—[Yñ[kK\:·\3XVt5˜E>^|T€*„/!@FOBpze  Aƒ6“–\ …Qdœqv{’=¤f¦(Z•‡I:r+`kMU[›Cw¥<žhamJ4ŒRu ¢1‚)#N iD%o?&ІG§,ˆLH] sŽ; g-2"bPKW$Y£908}”™'_‘—.j¡~xl7n‰‹ycŸSš Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: %s %s: %s: %s %s: not a regular file%s: short writeConfigure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= numcontents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified rolecreate SELinux security context with specified typedisplay help message and exitdisplay version information and exitedit files instead of running a commandeffective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error in %s, line %d while loading plugin `%s'error in event looperror initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairfailed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsignoring duplicate I/O plugin `%s' in %s, line %dignoring duplicate policy plugin `%s' in %s, line %dignoring policy plugin `%s' in %s, line %din list mode, display privileges for userincompatible plugin major version %d (expected %d) found in %sinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalid max groups `%s' in %s, line %dinvalid valueinvalidate timestamp filelist user's privileges or check a specific command; use twice for longer formatload_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, no prompts are usedonly a single policy plugin may be specifiedplugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin %s is missing the `check_policy' methodpolicy plugin failed session initializationpreserve group vector instead of setting to target'spreserve user environment when running commandread password from standard inputremove timestamp file completelyrequires at least one argumentresource control limit has been reachedrun command (or edit file) as specified user name or IDrun command as the specified group name or IDrun command in the backgroundrun command on host (if supported by plugin)run command with the specified BSD login classrun login shell as the target user; a command may also be specifiedrun shell as the target user; a command may also be specifiedset HOME variable to target user's home dirsetproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line argumentssudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to add event to queueunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to find symbol `%s' in %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to load %s: %sunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set tty context to %sunable to set uid to %uunable to set user contextunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown policy type %d found in %sunknown uid %u: who are you?unsupported group source `%s' in %s, line %dupdate user's timestamp without running a commanduse a helper program for password promptinguse specified BSD authentication typeuse the specified password promptuser "%s" is not a member of project "%s"value too largevalue too smallwarning, resource control assignment failed for project "%s"you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo 1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-11 13:41-0700 PO-Revision-Date: 2013-12-26 22:20+0200 Last-Translator: Yuri Chornoivan Language-Team: Ukrainian Language: uk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Generator: Lokalize 1.5 Plural-Forms: nplurals=1; plural=0; Параметри: %s — редагувати файли від імені іншого кориÑтувача %s — виконати команду від імені іншого кориÑтувача %s змінено Ð¿Ð¾Ð·Ð½Ð°Ñ‡ÐºÐ¸Ð—Ð°Ð¿Ð¸Ñ Ð´Ð¾ «%s» може здійÑнювати будь-Ñкий кориÑтувач з групи%s не Ñ” звичайним файлом%s не Ñ” коректним контекÑтом%s належить uid %u, має належати %uÐ—Ð°Ð¿Ð¸Ñ Ð´Ð¾ «%s» можливий Ð´Ð»Ñ Ð´Ð¾Ð²Ñ–Ð»ÑŒÐ½Ð¾Ð³Ð¾ кориÑтувача%s залишено без змін%s має бути доÑтупним до запиÑу лише Ð´Ð»Ñ Ð²Ð»Ð°Ñника%s має належати кориÑтувачеві з uid %d%s має належати кориÑтувачеві з uid %d, крім того, має бути вÑтановлено біт setuid%s не змінено%s%s: %s%s: %s%s: %s %s: %s: %s %s: не Ñ” звичайним файлом%s: короткий запиÑПараметри налаштуваннÑ: %s Можна викориÑтовувати лише такі параметри: -e, -h, -i, -K, -l, -s, -v та -VВерÑÑ–Ñ sudo %s Ðевідомий Ñигналзакрити вÑÑ– деÑкриптори файлів >= numдані ÑеанÑу Ñ€ÐµÐ´Ð°Ð³ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°Ð»Ð¸ÑˆÐ¸Ð»Ð¸ÑÑ Ñƒ %sне вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ прив’Ñзку до типового Ñховища реÑурÑів проекту «%s»не вдалоÑÑ Ð¿Ñ€Ð¸Ñ”Ð´Ð½Ð°Ñ‚Ð¸ÑÑ Ð´Ð¾ проекту «%s»Ñтворити контекÑÑ‚ захиÑту SELinux з вказаною роллюÑтворити контекÑÑ‚ захиÑту SELinux вказаного типупоказати довідкове Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ñ– завершити роботупоказати дані щодо верÑÑ–Ñ— Ñ– завершити роботуредагувати файли заміÑть Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸Ð¿Ð¾Ñ‚Ð¾Ñ‡Ð½Ð¸Ð¼ uid не Ñ” %d. Можливо %s зберігаєтьÑÑ Ñƒ файловій ÑиÑтемі зі вÑтановленим параметром «nosuid» або у файловій ÑиÑтемі NFS без прав доÑтупу root?поточним uid не Ñ” %d, sudo вÑтановлено з ідентифікатором кориÑтувача root?помилка у %s, Ñ€Ñдок %d під Ñ‡Ð°Ñ Ñпроби Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ° «%s»помилка у циклі обробки подійпомилка під Ñ‡Ð°Ñ Ñпроби ініціалізації додатка введеннÑ/Ð²Ð¸Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… %sпомилка під Ñ‡Ð°Ñ Ñпроби Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð· каналупомилка під Ñ‡Ð°Ñ Ñпроби Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð· каналу Ñигналівпомилка під Ñ‡Ð°Ñ Ñпроби Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð· пари Ñокетівне вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ old_contextне вдалоÑÑ Ð²Ñтановити нову роль %sне вдалоÑÑ Ð²Ñтановити новий тип %sкритична помилка, не вдалоÑÑ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶Ð¸Ñ‚Ð¸ додаткиігноруємо повторний Ð·Ð°Ð¿Ð¸Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ° введеннÑ-виведеннÑ, «%s», у %s, Ñ€Ñдок %dігноруємо повторний Ð·Ð°Ð¿Ð¸Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ° правил, «%s», у %s, Ñ€Ñдок %dігноруємо додаток правил, «%s», у %s, Ñ€Ñдок %dу режимі ÑпиÑку, показати права доÑтупу кориÑтувачанеÑуміÑна оÑновна верÑÑ–Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ°, %d, (мало бути %d) у %sÐ²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ %sÐ²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ñпроба Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ ecalloc(0)Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ñпроба Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ emalloc(0)Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ñпроба Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ emalloc2(0)Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ñпроба Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ erealloc(0)Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ñпроба Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ erealloc3(0)Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ñпроба Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ erecalloc(0)некоректна макÑимальна кількіÑть груп, «%s», у %s, Ñ€Ñдок %dнекоректне значеннÑпозбавити чинноÑті файл чаÑової позначкипоказати ÑпиÑок прав доÑтупу кориÑтувача або перевірити певну команду; Ð¿Ð¾Ð´Ð²Ð¾Ñ”Ð½Ð½Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð° призводить до Ð²Ð¸Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ¾Ð²Ð¸Ñ… данихload_interfaces: виÑвлено переповненнÑне вказано програми askpass, Ñпробуйте вÑтановити Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð¼Ñ–Ð½Ð½Ð¾Ñ— SUDO_ASKPASSÐ´Ð»Ñ Ð¿Ñ€Ð¾ÐµÐºÑ‚Ñƒ «%s» не Ñ–Ñнує Ñховища реÑурÑів, Ñке приймає типові прив’Ñзкине виÑвлено tty Ñ– не вказано програми askpassнеінтерактивний режим, не проÑити кориÑтувача відповідати на питаннÑможна визначати лише один додаток обробки правилпомилка додатка: не виÑтачає ÑпиÑку файлів Ð´Ð»Ñ sudoeditдо додатка правил %s не включено метод check_policyу додатку правил %s не передбачено підтримки побудови ÑпиÑку прав доÑтупуу додатку правил %s не передбачено підтримки параметрів -k/-Kу додатку правил %s не передбачено підтримки параметра -vдо додатка правил %s не включено метод «check_policy»не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ ініціалізацію ÑеанÑу через додаток правилзберегти вектор групи, не вÑтановлювати вектор вказаного кориÑтувачазберегти Ñередовище кориÑтувача на Ñ‡Ð°Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸Ð¿Ñ€Ð¾Ñ‡Ð¸Ñ‚Ð°Ñ‚Ð¸ пароль зі Ñтандартного джерела вхідних данихповніÑтю вилучити файл чаÑової позначкипотребує принаймні одного аргументуперевищено Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñ€ÐµÑурÑамивиконати команду (або редагувати файл) від імені кориÑтувача, вказаного за іменем або ідентифікаторомвиконати команду від імені групи кориÑтувачів, вказаної за назвою або ідентифікаторомвиконати команду у фоновому режимівиконати команду на комп’ютері (Ñкщо підтримуєтьÑÑ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ¾Ð¼)виконати команду з вказаним клаÑом доÑтупу BSDзапуÑтити оболонку Ð´Ð»Ñ Ð²Ñ…Ð¾Ð´Ñƒ до ÑиÑтеми від імені вказаного кориÑтувача; Ñлід вказати команду запуÑкувиконати командну оболонку від імені вказаного кориÑтувача; Ñлід також вказати командувÑтановити Ð´Ð»Ñ Ð·Ð¼Ñ–Ð½Ð½Ð¾Ñ— HOME Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð¾Ð¼Ð°ÑˆÐ½ÑŒÐ¾Ð³Ð¾ каталогу вказаного кориÑтувача.помилка під Ñ‡Ð°Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ setproject Ð´Ð»Ñ Ð¿Ñ€Ð¾ÐµÐºÑ‚Ñƒ «%s»у проекті «%s» не Ñ–Ñнує вказаного Ñховища реÑурÑівзупинити обробку аргументів командного Ñ€Ñдкапідтримки sudoedit Ð´Ð»Ñ Ñ†Ñ–Ñ”Ñ— платформи не передбаченопараметри «-A» Ñ– «-S» не можна викориÑтовувати одночаÑноне можна викориÑтовувати «-E» у режимі редагуваннÑпараметр «-U» можна викориÑтовувати лише разом з параметром «-l»аргументом параметра -C mмає бути чиÑло не менше за 3викликане Ð·Ð°Ð²Ð´Ð°Ð½Ð½Ñ Ñ” завершальнимне вдалоÑÑ Ð´Ð¾Ð´Ð°Ñ‚Ð¸ подію до черги обробкине вдалоÑÑ Ñ€Ð¾Ð·Ð¼Ñ–Ñтити ptyне вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ каталог на %sне вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ root на %sне вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ uid кориÑтувача, від імені Ñкого відбуваєтьÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ (%u, %u)не вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ uid на Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ root (%u)не вдалоÑÑ Ñтворити каналне вдалоÑÑ Ñтворити Ñокетине вдалоÑÑ Ð²Ð¸Ð·Ð½Ð°Ñ‡Ð¸Ñ‚Ð¸ режим примушеннÑ.не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ dup2 Ð´Ð»Ñ stdinне вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ %sне вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ fgetfilecon %sу %2$s не вдалоÑÑ Ð·Ð½Ð°Ð¹Ñ‚Ð¸ Ñимвол «%1$s»не вдалоÑÑ Ñтворити відгалуженнÑне вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ поточний контекÑÑ‚ tty, не змінюємо позначки ttyне вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ типовий тип Ð´Ð»Ñ Ñ€Ð¾Ð»Ñ– %sне вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ вектор групине вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ новий контекÑÑ‚ tty, не змінюємо позначки ttyне вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ додаток правилне вдалоÑÑ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶Ð¸Ñ‚Ð¸ %s: %sне вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ %sне вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ %s, не змінюємо позначки ttyне вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ ÑиÑтему аудитане вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ Ñокетне вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ userdbне вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð· файла тимчаÑових данихне вдалоÑÑ Ð²Ð¸Ð»ÑƒÑ‡Ð¸Ñ‚Ð¸ PRIV_PROC_EXEC з PRIV_LIMITне вдалоÑÑ Ð²Ñ–Ð´Ð½Ð¾Ð²Ð¸Ñ‚Ð¸ контекÑÑ‚ %sне вдалоÑÑ Ð²Ñ–Ð´Ð½Ð¾Ð²Ð¸Ñ‚Ð¸ регіÑтрне вдалоÑÑ Ð²Ñ–Ð´Ð½Ð¾Ð²Ð¸Ñ‚Ð¸ stdinне вдалоÑÑ Ð²Ñ–Ð´Ð½Ð¾Ð²Ð¸Ñ‚Ð¸ позначку ttyне вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ %sне вдалоÑÑ Ð·Ð±ÐµÑ€ÐµÐ³Ñ‚Ð¸ stdinне вдалоÑÑ Ð½Ð°Ð´Ñ–Ñлати Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð°ÑƒÐ´Ð¸Ñ‚Ð°Ð½Ðµ вдалоÑÑ Ð²Ñтановити tty Ð´Ð»Ñ ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñне вдалоÑÑ Ð²Ñтановити ефективний ідентифікатор групи Ð´Ð»Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð° групи запуÑку %uне вдалоÑÑ Ð²Ñтановити контекÑÑ‚ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ñƒ Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ %sне вдалоÑÑ Ð²Ñтановити gid у Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ %uне вдалоÑÑ Ð²Ñтановити ідентифікатор групи Ð´Ð»Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð° групи запуÑку %uне вдалоÑÑ Ð²Ñтановити контекÑÑ‚ ключа ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñƒ Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ %sне вдалоÑÑ Ð²Ñтановити новий контекÑÑ‚ ttyне вдалоÑÑ Ð²Ñтановити пріоритет процеÑуне вдалоÑÑ Ð²Ñтановити ідентифікатори додаткових групне вдалоÑÑ Ð¿ÐµÑ€ÐµÐ²ÐµÑти термінал у режим без обробкине вдалоÑÑ Ð²Ñтановити контекÑÑ‚ tty у Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ %sне вдалоÑÑ Ð²Ñтановити uid у Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ %uне вдалоÑÑ Ð²Ñтановити контекÑÑ‚ кориÑтувачане вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ stat Ð´Ð»Ñ %sне вдалоÑÑ Ð¿ÐµÑ€ÐµÐ¼ÐºÐ½ÑƒÑ‚Ð¸ÑÑ Ð½Ð° регіÑтр «%s» Ð´Ð»Ñ %sне вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ Ð·Ð°Ð¿Ð¸Ñ Ð´Ð¾ %sнеочікувана умова Ð¿ÐµÑ€ÐµÑ€Ð¸Ð²Ð°Ð½Ð½Ñ Ð´Ð¾Ñ‡Ñ–Ñ€Ð½ÑŒÐ¾Ð³Ð¾ процеÑу: %dнеочікуваний тип відповіді на зворотному каналі: %dнеочікуваний режим sudo 0x%xневідомий ÐºÐ»Ð°Ñ Ð²Ñ…Ð¾Ð´Ñƒ %sу %2$s виÑвлено невідомий тип правил, %1$dневідомий uid %u: хто ви такий?непідтримуване джерело групи, «%s», у %s, Ñ€Ñдок %dоновити штамп чаÑу кориÑтувача без Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸Ð²Ð¸ÐºÐ¾Ñ€Ð¸Ñтовувати допоміжну програму Ð´Ð»Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ñ–Ð² щодо паролÑвикориÑтовувати вказаний тип Ñ€Ð¾Ð·Ð¿Ñ–Ð·Ð½Ð°Ð²Ð°Ð½Ð½Ñ BSDвикориÑтовувати вказаний інÑтрумент Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ–Ð²ÐºÐ¾Ñ€Ð¸Ñтувач «%s» не Ñ” учаÑником проекту «%s»надто велике значеннÑнадто мале значеннÑпопередженнÑ, помилка Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñ€ÐµÑурÑами проекту «%s»не можна одночаÑно вказувати параметри «-i» Ñ– «-E»не можна одночаÑно вказувати параметри «-i» Ñ– «-s»не можна вказувати змінні Ñередовища у режимі редагуваннÑвам Ñлід вказати роль Ð´Ð»Ñ Ñ‚Ð¸Ð¿Ñƒ %ssudo-1.8.9p5/src/po/uk.po010064400175440000012000000747131226304126400145440ustar00millertstaff# Ukrainian translation for sudo. # This file is put in the public domain. # # Yuri Chornoivan , 2011, 2012, 2013. msgid "" msgstr "" "Project-Id-Version: sudo 1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-11 13:41-0700\n" "PO-Revision-Date: 2013-12-26 22:20+0200\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" "Language: uk\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.5\n" "Plural-Forms: nplurals=1; plural=0;\n" #: common/aix.c:93 common/aix.c:150 msgid "unable to open userdb" msgstr "не вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ userdb" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "не вдалоÑÑ Ð¿ÐµÑ€ÐµÐ¼ÐºÐ½ÑƒÑ‚Ð¸ÑÑ Ð½Ð° регіÑтр «%s» Ð´Ð»Ñ %s" #: common/aix.c:170 msgid "unable to restore registry" msgstr "не вдалоÑÑ Ð²Ñ–Ð´Ð½Ð¾Ð²Ð¸Ñ‚Ð¸ регіÑтр" #: common/alloc.c:81 msgid "internal error, tried to emalloc(0)" msgstr "Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ñпроба Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ emalloc(0)" #: common/alloc.c:98 msgid "internal error, tried to emalloc2(0)" msgstr "Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ñпроба Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ emalloc2(0)" #: common/alloc.c:100 common/alloc.c:122 common/alloc.c:162 common/alloc.c:185 #, c-format msgid "internal error, %s overflow" msgstr "Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ %s" #: common/alloc.c:119 msgid "internal error, tried to ecalloc(0)" msgstr "Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ñпроба Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ ecalloc(0)" #: common/alloc.c:141 msgid "internal error, tried to erealloc(0)" msgstr "Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ñпроба Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ erealloc(0)" #: common/alloc.c:160 msgid "internal error, tried to erealloc3(0)" msgstr "Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ñпроба Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ erealloc3(0)" #: common/alloc.c:183 msgid "internal error, tried to erecalloc(0)" msgstr "Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ñпроба Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ erecalloc(0)" #: common/atoid.c:78 common/atoid.c:106 common/atomode.c:54 #: compat/strtonum.c:65 compat/strtonum.c:183 msgid "invalid value" msgstr "некоректне значеннÑ" #: common/atoid.c:85 common/atoid.c:113 common/atomode.c:60 #: compat/strtonum.c:68 compat/strtonum.c:195 msgid "value too large" msgstr "надто велике значеннÑ" #: common/atoid.c:91 common/atomode.c:60 compat/strtonum.c:68 #: compat/strtonum.c:189 msgid "value too small" msgstr "надто мале значеннÑ" #: common/fatal.c:158 #, c-format msgid "%s: %s: %s\n" msgstr "%s: %s: %s\n" #: common/fatal.c:161 common/fatal.c:165 #, c-format msgid "%s: %s\n" msgstr "%s: %s\n" #: common/gidlist.c:80 src/load_plugins.c:63 src/load_plugins.c:76 #: src/sudo.c:558 src/sudo.c:577 src/sudo.c:599 src/sudo.c:608 src/sudo.c:617 #: src/sudo.c:632 src/sudo.c:679 src/sudo.c:689 #, c-format msgid "%s: %s" msgstr "%s: %s" #: common/sudo_conf.c:177 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "непідтримуване джерело групи, «%s», у %s, Ñ€Ñдок %d" #: common/sudo_conf.c:191 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "некоректна макÑимальна кількіÑть груп, «%s», у %s, Ñ€Ñдок %d" #: common/sudo_conf.c:391 #, c-format msgid "unable to stat %s" msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ stat Ð´Ð»Ñ %s" #: common/sudo_conf.c:394 #, c-format msgid "%s is not a regular file" msgstr "%s не Ñ” звичайним файлом" #: common/sudo_conf.c:397 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s належить uid %u, має належати %u" #: common/sudo_conf.c:401 #, c-format msgid "%s is world writable" msgstr "Ð—Ð°Ð¿Ð¸Ñ Ð´Ð¾ «%s» можливий Ð´Ð»Ñ Ð´Ð¾Ð²Ñ–Ð»ÑŒÐ½Ð¾Ð³Ð¾ кориÑтувача" #: common/sudo_conf.c:404 #, c-format msgid "%s is group writable" msgstr "Ð—Ð°Ð¿Ð¸Ñ Ð´Ð¾ «%s» може здійÑнювати будь-Ñкий кориÑтувач з групи" #: common/sudo_conf.c:414 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "не вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ %s" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Ðевідомий Ñигнал" #: src/exec.c:133 src/exec_pty.c:744 msgid "policy plugin failed session initialization" msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ ініціалізацію ÑеанÑу через додаток правил" #: src/exec.c:138 src/exec_pty.c:760 src/exec_pty.c:1272 src/tgetpass.c:221 msgid "unable to fork" msgstr "не вдалоÑÑ Ñтворити відгалуженнÑ" #: src/exec.c:309 src/exec.c:317 src/exec.c:841 src/exec_pty.c:507 #: src/exec_pty.c:512 src/exec_pty.c:570 src/exec_pty.c:577 src/exec_pty.c:870 #: src/exec_pty.c:880 src/exec_pty.c:925 src/exec_pty.c:932 #: src/exec_pty.c:1334 src/exec_pty.c:1341 src/exec_pty.c:1348 msgid "unable to add event to queue" msgstr "не вдалоÑÑ Ð´Ð¾Ð´Ð°Ñ‚Ð¸ подію до черги обробки" #: src/exec.c:394 msgid "unable to create sockets" msgstr "не вдалоÑÑ Ñтворити Ñокети" #: src/exec.c:477 msgid "error in event loop" msgstr "помилка у циклі обробки подій" #: src/exec.c:492 msgid "unable to restore tty label" msgstr "не вдалоÑÑ Ð²Ñ–Ð´Ð½Ð¾Ð²Ð¸Ñ‚Ð¸ позначку tty" #: src/exec_common.c:73 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "не вдалоÑÑ Ð²Ð¸Ð»ÑƒÑ‡Ð¸Ñ‚Ð¸ PRIV_PROC_EXEC з PRIV_LIMIT" #: src/exec_pty.c:184 msgid "unable to allocate pty" msgstr "не вдалоÑÑ Ñ€Ð¾Ð·Ð¼Ñ–Ñтити pty" #: src/exec_pty.c:682 src/exec_pty.c:691 src/exec_pty.c:699 #: src/exec_pty.c:1192 src/exec_pty.c:1269 src/signal.c:126 src/tgetpass.c:218 msgid "unable to create pipe" msgstr "не вдалоÑÑ Ñтворити канал" #: src/exec_pty.c:735 msgid "unable to set terminal to raw mode" msgstr "не вдалоÑÑ Ð¿ÐµÑ€ÐµÐ²ÐµÑти термінал у режим без обробки" #: src/exec_pty.c:1091 msgid "error reading from signal pipe" msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð· каналу Ñигналів" #: src/exec_pty.c:1124 msgid "error reading from pipe" msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð· каналу" #: src/exec_pty.c:1149 msgid "error reading from socketpair" msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð· пари Ñокетів" #: src/exec_pty.c:1158 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "неочікуваний тип відповіді на зворотному каналі: %d" #: src/exec_pty.c:1248 msgid "unable to set controlling tty" msgstr "не вдалоÑÑ Ð²Ñтановити tty Ð´Ð»Ñ ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ" #: src/load_plugins.c:61 src/load_plugins.c:74 src/load_plugins.c:91 #: src/load_plugins.c:144 src/load_plugins.c:150 src/load_plugins.c:156 #: src/load_plugins.c:197 src/load_plugins.c:204 src/load_plugins.c:211 #: src/load_plugins.c:217 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "помилка у %s, Ñ€Ñдок %d під Ñ‡Ð°Ñ Ñпроби Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ° «%s»" #: src/load_plugins.c:93 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:152 #, c-format msgid "%s must be owned by uid %d" msgstr "%s має належати кориÑтувачеві з uid %d" #: src/load_plugins.c:158 #, c-format msgid "%s must be only be writable by owner" msgstr "%s має бути доÑтупним до запиÑу лише Ð´Ð»Ñ Ð²Ð»Ð°Ñника" #: src/load_plugins.c:199 #, c-format msgid "unable to load %s: %s" msgstr "не вдалоÑÑ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶Ð¸Ñ‚Ð¸ %s: %s" #: src/load_plugins.c:206 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "у %2$s не вдалоÑÑ Ð·Ð½Ð°Ð¹Ñ‚Ð¸ Ñимвол «%1$s»" #: src/load_plugins.c:213 #, c-format msgid "unknown policy type %d found in %s" msgstr "у %2$s виÑвлено невідомий тип правил, %1$d" #: src/load_plugins.c:219 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "неÑуміÑна оÑновна верÑÑ–Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ°, %d, (мало бути %d) у %s" #: src/load_plugins.c:228 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "ігноруємо додаток правил, «%s», у %s, Ñ€Ñдок %d" #: src/load_plugins.c:230 msgid "only a single policy plugin may be specified" msgstr "можна визначати лише один додаток обробки правил" #: src/load_plugins.c:233 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "ігноруємо повторний Ð·Ð°Ð¿Ð¸Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ° правил, «%s», у %s, Ñ€Ñдок %d" #: src/load_plugins.c:248 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "ігноруємо повторний Ð·Ð°Ð¿Ð¸Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ° введеннÑ-виведеннÑ, «%s», у %s, Ñ€Ñдок %d" #: src/load_plugins.c:319 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "до додатка правил %s не включено метод check_policy" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 msgid "load_interfaces: overflow detected" msgstr "load_interfaces: виÑвлено переповненнÑ" #: src/net_ifs.c:226 msgid "unable to open socket" msgstr "не вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ Ñокет" #: src/parse_args.c:246 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "аргументом параметра -C mмає бути чиÑло не менше за 3" #: src/parse_args.c:408 msgid "you may not specify both the `-i' and `-s' options" msgstr "не можна одночаÑно вказувати параметри «-i» Ñ– «-s»" #: src/parse_args.c:412 msgid "you may not specify both the `-i' and `-E' options" msgstr "не можна одночаÑно вказувати параметри «-i» Ñ– «-E»" #: src/parse_args.c:422 msgid "the `-E' option is not valid in edit mode" msgstr "не можна викориÑтовувати «-E» у режимі редагуваннÑ" #: src/parse_args.c:424 msgid "you may not specify environment variables in edit mode" msgstr "не можна вказувати змінні Ñередовища у режимі редагуваннÑ" #: src/parse_args.c:432 msgid "the `-U' option may only be used with the `-l' option" msgstr "параметр «-U» можна викориÑтовувати лише разом з параметром «-l»" #: src/parse_args.c:436 msgid "the `-A' and `-S' options may not be used together" msgstr "параметри «-A» Ñ– «-S» не можна викориÑтовувати одночаÑно" #: src/parse_args.c:519 msgid "sudoedit is not supported on this platform" msgstr "підтримки sudoedit Ð´Ð»Ñ Ñ†Ñ–Ñ”Ñ— платформи не передбачено" #: src/parse_args.c:592 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Можна викориÑтовувати лише такі параметри: -e, -h, -i, -K, -l, -s, -v та -V" #: src/parse_args.c:606 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s — редагувати файли від імені іншого кориÑтувача\n" "\n" #: src/parse_args.c:608 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s — виконати команду від імені іншого кориÑтувача\n" "\n" #: src/parse_args.c:613 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "Параметри:\n" #: src/parse_args.c:615 msgid "use a helper program for password prompting" msgstr "викориÑтовувати допоміжну програму Ð´Ð»Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ñ–Ð² щодо паролÑ" #: src/parse_args.c:618 msgid "use specified BSD authentication type" msgstr "викориÑтовувати вказаний тип Ñ€Ð¾Ð·Ð¿Ñ–Ð·Ð½Ð°Ð²Ð°Ð½Ð½Ñ BSD" #: src/parse_args.c:621 msgid "run command in the background" msgstr "виконати команду у фоновому режимі" #: src/parse_args.c:623 msgid "close all file descriptors >= num" msgstr "закрити вÑÑ– деÑкриптори файлів >= num" #: src/parse_args.c:626 msgid "run command with the specified BSD login class" msgstr "виконати команду з вказаним клаÑом доÑтупу BSD" #: src/parse_args.c:629 msgid "preserve user environment when running command" msgstr "зберегти Ñередовище кориÑтувача на Ñ‡Ð°Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸" #: src/parse_args.c:631 msgid "edit files instead of running a command" msgstr "редагувати файли заміÑть Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸" #: src/parse_args.c:633 msgid "run command as the specified group name or ID" msgstr "виконати команду від імені групи кориÑтувачів, вказаної за назвою або ідентифікатором" #: src/parse_args.c:635 msgid "set HOME variable to target user's home dir" msgstr "вÑтановити Ð´Ð»Ñ Ð·Ð¼Ñ–Ð½Ð½Ð¾Ñ— HOME Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð¾Ð¼Ð°ÑˆÐ½ÑŒÐ¾Ð³Ð¾ каталогу вказаного кориÑтувача." #: src/parse_args.c:637 msgid "display help message and exit" msgstr "показати довідкове Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ñ– завершити роботу" #: src/parse_args.c:639 msgid "run command on host (if supported by plugin)" msgstr "виконати команду на комп’ютері (Ñкщо підтримуєтьÑÑ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ¾Ð¼)" #: src/parse_args.c:641 msgid "run login shell as the target user; a command may also be specified" msgstr "запуÑтити оболонку Ð´Ð»Ñ Ð²Ñ…Ð¾Ð´Ñƒ до ÑиÑтеми від імені вказаного кориÑтувача; Ñлід вказати команду запуÑку" #: src/parse_args.c:643 msgid "remove timestamp file completely" msgstr "повніÑтю вилучити файл чаÑової позначки" #: src/parse_args.c:645 msgid "invalidate timestamp file" msgstr "позбавити чинноÑті файл чаÑової позначки" #: src/parse_args.c:647 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "показати ÑпиÑок прав доÑтупу кориÑтувача або перевірити певну команду; Ð¿Ð¾Ð´Ð²Ð¾Ñ”Ð½Ð½Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð° призводить до Ð²Ð¸Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ¾Ð²Ð¸Ñ… даних" #: src/parse_args.c:649 msgid "non-interactive mode, no prompts are used" msgstr "неінтерактивний режим, не проÑити кориÑтувача відповідати на питаннÑ" #: src/parse_args.c:651 msgid "preserve group vector instead of setting to target's" msgstr "зберегти вектор групи, не вÑтановлювати вектор вказаного кориÑтувача" #: src/parse_args.c:653 msgid "use the specified password prompt" msgstr "викориÑтовувати вказаний інÑтрумент Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ–Ð²" #: src/parse_args.c:656 msgid "create SELinux security context with specified role" msgstr "Ñтворити контекÑÑ‚ захиÑту SELinux з вказаною роллю" #: src/parse_args.c:659 msgid "read password from standard input" msgstr "прочитати пароль зі Ñтандартного джерела вхідних даних" #: src/parse_args.c:661 msgid "run shell as the target user; a command may also be specified" msgstr "виконати командну оболонку від імені вказаного кориÑтувача; Ñлід також вказати команду" #: src/parse_args.c:664 msgid "create SELinux security context with specified type" msgstr "Ñтворити контекÑÑ‚ захиÑту SELinux вказаного типу" #: src/parse_args.c:667 msgid "in list mode, display privileges for user" msgstr "у режимі ÑпиÑку, показати права доÑтупу кориÑтувача" #: src/parse_args.c:669 msgid "run command (or edit file) as specified user name or ID" msgstr "виконати команду (або редагувати файл) від імені кориÑтувача, вказаного за іменем або ідентифікатором" #: src/parse_args.c:671 msgid "display version information and exit" msgstr "показати дані щодо верÑÑ–Ñ— Ñ– завершити роботу" #: src/parse_args.c:673 msgid "update user's timestamp without running a command" msgstr "оновити штамп чаÑу кориÑтувача без Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸" #: src/parse_args.c:675 msgid "stop processing command line arguments" msgstr "зупинити обробку аргументів командного Ñ€Ñдка" #: src/selinux.c:77 msgid "unable to open audit system" msgstr "не вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ ÑиÑтему аудита" #: src/selinux.c:85 msgid "unable to send audit message" msgstr "не вдалоÑÑ Ð½Ð°Ð´Ñ–Ñлати Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð°ÑƒÐ´Ð¸Ñ‚Ð°" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ fgetfilecon %s" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s змінено позначки" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "не вдалоÑÑ Ð²Ñ–Ð´Ð½Ð¾Ð²Ð¸Ñ‚Ð¸ контекÑÑ‚ %s" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "не вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ %s, не змінюємо позначки tty" #: src/selinux.c:172 msgid "unable to get current tty context, not relabeling tty" msgstr "не вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ поточний контекÑÑ‚ tty, не змінюємо позначки tty" #: src/selinux.c:179 msgid "unable to get new tty context, not relabeling tty" msgstr "не вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ новий контекÑÑ‚ tty, не змінюємо позначки tty" #: src/selinux.c:186 msgid "unable to set new tty context" msgstr "не вдалоÑÑ Ð²Ñтановити новий контекÑÑ‚ tty" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "вам Ñлід вказати роль Ð´Ð»Ñ Ñ‚Ð¸Ð¿Ñƒ %s" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "не вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ типовий тип Ð´Ð»Ñ Ñ€Ð¾Ð»Ñ– %s" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "не вдалоÑÑ Ð²Ñтановити нову роль %s" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "не вдалоÑÑ Ð²Ñтановити новий тип %s" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s не Ñ” коректним контекÑтом" #: src/selinux.c:324 msgid "failed to get old_context" msgstr "не вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ old_context" #: src/selinux.c:330 msgid "unable to determine enforcing mode." msgstr "не вдалоÑÑ Ð²Ð¸Ð·Ð½Ð°Ñ‡Ð¸Ñ‚Ð¸ режим примушеннÑ." #: src/selinux.c:342 #, c-format msgid "unable to set tty context to %s" msgstr "не вдалоÑÑ Ð²Ñтановити контекÑÑ‚ tty у Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ %s" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "не вдалоÑÑ Ð²Ñтановити контекÑÑ‚ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ñƒ Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ %s" #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "не вдалоÑÑ Ð²Ñтановити контекÑÑ‚ ключа ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñƒ Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ %s" #: src/sesh.c:57 msgid "requires at least one argument" msgstr "потребує принаймні одного аргументу" #: src/sesh.c:78 src/sudo.c:1088 #, c-format msgid "unable to execute %s" msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ %s" #: src/solaris.c:88 msgid "resource control limit has been reached" msgstr "перевищено Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñ€ÐµÑурÑами" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "кориÑтувач «%s» не Ñ” учаÑником проекту «%s»" #: src/solaris.c:95 msgid "the invoking task is final" msgstr "викликане Ð·Ð°Ð²Ð´Ð°Ð½Ð½Ñ Ñ” завершальним" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "не вдалоÑÑ Ð¿Ñ€Ð¸Ñ”Ð´Ð½Ð°Ñ‚Ð¸ÑÑ Ð´Ð¾ проекту «%s»" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "Ð´Ð»Ñ Ð¿Ñ€Ð¾ÐµÐºÑ‚Ñƒ «%s» не Ñ–Ñнує Ñховища реÑурÑів, Ñке приймає типові прив’Ñзки" #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "у проекті «%s» не Ñ–Ñнує вказаного Ñховища реÑурÑів" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ прив’Ñзку до типового Ñховища реÑурÑів проекту «%s»" #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "помилка під Ñ‡Ð°Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ setproject Ð´Ð»Ñ Ð¿Ñ€Ð¾ÐµÐºÑ‚Ñƒ «%s»" #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "попередженнÑ, помилка Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñ€ÐµÑурÑами проекту «%s»" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "ВерÑÑ–Ñ sudo %s\n" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Параметри налаштуваннÑ: %s\n" #: src/sudo.c:203 msgid "fatal error, unable to load plugins" msgstr "критична помилка, не вдалоÑÑ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶Ð¸Ñ‚Ð¸ додатки" #: src/sudo.c:211 msgid "unable to initialize policy plugin" msgstr "не вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ додаток правил" #: src/sudo.c:267 #, c-format msgid "error initializing I/O plugin %s" msgstr "помилка під Ñ‡Ð°Ñ Ñпроби ініціалізації додатка введеннÑ/Ð²Ð¸Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… %s" #: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "неочікуваний режим sudo 0x%x" #: src/sudo.c:413 msgid "unable to get group vector" msgstr "не вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ вектор групи" #: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "невідомий uid %u: хто ви такий?" #: src/sudo.c:762 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s має належати кориÑтувачеві з uid %d, крім того, має бути вÑтановлено біт setuid" #: src/sudo.c:765 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "поточним uid не Ñ” %d. Можливо %s зберігаєтьÑÑ Ñƒ файловій ÑиÑтемі зі вÑтановленим параметром «nosuid» або у файловій ÑиÑтемі NFS без прав доÑтупу root?" #: src/sudo.c:771 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "поточним uid не Ñ” %d, sudo вÑтановлено з ідентифікатором кориÑтувача root?" #: src/sudo.c:897 #, c-format msgid "unknown login class %s" msgstr "невідомий ÐºÐ»Ð°Ñ Ð²Ñ…Ð¾Ð´Ñƒ %s" #: src/sudo.c:910 msgid "unable to set user context" msgstr "не вдалоÑÑ Ð²Ñтановити контекÑÑ‚ кориÑтувача" #: src/sudo.c:924 msgid "unable to set supplementary group IDs" msgstr "не вдалоÑÑ Ð²Ñтановити ідентифікатори додаткових груп" #: src/sudo.c:931 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "не вдалоÑÑ Ð²Ñтановити ефективний ідентифікатор групи Ð´Ð»Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð° групи запуÑку %u" #: src/sudo.c:937 #, c-format msgid "unable to set gid to runas gid %u" msgstr "не вдалоÑÑ Ð²Ñтановити ідентифікатор групи Ð´Ð»Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð° групи запуÑку %u" #: src/sudo.c:944 msgid "unable to set process priority" msgstr "не вдалоÑÑ Ð²Ñтановити пріоритет процеÑу" #: src/sudo.c:952 #, c-format msgid "unable to change root to %s" msgstr "не вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ root на %s" #: src/sudo.c:965 src/sudo.c:971 src/sudo.c:977 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "не вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ uid кориÑтувача, від імені Ñкого відбуваєтьÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ (%u, %u)" #: src/sudo.c:994 #, c-format msgid "unable to change directory to %s" msgstr "не вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ каталог на %s" #: src/sudo.c:1051 #, c-format msgid "unexpected child termination condition: %d" msgstr "неочікувана умова Ð¿ÐµÑ€ÐµÑ€Ð¸Ð²Ð°Ð½Ð½Ñ Ð´Ð¾Ñ‡Ñ–Ñ€Ð½ÑŒÐ¾Ð³Ð¾ процеÑу: %d" #: src/sudo.c:1108 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "до додатка правил %s не включено метод «check_policy»" #: src/sudo.c:1121 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "у додатку правил %s не передбачено підтримки побудови ÑпиÑку прав доÑтупу" #: src/sudo.c:1133 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "у додатку правил %s не передбачено підтримки параметра -v" #: src/sudo.c:1145 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "у додатку правил %s не передбачено підтримки параметрів -k/-K" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "не вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ uid на Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ root (%u)" #: src/sudo_edit.c:142 msgid "plugin error: missing file list for sudoedit" msgstr "помилка додатка: не виÑтачає ÑпиÑку файлів Ð´Ð»Ñ sudoedit" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: не Ñ” звичайним файлом" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: короткий запиÑ" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s залишено без змін" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s не змінено" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ Ð·Ð°Ð¿Ð¸Ñ Ð´Ð¾ %s" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "дані ÑеанÑу Ñ€ÐµÐ´Ð°Ð³ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°Ð»Ð¸ÑˆÐ¸Ð»Ð¸ÑÑ Ñƒ %s" #: src/sudo_edit.c:314 msgid "unable to read temporary file" msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð· файла тимчаÑових даних" #: src/tgetpass.c:90 msgid "no tty present and no askpass program specified" msgstr "не виÑвлено tty Ñ– не вказано програми askpass" #: src/tgetpass.c:99 msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "не вказано програми askpass, Ñпробуйте вÑтановити Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð¼Ñ–Ð½Ð½Ð¾Ñ— SUDO_ASKPASS" #: src/tgetpass.c:232 #, c-format msgid "unable to set gid to %u" msgstr "не вдалоÑÑ Ð²Ñтановити gid у Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ %u" #: src/tgetpass.c:236 #, c-format msgid "unable to set uid to %u" msgstr "не вдалоÑÑ Ð²Ñтановити uid у Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ %u" #: src/tgetpass.c:241 #, c-format msgid "unable to run %s" msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ %s" #: src/utmp.c:278 msgid "unable to save stdin" msgstr "не вдалоÑÑ Ð·Ð±ÐµÑ€ÐµÐ³Ñ‚Ð¸ stdin" #: src/utmp.c:280 msgid "unable to dup2 stdin" msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ dup2 Ð´Ð»Ñ stdin" #: src/utmp.c:283 msgid "unable to restore stdin" msgstr "не вдалоÑÑ Ð²Ñ–Ð´Ð½Ð¾Ð²Ð¸Ñ‚Ð¸ stdin" #~ msgid "value out of range" #~ msgstr "Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ð¾Ð·Ð° припуÑтимим діапазоном" #~ msgid "select failed" #~ msgstr "Ñпроба виконати select зазнала невдачі" #~ msgid "unknown user: %s" #~ msgstr "невідомий кориÑтувач: %s" #~ msgid "list user's available commands\n" #~ msgstr "показати ÑпиÑок доÑтупних кориÑтувачеві команд\n" #~ msgid "run a shell as target user\n" #~ msgstr "запуÑтити командну оболонку від імені вказаного кориÑтувача\n" #~ msgid "when listing, list specified user's privileges\n" #~ msgstr "у ÑпиÑку показати права доÑтупу вказаного кориÑтувача\n" #~ msgid "unable to allocate memory" #~ msgstr "не вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ потрібний об’єм пам’Ñті" #~ msgid ": " #~ msgstr ": " #~ msgid "internal error, emalloc2() overflow" #~ msgstr "Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ emalloc2()" #~ msgid "internal error, erealloc3() overflow" #~ msgstr "Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ°, Ð¿ÐµÑ€ÐµÐ¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ erealloc3()" #~ msgid "%s: at least one policy plugin must be specified" #~ msgstr "%s: мало бути вказано принаймні один додаток правил" #~ msgid "must be setuid root" #~ msgstr "має виконуватиÑÑ Ð· setuid root" #~ msgid "the argument to -D must be between 1 and 9 inclusive" #~ msgstr "аргументом параметра -D має бути чиÑло з діапазону від 1 до 9, включно" sudo-1.8.9p5/src/po/vi.mo010064400175440000012000000460631226304146200145350ustar00millertstaffÞ•§Tߌ  !(6_q†Ÿ#¹Ýò$*6E |‰’™ ¡­ÄÔIë5F!U#w8›Ô3ð3$X$v'›{Ã7?.w¦ ºÛó0Jd#~1¢4Ô* )4>^#¹#Ý$$&%K%q&— ¾ÌOæ"66YC/Ô),.,[7ˆ4À3õ/)5Y+4».ð! Ab'7©-á,-.ZC‰=Í+ "77Z&’*¹2ä)5A>w¶Ñî &&B!i‹¡#ºÞó !B5Q&‡®1É"û4%Flˆž´/Ò  # > V r ƒ ˜ µ +Ó ÿ  !!8!(Z!ƒ!¡!%À!"æ! ")"A"\"(n"—"*­"(Ø"##"2#U#,r#1Ÿ#+Ñ#%ý#!#$)E$o$$<$2Ì$2ÿ$62%#i%k%ù'I(GR(š(´($Ï(2ô(0')X)q)F‘)*Ø)Q*U*k*t*{* ƒ*)*¹*!È*fê*Q+g+7+3¹+Qí+)?,?i,=©,*ç,1-3D-íx-{f.Câ.'&/-N/>|/7»/&ó/&0/A0&q01˜0FÊ0T1Bf1J©1Wô1L2'l2(”2)½2(ç2)3):3=d3¢3K¿3 4*‹4d¶4s5e5Fõ5F<6Aƒ6YÅ6L7Dl7A±7hó7A\8?ž8>Þ829=P9*Ž9:¹9dô9\Y:#¶:VÚ:C1;su;ké;DU<1š<TÌ</!=;Q=P=FÞ=G%>Cm>)±>0Û> ?-(?7V?2Ž?-Á?*ï?@55@9k@¥@À@/Ü@$ AV1A7ˆA!ÀAOâA72BjB„B6œB$ÓBøBC*-C5XC-ŽC)¼C3æC'DBD0YD#ŠD+®D;ÚD;E!RE0tE6¥E*ÜE-F#5F=YF6—F!ÎF/ðF& G<GG„GHG>æG(%H$NH9sH#­HDÑHdID{I4ÀI4õIN*JyJJK¥JKñJZ=Kb˜K7ûK3XVt5˜E>^|T€*„/!@FOBpze  Aƒ6“–\ …Qdœqv{’=¤f¦(Z•‡I:r+`kMU[›Cw¥<žhamJ4ŒRu ¢1‚)#N iD%o?&ІG§,ˆLH] sŽ; g-2"bPKW$Y£908}”™'_‘—.j¡~xl7n‰‹ycŸSš Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: %s %s: %s: %s %s: not a regular file%s: short writeConfigure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= numcontents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified rolecreate SELinux security context with specified typedisplay help message and exitdisplay version information and exitedit files instead of running a commandeffective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error in %s, line %d while loading plugin `%s'error in event looperror initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairfailed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsignoring duplicate I/O plugin `%s' in %s, line %dignoring duplicate policy plugin `%s' in %s, line %dignoring policy plugin `%s' in %s, line %din list mode, display privileges for userincompatible plugin major version %d (expected %d) found in %sinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalid max groups `%s' in %s, line %dinvalid valueinvalidate timestamp filelist user's privileges or check a specific command; use twice for longer formatload_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, no prompts are usedonly a single policy plugin may be specifiedplugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin %s is missing the `check_policy' methodpolicy plugin failed session initializationpreserve group vector instead of setting to target'spreserve user environment when running commandread password from standard inputremove timestamp file completelyrequires at least one argumentresource control limit has been reachedrun command (or edit file) as specified user name or IDrun command as the specified group name or IDrun command in the backgroundrun command on host (if supported by plugin)run command with the specified BSD login classrun login shell as the target user; a command may also be specifiedrun shell as the target user; a command may also be specifiedset HOME variable to target user's home dirsetproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line argumentssudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to add event to queueunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to find symbol `%s' in %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to load %s: %sunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set tty context to %sunable to set uid to %uunable to set user contextunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown policy type %d found in %sunknown uid %u: who are you?unsupported group source `%s' in %s, line %dupdate user's timestamp without running a commanduse a helper program for password promptinguse specified BSD authentication typeuse the specified password promptuser "%s" is not a member of project "%s"value too largevalue too smallwarning, resource control assignment failed for project "%s"you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo 1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-11 13:41-0700 PO-Revision-Date: 2013-12-29 15:09+0700 Last-Translator: Trần Ngá»c Quân Language-Team: Vietnamese Language: vi MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=1; plural=0; X-Language-Team-Website: X-Generator: LocFactoryEditor 1.8 X-Poedit-SourceCharset: UTF-8 X-Poedit-Language: Vietnamese X-Poedit-Country: VIET NAM Tùy chá»n: %s - sá»­a chữa các tập tin trên danh nghÄ©a ngưá»i dùng khác %s - thá»±c hiện câu lệnh trên danh nghÄ©a ngưá»i dùng khác %s nhãn đã thay đổi%s là nhóm có thể ghi%s không phải tập tin thưá»ng%s không phải là má»™t ngữ cảnh hợp lệ%s được sở hữu bởi uid %u, nên là %u%s ai ghi cÅ©ng được%s còn lại chưa thay đổi%s phải là những thứ chỉ có thể ghi bởi chá»§ sở hữu%s phải được sở hữu bởi uid %d%s phải được sở hữu bởi uid %d và bít setuid phải được đặt%s không thay đổi%s%s: %s%s: %s%s: %s %s: %s: %s %s: không phải là tập tin thưá»ng%s: ghi ngắnCác tùy chá»n cấu hình: %s Chỉ được phép chỉ định má»™t trong số các tùy chá»n -e, -h, -i, -K, -l, -s, -v hay -Vsudo phiên bản %s Không hiểu tín hiệuđóng tất cả các mô tả cá»§a tập tin >= sốná»™i dung cá»§a phiên chỉnh sá»­a chỉ còn %skhông thể buá»™c phần tài nguyên chung mặc định cho dá»± án “%sâ€không thể gia nhập dá»± án “%sâ€tạo ngữ cảnh an ninh SELinux vá»›i vai trò đã chỉ ratạo ngữ cảnh an ninh SELinux vá»›i kiểu đã chỉ rahiển thị trợ giúp này rồi thoáthiển thị thông tin phiên bản rồi thoátchỉnh sá»­a các tập tin thay vì chạy lệnhuid chịu tác động hiện tại không phải là %d, có phải là %s trên hệ thống tập tin vá»›i tuỳ chá»n “nosuid†được đặt, hay má»™t hệ thống tập tin NFS không có đặc quyá»n cá»§a root không?uid chịu tác động hiện tại không phải là %d, chương trình sudo có được cài vá»›i setuid root không?lá»—i trong %s, dòng %d, trong khi tải phần bổ sung “%sâ€có lá»—i trong vòng lặp sá»± kiệnGặp lá»—i khi nạp phần bổ sung I/O %sgặp lá»—i khi Ä‘á»c từ má»™t đưá»ng ống dẫn lệnhlá»—i khi Ä‘á»c từ đưá»ng ống dẫn tín hiệugặp lá»—i khi Ä‘á»c từ socketpairgặp lá»—i khi lấy ngữ cảnh cÅ©gặp lá»—i khi đặt đặt vai trò má»›i %sgặp lá»—i khi đặt kiểu má»›i %slá»—i nghiêm trá»ng, không thể tải pluginslá» Ä‘i phần bổ xung I/O trùng lặp “%s†trong %s, dòng %dlá» Ä‘i phần bổ xung chính sách bị trùng lặp “%s†trong %s, dòng %dlá» Ä‘i phần bổ xung chính sách “%s†trong %s, dòng %dở chế độ liệt kê, hiển thị đặc quyá»n cho ngưá»i dùngkhông tương thích số hiệu phiên bản lá»›n %d (cần %d) tìm thấy trong %slá»—i ná»™i bá»™, %s bị trànlá»—i ná»™i bá»™, đã dùng ecalloc(0)lá»—i ná»™i bá»™, đã dùng erealloc(0)lá»—i ná»™i bá»™, đã dùng erealloc2(0)lá»—i ná»™i bá»™, đã dùng erealloc(0)lá»—i ná»™i bá»™, đã dùng erealloc3(0)lá»—i ná»™i bá»™, đã dùng erecalloc(0)nhóm tối Ä‘a không hợp lệ “%s†trong %s, dòng %dgiá trị không hợp lệlàm mất hiệu lá»±c dấu vết thá»i gian (timestamp) cá»§a tập tinliệt kê đặc quyá»n cá»§a ngưá»i dùng hay kiểm tra câu lệnh xác định; dùng hai lần cho định dạng dàiload_interfaces: đã có chá»— bị trànkhông có chương trình há»i mật khẩu nào được chỉ ra, hãy thá»­ đặt SUDO_ASKPASSkhông kho tài nguyên chung nào được thừa nhận ràng buá»™c đã tồn tại sẵn cho dá»± án “%sâ€không có tty hiện diện và không có chương trình há»i mật khẩu nào được chỉ rachế độ không-tương-tác, sẽ không há»i tên ngưá»i dùngchỉ được phép chỉ định má»™t phần bổ xung chính sáchlá»—i phần bổ xung: thiếu danh sách tập tin cho sudoeditphần bổ xung chính sách %s không bao gồm phương thức kiểm tra chính sáchphần bổ xung chính sách %s không há»— trợ liệt kê đặc quyá»nphần bổ xung chính sách %s không há»— trợ tùy chá»n -k/-Kphần bổ xung chính sách %s không há»— trợ tùy chá»n -vphần bổ xung chính sách %s bị thiếu phương thức kiểm tra chính sách “check_policyâ€phần bổ xung chính sách gặp lá»—i khi khởi tạo phiênbảo tồn véc-tÆ¡ nhóm thay vì các cài đặt cho đíchbảo tồn môi trưá»ng ngưá»i dùng khi thi hành lệnhÄ‘á»c mật khẩu từ đầu vào tiêu chuẩngỡ bá» hoàn toàn dấu vết thá»i gian cá»§a tập tincần thiết ít nhất má»™t đối sốgiá»›i hạn Ä‘iá»u khiển tài nguyên đã tá»›i hạnchạy lệnh (hay sá»­a chữa tập tin) trên tư cách cá»§a ngưá»i dùng hay ID đã chỉ rathá»±c hiện câu lệnh vá»›i tư cách là tên hay ID cá»§a nhóm được chỉ địnhchạy lệnh ở chế độ ná»nchạy câu lệnh trên máy chá»§ (nếu được há»— trợ bởi phần bổ xung)chạy lệnh vá»›i má»™t lá»›p đăng nhập BSD được chỉ rachạy shell đăng nhập như là ngưá»i dùng đích; có thể đồng thá»i chỉ định má»™t câu lệnhchạy hệ vá» dưới danh nghÄ©a ngưá»i dùng đích; cÅ©ng có thể chỉ định thêm câu lệnhđặt biến HOME cho thư mục riêng cá»§a ngưá»i dùng đíchđặt dá»± án cho dá»± án “%s†gặp lá»—inguồn tài nguyên chung được chỉ ra chưa tồn tại cho dá»± án “%sâ€dừng việc xá»­ lý đối số dòng lệnhsudoedit không được há»— trợ trên ná»n tảng nàytùy chá»n “-A†và “-S†không thể dùng cùng má»™t lúc vá»›i nhautùy chá»n “-E†không hợp lệ trong chế độ chỉnh sá»­atùy chá»n “-U†chỉ sá»­ dụng cùng vá»›i tùy chá»n “-lâ€Ä‘ối số cho -C phải là má»™t số lá»›n hÆ¡n hoặc bằng 3tác vụ được gá»i là cuối cùngkhông thể thêm sá»± kiện vào hàng đợikhông thể phân bổ ptykhông thể thay đổi thư mục thành %skhông thể chuyển đổi thư mục gốc thành %skhông thể thay đổi thành runas uid (%u, %u)không thể thay đổi uid thành root (%u)không tạo được đưá»ng ống pipekhông thể tạo socketskhông thể xác định rõ chế độ ép buá»™c.không thể dup2 (nhân đôi) đầu vào tiêu chuẩnkhông thể thá»±c thi %skhông thể fgetfilecon %skhông tìm thấy ký hiệu “%s†trong %skhông thể tạo tiến trình conkhông thể lấy ngữ cảnh tty hiện hành, không phải là tty có liên quankhông thể lấy kiểu mặc định cho vai trò %skhông thể lấy véc-tÆ¡ nhómkhông thể lấy ngữ cảnh tty má»›i, không phải là tty có liên quankhông thể khởi tạo phần bổ xung chính sáchkhông thể tải %s: %skhông mở được %skhông thể mở %s, không phải là tty liên quankhông thể mở hệ thống auditkhông mở được socketkhông thể mở userdbkhông thể Ä‘á»c tập tin tạm thá»ikhông thể xóa bá» PRIV_PROC_EXEC từ PRIV_LIMITKhông thể phục hồi ngữ cảnh cho %skhông thể phục hồi sổ đăng kýkhông thể phục hồi đầu vào tiêu chuẩnkhông thể phục hồi nhãn cho ttykhông thể chạy %skhông thể ghi lại đầu vào tiêu chuẩnkhông thể gá»­i thông tin auditkhông thể đặt Ä‘iá»u khiển cho ttykhông thể đặt hiệu ứng gid chạy như là gid %ukhông thể đặt ngữ cảnh bảo thá»±c thi thành %skhông thể đặt gid thành %ukhông thể thay đổi gid thành runas gid %ukhông thể đặt ngữ cảnh tạo khóa thành %skhông thể đặt ngữ cảnh tty má»›ikhông thể đặt ưu tiên cho quá trìnhkhông thể đặt nhóm phụ IDskhông thể đặt thiết bị cuối sang chế độ thôkhông thể cài đặt ngữ cảnh tty má»›i cho %skhông thể đặt uid thành %ukhông thể đặt ngữ cảnh ngưá»i dùngkhông thể lấy thống kê vá» %skhông thể chuyển đến sổ đăng ký “%s†cho %skhông thể ghi vào %sbiểu thức Ä‘iá»u kiện con kết thúc không như mong đợi: %dkiểu trả vá» không như mong đợi từ backchannel: %dkhông mong đợi chế độ sudo 0x%xkhông hiểu lá»›p đăng nhập %skhông hiểu kiểu chính sách %d tìm thấy trong %skhông hiểu uid %u: bạn là ai?nguồn nhóm không được há»— trợ “%s†trong %s, dòng %dcập nhật dấu vết thá»i gian (timestamp) cá»§a ngưá»i dùng mà không chạy má»™t lệnhsá»­ dụng chương trình trợ giúp cho há»i đáp mật khẩusá»­ dụng kiểu xác thá»±c BSD được chỉ rasá»­ dụng nhắc nhập mật khẩu đã chỉ rangưá»i dùng “%s†không phải là thành viên cá»§a dá»± án “%sâ€giá trị quá lá»›ngiá trị quá nhá»cảnh báo, nguồn Ä‘iá»u khiển gán gặp lá»—i cho dá»± án “%sâ€bạn không thể chỉ định cả hai tùy chá»n “-i†và “-Eâ€bạn không thể chỉ định đồng thá»i cả hai tùy chá»n “-i†và “-sâ€bạn có lẽ không được chỉ định biến môi trưá»ng trong chế độ soạn thảobạn phải chỉ định má»™t kiểu vai trò cho %ssudo-1.8.9p5/src/po/vi.po010064400175440000012000000634531226304126400145420ustar00millertstaff# Vietnamese translation for sudo. # Bản dịch tiếng Việt dành cho sudo. # This file is put in the public domain. # Trần Ngá»c Quân , 2012-2013. # msgid "" msgstr "" "Project-Id-Version: sudo 1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-11 13:41-0700\n" "PO-Revision-Date: 2013-12-29 15:09+0700\n" "Last-Translator: Trần Ngá»c Quân \n" "Language-Team: Vietnamese \n" "Language: vi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Language-Team-Website: \n" "X-Generator: LocFactoryEditor 1.8\n" "X-Poedit-SourceCharset: UTF-8\n" "X-Poedit-Language: Vietnamese\n" "X-Poedit-Country: VIET NAM\n" #: common/aix.c:93 common/aix.c:150 msgid "unable to open userdb" msgstr "không thể mở userdb" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "không thể chuyển đến sổ đăng ký “%s†cho %s" #: common/aix.c:170 msgid "unable to restore registry" msgstr "không thể phục hồi sổ đăng ký" #: common/alloc.c:81 msgid "internal error, tried to emalloc(0)" msgstr "lá»—i ná»™i bá»™, đã dùng erealloc(0)" #: common/alloc.c:98 msgid "internal error, tried to emalloc2(0)" msgstr "lá»—i ná»™i bá»™, đã dùng erealloc2(0)" #: common/alloc.c:100 common/alloc.c:122 common/alloc.c:162 common/alloc.c:185 #, c-format msgid "internal error, %s overflow" msgstr "lá»—i ná»™i bá»™, %s bị tràn" #: common/alloc.c:119 msgid "internal error, tried to ecalloc(0)" msgstr "lá»—i ná»™i bá»™, đã dùng ecalloc(0)" #: common/alloc.c:141 msgid "internal error, tried to erealloc(0)" msgstr "lá»—i ná»™i bá»™, đã dùng erealloc(0)" #: common/alloc.c:160 msgid "internal error, tried to erealloc3(0)" msgstr "lá»—i ná»™i bá»™, đã dùng erealloc3(0)" #: common/alloc.c:183 msgid "internal error, tried to erecalloc(0)" msgstr "lá»—i ná»™i bá»™, đã dùng erecalloc(0)" #: common/atoid.c:78 common/atoid.c:106 common/atomode.c:54 #: compat/strtonum.c:65 compat/strtonum.c:183 msgid "invalid value" msgstr "giá trị không hợp lệ" #: common/atoid.c:85 common/atoid.c:113 common/atomode.c:60 #: compat/strtonum.c:68 compat/strtonum.c:195 msgid "value too large" msgstr "giá trị quá lá»›n" #: common/atoid.c:91 common/atomode.c:60 compat/strtonum.c:68 #: compat/strtonum.c:189 msgid "value too small" msgstr "giá trị quá nhá»" #: common/fatal.c:158 #, c-format msgid "%s: %s: %s\n" msgstr "%s: %s: %s\n" #: common/fatal.c:161 common/fatal.c:165 #, c-format msgid "%s: %s\n" msgstr "%s: %s\n" #: common/gidlist.c:80 src/load_plugins.c:63 src/load_plugins.c:76 #: src/sudo.c:558 src/sudo.c:577 src/sudo.c:599 src/sudo.c:608 src/sudo.c:617 #: src/sudo.c:632 src/sudo.c:679 src/sudo.c:689 #, c-format msgid "%s: %s" msgstr "%s: %s" #: common/sudo_conf.c:177 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "nguồn nhóm không được há»— trợ “%s†trong %s, dòng %d" #: common/sudo_conf.c:191 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "nhóm tối Ä‘a không hợp lệ “%s†trong %s, dòng %d" #: common/sudo_conf.c:391 #, c-format msgid "unable to stat %s" msgstr "không thể lấy thống kê vá» %s" #: common/sudo_conf.c:394 #, c-format msgid "%s is not a regular file" msgstr "%s không phải tập tin thưá»ng" #: common/sudo_conf.c:397 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s được sở hữu bởi uid %u, nên là %u" #: common/sudo_conf.c:401 #, c-format msgid "%s is world writable" msgstr "%s ai ghi cÅ©ng được" #: common/sudo_conf.c:404 #, c-format msgid "%s is group writable" msgstr "%s là nhóm có thể ghi" #: common/sudo_conf.c:414 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "không mở được %s" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Không hiểu tín hiệu" #: src/exec.c:133 src/exec_pty.c:744 msgid "policy plugin failed session initialization" msgstr "phần bổ xung chính sách gặp lá»—i khi khởi tạo phiên" #: src/exec.c:138 src/exec_pty.c:760 src/exec_pty.c:1272 src/tgetpass.c:221 msgid "unable to fork" msgstr "không thể tạo tiến trình con" #: src/exec.c:309 src/exec.c:317 src/exec.c:841 src/exec_pty.c:507 #: src/exec_pty.c:512 src/exec_pty.c:570 src/exec_pty.c:577 src/exec_pty.c:870 #: src/exec_pty.c:880 src/exec_pty.c:925 src/exec_pty.c:932 #: src/exec_pty.c:1334 src/exec_pty.c:1341 src/exec_pty.c:1348 msgid "unable to add event to queue" msgstr "không thể thêm sá»± kiện vào hàng đợi" #: src/exec.c:394 msgid "unable to create sockets" msgstr "không thể tạo sockets" #: src/exec.c:477 msgid "error in event loop" msgstr "có lá»—i trong vòng lặp sá»± kiện" #: src/exec.c:492 msgid "unable to restore tty label" msgstr "không thể phục hồi nhãn cho tty" #: src/exec_common.c:73 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "không thể xóa bá» PRIV_PROC_EXEC từ PRIV_LIMIT" #: src/exec_pty.c:184 msgid "unable to allocate pty" msgstr "không thể phân bổ pty" #: src/exec_pty.c:682 src/exec_pty.c:691 src/exec_pty.c:699 #: src/exec_pty.c:1192 src/exec_pty.c:1269 src/signal.c:126 src/tgetpass.c:218 msgid "unable to create pipe" msgstr "không tạo được đưá»ng ống pipe" #: src/exec_pty.c:735 msgid "unable to set terminal to raw mode" msgstr "không thể đặt thiết bị cuối sang chế độ thô" #: src/exec_pty.c:1091 msgid "error reading from signal pipe" msgstr "lá»—i khi Ä‘á»c từ đưá»ng ống dẫn tín hiệu" #: src/exec_pty.c:1124 msgid "error reading from pipe" msgstr "gặp lá»—i khi Ä‘á»c từ má»™t đưá»ng ống dẫn lệnh" #: src/exec_pty.c:1149 msgid "error reading from socketpair" msgstr "gặp lá»—i khi Ä‘á»c từ socketpair" #: src/exec_pty.c:1158 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "kiểu trả vá» không như mong đợi từ backchannel: %d" #: src/exec_pty.c:1248 msgid "unable to set controlling tty" msgstr "không thể đặt Ä‘iá»u khiển cho tty" #: src/load_plugins.c:61 src/load_plugins.c:74 src/load_plugins.c:91 #: src/load_plugins.c:144 src/load_plugins.c:150 src/load_plugins.c:156 #: src/load_plugins.c:197 src/load_plugins.c:204 src/load_plugins.c:211 #: src/load_plugins.c:217 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "lá»—i trong %s, dòng %d, trong khi tải phần bổ sung “%sâ€" #: src/load_plugins.c:93 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" #: src/load_plugins.c:152 #, c-format msgid "%s must be owned by uid %d" msgstr "%s phải được sở hữu bởi uid %d" #: src/load_plugins.c:158 #, c-format msgid "%s must be only be writable by owner" msgstr "%s phải là những thứ chỉ có thể ghi bởi chá»§ sở hữu" #: src/load_plugins.c:199 #, c-format msgid "unable to load %s: %s" msgstr "không thể tải %s: %s" #: src/load_plugins.c:206 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "không tìm thấy ký hiệu “%s†trong %s" #: src/load_plugins.c:213 #, c-format msgid "unknown policy type %d found in %s" msgstr "không hiểu kiểu chính sách %d tìm thấy trong %s" #: src/load_plugins.c:219 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "không tương thích số hiệu phiên bản lá»›n %d (cần %d) tìm thấy trong %s" #: src/load_plugins.c:228 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "lá» Ä‘i phần bổ xung chính sách “%s†trong %s, dòng %d" #: src/load_plugins.c:230 msgid "only a single policy plugin may be specified" msgstr "chỉ được phép chỉ định má»™t phần bổ xung chính sách" #: src/load_plugins.c:233 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "lá» Ä‘i phần bổ xung chính sách bị trùng lặp “%s†trong %s, dòng %d" #: src/load_plugins.c:248 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "lá» Ä‘i phần bổ xung I/O trùng lặp “%s†trong %s, dòng %d" #: src/load_plugins.c:319 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "phần bổ xung chính sách %s không bao gồm phương thức kiểm tra chính sách" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 msgid "load_interfaces: overflow detected" msgstr "load_interfaces: đã có chá»— bị tràn" #: src/net_ifs.c:226 msgid "unable to open socket" msgstr "không mở được socket" #: src/parse_args.c:246 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "đối số cho -C phải là má»™t số lá»›n hÆ¡n hoặc bằng 3" #: src/parse_args.c:408 msgid "you may not specify both the `-i' and `-s' options" msgstr "bạn không thể chỉ định đồng thá»i cả hai tùy chá»n “-i†và “-sâ€" #: src/parse_args.c:412 msgid "you may not specify both the `-i' and `-E' options" msgstr "bạn không thể chỉ định cả hai tùy chá»n “-i†và “-Eâ€" #: src/parse_args.c:422 msgid "the `-E' option is not valid in edit mode" msgstr "tùy chá»n “-E†không hợp lệ trong chế độ chỉnh sá»­a" #: src/parse_args.c:424 msgid "you may not specify environment variables in edit mode" msgstr "bạn có lẽ không được chỉ định biến môi trưá»ng trong chế độ soạn thảo" #: src/parse_args.c:432 msgid "the `-U' option may only be used with the `-l' option" msgstr "tùy chá»n “-U†chỉ sá»­ dụng cùng vá»›i tùy chá»n “-lâ€" #: src/parse_args.c:436 msgid "the `-A' and `-S' options may not be used together" msgstr "tùy chá»n “-A†và “-S†không thể dùng cùng má»™t lúc vá»›i nhau" #: src/parse_args.c:519 msgid "sudoedit is not supported on this platform" msgstr "sudoedit không được há»— trợ trên ná»n tảng này" #: src/parse_args.c:592 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Chỉ được phép chỉ định má»™t trong số các tùy chá»n -e, -h, -i, -K, -l, -s, -v hay -V" #: src/parse_args.c:606 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s - sá»­a chữa các tập tin trên danh nghÄ©a ngưá»i dùng khác\n" "\n" #: src/parse_args.c:608 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s - thá»±c hiện câu lệnh trên danh nghÄ©a ngưá»i dùng khác\n" "\n" #: src/parse_args.c:613 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "Tùy chá»n:\n" #: src/parse_args.c:615 msgid "use a helper program for password prompting" msgstr "sá»­ dụng chương trình trợ giúp cho há»i đáp mật khẩu" #: src/parse_args.c:618 msgid "use specified BSD authentication type" msgstr "sá»­ dụng kiểu xác thá»±c BSD được chỉ ra" #: src/parse_args.c:621 msgid "run command in the background" msgstr "chạy lệnh ở chế độ ná»n" #: src/parse_args.c:623 msgid "close all file descriptors >= num" msgstr "đóng tất cả các mô tả cá»§a tập tin >= số" #: src/parse_args.c:626 msgid "run command with the specified BSD login class" msgstr "chạy lệnh vá»›i má»™t lá»›p đăng nhập BSD được chỉ ra" #: src/parse_args.c:629 msgid "preserve user environment when running command" msgstr "bảo tồn môi trưá»ng ngưá»i dùng khi thi hành lệnh" #: src/parse_args.c:631 msgid "edit files instead of running a command" msgstr "chỉnh sá»­a các tập tin thay vì chạy lệnh" #: src/parse_args.c:633 msgid "run command as the specified group name or ID" msgstr "thá»±c hiện câu lệnh vá»›i tư cách là tên hay ID cá»§a nhóm được chỉ định" #: src/parse_args.c:635 msgid "set HOME variable to target user's home dir" msgstr "đặt biến HOME cho thư mục riêng cá»§a ngưá»i dùng đích" #: src/parse_args.c:637 msgid "display help message and exit" msgstr "hiển thị trợ giúp này rồi thoát" #: src/parse_args.c:639 msgid "run command on host (if supported by plugin)" msgstr "chạy câu lệnh trên máy chá»§ (nếu được há»— trợ bởi phần bổ xung)" #: src/parse_args.c:641 msgid "run login shell as the target user; a command may also be specified" msgstr "chạy shell đăng nhập như là ngưá»i dùng đích; có thể đồng thá»i chỉ định má»™t câu lệnh" #: src/parse_args.c:643 msgid "remove timestamp file completely" msgstr "gỡ bá» hoàn toàn dấu vết thá»i gian cá»§a tập tin" #: src/parse_args.c:645 msgid "invalidate timestamp file" msgstr "làm mất hiệu lá»±c dấu vết thá»i gian (timestamp) cá»§a tập tin" #: src/parse_args.c:647 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "liệt kê đặc quyá»n cá»§a ngưá»i dùng hay kiểm tra câu lệnh xác định; dùng hai lần cho định dạng dài" #: src/parse_args.c:649 msgid "non-interactive mode, no prompts are used" msgstr "chế độ không-tương-tác, sẽ không há»i tên ngưá»i dùng" #: src/parse_args.c:651 msgid "preserve group vector instead of setting to target's" msgstr "bảo tồn véc-tÆ¡ nhóm thay vì các cài đặt cho đích" #: src/parse_args.c:653 msgid "use the specified password prompt" msgstr "sá»­ dụng nhắc nhập mật khẩu đã chỉ ra" #: src/parse_args.c:656 msgid "create SELinux security context with specified role" msgstr "tạo ngữ cảnh an ninh SELinux vá»›i vai trò đã chỉ ra" #: src/parse_args.c:659 msgid "read password from standard input" msgstr "Ä‘á»c mật khẩu từ đầu vào tiêu chuẩn" #: src/parse_args.c:661 msgid "run shell as the target user; a command may also be specified" msgstr "chạy hệ vá» dưới danh nghÄ©a ngưá»i dùng đích; cÅ©ng có thể chỉ định thêm câu lệnh" #: src/parse_args.c:664 msgid "create SELinux security context with specified type" msgstr "tạo ngữ cảnh an ninh SELinux vá»›i kiểu đã chỉ ra" #: src/parse_args.c:667 msgid "in list mode, display privileges for user" msgstr "ở chế độ liệt kê, hiển thị đặc quyá»n cho ngưá»i dùng" #: src/parse_args.c:669 msgid "run command (or edit file) as specified user name or ID" msgstr "chạy lệnh (hay sá»­a chữa tập tin) trên tư cách cá»§a ngưá»i dùng hay ID đã chỉ ra" #: src/parse_args.c:671 msgid "display version information and exit" msgstr "hiển thị thông tin phiên bản rồi thoát" #: src/parse_args.c:673 msgid "update user's timestamp without running a command" msgstr "cập nhật dấu vết thá»i gian (timestamp) cá»§a ngưá»i dùng mà không chạy má»™t lệnh" #: src/parse_args.c:675 msgid "stop processing command line arguments" msgstr "dừng việc xá»­ lý đối số dòng lệnh" #: src/selinux.c:77 msgid "unable to open audit system" msgstr "không thể mở hệ thống audit" #: src/selinux.c:85 msgid "unable to send audit message" msgstr "không thể gá»­i thông tin audit" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "không thể fgetfilecon %s" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s nhãn đã thay đổi" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "Không thể phục hồi ngữ cảnh cho %s" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "không thể mở %s, không phải là tty liên quan" #: src/selinux.c:172 msgid "unable to get current tty context, not relabeling tty" msgstr "không thể lấy ngữ cảnh tty hiện hành, không phải là tty có liên quan" #: src/selinux.c:179 msgid "unable to get new tty context, not relabeling tty" msgstr "không thể lấy ngữ cảnh tty má»›i, không phải là tty có liên quan" #: src/selinux.c:186 msgid "unable to set new tty context" msgstr "không thể đặt ngữ cảnh tty má»›i" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "bạn phải chỉ định má»™t kiểu vai trò cho %s" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "không thể lấy kiểu mặc định cho vai trò %s" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "gặp lá»—i khi đặt đặt vai trò má»›i %s" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "gặp lá»—i khi đặt kiểu má»›i %s" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s không phải là má»™t ngữ cảnh hợp lệ" #: src/selinux.c:324 msgid "failed to get old_context" msgstr "gặp lá»—i khi lấy ngữ cảnh cÅ©" #: src/selinux.c:330 msgid "unable to determine enforcing mode." msgstr "không thể xác định rõ chế độ ép buá»™c." #: src/selinux.c:342 #, c-format msgid "unable to set tty context to %s" msgstr "không thể cài đặt ngữ cảnh tty má»›i cho %s" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "không thể đặt ngữ cảnh bảo thá»±c thi thành %s" #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "không thể đặt ngữ cảnh tạo khóa thành %s" #: src/sesh.c:57 msgid "requires at least one argument" msgstr "cần thiết ít nhất má»™t đối số" #: src/sesh.c:78 src/sudo.c:1088 #, c-format msgid "unable to execute %s" msgstr "không thể thá»±c thi %s" #: src/solaris.c:88 msgid "resource control limit has been reached" msgstr "giá»›i hạn Ä‘iá»u khiển tài nguyên đã tá»›i hạn" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "ngưá»i dùng “%s†không phải là thành viên cá»§a dá»± án “%sâ€" #: src/solaris.c:95 msgid "the invoking task is final" msgstr "tác vụ được gá»i là cuối cùng" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "không thể gia nhập dá»± án “%sâ€" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "không kho tài nguyên chung nào được thừa nhận ràng buá»™c đã tồn tại sẵn cho dá»± án “%sâ€" #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "nguồn tài nguyên chung được chỉ ra chưa tồn tại cho dá»± án “%sâ€" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "không thể buá»™c phần tài nguyên chung mặc định cho dá»± án “%sâ€" #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "đặt dá»± án cho dá»± án “%s†gặp lá»—i" #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "cảnh báo, nguồn Ä‘iá»u khiển gán gặp lá»—i cho dá»± án “%sâ€" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "sudo phiên bản %s\n" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Các tùy chá»n cấu hình: %s\n" #: src/sudo.c:203 msgid "fatal error, unable to load plugins" msgstr "lá»—i nghiêm trá»ng, không thể tải plugins" #: src/sudo.c:211 msgid "unable to initialize policy plugin" msgstr "không thể khởi tạo phần bổ xung chính sách" #: src/sudo.c:267 #, c-format msgid "error initializing I/O plugin %s" msgstr "Gặp lá»—i khi nạp phần bổ sung I/O %s" #: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "không mong đợi chế độ sudo 0x%x" #: src/sudo.c:413 msgid "unable to get group vector" msgstr "không thể lấy véc-tÆ¡ nhóm" #: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "không hiểu uid %u: bạn là ai?" #: src/sudo.c:762 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s phải được sở hữu bởi uid %d và bít setuid phải được đặt" #: src/sudo.c:765 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "uid chịu tác động hiện tại không phải là %d, có phải là %s trên hệ thống tập tin vá»›i tuỳ chá»n “nosuid†được đặt, hay má»™t hệ thống tập tin NFS không có đặc quyá»n cá»§a root không?" #: src/sudo.c:771 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "uid chịu tác động hiện tại không phải là %d, chương trình sudo có được cài vá»›i setuid root không?" #: src/sudo.c:897 #, c-format msgid "unknown login class %s" msgstr "không hiểu lá»›p đăng nhập %s" #: src/sudo.c:910 msgid "unable to set user context" msgstr "không thể đặt ngữ cảnh ngưá»i dùng" #: src/sudo.c:924 msgid "unable to set supplementary group IDs" msgstr "không thể đặt nhóm phụ IDs" #: src/sudo.c:931 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "không thể đặt hiệu ứng gid chạy như là gid %u" #: src/sudo.c:937 #, c-format msgid "unable to set gid to runas gid %u" msgstr "không thể thay đổi gid thành runas gid %u" #: src/sudo.c:944 msgid "unable to set process priority" msgstr "không thể đặt ưu tiên cho quá trình" #: src/sudo.c:952 #, c-format msgid "unable to change root to %s" msgstr "không thể chuyển đổi thư mục gốc thành %s" #: src/sudo.c:965 src/sudo.c:971 src/sudo.c:977 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "không thể thay đổi thành runas uid (%u, %u)" #: src/sudo.c:994 #, c-format msgid "unable to change directory to %s" msgstr "không thể thay đổi thư mục thành %s" #: src/sudo.c:1051 #, c-format msgid "unexpected child termination condition: %d" msgstr "biểu thức Ä‘iá»u kiện con kết thúc không như mong đợi: %d" #: src/sudo.c:1108 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "phần bổ xung chính sách %s bị thiếu phương thức kiểm tra chính sách “check_policyâ€" #: src/sudo.c:1121 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "phần bổ xung chính sách %s không há»— trợ liệt kê đặc quyá»n" #: src/sudo.c:1133 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "phần bổ xung chính sách %s không há»— trợ tùy chá»n -v" #: src/sudo.c:1145 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "phần bổ xung chính sách %s không há»— trợ tùy chá»n -k/-K" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "không thể thay đổi uid thành root (%u)" #: src/sudo_edit.c:142 msgid "plugin error: missing file list for sudoedit" msgstr "lá»—i phần bổ xung: thiếu danh sách tập tin cho sudoedit" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: không phải là tập tin thưá»ng" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: ghi ngắn" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s còn lại chưa thay đổi" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s không thay đổi" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "không thể ghi vào %s" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "ná»™i dung cá»§a phiên chỉnh sá»­a chỉ còn %s" #: src/sudo_edit.c:314 msgid "unable to read temporary file" msgstr "không thể Ä‘á»c tập tin tạm thá»i" #: src/tgetpass.c:90 msgid "no tty present and no askpass program specified" msgstr "không có tty hiện diện và không có chương trình há»i mật khẩu nào được chỉ ra" #: src/tgetpass.c:99 msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "không có chương trình há»i mật khẩu nào được chỉ ra, hãy thá»­ đặt SUDO_ASKPASS" #: src/tgetpass.c:232 #, c-format msgid "unable to set gid to %u" msgstr "không thể đặt gid thành %u" #: src/tgetpass.c:236 #, c-format msgid "unable to set uid to %u" msgstr "không thể đặt uid thành %u" #: src/tgetpass.c:241 #, c-format msgid "unable to run %s" msgstr "không thể chạy %s" #: src/utmp.c:278 msgid "unable to save stdin" msgstr "không thể ghi lại đầu vào tiêu chuẩn" #: src/utmp.c:280 msgid "unable to dup2 stdin" msgstr "không thể dup2 (nhân đôi) đầu vào tiêu chuẩn" #: src/utmp.c:283 msgid "unable to restore stdin" msgstr "không thể phục hồi đầu vào tiêu chuẩn" #~ msgid "value out of range" #~ msgstr "giá trị nằm ngoài phạm vi" #~ msgid "select failed" #~ msgstr "lá»±a chá»n gặp lá»—i" #~ msgid "unknown user: %s" #~ msgstr "không hiểu ngưá»i dùng: %s" #~ msgid "list user's available commands\n" #~ msgstr "Danh sách các biến câu lệnh ngưá»i dùng có thể sá»­ dụng\n" #~ msgid "run a shell as target user\n" #~ msgstr "chạy shell như là ngưá»i dùng đích\n" #~ msgid "when listing, list specified user's privileges\n" #~ msgstr "khi liệt kê, liệt kê các đặc quyá»n cá»§a ngưá»i dùng\n" #~ msgid "unable to allocate memory" #~ msgstr "không thể cấp phát vùng nhá»›" #~ msgid ": " #~ msgstr ": " #~ msgid "internal error, emalloc2() overflow" #~ msgstr "lá»—i ná»™i bá»™, erealloc2() bị tràn" #~ msgid "internal error, erealloc3() overflow" #~ msgstr "lá»—i ná»™i bá»™, erealloc3() bị tràn" #~ msgid "%s: at least one policy plugin must be specified" #~ msgstr "%s: phải xác định ít nhất má»™t phần bổ xung chính sách" #~ msgid "must be setuid root" #~ msgstr "phải được đặt setuid cá»§a root" sudo-1.8.9p5/src/po/zh_CN.mo010064400175440000012000000366241226304146200151220ustar00millertstaffÞ•§Tߌ  !(6_q†Ÿ#¹Ýò$*6E |‰’™ ¡­ÄÔIë5F!U#w8›Ô3ð3$X$v'›{Ã7?.w¦ ºÛó0Jd#~1¢4Ô* )4>^#¹#Ý$$&%K%q&— ¾ÌOæ"66YC/Ô),.,[7ˆ4À3õ/)5Y+4».ð! Ab'7©-á,-.ZC‰=Í+ "77Z&’*¹2ä)5A>w¶Ñî &&B!i‹¡#ºÞó !B5Q&‡®1É"û4%Flˆž´/Ò  # > V r ƒ ˜ µ +Ó ÿ  !!8!(Z!ƒ!¡!%À!"æ! ")"A"\"(n"—"*­"(Ø"##"2#U#,r#1Ÿ#+Ñ#%ý#!#$)E$o$$<$2Ì$2ÿ$62%#i%~% '('.A'p'ƒ'™'¯'!È'ê'(!(&2(=Y( —( ¤(®(¶( ¿(Í(å(÷(G )R) b)&o)%–)2¼)ï)- *-8*f*‚*ž*‡½*JE+7+È+á+,,/,K,d,~,!˜,<º,=÷,75-'m->•-Ô- í- .!/.!Q."s."–.0¹. ê.ô.N /!\/7~/D¶/0û/,0H0.g0-–0%Ä0&ê0"1041!e13‡1$»1à1ü12423P2(„2­2,Ã2)ð2K39f30 3)Ñ35û314M4+i4&•41¼49î4"(5K5j5€5œ5*¸5%ã5 6626N6`6p6%†6¬6<¾6%û6!7977q77 ¢7*¯7Ú7ó7 88-68d8~8”8§8À8Ð8ã8ü8/9E9e9)9"©9Ì9ë9:! :!B:d::š:+©:Õ:#å:& ;0;K;#d;!ˆ;1ª;*Ü;$< ,<M<+i< •< Ÿ<5©<.ß<.=-==(k=3XVt5˜E>^|T€*„/!@FOBpze  Aƒ6“–\ …Qdœqv{’=¤f¦(Z•‡I:r+`kMU[›Cw¥<žhamJ4ŒRu ¢1‚)#N iD%o?&ІG§,ˆLH] sŽ; g-2"bPKW$Y£908}”™'_‘—.j¡~xl7n‰‹ycŸSš Options: %s - edit files as another user %s - execute a command as another user %s changed labels%s is group writable%s is not a regular file%s is not a valid context%s is owned by uid %u, should be %u%s is world writable%s left unmodified%s must be only be writable by owner%s must be owned by uid %d%s must be owned by uid %d and have the setuid bit set%s unchanged%s%s: %s%s: %s%s: %s %s: %s: %s %s: not a regular file%s: short writeConfigure options: %s Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specifiedSudo version %s Unknown signalclose all file descriptors >= numcontents of edit session left in %scould not bind to default resource pool for project "%s"could not join project "%s"create SELinux security context with specified rolecreate SELinux security context with specified typedisplay help message and exitdisplay version information and exitedit files instead of running a commandeffective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?effective uid is not %d, is sudo installed setuid root?error in %s, line %d while loading plugin `%s'error in event looperror initializing I/O plugin %serror reading from pipeerror reading from signal pipeerror reading from socketpairfailed to get old_contextfailed to set new role %sfailed to set new type %sfatal error, unable to load pluginsignoring duplicate I/O plugin `%s' in %s, line %dignoring duplicate policy plugin `%s' in %s, line %dignoring policy plugin `%s' in %s, line %din list mode, display privileges for userincompatible plugin major version %d (expected %d) found in %sinternal error, %s overflowinternal error, tried to ecalloc(0)internal error, tried to emalloc(0)internal error, tried to emalloc2(0)internal error, tried to erealloc(0)internal error, tried to erealloc3(0)internal error, tried to erecalloc(0)invalid max groups `%s' in %s, line %dinvalid valueinvalidate timestamp filelist user's privileges or check a specific command; use twice for longer formatload_interfaces: overflow detectedno askpass program specified, try setting SUDO_ASKPASSno resource pool accepting default bindings exists for project "%s"no tty present and no askpass program specifiednon-interactive mode, no prompts are usedonly a single policy plugin may be specifiedplugin error: missing file list for sudoeditpolicy plugin %s does not include a check_policy methodpolicy plugin %s does not support listing privilegespolicy plugin %s does not support the -k/-K optionspolicy plugin %s does not support the -v optionpolicy plugin %s is missing the `check_policy' methodpolicy plugin failed session initializationpreserve group vector instead of setting to target'spreserve user environment when running commandread password from standard inputremove timestamp file completelyrequires at least one argumentresource control limit has been reachedrun command (or edit file) as specified user name or IDrun command as the specified group name or IDrun command in the backgroundrun command on host (if supported by plugin)run command with the specified BSD login classrun login shell as the target user; a command may also be specifiedrun shell as the target user; a command may also be specifiedset HOME variable to target user's home dirsetproject failed for project "%s"specified resource pool does not exist for project "%s"stop processing command line argumentssudoedit is not supported on this platformthe `-A' and `-S' options may not be used togetherthe `-E' option is not valid in edit modethe `-U' option may only be used with the `-l' optionthe argument to -C must be a number greater than or equal to 3the invoking task is finalunable to add event to queueunable to allocate ptyunable to change directory to %sunable to change root to %sunable to change to runas uid (%u, %u)unable to change uid to root (%u)unable to create pipeunable to create socketsunable to determine enforcing mode.unable to dup2 stdinunable to execute %sunable to fgetfilecon %sunable to find symbol `%s' in %sunable to forkunable to get current tty context, not relabeling ttyunable to get default type for role %sunable to get group vectorunable to get new tty context, not relabeling ttyunable to initialize policy pluginunable to load %s: %sunable to open %sunable to open %s, not relabeling ttyunable to open audit systemunable to open socketunable to open userdbunable to read temporary fileunable to remove PRIV_PROC_EXEC from PRIV_LIMITunable to restore context for %sunable to restore registryunable to restore stdinunable to restore tty labelunable to run %sunable to save stdinunable to send audit messageunable to set controlling ttyunable to set effective gid to runas gid %uunable to set exec context to %sunable to set gid to %uunable to set gid to runas gid %uunable to set key creation context to %sunable to set new tty contextunable to set process priorityunable to set supplementary group IDsunable to set terminal to raw modeunable to set tty context to %sunable to set uid to %uunable to set user contextunable to stat %sunable to switch to registry "%s" for %sunable to write to %sunexpected child termination condition: %dunexpected reply type on backchannel: %dunexpected sudo mode 0x%xunknown login class %sunknown policy type %d found in %sunknown uid %u: who are you?unsupported group source `%s' in %s, line %dupdate user's timestamp without running a commanduse a helper program for password promptinguse specified BSD authentication typeuse the specified password promptuser "%s" is not a member of project "%s"value too largevalue too smallwarning, resource control assignment failed for project "%s"you may not specify both the `-i' and `-E' optionsyou may not specify both the `-i' and `-s' optionsyou may not specify environment variables in edit modeyou must specify a role for type %sProject-Id-Version: sudo-1.8.9b2 Report-Msgid-Bugs-To: http://www.sudo.ws/bugs POT-Creation-Date: 2013-12-11 13:41-0700 PO-Revision-Date: 2013-12-27 09:14+0800 Last-Translator: Wylmer Wang Language-Team: Chinese (simplified) Language: zh_CN MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit 选项: %s - 以其他用户身份编辑文件 %s - 以其他用户身份执行一æ¡å‘½ä»¤ %s 修改了标签%s å¯è¢«ç”¨æˆ·ç»„写%s 䏿˜¯å¸¸è§„文件%s 䏿˜¯æœ‰æ•ˆçš„环境%s 属于用户 ID %u,应为 %u%s å¯è¢«ä»»ä½•人写%s 并未修改%s å¿…é¡»åªå¯¹å…¶æ‰€æœ‰è€…å¯å†™%s 必须属于用户 ID %d(的用户)%s 必须属于用户 ID %d(的用户)并且设置 setuid ä½%s 已更改%s%s:%s%s:%s%s:%s %s:%s:%s %sï¼šä¸æ˜¯å¸¸è§„文件%s:截短写入当å‰é€‰é¡¹ï¼š%s åªèƒ½æŒ‡å®š -eã€-hã€-iã€-Kã€-lã€-sã€-v 或 -V 选项中的一个Sudo 版本 %s 未知信å·å…³é—­æ‰€æœ‰ >= num 的文件æè¿°ç¬¦ç¼–辑会è¯çš„内容留在了 %s 中无法为项目“%sâ€ç»‘å®šåˆ°é»˜è®¤çš„èµ„æºæ± æ— æ³•加入项目“%sâ€ä»¥æŒ‡å®šçš„角色创建 SELinux 安全环境以指定的类型创建 SELinux 安全环境显示帮助消æ¯å¹¶é€€å‡ºæ˜¾ç¤ºç‰ˆæœ¬ä¿¡æ¯å¹¶é€€å‡ºç¼–è¾‘æ–‡ä»¶è€Œéžæ‰§è¡Œå‘½ä»¤æœ‰æ•ˆç”¨æˆ· ID 䏿˜¯ %d,%s ä½äºŽä¸€ä¸ªè®¾ç½®äº†â€œnosuidâ€é€‰é¡¹çš„æ–‡ä»¶ç³»ç»Ÿæˆ–没有 root æƒé™çš„ NFS 文件系统中å—?有效用户 ID 䏿˜¯ %d,sudo 属于 root 并设置了 setuid ä½å—?在加载æ’件“%3$sâ€æ—¶åœ¨ %1$s 第 %2$d 行出错事件循环中有错误åˆå§‹åŒ– I/O æ’ä»¶ %s 出错从管é“读å–出错从å•管é“读å–出错从套接字对读å–å‡ºé”™æ— æ³•èŽ·å– old_context设置新角色 %s 失败设置新类型 %s 失败致命错误,无法加载æ’件忽略ä½äºŽ %2$s 第 %3$d 行的é‡å¤ I/O æ’件“%1$sâ€å¿½ç•¥ä½äºŽ %2$s 第 %3$d 行的é‡å¤ç­–ç•¥æ’件“%1$sâ€å¿½ç•¥ä½äºŽ %2$s 第 %3$d 行的策略æ’件“%1$sâ€åœ¨åˆ—表模å¼ä¸­æ˜¾ç¤ºç”¨æˆ·çš„æƒé™%3$s 中å‘现ä¸å…¼å®¹çš„æ’ä»¶ä¸»ç‰ˆæœ¬å· %1$d(应为 %2$d)内部错误,%s 溢出内部错误,试图 ecalloc(0)内部错误,试图 emalloc(0)内部错误,试图 emalloc2(0)内部错误,试图 erealloc(0)内部错误,试图 erealloc3(0)内部错误,试图 erecalloc(0)%2$s 第 %3$d 行的最大组数“%1$sâ€æ— æ•ˆå€¼æ— æ•ˆæ— æ•ˆçš„æ—¶é—´æˆ³æ–‡ä»¶åˆ—出用户æƒé™æˆ–检查æŸä¸ªç‰¹å®šå‘½ä»¤ï¼›å¯¹äºŽé•¿æ ¼å¼ï¼Œä½¿ç”¨ä¸¤æ¬¡load_interfaces:检测到溢出没有指定 askpass 程åºï¼Œå°è¯•设置 SUDO_ASKPASSä¸å­˜åœ¨å¯¹åº”于项目“%sâ€çš„ã€æŽ¥å—é»˜è®¤ç»‘å®šçš„èµ„æºæ± æ²¡æœ‰ç»ˆç«¯å­˜åœ¨ï¼Œä¸”未指定 askpass 程åºéžäº¤äº’模å¼ï¼Œä¸æç¤ºåªèƒ½æŒ‡å®šä¸€ä¸ªç­–ç•¥æ’ä»¶æ’件错误:缺少 sudoedit 的文件列表策略æ’ä»¶ %s ä¸åŒ…å« check_policy 方法策略æ’ä»¶ %s 䏿”¯æŒåˆ—出æƒé™ç­–ç•¥æ’ä»¶ %s 䏿”¯æŒ -k/-K 选项策略æ’ä»¶ %s䏿”¯æŒ -v 选项“check_policyâ€æ–¹æ³•中缺少策略æ’ä»¶ %sç­–ç•¥æ’件会è¯åˆå§‹åŒ–失败ä¿ç•™ç»„å‘é‡ï¼Œè€Œéžè®¾ç½®ä¸ºç›®æ ‡çš„组å‘é‡åœ¨æ‰§è¡Œå‘½ä»¤æ—¶ä¿ç•™ç”¨æˆ·çŽ¯å¢ƒä»Žæ ‡å‡†è¾“å…¥è¯»å–密ç å®Œå…¨ç§»é™¤æ—¶é—´æˆ³æ–‡ä»¶è¦æ±‚è‡³å°‘æœ‰ä¸€ä¸ªå‚æ•°è¾¾åˆ°äº†èµ„æºæŽ§åˆ¶é™åˆ¶ä»¥æŒ‡å®šç”¨æˆ·æˆ– ID è¿è¡Œå‘½ä»¤(或编辑文件)以指定的用户组或 ID 执行命令在åŽå°è¿è¡Œå‘½ä»¤åœ¨ä¸»æœºä¸Šè¿è¡Œå‘½ä»¤(如果æ’件支æŒ)以指定的 BSD 登录类别è¿è¡Œå‘½ä»¤ä»¥ç›®æ ‡ç”¨æˆ·èº«ä»½è¿è¡Œä¸€ä¸ªç™»å½• shellï¼›å¯åŒæ—¶æŒ‡å®šä¸€æ¡å‘½ä»¤ä»¥ç›®æ ‡ç”¨æˆ·è¿è¡Œ shellï¼›å¯åŒæ—¶æŒ‡å®šä¸€æ¡å‘½ä»¤å°† HOME å˜é‡è®¾ä¸ºç›®æ ‡ç”¨æˆ·çš„主目录。对项目“%sâ€æ‰§è¡Œ setproject 失败指定的对应于项目“%sâ€çš„èµ„æºæ± ä¸å­˜åœ¨åœæ­¢å¤„ç†å‘½ä»¤è¡Œå‚数此平å°ä¸æ”¯æŒ sudoedit“-Aâ€å’Œâ€œ-Sâ€é€‰é¡¹ä¸å¯åŒæ—¶ä½¿ç”¨â€œ-Eâ€é€‰é¡¹åœ¨ç¼–辑模å¼ä¸­æ— æ•ˆâ€œ-Uâ€é€‰é¡¹åªèƒ½ä¸Žâ€œ-lâ€é€‰é¡¹ä¸€èµ·ä½¿ç”¨-C é€‰é¡¹çš„å‚æ•°å¿…须是一个大于等于 3 的数字调用的任务是最终的(final)无法将事件添加到队列无法分é…伪终端无法将目录切æ¢åˆ° %s无法从 root 切æ¢åˆ° %s无法切æ¢åˆ°ä»¥ç”¨æˆ· ID(%u,%u)è¿è¡Œæ— æ³•将用户 ID 切æ¢åˆ° root(%u)æ— æ³•åˆ›å»ºç®¡é“æ— æ³•创建套接字无法确定强制模å¼ã€‚无法 dup2 stdin无法执行 %s无法 fgetfilecon %s在 %2$s 中找ä¸åˆ°ç¬¦å·â€œ%1$sâ€æ— æ³•执行 fork无法获å–当å‰ç»ˆç«¯çš„环境,将ä¸é‡æ–°æ ‡è®°ç»ˆç«¯æ— æ³•èŽ·å– %s 角色的默认类型无法获å–组å‘釿— æ³•èŽ·å–æ–°ç»ˆç«¯çš„环境,将ä¸é‡æ–°æ ‡è®°ç»ˆç«¯æ— æ³•åˆå§‹åŒ–ç­–ç•¥æ’件无法加载 %s:%s打ä¸å¼€ %s无法打开 %s,将ä¸é‡æ–°æ ‡è®°ç»ˆç«¯æ— æ³•打开审查系统无法打开套接字无法打开 userdb无法读å–临时文件无法从 PRIV_LIMIT 中移除 PRIV_PROC_EXEC无法æ¢å¤ %s 的环境无法æ¢å¤æ³¨å†Œè¡¨æ— æ³•æ¢å¤ stdin无法æ¢å¤ç»ˆç«¯æ ‡ç­¾æ— æ³•执行 %s无法ä¿å­˜ stdin无法å‘é€å®¡æŸ¥æ¶ˆæ¯æ— æ³•设置控制终端无法设置有效组 ID æ¥ä»¥ç»„ ID %u è¿è¡Œæ— æ³•å‘ %s 设置 exec 环境无法将组 ID 设为 %u无法设置组 ID æ¥ä»¥ç»„ ID %u è¿è¡Œæ— æ³•å‘ %s 设置键创建环境无法设置新终端的环境无法设置进程优先级无法设置补充组 IDæ— æ³•å°†ç»ˆç«¯è®¾ä¸ºåŽŸå§‹æ¨¡å¼æ— æ³•将终端环境设置为 %s无法将用户 ID 设为 %u无法设置用户环境无法 stat %s无法为 %2$s 切æ¢åˆ°æ³¨å†Œè¡¨â€œ%1$sâ€æ— æ³•写入 %s异常的å­è¿›ç¨‹ç»ˆæ­¢æ¡ä»¶ï¼š%dè”络通é“的回应类型异常:%d异常的 sudo æ¨¡å¼ 0x%x未知的登录类别 %s%2$s 中的策略类型 %1$d 未知未知的用户 ID %uï¼šæ‚¨æ˜¯ï¼Ÿä¸æ”¯æŒ %2$s 第 %3$d è¡Œçš„ç»„æ¥æºâ€œ%1$sâ€æ›´æ–°ç”¨æˆ·çš„æ—¶é—´æˆ³è€Œä¸æ‰§è¡Œå‘½ä»¤ä½¿ç”¨åŠ©æ‰‹ç¨‹åºè¿›è¡Œå¯†ç æç¤ºä½¿ç”¨æŒ‡å®šçš„ BSD 认è¯ç±»åž‹ä½¿ç”¨æŒ‡å®šçš„å¯†ç æç¤ºç”¨æˆ·â€œ%sâ€ä¸æ˜¯é¡¹ç›®â€œ%sâ€çš„æˆå‘˜å€¼è¿‡å¤§å€¼è¿‡å°è­¦å‘Šï¼Œå¯¹é¡¹ç›®â€œ%sâ€çš„èµ„æºæŽ§åˆ¶åˆ†é…失败您ä¸èƒ½åŒæ—¶æŒ‡å®šâ€œ-iâ€å’Œâ€œ-Eâ€é€‰é¡¹æ‚¨ä¸èƒ½åŒæ—¶æŒ‡å®šâ€œ-iâ€å’Œâ€œ-sâ€é€‰é¡¹åœ¨ç¼–辑模å¼ä¸­æ‚¨ä¸èƒ½æŒ‡å®šçŽ¯å¢ƒå˜é‡æ‚¨å¿…须为 %s 类型指定一个角色sudo-1.8.9p5/src/po/zh_CN.po010064400175440000012000000540451226304126400151220ustar00millertstaff# Chinese simplified translation for sudo. # sudo 的简体中文翻译。 # This file is put in the public domain. # Wylmer Wang , 2011, 2012, 2013. # msgid "" msgstr "" "Project-Id-Version: sudo-1.8.9b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" "POT-Creation-Date: 2013-12-11 13:41-0700\n" "PO-Revision-Date: 2013-12-27 09:14+0800\n" "Last-Translator: Wylmer Wang \n" "Language-Team: Chinese (simplified) \n" "Language: zh_CN\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" #: common/aix.c:93 common/aix.c:150 msgid "unable to open userdb" msgstr "无法打开 userdb" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "无法为 %2$s 切æ¢åˆ°æ³¨å†Œè¡¨â€œ%1$sâ€" #: common/aix.c:170 msgid "unable to restore registry" msgstr "无法æ¢å¤æ³¨å†Œè¡¨" #: common/alloc.c:81 msgid "internal error, tried to emalloc(0)" msgstr "内部错误,试图 emalloc(0)" #: common/alloc.c:98 msgid "internal error, tried to emalloc2(0)" msgstr "内部错误,试图 emalloc2(0)" #: common/alloc.c:100 common/alloc.c:122 common/alloc.c:162 common/alloc.c:185 #, c-format msgid "internal error, %s overflow" msgstr "内部错误,%s 溢出" #: common/alloc.c:119 msgid "internal error, tried to ecalloc(0)" msgstr "内部错误,试图 ecalloc(0)" #: common/alloc.c:141 msgid "internal error, tried to erealloc(0)" msgstr "内部错误,试图 erealloc(0)" #: common/alloc.c:160 msgid "internal error, tried to erealloc3(0)" msgstr "内部错误,试图 erealloc3(0)" #: common/alloc.c:183 msgid "internal error, tried to erecalloc(0)" msgstr "内部错误,试图 erecalloc(0)" #: common/atoid.c:78 common/atoid.c:106 common/atomode.c:54 #: compat/strtonum.c:65 compat/strtonum.c:183 msgid "invalid value" msgstr "值无效" #: common/atoid.c:85 common/atoid.c:113 common/atomode.c:60 #: compat/strtonum.c:68 compat/strtonum.c:195 msgid "value too large" msgstr "值过大" #: common/atoid.c:91 common/atomode.c:60 compat/strtonum.c:68 #: compat/strtonum.c:189 msgid "value too small" msgstr "值过å°" #: common/fatal.c:158 #, c-format msgid "%s: %s: %s\n" msgstr "%s:%s:%s\n" #: common/fatal.c:161 common/fatal.c:165 #, c-format msgid "%s: %s\n" msgstr "%s:%s\n" #: common/gidlist.c:80 src/load_plugins.c:63 src/load_plugins.c:76 #: src/sudo.c:558 src/sudo.c:577 src/sudo.c:599 src/sudo.c:608 src/sudo.c:617 #: src/sudo.c:632 src/sudo.c:679 src/sudo.c:689 #, c-format msgid "%s: %s" msgstr "%s:%s" #: common/sudo_conf.c:177 #, c-format msgid "unsupported group source `%s' in %s, line %d" msgstr "䏿”¯æŒ %2$s 第 %3$d è¡Œçš„ç»„æ¥æºâ€œ%1$sâ€" #: common/sudo_conf.c:191 #, c-format msgid "invalid max groups `%s' in %s, line %d" msgstr "%2$s 第 %3$d 行的最大组数“%1$sâ€æ— æ•ˆ" #: common/sudo_conf.c:391 #, c-format msgid "unable to stat %s" msgstr "无法 stat %s" #: common/sudo_conf.c:394 #, c-format msgid "%s is not a regular file" msgstr "%s 䏿˜¯å¸¸è§„文件" #: common/sudo_conf.c:397 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s 属于用户 ID %u,应为 %u" #: common/sudo_conf.c:401 #, c-format msgid "%s is world writable" msgstr "%s å¯è¢«ä»»ä½•人写" #: common/sudo_conf.c:404 #, c-format msgid "%s is group writable" msgstr "%s å¯è¢«ç”¨æˆ·ç»„写" #: common/sudo_conf.c:414 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "打ä¸å¼€ %s" #: compat/strsignal.c:50 msgid "Unknown signal" msgstr "未知信å·" #: src/exec.c:133 src/exec_pty.c:744 msgid "policy plugin failed session initialization" msgstr "ç­–ç•¥æ’件会è¯åˆå§‹åŒ–失败" #: src/exec.c:138 src/exec_pty.c:760 src/exec_pty.c:1272 src/tgetpass.c:221 msgid "unable to fork" msgstr "无法执行 fork" #: src/exec.c:309 src/exec.c:317 src/exec.c:841 src/exec_pty.c:507 #: src/exec_pty.c:512 src/exec_pty.c:570 src/exec_pty.c:577 src/exec_pty.c:870 #: src/exec_pty.c:880 src/exec_pty.c:925 src/exec_pty.c:932 #: src/exec_pty.c:1334 src/exec_pty.c:1341 src/exec_pty.c:1348 msgid "unable to add event to queue" msgstr "无法将事件添加到队列" #: src/exec.c:394 msgid "unable to create sockets" msgstr "无法创建套接字" #: src/exec.c:477 msgid "error in event loop" msgstr "事件循环中有错误" #: src/exec.c:492 msgid "unable to restore tty label" msgstr "无法æ¢å¤ç»ˆç«¯æ ‡ç­¾" #: src/exec_common.c:73 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "无法从 PRIV_LIMIT 中移除 PRIV_PROC_EXEC" #: src/exec_pty.c:184 msgid "unable to allocate pty" msgstr "无法分é…伪终端" #: src/exec_pty.c:682 src/exec_pty.c:691 src/exec_pty.c:699 #: src/exec_pty.c:1192 src/exec_pty.c:1269 src/signal.c:126 src/tgetpass.c:218 msgid "unable to create pipe" msgstr "无法创建管é“" #: src/exec_pty.c:735 msgid "unable to set terminal to raw mode" msgstr "无法将终端设为原始模å¼" #: src/exec_pty.c:1091 msgid "error reading from signal pipe" msgstr "从å•管é“读å–出错" #: src/exec_pty.c:1124 msgid "error reading from pipe" msgstr "从管é“读å–出错" #: src/exec_pty.c:1149 msgid "error reading from socketpair" msgstr "从套接字对读å–出错" #: src/exec_pty.c:1158 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "è”络通é“的回应类型异常:%d" #: src/exec_pty.c:1248 msgid "unable to set controlling tty" msgstr "无法设置控制终端" #: src/load_plugins.c:61 src/load_plugins.c:74 src/load_plugins.c:91 #: src/load_plugins.c:144 src/load_plugins.c:150 src/load_plugins.c:156 #: src/load_plugins.c:197 src/load_plugins.c:204 src/load_plugins.c:211 #: src/load_plugins.c:217 #, c-format msgid "error in %s, line %d while loading plugin `%s'" msgstr "在加载æ’件“%3$sâ€æ—¶åœ¨ %1$s 第 %2$d 行出错" #: src/load_plugins.c:93 #, c-format msgid "%s%s: %s" msgstr "%s%s:%s" #: src/load_plugins.c:152 #, c-format msgid "%s must be owned by uid %d" msgstr "%s 必须属于用户 ID %d(的用户)" #: src/load_plugins.c:158 #, c-format msgid "%s must be only be writable by owner" msgstr "%s å¿…é¡»åªå¯¹å…¶æ‰€æœ‰è€…å¯å†™" #: src/load_plugins.c:199 #, c-format msgid "unable to load %s: %s" msgstr "无法加载 %s:%s" #: src/load_plugins.c:206 #, c-format msgid "unable to find symbol `%s' in %s" msgstr "在 %2$s 中找ä¸åˆ°ç¬¦å·â€œ%1$sâ€" #: src/load_plugins.c:213 #, c-format msgid "unknown policy type %d found in %s" msgstr "%2$s 中的策略类型 %1$d 未知" #: src/load_plugins.c:219 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "%3$s 中å‘现ä¸å…¼å®¹çš„æ’ä»¶ä¸»ç‰ˆæœ¬å· %1$d(应为 %2$d)" #: src/load_plugins.c:228 #, c-format msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "忽略ä½äºŽ %2$s 第 %3$d 行的策略æ’件“%1$sâ€" #: src/load_plugins.c:230 msgid "only a single policy plugin may be specified" msgstr "åªèƒ½æŒ‡å®šä¸€ä¸ªç­–ç•¥æ’ä»¶" #: src/load_plugins.c:233 #, c-format msgid "ignoring duplicate policy plugin `%s' in %s, line %d" msgstr "忽略ä½äºŽ %2$s 第 %3$d 行的é‡å¤ç­–ç•¥æ’件“%1$sâ€" #: src/load_plugins.c:248 #, c-format msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" msgstr "忽略ä½äºŽ %2$s 第 %3$d 行的é‡å¤ I/O æ’件“%1$sâ€" #: src/load_plugins.c:319 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "ç­–ç•¥æ’ä»¶ %s ä¸åŒ…å« check_policy 方法" #: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 #: src/net_ifs.c:297 src/net_ifs.c:321 msgid "load_interfaces: overflow detected" msgstr "load_interfaces:检测到溢出" #: src/net_ifs.c:226 msgid "unable to open socket" msgstr "无法打开套接字" #: src/parse_args.c:246 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "-C é€‰é¡¹çš„å‚æ•°å¿…须是一个大于等于 3 的数字" #: src/parse_args.c:408 msgid "you may not specify both the `-i' and `-s' options" msgstr "您ä¸èƒ½åŒæ—¶æŒ‡å®šâ€œ-iâ€å’Œâ€œ-sâ€é€‰é¡¹" #: src/parse_args.c:412 msgid "you may not specify both the `-i' and `-E' options" msgstr "您ä¸èƒ½åŒæ—¶æŒ‡å®šâ€œ-iâ€å’Œâ€œ-Eâ€é€‰é¡¹" #: src/parse_args.c:422 msgid "the `-E' option is not valid in edit mode" msgstr "“-Eâ€é€‰é¡¹åœ¨ç¼–辑模å¼ä¸­æ— æ•ˆ" #: src/parse_args.c:424 msgid "you may not specify environment variables in edit mode" msgstr "在编辑模å¼ä¸­æ‚¨ä¸èƒ½æŒ‡å®šçŽ¯å¢ƒå˜é‡" #: src/parse_args.c:432 msgid "the `-U' option may only be used with the `-l' option" msgstr "“-Uâ€é€‰é¡¹åªèƒ½ä¸Žâ€œ-lâ€é€‰é¡¹ä¸€èµ·ä½¿ç”¨" #: src/parse_args.c:436 msgid "the `-A' and `-S' options may not be used together" msgstr "“-Aâ€å’Œâ€œ-Sâ€é€‰é¡¹ä¸å¯åŒæ—¶ä½¿ç”¨" #: src/parse_args.c:519 msgid "sudoedit is not supported on this platform" msgstr "此平å°ä¸æ”¯æŒ sudoedit" #: src/parse_args.c:592 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "åªèƒ½æŒ‡å®š -eã€-hã€-iã€-Kã€-lã€-sã€-v 或 -V 选项中的一个" #: src/parse_args.c:606 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" "%s - 以其他用户身份编辑文件\n" "\n" #: src/parse_args.c:608 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" "%s - 以其他用户身份执行一æ¡å‘½ä»¤\n" "\n" #: src/parse_args.c:613 #, c-format msgid "" "\n" "Options:\n" msgstr "" "\n" "选项:\n" #: src/parse_args.c:615 msgid "use a helper program for password prompting" msgstr "使用助手程åºè¿›è¡Œå¯†ç æç¤º" #: src/parse_args.c:618 msgid "use specified BSD authentication type" msgstr "使用指定的 BSD 认è¯ç±»åž‹" #: src/parse_args.c:621 msgid "run command in the background" msgstr "在åŽå°è¿è¡Œå‘½ä»¤" #: src/parse_args.c:623 msgid "close all file descriptors >= num" msgstr "关闭所有 >= num 的文件æè¿°ç¬¦" #: src/parse_args.c:626 msgid "run command with the specified BSD login class" msgstr "以指定的 BSD 登录类别è¿è¡Œå‘½ä»¤" #: src/parse_args.c:629 msgid "preserve user environment when running command" msgstr "在执行命令时ä¿ç•™ç”¨æˆ·çŽ¯å¢ƒ" #: src/parse_args.c:631 msgid "edit files instead of running a command" msgstr "ç¼–è¾‘æ–‡ä»¶è€Œéžæ‰§è¡Œå‘½ä»¤" #: src/parse_args.c:633 msgid "run command as the specified group name or ID" msgstr "以指定的用户组或 ID 执行命令" #: src/parse_args.c:635 msgid "set HOME variable to target user's home dir" msgstr "å°† HOME å˜é‡è®¾ä¸ºç›®æ ‡ç”¨æˆ·çš„主目录。" #: src/parse_args.c:637 msgid "display help message and exit" msgstr "显示帮助消æ¯å¹¶é€€å‡º" #: src/parse_args.c:639 msgid "run command on host (if supported by plugin)" msgstr "在主机上è¿è¡Œå‘½ä»¤(如果æ’件支æŒ)" #: src/parse_args.c:641 msgid "run login shell as the target user; a command may also be specified" msgstr "以目标用户身份è¿è¡Œä¸€ä¸ªç™»å½• shellï¼›å¯åŒæ—¶æŒ‡å®šä¸€æ¡å‘½ä»¤" #: src/parse_args.c:643 msgid "remove timestamp file completely" msgstr "完全移除时间戳文件" #: src/parse_args.c:645 msgid "invalidate timestamp file" msgstr "无效的时间戳文件" #: src/parse_args.c:647 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "列出用户æƒé™æˆ–检查æŸä¸ªç‰¹å®šå‘½ä»¤ï¼›å¯¹äºŽé•¿æ ¼å¼ï¼Œä½¿ç”¨ä¸¤æ¬¡" #: src/parse_args.c:649 msgid "non-interactive mode, no prompts are used" msgstr "éžäº¤äº’模å¼ï¼Œä¸æç¤º" #: src/parse_args.c:651 msgid "preserve group vector instead of setting to target's" msgstr "ä¿ç•™ç»„å‘é‡ï¼Œè€Œéžè®¾ç½®ä¸ºç›®æ ‡çš„组å‘é‡" #: src/parse_args.c:653 msgid "use the specified password prompt" msgstr "ä½¿ç”¨æŒ‡å®šçš„å¯†ç æç¤º" #: src/parse_args.c:656 msgid "create SELinux security context with specified role" msgstr "以指定的角色创建 SELinux 安全环境" #: src/parse_args.c:659 msgid "read password from standard input" msgstr "从标准输入读å–密ç " #: src/parse_args.c:661 msgid "run shell as the target user; a command may also be specified" msgstr "以目标用户è¿è¡Œ shellï¼›å¯åŒæ—¶æŒ‡å®šä¸€æ¡å‘½ä»¤" #: src/parse_args.c:664 msgid "create SELinux security context with specified type" msgstr "以指定的类型创建 SELinux 安全环境" #: src/parse_args.c:667 msgid "in list mode, display privileges for user" msgstr "在列表模å¼ä¸­æ˜¾ç¤ºç”¨æˆ·çš„æƒé™" #: src/parse_args.c:669 msgid "run command (or edit file) as specified user name or ID" msgstr "以指定用户或 ID è¿è¡Œå‘½ä»¤(或编辑文件)" #: src/parse_args.c:671 msgid "display version information and exit" msgstr "显示版本信æ¯å¹¶é€€å‡º" #: src/parse_args.c:673 msgid "update user's timestamp without running a command" msgstr "æ›´æ–°ç”¨æˆ·çš„æ—¶é—´æˆ³è€Œä¸æ‰§è¡Œå‘½ä»¤" #: src/parse_args.c:675 msgid "stop processing command line arguments" msgstr "åœæ­¢å¤„ç†å‘½ä»¤è¡Œå‚æ•°" #: src/selinux.c:77 msgid "unable to open audit system" msgstr "无法打开审查系统" #: src/selinux.c:85 msgid "unable to send audit message" msgstr "无法å‘é€å®¡æŸ¥æ¶ˆæ¯" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "无法 fgetfilecon %s" #: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s 修改了标签" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "无法æ¢å¤ %s 的环境" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "无法打开 %s,将ä¸é‡æ–°æ ‡è®°ç»ˆç«¯" #: src/selinux.c:172 msgid "unable to get current tty context, not relabeling tty" msgstr "无法获å–当å‰ç»ˆç«¯çš„环境,将ä¸é‡æ–°æ ‡è®°ç»ˆç«¯" #: src/selinux.c:179 msgid "unable to get new tty context, not relabeling tty" msgstr "æ— æ³•èŽ·å–æ–°ç»ˆç«¯çš„环境,将ä¸é‡æ–°æ ‡è®°ç»ˆç«¯" #: src/selinux.c:186 msgid "unable to set new tty context" msgstr "无法设置新终端的环境" #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "您必须为 %s 类型指定一个角色" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "æ— æ³•èŽ·å– %s 角色的默认类型" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" msgstr "设置新角色 %s 失败" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" msgstr "设置新类型 %s 失败" #: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s 䏿˜¯æœ‰æ•ˆçš„环境" #: src/selinux.c:324 msgid "failed to get old_context" msgstr "æ— æ³•èŽ·å– old_context" #: src/selinux.c:330 msgid "unable to determine enforcing mode." msgstr "无法确定强制模å¼ã€‚" #: src/selinux.c:342 #, c-format msgid "unable to set tty context to %s" msgstr "无法将终端环境设置为 %s" #: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "æ— æ³•å‘ %s 设置 exec 环境" #: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "æ— æ³•å‘ %s 设置键创建环境" #: src/sesh.c:57 msgid "requires at least one argument" msgstr "è¦æ±‚è‡³å°‘æœ‰ä¸€ä¸ªå‚æ•°" #: src/sesh.c:78 src/sudo.c:1088 #, c-format msgid "unable to execute %s" msgstr "无法执行 %s" #: src/solaris.c:88 msgid "resource control limit has been reached" msgstr "è¾¾åˆ°äº†èµ„æºæŽ§åˆ¶é™åˆ¶" #: src/solaris.c:91 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "用户“%sâ€ä¸æ˜¯é¡¹ç›®â€œ%sâ€çš„æˆå‘˜" #: src/solaris.c:95 msgid "the invoking task is final" msgstr "调用的任务是最终的(final)" #: src/solaris.c:98 #, c-format msgid "could not join project \"%s\"" msgstr "无法加入项目“%sâ€" #: src/solaris.c:103 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "ä¸å­˜åœ¨å¯¹åº”于项目“%sâ€çš„ã€æŽ¥å—é»˜è®¤ç»‘å®šçš„èµ„æºæ± " #: src/solaris.c:107 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "指定的对应于项目“%sâ€çš„èµ„æºæ± ä¸å­˜åœ¨" #: src/solaris.c:111 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "无法为项目“%sâ€ç»‘å®šåˆ°é»˜è®¤çš„èµ„æºæ± " #: src/solaris.c:117 #, c-format msgid "setproject failed for project \"%s\"" msgstr "对项目“%sâ€æ‰§è¡Œ setproject 失败" #: src/solaris.c:119 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "警告,对项目“%sâ€çš„èµ„æºæŽ§åˆ¶åˆ†é…失败" #: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo 版本 %s\n" #: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "当å‰é€‰é¡¹ï¼š%s\n" #: src/sudo.c:203 msgid "fatal error, unable to load plugins" msgstr "致命错误,无法加载æ’ä»¶" #: src/sudo.c:211 msgid "unable to initialize policy plugin" msgstr "无法åˆå§‹åŒ–ç­–ç•¥æ’ä»¶" #: src/sudo.c:267 #, c-format msgid "error initializing I/O plugin %s" msgstr "åˆå§‹åŒ– I/O æ’ä»¶ %s 出错" #: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "异常的 sudo æ¨¡å¼ 0x%x" #: src/sudo.c:413 msgid "unable to get group vector" msgstr "无法获å–组å‘é‡" #: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "未知的用户 ID %u:您是?" #: src/sudo.c:762 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s 必须属于用户 ID %d(的用户)并且设置 setuid ä½" #: src/sudo.c:765 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "有效用户 ID 䏿˜¯ %d,%s ä½äºŽä¸€ä¸ªè®¾ç½®äº†â€œnosuidâ€é€‰é¡¹çš„æ–‡ä»¶ç³»ç»Ÿæˆ–没有 root æƒé™çš„ NFS 文件系统中å—?" #: src/sudo.c:771 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "有效用户 ID 䏿˜¯ %d,sudo 属于 root 并设置了 setuid ä½å—?" #: src/sudo.c:897 #, c-format msgid "unknown login class %s" msgstr "未知的登录类别 %s" #: src/sudo.c:910 msgid "unable to set user context" msgstr "无法设置用户环境" #: src/sudo.c:924 msgid "unable to set supplementary group IDs" msgstr "无法设置补充组 ID" #: src/sudo.c:931 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "无法设置有效组 ID æ¥ä»¥ç»„ ID %u è¿è¡Œ" #: src/sudo.c:937 #, c-format msgid "unable to set gid to runas gid %u" msgstr "无法设置组 ID æ¥ä»¥ç»„ ID %u è¿è¡Œ" #: src/sudo.c:944 msgid "unable to set process priority" msgstr "无法设置进程优先级" #: src/sudo.c:952 #, c-format msgid "unable to change root to %s" msgstr "无法从 root 切æ¢åˆ° %s" #: src/sudo.c:965 src/sudo.c:971 src/sudo.c:977 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "无法切æ¢åˆ°ä»¥ç”¨æˆ· ID(%u,%u)è¿è¡Œ" #: src/sudo.c:994 #, c-format msgid "unable to change directory to %s" msgstr "无法将目录切æ¢åˆ° %s" #: src/sudo.c:1051 #, c-format msgid "unexpected child termination condition: %d" msgstr "异常的å­è¿›ç¨‹ç»ˆæ­¢æ¡ä»¶ï¼š%d" #: src/sudo.c:1108 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "“check_policyâ€æ–¹æ³•中缺少策略æ’ä»¶ %s" #: src/sudo.c:1121 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "ç­–ç•¥æ’ä»¶ %s 䏿”¯æŒåˆ—出æƒé™" #: src/sudo.c:1133 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "ç­–ç•¥æ’ä»¶ %s䏿”¯æŒ -v 选项" #: src/sudo.c:1145 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "ç­–ç•¥æ’ä»¶ %s 䏿”¯æŒ -k/-K 选项" #: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "无法将用户 ID 切æ¢åˆ° root(%u)" #: src/sudo_edit.c:142 msgid "plugin error: missing file list for sudoedit" msgstr "æ’件错误:缺少 sudoedit 的文件列表" #: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%sï¼šä¸æ˜¯å¸¸è§„文件" #: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s:截短写入" #: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s 并未修改" #: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s 已更改" #: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "无法写入 %s" #: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "编辑会è¯çš„内容留在了 %s 中" #: src/sudo_edit.c:314 msgid "unable to read temporary file" msgstr "无法读å–临时文件" #: src/tgetpass.c:90 msgid "no tty present and no askpass program specified" msgstr "没有终端存在,且未指定 askpass 程åº" #: src/tgetpass.c:99 msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "没有指定 askpass 程åºï¼Œå°è¯•设置 SUDO_ASKPASS" #: src/tgetpass.c:232 #, c-format msgid "unable to set gid to %u" msgstr "无法将组 ID 设为 %u" #: src/tgetpass.c:236 #, c-format msgid "unable to set uid to %u" msgstr "无法将用户 ID 设为 %u" #: src/tgetpass.c:241 #, c-format msgid "unable to run %s" msgstr "无法执行 %s" #: src/utmp.c:278 msgid "unable to save stdin" msgstr "无法ä¿å­˜ stdin" #: src/utmp.c:280 msgid "unable to dup2 stdin" msgstr "无法 dup2 stdin" #: src/utmp.c:283 msgid "unable to restore stdin" msgstr "无法æ¢å¤ stdin" #~ msgid "value out of range" #~ msgstr "值超出范围" #~ msgid "select failed" #~ msgstr "select 失败" #~ msgid "unknown user: %s" #~ msgstr "未知用户:%s" #~ msgid "list user's available commands\n" #~ msgstr "列出用户能执行的命令\n" #~ msgid "run a shell as target user\n" #~ msgstr "以目标用户身份è¿è¡Œ shell\n" #~ msgid "when listing, list specified user's privileges\n" #~ msgstr "在列表时,列出指定用户的æƒé™\n" #~ msgid "unable to allocate memory" #~ msgstr "无法分é…内存" #~ msgid ": " #~ msgstr ":" #~ msgid "internal error, emalloc2() overflow" #~ msgstr "内部错误,emalloc2() 溢出" #~ msgid "internal error, erealloc3() overflow" #~ msgstr "内部错误,erealloc3() 错误" #~ msgid "%s: at least one policy plugin must be specified" #~ msgstr "%sï¼šè‡³å°‘è¦æŒ‡å®šä¸€ä¸ªç­–ç•¥æ’ä»¶" #~ msgid "must be setuid root" #~ msgstr "必须为 setuid root" #~ msgid "the argument to -D must be between 1 and 9 inclusive" #~ msgstr "-D é€‰é¡¹çš„å‚æ•°å¿…须介于 1 到 9(å« 1 å’Œ 9)" sudo-1.8.9p5/src/preload.c010064400175440000012000000041301226304126500147240ustar00millertstaff/* * Copyright (c) 2010, 2011, 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #ifdef HAVE_GSS_KRB5_CCACHE_NAME # if defined(HAVE_GSSAPI_GSSAPI_KRB5_H) # include # include # elif defined(HAVE_GSSAPI_GSSAPI_H) # include # else # include # endif #endif #include "sudo_plugin.h" #include "sudo_dso.h" #ifdef STATIC_SUDOERS_PLUGIN extern struct policy_plugin sudoers_policy; extern struct io_plugin sudoers_io; static struct sudo_preload_symbol sudo_rtld_default_symbols[] = { # ifdef HAVE_GSS_KRB5_CCACHE_NAME { "gss_krb5_ccache_name", (void *)&gss_krb5_ccache_name}, # endif { (const char *)0, (void *)0 } }; /* XXX - can we autogenerate these? */ static struct sudo_preload_symbol sudo_sudoers_plugin_symbols[] = { { "sudoers_policy", (void *)&sudoers_policy}, { "sudoers_io", (void *)&sudoers_io}, { (const char *)0, (void *)0 } }; /* * Statically compiled symbols indexed by handle. */ static struct sudo_preload_table sudo_preload_table[] = { { (char *)0, SUDO_DSO_DEFAULT, sudo_rtld_default_symbols }, { "sudoers.so", &sudo_sudoers_plugin_symbols, sudo_sudoers_plugin_symbols }, { (char *)0, (void *)0, (struct sudo_preload_symbol *)0 } }; void preload_static_symbols(void) { sudo_dso_preload_table(sudo_preload_table); } #endif /* STATIC_SUDOERS_PLUGIN */ sudo-1.8.9p5/src/regress/ttyname/check_ttyname.c010064400175440000012000000044601226304126500212550ustar00millertstaff/* * Copyright (c) 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #include #include #include "missing.h" #include "alloc.h" #include "fatal.h" #include "sudo_util.h" __dso_public int main(int argc, char *argv[]); extern char *get_process_ttyname(void); int main(int argc, char *argv[]) { char *tty_libc, *tty_sudo; int rval = 0; initprogname(argc > 0 ? argv[0] : "check_ttyname"); /* Lookup tty name via libc. */ if ((tty_libc = ttyname(STDIN_FILENO)) == NULL && (tty_libc = ttyname(STDOUT_FILENO)) == NULL && (tty_libc = ttyname(STDERR_FILENO)) == NULL) tty_libc = "none"; tty_libc = estrdup(tty_libc); /* Lookup tty name via sudo (using kernel info if possible). */ if ((tty_sudo = get_process_ttyname()) == NULL) tty_sudo = estrdup("none"); if (strcmp(tty_libc, "none") == 0) { printf("%s: SKIP (%s)\n", getprogname(), tty_sudo); } else if (strcmp(tty_libc, tty_sudo) == 0) { printf("%s: OK (%s)\n", getprogname(), tty_sudo); } else { printf("%s: FAIL %s (sudo) vs. %s (libc)\n", getprogname(), tty_sudo, tty_libc); rval = 1; } efree(tty_libc); efree(tty_sudo); exit(rval); } sudo-1.8.9p5/src/selinux.c010064400175440000012000000264261226304126500150010ustar00millertstaff/* * Copyright (c) 2009-2013 Todd C. Miller * Copyright (c) 2008 Dan Walsh * * Borrowed heavily from newrole source code * Authors: * Anthony Colatrella * Tim Fraser * Steve Grubb * Darrel Goeddel * Michael Thompson * Dan Walsh * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #include #include #include #include #include #include /* for SECCLASS_CHR_FILE */ #include /* for is_selinux_enabled() */ #include /* for context-mangling functions */ #include #include #ifdef HAVE_LINUX_AUDIT # include #endif #include "sudo.h" #include "sudo_exec.h" static struct selinux_state { security_context_t old_context; security_context_t new_context; security_context_t tty_context; security_context_t new_tty_context; const char *ttyn; int ttyfd; int enforcing; } se_state; #ifdef HAVE_LINUX_AUDIT static int audit_role_change(const security_context_t old_context, const security_context_t new_context, const char *ttyn) { int au_fd, rc = -1; char *message; debug_decl(audit_role_change, SUDO_DEBUG_SELINUX) au_fd = audit_open(); if (au_fd == -1) { /* Kernel may not have audit support. */ if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT ) fatal(U_("unable to open audit system")); } else { /* audit role change using the same format as newrole(1) */ easprintf(&message, "newrole: old-context=%s new-context=%s", old_context, new_context); rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE, message, NULL, NULL, ttyn, 1); if (rc <= 0) warning(U_("unable to send audit message")); efree(message); close(au_fd); } debug_return_int(rc); } #endif /* * This function attempts to revert the relabeling done to the tty. * fd - referencing the opened ttyn * ttyn - name of tty to restore * * Returns zero on success, non-zero otherwise */ int selinux_restore_tty(void) { int retval = 0; security_context_t chk_tty_context = NULL; debug_decl(selinux_restore_tty, SUDO_DEBUG_SELINUX) if (se_state.ttyfd == -1 || se_state.new_tty_context == NULL) goto skip_relabel; /* Verify that the tty still has the context set by sudo. */ if ((retval = fgetfilecon(se_state.ttyfd, &chk_tty_context)) < 0) { warning(U_("unable to fgetfilecon %s"), se_state.ttyn); goto skip_relabel; } if ((retval = strcmp(chk_tty_context, se_state.new_tty_context))) { warningx(U_("%s changed labels"), se_state.ttyn); goto skip_relabel; } if ((retval = fsetfilecon(se_state.ttyfd, se_state.tty_context)) < 0) warning(U_("unable to restore context for %s"), se_state.ttyn); skip_relabel: if (se_state.ttyfd != -1) { close(se_state.ttyfd); se_state.ttyfd = -1; } if (chk_tty_context != NULL) { freecon(chk_tty_context); chk_tty_context = NULL; } debug_return_int(retval); } /* * This function attempts to relabel the tty. If this function fails, then * the contexts are free'd and -1 is returned. On success, 0 is returned * and tty_context and new_tty_context are set. * * This function will not fail if it can not relabel the tty when selinux is * in permissive mode. */ static int relabel_tty(const char *ttyn, int ptyfd) { security_context_t tty_con = NULL; security_context_t new_tty_con = NULL; int fd; debug_decl(relabel_tty, SUDO_DEBUG_SELINUX) se_state.ttyfd = ptyfd; /* It is perfectly legal to have no tty. */ if (ptyfd == -1 && ttyn == NULL) debug_return_int(0); /* If sudo is not allocating a pty for the command, open current tty. */ if (ptyfd == -1) { se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK); if (se_state.ttyfd == -1) { warning(U_("unable to open %s, not relabeling tty"), ttyn); if (se_state.enforcing) goto bad; } (void)fcntl(se_state.ttyfd, F_SETFL, fcntl(se_state.ttyfd, F_GETFL, 0) & ~O_NONBLOCK); } if (fgetfilecon(se_state.ttyfd, &tty_con) < 0) { warning(U_("unable to get current tty context, not relabeling tty")); if (se_state.enforcing) goto bad; } if (tty_con && (security_compute_relabel(se_state.new_context, tty_con, SECCLASS_CHR_FILE, &new_tty_con) < 0)) { warning(U_("unable to get new tty context, not relabeling tty")); if (se_state.enforcing) goto bad; } if (new_tty_con != NULL) { if (fsetfilecon(se_state.ttyfd, new_tty_con) < 0) { warning(U_("unable to set new tty context")); if (se_state.enforcing) goto bad; } } if (ptyfd != -1) { /* Reopen pty that was relabeled, std{in,out,err} are reset later. */ se_state.ttyfd = open(ttyn, O_RDWR|O_NOCTTY, 0); if (se_state.ttyfd == -1) { warning(U_("unable to open %s"), ttyn); if (se_state.enforcing) goto bad; } if (dup2(se_state.ttyfd, ptyfd) == -1) { warning("dup2"); goto bad; } } else { /* Re-open tty to get new label and reset std{in,out,err} */ close(se_state.ttyfd); se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK); if (se_state.ttyfd == -1) { warning(U_("unable to open %s"), ttyn); goto bad; } (void)fcntl(se_state.ttyfd, F_SETFL, fcntl(se_state.ttyfd, F_GETFL, 0) & ~O_NONBLOCK); for (fd = STDIN_FILENO; fd <= STDERR_FILENO; fd++) { if (isatty(fd) && dup2(se_state.ttyfd, fd) == -1) { warning("dup2"); goto bad; } } } /* Retain se_state.ttyfd so we can restore label when command finishes. */ (void)fcntl(se_state.ttyfd, F_SETFD, FD_CLOEXEC); se_state.ttyn = ttyn; se_state.tty_context = tty_con; se_state.new_tty_context = new_tty_con; debug_return_int(0); bad: if (se_state.ttyfd != -1 && se_state.ttyfd != ptyfd) { close(se_state.ttyfd); se_state.ttyfd = -1; } freecon(tty_con); debug_return_int(-1); } /* * Returns a new security context based on the old context and the * specified role and type. */ security_context_t get_exec_context(security_context_t old_context, const char *role, const char *type) { security_context_t new_context = NULL; context_t context = NULL; char *typebuf = NULL; debug_decl(get_exec_context, SUDO_DEBUG_SELINUX) /* We must have a role, the type is optional (we can use the default). */ if (!role) { warningx(U_("you must specify a role for type %s"), type); errno = EINVAL; goto bad; } if (!type) { if (get_default_type(role, &typebuf)) { warningx(U_("unable to get default type for role %s"), role); errno = EINVAL; goto bad; } type = typebuf; } /* * Expand old_context into a context_t so that we extract and modify * its components easily. */ context = context_new(old_context); /* * Replace the role and type in "context" with the role and * type we will be running the command as. */ if (context_role_set(context, role)) { warning(U_("failed to set new role %s"), role); goto bad; } if (context_type_set(context, type)) { warning(U_("failed to set new type %s"), type); goto bad; } /* * Convert "context" back into a string and verify it. */ new_context = estrdup(context_str(context)); if (security_check_context(new_context) < 0) { warningx(U_("%s is not a valid context"), new_context); errno = EINVAL; goto bad; } #ifdef DEBUG warningx("Your new context is %s", new_context); #endif context_free(context); debug_return_ptr(new_context); bad: efree(typebuf); context_free(context); freecon(new_context); debug_return_ptr(NULL); } /* * Set the exec and tty contexts in preparation for fork/exec. * Must run as root, before the uid change. * If ptyfd is not -1, it indicates we are running * in a pty and do not need to reset std{in,out,err}. * Returns 0 on success and -1 on failure. */ int selinux_setup(const char *role, const char *type, const char *ttyn, int ptyfd) { int rval = -1; debug_decl(selinux_setup, SUDO_DEBUG_SELINUX) /* Store the caller's SID in old_context. */ if (getprevcon(&se_state.old_context)) { warning(U_("failed to get old_context")); goto done; } se_state.enforcing = security_getenforce(); if (se_state.enforcing < 0) { warning(U_("unable to determine enforcing mode.")); goto done; } #ifdef DEBUG warningx("your old context was %s", se_state.old_context); #endif se_state.new_context = get_exec_context(se_state.old_context, role, type); if (!se_state.new_context) goto done; if (relabel_tty(ttyn, ptyfd) < 0) { warning(U_("unable to set tty context to %s"), se_state.new_context); goto done; } #ifdef DEBUG if (se_state.ttyfd != -1) { warningx("your old tty context is %s", se_state.tty_context); warningx("your new tty context is %s", se_state.new_tty_context); } #endif #ifdef HAVE_LINUX_AUDIT audit_role_change(se_state.old_context, se_state.new_context, se_state.ttyn); #endif rval = 0; done: debug_return_int(rval); } void selinux_execve(const char *path, char *const argv[], char *const envp[], int noexec) { char **nargv; const char *sesh; int argc, serrno; debug_decl(selinux_execve, SUDO_DEBUG_SELINUX) sesh = sudo_conf_sesh_path(); if (sesh == NULL) { warningx("internal error: sesh path not set"); errno = EINVAL; debug_return; } if (setexeccon(se_state.new_context)) { warning(U_("unable to set exec context to %s"), se_state.new_context); if (se_state.enforcing) debug_return; } #ifdef HAVE_SETKEYCREATECON if (setkeycreatecon(se_state.new_context)) { warning(U_("unable to set key creation context to %s"), se_state.new_context); if (se_state.enforcing) debug_return; } #endif /* HAVE_SETKEYCREATECON */ /* * Build new argv with sesh as argv[0]. * If argv[0] ends in -noexec, sesh will disable execute * for the command it runs. */ for (argc = 0; argv[argc] != NULL; argc++) continue; nargv = emalloc2(argc + 2, sizeof(char *)); if (noexec) nargv[0] = *argv[0] == '-' ? "-sesh-noexec" : "sesh-noexec"; else nargv[0] = *argv[0] == '-' ? "-sesh" : "sesh"; nargv[1] = (char *)path; memcpy(&nargv[2], &argv[1], argc * sizeof(char *)); /* copies NULL */ /* sesh will handle noexec for us. */ sudo_execve(sesh, nargv, envp, 0); serrno = errno; free(nargv); errno = serrno; debug_return; } sudo-1.8.9p5/src/sesh.c010064400175440000012000000046631226304126500142530ustar00millertstaff/* * Copyright (c) 2008, 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #include #include #include #include #include #include #include #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif /* HAVE_STDBOOL_H */ #include "missing.h" #include "alloc.h" #include "fatal.h" #include "gettext.h" #include "sudo_conf.h" #include "sudo_debug.h" #include "sudo_exec.h" #include "sudo_plugin.h" __dso_public int main(int argc, char *argv[], char *envp[]); int main(int argc, char *argv[], char *envp[]) { char *cp, *cmnd; int noexec = 0; debug_decl(main, SUDO_DEBUG_MAIN) setlocale(LC_ALL, ""); bindtextdomain(PACKAGE_NAME, LOCALEDIR); textdomain(PACKAGE_NAME); if (argc < 2) fatalx(U_("requires at least one argument")); /* Read sudo.conf. */ sudo_conf_read(NULL); /* If argv[0] ends in -noexec, pass the flag to sudo_execve() */ if ((cp = strrchr(argv[0], '-')) != NULL && cp != argv[0]) noexec = strcmp(cp, "-noexec") == 0; /* Shift argv and make a copy of the command to execute. */ argv++; argc--; cmnd = estrdup(argv[0]); /* If invoked as a login shell, modify argv[0] accordingly. */ if (argv[-1][0] == '-') { if ((cp = strrchr(argv[0], '/')) == NULL) cp = argv[0]; *cp = '-'; } sudo_execve(cmnd, argv, envp, noexec); warning(U_("unable to execute %s"), argv[0]); sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, EXIT_FAILURE); _exit(EXIT_FAILURE); } sudo-1.8.9p5/src/signal.c010064400175440000012000000106461226304126500145640ustar00millertstaff/* * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include "sudo.h" int signal_pipe[2]; static struct signal_state { int signo; int restore; sigaction_t sa; } saved_signals[] = { { SIGALRM }, /* SAVED_SIGALRM */ { SIGCHLD }, /* SAVED_SIGCHLD */ { SIGCONT }, /* SAVED_SIGCONT */ { SIGHUP }, /* SAVED_SIGHUP */ { SIGINT }, /* SAVED_SIGINT */ { SIGPIPE }, /* SAVED_SIGPIPE */ { SIGQUIT }, /* SAVED_SIGQUIT */ { SIGTERM }, /* SAVED_SIGTERM */ { SIGTSTP }, /* SAVED_SIGTSTP */ { SIGTTIN }, /* SAVED_SIGTTIN */ { SIGTTOU }, /* SAVED_SIGTTOU */ { SIGUSR1 }, /* SAVED_SIGUSR1 */ { SIGUSR2 }, /* SAVED_SIGUSR2 */ { -1 } }; /* * Save signal handler state so it can be restored before exec. */ void save_signals(void) { struct signal_state *ss; debug_decl(save_signals, SUDO_DEBUG_MAIN) for (ss = saved_signals; ss->signo != -1; ss++) sigaction(ss->signo, NULL, &ss->sa); debug_return; } /* * Restore signal handlers to initial state for exec. */ void restore_signals(void) { struct signal_state *ss; debug_decl(restore_signals, SUDO_DEBUG_MAIN) for (ss = saved_signals; ss->signo != -1; ss++) { if (ss->restore) sigaction(ss->signo, &ss->sa, NULL); } debug_return; } static void sudo_handler(int signo) { /* * The pipe is non-blocking, if we overflow the kernel's pipe * buffer we drop the signal. This is not a problem in practice. */ ignore_result(write(signal_pipe[1], &signo, sizeof(signo))); } /* * Trap tty-generated (and other) signals so we can't be killed before * calling the policy close function. The signal pipe will be drained * in sudo_execute() before running the command and new handlers will * be installed in the parent. */ void init_signals(void) { struct sigaction sa; struct signal_state *ss; debug_decl(init_signals, SUDO_DEBUG_MAIN) /* * We use a pipe to atomically handle signal notification within * the select() loop without races (we may not have pselect()). */ if (pipe_nonblock(signal_pipe) != 0) fatal(U_("unable to create pipe")); memset(&sa, 0, sizeof(sa)); sigfillset(&sa.sa_mask); sa.sa_flags = SA_RESTART; sa.sa_handler = sudo_handler; for (ss = saved_signals; ss->signo > 0; ss++) { switch (ss->signo) { case SIGCHLD: case SIGCONT: case SIGPIPE: case SIGTTIN: case SIGTTOU: /* Don't install these until exec time. */ break; default: if (ss->sa.sa_handler != SIG_IGN) sigaction(ss->signo, &sa, NULL); break; } } debug_return; } /* * Like sigaction() but sets restore flag in saved_signals[] * if needed. */ int sudo_sigaction(int signo, struct sigaction *sa, struct sigaction *osa) { struct signal_state *ss; int rval; debug_decl(sudo_sigaction, SUDO_DEBUG_MAIN) for (ss = saved_signals; ss->signo > 0; ss++) { if (ss->signo == signo) { /* If signal was or now is ignored, restore old handler on exec. */ if (ss->sa.sa_handler == SIG_IGN || sa->sa_handler == SIG_IGN) { sudo_debug_printf(SUDO_DEBUG_INFO, "will restore signal %d on exec", signo); ss->restore = true; } break; } } rval = sigaction(signo, sa, osa); debug_return_int(rval); } sudo-1.8.9p5/src/solaris.c010064400175440000012000000067311226304126500147630ustar00millertstaff/* * Copyright (c) 2009-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef HAVE_PROJECT_H # include # include #endif #include #include #include #include "sudo.h" int os_init(int argc, char *argv[], char *envp[]) { /* * Solaris 11 is unable to load the per-locale shared objects * without this. We must keep the handle open for it to work. * This bug was fixed in Solaris 11 Update 1. */ void *handle = dlopen("/usr/lib/locale/common/methods_unicode.so.3", RTLD_LAZY|RTLD_GLOBAL); (void)&handle; return os_init_common(argc, argv, envp); } #ifdef HAVE_PROJECT_H void set_project(struct passwd *pw) { struct project proj; char buf[PROJECT_BUFSZ]; int errval; debug_decl(set_project, SUDO_DEBUG_UTIL) /* * Collect the default project for the user and settaskid */ setprojent(); if (getdefaultproj(pw->pw_name, &proj, buf, sizeof(buf)) != NULL) { errval = setproject(proj.pj_name, pw->pw_name, TASK_NORMAL); switch(errval) { case 0: break; case SETPROJ_ERR_TASK: switch (errno) { case EAGAIN: warningx(U_("resource control limit has been reached")); break; case ESRCH: warningx(U_("user \"%s\" is not a member of project \"%s\""), pw->pw_name, proj.pj_name); break; case EACCES: warningx(U_("the invoking task is final")); break; default: warningx(U_("could not join project \"%s\""), proj.pj_name); } case SETPROJ_ERR_POOL: switch (errno) { case EACCES: warningx(U_("no resource pool accepting default bindings " "exists for project \"%s\""), proj.pj_name); break; case ESRCH: warningx(U_("specified resource pool does not exist for " "project \"%s\""), proj.pj_name); break; default: warningx(U_("could not bind to default resource pool for " "project \"%s\""), proj.pj_name); } break; default: if (errval <= 0) { warningx(U_("setproject failed for project \"%s\""), proj.pj_name); } else { warningx(U_("warning, resource control assignment failed for " "project \"%s\""), proj.pj_name); } } } else { warning("getdefaultproj"); } endprojent(); debug_return; } #endif /* HAVE_PROJECT_H */ sudo-1.8.9p5/src/sudo.c010064400175440000012000001106061226304127700142610ustar00millertstaff/* * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifdef __TANDEM # include #endif #include #include #include #include #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include #include #include #include #ifdef TIME_WITH_SYS_TIME # include #endif #ifdef HAVE_LOGIN_CAP_H # include # ifndef LOGIN_SETENV # define LOGIN_SETENV 0 # endif #endif #ifdef HAVE_PROJECT_H # include # include #endif #ifdef HAVE_SELINUX # include #endif #ifdef HAVE_SETAUTHDB # include #endif /* HAVE_SETAUTHDB */ #if defined(HAVE_GETPRPWNAM) && defined(HAVE_SET_AUTH_PARAMETERS) # ifdef __hpux # undef MAXINT # include # else # include # endif /* __hpux */ # include #endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */ #include #include "sudo.h" #include "sudo_plugin.h" #include "sudo_plugin_int.h" /* * Local variables */ struct plugin_container policy_plugin; struct plugin_container_list io_plugins = TAILQ_HEAD_INITIALIZER(io_plugins); struct user_details user_details; const char *list_user; /* extern for parse_args.c */ static struct command_details command_details; static int sudo_mode; /* * Local functions */ static void fix_fds(void); static void disable_coredumps(void); static void sudo_check_suid(const char *path); static char **get_user_info(struct user_details *); static void command_info_to_details(char * const info[], struct command_details *details); /* Policy plugin convenience functions. */ static int policy_open(struct plugin_container *plugin, char * const settings[], char * const user_info[], char * const user_env[]); static void policy_close(struct plugin_container *plugin, int exit_status, int error); static int policy_show_version(struct plugin_container *plugin, int verbose); static int policy_check(struct plugin_container *plugin, int argc, char * const argv[], char *env_add[], char **command_info[], char **argv_out[], char **user_env_out[]); static int policy_list(struct plugin_container *plugin, int argc, char * const argv[], int verbose, const char *list_user); static int policy_validate(struct plugin_container *plugin); static void policy_invalidate(struct plugin_container *plugin, int remove); /* I/O log plugin convenience functions. */ static int iolog_open(struct plugin_container *plugin, char * const settings[], char * const user_info[], char * const command_details[], int argc, char * const argv[], char * const user_env[]); static void iolog_close(struct plugin_container *plugin, int exit_status, int error); static int iolog_show_version(struct plugin_container *plugin, int verbose); static void iolog_unlink(struct plugin_container *plugin); #ifdef RLIMIT_CORE static struct rlimit corelimit; #endif #ifdef __linux__ static struct rlimit nproclimit; #endif __dso_public int main(int argc, char *argv[], char *envp[]); int main(int argc, char *argv[], char *envp[]) { int nargc, ok, exitcode = 0; char **nargv, **settings, **env_add; char **user_info, **command_info, **argv_out, **user_env_out; struct plugin_container *plugin, *next; sigset_t mask; debug_decl(main, SUDO_DEBUG_MAIN) os_init(argc, argv, envp); setlocale(LC_ALL, ""); bindtextdomain(PACKAGE_NAME, LOCALEDIR); textdomain(PACKAGE_NAME); #ifdef HAVE_TZSET (void) tzset(); #endif /* HAVE_TZSET */ /* Must be done before we do any password lookups */ #if defined(HAVE_GETPRPWNAM) && defined(HAVE_SET_AUTH_PARAMETERS) (void) set_auth_parameters(argc, argv); # ifdef HAVE_INITPRIVS initprivs(); # endif #endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */ /* Make sure we are setuid root. */ sudo_check_suid(argv[0]); /* Reset signal mask, save signal state and make sure fds 0-2 are open. */ (void) sigemptyset(&mask); (void) sigprocmask(SIG_SETMASK, &mask, NULL); save_signals(); fix_fds(); /* Read sudo.conf. */ sudo_conf_read(NULL); /* Fill in user_info with user name, uid, cwd, etc. */ memset(&user_details, 0, sizeof(user_details)); user_info = get_user_info(&user_details); /* Disable core dumps if not enabled in sudo.conf. */ disable_coredumps(); /* Parse command line arguments. */ sudo_mode = parse_args(argc, argv, &nargc, &nargv, &settings, &env_add); sudo_debug_printf(SUDO_DEBUG_DEBUG, "sudo_mode %d", sudo_mode); /* Print sudo version early, in case of plugin init failure. */ if (ISSET(sudo_mode, MODE_VERSION)) { printf(_("Sudo version %s\n"), PACKAGE_VERSION); if (user_details.uid == ROOT_UID) (void) printf(_("Configure options: %s\n"), CONFIGURE_ARGS); } /* Load plugins. */ if (!sudo_load_plugins(&policy_plugin, &io_plugins)) fatalx(U_("fatal error, unable to load plugins")); /* Open policy plugin. */ ok = policy_open(&policy_plugin, settings, user_info, envp); if (ok != 1) { if (ok == -2) usage(1); else fatalx(U_("unable to initialize policy plugin")); } init_signals(); switch (sudo_mode & MODE_MASK) { case MODE_VERSION: policy_show_version(&policy_plugin, !user_details.uid); TAILQ_FOREACH(plugin, &io_plugins, entries) { ok = iolog_open(plugin, settings, user_info, NULL, nargc, nargv, envp); if (ok != -1) iolog_show_version(plugin, !user_details.uid); } break; case MODE_VALIDATE: case MODE_VALIDATE|MODE_INVALIDATE: ok = policy_validate(&policy_plugin); exit(ok != 1); case MODE_KILL: case MODE_INVALIDATE: policy_invalidate(&policy_plugin, sudo_mode == MODE_KILL); exit(0); break; case MODE_CHECK: case MODE_CHECK|MODE_INVALIDATE: case MODE_LIST: case MODE_LIST|MODE_INVALIDATE: ok = policy_list(&policy_plugin, nargc, nargv, ISSET(sudo_mode, MODE_LONG_LIST), list_user); exit(ok != 1); case MODE_EDIT: case MODE_RUN: ok = policy_check(&policy_plugin, nargc, nargv, env_add, &command_info, &argv_out, &user_env_out); sudo_debug_printf(SUDO_DEBUG_INFO, "policy plugin returns %d", ok); if (ok != 1) { if (ok == -2) usage(1); exit(1); /* plugin printed error message */ } /* Open I/O plugins once policy plugin succeeds. */ TAILQ_FOREACH_SAFE(plugin, &io_plugins, entries, next) { ok = iolog_open(plugin, settings, user_info, command_info, nargc, nargv, envp); switch (ok) { case 1: break; case 0: /* I/O plugin asked to be disabled, remove and free. */ iolog_unlink(plugin); break; case -2: usage(1); break; default: fatalx(U_("error initializing I/O plugin %s"), plugin->name); } } /* Setup command details and run command/edit. */ command_info_to_details(command_info, &command_details); command_details.argv = argv_out; command_details.envp = user_env_out; if (ISSET(sudo_mode, MODE_BACKGROUND)) SET(command_details.flags, CD_BACKGROUND); /* Become full root (not just setuid) so user cannot kill us. */ if (setuid(ROOT_UID) == -1) warning("setuid(%d)", ROOT_UID); /* Restore coredumpsize resource limit before running. */ #ifdef RLIMIT_CORE if (sudo_conf_disable_coredump()) (void) setrlimit(RLIMIT_CORE, &corelimit); #endif /* RLIMIT_CORE */ if (ISSET(command_details.flags, CD_SUDOEDIT)) { exitcode = sudo_edit(&command_details); } else { exitcode = run_command(&command_details); } /* The close method was called by sudo_edit/run_command. */ break; default: fatalx(U_("unexpected sudo mode 0x%x"), sudo_mode); } sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, exitcode); exit(exitcode); } int os_init_common(int argc, char *argv[], char *envp[]) { initprogname(argc > 0 ? argv[0] : "sudo"); #ifdef STATIC_SUDOERS_PLUGIN preload_static_symbols(); #endif return 0; } /* * Ensure that stdin, stdout and stderr are open; set to /dev/null if not. * Some operating systems do this automatically in the kernel or libc. */ static void fix_fds(void) { int miss[3], devnull = -1; debug_decl(fix_fds, SUDO_DEBUG_UTIL) /* * stdin, stdout and stderr must be open; set them to /dev/null * if they are closed. */ miss[STDIN_FILENO] = fcntl(STDIN_FILENO, F_GETFL, 0) == -1; miss[STDOUT_FILENO] = fcntl(STDOUT_FILENO, F_GETFL, 0) == -1; miss[STDERR_FILENO] = fcntl(STDERR_FILENO, F_GETFL, 0) == -1; if (miss[STDIN_FILENO] || miss[STDOUT_FILENO] || miss[STDERR_FILENO]) { if ((devnull = open(_PATH_DEVNULL, O_RDWR, 0644)) == -1) fatal(U_("unable to open %s"), _PATH_DEVNULL); if (miss[STDIN_FILENO] && dup2(devnull, STDIN_FILENO) == -1) fatal("dup2"); if (miss[STDOUT_FILENO] && dup2(devnull, STDOUT_FILENO) == -1) fatal("dup2"); if (miss[STDERR_FILENO] && dup2(devnull, STDERR_FILENO) == -1) fatal("dup2"); if (devnull > STDERR_FILENO) close(devnull); } debug_return; } /* * Allocate space for groups and fill in using getgrouplist() * for when we cannot (or don't want to) use getgroups(). */ static int fill_group_list(struct user_details *ud, int system_maxgroups) { int tries, rval = -1; debug_decl(fill_group_list, SUDO_DEBUG_UTIL) /* * If user specified a max number of groups, use it, otherwise keep * trying getgrouplist() until we have enough room in the array. */ ud->ngroups = sudo_conf_max_groups(); if (ud->ngroups > 0) { ud->groups = emalloc2(ud->ngroups, sizeof(GETGROUPS_T)); /* No error on insufficient space if user specified max_groups. */ (void)getgrouplist(ud->username, ud->gid, ud->groups, &ud->ngroups); rval = 0; } else { /* * It is possible to belong to more groups in the group database * than NGROUPS_MAX. We start off with NGROUPS_MAX * 4 entries * and double this as needed. */ ud->groups = NULL; ud->ngroups = system_maxgroups << 1; for (tries = 0; tries < 10 && rval == -1; tries++) { ud->ngroups <<= 1; efree(ud->groups); ud->groups = emalloc2(ud->ngroups, sizeof(GETGROUPS_T)); rval = getgrouplist(ud->username, ud->gid, ud->groups, &ud->ngroups); } } debug_return_int(rval); } static char * get_user_groups(struct user_details *ud) { char *cp, *gid_list = NULL; size_t glsize; int i, len, maxgroups, group_source; debug_decl(get_user_groups, SUDO_DEBUG_UTIL) #if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX) maxgroups = (int)sysconf(_SC_NGROUPS_MAX); if (maxgroups < 0) #endif maxgroups = NGROUPS_MAX; ud->groups = NULL; group_source = sudo_conf_group_source(); if (group_source != GROUP_SOURCE_DYNAMIC) { if ((ud->ngroups = getgroups(0, NULL)) > 0) { /* Use groups from kernel if not too many or source is static. */ if (ud->ngroups < maxgroups || group_source == GROUP_SOURCE_STATIC) { ud->groups = emalloc2(ud->ngroups, sizeof(GETGROUPS_T)); if (getgroups(ud->ngroups, ud->groups) < 0) { efree(ud->groups); ud->groups = NULL; } } } } if (ud->groups == NULL) { /* * Query group database if kernel list is too small or disabled. * Typically, this is because NFS can only support up to 16 groups. */ if (fill_group_list(ud, maxgroups) == -1) fatal(U_("unable to get group vector")); } /* * Format group list as a comma-separated string of gids. */ glsize = sizeof("groups=") - 1 + (ud->ngroups * (MAX_UID_T_LEN + 1)); gid_list = emalloc(glsize); memcpy(gid_list, "groups=", sizeof("groups=") - 1); cp = gid_list + sizeof("groups=") - 1; for (i = 0; i < ud->ngroups; i++) { /* XXX - check rval */ len = snprintf(cp, glsize - (cp - gid_list), "%s%u", i ? "," : "", (unsigned int)ud->groups[i]); cp += len; } debug_return_str(gid_list); } /* * Return user information as an array of name=value pairs. * and fill in struct user_details (which shares the same strings). */ static char ** get_user_info(struct user_details *ud) { char *cp, **user_info, cwd[PATH_MAX], host[HOST_NAME_MAX + 1]; struct passwd *pw; int fd, i = 0; debug_decl(get_user_info, SUDO_DEBUG_UTIL) /* XXX - bound check number of entries */ user_info = emalloc2(32, sizeof(char *)); ud->pid = getpid(); ud->ppid = getppid(); ud->pgid = getpgid(0); ud->tcpgid = (pid_t)-1; fd = open(_PATH_TTY, O_RDWR|O_NOCTTY|O_NONBLOCK, 0); if (fd != -1) { ud->tcpgid = tcgetpgrp(fd); close(fd); } ud->sid = getsid(0); ud->uid = getuid(); ud->euid = geteuid(); ud->gid = getgid(); ud->egid = getegid(); pw = getpwuid(ud->uid); if (pw == NULL) fatalx(U_("unknown uid %u: who are you?"), (unsigned int)ud->uid); user_info[i] = fmt_string("user", pw->pw_name); if (user_info[i] == NULL) fatal(NULL); ud->username = user_info[i] + sizeof("user=") - 1; /* Stash user's shell for use with the -s flag; don't pass to plugin. */ if ((ud->shell = getenv("SHELL")) == NULL || ud->shell[0] == '\0') { ud->shell = pw->pw_shell[0] ? pw->pw_shell : _PATH_BSHELL; } ud->shell = estrdup(ud->shell); easprintf(&user_info[++i], "pid=%d", (int)ud->pid); easprintf(&user_info[++i], "ppid=%d", (int)ud->ppid); easprintf(&user_info[++i], "pgid=%d", (int)ud->pgid); easprintf(&user_info[++i], "tcpgid=%d", (int)ud->tcpgid); easprintf(&user_info[++i], "sid=%d", (int)ud->sid); easprintf(&user_info[++i], "uid=%u", (unsigned int)ud->uid); easprintf(&user_info[++i], "euid=%u", (unsigned int)ud->euid); easprintf(&user_info[++i], "gid=%u", (unsigned int)ud->gid); easprintf(&user_info[++i], "egid=%u", (unsigned int)ud->egid); if ((cp = get_user_groups(ud)) != NULL) user_info[++i] = cp; if (getcwd(cwd, sizeof(cwd)) != NULL) { user_info[++i] = fmt_string("cwd", cwd); if (user_info[i] == NULL) fatal(NULL); ud->cwd = user_info[i] + sizeof("cwd=") - 1; } if ((cp = get_process_ttyname()) != NULL) { user_info[++i] = fmt_string("tty", cp); if (user_info[i] == NULL) fatal(NULL); ud->tty = user_info[i] + sizeof("tty=") - 1; efree(cp); } if (gethostname(host, sizeof(host)) == 0) host[sizeof(host) - 1] = '\0'; else strlcpy(host, "localhost", sizeof(host)); user_info[++i] = fmt_string("host", host); if (user_info[i] == NULL) fatal(NULL); ud->host = user_info[i] + sizeof("host=") - 1; get_ttysize(&ud->ts_lines, &ud->ts_cols); easprintf(&user_info[++i], "lines=%d", ud->ts_lines); easprintf(&user_info[++i], "cols=%d", ud->ts_cols); user_info[++i] = NULL; debug_return_ptr(user_info); } /* * Convert a command_info array into a command_details structure. */ static void command_info_to_details(char * const info[], struct command_details *details) { int i; id_t id; char *cp; const char *errstr; debug_decl(command_info_to_details, SUDO_DEBUG_PCOMM) memset(details, 0, sizeof(*details)); details->closefrom = -1; TAILQ_INIT(&details->preserved_fds); #define SET_STRING(s, n) \ if (strncmp(s, info[i], sizeof(s) - 1) == 0 && info[i][sizeof(s) - 1]) { \ details->n = info[i] + sizeof(s) - 1; \ break; \ } sudo_debug_printf(SUDO_DEBUG_INFO, "command info from plugin:"); for (i = 0; info[i] != NULL; i++) { sudo_debug_printf(SUDO_DEBUG_INFO, " %d: %s", i, info[i]); switch (info[i][0]) { case 'c': SET_STRING("chroot=", chroot) SET_STRING("command=", command) SET_STRING("cwd=", cwd) if (strncmp("closefrom=", info[i], sizeof("closefrom=") - 1) == 0) { cp = info[i] + sizeof("closefrom=") - 1; details->closefrom = strtonum(cp, 0, INT_MAX, &errstr); if (errstr != NULL) fatalx(U_("%s: %s"), info[i], U_(errstr)); break; } break; case 'e': if (strncmp("exec_background=", info[i], sizeof("exec_background=") - 1) == 0) { if (atobool(info[i] + sizeof("exec_background=") - 1) == true) SET(details->flags, CD_EXEC_BG); break; } break; case 'l': SET_STRING("login_class=", login_class) break; case 'n': if (strncmp("nice=", info[i], sizeof("nice=") - 1) == 0) { cp = info[i] + sizeof("nice=") - 1; details->priority = strtonum(cp, INT_MIN, INT_MAX, &errstr); if (errstr != NULL) fatalx(U_("%s: %s"), info[i], U_(errstr)); SET(details->flags, CD_SET_PRIORITY); break; } if (strncmp("noexec=", info[i], sizeof("noexec=") - 1) == 0) { if (atobool(info[i] + sizeof("noexec=") - 1) == true) SET(details->flags, CD_NOEXEC); break; } break; case 'p': if (strncmp("preserve_groups=", info[i], sizeof("preserve_groups=") - 1) == 0) { if (atobool(info[i] + sizeof("preserve_groups=") - 1) == true) SET(details->flags, CD_PRESERVE_GROUPS); break; } if (strncmp("preserve_fds=", info[i], sizeof("preserve_fds=") - 1) == 0) { parse_preserved_fds(&details->preserved_fds, info[i] + sizeof("preserve_fds=") - 1); break; } break; case 'r': if (strncmp("runas_egid=", info[i], sizeof("runas_egid=") - 1) == 0) { cp = info[i] + sizeof("runas_egid=") - 1; id = atoid(cp, NULL, NULL, &errstr); if (errstr != NULL) fatalx(U_("%s: %s"), info[i], U_(errstr)); details->egid = (gid_t)id; SET(details->flags, CD_SET_EGID); break; } if (strncmp("runas_euid=", info[i], sizeof("runas_euid=") - 1) == 0) { cp = info[i] + sizeof("runas_euid=") - 1; id = atoid(cp, NULL, NULL, &errstr); if (errstr != NULL) fatalx(U_("%s: %s"), info[i], U_(errstr)); details->euid = (uid_t)id; SET(details->flags, CD_SET_EUID); break; } if (strncmp("runas_gid=", info[i], sizeof("runas_gid=") - 1) == 0) { cp = info[i] + sizeof("runas_gid=") - 1; id = atoid(cp, NULL, NULL, &errstr); if (errstr != NULL) fatalx(U_("%s: %s"), info[i], U_(errstr)); details->gid = (gid_t)id; SET(details->flags, CD_SET_GID); break; } if (strncmp("runas_groups=", info[i], sizeof("runas_groups=") - 1) == 0) { /* parse_gid_list() will call fatalx() on error. */ cp = info[i] + sizeof("runas_groups=") - 1; details->ngroups = parse_gid_list(cp, NULL, &details->groups); break; } if (strncmp("runas_uid=", info[i], sizeof("runas_uid=") - 1) == 0) { cp = info[i] + sizeof("runas_uid=") - 1; id = atoid(cp, NULL, NULL, &errstr); if (errstr != NULL) fatalx(U_("%s: %s"), info[i], U_(errstr)); details->uid = (uid_t)id; SET(details->flags, CD_SET_UID); break; } #ifdef HAVE_PRIV_SET if (strncmp("runas_privs=", info[i], sizeof("runas_privs=") - 1) == 0) { const char *endp; cp = info[i] + sizeof("runas_privs=") - 1; if (*cp != '\0') { details->privs = priv_str_to_set(cp, ",", &endp); if (details->privs == NULL) warning("invalid runas_privs %s", endp); } break; } if (strncmp("runas_limitprivs=", info[i], sizeof("runas_limitprivs=") - 1) == 0) { const char *endp; cp = info[i] + sizeof("runas_limitprivs=") - 1; if (*cp != '\0') { details->limitprivs = priv_str_to_set(cp, ",", &endp); if (details->limitprivs == NULL) warning("invalid runas_limitprivs %s", endp); } break; } #endif /* HAVE_PRIV_SET */ break; case 's': SET_STRING("selinux_role=", selinux_role) SET_STRING("selinux_type=", selinux_type) if (strncmp("set_utmp=", info[i], sizeof("set_utmp=") - 1) == 0) { if (atobool(info[i] + sizeof("set_utmp=") - 1) == true) SET(details->flags, CD_SET_UTMP); break; } if (strncmp("sudoedit=", info[i], sizeof("sudoedit=") - 1) == 0) { if (atobool(info[i] + sizeof("sudoedit=") - 1) == true) SET(details->flags, CD_SUDOEDIT); break; } break; case 't': if (strncmp("timeout=", info[i], sizeof("timeout=") - 1) == 0) { cp = info[i] + sizeof("timeout=") - 1; details->timeout = strtonum(cp, 0, INT_MAX, &errstr); if (errstr != NULL) fatalx(U_("%s: %s"), info[i], U_(errstr)); SET(details->flags, CD_SET_TIMEOUT); break; } break; case 'u': if (strncmp("umask=", info[i], sizeof("umask=") - 1) == 0) { cp = info[i] + sizeof("umask=") - 1; details->umask = atomode(cp, &errstr); if (errstr != NULL) fatalx(U_("%s: %s"), info[i], U_(errstr)); SET(details->flags, CD_SET_UMASK); break; } if (strncmp("use_pty=", info[i], sizeof("use_pty=") - 1) == 0) { if (atobool(info[i] + sizeof("use_pty=") - 1) == true) SET(details->flags, CD_USE_PTY); break; } SET_STRING("utmp_user=", utmp_user) break; } } if (!ISSET(details->flags, CD_SET_EUID)) details->euid = details->uid; #ifdef HAVE_SETAUTHDB aix_setauthdb(IDtouser(details->euid)); #endif details->pw = getpwuid(details->euid); if (details->pw != NULL && (details->pw = pw_dup(details->pw)) == NULL) fatal(NULL); #ifdef HAVE_SETAUTHDB aix_restoreauthdb(); #endif #ifdef HAVE_SELINUX if (details->selinux_role != NULL && is_selinux_enabled() > 0) SET(details->flags, CD_RBAC_ENABLED); #endif debug_return; } static void sudo_check_suid(const char *sudo) { char pathbuf[PATH_MAX]; struct stat sb; bool qualified; debug_decl(sudo_check_suid, SUDO_DEBUG_PCOMM) if (geteuid() != 0) { /* Search for sudo binary in PATH if not fully qualified. */ qualified = strchr(sudo, '/') != NULL; if (!qualified) { char *path = getenv_unhooked("PATH"); if (path != NULL) { int len; char *cp, *colon; cp = path = estrdup(path); do { if ((colon = strchr(cp, ':'))) *colon = '\0'; len = snprintf(pathbuf, sizeof(pathbuf), "%s/%s", cp, sudo); if (len <= 0 || (size_t)len >= sizeof(pathbuf)) continue; if (access(pathbuf, X_OK) == 0) { sudo = pathbuf; qualified = true; break; } cp = colon + 1; } while (colon); efree(path); } } if (qualified && stat(sudo, &sb) == 0) { /* Try to determine why sudo was not running as root. */ if (sb.st_uid != ROOT_UID || !ISSET(sb.st_mode, S_ISUID)) { fatalx( U_("%s must be owned by uid %d and have the setuid bit set"), sudo, ROOT_UID); } else { fatalx(U_("effective uid is not %d, is %s on a file system " "with the 'nosuid' option set or an NFS file system without" " root privileges?"), ROOT_UID, sudo); } } else { fatalx( U_("effective uid is not %d, is sudo installed setuid root?"), ROOT_UID); } } debug_return; } /* * Disable core dumps to avoid dropping a core with user password in it. * We will reset this limit before executing the command. * Not all operating systems disable core dumps for setuid processes. */ static void disable_coredumps(void) { #if defined(RLIMIT_CORE) struct rlimit rl; debug_decl(disable_coredumps, SUDO_DEBUG_UTIL) /* * Turn off core dumps? */ if (sudo_conf_disable_coredump()) { (void) getrlimit(RLIMIT_CORE, &corelimit); memcpy(&rl, &corelimit, sizeof(struct rlimit)); rl.rlim_cur = 0; (void) setrlimit(RLIMIT_CORE, &rl); } debug_return; #endif /* RLIMIT_CORE */ } /* * Unlimit the number of processes since Linux's setuid() will * apply resource limits when changing uid and return EAGAIN if * nproc would be exceeded by the uid switch. */ static void unlimit_nproc(void) { #ifdef __linux__ struct rlimit rl; debug_decl(unlimit_nproc, SUDO_DEBUG_UTIL) (void) getrlimit(RLIMIT_NPROC, &nproclimit); rl.rlim_cur = rl.rlim_max = RLIM_INFINITY; if (setrlimit(RLIMIT_NPROC, &rl) != 0) { memcpy(&rl, &nproclimit, sizeof(struct rlimit)); rl.rlim_cur = rl.rlim_max; (void)setrlimit(RLIMIT_NPROC, &rl); } debug_return; #endif /* __linux__ */ } /* * Restore saved value of RLIMIT_NPROC. */ static void restore_nproc(void) { #ifdef __linux__ debug_decl(restore_nproc, SUDO_DEBUG_UTIL) (void) setrlimit(RLIMIT_NPROC, &nproclimit); debug_return; #endif /* __linux__ */ } /* * Setup the execution environment immediately prior to the call to execve() * Returns true on success and false on failure. */ bool exec_setup(struct command_details *details, const char *ptyname, int ptyfd) { bool rval = false; debug_decl(exec_setup, SUDO_DEBUG_EXEC) #ifdef HAVE_SELINUX if (ISSET(details->flags, CD_RBAC_ENABLED)) { if (selinux_setup(details->selinux_role, details->selinux_type, ptyname ? ptyname : user_details.tty, ptyfd) == -1) goto done; } #endif if (details->pw != NULL) { #ifdef HAVE_PROJECT_H set_project(details->pw); #endif #ifdef HAVE_PRIV_SET if (details->privs != NULL) { if (setppriv(PRIV_SET, PRIV_INHERITABLE, details->privs) != 0) { warning("unable to set privileges"); goto done; } } if (details->limitprivs != NULL) { if (setppriv(PRIV_SET, PRIV_LIMIT, details->limitprivs) != 0) { warning("unable to set limit privileges"); goto done; } } else if (details->privs != NULL) { if (setppriv(PRIV_SET, PRIV_LIMIT, details->privs) != 0) { warning("unable to set limit privileges"); goto done; } } #endif /* HAVE_PRIV_SET */ #ifdef HAVE_GETUSERATTR aix_prep_user(details->pw->pw_name, ptyname ? ptyname : user_details.tty); #endif #ifdef HAVE_LOGIN_CAP_H if (details->login_class) { int flags; login_cap_t *lc; /* * We only use setusercontext() to set the nice value and rlimits * unless this is a login shell (sudo -i). */ lc = login_getclass((char *)details->login_class); if (!lc) { warningx(U_("unknown login class %s"), details->login_class); errno = ENOENT; goto done; } if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) { /* Set everything except user, group and login name. */ flags = LOGIN_SETALL; CLR(flags, LOGIN_SETGROUP|LOGIN_SETLOGIN|LOGIN_SETUSER|LOGIN_SETENV|LOGIN_SETPATH); CLR(details->flags, CD_SET_UMASK); /* LOGIN_UMASK instead */ } else { flags = LOGIN_SETRESOURCES|LOGIN_SETPRIORITY; } if (setusercontext(lc, details->pw, details->pw->pw_uid, flags)) { warning(U_("unable to set user context")); if (details->pw->pw_uid != ROOT_UID) goto done; } } #endif /* HAVE_LOGIN_CAP_H */ } /* * Set groups, including supplementary group vector. */ if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) { if (details->ngroups >= 0) { if (sudo_setgroups(details->ngroups, details->groups) < 0) { warning(U_("unable to set supplementary group IDs")); goto done; } } } #ifdef HAVE_SETEUID if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) { warning(U_("unable to set effective gid to runas gid %u"), (unsigned int)details->egid); goto done; } #endif if (ISSET(details->flags, CD_SET_GID) && setgid(details->gid)) { warning(U_("unable to set gid to runas gid %u"), (unsigned int)details->gid); goto done; } if (ISSET(details->flags, CD_SET_PRIORITY)) { if (setpriority(PRIO_PROCESS, 0, details->priority) != 0) { warning(U_("unable to set process priority")); goto done; } } if (ISSET(details->flags, CD_SET_UMASK)) (void) umask(details->umask); if (details->chroot) { if (chroot(details->chroot) != 0 || chdir("/") != 0) { warning(U_("unable to change root to %s"), details->chroot); goto done; } } /* * Unlimit the number of processes since Linux's setuid() will * return EAGAIN if RLIMIT_NPROC would be exceeded by the uid switch. */ unlimit_nproc(); #ifdef HAVE_SETRESUID if (setresuid(details->uid, details->euid, details->euid) != 0) { warning(U_("unable to change to runas uid (%u, %u)"), details->uid, details->euid); goto done; } #elif defined(HAVE_SETREUID) if (setreuid(details->uid, details->euid) != 0) { warning(U_("unable to change to runas uid (%u, %u)"), (unsigned int)details->uid, (unsigned int)details->euid); goto done; } #else if (seteuid(details->euid) != 0 || setuid(details->euid) != 0) { warning(U_("unable to change to runas uid (%u, %u)"), details->uid, details->euid); goto done; } #endif /* !HAVE_SETRESUID && !HAVE_SETREUID */ /* Restore previous value of RLIMIT_NPROC. */ restore_nproc(); /* * Only change cwd if we have chroot()ed or the policy modules * specifies a different cwd. Must be done after uid change. */ if (details->cwd) { if (details->chroot || strcmp(details->cwd, user_details.cwd) != 0) { /* Note: cwd is relative to the new root, if any. */ if (chdir(details->cwd) != 0) { warning(U_("unable to change directory to %s"), details->cwd); goto done; } } } rval = true; done: debug_return_bool(rval); } /* * Run the command and wait for it to complete. */ int run_command(struct command_details *details) { struct plugin_container *plugin; struct command_status cstat; int exitcode = 1; debug_decl(run_command, SUDO_DEBUG_EXEC) cstat.type = CMD_INVALID; cstat.val = 0; sudo_execute(details, &cstat); switch (cstat.type) { case CMD_ERRNO: /* exec_setup() or execve() returned an error. */ sudo_debug_printf(SUDO_DEBUG_DEBUG, "calling policy close with errno %d", cstat.val); policy_close(&policy_plugin, 0, cstat.val); TAILQ_FOREACH(plugin, &io_plugins, entries) { sudo_debug_printf(SUDO_DEBUG_DEBUG, "calling I/O close with errno %d", cstat.val); iolog_close(plugin, 0, cstat.val); } exitcode = 1; break; case CMD_WSTATUS: /* Command ran, exited or was killed. */ sudo_debug_printf(SUDO_DEBUG_DEBUG, "calling policy close with wait status %d", cstat.val); policy_close(&policy_plugin, cstat.val, 0); TAILQ_FOREACH(plugin, &io_plugins, entries) { sudo_debug_printf(SUDO_DEBUG_DEBUG, "calling I/O close with wait status %d", cstat.val); iolog_close(plugin, cstat.val, 0); } if (WIFEXITED(cstat.val)) exitcode = WEXITSTATUS(cstat.val); else if (WIFSIGNALED(cstat.val)) exitcode = WTERMSIG(cstat.val) | 128; break; default: warningx(U_("unexpected child termination condition: %d"), cstat.type); break; } debug_return_int(exitcode); } static int policy_open(struct plugin_container *plugin, char * const settings[], char * const user_info[], char * const user_env[]) { int rval; debug_decl(policy_open, SUDO_DEBUG_PCOMM) /* * Backwards compatibility for older API versions */ switch (plugin->u.generic->version) { case SUDO_API_MKVERSION(1, 0): case SUDO_API_MKVERSION(1, 1): rval = plugin->u.policy_1_0->open(plugin->u.io_1_0->version, sudo_conversation, _sudo_printf, settings, user_info, user_env); break; default: rval = plugin->u.policy->open(SUDO_API_VERSION, sudo_conversation, _sudo_printf, settings, user_info, user_env, plugin->options); } debug_return_bool(rval); } static void policy_close(struct plugin_container *plugin, int exit_status, int error) { debug_decl(policy_close, SUDO_DEBUG_PCOMM) if (plugin->u.policy->close != NULL) plugin->u.policy->close(exit_status, error); else warning(U_("unable to execute %s"), command_details.command); debug_return; } static int policy_show_version(struct plugin_container *plugin, int verbose) { debug_decl(policy_show_version, SUDO_DEBUG_PCOMM) if (plugin->u.policy->show_version == NULL) debug_return_bool(true); debug_return_bool(plugin->u.policy->show_version(verbose)); } static int policy_check(struct plugin_container *plugin, int argc, char * const argv[], char *env_add[], char **command_info[], char **argv_out[], char **user_env_out[]) { debug_decl(policy_check, SUDO_DEBUG_PCOMM) if (plugin->u.policy->check_policy == NULL) { fatalx(U_("policy plugin %s is missing the `check_policy' method"), plugin->name); } debug_return_bool(plugin->u.policy->check_policy(argc, argv, env_add, command_info, argv_out, user_env_out)); } static int policy_list(struct plugin_container *plugin, int argc, char * const argv[], int verbose, const char *list_user) { debug_decl(policy_list, SUDO_DEBUG_PCOMM) if (plugin->u.policy->list == NULL) { warningx(U_("policy plugin %s does not support listing privileges"), plugin->name); debug_return_bool(false); } debug_return_bool(plugin->u.policy->list(argc, argv, verbose, list_user)); } static int policy_validate(struct plugin_container *plugin) { debug_decl(policy_validate, SUDO_DEBUG_PCOMM) if (plugin->u.policy->validate == NULL) { warningx(U_("policy plugin %s does not support the -v option"), plugin->name); debug_return_bool(false); } debug_return_bool(plugin->u.policy->validate()); } static void policy_invalidate(struct plugin_container *plugin, int remove) { debug_decl(policy_invalidate, SUDO_DEBUG_PCOMM) if (plugin->u.policy->invalidate == NULL) { fatalx(U_("policy plugin %s does not support the -k/-K options"), plugin->name); } plugin->u.policy->invalidate(remove); debug_return; } int policy_init_session(struct command_details *details) { int rval = true; debug_decl(policy_init_session, SUDO_DEBUG_PCOMM) if (policy_plugin.u.policy->init_session) { /* * Backwards compatibility for older API versions */ switch (policy_plugin.u.generic->version) { case SUDO_API_MKVERSION(1, 0): case SUDO_API_MKVERSION(1, 1): rval = policy_plugin.u.policy_1_0->init_session(details->pw); break; default: rval = policy_plugin.u.policy->init_session(details->pw, &details->envp); } } debug_return_bool(rval); } static int iolog_open(struct plugin_container *plugin, char * const settings[], char * const user_info[], char * const command_info[], int argc, char * const argv[], char * const user_env[]) { int rval; debug_decl(iolog_open, SUDO_DEBUG_PCOMM) /* * Backwards compatibility for older API versions */ switch (plugin->u.generic->version) { case SUDO_API_MKVERSION(1, 0): rval = plugin->u.io_1_0->open(plugin->u.io_1_0->version, sudo_conversation, _sudo_printf, settings, user_info, argc, argv, user_env); break; case SUDO_API_MKVERSION(1, 1): rval = plugin->u.io_1_1->open(plugin->u.io_1_1->version, sudo_conversation, _sudo_printf, settings, user_info, command_info, argc, argv, user_env); break; default: rval = plugin->u.io->open(SUDO_API_VERSION, sudo_conversation, _sudo_printf, settings, user_info, command_info, argc, argv, user_env, plugin->options); } debug_return_bool(rval); } static void iolog_close(struct plugin_container *plugin, int exit_status, int error) { debug_decl(iolog_close, SUDO_DEBUG_PCOMM) if (plugin->u.io->close != NULL) plugin->u.io->close(exit_status, error); debug_return; } static int iolog_show_version(struct plugin_container *plugin, int verbose) { debug_decl(iolog_show_version, SUDO_DEBUG_PCOMM) if (plugin->u.io->show_version == NULL) debug_return_bool(true); debug_return_bool(plugin->u.io->show_version(verbose)); } /* * Remove the specified I/O logging plugin from the io_plugins list. * Deregisters any hooks before unlinking, then frees the container. */ static void iolog_unlink(struct plugin_container *plugin) { debug_decl(iolog_unlink, SUDO_DEBUG_PCOMM) /* Deregister hooks, if any. */ if (plugin->u.io->version >= SUDO_API_MKVERSION(1, 2)) { if (plugin->u.io->deregister_hooks != NULL) plugin->u.io->deregister_hooks(SUDO_HOOK_VERSION, deregister_hook); } /* Remove from io_plugins list and free. */ TAILQ_REMOVE(&io_plugins, plugin, entries); efree(plugin); debug_return; } sudo-1.8.9p5/src/sudo.h010064400175440000012000000153431226304126500142650ustar00millertstaff/* * Copyright (c) 1993-1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #ifndef _SUDO_SUDO_H #define _SUDO_SUDO_H #include #include #ifdef HAVE_STDBOOL_H # include #else # include "compat/stdbool.h" #endif /* HAVE_STDBOOL_H */ #include "missing.h" #include "alloc.h" #include "fatal.h" #include "fileops.h" #include "sudo_conf.h" #include "sudo_debug.h" #include "sudo_util.h" #include "gettext.h" #ifdef HAVE_PRIV_SET # include #endif #ifdef __TANDEM # define ROOT_UID 65535 #else # define ROOT_UID 0 #endif /* * Various modes sudo can be in (based on arguments) in hex */ #define MODE_RUN 0x00000001 #define MODE_EDIT 0x00000002 #define MODE_VALIDATE 0x00000004 #define MODE_INVALIDATE 0x00000008 #define MODE_KILL 0x00000010 #define MODE_VERSION 0x00000020 #define MODE_HELP 0x00000040 #define MODE_LIST 0x00000080 #define MODE_CHECK 0x00000100 #define MODE_MASK 0x0000ffff /* Mode flags */ /* XXX - prune this */ #define MODE_BACKGROUND 0x00010000 #define MODE_SHELL 0x00020000 #define MODE_LOGIN_SHELL 0x00040000 #define MODE_IMPLIED_SHELL 0x00080000 #define MODE_RESET_HOME 0x00100000 #define MODE_PRESERVE_GROUPS 0x00200000 #define MODE_PRESERVE_ENV 0x00400000 #define MODE_NONINTERACTIVE 0x00800000 #define MODE_LONG_LIST 0x01000000 /* * Flags for tgetpass() */ #define TGP_NOECHO 0x00 /* turn echo off reading pw (default) */ #define TGP_ECHO 0x01 /* leave echo on when reading passwd */ #define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */ #define TGP_ASKPASS 0x04 /* read from askpass helper program */ #define TGP_MASK 0x08 /* mask user input when reading */ #define TGP_NOECHO_TRY 0x10 /* turn off echo if possible */ struct user_details { pid_t pid; pid_t ppid; pid_t pgid; pid_t tcpgid; pid_t sid; uid_t uid; uid_t euid; uid_t gid; uid_t egid; const char *username; const char *cwd; const char *tty; const char *host; const char *shell; GETGROUPS_T *groups; int ngroups; int ts_cols; int ts_lines; }; #define CD_SET_UID 0x0001 #define CD_SET_EUID 0x0002 #define CD_SET_GID 0x0004 #define CD_SET_EGID 0x0008 #define CD_PRESERVE_GROUPS 0x0010 #define CD_NOEXEC 0x0020 #define CD_SET_PRIORITY 0x0040 #define CD_SET_UMASK 0x0080 #define CD_SET_TIMEOUT 0x0100 #define CD_SUDOEDIT 0x0200 #define CD_BACKGROUND 0x0400 #define CD_RBAC_ENABLED 0x0800 #define CD_USE_PTY 0x1000 #define CD_SET_UTMP 0x2000 #define CD_EXEC_BG 0x4000 struct preserved_fd { TAILQ_ENTRY(preserved_fd) entries; int lowfd; int highfd; int flags; }; TAILQ_HEAD(preserved_fd_list, preserved_fd); struct command_details { uid_t uid; uid_t euid; gid_t gid; gid_t egid; mode_t umask; int priority; int timeout; int ngroups; int closefrom; int flags; struct preserved_fd_list preserved_fds; struct passwd *pw; GETGROUPS_T *groups; const char *command; const char *cwd; const char *login_class; const char *chroot; const char *selinux_role; const char *selinux_type; const char *utmp_user; char **argv; char **envp; #ifdef HAVE_PRIV_SET priv_set_t *privs; priv_set_t *limitprivs; #endif }; /* Status passed between parent and child via socketpair */ struct command_status { #define CMD_INVALID 0 #define CMD_ERRNO 1 #define CMD_WSTATUS 2 #define CMD_SIGNO 3 #define CMD_PID 4 int type; int val; }; struct timeval; /* For fatal() and fatalx() (XXX - needed?) */ void cleanup(int); /* tgetpass.c */ char *tgetpass(const char *, int, int); int tty_present(void); /* exec.c */ int pipe_nonblock(int fds[2]); int sudo_execute(struct command_details *details, struct command_status *cstat); /* parse_args.c */ int parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp, char ***env_addp); extern int tgetpass_flags; /* get_pty.c */ int get_pty(int *master, int *slave, char *name, size_t namesz, uid_t uid); /* sudo.c */ bool exec_setup(struct command_details *details, const char *ptyname, int ptyfd); int policy_init_session(struct command_details *details); int run_command(struct command_details *details); int os_init_common(int argc, char *argv[], char *envp[]); extern const char *list_user; extern struct user_details user_details; /* sudo_edit.c */ int sudo_edit(struct command_details *details); /* parse_args.c */ void usage(int); /* openbsd.c */ int os_init_openbsd(int argc, char *argv[], char *envp[]); /* selinux.c */ int selinux_restore_tty(void); int selinux_setup(const char *role, const char *type, const char *ttyn, int ttyfd); void selinux_execve(const char *path, char *const argv[], char *const envp[], int noexec); /* solaris.c */ void set_project(struct passwd *); int os_init_solaris(int argc, char *argv[], char *envp[]); /* hooks.c */ /* XXX - move to sudo_plugin_int.h? */ struct sudo_hook; int register_hook(struct sudo_hook *hook); int deregister_hook(struct sudo_hook *hook); int process_hooks_getenv(const char *name, char **val); int process_hooks_setenv(const char *name, const char *value, int overwrite); int process_hooks_putenv(char *string); int process_hooks_unsetenv(const char *name); /* env_hooks.c */ char *getenv_unhooked(const char *name); /* interfaces.c */ int get_net_ifs(char **addrinfo); /* ttyname.c */ char *get_process_ttyname(void); /* signal.c */ struct sigaction; extern int signal_pipe[2]; int sudo_sigaction(int signo, struct sigaction *sa, struct sigaction *osa); void init_signals(void); void restore_signals(void); void save_signals(void); /* preload.c */ void preload_static_symbols(void); /* preserve_fds.c */ int add_preserved_fd(struct preserved_fd_list *pfds, int fd); void closefrom_except(int startfd, struct preserved_fd_list *pfds); void parse_preserved_fds(struct preserved_fd_list *pfds, const char *fdstr); #endif /* _SUDO_SUDO_H */ sudo-1.8.9p5/src/sudo_edit.c010064400175440000012000000232241226304126500152620ustar00millertstaff/* * Copyright (c) 2004-2008, 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include #include #include #ifdef TIME_WITH_SYS_TIME # include #endif #include "sudo.h" #if defined(HAVE_SETRESUID) || defined(HAVE_SETREUID) || defined(HAVE_SETEUID) static void switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups) { int serrno = errno; debug_decl(switch_user, SUDO_DEBUG_EDIT) /* When restoring root, change euid first; otherwise change it last. */ if (euid == ROOT_UID) { if (seteuid(ROOT_UID) != 0) fatal("seteuid(ROOT_UID)"); } if (setegid(egid) != 0) fatal("setegid(%d)", (int)egid); if (ngroups != -1) { if (sudo_setgroups(ngroups, groups) != 0) fatal("setgroups"); } if (euid != ROOT_UID) { if (seteuid(euid) != 0) fatal("seteuid(%d)", (int)euid); } errno = serrno; debug_return; } /* * Wrapper to allow users to edit privileged files with their own uid. */ int sudo_edit(struct command_details *command_details) { struct command_details editor_details; ssize_t nread, nwritten; const char *tmpdir; char *cp, *suff, **nargv, **ap, **files = NULL; char buf[BUFSIZ]; int rc, i, j, ac, ofd, tfd, nargc, rval, tmplen; int editor_argc = 0, nfiles = 0; struct stat sb; struct timeval tv, tv1, tv2; struct tempfile { char *tfile; char *ofile; struct timeval omtim; off_t osize; } *tf = NULL; debug_decl(sudo_edit, SUDO_DEBUG_EDIT) /* * Set real, effective and saved uids to root. * We will change the euid as needed below. */ if (setuid(ROOT_UID) != 0) { warning(U_("unable to change uid to root (%u)"), ROOT_UID); goto cleanup; } /* * Find our temporary directory, one of /var/tmp, /usr/tmp, or /tmp */ if (stat(_PATH_VARTMP, &sb) == 0 && S_ISDIR(sb.st_mode)) tmpdir = _PATH_VARTMP; #ifdef _PATH_USRTMP else if (stat(_PATH_USRTMP, &sb) == 0 && S_ISDIR(sb.st_mode)) tmpdir = _PATH_USRTMP; #endif else tmpdir = _PATH_TMP; tmplen = strlen(tmpdir); while (tmplen > 0 && tmpdir[tmplen - 1] == '/') tmplen--; /* * The user's editor must be separated from the files to be * edited by a "--" option. */ for (ap = command_details->argv; *ap != NULL; ap++) { if (files) nfiles++; else if (strcmp(*ap, "--") == 0) files = ap + 1; else editor_argc++; } if (nfiles == 0) { warningx(U_("plugin error: missing file list for sudoedit")); goto cleanup; } /* * For each file specified by the user, make a temporary version * and copy the contents of the original to it. */ tf = emalloc2(nfiles, sizeof(*tf)); memset(tf, 0, nfiles * sizeof(*tf)); for (i = 0, j = 0; i < nfiles; i++) { rc = -1; switch_user(command_details->euid, command_details->egid, command_details->ngroups, command_details->groups); if ((ofd = open(files[i], O_RDONLY, 0644)) != -1 || errno == ENOENT) { if (ofd == -1) { memset(&sb, 0, sizeof(sb)); /* new file */ rc = 0; } else { rc = fstat(ofd, &sb); } } switch_user(ROOT_UID, user_details.egid, user_details.ngroups, user_details.groups); if (rc || (ofd != -1 && !S_ISREG(sb.st_mode))) { if (rc) warning("%s", files[i]); else warningx(U_("%s: not a regular file"), files[i]); if (ofd != -1) close(ofd); continue; } tf[j].ofile = files[i]; tf[j].osize = sb.st_size; mtim_get(&sb, &tf[j].omtim); if ((cp = strrchr(tf[j].ofile, '/')) != NULL) cp++; else cp = tf[j].ofile; suff = strrchr(cp, '.'); if (suff != NULL) { easprintf(&tf[j].tfile, "%.*s/%.*sXXXXXXXX%s", tmplen, tmpdir, (int)(size_t)(suff - cp), cp, suff); } else { easprintf(&tf[j].tfile, "%.*s/%s.XXXXXXXX", tmplen, tmpdir, cp); } if (seteuid(user_details.uid) != 0) fatal("seteuid(%d)", (int)user_details.uid); tfd = mkstemps(tf[j].tfile, suff ? strlen(suff) : 0); if (seteuid(ROOT_UID) != 0) fatal("seteuid(ROOT_UID)"); if (tfd == -1) { warning("mkstemps"); goto cleanup; } if (ofd != -1) { while ((nread = read(ofd, buf, sizeof(buf))) != 0) { if ((nwritten = write(tfd, buf, nread)) != nread) { if (nwritten == -1) warning("%s", tf[j].tfile); else warningx(U_("%s: short write"), tf[j].tfile); goto cleanup; } } close(ofd); } /* * We always update the stashed mtime because the time * resolution of the filesystem the temporary file is on may * not match that of the filesystem where the file to be edited * resides. It is OK if touch() fails since we only use the info * to determine whether or not a file has been modified. */ (void) touch(tfd, NULL, &tf[j].omtim); rc = fstat(tfd, &sb); if (!rc) mtim_get(&sb, &tf[j].omtim); close(tfd); j++; } if ((nfiles = j) == 0) goto cleanup; /* no files readable, you lose */ /* * Allocate space for the new argument vector and fill it in. * We concatenate the editor with its args and the file list * to create a new argv. */ nargc = editor_argc + nfiles; nargv = (char **) emalloc2(nargc + 1, sizeof(char *)); for (ac = 0; ac < editor_argc; ac++) nargv[ac] = command_details->argv[ac]; for (i = 0; i < nfiles && ac < nargc; ) nargv[ac++] = tf[i++].tfile; nargv[ac] = NULL; /* * Run the editor with the invoking user's creds, * keeping track of the time spent in the editor. */ gettimeofday(&tv1, NULL); memcpy(&editor_details, command_details, sizeof(editor_details)); editor_details.uid = user_details.uid; editor_details.euid = user_details.uid; editor_details.gid = user_details.gid; editor_details.egid = user_details.gid; editor_details.ngroups = user_details.ngroups; editor_details.groups = user_details.groups; editor_details.argv = nargv; rval = run_command(&editor_details); gettimeofday(&tv2, NULL); /* Copy contents of temp files to real ones */ for (i = 0; i < nfiles; i++) { rc = -1; if (seteuid(user_details.uid) != 0) fatal("seteuid(%d)", (int)user_details.uid); if ((tfd = open(tf[i].tfile, O_RDONLY, 0644)) != -1) { rc = fstat(tfd, &sb); } if (seteuid(ROOT_UID) != 0) fatal("seteuid(ROOT_UID)"); if (rc || !S_ISREG(sb.st_mode)) { if (rc) warning("%s", tf[i].tfile); else warningx(U_("%s: not a regular file"), tf[i].tfile); warningx(U_("%s left unmodified"), tf[i].ofile); if (tfd != -1) close(tfd); continue; } mtim_get(&sb, &tv); if (tf[i].osize == sb.st_size && timevalcmp(&tf[i].omtim, &tv, ==)) { /* * If mtime and size match but the user spent no measurable * time in the editor we can't tell if the file was changed. */ timevalsub(&tv1, &tv2); if (timevalisset(&tv2)) { warningx(U_("%s unchanged"), tf[i].ofile); unlink(tf[i].tfile); close(tfd); continue; } } switch_user(command_details->euid, command_details->egid, command_details->ngroups, command_details->groups); ofd = open(tf[i].ofile, O_WRONLY|O_TRUNC|O_CREAT, 0644); switch_user(ROOT_UID, user_details.egid, user_details.ngroups, user_details.groups); if (ofd == -1) { warning(U_("unable to write to %s"), tf[i].ofile); warningx(U_("contents of edit session left in %s"), tf[i].tfile); close(tfd); continue; } while ((nread = read(tfd, buf, sizeof(buf))) > 0) { if ((nwritten = write(ofd, buf, nread)) != nread) { if (nwritten == -1) warning("%s", tf[i].ofile); else warningx(U_("%s: short write"), tf[i].ofile); break; } } if (nread == 0) { /* success, got EOF */ unlink(tf[i].tfile); } else if (nread < 0) { warning(U_("unable to read temporary file")); warningx(U_("contents of edit session left in %s"), tf[i].tfile); } else { warning(U_("unable to write to %s"), tf[i].ofile); warningx(U_("contents of edit session left in %s"), tf[i].tfile); } close(ofd); } debug_return_int(rval); cleanup: /* Clean up temp files and return. */ if (tf != NULL) { for (i = 0; i < nfiles; i++) { if (tf[i].tfile != NULL) unlink(tf[i].tfile); } } debug_return_int(1); } #else /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */ /* * Must have the ability to change the effective uid to use sudoedit. */ int sudo_edit(struct command_details *command_details) { debug_decl(sudo_edit, SUDO_DEBUG_EDIT) debug_return_int(1); } #endif /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */ sudo-1.8.9p5/src/sudo_exec.h010064400175440000012000000046341226304126500152720ustar00millertstaff/* * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDO_EXEC_H #define _SUDO_EXEC_H /* * Older systems may not support MSG_WAITALL but it shouldn't really be needed. */ #ifndef MSG_WAITALL # define MSG_WAITALL 0 #endif /* * Special values to indicate whether continuing in foreground or background. */ #define SIGCONT_FG -2 #define SIGCONT_BG -3 /* * Positions in saved_signals[] */ #define SAVED_SIGALRM 0 #define SAVED_SIGCHLD 1 #define SAVED_SIGCONT 2 #define SAVED_SIGHUP 3 #define SAVED_SIGINT 4 #define SAVED_SIGPIPE 5 #define SAVED_SIGQUIT 6 #define SAVED_SIGTERM 7 #define SAVED_SIGTSTP 8 #define SAVED_SIGTTIN 9 #define SAVED_SIGTTOU 10 #define SAVED_SIGUSR1 11 #define SAVED_SIGUSR2 12 /* * Symbols shared between exec.c and exec_pty.c */ /* exec.c */ struct sudo_event_base; int sudo_execve(const char *path, char *const argv[], char *const envp[], int noexec); extern volatile pid_t cmnd_pid; /* exec_pty.c */ struct command_details; struct command_status; int fork_pty(struct command_details *details, int sv[], sigset_t *omask); int suspend_parent(int signo); void exec_cmnd(struct command_details *details, struct command_status *cstat, int errfd); void add_io_events(struct sudo_event_base *evbase); #ifdef SA_SIGINFO void handler(int s, siginfo_t *info, void *context); #else void handler(int s); #endif void pty_close(struct command_status *cstat); void pty_setup(uid_t uid, const char *tty, const char *utmp_user); void terminate_command(pid_t pid, bool use_pgrp); /* utmp.c */ bool utmp_login(const char *from_line, const char *to_line, int ttyfd, const char *user); bool utmp_logout(const char *line, int status); #endif /* _SUDO_EXEC_H */ sudo-1.8.9p5/src/sudo_noexec.c010064400175440000012000000136311226304126500156170ustar00millertstaff/* * Copyright (c) 2004-2005, 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef HAVE_SPAWN_H #include #endif #include "missing.h" #ifdef HAVE___INTERPOSE /* * Mac OS X 10.4 and above has support for library symbol interposition. * There is a good explanation of this in the Mac OS X Internals book. */ typedef struct interpose_s { void *new_func; void *orig_func; } interpose_t; # define FN_NAME(fn) dummy_ ## fn # define INTERPOSE(fn) \ __attribute__((__used__)) static const interpose_t interpose_ ## fn \ __attribute__((__section__("__DATA,__interpose"))) = \ { (void *)dummy_ ## fn, (void *)fn }; #else # define FN_NAME(fn) fn # define INTERPOSE(fn) #endif /* * Dummy versions of the exec(3) family of syscalls. It is not enough * to just dummy out execve(2) since some C libraries use direct syscalls * for the other functions instead of calling execve(2). Note that it is * still possible to access the real syscalls via the syscall(2) interface * but very few programs actually do that. */ #define DUMMY_BODY \ { \ errno = EACCES; \ return -1; \ } #define DUMMY2(fn, t1, t2) \ __dso_public int \ FN_NAME(fn)(t1 a1, t2 a2) \ DUMMY_BODY \ INTERPOSE(fn) #define DUMMY3(fn, t1, t2, t3) \ __dso_public int \ FN_NAME(fn)(t1 a1, t2 a2, t3 a3) \ DUMMY_BODY \ INTERPOSE(fn) #define DUMMY6(fn, t1, t2, t3, t4, t5, t6) \ __dso_public int \ FN_NAME(fn)(t1 a1, t2 a2, t3 a3, t4 a4, t5 a5, t6 a6) \ DUMMY_BODY \ INTERPOSE(fn) #define DUMMY_VA(fn, t1, t2) \ __dso_public int \ FN_NAME(fn)(t1 a1, t2 a2, ...) \ DUMMY_BODY \ INTERPOSE(fn) /* * Standard exec(3) family of functions. */ DUMMY_VA(execl, const char *, const char *) DUMMY_VA(execle, const char *, const char *) DUMMY_VA(execlp, const char *, const char *) DUMMY2(execv, const char *, char * const *) DUMMY2(execvp, const char *, char * const *) DUMMY3(execve, const char *, char * const *, char * const *) /* * Private versions of the above. */ #ifdef HAVE__EXECL DUMMY_VA(_execl, const char *, const char *) #endif #ifdef HAVE___EXECL DUMMY_VA(__execl, const char *, const char *) #endif #ifdef HAVE__EXECLE DUMMY_VA(_execle, const char *, const char *) #endif #ifdef HAVE___EXECLE DUMMY_VA(__execle, const char *, const char *) #endif #ifdef HAVE__EXECLP DUMMY_VA(_execlp, const char *, const char *) #endif #ifdef HAVE___EXECLP DUMMY_VA(__execlp, const char *, const char *) #endif #ifdef HAVE__EXECV DUMMY2(_execv, const char *, char * const *) #endif #ifdef HAVE___EXECV DUMMY2(__execv, const char *, char * const *) #endif #ifdef HAVE__EXECVP DUMMY2(_execvp, const char *, char * const *) #endif #ifdef HAVE___EXECVP DUMMY2(__execvp, const char *, char * const *) #endif #ifdef HAVE__EXECVE DUMMY3(_execve, const char *, char * const *, char * const *) #endif #ifdef HAVE___EXECVE DUMMY3(__execve, const char *, char * const *, char * const *) #endif /* * Non-standard exec functions and corresponding private versions. */ #ifdef HAVE_EXECVP DUMMY3(execvP, const char *, const char *, char * const *) #endif #ifdef HAVE__EXECVP DUMMY3(_execvP, const char *, const char *, char * const *) #endif #ifdef HAVE___EXECVP DUMMY3(__execvP, const char *, const char *, char * const *) #endif #ifdef HAVE_EXECVPE DUMMY3(execvpe, const char *, char * const *, char * const *) #endif #ifdef HAVE__EXECVPE DUMMY3(_execvpe, const char *, char * const *, char * const *) #endif #ifdef HAVE___EXECVPE DUMMY3(__execvpe, const char *, char * const *, char * const *) #endif #ifdef HAVE_EXECT DUMMY3(exect, const char *, char * const *, char * const *) #endif #ifdef HAVE__EXECT DUMMY3(_exect, const char *, char * const *, char * const *) #endif #ifdef HAVE___EXECT DUMMY3(__exect, const char *, char * const *, char * const *) #endif #ifdef HAVE_FEXECVE DUMMY3(fexecve, int , char * const *, char * const *) #endif #ifdef HAVE__FEXECVE DUMMY3(_fexecve, int , char * const *, char * const *) #endif #ifdef HAVE___FEXECVE DUMMY3(__fexecve, int , char * const *, char * const *) #endif /* * posix_spawn, posix_spawnp and any private versions. */ #ifdef HAVE_POSIX_SPAWN DUMMY6(posix_spawn, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *) #endif #ifdef HAVE__POSIX_SPAWN DUMMY6(_posix_spawn, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *) #endif #ifdef HAVE___POSIX_SPAWN DUMMY6(__posix_spawn, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *) #endif #ifdef HAVE_POSIX_SPAWNP DUMMY6(posix_spawnp, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *) #endif #ifdef HAVE_POSIX__SPAWNP DUMMY6(_posix_spawnp, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *) #endif #ifdef HAVE_POSIX___SPAWNP DUMMY6(__posix_spawnp, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *) #endif sudo-1.8.9p5/src/sudo_plugin_int.h010064400175440000012000000076611226304126500165210ustar00millertstaff/* * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDO_PLUGIN_INT_H #define _SUDO_PLUGIN_INT_H /* * All plugin structures start with a type and a version. */ struct generic_plugin { unsigned int type; unsigned int version; /* the rest depends on the type... */ }; /* * Backwards-compatible structures for API bumps. */ struct policy_plugin_1_0 { unsigned int type; unsigned int version; int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t sudo_printf, char * const settings[], char * const user_info[], char * const user_env[]); void (*close)(int exit_status, int error); /* wait status or error */ int (*show_version)(int verbose); int (*check_policy)(int argc, char * const argv[], char *env_add[], char **command_info[], char **argv_out[], char **user_env_out[]); int (*list)(int argc, char * const argv[], int verbose, const char *list_user); int (*validate)(void); void (*invalidate)(int remove); int (*init_session)(struct passwd *pwd); }; struct io_plugin_1_0 { unsigned int type; unsigned int version; int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t sudo_printf, char * const settings[], char * const user_info[], int argc, char * const argv[], char * const user_env[]); void (*close)(int exit_status, int error); int (*show_version)(int verbose); int (*log_ttyin)(const char *buf, unsigned int len); int (*log_ttyout)(const char *buf, unsigned int len); int (*log_stdin)(const char *buf, unsigned int len); int (*log_stdout)(const char *buf, unsigned int len); int (*log_stderr)(const char *buf, unsigned int len); }; struct io_plugin_1_1 { unsigned int type; unsigned int version; int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t sudo_printf, char * const settings[], char * const user_info[], char * const command_info[], int argc, char * const argv[], char * const user_env[]); void (*close)(int exit_status, int error); /* wait status or error */ int (*show_version)(int verbose); int (*log_ttyin)(const char *buf, unsigned int len); int (*log_ttyout)(const char *buf, unsigned int len); int (*log_stdin)(const char *buf, unsigned int len); int (*log_stdout)(const char *buf, unsigned int len); int (*log_stderr)(const char *buf, unsigned int len); }; /* * Sudo plugin internals. */ struct plugin_container { TAILQ_ENTRY(plugin_container) entries; const char *name; char * const *options; void *handle; union { struct generic_plugin *generic; struct policy_plugin *policy; struct policy_plugin_1_0 *policy_1_0; struct io_plugin *io; struct io_plugin_1_0 *io_1_0; struct io_plugin_1_1 *io_1_1; } u; }; TAILQ_HEAD(plugin_container_list, plugin_container); extern struct plugin_container policy_plugin; extern struct plugin_container_list io_plugins; int sudo_conversation(int num_msgs, const struct sudo_conv_message msgs[], struct sudo_conv_reply replies[]); int _sudo_printf(int msg_type, const char *fmt, ...); bool sudo_load_plugins(struct plugin_container *policy_plugin, struct plugin_container_list *io_plugins); #endif /* _SUDO_PLUGIN_INT_H */ sudo-1.8.9p5/src/sudo_usage.h.in010064400175440000012000000033561226304126500160570ustar00millertstaff/* * Copyright (c) 2007-2010, 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef _SUDO_USAGE_H #define _SUDO_USAGE_H /* * Usage strings for sudo. These are here because we * need to be able to substitute values from configure. */ #define SUDO_USAGE1 " -h | -K | -k | -V" #define SUDO_USAGE2 " -v [-AknS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-u user]" #define SUDO_USAGE3 " -l [-AknS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-U user] [-u user] [command]" #define SUDO_USAGE4 " [-AbEHknPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-u user] [VAR=value] [-i|-s] []" #define SUDO_USAGE5 " -e [-AknS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-u user] file ..." /* * Configure script arguments used to build sudo. */ #define CONFIGURE_ARGS "@CONFIGURE_ARGS@" #endif /* _SUDO_USAGE_H */ sudo-1.8.9p5/src/tgetpass.c010064400175440000012000000212651226304126500151400ustar00millertstaff/* * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #ifdef __TANDEM # include #endif #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #include #include "sudo.h" #include "sudo_plugin.h" static volatile sig_atomic_t signo[NSIG]; static void tgetpass_handler(int); static char *getln(int, char *, size_t, int); static char *sudo_askpass(const char *, const char *); /* * Like getpass(3) but with timeout and echo flags. */ char * tgetpass(const char *prompt, int timeout, int flags) { sigaction_t sa, savealrm, saveint, savehup, savequit, saveterm; sigaction_t savetstp, savettin, savettou, savepipe; char *pass; static const char *askpass; static char buf[SUDO_CONV_REPL_MAX + 1]; int i, input, output, save_errno, neednl = 0, need_restart; debug_decl(tgetpass, SUDO_DEBUG_CONV) (void) fflush(stdout); if (askpass == NULL) { askpass = getenv_unhooked("SUDO_ASKPASS"); if (askpass == NULL || *askpass == '\0') askpass = sudo_conf_askpass_path(); } /* If no tty present and we need to disable echo, try askpass. */ if (!ISSET(flags, TGP_STDIN|TGP_ECHO|TGP_ASKPASS|TGP_NOECHO_TRY) && !tty_present()) { if (askpass == NULL || getenv_unhooked("DISPLAY") == NULL) { warningx(U_("no tty present and no askpass program specified")); debug_return_str(NULL); } SET(flags, TGP_ASKPASS); } /* If using a helper program to get the password, run it instead. */ if (ISSET(flags, TGP_ASKPASS)) { if (askpass == NULL || *askpass == '\0') fatalx(U_("no askpass program specified, try setting SUDO_ASKPASS")); debug_return_str_masked(sudo_askpass(askpass, prompt)); } restart: for (i = 0; i < NSIG; i++) signo[i] = 0; pass = NULL; save_errno = 0; need_restart = 0; /* Open /dev/tty for reading/writing if possible else use stdin/stderr. */ if (ISSET(flags, TGP_STDIN) || (input = output = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) { input = STDIN_FILENO; output = STDERR_FILENO; } /* * If we are using a tty but are not the foreground pgrp this will * generate SIGTTOU, so do it *before* installing the signal handlers. */ if (!ISSET(flags, TGP_ECHO)) { if (ISSET(flags, TGP_MASK)) neednl = term_cbreak(input); else neednl = term_noecho(input); } /* * Catch signals that would otherwise cause the user to end * up with echo turned off in the shell. */ memset(&sa, 0, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_flags = SA_INTERRUPT; /* don't restart system calls */ sa.sa_handler = tgetpass_handler; (void) sigaction(SIGALRM, &sa, &savealrm); (void) sigaction(SIGINT, &sa, &saveint); (void) sigaction(SIGHUP, &sa, &savehup); (void) sigaction(SIGQUIT, &sa, &savequit); (void) sigaction(SIGTERM, &sa, &saveterm); (void) sigaction(SIGTSTP, &sa, &savetstp); (void) sigaction(SIGTTIN, &sa, &savettin); (void) sigaction(SIGTTOU, &sa, &savettou); /* Ignore SIGPIPE in case stdin is a pipe and TGP_STDIN is set */ sa.sa_handler = SIG_IGN; (void) sigaction(SIGPIPE, &sa, &savepipe); if (prompt) { if (write(output, prompt, strlen(prompt)) == -1) goto restore; } if (timeout > 0) alarm(timeout); pass = getln(input, buf, sizeof(buf), ISSET(flags, TGP_MASK)); alarm(0); save_errno = errno; if (neednl || pass == NULL) { if (write(output, "\n", 1) == -1) goto restore; } restore: /* Restore old tty settings and signals. */ if (!ISSET(flags, TGP_ECHO)) term_restore(input, 1); (void) sigaction(SIGALRM, &savealrm, NULL); (void) sigaction(SIGINT, &saveint, NULL); (void) sigaction(SIGHUP, &savehup, NULL); (void) sigaction(SIGQUIT, &savequit, NULL); (void) sigaction(SIGTERM, &saveterm, NULL); (void) sigaction(SIGTSTP, &savetstp, NULL); (void) sigaction(SIGTTIN, &savettin, NULL); (void) sigaction(SIGTTOU, &savettou, NULL); (void) sigaction(SIGTTOU, &savepipe, NULL); if (input != STDIN_FILENO) (void) close(input); /* * If we were interrupted by a signal, resend it to ourselves * now that we have restored the signal handlers. */ for (i = 0; i < NSIG; i++) { if (signo[i]) { kill(getpid(), i); switch (i) { case SIGTSTP: case SIGTTIN: case SIGTTOU: need_restart = 1; break; } } } if (need_restart) goto restart; if (save_errno) errno = save_errno; debug_return_str_masked(pass); } /* * Fork a child and exec sudo-askpass to get the password from the user. */ static char * sudo_askpass(const char *askpass, const char *prompt) { static char buf[SUDO_CONV_REPL_MAX + 1], *pass; sigaction_t sa, saved_sa_pipe; int pfd[2]; pid_t pid; debug_decl(sudo_askpass, SUDO_DEBUG_CONV) if (pipe(pfd) == -1) fatal(U_("unable to create pipe")); if ((pid = fork()) == -1) fatal(U_("unable to fork")); if (pid == 0) { /* child, point stdout to output side of the pipe and exec askpass */ if (dup2(pfd[1], STDOUT_FILENO) == -1) { warning("dup2"); _exit(255); } if (setuid(ROOT_UID) == -1) warning("setuid(%d)", ROOT_UID); if (setgid(user_details.gid)) { warning(U_("unable to set gid to %u"), (unsigned int)user_details.gid); _exit(255); } if (setuid(user_details.uid)) { warning(U_("unable to set uid to %u"), (unsigned int)user_details.uid); _exit(255); } closefrom(STDERR_FILENO + 1); execl(askpass, askpass, prompt, (char *)NULL); warning(U_("unable to run %s"), askpass); _exit(255); } /* Ignore SIGPIPE in case child exits prematurely */ memset(&sa, 0, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_flags = SA_INTERRUPT; sa.sa_handler = SIG_IGN; (void) sigaction(SIGPIPE, &sa, &saved_sa_pipe); /* Get response from child (askpass) and restore SIGPIPE handler */ (void) close(pfd[1]); pass = getln(pfd[0], buf, sizeof(buf), 0); (void) close(pfd[0]); (void) sigaction(SIGPIPE, &saved_sa_pipe, NULL); if (pass == NULL) errno = EINTR; /* make cancel button simulate ^C */ debug_return_str_masked(pass); } extern int term_erase, term_kill; static char * getln(int fd, char *buf, size_t bufsiz, int feedback) { size_t left = bufsiz; ssize_t nr = -1; char *cp = buf; char c = '\0'; debug_decl(getln, SUDO_DEBUG_CONV) if (left == 0) { errno = EINVAL; debug_return_str(NULL); /* sanity */ } while (--left) { nr = read(fd, &c, 1); if (nr != 1 || c == '\n' || c == '\r') break; if (feedback) { if (c == term_kill) { while (cp > buf) { if (write(fd, "\b \b", 3) == -1) break; --cp; } left = bufsiz; continue; } else if (c == term_erase) { if (cp > buf) { if (write(fd, "\b \b", 3) == -1) break; --cp; left++; } continue; } ignore_result(write(fd, "*", 1)); } *cp++ = c; } *cp = '\0'; if (feedback) { /* erase stars */ while (cp > buf) { if (write(fd, "\b \b", 3) == -1) break; --cp; } } debug_return_str_masked(nr == 1 ? buf : NULL); } static void tgetpass_handler(int s) { if (s != SIGALRM) signo[s] = 1; } int tty_present(void) { int fd; debug_decl(tty_present, SUDO_DEBUG_UTIL) if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) != -1) close(fd); debug_return_bool(fd != -1); } sudo-1.8.9p5/src/ttyname.c010064400175440000012000000333611226502617700147760ustar00millertstaff/* * Copyright (c) 2012-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include /* Large files not supported by procfs.h */ #if defined(HAVE_PROCFS_H) || defined(HAVE_SYS_PROCFS_H) # undef _FILE_OFFSET_BITS # undef _LARGE_FILES #endif #include #include #if defined(MAJOR_IN_MKDEV) # include #elif defined(MAJOR_IN_SYSMACROS) # include #endif #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include #include #include #ifdef HAVE_DIRENT_H # include # define NAMLEN(dirent) strlen((dirent)->d_name) #else # define dirent direct # define NAMLEN(dirent) (dirent)->d_namlen # ifdef HAVE_SYS_NDIR_H # include # endif # ifdef HAVE_SYS_DIR_H # include # endif # ifdef HAVE_NDIR_H # include # endif #endif #if defined(HAVE_STRUCT_KINFO_PROC_P_TDEV) || defined (HAVE_STRUCT_KINFO_PROC_KP_EPROC_E_TDEV) || defined(HAVE_STRUCT_KINFO_PROC2_P_TDEV) # include # include #elif defined(HAVE_STRUCT_KINFO_PROC_KI_TDEV) # include # include # include #endif #if defined(HAVE_PROCFS_H) # include #elif defined(HAVE_SYS_PROCFS_H) # include #endif #ifdef HAVE_PSTAT_GETPROC # include # include #endif #include "sudo.h" /* * How to access the tty device number in struct kinfo_proc. */ #if defined(HAVE_STRUCT_KINFO_PROC2_P_TDEV) # define SUDO_KERN_PROC KERN_PROC2 # define sudo_kinfo_proc kinfo_proc2 # define sudo_kp_tdev p_tdev # define sudo_kp_namelen 6 #elif defined(HAVE_STRUCT_KINFO_PROC_P_TDEV) # define SUDO_KERN_PROC KERN_PROC # define sudo_kinfo_proc kinfo_proc # define sudo_kp_tdev p_tdev # define sudo_kp_namelen 6 #elif defined(HAVE_STRUCT_KINFO_PROC_KI_TDEV) # define SUDO_KERN_PROC KERN_PROC # define sudo_kinfo_proc kinfo_proc # define sudo_kp_tdev ki_tdev # define sudo_kp_namelen 4 #elif defined(HAVE_STRUCT_KINFO_PROC_KP_EPROC_E_TDEV) # define SUDO_KERN_PROC KERN_PROC # define sudo_kinfo_proc kinfo_proc # define sudo_kp_tdev kp_eproc.e_tdev # define sudo_kp_namelen 4 #endif #if defined(sudo_kp_tdev) /* * Like ttyname() but uses a dev_t instead of an open fd. * Caller is responsible for freeing the returned string. * The BSD version uses devname() */ static char * sudo_ttyname_dev(dev_t tdev) { char *dev, *tty = NULL; debug_decl(sudo_ttyname_dev, SUDO_DEBUG_UTIL) /* Some versions of devname() return NULL on failure, others do not. */ dev = devname(tdev, S_IFCHR); if (dev != NULL && *dev != '?' && *dev != '#') { if (*dev != '/') { /* devname() doesn't use the /dev/ prefix, add one... */ size_t len = sizeof(_PATH_DEV) + strlen(dev); tty = emalloc(len); strlcpy(tty, _PATH_DEV, len); strlcat(tty, dev, len); } else { /* Should not happen but just in case... */ tty = estrdup(dev); } } debug_return_str(tty); } #elif defined(HAVE__TTYNAME_DEV) extern char *_ttyname_dev(dev_t rdev, char *buffer, size_t buflen); /* * Like ttyname() but uses a dev_t instead of an open fd. * Caller is responsible for freeing the returned string. * This version is just a wrapper around _ttyname_dev(). */ static char * sudo_ttyname_dev(dev_t tdev) { char buf[TTYNAME_MAX], *tty; debug_decl(sudo_ttyname_dev, SUDO_DEBUG_UTIL) tty = _ttyname_dev(tdev, buf, sizeof(buf)); debug_return_str(estrdup(tty)); } #elif defined(HAVE_STRUCT_PSINFO_PR_TTYDEV) || defined(HAVE_PSTAT_GETPROC) || defined(__linux__) /* * Devices to search before doing a breadth-first scan. */ static char *search_devs[] = { "/dev/console", "/dev/wscons", "/dev/pts/", "/dev/vt/", "/dev/term/", "/dev/zcons/", NULL }; static char *ignore_devs[] = { "/dev/fd/", "/dev/stdin", "/dev/stdout", "/dev/stderr", NULL }; /* * Do a breadth-first scan of dir looking for the specified device. */ static char * sudo_ttyname_scan(const char *dir, dev_t rdev, bool builtin) { DIR *d = NULL; char pathbuf[PATH_MAX], **subdirs = NULL, *devname = NULL; size_t sdlen, d_len, len, num_subdirs = 0, max_subdirs = 0; struct dirent *dp; struct stat sb; unsigned int i; debug_decl(sudo_ttyname_scan, SUDO_DEBUG_UTIL) if (dir[0] == '\0' || (d = opendir(dir)) == NULL) goto done; sudo_debug_printf(SUDO_DEBUG_INFO, "scanning for dev %u in %s", (unsigned int)rdev, dir); sdlen = strlen(dir); if (dir[sdlen - 1] == '/') sdlen--; if (sdlen + 1 >= sizeof(pathbuf)) { errno = ENAMETOOLONG; warning("%.*s/", (int)sdlen, dir); goto done; } memcpy(pathbuf, dir, sdlen); pathbuf[sdlen++] = '/'; pathbuf[sdlen] = '\0'; while ((dp = readdir(d)) != NULL) { /* Skip anything starting with "." */ if (dp->d_name[0] == '.') continue; d_len = NAMLEN(dp); if (sdlen + d_len >= sizeof(pathbuf)) continue; memcpy(&pathbuf[sdlen], dp->d_name, d_len + 1); /* copy NUL too */ d_len += sdlen; for (i = 0; ignore_devs[i] != NULL; i++) { len = strlen(ignore_devs[i]); if (ignore_devs[i][len - 1] == '/') len--; if (d_len == len && strncmp(pathbuf, ignore_devs[i], len) == 0) break; } if (ignore_devs[i] != NULL) continue; if (!builtin) { /* Skip entries in search_devs; we already checked them. */ for (i = 0; search_devs[i] != NULL; i++) { len = strlen(search_devs[i]); if (search_devs[i][len - 1] == '/') len--; if (d_len == len && strncmp(pathbuf, search_devs[i], len) == 0) break; } if (search_devs[i] != NULL) continue; } # if defined(HAVE_STRUCT_DIRENT_D_TYPE) && defined(DTTOIF) /* * Convert dp->d_type to sb.st_mode to avoid a stat(2) if possible. * We can't use it for links (since we want to follow them) or * char devs (since we need st_rdev to compare the device number). */ if (dp->d_type != DT_UNKNOWN && dp->d_type != DT_LNK && dp->d_type != DT_CHR) sb.st_mode = DTTOIF(dp->d_type); else # endif if (stat(pathbuf, &sb) == -1) continue; if (S_ISDIR(sb.st_mode)) { if (!builtin) { /* Add to list of subdirs to search. */ if (num_subdirs + 1 > max_subdirs) { max_subdirs += 64; subdirs = erealloc3(subdirs, max_subdirs, sizeof(char *)); } subdirs[num_subdirs++] = estrdup(pathbuf); } continue; } if (S_ISCHR(sb.st_mode) && sb.st_rdev == rdev) { devname = estrdup(pathbuf); sudo_debug_printf(SUDO_DEBUG_INFO, "resolved dev %u as %s", (unsigned int)rdev, pathbuf); goto done; } } /* Search subdirs if we didn't find it in the root level. */ for (i = 0; devname == NULL && i < num_subdirs; i++) devname = sudo_ttyname_scan(subdirs[i], rdev, false); done: if (d != NULL) closedir(d); for (i = 0; i < num_subdirs; i++) efree(subdirs[i]); efree(subdirs); debug_return_str(devname); } /* * Like ttyname() but uses a dev_t instead of an open fd. * Caller is responsible for freeing the returned string. * Generic version. */ static char * sudo_ttyname_dev(dev_t rdev) { struct stat sb; size_t len; char buf[PATH_MAX], **sd, *devname, *tty = NULL; debug_decl(sudo_ttyname_dev, SUDO_DEBUG_UTIL) /* * First check search_devs for common tty devices. */ for (sd = search_devs; tty == NULL && (devname = *sd) != NULL; sd++) { len = strlen(devname); if (devname[len - 1] == '/') { if (strcmp(devname, "/dev/pts/") == 0) { /* Special case /dev/pts */ (void)snprintf(buf, sizeof(buf), "%spts/%u", _PATH_DEV, (unsigned int)minor(rdev)); if (stat(buf, &sb) == 0) { if (S_ISCHR(sb.st_mode) && sb.st_rdev == rdev) tty = estrdup(buf); } sudo_debug_printf(SUDO_DEBUG_INFO, "comparing dev %u to %s: %s", (unsigned int)rdev, buf, tty ? "yes" : "no"); } else { /* Traverse directory */ tty = sudo_ttyname_scan(devname, rdev, true); } } else { if (stat(devname, &sb) == 0) { if (S_ISCHR(sb.st_mode) && sb.st_rdev == rdev) tty = estrdup(devname); } } } /* * Not found? Do a breadth-first traversal of /dev/. */ if (tty == NULL) tty = sudo_ttyname_scan(_PATH_DEV, rdev, false); debug_return_str(tty); } #endif #if defined(sudo_kp_tdev) /* * Return a string from ttyname() containing the tty to which the process is * attached or NULL if the process has no controlling tty. */ char * get_process_ttyname(void) { char *tty = NULL; struct sudo_kinfo_proc *ki_proc = NULL; size_t size = sizeof(*ki_proc); int mib[6], rc; debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) /* * Lookup controlling tty for this process via sysctl. * This will work even if std{in,out,err} are redirected. */ mib[0] = CTL_KERN; mib[1] = SUDO_KERN_PROC; mib[2] = KERN_PROC_PID; mib[3] = (int)getpid(); mib[4] = sizeof(*ki_proc); mib[5] = 1; do { size += size / 10; ki_proc = erealloc(ki_proc, size); rc = sysctl(mib, sudo_kp_namelen, ki_proc, &size, NULL, 0); } while (rc == -1 && errno == ENOMEM); if (rc != -1) { if ((dev_t)ki_proc->sudo_kp_tdev != (dev_t)-1) { tty = sudo_ttyname_dev(ki_proc->sudo_kp_tdev); if (tty == NULL) { sudo_debug_printf(SUDO_DEBUG_WARN, "unable to map device number %u to name", ki_proc->sudo_kp_tdev); } } } else { sudo_debug_printf(SUDO_DEBUG_WARN, "unable to resolve tty via KERN_PROC: %s", strerror(errno)); } efree(ki_proc); debug_return_str(tty); } #elif defined(HAVE_STRUCT_PSINFO_PR_TTYDEV) /* * Return a string from ttyname() containing the tty to which the process is * attached or NULL if the process has no controlling tty. */ char * get_process_ttyname(void) { char path[PATH_MAX], *tty = NULL; struct psinfo psinfo; ssize_t nread; int fd; debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) /* Try to determine the tty from pr_ttydev in /proc/pid/psinfo. */ snprintf(path, sizeof(path), "/proc/%u/psinfo", (unsigned int)getpid()); if ((fd = open(path, O_RDONLY, 0)) != -1) { nread = read(fd, &psinfo, sizeof(psinfo)); close(fd); if (nread == (ssize_t)sizeof(psinfo)) { dev_t rdev = (dev_t)psinfo.pr_ttydev; #if defined(_AIX) && defined(DEVNO64) if (psinfo.pr_ttydev & DEVNO64) rdev = makedev(major64(psinfo.pr_ttydev), minor64(psinfo.pr_ttydev)); #endif if (rdev != (dev_t)-1) tty = sudo_ttyname_dev(rdev); } } debug_return_str(tty); } #elif defined(__linux__) /* * Return a string from ttyname() containing the tty to which the process is * attached or NULL if the process has no controlling tty. */ char * get_process_ttyname(void) { char path[PATH_MAX], *line = NULL, *tty = NULL; size_t linesize = 0; ssize_t len; FILE *fp; debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) /* Try to determine the tty from tty_nr in /proc/pid/stat. */ snprintf(path, sizeof(path), "/proc/%u/stat", (unsigned int)getpid()); if ((fp = fopen(path, "r")) != NULL) { len = getline(&line, &linesize, fp); fclose(fp); if (len != -1) { /* Field 7 is the tty dev (0 if no tty) */ char *cp = line; char *ep = line; const char *errstr; int field = 0; while (*++ep != '\0') { if (*ep == ' ') { *ep = '\0'; if (++field == 7) { dev_t tdev = strtonum(cp, INT_MIN, INT_MAX, &errstr); if (errstr) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "%s: tty device %s: %s", path, cp, errstr); } if (tdev > 0) tty = sudo_ttyname_dev(tdev); break; } cp = ep + 1; } } } efree(line); } debug_return_str(tty); } #elif defined(HAVE_PSTAT_GETPROC) /* * Return a string from ttyname() containing the tty to which the process is * attached or NULL if the process has no controlling tty. */ char * get_process_ttyname(void) { struct pst_status pstat; char *tty = NULL; int rc; debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) /* * Determine the tty from psdev in struct pst_status. * We may get EOVERFLOW if the whole thing doesn't fit but that is OK. */ rc = pstat_getproc(&pstat, sizeof(pstat), (size_t)0, (int)getpid()); if (rc != -1 || errno == EOVERFLOW) { if (pstat.pst_term.psd_major != -1 && pstat.pst_term.psd_minor != -1) { tty = sudo_ttyname_dev(makedev(pstat.pst_term.psd_major, pstat.pst_term.psd_minor)); } } debug_return_str(tty); } #else /* * Return a string from ttyname() containing the tty to which the process is * attached or NULL if the process has no controlling tty. */ char * get_process_ttyname(void) { char *tty; debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) if ((tty = ttyname(STDIN_FILENO)) == NULL) { if ((tty = ttyname(STDOUT_FILENO)) == NULL) tty = ttyname(STDERR_FILENO); } debug_return_str(estrdup(tty)); } #endif sudo-1.8.9p5/src/utmp.c010064400175440000012000000240371226304126500142730ustar00millertstaff/* * Copyright (c) 2011-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include # endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef TIME_WITH_SYS_TIME # include #endif #ifdef HAVE_UTMPX_H # include #else # include #endif /* HAVE_UTMPX_H */ #ifdef HAVE_GETTTYENT # include #endif #include #include #include "sudo.h" #include "sudo_exec.h" /* * Simplify handling of utmp vs. utmpx */ #if !defined(HAVE_GETUTXID) && defined(HAVE_GETUTID) # define getutxline(u) getutline(u) # define pututxline(u) pututline(u) # define setutxent() setutent() # define endutxent() endutent() #endif /* !HAVE_GETUTXID && HAVE_GETUTID */ #ifdef HAVE_GETUTXID typedef struct utmpx sudo_utmp_t; #else typedef struct utmp sudo_utmp_t; /* Older systems have ut_name, not us_user */ # if !defined(HAVE_STRUCT_UTMP_UT_USER) && !defined(ut_user) # define ut_user ut_name # endif #endif /* HP-UX has __e_termination and __e_exit, others lack the __ */ #if defined(HAVE_STRUCT_UTMPX_UT_EXIT_E_TERMINATION) || defined(HAVE_STRUCT_UTMP_UT_EXIT_E_TERMINATION) # undef __e_termination # define __e_termination e_termination # undef __e_exit # define __e_exit e_exit #endif #if defined(HAVE_GETUTXID) || defined(HAVE_GETUTID) /* * Create ut_id from the new ut_line and the old ut_id. */ static void utmp_setid(sudo_utmp_t *old, sudo_utmp_t *new) { const char *line = new->ut_line; size_t idlen; debug_decl(utmp_setid, SUDO_DEBUG_UTMP) /* Skip over "tty" in the id if old entry did too. */ if (old != NULL) { if (strncmp(line, "tty", 3) == 0) { idlen = MIN(sizeof(old->ut_id), 3); if (strncmp(old->ut_id, "tty", idlen) != 0) line += 3; } } /* Store as much as will fit, skipping parts of the beginning as needed. */ idlen = strlen(line); if (idlen > sizeof(new->ut_id)) { line += idlen - sizeof(new->ut_id); idlen = sizeof(new->ut_id); } strncpy(new->ut_id, line, idlen); debug_return; } #endif /* HAVE_GETUTXID || HAVE_GETUTID */ /* * Store time in utmp structure. */ static void utmp_settime(sudo_utmp_t *ut) { struct timeval tv; debug_decl(utmp_settime, SUDO_DEBUG_UTMP) gettimeofday(&tv, NULL); #if defined(HAVE_STRUCT_UTMP_UT_TV) || defined(HAVE_STRUCT_UTMPX_UT_TV) ut->ut_tv.tv_sec = tv.tv_sec; ut->ut_tv.tv_usec = tv.tv_usec; #else ut->ut_time = tv.tv_sec; #endif debug_return; } /* * Fill in a utmp entry, using an old entry as a template if there is one. */ static void utmp_fill(const char *line, const char *user, sudo_utmp_t *ut_old, sudo_utmp_t *ut_new) { debug_decl(utmp_file, SUDO_DEBUG_UTMP) if (ut_old == NULL) { memset(ut_new, 0, sizeof(*ut_new)); if (user == NULL) { strncpy(ut_new->ut_user, user_details.username, sizeof(ut_new->ut_user)); } } else if (ut_old != ut_new) { memcpy(ut_new, ut_old, sizeof(*ut_new)); } if (user != NULL) strncpy(ut_new->ut_user, user, sizeof(ut_new->ut_user)); strncpy(ut_new->ut_line, line, sizeof(ut_new->ut_line)); #if defined(HAVE_STRUCT_UTMPX_UT_ID) || defined(HAVE_STRUCT_UTMP_UT_ID) utmp_setid(ut_old, ut_new); #endif #if defined(HAVE_STRUCT_UTMPX_UT_PID) || defined(HAVE_STRUCT_UTMP_UT_PID) ut_new->ut_pid = getpid(); #endif utmp_settime(ut_new); #if defined(HAVE_STRUCT_UTMPX_UT_TYPE) || defined(HAVE_STRUCT_UTMP_UT_TYPE) ut_new->ut_type = USER_PROCESS; #endif debug_return; } /* * There are two basic utmp file types: * * POSIX: sequential access with new entries appended to the end. * Manipulated via {get,put}utent()/{get,put}getutxent(). * * Legacy: sparse file indexed by ttyslot() * sizeof(struct utmp) */ #if defined(HAVE_GETUTXID) || defined(HAVE_GETUTID) bool utmp_login(const char *from_line, const char *to_line, int ttyfd, const char *user) { sudo_utmp_t utbuf, *ut_old = NULL; bool rval = false; debug_decl(utmp_login, SUDO_DEBUG_UTMP) /* Strip off /dev/ prefix from line as needed. */ if (strncmp(to_line, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) to_line += sizeof(_PATH_DEV) - 1; setutxent(); if (from_line != NULL) { if (strncmp(from_line, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) from_line += sizeof(_PATH_DEV) - 1; /* Lookup old line. */ memset(&utbuf, 0, sizeof(utbuf)); strncpy(utbuf.ut_line, from_line, sizeof(utbuf.ut_line)); ut_old = getutxline(&utbuf); } utmp_fill(to_line, user, ut_old, &utbuf); if (pututxline(&utbuf) != NULL) rval = true; endutxent(); debug_return_bool(rval); } bool utmp_logout(const char *line, int status) { bool rval = false; sudo_utmp_t *ut, utbuf; debug_decl(utmp_logout, SUDO_DEBUG_UTMP) /* Strip off /dev/ prefix from line as needed. */ if (strncmp(line, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) line += sizeof(_PATH_DEV) - 1; memset(&utbuf, 0, sizeof(utbuf)); strncpy(utbuf.ut_line, line, sizeof(utbuf.ut_line)); if ((ut = getutxline(&utbuf)) != NULL) { memset(ut->ut_user, 0, sizeof(ut->ut_user)); # if defined(HAVE_STRUCT_UTMPX_UT_TYPE) || defined(HAVE_STRUCT_UTMP_UT_TYPE) ut->ut_type = DEAD_PROCESS; # endif # if defined(HAVE_STRUCT_UTMPX_UT_EXIT) || defined(HAVE_STRUCT_UTMP_UT_EXIT) ut->ut_exit.__e_exit = WEXITSTATUS(status); ut->ut_exit.__e_termination = WIFEXITED(status) ? WEXITSTATUS(status) : 0; # endif utmp_settime(ut); if (pututxline(ut) != NULL) rval = true; } debug_return_bool(rval); } #else /* !HAVE_GETUTXID && !HAVE_GETUTID */ /* * Find the slot for the specified line (tty name and file descriptor). * Returns a slot suitable for seeking into utmp on success or <= 0 on error. * If getttyent() is available we can use that to compute the slot. */ # ifdef HAVE_GETTTYENT static int utmp_slot(const char *line, int ttyfd) { int slot = 1; struct ttyent *tty; debug_decl(utmp_slot, SUDO_DEBUG_UTMP) setttyent(); while ((tty = getttyent()) != NULL) { if (strcmp(line, tty->ty_name) == 0) break; slot++; } endttyent(); debug_return_int(tty ? slot : 0); } # else static int utmp_slot(const char *line, int ttyfd) { int sfd, slot; debug_decl(utmp_slot, SUDO_DEBUG_UTMP) /* * Temporarily point stdin to the tty since ttyslot() * doesn't take an argument. */ if ((sfd = dup(STDIN_FILENO)) == -1) fatal(U_("unable to save stdin")); if (dup2(ttyfd, STDIN_FILENO) == -1) fatal(U_("unable to dup2 stdin")); slot = ttyslot(); if (dup2(sfd, STDIN_FILENO) == -1) fatal(U_("unable to restore stdin")); close(sfd); debug_return_int(slot); } # endif /* HAVE_GETTTYENT */ bool utmp_login(const char *from_line, const char *to_line, int ttyfd, const char *user) { sudo_utmp_t utbuf, *ut_old = NULL; bool rval = false; int slot; FILE *fp; debug_decl(utmp_login, SUDO_DEBUG_UTMP) /* Strip off /dev/ prefix from line as needed. */ if (strncmp(to_line, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) to_line += sizeof(_PATH_DEV) - 1; /* Find slot for new entry. */ slot = utmp_slot(to_line, ttyfd); if (slot <= 0) goto done; if ((fp = fopen(_PATH_UTMP, "r+")) == NULL) goto done; if (from_line != NULL) { if (strncmp(from_line, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) from_line += sizeof(_PATH_DEV) - 1; /* Lookup old line. */ while (fread(&utbuf, sizeof(utbuf), 1, fp) == 1) { # ifdef HAVE_STRUCT_UTMP_UT_ID if (utbuf.ut_type != LOGIN_PROCESS && utbuf.ut_type != USER_PROCESS) continue; # endif if (utbuf.ut_user[0] && !strncmp(utbuf.ut_line, from_line, sizeof(utbuf.ut_line))) { ut_old = &utbuf; break; } } } utmp_fill(to_line, user, ut_old, &utbuf); #ifdef HAVE_FSEEKO if (fseeko(fp, slot * (off_t)sizeof(utbuf), SEEK_SET) == 0) { #else if (fseek(fp, slot * (long)sizeof(utbuf), SEEK_SET) == 0) { #endif if (fwrite(&utbuf, sizeof(utbuf), 1, fp) == 1) rval = true; } fclose(fp); done: debug_return_bool(rval); } bool utmp_logout(const char *line, int status) { sudo_utmp_t utbuf; bool rval = false; FILE *fp; debug_decl(utmp_logout, SUDO_DEBUG_UTMP) if ((fp = fopen(_PATH_UTMP, "r+")) == NULL) debug_return_int(rval); /* Strip off /dev/ prefix from line as needed. */ if (strncmp(line, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) line += sizeof(_PATH_DEV) - 1; while (fread(&utbuf, sizeof(utbuf), 1, fp) == 1) { if (!strncmp(utbuf.ut_line, line, sizeof(utbuf.ut_line))) { memset(utbuf.ut_user, 0, sizeof(utbuf.ut_user)); # if defined(HAVE_STRUCT_UTMP_UT_TYPE) utbuf.ut_type = DEAD_PROCESS; # endif utmp_settime(&utbuf); /* Back up and overwrite record. */ #ifdef HAVE_FSEEKO if (fseeko(fp, (off_t)0 - (off_t)sizeof(utbuf), SEEK_CUR) == 0) { #else if (fseek(fp, 0L - (long)sizeof(utbuf), SEEK_CUR) == 0) { #endif if (fwrite(&utbuf, sizeof(utbuf), 1, fp) == 1) rval = true; } break; } } fclose(fp); debug_return_bool(rval); } #endif /* HAVE_GETUTXID || HAVE_GETUTID */ sudo-1.8.9p5/sudo.pp010064400175440000012000000307371226304126500136720ustar00millertstaff%set if test -n "$flavor"; then name="sudo-$flavor" pp_kit_package="sudo_$flavor" else name="sudo" pp_kit_package="sudo" fi summary="Provide limited super-user privileges to specific users" description="Sudo is a program designed to allow a sysadmin to give \ limited root privileges to users and log root activity. \ The basic philosophy is to give as few privileges as possible but \ still allow people to get their work done." vendor="Todd C. Miller" copyright="(c) 1993-1996,1998-2013 Todd C. Miller" sudoedit_man=`echo ${pp_destdir}$mandir/*/sudoedit.*|sed "s:^${pp_destdir}::"` sudoedit_man_target=`basename $sudoedit_man | sed 's/edit//'` %if [aix] # AIX package summary is limited to 40 characters summary="Configurable super-user privileges" # Convert to 4 part version for AIX, including patch level pp_aix_version=`echo $version|sed -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)p\([0-9]*\)$/\1.\2/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)[^0-9\.].*$/\1/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)$/\1.0/'` %endif %if [kit] # Strip off patchlevel for kit which only supports xyz versions pp_kit_version="`echo $version|sed -e 's/\.//g' -e 's/[^0-9][^0-9]*[0-9][0-9]*$//'`" pp_kit_name="TCM" %endif %if [sd] pp_sd_vendor_tag="TCM" %endif %if [solaris] pp_solaris_name="TCM${name}" pp_solaris_pstamp=`/usr/bin/date "+%B %d, %Y"` %endif %if [rpm,deb] # Convert patch level into release and remove from version pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)' \| 0 \) + 1`" pp_rpm_version="`expr $version : '\(.*\)p[0-9][0-9]*'`" pp_rpm_license="BSD" pp_rpm_url="http://www.sudo.ws/" pp_rpm_group="Applications/System" pp_rpm_packager="Todd C. Miller " if test -n "$linux_audit"; then pp_rpm_requires="audit-libs >= $linux_audit" fi %else # For all but RPM and Debian we need to install sudoers with a different # name and make a copy of it if there is no existing file. mv ${pp_destdir}$sudoersdir/sudoers ${pp_destdir}$sudoersdir/sudoers.dist %endif %if [deb] pp_deb_maintainer="$pp_rpm_packager" pp_deb_release="$pp_rpm_release" pp_deb_version="$pp_rpm_version" pp_deb_section=admin install -D -m 644 ${pp_destdir}$docdir/LICENSE ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright install -D -m 644 ${pp_destdir}$docdir/ChangeLog ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog printf "$name ($pp_deb_version-$pp_deb_release) admin; urgency=low\n\n * see upstream changelog\n\n -- $pp_deb_maintainer `date '+%a, %d %b %Y %T %z'`\n" > ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian chmod 644 ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian # Create lintian override file mkdir -p ${pp_wrkdir}/${name}/usr/share/lintian/overrides cat >${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name} <<-EOF # The sudo binary must be setuid root $name: setuid-binary usr/bin/sudo 4755 root/root # Sudo configuration and data dirs must not be world-readable $name: non-standard-file-perm etc/sudoers 0440 != 0644 $name: non-standard-dir-perm etc/sudoers.d/ 0750 != 0755 $name: non-standard-dir-perm var/lib/sudo/ 0700 != 0755 # Sudo ships with debugging symbols $name: unstripped-binary-or-object EOF chmod 644 ${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name} %endif %if [rpm] # Add distro info to release osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'` case "$pp_rpm_distro" in centos*|rhel*) pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}" ;; sles*) pp_rpm_release="$pp_rpm_release.sles$osrelease" ;; esac # Uncomment some Defaults in sudoers # Note that the order must match that of sudoers. case "$pp_rpm_distro" in centos*|rhel*) chmod u+w ${pp_destdir}${sudoersdir}/sudoers /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' /Locale settings/+1,s/^# // /Desktop path settings/+1,s/^# // w q EOF chmod u-w ${pp_destdir}${sudoersdir}/sudoers ;; sles*) chmod u+w ${pp_destdir}${sudoersdir}/sudoers /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' /Locale settings/+1,s/^# // /ConsoleKit session/+1,s/^# // /allow any user to run sudo if they know the password/+2,s/^# // /allow any user to run sudo if they know the password/+3,s/^# // w q EOF chmod u-w ${pp_destdir}${sudoersdir}/sudoers ;; esac # For RedHat the doc dir is expected to include version and release case "$pp_rpm_distro" in centos*|rhel*) mv ${pp_destdir}/${docdir} ${pp_destdir}/${docdir}-${version}-${pp_rpm_release} docdir=${docdir}-${version}-${pp_rpm_release} ;; esac # Choose the correct PAM file by distro, must be tab indented for "<<-" case "$pp_rpm_distro" in centos*|rhel*) mkdir -p ${pp_destdir}/etc/pam.d if test $osrelease -lt 50; then cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF #%PAM-1.0 auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_limits.so EOF else cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF #%PAM-1.0 auth include system-auth account include system-auth password include system-auth session optional pam_keyinit.so revoke session required pam_limits.so EOF cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF #%PAM-1.0 auth include sudo account include sudo password include sudo session optional pam_keyinit.so force revoke session required pam_limits.so EOF fi ;; sles*) mkdir -p ${pp_destdir}/etc/pam.d if test $osrelease -lt 10; then cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF #%PAM-1.0 auth required pam_unix2.so session required pam_limits.so EOF else cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF #%PAM-1.0 auth include common-auth account include common-account password include common-password session include common-session # session optional pam_xauth.so EOF fi ;; esac %endif %if [deb] # Uncomment some Defaults and the %sudo rule in sudoers # Note that the order must match that of sudoers and be tab-indented. chmod u+w ${pp_destdir}${sudoersdir}/sudoers /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' /Locale settings/+1,s/^# // /X11 resource/+1,s/^# // /^# \%sudo/,s/^# // w q EOF chmod u-w ${pp_destdir}${sudoersdir}/sudoers mkdir -p ${pp_destdir}/etc/pam.d cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF #%PAM-1.0 @include common-auth @include common-account session required pam_permit.so session required pam_limits.so EOF %endif %if [macos] pp_macos_pkg_type=flat pp_macos_bundle_id=ws.sudo.pkg.sudo pp_macos_pkg_license=doc/LICENSE pp_macos_pkg_readme=${pp_wrkdir}/ReadMe.txt perl -pe 'last if (/^What/i && $seen++)' NEWS > ${pp_wrkdir}/ReadMe.txt %endif %if X"$aix_freeware" = X"true" # Create links from /opt/freeware/{bin,sbin} -> /usr/{bin.sbin} mkdir -p ${pp_destdir}/usr/bin ${pp_destdir}/usr/sbin ln -s -f ${bindir}/sudo ${pp_destdir}/usr/bin ln -s -f ${bindir}/sudoedit ${pp_destdir}/usr/bin ln -s -f ${bindir}/sudoreplay ${pp_destdir}/usr/bin ln -s -f ${sbindir}/visudo ${pp_destdir}/usr/sbin %endif # OS-level directories that should generally exist but might not. extradirs=`echo ${pp_destdir}/${mandir}/[mc]* | sed "s#${pp_destdir}/##g"` extradirs="$extradirs `dirname $docdir` `dirname $timedir`" test -d ${pp_destdir}${localedir} && extradirs="$extradirs $localedir" test -d ${pp_destdir}/etc/pam.d && extradirs="${extradirs} /etc/pam.d" for dir in $bindir $sbindir $libexecdir $includedir $extradirs; do while test "$dir" != "/"; do osdirs="${osdirs}${osdirs+ }$dir/" dir=`dirname $dir` done done osdirs=`echo $osdirs | tr " " "\n" | sort -u` %depend [deb] libc6, libpam0g, libpam-modules, zlib1g, libselinux1 %fixup [deb] # Add Conflicts, Replaces headers and add libldap depedency as needed. if test -z "%{flavor}"; then echo "Conflicts: sudo-ldap" >> %{pp_wrkdir}/%{name}/DEBIAN/control echo "Replaces: sudo-ldap" >> %{pp_wrkdir}/%{name}/DEBIAN/control elif test "%{flavor}" = "ldap"; then echo "Conflicts: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control echo "Replaces: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control echo "Provides: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control cp -p %{pp_wrkdir}/%{name}/DEBIAN/control %{pp_wrkdir}/%{name}/DEBIAN/control.$$ sed 's/^\(Depends:.*\) *$/\1, libldap-2.4-2/' %{pp_wrkdir}/%{name}/DEBIAN/control.$$ > %{pp_wrkdir}/%{name}/DEBIAN/control rm -f %{pp_wrkdir}/%{name}/DEBIAN/control.$$ fi echo "Homepage: http://www.sudo.ws/sudo/" >> %{pp_wrkdir}/%{name}/DEBIAN/control echo "Bugs: http://www.sudo.ws/bugs/" >> %{pp_wrkdir}/%{name}/DEBIAN/control %files $osdirs - $bindir/sudo 4755 root: $bindir/sudoedit 0755 root: symlink sudo $sbindir/visudo 0755 $bindir/sudoreplay 0755 $includedir/sudo_plugin.h 0644 $libexecdir/sudo/ 0755 $libexecdir/sudo/sesh 0755 optional,ignore-others $libexecdir/sudo/* $shlib_mode optional $sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid $timedir/ 0700 root: $docdir/ 0755 $docdir/sudoers2ldif 0755 optional,ignore-others %if [deb] $docdir/LICENSE ignore,ignore-others $docdir/ChangeLog ignore,ignore-others %endif $docdir/* 0644 $localedir/*/ - optional $localedir/*/LC_MESSAGES/ - optional $localedir/*/LC_MESSAGES/* 0644 optional /etc/pam.d/* 0644 volatile,optional %if [rpm,deb] $sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile %else $sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid volatile %endif %if X"$aix_freeware" = X"true" # Links for binaries from /opt/freeware to /usr /usr/bin/sudo 0755 root: symlink $bindir/sudo /usr/bin/sudoedit 0755 root: symlink $bindir/sudoedit /usr/bin/sudoreplay 0755 root: symlink $bindir/sudoreplay /usr/sbin/visudo 0755 root: symlink $sbindir/visudo %endif %files [!aix] $sudoedit_man 0644 symlink,ignore-others $sudoedit_man_target $mandir/man*/* 0644 %files [aix] # Some versions use catpages, some use manpages. $sudoedit_man 0644 symlink,ignore-others $sudoedit_man_target $mandir/cat*/* 0644 optional $mandir/man*/* 0644 optional %pre [aix] if rpm -q %{name} >/dev/null 2>&1; then echo "Another version of sudo is currently installed via rpm." 2>&1 echo "Please either uninstall the rpm version of sudo by running \"rpm -e sudo\"" 2>&1 echo "or upgrade the existing version of sudo using the .rpm packagae instead" 2>&1 echo "instead of the .bff package." 2>&1 echo "" 2>&1 echo "Note that you may need to pass rpm the --oldpackage flag when upgrading" 2>&1 echo "the AIX Toolbox version of sudo to the latest sudo rpm from sudo.ws." 2>&1 echo "" 2>&1 exit 1 fi %post [!rpm,deb] # Don't overwrite an existing sudoers file %if [solaris] sudoersdir=${PKG_INSTALL_ROOT}%{sudoersdir} %else sudoersdir=%{sudoersdir} %endif if test ! -r $sudoersdir/sudoers; then cp $sudoersdir/sudoers.dist $sudoersdir/sudoers chmod %{sudoers_mode} $sudoersdir/sudoers chown %{sudoers_uid} $sudoersdir/sudoers chgrp %{sudoers_gid} $sudoersdir/sudoers fi %post [deb] set -e # dpkg-deb does not maintain the mode on the sudoers file, and # installs it 0640 when sudo requires 0440 chmod %{sudoers_mode} %{sudoersdir}/sudoers # create symlink to ease transition to new path for ldap config # if old config file exists and new one doesn't if test X"%{flavor}" = X"ldap" -a \ -r /etc/ldap/ldap.conf -a ! -r /etc/sudo-ldap.conf; then ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf fi # Debian uses a sudo group in its default sudoers file perl -e ' exit 0 if getgrnam("sudo"); $gid = 27; # default debian sudo gid setgrent(); while (getgrgid($gid)) { $gid++; } if ($gid != 27) { print "On Debian we normally use gid 27 for \"sudo\".\n"; $gname = getgrgid(27); print "However, on your system gid 27 is group \"$gname\".\n\n"; print "Would you like me to stop configuring sudo so that you can change this? [n] "; $ans = ; if ($ans =~ /^[yY]/) { print "\"dpkg --pending --configure\" will restart the configuration.\n\n"; exit 1; } } print "Creating group \"sudo\" with gid = $gid\n"; system("groupadd -g $gid sudo"); exit 0; ' %preun [deb] set -e # Remove the /etc/ldap/ldap.conf -> /etc/sudo-ldap.conf symlink if # it matches what we created in the postinstall script. if test X"%{flavor}" = X"ldap" -a \ X"`readlink /etc/sudo-ldap.conf 2>/dev/null`" = X"/etc/ldap/ldap.conf"; then rm -f /etc/sudo-ldap.conf fi sudo-1.8.9p5/zlib/Makefile.in010064400175440000012000000117301226304126500153540ustar00millertstaff# # Copyright (c) 2011 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # @configure_input@ # #### Start of system configuration section. #### srcdir = @srcdir@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ cross_compiling = @CROSS_COMPILING@ # Compiler & tools to use CC = @CC@ LIBTOOL = @LIBTOOL@ # C preprocessor flags CPPFLAGS = -I. -I$(srcdir) # Usually -O and/or -g CFLAGS = @CFLAGS@ # OS dependent defines DEFS = @OSDEFS@ @NO_VIZ@ #### End of system configuration section. #### SHELL = @SHELL@ LTOBJS = adler32.lo compress.lo crc32.lo deflate.lo gzclose.lo gzlib.lo \ gzread.lo gzwrite.lo infback.lo inffast.lo inflate.lo inftrees.lo \ trees.lo uncompr.lo zutil.lo all: libz.la Makefile: $(srcdir)/Makefile.in (cd $(top_builddir) && ./config.status --file zlib/Makefile) .SUFFIXES: .c .h .lo .c.lo: $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $< libz.la: $(LTOBJS) $(LIBTOOL) --mode=link $(CC) -o $@ $(LTOBJS) -no-install pre-install: install: install-dirs: install-binaries: install-includes: install-doc: install-plugin: uninstall: check: clean: -$(LIBTOOL) --mode=clean rm -f *.lo *.o *.la *.a stamp-* core *.core core.* mostlyclean: clean distclean: clean -rm -rf Makefile .libs zconf.h clobber: distclean realclean: distclean rm -f TAGS tags cleandir: realclean # Autogenerated dependencies, do not modify adler32.lo: $(srcdir)/adler32.c $(srcdir)/zlib.h $(srcdir)/zutil.h ./zconf.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/adler32.c compress.lo: $(srcdir)/compress.c $(srcdir)/zlib.h ./zconf.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/compress.c crc32.lo: $(srcdir)/crc32.c $(srcdir)/crc32.h $(srcdir)/zlib.h \ $(srcdir)/zutil.h ./zconf.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/crc32.c deflate.lo: $(srcdir)/deflate.c $(srcdir)/deflate.h $(srcdir)/zlib.h \ $(srcdir)/zutil.h ./zconf.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/deflate.c gzclose.lo: $(srcdir)/gzclose.c $(srcdir)/gzguts.h $(srcdir)/zlib.h ./zconf.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/gzclose.c gzlib.lo: $(srcdir)/gzlib.c $(srcdir)/gzguts.h $(srcdir)/zlib.h ./zconf.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/gzlib.c gzread.lo: $(srcdir)/gzread.c $(srcdir)/gzguts.h $(srcdir)/zlib.h ./zconf.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/gzread.c gzwrite.lo: $(srcdir)/gzwrite.c $(srcdir)/gzguts.h $(srcdir)/zlib.h ./zconf.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/gzwrite.c infback.lo: $(srcdir)/infback.c $(srcdir)/inffast.h $(srcdir)/inffixed.h \ $(srcdir)/inflate.h $(srcdir)/inftrees.h $(srcdir)/zlib.h \ $(srcdir)/zutil.h ./zconf.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/infback.c inffast.lo: $(srcdir)/inffast.c $(srcdir)/inffast.h $(srcdir)/inflate.h \ $(srcdir)/inftrees.h $(srcdir)/zlib.h $(srcdir)/zutil.h ./zconf.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/inffast.c inflate.lo: $(srcdir)/inflate.c $(srcdir)/inffast.h $(srcdir)/inffixed.h \ $(srcdir)/inflate.h $(srcdir)/inftrees.h $(srcdir)/zlib.h \ $(srcdir)/zutil.h ./zconf.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/inflate.c inftrees.lo: $(srcdir)/inftrees.c $(srcdir)/inftrees.h $(srcdir)/zlib.h \ $(srcdir)/zutil.h ./zconf.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/inftrees.c trees.lo: $(srcdir)/trees.c $(srcdir)/deflate.h $(srcdir)/trees.h \ $(srcdir)/zlib.h $(srcdir)/zutil.h ./zconf.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/trees.c uncompr.lo: $(srcdir)/uncompr.c $(srcdir)/zlib.h ./zconf.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/uncompr.c zutil.lo: $(srcdir)/zutil.c $(srcdir)/zlib.h $(srcdir)/zutil.h ./zconf.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/zutil.c sudo-1.8.9p5/zlib/adler32.c010064400175440000012000000115501226304126500147070ustar00millertstaff/* adler32.c -- compute the Adler-32 checksum of a data stream * Copyright (C) 1995-2011 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ /* @(#) $Id$ */ #include "zutil.h" #define local static local uLong adler32_combine_ OF((uLong adler1, uLong adler2, z_off64_t len2)); #define BASE 65521 /* largest prime smaller than 65536 */ #define NMAX 5552 /* NMAX is the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1 */ #define DO1(buf,i) {adler += (buf)[i]; sum2 += adler;} #define DO2(buf,i) DO1(buf,i); DO1(buf,i+1); #define DO4(buf,i) DO2(buf,i); DO2(buf,i+2); #define DO8(buf,i) DO4(buf,i); DO4(buf,i+4); #define DO16(buf) DO8(buf,0); DO8(buf,8); /* use NO_DIVIDE if your processor does not do division in hardware -- try it both ways to see which is faster */ #ifdef NO_DIVIDE /* note that this assumes BASE is 65521, where 65536 % 65521 == 15 (thank you to John Reiser for pointing this out) */ # define CHOP(a) \ do { \ unsigned long tmp = a >> 16; \ a &= 0xffffUL; \ a += (tmp << 4) - tmp; \ } while (0) # define MOD28(a) \ do { \ CHOP(a); \ if (a >= BASE) a -= BASE; \ } while (0) # define MOD(a) \ do { \ CHOP(a); \ MOD28(a); \ } while (0) # define MOD63(a) \ do { /* this assumes a is not negative */ \ z_off64_t tmp = a >> 32; \ a &= 0xffffffffL; \ a += (tmp << 8) - (tmp << 5) + tmp; \ tmp = a >> 16; \ a &= 0xffffL; \ a += (tmp << 4) - tmp; \ tmp = a >> 16; \ a &= 0xffffL; \ a += (tmp << 4) - tmp; \ if (a >= BASE) a -= BASE; \ } while (0) #else # define MOD(a) a %= BASE # define MOD28(a) a %= BASE # define MOD63(a) a %= BASE #endif /* ========================================================================= */ uLong ZEXPORT adler32(adler, buf, len) uLong adler; const Bytef *buf; uInt len; { unsigned long sum2; unsigned n; /* split Adler-32 into component sums */ sum2 = (adler >> 16) & 0xffff; adler &= 0xffff; /* in case user likes doing a byte at a time, keep it fast */ if (len == 1) { adler += buf[0]; if (adler >= BASE) adler -= BASE; sum2 += adler; if (sum2 >= BASE) sum2 -= BASE; return adler | (sum2 << 16); } /* initial Adler-32 value (deferred check for len == 1 speed) */ if (buf == Z_NULL) return 1L; /* in case short lengths are provided, keep it somewhat fast */ if (len < 16) { while (len--) { adler += *buf++; sum2 += adler; } if (adler >= BASE) adler -= BASE; MOD28(sum2); /* only added so many BASE's */ return adler | (sum2 << 16); } /* do length NMAX blocks -- requires just one modulo operation */ while (len >= NMAX) { len -= NMAX; n = NMAX / 16; /* NMAX is divisible by 16 */ do { DO16(buf); /* 16 sums unrolled */ buf += 16; } while (--n); MOD(adler); MOD(sum2); } /* do remaining bytes (less than NMAX, still just one modulo) */ if (len) { /* avoid modulos if none remaining */ while (len >= 16) { len -= 16; DO16(buf); buf += 16; } while (len--) { adler += *buf++; sum2 += adler; } MOD(adler); MOD(sum2); } /* return recombined sums */ return adler | (sum2 << 16); } /* ========================================================================= */ local uLong adler32_combine_(adler1, adler2, len2) uLong adler1; uLong adler2; z_off64_t len2; { unsigned long sum1; unsigned long sum2; unsigned rem; /* for negative len, return invalid adler32 as a clue for debugging */ if (len2 < 0) return 0xffffffffUL; /* the derivation of this formula is left as an exercise for the reader */ MOD63(len2); /* assumes len2 >= 0 */ rem = (unsigned)len2; sum1 = adler1 & 0xffff; sum2 = rem * sum1; MOD(sum2); sum1 += (adler2 & 0xffff) + BASE - 1; sum2 += ((adler1 >> 16) & 0xffff) + ((adler2 >> 16) & 0xffff) + BASE - rem; if (sum1 >= BASE) sum1 -= BASE; if (sum1 >= BASE) sum1 -= BASE; if (sum2 >= (BASE << 1)) sum2 -= (BASE << 1); if (sum2 >= BASE) sum2 -= BASE; return sum1 | (sum2 << 16); } /* ========================================================================= */ uLong ZEXPORT adler32_combine(adler1, adler2, len2) uLong adler1; uLong adler2; z_off_t len2; { return adler32_combine_(adler1, adler2, len2); } uLong ZEXPORT adler32_combine64(adler1, adler2, len2) uLong adler1; uLong adler2; z_off64_t len2; { return adler32_combine_(adler1, adler2, len2); } sudo-1.8.9p5/zlib/compress.c010064400175440000012000000047301226304126500153100ustar00millertstaff/* compress.c -- compress a memory buffer * Copyright (C) 1995-2005 Jean-loup Gailly. * For conditions of distribution and use, see copyright notice in zlib.h */ /* @(#) $Id$ */ #define ZLIB_INTERNAL #include "zlib.h" /* =========================================================================== Compresses the source buffer into the destination buffer. The level parameter has the same meaning as in deflateInit. sourceLen is the byte length of the source buffer. Upon entry, destLen is the total size of the destination buffer, which must be at least 0.1% larger than sourceLen plus 12 bytes. Upon exit, destLen is the actual size of the compressed buffer. compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough memory, Z_BUF_ERROR if there was not enough room in the output buffer, Z_STREAM_ERROR if the level parameter is invalid. */ int ZEXPORT compress2 (dest, destLen, source, sourceLen, level) Bytef *dest; uLongf *destLen; const Bytef *source; uLong sourceLen; int level; { z_stream stream; int err; stream.next_in = (Bytef*)source; stream.avail_in = (uInt)sourceLen; #ifdef MAXSEG_64K /* Check for source > 64K on 16-bit machine: */ if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR; #endif stream.next_out = dest; stream.avail_out = (uInt)*destLen; if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR; stream.zalloc = (alloc_func)0; stream.zfree = (free_func)0; stream.opaque = (voidpf)0; err = deflateInit(&stream, level); if (err != Z_OK) return err; err = deflate(&stream, Z_FINISH); if (err != Z_STREAM_END) { deflateEnd(&stream); return err == Z_OK ? Z_BUF_ERROR : err; } *destLen = stream.total_out; err = deflateEnd(&stream); return err; } /* =========================================================================== */ int ZEXPORT compress (dest, destLen, source, sourceLen) Bytef *dest; uLongf *destLen; const Bytef *source; uLong sourceLen; { return compress2(dest, destLen, source, sourceLen, Z_DEFAULT_COMPRESSION); } /* =========================================================================== If the default memLevel or windowBits for deflateInit() is changed, then this function needs to be updated. */ uLong ZEXPORT compressBound (sourceLen) uLong sourceLen; { return sourceLen + (sourceLen >> 12) + (sourceLen >> 14) + (sourceLen >> 25) + 13; } sudo-1.8.9p5/zlib/crc32.c010064400175440000012000000330661226304126500143750ustar00millertstaff/* crc32.c -- compute the CRC-32 of a data stream * Copyright (C) 1995-2006, 2010, 2011 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h * * Thanks to Rodney Brown for his contribution of faster * CRC methods: exclusive-oring 32 bits of data at a time, and pre-computing * tables for updating the shift register in one step with three exclusive-ors * instead of four steps with four exclusive-ors. This results in about a * factor of two increase in speed on a Power PC G4 (PPC7455) using gcc -O3. */ /* @(#) $Id$ */ /* Note on the use of DYNAMIC_CRC_TABLE: there is no mutex or semaphore protection on the static variables used to control the first-use generation of the crc tables. Therefore, if you #define DYNAMIC_CRC_TABLE, you should first call get_crc_table() to initialize the tables before allowing more than one thread to use crc32(). DYNAMIC_CRC_TABLE and MAKECRCH can be #defined to write out crc32.h. */ #ifdef MAKECRCH # include # ifndef DYNAMIC_CRC_TABLE # define DYNAMIC_CRC_TABLE # endif /* !DYNAMIC_CRC_TABLE */ #endif /* MAKECRCH */ #include "zutil.h" /* for STDC and FAR definitions */ #define local static /* Find a four-byte integer type for crc32_little() and crc32_big(). */ #ifndef NOBYFOUR # ifdef STDC /* need ANSI C limits.h to determine sizes */ # include # define BYFOUR # if (UINT_MAX == 0xffffffffUL) typedef unsigned int u4; # else # if (ULONG_MAX == 0xffffffffUL) typedef unsigned long u4; # else # if (USHRT_MAX == 0xffffffffUL) typedef unsigned short u4; # else # undef BYFOUR /* can't find a four-byte integer type! */ # endif # endif # endif # endif /* STDC */ #endif /* !NOBYFOUR */ /* Definitions for doing the crc four data bytes at a time. */ #ifdef BYFOUR typedef u4 crc_table_t; # define REV(w) ((((w)>>24)&0xff)+(((w)>>8)&0xff00)+ \ (((w)&0xff00)<<8)+(((w)&0xff)<<24)) local unsigned long crc32_little OF((unsigned long, const unsigned char FAR *, unsigned)); local unsigned long crc32_big OF((unsigned long, const unsigned char FAR *, unsigned)); # define TBLS 8 #else typedef unsigned long crc_table_t; # define TBLS 1 #endif /* BYFOUR */ /* Local functions for crc concatenation */ local unsigned long gf2_matrix_times OF((unsigned long *mat, unsigned long vec)); local void gf2_matrix_square OF((unsigned long *square, unsigned long *mat)); local uLong crc32_combine_ OF((uLong crc1, uLong crc2, z_off64_t len2)); #ifdef DYNAMIC_CRC_TABLE local volatile int crc_table_empty = 1; local crc_table_t FAR crc_table[TBLS][256]; local void make_crc_table OF((void)); #ifdef MAKECRCH local void write_table OF((FILE *, const crc_table_t FAR *)); #endif /* MAKECRCH */ /* Generate tables for a byte-wise 32-bit CRC calculation on the polynomial: x^32+x^26+x^23+x^22+x^16+x^12+x^11+x^10+x^8+x^7+x^5+x^4+x^2+x+1. Polynomials over GF(2) are represented in binary, one bit per coefficient, with the lowest powers in the most significant bit. Then adding polynomials is just exclusive-or, and multiplying a polynomial by x is a right shift by one. If we call the above polynomial p, and represent a byte as the polynomial q, also with the lowest power in the most significant bit (so the byte 0xb1 is the polynomial x^7+x^3+x+1), then the CRC is (q*x^32) mod p, where a mod b means the remainder after dividing a by b. This calculation is done using the shift-register method of multiplying and taking the remainder. The register is initialized to zero, and for each incoming bit, x^32 is added mod p to the register if the bit is a one (where x^32 mod p is p+x^32 = x^26+...+1), and the register is multiplied mod p by x (which is shifting right by one and adding x^32 mod p if the bit shifted out is a one). We start with the highest power (least significant bit) of q and repeat for all eight bits of q. The first table is simply the CRC of all possible eight bit values. This is all the information needed to generate CRCs on data a byte at a time for all combinations of CRC register values and incoming bytes. The remaining tables allow for word-at-a-time CRC calculation for both big-endian and little- endian machines, where a word is four bytes. */ local void make_crc_table() { crc_table_t c; int n, k; crc_table_t poly; /* polynomial exclusive-or pattern */ /* terms of polynomial defining this crc (except x^32): */ static volatile int first = 1; /* flag to limit concurrent making */ static const unsigned char p[] = {0,1,2,4,5,7,8,10,11,12,16,22,23,26}; /* See if another task is already doing this (not thread-safe, but better than nothing -- significantly reduces duration of vulnerability in case the advice about DYNAMIC_CRC_TABLE is ignored) */ if (first) { first = 0; /* make exclusive-or pattern from polynomial (0xedb88320UL) */ poly = 0; for (n = 0; n < (int)(sizeof(p)/sizeof(unsigned char)); n++) poly |= (crc_table_t)1 << (31 - p[n]); /* generate a crc for every 8-bit value */ for (n = 0; n < 256; n++) { c = (crc_table_t)n; for (k = 0; k < 8; k++) c = c & 1 ? poly ^ (c >> 1) : c >> 1; crc_table[0][n] = c; } #ifdef BYFOUR /* generate crc for each value followed by one, two, and three zeros, and then the byte reversal of those as well as the first table */ for (n = 0; n < 256; n++) { c = crc_table[0][n]; crc_table[4][n] = REV(c); for (k = 1; k < 4; k++) { c = crc_table[0][c & 0xff] ^ (c >> 8); crc_table[k][n] = c; crc_table[k + 4][n] = REV(c); } } #endif /* BYFOUR */ crc_table_empty = 0; } else { /* not first */ /* wait for the other guy to finish (not efficient, but rare) */ while (crc_table_empty) ; } #ifdef MAKECRCH /* write out CRC tables to crc32.h */ { FILE *out; out = fopen("crc32.h", "w"); if (out == NULL) return; fprintf(out, "/* crc32.h -- tables for rapid CRC calculation\n"); fprintf(out, " * Generated automatically by crc32.c\n */\n\n"); fprintf(out, "local const crc_table_t FAR "); fprintf(out, "crc_table[TBLS][256] =\n{\n {\n"); write_table(out, crc_table[0]); # ifdef BYFOUR fprintf(out, "#ifdef BYFOUR\n"); for (k = 1; k < 8; k++) { fprintf(out, " },\n {\n"); write_table(out, crc_table[k]); } fprintf(out, "#endif\n"); # endif /* BYFOUR */ fprintf(out, " }\n};\n"); fclose(out); } #endif /* MAKECRCH */ } #ifdef MAKECRCH local void write_table(out, table) FILE *out; const crc_table_t FAR *table; { int n; for (n = 0; n < 256; n++) fprintf(out, "%s0x%08lxUL%s", n % 5 ? "" : " ", (unsigned long)(table[n]), n == 255 ? "\n" : (n % 5 == 4 ? ",\n" : ", ")); } #endif /* MAKECRCH */ #else /* !DYNAMIC_CRC_TABLE */ /* ======================================================================== * Tables of CRC-32s of all single-byte values, made by make_crc_table(). */ #include "crc32.h" #endif /* DYNAMIC_CRC_TABLE */ /* ========================================================================= * This function can be used by asm versions of crc32() */ const unsigned long FAR * ZEXPORT get_crc_table() { #ifdef DYNAMIC_CRC_TABLE if (crc_table_empty) make_crc_table(); #endif /* DYNAMIC_CRC_TABLE */ return (const unsigned long FAR *)(void FAR *)crc_table; } /* ========================================================================= */ #define DO1 crc = crc_table[0][((int)crc ^ (*buf++)) & 0xff] ^ (crc >> 8) #define DO8 DO1; DO1; DO1; DO1; DO1; DO1; DO1; DO1 /* ========================================================================= */ unsigned long ZEXPORT crc32(crc, buf, len) unsigned long crc; const unsigned char FAR *buf; uInt len; { if (buf == Z_NULL) return 0UL; #ifdef DYNAMIC_CRC_TABLE if (crc_table_empty) make_crc_table(); #endif /* DYNAMIC_CRC_TABLE */ #ifdef BYFOUR if (sizeof(void *) == sizeof(ptrdiff_t)) { u4 endian; endian = 1; if (*((unsigned char *)(&endian))) return crc32_little(crc, buf, len); else return crc32_big(crc, buf, len); } #endif /* BYFOUR */ crc = crc ^ 0xffffffffUL; while (len >= 8) { DO8; len -= 8; } if (len) do { DO1; } while (--len); return crc ^ 0xffffffffUL; } #ifdef BYFOUR /* ========================================================================= */ #define DOLIT4 c ^= *buf4++; \ c = crc_table[3][c & 0xff] ^ crc_table[2][(c >> 8) & 0xff] ^ \ crc_table[1][(c >> 16) & 0xff] ^ crc_table[0][c >> 24] #define DOLIT32 DOLIT4; DOLIT4; DOLIT4; DOLIT4; DOLIT4; DOLIT4; DOLIT4; DOLIT4 /* ========================================================================= */ local unsigned long crc32_little(crc, buf, len) unsigned long crc; const unsigned char FAR *buf; unsigned len; { register u4 c; register const u4 FAR *buf4; c = (u4)crc; c = ~c; while (len && ((ptrdiff_t)buf & 3)) { c = crc_table[0][(c ^ *buf++) & 0xff] ^ (c >> 8); len--; } buf4 = (const u4 FAR *)(const void FAR *)buf; while (len >= 32) { DOLIT32; len -= 32; } while (len >= 4) { DOLIT4; len -= 4; } buf = (const unsigned char FAR *)buf4; if (len) do { c = crc_table[0][(c ^ *buf++) & 0xff] ^ (c >> 8); } while (--len); c = ~c; return (unsigned long)c; } /* ========================================================================= */ #define DOBIG4 c ^= *++buf4; \ c = crc_table[4][c & 0xff] ^ crc_table[5][(c >> 8) & 0xff] ^ \ crc_table[6][(c >> 16) & 0xff] ^ crc_table[7][c >> 24] #define DOBIG32 DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4 /* ========================================================================= */ local unsigned long crc32_big(crc, buf, len) unsigned long crc; const unsigned char FAR *buf; unsigned len; { register u4 c; register const u4 FAR *buf4; c = REV((u4)crc); c = ~c; while (len && ((ptrdiff_t)buf & 3)) { c = crc_table[4][(c >> 24) ^ *buf++] ^ (c << 8); len--; } buf4 = (const u4 FAR *)(const void FAR *)buf; buf4--; while (len >= 32) { DOBIG32; len -= 32; } while (len >= 4) { DOBIG4; len -= 4; } buf4++; buf = (const unsigned char FAR *)buf4; if (len) do { c = crc_table[4][(c >> 24) ^ *buf++] ^ (c << 8); } while (--len); c = ~c; return (unsigned long)(REV(c)); } #endif /* BYFOUR */ #define GF2_DIM 32 /* dimension of GF(2) vectors (length of CRC) */ /* ========================================================================= */ local unsigned long gf2_matrix_times(mat, vec) unsigned long *mat; unsigned long vec; { unsigned long sum; sum = 0; while (vec) { if (vec & 1) sum ^= *mat; vec >>= 1; mat++; } return sum; } /* ========================================================================= */ local void gf2_matrix_square(square, mat) unsigned long *square; unsigned long *mat; { int n; for (n = 0; n < GF2_DIM; n++) square[n] = gf2_matrix_times(mat, mat[n]); } /* ========================================================================= */ local uLong crc32_combine_(crc1, crc2, len2) uLong crc1; uLong crc2; z_off64_t len2; { int n; unsigned long row; unsigned long even[GF2_DIM]; /* even-power-of-two zeros operator */ unsigned long odd[GF2_DIM]; /* odd-power-of-two zeros operator */ /* degenerate case (also disallow negative lengths) */ if (len2 <= 0) return crc1; /* put operator for one zero bit in odd */ odd[0] = 0xedb88320UL; /* CRC-32 polynomial */ row = 1; for (n = 1; n < GF2_DIM; n++) { odd[n] = row; row <<= 1; } /* put operator for two zero bits in even */ gf2_matrix_square(even, odd); /* put operator for four zero bits in odd */ gf2_matrix_square(odd, even); /* apply len2 zeros to crc1 (first square will put the operator for one zero byte, eight zero bits, in even) */ do { /* apply zeros operator for this bit of len2 */ gf2_matrix_square(even, odd); if (len2 & 1) crc1 = gf2_matrix_times(even, crc1); len2 >>= 1; /* if no more bits set, then done */ if (len2 == 0) break; /* another iteration of the loop with odd and even swapped */ gf2_matrix_square(odd, even); if (len2 & 1) crc1 = gf2_matrix_times(odd, crc1); len2 >>= 1; /* if no more bits set, then done */ } while (len2 != 0); /* return combined crc */ crc1 ^= crc2; return crc1; } /* ========================================================================= */ uLong ZEXPORT crc32_combine(crc1, crc2, len2) uLong crc1; uLong crc2; z_off_t len2; { return crc32_combine_(crc1, crc2, len2); } uLong ZEXPORT crc32_combine64(crc1, crc2, len2) uLong crc1; uLong crc2; z_off64_t len2; { return crc32_combine_(crc1, crc2, len2); } sudo-1.8.9p5/zlib/crc32.h010064400175440000012000000735461226304126500144110ustar00millertstaff/* crc32.h -- tables for rapid CRC calculation * Generated automatically by crc32.c */ local const crc_table_t FAR crc_table[TBLS][256] = { { 0x00000000UL, 0x77073096UL, 0xee0e612cUL, 0x990951baUL, 0x076dc419UL, 0x706af48fUL, 0xe963a535UL, 0x9e6495a3UL, 0x0edb8832UL, 0x79dcb8a4UL, 0xe0d5e91eUL, 0x97d2d988UL, 0x09b64c2bUL, 0x7eb17cbdUL, 0xe7b82d07UL, 0x90bf1d91UL, 0x1db71064UL, 0x6ab020f2UL, 0xf3b97148UL, 0x84be41deUL, 0x1adad47dUL, 0x6ddde4ebUL, 0xf4d4b551UL, 0x83d385c7UL, 0x136c9856UL, 0x646ba8c0UL, 0xfd62f97aUL, 0x8a65c9ecUL, 0x14015c4fUL, 0x63066cd9UL, 0xfa0f3d63UL, 0x8d080df5UL, 0x3b6e20c8UL, 0x4c69105eUL, 0xd56041e4UL, 0xa2677172UL, 0x3c03e4d1UL, 0x4b04d447UL, 0xd20d85fdUL, 0xa50ab56bUL, 0x35b5a8faUL, 0x42b2986cUL, 0xdbbbc9d6UL, 0xacbcf940UL, 0x32d86ce3UL, 0x45df5c75UL, 0xdcd60dcfUL, 0xabd13d59UL, 0x26d930acUL, 0x51de003aUL, 0xc8d75180UL, 0xbfd06116UL, 0x21b4f4b5UL, 0x56b3c423UL, 0xcfba9599UL, 0xb8bda50fUL, 0x2802b89eUL, 0x5f058808UL, 0xc60cd9b2UL, 0xb10be924UL, 0x2f6f7c87UL, 0x58684c11UL, 0xc1611dabUL, 0xb6662d3dUL, 0x76dc4190UL, 0x01db7106UL, 0x98d220bcUL, 0xefd5102aUL, 0x71b18589UL, 0x06b6b51fUL, 0x9fbfe4a5UL, 0xe8b8d433UL, 0x7807c9a2UL, 0x0f00f934UL, 0x9609a88eUL, 0xe10e9818UL, 0x7f6a0dbbUL, 0x086d3d2dUL, 0x91646c97UL, 0xe6635c01UL, 0x6b6b51f4UL, 0x1c6c6162UL, 0x856530d8UL, 0xf262004eUL, 0x6c0695edUL, 0x1b01a57bUL, 0x8208f4c1UL, 0xf50fc457UL, 0x65b0d9c6UL, 0x12b7e950UL, 0x8bbeb8eaUL, 0xfcb9887cUL, 0x62dd1ddfUL, 0x15da2d49UL, 0x8cd37cf3UL, 0xfbd44c65UL, 0x4db26158UL, 0x3ab551ceUL, 0xa3bc0074UL, 0xd4bb30e2UL, 0x4adfa541UL, 0x3dd895d7UL, 0xa4d1c46dUL, 0xd3d6f4fbUL, 0x4369e96aUL, 0x346ed9fcUL, 0xad678846UL, 0xda60b8d0UL, 0x44042d73UL, 0x33031de5UL, 0xaa0a4c5fUL, 0xdd0d7cc9UL, 0x5005713cUL, 0x270241aaUL, 0xbe0b1010UL, 0xc90c2086UL, 0x5768b525UL, 0x206f85b3UL, 0xb966d409UL, 0xce61e49fUL, 0x5edef90eUL, 0x29d9c998UL, 0xb0d09822UL, 0xc7d7a8b4UL, 0x59b33d17UL, 0x2eb40d81UL, 0xb7bd5c3bUL, 0xc0ba6cadUL, 0xedb88320UL, 0x9abfb3b6UL, 0x03b6e20cUL, 0x74b1d29aUL, 0xead54739UL, 0x9dd277afUL, 0x04db2615UL, 0x73dc1683UL, 0xe3630b12UL, 0x94643b84UL, 0x0d6d6a3eUL, 0x7a6a5aa8UL, 0xe40ecf0bUL, 0x9309ff9dUL, 0x0a00ae27UL, 0x7d079eb1UL, 0xf00f9344UL, 0x8708a3d2UL, 0x1e01f268UL, 0x6906c2feUL, 0xf762575dUL, 0x806567cbUL, 0x196c3671UL, 0x6e6b06e7UL, 0xfed41b76UL, 0x89d32be0UL, 0x10da7a5aUL, 0x67dd4accUL, 0xf9b9df6fUL, 0x8ebeeff9UL, 0x17b7be43UL, 0x60b08ed5UL, 0xd6d6a3e8UL, 0xa1d1937eUL, 0x38d8c2c4UL, 0x4fdff252UL, 0xd1bb67f1UL, 0xa6bc5767UL, 0x3fb506ddUL, 0x48b2364bUL, 0xd80d2bdaUL, 0xaf0a1b4cUL, 0x36034af6UL, 0x41047a60UL, 0xdf60efc3UL, 0xa867df55UL, 0x316e8eefUL, 0x4669be79UL, 0xcb61b38cUL, 0xbc66831aUL, 0x256fd2a0UL, 0x5268e236UL, 0xcc0c7795UL, 0xbb0b4703UL, 0x220216b9UL, 0x5505262fUL, 0xc5ba3bbeUL, 0xb2bd0b28UL, 0x2bb45a92UL, 0x5cb36a04UL, 0xc2d7ffa7UL, 0xb5d0cf31UL, 0x2cd99e8bUL, 0x5bdeae1dUL, 0x9b64c2b0UL, 0xec63f226UL, 0x756aa39cUL, 0x026d930aUL, 0x9c0906a9UL, 0xeb0e363fUL, 0x72076785UL, 0x05005713UL, 0x95bf4a82UL, 0xe2b87a14UL, 0x7bb12baeUL, 0x0cb61b38UL, 0x92d28e9bUL, 0xe5d5be0dUL, 0x7cdcefb7UL, 0x0bdbdf21UL, 0x86d3d2d4UL, 0xf1d4e242UL, 0x68ddb3f8UL, 0x1fda836eUL, 0x81be16cdUL, 0xf6b9265bUL, 0x6fb077e1UL, 0x18b74777UL, 0x88085ae6UL, 0xff0f6a70UL, 0x66063bcaUL, 0x11010b5cUL, 0x8f659effUL, 0xf862ae69UL, 0x616bffd3UL, 0x166ccf45UL, 0xa00ae278UL, 0xd70dd2eeUL, 0x4e048354UL, 0x3903b3c2UL, 0xa7672661UL, 0xd06016f7UL, 0x4969474dUL, 0x3e6e77dbUL, 0xaed16a4aUL, 0xd9d65adcUL, 0x40df0b66UL, 0x37d83bf0UL, 0xa9bcae53UL, 0xdebb9ec5UL, 0x47b2cf7fUL, 0x30b5ffe9UL, 0xbdbdf21cUL, 0xcabac28aUL, 0x53b39330UL, 0x24b4a3a6UL, 0xbad03605UL, 0xcdd70693UL, 0x54de5729UL, 0x23d967bfUL, 0xb3667a2eUL, 0xc4614ab8UL, 0x5d681b02UL, 0x2a6f2b94UL, 0xb40bbe37UL, 0xc30c8ea1UL, 0x5a05df1bUL, 0x2d02ef8dUL #ifdef BYFOUR }, { 0x00000000UL, 0x191b3141UL, 0x32366282UL, 0x2b2d53c3UL, 0x646cc504UL, 0x7d77f445UL, 0x565aa786UL, 0x4f4196c7UL, 0xc8d98a08UL, 0xd1c2bb49UL, 0xfaefe88aUL, 0xe3f4d9cbUL, 0xacb54f0cUL, 0xb5ae7e4dUL, 0x9e832d8eUL, 0x87981ccfUL, 0x4ac21251UL, 0x53d92310UL, 0x78f470d3UL, 0x61ef4192UL, 0x2eaed755UL, 0x37b5e614UL, 0x1c98b5d7UL, 0x05838496UL, 0x821b9859UL, 0x9b00a918UL, 0xb02dfadbUL, 0xa936cb9aUL, 0xe6775d5dUL, 0xff6c6c1cUL, 0xd4413fdfUL, 0xcd5a0e9eUL, 0x958424a2UL, 0x8c9f15e3UL, 0xa7b24620UL, 0xbea97761UL, 0xf1e8e1a6UL, 0xe8f3d0e7UL, 0xc3de8324UL, 0xdac5b265UL, 0x5d5daeaaUL, 0x44469febUL, 0x6f6bcc28UL, 0x7670fd69UL, 0x39316baeUL, 0x202a5aefUL, 0x0b07092cUL, 0x121c386dUL, 0xdf4636f3UL, 0xc65d07b2UL, 0xed705471UL, 0xf46b6530UL, 0xbb2af3f7UL, 0xa231c2b6UL, 0x891c9175UL, 0x9007a034UL, 0x179fbcfbUL, 0x0e848dbaUL, 0x25a9de79UL, 0x3cb2ef38UL, 0x73f379ffUL, 0x6ae848beUL, 0x41c51b7dUL, 0x58de2a3cUL, 0xf0794f05UL, 0xe9627e44UL, 0xc24f2d87UL, 0xdb541cc6UL, 0x94158a01UL, 0x8d0ebb40UL, 0xa623e883UL, 0xbf38d9c2UL, 0x38a0c50dUL, 0x21bbf44cUL, 0x0a96a78fUL, 0x138d96ceUL, 0x5ccc0009UL, 0x45d73148UL, 0x6efa628bUL, 0x77e153caUL, 0xbabb5d54UL, 0xa3a06c15UL, 0x888d3fd6UL, 0x91960e97UL, 0xded79850UL, 0xc7cca911UL, 0xece1fad2UL, 0xf5facb93UL, 0x7262d75cUL, 0x6b79e61dUL, 0x4054b5deUL, 0x594f849fUL, 0x160e1258UL, 0x0f152319UL, 0x243870daUL, 0x3d23419bUL, 0x65fd6ba7UL, 0x7ce65ae6UL, 0x57cb0925UL, 0x4ed03864UL, 0x0191aea3UL, 0x188a9fe2UL, 0x33a7cc21UL, 0x2abcfd60UL, 0xad24e1afUL, 0xb43fd0eeUL, 0x9f12832dUL, 0x8609b26cUL, 0xc94824abUL, 0xd05315eaUL, 0xfb7e4629UL, 0xe2657768UL, 0x2f3f79f6UL, 0x362448b7UL, 0x1d091b74UL, 0x04122a35UL, 0x4b53bcf2UL, 0x52488db3UL, 0x7965de70UL, 0x607eef31UL, 0xe7e6f3feUL, 0xfefdc2bfUL, 0xd5d0917cUL, 0xcccba03dUL, 0x838a36faUL, 0x9a9107bbUL, 0xb1bc5478UL, 0xa8a76539UL, 0x3b83984bUL, 0x2298a90aUL, 0x09b5fac9UL, 0x10aecb88UL, 0x5fef5d4fUL, 0x46f46c0eUL, 0x6dd93fcdUL, 0x74c20e8cUL, 0xf35a1243UL, 0xea412302UL, 0xc16c70c1UL, 0xd8774180UL, 0x9736d747UL, 0x8e2de606UL, 0xa500b5c5UL, 0xbc1b8484UL, 0x71418a1aUL, 0x685abb5bUL, 0x4377e898UL, 0x5a6cd9d9UL, 0x152d4f1eUL, 0x0c367e5fUL, 0x271b2d9cUL, 0x3e001cddUL, 0xb9980012UL, 0xa0833153UL, 0x8bae6290UL, 0x92b553d1UL, 0xddf4c516UL, 0xc4eff457UL, 0xefc2a794UL, 0xf6d996d5UL, 0xae07bce9UL, 0xb71c8da8UL, 0x9c31de6bUL, 0x852aef2aUL, 0xca6b79edUL, 0xd37048acUL, 0xf85d1b6fUL, 0xe1462a2eUL, 0x66de36e1UL, 0x7fc507a0UL, 0x54e85463UL, 0x4df36522UL, 0x02b2f3e5UL, 0x1ba9c2a4UL, 0x30849167UL, 0x299fa026UL, 0xe4c5aeb8UL, 0xfdde9ff9UL, 0xd6f3cc3aUL, 0xcfe8fd7bUL, 0x80a96bbcUL, 0x99b25afdUL, 0xb29f093eUL, 0xab84387fUL, 0x2c1c24b0UL, 0x350715f1UL, 0x1e2a4632UL, 0x07317773UL, 0x4870e1b4UL, 0x516bd0f5UL, 0x7a468336UL, 0x635db277UL, 0xcbfad74eUL, 0xd2e1e60fUL, 0xf9ccb5ccUL, 0xe0d7848dUL, 0xaf96124aUL, 0xb68d230bUL, 0x9da070c8UL, 0x84bb4189UL, 0x03235d46UL, 0x1a386c07UL, 0x31153fc4UL, 0x280e0e85UL, 0x674f9842UL, 0x7e54a903UL, 0x5579fac0UL, 0x4c62cb81UL, 0x8138c51fUL, 0x9823f45eUL, 0xb30ea79dUL, 0xaa1596dcUL, 0xe554001bUL, 0xfc4f315aUL, 0xd7626299UL, 0xce7953d8UL, 0x49e14f17UL, 0x50fa7e56UL, 0x7bd72d95UL, 0x62cc1cd4UL, 0x2d8d8a13UL, 0x3496bb52UL, 0x1fbbe891UL, 0x06a0d9d0UL, 0x5e7ef3ecUL, 0x4765c2adUL, 0x6c48916eUL, 0x7553a02fUL, 0x3a1236e8UL, 0x230907a9UL, 0x0824546aUL, 0x113f652bUL, 0x96a779e4UL, 0x8fbc48a5UL, 0xa4911b66UL, 0xbd8a2a27UL, 0xf2cbbce0UL, 0xebd08da1UL, 0xc0fdde62UL, 0xd9e6ef23UL, 0x14bce1bdUL, 0x0da7d0fcUL, 0x268a833fUL, 0x3f91b27eUL, 0x70d024b9UL, 0x69cb15f8UL, 0x42e6463bUL, 0x5bfd777aUL, 0xdc656bb5UL, 0xc57e5af4UL, 0xee530937UL, 0xf7483876UL, 0xb809aeb1UL, 0xa1129ff0UL, 0x8a3fcc33UL, 0x9324fd72UL }, { 0x00000000UL, 0x01c26a37UL, 0x0384d46eUL, 0x0246be59UL, 0x0709a8dcUL, 0x06cbc2ebUL, 0x048d7cb2UL, 0x054f1685UL, 0x0e1351b8UL, 0x0fd13b8fUL, 0x0d9785d6UL, 0x0c55efe1UL, 0x091af964UL, 0x08d89353UL, 0x0a9e2d0aUL, 0x0b5c473dUL, 0x1c26a370UL, 0x1de4c947UL, 0x1fa2771eUL, 0x1e601d29UL, 0x1b2f0bacUL, 0x1aed619bUL, 0x18abdfc2UL, 0x1969b5f5UL, 0x1235f2c8UL, 0x13f798ffUL, 0x11b126a6UL, 0x10734c91UL, 0x153c5a14UL, 0x14fe3023UL, 0x16b88e7aUL, 0x177ae44dUL, 0x384d46e0UL, 0x398f2cd7UL, 0x3bc9928eUL, 0x3a0bf8b9UL, 0x3f44ee3cUL, 0x3e86840bUL, 0x3cc03a52UL, 0x3d025065UL, 0x365e1758UL, 0x379c7d6fUL, 0x35dac336UL, 0x3418a901UL, 0x3157bf84UL, 0x3095d5b3UL, 0x32d36beaUL, 0x331101ddUL, 0x246be590UL, 0x25a98fa7UL, 0x27ef31feUL, 0x262d5bc9UL, 0x23624d4cUL, 0x22a0277bUL, 0x20e69922UL, 0x2124f315UL, 0x2a78b428UL, 0x2bbade1fUL, 0x29fc6046UL, 0x283e0a71UL, 0x2d711cf4UL, 0x2cb376c3UL, 0x2ef5c89aUL, 0x2f37a2adUL, 0x709a8dc0UL, 0x7158e7f7UL, 0x731e59aeUL, 0x72dc3399UL, 0x7793251cUL, 0x76514f2bUL, 0x7417f172UL, 0x75d59b45UL, 0x7e89dc78UL, 0x7f4bb64fUL, 0x7d0d0816UL, 0x7ccf6221UL, 0x798074a4UL, 0x78421e93UL, 0x7a04a0caUL, 0x7bc6cafdUL, 0x6cbc2eb0UL, 0x6d7e4487UL, 0x6f38fadeUL, 0x6efa90e9UL, 0x6bb5866cUL, 0x6a77ec5bUL, 0x68315202UL, 0x69f33835UL, 0x62af7f08UL, 0x636d153fUL, 0x612bab66UL, 0x60e9c151UL, 0x65a6d7d4UL, 0x6464bde3UL, 0x662203baUL, 0x67e0698dUL, 0x48d7cb20UL, 0x4915a117UL, 0x4b531f4eUL, 0x4a917579UL, 0x4fde63fcUL, 0x4e1c09cbUL, 0x4c5ab792UL, 0x4d98dda5UL, 0x46c49a98UL, 0x4706f0afUL, 0x45404ef6UL, 0x448224c1UL, 0x41cd3244UL, 0x400f5873UL, 0x4249e62aUL, 0x438b8c1dUL, 0x54f16850UL, 0x55330267UL, 0x5775bc3eUL, 0x56b7d609UL, 0x53f8c08cUL, 0x523aaabbUL, 0x507c14e2UL, 0x51be7ed5UL, 0x5ae239e8UL, 0x5b2053dfUL, 0x5966ed86UL, 0x58a487b1UL, 0x5deb9134UL, 0x5c29fb03UL, 0x5e6f455aUL, 0x5fad2f6dUL, 0xe1351b80UL, 0xe0f771b7UL, 0xe2b1cfeeUL, 0xe373a5d9UL, 0xe63cb35cUL, 0xe7fed96bUL, 0xe5b86732UL, 0xe47a0d05UL, 0xef264a38UL, 0xeee4200fUL, 0xeca29e56UL, 0xed60f461UL, 0xe82fe2e4UL, 0xe9ed88d3UL, 0xebab368aUL, 0xea695cbdUL, 0xfd13b8f0UL, 0xfcd1d2c7UL, 0xfe976c9eUL, 0xff5506a9UL, 0xfa1a102cUL, 0xfbd87a1bUL, 0xf99ec442UL, 0xf85cae75UL, 0xf300e948UL, 0xf2c2837fUL, 0xf0843d26UL, 0xf1465711UL, 0xf4094194UL, 0xf5cb2ba3UL, 0xf78d95faUL, 0xf64fffcdUL, 0xd9785d60UL, 0xd8ba3757UL, 0xdafc890eUL, 0xdb3ee339UL, 0xde71f5bcUL, 0xdfb39f8bUL, 0xddf521d2UL, 0xdc374be5UL, 0xd76b0cd8UL, 0xd6a966efUL, 0xd4efd8b6UL, 0xd52db281UL, 0xd062a404UL, 0xd1a0ce33UL, 0xd3e6706aUL, 0xd2241a5dUL, 0xc55efe10UL, 0xc49c9427UL, 0xc6da2a7eUL, 0xc7184049UL, 0xc25756ccUL, 0xc3953cfbUL, 0xc1d382a2UL, 0xc011e895UL, 0xcb4dafa8UL, 0xca8fc59fUL, 0xc8c97bc6UL, 0xc90b11f1UL, 0xcc440774UL, 0xcd866d43UL, 0xcfc0d31aUL, 0xce02b92dUL, 0x91af9640UL, 0x906dfc77UL, 0x922b422eUL, 0x93e92819UL, 0x96a63e9cUL, 0x976454abUL, 0x9522eaf2UL, 0x94e080c5UL, 0x9fbcc7f8UL, 0x9e7eadcfUL, 0x9c381396UL, 0x9dfa79a1UL, 0x98b56f24UL, 0x99770513UL, 0x9b31bb4aUL, 0x9af3d17dUL, 0x8d893530UL, 0x8c4b5f07UL, 0x8e0de15eUL, 0x8fcf8b69UL, 0x8a809decUL, 0x8b42f7dbUL, 0x89044982UL, 0x88c623b5UL, 0x839a6488UL, 0x82580ebfUL, 0x801eb0e6UL, 0x81dcdad1UL, 0x8493cc54UL, 0x8551a663UL, 0x8717183aUL, 0x86d5720dUL, 0xa9e2d0a0UL, 0xa820ba97UL, 0xaa6604ceUL, 0xaba46ef9UL, 0xaeeb787cUL, 0xaf29124bUL, 0xad6fac12UL, 0xacadc625UL, 0xa7f18118UL, 0xa633eb2fUL, 0xa4755576UL, 0xa5b73f41UL, 0xa0f829c4UL, 0xa13a43f3UL, 0xa37cfdaaUL, 0xa2be979dUL, 0xb5c473d0UL, 0xb40619e7UL, 0xb640a7beUL, 0xb782cd89UL, 0xb2cddb0cUL, 0xb30fb13bUL, 0xb1490f62UL, 0xb08b6555UL, 0xbbd72268UL, 0xba15485fUL, 0xb853f606UL, 0xb9919c31UL, 0xbcde8ab4UL, 0xbd1ce083UL, 0xbf5a5edaUL, 0xbe9834edUL }, { 0x00000000UL, 0xb8bc6765UL, 0xaa09c88bUL, 0x12b5afeeUL, 0x8f629757UL, 0x37def032UL, 0x256b5fdcUL, 0x9dd738b9UL, 0xc5b428efUL, 0x7d084f8aUL, 0x6fbde064UL, 0xd7018701UL, 0x4ad6bfb8UL, 0xf26ad8ddUL, 0xe0df7733UL, 0x58631056UL, 0x5019579fUL, 0xe8a530faUL, 0xfa109f14UL, 0x42acf871UL, 0xdf7bc0c8UL, 0x67c7a7adUL, 0x75720843UL, 0xcdce6f26UL, 0x95ad7f70UL, 0x2d111815UL, 0x3fa4b7fbUL, 0x8718d09eUL, 0x1acfe827UL, 0xa2738f42UL, 0xb0c620acUL, 0x087a47c9UL, 0xa032af3eUL, 0x188ec85bUL, 0x0a3b67b5UL, 0xb28700d0UL, 0x2f503869UL, 0x97ec5f0cUL, 0x8559f0e2UL, 0x3de59787UL, 0x658687d1UL, 0xdd3ae0b4UL, 0xcf8f4f5aUL, 0x7733283fUL, 0xeae41086UL, 0x525877e3UL, 0x40edd80dUL, 0xf851bf68UL, 0xf02bf8a1UL, 0x48979fc4UL, 0x5a22302aUL, 0xe29e574fUL, 0x7f496ff6UL, 0xc7f50893UL, 0xd540a77dUL, 0x6dfcc018UL, 0x359fd04eUL, 0x8d23b72bUL, 0x9f9618c5UL, 0x272a7fa0UL, 0xbafd4719UL, 0x0241207cUL, 0x10f48f92UL, 0xa848e8f7UL, 0x9b14583dUL, 0x23a83f58UL, 0x311d90b6UL, 0x89a1f7d3UL, 0x1476cf6aUL, 0xaccaa80fUL, 0xbe7f07e1UL, 0x06c36084UL, 0x5ea070d2UL, 0xe61c17b7UL, 0xf4a9b859UL, 0x4c15df3cUL, 0xd1c2e785UL, 0x697e80e0UL, 0x7bcb2f0eUL, 0xc377486bUL, 0xcb0d0fa2UL, 0x73b168c7UL, 0x6104c729UL, 0xd9b8a04cUL, 0x446f98f5UL, 0xfcd3ff90UL, 0xee66507eUL, 0x56da371bUL, 0x0eb9274dUL, 0xb6054028UL, 0xa4b0efc6UL, 0x1c0c88a3UL, 0x81dbb01aUL, 0x3967d77fUL, 0x2bd27891UL, 0x936e1ff4UL, 0x3b26f703UL, 0x839a9066UL, 0x912f3f88UL, 0x299358edUL, 0xb4446054UL, 0x0cf80731UL, 0x1e4da8dfUL, 0xa6f1cfbaUL, 0xfe92dfecUL, 0x462eb889UL, 0x549b1767UL, 0xec277002UL, 0x71f048bbUL, 0xc94c2fdeUL, 0xdbf98030UL, 0x6345e755UL, 0x6b3fa09cUL, 0xd383c7f9UL, 0xc1366817UL, 0x798a0f72UL, 0xe45d37cbUL, 0x5ce150aeUL, 0x4e54ff40UL, 0xf6e89825UL, 0xae8b8873UL, 0x1637ef16UL, 0x048240f8UL, 0xbc3e279dUL, 0x21e91f24UL, 0x99557841UL, 0x8be0d7afUL, 0x335cb0caUL, 0xed59b63bUL, 0x55e5d15eUL, 0x47507eb0UL, 0xffec19d5UL, 0x623b216cUL, 0xda874609UL, 0xc832e9e7UL, 0x708e8e82UL, 0x28ed9ed4UL, 0x9051f9b1UL, 0x82e4565fUL, 0x3a58313aUL, 0xa78f0983UL, 0x1f336ee6UL, 0x0d86c108UL, 0xb53aa66dUL, 0xbd40e1a4UL, 0x05fc86c1UL, 0x1749292fUL, 0xaff54e4aUL, 0x322276f3UL, 0x8a9e1196UL, 0x982bbe78UL, 0x2097d91dUL, 0x78f4c94bUL, 0xc048ae2eUL, 0xd2fd01c0UL, 0x6a4166a5UL, 0xf7965e1cUL, 0x4f2a3979UL, 0x5d9f9697UL, 0xe523f1f2UL, 0x4d6b1905UL, 0xf5d77e60UL, 0xe762d18eUL, 0x5fdeb6ebUL, 0xc2098e52UL, 0x7ab5e937UL, 0x680046d9UL, 0xd0bc21bcUL, 0x88df31eaUL, 0x3063568fUL, 0x22d6f961UL, 0x9a6a9e04UL, 0x07bda6bdUL, 0xbf01c1d8UL, 0xadb46e36UL, 0x15080953UL, 0x1d724e9aUL, 0xa5ce29ffUL, 0xb77b8611UL, 0x0fc7e174UL, 0x9210d9cdUL, 0x2aacbea8UL, 0x38191146UL, 0x80a57623UL, 0xd8c66675UL, 0x607a0110UL, 0x72cfaefeUL, 0xca73c99bUL, 0x57a4f122UL, 0xef189647UL, 0xfdad39a9UL, 0x45115eccUL, 0x764dee06UL, 0xcef18963UL, 0xdc44268dUL, 0x64f841e8UL, 0xf92f7951UL, 0x41931e34UL, 0x5326b1daUL, 0xeb9ad6bfUL, 0xb3f9c6e9UL, 0x0b45a18cUL, 0x19f00e62UL, 0xa14c6907UL, 0x3c9b51beUL, 0x842736dbUL, 0x96929935UL, 0x2e2efe50UL, 0x2654b999UL, 0x9ee8defcUL, 0x8c5d7112UL, 0x34e11677UL, 0xa9362eceUL, 0x118a49abUL, 0x033fe645UL, 0xbb838120UL, 0xe3e09176UL, 0x5b5cf613UL, 0x49e959fdUL, 0xf1553e98UL, 0x6c820621UL, 0xd43e6144UL, 0xc68bceaaUL, 0x7e37a9cfUL, 0xd67f4138UL, 0x6ec3265dUL, 0x7c7689b3UL, 0xc4caeed6UL, 0x591dd66fUL, 0xe1a1b10aUL, 0xf3141ee4UL, 0x4ba87981UL, 0x13cb69d7UL, 0xab770eb2UL, 0xb9c2a15cUL, 0x017ec639UL, 0x9ca9fe80UL, 0x241599e5UL, 0x36a0360bUL, 0x8e1c516eUL, 0x866616a7UL, 0x3eda71c2UL, 0x2c6fde2cUL, 0x94d3b949UL, 0x090481f0UL, 0xb1b8e695UL, 0xa30d497bUL, 0x1bb12e1eUL, 0x43d23e48UL, 0xfb6e592dUL, 0xe9dbf6c3UL, 0x516791a6UL, 0xccb0a91fUL, 0x740cce7aUL, 0x66b96194UL, 0xde0506f1UL }, { 0x00000000UL, 0x96300777UL, 0x2c610eeeUL, 0xba510999UL, 0x19c46d07UL, 0x8ff46a70UL, 0x35a563e9UL, 0xa395649eUL, 0x3288db0eUL, 0xa4b8dc79UL, 0x1ee9d5e0UL, 0x88d9d297UL, 0x2b4cb609UL, 0xbd7cb17eUL, 0x072db8e7UL, 0x911dbf90UL, 0x6410b71dUL, 0xf220b06aUL, 0x4871b9f3UL, 0xde41be84UL, 0x7dd4da1aUL, 0xebe4dd6dUL, 0x51b5d4f4UL, 0xc785d383UL, 0x56986c13UL, 0xc0a86b64UL, 0x7af962fdUL, 0xecc9658aUL, 0x4f5c0114UL, 0xd96c0663UL, 0x633d0ffaUL, 0xf50d088dUL, 0xc8206e3bUL, 0x5e10694cUL, 0xe44160d5UL, 0x727167a2UL, 0xd1e4033cUL, 0x47d4044bUL, 0xfd850dd2UL, 0x6bb50aa5UL, 0xfaa8b535UL, 0x6c98b242UL, 0xd6c9bbdbUL, 0x40f9bcacUL, 0xe36cd832UL, 0x755cdf45UL, 0xcf0dd6dcUL, 0x593dd1abUL, 0xac30d926UL, 0x3a00de51UL, 0x8051d7c8UL, 0x1661d0bfUL, 0xb5f4b421UL, 0x23c4b356UL, 0x9995bacfUL, 0x0fa5bdb8UL, 0x9eb80228UL, 0x0888055fUL, 0xb2d90cc6UL, 0x24e90bb1UL, 0x877c6f2fUL, 0x114c6858UL, 0xab1d61c1UL, 0x3d2d66b6UL, 0x9041dc76UL, 0x0671db01UL, 0xbc20d298UL, 0x2a10d5efUL, 0x8985b171UL, 0x1fb5b606UL, 0xa5e4bf9fUL, 0x33d4b8e8UL, 0xa2c90778UL, 0x34f9000fUL, 0x8ea80996UL, 0x18980ee1UL, 0xbb0d6a7fUL, 0x2d3d6d08UL, 0x976c6491UL, 0x015c63e6UL, 0xf4516b6bUL, 0x62616c1cUL, 0xd8306585UL, 0x4e0062f2UL, 0xed95066cUL, 0x7ba5011bUL, 0xc1f40882UL, 0x57c40ff5UL, 0xc6d9b065UL, 0x50e9b712UL, 0xeab8be8bUL, 0x7c88b9fcUL, 0xdf1ddd62UL, 0x492dda15UL, 0xf37cd38cUL, 0x654cd4fbUL, 0x5861b24dUL, 0xce51b53aUL, 0x7400bca3UL, 0xe230bbd4UL, 0x41a5df4aUL, 0xd795d83dUL, 0x6dc4d1a4UL, 0xfbf4d6d3UL, 0x6ae96943UL, 0xfcd96e34UL, 0x468867adUL, 0xd0b860daUL, 0x732d0444UL, 0xe51d0333UL, 0x5f4c0aaaUL, 0xc97c0dddUL, 0x3c710550UL, 0xaa410227UL, 0x10100bbeUL, 0x86200cc9UL, 0x25b56857UL, 0xb3856f20UL, 0x09d466b9UL, 0x9fe461ceUL, 0x0ef9de5eUL, 0x98c9d929UL, 0x2298d0b0UL, 0xb4a8d7c7UL, 0x173db359UL, 0x810db42eUL, 0x3b5cbdb7UL, 0xad6cbac0UL, 0x2083b8edUL, 0xb6b3bf9aUL, 0x0ce2b603UL, 0x9ad2b174UL, 0x3947d5eaUL, 0xaf77d29dUL, 0x1526db04UL, 0x8316dc73UL, 0x120b63e3UL, 0x843b6494UL, 0x3e6a6d0dUL, 0xa85a6a7aUL, 0x0bcf0ee4UL, 0x9dff0993UL, 0x27ae000aUL, 0xb19e077dUL, 0x44930ff0UL, 0xd2a30887UL, 0x68f2011eUL, 0xfec20669UL, 0x5d5762f7UL, 0xcb676580UL, 0x71366c19UL, 0xe7066b6eUL, 0x761bd4feUL, 0xe02bd389UL, 0x5a7ada10UL, 0xcc4add67UL, 0x6fdfb9f9UL, 0xf9efbe8eUL, 0x43beb717UL, 0xd58eb060UL, 0xe8a3d6d6UL, 0x7e93d1a1UL, 0xc4c2d838UL, 0x52f2df4fUL, 0xf167bbd1UL, 0x6757bca6UL, 0xdd06b53fUL, 0x4b36b248UL, 0xda2b0dd8UL, 0x4c1b0aafUL, 0xf64a0336UL, 0x607a0441UL, 0xc3ef60dfUL, 0x55df67a8UL, 0xef8e6e31UL, 0x79be6946UL, 0x8cb361cbUL, 0x1a8366bcUL, 0xa0d26f25UL, 0x36e26852UL, 0x95770cccUL, 0x03470bbbUL, 0xb9160222UL, 0x2f260555UL, 0xbe3bbac5UL, 0x280bbdb2UL, 0x925ab42bUL, 0x046ab35cUL, 0xa7ffd7c2UL, 0x31cfd0b5UL, 0x8b9ed92cUL, 0x1daede5bUL, 0xb0c2649bUL, 0x26f263ecUL, 0x9ca36a75UL, 0x0a936d02UL, 0xa906099cUL, 0x3f360eebUL, 0x85670772UL, 0x13570005UL, 0x824abf95UL, 0x147ab8e2UL, 0xae2bb17bUL, 0x381bb60cUL, 0x9b8ed292UL, 0x0dbed5e5UL, 0xb7efdc7cUL, 0x21dfdb0bUL, 0xd4d2d386UL, 0x42e2d4f1UL, 0xf8b3dd68UL, 0x6e83da1fUL, 0xcd16be81UL, 0x5b26b9f6UL, 0xe177b06fUL, 0x7747b718UL, 0xe65a0888UL, 0x706a0fffUL, 0xca3b0666UL, 0x5c0b0111UL, 0xff9e658fUL, 0x69ae62f8UL, 0xd3ff6b61UL, 0x45cf6c16UL, 0x78e20aa0UL, 0xeed20dd7UL, 0x5483044eUL, 0xc2b30339UL, 0x612667a7UL, 0xf71660d0UL, 0x4d476949UL, 0xdb776e3eUL, 0x4a6ad1aeUL, 0xdc5ad6d9UL, 0x660bdf40UL, 0xf03bd837UL, 0x53aebca9UL, 0xc59ebbdeUL, 0x7fcfb247UL, 0xe9ffb530UL, 0x1cf2bdbdUL, 0x8ac2bacaUL, 0x3093b353UL, 0xa6a3b424UL, 0x0536d0baUL, 0x9306d7cdUL, 0x2957de54UL, 0xbf67d923UL, 0x2e7a66b3UL, 0xb84a61c4UL, 0x021b685dUL, 0x942b6f2aUL, 0x37be0bb4UL, 0xa18e0cc3UL, 0x1bdf055aUL, 0x8def022dUL }, { 0x00000000UL, 0x41311b19UL, 0x82623632UL, 0xc3532d2bUL, 0x04c56c64UL, 0x45f4777dUL, 0x86a75a56UL, 0xc796414fUL, 0x088ad9c8UL, 0x49bbc2d1UL, 0x8ae8effaUL, 0xcbd9f4e3UL, 0x0c4fb5acUL, 0x4d7eaeb5UL, 0x8e2d839eUL, 0xcf1c9887UL, 0x5112c24aUL, 0x1023d953UL, 0xd370f478UL, 0x9241ef61UL, 0x55d7ae2eUL, 0x14e6b537UL, 0xd7b5981cUL, 0x96848305UL, 0x59981b82UL, 0x18a9009bUL, 0xdbfa2db0UL, 0x9acb36a9UL, 0x5d5d77e6UL, 0x1c6c6cffUL, 0xdf3f41d4UL, 0x9e0e5acdUL, 0xa2248495UL, 0xe3159f8cUL, 0x2046b2a7UL, 0x6177a9beUL, 0xa6e1e8f1UL, 0xe7d0f3e8UL, 0x2483dec3UL, 0x65b2c5daUL, 0xaaae5d5dUL, 0xeb9f4644UL, 0x28cc6b6fUL, 0x69fd7076UL, 0xae6b3139UL, 0xef5a2a20UL, 0x2c09070bUL, 0x6d381c12UL, 0xf33646dfUL, 0xb2075dc6UL, 0x715470edUL, 0x30656bf4UL, 0xf7f32abbUL, 0xb6c231a2UL, 0x75911c89UL, 0x34a00790UL, 0xfbbc9f17UL, 0xba8d840eUL, 0x79dea925UL, 0x38efb23cUL, 0xff79f373UL, 0xbe48e86aUL, 0x7d1bc541UL, 0x3c2ade58UL, 0x054f79f0UL, 0x447e62e9UL, 0x872d4fc2UL, 0xc61c54dbUL, 0x018a1594UL, 0x40bb0e8dUL, 0x83e823a6UL, 0xc2d938bfUL, 0x0dc5a038UL, 0x4cf4bb21UL, 0x8fa7960aUL, 0xce968d13UL, 0x0900cc5cUL, 0x4831d745UL, 0x8b62fa6eUL, 0xca53e177UL, 0x545dbbbaUL, 0x156ca0a3UL, 0xd63f8d88UL, 0x970e9691UL, 0x5098d7deUL, 0x11a9ccc7UL, 0xd2fae1ecUL, 0x93cbfaf5UL, 0x5cd76272UL, 0x1de6796bUL, 0xdeb55440UL, 0x9f844f59UL, 0x58120e16UL, 0x1923150fUL, 0xda703824UL, 0x9b41233dUL, 0xa76bfd65UL, 0xe65ae67cUL, 0x2509cb57UL, 0x6438d04eUL, 0xa3ae9101UL, 0xe29f8a18UL, 0x21cca733UL, 0x60fdbc2aUL, 0xafe124adUL, 0xeed03fb4UL, 0x2d83129fUL, 0x6cb20986UL, 0xab2448c9UL, 0xea1553d0UL, 0x29467efbUL, 0x687765e2UL, 0xf6793f2fUL, 0xb7482436UL, 0x741b091dUL, 0x352a1204UL, 0xf2bc534bUL, 0xb38d4852UL, 0x70de6579UL, 0x31ef7e60UL, 0xfef3e6e7UL, 0xbfc2fdfeUL, 0x7c91d0d5UL, 0x3da0cbccUL, 0xfa368a83UL, 0xbb07919aUL, 0x7854bcb1UL, 0x3965a7a8UL, 0x4b98833bUL, 0x0aa99822UL, 0xc9fab509UL, 0x88cbae10UL, 0x4f5def5fUL, 0x0e6cf446UL, 0xcd3fd96dUL, 0x8c0ec274UL, 0x43125af3UL, 0x022341eaUL, 0xc1706cc1UL, 0x804177d8UL, 0x47d73697UL, 0x06e62d8eUL, 0xc5b500a5UL, 0x84841bbcUL, 0x1a8a4171UL, 0x5bbb5a68UL, 0x98e87743UL, 0xd9d96c5aUL, 0x1e4f2d15UL, 0x5f7e360cUL, 0x9c2d1b27UL, 0xdd1c003eUL, 0x120098b9UL, 0x533183a0UL, 0x9062ae8bUL, 0xd153b592UL, 0x16c5f4ddUL, 0x57f4efc4UL, 0x94a7c2efUL, 0xd596d9f6UL, 0xe9bc07aeUL, 0xa88d1cb7UL, 0x6bde319cUL, 0x2aef2a85UL, 0xed796bcaUL, 0xac4870d3UL, 0x6f1b5df8UL, 0x2e2a46e1UL, 0xe136de66UL, 0xa007c57fUL, 0x6354e854UL, 0x2265f34dUL, 0xe5f3b202UL, 0xa4c2a91bUL, 0x67918430UL, 0x26a09f29UL, 0xb8aec5e4UL, 0xf99fdefdUL, 0x3accf3d6UL, 0x7bfde8cfUL, 0xbc6ba980UL, 0xfd5ab299UL, 0x3e099fb2UL, 0x7f3884abUL, 0xb0241c2cUL, 0xf1150735UL, 0x32462a1eUL, 0x73773107UL, 0xb4e17048UL, 0xf5d06b51UL, 0x3683467aUL, 0x77b25d63UL, 0x4ed7facbUL, 0x0fe6e1d2UL, 0xccb5ccf9UL, 0x8d84d7e0UL, 0x4a1296afUL, 0x0b238db6UL, 0xc870a09dUL, 0x8941bb84UL, 0x465d2303UL, 0x076c381aUL, 0xc43f1531UL, 0x850e0e28UL, 0x42984f67UL, 0x03a9547eUL, 0xc0fa7955UL, 0x81cb624cUL, 0x1fc53881UL, 0x5ef42398UL, 0x9da70eb3UL, 0xdc9615aaUL, 0x1b0054e5UL, 0x5a314ffcUL, 0x996262d7UL, 0xd85379ceUL, 0x174fe149UL, 0x567efa50UL, 0x952dd77bUL, 0xd41ccc62UL, 0x138a8d2dUL, 0x52bb9634UL, 0x91e8bb1fUL, 0xd0d9a006UL, 0xecf37e5eUL, 0xadc26547UL, 0x6e91486cUL, 0x2fa05375UL, 0xe836123aUL, 0xa9070923UL, 0x6a542408UL, 0x2b653f11UL, 0xe479a796UL, 0xa548bc8fUL, 0x661b91a4UL, 0x272a8abdUL, 0xe0bccbf2UL, 0xa18dd0ebUL, 0x62defdc0UL, 0x23efe6d9UL, 0xbde1bc14UL, 0xfcd0a70dUL, 0x3f838a26UL, 0x7eb2913fUL, 0xb924d070UL, 0xf815cb69UL, 0x3b46e642UL, 0x7a77fd5bUL, 0xb56b65dcUL, 0xf45a7ec5UL, 0x370953eeUL, 0x763848f7UL, 0xb1ae09b8UL, 0xf09f12a1UL, 0x33cc3f8aUL, 0x72fd2493UL }, { 0x00000000UL, 0x376ac201UL, 0x6ed48403UL, 0x59be4602UL, 0xdca80907UL, 0xebc2cb06UL, 0xb27c8d04UL, 0x85164f05UL, 0xb851130eUL, 0x8f3bd10fUL, 0xd685970dUL, 0xe1ef550cUL, 0x64f91a09UL, 0x5393d808UL, 0x0a2d9e0aUL, 0x3d475c0bUL, 0x70a3261cUL, 0x47c9e41dUL, 0x1e77a21fUL, 0x291d601eUL, 0xac0b2f1bUL, 0x9b61ed1aUL, 0xc2dfab18UL, 0xf5b56919UL, 0xc8f23512UL, 0xff98f713UL, 0xa626b111UL, 0x914c7310UL, 0x145a3c15UL, 0x2330fe14UL, 0x7a8eb816UL, 0x4de47a17UL, 0xe0464d38UL, 0xd72c8f39UL, 0x8e92c93bUL, 0xb9f80b3aUL, 0x3cee443fUL, 0x0b84863eUL, 0x523ac03cUL, 0x6550023dUL, 0x58175e36UL, 0x6f7d9c37UL, 0x36c3da35UL, 0x01a91834UL, 0x84bf5731UL, 0xb3d59530UL, 0xea6bd332UL, 0xdd011133UL, 0x90e56b24UL, 0xa78fa925UL, 0xfe31ef27UL, 0xc95b2d26UL, 0x4c4d6223UL, 0x7b27a022UL, 0x2299e620UL, 0x15f32421UL, 0x28b4782aUL, 0x1fdeba2bUL, 0x4660fc29UL, 0x710a3e28UL, 0xf41c712dUL, 0xc376b32cUL, 0x9ac8f52eUL, 0xada2372fUL, 0xc08d9a70UL, 0xf7e75871UL, 0xae591e73UL, 0x9933dc72UL, 0x1c259377UL, 0x2b4f5176UL, 0x72f11774UL, 0x459bd575UL, 0x78dc897eUL, 0x4fb64b7fUL, 0x16080d7dUL, 0x2162cf7cUL, 0xa4748079UL, 0x931e4278UL, 0xcaa0047aUL, 0xfdcac67bUL, 0xb02ebc6cUL, 0x87447e6dUL, 0xdefa386fUL, 0xe990fa6eUL, 0x6c86b56bUL, 0x5bec776aUL, 0x02523168UL, 0x3538f369UL, 0x087faf62UL, 0x3f156d63UL, 0x66ab2b61UL, 0x51c1e960UL, 0xd4d7a665UL, 0xe3bd6464UL, 0xba032266UL, 0x8d69e067UL, 0x20cbd748UL, 0x17a11549UL, 0x4e1f534bUL, 0x7975914aUL, 0xfc63de4fUL, 0xcb091c4eUL, 0x92b75a4cUL, 0xa5dd984dUL, 0x989ac446UL, 0xaff00647UL, 0xf64e4045UL, 0xc1248244UL, 0x4432cd41UL, 0x73580f40UL, 0x2ae64942UL, 0x1d8c8b43UL, 0x5068f154UL, 0x67023355UL, 0x3ebc7557UL, 0x09d6b756UL, 0x8cc0f853UL, 0xbbaa3a52UL, 0xe2147c50UL, 0xd57ebe51UL, 0xe839e25aUL, 0xdf53205bUL, 0x86ed6659UL, 0xb187a458UL, 0x3491eb5dUL, 0x03fb295cUL, 0x5a456f5eUL, 0x6d2fad5fUL, 0x801b35e1UL, 0xb771f7e0UL, 0xeecfb1e2UL, 0xd9a573e3UL, 0x5cb33ce6UL, 0x6bd9fee7UL, 0x3267b8e5UL, 0x050d7ae4UL, 0x384a26efUL, 0x0f20e4eeUL, 0x569ea2ecUL, 0x61f460edUL, 0xe4e22fe8UL, 0xd388ede9UL, 0x8a36abebUL, 0xbd5c69eaUL, 0xf0b813fdUL, 0xc7d2d1fcUL, 0x9e6c97feUL, 0xa90655ffUL, 0x2c101afaUL, 0x1b7ad8fbUL, 0x42c49ef9UL, 0x75ae5cf8UL, 0x48e900f3UL, 0x7f83c2f2UL, 0x263d84f0UL, 0x115746f1UL, 0x944109f4UL, 0xa32bcbf5UL, 0xfa958df7UL, 0xcdff4ff6UL, 0x605d78d9UL, 0x5737bad8UL, 0x0e89fcdaUL, 0x39e33edbUL, 0xbcf571deUL, 0x8b9fb3dfUL, 0xd221f5ddUL, 0xe54b37dcUL, 0xd80c6bd7UL, 0xef66a9d6UL, 0xb6d8efd4UL, 0x81b22dd5UL, 0x04a462d0UL, 0x33cea0d1UL, 0x6a70e6d3UL, 0x5d1a24d2UL, 0x10fe5ec5UL, 0x27949cc4UL, 0x7e2adac6UL, 0x494018c7UL, 0xcc5657c2UL, 0xfb3c95c3UL, 0xa282d3c1UL, 0x95e811c0UL, 0xa8af4dcbUL, 0x9fc58fcaUL, 0xc67bc9c8UL, 0xf1110bc9UL, 0x740744ccUL, 0x436d86cdUL, 0x1ad3c0cfUL, 0x2db902ceUL, 0x4096af91UL, 0x77fc6d90UL, 0x2e422b92UL, 0x1928e993UL, 0x9c3ea696UL, 0xab546497UL, 0xf2ea2295UL, 0xc580e094UL, 0xf8c7bc9fUL, 0xcfad7e9eUL, 0x9613389cUL, 0xa179fa9dUL, 0x246fb598UL, 0x13057799UL, 0x4abb319bUL, 0x7dd1f39aUL, 0x3035898dUL, 0x075f4b8cUL, 0x5ee10d8eUL, 0x698bcf8fUL, 0xec9d808aUL, 0xdbf7428bUL, 0x82490489UL, 0xb523c688UL, 0x88649a83UL, 0xbf0e5882UL, 0xe6b01e80UL, 0xd1dadc81UL, 0x54cc9384UL, 0x63a65185UL, 0x3a181787UL, 0x0d72d586UL, 0xa0d0e2a9UL, 0x97ba20a8UL, 0xce0466aaUL, 0xf96ea4abUL, 0x7c78ebaeUL, 0x4b1229afUL, 0x12ac6fadUL, 0x25c6adacUL, 0x1881f1a7UL, 0x2feb33a6UL, 0x765575a4UL, 0x413fb7a5UL, 0xc429f8a0UL, 0xf3433aa1UL, 0xaafd7ca3UL, 0x9d97bea2UL, 0xd073c4b5UL, 0xe71906b4UL, 0xbea740b6UL, 0x89cd82b7UL, 0x0cdbcdb2UL, 0x3bb10fb3UL, 0x620f49b1UL, 0x55658bb0UL, 0x6822d7bbUL, 0x5f4815baUL, 0x06f653b8UL, 0x319c91b9UL, 0xb48adebcUL, 0x83e01cbdUL, 0xda5e5abfUL, 0xed3498beUL }, { 0x00000000UL, 0x6567bcb8UL, 0x8bc809aaUL, 0xeeafb512UL, 0x5797628fUL, 0x32f0de37UL, 0xdc5f6b25UL, 0xb938d79dUL, 0xef28b4c5UL, 0x8a4f087dUL, 0x64e0bd6fUL, 0x018701d7UL, 0xb8bfd64aUL, 0xddd86af2UL, 0x3377dfe0UL, 0x56106358UL, 0x9f571950UL, 0xfa30a5e8UL, 0x149f10faUL, 0x71f8ac42UL, 0xc8c07bdfUL, 0xada7c767UL, 0x43087275UL, 0x266fcecdUL, 0x707fad95UL, 0x1518112dUL, 0xfbb7a43fUL, 0x9ed01887UL, 0x27e8cf1aUL, 0x428f73a2UL, 0xac20c6b0UL, 0xc9477a08UL, 0x3eaf32a0UL, 0x5bc88e18UL, 0xb5673b0aUL, 0xd00087b2UL, 0x6938502fUL, 0x0c5fec97UL, 0xe2f05985UL, 0x8797e53dUL, 0xd1878665UL, 0xb4e03addUL, 0x5a4f8fcfUL, 0x3f283377UL, 0x8610e4eaUL, 0xe3775852UL, 0x0dd8ed40UL, 0x68bf51f8UL, 0xa1f82bf0UL, 0xc49f9748UL, 0x2a30225aUL, 0x4f579ee2UL, 0xf66f497fUL, 0x9308f5c7UL, 0x7da740d5UL, 0x18c0fc6dUL, 0x4ed09f35UL, 0x2bb7238dUL, 0xc518969fUL, 0xa07f2a27UL, 0x1947fdbaUL, 0x7c204102UL, 0x928ff410UL, 0xf7e848a8UL, 0x3d58149bUL, 0x583fa823UL, 0xb6901d31UL, 0xd3f7a189UL, 0x6acf7614UL, 0x0fa8caacUL, 0xe1077fbeUL, 0x8460c306UL, 0xd270a05eUL, 0xb7171ce6UL, 0x59b8a9f4UL, 0x3cdf154cUL, 0x85e7c2d1UL, 0xe0807e69UL, 0x0e2fcb7bUL, 0x6b4877c3UL, 0xa20f0dcbUL, 0xc768b173UL, 0x29c70461UL, 0x4ca0b8d9UL, 0xf5986f44UL, 0x90ffd3fcUL, 0x7e5066eeUL, 0x1b37da56UL, 0x4d27b90eUL, 0x284005b6UL, 0xc6efb0a4UL, 0xa3880c1cUL, 0x1ab0db81UL, 0x7fd76739UL, 0x9178d22bUL, 0xf41f6e93UL, 0x03f7263bUL, 0x66909a83UL, 0x883f2f91UL, 0xed589329UL, 0x546044b4UL, 0x3107f80cUL, 0xdfa84d1eUL, 0xbacff1a6UL, 0xecdf92feUL, 0x89b82e46UL, 0x67179b54UL, 0x027027ecUL, 0xbb48f071UL, 0xde2f4cc9UL, 0x3080f9dbUL, 0x55e74563UL, 0x9ca03f6bUL, 0xf9c783d3UL, 0x176836c1UL, 0x720f8a79UL, 0xcb375de4UL, 0xae50e15cUL, 0x40ff544eUL, 0x2598e8f6UL, 0x73888baeUL, 0x16ef3716UL, 0xf8408204UL, 0x9d273ebcUL, 0x241fe921UL, 0x41785599UL, 0xafd7e08bUL, 0xcab05c33UL, 0x3bb659edUL, 0x5ed1e555UL, 0xb07e5047UL, 0xd519ecffUL, 0x6c213b62UL, 0x094687daUL, 0xe7e932c8UL, 0x828e8e70UL, 0xd49eed28UL, 0xb1f95190UL, 0x5f56e482UL, 0x3a31583aUL, 0x83098fa7UL, 0xe66e331fUL, 0x08c1860dUL, 0x6da63ab5UL, 0xa4e140bdUL, 0xc186fc05UL, 0x2f294917UL, 0x4a4ef5afUL, 0xf3762232UL, 0x96119e8aUL, 0x78be2b98UL, 0x1dd99720UL, 0x4bc9f478UL, 0x2eae48c0UL, 0xc001fdd2UL, 0xa566416aUL, 0x1c5e96f7UL, 0x79392a4fUL, 0x97969f5dUL, 0xf2f123e5UL, 0x05196b4dUL, 0x607ed7f5UL, 0x8ed162e7UL, 0xebb6de5fUL, 0x528e09c2UL, 0x37e9b57aUL, 0xd9460068UL, 0xbc21bcd0UL, 0xea31df88UL, 0x8f566330UL, 0x61f9d622UL, 0x049e6a9aUL, 0xbda6bd07UL, 0xd8c101bfUL, 0x366eb4adUL, 0x53090815UL, 0x9a4e721dUL, 0xff29cea5UL, 0x11867bb7UL, 0x74e1c70fUL, 0xcdd91092UL, 0xa8beac2aUL, 0x46111938UL, 0x2376a580UL, 0x7566c6d8UL, 0x10017a60UL, 0xfeaecf72UL, 0x9bc973caUL, 0x22f1a457UL, 0x479618efUL, 0xa939adfdUL, 0xcc5e1145UL, 0x06ee4d76UL, 0x6389f1ceUL, 0x8d2644dcUL, 0xe841f864UL, 0x51792ff9UL, 0x341e9341UL, 0xdab12653UL, 0xbfd69aebUL, 0xe9c6f9b3UL, 0x8ca1450bUL, 0x620ef019UL, 0x07694ca1UL, 0xbe519b3cUL, 0xdb362784UL, 0x35999296UL, 0x50fe2e2eUL, 0x99b95426UL, 0xfcdee89eUL, 0x12715d8cUL, 0x7716e134UL, 0xce2e36a9UL, 0xab498a11UL, 0x45e63f03UL, 0x208183bbUL, 0x7691e0e3UL, 0x13f65c5bUL, 0xfd59e949UL, 0x983e55f1UL, 0x2106826cUL, 0x44613ed4UL, 0xaace8bc6UL, 0xcfa9377eUL, 0x38417fd6UL, 0x5d26c36eUL, 0xb389767cUL, 0xd6eecac4UL, 0x6fd61d59UL, 0x0ab1a1e1UL, 0xe41e14f3UL, 0x8179a84bUL, 0xd769cb13UL, 0xb20e77abUL, 0x5ca1c2b9UL, 0x39c67e01UL, 0x80fea99cUL, 0xe5991524UL, 0x0b36a036UL, 0x6e511c8eUL, 0xa7166686UL, 0xc271da3eUL, 0x2cde6f2cUL, 0x49b9d394UL, 0xf0810409UL, 0x95e6b8b1UL, 0x7b490da3UL, 0x1e2eb11bUL, 0x483ed243UL, 0x2d596efbUL, 0xc3f6dbe9UL, 0xa6916751UL, 0x1fa9b0ccUL, 0x7ace0c74UL, 0x9461b966UL, 0xf10605deUL #endif } }; sudo-1.8.9p5/zlib/deflate.c010064400175440000012000002133401226304126500150600ustar00millertstaff/* deflate.c -- compress data using the deflation algorithm * Copyright (C) 1995-2012 Jean-loup Gailly and Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ /* * ALGORITHM * * The "deflation" process depends on being able to identify portions * of the input text which are identical to earlier input (within a * sliding window trailing behind the input currently being processed). * * The most straightforward technique turns out to be the fastest for * most input files: try all possible matches and select the longest. * The key feature of this algorithm is that insertions into the string * dictionary are very simple and thus fast, and deletions are avoided * completely. Insertions are performed at each input character, whereas * string matches are performed only when the previous match ends. So it * is preferable to spend more time in matches to allow very fast string * insertions and avoid deletions. The matching algorithm for small * strings is inspired from that of Rabin & Karp. A brute force approach * is used to find longer strings when a small match has been found. * A similar algorithm is used in comic (by Jan-Mark Wams) and freeze * (by Leonid Broukhis). * A previous version of this file used a more sophisticated algorithm * (by Fiala and Greene) which is guaranteed to run in linear amortized * time, but has a larger average cost, uses more memory and is patented. * However the F&G algorithm may be faster for some highly redundant * files if the parameter max_chain_length (described below) is too large. * * ACKNOWLEDGEMENTS * * The idea of lazy evaluation of matches is due to Jan-Mark Wams, and * I found it in 'freeze' written by Leonid Broukhis. * Thanks to many people for bug reports and testing. * * REFERENCES * * Deutsch, L.P.,"DEFLATE Compressed Data Format Specification". * Available in http://tools.ietf.org/html/rfc1951 * * A description of the Rabin and Karp algorithm is given in the book * "Algorithms" by R. Sedgewick, Addison-Wesley, p252. * * Fiala,E.R., and Greene,D.H. * Data Compression with Finite Windows, Comm.ACM, 32,4 (1989) 490-595 * */ /* @(#) $Id$ */ #include "deflate.h" const char deflate_copyright[] = " deflate 1.2.6 Copyright 1995-2012 Jean-loup Gailly and Mark Adler "; /* If you use the zlib library in a product, an acknowledgment is welcome in the documentation of your product. If for some reason you cannot include such an acknowledgment, I would appreciate that you keep this copyright string in the executable of your product. */ /* =========================================================================== * Function prototypes. */ typedef enum { need_more, /* block not completed, need more input or more output */ block_done, /* block flush performed */ finish_started, /* finish started, need only more output at next deflate */ finish_done /* finish done, accept no more input or output */ } block_state; typedef block_state (*compress_func) OF((deflate_state *s, int flush)); /* Compression function. Returns the block state after the call. */ local void fill_window OF((deflate_state *s)); local block_state deflate_stored OF((deflate_state *s, int flush)); local block_state deflate_fast OF((deflate_state *s, int flush)); #ifndef FASTEST local block_state deflate_slow OF((deflate_state *s, int flush)); #endif local block_state deflate_rle OF((deflate_state *s, int flush)); local block_state deflate_huff OF((deflate_state *s, int flush)); local void lm_init OF((deflate_state *s)); local void putShortMSB OF((deflate_state *s, uInt b)); local void flush_pending OF((z_streamp strm)); local int read_buf OF((z_streamp strm, Bytef *buf, unsigned size)); #ifdef ASMV void match_init OF((void)); /* asm code initialization */ uInt longest_match OF((deflate_state *s, IPos cur_match)); #else local uInt longest_match OF((deflate_state *s, IPos cur_match)); #endif #ifdef DEBUG local void check_match OF((deflate_state *s, IPos start, IPos match, int length)); #endif /* =========================================================================== * Local data */ #define NIL 0 /* Tail of hash chains */ #ifndef TOO_FAR # define TOO_FAR 4096 #endif /* Matches of length 3 are discarded if their distance exceeds TOO_FAR */ /* Values for max_lazy_match, good_match and max_chain_length, depending on * the desired pack level (0..9). The values given below have been tuned to * exclude worst case performance for pathological files. Better values may be * found for specific files. */ typedef struct config_s { ush good_length; /* reduce lazy search above this match length */ ush max_lazy; /* do not perform lazy search above this match length */ ush nice_length; /* quit search above this match length */ ush max_chain; compress_func func; } config; #ifdef FASTEST local const config configuration_table[2] = { /* good lazy nice chain */ /* 0 */ {0, 0, 0, 0, deflate_stored}, /* store only */ /* 1 */ {4, 4, 8, 4, deflate_fast}}; /* max speed, no lazy matches */ #else local const config configuration_table[10] = { /* good lazy nice chain */ /* 0 */ {0, 0, 0, 0, deflate_stored}, /* store only */ /* 1 */ {4, 4, 8, 4, deflate_fast}, /* max speed, no lazy matches */ /* 2 */ {4, 5, 16, 8, deflate_fast}, /* 3 */ {4, 6, 32, 32, deflate_fast}, /* 4 */ {4, 4, 16, 16, deflate_slow}, /* lazy matches */ /* 5 */ {8, 16, 32, 32, deflate_slow}, /* 6 */ {8, 16, 128, 128, deflate_slow}, /* 7 */ {8, 32, 128, 256, deflate_slow}, /* 8 */ {32, 128, 258, 1024, deflate_slow}, /* 9 */ {32, 258, 258, 4096, deflate_slow}}; /* max compression */ #endif /* Note: the deflate() code requires max_lazy >= MIN_MATCH and max_chain >= 4 * For deflate_fast() (levels <= 3) good is ignored and lazy has a different * meaning. */ #define EQUAL 0 /* result of memcmp for equal strings */ #ifndef NO_DUMMY_DECL struct static_tree_desc_s {int dummy;}; /* for buggy compilers */ #endif /* rank Z_BLOCK between Z_NO_FLUSH and Z_PARTIAL_FLUSH */ #define RANK(f) (((f) << 1) - ((f) > 4 ? 9 : 0)) /* =========================================================================== * Update a hash value with the given input byte * IN assertion: all calls to to UPDATE_HASH are made with consecutive * input characters, so that a running hash key can be computed from the * previous key instead of complete recalculation each time. */ #define UPDATE_HASH(s,h,c) (h = (((h)<hash_shift) ^ (c)) & s->hash_mask) /* =========================================================================== * Insert string str in the dictionary and set match_head to the previous head * of the hash chain (the most recent string with same hash key). Return * the previous length of the hash chain. * If this file is compiled with -DFASTEST, the compression level is forced * to 1, and no hash chains are maintained. * IN assertion: all calls to to INSERT_STRING are made with consecutive * input characters and the first MIN_MATCH bytes of str are valid * (except for the last MIN_MATCH-1 bytes of the input file). */ #ifdef FASTEST #define INSERT_STRING(s, str, match_head) \ (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \ match_head = s->head[s->ins_h], \ s->head[s->ins_h] = (Pos)(str)) #else #define INSERT_STRING(s, str, match_head) \ (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \ match_head = s->prev[(str) & s->w_mask] = s->head[s->ins_h], \ s->head[s->ins_h] = (Pos)(str)) #endif /* =========================================================================== * Initialize the hash table (avoiding 64K overflow for 16 bit systems). * prev[] will be initialized on the fly. */ #define CLEAR_HASH(s) \ s->head[s->hash_size-1] = NIL; \ zmemzero((Bytef *)s->head, (unsigned)(s->hash_size-1)*sizeof(*s->head)); /* ========================================================================= */ int ZEXPORT deflateInit_(strm, level, version, stream_size) z_streamp strm; int level; const char *version; int stream_size; { return deflateInit2_(strm, level, Z_DEFLATED, MAX_WBITS, DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY, version, stream_size); /* To do: ignore strm->next_in if we use it as window */ } /* ========================================================================= */ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, version, stream_size) z_streamp strm; int level; int method; int windowBits; int memLevel; int strategy; const char *version; int stream_size; { deflate_state *s; int wrap = 1; static const char my_version[] = ZLIB_VERSION; ushf *overlay; /* We overlay pending_buf and d_buf+l_buf. This works since the average * output size for (length,distance) codes is <= 24 bits. */ if (version == Z_NULL || version[0] != my_version[0] || stream_size != sizeof(z_stream)) { return Z_VERSION_ERROR; } if (strm == Z_NULL) return Z_STREAM_ERROR; strm->msg = Z_NULL; if (strm->zalloc == (alloc_func)0) { #ifdef Z_SOLO return Z_STREAM_ERROR; #else strm->zalloc = zcalloc; strm->opaque = (voidpf)0; #endif } if (strm->zfree == (free_func)0) #ifdef Z_SOLO return Z_STREAM_ERROR; #else strm->zfree = zcfree; #endif #ifdef FASTEST if (level != 0) level = 1; #else if (level == Z_DEFAULT_COMPRESSION) level = 6; #endif if (windowBits < 0) { /* suppress zlib wrapper */ wrap = 0; windowBits = -windowBits; } #ifdef GZIP else if (windowBits > 15) { wrap = 2; /* write gzip wrapper instead */ windowBits -= 16; } #endif if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED || windowBits < 8 || windowBits > 15 || level < 0 || level > 9 || strategy < 0 || strategy > Z_FIXED) { return Z_STREAM_ERROR; } if (windowBits == 8) windowBits = 9; /* until 256-byte window bug fixed */ s = (deflate_state *) ZALLOC(strm, 1, sizeof(deflate_state)); if (s == Z_NULL) return Z_MEM_ERROR; strm->state = (struct internal_state FAR *)s; s->strm = strm; s->wrap = wrap; s->gzhead = Z_NULL; s->w_bits = windowBits; s->w_size = 1 << s->w_bits; s->w_mask = s->w_size - 1; s->hash_bits = memLevel + 7; s->hash_size = 1 << s->hash_bits; s->hash_mask = s->hash_size - 1; s->hash_shift = ((s->hash_bits+MIN_MATCH-1)/MIN_MATCH); s->window = (Bytef *) ZALLOC(strm, s->w_size, 2*sizeof(Byte)); s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos)); s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos)); s->high_water = 0; /* nothing written to s->window yet */ s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */ overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2); s->pending_buf = (uchf *) overlay; s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L); if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL || s->pending_buf == Z_NULL) { s->status = FINISH_STATE; strm->msg = (char*)ERR_MSG(Z_MEM_ERROR); deflateEnd (strm); return Z_MEM_ERROR; } s->d_buf = overlay + s->lit_bufsize/sizeof(ush); s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize; s->level = level; s->strategy = strategy; s->method = (Byte)method; return deflateReset(strm); } /* ========================================================================= */ int ZEXPORT deflateSetDictionary (strm, dictionary, dictLength) z_streamp strm; const Bytef *dictionary; uInt dictLength; { deflate_state *s; uInt str, n; int wrap; unsigned avail; unsigned char *next; if (strm == Z_NULL || strm->state == Z_NULL || dictionary == Z_NULL) return Z_STREAM_ERROR; s = strm->state; wrap = s->wrap; if (wrap == 2 || (wrap == 1 && s->status != INIT_STATE) || s->lookahead) return Z_STREAM_ERROR; /* when using zlib wrappers, compute Adler-32 for provided dictionary */ if (wrap == 1) strm->adler = adler32(strm->adler, dictionary, dictLength); s->wrap = 0; /* avoid computing Adler-32 in read_buf */ /* if dictionary would fill window, just replace the history */ if (dictLength >= s->w_size) { if (wrap == 0) { /* already empty otherwise */ CLEAR_HASH(s); s->strstart = 0; s->block_start = 0L; s->insert = 0; } dictionary += dictLength - s->w_size; /* use the tail */ dictLength = s->w_size; } /* insert dictionary into window and hash */ avail = strm->avail_in; next = strm->next_in; strm->avail_in = dictLength; strm->next_in = (Bytef *)dictionary; fill_window(s); while (s->lookahead >= MIN_MATCH) { str = s->strstart; n = s->lookahead - (MIN_MATCH-1); do { UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); #ifndef FASTEST s->prev[str & s->w_mask] = s->head[s->ins_h]; #endif s->head[s->ins_h] = (Pos)str; str++; } while (--n); s->strstart = str; s->lookahead = MIN_MATCH-1; fill_window(s); } s->strstart += s->lookahead; s->block_start = (long)s->strstart; s->insert = s->lookahead; s->lookahead = 0; s->match_length = s->prev_length = MIN_MATCH-1; s->match_available = 0; strm->next_in = next; strm->avail_in = avail; s->wrap = wrap; return Z_OK; } /* ========================================================================= */ int ZEXPORT deflateResetKeep (strm) z_streamp strm; { deflate_state *s; if (strm == Z_NULL || strm->state == Z_NULL || strm->zalloc == (alloc_func)0 || strm->zfree == (free_func)0) { return Z_STREAM_ERROR; } strm->total_in = strm->total_out = 0; strm->msg = Z_NULL; /* use zfree if we ever allocate msg dynamically */ strm->data_type = Z_UNKNOWN; s = (deflate_state *)strm->state; s->pending = 0; s->pending_out = s->pending_buf; if (s->wrap < 0) { s->wrap = -s->wrap; /* was made negative by deflate(..., Z_FINISH); */ } s->status = s->wrap ? INIT_STATE : BUSY_STATE; strm->adler = #ifdef GZIP s->wrap == 2 ? crc32(0L, Z_NULL, 0) : #endif adler32(0L, Z_NULL, 0); s->last_flush = Z_NO_FLUSH; _tr_init(s); return Z_OK; } /* ========================================================================= */ int ZEXPORT deflateReset (strm) z_streamp strm; { int ret; ret = deflateResetKeep(strm); if (ret == Z_OK) lm_init(strm->state); return ret; } /* ========================================================================= */ int ZEXPORT deflateSetHeader (strm, head) z_streamp strm; gz_headerp head; { if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; if (strm->state->wrap != 2) return Z_STREAM_ERROR; strm->state->gzhead = head; return Z_OK; } /* ========================================================================= */ int ZEXPORT deflatePending (strm, pending, bits) unsigned *pending; int *bits; z_streamp strm; { if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; if (pending != Z_NULL) *pending = strm->state->pending; if (bits != Z_NULL) *bits = strm->state->bi_valid; return Z_OK; } /* ========================================================================= */ int ZEXPORT deflatePrime (strm, bits, value) z_streamp strm; int bits; int value; { deflate_state *s; int put; if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; s = strm->state; if ((Bytef *)(s->d_buf) < s->pending_out + ((Buf_size + 7) >> 3)) return Z_BUF_ERROR; do { put = Buf_size - s->bi_valid; if (put > bits) put = bits; s->bi_buf |= (ush)((value & ((1 << put) - 1)) << s->bi_valid); s->bi_valid += put; _tr_flush_bits(s); value >>= put; bits -= put; } while (bits); return Z_OK; } /* ========================================================================= */ int ZEXPORT deflateParams(strm, level, strategy) z_streamp strm; int level; int strategy; { deflate_state *s; compress_func func; int err = Z_OK; if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; s = strm->state; #ifdef FASTEST if (level != 0) level = 1; #else if (level == Z_DEFAULT_COMPRESSION) level = 6; #endif if (level < 0 || level > 9 || strategy < 0 || strategy > Z_FIXED) { return Z_STREAM_ERROR; } func = configuration_table[s->level].func; if ((strategy != s->strategy || func != configuration_table[level].func) && strm->total_in != 0) { /* Flush the last buffer: */ err = deflate(strm, Z_BLOCK); } if (s->level != level) { s->level = level; s->max_lazy_match = configuration_table[level].max_lazy; s->good_match = configuration_table[level].good_length; s->nice_match = configuration_table[level].nice_length; s->max_chain_length = configuration_table[level].max_chain; } s->strategy = strategy; return err; } /* ========================================================================= */ int ZEXPORT deflateTune(strm, good_length, max_lazy, nice_length, max_chain) z_streamp strm; int good_length; int max_lazy; int nice_length; int max_chain; { deflate_state *s; if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; s = strm->state; s->good_match = good_length; s->max_lazy_match = max_lazy; s->nice_match = nice_length; s->max_chain_length = max_chain; return Z_OK; } /* ========================================================================= * For the default windowBits of 15 and memLevel of 8, this function returns * a close to exact, as well as small, upper bound on the compressed size. * They are coded as constants here for a reason--if the #define's are * changed, then this function needs to be changed as well. The return * value for 15 and 8 only works for those exact settings. * * For any setting other than those defaults for windowBits and memLevel, * the value returned is a conservative worst case for the maximum expansion * resulting from using fixed blocks instead of stored blocks, which deflate * can emit on compressed data for some combinations of the parameters. * * This function could be more sophisticated to provide closer upper bounds for * every combination of windowBits and memLevel. But even the conservative * upper bound of about 14% expansion does not seem onerous for output buffer * allocation. */ uLong ZEXPORT deflateBound(strm, sourceLen) z_streamp strm; uLong sourceLen; { deflate_state *s; uLong complen, wraplen; Bytef *str; /* conservative upper bound for compressed data */ complen = sourceLen + ((sourceLen + 7) >> 3) + ((sourceLen + 63) >> 6) + 5; /* if can't get parameters, return conservative bound plus zlib wrapper */ if (strm == Z_NULL || strm->state == Z_NULL) return complen + 6; /* compute wrapper length */ s = strm->state; switch (s->wrap) { case 0: /* raw deflate */ wraplen = 0; break; case 1: /* zlib wrapper */ wraplen = 6 + (s->strstart ? 4 : 0); break; case 2: /* gzip wrapper */ wraplen = 18; if (s->gzhead != Z_NULL) { /* user-supplied gzip header */ if (s->gzhead->extra != Z_NULL) wraplen += 2 + s->gzhead->extra_len; str = s->gzhead->name; if (str != Z_NULL) do { wraplen++; } while (*str++); str = s->gzhead->comment; if (str != Z_NULL) do { wraplen++; } while (*str++); if (s->gzhead->hcrc) wraplen += 2; } break; default: /* for compiler happiness */ wraplen = 6; } /* if not default parameters, return conservative bound */ if (s->w_bits != 15 || s->hash_bits != 8 + 7) return complen + wraplen; /* default settings: return tight bound for that case */ return sourceLen + (sourceLen >> 12) + (sourceLen >> 14) + (sourceLen >> 25) + 13 - 6 + wraplen; } /* ========================================================================= * Put a short in the pending buffer. The 16-bit value is put in MSB order. * IN assertion: the stream state is correct and there is enough room in * pending_buf. */ local void putShortMSB (s, b) deflate_state *s; uInt b; { put_byte(s, (Byte)(b >> 8)); put_byte(s, (Byte)(b & 0xff)); } /* ========================================================================= * Flush as much pending output as possible. All deflate() output goes * through this function so some applications may wish to modify it * to avoid allocating a large strm->next_out buffer and copying into it. * (See also read_buf()). */ local void flush_pending(strm) z_streamp strm; { unsigned len; deflate_state *s = strm->state; _tr_flush_bits(s); len = s->pending; if (len > strm->avail_out) len = strm->avail_out; if (len == 0) return; zmemcpy(strm->next_out, s->pending_out, len); strm->next_out += len; s->pending_out += len; strm->total_out += len; strm->avail_out -= len; s->pending -= len; if (s->pending == 0) { s->pending_out = s->pending_buf; } } /* ========================================================================= */ int ZEXPORT deflate (strm, flush) z_streamp strm; int flush; { int old_flush; /* value of flush param for previous deflate call */ deflate_state *s; if (strm == Z_NULL || strm->state == Z_NULL || flush > Z_BLOCK || flush < 0) { return Z_STREAM_ERROR; } s = strm->state; if (strm->next_out == Z_NULL || (strm->next_in == Z_NULL && strm->avail_in != 0) || (s->status == FINISH_STATE && flush != Z_FINISH)) { ERR_RETURN(strm, Z_STREAM_ERROR); } if (strm->avail_out == 0) ERR_RETURN(strm, Z_BUF_ERROR); s->strm = strm; /* just in case */ old_flush = s->last_flush; s->last_flush = flush; /* Write the header */ if (s->status == INIT_STATE) { #ifdef GZIP if (s->wrap == 2) { strm->adler = crc32(0L, Z_NULL, 0); put_byte(s, 31); put_byte(s, 139); put_byte(s, 8); if (s->gzhead == Z_NULL) { put_byte(s, 0); put_byte(s, 0); put_byte(s, 0); put_byte(s, 0); put_byte(s, 0); put_byte(s, s->level == 9 ? 2 : (s->strategy >= Z_HUFFMAN_ONLY || s->level < 2 ? 4 : 0)); put_byte(s, OS_CODE); s->status = BUSY_STATE; } else { put_byte(s, (s->gzhead->text ? 1 : 0) + (s->gzhead->hcrc ? 2 : 0) + (s->gzhead->extra == Z_NULL ? 0 : 4) + (s->gzhead->name == Z_NULL ? 0 : 8) + (s->gzhead->comment == Z_NULL ? 0 : 16) ); put_byte(s, (Byte)(s->gzhead->time & 0xff)); put_byte(s, (Byte)((s->gzhead->time >> 8) & 0xff)); put_byte(s, (Byte)((s->gzhead->time >> 16) & 0xff)); put_byte(s, (Byte)((s->gzhead->time >> 24) & 0xff)); put_byte(s, s->level == 9 ? 2 : (s->strategy >= Z_HUFFMAN_ONLY || s->level < 2 ? 4 : 0)); put_byte(s, s->gzhead->os & 0xff); if (s->gzhead->extra != Z_NULL) { put_byte(s, s->gzhead->extra_len & 0xff); put_byte(s, (s->gzhead->extra_len >> 8) & 0xff); } if (s->gzhead->hcrc) strm->adler = crc32(strm->adler, s->pending_buf, s->pending); s->gzindex = 0; s->status = EXTRA_STATE; } } else #endif { uInt header = (Z_DEFLATED + ((s->w_bits-8)<<4)) << 8; uInt level_flags; if (s->strategy >= Z_HUFFMAN_ONLY || s->level < 2) level_flags = 0; else if (s->level < 6) level_flags = 1; else if (s->level == 6) level_flags = 2; else level_flags = 3; header |= (level_flags << 6); if (s->strstart != 0) header |= PRESET_DICT; header += 31 - (header % 31); s->status = BUSY_STATE; putShortMSB(s, header); /* Save the adler32 of the preset dictionary: */ if (s->strstart != 0) { putShortMSB(s, (uInt)(strm->adler >> 16)); putShortMSB(s, (uInt)(strm->adler & 0xffff)); } strm->adler = adler32(0L, Z_NULL, 0); } } #ifdef GZIP if (s->status == EXTRA_STATE) { if (s->gzhead->extra != Z_NULL) { uInt beg = s->pending; /* start of bytes to update crc */ while (s->gzindex < (s->gzhead->extra_len & 0xffff)) { if (s->pending == s->pending_buf_size) { if (s->gzhead->hcrc && s->pending > beg) strm->adler = crc32(strm->adler, s->pending_buf + beg, s->pending - beg); flush_pending(strm); beg = s->pending; if (s->pending == s->pending_buf_size) break; } put_byte(s, s->gzhead->extra[s->gzindex]); s->gzindex++; } if (s->gzhead->hcrc && s->pending > beg) strm->adler = crc32(strm->adler, s->pending_buf + beg, s->pending - beg); if (s->gzindex == s->gzhead->extra_len) { s->gzindex = 0; s->status = NAME_STATE; } } else s->status = NAME_STATE; } if (s->status == NAME_STATE) { if (s->gzhead->name != Z_NULL) { uInt beg = s->pending; /* start of bytes to update crc */ int val; do { if (s->pending == s->pending_buf_size) { if (s->gzhead->hcrc && s->pending > beg) strm->adler = crc32(strm->adler, s->pending_buf + beg, s->pending - beg); flush_pending(strm); beg = s->pending; if (s->pending == s->pending_buf_size) { val = 1; break; } } val = s->gzhead->name[s->gzindex++]; put_byte(s, val); } while (val != 0); if (s->gzhead->hcrc && s->pending > beg) strm->adler = crc32(strm->adler, s->pending_buf + beg, s->pending - beg); if (val == 0) { s->gzindex = 0; s->status = COMMENT_STATE; } } else s->status = COMMENT_STATE; } if (s->status == COMMENT_STATE) { if (s->gzhead->comment != Z_NULL) { uInt beg = s->pending; /* start of bytes to update crc */ int val; do { if (s->pending == s->pending_buf_size) { if (s->gzhead->hcrc && s->pending > beg) strm->adler = crc32(strm->adler, s->pending_buf + beg, s->pending - beg); flush_pending(strm); beg = s->pending; if (s->pending == s->pending_buf_size) { val = 1; break; } } val = s->gzhead->comment[s->gzindex++]; put_byte(s, val); } while (val != 0); if (s->gzhead->hcrc && s->pending > beg) strm->adler = crc32(strm->adler, s->pending_buf + beg, s->pending - beg); if (val == 0) s->status = HCRC_STATE; } else s->status = HCRC_STATE; } if (s->status == HCRC_STATE) { if (s->gzhead->hcrc) { if (s->pending + 2 > s->pending_buf_size) flush_pending(strm); if (s->pending + 2 <= s->pending_buf_size) { put_byte(s, (Byte)(strm->adler & 0xff)); put_byte(s, (Byte)((strm->adler >> 8) & 0xff)); strm->adler = crc32(0L, Z_NULL, 0); s->status = BUSY_STATE; } } else s->status = BUSY_STATE; } #endif /* Flush as much pending output as possible */ if (s->pending != 0) { flush_pending(strm); if (strm->avail_out == 0) { /* Since avail_out is 0, deflate will be called again with * more output space, but possibly with both pending and * avail_in equal to zero. There won't be anything to do, * but this is not an error situation so make sure we * return OK instead of BUF_ERROR at next call of deflate: */ s->last_flush = -1; return Z_OK; } /* Make sure there is something to do and avoid duplicate consecutive * flushes. For repeated and useless calls with Z_FINISH, we keep * returning Z_STREAM_END instead of Z_BUF_ERROR. */ } else if (strm->avail_in == 0 && RANK(flush) <= RANK(old_flush) && flush != Z_FINISH) { ERR_RETURN(strm, Z_BUF_ERROR); } /* User must not provide more input after the first FINISH: */ if (s->status == FINISH_STATE && strm->avail_in != 0) { ERR_RETURN(strm, Z_BUF_ERROR); } /* Start a new block or continue the current one. */ if (strm->avail_in != 0 || s->lookahead != 0 || (flush != Z_NO_FLUSH && s->status != FINISH_STATE)) { block_state bstate; bstate = s->strategy == Z_HUFFMAN_ONLY ? deflate_huff(s, flush) : (s->strategy == Z_RLE ? deflate_rle(s, flush) : (*(configuration_table[s->level].func))(s, flush)); if (bstate == finish_started || bstate == finish_done) { s->status = FINISH_STATE; } if (bstate == need_more || bstate == finish_started) { if (strm->avail_out == 0) { s->last_flush = -1; /* avoid BUF_ERROR next call, see above */ } return Z_OK; /* If flush != Z_NO_FLUSH && avail_out == 0, the next call * of deflate should use the same flush parameter to make sure * that the flush is complete. So we don't have to output an * empty block here, this will be done at next call. This also * ensures that for a very small output buffer, we emit at most * one empty block. */ } if (bstate == block_done) { if (flush == Z_PARTIAL_FLUSH) { _tr_align(s); } else if (flush != Z_BLOCK) { /* FULL_FLUSH or SYNC_FLUSH */ _tr_stored_block(s, (char*)0, 0L, 0); /* For a full flush, this empty block will be recognized * as a special marker by inflate_sync(). */ if (flush == Z_FULL_FLUSH) { CLEAR_HASH(s); /* forget history */ if (s->lookahead == 0) { s->strstart = 0; s->block_start = 0L; s->insert = 0; } } } flush_pending(strm); if (strm->avail_out == 0) { s->last_flush = -1; /* avoid BUF_ERROR at next call, see above */ return Z_OK; } } } Assert(strm->avail_out > 0, "bug2"); if (flush != Z_FINISH) return Z_OK; if (s->wrap <= 0) return Z_STREAM_END; /* Write the trailer */ #ifdef GZIP if (s->wrap == 2) { put_byte(s, (Byte)(strm->adler & 0xff)); put_byte(s, (Byte)((strm->adler >> 8) & 0xff)); put_byte(s, (Byte)((strm->adler >> 16) & 0xff)); put_byte(s, (Byte)((strm->adler >> 24) & 0xff)); put_byte(s, (Byte)(strm->total_in & 0xff)); put_byte(s, (Byte)((strm->total_in >> 8) & 0xff)); put_byte(s, (Byte)((strm->total_in >> 16) & 0xff)); put_byte(s, (Byte)((strm->total_in >> 24) & 0xff)); } else #endif { putShortMSB(s, (uInt)(strm->adler >> 16)); putShortMSB(s, (uInt)(strm->adler & 0xffff)); } flush_pending(strm); /* If avail_out is zero, the application will call deflate again * to flush the rest. */ if (s->wrap > 0) s->wrap = -s->wrap; /* write the trailer only once! */ return s->pending != 0 ? Z_OK : Z_STREAM_END; } /* ========================================================================= */ int ZEXPORT deflateEnd (strm) z_streamp strm; { int status; if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; status = strm->state->status; if (status != INIT_STATE && status != EXTRA_STATE && status != NAME_STATE && status != COMMENT_STATE && status != HCRC_STATE && status != BUSY_STATE && status != FINISH_STATE) { return Z_STREAM_ERROR; } /* Deallocate in reverse order of allocations: */ TRY_FREE(strm, strm->state->pending_buf); TRY_FREE(strm, strm->state->head); TRY_FREE(strm, strm->state->prev); TRY_FREE(strm, strm->state->window); ZFREE(strm, strm->state); strm->state = Z_NULL; return status == BUSY_STATE ? Z_DATA_ERROR : Z_OK; } /* ========================================================================= * Copy the source state to the destination state. * To simplify the source, this is not supported for 16-bit MSDOS (which * doesn't have enough memory anyway to duplicate compression states). */ int ZEXPORT deflateCopy (dest, source) z_streamp dest; z_streamp source; { #ifdef MAXSEG_64K return Z_STREAM_ERROR; #else deflate_state *ds; deflate_state *ss; ushf *overlay; if (source == Z_NULL || dest == Z_NULL || source->state == Z_NULL) { return Z_STREAM_ERROR; } ss = source->state; zmemcpy((voidpf)dest, (voidpf)source, sizeof(z_stream)); ds = (deflate_state *) ZALLOC(dest, 1, sizeof(deflate_state)); if (ds == Z_NULL) return Z_MEM_ERROR; dest->state = (struct internal_state FAR *) ds; zmemcpy((voidpf)ds, (voidpf)ss, sizeof(deflate_state)); ds->strm = dest; ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte)); ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos)); ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos)); overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2); ds->pending_buf = (uchf *) overlay; if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL || ds->pending_buf == Z_NULL) { deflateEnd (dest); return Z_MEM_ERROR; } /* following zmemcpy do not work for 16-bit MSDOS */ zmemcpy(ds->window, ss->window, ds->w_size * 2 * sizeof(Byte)); zmemcpy((voidpf)ds->prev, (voidpf)ss->prev, ds->w_size * sizeof(Pos)); zmemcpy((voidpf)ds->head, (voidpf)ss->head, ds->hash_size * sizeof(Pos)); zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size); ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf); ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush); ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize; ds->l_desc.dyn_tree = ds->dyn_ltree; ds->d_desc.dyn_tree = ds->dyn_dtree; ds->bl_desc.dyn_tree = ds->bl_tree; return Z_OK; #endif /* MAXSEG_64K */ } /* =========================================================================== * Read a new buffer from the current input stream, update the adler32 * and total number of bytes read. All deflate() input goes through * this function so some applications may wish to modify it to avoid * allocating a large strm->next_in buffer and copying from it. * (See also flush_pending()). */ local int read_buf(strm, buf, size) z_streamp strm; Bytef *buf; unsigned size; { unsigned len = strm->avail_in; if (len > size) len = size; if (len == 0) return 0; strm->avail_in -= len; zmemcpy(buf, strm->next_in, len); if (strm->state->wrap == 1) { strm->adler = adler32(strm->adler, buf, len); } #ifdef GZIP else if (strm->state->wrap == 2) { strm->adler = crc32(strm->adler, buf, len); } #endif strm->next_in += len; strm->total_in += len; return (int)len; } /* =========================================================================== * Initialize the "longest match" routines for a new zlib stream */ local void lm_init (s) deflate_state *s; { s->window_size = (ulg)2L*s->w_size; CLEAR_HASH(s); /* Set the default configuration parameters: */ s->max_lazy_match = configuration_table[s->level].max_lazy; s->good_match = configuration_table[s->level].good_length; s->nice_match = configuration_table[s->level].nice_length; s->max_chain_length = configuration_table[s->level].max_chain; s->strstart = 0; s->block_start = 0L; s->lookahead = 0; s->insert = 0; s->match_length = s->prev_length = MIN_MATCH-1; s->match_available = 0; s->ins_h = 0; #ifndef FASTEST #ifdef ASMV match_init(); /* initialize the asm code */ #endif #endif } #ifndef FASTEST /* =========================================================================== * Set match_start to the longest match starting at the given string and * return its length. Matches shorter or equal to prev_length are discarded, * in which case the result is equal to prev_length and match_start is * garbage. * IN assertions: cur_match is the head of the hash chain for the current * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1 * OUT assertion: the match length is not greater than s->lookahead. */ #ifndef ASMV /* For 80x86 and 680x0, an optimized version will be provided in match.asm or * match.S. The code will be functionally equivalent. */ local uInt longest_match(s, cur_match) deflate_state *s; IPos cur_match; /* current match */ { unsigned chain_length = s->max_chain_length;/* max hash chain length */ register Bytef *scan = s->window + s->strstart; /* current string */ register Bytef *match; /* matched string */ register int len; /* length of current match */ int best_len = s->prev_length; /* best match length so far */ int nice_match = s->nice_match; /* stop if match long enough */ IPos limit = s->strstart > (IPos)MAX_DIST(s) ? s->strstart - (IPos)MAX_DIST(s) : NIL; /* Stop when cur_match becomes <= limit. To simplify the code, * we prevent matches with the string of window index 0. */ Posf *prev = s->prev; uInt wmask = s->w_mask; #ifdef UNALIGNED_OK /* Compare two bytes at a time. Note: this is not always beneficial. * Try with and without -DUNALIGNED_OK to check. */ register Bytef *strend = s->window + s->strstart + MAX_MATCH - 1; register ush scan_start = *(ushf*)scan; register ush scan_end = *(ushf*)(scan+best_len-1); #else register Bytef *strend = s->window + s->strstart + MAX_MATCH; register Byte scan_end1 = scan[best_len-1]; register Byte scan_end = scan[best_len]; #endif /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16. * It is easy to get rid of this optimization if necessary. */ Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever"); /* Do not waste too much time if we already have a good match: */ if (s->prev_length >= s->good_match) { chain_length >>= 2; } /* Do not look for matches beyond the end of the input. This is necessary * to make deflate deterministic. */ if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead; Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead"); do { Assert(cur_match < s->strstart, "no future"); match = s->window + cur_match; /* Skip to next match if the match length cannot increase * or if the match length is less than 2. Note that the checks below * for insufficient lookahead only occur occasionally for performance * reasons. Therefore uninitialized memory will be accessed, and * conditional jumps will be made that depend on those values. * However the length of the match is limited to the lookahead, so * the output of deflate is not affected by the uninitialized values. */ #if (defined(UNALIGNED_OK) && MAX_MATCH == 258) /* This code assumes sizeof(unsigned short) == 2. Do not use * UNALIGNED_OK if your compiler uses a different size. */ if (*(ushf*)(match+best_len-1) != scan_end || *(ushf*)match != scan_start) continue; /* It is not necessary to compare scan[2] and match[2] since they are * always equal when the other bytes match, given that the hash keys * are equal and that HASH_BITS >= 8. Compare 2 bytes at a time at * strstart+3, +5, ... up to strstart+257. We check for insufficient * lookahead only every 4th comparison; the 128th check will be made * at strstart+257. If MAX_MATCH-2 is not a multiple of 8, it is * necessary to put more guard bytes at the end of the window, or * to check more often for insufficient lookahead. */ Assert(scan[2] == match[2], "scan[2]?"); scan++, match++; do { } while (*(ushf*)(scan+=2) == *(ushf*)(match+=2) && *(ushf*)(scan+=2) == *(ushf*)(match+=2) && *(ushf*)(scan+=2) == *(ushf*)(match+=2) && *(ushf*)(scan+=2) == *(ushf*)(match+=2) && scan < strend); /* The funny "do {}" generates better code on most compilers */ /* Here, scan <= window+strstart+257 */ Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); if (*scan == *match) scan++; len = (MAX_MATCH - 1) - (int)(strend-scan); scan = strend - (MAX_MATCH-1); #else /* UNALIGNED_OK */ if (match[best_len] != scan_end || match[best_len-1] != scan_end1 || *match != *scan || *++match != scan[1]) continue; /* The check at best_len-1 can be removed because it will be made * again later. (This heuristic is not always a win.) * It is not necessary to compare scan[2] and match[2] since they * are always equal when the other bytes match, given that * the hash keys are equal and that HASH_BITS >= 8. */ scan += 2, match++; Assert(*scan == *match, "match[2]?"); /* We check for insufficient lookahead only every 8th comparison; * the 256th check will be made at strstart+258. */ do { } while (*++scan == *++match && *++scan == *++match && *++scan == *++match && *++scan == *++match && *++scan == *++match && *++scan == *++match && *++scan == *++match && *++scan == *++match && scan < strend); Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); len = MAX_MATCH - (int)(strend - scan); scan = strend - MAX_MATCH; #endif /* UNALIGNED_OK */ if (len > best_len) { s->match_start = cur_match; best_len = len; if (len >= nice_match) break; #ifdef UNALIGNED_OK scan_end = *(ushf*)(scan+best_len-1); #else scan_end1 = scan[best_len-1]; scan_end = scan[best_len]; #endif } } while ((cur_match = prev[cur_match & wmask]) > limit && --chain_length != 0); if ((uInt)best_len <= s->lookahead) return (uInt)best_len; return s->lookahead; } #endif /* ASMV */ #else /* FASTEST */ /* --------------------------------------------------------------------------- * Optimized version for FASTEST only */ local uInt longest_match(s, cur_match) deflate_state *s; IPos cur_match; /* current match */ { register Bytef *scan = s->window + s->strstart; /* current string */ register Bytef *match; /* matched string */ register int len; /* length of current match */ register Bytef *strend = s->window + s->strstart + MAX_MATCH; /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16. * It is easy to get rid of this optimization if necessary. */ Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever"); Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead"); Assert(cur_match < s->strstart, "no future"); match = s->window + cur_match; /* Return failure if the match length is less than 2: */ if (match[0] != scan[0] || match[1] != scan[1]) return MIN_MATCH-1; /* The check at best_len-1 can be removed because it will be made * again later. (This heuristic is not always a win.) * It is not necessary to compare scan[2] and match[2] since they * are always equal when the other bytes match, given that * the hash keys are equal and that HASH_BITS >= 8. */ scan += 2, match += 2; Assert(*scan == *match, "match[2]?"); /* We check for insufficient lookahead only every 8th comparison; * the 256th check will be made at strstart+258. */ do { } while (*++scan == *++match && *++scan == *++match && *++scan == *++match && *++scan == *++match && *++scan == *++match && *++scan == *++match && *++scan == *++match && *++scan == *++match && scan < strend); Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); len = MAX_MATCH - (int)(strend - scan); if (len < MIN_MATCH) return MIN_MATCH - 1; s->match_start = cur_match; return (uInt)len <= s->lookahead ? (uInt)len : s->lookahead; } #endif /* FASTEST */ #ifdef DEBUG /* =========================================================================== * Check that the match at match_start is indeed a match. */ local void check_match(s, start, match, length) deflate_state *s; IPos start, match; int length; { /* check that the match is indeed a match */ if (zmemcmp(s->window + match, s->window + start, length) != EQUAL) { fprintf(stderr, " start %u, match %u, length %d\n", start, match, length); do { fprintf(stderr, "%c%c", s->window[match++], s->window[start++]); } while (--length != 0); z_error("invalid match"); } if (z_verbose > 1) { fprintf(stderr,"\\[%d,%d]", start-match, length); do { putc(s->window[start++], stderr); } while (--length != 0); } } #else # define check_match(s, start, match, length) #endif /* DEBUG */ /* =========================================================================== * Fill the window when the lookahead becomes insufficient. * Updates strstart and lookahead. * * IN assertion: lookahead < MIN_LOOKAHEAD * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD * At least one byte has been read, or avail_in == 0; reads are * performed for at least two bytes (required for the zip translate_eol * option -- not supported here). */ local void fill_window(s) deflate_state *s; { register unsigned n, m; register Posf *p; unsigned more; /* Amount of free space at the end of the window. */ uInt wsize = s->w_size; Assert(s->lookahead < MIN_LOOKAHEAD, "already enough lookahead"); do { more = (unsigned)(s->window_size -(ulg)s->lookahead -(ulg)s->strstart); /* Deal with !@#$% 64K limit: */ if (sizeof(int) <= 2) { if (more == 0 && s->strstart == 0 && s->lookahead == 0) { more = wsize; } else if (more == (unsigned)(-1)) { /* Very unlikely, but possible on 16 bit machine if * strstart == 0 && lookahead == 1 (input done a byte at time) */ more--; } } /* If the window is almost full and there is insufficient lookahead, * move the upper half to the lower one to make room in the upper half. */ if (s->strstart >= wsize+MAX_DIST(s)) { zmemcpy(s->window, s->window+wsize, (unsigned)wsize); s->match_start -= wsize; s->strstart -= wsize; /* we now have strstart >= MAX_DIST */ s->block_start -= (long) wsize; /* Slide the hash table (could be avoided with 32 bit values at the expense of memory usage). We slide even when level == 0 to keep the hash table consistent if we switch back to level > 0 later. (Using level 0 permanently is not an optimal usage of zlib, so we don't care about this pathological case.) */ n = s->hash_size; p = &s->head[n]; do { m = *--p; *p = (Pos)(m >= wsize ? m-wsize : NIL); } while (--n); n = wsize; #ifndef FASTEST p = &s->prev[n]; do { m = *--p; *p = (Pos)(m >= wsize ? m-wsize : NIL); /* If n is not on any hash chain, prev[n] is garbage but * its value will never be used. */ } while (--n); #endif more += wsize; } if (s->strm->avail_in == 0) break; /* If there was no sliding: * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 && * more == window_size - lookahead - strstart * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1) * => more >= window_size - 2*WSIZE + 2 * In the BIG_MEM or MMAP case (not yet supported), * window_size == input_size + MIN_LOOKAHEAD && * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD. * Otherwise, window_size == 2*WSIZE so more >= 2. * If there was sliding, more >= WSIZE. So in all cases, more >= 2. */ Assert(more >= 2, "more < 2"); n = read_buf(s->strm, s->window + s->strstart + s->lookahead, more); s->lookahead += n; /* Initialize the hash value now that we have some input: */ if (s->lookahead + s->insert >= MIN_MATCH) { uInt str = s->strstart - s->insert; s->ins_h = s->window[str]; UPDATE_HASH(s, s->ins_h, s->window[str + 1]); #if MIN_MATCH != 3 Call UPDATE_HASH() MIN_MATCH-3 more times #endif while (s->insert) { UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]); #ifndef FASTEST s->prev[str & s->w_mask] = s->head[s->ins_h]; #endif s->head[s->ins_h] = (Pos)str; str++; s->insert--; if (s->lookahead + s->insert < MIN_MATCH) break; } } /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage, * but this is not important since only literal bytes will be emitted. */ } while (s->lookahead < MIN_LOOKAHEAD && s->strm->avail_in != 0); /* If the WIN_INIT bytes after the end of the current data have never been * written, then zero those bytes in order to avoid memory check reports of * the use of uninitialized (or uninitialised as Julian writes) bytes by * the longest match routines. Update the high water mark for the next * time through here. WIN_INIT is set to MAX_MATCH since the longest match * routines allow scanning to strstart + MAX_MATCH, ignoring lookahead. */ if (s->high_water < s->window_size) { ulg curr = s->strstart + (ulg)(s->lookahead); ulg init; if (s->high_water < curr) { /* Previous high water mark below current data -- zero WIN_INIT * bytes or up to end of window, whichever is less. */ init = s->window_size - curr; if (init > WIN_INIT) init = WIN_INIT; zmemzero(s->window + curr, (unsigned)init); s->high_water = curr + init; } else if (s->high_water < (ulg)curr + WIN_INIT) { /* High water mark at or above current data, but below current data * plus WIN_INIT -- zero out to current data plus WIN_INIT, or up * to end of window, whichever is less. */ init = (ulg)curr + WIN_INIT - s->high_water; if (init > s->window_size - s->high_water) init = s->window_size - s->high_water; zmemzero(s->window + s->high_water, (unsigned)init); s->high_water += init; } } Assert((ulg)s->strstart <= s->window_size - MIN_LOOKAHEAD, "not enough room for search"); } /* =========================================================================== * Flush the current block, with given end-of-file flag. * IN assertion: strstart is set to the end of the current match. */ #define FLUSH_BLOCK_ONLY(s, last) { \ _tr_flush_block(s, (s->block_start >= 0L ? \ (charf *)&s->window[(unsigned)s->block_start] : \ (charf *)Z_NULL), \ (ulg)((long)s->strstart - s->block_start), \ (last)); \ s->block_start = s->strstart; \ flush_pending(s->strm); \ Tracev((stderr,"[FLUSH]")); \ } /* Same but force premature exit if necessary. */ #define FLUSH_BLOCK(s, last) { \ FLUSH_BLOCK_ONLY(s, last); \ if (s->strm->avail_out == 0) return (last) ? finish_started : need_more; \ } /* =========================================================================== * Copy without compression as much as possible from the input stream, return * the current block state. * This function does not insert new strings in the dictionary since * uncompressible data is probably not useful. This function is used * only for the level=0 compression option. * NOTE: this function should be optimized to avoid extra copying from * window to pending_buf. */ local block_state deflate_stored(s, flush) deflate_state *s; int flush; { /* Stored blocks are limited to 0xffff bytes, pending_buf is limited * to pending_buf_size, and each stored block has a 5 byte header: */ ulg max_block_size = 0xffff; ulg max_start; if (max_block_size > s->pending_buf_size - 5) { max_block_size = s->pending_buf_size - 5; } /* Copy as much as possible from input to output: */ for (;;) { /* Fill the window as much as possible: */ if (s->lookahead <= 1) { Assert(s->strstart < s->w_size+MAX_DIST(s) || s->block_start >= (long)s->w_size, "slide too late"); fill_window(s); if (s->lookahead == 0 && flush == Z_NO_FLUSH) return need_more; if (s->lookahead == 0) break; /* flush the current block */ } Assert(s->block_start >= 0L, "block gone"); s->strstart += s->lookahead; s->lookahead = 0; /* Emit a stored block if pending_buf will be full: */ max_start = s->block_start + max_block_size; if (s->strstart == 0 || (ulg)s->strstart >= max_start) { /* strstart == 0 is possible when wraparound on 16-bit machine */ s->lookahead = (uInt)(s->strstart - max_start); s->strstart = (uInt)max_start; FLUSH_BLOCK(s, 0); } /* Flush if we may have to slide, otherwise block_start may become * negative and the data will be gone: */ if (s->strstart - (uInt)s->block_start >= MAX_DIST(s)) { FLUSH_BLOCK(s, 0); } } s->insert = 0; if (flush == Z_FINISH) { FLUSH_BLOCK(s, 1); return finish_done; } if ((long)s->strstart > s->block_start) FLUSH_BLOCK(s, 0); return block_done; } /* =========================================================================== * Compress as much as possible from the input stream, return the current * block state. * This function does not perform lazy evaluation of matches and inserts * new strings in the dictionary only for unmatched strings or for short * matches. It is used only for the fast compression options. */ local block_state deflate_fast(s, flush) deflate_state *s; int flush; { IPos hash_head; /* head of the hash chain */ int bflush; /* set if current block must be flushed */ for (;;) { /* Make sure that we always have enough lookahead, except * at the end of the input file. We need MAX_MATCH bytes * for the next match, plus MIN_MATCH bytes to insert the * string following the next match. */ if (s->lookahead < MIN_LOOKAHEAD) { fill_window(s); if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) { return need_more; } if (s->lookahead == 0) break; /* flush the current block */ } /* Insert the string window[strstart .. strstart+2] in the * dictionary, and set hash_head to the head of the hash chain: */ hash_head = NIL; if (s->lookahead >= MIN_MATCH) { INSERT_STRING(s, s->strstart, hash_head); } /* Find the longest match, discarding those <= prev_length. * At this point we have always match_length < MIN_MATCH */ if (hash_head != NIL && s->strstart - hash_head <= MAX_DIST(s)) { /* To simplify the code, we prevent matches with the string * of window index 0 (in particular we have to avoid a match * of the string with itself at the start of the input file). */ s->match_length = longest_match (s, hash_head); /* longest_match() sets match_start */ } if (s->match_length >= MIN_MATCH) { check_match(s, s->strstart, s->match_start, s->match_length); _tr_tally_dist(s, s->strstart - s->match_start, s->match_length - MIN_MATCH, bflush); s->lookahead -= s->match_length; /* Insert new strings in the hash table only if the match length * is not too large. This saves time but degrades compression. */ #ifndef FASTEST if (s->match_length <= s->max_insert_length && s->lookahead >= MIN_MATCH) { s->match_length--; /* string at strstart already in table */ do { s->strstart++; INSERT_STRING(s, s->strstart, hash_head); /* strstart never exceeds WSIZE-MAX_MATCH, so there are * always MIN_MATCH bytes ahead. */ } while (--s->match_length != 0); s->strstart++; } else #endif { s->strstart += s->match_length; s->match_length = 0; s->ins_h = s->window[s->strstart]; UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]); #if MIN_MATCH != 3 Call UPDATE_HASH() MIN_MATCH-3 more times #endif /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not * matter since it will be recomputed at next deflate call. */ } } else { /* No match, output a literal byte */ Tracevv((stderr,"%c", s->window[s->strstart])); _tr_tally_lit (s, s->window[s->strstart], bflush); s->lookahead--; s->strstart++; } if (bflush) FLUSH_BLOCK(s, 0); } s->insert = s->strstart < MIN_MATCH-1 ? s->strstart : MIN_MATCH-1; if (flush == Z_FINISH) { FLUSH_BLOCK(s, 1); return finish_done; } if (s->last_lit) FLUSH_BLOCK(s, 0); return block_done; } #ifndef FASTEST /* =========================================================================== * Same as above, but achieves better compression. We use a lazy * evaluation for matches: a match is finally adopted only if there is * no better match at the next window position. */ local block_state deflate_slow(s, flush) deflate_state *s; int flush; { IPos hash_head; /* head of hash chain */ int bflush; /* set if current block must be flushed */ /* Process the input block. */ for (;;) { /* Make sure that we always have enough lookahead, except * at the end of the input file. We need MAX_MATCH bytes * for the next match, plus MIN_MATCH bytes to insert the * string following the next match. */ if (s->lookahead < MIN_LOOKAHEAD) { fill_window(s); if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) { return need_more; } if (s->lookahead == 0) break; /* flush the current block */ } /* Insert the string window[strstart .. strstart+2] in the * dictionary, and set hash_head to the head of the hash chain: */ hash_head = NIL; if (s->lookahead >= MIN_MATCH) { INSERT_STRING(s, s->strstart, hash_head); } /* Find the longest match, discarding those <= prev_length. */ s->prev_length = s->match_length, s->prev_match = s->match_start; s->match_length = MIN_MATCH-1; if (hash_head != NIL && s->prev_length < s->max_lazy_match && s->strstart - hash_head <= MAX_DIST(s)) { /* To simplify the code, we prevent matches with the string * of window index 0 (in particular we have to avoid a match * of the string with itself at the start of the input file). */ s->match_length = longest_match (s, hash_head); /* longest_match() sets match_start */ if (s->match_length <= 5 && (s->strategy == Z_FILTERED #if TOO_FAR <= 32767 || (s->match_length == MIN_MATCH && s->strstart - s->match_start > TOO_FAR) #endif )) { /* If prev_match is also MIN_MATCH, match_start is garbage * but we will ignore the current match anyway. */ s->match_length = MIN_MATCH-1; } } /* If there was a match at the previous step and the current * match is not better, output the previous match: */ if (s->prev_length >= MIN_MATCH && s->match_length <= s->prev_length) { uInt max_insert = s->strstart + s->lookahead - MIN_MATCH; /* Do not insert strings in hash table beyond this. */ check_match(s, s->strstart-1, s->prev_match, s->prev_length); _tr_tally_dist(s, s->strstart -1 - s->prev_match, s->prev_length - MIN_MATCH, bflush); /* Insert in hash table all strings up to the end of the match. * strstart-1 and strstart are already inserted. If there is not * enough lookahead, the last two strings are not inserted in * the hash table. */ s->lookahead -= s->prev_length-1; s->prev_length -= 2; do { if (++s->strstart <= max_insert) { INSERT_STRING(s, s->strstart, hash_head); } } while (--s->prev_length != 0); s->match_available = 0; s->match_length = MIN_MATCH-1; s->strstart++; if (bflush) FLUSH_BLOCK(s, 0); } else if (s->match_available) { /* If there was no match at the previous position, output a * single literal. If there was a match but the current match * is longer, truncate the previous match to a single literal. */ Tracevv((stderr,"%c", s->window[s->strstart-1])); _tr_tally_lit(s, s->window[s->strstart-1], bflush); if (bflush) { FLUSH_BLOCK_ONLY(s, 0); } s->strstart++; s->lookahead--; if (s->strm->avail_out == 0) return need_more; } else { /* There is no previous match to compare with, wait for * the next step to decide. */ s->match_available = 1; s->strstart++; s->lookahead--; } } Assert (flush != Z_NO_FLUSH, "no flush?"); if (s->match_available) { Tracevv((stderr,"%c", s->window[s->strstart-1])); _tr_tally_lit(s, s->window[s->strstart-1], bflush); s->match_available = 0; } s->insert = s->strstart < MIN_MATCH-1 ? s->strstart : MIN_MATCH-1; if (flush == Z_FINISH) { FLUSH_BLOCK(s, 1); return finish_done; } if (s->last_lit) FLUSH_BLOCK(s, 0); return block_done; } #endif /* FASTEST */ /* =========================================================================== * For Z_RLE, simply look for runs of bytes, generate matches only of distance * one. Do not maintain a hash table. (It will be regenerated if this run of * deflate switches away from Z_RLE.) */ local block_state deflate_rle(s, flush) deflate_state *s; int flush; { int bflush; /* set if current block must be flushed */ uInt prev; /* byte at distance one to match */ Bytef *scan, *strend; /* scan goes up to strend for length of run */ for (;;) { /* Make sure that we always have enough lookahead, except * at the end of the input file. We need MAX_MATCH bytes * for the longest run, plus one for the unrolled loop. */ if (s->lookahead <= MAX_MATCH) { fill_window(s); if (s->lookahead <= MAX_MATCH && flush == Z_NO_FLUSH) { return need_more; } if (s->lookahead == 0) break; /* flush the current block */ } /* See how many times the previous byte repeats */ s->match_length = 0; if (s->lookahead >= MIN_MATCH && s->strstart > 0) { scan = s->window + s->strstart - 1; prev = *scan; if (prev == *++scan && prev == *++scan && prev == *++scan) { strend = s->window + s->strstart + MAX_MATCH; do { } while (prev == *++scan && prev == *++scan && prev == *++scan && prev == *++scan && prev == *++scan && prev == *++scan && prev == *++scan && prev == *++scan && scan < strend); s->match_length = MAX_MATCH - (int)(strend - scan); if (s->match_length > s->lookahead) s->match_length = s->lookahead; } Assert(scan <= s->window+(uInt)(s->window_size-1), "wild scan"); } /* Emit match if have run of MIN_MATCH or longer, else emit literal */ if (s->match_length >= MIN_MATCH) { check_match(s, s->strstart, s->strstart - 1, s->match_length); _tr_tally_dist(s, 1, s->match_length - MIN_MATCH, bflush); s->lookahead -= s->match_length; s->strstart += s->match_length; s->match_length = 0; } else { /* No match, output a literal byte */ Tracevv((stderr,"%c", s->window[s->strstart])); _tr_tally_lit (s, s->window[s->strstart], bflush); s->lookahead--; s->strstart++; } if (bflush) FLUSH_BLOCK(s, 0); } s->insert = 0; if (flush == Z_FINISH) { FLUSH_BLOCK(s, 1); return finish_done; } if (s->last_lit) FLUSH_BLOCK(s, 0); return block_done; } /* =========================================================================== * For Z_HUFFMAN_ONLY, do not look for matches. Do not maintain a hash table. * (It will be regenerated if this run of deflate switches away from Huffman.) */ local block_state deflate_huff(s, flush) deflate_state *s; int flush; { int bflush; /* set if current block must be flushed */ for (;;) { /* Make sure that we have a literal to write. */ if (s->lookahead == 0) { fill_window(s); if (s->lookahead == 0) { if (flush == Z_NO_FLUSH) return need_more; break; /* flush the current block */ } } /* Output a literal byte */ s->match_length = 0; Tracevv((stderr,"%c", s->window[s->strstart])); _tr_tally_lit (s, s->window[s->strstart], bflush); s->lookahead--; s->strstart++; if (bflush) FLUSH_BLOCK(s, 0); } s->insert = 0; if (flush == Z_FINISH) { FLUSH_BLOCK(s, 1); return finish_done; } if (s->last_lit) FLUSH_BLOCK(s, 0); return block_done; } sudo-1.8.9p5/zlib/deflate.h010064400175440000012000000307631226304126500150730ustar00millertstaff/* deflate.h -- internal compression state * Copyright (C) 1995-2012 Jean-loup Gailly * For conditions of distribution and use, see copyright notice in zlib.h */ /* WARNING: this file should *not* be used by applications. It is part of the implementation of the compression library and is subject to change. Applications should only use zlib.h. */ /* @(#) $Id$ */ #ifndef DEFLATE_H #define DEFLATE_H #include "zutil.h" /* define NO_GZIP when compiling if you want to disable gzip header and trailer creation by deflate(). NO_GZIP would be used to avoid linking in the crc code when it is not needed. For shared libraries, gzip encoding should be left enabled. */ #ifndef NO_GZIP # define GZIP #endif /* =========================================================================== * Internal compression state. */ #define LENGTH_CODES 29 /* number of length codes, not counting the special END_BLOCK code */ #define LITERALS 256 /* number of literal bytes 0..255 */ #define L_CODES (LITERALS+1+LENGTH_CODES) /* number of Literal or Length codes, including the END_BLOCK code */ #define D_CODES 30 /* number of distance codes */ #define BL_CODES 19 /* number of codes used to transfer the bit lengths */ #define HEAP_SIZE (2*L_CODES+1) /* maximum heap size */ #define MAX_BITS 15 /* All codes must not exceed MAX_BITS bits */ #define Buf_size 16 /* size of bit buffer in bi_buf */ #define INIT_STATE 42 #define EXTRA_STATE 69 #define NAME_STATE 73 #define COMMENT_STATE 91 #define HCRC_STATE 103 #define BUSY_STATE 113 #define FINISH_STATE 666 /* Stream status */ /* Data structure describing a single value and its code string. */ typedef struct ct_data_s { union { ush freq; /* frequency count */ ush code; /* bit string */ } fc; union { ush dad; /* father node in Huffman tree */ ush len; /* length of bit string */ } dl; } FAR ct_data; #define Freq fc.freq #define Code fc.code #define Dad dl.dad #define Len dl.len typedef struct static_tree_desc_s static_tree_desc; typedef struct tree_desc_s { ct_data *dyn_tree; /* the dynamic tree */ int max_code; /* largest code with non zero frequency */ static_tree_desc *stat_desc; /* the corresponding static tree */ } FAR tree_desc; typedef ush Pos; typedef Pos FAR Posf; typedef unsigned IPos; /* A Pos is an index in the character window. We use short instead of int to * save space in the various tables. IPos is used only for parameter passing. */ typedef struct internal_state { z_streamp strm; /* pointer back to this zlib stream */ int status; /* as the name implies */ Bytef *pending_buf; /* output still pending */ ulg pending_buf_size; /* size of pending_buf */ Bytef *pending_out; /* next pending byte to output to the stream */ uInt pending; /* nb of bytes in the pending buffer */ int wrap; /* bit 0 true for zlib, bit 1 true for gzip */ gz_headerp gzhead; /* gzip header information to write */ uInt gzindex; /* where in extra, name, or comment */ Byte method; /* STORED (for zip only) or DEFLATED */ int last_flush; /* value of flush param for previous deflate call */ /* used by deflate.c: */ uInt w_size; /* LZ77 window size (32K by default) */ uInt w_bits; /* log2(w_size) (8..16) */ uInt w_mask; /* w_size - 1 */ Bytef *window; /* Sliding window. Input bytes are read into the second half of the window, * and move to the first half later to keep a dictionary of at least wSize * bytes. With this organization, matches are limited to a distance of * wSize-MAX_MATCH bytes, but this ensures that IO is always * performed with a length multiple of the block size. Also, it limits * the window size to 64K, which is quite useful on MSDOS. * To do: use the user input buffer as sliding window. */ ulg window_size; /* Actual size of window: 2*wSize, except when the user input buffer * is directly used as sliding window. */ Posf *prev; /* Link to older string with same hash index. To limit the size of this * array to 64K, this link is maintained only for the last 32K strings. * An index in this array is thus a window index modulo 32K. */ Posf *head; /* Heads of the hash chains or NIL. */ uInt ins_h; /* hash index of string to be inserted */ uInt hash_size; /* number of elements in hash table */ uInt hash_bits; /* log2(hash_size) */ uInt hash_mask; /* hash_size-1 */ uInt hash_shift; /* Number of bits by which ins_h must be shifted at each input * step. It must be such that after MIN_MATCH steps, the oldest * byte no longer takes part in the hash key, that is: * hash_shift * MIN_MATCH >= hash_bits */ long block_start; /* Window position at the beginning of the current output block. Gets * negative when the window is moved backwards. */ uInt match_length; /* length of best match */ IPos prev_match; /* previous match */ int match_available; /* set if previous match exists */ uInt strstart; /* start of string to insert */ uInt match_start; /* start of matching string */ uInt lookahead; /* number of valid bytes ahead in window */ uInt prev_length; /* Length of the best match at previous step. Matches not greater than this * are discarded. This is used in the lazy match evaluation. */ uInt max_chain_length; /* To speed up deflation, hash chains are never searched beyond this * length. A higher limit improves compression ratio but degrades the * speed. */ uInt max_lazy_match; /* Attempt to find a better match only when the current match is strictly * smaller than this value. This mechanism is used only for compression * levels >= 4. */ # define max_insert_length max_lazy_match /* Insert new strings in the hash table only if the match length is not * greater than this length. This saves time but degrades compression. * max_insert_length is used only for compression levels <= 3. */ int level; /* compression level (1..9) */ int strategy; /* favor or force Huffman coding*/ uInt good_match; /* Use a faster search when the previous match is longer than this */ int nice_match; /* Stop searching when current match exceeds this */ /* used by trees.c: */ /* Didn't use ct_data typedef below to suppress compiler warning */ struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */ struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */ struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */ struct tree_desc_s l_desc; /* desc. for literal tree */ struct tree_desc_s d_desc; /* desc. for distance tree */ struct tree_desc_s bl_desc; /* desc. for bit length tree */ ush bl_count[MAX_BITS+1]; /* number of codes at each bit length for an optimal tree */ int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */ int heap_len; /* number of elements in the heap */ int heap_max; /* element of largest frequency */ /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used. * The same heap array is used to build all trees. */ uch depth[2*L_CODES+1]; /* Depth of each subtree used as tie breaker for trees of equal frequency */ uchf *l_buf; /* buffer for literals or lengths */ uInt lit_bufsize; /* Size of match buffer for literals/lengths. There are 4 reasons for * limiting lit_bufsize to 64K: * - frequencies can be kept in 16 bit counters * - if compression is not successful for the first block, all input * data is still in the window so we can still emit a stored block even * when input comes from standard input. (This can also be done for * all blocks if lit_bufsize is not greater than 32K.) * - if compression is not successful for a file smaller than 64K, we can * even emit a stored file instead of a stored block (saving 5 bytes). * This is applicable only for zip (not gzip or zlib). * - creating new Huffman trees less frequently may not provide fast * adaptation to changes in the input data statistics. (Take for * example a binary file with poorly compressible code followed by * a highly compressible string table.) Smaller buffer sizes give * fast adaptation but have of course the overhead of transmitting * trees more frequently. * - I can't count above 4 */ uInt last_lit; /* running index in l_buf */ ushf *d_buf; /* Buffer for distances. To simplify the code, d_buf and l_buf have * the same number of elements. To use different lengths, an extra flag * array would be necessary. */ ulg opt_len; /* bit length of current block with optimal trees */ ulg static_len; /* bit length of current block with static trees */ uInt matches; /* number of string matches in current block */ uInt insert; /* bytes at end of window left to insert */ #ifdef DEBUG ulg compressed_len; /* total bit length of compressed file mod 2^32 */ ulg bits_sent; /* bit length of compressed data sent mod 2^32 */ #endif ush bi_buf; /* Output buffer. bits are inserted starting at the bottom (least * significant bits). */ int bi_valid; /* Number of valid bits in bi_buf. All bits above the last valid bit * are always zero. */ ulg high_water; /* High water mark offset in window for initialized bytes -- bytes above * this are set to zero in order to avoid memory check warnings when * longest match routines access bytes past the input. This is then * updated to the new high water mark. */ } FAR deflate_state; /* Output a byte on the stream. * IN assertion: there is enough room in pending_buf. */ #define put_byte(s, c) {s->pending_buf[s->pending++] = (c);} #define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1) /* Minimum amount of lookahead, except at the end of the input file. * See deflate.c for comments about the MIN_MATCH+1. */ #define MAX_DIST(s) ((s)->w_size-MIN_LOOKAHEAD) /* In order to simplify the code, particularly on 16 bit machines, match * distances are limited to MAX_DIST instead of WSIZE. */ #define WIN_INIT MAX_MATCH /* Number of bytes after end of data in window to initialize in order to avoid memory checker errors from longest match routines */ /* in trees.c */ void ZLIB_INTERNAL _tr_init OF((deflate_state *s)); int ZLIB_INTERNAL _tr_tally OF((deflate_state *s, unsigned dist, unsigned lc)); void ZLIB_INTERNAL _tr_flush_block OF((deflate_state *s, charf *buf, ulg stored_len, int last)); void ZLIB_INTERNAL _tr_flush_bits OF((deflate_state *s)); void ZLIB_INTERNAL _tr_align OF((deflate_state *s)); void ZLIB_INTERNAL _tr_stored_block OF((deflate_state *s, charf *buf, ulg stored_len, int last)); #define d_code(dist) \ ((dist) < 256 ? _dist_code[dist] : _dist_code[256+((dist)>>7)]) /* Mapping from a distance to a distance code. dist is the distance - 1 and * must not have side effects. _dist_code[256] and _dist_code[257] are never * used. */ #ifndef DEBUG /* Inline versions of _tr_tally for speed: */ #if defined(GEN_TREES_H) || !defined(STDC) extern uch ZLIB_INTERNAL _length_code[]; extern uch ZLIB_INTERNAL _dist_code[]; #else extern const uch ZLIB_INTERNAL _length_code[]; extern const uch ZLIB_INTERNAL _dist_code[]; #endif # define _tr_tally_lit(s, c, flush) \ { uch cc = (c); \ s->d_buf[s->last_lit] = 0; \ s->l_buf[s->last_lit++] = cc; \ s->dyn_ltree[cc].Freq++; \ flush = (s->last_lit == s->lit_bufsize-1); \ } # define _tr_tally_dist(s, distance, length, flush) \ { uch len = (length); \ ush dist = (distance); \ s->d_buf[s->last_lit] = dist; \ s->l_buf[s->last_lit++] = len; \ dist--; \ s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \ s->dyn_dtree[d_code(dist)].Freq++; \ flush = (s->last_lit == s->lit_bufsize-1); \ } #else # define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c) # define _tr_tally_dist(s, distance, length, flush) \ flush = _tr_tally(s, distance, length) #endif #endif /* DEFLATE_H */ sudo-1.8.9p5/zlib/gzclose.c010064400175440000012000000012461226304126600151230ustar00millertstaff/* gzclose.c -- zlib gzclose() function * Copyright (C) 2004, 2010 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ #include "gzguts.h" /* gzclose() is in a separate file so that it is linked in only if it is used. That way the other gzclose functions can be used instead to avoid linking in unneeded compression or decompression routines. */ int ZEXPORT gzclose(file) gzFile file; { #ifndef NO_GZCOMPRESS gz_statep state; if (file == NULL) return Z_STREAM_ERROR; state = (gz_statep)file; return state->mode == GZ_READ ? gzclose_r(file) : gzclose_w(file); #else return gzclose_r(file); #endif } sudo-1.8.9p5/zlib/gzguts.h010064400175440000012000000135661226304126600150150ustar00millertstaff/* gzguts.h -- zlib internal header definitions for gz* operations * Copyright (C) 2004, 2005, 2010, 2011, 2012 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ #ifdef _LARGEFILE64_SOURCE # ifndef _LARGEFILE_SOURCE # define _LARGEFILE_SOURCE 1 # endif # ifdef _FILE_OFFSET_BITS # undef _FILE_OFFSET_BITS # endif #endif #if ((__GNUC__-0) * 10 + __GNUC_MINOR__-0 >= 33) && !defined(NO_VIZ) # define ZLIB_INTERNAL __attribute__((visibility ("hidden"))) #else # define ZLIB_INTERNAL #endif #include "zlib.h" #include #ifdef STDC # include # include # include #endif #include #ifdef __TURBOC__ # include #endif #ifdef NO_DEFLATE /* for compatibility with old definition */ # define NO_GZCOMPRESS #endif #if defined(STDC99) || (defined(__TURBOC__) && __TURBOC__ >= 0x550) # ifndef HAVE_VSNPRINTF # define HAVE_VSNPRINTF # endif #endif #if defined(__CYGWIN__) # ifndef HAVE_VSNPRINTF # define HAVE_VSNPRINTF # endif #endif #if defined(MSDOS) && defined(__BORLANDC__) && (BORLANDC > 0x410) # ifndef HAVE_VSNPRINTF # define HAVE_VSNPRINTF # endif #endif #ifndef HAVE_VSNPRINTF # ifdef MSDOS /* vsnprintf may exist on some MS-DOS compilers (DJGPP?), but for now we just assume it doesn't. */ # define NO_vsnprintf # endif # ifdef __TURBOC__ # define NO_vsnprintf # endif # ifdef WIN32 /* In Win32, vsnprintf is available as the "non-ANSI" _vsnprintf. */ # if !defined(vsnprintf) && !defined(NO_vsnprintf) # if !defined(_MSC_VER) || ( defined(_MSC_VER) && _MSC_VER < 1500 ) # include # define vsnprintf _vsnprintf # endif # endif # endif # ifdef __SASC # define NO_vsnprintf # endif # ifdef VMS # define NO_vsnprintf # endif # ifdef __OS400__ # define NO_vsnprintf # endif # ifdef __MVS__ # define NO_vsnprintf # endif #endif #ifndef local # define local static #endif /* compile with -Dlocal if your debugger can't find static symbols */ /* gz* functions always use library allocation functions */ #ifndef STDC extern voidp malloc OF((uInt size)); extern void free OF((voidpf ptr)); #endif /* get errno and strerror definition */ #if defined UNDER_CE # include # define zstrerror() gz_strwinerror((DWORD)GetLastError()) #else # ifdef STDC # include # define zstrerror() strerror(errno) # else # define zstrerror() "stdio error (consult errno)" # endif #endif /* provide prototypes for these when building zlib without LFS */ #if !defined(_LARGEFILE64_SOURCE) || _LFS64_LARGEFILE-0 == 0 ZEXTERN gzFile ZEXPORT gzopen64 OF((const char *, const char *)); ZEXTERN z_off64_t ZEXPORT gzseek64 OF((gzFile, z_off64_t, int)); ZEXTERN z_off64_t ZEXPORT gztell64 OF((gzFile)); ZEXTERN z_off64_t ZEXPORT gzoffset64 OF((gzFile)); #endif /* default memLevel */ #if MAX_MEM_LEVEL >= 8 # define DEF_MEM_LEVEL 8 #else # define DEF_MEM_LEVEL MAX_MEM_LEVEL #endif /* default i/o buffer size -- double this for output when reading */ #define GZBUFSIZE 8192 /* gzip modes, also provide a little integrity check on the passed structure */ #define GZ_NONE 0 #define GZ_READ 7247 #define GZ_WRITE 31153 #define GZ_APPEND 1 /* mode set to GZ_WRITE after the file is opened */ /* values for gz_state how */ #define LOOK 0 /* look for a gzip header */ #define COPY 1 /* copy input directly */ #define GZIP 2 /* decompress a gzip stream */ /* internal gzip file state data structure */ typedef struct { /* exposed contents for gzgetc() macro */ struct gzFile_s x; /* "x" for exposed */ /* x.have: number of bytes available at x.next */ /* x.next: next output data to deliver or write */ /* x.pos: current position in uncompressed data */ /* used for both reading and writing */ int mode; /* see gzip modes above */ int fd; /* file descriptor */ char *path; /* path or fd for error messages */ unsigned size; /* buffer size, zero if not allocated yet */ unsigned want; /* requested buffer size, default is GZBUFSIZE */ unsigned char *in; /* input buffer */ unsigned char *out; /* output buffer (double-sized when reading) */ int direct; /* 0 if processing gzip, 1 if transparent */ /* just for reading */ int how; /* 0: get header, 1: copy, 2: decompress */ z_off64_t start; /* where the gzip data started, for rewinding */ int eof; /* true if end of input file reached */ int past; /* true if read requested past end */ /* just for writing */ int level; /* compression level */ int strategy; /* compression strategy */ /* seek request */ z_off64_t skip; /* amount to skip (already rewound if backwards) */ int seek; /* true if seek request pending */ /* error information */ int err; /* error code */ char *msg; /* error message */ /* zlib inflate or deflate stream */ z_stream strm; /* stream structure in-place (not a pointer) */ } gz_state; typedef gz_state FAR *gz_statep; /* shared functions */ void ZLIB_INTERNAL gz_error OF((gz_statep, int, const char *)); #if defined UNDER_CE char ZLIB_INTERNAL *gz_strwinerror OF((DWORD error)); #endif /* GT_OFF(x), where x is an unsigned value, is true if x > maximum z_off64_t value -- needed when comparing unsigned to z_off64_t, which is signed (possible z_off64_t types off_t, off64_t, and long are all signed) */ #ifdef INT_MAX # define GT_OFF(x) (sizeof(int) == sizeof(z_off64_t) && (x) > INT_MAX) #else unsigned ZLIB_INTERNAL gz_intmax OF((void)); # define GT_OFF(x) (sizeof(int) == sizeof(z_off64_t) && (x) > gz_intmax()) #endif sudo-1.8.9p5/zlib/gzlib.c010064400175440000012000000347611226304126600145740ustar00millertstaff/* gzlib.c -- zlib functions common to reading and writing gzip files * Copyright (C) 2004, 2010, 2011 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ #include "gzguts.h" #if defined(_WIN32) && !defined(__BORLANDC__) # define LSEEK _lseeki64 #else #if defined(_LARGEFILE64_SOURCE) && _LFS64_LARGEFILE-0 # define LSEEK lseek64 #else # define LSEEK lseek #endif #endif /* Local functions */ local void gz_reset OF((gz_statep)); local gzFile gz_open OF((const char *, int, const char *)); #if defined UNDER_CE /* Map the Windows error number in ERROR to a locale-dependent error message string and return a pointer to it. Typically, the values for ERROR come from GetLastError. The string pointed to shall not be modified by the application, but may be overwritten by a subsequent call to gz_strwinerror The gz_strwinerror function does not change the current setting of GetLastError. */ char ZLIB_INTERNAL *gz_strwinerror (error) DWORD error; { static char buf[1024]; wchar_t *msgbuf; DWORD lasterr = GetLastError(); DWORD chars = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER, NULL, error, 0, /* Default language */ (LPVOID)&msgbuf, 0, NULL); if (chars != 0) { /* If there is an \r\n appended, zap it. */ if (chars >= 2 && msgbuf[chars - 2] == '\r' && msgbuf[chars - 1] == '\n') { chars -= 2; msgbuf[chars] = 0; } if (chars > sizeof (buf) - 1) { chars = sizeof (buf) - 1; msgbuf[chars] = 0; } wcstombs(buf, msgbuf, chars + 1); LocalFree(msgbuf); } else { sprintf(buf, "unknown win32 error (%ld)", error); } SetLastError(lasterr); return buf; } #endif /* UNDER_CE */ /* Reset gzip file state */ local void gz_reset(state) gz_statep state; { state->x.have = 0; /* no output data available */ if (state->mode == GZ_READ) { /* for reading ... */ state->eof = 0; /* not at end of file */ state->past = 0; /* have not read past end yet */ state->how = LOOK; /* look for gzip header */ } state->seek = 0; /* no seek request pending */ gz_error(state, Z_OK, NULL); /* clear error */ state->x.pos = 0; /* no uncompressed data yet */ state->strm.avail_in = 0; /* no input data yet */ } /* Open a gzip file either by name or file descriptor. */ local gzFile gz_open(path, fd, mode) const char *path; int fd; const char *mode; { gz_statep state; /* check input */ if (path == NULL) return NULL; /* allocate gzFile structure to return */ state = malloc(sizeof(gz_state)); if (state == NULL) return NULL; state->size = 0; /* no buffers allocated yet */ state->want = GZBUFSIZE; /* requested buffer size */ state->msg = NULL; /* no error message yet */ /* interpret mode */ state->mode = GZ_NONE; state->level = Z_DEFAULT_COMPRESSION; state->strategy = Z_DEFAULT_STRATEGY; state->direct = 0; while (*mode) { if (*mode >= '0' && *mode <= '9') state->level = *mode - '0'; else switch (*mode) { case 'r': state->mode = GZ_READ; break; #ifndef NO_GZCOMPRESS case 'w': state->mode = GZ_WRITE; break; case 'a': state->mode = GZ_APPEND; break; #endif case '+': /* can't read and write at the same time */ free(state); return NULL; case 'b': /* ignore -- will request binary anyway */ break; case 'f': state->strategy = Z_FILTERED; break; case 'h': state->strategy = Z_HUFFMAN_ONLY; break; case 'R': state->strategy = Z_RLE; break; case 'F': state->strategy = Z_FIXED; case 'T': state->direct = 1; default: /* could consider as an error, but just ignore */ ; } mode++; } /* must provide an "r", "w", or "a" */ if (state->mode == GZ_NONE) { free(state); return NULL; } /* can't force transparent read */ if (state->mode == GZ_READ) { if (state->direct) { free(state); return NULL; } state->direct = 1; /* for empty file */ } /* save the path name for error messages */ state->path = malloc(strlen(path) + 1); if (state->path == NULL) { free(state); return NULL; } strcpy(state->path, path); /* open the file with the appropriate mode (or just use fd) */ state->fd = fd != -1 ? fd : open(path, #ifdef O_LARGEFILE O_LARGEFILE | #endif #ifdef O_BINARY O_BINARY | #endif (state->mode == GZ_READ ? O_RDONLY : (O_WRONLY | O_CREAT | ( state->mode == GZ_WRITE ? O_TRUNC : O_APPEND))), 0666); if (state->fd == -1) { free(state->path); free(state); return NULL; } if (state->mode == GZ_APPEND) state->mode = GZ_WRITE; /* simplify later checks */ /* save the current position for rewinding (only if reading) */ if (state->mode == GZ_READ) { state->start = LSEEK(state->fd, 0, SEEK_CUR); if (state->start == -1) state->start = 0; } /* initialize stream */ gz_reset(state); /* return stream */ return (gzFile)state; } /* -- see zlib.h -- */ gzFile ZEXPORT gzopen(path, mode) const char *path; const char *mode; { return gz_open(path, -1, mode); } /* -- see zlib.h -- */ gzFile ZEXPORT gzopen64(path, mode) const char *path; const char *mode; { return gz_open(path, -1, mode); } /* -- see zlib.h -- */ gzFile ZEXPORT gzdopen(fd, mode) int fd; const char *mode; { char *path; /* identifier for error messages */ gzFile gz; if (fd == -1 || (path = malloc(7 + 3 * sizeof(int))) == NULL) return NULL; sprintf(path, "", fd); /* for debugging */ gz = gz_open(path, fd, mode); free(path); return gz; } /* -- see zlib.h -- */ int ZEXPORT gzbuffer(file, size) gzFile file; unsigned size; { gz_statep state; /* get internal structure and check integrity */ if (file == NULL) return -1; state = (gz_statep)file; if (state->mode != GZ_READ && state->mode != GZ_WRITE) return -1; /* make sure we haven't already allocated memory */ if (state->size != 0) return -1; /* check and set requested size */ if (size < 2) size = 2; /* need two bytes to check magic header */ state->want = size; return 0; } /* -- see zlib.h -- */ int ZEXPORT gzrewind(file) gzFile file; { gz_statep state; /* get internal structure */ if (file == NULL) return -1; state = (gz_statep)file; /* check that we're reading and that there's no error */ if (state->mode != GZ_READ || (state->err != Z_OK && state->err != Z_BUF_ERROR)) return -1; /* back up and start over */ if (LSEEK(state->fd, state->start, SEEK_SET) == -1) return -1; gz_reset(state); return 0; } /* -- see zlib.h -- */ z_off64_t ZEXPORT gzseek64(file, offset, whence) gzFile file; z_off64_t offset; int whence; { unsigned n; z_off64_t ret; gz_statep state; /* get internal structure and check integrity */ if (file == NULL) return -1; state = (gz_statep)file; if (state->mode != GZ_READ && state->mode != GZ_WRITE) return -1; /* check that there's no error */ if (state->err != Z_OK && state->err != Z_BUF_ERROR) return -1; /* can only seek from start or relative to current position */ if (whence != SEEK_SET && whence != SEEK_CUR) return -1; /* normalize offset to a SEEK_CUR specification */ if (whence == SEEK_SET) offset -= state->x.pos; else if (state->seek) offset += state->skip; state->seek = 0; /* if within raw area while reading, just go there */ if (state->mode == GZ_READ && state->how == COPY && state->x.pos + offset >= 0) { ret = LSEEK(state->fd, offset - state->x.have, SEEK_CUR); if (ret == -1) return -1; state->x.have = 0; state->eof = 0; state->past = 0; state->seek = 0; gz_error(state, Z_OK, NULL); state->strm.avail_in = 0; state->x.pos += offset; return state->x.pos; } /* calculate skip amount, rewinding if needed for back seek when reading */ if (offset < 0) { if (state->mode != GZ_READ) /* writing -- can't go backwards */ return -1; offset += state->x.pos; if (offset < 0) /* before start of file! */ return -1; if (gzrewind(file) == -1) /* rewind, then skip to offset */ return -1; } /* if reading, skip what's in output buffer (one less gzgetc() check) */ if (state->mode == GZ_READ) { n = GT_OFF(state->x.have) || (z_off64_t)state->x.have > offset ? (unsigned)offset : state->x.have; state->x.have -= n; state->x.next += n; state->x.pos += n; offset -= n; } /* request skip (if not zero) */ if (offset) { state->seek = 1; state->skip = offset; } return state->x.pos + offset; } /* -- see zlib.h -- */ z_off_t ZEXPORT gzseek(file, offset, whence) gzFile file; z_off_t offset; int whence; { z_off64_t ret; ret = gzseek64(file, (z_off64_t)offset, whence); return ret == (z_off_t)ret ? (z_off_t)ret : -1; } /* -- see zlib.h -- */ z_off64_t ZEXPORT gztell64(file) gzFile file; { gz_statep state; /* get internal structure and check integrity */ if (file == NULL) return -1; state = (gz_statep)file; if (state->mode != GZ_READ && state->mode != GZ_WRITE) return -1; /* return position */ return state->x.pos + (state->seek ? state->skip : 0); } /* -- see zlib.h -- */ z_off_t ZEXPORT gztell(file) gzFile file; { z_off64_t ret; ret = gztell64(file); return ret == (z_off_t)ret ? (z_off_t)ret : -1; } /* -- see zlib.h -- */ z_off64_t ZEXPORT gzoffset64(file) gzFile file; { z_off64_t offset; gz_statep state; /* get internal structure and check integrity */ if (file == NULL) return -1; state = (gz_statep)file; if (state->mode != GZ_READ && state->mode != GZ_WRITE) return -1; /* compute and return effective offset in file */ offset = LSEEK(state->fd, 0, SEEK_CUR); if (offset == -1) return -1; if (state->mode == GZ_READ) /* reading */ offset -= state->strm.avail_in; /* don't count buffered input */ return offset; } /* -- see zlib.h -- */ z_off_t ZEXPORT gzoffset(file) gzFile file; { z_off64_t ret; ret = gzoffset64(file); return ret == (z_off_t)ret ? (z_off_t)ret : -1; } /* -- see zlib.h -- */ int ZEXPORT gzeof(file) gzFile file; { gz_statep state; /* get internal structure and check integrity */ if (file == NULL) return 0; state = (gz_statep)file; if (state->mode != GZ_READ && state->mode != GZ_WRITE) return 0; /* return end-of-file state */ return state->mode == GZ_READ ? state->past : 0; } /* -- see zlib.h -- */ const char * ZEXPORT gzerror(file, errnum) gzFile file; int *errnum; { gz_statep state; /* get internal structure and check integrity */ if (file == NULL) return NULL; state = (gz_statep)file; if (state->mode != GZ_READ && state->mode != GZ_WRITE) return NULL; /* return error information */ if (errnum != NULL) *errnum = state->err; return state->msg == NULL ? "" : state->msg; } /* -- see zlib.h -- */ void ZEXPORT gzclearerr(file) gzFile file; { gz_statep state; /* get internal structure and check integrity */ if (file == NULL) return; state = (gz_statep)file; if (state->mode != GZ_READ && state->mode != GZ_WRITE) return; /* clear error and end-of-file */ if (state->mode == GZ_READ) { state->eof = 0; state->past = 0; } gz_error(state, Z_OK, NULL); } /* Create an error message in allocated memory and set state->err and state->msg accordingly. Free any previous error message already there. Do not try to free or allocate space if the error is Z_MEM_ERROR (out of memory). Simply save the error message as a static string. If there is an allocation failure constructing the error message, then convert the error to out of memory. */ void ZLIB_INTERNAL gz_error(state, err, msg) gz_statep state; int err; const char *msg; { /* free previously allocated message and clear */ if (state->msg != NULL) { if (state->err != Z_MEM_ERROR) free(state->msg); state->msg = NULL; } /* if fatal, set state->x.have to 0 so that the gzgetc() macro fails */ if (err != Z_OK && err != Z_BUF_ERROR) state->x.have = 0; /* set error code, and if no message, then done */ state->err = err; if (msg == NULL) return; /* for an out of memory error, save as static string */ if (err == Z_MEM_ERROR) { state->msg = (char *)msg; return; } /* construct error message with path */ if ((state->msg = malloc(strlen(state->path) + strlen(msg) + 3)) == NULL) { state->err = Z_MEM_ERROR; state->msg = (char *)"out of memory"; return; } strcpy(state->msg, state->path); strcat(state->msg, ": "); strcat(state->msg, msg); return; } #ifndef INT_MAX /* portably return maximum value for an int (when limits.h presumed not available) -- we need to do this to cover cases where 2's complement not used, since C standard permits 1's complement and sign-bit representations, otherwise we could just use ((unsigned)-1) >> 1 */ unsigned ZLIB_INTERNAL gz_intmax() { unsigned p, q; p = 1; do { q = p; p <<= 1; p++; } while (p > q); return q >> 1; } #endif sudo-1.8.9p5/zlib/gzread.c010064400175440000012000000436611226304126600147400ustar00millertstaff/* gzread.c -- zlib functions for reading gzip files * Copyright (C) 2004, 2005, 2010, 2011 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ #include "gzguts.h" /* Local functions */ local int gz_load OF((gz_statep, unsigned char *, unsigned, unsigned *)); local int gz_avail OF((gz_statep)); local int gz_look OF((gz_statep)); local int gz_decomp OF((gz_statep)); local int gz_fetch OF((gz_statep)); local int gz_skip OF((gz_statep, z_off64_t)); /* Use read() to load a buffer -- return -1 on error, otherwise 0. Read from state->fd, and update state->eof, state->err, and state->msg as appropriate. This function needs to loop on read(), since read() is not guaranteed to read the number of bytes requested, depending on the type of descriptor. */ local int gz_load(state, buf, len, have) gz_statep state; unsigned char *buf; unsigned len; unsigned *have; { int ret; *have = 0; do { ret = read(state->fd, buf + *have, len - *have); if (ret <= 0) break; *have += ret; } while (*have < len); if (ret < 0) { gz_error(state, Z_ERRNO, zstrerror()); return -1; } if (ret == 0) state->eof = 1; return 0; } /* Load up input buffer and set eof flag if last data loaded -- return -1 on error, 0 otherwise. Note that the eof flag is set when the end of the input file is reached, even though there may be unused data in the buffer. Once that data has been used, no more attempts will be made to read the file. If strm->avail_in != 0, then the current data is moved to the beginning of the input buffer, and then the remainder of the buffer is loaded with the available data from the input file. */ local int gz_avail(state) gz_statep state; { unsigned got; z_streamp strm = &(state->strm); if (state->err != Z_OK && state->err != Z_BUF_ERROR) return -1; if (state->eof == 0) { if (strm->avail_in) memmove(state->in, strm->next_in, strm->avail_in); if (gz_load(state, state->in + strm->avail_in, state->size - strm->avail_in, &got) == -1) return -1; strm->avail_in += got; strm->next_in = state->in; } return 0; } /* Look for gzip header, set up for inflate or copy. state->x.have must be 0. If this is the first time in, allocate required memory. state->how will be left unchanged if there is no more input data available, will be set to COPY if there is no gzip header and direct copying will be performed, or it will be set to GZIP for decompression. If direct copying, then leftover input data from the input buffer will be copied to the output buffer. In that case, all further file reads will be directly to either the output buffer or a user buffer. If decompressing, the inflate state will be initialized. gz_look() will return 0 on success or -1 on failure. */ local int gz_look(state) gz_statep state; { z_streamp strm = &(state->strm); /* allocate read buffers and inflate memory */ if (state->size == 0) { /* allocate buffers */ state->in = malloc(state->want); state->out = malloc(state->want << 1); if (state->in == NULL || state->out == NULL) { if (state->out != NULL) free(state->out); if (state->in != NULL) free(state->in); gz_error(state, Z_MEM_ERROR, "out of memory"); return -1; } state->size = state->want; /* allocate inflate memory */ state->strm.zalloc = Z_NULL; state->strm.zfree = Z_NULL; state->strm.opaque = Z_NULL; state->strm.avail_in = 0; state->strm.next_in = Z_NULL; if (inflateInit2(&(state->strm), 15 + 16) != Z_OK) { /* gunzip */ free(state->out); free(state->in); state->size = 0; gz_error(state, Z_MEM_ERROR, "out of memory"); return -1; } } /* get at least the magic bytes in the input buffer */ if (strm->avail_in < 2) { if (gz_avail(state) == -1) return -1; if (strm->avail_in == 0) return 0; } /* look for gzip magic bytes -- if there, do gzip decoding (note: there is a logical dilemma here when considering the case of a partially written gzip file, to wit, if a single 31 byte is written, then we cannot tell whether this is a single-byte file, or just a partially written gzip file -- for here we assume that if a gzip file is being written, then the header will be written in a single operation, so that reading a single byte is sufficient indication that it is not a gzip file) */ if (strm->avail_in > 1 && strm->next_in[0] == 31 && strm->next_in[1] == 139) { inflateReset(strm); state->how = GZIP; state->direct = 0; return 0; } /* no gzip header -- if we were decoding gzip before, then this is trailing garbage. Ignore the trailing garbage and finish. */ if (state->direct == 0) { strm->avail_in = 0; state->eof = 1; state->x.have = 0; return 0; } /* doing raw i/o, copy any leftover input to output -- this assumes that the output buffer is larger than the input buffer, which also assures space for gzungetc() */ state->x.next = state->out; if (strm->avail_in) { memcpy(state->x.next, strm->next_in, strm->avail_in); state->x.have = strm->avail_in; strm->avail_in = 0; } state->how = COPY; state->direct = 1; return 0; } /* Decompress from input to the provided next_out and avail_out in the state. On return, state->x.have and state->x.next point to the just decompressed data. If the gzip stream completes, state->how is reset to LOOK to look for the next gzip stream or raw data, once state->x.have is depleted. Returns 0 on success, -1 on failure. */ local int gz_decomp(state) gz_statep state; { int ret = Z_OK; unsigned had; z_streamp strm = &(state->strm); /* fill output buffer up to end of deflate stream */ had = strm->avail_out; do { /* get more input for inflate() */ if (strm->avail_in == 0 && gz_avail(state) == -1) return -1; if (strm->avail_in == 0) { gz_error(state, Z_BUF_ERROR, "unexpected end of file"); break; } /* decompress and handle errors */ ret = inflate(strm, Z_NO_FLUSH); if (ret == Z_STREAM_ERROR || ret == Z_NEED_DICT) { gz_error(state, Z_STREAM_ERROR, "internal error: inflate stream corrupt"); return -1; } if (ret == Z_MEM_ERROR) { gz_error(state, Z_MEM_ERROR, "out of memory"); return -1; } if (ret == Z_DATA_ERROR) { /* deflate stream invalid */ gz_error(state, Z_DATA_ERROR, strm->msg == NULL ? "compressed data error" : strm->msg); return -1; } } while (strm->avail_out && ret != Z_STREAM_END); /* update available output */ state->x.have = had - strm->avail_out; state->x.next = strm->next_out - state->x.have; /* if the gzip stream completed successfully, look for another */ if (ret == Z_STREAM_END) state->how = LOOK; /* good decompression */ return 0; } /* Fetch data and put it in the output buffer. Assumes state->x.have is 0. Data is either copied from the input file or decompressed from the input file depending on state->how. If state->how is LOOK, then a gzip header is looked for to determine whether to copy or decompress. Returns -1 on error, otherwise 0. gz_fetch() will leave state->how as COPY or GZIP unless the end of the input file has been reached and all data has been processed. */ local int gz_fetch(state) gz_statep state; { z_streamp strm = &(state->strm); do { switch(state->how) { case LOOK: /* -> LOOK, COPY (only if never GZIP), or GZIP */ if (gz_look(state) == -1) return -1; if (state->how == LOOK) return 0; break; case COPY: /* -> COPY */ if (gz_load(state, state->out, state->size << 1, &(state->x.have)) == -1) return -1; state->x.next = state->out; return 0; case GZIP: /* -> GZIP or LOOK (if end of gzip stream) */ strm->avail_out = state->size << 1; strm->next_out = state->out; if (gz_decomp(state) == -1) return -1; } } while (state->x.have == 0 && (!state->eof || strm->avail_in)); return 0; } /* Skip len uncompressed bytes of output. Return -1 on error, 0 on success. */ local int gz_skip(state, len) gz_statep state; z_off64_t len; { unsigned n; /* skip over len bytes or reach end-of-file, whichever comes first */ while (len) /* skip over whatever is in output buffer */ if (state->x.have) { n = GT_OFF(state->x.have) || (z_off64_t)state->x.have > len ? (unsigned)len : state->x.have; state->x.have -= n; state->x.next += n; state->x.pos += n; len -= n; } /* output buffer empty -- return if we're at the end of the input */ else if (state->eof && state->strm.avail_in == 0) break; /* need more data to skip -- load up output buffer */ else { /* get more output, looking for header if required */ if (gz_fetch(state) == -1) return -1; } return 0; } /* -- see zlib.h -- */ int ZEXPORT gzread(file, buf, len) gzFile file; voidp buf; unsigned len; { unsigned got, n; gz_statep state; z_streamp strm; /* get internal structure */ if (file == NULL) return -1; state = (gz_statep)file; strm = &(state->strm); /* check that we're reading and that there's no (serious) error */ if (state->mode != GZ_READ || (state->err != Z_OK && state->err != Z_BUF_ERROR)) return -1; /* since an int is returned, make sure len fits in one, otherwise return with an error (this avoids the flaw in the interface) */ if ((int)len < 0) { gz_error(state, Z_DATA_ERROR, "requested length does not fit in int"); return -1; } /* if len is zero, avoid unnecessary operations */ if (len == 0) return 0; /* process a skip request */ if (state->seek) { state->seek = 0; if (gz_skip(state, state->skip) == -1) return -1; } /* get len bytes to buf, or less than len if at the end */ got = 0; do { /* first just try copying data from the output buffer */ if (state->x.have) { n = state->x.have > len ? len : state->x.have; memcpy(buf, state->x.next, n); state->x.next += n; state->x.have -= n; } /* output buffer empty -- return if we're at the end of the input */ else if (state->eof && strm->avail_in == 0) { state->past = 1; /* tried to read past end */ break; } /* need output data -- for small len or new stream load up our output buffer */ else if (state->how == LOOK || len < (state->size << 1)) { /* get more output, looking for header if required */ if (gz_fetch(state) == -1) return -1; continue; /* no progress yet -- go back to memcpy() above */ /* the copy above assures that we will leave with space in the output buffer, allowing at least one gzungetc() to succeed */ } /* large len -- read directly into user buffer */ else if (state->how == COPY) { /* read directly */ if (gz_load(state, buf, len, &n) == -1) return -1; } /* large len -- decompress directly into user buffer */ else { /* state->how == GZIP */ strm->avail_out = len; strm->next_out = buf; if (gz_decomp(state) == -1) return -1; n = state->x.have; state->x.have = 0; } /* update progress */ len -= n; buf = (char *)buf + n; got += n; state->x.pos += n; } while (len); /* return number of bytes read into user buffer (will fit in int) */ return (int)got; } /* -- see zlib.h -- */ int ZEXPORT gzgetc_(file) gzFile file; { int ret; unsigned char buf[1]; gz_statep state; /* get internal structure */ if (file == NULL) return -1; state = (gz_statep)file; /* check that we're reading and that there's no (serious) error */ if (state->mode != GZ_READ || (state->err != Z_OK && state->err != Z_BUF_ERROR)) return -1; /* try output buffer (no need to check for skip request) */ if (state->x.have) { state->x.have--; state->x.pos++; return *(state->x.next)++; } /* nothing there -- try gzread() */ ret = gzread(file, buf, 1); return ret < 1 ? -1 : buf[0]; } #undef gzgetc int ZEXPORT gzgetc(file) gzFile file; { return gzgetc_(file); } /* -- see zlib.h -- */ int ZEXPORT gzungetc(c, file) int c; gzFile file; { gz_statep state; /* get internal structure */ if (file == NULL) return -1; state = (gz_statep)file; /* check that we're reading and that there's no (serious) error */ if (state->mode != GZ_READ || (state->err != Z_OK && state->err != Z_BUF_ERROR)) return -1; /* process a skip request */ if (state->seek) { state->seek = 0; if (gz_skip(state, state->skip) == -1) return -1; } /* can't push EOF */ if (c < 0) return -1; /* if output buffer empty, put byte at end (allows more pushing) */ if (state->x.have == 0) { state->x.have = 1; state->x.next = state->out + (state->size << 1) - 1; state->x.next[0] = c; state->x.pos--; state->past = 0; return c; } /* if no room, give up (must have already done a gzungetc()) */ if (state->x.have == (state->size << 1)) { gz_error(state, Z_DATA_ERROR, "out of room to push characters"); return -1; } /* slide output data if needed and insert byte before existing data */ if (state->x.next == state->out) { unsigned char *src = state->out + state->x.have; unsigned char *dest = state->out + (state->size << 1); while (src > state->out) *--dest = *--src; state->x.next = dest; } state->x.have++; state->x.next--; state->x.next[0] = c; state->x.pos--; state->past = 0; return c; } /* -- see zlib.h -- */ char * ZEXPORT gzgets(file, buf, len) gzFile file; char *buf; int len; { unsigned left, n; char *str; unsigned char *eol; gz_statep state; /* check parameters and get internal structure */ if (file == NULL || buf == NULL || len < 1) return NULL; state = (gz_statep)file; /* check that we're reading and that there's no (serious) error */ if (state->mode != GZ_READ || (state->err != Z_OK && state->err != Z_BUF_ERROR)) return NULL; /* process a skip request */ if (state->seek) { state->seek = 0; if (gz_skip(state, state->skip) == -1) return NULL; } /* copy output bytes up to new line or len - 1, whichever comes first -- append a terminating zero to the string (we don't check for a zero in the contents, let the user worry about that) */ str = buf; left = (unsigned)len - 1; if (left) do { /* assure that something is in the output buffer */ if (state->x.have == 0 && gz_fetch(state) == -1) return NULL; /* error */ if (state->x.have == 0) { /* end of file */ state->past = 1; /* read past end */ break; /* return what we have */ } /* look for end-of-line in current output buffer */ n = state->x.have > left ? left : state->x.have; eol = memchr(state->x.next, '\n', n); if (eol != NULL) n = (unsigned)(eol - state->x.next) + 1; /* copy through end-of-line, or remainder if not found */ memcpy(buf, state->x.next, n); state->x.have -= n; state->x.next += n; state->x.pos += n; left -= n; buf += n; } while (left && eol == NULL); /* return terminated string, or if nothing, end of file */ if (buf == str) return NULL; buf[0] = 0; return str; } /* -- see zlib.h -- */ int ZEXPORT gzdirect(file) gzFile file; { gz_statep state; /* get internal structure */ if (file == NULL) return 0; state = (gz_statep)file; /* if the state is not known, but we can find out, then do so (this is mainly for right after a gzopen() or gzdopen()) */ if (state->mode == GZ_READ && state->how == LOOK && state->x.have == 0) (void)gz_look(state); /* return 1 if transparent, 0 if processing a gzip stream */ return state->direct; } /* -- see zlib.h -- */ int ZEXPORT gzclose_r(file) gzFile file; { int ret, err; gz_statep state; /* get internal structure */ if (file == NULL) return Z_STREAM_ERROR; state = (gz_statep)file; /* check that we're reading */ if (state->mode != GZ_READ) return Z_STREAM_ERROR; /* free memory and close file */ if (state->size) { inflateEnd(&(state->strm)); free(state->out); free(state->in); } err = state->err == Z_BUF_ERROR ? Z_BUF_ERROR : Z_OK; gz_error(state, Z_OK, NULL); free(state->path); ret = close(state->fd); free(state); return ret ? Z_ERRNO : err; } sudo-1.8.9p5/zlib/gzwrite.c010064400175440000012000000376121226304126600151560ustar00millertstaff/* gzwrite.c -- zlib functions for writing gzip files * Copyright (C) 2004, 2005, 2010, 2011, 2012 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ #include "gzguts.h" /* Local functions */ local int gz_init OF((gz_statep)); local int gz_comp OF((gz_statep, int)); local int gz_zero OF((gz_statep, z_off64_t)); /* Initialize state for writing a gzip file. Mark initialization by setting state->size to non-zero. Return -1 on failure or 0 on success. */ local int gz_init(state) gz_statep state; { int ret; z_streamp strm = &(state->strm); /* allocate input buffer */ state->in = malloc(state->want); if (state->in == NULL) { gz_error(state, Z_MEM_ERROR, "out of memory"); return -1; } /* only need output buffer and deflate state if compressing */ if (!state->direct) { /* allocate output buffer */ state->out = malloc(state->want); if (state->out == NULL) { free(state->in); gz_error(state, Z_MEM_ERROR, "out of memory"); return -1; } /* allocate deflate memory, set up for gzip compression */ strm->zalloc = Z_NULL; strm->zfree = Z_NULL; strm->opaque = Z_NULL; ret = deflateInit2(strm, state->level, Z_DEFLATED, MAX_WBITS + 16, DEF_MEM_LEVEL, state->strategy); if (ret != Z_OK) { free(state->out); free(state->in); gz_error(state, Z_MEM_ERROR, "out of memory"); return -1; } } /* mark state as initialized */ state->size = state->want; /* initialize write buffer if compressing */ if (!state->direct) { strm->avail_out = state->size; strm->next_out = state->out; state->x.next = strm->next_out; } return 0; } /* Compress whatever is at avail_in and next_in and write to the output file. Return -1 if there is an error writing to the output file, otherwise 0. flush is assumed to be a valid deflate() flush value. If flush is Z_FINISH, then the deflate() state is reset to start a new gzip stream. If gz->direct is true, then simply write to the output file without compressing, and ignore flush. */ local int gz_comp(state, flush) gz_statep state; int flush; { int ret, got; unsigned have; z_streamp strm = &(state->strm); /* allocate memory if this is the first time through */ if (state->size == 0 && gz_init(state) == -1) return -1; /* write directly if requested */ if (state->direct) { got = write(state->fd, strm->next_in, strm->avail_in); if (got < 0 || (unsigned)got != strm->avail_in) { gz_error(state, Z_ERRNO, zstrerror()); return -1; } strm->avail_in = 0; return 0; } /* run deflate() on provided input until it produces no more output */ ret = Z_OK; do { /* write out current buffer contents if full, or if flushing, but if doing Z_FINISH then don't write until we get to Z_STREAM_END */ if (strm->avail_out == 0 || (flush != Z_NO_FLUSH && (flush != Z_FINISH || ret == Z_STREAM_END))) { have = (unsigned)(strm->next_out - state->x.next); if (have && ((got = write(state->fd, state->x.next, have)) < 0 || (unsigned)got != have)) { gz_error(state, Z_ERRNO, zstrerror()); return -1; } if (strm->avail_out == 0) { strm->avail_out = state->size; strm->next_out = state->out; } state->x.next = strm->next_out; } /* compress */ have = strm->avail_out; ret = deflate(strm, flush); if (ret == Z_STREAM_ERROR) { gz_error(state, Z_STREAM_ERROR, "internal error: deflate stream corrupt"); return -1; } have -= strm->avail_out; } while (have); /* if that completed a deflate stream, allow another to start */ if (flush == Z_FINISH) deflateReset(strm); /* all done, no errors */ return 0; } /* Compress len zeros to output. Return -1 on error, 0 on success. */ local int gz_zero(state, len) gz_statep state; z_off64_t len; { int first; unsigned n; z_streamp strm = &(state->strm); /* consume whatever's left in the input buffer */ if (strm->avail_in && gz_comp(state, Z_NO_FLUSH) == -1) return -1; /* compress len zeros (len guaranteed > 0) */ first = 1; while (len) { n = GT_OFF(state->size) || (z_off64_t)state->size > len ? (unsigned)len : state->size; if (first) { memset(state->in, 0, n); first = 0; } strm->avail_in = n; strm->next_in = state->in; state->x.pos += n; if (gz_comp(state, Z_NO_FLUSH) == -1) return -1; len -= n; } return 0; } /* -- see zlib.h -- */ int ZEXPORT gzwrite(file, buf, len) gzFile file; voidpc buf; unsigned len; { unsigned put = len; unsigned n; gz_statep state; z_streamp strm; /* get internal structure */ if (file == NULL) return 0; state = (gz_statep)file; strm = &(state->strm); /* check that we're writing and that there's no error */ if (state->mode != GZ_WRITE || state->err != Z_OK) return 0; /* since an int is returned, make sure len fits in one, otherwise return with an error (this avoids the flaw in the interface) */ if ((int)len < 0) { gz_error(state, Z_DATA_ERROR, "requested length does not fit in int"); return 0; } /* if len is zero, avoid unnecessary operations */ if (len == 0) return 0; /* allocate memory if this is the first time through */ if (state->size == 0 && gz_init(state) == -1) return 0; /* check for seek request */ if (state->seek) { state->seek = 0; if (gz_zero(state, state->skip) == -1) return 0; } /* for small len, copy to input buffer, otherwise compress directly */ if (len < state->size) { /* copy to input buffer, compress when full */ do { if (strm->avail_in == 0) strm->next_in = state->in; n = state->size - strm->avail_in; if (n > len) n = len; memcpy(strm->next_in + strm->avail_in, buf, n); strm->avail_in += n; state->x.pos += n; buf = (char *)buf + n; len -= n; if (len && gz_comp(state, Z_NO_FLUSH) == -1) return 0; } while (len); } else { /* consume whatever's left in the input buffer */ if (strm->avail_in && gz_comp(state, Z_NO_FLUSH) == -1) return 0; /* directly compress user buffer to file */ strm->avail_in = len; strm->next_in = (voidp)buf; state->x.pos += len; if (gz_comp(state, Z_NO_FLUSH) == -1) return 0; } /* input was all buffered or compressed (put will fit in int) */ return (int)put; } /* -- see zlib.h -- */ int ZEXPORT gzputc(file, c) gzFile file; int c; { unsigned char buf[1]; gz_statep state; z_streamp strm; /* get internal structure */ if (file == NULL) return -1; state = (gz_statep)file; strm = &(state->strm); /* check that we're writing and that there's no error */ if (state->mode != GZ_WRITE || state->err != Z_OK) return -1; /* check for seek request */ if (state->seek) { state->seek = 0; if (gz_zero(state, state->skip) == -1) return -1; } /* try writing to input buffer for speed (state->size == 0 if buffer not initialized) */ if (strm->avail_in < state->size) { if (strm->avail_in == 0) strm->next_in = state->in; strm->next_in[strm->avail_in++] = c; state->x.pos++; return c & 0xff; } /* no room in buffer or not initialized, use gz_write() */ buf[0] = c; if (gzwrite(file, buf, 1) != 1) return -1; return c & 0xff; } /* -- see zlib.h -- */ int ZEXPORT gzputs(file, str) gzFile file; const char *str; { int ret; unsigned len; /* write string */ len = (unsigned)strlen(str); ret = gzwrite(file, str, len); return ret == 0 && len != 0 ? -1 : ret; } #if defined(STDC) || defined(Z_HAVE_STDARG_H) #include /* -- see zlib.h -- */ int ZEXPORTVA gzprintf (gzFile file, const char *format, ...) { int size, len; gz_statep state; z_streamp strm; va_list va; /* get internal structure */ if (file == NULL) return -1; state = (gz_statep)file; strm = &(state->strm); /* check that we're writing and that there's no error */ if (state->mode != GZ_WRITE || state->err != Z_OK) return 0; /* make sure we have some buffer space */ if (state->size == 0 && gz_init(state) == -1) return 0; /* check for seek request */ if (state->seek) { state->seek = 0; if (gz_zero(state, state->skip) == -1) return 0; } /* consume whatever's left in the input buffer */ if (strm->avail_in && gz_comp(state, Z_NO_FLUSH) == -1) return 0; /* do the printf() into the input buffer, put length in len */ size = (int)(state->size); state->in[size - 1] = 0; va_start(va, format); #ifdef NO_vsnprintf # ifdef HAS_vsprintf_void (void)vsprintf(state->in, format, va); va_end(va); for (len = 0; len < size; len++) if (state->in[len] == 0) break; # else len = vsprintf(state->in, format, va); va_end(va); # endif #else # ifdef HAS_vsnprintf_void (void)vsnprintf(state->in, size, format, va); va_end(va); len = strlen(state->in); # else len = vsnprintf((char *)(state->in), size, format, va); va_end(va); # endif #endif /* check that printf() results fit in buffer */ if (len <= 0 || len >= (int)size || state->in[size - 1] != 0) return 0; /* update buffer and position, defer compression until needed */ strm->avail_in = (unsigned)len; strm->next_in = state->in; state->x.pos += len; return len; } #else /* !STDC && !Z_HAVE_STDARG_H */ /* -- see zlib.h -- */ int ZEXPORTVA gzprintf (file, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20) gzFile file; const char *format; int a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20; { int size, len; gz_statep state; z_streamp strm; /* get internal structure */ if (file == NULL) return -1; state = (gz_statep)file; strm = &(state->strm); /* check that can really pass pointer in ints */ if (sizeof(int) != sizeof(void *)) return 0; /* check that we're writing and that there's no error */ if (state->mode != GZ_WRITE || state->err != Z_OK) return 0; /* make sure we have some buffer space */ if (state->size == 0 && gz_init(state) == -1) return 0; /* check for seek request */ if (state->seek) { state->seek = 0; if (gz_zero(state, state->skip) == -1) return 0; } /* consume whatever's left in the input buffer */ if (strm->avail_in && gz_comp(state, Z_NO_FLUSH) == -1) return 0; /* do the printf() into the input buffer, put length in len */ size = (int)(state->size); state->in[size - 1] = 0; #ifdef NO_snprintf # ifdef HAS_sprintf_void sprintf(state->in, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20); for (len = 0; len < size; len++) if (state->in[len] == 0) break; # else len = sprintf(state->in, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20); # endif #else # ifdef HAS_snprintf_void snprintf(state->in, size, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20); len = strlen(state->in); # else len = snprintf(state->in, size, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20); # endif #endif /* check that printf() results fit in buffer */ if (len <= 0 || len >= (int)size || state->in[size - 1] != 0) return 0; /* update buffer and position, defer compression until needed */ strm->avail_in = (unsigned)len; strm->next_in = state->in; state->x.pos += len; return len; } #endif /* -- see zlib.h -- */ int ZEXPORT gzflush(file, flush) gzFile file; int flush; { gz_statep state; /* get internal structure */ if (file == NULL) return -1; state = (gz_statep)file; /* check that we're writing and that there's no error */ if (state->mode != GZ_WRITE || state->err != Z_OK) return Z_STREAM_ERROR; /* check flush parameter */ if (flush < 0 || flush > Z_FINISH) return Z_STREAM_ERROR; /* check for seek request */ if (state->seek) { state->seek = 0; if (gz_zero(state, state->skip) == -1) return -1; } /* compress remaining data with requested flush */ gz_comp(state, flush); return state->err; } /* -- see zlib.h -- */ int ZEXPORT gzsetparams(file, level, strategy) gzFile file; int level; int strategy; { gz_statep state; z_streamp strm; /* get internal structure */ if (file == NULL) return Z_STREAM_ERROR; state = (gz_statep)file; strm = &(state->strm); /* check that we're writing and that there's no error */ if (state->mode != GZ_WRITE || state->err != Z_OK) return Z_STREAM_ERROR; /* if no change is requested, then do nothing */ if (level == state->level && strategy == state->strategy) return Z_OK; /* check for seek request */ if (state->seek) { state->seek = 0; if (gz_zero(state, state->skip) == -1) return -1; } /* change compression parameters for subsequent input */ if (state->size) { /* flush previous input with previous parameters before changing */ if (strm->avail_in && gz_comp(state, Z_PARTIAL_FLUSH) == -1) return state->err; deflateParams(strm, level, strategy); } state->level = level; state->strategy = strategy; return Z_OK; } /* -- see zlib.h -- */ int ZEXPORT gzclose_w(file) gzFile file; { int ret = Z_OK; gz_statep state; /* get internal structure */ if (file == NULL) return Z_STREAM_ERROR; state = (gz_statep)file; /* check that we're writing */ if (state->mode != GZ_WRITE) return Z_STREAM_ERROR; /* check for seek request */ if (state->seek) { state->seek = 0; if (gz_zero(state, state->skip) == -1) ret = state->err; } /* flush, free memory, and close file */ if (gz_comp(state, Z_FINISH) == -1) ret = state->err; if (!state->direct) { (void)deflateEnd(&(state->strm)); free(state->out); } free(state->in); gz_error(state, Z_OK, NULL); free(state->path); if (close(state->fd) == -1) ret = Z_ERRNO; free(state); return ret; } /* used by zlibVersion() to get the vsnprintf story from the horse's mouth */ unsigned long ZEXPORT gzflags() { unsigned long flags = 0; #if defined(STDC) || defined(Z_HAVE_STDARG_H) # ifdef NO_vsnprintf flags += 1L << 25; # ifdef HAS_vsprintf_void flags += 1L << 26; # endif # else # ifdef HAS_vsnprintf_void flags += 1L << 26; # endif # endif #else flags += 1L << 24; # ifdef NO_snprintf flags += 1L << 25; # ifdef HAS_sprintf_void flags += 1L << 26; # endif # else # ifdef HAS_snprintf_void flags += 1L << 26; # endif # endif #endif return flags; } sudo-1.8.9p5/zlib/infback.c010064400175440000012000000542551226304126600150620ustar00millertstaff/* infback.c -- inflate using a call-back interface * Copyright (C) 1995-2011 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ /* This code is largely copied from inflate.c. Normally either infback.o or inflate.o would be linked into an application--not both. The interface with inffast.c is retained so that optimized assembler-coded versions of inflate_fast() can be used with either inflate.c or infback.c. */ #include "zutil.h" #include "inftrees.h" #include "inflate.h" #include "inffast.h" /* function prototypes */ local void fixedtables OF((struct inflate_state FAR *state)); /* strm provides memory allocation functions in zalloc and zfree, or Z_NULL to use the library memory allocation functions. windowBits is in the range 8..15, and window is a user-supplied window and output buffer that is 2**windowBits bytes. */ int ZEXPORT inflateBackInit_(strm, windowBits, window, version, stream_size) z_streamp strm; int windowBits; unsigned char FAR *window; const char *version; int stream_size; { struct inflate_state FAR *state; if (version == Z_NULL || version[0] != ZLIB_VERSION[0] || stream_size != (int)(sizeof(z_stream))) return Z_VERSION_ERROR; if (strm == Z_NULL || window == Z_NULL || windowBits < 8 || windowBits > 15) return Z_STREAM_ERROR; strm->msg = Z_NULL; /* in case we return an error */ if (strm->zalloc == (alloc_func)0) { #ifdef Z_SOLO return Z_STREAM_ERROR; #else strm->zalloc = zcalloc; strm->opaque = (voidpf)0; #endif } if (strm->zfree == (free_func)0) #ifdef Z_SOLO return Z_STREAM_ERROR; #else strm->zfree = zcfree; #endif state = (struct inflate_state FAR *)ZALLOC(strm, 1, sizeof(struct inflate_state)); if (state == Z_NULL) return Z_MEM_ERROR; Tracev((stderr, "inflate: allocated\n")); strm->state = (struct internal_state FAR *)state; state->dmax = 32768U; state->wbits = windowBits; state->wsize = 1U << windowBits; state->window = window; state->wnext = 0; state->whave = 0; return Z_OK; } /* Return state with length and distance decoding tables and index sizes set to fixed code decoding. Normally this returns fixed tables from inffixed.h. If BUILDFIXED is defined, then instead this routine builds the tables the first time it's called, and returns those tables the first time and thereafter. This reduces the size of the code by about 2K bytes, in exchange for a little execution time. However, BUILDFIXED should not be used for threaded applications, since the rewriting of the tables and virgin may not be thread-safe. */ local void fixedtables(state) struct inflate_state FAR *state; { #ifdef BUILDFIXED static int virgin = 1; static code *lenfix, *distfix; static code fixed[544]; /* build fixed huffman tables if first call (may not be thread safe) */ if (virgin) { unsigned sym, bits; static code *next; /* literal/length table */ sym = 0; while (sym < 144) state->lens[sym++] = 8; while (sym < 256) state->lens[sym++] = 9; while (sym < 280) state->lens[sym++] = 7; while (sym < 288) state->lens[sym++] = 8; next = fixed; lenfix = next; bits = 9; inflate_table(LENS, state->lens, 288, &(next), &(bits), state->work); /* distance table */ sym = 0; while (sym < 32) state->lens[sym++] = 5; distfix = next; bits = 5; inflate_table(DISTS, state->lens, 32, &(next), &(bits), state->work); /* do this just once */ virgin = 0; } #else /* !BUILDFIXED */ # include "inffixed.h" #endif /* BUILDFIXED */ state->lencode = lenfix; state->lenbits = 9; state->distcode = distfix; state->distbits = 5; } /* Macros for inflateBack(): */ /* Load returned state from inflate_fast() */ #define LOAD() \ do { \ put = strm->next_out; \ left = strm->avail_out; \ next = strm->next_in; \ have = strm->avail_in; \ hold = state->hold; \ bits = state->bits; \ } while (0) /* Set state from registers for inflate_fast() */ #define RESTORE() \ do { \ strm->next_out = put; \ strm->avail_out = left; \ strm->next_in = next; \ strm->avail_in = have; \ state->hold = hold; \ state->bits = bits; \ } while (0) /* Clear the input bit accumulator */ #define INITBITS() \ do { \ hold = 0; \ bits = 0; \ } while (0) /* Assure that some input is available. If input is requested, but denied, then return a Z_BUF_ERROR from inflateBack(). */ #define PULL() \ do { \ if (have == 0) { \ have = in(in_desc, &next); \ if (have == 0) { \ next = Z_NULL; \ ret = Z_BUF_ERROR; \ goto inf_leave; \ } \ } \ } while (0) /* Get a byte of input into the bit accumulator, or return from inflateBack() with an error if there is no input available. */ #define PULLBYTE() \ do { \ PULL(); \ have--; \ hold += (unsigned long)(*next++) << bits; \ bits += 8; \ } while (0) /* Assure that there are at least n bits in the bit accumulator. If there is not enough available input to do that, then return from inflateBack() with an error. */ #define NEEDBITS(n) \ do { \ while (bits < (unsigned)(n)) \ PULLBYTE(); \ } while (0) /* Return the low n bits of the bit accumulator (n < 16) */ #define BITS(n) \ ((unsigned)hold & ((1U << (n)) - 1)) /* Remove n bits from the bit accumulator */ #define DROPBITS(n) \ do { \ hold >>= (n); \ bits -= (unsigned)(n); \ } while (0) /* Remove zero to seven bits as needed to go to a byte boundary */ #define BYTEBITS() \ do { \ hold >>= bits & 7; \ bits -= bits & 7; \ } while (0) /* Assure that some output space is available, by writing out the window if it's full. If the write fails, return from inflateBack() with a Z_BUF_ERROR. */ #define ROOM() \ do { \ if (left == 0) { \ put = state->window; \ left = state->wsize; \ state->whave = left; \ if (out(out_desc, put, left)) { \ ret = Z_BUF_ERROR; \ goto inf_leave; \ } \ } \ } while (0) /* strm provides the memory allocation functions and window buffer on input, and provides information on the unused input on return. For Z_DATA_ERROR returns, strm will also provide an error message. in() and out() are the call-back input and output functions. When inflateBack() needs more input, it calls in(). When inflateBack() has filled the window with output, or when it completes with data in the window, it calls out() to write out the data. The application must not change the provided input until in() is called again or inflateBack() returns. The application must not change the window/output buffer until inflateBack() returns. in() and out() are called with a descriptor parameter provided in the inflateBack() call. This parameter can be a structure that provides the information required to do the read or write, as well as accumulated information on the input and output such as totals and check values. in() should return zero on failure. out() should return non-zero on failure. If either in() or out() fails, than inflateBack() returns a Z_BUF_ERROR. strm->next_in can be checked for Z_NULL to see whether it was in() or out() that caused in the error. Otherwise, inflateBack() returns Z_STREAM_END on success, Z_DATA_ERROR for an deflate format error, or Z_MEM_ERROR if it could not allocate memory for the state. inflateBack() can also return Z_STREAM_ERROR if the input parameters are not correct, i.e. strm is Z_NULL or the state was not initialized. */ int ZEXPORT inflateBack(strm, in, in_desc, out, out_desc) z_streamp strm; in_func in; void FAR *in_desc; out_func out; void FAR *out_desc; { struct inflate_state FAR *state; unsigned char FAR *next; /* next input */ unsigned char FAR *put; /* next output */ unsigned have, left; /* available input and output */ unsigned long hold; /* bit buffer */ unsigned bits; /* bits in bit buffer */ unsigned copy; /* number of stored or match bytes to copy */ unsigned char FAR *from; /* where to copy match bytes from */ code here; /* current decoding table entry */ code last; /* parent table entry */ unsigned len; /* length to copy for repeats, bits to drop */ int ret; /* return code */ static const unsigned short order[19] = /* permutation of code lengths */ {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; /* Check that the strm exists and that the state was initialized */ if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; state = (struct inflate_state FAR *)strm->state; /* Reset the state */ strm->msg = Z_NULL; state->mode = TYPE; state->last = 0; state->whave = 0; next = strm->next_in; have = next != Z_NULL ? strm->avail_in : 0; hold = 0; bits = 0; put = state->window; left = state->wsize; /* Inflate until end of block marked as last */ for (;;) switch (state->mode) { case TYPE: /* determine and dispatch block type */ if (state->last) { BYTEBITS(); state->mode = DONE; break; } NEEDBITS(3); state->last = BITS(1); DROPBITS(1); switch (BITS(2)) { case 0: /* stored block */ Tracev((stderr, "inflate: stored block%s\n", state->last ? " (last)" : "")); state->mode = STORED; break; case 1: /* fixed block */ fixedtables(state); Tracev((stderr, "inflate: fixed codes block%s\n", state->last ? " (last)" : "")); state->mode = LEN; /* decode codes */ break; case 2: /* dynamic block */ Tracev((stderr, "inflate: dynamic codes block%s\n", state->last ? " (last)" : "")); state->mode = TABLE; break; case 3: strm->msg = (char *)"invalid block type"; state->mode = BAD; } DROPBITS(2); break; case STORED: /* get and verify stored block length */ BYTEBITS(); /* go to byte boundary */ NEEDBITS(32); if ((hold & 0xffff) != ((hold >> 16) ^ 0xffff)) { strm->msg = (char *)"invalid stored block lengths"; state->mode = BAD; break; } state->length = (unsigned)hold & 0xffff; Tracev((stderr, "inflate: stored length %u\n", state->length)); INITBITS(); /* copy stored block from input to output */ while (state->length != 0) { copy = state->length; PULL(); ROOM(); if (copy > have) copy = have; if (copy > left) copy = left; zmemcpy(put, next, copy); have -= copy; next += copy; left -= copy; put += copy; state->length -= copy; } Tracev((stderr, "inflate: stored end\n")); state->mode = TYPE; break; case TABLE: /* get dynamic table entries descriptor */ NEEDBITS(14); state->nlen = BITS(5) + 257; DROPBITS(5); state->ndist = BITS(5) + 1; DROPBITS(5); state->ncode = BITS(4) + 4; DROPBITS(4); #ifndef PKZIP_BUG_WORKAROUND if (state->nlen > 286 || state->ndist > 30) { strm->msg = (char *)"too many length or distance symbols"; state->mode = BAD; break; } #endif Tracev((stderr, "inflate: table sizes ok\n")); /* get code length code lengths (not a typo) */ state->have = 0; while (state->have < state->ncode) { NEEDBITS(3); state->lens[order[state->have++]] = (unsigned short)BITS(3); DROPBITS(3); } while (state->have < 19) state->lens[order[state->have++]] = 0; state->next = state->codes; state->lencode = (code const FAR *)(state->next); state->lenbits = 7; ret = inflate_table(CODES, state->lens, 19, &(state->next), &(state->lenbits), state->work); if (ret) { strm->msg = (char *)"invalid code lengths set"; state->mode = BAD; break; } Tracev((stderr, "inflate: code lengths ok\n")); /* get length and distance code code lengths */ state->have = 0; while (state->have < state->nlen + state->ndist) { for (;;) { here = state->lencode[BITS(state->lenbits)]; if ((unsigned)(here.bits) <= bits) break; PULLBYTE(); } if (here.val < 16) { DROPBITS(here.bits); state->lens[state->have++] = here.val; } else { if (here.val == 16) { NEEDBITS(here.bits + 2); DROPBITS(here.bits); if (state->have == 0) { strm->msg = (char *)"invalid bit length repeat"; state->mode = BAD; break; } len = (unsigned)(state->lens[state->have - 1]); copy = 3 + BITS(2); DROPBITS(2); } else if (here.val == 17) { NEEDBITS(here.bits + 3); DROPBITS(here.bits); len = 0; copy = 3 + BITS(3); DROPBITS(3); } else { NEEDBITS(here.bits + 7); DROPBITS(here.bits); len = 0; copy = 11 + BITS(7); DROPBITS(7); } if (state->have + copy > state->nlen + state->ndist) { strm->msg = (char *)"invalid bit length repeat"; state->mode = BAD; break; } while (copy--) state->lens[state->have++] = (unsigned short)len; } } /* handle error breaks in while */ if (state->mode == BAD) break; /* check for end-of-block code (better have one) */ if (state->lens[256] == 0) { strm->msg = (char *)"invalid code -- missing end-of-block"; state->mode = BAD; break; } /* build code tables -- note: do not change the lenbits or distbits values here (9 and 6) without reading the comments in inftrees.h concerning the ENOUGH constants, which depend on those values */ state->next = state->codes; state->lencode = (code const FAR *)(state->next); state->lenbits = 9; ret = inflate_table(LENS, state->lens, state->nlen, &(state->next), &(state->lenbits), state->work); if (ret) { strm->msg = (char *)"invalid literal/lengths set"; state->mode = BAD; break; } state->distcode = (code const FAR *)(state->next); state->distbits = 6; ret = inflate_table(DISTS, state->lens + state->nlen, state->ndist, &(state->next), &(state->distbits), state->work); if (ret) { strm->msg = (char *)"invalid distances set"; state->mode = BAD; break; } Tracev((stderr, "inflate: codes ok\n")); state->mode = LEN; case LEN: /* use inflate_fast() if we have enough input and output */ if (have >= 6 && left >= 258) { RESTORE(); if (state->whave < state->wsize) state->whave = state->wsize - left; inflate_fast(strm, state->wsize); LOAD(); break; } /* get a literal, length, or end-of-block code */ for (;;) { here = state->lencode[BITS(state->lenbits)]; if ((unsigned)(here.bits) <= bits) break; PULLBYTE(); } if (here.op && (here.op & 0xf0) == 0) { last = here; for (;;) { here = state->lencode[last.val + (BITS(last.bits + last.op) >> last.bits)]; if ((unsigned)(last.bits + here.bits) <= bits) break; PULLBYTE(); } DROPBITS(last.bits); } DROPBITS(here.bits); state->length = (unsigned)here.val; /* process literal */ if (here.op == 0) { Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? "inflate: literal '%c'\n" : "inflate: literal 0x%02x\n", here.val)); ROOM(); *put++ = (unsigned char)(state->length); left--; state->mode = LEN; break; } /* process end of block */ if (here.op & 32) { Tracevv((stderr, "inflate: end of block\n")); state->mode = TYPE; break; } /* invalid code */ if (here.op & 64) { strm->msg = (char *)"invalid literal/length code"; state->mode = BAD; break; } /* length code -- get extra bits, if any */ state->extra = (unsigned)(here.op) & 15; if (state->extra != 0) { NEEDBITS(state->extra); state->length += BITS(state->extra); DROPBITS(state->extra); } Tracevv((stderr, "inflate: length %u\n", state->length)); /* get distance code */ for (;;) { here = state->distcode[BITS(state->distbits)]; if ((unsigned)(here.bits) <= bits) break; PULLBYTE(); } if ((here.op & 0xf0) == 0) { last = here; for (;;) { here = state->distcode[last.val + (BITS(last.bits + last.op) >> last.bits)]; if ((unsigned)(last.bits + here.bits) <= bits) break; PULLBYTE(); } DROPBITS(last.bits); } DROPBITS(here.bits); if (here.op & 64) { strm->msg = (char *)"invalid distance code"; state->mode = BAD; break; } state->offset = (unsigned)here.val; /* get distance extra bits, if any */ state->extra = (unsigned)(here.op) & 15; if (state->extra != 0) { NEEDBITS(state->extra); state->offset += BITS(state->extra); DROPBITS(state->extra); } if (state->offset > state->wsize - (state->whave < state->wsize ? left : 0)) { strm->msg = (char *)"invalid distance too far back"; state->mode = BAD; break; } Tracevv((stderr, "inflate: distance %u\n", state->offset)); /* copy match from window to output */ do { ROOM(); copy = state->wsize - state->offset; if (copy < left) { from = put + copy; copy = left - copy; } else { from = put - state->offset; copy = left; } if (copy > state->length) copy = state->length; state->length -= copy; left -= copy; do { *put++ = *from++; } while (--copy); } while (state->length != 0); break; case DONE: /* inflate stream terminated properly -- write leftover output */ ret = Z_STREAM_END; if (left < state->wsize) { if (out(out_desc, state->window, state->wsize - left)) ret = Z_BUF_ERROR; } goto inf_leave; case BAD: ret = Z_DATA_ERROR; goto inf_leave; default: /* can't happen, but makes compilers happy */ ret = Z_STREAM_ERROR; goto inf_leave; } /* Return unused input */ inf_leave: strm->next_in = next; strm->avail_in = have; return ret; } int ZEXPORT inflateBackEnd(strm) z_streamp strm; { if (strm == Z_NULL || strm->state == Z_NULL || strm->zfree == (free_func)0) return Z_STREAM_ERROR; ZFREE(strm, strm->state); strm->state = Z_NULL; Tracev((stderr, "inflate: end\n")); return Z_OK; } sudo-1.8.9p5/zlib/inffast.c010064400175440000012000000321771226304126600151160ustar00millertstaff/* inffast.c -- fast decoding * Copyright (C) 1995-2008, 2010 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ #include "zutil.h" #include "inftrees.h" #include "inflate.h" #include "inffast.h" #ifndef ASMINF /* Allow machine dependent optimization for post-increment or pre-increment. Based on testing to date, Pre-increment preferred for: - PowerPC G3 (Adler) - MIPS R5000 (Randers-Pehrson) Post-increment preferred for: - none No measurable difference: - Pentium III (Anderson) - M68060 (Nikl) */ #ifdef POSTINC # define OFF 0 # define PUP(a) *(a)++ #else # define OFF 1 # define PUP(a) *++(a) #endif /* Decode literal, length, and distance codes and write out the resulting literal and match bytes until either not enough input or output is available, an end-of-block is encountered, or a data error is encountered. When large enough input and output buffers are supplied to inflate(), for example, a 16K input buffer and a 64K output buffer, more than 95% of the inflate execution time is spent in this routine. Entry assumptions: state->mode == LEN strm->avail_in >= 6 strm->avail_out >= 258 start >= strm->avail_out state->bits < 8 On return, state->mode is one of: LEN -- ran out of enough output space or enough available input TYPE -- reached end of block code, inflate() to interpret next block BAD -- error in block data Notes: - The maximum input bits used by a length/distance pair is 15 bits for the length code, 5 bits for the length extra, 15 bits for the distance code, and 13 bits for the distance extra. This totals 48 bits, or six bytes. Therefore if strm->avail_in >= 6, then there is enough input to avoid checking for available input while decoding. - The maximum bytes that a single length/distance pair can output is 258 bytes, which is the maximum length that can be coded. inflate_fast() requires strm->avail_out >= 258 for each loop to avoid checking for output space. */ void ZLIB_INTERNAL inflate_fast(strm, start) z_streamp strm; unsigned start; /* inflate()'s starting value for strm->avail_out */ { struct inflate_state FAR *state; unsigned char FAR *in; /* local strm->next_in */ unsigned char FAR *last; /* while in < last, enough input available */ unsigned char FAR *out; /* local strm->next_out */ unsigned char FAR *beg; /* inflate()'s initial strm->next_out */ unsigned char FAR *end; /* while out < end, enough space available */ #ifdef INFLATE_STRICT unsigned dmax; /* maximum distance from zlib header */ #endif unsigned wsize; /* window size or zero if not using window */ unsigned whave; /* valid bytes in the window */ unsigned wnext; /* window write index */ unsigned char FAR *window; /* allocated sliding window, if wsize != 0 */ unsigned long hold; /* local strm->hold */ unsigned bits; /* local strm->bits */ code const FAR *lcode; /* local strm->lencode */ code const FAR *dcode; /* local strm->distcode */ unsigned lmask; /* mask for first level of length codes */ unsigned dmask; /* mask for first level of distance codes */ code here; /* retrieved table entry */ unsigned op; /* code bits, operation, extra bits, or */ /* window position, window bytes to copy */ unsigned len; /* match length, unused bytes */ unsigned dist; /* match distance */ unsigned char FAR *from; /* where to copy match from */ /* copy state to local variables */ state = (struct inflate_state FAR *)strm->state; in = strm->next_in - OFF; last = in + (strm->avail_in - 5); out = strm->next_out - OFF; beg = out - (start - strm->avail_out); end = out + (strm->avail_out - 257); #ifdef INFLATE_STRICT dmax = state->dmax; #endif wsize = state->wsize; whave = state->whave; wnext = state->wnext; window = state->window; hold = state->hold; bits = state->bits; lcode = state->lencode; dcode = state->distcode; lmask = (1U << state->lenbits) - 1; dmask = (1U << state->distbits) - 1; /* decode literals and length/distances until end-of-block or not enough input data or output space */ do { if (bits < 15) { hold += (unsigned long)(PUP(in)) << bits; bits += 8; hold += (unsigned long)(PUP(in)) << bits; bits += 8; } here = lcode[hold & lmask]; dolen: op = (unsigned)(here.bits); hold >>= op; bits -= op; op = (unsigned)(here.op); if (op == 0) { /* literal */ Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? "inflate: literal '%c'\n" : "inflate: literal 0x%02x\n", here.val)); PUP(out) = (unsigned char)(here.val); } else if (op & 16) { /* length base */ len = (unsigned)(here.val); op &= 15; /* number of extra bits */ if (op) { if (bits < op) { hold += (unsigned long)(PUP(in)) << bits; bits += 8; } len += (unsigned)hold & ((1U << op) - 1); hold >>= op; bits -= op; } Tracevv((stderr, "inflate: length %u\n", len)); if (bits < 15) { hold += (unsigned long)(PUP(in)) << bits; bits += 8; hold += (unsigned long)(PUP(in)) << bits; bits += 8; } here = dcode[hold & dmask]; dodist: op = (unsigned)(here.bits); hold >>= op; bits -= op; op = (unsigned)(here.op); if (op & 16) { /* distance base */ dist = (unsigned)(here.val); op &= 15; /* number of extra bits */ if (bits < op) { hold += (unsigned long)(PUP(in)) << bits; bits += 8; if (bits < op) { hold += (unsigned long)(PUP(in)) << bits; bits += 8; } } dist += (unsigned)hold & ((1U << op) - 1); #ifdef INFLATE_STRICT if (dist > dmax) { strm->msg = (char *)"invalid distance too far back"; state->mode = BAD; break; } #endif hold >>= op; bits -= op; Tracevv((stderr, "inflate: distance %u\n", dist)); op = (unsigned)(out - beg); /* max distance in output */ if (dist > op) { /* see if copy from window */ op = dist - op; /* distance back in window */ if (op > whave) { if (state->sane) { strm->msg = (char *)"invalid distance too far back"; state->mode = BAD; break; } #ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR if (len <= op - whave) { do { PUP(out) = 0; } while (--len); continue; } len -= op - whave; do { PUP(out) = 0; } while (--op > whave); if (op == 0) { from = out - dist; do { PUP(out) = PUP(from); } while (--len); continue; } #endif } from = window - OFF; if (wnext == 0) { /* very common case */ from += wsize - op; if (op < len) { /* some from window */ len -= op; do { PUP(out) = PUP(from); } while (--op); from = out - dist; /* rest from output */ } } else if (wnext < op) { /* wrap around window */ from += wsize + wnext - op; op -= wnext; if (op < len) { /* some from end of window */ len -= op; do { PUP(out) = PUP(from); } while (--op); from = window - OFF; if (wnext < len) { /* some from start of window */ op = wnext; len -= op; do { PUP(out) = PUP(from); } while (--op); from = out - dist; /* rest from output */ } } } else { /* contiguous in window */ from += wnext - op; if (op < len) { /* some from window */ len -= op; do { PUP(out) = PUP(from); } while (--op); from = out - dist; /* rest from output */ } } while (len > 2) { PUP(out) = PUP(from); PUP(out) = PUP(from); PUP(out) = PUP(from); len -= 3; } if (len) { PUP(out) = PUP(from); if (len > 1) PUP(out) = PUP(from); } } else { from = out - dist; /* copy direct from output */ do { /* minimum length is three */ PUP(out) = PUP(from); PUP(out) = PUP(from); PUP(out) = PUP(from); len -= 3; } while (len > 2); if (len) { PUP(out) = PUP(from); if (len > 1) PUP(out) = PUP(from); } } } else if ((op & 64) == 0) { /* 2nd level distance code */ here = dcode[here.val + (hold & ((1U << op) - 1))]; goto dodist; } else { strm->msg = (char *)"invalid distance code"; state->mode = BAD; break; } } else if ((op & 64) == 0) { /* 2nd level length code */ here = lcode[here.val + (hold & ((1U << op) - 1))]; goto dolen; } else if (op & 32) { /* end-of-block */ Tracevv((stderr, "inflate: end of block\n")); state->mode = TYPE; break; } else { strm->msg = (char *)"invalid literal/length code"; state->mode = BAD; break; } } while (in < last && out < end); /* return unused bytes (on entry, bits < 8, so in won't go too far back) */ len = bits >> 3; in -= len; bits -= len << 3; hold &= (1U << bits) - 1; /* update state and return */ strm->next_in = in + OFF; strm->next_out = out + OFF; strm->avail_in = (unsigned)(in < last ? 5 + (last - in) : 5 - (in - last)); strm->avail_out = (unsigned)(out < end ? 257 + (end - out) : 257 - (out - end)); state->hold = hold; state->bits = bits; return; } /* inflate_fast() speedups that turned out slower (on a PowerPC G3 750CXe): - Using bit fields for code structure - Different op definition to avoid & for extra bits (do & for table bits) - Three separate decoding do-loops for direct, window, and wnext == 0 - Special case for distance > 1 copies to do overlapped load and store copy - Explicit branch predictions (based on measured branch probabilities) - Deferring match copy and interspersed it with decoding subsequent codes - Swapping literal/length else - Swapping window/direct else - Larger unrolled copy loops (three is about right) - Moving len -= 3 statement into middle of loop */ #endif /* !ASMINF */ sudo-1.8.9p5/zlib/inffast.h010064400175440000012000000006531226304126600151150ustar00millertstaff/* inffast.h -- header to use inffast.c * Copyright (C) 1995-2003, 2010 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ /* WARNING: this file should *not* be used by applications. It is part of the implementation of the compression library and is subject to change. Applications should only use zlib.h. */ void ZLIB_INTERNAL inflate_fast OF((z_streamp strm, unsigned start)); sudo-1.8.9p5/zlib/inffixed.h010064400175440000012000000142741226304126600152630ustar00millertstaff /* inffixed.h -- table for decoding fixed codes * Generated automatically by makefixed(). */ /* WARNING: this file should *not* be used by applications. It is part of the implementation of this library and is subject to change. Applications should only use zlib.h. */ static const code lenfix[512] = { {96,7,0},{0,8,80},{0,8,16},{20,8,115},{18,7,31},{0,8,112},{0,8,48}, {0,9,192},{16,7,10},{0,8,96},{0,8,32},{0,9,160},{0,8,0},{0,8,128}, {0,8,64},{0,9,224},{16,7,6},{0,8,88},{0,8,24},{0,9,144},{19,7,59}, {0,8,120},{0,8,56},{0,9,208},{17,7,17},{0,8,104},{0,8,40},{0,9,176}, {0,8,8},{0,8,136},{0,8,72},{0,9,240},{16,7,4},{0,8,84},{0,8,20}, {21,8,227},{19,7,43},{0,8,116},{0,8,52},{0,9,200},{17,7,13},{0,8,100}, {0,8,36},{0,9,168},{0,8,4},{0,8,132},{0,8,68},{0,9,232},{16,7,8}, {0,8,92},{0,8,28},{0,9,152},{20,7,83},{0,8,124},{0,8,60},{0,9,216}, {18,7,23},{0,8,108},{0,8,44},{0,9,184},{0,8,12},{0,8,140},{0,8,76}, {0,9,248},{16,7,3},{0,8,82},{0,8,18},{21,8,163},{19,7,35},{0,8,114}, {0,8,50},{0,9,196},{17,7,11},{0,8,98},{0,8,34},{0,9,164},{0,8,2}, {0,8,130},{0,8,66},{0,9,228},{16,7,7},{0,8,90},{0,8,26},{0,9,148}, {20,7,67},{0,8,122},{0,8,58},{0,9,212},{18,7,19},{0,8,106},{0,8,42}, {0,9,180},{0,8,10},{0,8,138},{0,8,74},{0,9,244},{16,7,5},{0,8,86}, {0,8,22},{64,8,0},{19,7,51},{0,8,118},{0,8,54},{0,9,204},{17,7,15}, {0,8,102},{0,8,38},{0,9,172},{0,8,6},{0,8,134},{0,8,70},{0,9,236}, {16,7,9},{0,8,94},{0,8,30},{0,9,156},{20,7,99},{0,8,126},{0,8,62}, {0,9,220},{18,7,27},{0,8,110},{0,8,46},{0,9,188},{0,8,14},{0,8,142}, {0,8,78},{0,9,252},{96,7,0},{0,8,81},{0,8,17},{21,8,131},{18,7,31}, {0,8,113},{0,8,49},{0,9,194},{16,7,10},{0,8,97},{0,8,33},{0,9,162}, {0,8,1},{0,8,129},{0,8,65},{0,9,226},{16,7,6},{0,8,89},{0,8,25}, {0,9,146},{19,7,59},{0,8,121},{0,8,57},{0,9,210},{17,7,17},{0,8,105}, {0,8,41},{0,9,178},{0,8,9},{0,8,137},{0,8,73},{0,9,242},{16,7,4}, {0,8,85},{0,8,21},{16,8,258},{19,7,43},{0,8,117},{0,8,53},{0,9,202}, {17,7,13},{0,8,101},{0,8,37},{0,9,170},{0,8,5},{0,8,133},{0,8,69}, {0,9,234},{16,7,8},{0,8,93},{0,8,29},{0,9,154},{20,7,83},{0,8,125}, {0,8,61},{0,9,218},{18,7,23},{0,8,109},{0,8,45},{0,9,186},{0,8,13}, {0,8,141},{0,8,77},{0,9,250},{16,7,3},{0,8,83},{0,8,19},{21,8,195}, {19,7,35},{0,8,115},{0,8,51},{0,9,198},{17,7,11},{0,8,99},{0,8,35}, {0,9,166},{0,8,3},{0,8,131},{0,8,67},{0,9,230},{16,7,7},{0,8,91}, {0,8,27},{0,9,150},{20,7,67},{0,8,123},{0,8,59},{0,9,214},{18,7,19}, {0,8,107},{0,8,43},{0,9,182},{0,8,11},{0,8,139},{0,8,75},{0,9,246}, {16,7,5},{0,8,87},{0,8,23},{64,8,0},{19,7,51},{0,8,119},{0,8,55}, {0,9,206},{17,7,15},{0,8,103},{0,8,39},{0,9,174},{0,8,7},{0,8,135}, {0,8,71},{0,9,238},{16,7,9},{0,8,95},{0,8,31},{0,9,158},{20,7,99}, {0,8,127},{0,8,63},{0,9,222},{18,7,27},{0,8,111},{0,8,47},{0,9,190}, {0,8,15},{0,8,143},{0,8,79},{0,9,254},{96,7,0},{0,8,80},{0,8,16}, {20,8,115},{18,7,31},{0,8,112},{0,8,48},{0,9,193},{16,7,10},{0,8,96}, {0,8,32},{0,9,161},{0,8,0},{0,8,128},{0,8,64},{0,9,225},{16,7,6}, {0,8,88},{0,8,24},{0,9,145},{19,7,59},{0,8,120},{0,8,56},{0,9,209}, {17,7,17},{0,8,104},{0,8,40},{0,9,177},{0,8,8},{0,8,136},{0,8,72}, {0,9,241},{16,7,4},{0,8,84},{0,8,20},{21,8,227},{19,7,43},{0,8,116}, {0,8,52},{0,9,201},{17,7,13},{0,8,100},{0,8,36},{0,9,169},{0,8,4}, {0,8,132},{0,8,68},{0,9,233},{16,7,8},{0,8,92},{0,8,28},{0,9,153}, {20,7,83},{0,8,124},{0,8,60},{0,9,217},{18,7,23},{0,8,108},{0,8,44}, {0,9,185},{0,8,12},{0,8,140},{0,8,76},{0,9,249},{16,7,3},{0,8,82}, {0,8,18},{21,8,163},{19,7,35},{0,8,114},{0,8,50},{0,9,197},{17,7,11}, {0,8,98},{0,8,34},{0,9,165},{0,8,2},{0,8,130},{0,8,66},{0,9,229}, {16,7,7},{0,8,90},{0,8,26},{0,9,149},{20,7,67},{0,8,122},{0,8,58}, {0,9,213},{18,7,19},{0,8,106},{0,8,42},{0,9,181},{0,8,10},{0,8,138}, {0,8,74},{0,9,245},{16,7,5},{0,8,86},{0,8,22},{64,8,0},{19,7,51}, {0,8,118},{0,8,54},{0,9,205},{17,7,15},{0,8,102},{0,8,38},{0,9,173}, {0,8,6},{0,8,134},{0,8,70},{0,9,237},{16,7,9},{0,8,94},{0,8,30}, {0,9,157},{20,7,99},{0,8,126},{0,8,62},{0,9,221},{18,7,27},{0,8,110}, {0,8,46},{0,9,189},{0,8,14},{0,8,142},{0,8,78},{0,9,253},{96,7,0}, {0,8,81},{0,8,17},{21,8,131},{18,7,31},{0,8,113},{0,8,49},{0,9,195}, {16,7,10},{0,8,97},{0,8,33},{0,9,163},{0,8,1},{0,8,129},{0,8,65}, {0,9,227},{16,7,6},{0,8,89},{0,8,25},{0,9,147},{19,7,59},{0,8,121}, {0,8,57},{0,9,211},{17,7,17},{0,8,105},{0,8,41},{0,9,179},{0,8,9}, {0,8,137},{0,8,73},{0,9,243},{16,7,4},{0,8,85},{0,8,21},{16,8,258}, {19,7,43},{0,8,117},{0,8,53},{0,9,203},{17,7,13},{0,8,101},{0,8,37}, {0,9,171},{0,8,5},{0,8,133},{0,8,69},{0,9,235},{16,7,8},{0,8,93}, {0,8,29},{0,9,155},{20,7,83},{0,8,125},{0,8,61},{0,9,219},{18,7,23}, {0,8,109},{0,8,45},{0,9,187},{0,8,13},{0,8,141},{0,8,77},{0,9,251}, {16,7,3},{0,8,83},{0,8,19},{21,8,195},{19,7,35},{0,8,115},{0,8,51}, {0,9,199},{17,7,11},{0,8,99},{0,8,35},{0,9,167},{0,8,3},{0,8,131}, {0,8,67},{0,9,231},{16,7,7},{0,8,91},{0,8,27},{0,9,151},{20,7,67}, {0,8,123},{0,8,59},{0,9,215},{18,7,19},{0,8,107},{0,8,43},{0,9,183}, {0,8,11},{0,8,139},{0,8,75},{0,9,247},{16,7,5},{0,8,87},{0,8,23}, {64,8,0},{19,7,51},{0,8,119},{0,8,55},{0,9,207},{17,7,15},{0,8,103}, {0,8,39},{0,9,175},{0,8,7},{0,8,135},{0,8,71},{0,9,239},{16,7,9}, {0,8,95},{0,8,31},{0,9,159},{20,7,99},{0,8,127},{0,8,63},{0,9,223}, {18,7,27},{0,8,111},{0,8,47},{0,9,191},{0,8,15},{0,8,143},{0,8,79}, {0,9,255} }; static const code distfix[32] = { {16,5,1},{23,5,257},{19,5,17},{27,5,4097},{17,5,5},{25,5,1025}, {21,5,65},{29,5,16385},{16,5,3},{24,5,513},{20,5,33},{28,5,8193}, {18,5,9},{26,5,2049},{22,5,129},{64,5,0},{16,5,2},{23,5,385}, {19,5,25},{27,5,6145},{17,5,7},{25,5,1537},{21,5,97},{29,5,24577}, {16,5,4},{24,5,769},{20,5,49},{28,5,12289},{18,5,13},{26,5,3073}, {22,5,193},{64,5,0} }; sudo-1.8.9p5/zlib/inflate.c010064400175440000012000001476031226304126600151070ustar00millertstaff/* inflate.c -- zlib decompression * Copyright (C) 1995-2011 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ /* * Change history: * * 1.2.beta0 24 Nov 2002 * - First version -- complete rewrite of inflate to simplify code, avoid * creation of window when not needed, minimize use of window when it is * needed, make inffast.c even faster, implement gzip decoding, and to * improve code readability and style over the previous zlib inflate code * * 1.2.beta1 25 Nov 2002 * - Use pointers for available input and output checking in inffast.c * - Remove input and output counters in inffast.c * - Change inffast.c entry and loop from avail_in >= 7 to >= 6 * - Remove unnecessary second byte pull from length extra in inffast.c * - Unroll direct copy to three copies per loop in inffast.c * * 1.2.beta2 4 Dec 2002 * - Change external routine names to reduce potential conflicts * - Correct filename to inffixed.h for fixed tables in inflate.c * - Make hbuf[] unsigned char to match parameter type in inflate.c * - Change strm->next_out[-state->offset] to *(strm->next_out - state->offset) * to avoid negation problem on Alphas (64 bit) in inflate.c * * 1.2.beta3 22 Dec 2002 * - Add comments on state->bits assertion in inffast.c * - Add comments on op field in inftrees.h * - Fix bug in reuse of allocated window after inflateReset() * - Remove bit fields--back to byte structure for speed * - Remove distance extra == 0 check in inflate_fast()--only helps for lengths * - Change post-increments to pre-increments in inflate_fast(), PPC biased? * - Add compile time option, POSTINC, to use post-increments instead (Intel?) * - Make MATCH copy in inflate() much faster for when inflate_fast() not used * - Use local copies of stream next and avail values, as well as local bit * buffer and bit count in inflate()--for speed when inflate_fast() not used * * 1.2.beta4 1 Jan 2003 * - Split ptr - 257 statements in inflate_table() to avoid compiler warnings * - Move a comment on output buffer sizes from inffast.c to inflate.c * - Add comments in inffast.c to introduce the inflate_fast() routine * - Rearrange window copies in inflate_fast() for speed and simplification * - Unroll last copy for window match in inflate_fast() * - Use local copies of window variables in inflate_fast() for speed * - Pull out common wnext == 0 case for speed in inflate_fast() * - Make op and len in inflate_fast() unsigned for consistency * - Add FAR to lcode and dcode declarations in inflate_fast() * - Simplified bad distance check in inflate_fast() * - Added inflateBackInit(), inflateBack(), and inflateBackEnd() in new * source file infback.c to provide a call-back interface to inflate for * programs like gzip and unzip -- uses window as output buffer to avoid * window copying * * 1.2.beta5 1 Jan 2003 * - Improved inflateBack() interface to allow the caller to provide initial * input in strm. * - Fixed stored blocks bug in inflateBack() * * 1.2.beta6 4 Jan 2003 * - Added comments in inffast.c on effectiveness of POSTINC * - Typecasting all around to reduce compiler warnings * - Changed loops from while (1) or do {} while (1) to for (;;), again to * make compilers happy * - Changed type of window in inflateBackInit() to unsigned char * * * 1.2.beta7 27 Jan 2003 * - Changed many types to unsigned or unsigned short to avoid warnings * - Added inflateCopy() function * * 1.2.0 9 Mar 2003 * - Changed inflateBack() interface to provide separate opaque descriptors * for the in() and out() functions * - Changed inflateBack() argument and in_func typedef to swap the length * and buffer address return values for the input function * - Check next_in and next_out for Z_NULL on entry to inflate() * * The history for versions after 1.2.0 are in ChangeLog in zlib distribution. */ #include "zutil.h" #include "inftrees.h" #include "inflate.h" #include "inffast.h" #ifdef MAKEFIXED # ifndef BUILDFIXED # define BUILDFIXED # endif #endif /* function prototypes */ local void fixedtables OF((struct inflate_state FAR *state)); local int updatewindow OF((z_streamp strm, unsigned out)); #ifdef BUILDFIXED void makefixed OF((void)); #endif local unsigned syncsearch OF((unsigned FAR *have, unsigned char FAR *buf, unsigned len)); int ZEXPORT inflateResetKeep(strm) z_streamp strm; { struct inflate_state FAR *state; if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; state = (struct inflate_state FAR *)strm->state; strm->total_in = strm->total_out = state->total = 0; strm->msg = Z_NULL; if (state->wrap) /* to support ill-conceived Java test suite */ strm->adler = state->wrap & 1; state->mode = HEAD; state->last = 0; state->havedict = 0; state->dmax = 32768U; state->head = Z_NULL; state->hold = 0; state->bits = 0; state->lencode = state->distcode = state->next = state->codes; state->sane = 1; state->back = -1; Tracev((stderr, "inflate: reset\n")); return Z_OK; } int ZEXPORT inflateReset(strm) z_streamp strm; { struct inflate_state FAR *state; if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; state = (struct inflate_state FAR *)strm->state; state->wsize = 0; state->whave = 0; state->wnext = 0; return inflateResetKeep(strm); } int ZEXPORT inflateReset2(strm, windowBits) z_streamp strm; int windowBits; { int wrap; struct inflate_state FAR *state; /* get the state */ if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; state = (struct inflate_state FAR *)strm->state; /* extract wrap request from windowBits parameter */ if (windowBits < 0) { wrap = 0; windowBits = -windowBits; } else { wrap = (windowBits >> 4) + 1; #ifdef GUNZIP if (windowBits < 48) windowBits &= 15; #endif } /* set number of window bits, free window if different */ if (windowBits && (windowBits < 8 || windowBits > 15)) return Z_STREAM_ERROR; if (state->window != Z_NULL && state->wbits != (unsigned)windowBits) { ZFREE(strm, state->window); state->window = Z_NULL; } /* update state and reset the rest of it */ state->wrap = wrap; state->wbits = (unsigned)windowBits; return inflateReset(strm); } int ZEXPORT inflateInit2_(strm, windowBits, version, stream_size) z_streamp strm; int windowBits; const char *version; int stream_size; { int ret; struct inflate_state FAR *state; if (version == Z_NULL || version[0] != ZLIB_VERSION[0] || stream_size != (int)(sizeof(z_stream))) return Z_VERSION_ERROR; if (strm == Z_NULL) return Z_STREAM_ERROR; strm->msg = Z_NULL; /* in case we return an error */ if (strm->zalloc == (alloc_func)0) { #ifdef Z_SOLO return Z_STREAM_ERROR; #else strm->zalloc = zcalloc; strm->opaque = (voidpf)0; #endif } if (strm->zfree == (free_func)0) #ifdef Z_SOLO return Z_STREAM_ERROR; #else strm->zfree = zcfree; #endif state = (struct inflate_state FAR *) ZALLOC(strm, 1, sizeof(struct inflate_state)); if (state == Z_NULL) return Z_MEM_ERROR; Tracev((stderr, "inflate: allocated\n")); strm->state = (struct internal_state FAR *)state; state->window = Z_NULL; ret = inflateReset2(strm, windowBits); if (ret != Z_OK) { ZFREE(strm, state); strm->state = Z_NULL; } return ret; } int ZEXPORT inflateInit_(strm, version, stream_size) z_streamp strm; const char *version; int stream_size; { return inflateInit2_(strm, DEF_WBITS, version, stream_size); } int ZEXPORT inflatePrime(strm, bits, value) z_streamp strm; int bits; int value; { struct inflate_state FAR *state; if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; state = (struct inflate_state FAR *)strm->state; if (bits < 0) { state->hold = 0; state->bits = 0; return Z_OK; } if (bits > 16 || state->bits + bits > 32) return Z_STREAM_ERROR; value &= (1L << bits) - 1; state->hold += value << state->bits; state->bits += bits; return Z_OK; } /* Return state with length and distance decoding tables and index sizes set to fixed code decoding. Normally this returns fixed tables from inffixed.h. If BUILDFIXED is defined, then instead this routine builds the tables the first time it's called, and returns those tables the first time and thereafter. This reduces the size of the code by about 2K bytes, in exchange for a little execution time. However, BUILDFIXED should not be used for threaded applications, since the rewriting of the tables and virgin may not be thread-safe. */ local void fixedtables(state) struct inflate_state FAR *state; { #ifdef BUILDFIXED static int virgin = 1; static code *lenfix, *distfix; static code fixed[544]; /* build fixed huffman tables if first call (may not be thread safe) */ if (virgin) { unsigned sym, bits; static code *next; /* literal/length table */ sym = 0; while (sym < 144) state->lens[sym++] = 8; while (sym < 256) state->lens[sym++] = 9; while (sym < 280) state->lens[sym++] = 7; while (sym < 288) state->lens[sym++] = 8; next = fixed; lenfix = next; bits = 9; inflate_table(LENS, state->lens, 288, &(next), &(bits), state->work); /* distance table */ sym = 0; while (sym < 32) state->lens[sym++] = 5; distfix = next; bits = 5; inflate_table(DISTS, state->lens, 32, &(next), &(bits), state->work); /* do this just once */ virgin = 0; } #else /* !BUILDFIXED */ # include "inffixed.h" #endif /* BUILDFIXED */ state->lencode = lenfix; state->lenbits = 9; state->distcode = distfix; state->distbits = 5; } #ifdef MAKEFIXED #include /* Write out the inffixed.h that is #include'd above. Defining MAKEFIXED also defines BUILDFIXED, so the tables are built on the fly. makefixed() writes those tables to stdout, which would be piped to inffixed.h. A small program can simply call makefixed to do this: void makefixed(void); int main(void) { makefixed(); return 0; } Then that can be linked with zlib built with MAKEFIXED defined and run: a.out > inffixed.h */ void makefixed() { unsigned low, size; struct inflate_state state; fixedtables(&state); puts(" /* inffixed.h -- table for decoding fixed codes"); puts(" * Generated automatically by makefixed()."); puts(" */"); puts(""); puts(" /* WARNING: this file should *not* be used by applications."); puts(" It is part of the implementation of this library and is"); puts(" subject to change. Applications should only use zlib.h."); puts(" */"); puts(""); size = 1U << 9; printf(" static const code lenfix[%u] = {", size); low = 0; for (;;) { if ((low % 7) == 0) printf("\n "); printf("{%u,%u,%d}", (low & 127) == 99 ? 64 : state.lencode[low].op, state.lencode[low].bits, state.lencode[low].val); if (++low == size) break; putchar(','); } puts("\n };"); size = 1U << 5; printf("\n static const code distfix[%u] = {", size); low = 0; for (;;) { if ((low % 6) == 0) printf("\n "); printf("{%u,%u,%d}", state.distcode[low].op, state.distcode[low].bits, state.distcode[low].val); if (++low == size) break; putchar(','); } puts("\n };"); } #endif /* MAKEFIXED */ /* Update the window with the last wsize (normally 32K) bytes written before returning. If window does not exist yet, create it. This is only called when a window is already in use, or when output has been written during this inflate call, but the end of the deflate stream has not been reached yet. It is also called to create a window for dictionary data when a dictionary is loaded. Providing output buffers larger than 32K to inflate() should provide a speed advantage, since only the last 32K of output is copied to the sliding window upon return from inflate(), and since all distances after the first 32K of output will fall in the output data, making match copies simpler and faster. The advantage may be dependent on the size of the processor's data caches. */ local int updatewindow(strm, out) z_streamp strm; unsigned out; { struct inflate_state FAR *state; unsigned copy, dist; state = (struct inflate_state FAR *)strm->state; /* if it hasn't been done already, allocate space for the window */ if (state->window == Z_NULL) { state->window = (unsigned char FAR *) ZALLOC(strm, 1U << state->wbits, sizeof(unsigned char)); if (state->window == Z_NULL) return 1; } /* if window not in use yet, initialize */ if (state->wsize == 0) { state->wsize = 1U << state->wbits; state->wnext = 0; state->whave = 0; } /* copy state->wsize or less output bytes into the circular window */ copy = out - strm->avail_out; if (copy >= state->wsize) { zmemcpy(state->window, strm->next_out - state->wsize, state->wsize); state->wnext = 0; state->whave = state->wsize; } else { dist = state->wsize - state->wnext; if (dist > copy) dist = copy; zmemcpy(state->window + state->wnext, strm->next_out - copy, dist); copy -= dist; if (copy) { zmemcpy(state->window, strm->next_out - copy, copy); state->wnext = copy; state->whave = state->wsize; } else { state->wnext += dist; if (state->wnext == state->wsize) state->wnext = 0; if (state->whave < state->wsize) state->whave += dist; } } return 0; } /* Macros for inflate(): */ /* check function to use adler32() for zlib or crc32() for gzip */ #ifdef GUNZIP # define UPDATE(check, buf, len) \ (state->flags ? crc32(check, buf, len) : adler32(check, buf, len)) #else # define UPDATE(check, buf, len) adler32(check, buf, len) #endif /* check macros for header crc */ #ifdef GUNZIP # define CRC2(check, word) \ do { \ hbuf[0] = (unsigned char)(word); \ hbuf[1] = (unsigned char)((word) >> 8); \ check = crc32(check, hbuf, 2); \ } while (0) # define CRC4(check, word) \ do { \ hbuf[0] = (unsigned char)(word); \ hbuf[1] = (unsigned char)((word) >> 8); \ hbuf[2] = (unsigned char)((word) >> 16); \ hbuf[3] = (unsigned char)((word) >> 24); \ check = crc32(check, hbuf, 4); \ } while (0) #endif /* Load registers with state in inflate() for speed */ #define LOAD() \ do { \ put = strm->next_out; \ left = strm->avail_out; \ next = strm->next_in; \ have = strm->avail_in; \ hold = state->hold; \ bits = state->bits; \ } while (0) /* Restore state from registers in inflate() */ #define RESTORE() \ do { \ strm->next_out = put; \ strm->avail_out = left; \ strm->next_in = next; \ strm->avail_in = have; \ state->hold = hold; \ state->bits = bits; \ } while (0) /* Clear the input bit accumulator */ #define INITBITS() \ do { \ hold = 0; \ bits = 0; \ } while (0) /* Get a byte of input into the bit accumulator, or return from inflate() if there is no input available. */ #define PULLBYTE() \ do { \ if (have == 0) goto inf_leave; \ have--; \ hold += (unsigned long)(*next++) << bits; \ bits += 8; \ } while (0) /* Assure that there are at least n bits in the bit accumulator. If there is not enough available input to do that, then return from inflate(). */ #define NEEDBITS(n) \ do { \ while (bits < (unsigned)(n)) \ PULLBYTE(); \ } while (0) /* Return the low n bits of the bit accumulator (n < 16) */ #define BITS(n) \ ((unsigned)hold & ((1U << (n)) - 1)) /* Remove n bits from the bit accumulator */ #define DROPBITS(n) \ do { \ hold >>= (n); \ bits -= (unsigned)(n); \ } while (0) /* Remove zero to seven bits as needed to go to a byte boundary */ #define BYTEBITS() \ do { \ hold >>= bits & 7; \ bits -= bits & 7; \ } while (0) /* Reverse the bytes in a 32-bit value */ #define REVERSE(q) \ ((((q) >> 24) & 0xff) + (((q) >> 8) & 0xff00) + \ (((q) & 0xff00) << 8) + (((q) & 0xff) << 24)) /* inflate() uses a state machine to process as much input data and generate as much output data as possible before returning. The state machine is structured roughly as follows: for (;;) switch (state) { ... case STATEn: if (not enough input data or output space to make progress) return; ... make progress ... state = STATEm; break; ... } so when inflate() is called again, the same case is attempted again, and if the appropriate resources are provided, the machine proceeds to the next state. The NEEDBITS() macro is usually the way the state evaluates whether it can proceed or should return. NEEDBITS() does the return if the requested bits are not available. The typical use of the BITS macros is: NEEDBITS(n); ... do something with BITS(n) ... DROPBITS(n); where NEEDBITS(n) either returns from inflate() if there isn't enough input left to load n bits into the accumulator, or it continues. BITS(n) gives the low n bits in the accumulator. When done, DROPBITS(n) drops the low n bits off the accumulator. INITBITS() clears the accumulator and sets the number of available bits to zero. BYTEBITS() discards just enough bits to put the accumulator on a byte boundary. After BYTEBITS() and a NEEDBITS(8), then BITS(8) would return the next byte in the stream. NEEDBITS(n) uses PULLBYTE() to get an available byte of input, or to return if there is no input available. The decoding of variable length codes uses PULLBYTE() directly in order to pull just enough bytes to decode the next code, and no more. Some states loop until they get enough input, making sure that enough state information is maintained to continue the loop where it left off if NEEDBITS() returns in the loop. For example, want, need, and keep would all have to actually be part of the saved state in case NEEDBITS() returns: case STATEw: while (want < need) { NEEDBITS(n); keep[want++] = BITS(n); DROPBITS(n); } state = STATEx; case STATEx: As shown above, if the next state is also the next case, then the break is omitted. A state may also return if there is not enough output space available to complete that state. Those states are copying stored data, writing a literal byte, and copying a matching string. When returning, a "goto inf_leave" is used to update the total counters, update the check value, and determine whether any progress has been made during that inflate() call in order to return the proper return code. Progress is defined as a change in either strm->avail_in or strm->avail_out. When there is a window, goto inf_leave will update the window with the last output written. If a goto inf_leave occurs in the middle of decompression and there is no window currently, goto inf_leave will create one and copy output to the window for the next call of inflate(). In this implementation, the flush parameter of inflate() only affects the return code (per zlib.h). inflate() always writes as much as possible to strm->next_out, given the space available and the provided input--the effect documented in zlib.h of Z_SYNC_FLUSH. Furthermore, inflate() always defers the allocation of and copying into a sliding window until necessary, which provides the effect documented in zlib.h for Z_FINISH when the entire input stream available. So the only thing the flush parameter actually does is: when flush is set to Z_FINISH, inflate() cannot return Z_OK. Instead it will return Z_BUF_ERROR if it has not reached the end of the stream. */ int ZEXPORT inflate(strm, flush) z_streamp strm; int flush; { struct inflate_state FAR *state; unsigned char FAR *next; /* next input */ unsigned char FAR *put; /* next output */ unsigned have, left; /* available input and output */ unsigned long hold; /* bit buffer */ unsigned bits; /* bits in bit buffer */ unsigned in, out; /* save starting available input and output */ unsigned copy; /* number of stored or match bytes to copy */ unsigned char FAR *from; /* where to copy match bytes from */ code here; /* current decoding table entry */ code last; /* parent table entry */ unsigned len; /* length to copy for repeats, bits to drop */ int ret; /* return code */ #ifdef GUNZIP unsigned char hbuf[4]; /* buffer for gzip header crc calculation */ #endif static const unsigned short order[19] = /* permutation of code lengths */ {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; if (strm == Z_NULL || strm->state == Z_NULL || strm->next_out == Z_NULL || (strm->next_in == Z_NULL && strm->avail_in != 0)) return Z_STREAM_ERROR; state = (struct inflate_state FAR *)strm->state; if (state->mode == TYPE) state->mode = TYPEDO; /* skip check */ LOAD(); in = have; out = left; ret = Z_OK; for (;;) switch (state->mode) { case HEAD: if (state->wrap == 0) { state->mode = TYPEDO; break; } NEEDBITS(16); #ifdef GUNZIP if ((state->wrap & 2) && hold == 0x8b1f) { /* gzip header */ state->check = crc32(0L, Z_NULL, 0); CRC2(state->check, hold); INITBITS(); state->mode = FLAGS; break; } state->flags = 0; /* expect zlib header */ if (state->head != Z_NULL) state->head->done = -1; if (!(state->wrap & 1) || /* check if zlib header allowed */ #else if ( #endif ((BITS(8) << 8) + (hold >> 8)) % 31) { strm->msg = (char *)"incorrect header check"; state->mode = BAD; break; } if (BITS(4) != Z_DEFLATED) { strm->msg = (char *)"unknown compression method"; state->mode = BAD; break; } DROPBITS(4); len = BITS(4) + 8; if (state->wbits == 0) state->wbits = len; else if (len > state->wbits) { strm->msg = (char *)"invalid window size"; state->mode = BAD; break; } state->dmax = 1U << len; Tracev((stderr, "inflate: zlib header ok\n")); strm->adler = state->check = adler32(0L, Z_NULL, 0); state->mode = hold & 0x200 ? DICTID : TYPE; INITBITS(); break; #ifdef GUNZIP case FLAGS: NEEDBITS(16); state->flags = (int)(hold); if ((state->flags & 0xff) != Z_DEFLATED) { strm->msg = (char *)"unknown compression method"; state->mode = BAD; break; } if (state->flags & 0xe000) { strm->msg = (char *)"unknown header flags set"; state->mode = BAD; break; } if (state->head != Z_NULL) state->head->text = (int)((hold >> 8) & 1); if (state->flags & 0x0200) CRC2(state->check, hold); INITBITS(); state->mode = TIME; case TIME: NEEDBITS(32); if (state->head != Z_NULL) state->head->time = hold; if (state->flags & 0x0200) CRC4(state->check, hold); INITBITS(); state->mode = OS; case OS: NEEDBITS(16); if (state->head != Z_NULL) { state->head->xflags = (int)(hold & 0xff); state->head->os = (int)(hold >> 8); } if (state->flags & 0x0200) CRC2(state->check, hold); INITBITS(); state->mode = EXLEN; case EXLEN: if (state->flags & 0x0400) { NEEDBITS(16); state->length = (unsigned)(hold); if (state->head != Z_NULL) state->head->extra_len = (unsigned)hold; if (state->flags & 0x0200) CRC2(state->check, hold); INITBITS(); } else if (state->head != Z_NULL) state->head->extra = Z_NULL; state->mode = EXTRA; case EXTRA: if (state->flags & 0x0400) { copy = state->length; if (copy > have) copy = have; if (copy) { if (state->head != Z_NULL && state->head->extra != Z_NULL) { len = state->head->extra_len - state->length; zmemcpy(state->head->extra + len, next, len + copy > state->head->extra_max ? state->head->extra_max - len : copy); } if (state->flags & 0x0200) state->check = crc32(state->check, next, copy); have -= copy; next += copy; state->length -= copy; } if (state->length) goto inf_leave; } state->length = 0; state->mode = NAME; case NAME: if (state->flags & 0x0800) { if (have == 0) goto inf_leave; copy = 0; do { len = (unsigned)(next[copy++]); if (state->head != Z_NULL && state->head->name != Z_NULL && state->length < state->head->name_max) state->head->name[state->length++] = len; } while (len && copy < have); if (state->flags & 0x0200) state->check = crc32(state->check, next, copy); have -= copy; next += copy; if (len) goto inf_leave; } else if (state->head != Z_NULL) state->head->name = Z_NULL; state->length = 0; state->mode = COMMENT; case COMMENT: if (state->flags & 0x1000) { if (have == 0) goto inf_leave; copy = 0; do { len = (unsigned)(next[copy++]); if (state->head != Z_NULL && state->head->comment != Z_NULL && state->length < state->head->comm_max) state->head->comment[state->length++] = len; } while (len && copy < have); if (state->flags & 0x0200) state->check = crc32(state->check, next, copy); have -= copy; next += copy; if (len) goto inf_leave; } else if (state->head != Z_NULL) state->head->comment = Z_NULL; state->mode = HCRC; case HCRC: if (state->flags & 0x0200) { NEEDBITS(16); if (hold != (state->check & 0xffff)) { strm->msg = (char *)"header crc mismatch"; state->mode = BAD; break; } INITBITS(); } if (state->head != Z_NULL) { state->head->hcrc = (int)((state->flags >> 9) & 1); state->head->done = 1; } strm->adler = state->check = crc32(0L, Z_NULL, 0); state->mode = TYPE; break; #endif case DICTID: NEEDBITS(32); strm->adler = state->check = REVERSE(hold); INITBITS(); state->mode = DICT; case DICT: if (state->havedict == 0) { RESTORE(); return Z_NEED_DICT; } strm->adler = state->check = adler32(0L, Z_NULL, 0); state->mode = TYPE; case TYPE: if (flush == Z_BLOCK || flush == Z_TREES) goto inf_leave; case TYPEDO: if (state->last) { BYTEBITS(); state->mode = CHECK; break; } NEEDBITS(3); state->last = BITS(1); DROPBITS(1); switch (BITS(2)) { case 0: /* stored block */ Tracev((stderr, "inflate: stored block%s\n", state->last ? " (last)" : "")); state->mode = STORED; break; case 1: /* fixed block */ fixedtables(state); Tracev((stderr, "inflate: fixed codes block%s\n", state->last ? " (last)" : "")); state->mode = LEN_; /* decode codes */ if (flush == Z_TREES) { DROPBITS(2); goto inf_leave; } break; case 2: /* dynamic block */ Tracev((stderr, "inflate: dynamic codes block%s\n", state->last ? " (last)" : "")); state->mode = TABLE; break; case 3: strm->msg = (char *)"invalid block type"; state->mode = BAD; } DROPBITS(2); break; case STORED: BYTEBITS(); /* go to byte boundary */ NEEDBITS(32); if ((hold & 0xffff) != ((hold >> 16) ^ 0xffff)) { strm->msg = (char *)"invalid stored block lengths"; state->mode = BAD; break; } state->length = (unsigned)hold & 0xffff; Tracev((stderr, "inflate: stored length %u\n", state->length)); INITBITS(); state->mode = COPY_; if (flush == Z_TREES) goto inf_leave; case COPY_: state->mode = COPY; case COPY: copy = state->length; if (copy) { if (copy > have) copy = have; if (copy > left) copy = left; if (copy == 0) goto inf_leave; zmemcpy(put, next, copy); have -= copy; next += copy; left -= copy; put += copy; state->length -= copy; break; } Tracev((stderr, "inflate: stored end\n")); state->mode = TYPE; break; case TABLE: NEEDBITS(14); state->nlen = BITS(5) + 257; DROPBITS(5); state->ndist = BITS(5) + 1; DROPBITS(5); state->ncode = BITS(4) + 4; DROPBITS(4); #ifndef PKZIP_BUG_WORKAROUND if (state->nlen > 286 || state->ndist > 30) { strm->msg = (char *)"too many length or distance symbols"; state->mode = BAD; break; } #endif Tracev((stderr, "inflate: table sizes ok\n")); state->have = 0; state->mode = LENLENS; case LENLENS: while (state->have < state->ncode) { NEEDBITS(3); state->lens[order[state->have++]] = (unsigned short)BITS(3); DROPBITS(3); } while (state->have < 19) state->lens[order[state->have++]] = 0; state->next = state->codes; state->lencode = (code const FAR *)(state->next); state->lenbits = 7; ret = inflate_table(CODES, state->lens, 19, &(state->next), &(state->lenbits), state->work); if (ret) { strm->msg = (char *)"invalid code lengths set"; state->mode = BAD; break; } Tracev((stderr, "inflate: code lengths ok\n")); state->have = 0; state->mode = CODELENS; case CODELENS: while (state->have < state->nlen + state->ndist) { for (;;) { here = state->lencode[BITS(state->lenbits)]; if ((unsigned)(here.bits) <= bits) break; PULLBYTE(); } if (here.val < 16) { DROPBITS(here.bits); state->lens[state->have++] = here.val; } else { if (here.val == 16) { NEEDBITS(here.bits + 2); DROPBITS(here.bits); if (state->have == 0) { strm->msg = (char *)"invalid bit length repeat"; state->mode = BAD; break; } len = state->lens[state->have - 1]; copy = 3 + BITS(2); DROPBITS(2); } else if (here.val == 17) { NEEDBITS(here.bits + 3); DROPBITS(here.bits); len = 0; copy = 3 + BITS(3); DROPBITS(3); } else { NEEDBITS(here.bits + 7); DROPBITS(here.bits); len = 0; copy = 11 + BITS(7); DROPBITS(7); } if (state->have + copy > state->nlen + state->ndist) { strm->msg = (char *)"invalid bit length repeat"; state->mode = BAD; break; } while (copy--) state->lens[state->have++] = (unsigned short)len; } } /* handle error breaks in while */ if (state->mode == BAD) break; /* check for end-of-block code (better have one) */ if (state->lens[256] == 0) { strm->msg = (char *)"invalid code -- missing end-of-block"; state->mode = BAD; break; } /* build code tables -- note: do not change the lenbits or distbits values here (9 and 6) without reading the comments in inftrees.h concerning the ENOUGH constants, which depend on those values */ state->next = state->codes; state->lencode = (code const FAR *)(state->next); state->lenbits = 9; ret = inflate_table(LENS, state->lens, state->nlen, &(state->next), &(state->lenbits), state->work); if (ret) { strm->msg = (char *)"invalid literal/lengths set"; state->mode = BAD; break; } state->distcode = (code const FAR *)(state->next); state->distbits = 6; ret = inflate_table(DISTS, state->lens + state->nlen, state->ndist, &(state->next), &(state->distbits), state->work); if (ret) { strm->msg = (char *)"invalid distances set"; state->mode = BAD; break; } Tracev((stderr, "inflate: codes ok\n")); state->mode = LEN_; if (flush == Z_TREES) goto inf_leave; case LEN_: state->mode = LEN; case LEN: if (have >= 6 && left >= 258) { RESTORE(); inflate_fast(strm, out); LOAD(); if (state->mode == TYPE) state->back = -1; break; } state->back = 0; for (;;) { here = state->lencode[BITS(state->lenbits)]; if ((unsigned)(here.bits) <= bits) break; PULLBYTE(); } if (here.op && (here.op & 0xf0) == 0) { last = here; for (;;) { here = state->lencode[last.val + (BITS(last.bits + last.op) >> last.bits)]; if ((unsigned)(last.bits + here.bits) <= bits) break; PULLBYTE(); } DROPBITS(last.bits); state->back += last.bits; } DROPBITS(here.bits); state->back += here.bits; state->length = (unsigned)here.val; if ((int)(here.op) == 0) { Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? "inflate: literal '%c'\n" : "inflate: literal 0x%02x\n", here.val)); state->mode = LIT; break; } if (here.op & 32) { Tracevv((stderr, "inflate: end of block\n")); state->back = -1; state->mode = TYPE; break; } if (here.op & 64) { strm->msg = (char *)"invalid literal/length code"; state->mode = BAD; break; } state->extra = (unsigned)(here.op) & 15; state->mode = LENEXT; case LENEXT: if (state->extra) { NEEDBITS(state->extra); state->length += BITS(state->extra); DROPBITS(state->extra); state->back += state->extra; } Tracevv((stderr, "inflate: length %u\n", state->length)); state->was = state->length; state->mode = DIST; case DIST: for (;;) { here = state->distcode[BITS(state->distbits)]; if ((unsigned)(here.bits) <= bits) break; PULLBYTE(); } if ((here.op & 0xf0) == 0) { last = here; for (;;) { here = state->distcode[last.val + (BITS(last.bits + last.op) >> last.bits)]; if ((unsigned)(last.bits + here.bits) <= bits) break; PULLBYTE(); } DROPBITS(last.bits); state->back += last.bits; } DROPBITS(here.bits); state->back += here.bits; if (here.op & 64) { strm->msg = (char *)"invalid distance code"; state->mode = BAD; break; } state->offset = (unsigned)here.val; state->extra = (unsigned)(here.op) & 15; state->mode = DISTEXT; case DISTEXT: if (state->extra) { NEEDBITS(state->extra); state->offset += BITS(state->extra); DROPBITS(state->extra); state->back += state->extra; } #ifdef INFLATE_STRICT if (state->offset > state->dmax) { strm->msg = (char *)"invalid distance too far back"; state->mode = BAD; break; } #endif Tracevv((stderr, "inflate: distance %u\n", state->offset)); state->mode = MATCH; case MATCH: if (left == 0) goto inf_leave; copy = out - left; if (state->offset > copy) { /* copy from window */ copy = state->offset - copy; if (copy > state->whave) { if (state->sane) { strm->msg = (char *)"invalid distance too far back"; state->mode = BAD; break; } #ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR Trace((stderr, "inflate.c too far\n")); copy -= state->whave; if (copy > state->length) copy = state->length; if (copy > left) copy = left; left -= copy; state->length -= copy; do { *put++ = 0; } while (--copy); if (state->length == 0) state->mode = LEN; break; #endif } if (copy > state->wnext) { copy -= state->wnext; from = state->window + (state->wsize - copy); } else from = state->window + (state->wnext - copy); if (copy > state->length) copy = state->length; } else { /* copy from output */ from = put - state->offset; copy = state->length; } if (copy > left) copy = left; left -= copy; state->length -= copy; do { *put++ = *from++; } while (--copy); if (state->length == 0) state->mode = LEN; break; case LIT: if (left == 0) goto inf_leave; *put++ = (unsigned char)(state->length); left--; state->mode = LEN; break; case CHECK: if (state->wrap) { NEEDBITS(32); out -= left; strm->total_out += out; state->total += out; if (out) strm->adler = state->check = UPDATE(state->check, put - out, out); out = left; if (( #ifdef GUNZIP state->flags ? hold : #endif REVERSE(hold)) != state->check) { strm->msg = (char *)"incorrect data check"; state->mode = BAD; break; } INITBITS(); Tracev((stderr, "inflate: check matches trailer\n")); } #ifdef GUNZIP state->mode = LENGTH; case LENGTH: if (state->wrap && state->flags) { NEEDBITS(32); if (hold != (state->total & 0xffffffffUL)) { strm->msg = (char *)"incorrect length check"; state->mode = BAD; break; } INITBITS(); Tracev((stderr, "inflate: length matches trailer\n")); } #endif state->mode = DONE; case DONE: ret = Z_STREAM_END; goto inf_leave; case BAD: ret = Z_DATA_ERROR; goto inf_leave; case MEM: return Z_MEM_ERROR; case SYNC: default: return Z_STREAM_ERROR; } /* Return from inflate(), updating the total counts and the check value. If there was no progress during the inflate() call, return a buffer error. Call updatewindow() to create and/or update the window state. Note: a memory error from inflate() is non-recoverable. */ inf_leave: RESTORE(); if (state->wsize || (out != strm->avail_out && state->mode < BAD && (state->mode < CHECK || flush != Z_FINISH))) if (updatewindow(strm, out)) { state->mode = MEM; return Z_MEM_ERROR; } in -= strm->avail_in; out -= strm->avail_out; strm->total_in += in; strm->total_out += out; state->total += out; if (state->wrap && out) strm->adler = state->check = UPDATE(state->check, strm->next_out - out, out); strm->data_type = state->bits + (state->last ? 64 : 0) + (state->mode == TYPE ? 128 : 0) + (state->mode == LEN_ || state->mode == COPY_ ? 256 : 0); if (((in == 0 && out == 0) || flush == Z_FINISH) && ret == Z_OK) ret = Z_BUF_ERROR; return ret; } int ZEXPORT inflateEnd(strm) z_streamp strm; { struct inflate_state FAR *state; if (strm == Z_NULL || strm->state == Z_NULL || strm->zfree == (free_func)0) return Z_STREAM_ERROR; state = (struct inflate_state FAR *)strm->state; if (state->window != Z_NULL) ZFREE(strm, state->window); ZFREE(strm, strm->state); strm->state = Z_NULL; Tracev((stderr, "inflate: end\n")); return Z_OK; } int ZEXPORT inflateSetDictionary(strm, dictionary, dictLength) z_streamp strm; const Bytef *dictionary; uInt dictLength; { struct inflate_state FAR *state; unsigned long id; unsigned char *next; unsigned avail; int ret; /* check state */ if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; state = (struct inflate_state FAR *)strm->state; if (state->wrap != 0 && state->mode != DICT) return Z_STREAM_ERROR; /* check for correct dictionary id */ if (state->mode == DICT) { id = adler32(0L, Z_NULL, 0); id = adler32(id, dictionary, dictLength); if (id != state->check) return Z_DATA_ERROR; } /* copy dictionary to window using updatewindow(), which will amend the existing dictionary if appropriate */ next = strm->next_out; avail = strm->avail_out; strm->next_out = (Bytef *)dictionary + dictLength; strm->avail_out = 0; ret = updatewindow(strm, dictLength); strm->avail_out = avail; strm->next_out = next; if (ret) { state->mode = MEM; return Z_MEM_ERROR; } state->havedict = 1; Tracev((stderr, "inflate: dictionary set\n")); return Z_OK; } int ZEXPORT inflateGetHeader(strm, head) z_streamp strm; gz_headerp head; { struct inflate_state FAR *state; /* check state */ if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; state = (struct inflate_state FAR *)strm->state; if ((state->wrap & 2) == 0) return Z_STREAM_ERROR; /* save header structure */ state->head = head; head->done = 0; return Z_OK; } /* Search buf[0..len-1] for the pattern: 0, 0, 0xff, 0xff. Return when found or when out of input. When called, *have is the number of pattern bytes found in order so far, in 0..3. On return *have is updated to the new state. If on return *have equals four, then the pattern was found and the return value is how many bytes were read including the last byte of the pattern. If *have is less than four, then the pattern has not been found yet and the return value is len. In the latter case, syncsearch() can be called again with more data and the *have state. *have is initialized to zero for the first call. */ local unsigned syncsearch(have, buf, len) unsigned FAR *have; unsigned char FAR *buf; unsigned len; { unsigned got; unsigned next; got = *have; next = 0; while (next < len && got < 4) { if ((int)(buf[next]) == (got < 2 ? 0 : 0xff)) got++; else if (buf[next]) got = 0; else got = 4 - got; next++; } *have = got; return next; } int ZEXPORT inflateSync(strm) z_streamp strm; { unsigned len; /* number of bytes to look at or looked at */ unsigned long in, out; /* temporary to save total_in and total_out */ unsigned char buf[4]; /* to restore bit buffer to byte string */ struct inflate_state FAR *state; /* check parameters */ if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; state = (struct inflate_state FAR *)strm->state; if (strm->avail_in == 0 && state->bits < 8) return Z_BUF_ERROR; /* if first time, start search in bit buffer */ if (state->mode != SYNC) { state->mode = SYNC; state->hold <<= state->bits & 7; state->bits -= state->bits & 7; len = 0; while (state->bits >= 8) { buf[len++] = (unsigned char)(state->hold); state->hold >>= 8; state->bits -= 8; } state->have = 0; syncsearch(&(state->have), buf, len); } /* search available input */ len = syncsearch(&(state->have), strm->next_in, strm->avail_in); strm->avail_in -= len; strm->next_in += len; strm->total_in += len; /* return no joy or set up to restart inflate() on a new block */ if (state->have != 4) return Z_DATA_ERROR; in = strm->total_in; out = strm->total_out; inflateReset(strm); strm->total_in = in; strm->total_out = out; state->mode = TYPE; return Z_OK; } /* Returns true if inflate is currently at the end of a block generated by Z_SYNC_FLUSH or Z_FULL_FLUSH. This function is used by one PPP implementation to provide an additional safety check. PPP uses Z_SYNC_FLUSH but removes the length bytes of the resulting empty stored block. When decompressing, PPP checks that at the end of input packet, inflate is waiting for these length bytes. */ int ZEXPORT inflateSyncPoint(strm) z_streamp strm; { struct inflate_state FAR *state; if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; state = (struct inflate_state FAR *)strm->state; return state->mode == STORED && state->bits == 0; } int ZEXPORT inflateCopy(dest, source) z_streamp dest; z_streamp source; { struct inflate_state FAR *state; struct inflate_state FAR *copy; unsigned char FAR *window; unsigned wsize; /* check input */ if (dest == Z_NULL || source == Z_NULL || source->state == Z_NULL || source->zalloc == (alloc_func)0 || source->zfree == (free_func)0) return Z_STREAM_ERROR; state = (struct inflate_state FAR *)source->state; /* allocate space */ copy = (struct inflate_state FAR *) ZALLOC(source, 1, sizeof(struct inflate_state)); if (copy == Z_NULL) return Z_MEM_ERROR; window = Z_NULL; if (state->window != Z_NULL) { window = (unsigned char FAR *) ZALLOC(source, 1U << state->wbits, sizeof(unsigned char)); if (window == Z_NULL) { ZFREE(source, copy); return Z_MEM_ERROR; } } /* copy state */ zmemcpy((voidpf)dest, (voidpf)source, sizeof(z_stream)); zmemcpy((voidpf)copy, (voidpf)state, sizeof(struct inflate_state)); if (state->lencode >= state->codes && state->lencode <= state->codes + ENOUGH - 1) { copy->lencode = copy->codes + (state->lencode - state->codes); copy->distcode = copy->codes + (state->distcode - state->codes); } copy->next = copy->codes + (state->next - state->codes); if (window != Z_NULL) { wsize = 1U << state->wbits; zmemcpy(window, state->window, wsize); } copy->window = window; dest->state = (struct internal_state FAR *)copy; return Z_OK; } int ZEXPORT inflateUndermine(strm, subvert) z_streamp strm; int subvert; { struct inflate_state FAR *state; if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; state = (struct inflate_state FAR *)strm->state; state->sane = !subvert; #ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR return Z_OK; #else state->sane = 1; return Z_DATA_ERROR; #endif } long ZEXPORT inflateMark(strm) z_streamp strm; { struct inflate_state FAR *state; if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16; state = (struct inflate_state FAR *)strm->state; return ((long)(state->back) << 16) + (state->mode == COPY ? state->length : (state->mode == MATCH ? state->was - state->length : 0)); } sudo-1.8.9p5/zlib/inflate.h010064400175440000012000000143771226304126600151150ustar00millertstaff/* inflate.h -- internal inflate state definition * Copyright (C) 1995-2009 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ /* WARNING: this file should *not* be used by applications. It is part of the implementation of the compression library and is subject to change. Applications should only use zlib.h. */ /* define NO_GZIP when compiling if you want to disable gzip header and trailer decoding by inflate(). NO_GZIP would be used to avoid linking in the crc code when it is not needed. For shared libraries, gzip decoding should be left enabled. */ #ifndef NO_GZIP # define GUNZIP #endif /* Possible inflate modes between inflate() calls */ typedef enum { HEAD, /* i: waiting for magic header */ FLAGS, /* i: waiting for method and flags (gzip) */ TIME, /* i: waiting for modification time (gzip) */ OS, /* i: waiting for extra flags and operating system (gzip) */ EXLEN, /* i: waiting for extra length (gzip) */ EXTRA, /* i: waiting for extra bytes (gzip) */ NAME, /* i: waiting for end of file name (gzip) */ COMMENT, /* i: waiting for end of comment (gzip) */ HCRC, /* i: waiting for header crc (gzip) */ DICTID, /* i: waiting for dictionary check value */ DICT, /* waiting for inflateSetDictionary() call */ TYPE, /* i: waiting for type bits, including last-flag bit */ TYPEDO, /* i: same, but skip check to exit inflate on new block */ STORED, /* i: waiting for stored size (length and complement) */ COPY_, /* i/o: same as COPY below, but only first time in */ COPY, /* i/o: waiting for input or output to copy stored block */ TABLE, /* i: waiting for dynamic block table lengths */ LENLENS, /* i: waiting for code length code lengths */ CODELENS, /* i: waiting for length/lit and distance code lengths */ LEN_, /* i: same as LEN below, but only first time in */ LEN, /* i: waiting for length/lit/eob code */ LENEXT, /* i: waiting for length extra bits */ DIST, /* i: waiting for distance code */ DISTEXT, /* i: waiting for distance extra bits */ MATCH, /* o: waiting for output space to copy string */ LIT, /* o: waiting for output space to write literal */ CHECK, /* i: waiting for 32-bit check value */ LENGTH, /* i: waiting for 32-bit length (gzip) */ DONE, /* finished check, done -- remain here until reset */ BAD, /* got a data error -- remain here until reset */ MEM, /* got an inflate() memory error -- remain here until reset */ SYNC /* looking for synchronization bytes to restart inflate() */ } inflate_mode; /* State transitions between above modes - (most modes can go to BAD or MEM on error -- not shown for clarity) Process header: HEAD -> (gzip) or (zlib) or (raw) (gzip) -> FLAGS -> TIME -> OS -> EXLEN -> EXTRA -> NAME -> COMMENT -> HCRC -> TYPE (zlib) -> DICTID or TYPE DICTID -> DICT -> TYPE (raw) -> TYPEDO Read deflate blocks: TYPE -> TYPEDO -> STORED or TABLE or LEN_ or CHECK STORED -> COPY_ -> COPY -> TYPE TABLE -> LENLENS -> CODELENS -> LEN_ LEN_ -> LEN Read deflate codes in fixed or dynamic block: LEN -> LENEXT or LIT or TYPE LENEXT -> DIST -> DISTEXT -> MATCH -> LEN LIT -> LEN Process trailer: CHECK -> LENGTH -> DONE */ /* state maintained between inflate() calls. Approximately 10K bytes. */ struct inflate_state { inflate_mode mode; /* current inflate mode */ int last; /* true if processing last block */ int wrap; /* bit 0 true for zlib, bit 1 true for gzip */ int havedict; /* true if dictionary provided */ int flags; /* gzip header method and flags (0 if zlib) */ unsigned dmax; /* zlib header max distance (INFLATE_STRICT) */ unsigned long check; /* protected copy of check value */ unsigned long total; /* protected copy of output count */ gz_headerp head; /* where to save gzip header information */ /* sliding window */ unsigned wbits; /* log base 2 of requested window size */ unsigned wsize; /* window size or zero if not using window */ unsigned whave; /* valid bytes in the window */ unsigned wnext; /* window write index */ unsigned char FAR *window; /* allocated sliding window, if needed */ /* bit accumulator */ unsigned long hold; /* input bit accumulator */ unsigned bits; /* number of bits in "in" */ /* for string and stored block copying */ unsigned length; /* literal or length of data to copy */ unsigned offset; /* distance back to copy string from */ /* for table and code decoding */ unsigned extra; /* extra bits needed */ /* fixed and dynamic code tables */ code const FAR *lencode; /* starting table for length/literal codes */ code const FAR *distcode; /* starting table for distance codes */ unsigned lenbits; /* index bits for lencode */ unsigned distbits; /* index bits for distcode */ /* dynamic table building */ unsigned ncode; /* number of code length code lengths */ unsigned nlen; /* number of length code lengths */ unsigned ndist; /* number of distance code lengths */ unsigned have; /* number of code lengths in lens[] */ code FAR *next; /* next available space in codes[] */ unsigned short lens[320]; /* temporary storage for code lengths */ unsigned short work[288]; /* work area for code table building */ code codes[ENOUGH]; /* space for code tables */ int sane; /* if false, allow invalid distance too far */ int back; /* bits back of last unprocessed length/lit */ unsigned was; /* initial length of match */ }; sudo-1.8.9p5/zlib/inftrees.c010064400175440000012000000313511226304126600152740ustar00millertstaff/* inftrees.c -- generate Huffman trees for efficient decoding * Copyright (C) 1995-2012 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ #include "zutil.h" #include "inftrees.h" #define MAXBITS 15 const char inflate_copyright[] = " inflate 1.2.6 Copyright 1995-2012 Mark Adler "; /* If you use the zlib library in a product, an acknowledgment is welcome in the documentation of your product. If for some reason you cannot include such an acknowledgment, I would appreciate that you keep this copyright string in the executable of your product. */ /* Build a set of tables to decode the provided canonical Huffman code. The code lengths are lens[0..codes-1]. The result starts at *table, whose indices are 0..2^bits-1. work is a writable array of at least lens shorts, which is used as a work area. type is the type of code to be generated, CODES, LENS, or DISTS. On return, zero is success, -1 is an invalid code, and +1 means that ENOUGH isn't enough. table on return points to the next available entry's address. bits is the requested root table index bits, and on return it is the actual root table index bits. It will differ if the request is greater than the longest code or if it is less than the shortest code. */ int ZLIB_INTERNAL inflate_table(type, lens, codes, table, bits, work) codetype type; unsigned short FAR *lens; unsigned codes; code FAR * FAR *table; unsigned FAR *bits; unsigned short FAR *work; { unsigned len; /* a code's length in bits */ unsigned sym; /* index of code symbols */ unsigned min, max; /* minimum and maximum code lengths */ unsigned root; /* number of index bits for root table */ unsigned curr; /* number of index bits for current table */ unsigned drop; /* code bits to drop for sub-table */ int left; /* number of prefix codes available */ unsigned used; /* code entries in table used */ unsigned huff; /* Huffman code */ unsigned incr; /* for incrementing code, index */ unsigned fill; /* index for replicating entries */ unsigned low; /* low bits for current root entry */ unsigned mask; /* mask for low root bits */ code here; /* table entry for duplication */ code FAR *next; /* next available space in table */ const unsigned short FAR *base; /* base value table to use */ const unsigned short FAR *extra; /* extra bits table to use */ int end; /* use base and extra for symbol > end */ unsigned short count[MAXBITS+1]; /* number of codes of each length */ unsigned short offs[MAXBITS+1]; /* offsets in table for each length */ static const unsigned short lbase[31] = { /* Length codes 257..285 base */ 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0}; static const unsigned short lext[31] = { /* Length codes 257..285 extra */ 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18, 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 203, 69}; static const unsigned short dbase[32] = { /* Distance codes 0..29 base */ 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577, 0, 0}; static const unsigned short dext[32] = { /* Distance codes 0..29 extra */ 16, 16, 16, 16, 17, 17, 18, 18, 19, 19, 20, 20, 21, 21, 22, 22, 23, 23, 24, 24, 25, 25, 26, 26, 27, 27, 28, 28, 29, 29, 64, 64}; /* Process a set of code lengths to create a canonical Huffman code. The code lengths are lens[0..codes-1]. Each length corresponds to the symbols 0..codes-1. The Huffman code is generated by first sorting the symbols by length from short to long, and retaining the symbol order for codes with equal lengths. Then the code starts with all zero bits for the first code of the shortest length, and the codes are integer increments for the same length, and zeros are appended as the length increases. For the deflate format, these bits are stored backwards from their more natural integer increment ordering, and so when the decoding tables are built in the large loop below, the integer codes are incremented backwards. This routine assumes, but does not check, that all of the entries in lens[] are in the range 0..MAXBITS. The caller must assure this. 1..MAXBITS is interpreted as that code length. zero means that that symbol does not occur in this code. The codes are sorted by computing a count of codes for each length, creating from that a table of starting indices for each length in the sorted table, and then entering the symbols in order in the sorted table. The sorted table is work[], with that space being provided by the caller. The length counts are used for other purposes as well, i.e. finding the minimum and maximum length codes, determining if there are any codes at all, checking for a valid set of lengths, and looking ahead at length counts to determine sub-table sizes when building the decoding tables. */ /* accumulate lengths for codes (assumes lens[] all in 0..MAXBITS) */ for (len = 0; len <= MAXBITS; len++) count[len] = 0; for (sym = 0; sym < codes; sym++) count[lens[sym]]++; /* bound code lengths, force root to be within code lengths */ root = *bits; for (max = MAXBITS; max >= 1; max--) if (count[max] != 0) break; if (root > max) root = max; if (max == 0) { /* no symbols to code at all */ here.op = (unsigned char)64; /* invalid code marker */ here.bits = (unsigned char)1; here.val = (unsigned short)0; *(*table)++ = here; /* make a table to force an error */ *(*table)++ = here; *bits = 1; return 0; /* no symbols, but wait for decoding to report error */ } for (min = 1; min < max; min++) if (count[min] != 0) break; if (root < min) root = min; /* check for an over-subscribed or incomplete set of lengths */ left = 1; for (len = 1; len <= MAXBITS; len++) { left <<= 1; left -= count[len]; if (left < 0) return -1; /* over-subscribed */ } if (left > 0 && (type == CODES || max != 1)) return -1; /* incomplete set */ /* generate offsets into symbol table for each length for sorting */ offs[1] = 0; for (len = 1; len < MAXBITS; len++) offs[len + 1] = offs[len] + count[len]; /* sort symbols by length, by symbol order within each length */ for (sym = 0; sym < codes; sym++) if (lens[sym] != 0) work[offs[lens[sym]]++] = (unsigned short)sym; /* Create and fill in decoding tables. In this loop, the table being filled is at next and has curr index bits. The code being used is huff with length len. That code is converted to an index by dropping drop bits off of the bottom. For codes where len is less than drop + curr, those top drop + curr - len bits are incremented through all values to fill the table with replicated entries. root is the number of index bits for the root table. When len exceeds root, sub-tables are created pointed to by the root entry with an index of the low root bits of huff. This is saved in low to check for when a new sub-table should be started. drop is zero when the root table is being filled, and drop is root when sub-tables are being filled. When a new sub-table is needed, it is necessary to look ahead in the code lengths to determine what size sub-table is needed. The length counts are used for this, and so count[] is decremented as codes are entered in the tables. used keeps track of how many table entries have been allocated from the provided *table space. It is checked for LENS and DIST tables against the constants ENOUGH_LENS and ENOUGH_DISTS to guard against changes in the initial root table size constants. See the comments in inftrees.h for more information. sym increments through all symbols, and the loop terminates when all codes of length max, i.e. all codes, have been processed. This routine permits incomplete codes, so another loop after this one fills in the rest of the decoding tables with invalid code markers. */ /* set up for code type */ switch (type) { case CODES: base = extra = work; /* dummy value--not used */ end = 19; break; case LENS: base = lbase; base -= 257; extra = lext; extra -= 257; end = 256; break; default: /* DISTS */ base = dbase; extra = dext; end = -1; } /* initialize state for loop */ huff = 0; /* starting code */ sym = 0; /* starting code symbol */ len = min; /* starting code length */ next = *table; /* current table to fill in */ curr = root; /* current table index bits */ drop = 0; /* current bits to drop from code for index */ low = (unsigned)(-1); /* trigger new sub-table when len > root */ used = 1U << root; /* use root table entries */ mask = used - 1; /* mask for comparing low */ /* check available table space */ if ((type == LENS && used >= ENOUGH_LENS) || (type == DISTS && used >= ENOUGH_DISTS)) return 1; /* process all codes and make table entries */ for (;;) { /* create table entry */ here.bits = (unsigned char)(len - drop); if ((int)(work[sym]) < end) { here.op = (unsigned char)0; here.val = work[sym]; } else if ((int)(work[sym]) > end) { here.op = (unsigned char)(extra[work[sym]]); here.val = base[work[sym]]; } else { here.op = (unsigned char)(32 + 64); /* end of block */ here.val = 0; } /* replicate for those indices with low len bits equal to huff */ incr = 1U << (len - drop); fill = 1U << curr; min = fill; /* save offset to next table */ do { fill -= incr; next[(huff >> drop) + fill] = here; } while (fill != 0); /* backwards increment the len-bit code huff */ incr = 1U << (len - 1); while (huff & incr) incr >>= 1; if (incr != 0) { huff &= incr - 1; huff += incr; } else huff = 0; /* go to next symbol, update count, len */ sym++; if (--(count[len]) == 0) { if (len == max) break; len = lens[work[sym]]; } /* create new sub-table if needed */ if (len > root && (huff & mask) != low) { /* if first time, transition to sub-tables */ if (drop == 0) drop = root; /* increment past last table */ next += min; /* here min is 1 << curr */ /* determine length of next table */ curr = len - drop; left = (int)(1 << curr); while (curr + drop < max) { left -= count[curr + drop]; if (left <= 0) break; curr++; left <<= 1; } /* check for enough space */ used += 1U << curr; if ((type == LENS && used >= ENOUGH_LENS) || (type == DISTS && used >= ENOUGH_DISTS)) return 1; /* point entry in root table to sub-table */ low = huff & mask; (*table)[low].op = (unsigned char)curr; (*table)[low].bits = (unsigned char)root; (*table)[low].val = (unsigned short)(next - *table); } } /* fill in remaining table entry if code is incomplete (guaranteed to have at most one remaining entry, since if the code is incomplete, the maximum code length that was allowed to get this far is one bit) */ if (huff != 0) { here.op = (unsigned char)64; /* invalid code marker */ here.bits = (unsigned char)(len - drop); here.val = (unsigned short)0; next[huff] = here; } /* set return parameters */ *table += used; *bits = root; return 0; } sudo-1.8.9p5/zlib/inftrees.h010064400175440000012000000055601226304126600153040ustar00millertstaff/* inftrees.h -- header to use inftrees.c * Copyright (C) 1995-2005, 2010 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ /* WARNING: this file should *not* be used by applications. It is part of the implementation of the compression library and is subject to change. Applications should only use zlib.h. */ /* Structure for decoding tables. Each entry provides either the information needed to do the operation requested by the code that indexed that table entry, or it provides a pointer to another table that indexes more bits of the code. op indicates whether the entry is a pointer to another table, a literal, a length or distance, an end-of-block, or an invalid code. For a table pointer, the low four bits of op is the number of index bits of that table. For a length or distance, the low four bits of op is the number of extra bits to get after the code. bits is the number of bits in this code or part of the code to drop off of the bit buffer. val is the actual byte to output in the case of a literal, the base length or distance, or the offset from the current table to the next table. Each entry is four bytes. */ typedef struct { unsigned char op; /* operation, extra bits, table bits */ unsigned char bits; /* bits in this part of the code */ unsigned short val; /* offset in table or code value */ } code; /* op values as set by inflate_table(): 00000000 - literal 0000tttt - table link, tttt != 0 is the number of table index bits 0001eeee - length or distance, eeee is the number of extra bits 01100000 - end of block 01000000 - invalid code */ /* Maximum size of the dynamic table. The maximum number of code structures is 1444, which is the sum of 852 for literal/length codes and 592 for distance codes. These values were found by exhaustive searches using the program examples/enough.c found in the zlib distribtution. The arguments to that program are the number of symbols, the initial root table size, and the maximum bit length of a code. "enough 286 9 15" for literal/length codes returns returns 852, and "enough 30 6 15" for distance codes returns 592. The initial root table size (9 or 6) is found in the fifth argument of the inflate_table() calls in inflate.c and infback.c. If the root table size is changed, then these maximum sizes would be need to be recalculated and updated. */ #define ENOUGH_LENS 852 #define ENOUGH_DISTS 592 #define ENOUGH (ENOUGH_LENS+ENOUGH_DISTS) /* Type of code to build for inflate_table() */ typedef enum { CODES, LENS, DISTS } codetype; int ZLIB_INTERNAL inflate_table OF((codetype type, unsigned short FAR *lens, unsigned codes, code FAR * FAR *table, unsigned FAR *bits, unsigned short FAR *work)); sudo-1.8.9p5/zlib/trees.c010064400175440000012000001262011226304126600145760ustar00millertstaff/* trees.c -- output deflated data using Huffman coding * Copyright (C) 1995-2012 Jean-loup Gailly * detect_data_type() function provided freely by Cosmin Truta, 2006 * For conditions of distribution and use, see copyright notice in zlib.h */ /* * ALGORITHM * * The "deflation" process uses several Huffman trees. The more * common source values are represented by shorter bit sequences. * * Each code tree is stored in a compressed form which is itself * a Huffman encoding of the lengths of all the code strings (in * ascending order by source values). The actual code strings are * reconstructed from the lengths in the inflate process, as described * in the deflate specification. * * REFERENCES * * Deutsch, L.P.,"'Deflate' Compressed Data Format Specification". * Available in ftp.uu.net:/pub/archiving/zip/doc/deflate-1.1.doc * * Storer, James A. * Data Compression: Methods and Theory, pp. 49-50. * Computer Science Press, 1988. ISBN 0-7167-8156-5. * * Sedgewick, R. * Algorithms, p290. * Addison-Wesley, 1983. ISBN 0-201-06672-6. */ /* @(#) $Id$ */ /* #define GEN_TREES_H */ #include "deflate.h" #ifdef DEBUG # include #endif /* =========================================================================== * Constants */ #define MAX_BL_BITS 7 /* Bit length codes must not exceed MAX_BL_BITS bits */ #define END_BLOCK 256 /* end of block literal code */ #define REP_3_6 16 /* repeat previous bit length 3-6 times (2 bits of repeat count) */ #define REPZ_3_10 17 /* repeat a zero length 3-10 times (3 bits of repeat count) */ #define REPZ_11_138 18 /* repeat a zero length 11-138 times (7 bits of repeat count) */ local const int extra_lbits[LENGTH_CODES] /* extra bits for each length code */ = {0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0}; local const int extra_dbits[D_CODES] /* extra bits for each distance code */ = {0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13}; local const int extra_blbits[BL_CODES]/* extra bits for each bit length code */ = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7}; local const uch bl_order[BL_CODES] = {16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15}; /* The lengths of the bit length codes are sent in order of decreasing * probability, to avoid transmitting the lengths for unused bit length codes. */ /* =========================================================================== * Local data. These are initialized only once. */ #define DIST_CODE_LEN 512 /* see definition of array dist_code below */ #if defined(GEN_TREES_H) || !defined(STDC) /* non ANSI compilers may not accept trees.h */ local ct_data static_ltree[L_CODES+2]; /* The static literal tree. Since the bit lengths are imposed, there is no * need for the L_CODES extra codes used during heap construction. However * The codes 286 and 287 are needed to build a canonical tree (see _tr_init * below). */ local ct_data static_dtree[D_CODES]; /* The static distance tree. (Actually a trivial tree since all codes use * 5 bits.) */ uch _dist_code[DIST_CODE_LEN]; /* Distance codes. The first 256 values correspond to the distances * 3 .. 258, the last 256 values correspond to the top 8 bits of * the 15 bit distances. */ uch _length_code[MAX_MATCH-MIN_MATCH+1]; /* length code for each normalized match length (0 == MIN_MATCH) */ local int base_length[LENGTH_CODES]; /* First normalized length for each code (0 = MIN_MATCH) */ local int base_dist[D_CODES]; /* First normalized distance for each code (0 = distance of 1) */ #else # include "trees.h" #endif /* GEN_TREES_H */ struct static_tree_desc_s { const ct_data *static_tree; /* static tree or NULL */ const intf *extra_bits; /* extra bits for each code or NULL */ int extra_base; /* base index for extra_bits */ int elems; /* max number of elements in the tree */ int max_length; /* max bit length for the codes */ }; local static_tree_desc static_l_desc = {static_ltree, extra_lbits, LITERALS+1, L_CODES, MAX_BITS}; local static_tree_desc static_d_desc = {static_dtree, extra_dbits, 0, D_CODES, MAX_BITS}; local static_tree_desc static_bl_desc = {(const ct_data *)0, extra_blbits, 0, BL_CODES, MAX_BL_BITS}; /* =========================================================================== * Local (static) routines in this file. */ local void tr_static_init OF((void)); local void init_block OF((deflate_state *s)); local void pqdownheap OF((deflate_state *s, ct_data *tree, int k)); local void gen_bitlen OF((deflate_state *s, tree_desc *desc)); local void gen_codes OF((ct_data *tree, int max_code, ushf *bl_count)); local void build_tree OF((deflate_state *s, tree_desc *desc)); local void scan_tree OF((deflate_state *s, ct_data *tree, int max_code)); local void send_tree OF((deflate_state *s, ct_data *tree, int max_code)); local int build_bl_tree OF((deflate_state *s)); local void send_all_trees OF((deflate_state *s, int lcodes, int dcodes, int blcodes)); local void compress_block OF((deflate_state *s, ct_data *ltree, ct_data *dtree)); local int detect_data_type OF((deflate_state *s)); local unsigned bi_reverse OF((unsigned value, int length)); local void bi_windup OF((deflate_state *s)); local void bi_flush OF((deflate_state *s)); local void copy_block OF((deflate_state *s, charf *buf, unsigned len, int header)); #ifdef GEN_TREES_H local void gen_trees_header OF((void)); #endif #ifndef DEBUG # define send_code(s, c, tree) send_bits(s, tree[c].Code, tree[c].Len) /* Send a code of the given tree. c and tree must not have side effects */ #else /* DEBUG */ # define send_code(s, c, tree) \ { if (z_verbose>2) fprintf(stderr,"\ncd %3d ",(c)); \ send_bits(s, tree[c].Code, tree[c].Len); } #endif /* =========================================================================== * Output a short LSB first on the stream. * IN assertion: there is enough room in pendingBuf. */ #define put_short(s, w) { \ put_byte(s, (uch)((w) & 0xff)); \ put_byte(s, (uch)((ush)(w) >> 8)); \ } /* =========================================================================== * Send a value on a given number of bits. * IN assertion: length <= 16 and value fits in length bits. */ #ifdef DEBUG local void send_bits OF((deflate_state *s, int value, int length)); local void send_bits(s, value, length) deflate_state *s; int value; /* value to send */ int length; /* number of bits */ { Tracevv((stderr," l %2d v %4x ", length, value)); Assert(length > 0 && length <= 15, "invalid length"); s->bits_sent += (ulg)length; /* If not enough room in bi_buf, use (valid) bits from bi_buf and * (16 - bi_valid) bits from value, leaving (width - (16-bi_valid)) * unused bits in value. */ if (s->bi_valid > (int)Buf_size - length) { s->bi_buf |= (ush)value << s->bi_valid; put_short(s, s->bi_buf); s->bi_buf = (ush)value >> (Buf_size - s->bi_valid); s->bi_valid += length - Buf_size; } else { s->bi_buf |= (ush)value << s->bi_valid; s->bi_valid += length; } } #else /* !DEBUG */ #define send_bits(s, value, length) \ { int len = length;\ if (s->bi_valid > (int)Buf_size - len) {\ int val = value;\ s->bi_buf |= (ush)val << s->bi_valid;\ put_short(s, s->bi_buf);\ s->bi_buf = (ush)val >> (Buf_size - s->bi_valid);\ s->bi_valid += len - Buf_size;\ } else {\ s->bi_buf |= (ush)(value) << s->bi_valid;\ s->bi_valid += len;\ }\ } #endif /* DEBUG */ /* the arguments must not have side effects */ /* =========================================================================== * Initialize the various 'constant' tables. */ local void tr_static_init() { #if defined(GEN_TREES_H) || !defined(STDC) static int static_init_done = 0; int n; /* iterates over tree elements */ int bits; /* bit counter */ int length; /* length value */ int code; /* code value */ int dist; /* distance index */ ush bl_count[MAX_BITS+1]; /* number of codes at each bit length for an optimal tree */ if (static_init_done) return; /* For some embedded targets, global variables are not initialized: */ #ifdef NO_INIT_GLOBAL_POINTERS static_l_desc.static_tree = static_ltree; static_l_desc.extra_bits = extra_lbits; static_d_desc.static_tree = static_dtree; static_d_desc.extra_bits = extra_dbits; static_bl_desc.extra_bits = extra_blbits; #endif /* Initialize the mapping length (0..255) -> length code (0..28) */ length = 0; for (code = 0; code < LENGTH_CODES-1; code++) { base_length[code] = length; for (n = 0; n < (1< dist code (0..29) */ dist = 0; for (code = 0 ; code < 16; code++) { base_dist[code] = dist; for (n = 0; n < (1<>= 7; /* from now on, all distances are divided by 128 */ for ( ; code < D_CODES; code++) { base_dist[code] = dist << 7; for (n = 0; n < (1<<(extra_dbits[code]-7)); n++) { _dist_code[256 + dist++] = (uch)code; } } Assert (dist == 256, "tr_static_init: 256+dist != 512"); /* Construct the codes of the static literal tree */ for (bits = 0; bits <= MAX_BITS; bits++) bl_count[bits] = 0; n = 0; while (n <= 143) static_ltree[n++].Len = 8, bl_count[8]++; while (n <= 255) static_ltree[n++].Len = 9, bl_count[9]++; while (n <= 279) static_ltree[n++].Len = 7, bl_count[7]++; while (n <= 287) static_ltree[n++].Len = 8, bl_count[8]++; /* Codes 286 and 287 do not exist, but we must include them in the * tree construction to get a canonical Huffman tree (longest code * all ones) */ gen_codes((ct_data *)static_ltree, L_CODES+1, bl_count); /* The static distance tree is trivial: */ for (n = 0; n < D_CODES; n++) { static_dtree[n].Len = 5; static_dtree[n].Code = bi_reverse((unsigned)n, 5); } static_init_done = 1; # ifdef GEN_TREES_H gen_trees_header(); # endif #endif /* defined(GEN_TREES_H) || !defined(STDC) */ } /* =========================================================================== * Genererate the file trees.h describing the static trees. */ #ifdef GEN_TREES_H # ifndef DEBUG # include # endif # define SEPARATOR(i, last, width) \ ((i) == (last)? "\n};\n\n" : \ ((i) % (width) == (width)-1 ? ",\n" : ", ")) void gen_trees_header() { FILE *header = fopen("trees.h", "w"); int i; Assert (header != NULL, "Can't open trees.h"); fprintf(header, "/* header created automatically with -DGEN_TREES_H */\n\n"); fprintf(header, "local const ct_data static_ltree[L_CODES+2] = {\n"); for (i = 0; i < L_CODES+2; i++) { fprintf(header, "{{%3u},{%3u}}%s", static_ltree[i].Code, static_ltree[i].Len, SEPARATOR(i, L_CODES+1, 5)); } fprintf(header, "local const ct_data static_dtree[D_CODES] = {\n"); for (i = 0; i < D_CODES; i++) { fprintf(header, "{{%2u},{%2u}}%s", static_dtree[i].Code, static_dtree[i].Len, SEPARATOR(i, D_CODES-1, 5)); } fprintf(header, "const uch ZLIB_INTERNAL _dist_code[DIST_CODE_LEN] = {\n"); for (i = 0; i < DIST_CODE_LEN; i++) { fprintf(header, "%2u%s", _dist_code[i], SEPARATOR(i, DIST_CODE_LEN-1, 20)); } fprintf(header, "const uch ZLIB_INTERNAL _length_code[MAX_MATCH-MIN_MATCH+1]= {\n"); for (i = 0; i < MAX_MATCH-MIN_MATCH+1; i++) { fprintf(header, "%2u%s", _length_code[i], SEPARATOR(i, MAX_MATCH-MIN_MATCH, 20)); } fprintf(header, "local const int base_length[LENGTH_CODES] = {\n"); for (i = 0; i < LENGTH_CODES; i++) { fprintf(header, "%1u%s", base_length[i], SEPARATOR(i, LENGTH_CODES-1, 20)); } fprintf(header, "local const int base_dist[D_CODES] = {\n"); for (i = 0; i < D_CODES; i++) { fprintf(header, "%5u%s", base_dist[i], SEPARATOR(i, D_CODES-1, 10)); } fclose(header); } #endif /* GEN_TREES_H */ /* =========================================================================== * Initialize the tree data structures for a new zlib stream. */ void ZLIB_INTERNAL _tr_init(s) deflate_state *s; { tr_static_init(); s->l_desc.dyn_tree = s->dyn_ltree; s->l_desc.stat_desc = &static_l_desc; s->d_desc.dyn_tree = s->dyn_dtree; s->d_desc.stat_desc = &static_d_desc; s->bl_desc.dyn_tree = s->bl_tree; s->bl_desc.stat_desc = &static_bl_desc; s->bi_buf = 0; s->bi_valid = 0; #ifdef DEBUG s->compressed_len = 0L; s->bits_sent = 0L; #endif /* Initialize the first block of the first file: */ init_block(s); } /* =========================================================================== * Initialize a new block. */ local void init_block(s) deflate_state *s; { int n; /* iterates over tree elements */ /* Initialize the trees. */ for (n = 0; n < L_CODES; n++) s->dyn_ltree[n].Freq = 0; for (n = 0; n < D_CODES; n++) s->dyn_dtree[n].Freq = 0; for (n = 0; n < BL_CODES; n++) s->bl_tree[n].Freq = 0; s->dyn_ltree[END_BLOCK].Freq = 1; s->opt_len = s->static_len = 0L; s->last_lit = s->matches = 0; } #define SMALLEST 1 /* Index within the heap array of least frequent node in the Huffman tree */ /* =========================================================================== * Remove the smallest element from the heap and recreate the heap with * one less element. Updates heap and heap_len. */ #define pqremove(s, tree, top) \ {\ top = s->heap[SMALLEST]; \ s->heap[SMALLEST] = s->heap[s->heap_len--]; \ pqdownheap(s, tree, SMALLEST); \ } /* =========================================================================== * Compares to subtrees, using the tree depth as tie breaker when * the subtrees have equal frequency. This minimizes the worst case length. */ #define smaller(tree, n, m, depth) \ (tree[n].Freq < tree[m].Freq || \ (tree[n].Freq == tree[m].Freq && depth[n] <= depth[m])) /* =========================================================================== * Restore the heap property by moving down the tree starting at node k, * exchanging a node with the smallest of its two sons if necessary, stopping * when the heap property is re-established (each father smaller than its * two sons). */ local void pqdownheap(s, tree, k) deflate_state *s; ct_data *tree; /* the tree to restore */ int k; /* node to move down */ { int v = s->heap[k]; int j = k << 1; /* left son of k */ while (j <= s->heap_len) { /* Set j to the smallest of the two sons: */ if (j < s->heap_len && smaller(tree, s->heap[j+1], s->heap[j], s->depth)) { j++; } /* Exit if v is smaller than both sons */ if (smaller(tree, v, s->heap[j], s->depth)) break; /* Exchange v with the smallest son */ s->heap[k] = s->heap[j]; k = j; /* And continue down the tree, setting j to the left son of k */ j <<= 1; } s->heap[k] = v; } /* =========================================================================== * Compute the optimal bit lengths for a tree and update the total bit length * for the current block. * IN assertion: the fields freq and dad are set, heap[heap_max] and * above are the tree nodes sorted by increasing frequency. * OUT assertions: the field len is set to the optimal bit length, the * array bl_count contains the frequencies for each bit length. * The length opt_len is updated; static_len is also updated if stree is * not null. */ local void gen_bitlen(s, desc) deflate_state *s; tree_desc *desc; /* the tree descriptor */ { ct_data *tree = desc->dyn_tree; int max_code = desc->max_code; const ct_data *stree = desc->stat_desc->static_tree; const intf *extra = desc->stat_desc->extra_bits; int base = desc->stat_desc->extra_base; int max_length = desc->stat_desc->max_length; int h; /* heap index */ int n, m; /* iterate over the tree elements */ int bits; /* bit length */ int xbits; /* extra bits */ ush f; /* frequency */ int overflow = 0; /* number of elements with bit length too large */ for (bits = 0; bits <= MAX_BITS; bits++) s->bl_count[bits] = 0; /* In a first pass, compute the optimal bit lengths (which may * overflow in the case of the bit length tree). */ tree[s->heap[s->heap_max]].Len = 0; /* root of the heap */ for (h = s->heap_max+1; h < HEAP_SIZE; h++) { n = s->heap[h]; bits = tree[tree[n].Dad].Len + 1; if (bits > max_length) bits = max_length, overflow++; tree[n].Len = (ush)bits; /* We overwrite tree[n].Dad which is no longer needed */ if (n > max_code) continue; /* not a leaf node */ s->bl_count[bits]++; xbits = 0; if (n >= base) xbits = extra[n-base]; f = tree[n].Freq; s->opt_len += (ulg)f * (bits + xbits); if (stree) s->static_len += (ulg)f * (stree[n].Len + xbits); } if (overflow == 0) return; Trace((stderr,"\nbit length overflow\n")); /* This happens for example on obj2 and pic of the Calgary corpus */ /* Find the first bit length which could increase: */ do { bits = max_length-1; while (s->bl_count[bits] == 0) bits--; s->bl_count[bits]--; /* move one leaf down the tree */ s->bl_count[bits+1] += 2; /* move one overflow item as its brother */ s->bl_count[max_length]--; /* The brother of the overflow item also moves one step up, * but this does not affect bl_count[max_length] */ overflow -= 2; } while (overflow > 0); /* Now recompute all bit lengths, scanning in increasing frequency. * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all * lengths instead of fixing only the wrong ones. This idea is taken * from 'ar' written by Haruhiko Okumura.) */ for (bits = max_length; bits != 0; bits--) { n = s->bl_count[bits]; while (n != 0) { m = s->heap[--h]; if (m > max_code) continue; if ((unsigned) tree[m].Len != (unsigned) bits) { Trace((stderr,"code %d bits %d->%d\n", m, tree[m].Len, bits)); s->opt_len += ((long)bits - (long)tree[m].Len) *(long)tree[m].Freq; tree[m].Len = (ush)bits; } n--; } } } /* =========================================================================== * Generate the codes for a given tree and bit counts (which need not be * optimal). * IN assertion: the array bl_count contains the bit length statistics for * the given tree and the field len is set for all tree elements. * OUT assertion: the field code is set for all tree elements of non * zero code length. */ local void gen_codes (tree, max_code, bl_count) ct_data *tree; /* the tree to decorate */ int max_code; /* largest code with non zero frequency */ ushf *bl_count; /* number of codes at each bit length */ { ush next_code[MAX_BITS+1]; /* next code value for each bit length */ ush code = 0; /* running code value */ int bits; /* bit index */ int n; /* code index */ /* The distribution counts are first used to generate the code values * without bit reversal. */ for (bits = 1; bits <= MAX_BITS; bits++) { next_code[bits] = code = (code + bl_count[bits-1]) << 1; } /* Check that the bit counts in bl_count are consistent. The last code * must be all ones. */ Assert (code + bl_count[MAX_BITS]-1 == (1<dyn_tree; const ct_data *stree = desc->stat_desc->static_tree; int elems = desc->stat_desc->elems; int n, m; /* iterate over heap elements */ int max_code = -1; /* largest code with non zero frequency */ int node; /* new node being created */ /* Construct the initial heap, with least frequent element in * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1]. * heap[0] is not used. */ s->heap_len = 0, s->heap_max = HEAP_SIZE; for (n = 0; n < elems; n++) { if (tree[n].Freq != 0) { s->heap[++(s->heap_len)] = max_code = n; s->depth[n] = 0; } else { tree[n].Len = 0; } } /* The pkzip format requires that at least one distance code exists, * and that at least one bit should be sent even if there is only one * possible code. So to avoid special checks later on we force at least * two codes of non zero frequency. */ while (s->heap_len < 2) { node = s->heap[++(s->heap_len)] = (max_code < 2 ? ++max_code : 0); tree[node].Freq = 1; s->depth[node] = 0; s->opt_len--; if (stree) s->static_len -= stree[node].Len; /* node is 0 or 1 so it does not have extra bits */ } desc->max_code = max_code; /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree, * establish sub-heaps of increasing lengths: */ for (n = s->heap_len/2; n >= 1; n--) pqdownheap(s, tree, n); /* Construct the Huffman tree by repeatedly combining the least two * frequent nodes. */ node = elems; /* next internal node of the tree */ do { pqremove(s, tree, n); /* n = node of least frequency */ m = s->heap[SMALLEST]; /* m = node of next least frequency */ s->heap[--(s->heap_max)] = n; /* keep the nodes sorted by frequency */ s->heap[--(s->heap_max)] = m; /* Create a new node father of n and m */ tree[node].Freq = tree[n].Freq + tree[m].Freq; s->depth[node] = (uch)((s->depth[n] >= s->depth[m] ? s->depth[n] : s->depth[m]) + 1); tree[n].Dad = tree[m].Dad = (ush)node; #ifdef DUMP_BL_TREE if (tree == s->bl_tree) { fprintf(stderr,"\nnode %d(%d), sons %d(%d) %d(%d)", node, tree[node].Freq, n, tree[n].Freq, m, tree[m].Freq); } #endif /* and insert the new node in the heap */ s->heap[SMALLEST] = node++; pqdownheap(s, tree, SMALLEST); } while (s->heap_len >= 2); s->heap[--(s->heap_max)] = s->heap[SMALLEST]; /* At this point, the fields freq and dad are set. We can now * generate the bit lengths. */ gen_bitlen(s, (tree_desc *)desc); /* The field len is now set, we can generate the bit codes */ gen_codes ((ct_data *)tree, max_code, s->bl_count); } /* =========================================================================== * Scan a literal or distance tree to determine the frequencies of the codes * in the bit length tree. */ local void scan_tree (s, tree, max_code) deflate_state *s; ct_data *tree; /* the tree to be scanned */ int max_code; /* and its largest code of non zero frequency */ { int n; /* iterates over all tree elements */ int prevlen = -1; /* last emitted length */ int curlen; /* length of current code */ int nextlen = tree[0].Len; /* length of next code */ int count = 0; /* repeat count of the current code */ int max_count = 7; /* max repeat count */ int min_count = 4; /* min repeat count */ if (nextlen == 0) max_count = 138, min_count = 3; tree[max_code+1].Len = (ush)0xffff; /* guard */ for (n = 0; n <= max_code; n++) { curlen = nextlen; nextlen = tree[n+1].Len; if (++count < max_count && curlen == nextlen) { continue; } else if (count < min_count) { s->bl_tree[curlen].Freq += count; } else if (curlen != 0) { if (curlen != prevlen) s->bl_tree[curlen].Freq++; s->bl_tree[REP_3_6].Freq++; } else if (count <= 10) { s->bl_tree[REPZ_3_10].Freq++; } else { s->bl_tree[REPZ_11_138].Freq++; } count = 0; prevlen = curlen; if (nextlen == 0) { max_count = 138, min_count = 3; } else if (curlen == nextlen) { max_count = 6, min_count = 3; } else { max_count = 7, min_count = 4; } } } /* =========================================================================== * Send a literal or distance tree in compressed form, using the codes in * bl_tree. */ local void send_tree (s, tree, max_code) deflate_state *s; ct_data *tree; /* the tree to be scanned */ int max_code; /* and its largest code of non zero frequency */ { int n; /* iterates over all tree elements */ int prevlen = -1; /* last emitted length */ int curlen; /* length of current code */ int nextlen = tree[0].Len; /* length of next code */ int count = 0; /* repeat count of the current code */ int max_count = 7; /* max repeat count */ int min_count = 4; /* min repeat count */ /* tree[max_code+1].Len = -1; */ /* guard already set */ if (nextlen == 0) max_count = 138, min_count = 3; for (n = 0; n <= max_code; n++) { curlen = nextlen; nextlen = tree[n+1].Len; if (++count < max_count && curlen == nextlen) { continue; } else if (count < min_count) { do { send_code(s, curlen, s->bl_tree); } while (--count != 0); } else if (curlen != 0) { if (curlen != prevlen) { send_code(s, curlen, s->bl_tree); count--; } Assert(count >= 3 && count <= 6, " 3_6?"); send_code(s, REP_3_6, s->bl_tree); send_bits(s, count-3, 2); } else if (count <= 10) { send_code(s, REPZ_3_10, s->bl_tree); send_bits(s, count-3, 3); } else { send_code(s, REPZ_11_138, s->bl_tree); send_bits(s, count-11, 7); } count = 0; prevlen = curlen; if (nextlen == 0) { max_count = 138, min_count = 3; } else if (curlen == nextlen) { max_count = 6, min_count = 3; } else { max_count = 7, min_count = 4; } } } /* =========================================================================== * Construct the Huffman tree for the bit lengths and return the index in * bl_order of the last bit length code to send. */ local int build_bl_tree(s) deflate_state *s; { int max_blindex; /* index of last bit length code of non zero freq */ /* Determine the bit length frequencies for literal and distance trees */ scan_tree(s, (ct_data *)s->dyn_ltree, s->l_desc.max_code); scan_tree(s, (ct_data *)s->dyn_dtree, s->d_desc.max_code); /* Build the bit length tree: */ build_tree(s, (tree_desc *)(&(s->bl_desc))); /* opt_len now includes the length of the tree representations, except * the lengths of the bit lengths codes and the 5+5+4 bits for the counts. */ /* Determine the number of bit length codes to send. The pkzip format * requires that at least 4 bit length codes be sent. (appnote.txt says * 3 but the actual value used is 4.) */ for (max_blindex = BL_CODES-1; max_blindex >= 3; max_blindex--) { if (s->bl_tree[bl_order[max_blindex]].Len != 0) break; } /* Update opt_len to include the bit length tree and counts */ s->opt_len += 3*(max_blindex+1) + 5+5+4; Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld", s->opt_len, s->static_len)); return max_blindex; } /* =========================================================================== * Send the header for a block using dynamic Huffman trees: the counts, the * lengths of the bit length codes, the literal tree and the distance tree. * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4. */ local void send_all_trees(s, lcodes, dcodes, blcodes) deflate_state *s; int lcodes, dcodes, blcodes; /* number of codes for each tree */ { int rank; /* index in bl_order */ Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes"); Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES, "too many codes"); Tracev((stderr, "\nbl counts: ")); send_bits(s, lcodes-257, 5); /* not +255 as stated in appnote.txt */ send_bits(s, dcodes-1, 5); send_bits(s, blcodes-4, 4); /* not -3 as stated in appnote.txt */ for (rank = 0; rank < blcodes; rank++) { Tracev((stderr, "\nbl code %2d ", bl_order[rank])); send_bits(s, s->bl_tree[bl_order[rank]].Len, 3); } Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent)); send_tree(s, (ct_data *)s->dyn_ltree, lcodes-1); /* literal tree */ Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent)); send_tree(s, (ct_data *)s->dyn_dtree, dcodes-1); /* distance tree */ Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent)); } /* =========================================================================== * Send a stored block */ void ZLIB_INTERNAL _tr_stored_block(s, buf, stored_len, last) deflate_state *s; charf *buf; /* input block */ ulg stored_len; /* length of input block */ int last; /* one if this is the last block for a file */ { send_bits(s, (STORED_BLOCK<<1)+last, 3); /* send block type */ #ifdef DEBUG s->compressed_len = (s->compressed_len + 3 + 7) & (ulg)~7L; s->compressed_len += (stored_len + 4) << 3; #endif copy_block(s, buf, (unsigned)stored_len, 1); /* with header */ } /* =========================================================================== * Flush the bits in the bit buffer to pending output (leaves at most 7 bits) */ void ZLIB_INTERNAL _tr_flush_bits(s) deflate_state *s; { bi_flush(s); } /* =========================================================================== * Send one empty static block to give enough lookahead for inflate. * This takes 10 bits, of which 7 may remain in the bit buffer. */ void ZLIB_INTERNAL _tr_align(s) deflate_state *s; { send_bits(s, STATIC_TREES<<1, 3); send_code(s, END_BLOCK, static_ltree); #ifdef DEBUG s->compressed_len += 10L; /* 3 for block type, 7 for EOB */ #endif bi_flush(s); } /* =========================================================================== * Determine the best encoding for the current block: dynamic trees, static * trees or store, and output the encoded block to the zip file. */ void ZLIB_INTERNAL _tr_flush_block(s, buf, stored_len, last) deflate_state *s; charf *buf; /* input block, or NULL if too old */ ulg stored_len; /* length of input block */ int last; /* one if this is the last block for a file */ { ulg opt_lenb, static_lenb; /* opt_len and static_len in bytes */ int max_blindex = 0; /* index of last bit length code of non zero freq */ /* Build the Huffman trees unless a stored block is forced */ if (s->level > 0) { /* Check if the file is binary or text */ if (s->strm->data_type == Z_UNKNOWN) s->strm->data_type = detect_data_type(s); /* Construct the literal and distance trees */ build_tree(s, (tree_desc *)(&(s->l_desc))); Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len, s->static_len)); build_tree(s, (tree_desc *)(&(s->d_desc))); Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len, s->static_len)); /* At this point, opt_len and static_len are the total bit lengths of * the compressed block data, excluding the tree representations. */ /* Build the bit length tree for the above two trees, and get the index * in bl_order of the last bit length code to send. */ max_blindex = build_bl_tree(s); /* Determine the best encoding. Compute the block lengths in bytes. */ opt_lenb = (s->opt_len+3+7)>>3; static_lenb = (s->static_len+3+7)>>3; Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ", opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len, s->last_lit)); if (static_lenb <= opt_lenb) opt_lenb = static_lenb; } else { Assert(buf != (char*)0, "lost buf"); opt_lenb = static_lenb = stored_len + 5; /* force a stored block */ } #ifdef FORCE_STORED if (buf != (char*)0) { /* force stored block */ #else if (stored_len+4 <= opt_lenb && buf != (char*)0) { /* 4: two words for the lengths */ #endif /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE. * Otherwise we can't have processed more than WSIZE input bytes since * the last block flush, because compression would have been * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to * transform a block into a stored block. */ _tr_stored_block(s, buf, stored_len, last); #ifdef FORCE_STATIC } else if (static_lenb >= 0) { /* force static trees */ #else } else if (s->strategy == Z_FIXED || static_lenb == opt_lenb) { #endif send_bits(s, (STATIC_TREES<<1)+last, 3); compress_block(s, (ct_data *)static_ltree, (ct_data *)static_dtree); #ifdef DEBUG s->compressed_len += 3 + s->static_len; #endif } else { send_bits(s, (DYN_TREES<<1)+last, 3); send_all_trees(s, s->l_desc.max_code+1, s->d_desc.max_code+1, max_blindex+1); compress_block(s, (ct_data *)s->dyn_ltree, (ct_data *)s->dyn_dtree); #ifdef DEBUG s->compressed_len += 3 + s->opt_len; #endif } Assert (s->compressed_len == s->bits_sent, "bad compressed size"); /* The above check is made mod 2^32, for files larger than 512 MB * and uLong implemented on 32 bits. */ init_block(s); if (last) { bi_windup(s); #ifdef DEBUG s->compressed_len += 7; /* align on byte boundary */ #endif } Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len>>3, s->compressed_len-7*last)); } /* =========================================================================== * Save the match info and tally the frequency counts. Return true if * the current block must be flushed. */ int ZLIB_INTERNAL _tr_tally (s, dist, lc) deflate_state *s; unsigned dist; /* distance of matched string */ unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */ { s->d_buf[s->last_lit] = (ush)dist; s->l_buf[s->last_lit++] = (uch)lc; if (dist == 0) { /* lc is the unmatched char */ s->dyn_ltree[lc].Freq++; } else { s->matches++; /* Here, lc is the match length - MIN_MATCH */ dist--; /* dist = match distance - 1 */ Assert((ush)dist < (ush)MAX_DIST(s) && (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) && (ush)d_code(dist) < (ush)D_CODES, "_tr_tally: bad match"); s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++; s->dyn_dtree[d_code(dist)].Freq++; } #ifdef TRUNCATE_BLOCK /* Try to guess if it is profitable to stop the current block here */ if ((s->last_lit & 0x1fff) == 0 && s->level > 2) { /* Compute an upper bound for the compressed length */ ulg out_length = (ulg)s->last_lit*8L; ulg in_length = (ulg)((long)s->strstart - s->block_start); int dcode; for (dcode = 0; dcode < D_CODES; dcode++) { out_length += (ulg)s->dyn_dtree[dcode].Freq * (5L+extra_dbits[dcode]); } out_length >>= 3; Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ", s->last_lit, in_length, out_length, 100L - out_length*100L/in_length)); if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1; } #endif return (s->last_lit == s->lit_bufsize-1); /* We avoid equality with lit_bufsize because of wraparound at 64K * on 16 bit machines and because stored blocks are restricted to * 64K-1 bytes. */ } /* =========================================================================== * Send the block data compressed using the given Huffman trees */ local void compress_block(s, ltree, dtree) deflate_state *s; ct_data *ltree; /* literal tree */ ct_data *dtree; /* distance tree */ { unsigned dist; /* distance of matched string */ int lc; /* match length or unmatched char (if dist == 0) */ unsigned lx = 0; /* running index in l_buf */ unsigned code; /* the code to send */ int extra; /* number of extra bits to send */ if (s->last_lit != 0) do { dist = s->d_buf[lx]; lc = s->l_buf[lx++]; if (dist == 0) { send_code(s, lc, ltree); /* send a literal byte */ Tracecv(isgraph(lc), (stderr," '%c' ", lc)); } else { /* Here, lc is the match length - MIN_MATCH */ code = _length_code[lc]; send_code(s, code+LITERALS+1, ltree); /* send the length code */ extra = extra_lbits[code]; if (extra != 0) { lc -= base_length[code]; send_bits(s, lc, extra); /* send the extra length bits */ } dist--; /* dist is now the match distance - 1 */ code = d_code(dist); Assert (code < D_CODES, "bad d_code"); send_code(s, code, dtree); /* send the distance code */ extra = extra_dbits[code]; if (extra != 0) { dist -= base_dist[code]; send_bits(s, dist, extra); /* send the extra distance bits */ } } /* literal or match pair ? */ /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */ Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx, "pendingBuf overflow"); } while (lx < s->last_lit); send_code(s, END_BLOCK, ltree); } /* =========================================================================== * Check if the data type is TEXT or BINARY, using the following algorithm: * - TEXT if the two conditions below are satisfied: * a) There are no non-portable control characters belonging to the * "black list" (0..6, 14..25, 28..31). * b) There is at least one printable character belonging to the * "white list" (9 {TAB}, 10 {LF}, 13 {CR}, 32..255). * - BINARY otherwise. * - The following partially-portable control characters form a * "gray list" that is ignored in this detection algorithm: * (7 {BEL}, 8 {BS}, 11 {VT}, 12 {FF}, 26 {SUB}, 27 {ESC}). * IN assertion: the fields Freq of dyn_ltree are set. */ local int detect_data_type(s) deflate_state *s; { /* black_mask is the bit mask of black-listed bytes * set bits 0..6, 14..25, and 28..31 * 0xf3ffc07f = binary 11110011111111111100000001111111 */ unsigned long black_mask = 0xf3ffc07fUL; int n; /* Check for non-textual ("black-listed") bytes. */ for (n = 0; n <= 31; n++, black_mask >>= 1) if ((black_mask & 1) && (s->dyn_ltree[n].Freq != 0)) return Z_BINARY; /* Check for textual ("white-listed") bytes. */ if (s->dyn_ltree[9].Freq != 0 || s->dyn_ltree[10].Freq != 0 || s->dyn_ltree[13].Freq != 0) return Z_TEXT; for (n = 32; n < LITERALS; n++) if (s->dyn_ltree[n].Freq != 0) return Z_TEXT; /* There are no "black-listed" or "white-listed" bytes: * this stream either is empty or has tolerated ("gray-listed") bytes only. */ return Z_BINARY; } /* =========================================================================== * Reverse the first len bits of a code, using straightforward code (a faster * method would use a table) * IN assertion: 1 <= len <= 15 */ local unsigned bi_reverse(code, len) unsigned code; /* the value to invert */ int len; /* its bit length */ { register unsigned res = 0; do { res |= code & 1; code >>= 1, res <<= 1; } while (--len > 0); return res >> 1; } /* =========================================================================== * Flush the bit buffer, keeping at most 7 bits in it. */ local void bi_flush(s) deflate_state *s; { if (s->bi_valid == 16) { put_short(s, s->bi_buf); s->bi_buf = 0; s->bi_valid = 0; } else if (s->bi_valid >= 8) { put_byte(s, (Byte)s->bi_buf); s->bi_buf >>= 8; s->bi_valid -= 8; } } /* =========================================================================== * Flush the bit buffer and align the output on a byte boundary */ local void bi_windup(s) deflate_state *s; { if (s->bi_valid > 8) { put_short(s, s->bi_buf); } else if (s->bi_valid > 0) { put_byte(s, (Byte)s->bi_buf); } s->bi_buf = 0; s->bi_valid = 0; #ifdef DEBUG s->bits_sent = (s->bits_sent+7) & ~7; #endif } /* =========================================================================== * Copy a stored block, storing first the length and its * one's complement if requested. */ local void copy_block(s, buf, len, header) deflate_state *s; charf *buf; /* the input data */ unsigned len; /* its length */ int header; /* true if block header must be written */ { bi_windup(s); /* align on byte boundary */ if (header) { put_short(s, (ush)len); put_short(s, (ush)~len); #ifdef DEBUG s->bits_sent += 2*16; #endif } #ifdef DEBUG s->bits_sent += (ulg)len<<3; #endif while (len--) { put_byte(s, *buf++); } } sudo-1.8.9p5/zlib/trees.h010064400175440000012000000204301226304126600146000ustar00millertstaff/* header created automatically with -DGEN_TREES_H */ local const ct_data static_ltree[L_CODES+2] = { {{ 12},{ 8}}, {{140},{ 8}}, {{ 76},{ 8}}, {{204},{ 8}}, {{ 44},{ 8}}, {{172},{ 8}}, {{108},{ 8}}, {{236},{ 8}}, {{ 28},{ 8}}, {{156},{ 8}}, {{ 92},{ 8}}, {{220},{ 8}}, {{ 60},{ 8}}, {{188},{ 8}}, {{124},{ 8}}, {{252},{ 8}}, {{ 2},{ 8}}, {{130},{ 8}}, {{ 66},{ 8}}, {{194},{ 8}}, {{ 34},{ 8}}, {{162},{ 8}}, {{ 98},{ 8}}, {{226},{ 8}}, {{ 18},{ 8}}, {{146},{ 8}}, {{ 82},{ 8}}, {{210},{ 8}}, {{ 50},{ 8}}, {{178},{ 8}}, {{114},{ 8}}, {{242},{ 8}}, {{ 10},{ 8}}, {{138},{ 8}}, {{ 74},{ 8}}, {{202},{ 8}}, {{ 42},{ 8}}, {{170},{ 8}}, {{106},{ 8}}, {{234},{ 8}}, {{ 26},{ 8}}, {{154},{ 8}}, {{ 90},{ 8}}, {{218},{ 8}}, {{ 58},{ 8}}, {{186},{ 8}}, {{122},{ 8}}, {{250},{ 8}}, {{ 6},{ 8}}, {{134},{ 8}}, {{ 70},{ 8}}, {{198},{ 8}}, {{ 38},{ 8}}, {{166},{ 8}}, {{102},{ 8}}, {{230},{ 8}}, {{ 22},{ 8}}, {{150},{ 8}}, {{ 86},{ 8}}, {{214},{ 8}}, {{ 54},{ 8}}, {{182},{ 8}}, {{118},{ 8}}, {{246},{ 8}}, {{ 14},{ 8}}, {{142},{ 8}}, {{ 78},{ 8}}, {{206},{ 8}}, {{ 46},{ 8}}, {{174},{ 8}}, {{110},{ 8}}, {{238},{ 8}}, {{ 30},{ 8}}, {{158},{ 8}}, {{ 94},{ 8}}, {{222},{ 8}}, {{ 62},{ 8}}, {{190},{ 8}}, {{126},{ 8}}, {{254},{ 8}}, {{ 1},{ 8}}, {{129},{ 8}}, {{ 65},{ 8}}, {{193},{ 8}}, {{ 33},{ 8}}, {{161},{ 8}}, {{ 97},{ 8}}, {{225},{ 8}}, {{ 17},{ 8}}, {{145},{ 8}}, {{ 81},{ 8}}, {{209},{ 8}}, {{ 49},{ 8}}, {{177},{ 8}}, {{113},{ 8}}, {{241},{ 8}}, {{ 9},{ 8}}, {{137},{ 8}}, {{ 73},{ 8}}, {{201},{ 8}}, {{ 41},{ 8}}, {{169},{ 8}}, {{105},{ 8}}, {{233},{ 8}}, {{ 25},{ 8}}, {{153},{ 8}}, {{ 89},{ 8}}, {{217},{ 8}}, {{ 57},{ 8}}, {{185},{ 8}}, {{121},{ 8}}, {{249},{ 8}}, {{ 5},{ 8}}, {{133},{ 8}}, {{ 69},{ 8}}, {{197},{ 8}}, {{ 37},{ 8}}, {{165},{ 8}}, {{101},{ 8}}, {{229},{ 8}}, {{ 21},{ 8}}, {{149},{ 8}}, {{ 85},{ 8}}, {{213},{ 8}}, {{ 53},{ 8}}, {{181},{ 8}}, {{117},{ 8}}, {{245},{ 8}}, {{ 13},{ 8}}, {{141},{ 8}}, {{ 77},{ 8}}, {{205},{ 8}}, {{ 45},{ 8}}, {{173},{ 8}}, {{109},{ 8}}, {{237},{ 8}}, {{ 29},{ 8}}, {{157},{ 8}}, {{ 93},{ 8}}, {{221},{ 8}}, {{ 61},{ 8}}, {{189},{ 8}}, {{125},{ 8}}, {{253},{ 8}}, {{ 19},{ 9}}, {{275},{ 9}}, {{147},{ 9}}, {{403},{ 9}}, {{ 83},{ 9}}, {{339},{ 9}}, {{211},{ 9}}, {{467},{ 9}}, {{ 51},{ 9}}, {{307},{ 9}}, {{179},{ 9}}, {{435},{ 9}}, {{115},{ 9}}, {{371},{ 9}}, {{243},{ 9}}, {{499},{ 9}}, {{ 11},{ 9}}, {{267},{ 9}}, {{139},{ 9}}, {{395},{ 9}}, {{ 75},{ 9}}, {{331},{ 9}}, {{203},{ 9}}, {{459},{ 9}}, {{ 43},{ 9}}, {{299},{ 9}}, {{171},{ 9}}, {{427},{ 9}}, {{107},{ 9}}, {{363},{ 9}}, {{235},{ 9}}, {{491},{ 9}}, {{ 27},{ 9}}, {{283},{ 9}}, {{155},{ 9}}, {{411},{ 9}}, {{ 91},{ 9}}, {{347},{ 9}}, {{219},{ 9}}, {{475},{ 9}}, {{ 59},{ 9}}, {{315},{ 9}}, {{187},{ 9}}, {{443},{ 9}}, {{123},{ 9}}, {{379},{ 9}}, {{251},{ 9}}, {{507},{ 9}}, {{ 7},{ 9}}, {{263},{ 9}}, {{135},{ 9}}, {{391},{ 9}}, {{ 71},{ 9}}, {{327},{ 9}}, {{199},{ 9}}, {{455},{ 9}}, {{ 39},{ 9}}, {{295},{ 9}}, {{167},{ 9}}, {{423},{ 9}}, {{103},{ 9}}, {{359},{ 9}}, {{231},{ 9}}, {{487},{ 9}}, {{ 23},{ 9}}, {{279},{ 9}}, {{151},{ 9}}, {{407},{ 9}}, {{ 87},{ 9}}, {{343},{ 9}}, {{215},{ 9}}, {{471},{ 9}}, {{ 55},{ 9}}, {{311},{ 9}}, {{183},{ 9}}, {{439},{ 9}}, {{119},{ 9}}, {{375},{ 9}}, {{247},{ 9}}, {{503},{ 9}}, {{ 15},{ 9}}, {{271},{ 9}}, {{143},{ 9}}, {{399},{ 9}}, {{ 79},{ 9}}, {{335},{ 9}}, {{207},{ 9}}, {{463},{ 9}}, {{ 47},{ 9}}, {{303},{ 9}}, {{175},{ 9}}, {{431},{ 9}}, {{111},{ 9}}, {{367},{ 9}}, {{239},{ 9}}, {{495},{ 9}}, {{ 31},{ 9}}, {{287},{ 9}}, {{159},{ 9}}, {{415},{ 9}}, {{ 95},{ 9}}, {{351},{ 9}}, {{223},{ 9}}, {{479},{ 9}}, {{ 63},{ 9}}, {{319},{ 9}}, {{191},{ 9}}, {{447},{ 9}}, {{127},{ 9}}, {{383},{ 9}}, {{255},{ 9}}, {{511},{ 9}}, {{ 0},{ 7}}, {{ 64},{ 7}}, {{ 32},{ 7}}, {{ 96},{ 7}}, {{ 16},{ 7}}, {{ 80},{ 7}}, {{ 48},{ 7}}, {{112},{ 7}}, {{ 8},{ 7}}, {{ 72},{ 7}}, {{ 40},{ 7}}, {{104},{ 7}}, {{ 24},{ 7}}, {{ 88},{ 7}}, {{ 56},{ 7}}, {{120},{ 7}}, {{ 4},{ 7}}, {{ 68},{ 7}}, {{ 36},{ 7}}, {{100},{ 7}}, {{ 20},{ 7}}, {{ 84},{ 7}}, {{ 52},{ 7}}, {{116},{ 7}}, {{ 3},{ 8}}, {{131},{ 8}}, {{ 67},{ 8}}, {{195},{ 8}}, {{ 35},{ 8}}, {{163},{ 8}}, {{ 99},{ 8}}, {{227},{ 8}} }; local const ct_data static_dtree[D_CODES] = { {{ 0},{ 5}}, {{16},{ 5}}, {{ 8},{ 5}}, {{24},{ 5}}, {{ 4},{ 5}}, {{20},{ 5}}, {{12},{ 5}}, {{28},{ 5}}, {{ 2},{ 5}}, {{18},{ 5}}, {{10},{ 5}}, {{26},{ 5}}, {{ 6},{ 5}}, {{22},{ 5}}, {{14},{ 5}}, {{30},{ 5}}, {{ 1},{ 5}}, {{17},{ 5}}, {{ 9},{ 5}}, {{25},{ 5}}, {{ 5},{ 5}}, {{21},{ 5}}, {{13},{ 5}}, {{29},{ 5}}, {{ 3},{ 5}}, {{19},{ 5}}, {{11},{ 5}}, {{27},{ 5}}, {{ 7},{ 5}}, {{23},{ 5}} }; const uch ZLIB_INTERNAL _dist_code[DIST_CODE_LEN] = { 0, 1, 2, 3, 4, 4, 5, 5, 6, 6, 6, 6, 7, 7, 7, 7, 8, 8, 8, 8, 8, 8, 8, 8, 9, 9, 9, 9, 9, 9, 9, 9, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 0, 0, 16, 17, 18, 18, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 22, 22, 22, 22, 22, 22, 22, 22, 23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29 }; const uch ZLIB_INTERNAL _length_code[MAX_MATCH-MIN_MATCH+1]= { 0, 1, 2, 3, 4, 5, 6, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 12, 12, 13, 13, 13, 13, 14, 14, 14, 14, 15, 15, 15, 15, 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 17, 17, 17, 17, 18, 18, 18, 18, 18, 18, 18, 18, 19, 19, 19, 19, 19, 19, 19, 19, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 28 }; local const int base_length[LENGTH_CODES] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 12, 14, 16, 20, 24, 28, 32, 40, 48, 56, 64, 80, 96, 112, 128, 160, 192, 224, 0 }; local const int base_dist[D_CODES] = { 0, 1, 2, 3, 4, 6, 8, 12, 16, 24, 32, 48, 64, 96, 128, 192, 256, 384, 512, 768, 1024, 1536, 2048, 3072, 4096, 6144, 8192, 12288, 16384, 24576 }; sudo-1.8.9p5/zlib/uncompr.c010064400175440000012000000037121226304126600151400ustar00millertstaff/* uncompr.c -- decompress a memory buffer * Copyright (C) 1995-2003, 2010 Jean-loup Gailly. * For conditions of distribution and use, see copyright notice in zlib.h */ /* @(#) $Id$ */ #define ZLIB_INTERNAL #include "zlib.h" /* =========================================================================== Decompresses the source buffer into the destination buffer. sourceLen is the byte length of the source buffer. Upon entry, destLen is the total size of the destination buffer, which must be large enough to hold the entire uncompressed data. (The size of the uncompressed data must have been saved previously by the compressor and transmitted to the decompressor by some mechanism outside the scope of this compression library.) Upon exit, destLen is the actual size of the compressed buffer. uncompress returns Z_OK if success, Z_MEM_ERROR if there was not enough memory, Z_BUF_ERROR if there was not enough room in the output buffer, or Z_DATA_ERROR if the input data was corrupted. */ int ZEXPORT uncompress (dest, destLen, source, sourceLen) Bytef *dest; uLongf *destLen; const Bytef *source; uLong sourceLen; { z_stream stream; int err; stream.next_in = (Bytef*)source; stream.avail_in = (uInt)sourceLen; /* Check for source > 64K on 16-bit machine: */ if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR; stream.next_out = dest; stream.avail_out = (uInt)*destLen; if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR; stream.zalloc = (alloc_func)0; stream.zfree = (free_func)0; err = inflateInit(&stream); if (err != Z_OK) return err; err = inflate(&stream, Z_FINISH); if (err != Z_STREAM_END) { inflateEnd(&stream); if (err == Z_NEED_DICT || (err == Z_BUF_ERROR && stream.avail_in == 0)) return Z_DATA_ERROR; return err; } *destLen = stream.total_out; err = inflateEnd(&stream); return err; } sudo-1.8.9p5/zlib/zconf.h.in010064400175440000012000000343671226304126600152200ustar00millertstaff/* zconf.h -- configuration of the zlib compression library * Copyright (C) 1995-2011 Jean-loup Gailly. * For conditions of distribution and use, see copyright notice in zlib.h */ /* @(#) $Id$ */ #ifndef ZCONF_H #define ZCONF_H /* The following four defines are enabled by sudo's configure script. */ #undef HAVE_UNISTD_H #undef HAVE_VSNPRINTF #undef HAVE_MEMCPY #undef _FILE_OFFSET_BITS #undef _LARGE_FILES #undef const /* * If you *really* need a unique prefix for all types and library functions, * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it. * Even better than compiling with -DZ_PREFIX would be to use configure to set * this permanently in zconf.h using "./configure --zprefix". */ #ifdef Z_PREFIX /* may be set to #if 1 by ./configure */ # define Z_PREFIX_SET /* all linked symbols */ # define _dist_code z__dist_code # define _length_code z__length_code # define _tr_align z__tr_align # define _tr_flush_block z__tr_flush_block # define _tr_init z__tr_init # define _tr_stored_block z__tr_stored_block # define _tr_tally z__tr_tally # define adler32 z_adler32 # define adler32_combine z_adler32_combine # define adler32_combine64 z_adler32_combine64 # ifndef Z_SOLO # define compress z_compress # define compress2 z_compress2 # define compressBound z_compressBound # endif # define crc32 z_crc32 # define crc32_combine z_crc32_combine # define crc32_combine64 z_crc32_combine64 # define deflate z_deflate # define deflateBound z_deflateBound # define deflateCopy z_deflateCopy # define deflateEnd z_deflateEnd # define deflateInit2_ z_deflateInit2_ # define deflateInit_ z_deflateInit_ # define deflateParams z_deflateParams # define deflatePending z_deflatePending # define deflatePrime z_deflatePrime # define deflateReset z_deflateReset # define deflateResetKeep z_deflateResetKeep # define deflateSetDictionary z_deflateSetDictionary # define deflateSetHeader z_deflateSetHeader # define deflateTune z_deflateTune # define deflate_copyright z_deflate_copyright # define get_crc_table z_get_crc_table # ifndef Z_SOLO # define gz_error z_gz_error # define gz_intmax z_gz_intmax # define gz_strwinerror z_gz_strwinerror # define gzbuffer z_gzbuffer # define gzclearerr z_gzclearerr # define gzclose z_gzclose # define gzclose_r z_gzclose_r # define gzclose_w z_gzclose_w # define gzdirect z_gzdirect # define gzdopen z_gzdopen # define gzeof z_gzeof # define gzerror z_gzerror # define gzflags z_gzflags # define gzflush z_gzflush # define gzgetc z_gzgetc # define gzgetc_ z_gzgetc_ # define gzgets z_gzgets # define gzoffset z_gzoffset # define gzoffset64 z_gzoffset64 # define gzopen z_gzopen # define gzopen64 z_gzopen64 # define gzprintf z_gzprintf # define gzputc z_gzputc # define gzputs z_gzputs # define gzread z_gzread # define gzrewind z_gzrewind # define gzseek z_gzseek # define gzseek64 z_gzseek64 # define gzsetparams z_gzsetparams # define gztell z_gztell # define gztell64 z_gztell64 # define gzungetc z_gzungetc # define gzwrite z_gzwrite # endif # define inflate z_inflate # define inflateBack z_inflateBack # define inflateBackEnd z_inflateBackEnd # define inflateBackInit_ z_inflateBackInit_ # define inflateCopy z_inflateCopy # define inflateEnd z_inflateEnd # define inflateGetHeader z_inflateGetHeader # define inflateInit2_ z_inflateInit2_ # define inflateInit_ z_inflateInit_ # define inflateMark z_inflateMark # define inflatePrime z_inflatePrime # define inflateReset z_inflateReset # define inflateReset2 z_inflateReset2 # define inflateSetDictionary z_inflateSetDictionary # define inflateSync z_inflateSync # define inflateSyncPoint z_inflateSyncPoint # define inflateUndermine z_inflateUndermine # define inflateResetKeep z_inflateResetKeep # define inflate_copyright z_inflate_copyright # define inflate_fast z_inflate_fast # define inflate_table z_inflate_table # ifndef Z_SOLO # define uncompress z_uncompress # endif # define zError z_zError # ifndef Z_SOLO # define zcalloc z_zcalloc # define zcfree z_zcfree # endif # define zlibCompileFlags z_zlibCompileFlags # define zlibVersion z_zlibVersion /* all zlib typedefs in zlib.h and zconf.h */ # define Byte z_Byte # define Bytef z_Bytef # define alloc_func z_alloc_func # define charf z_charf # define free_func z_free_func # ifndef Z_SOLO # define gzFile z_gzFile # define gz_header z_gz_header # define gz_headerp z_gz_headerp # endif # define in_func z_in_func # define intf z_intf # define out_func z_out_func # define uInt z_uInt # define uIntf z_uIntf # define uLong z_uLong # define uLongf z_uLongf # define voidp z_voidp # define voidpc z_voidpc # define voidpf z_voidpf /* all zlib structs in zlib.h and zconf.h */ # ifndef Z_SOLO # define gz_header_s z_gz_header_s # endif # define internal_state z_internal_state #endif #if defined(__MSDOS__) && !defined(MSDOS) # define MSDOS #endif #if (defined(OS_2) || defined(__OS2__)) && !defined(OS2) # define OS2 #endif #if defined(_WINDOWS) && !defined(WINDOWS) # define WINDOWS #endif #if defined(_WIN32) || defined(_WIN32_WCE) || defined(__WIN32__) # ifndef WIN32 # define WIN32 # endif #endif #if (defined(MSDOS) || defined(OS2) || defined(WINDOWS)) && !defined(WIN32) # if !defined(__GNUC__) && !defined(__FLAT__) && !defined(__386__) # ifndef SYS16BIT # define SYS16BIT # endif # endif #endif /* * Compile with -DMAXSEG_64K if the alloc function cannot allocate more * than 64k bytes at a time (needed on systems with 16-bit int). */ #ifdef SYS16BIT # define MAXSEG_64K #endif #ifdef MSDOS # define UNALIGNED_OK #endif #ifdef __STDC_VERSION__ # ifndef STDC # define STDC # endif # if __STDC_VERSION__ >= 199901L # ifndef STDC99 # define STDC99 # endif # endif #endif #if !defined(STDC) && (defined(__STDC__) || defined(__cplusplus)) # define STDC #endif #if !defined(STDC) && (defined(__GNUC__) || defined(__BORLANDC__)) # define STDC #endif #if !defined(STDC) && (defined(MSDOS) || defined(WINDOWS) || defined(WIN32)) # define STDC #endif #if !defined(STDC) && (defined(OS2) || defined(__HOS_AIX__)) # define STDC #endif #if defined(__OS400__) && !defined(STDC) /* iSeries (formerly AS/400). */ # define STDC #endif #ifndef STDC # ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */ # define const /* note: need a more gentle solution here */ # endif #endif #if defined(ZLIB_CONST) && !defined(z_const) # define z_const const #else # define z_const #endif /* Some Mac compilers merge all .h files incorrectly: */ #if defined(__MWERKS__)||defined(applec)||defined(THINK_C)||defined(__SC__) # define NO_DUMMY_DECL #endif /* Maximum value for memLevel in deflateInit2 */ #ifndef MAX_MEM_LEVEL # ifdef MAXSEG_64K # define MAX_MEM_LEVEL 8 # else # define MAX_MEM_LEVEL 9 # endif #endif /* Maximum value for windowBits in deflateInit2 and inflateInit2. * WARNING: reducing MAX_WBITS makes minigzip unable to extract .gz files * created by gzip. (Files created by minigzip can still be extracted by * gzip.) */ #ifndef MAX_WBITS # define MAX_WBITS 15 /* 32K LZ77 window */ #endif /* The memory requirements for deflate are (in bytes): (1 << (windowBits+2)) + (1 << (memLevel+9)) that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values) plus a few kilobytes for small objects. For example, if you want to reduce the default memory requirements from 256K to 128K, compile with make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7" Of course this will generally degrade compression (there's no free lunch). The memory requirements for inflate are (in bytes) 1 << windowBits that is, 32K for windowBits=15 (default value) plus a few kilobytes for small objects. */ /* Type declarations */ #ifndef OF /* function prototypes */ # ifdef STDC # define OF(args) args # else # define OF(args) () # endif #endif #ifndef Z_ARG /* function prototypes for stdarg */ # if defined(STDC) || defined(Z_HAVE_STDARG_H) # define Z_ARG(args) args # else # define Z_ARG(args) () # endif #endif /* The following definitions for FAR are needed only for MSDOS mixed * model programming (small or medium model with some far allocations). * This was tested only with MSC; for other MSDOS compilers you may have * to define NO_MEMCPY in zutil.h. If you don't need the mixed model, * just define FAR to be empty. */ #ifdef SYS16BIT # if defined(M_I86SM) || defined(M_I86MM) /* MSC small or medium model */ # define SMALL_MEDIUM # ifdef _MSC_VER # define FAR _far # else # define FAR far # endif # endif # if (defined(__SMALL__) || defined(__MEDIUM__)) /* Turbo C small or medium model */ # define SMALL_MEDIUM # ifdef __BORLANDC__ # define FAR _far # else # define FAR far # endif # endif #endif #if defined(WINDOWS) || defined(WIN32) /* If building or using zlib as a DLL, define ZLIB_DLL. * This is not mandatory, but it offers a little performance increase. */ # ifdef ZLIB_DLL # if defined(WIN32) && (!defined(__BORLANDC__) || (__BORLANDC__ >= 0x500)) # ifdef ZLIB_INTERNAL # define ZEXTERN extern __declspec(dllexport) # else # define ZEXTERN extern __declspec(dllimport) # endif # endif # endif /* ZLIB_DLL */ /* If building or using zlib with the WINAPI/WINAPIV calling convention, * define ZLIB_WINAPI. * Caution: the standard ZLIB1.DLL is NOT compiled using ZLIB_WINAPI. */ # ifdef ZLIB_WINAPI # ifdef FAR # undef FAR # endif # include /* No need for _export, use ZLIB.DEF instead. */ /* For complete Windows compatibility, use WINAPI, not __stdcall. */ # define ZEXPORT WINAPI # ifdef WIN32 # define ZEXPORTVA WINAPIV # else # define ZEXPORTVA FAR CDECL # endif # endif #endif #if defined (__BEOS__) # ifdef ZLIB_DLL # ifdef ZLIB_INTERNAL # define ZEXPORT __declspec(dllexport) # define ZEXPORTVA __declspec(dllexport) # else # define ZEXPORT __declspec(dllimport) # define ZEXPORTVA __declspec(dllimport) # endif # endif #endif #ifndef ZEXTERN # define ZEXTERN extern #endif #ifndef ZEXPORT # define ZEXPORT #endif #ifndef ZEXPORTVA # define ZEXPORTVA #endif #ifndef FAR # define FAR #endif #if !defined(__MACTYPES__) typedef unsigned char Byte; /* 8 bits */ #endif typedef unsigned int uInt; /* 16 bits or more */ typedef unsigned long uLong; /* 32 bits or more */ #ifdef SMALL_MEDIUM /* Borland C/C++ and some old MSC versions ignore FAR inside typedef */ # define Bytef Byte FAR #else typedef Byte FAR Bytef; #endif typedef char FAR charf; typedef int FAR intf; typedef uInt FAR uIntf; typedef uLong FAR uLongf; #ifdef STDC typedef void const *voidpc; typedef void FAR *voidpf; typedef void *voidp; #else typedef Byte const *voidpc; typedef Byte FAR *voidpf; typedef Byte *voidp; #endif #ifdef HAVE_UNISTD_H /* may be set to #if 1 by ./configure */ # define Z_HAVE_UNISTD_H #endif #ifdef HAVE_STDARG_H /* may be set to #if 1 by ./configure */ # define Z_HAVE_STDARG_H #endif #ifdef STDC # ifndef Z_SOLO # include /* for off_t */ # endif #endif /* a little trick to accommodate both "#define _LARGEFILE64_SOURCE" and * "#define _LARGEFILE64_SOURCE 1" as requesting 64-bit operations, (even * though the former does not conform to the LFS document), but considering * both "#undef _LARGEFILE64_SOURCE" and "#define _LARGEFILE64_SOURCE 0" as * equivalently requesting no 64-bit operations */ #if -_LARGEFILE64_SOURCE - -1 == 1 # undef _LARGEFILE64_SOURCE #endif #if defined(_LARGEFILE64_SOURCE) && _LFS64_LARGEFILE-0 # define Z_LARGE #endif #if (defined(Z_HAVE_UNISTD_H) || defined(Z_LARGE)) && !defined(Z_SOLO) # include /* for SEEK_* and off_t */ # ifdef VMS # include /* for off_t */ # endif # ifndef z_off_t # define z_off_t off_t # endif #endif #if !defined(SEEK_SET) && !defined(Z_SOLO) # define SEEK_SET 0 /* Seek from beginning of file. */ # define SEEK_CUR 1 /* Seek from current position. */ # define SEEK_END 2 /* Set file pointer to EOF plus "offset" */ #endif #ifndef z_off_t # define z_off_t long #endif #if !defined(_WIN32) && (defined(_LARGEFILE64_SOURCE) && _LFS64_LARGEFILE-0) # define z_off64_t off64_t #else # if defined(_WIN32) # define z_off64_t __int64 # else # define z_off64_t z_off_t #endif #endif /* MVS linker does not support external names larger than 8 bytes */ #if defined(__MVS__) #pragma map(deflateInit_,"DEIN") #pragma map(deflateInit2_,"DEIN2") #pragma map(deflateEnd,"DEEND") #pragma map(deflateBound,"DEBND") #pragma map(inflateInit_,"ININ") #pragma map(inflateInit2_,"ININ2") #pragma map(inflateEnd,"INEND") #pragma map(inflateSync,"INSY") #pragma map(inflateSetDictionary,"INSEDI") #pragma map(compressBound,"CMBND") #pragma map(inflate_table,"INTABL") #pragma map(inflate_fast,"INFA") #pragma map(inflate_copyright,"INCOPY") #endif #endif /* ZCONF_H */ sudo-1.8.9p5/zlib/zlib.h010064400175440000012000002500741226304126600144270ustar00millertstaff/* zlib.h -- interface of the 'zlib' general purpose compression library version 1.2.6, January 29th, 2012 Copyright (C) 1995-2012 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution. Jean-loup Gailly Mark Adler jloup@gzip.org madler@alumni.caltech.edu The data format used by the zlib library is described by RFCs (Request for Comments) 1950 to 1952 in the files http://tools.ietf.org/html/rfc1950 (zlib format), rfc1951 (deflate format) and rfc1952 (gzip format). */ #ifndef ZLIB_H #define ZLIB_H #include "zconf.h" #ifdef __cplusplus extern "C" { #endif #define ZLIB_VERSION "1.2.6" #define ZLIB_VERNUM 0x1260 #define ZLIB_VER_MAJOR 1 #define ZLIB_VER_MINOR 2 #define ZLIB_VER_REVISION 6 #define ZLIB_VER_SUBREVISION 0 /* The 'zlib' compression library provides in-memory compression and decompression functions, including integrity checks of the uncompressed data. This version of the library supports only one compression method (deflation) but other algorithms will be added later and will have the same stream interface. Compression can be done in a single step if the buffers are large enough, or can be done by repeated calls of the compression function. In the latter case, the application must provide more input and/or consume the output (providing more output space) before each call. The compressed data format used by default by the in-memory functions is the zlib format, which is a zlib wrapper documented in RFC 1950, wrapped around a deflate stream, which is itself documented in RFC 1951. The library also supports reading and writing files in gzip (.gz) format with an interface similar to that of stdio using the functions that start with "gz". The gzip format is different from the zlib format. gzip is a gzip wrapper, documented in RFC 1952, wrapped around a deflate stream. This library can optionally read and write gzip streams in memory as well. The zlib format was designed to be compact and fast for use in memory and on communications channels. The gzip format was designed for single- file compression on file systems, has a larger header than zlib to maintain directory information, and uses a different, slower check method than zlib. The library does not install any signal handler. The decoder checks the consistency of the compressed data, so the library should never crash even in case of corrupted input. */ typedef voidpf (*alloc_func) OF((voidpf opaque, uInt items, uInt size)); typedef void (*free_func) OF((voidpf opaque, voidpf address)); struct internal_state; typedef struct z_stream_s { z_const Bytef *next_in; /* next input byte */ uInt avail_in; /* number of bytes available at next_in */ uLong total_in; /* total number of input bytes read so far */ Bytef *next_out; /* next output byte should be put there */ uInt avail_out; /* remaining free space at next_out */ uLong total_out; /* total number of bytes output so far */ z_const char *msg; /* last error message, NULL if no error */ struct internal_state FAR *state; /* not visible by applications */ alloc_func zalloc; /* used to allocate the internal state */ free_func zfree; /* used to free the internal state */ voidpf opaque; /* private data object passed to zalloc and zfree */ int data_type; /* best guess about the data type: binary or text */ uLong adler; /* adler32 value of the uncompressed data */ uLong reserved; /* reserved for future use */ } z_stream; typedef z_stream FAR *z_streamp; /* gzip header information passed to and from zlib routines. See RFC 1952 for more details on the meanings of these fields. */ typedef struct gz_header_s { int text; /* true if compressed data believed to be text */ uLong time; /* modification time */ int xflags; /* extra flags (not used when writing a gzip file) */ int os; /* operating system */ Bytef *extra; /* pointer to extra field or Z_NULL if none */ uInt extra_len; /* extra field length (valid if extra != Z_NULL) */ uInt extra_max; /* space at extra (only when reading header) */ Bytef *name; /* pointer to zero-terminated file name or Z_NULL */ uInt name_max; /* space at name (only when reading header) */ Bytef *comment; /* pointer to zero-terminated comment or Z_NULL */ uInt comm_max; /* space at comment (only when reading header) */ int hcrc; /* true if there was or will be a header crc */ int done; /* true when done reading gzip header (not used when writing a gzip file) */ } gz_header; typedef gz_header FAR *gz_headerp; /* The application must update next_in and avail_in when avail_in has dropped to zero. It must update next_out and avail_out when avail_out has dropped to zero. The application must initialize zalloc, zfree and opaque before calling the init function. All other fields are set by the compression library and must not be updated by the application. The opaque value provided by the application will be passed as the first parameter for calls of zalloc and zfree. This can be useful for custom memory management. The compression library attaches no meaning to the opaque value. zalloc must return Z_NULL if there is not enough memory for the object. If zlib is used in a multi-threaded application, zalloc and zfree must be thread safe. On 16-bit systems, the functions zalloc and zfree must be able to allocate exactly 65536 bytes, but will not be required to allocate more than this if the symbol MAXSEG_64K is defined (see zconf.h). WARNING: On MSDOS, pointers returned by zalloc for objects of exactly 65536 bytes *must* have their offset normalized to zero. The default allocation function provided by this library ensures this (see zutil.c). To reduce memory requirements and avoid any allocation of 64K objects, at the expense of compression ratio, compile the library with -DMAX_WBITS=14 (see zconf.h). The fields total_in and total_out can be used for statistics or progress reports. After compression, total_in holds the total size of the uncompressed data and may be saved for use in the decompressor (particularly if the decompressor wants to decompress everything in a single step). */ /* constants */ #define Z_NO_FLUSH 0 #define Z_PARTIAL_FLUSH 1 #define Z_SYNC_FLUSH 2 #define Z_FULL_FLUSH 3 #define Z_FINISH 4 #define Z_BLOCK 5 #define Z_TREES 6 /* Allowed flush values; see deflate() and inflate() below for details */ #define Z_OK 0 #define Z_STREAM_END 1 #define Z_NEED_DICT 2 #define Z_ERRNO (-1) #define Z_STREAM_ERROR (-2) #define Z_DATA_ERROR (-3) #define Z_MEM_ERROR (-4) #define Z_BUF_ERROR (-5) #define Z_VERSION_ERROR (-6) /* Return codes for the compression/decompression functions. Negative values * are errors, positive values are used for special but normal events. */ #define Z_NO_COMPRESSION 0 #define Z_BEST_SPEED 1 #define Z_BEST_COMPRESSION 9 #define Z_DEFAULT_COMPRESSION (-1) /* compression levels */ #define Z_FILTERED 1 #define Z_HUFFMAN_ONLY 2 #define Z_RLE 3 #define Z_FIXED 4 #define Z_DEFAULT_STRATEGY 0 /* compression strategy; see deflateInit2() below for details */ #define Z_BINARY 0 #define Z_TEXT 1 #define Z_ASCII Z_TEXT /* for compatibility with 1.2.2 and earlier */ #define Z_UNKNOWN 2 /* Possible values of the data_type field (though see inflate()) */ #define Z_DEFLATED 8 /* The deflate compression method (the only one supported in this version) */ #define Z_NULL 0 /* for initializing zalloc, zfree, opaque */ #define zlib_version zlibVersion() /* for compatibility with versions < 1.0.2 */ /* basic functions */ ZEXTERN const char * ZEXPORT zlibVersion OF((void)); /* The application can compare zlibVersion and ZLIB_VERSION for consistency. If the first character differs, the library code actually used is not compatible with the zlib.h header file used by the application. This check is automatically made by deflateInit and inflateInit. */ /* ZEXTERN int ZEXPORT deflateInit OF((z_streamp strm, int level)); Initializes the internal stream state for compression. The fields zalloc, zfree and opaque must be initialized before by the caller. If zalloc and zfree are set to Z_NULL, deflateInit updates them to use default allocation functions. The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9: 1 gives best speed, 9 gives best compression, 0 gives no compression at all (the input data is simply copied a block at a time). Z_DEFAULT_COMPRESSION requests a default compromise between speed and compression (currently equivalent to level 6). deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough memory, Z_STREAM_ERROR if level is not a valid compression level, or Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible with the version assumed by the caller (ZLIB_VERSION). msg is set to null if there is no error message. deflateInit does not perform any compression: this will be done by deflate(). */ ZEXTERN int ZEXPORT deflate OF((z_streamp strm, int flush)); /* deflate compresses as much data as possible, and stops when the input buffer becomes empty or the output buffer becomes full. It may introduce some output latency (reading input without producing any output) except when forced to flush. The detailed semantics are as follows. deflate performs one or both of the following actions: - Compress more input starting at next_in and update next_in and avail_in accordingly. If not all input can be processed (because there is not enough room in the output buffer), next_in and avail_in are updated and processing will resume at this point for the next call of deflate(). - Provide more output starting at next_out and update next_out and avail_out accordingly. This action is forced if the parameter flush is non zero. Forcing flush frequently degrades the compression ratio, so this parameter should be set only when necessary (in interactive applications). Some output may be provided even if flush is not set. Before the call of deflate(), the application should ensure that at least one of the actions is possible, by providing more input and/or consuming more output, and updating avail_in or avail_out accordingly; avail_out should never be zero before the call. The application can consume the compressed output when it wants, for example when the output buffer is full (avail_out == 0), or after each call of deflate(). If deflate returns Z_OK and with zero avail_out, it must be called again after making room in the output buffer because there might be more output pending. Normally the parameter flush is set to Z_NO_FLUSH, which allows deflate to decide how much data to accumulate before producing output, in order to maximize compression. If the parameter flush is set to Z_SYNC_FLUSH, all pending output is flushed to the output buffer and the output is aligned on a byte boundary, so that the decompressor can get all input data available so far. (In particular avail_in is zero after the call if enough output space has been provided before the call.) Flushing may degrade compression for some compression algorithms and so it should be used only when necessary. This completes the current deflate block and follows it with an empty stored block that is three bits plus filler bits to the next byte, followed by four bytes (00 00 ff ff). If flush is set to Z_PARTIAL_FLUSH, all pending output is flushed to the output buffer, but the output is not aligned to a byte boundary. All of the input data so far will be available to the decompressor, as for Z_SYNC_FLUSH. This completes the current deflate block and follows it with an empty fixed codes block that is 10 bits long. This assures that enough bytes are output in order for the decompressor to finish the block before the empty fixed code block. If flush is set to Z_BLOCK, a deflate block is completed and emitted, as for Z_SYNC_FLUSH, but the output is not aligned on a byte boundary, and up to seven bits of the current block are held to be written as the next byte after the next deflate block is completed. In this case, the decompressor may not be provided enough bits at this point in order to complete decompression of the data provided so far to the compressor. It may need to wait for the next block to be emitted. This is for advanced applications that need to control the emission of deflate blocks. If flush is set to Z_FULL_FLUSH, all output is flushed as with Z_SYNC_FLUSH, and the compression state is reset so that decompression can restart from this point if previous compressed data has been damaged or if random access is desired. Using Z_FULL_FLUSH too often can seriously degrade compression. If deflate returns with avail_out == 0, this function must be called again with the same value of the flush parameter and more output space (updated avail_out), until the flush is complete (deflate returns with non-zero avail_out). In the case of a Z_FULL_FLUSH or Z_SYNC_FLUSH, make sure that avail_out is greater than six to avoid repeated flush markers due to avail_out == 0 on return. If the parameter flush is set to Z_FINISH, pending input is processed, pending output is flushed and deflate returns with Z_STREAM_END if there was enough output space; if deflate returns with Z_OK, this function must be called again with Z_FINISH and more output space (updated avail_out) but no more input data, until it returns with Z_STREAM_END or an error. After deflate has returned Z_STREAM_END, the only possible operations on the stream are deflateReset or deflateEnd. Z_FINISH can be used immediately after deflateInit if all the compression is to be done in a single step. In this case, avail_out must be at least the value returned by deflateBound (see below). Then deflate is guaranteed to return Z_STREAM_END. If not enough output space is provided, deflate will not return Z_STREAM_END, and it must be called again as described above. deflate() sets strm->adler to the adler32 checksum of all input read so far (that is, total_in bytes). deflate() may update strm->data_type if it can make a good guess about the input data type (Z_BINARY or Z_TEXT). In doubt, the data is considered binary. This field is only for information purposes and does not affect the compression algorithm in any manner. deflate() returns Z_OK if some progress has been made (more input processed or more output produced), Z_STREAM_END if all input has been consumed and all output has been produced (only when flush is set to Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example if next_in or next_out was Z_NULL), Z_BUF_ERROR if no progress is possible (for example avail_in or avail_out was zero). Note that Z_BUF_ERROR is not fatal, and deflate() can be called again with more input and more output space to continue compressing. */ ZEXTERN int ZEXPORT deflateEnd OF((z_streamp strm)); /* All dynamically allocated data structures for this stream are freed. This function discards any unprocessed input and does not flush any pending output. deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the stream state was inconsistent, Z_DATA_ERROR if the stream was freed prematurely (some input or output was discarded). In the error case, msg may be set but then points to a static string (which must not be deallocated). */ /* ZEXTERN int ZEXPORT inflateInit OF((z_streamp strm)); Initializes the internal stream state for decompression. The fields next_in, avail_in, zalloc, zfree and opaque must be initialized before by the caller. If next_in is not Z_NULL and avail_in is large enough (the exact value depends on the compression method), inflateInit determines the compression method from the zlib header and allocates all data structures accordingly; otherwise the allocation will be deferred to the first call of inflate. If zalloc and zfree are set to Z_NULL, inflateInit updates them to use default allocation functions. inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough memory, Z_VERSION_ERROR if the zlib library version is incompatible with the version assumed by the caller, or Z_STREAM_ERROR if the parameters are invalid, such as a null pointer to the structure. msg is set to null if there is no error message. inflateInit does not perform any decompression apart from possibly reading the zlib header if present: actual decompression will be done by inflate(). (So next_in and avail_in may be modified, but next_out and avail_out are unused and unchanged.) The current implementation of inflateInit() does not process any header information -- that is deferred until inflate() is called. */ ZEXTERN int ZEXPORT inflate OF((z_streamp strm, int flush)); /* inflate decompresses as much data as possible, and stops when the input buffer becomes empty or the output buffer becomes full. It may introduce some output latency (reading input without producing any output) except when forced to flush. The detailed semantics are as follows. inflate performs one or both of the following actions: - Decompress more input starting at next_in and update next_in and avail_in accordingly. If not all input can be processed (because there is not enough room in the output buffer), next_in is updated and processing will resume at this point for the next call of inflate(). - Provide more output starting at next_out and update next_out and avail_out accordingly. inflate() provides as much output as possible, until there is no more input data or no more space in the output buffer (see below about the flush parameter). Before the call of inflate(), the application should ensure that at least one of the actions is possible, by providing more input and/or consuming more output, and updating the next_* and avail_* values accordingly. The application can consume the uncompressed output when it wants, for example when the output buffer is full (avail_out == 0), or after each call of inflate(). If inflate returns Z_OK and with zero avail_out, it must be called again after making room in the output buffer because there might be more output pending. The flush parameter of inflate() can be Z_NO_FLUSH, Z_SYNC_FLUSH, Z_FINISH, Z_BLOCK, or Z_TREES. Z_SYNC_FLUSH requests that inflate() flush as much output as possible to the output buffer. Z_BLOCK requests that inflate() stop if and when it gets to the next deflate block boundary. When decoding the zlib or gzip format, this will cause inflate() to return immediately after the header and before the first block. When doing a raw inflate, inflate() will go ahead and process the first block, and will return when it gets to the end of that block, or when it runs out of data. The Z_BLOCK option assists in appending to or combining deflate streams. Also to assist in this, on return inflate() will set strm->data_type to the number of unused bits in the last byte taken from strm->next_in, plus 64 if inflate() is currently decoding the last block in the deflate stream, plus 128 if inflate() returned immediately after decoding an end-of-block code or decoding the complete header up to just before the first byte of the deflate stream. The end-of-block will not be indicated until all of the uncompressed data from that block has been written to strm->next_out. The number of unused bits may in general be greater than seven, except when bit 7 of data_type is set, in which case the number of unused bits will be less than eight. data_type is set as noted here every time inflate() returns for all flush options, and so can be used to determine the amount of currently consumed input in bits. The Z_TREES option behaves as Z_BLOCK does, but it also returns when the end of each deflate block header is reached, before any actual data in that block is decoded. This allows the caller to determine the length of the deflate block header for later use in random access within a deflate block. 256 is added to the value of strm->data_type when inflate() returns immediately after reaching the end of the deflate block header. inflate() should normally be called until it returns Z_STREAM_END or an error. However if all decompression is to be performed in a single step (a single call of inflate), the parameter flush should be set to Z_FINISH. In this case all pending input is processed and all pending output is flushed; avail_out must be large enough to hold all the uncompressed data. (The size of the uncompressed data may have been saved by the compressor for this purpose.) The next operation on this stream must be inflateEnd to deallocate the decompression state. The use of Z_FINISH is not required to perform an inflation in one step. However it may be used to inform inflate that a faster approach can be used for the single inflate() call. Z_FINISH also informs inflate to not maintain a sliding window if the stream completes, which reduces inflate's memory footprint. In this implementation, inflate() always flushes as much output as possible to the output buffer, and always uses the faster approach on the first call. So the effects of the flush parameter in this implementation are on the return value of inflate() as noted below, when inflate() returns early when Z_BLOCK or Z_TREES is used, and when inflate() avoids the allocation of memory for a sliding window when Z_FINISH is used. If a preset dictionary is needed after this call (see inflateSetDictionary below), inflate sets strm->adler to the Adler-32 checksum of the dictionary chosen by the compressor and returns Z_NEED_DICT; otherwise it sets strm->adler to the Adler-32 checksum of all output produced so far (that is, total_out bytes) and returns Z_OK, Z_STREAM_END or an error code as described below. At the end of the stream, inflate() checks that its computed adler32 checksum is equal to that saved by the compressor and returns Z_STREAM_END only if the checksum is correct. inflate() can decompress and check either zlib-wrapped or gzip-wrapped deflate data. The header type is detected automatically, if requested when initializing with inflateInit2(). Any information contained in the gzip header is not retained, so applications that need that information should instead use raw inflate, see inflateInit2() below, or inflateBack() and perform their own processing of the gzip header and trailer. When processing gzip-wrapped deflate data, strm->adler32 is set to the CRC-32 of the output producted so far. The CRC-32 is checked against the gzip trailer. inflate() returns Z_OK if some progress has been made (more input processed or more output produced), Z_STREAM_END if the end of the compressed data has been reached and all uncompressed output has been produced, Z_NEED_DICT if a preset dictionary is needed at this point, Z_DATA_ERROR if the input data was corrupted (input stream not conforming to the zlib format or incorrect check value), Z_STREAM_ERROR if the stream structure was inconsistent (for example next_in or next_out was Z_NULL), Z_MEM_ERROR if there was not enough memory, Z_BUF_ERROR if no progress is possible or if there was not enough room in the output buffer when Z_FINISH is used. Note that Z_BUF_ERROR is not fatal, and inflate() can be called again with more input and more output space to continue decompressing. If Z_DATA_ERROR is returned, the application may then call inflateSync() to look for a good compression block if a partial recovery of the data is desired. */ ZEXTERN int ZEXPORT inflateEnd OF((z_streamp strm)); /* All dynamically allocated data structures for this stream are freed. This function discards any unprocessed input and does not flush any pending output. inflateEnd returns Z_OK if success, Z_STREAM_ERROR if the stream state was inconsistent. In the error case, msg may be set but then points to a static string (which must not be deallocated). */ /* Advanced functions */ /* The following functions are needed only in some special applications. */ /* ZEXTERN int ZEXPORT deflateInit2 OF((z_streamp strm, int level, int method, int windowBits, int memLevel, int strategy)); This is another version of deflateInit with more compression options. The fields next_in, zalloc, zfree and opaque must be initialized before by the caller. The method parameter is the compression method. It must be Z_DEFLATED in this version of the library. The windowBits parameter is the base two logarithm of the window size (the size of the history buffer). It should be in the range 8..15 for this version of the library. Larger values of this parameter result in better compression at the expense of memory usage. The default value is 15 if deflateInit is used instead. windowBits can also be -8..-15 for raw deflate. In this case, -windowBits determines the window size. deflate() will then generate raw deflate data with no zlib header or trailer, and will not compute an adler32 check value. windowBits can also be greater than 15 for optional gzip encoding. Add 16 to windowBits to write a simple gzip header and trailer around the compressed data instead of a zlib wrapper. The gzip header will have no file name, no extra data, no comment, no modification time (set to zero), no header crc, and the operating system will be set to 255 (unknown). If a gzip stream is being written, strm->adler is a crc32 instead of an adler32. The memLevel parameter specifies how much memory should be allocated for the internal compression state. memLevel=1 uses minimum memory but is slow and reduces compression ratio; memLevel=9 uses maximum memory for optimal speed. The default value is 8. See zconf.h for total memory usage as a function of windowBits and memLevel. The strategy parameter is used to tune the compression algorithm. Use the value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a filter (or predictor), Z_HUFFMAN_ONLY to force Huffman encoding only (no string match), or Z_RLE to limit match distances to one (run-length encoding). Filtered data consists mostly of small values with a somewhat random distribution. In this case, the compression algorithm is tuned to compress them better. The effect of Z_FILTERED is to force more Huffman coding and less string matching; it is somewhat intermediate between Z_DEFAULT_STRATEGY and Z_HUFFMAN_ONLY. Z_RLE is designed to be almost as fast as Z_HUFFMAN_ONLY, but give better compression for PNG image data. The strategy parameter only affects the compression ratio but not the correctness of the compressed output even if it is not set appropriately. Z_FIXED prevents the use of dynamic Huffman codes, allowing for a simpler decoder for special applications. deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough memory, Z_STREAM_ERROR if any parameter is invalid (such as an invalid method), or Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible with the version assumed by the caller (ZLIB_VERSION). msg is set to null if there is no error message. deflateInit2 does not perform any compression: this will be done by deflate(). */ ZEXTERN int ZEXPORT deflateSetDictionary OF((z_streamp strm, const Bytef *dictionary, uInt dictLength)); /* Initializes the compression dictionary from the given byte sequence without producing any compressed output. When using the zlib format, this function must be called immediately after deflateInit, deflateInit2 or deflateReset, and before any call of deflate. When doing raw deflate, this function must be called either before any call of deflate, or immediately after the completion of a deflate block, i.e. after all input has been consumed and all output has been delivered when using any of the flush options Z_BLOCK, Z_PARTIAL_FLUSH, Z_SYNC_FLUSH, or Z_FULL_FLUSH. The compressor and decompressor must use exactly the same dictionary (see inflateSetDictionary). The dictionary should consist of strings (byte sequences) that are likely to be encountered later in the data to be compressed, with the most commonly used strings preferably put towards the end of the dictionary. Using a dictionary is most useful when the data to be compressed is short and can be predicted with good accuracy; the data can then be compressed better than with the default empty dictionary. Depending on the size of the compression data structures selected by deflateInit or deflateInit2, a part of the dictionary may in effect be discarded, for example if the dictionary is larger than the window size provided in deflateInit or deflateInit2. Thus the strings most likely to be useful should be put at the end of the dictionary, not at the front. In addition, the current implementation of deflate will use at most the window size minus 262 bytes of the provided dictionary. Upon return of this function, strm->adler is set to the adler32 value of the dictionary; the decompressor may later use this value to determine which dictionary has been used by the compressor. (The adler32 value applies to the whole dictionary even if only a subset of the dictionary is actually used by the compressor.) If a raw deflate was requested, then the adler32 value is not computed and strm->adler is not set. deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a parameter is invalid (e.g. dictionary being Z_NULL) or the stream state is inconsistent (for example if deflate has already been called for this stream or if not at a block boundary for raw deflate). deflateSetDictionary does not perform any compression: this will be done by deflate(). */ ZEXTERN int ZEXPORT deflateCopy OF((z_streamp dest, z_streamp source)); /* Sets the destination stream as a complete copy of the source stream. This function can be useful when several compression strategies will be tried, for example when there are several ways of pre-processing the input data with a filter. The streams that will be discarded should then be freed by calling deflateEnd. Note that deflateCopy duplicates the internal compression state which can be quite large, so this strategy is slow and can consume lots of memory. deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not enough memory, Z_STREAM_ERROR if the source stream state was inconsistent (such as zalloc being Z_NULL). msg is left unchanged in both source and destination. */ ZEXTERN int ZEXPORT deflateReset OF((z_streamp strm)); /* This function is equivalent to deflateEnd followed by deflateInit, but does not free and reallocate all the internal compression state. The stream will keep the same compression level and any other attributes that may have been set by deflateInit2. deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source stream state was inconsistent (such as zalloc or state being Z_NULL). */ ZEXTERN int ZEXPORT deflateParams OF((z_streamp strm, int level, int strategy)); /* Dynamically update the compression level and compression strategy. The interpretation of level and strategy is as in deflateInit2. This can be used to switch between compression and straight copy of the input data, or to switch to a different kind of input data requiring a different strategy. If the compression level is changed, the input available so far is compressed with the old level (and may be flushed); the new level will take effect only at the next call of deflate(). Before the call of deflateParams, the stream state must be set as for a call of deflate(), since the currently available input may have to be compressed and flushed. In particular, strm->avail_out must be non-zero. deflateParams returns Z_OK if success, Z_STREAM_ERROR if the source stream state was inconsistent or if a parameter was invalid, Z_BUF_ERROR if strm->avail_out was zero. */ ZEXTERN int ZEXPORT deflateTune OF((z_streamp strm, int good_length, int max_lazy, int nice_length, int max_chain)); /* Fine tune deflate's internal compression parameters. This should only be used by someone who understands the algorithm used by zlib's deflate for searching for the best matching string, and even then only by the most fanatic optimizer trying to squeeze out the last compressed bit for their specific input data. Read the deflate.c source code for the meaning of the max_lazy, good_length, nice_length, and max_chain parameters. deflateTune() can be called after deflateInit() or deflateInit2(), and returns Z_OK on success, or Z_STREAM_ERROR for an invalid deflate stream. */ ZEXTERN uLong ZEXPORT deflateBound OF((z_streamp strm, uLong sourceLen)); /* deflateBound() returns an upper bound on the compressed size after deflation of sourceLen bytes. It must be called after deflateInit() or deflateInit2(), and after deflateSetHeader(), if used. This would be used to allocate an output buffer for deflation in a single pass, and so would be called before deflate(). If that first deflate() call is provided the sourceLen input bytes, an output buffer allocated to the size returned by deflateBound(), and the flush value Z_FINISH, then deflate() is guaranteed to return Z_STREAM_END. Note that it is possible for the compressed size to be larger than the value returned by deflateBound() if flush options other than Z_FINISH or Z_NO_FLUSH are used. */ ZEXTERN int ZEXPORT deflatePending OF((z_streamp strm, unsigned *pending, int *bits)); /* deflatePending() returns the number of bytes and bits of output that have been generated, but not yet provided in the available output. The bytes not provided would be due to the available output space having being consumed. The number of bits of output not provided are between 0 and 7, where they await more bits to join them in order to fill out a full byte. If pending or bits are Z_NULL, then those values are not set. deflatePending returns Z_OK if success, or Z_STREAM_ERROR if the source stream state was inconsistent. */ ZEXTERN int ZEXPORT deflatePrime OF((z_streamp strm, int bits, int value)); /* deflatePrime() inserts bits in the deflate output stream. The intent is that this function is used to start off the deflate output with the bits leftover from a previous deflate stream when appending to it. As such, this function can only be used for raw deflate, and must be used before the first deflate() call after a deflateInit2() or deflateReset(). bits must be less than or equal to 16, and that many of the least significant bits of value will be inserted in the output. deflatePrime returns Z_OK if success, Z_BUF_ERROR if there was not enough room in the internal buffer to insert the bits, or Z_STREAM_ERROR if the source stream state was inconsistent. */ ZEXTERN int ZEXPORT deflateSetHeader OF((z_streamp strm, gz_headerp head)); /* deflateSetHeader() provides gzip header information for when a gzip stream is requested by deflateInit2(). deflateSetHeader() may be called after deflateInit2() or deflateReset() and before the first call of deflate(). The text, time, os, extra field, name, and comment information in the provided gz_header structure are written to the gzip header (xflag is ignored -- the extra flags are set according to the compression level). The caller must assure that, if not Z_NULL, name and comment are terminated with a zero byte, and that if extra is not Z_NULL, that extra_len bytes are available there. If hcrc is true, a gzip header crc is included. Note that the current versions of the command-line version of gzip (up through version 1.3.x) do not support header crc's, and will report that it is a "multi-part gzip file" and give up. If deflateSetHeader is not used, the default gzip header has text false, the time set to zero, and os set to 255, with no extra, name, or comment fields. The gzip header is returned to the default state by deflateReset(). deflateSetHeader returns Z_OK if success, or Z_STREAM_ERROR if the source stream state was inconsistent. */ /* ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm, int windowBits)); This is another version of inflateInit with an extra parameter. The fields next_in, avail_in, zalloc, zfree and opaque must be initialized before by the caller. The windowBits parameter is the base two logarithm of the maximum window size (the size of the history buffer). It should be in the range 8..15 for this version of the library. The default value is 15 if inflateInit is used instead. windowBits must be greater than or equal to the windowBits value provided to deflateInit2() while compressing, or it must be equal to 15 if deflateInit2() was not used. If a compressed stream with a larger window size is given as input, inflate() will return with the error code Z_DATA_ERROR instead of trying to allocate a larger window. windowBits can also be zero to request that inflate use the window size in the zlib header of the compressed stream. windowBits can also be -8..-15 for raw inflate. In this case, -windowBits determines the window size. inflate() will then process raw deflate data, not looking for a zlib or gzip header, not generating a check value, and not looking for any check values for comparison at the end of the stream. This is for use with other formats that use the deflate compressed data format such as zip. Those formats provide their own check values. If a custom format is developed using the raw deflate format for compressed data, it is recommended that a check value such as an adler32 or a crc32 be applied to the uncompressed data as is done in the zlib, gzip, and zip formats. For most applications, the zlib format should be used as is. Note that comments above on the use in deflateInit2() applies to the magnitude of windowBits. windowBits can also be greater than 15 for optional gzip decoding. Add 32 to windowBits to enable zlib and gzip decoding with automatic header detection, or add 16 to decode only the gzip format (the zlib format will return a Z_DATA_ERROR). If a gzip stream is being decoded, strm->adler is a crc32 instead of an adler32. inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough memory, Z_VERSION_ERROR if the zlib library version is incompatible with the version assumed by the caller, or Z_STREAM_ERROR if the parameters are invalid, such as a null pointer to the structure. msg is set to null if there is no error message. inflateInit2 does not perform any decompression apart from possibly reading the zlib header if present: actual decompression will be done by inflate(). (So next_in and avail_in may be modified, but next_out and avail_out are unused and unchanged.) The current implementation of inflateInit2() does not process any header information -- that is deferred until inflate() is called. */ ZEXTERN int ZEXPORT inflateSetDictionary OF((z_streamp strm, const Bytef *dictionary, uInt dictLength)); /* Initializes the decompression dictionary from the given uncompressed byte sequence. This function must be called immediately after a call of inflate, if that call returned Z_NEED_DICT. The dictionary chosen by the compressor can be determined from the adler32 value returned by that call of inflate. The compressor and decompressor must use exactly the same dictionary (see deflateSetDictionary). For raw inflate, this function can be called at any time to set the dictionary. If the provided dictionary is smaller than the window and there is already data in the window, then the provided dictionary will amend what's there. The application must insure that the dictionary that was used for compression is provided. inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a parameter is invalid (e.g. dictionary being Z_NULL) or the stream state is inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the expected one (incorrect adler32 value). inflateSetDictionary does not perform any decompression: this will be done by subsequent calls of inflate(). */ ZEXTERN int ZEXPORT inflateSync OF((z_streamp strm)); /* Skips invalid compressed data until a possible full flush point (see above for the description of deflate with Z_FULL_FLUSH) can be found, or until all available input is skipped. No output is provided. inflateSync searches for a 00 00 FF FF pattern in the compressed data. All full flush points have this pattern, but not all occurences of this pattern are full flush points. inflateSync returns Z_OK if a possible full flush point has been found, Z_BUF_ERROR if no more input was provided, Z_DATA_ERROR if no flush point has been found, or Z_STREAM_ERROR if the stream structure was inconsistent. In the success case, the application may save the current current value of total_in which indicates where valid compressed data was found. In the error case, the application may repeatedly call inflateSync, providing more input each time, until success or end of the input data. */ ZEXTERN int ZEXPORT inflateCopy OF((z_streamp dest, z_streamp source)); /* Sets the destination stream as a complete copy of the source stream. This function can be useful when randomly accessing a large stream. The first pass through the stream can periodically record the inflate state, allowing restarting inflate at those points when randomly accessing the stream. inflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not enough memory, Z_STREAM_ERROR if the source stream state was inconsistent (such as zalloc being Z_NULL). msg is left unchanged in both source and destination. */ ZEXTERN int ZEXPORT inflateReset OF((z_streamp strm)); /* This function is equivalent to inflateEnd followed by inflateInit, but does not free and reallocate all the internal decompression state. The stream will keep attributes that may have been set by inflateInit2. inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source stream state was inconsistent (such as zalloc or state being Z_NULL). */ ZEXTERN int ZEXPORT inflateReset2 OF((z_streamp strm, int windowBits)); /* This function is the same as inflateReset, but it also permits changing the wrap and window size requests. The windowBits parameter is interpreted the same as it is for inflateInit2. inflateReset2 returns Z_OK if success, or Z_STREAM_ERROR if the source stream state was inconsistent (such as zalloc or state being Z_NULL), or if the windowBits parameter is invalid. */ ZEXTERN int ZEXPORT inflatePrime OF((z_streamp strm, int bits, int value)); /* This function inserts bits in the inflate input stream. The intent is that this function is used to start inflating at a bit position in the middle of a byte. The provided bits will be used before any bytes are used from next_in. This function should only be used with raw inflate, and should be used before the first inflate() call after inflateInit2() or inflateReset(). bits must be less than or equal to 16, and that many of the least significant bits of value will be inserted in the input. If bits is negative, then the input stream bit buffer is emptied. Then inflatePrime() can be called again to put bits in the buffer. This is used to clear out bits leftover after feeding inflate a block description prior to feeding inflate codes. inflatePrime returns Z_OK if success, or Z_STREAM_ERROR if the source stream state was inconsistent. */ ZEXTERN long ZEXPORT inflateMark OF((z_streamp strm)); /* This function returns two values, one in the lower 16 bits of the return value, and the other in the remaining upper bits, obtained by shifting the return value down 16 bits. If the upper value is -1 and the lower value is zero, then inflate() is currently decoding information outside of a block. If the upper value is -1 and the lower value is non-zero, then inflate is in the middle of a stored block, with the lower value equaling the number of bytes from the input remaining to copy. If the upper value is not -1, then it is the number of bits back from the current bit position in the input of the code (literal or length/distance pair) currently being processed. In that case the lower value is the number of bytes already emitted for that code. A code is being processed if inflate is waiting for more input to complete decoding of the code, or if it has completed decoding but is waiting for more output space to write the literal or match data. inflateMark() is used to mark locations in the input data for random access, which may be at bit positions, and to note those cases where the output of a code may span boundaries of random access blocks. The current location in the input stream can be determined from avail_in and data_type as noted in the description for the Z_BLOCK flush parameter for inflate. inflateMark returns the value noted above or -1 << 16 if the provided source stream state was inconsistent. */ ZEXTERN int ZEXPORT inflateGetHeader OF((z_streamp strm, gz_headerp head)); /* inflateGetHeader() requests that gzip header information be stored in the provided gz_header structure. inflateGetHeader() may be called after inflateInit2() or inflateReset(), and before the first call of inflate(). As inflate() processes the gzip stream, head->done is zero until the header is completed, at which time head->done is set to one. If a zlib stream is being decoded, then head->done is set to -1 to indicate that there will be no gzip header information forthcoming. Note that Z_BLOCK or Z_TREES can be used to force inflate() to return immediately after header processing is complete and before any actual data is decompressed. The text, time, xflags, and os fields are filled in with the gzip header contents. hcrc is set to true if there is a header CRC. (The header CRC was valid if done is set to one.) If extra is not Z_NULL, then extra_max contains the maximum number of bytes to write to extra. Once done is true, extra_len contains the actual extra field length, and extra contains the extra field, or that field truncated if extra_max is less than extra_len. If name is not Z_NULL, then up to name_max characters are written there, terminated with a zero unless the length is greater than name_max. If comment is not Z_NULL, then up to comm_max characters are written there, terminated with a zero unless the length is greater than comm_max. When any of extra, name, or comment are not Z_NULL and the respective field is not present in the header, then that field is set to Z_NULL to signal its absence. This allows the use of deflateSetHeader() with the returned structure to duplicate the header. However if those fields are set to allocated memory, then the application will need to save those pointers elsewhere so that they can be eventually freed. If inflateGetHeader is not used, then the header information is simply discarded. The header is always checked for validity, including the header CRC if present. inflateReset() will reset the process to discard the header information. The application would need to call inflateGetHeader() again to retrieve the header from the next gzip stream. inflateGetHeader returns Z_OK if success, or Z_STREAM_ERROR if the source stream state was inconsistent. */ /* ZEXTERN int ZEXPORT inflateBackInit OF((z_streamp strm, int windowBits, unsigned char FAR *window)); Initialize the internal stream state for decompression using inflateBack() calls. The fields zalloc, zfree and opaque in strm must be initialized before the call. If zalloc and zfree are Z_NULL, then the default library- derived memory allocation routines are used. windowBits is the base two logarithm of the window size, in the range 8..15. window is a caller supplied buffer of that size. Except for special applications where it is assured that deflate was used with small window sizes, windowBits must be 15 and a 32K byte window must be supplied to be able to decompress general deflate streams. See inflateBack() for the usage of these routines. inflateBackInit will return Z_OK on success, Z_STREAM_ERROR if any of the parameters are invalid, Z_MEM_ERROR if the internal state could not be allocated, or Z_VERSION_ERROR if the version of the library does not match the version of the header file. */ typedef unsigned (*in_func) OF((void FAR *, unsigned char FAR * FAR *)); typedef int (*out_func) OF((void FAR *, unsigned char FAR *, unsigned)); ZEXTERN int ZEXPORT inflateBack OF((z_streamp strm, in_func in, void FAR *in_desc, out_func out, void FAR *out_desc)); /* inflateBack() does a raw inflate with a single call using a call-back interface for input and output. This is more efficient than inflate() for file i/o applications in that it avoids copying between the output and the sliding window by simply making the window itself the output buffer. This function trusts the application to not change the output buffer passed by the output function, at least until inflateBack() returns. inflateBackInit() must be called first to allocate the internal state and to initialize the state with the user-provided window buffer. inflateBack() may then be used multiple times to inflate a complete, raw deflate stream with each call. inflateBackEnd() is then called to free the allocated state. A raw deflate stream is one with no zlib or gzip header or trailer. This routine would normally be used in a utility that reads zip or gzip files and writes out uncompressed files. The utility would decode the header and process the trailer on its own, hence this routine expects only the raw deflate stream to decompress. This is different from the normal behavior of inflate(), which expects either a zlib or gzip header and trailer around the deflate stream. inflateBack() uses two subroutines supplied by the caller that are then called by inflateBack() for input and output. inflateBack() calls those routines until it reads a complete deflate stream and writes out all of the uncompressed data, or until it encounters an error. The function's parameters and return types are defined above in the in_func and out_func typedefs. inflateBack() will call in(in_desc, &buf) which should return the number of bytes of provided input, and a pointer to that input in buf. If there is no input available, in() must return zero--buf is ignored in that case--and inflateBack() will return a buffer error. inflateBack() will call out(out_desc, buf, len) to write the uncompressed data buf[0..len-1]. out() should return zero on success, or non-zero on failure. If out() returns non-zero, inflateBack() will return with an error. Neither in() nor out() are permitted to change the contents of the window provided to inflateBackInit(), which is also the buffer that out() uses to write from. The length written by out() will be at most the window size. Any non-zero amount of input may be provided by in(). For convenience, inflateBack() can be provided input on the first call by setting strm->next_in and strm->avail_in. If that input is exhausted, then in() will be called. Therefore strm->next_in must be initialized before calling inflateBack(). If strm->next_in is Z_NULL, then in() will be called immediately for input. If strm->next_in is not Z_NULL, then strm->avail_in must also be initialized, and then if strm->avail_in is not zero, input will initially be taken from strm->next_in[0 .. strm->avail_in - 1]. The in_desc and out_desc parameters of inflateBack() is passed as the first parameter of in() and out() respectively when they are called. These descriptors can be optionally used to pass any information that the caller- supplied in() and out() functions need to do their job. On return, inflateBack() will set strm->next_in and strm->avail_in to pass back any unused input that was provided by the last in() call. The return values of inflateBack() can be Z_STREAM_END on success, Z_BUF_ERROR if in() or out() returned an error, Z_DATA_ERROR if there was a format error in the deflate stream (in which case strm->msg is set to indicate the nature of the error), or Z_STREAM_ERROR if the stream was not properly initialized. In the case of Z_BUF_ERROR, an input or output error can be distinguished using strm->next_in which will be Z_NULL only if in() returned an error. If strm->next_in is not Z_NULL, then the Z_BUF_ERROR was due to out() returning non-zero. (in() will always be called before out(), so strm->next_in is assured to be defined if out() returns non-zero.) Note that inflateBack() cannot return Z_OK. */ ZEXTERN int ZEXPORT inflateBackEnd OF((z_streamp strm)); /* All memory allocated by inflateBackInit() is freed. inflateBackEnd() returns Z_OK on success, or Z_STREAM_ERROR if the stream state was inconsistent. */ ZEXTERN uLong ZEXPORT zlibCompileFlags OF((void)); /* Return flags indicating compile-time options. Type sizes, two bits each, 00 = 16 bits, 01 = 32, 10 = 64, 11 = other: 1.0: size of uInt 3.2: size of uLong 5.4: size of voidpf (pointer) 7.6: size of z_off_t Compiler, assembler, and debug options: 8: DEBUG 9: ASMV or ASMINF -- use ASM code 10: ZLIB_WINAPI -- exported functions use the WINAPI calling convention 11: 0 (reserved) One-time table building (smaller code, but not thread-safe if true): 12: BUILDFIXED -- build static block decoding tables when needed 13: DYNAMIC_CRC_TABLE -- build CRC calculation tables when needed 14,15: 0 (reserved) Library content (indicates missing functionality): 16: NO_GZCOMPRESS -- gz* functions cannot compress (to avoid linking deflate code when not needed) 17: NO_GZIP -- deflate can't write gzip streams, and inflate can't detect and decode gzip streams (to avoid linking crc code) 18-19: 0 (reserved) Operation variations (changes in library functionality): 20: PKZIP_BUG_WORKAROUND -- slightly more permissive inflate 21: FASTEST -- deflate algorithm with only one, lowest compression level 22,23: 0 (reserved) The sprintf variant used by gzprintf (zero is best): 24: 0 = vs*, 1 = s* -- 1 means limited to 20 arguments after the format 25: 0 = *nprintf, 1 = *printf -- 1 means gzprintf() not secure! 26: 0 = returns value, 1 = void -- 1 means inferred string length returned Remainder: 27-31: 0 (reserved) */ #ifndef Z_SOLO /* utility functions */ /* The following utility functions are implemented on top of the basic stream-oriented functions. To simplify the interface, some default options are assumed (compression level and memory usage, standard memory allocation functions). The source code of these utility functions can be modified if you need special options. */ ZEXTERN int ZEXPORT compress OF((Bytef *dest, uLongf *destLen, const Bytef *source, uLong sourceLen)); /* Compresses the source buffer into the destination buffer. sourceLen is the byte length of the source buffer. Upon entry, destLen is the total size of the destination buffer, which must be at least the value returned by compressBound(sourceLen). Upon exit, destLen is the actual size of the compressed buffer. compress returns Z_OK if success, Z_MEM_ERROR if there was not enough memory, Z_BUF_ERROR if there was not enough room in the output buffer. */ ZEXTERN int ZEXPORT compress2 OF((Bytef *dest, uLongf *destLen, const Bytef *source, uLong sourceLen, int level)); /* Compresses the source buffer into the destination buffer. The level parameter has the same meaning as in deflateInit. sourceLen is the byte length of the source buffer. Upon entry, destLen is the total size of the destination buffer, which must be at least the value returned by compressBound(sourceLen). Upon exit, destLen is the actual size of the compressed buffer. compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough memory, Z_BUF_ERROR if there was not enough room in the output buffer, Z_STREAM_ERROR if the level parameter is invalid. */ ZEXTERN uLong ZEXPORT compressBound OF((uLong sourceLen)); /* compressBound() returns an upper bound on the compressed size after compress() or compress2() on sourceLen bytes. It would be used before a compress() or compress2() call to allocate the destination buffer. */ ZEXTERN int ZEXPORT uncompress OF((Bytef *dest, uLongf *destLen, const Bytef *source, uLong sourceLen)); /* Decompresses the source buffer into the destination buffer. sourceLen is the byte length of the source buffer. Upon entry, destLen is the total size of the destination buffer, which must be large enough to hold the entire uncompressed data. (The size of the uncompressed data must have been saved previously by the compressor and transmitted to the decompressor by some mechanism outside the scope of this compression library.) Upon exit, destLen is the actual size of the uncompressed buffer. uncompress returns Z_OK if success, Z_MEM_ERROR if there was not enough memory, Z_BUF_ERROR if there was not enough room in the output buffer, or Z_DATA_ERROR if the input data was corrupted or incomplete. In the case where there is not enough room, uncompress() will fill the output buffer with the uncompressed data up to that point. */ /* gzip file access functions */ /* This library supports reading and writing files in gzip (.gz) format with an interface similar to that of stdio, using the functions that start with "gz". The gzip format is different from the zlib format. gzip is a gzip wrapper, documented in RFC 1952, wrapped around a deflate stream. */ typedef struct gzFile_s *gzFile; /* semi-opaque gzip file descriptor */ /* ZEXTERN gzFile ZEXPORT gzopen OF((const char *path, const char *mode)); Opens a gzip (.gz) file for reading or writing. The mode parameter is as in fopen ("rb" or "wb") but can also include a compression level ("wb9") or a strategy: 'f' for filtered data as in "wb6f", 'h' for Huffman-only compression as in "wb1h", 'R' for run-length encoding as in "wb1R", or 'F' for fixed code compression as in "wb9F". (See the description of deflateInit2 for more information about the strategy parameter.) 'T' will request transparent writing or appending with no compression and not using the gzip format. "a" can be used instead of "w" to request that the gzip stream that will be written be appended to the file. "+" will result in an error, since reading and writing to the same gzip file is not supported. These functions, as well as gzip, will read and decode a sequence of gzip streams in a file. The append function of gzopen() can be used to create such a file. (Also see gzflush() for another way to do this.) When appending, gzopen does not test whether the file begins with a gzip stream, nor does it look for the end of the gzip streams to begin appending. gzopen will simply append a gzip stream to the existing file. gzopen can be used to read a file which is not in gzip format; in this case gzread will directly read from the file without decompression. When reading, this will be detected automatically by looking for the magic two- byte gzip header. gzopen returns NULL if the file could not be opened, if there was insufficient memory to allocate the gzFile state, or if an invalid mode was specified (an 'r', 'w', or 'a' was not provided, or '+' was provided). errno can be checked to determine if the reason gzopen failed was that the file could not be opened. */ ZEXTERN gzFile ZEXPORT gzdopen OF((int fd, const char *mode)); /* gzdopen associates a gzFile with the file descriptor fd. File descriptors are obtained from calls like open, dup, creat, pipe or fileno (if the file has been previously opened with fopen). The mode parameter is as in gzopen. The next call of gzclose on the returned gzFile will also close the file descriptor fd, just like fclose(fdopen(fd, mode)) closes the file descriptor fd. If you want to keep fd open, use fd = dup(fd_keep); gz = gzdopen(fd, mode);. The duplicated descriptor should be saved to avoid a leak, since gzdopen does not close fd if it fails. If you are using fileno() to get the file descriptor from a FILE *, then you will have to use dup() to avoid double-close()ing the file descriptor. Both gzclose() and fclose() will close the associated file descriptor, so they need to have different file descriptors. gzdopen returns NULL if there was insufficient memory to allocate the gzFile state, if an invalid mode was specified (an 'r', 'w', or 'a' was not provided, or '+' was provided), or if fd is -1. The file descriptor is not used until the next gz* read, write, seek, or close operation, so gzdopen will not detect if fd is invalid (unless fd is -1). */ ZEXTERN int ZEXPORT gzbuffer OF((gzFile file, unsigned size)); /* Set the internal buffer size used by this library's functions. The default buffer size is 8192 bytes. This function must be called after gzopen() or gzdopen(), and before any other calls that read or write the file. The buffer memory allocation is always deferred to the first read or write. Two buffers are allocated, either both of the specified size when writing, or one of the specified size and the other twice that size when reading. A larger buffer size of, for example, 64K or 128K bytes will noticeably increase the speed of decompression (reading). The new buffer size also affects the maximum length for gzprintf(). gzbuffer() returns 0 on success, or -1 on failure, such as being called too late. */ ZEXTERN int ZEXPORT gzsetparams OF((gzFile file, int level, int strategy)); /* Dynamically update the compression level or strategy. See the description of deflateInit2 for the meaning of these parameters. gzsetparams returns Z_OK if success, or Z_STREAM_ERROR if the file was not opened for writing. */ ZEXTERN int ZEXPORT gzread OF((gzFile file, voidp buf, unsigned len)); /* Reads the given number of uncompressed bytes from the compressed file. If the input file is not in gzip format, gzread copies the given number of bytes into the buffer directly from the file. After reaching the end of a gzip stream in the input, gzread will continue to read, looking for another gzip stream. Any number of gzip streams may be concatenated in the input file, and will all be decompressed by gzread(). If something other than a gzip stream is encountered after a gzip stream, that remaining trailing garbage is ignored (and no error is returned). gzread can be used to read a gzip file that is being concurrently written. Upon reaching the end of the input, gzread will return with the available data. If the error code returned by gzerror is Z_OK or Z_BUF_ERROR, then gzclearerr can be used to clear the end of file indicator in order to permit gzread to be tried again. Z_OK indicates that a gzip stream was completed on the last gzread. Z_BUF_ERROR indicates that the input file ended in the middle of a gzip stream. Note that gzread does not return -1 in the event of an incomplete gzip stream. This error is deferred until gzclose(), which will return Z_BUF_ERROR if the last gzread ended in the middle of a gzip stream. Alternatively, gzerror can be used before gzclose to detect this case. gzread returns the number of uncompressed bytes actually read, less than len for end of file, or -1 for error. */ ZEXTERN int ZEXPORT gzwrite OF((gzFile file, voidpc buf, unsigned len)); /* Writes the given number of uncompressed bytes into the compressed file. gzwrite returns the number of uncompressed bytes written or 0 in case of error. */ ZEXTERN int ZEXPORTVA gzprintf Z_ARG((gzFile file, const char *format, ...)); /* Converts, formats, and writes the arguments to the compressed file under control of the format string, as in fprintf. gzprintf returns the number of uncompressed bytes actually written, or 0 in case of error. The number of uncompressed bytes written is limited to 8191, or one less than the buffer size given to gzbuffer(). The caller should assure that this limit is not exceeded. If it is exceeded, then gzprintf() will return an error (0) with nothing written. In this case, there may also be a buffer overflow with unpredictable consequences, which is possible only if zlib was compiled with the insecure functions sprintf() or vsprintf() because the secure snprintf() or vsnprintf() functions were not available. This can be determined using zlibCompileFlags(). */ ZEXTERN int ZEXPORT gzputs OF((gzFile file, const char *s)); /* Writes the given null-terminated string to the compressed file, excluding the terminating null character. gzputs returns the number of characters written, or -1 in case of error. */ ZEXTERN char * ZEXPORT gzgets OF((gzFile file, char *buf, int len)); /* Reads bytes from the compressed file until len-1 characters are read, or a newline character is read and transferred to buf, or an end-of-file condition is encountered. If any characters are read or if len == 1, the string is terminated with a null character. If no characters are read due to an end-of-file or len < 1, then the buffer is left untouched. gzgets returns buf which is a null-terminated string, or it returns NULL for end-of-file or in case of error. If there was an error, the contents at buf are indeterminate. */ ZEXTERN int ZEXPORT gzputc OF((gzFile file, int c)); /* Writes c, converted to an unsigned char, into the compressed file. gzputc returns the value that was written, or -1 in case of error. */ ZEXTERN int ZEXPORT gzgetc OF((gzFile file)); /* Reads one byte from the compressed file. gzgetc returns this byte or -1 in case of end of file or error. This is implemented as a macro for speed. As such, it does not do all of the checking the other functions do. I.e. it does not check to see if file is NULL, nor whether the structure file points to has been clobbered or not. */ ZEXTERN int ZEXPORT gzungetc OF((int c, gzFile file)); /* Push one character back onto the stream to be read as the first character on the next read. At least one character of push-back is allowed. gzungetc() returns the character pushed, or -1 on failure. gzungetc() will fail if c is -1, and may fail if a character has been pushed but not read yet. If gzungetc is used immediately after gzopen or gzdopen, at least the output buffer size of pushed characters is allowed. (See gzbuffer above.) The pushed character will be discarded if the stream is repositioned with gzseek() or gzrewind(). */ ZEXTERN int ZEXPORT gzflush OF((gzFile file, int flush)); /* Flushes all pending output into the compressed file. The parameter flush is as in the deflate() function. The return value is the zlib error number (see function gzerror below). gzflush is only permitted when writing. If the flush parameter is Z_FINISH, the remaining data is written and the gzip stream is completed in the output. If gzwrite() is called again, a new gzip stream will be started in the output. gzread() is able to read such concatented gzip streams. gzflush should be called only when strictly necessary because it will degrade compression if called too often. */ /* ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile file, z_off_t offset, int whence)); Sets the starting position for the next gzread or gzwrite on the given compressed file. The offset represents a number of bytes in the uncompressed data stream. The whence parameter is defined as in lseek(2); the value SEEK_END is not supported. If the file is opened for reading, this function is emulated but can be extremely slow. If the file is opened for writing, only forward seeks are supported; gzseek then compresses a sequence of zeroes up to the new starting position. gzseek returns the resulting offset location as measured in bytes from the beginning of the uncompressed stream, or -1 in case of error, in particular if the file is opened for writing and the new starting position would be before the current position. */ ZEXTERN int ZEXPORT gzrewind OF((gzFile file)); /* Rewinds the given file. This function is supported only for reading. gzrewind(file) is equivalent to (int)gzseek(file, 0L, SEEK_SET) */ /* ZEXTERN z_off_t ZEXPORT gztell OF((gzFile file)); Returns the starting position for the next gzread or gzwrite on the given compressed file. This position represents a number of bytes in the uncompressed data stream, and is zero when starting, even if appending or reading a gzip stream from the middle of a file using gzdopen(). gztell(file) is equivalent to gzseek(file, 0L, SEEK_CUR) */ /* ZEXTERN z_off_t ZEXPORT gzoffset OF((gzFile file)); Returns the current offset in the file being read or written. This offset includes the count of bytes that precede the gzip stream, for example when appending or when using gzdopen() for reading. When reading, the offset does not include as yet unused buffered input. This information can be used for a progress indicator. On error, gzoffset() returns -1. */ ZEXTERN int ZEXPORT gzeof OF((gzFile file)); /* Returns true (1) if the end-of-file indicator has been set while reading, false (0) otherwise. Note that the end-of-file indicator is set only if the read tried to go past the end of the input, but came up short. Therefore, just like feof(), gzeof() may return false even if there is no more data to read, in the event that the last read request was for the exact number of bytes remaining in the input file. This will happen if the input file size is an exact multiple of the buffer size. If gzeof() returns true, then the read functions will return no more data, unless the end-of-file indicator is reset by gzclearerr() and the input file has grown since the previous end of file was detected. */ ZEXTERN int ZEXPORT gzdirect OF((gzFile file)); /* Returns true (1) if file is being copied directly while reading, or false (0) if file is a gzip stream being decompressed. If the input file is empty, gzdirect() will return true, since the input does not contain a gzip stream. If gzdirect() is used immediately after gzopen() or gzdopen() it will cause buffers to be allocated to allow reading the file to determine if it is a gzip file. Therefore if gzbuffer() is used, it should be called before gzdirect(). When writing, gzdirect() returns true (1) if transparent writing was requested ("wT" for the gzopen() mode), or false (0) otherwise. (Note: gzdirect() is not needed when writing. Transparent writing must be explicitly requested, so the application already knows the answer. When linking statically, using gzdirect() will include all of the zlib code for gzip file reading and decompression, which may not be desired.) */ ZEXTERN int ZEXPORT gzclose OF((gzFile file)); /* Flushes all pending output if necessary, closes the compressed file and deallocates the (de)compression state. Note that once file is closed, you cannot call gzerror with file, since its structures have been deallocated. gzclose must not be called more than once on the same file, just as free must not be called more than once on the same allocation. gzclose will return Z_STREAM_ERROR if file is not valid, Z_ERRNO on a file operation error, Z_MEM_ERROR if out of memory, Z_BUF_ERROR if the last read ended in the middle of a gzip stream, or Z_OK on success. */ ZEXTERN int ZEXPORT gzclose_r OF((gzFile file)); ZEXTERN int ZEXPORT gzclose_w OF((gzFile file)); /* Same as gzclose(), but gzclose_r() is only for use when reading, and gzclose_w() is only for use when writing or appending. The advantage to using these instead of gzclose() is that they avoid linking in zlib compression or decompression code that is not used when only reading or only writing respectively. If gzclose() is used, then both compression and decompression code will be included the application when linking to a static zlib library. */ ZEXTERN const char * ZEXPORT gzerror OF((gzFile file, int *errnum)); /* Returns the error message for the last error which occurred on the given compressed file. errnum is set to zlib error number. If an error occurred in the file system and not in the compression library, errnum is set to Z_ERRNO and the application may consult errno to get the exact error code. The application must not modify the returned string. Future calls to this function may invalidate the previously returned string. If file is closed, then the string previously returned by gzerror will no longer be available. gzerror() should be used to distinguish errors from end-of-file for those functions above that do not distinguish those cases in their return values. */ ZEXTERN void ZEXPORT gzclearerr OF((gzFile file)); /* Clears the error and end-of-file flags for file. This is analogous to the clearerr() function in stdio. This is useful for continuing to read a gzip file that is being written concurrently. */ #endif /* !Z_SOLO */ /* checksum functions */ /* These functions are not related to compression but are exported anyway because they might be useful in applications using the compression library. */ ZEXTERN uLong ZEXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len)); /* Update a running Adler-32 checksum with the bytes buf[0..len-1] and return the updated checksum. If buf is Z_NULL, this function returns the required initial value for the checksum. An Adler-32 checksum is almost as reliable as a CRC32 but can be computed much faster. Usage example: uLong adler = adler32(0L, Z_NULL, 0); while (read_buffer(buffer, length) != EOF) { adler = adler32(adler, buffer, length); } if (adler != original_adler) error(); */ /* ZEXTERN uLong ZEXPORT adler32_combine OF((uLong adler1, uLong adler2, z_off_t len2)); Combine two Adler-32 checksums into one. For two sequences of bytes, seq1 and seq2 with lengths len1 and len2, Adler-32 checksums were calculated for each, adler1 and adler2. adler32_combine() returns the Adler-32 checksum of seq1 and seq2 concatenated, requiring only adler1, adler2, and len2. Note that the z_off_t type (like off_t) is a signed integer. If len2 is negative, the result has no meaning or utility. */ ZEXTERN uLong ZEXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len)); /* Update a running CRC-32 with the bytes buf[0..len-1] and return the updated CRC-32. If buf is Z_NULL, this function returns the required initial value for the for the crc. Pre- and post-conditioning (one's complement) is performed within this function so it shouldn't be done by the application. Usage example: uLong crc = crc32(0L, Z_NULL, 0); while (read_buffer(buffer, length) != EOF) { crc = crc32(crc, buffer, length); } if (crc != original_crc) error(); */ /* ZEXTERN uLong ZEXPORT crc32_combine OF((uLong crc1, uLong crc2, z_off_t len2)); Combine two CRC-32 check values into one. For two sequences of bytes, seq1 and seq2 with lengths len1 and len2, CRC-32 check values were calculated for each, crc1 and crc2. crc32_combine() returns the CRC-32 check value of seq1 and seq2 concatenated, requiring only crc1, crc2, and len2. */ /* various hacks, don't look :) */ /* deflateInit and inflateInit are macros to allow checking the zlib version * and the compiler's view of z_stream: */ ZEXTERN int ZEXPORT deflateInit_ OF((z_streamp strm, int level, const char *version, int stream_size)); ZEXTERN int ZEXPORT inflateInit_ OF((z_streamp strm, const char *version, int stream_size)); ZEXTERN int ZEXPORT deflateInit2_ OF((z_streamp strm, int level, int method, int windowBits, int memLevel, int strategy, const char *version, int stream_size)); ZEXTERN int ZEXPORT inflateInit2_ OF((z_streamp strm, int windowBits, const char *version, int stream_size)); ZEXTERN int ZEXPORT inflateBackInit_ OF((z_streamp strm, int windowBits, unsigned char FAR *window, const char *version, int stream_size)); #define deflateInit(strm, level) \ deflateInit_((strm), (level), ZLIB_VERSION, (int)sizeof(z_stream)) #define inflateInit(strm) \ inflateInit_((strm), ZLIB_VERSION, (int)sizeof(z_stream)) #define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \ deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\ (strategy), ZLIB_VERSION, (int)sizeof(z_stream)) #define inflateInit2(strm, windowBits) \ inflateInit2_((strm), (windowBits), ZLIB_VERSION, \ (int)sizeof(z_stream)) #define inflateBackInit(strm, windowBits, window) \ inflateBackInit_((strm), (windowBits), (window), \ ZLIB_VERSION, (int)sizeof(z_stream)) #ifndef Z_SOLO /* gzgetc() macro and its supporting function and exposed data structure. Note * that the real internal state is much larger than the exposed structure. * This abbreviated structure exposes just enough for the gzgetc() macro. The * user should not mess with these exposed elements, since their names or * behavior could change in the future, perhaps even capriciously. They can * only be used by the gzgetc() macro. You have been warned. */ struct gzFile_s { unsigned have; unsigned char *next; z_off64_t pos; }; ZEXTERN int ZEXPORT gzgetc_ OF((gzFile file)); #define gzgetc(g) \ ((g)->have ? ((g)->have--, (g)->pos++, *((g)->next)++) : gzgetc_(g)) /* provide 64-bit offset functions if _LARGEFILE64_SOURCE defined, and/or * change the regular functions to 64 bits if _FILE_OFFSET_BITS is 64 (if * both are true, the application gets the *64 functions, and the regular * functions are changed to 64 bits) -- in case these are set on systems * without large file support, _LFS64_LARGEFILE must also be true */ #if defined(_LARGEFILE64_SOURCE) && _LFS64_LARGEFILE-0 ZEXTERN gzFile ZEXPORT gzopen64 OF((const char *, const char *)); ZEXTERN z_off64_t ZEXPORT gzseek64 OF((gzFile, z_off64_t, int)); ZEXTERN z_off64_t ZEXPORT gztell64 OF((gzFile)); ZEXTERN z_off64_t ZEXPORT gzoffset64 OF((gzFile)); ZEXTERN uLong ZEXPORT adler32_combine64 OF((uLong, uLong, z_off64_t)); ZEXTERN uLong ZEXPORT crc32_combine64 OF((uLong, uLong, z_off64_t)); #endif #if !defined(ZLIB_INTERNAL) && _FILE_OFFSET_BITS-0 == 64 && _LFS64_LARGEFILE-0 # ifdef Z_PREFIX_SET # define z_gzopen z_gzopen64 # define z_gzseek z_gzseek64 # define z_gztell z_gztell64 # define z_gzoffset z_gzoffset64 # define z_adler32_combine z_adler32_combine64 # define z_crc32_combine z_crc32_combine64 # else # define gzopen gzopen64 # define gzseek gzseek64 # define gztell gztell64 # define gzoffset gzoffset64 # define adler32_combine adler32_combine64 # define crc32_combine crc32_combine64 # endif # ifndef _LARGEFILE64_SOURCE ZEXTERN gzFile ZEXPORT gzopen64 OF((const char *, const char *)); ZEXTERN z_off_t ZEXPORT gzseek64 OF((gzFile, z_off_t, int)); ZEXTERN z_off_t ZEXPORT gztell64 OF((gzFile)); ZEXTERN z_off_t ZEXPORT gzoffset64 OF((gzFile)); ZEXTERN uLong ZEXPORT adler32_combine64 OF((uLong, uLong, z_off_t)); ZEXTERN uLong ZEXPORT crc32_combine64 OF((uLong, uLong, z_off_t)); # endif #else ZEXTERN gzFile ZEXPORT gzopen OF((const char *, const char *)); ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile, z_off_t, int)); ZEXTERN z_off_t ZEXPORT gztell OF((gzFile)); ZEXTERN z_off_t ZEXPORT gzoffset OF((gzFile)); ZEXTERN uLong ZEXPORT adler32_combine OF((uLong, uLong, z_off_t)); ZEXTERN uLong ZEXPORT crc32_combine OF((uLong, uLong, z_off_t)); #endif #else /* Z_SOLO */ ZEXTERN uLong ZEXPORT adler32_combine OF((uLong, uLong, z_off_t)); ZEXTERN uLong ZEXPORT crc32_combine OF((uLong, uLong, z_off_t)); #endif /* !Z_SOLO */ /* hack for buggy compilers */ #if !defined(ZUTIL_H) && !defined(NO_DUMMY_DECL) struct internal_state {int dummy;}; #endif /* undocumented functions */ ZEXTERN const char * ZEXPORT zError OF((int)); ZEXTERN int ZEXPORT inflateSyncPoint OF((z_streamp)); ZEXTERN const uLongf * ZEXPORT get_crc_table OF((void)); ZEXTERN int ZEXPORT inflateUndermine OF((z_streamp, int)); ZEXTERN int ZEXPORT inflateResetKeep OF((z_streamp)); ZEXTERN int ZEXPORT deflateResetKeep OF((z_streamp)); #ifndef Z_SOLO ZEXTERN unsigned long ZEXPORT gzflags OF((void)); #endif #ifdef __cplusplus } #endif #endif /* ZLIB_H */ sudo-1.8.9p5/zlib/zutil.c010064400175440000012000000154621226304126600146310ustar00millertstaff/* zutil.c -- target dependent utility functions for the compression library * Copyright (C) 1995-2005, 2010, 2011 Jean-loup Gailly. * For conditions of distribution and use, see copyright notice in zlib.h */ /* @(#) $Id$ */ #include "zutil.h" #ifndef NO_DUMMY_DECL struct internal_state {int dummy;}; /* for buggy compilers */ #endif const char * const z_errmsg[10] = { "need dictionary", /* Z_NEED_DICT 2 */ "stream end", /* Z_STREAM_END 1 */ "", /* Z_OK 0 */ "file error", /* Z_ERRNO (-1) */ "stream error", /* Z_STREAM_ERROR (-2) */ "data error", /* Z_DATA_ERROR (-3) */ "insufficient memory", /* Z_MEM_ERROR (-4) */ "buffer error", /* Z_BUF_ERROR (-5) */ "incompatible version",/* Z_VERSION_ERROR (-6) */ ""}; const char * ZEXPORT zlibVersion() { return ZLIB_VERSION; } uLong ZEXPORT zlibCompileFlags() { uLong flags; flags = 0; switch ((int)(sizeof(uInt))) { case 2: break; case 4: flags += 1; break; case 8: flags += 2; break; default: flags += 3; } switch ((int)(sizeof(uLong))) { case 2: break; case 4: flags += 1 << 2; break; case 8: flags += 2 << 2; break; default: flags += 3 << 2; } switch ((int)(sizeof(voidpf))) { case 2: break; case 4: flags += 1 << 4; break; case 8: flags += 2 << 4; break; default: flags += 3 << 4; } switch ((int)(sizeof(z_off_t))) { case 2: break; case 4: flags += 1 << 6; break; case 8: flags += 2 << 6; break; default: flags += 3 << 6; } #ifdef DEBUG flags += 1 << 8; #endif #if defined(ASMV) || defined(ASMINF) flags += 1 << 9; #endif #ifdef ZLIB_WINAPI flags += 1 << 10; #endif #ifdef BUILDFIXED flags += 1 << 12; #endif #ifdef DYNAMIC_CRC_TABLE flags += 1 << 13; #endif #ifdef NO_GZCOMPRESS flags += 1L << 16; #endif #ifdef NO_GZIP flags += 1L << 17; #endif #ifdef PKZIP_BUG_WORKAROUND flags += 1L << 20; #endif #ifdef FASTEST flags += 1L << 21; #endif #ifdef Z_SOLO return flags; #else return flags + gzflags(); #endif } #ifdef DEBUG # ifndef verbose # define verbose 0 # endif int ZLIB_INTERNAL z_verbose = verbose; void ZLIB_INTERNAL z_error (m) char *m; { fprintf(stderr, "%s\n", m); exit(1); } #endif /* exported to allow conversion of error code to string for compress() and * uncompress() */ const char * ZEXPORT zError(err) int err; { return ERR_MSG(err); } #if defined(_WIN32_WCE) /* The Microsoft C Run-Time Library for Windows CE doesn't have * errno. We define it as a global variable to simplify porting. * Its value is always 0 and should not be used. */ int errno = 0; #endif #ifndef HAVE_MEMCPY void ZLIB_INTERNAL zmemcpy(dest, source, len) Bytef* dest; const Bytef* source; uInt len; { if (len == 0) return; do { *dest++ = *source++; /* ??? to be unrolled */ } while (--len != 0); } int ZLIB_INTERNAL zmemcmp(s1, s2, len) const Bytef* s1; const Bytef* s2; uInt len; { uInt j; for (j = 0; j < len; j++) { if (s1[j] != s2[j]) return 2*(s1[j] > s2[j])-1; } return 0; } void ZLIB_INTERNAL zmemzero(dest, len) Bytef* dest; uInt len; { if (len == 0) return; do { *dest++ = 0; /* ??? to be unrolled */ } while (--len != 0); } #endif #ifndef Z_SOLO #ifdef SYS16BIT #ifdef __TURBOC__ /* Turbo C in 16-bit mode */ # define MY_ZCALLOC /* Turbo C malloc() does not allow dynamic allocation of 64K bytes * and farmalloc(64K) returns a pointer with an offset of 8, so we * must fix the pointer. Warning: the pointer must be put back to its * original form in order to free it, use zcfree(). */ #define MAX_PTR 10 /* 10*64K = 640K */ local int next_ptr = 0; typedef struct ptr_table_s { voidpf org_ptr; voidpf new_ptr; } ptr_table; local ptr_table table[MAX_PTR]; /* This table is used to remember the original form of pointers * to large buffers (64K). Such pointers are normalized with a zero offset. * Since MSDOS is not a preemptive multitasking OS, this table is not * protected from concurrent access. This hack doesn't work anyway on * a protected system like OS/2. Use Microsoft C instead. */ voidpf ZLIB_INTERNAL zcalloc (voidpf opaque, unsigned items, unsigned size) { voidpf buf = opaque; /* just to make some compilers happy */ ulg bsize = (ulg)items*size; /* If we allocate less than 65520 bytes, we assume that farmalloc * will return a usable pointer which doesn't have to be normalized. */ if (bsize < 65520L) { buf = farmalloc(bsize); if (*(ush*)&buf != 0) return buf; } else { buf = farmalloc(bsize + 16L); } if (buf == NULL || next_ptr >= MAX_PTR) return NULL; table[next_ptr].org_ptr = buf; /* Normalize the pointer to seg:0 */ *((ush*)&buf+1) += ((ush)((uch*)buf-0) + 15) >> 4; *(ush*)&buf = 0; table[next_ptr++].new_ptr = buf; return buf; } void ZLIB_INTERNAL zcfree (voidpf opaque, voidpf ptr) { int n; if (*(ush*)&ptr != 0) { /* object < 64K */ farfree(ptr); return; } /* Find the original pointer */ for (n = 0; n < next_ptr; n++) { if (ptr != table[n].new_ptr) continue; farfree(table[n].org_ptr); while (++n < next_ptr) { table[n-1] = table[n]; } next_ptr--; return; } ptr = opaque; /* just to make some compilers happy */ Assert(0, "zcfree: ptr not found"); } #endif /* __TURBOC__ */ #ifdef M_I86 /* Microsoft C in 16-bit mode */ # define MY_ZCALLOC #if (!defined(_MSC_VER) || (_MSC_VER <= 600)) # define _halloc halloc # define _hfree hfree #endif voidpf ZLIB_INTERNAL zcalloc (voidpf opaque, uInt items, uInt size) { if (opaque) opaque = 0; /* to make compiler happy */ return _halloc((long)items, size); } void ZLIB_INTERNAL zcfree (voidpf opaque, voidpf ptr) { if (opaque) opaque = 0; /* to make compiler happy */ _hfree(ptr); } #endif /* M_I86 */ #endif /* SYS16BIT */ #ifndef MY_ZCALLOC /* Any system without a special alloc function */ #ifndef STDC extern voidp malloc OF((uInt size)); extern voidp calloc OF((uInt items, uInt size)); extern void free OF((voidpf ptr)); #endif voidpf ZLIB_INTERNAL zcalloc (opaque, items, size) voidpf opaque; unsigned items; unsigned size; { if (opaque) items += size - size; /* make compiler happy */ return sizeof(uInt) > 2 ? (voidpf)malloc(items * size) : (voidpf)calloc(items, size); } void ZLIB_INTERNAL zcfree (opaque, ptr) voidpf opaque; voidpf ptr; { free(ptr); if (opaque) return; /* make compiler happy */ } #endif /* MY_ZCALLOC */ #endif /* !Z_SOLO */ sudo-1.8.9p5/zlib/zutil.h010064400175440000012000000147551226304126600146420ustar00millertstaff/* zutil.h -- internal interface and configuration of the compression library * Copyright (C) 1995-2011 Jean-loup Gailly. * For conditions of distribution and use, see copyright notice in zlib.h */ /* WARNING: this file should *not* be used by applications. It is part of the implementation of the compression library and is subject to change. Applications should only use zlib.h. */ /* @(#) $Id$ */ #ifndef ZUTIL_H #define ZUTIL_H #if ((__GNUC__-0) * 10 + __GNUC_MINOR__-0 >= 33) && !defined(NO_VIZ) # define ZLIB_INTERNAL __attribute__((visibility ("hidden"))) #else # define ZLIB_INTERNAL #endif #include "zlib.h" #if defined(STDC) && !defined(Z_SOLO) # if !(defined(_WIN32_WCE) && defined(_MSC_VER)) # include # endif # include # include #endif #ifdef Z_SOLO typedef long ptrdiff_t; /* guess -- will be caught if guess is wrong */ #endif #ifndef local # define local static #endif /* compile with -Dlocal if your debugger can't find static symbols */ typedef unsigned char uch; typedef uch FAR uchf; typedef unsigned short ush; typedef ush FAR ushf; typedef unsigned long ulg; extern const char * const z_errmsg[10]; /* indexed by 2-zlib_error */ /* (size given to avoid silly warnings with Visual C++) */ #define ERR_MSG(err) z_errmsg[Z_NEED_DICT-(err)] #define ERR_RETURN(strm,err) \ return (strm->msg = (char*)ERR_MSG(err), (err)) /* To be used only when the state is known to be valid */ /* common constants */ #ifndef DEF_WBITS # define DEF_WBITS MAX_WBITS #endif /* default windowBits for decompression. MAX_WBITS is for compression only */ #if MAX_MEM_LEVEL >= 8 # define DEF_MEM_LEVEL 8 #else # define DEF_MEM_LEVEL MAX_MEM_LEVEL #endif /* default memLevel */ #define STORED_BLOCK 0 #define STATIC_TREES 1 #define DYN_TREES 2 /* The three kinds of block type */ #define MIN_MATCH 3 #define MAX_MATCH 258 /* The minimum and maximum match lengths */ #define PRESET_DICT 0x20 /* preset dictionary flag in zlib header */ /* target dependencies */ #if defined(MSDOS) || (defined(WINDOWS) && !defined(WIN32)) # define OS_CODE 0x00 # ifndef Z_SOLO # if defined(__TURBOC__) || defined(__BORLANDC__) # if (__STDC__ == 1) && (defined(__LARGE__) || defined(__COMPACT__)) /* Allow compilation with ANSI keywords only enabled */ void _Cdecl farfree( void *block ); void *_Cdecl farmalloc( unsigned long nbytes ); # else # include # endif # else /* MSC or DJGPP */ # include # endif # endif #endif #ifdef AMIGA # define OS_CODE 0x01 #endif #if defined(VAXC) || defined(VMS) # define OS_CODE 0x02 # define F_OPEN(name, mode) \ fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512") #endif #if defined(ATARI) || defined(atarist) # define OS_CODE 0x05 #endif #ifdef OS2 # define OS_CODE 0x06 # if defined(M_I86) && !defined(Z_SOLO) # include # endif #endif #if defined(MACOS) || defined(TARGET_OS_MAC) # define OS_CODE 0x07 # ifndef Z_SOLO # if defined(__MWERKS__) && __dest_os != __be_os && __dest_os != __win32_os # include /* for fdopen */ # else # ifndef fdopen # define fdopen(fd,mode) NULL /* No fdopen() */ # endif # endif # endif #endif #ifdef TOPS20 # define OS_CODE 0x0a #endif #ifdef WIN32 # ifndef __CYGWIN__ /* Cygwin is Unix, not Win32 */ # define OS_CODE 0x0b # endif #endif #ifdef __50SERIES /* Prime/PRIMOS */ # define OS_CODE 0x0f #endif #if defined(_BEOS_) || defined(RISCOS) # define fdopen(fd,mode) NULL /* No fdopen() */ #endif #if (defined(_MSC_VER) && (_MSC_VER > 600)) && !defined __INTERIX # if defined(_WIN32_WCE) # define fdopen(fd,mode) NULL /* No fdopen() */ # ifndef _PTRDIFF_T_DEFINED typedef int ptrdiff_t; # define _PTRDIFF_T_DEFINED # endif # else # define fdopen(fd,type) _fdopen(fd,type) # endif #endif #if defined(__BORLANDC__) && !defined(MSDOS) #pragma warn -8004 #pragma warn -8008 #pragma warn -8066 #endif /* provide prototypes for these when building zlib without LFS */ #if !defined(_WIN32) && (!defined(_LARGEFILE64_SOURCE) || _LFS64_LARGEFILE-0 == 0) ZEXTERN uLong ZEXPORT adler32_combine64 OF((uLong, uLong, z_off_t)); ZEXTERN uLong ZEXPORT crc32_combine64 OF((uLong, uLong, z_off_t)); #endif /* common defaults */ #ifndef OS_CODE # define OS_CODE 0x03 /* assume Unix */ #endif #ifndef F_OPEN # define F_OPEN(name, mode) fopen((name), (mode)) #endif /* functions */ #if defined(pyr) || defined(Z_SOLO) # define NO_MEMCPY #endif #if defined(SMALL_MEDIUM) && !defined(_MSC_VER) && !defined(__SC__) /* Use our own functions for small and medium model with MSC <= 5.0. * You may have to use the same strategy for Borland C (untested). * The __SC__ check is for Symantec. */ # define NO_MEMCPY #endif #if defined(STDC) && !defined(HAVE_MEMCPY) && !defined(NO_MEMCPY) # define HAVE_MEMCPY #endif #ifdef HAVE_MEMCPY # ifdef SMALL_MEDIUM /* MSDOS small or medium model */ # define zmemcpy _fmemcpy # define zmemcmp _fmemcmp # define zmemzero(dest, len) _fmemset(dest, 0, len) # else # define zmemcpy memcpy # define zmemcmp memcmp # define zmemzero(dest, len) memset(dest, 0, len) # endif #else void ZLIB_INTERNAL zmemcpy OF((Bytef* dest, const Bytef* source, uInt len)); int ZLIB_INTERNAL zmemcmp OF((const Bytef* s1, const Bytef* s2, uInt len)); void ZLIB_INTERNAL zmemzero OF((Bytef* dest, uInt len)); #endif /* Diagnostic functions */ #ifdef DEBUG # include extern int ZLIB_INTERNAL z_verbose; extern void ZLIB_INTERNAL z_error OF((char *m)); # define Assert(cond,msg) {if(!(cond)) z_error(msg);} # define Trace(x) {if (z_verbose>=0) fprintf x ;} # define Tracev(x) {if (z_verbose>0) fprintf x ;} # define Tracevv(x) {if (z_verbose>1) fprintf x ;} # define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;} # define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;} #else # define Assert(cond,msg) # define Trace(x) # define Tracev(x) # define Tracevv(x) # define Tracec(c,x) # define Tracecv(c,x) #endif #ifndef Z_SOLO voidpf ZLIB_INTERNAL zcalloc OF((voidpf opaque, unsigned items, unsigned size)); void ZLIB_INTERNAL zcfree OF((voidpf opaque, voidpf ptr)); #endif #define ZALLOC(strm, items, size) \ (*((strm)->zalloc))((strm)->opaque, (items), (size)) #define ZFREE(strm, addr) (*((strm)->zfree))((strm)->opaque, (voidpf)(addr)) #define TRY_FREE(s, p) {if (p) ZFREE(s, p);} #endif /* ZUTIL_H */